Re: [PATCH 2/3] i386: factor out x86_firmware_configure()

[Xiaoyao Li]

On 4/1/2022 1:08 PM, Gerd Hoffmann wrote:

   if (sev_enabled()) {


 ^^^



Can we remove the SEV check ...



+pc_system_parse_ovmf_flash(ptr, size);
+
+if (sev_enabled()) {


... because we are still checking SEV here.


Well, the two checks have slightly different purposes.  The first check
will probably become "if (sev || tdx)" soon, 


Not soon for TDX since the hacky pflash interface to load TDVF is rejected.


whereas the second will
become "if (sev) { ... } if (tdx) { ... }".

We could remove the first.  pc_system_parse_ovmf_flash() would run
unconditionally then.  Not needed, but should not have any bad side
effects.

take care,
   Gerd

Re: [PATCH 2/3] i386: factor out x86_firmware_configure()

[Gerd Hoffmann]

> >   if (sev_enabled()) {
> 
> ^^^

> Can we remove the SEV check ...

> > +pc_system_parse_ovmf_flash(ptr, size);
> > +
> > +if (sev_enabled()) {
> 
> ... because we are still checking SEV here.

Well, the two checks have slightly different purposes.  The first check
will probably become "if (sev || tdx)" soon, whereas the second will
become "if (sev) { ... } if (tdx) { ... }".

We could remove the first.  pc_system_parse_ovmf_flash() would run
unconditionally then.  Not needed, but should not have any bad side
effects.

take care,
  Gerd

Re: [PATCH v1 2/2] hw/arm/xlnx-zynqmp: Connect 4 TTC timers

[Alistair Francis]

On Fri, Apr 1, 2022 at 8:26 AM Edgar E. Iglesias
 wrote:
>
> From: "Edgar E. Iglesias" 
>
> Connect the 4 TTC timers on the ZynqMP.
>
> Signed-off-by: Edgar E. Iglesias 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  include/hw/arm/xlnx-zynqmp.h |  4 
>  hw/arm/xlnx-zynqmp.c | 22 ++
>  2 files changed, 26 insertions(+)
>
> diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
> index 9d9a9d0bf9..85fd9f53da 100644
> --- a/include/hw/arm/xlnx-zynqmp.h
> +++ b/include/hw/arm/xlnx-zynqmp.h
> @@ -41,6 +41,7 @@
>  #include "hw/or-irq.h"
>  #include "hw/misc/xlnx-zynqmp-apu-ctrl.h"
>  #include "hw/misc/xlnx-zynqmp-crf.h"
> +#include "hw/timer/cadence_ttc.h"
>
>  #define TYPE_XLNX_ZYNQMP "xlnx-zynqmp"
>  OBJECT_DECLARE_SIMPLE_TYPE(XlnxZynqMPState, XLNX_ZYNQMP)
> @@ -84,6 +85,8 @@ OBJECT_DECLARE_SIMPLE_TYPE(XlnxZynqMPState, XLNX_ZYNQMP)
>  #define XLNX_ZYNQMP_MAX_RAM_SIZE (XLNX_ZYNQMP_MAX_LOW_RAM_SIZE + \
>XLNX_ZYNQMP_MAX_HIGH_RAM_SIZE)
>
> +#define XLNX_ZYNQMP_NUM_TTC 4
> +
>  /*
>   * Unimplemented mmio regions needed to boot some images.
>   */
> @@ -128,6 +131,7 @@ struct XlnxZynqMPState {
>  qemu_or_irq qspi_irq_orgate;
>  XlnxZynqMPAPUCtrl apu_ctrl;
>  XlnxZynqMPCRF crf;
> +CadenceTTCState ttc[XLNX_ZYNQMP_NUM_TTC];
>
>  char *boot_cpu;
>  ARMCPU *boot_cpu_ptr;
> diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
> index 5bfe285a19..375309e68e 100644
> --- a/hw/arm/xlnx-zynqmp.c
> +++ b/hw/arm/xlnx-zynqmp.c
> @@ -68,6 +68,9 @@
>  #define APU_ADDR0xfd5c
>  #define APU_IRQ 153
>
> +#define TTC0_ADDR   0xFF11
> +#define TTC0_IRQ36
> +
>  #define IPI_ADDR0xFF30
>  #define IPI_IRQ 64
>
> @@ -316,6 +319,24 @@ static void xlnx_zynqmp_create_crf(XlnxZynqMPState *s, 
> qemu_irq *gic)
>  sysbus_connect_irq(sbd, 0, gic[CRF_IRQ]);
>  }
>
> +static void xlnx_zynqmp_create_ttc(XlnxZynqMPState *s, qemu_irq *gic)
> +{
> +SysBusDevice *sbd;
> +int i, irq;
> +
> +for (i = 0; i < XLNX_ZYNQMP_NUM_TTC; i++) {
> +object_initialize_child(OBJECT(s), "ttc[*]", >ttc[i],
> +TYPE_CADENCE_TTC);
> +sbd = SYS_BUS_DEVICE(>ttc[i]);
> +
> +sysbus_realize(sbd, _fatal);
> +sysbus_mmio_map(sbd, 0, TTC0_ADDR + i * 0x1);
> +for (irq = 0; irq < 3; irq++) {
> +sysbus_connect_irq(sbd, irq, gic[TTC0_IRQ + i * 3 + irq]);
> +}
> +}
> +}
> +
>  static void xlnx_zynqmp_create_unimp_mmio(XlnxZynqMPState *s)
>  {
>  static const struct UnimpInfo {
> @@ -721,6 +742,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>  xlnx_zynqmp_create_efuse(s, gic_spi);
>  xlnx_zynqmp_create_apu_ctrl(s, gic_spi);
>  xlnx_zynqmp_create_crf(s, gic_spi);
> +xlnx_zynqmp_create_ttc(s, gic_spi);
>  xlnx_zynqmp_create_unimp_mmio(s);
>
>  for (i = 0; i < XLNX_ZYNQMP_NUM_GDMA_CH; i++) {
> --
> 2.25.1
>
>

Re: [PATCH v1 1/2] timer: cadence_ttc: Break out header file to allow embedding

[Alistair Francis]

On Fri, Apr 1, 2022 at 8:24 AM Edgar E. Iglesias
 wrote:
>
> From: "Edgar E. Iglesias" 
>
> Break out header file to allow embedding of the the TTC.
>
> Signed-off-by: Edgar E. Iglesias 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  include/hw/timer/cadence_ttc.h | 54 ++
>  hw/timer/cadence_ttc.c | 32 ++--
>  2 files changed, 56 insertions(+), 30 deletions(-)
>  create mode 100644 include/hw/timer/cadence_ttc.h
>
> diff --git a/include/hw/timer/cadence_ttc.h b/include/hw/timer/cadence_ttc.h
> new file mode 100644
> index 00..e1251383f2
> --- /dev/null
> +++ b/include/hw/timer/cadence_ttc.h
> @@ -0,0 +1,54 @@
> +/*
> + * Xilinx Zynq cadence TTC model
> + *
> + * Copyright (c) 2011 Xilinx Inc.
> + * Copyright (c) 2012 Peter A.G. Crosthwaite 
> (peter.crosthwa...@petalogix.com)
> + * Copyright (c) 2012 PetaLogix Pty Ltd.
> + * Written By Haibing Ma
> + *M. Habib
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License
> + * as published by the Free Software Foundation; either version
> + * 2 of the License, or (at your option) any later version.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, see .
> + */
> +#ifndef HW_TIMER_CADENCE_TTC_H
> +#define HW_TIMER_CADENCE_TTC_H
> +
> +#include "hw/sysbus.h"
> +#include "qemu/timer.h"
> +
> +typedef struct {
> +QEMUTimer *timer;
> +int freq;
> +
> +uint32_t reg_clock;
> +uint32_t reg_count;
> +uint32_t reg_value;
> +uint16_t reg_interval;
> +uint16_t reg_match[3];
> +uint32_t reg_intr;
> +uint32_t reg_intr_en;
> +uint32_t reg_event_ctrl;
> +uint32_t reg_event;
> +
> +uint64_t cpu_time;
> +unsigned int cpu_time_valid;
> +
> +qemu_irq irq;
> +} CadenceTimerState;
> +
> +#define TYPE_CADENCE_TTC "cadence_ttc"
> +OBJECT_DECLARE_SIMPLE_TYPE(CadenceTTCState, CADENCE_TTC)
> +
> +struct CadenceTTCState {
> +SysBusDevice parent_obj;
> +
> +MemoryRegion iomem;
> +CadenceTimerState timer[3];
> +};
> +
> +#endif
> diff --git a/hw/timer/cadence_ttc.c b/hw/timer/cadence_ttc.c
> index 64108241ba..e57a0f5f09 100644
> --- a/hw/timer/cadence_ttc.c
> +++ b/hw/timer/cadence_ttc.c
> @@ -24,6 +24,8 @@
>  #include "qemu/timer.h"
>  #include "qom/object.h"
>
> +#include "hw/timer/cadence_ttc.h"
> +
>  #ifdef CADENCE_TTC_ERR_DEBUG
>  #define DB_PRINT(...) do { \
>  fprintf(stderr,  ": %s: ", __func__); \
> @@ -49,36 +51,6 @@
>  #define CLOCK_CTRL_PS_EN0x0001
>  #define CLOCK_CTRL_PS_V 0x001e
>
> -typedef struct {
> -QEMUTimer *timer;
> -int freq;
> -
> -uint32_t reg_clock;
> -uint32_t reg_count;
> -uint32_t reg_value;
> -uint16_t reg_interval;
> -uint16_t reg_match[3];
> -uint32_t reg_intr;
> -uint32_t reg_intr_en;
> -uint32_t reg_event_ctrl;
> -uint32_t reg_event;
> -
> -uint64_t cpu_time;
> -unsigned int cpu_time_valid;
> -
> -qemu_irq irq;
> -} CadenceTimerState;
> -
> -#define TYPE_CADENCE_TTC "cadence_ttc"
> -OBJECT_DECLARE_SIMPLE_TYPE(CadenceTTCState, CADENCE_TTC)
> -
> -struct CadenceTTCState {
> -SysBusDevice parent_obj;
> -
> -MemoryRegion iomem;
> -CadenceTimerState timer[3];
> -};
> -
>  static void cadence_timer_update(CadenceTimerState *s)
>  {
>  qemu_set_irq(s->irq, !!(s->reg_intr & s->reg_intr_en));
> --
> 2.25.1
>
>

[PATCH] [PATCH RFC v2] Implements Backend Program conventions for vhost-user-scsi

[Sakshi Kaushik]

Signed-off-by: Sakshi Kaushik 
---
 contrib/vhost-user-scsi/vhost-user-scsi.c | 35 +++
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/contrib/vhost-user-scsi/vhost-user-scsi.c 
b/contrib/vhost-user-scsi/vhost-user-scsi.c
index 4f6e3e2a24..9bdc088ce8 100644
--- a/contrib/vhost-user-scsi/vhost-user-scsi.c
+++ b/contrib/vhost-user-scsi/vhost-user-scsi.c
@@ -353,6 +353,8 @@ fail:
 
 int main(int argc, char **argv)
 {
+static int opt_fdnum = -1;
+static gboolean opt_print_caps;
 VusDev *vdev_scsi = NULL;
 char *unix_fn = NULL;
 char *iscsi_uri = NULL;
@@ -362,12 +364,18 @@ int main(int argc, char **argv)
 switch (opt) {
 case 'h':
 goto help;
-case 'u':
+case 's':
 unix_fn = g_strdup(optarg);
 break;
 case 'i':
 iscsi_uri = g_strdup(optarg);
 break;
+case 'f':
+opt_fdnum = g_strdup(optarg);
+break;
+case 'p':
+opt_print_caps = g_strdup(optarg);
+break;
 default:
 goto help;
 }
@@ -376,9 +384,22 @@ int main(int argc, char **argv)
 goto help;
 }
 
-lsock = unix_sock_new(unix_fn);
-if (lsock < 0) {
-goto err;
+if (unix_fn) {
+lsock = unix_sock_new(unix_fn);
+if (lsock < 0) {
+exit(EXIT_FAILURE);
+}
+} else if (opt_fdnum < 0) {
+g_print("%s\n", g_option_context_get_help(context, true, NULL));
+exit(EXIT_FAILURE);
+} else {
+lsock = opt_fdnum;
+}
+
+if (opt_print_caps) {
+if (opt_print_caps["type"] != "scsi") {
+goto err;
+}
 }
 
 csock = accept(lsock, NULL, NULL);
@@ -426,10 +447,12 @@ err:
 goto out;
 
 help:
-fprintf(stderr, "Usage: %s [ -u unix_sock_path -i iscsi_uri ] | [ -h ]\n",
+fprintf(stderr, "Usage: %s [ -s socket-path -i iscsi_uri -f fd -p 
print-capabilities ] | [ -h ]\n",
 argv[0]);
-fprintf(stderr, "  -u path to unix socket\n");
+fprintf(stderr, "  -s path to unix socket\n");
 fprintf(stderr, "  -i iscsi uri for lun 0\n");
+fprintf(stderr, "  -f fd, file-descriptor\n");
+fprintf(stderr, "  -p denotes print-capabilities\n");
 fprintf(stderr, "  -h print help and quit\n");
 
 goto err;
-- 
2.17.1

Re: [PATCH 7/7] vhost-vdpa: backend feature should set only once

[Si-Wei Liu]

On 3/31/2022 7:39 PM, Jason Wang wrote:

On Thu, Mar 31, 2022 at 5:20 PM Eugenio Perez Martin
 wrote:

On Thu, Mar 31, 2022 at 10:54 AM Jason Wang  wrote:


在 2022/3/31 下午4:02, Eugenio Perez Martin 写道:

On Thu, Mar 31, 2022 at 1:03 AM Si-Wei Liu  wrote:


On 3/30/2022 12:01 PM, Eugenio Perez Martin wrote:

On Wed, Mar 30, 2022 at 8:33 AM Si-Wei Liu  wrote:

The vhost_vdpa_one_time_request() branch in
vhost_vdpa_set_backend_cap() incorrectly sends down
iotls on vhost_dev with non-zero index. This may
end up with multiple VHOST_SET_BACKEND_FEATURES
ioctl calls sent down on the vhost-vdpa fd that is
shared between all these vhost_dev's.


Not only that. This means that qemu thinks the device supports iotlb
batching as long as the device does not have cvq. If vdpa does not
support batching, it will return an error later with no possibility of
doing it ok.

I think the implicit assumption here is that the caller should back off
to where it was if it comes to error i.e. once the first
vhost_dev_set_features call gets an error, vhost_dev_start() will fail
straight.

Sorry, I don't follow you here, and maybe my message was not clear enough.

What I meant is that your patch fixes another problem not stated in
the message: it is not possible to initialize a net vdpa device that
does not have cvq and does not support iotlb batches without it. Qemu
will assume that the device supports batching, so the write of
VHOST_IOTLB_BATCH_BEGIN will fail. I didn't test what happens next but
it probably cannot continue.


So you mean we actually didn't call VHOST_SET_BACKEND_CAP in this case.
Fortunately, kernel didn't check the backend cap when accepting batching
hints.

We are probably fine?


We're fine as long as the vdpa driver in the kernel effectively
supports batching. If not, qemu will try to batch, and it will fail.

It was introduced in v5.9, so qemu has not supported kernel <5.9 since
we introduced multiqueue support (I didn't test). Unless we apply this
patch. That's the reason it should be marked as fixed and backported
to stable IMO.

Ok, so it looks to me we have more issues.

In vhost_vdpa_set_backend_cap() we fail when
VHOST_VDPA_GET_BACKEND_FEATURES fails. This breaks the older kernel
since that ioctl is introduced in

653055b9acd4 ("vhost-vdpa: support get/set backend features")
Yep, the GET/SET_BACKEND ioctl pair got introduced together in this 
exact commit.


We should:

1) make it work by not failing the vhost_vdpa_set_backend_cap() and
assuming MSG_V2.
This issue is orthogonal with my fix, which was pre-existing before the 
multiqueue support. I believe there should be another separate patch to 
fix QEMU for pre-GET/SET_BACKEND kernel.



2) check the batching support in vhost_vdpa_listener_begin_batch()
instead of trying to set VHOST_IOTLB_BATCH_BEGIN uncondtionally
This is non-issue since VHOST_BACKEND_F_IOTLB_BATCH is already validated 
in the caller vhost_vdpa_iotlb_batch_begin_once().


-Siwei


Thanks


Thanks!


Thanks



In that regard, this commit needs to be marked as "Fixes: ...", either
("a5bd058 vhost-vdpa: batch updating IOTLB mappings") or maybe better
("4d191cf vhost-vdpa: classify one time request"). We have a
regression if we introduce both, or the second one and the support of
any other backend feature.


Noted that the VHOST_SET_BACKEND_FEATURES ioctl is not per-vq
and it doesn't even need to. There seems to me no possibility for it to
fail in a way as thought here. The capture is that IOTLB batching is at
least a vdpa device level backend feature, if not per-kernel. Same as
IOTLB_MSG_V2.


At this moment it is per-kernel, yes. With your patch there is no need
to fail because of the lack of _F_IOTLB_BATCH, the code should handle
this case ok.

But if VHOST_GET_BACKEND_FEATURES returns no support for
VHOST_BACKEND_F_IOTLB_MSG_V2, the qemu code will happily send v2
messages anyway. This has nothing to do with the patch, I'm just
noting it here.

In that case, maybe it is better to return something like -ENOTSUP?

Thanks!


-Siwei


Some open questions:

Should we make the vdpa driver return error as long as a feature is
used but not set by qemu, or let it as undefined? I guess we have to
keep the batching at least without checking so the kernel supports old
versions of qemu.

On the other hand, should we return an error if IOTLB_MSG_V2 is not
supported here? We're basically assuming it in other functions.


To fix it, send down ioctl only once via the first
vhost_dev with index 0. Toggle the polarity of the
vhost_vdpa_one_time_request() test would do the trick.

Signed-off-by: Si-Wei Liu 

Acked-by: Eugenio Pérez 


---
hw/virtio/vhost-vdpa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index c5ed7a3..27ea706 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
@@ -665,7 +665,7 @@ static int vhost_vdpa_set_backend_cap(struct vhost_dev *dev)

features &= f;

-if 

Re: [PATCH 2/2] NVDIMM: Init vNVDIMM's LSA index block if it hasn't been

[Robert Hoo]

On Thu, 2022-03-31 at 16:41 +0200, Igor Mammedov wrote:
> On Thu, 31 Mar 2022 21:08:12 +0800
> Robert Hoo  wrote:
>  
> > > 
> > > Can user initialize/format LSA from guest using ndctl/some other
> > > tool?
> > >   
> > 
> > Yes, he can. But when guest Kernel already told him this is a dimm
> > without label capability, dare/should he take this dangerous
> > action?;-)
> 
> I don't think this feature belongs to QEMU (i.e. hw emulation).
> It's task that is usually accomplished by firmware or OS
> (in context of QEMU its guest's responsibility).
> 

Thanks Igor.
Actually before I compose this patch, I was pondering on this as well:
whose obligation to fulfill this function, i.e. initialize the LSA.

So I asked around (and still asking), knowing these about native usage,
(correct me if I'm wrong), which we virtualization should mimic in
principle:

a) before user start to use NVDIMM, he's supposed to ipmctl[0] create
goal firstly, to determine 2LM mode or app direct mode, which usually
initializes the LSA. So user doesn't necessarily to explicit 'ndctl
init-label' although he can do this to init LSA again.

b) I heard that, perhaps, even when DIMMs are sent out from factory, it
has LSA initialized (not quite certain about this, I'm still
confirming).

What specs say
---
In NVDIMM Namespace spec[1], Chap 2 "Namespaces": 
"NVDIMM vendors define the size of their label storage area and,
therefor, the number of labels it holds."

I think: In QEMU context, it's QEMU who's the vNVDIMM's vendor.

In UEFI spec [2], "13.19 NVDIMM Label Protocol", page 640:
"Before Index Blocks and labels can be utilized, the software managing
the Label Storage Area must determine the total number of labels that
will be supported and utilizing the description above, calculate the
size of the Index Blocks required."

I think: In QEMU context, it's QEMU who emulates LSA and therefore the
management software of it.

What's real limitation on QEMU vNVDIMM implementation
---
In VM:
ipmctl isn't supported.
Only app direct mode is supported. (i.e. no bother to ipmctl create
goal first).
vNVDIMM is actually presented to user in a ready-to-use initial state.
We never tell user you must 'ndctl init-label' then can use it.
Nor tell user that you should 'ipmctl create-goal' first, because in
fact ipmctl isn't available at all.


That's all the story and thoughts before I compose this patch:)

[0] https://docs.pmem.io/ipmctl-user-guide/ (and, ipmctl is for Intel
Optane PMEM only)
[1] https://pmem.io/documents/NVDIMM_Namespace_Spec.pdf
[2] 
https://uefi.org/sites/default/files/resources/UEFI_Spec_2_9_2021_03_18.pdf

> 
> PS:
> It's true that QEMU caries some 'firmware' code, like composing
> ACPI tables but we do it only to reduce QEMU<->firmware ABI
> necessary for hardware description and that's pretty much it.
> Unfortunately this series doesn't fit the bill.
> 
Yeah, I've seen this part of code, but a little difficult to comprehend
them, especially for me a stranger to ACPI. Where can I find related
design document?
I now only find a valuable doc: docs/specs/acpi_nvdimm.rst.
> 

[PATCH V2 4/4] net/colo.c: fix segmentation fault when packet is not parsed correctly

[Zhang Chen]

When COLO use only one vnet_hdr_support parameter between
filter-redirector and filter-mirror(or colo-compare), COLO will crash
with segmentation fault. Back track as follow:

Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x55cb200b in eth_get_l2_hdr_length (p=0x0)
at /home/tao/project/COLO/colo-qemu/include/net/eth.h:296
296 uint16_t proto = be16_to_cpu(PKT_GET_ETH_HDR(p)->h_proto);
(gdb) bt
0  0x55cb200b in eth_get_l2_hdr_length (p=0x0)
at /home/tao/project/COLO/colo-qemu/include/net/eth.h:296
1  0x55cb22b4 in parse_packet_early (pkt=0x56a44840) at
net/colo.c:49
2  0x55cb2b91 in is_tcp_packet (pkt=0x56a44840) at
net/filter-rewriter.c:63

So wrong vnet_hdr_len will cause pkt->data become NULL. Add check to
raise error and add trace-events to track vnet_hdr_len.

Signed-off-by: Tao Xu 
Signed-off-by: Zhang Chen 
Reviewed-by: Li Zhijian 
---
 net/colo.c   | 9 -
 net/trace-events | 1 +
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/net/colo.c b/net/colo.c
index 694f3c93ef..6b0ff562ad 100644
--- a/net/colo.c
+++ b/net/colo.c
@@ -46,7 +46,14 @@ int parse_packet_early(Packet *pkt)
 static const uint8_t vlan[] = {0x81, 0x00};
 uint8_t *data = pkt->data + pkt->vnet_hdr_len;
 uint16_t l3_proto;
-ssize_t l2hdr_len = eth_get_l2_hdr_length(data);
+ssize_t l2hdr_len;
+
+if (data == NULL) {
+trace_colo_proxy_main_vnet_info("This packet is not parsed correctly, "
+"pkt->vnet_hdr_len", 
pkt->vnet_hdr_len);
+return 1;
+}
+l2hdr_len = eth_get_l2_hdr_length(data);
 
 if (pkt->size < ETH_HLEN + pkt->vnet_hdr_len) {
 trace_colo_proxy_main("pkt->size < ETH_HLEN");
diff --git a/net/trace-events b/net/trace-events
index d7a17256cc..6af927b4b9 100644
--- a/net/trace-events
+++ b/net/trace-events
@@ -9,6 +9,7 @@ vhost_user_event(const char *chr, int event) "chr: %s got 
event: %d"
 
 # colo.c
 colo_proxy_main(const char *chr) ": %s"
+colo_proxy_main_vnet_info(const char *sta, int size) ": %s = %d"
 
 # colo-compare.c
 colo_compare_main(const char *chr) ": %s"
-- 
2.25.1

[PATCH V2 3/4] net/colo.c: No need to track conn_list for filter-rewriter

[Zhang Chen]

Filter-rewriter no need to track connection in conn_list.
This patch fix the glib g_queue_is_empty assertion when COLO guest
keep a lot of network connection.

Signed-off-by: Zhang Chen 
Reviewed-by: Li Zhijian 
---
 net/colo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/colo.c b/net/colo.c
index 1f8162f59f..694f3c93ef 100644
--- a/net/colo.c
+++ b/net/colo.c
@@ -218,7 +218,7 @@ Connection *connection_get(GHashTable 
*connection_track_table,
 /*
  * clear the conn_list
  */
-while (!g_queue_is_empty(conn_list)) {
+while (conn_list && !g_queue_is_empty(conn_list)) {
 connection_destroy(g_queue_pop_head(conn_list));
 }
 }
-- 
2.25.1

[PATCH V2 1/4] softmmu/runstate.c: add RunStateTransition support form COLO to PRELAUNCH

[Zhang Chen]

If the checkpoint occurs when the guest finishes restarting
but has not started running, the runstate_set() may reject
the transition from COLO to PRELAUNCH with the crash log:

{"timestamp": {"seconds": 1593484591, "microseconds": 26605},\
"event": "RESET", "data": {"guest": true, "reason": "guest-reset"}}
qemu-system-x86_64: invalid runstate transition: 'colo' -> 'prelaunch'

Long-term testing says that it's pretty safe.

Signed-off-by: Like Xu 
Signed-off-by: Zhang Chen 
---
 softmmu/runstate.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/softmmu/runstate.c b/softmmu/runstate.c
index e0d869b21a..c021c56338 100644
--- a/softmmu/runstate.c
+++ b/softmmu/runstate.c
@@ -127,6 +127,7 @@ static const RunStateTransition runstate_transitions_def[] 
= {
 { RUN_STATE_RESTORE_VM, RUN_STATE_PRELAUNCH },
 
 { RUN_STATE_COLO, RUN_STATE_RUNNING },
+{ RUN_STATE_COLO, RUN_STATE_PRELAUNCH },
 { RUN_STATE_COLO, RUN_STATE_SHUTDOWN},
 
 { RUN_STATE_RUNNING, RUN_STATE_DEBUG },
-- 
2.25.1

[PATCH V2 2/4] net/colo: Fix a "double free" crash to clear the conn_list

[Zhang Chen]

We notice the QEMU may crash when the guest has too many
incoming network connections with the following log:

15197@1593578622.668573:colo_proxy_main : colo proxy connection hashtable full, 
clear it
free(): invalid pointer
[1]15195 abort (core dumped)  qemu-system-x86_64 

This is because we create the s->connection_track_table with
g_hash_table_new_full() which is defined as:

GHashTable * g_hash_table_new_full (GHashFunc hash_func,
   GEqualFunc key_equal_func,
   GDestroyNotify key_destroy_func,
   GDestroyNotify value_destroy_func);

The fourth parameter connection_destroy() will be called to free the
memory allocated for all 'Connection' values in the hashtable when
we call g_hash_table_remove_all() in the connection_hashtable_reset().

But both connection_track_table and conn_list reference to the same
conn instance. It will trigger double free in conn_list clear. So this
patch remove free action on hash table side to avoid double free the
conn.

Signed-off-by: Like Xu 
Signed-off-by: Zhang Chen 
---
 net/colo-compare.c| 2 +-
 net/filter-rewriter.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/colo-compare.c b/net/colo-compare.c
index 62554b5b3c..ab054cfd21 100644
--- a/net/colo-compare.c
+++ b/net/colo-compare.c
@@ -1324,7 +1324,7 @@ static void colo_compare_complete(UserCreatable *uc, 
Error **errp)
 s->connection_track_table = g_hash_table_new_full(connection_key_hash,
   connection_key_equal,
   g_free,
-  connection_destroy);
+  NULL);
 
 colo_compare_iothread(s);
 
diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
index bf05023dc3..c18c4c2019 100644
--- a/net/filter-rewriter.c
+++ b/net/filter-rewriter.c
@@ -383,7 +383,7 @@ static void colo_rewriter_setup(NetFilterState *nf, Error 
**errp)
 s->connection_track_table = g_hash_table_new_full(connection_key_hash,
   connection_key_equal,
   g_free,
-  connection_destroy);
+  NULL);
 s->incoming_queue = qemu_new_net_queue(qemu_netfilter_pass_to_next, nf);
 }
 
-- 
2.25.1

[PATCH V2 0/4] COLO net and runstate bugfix/optimization

[Zhang Chen]

This series fix some COLO related issues in internal stress testing.

 - V2:
- Add more comments in patch 2/4 commit log.

Zhang Chen (4):
  softmmu/runstate.c: add RunStateTransition support form COLO to
PRELAUNCH
  net/colo: Fix a "double free" crash to clear the conn_list
  net/colo.c: No need to track conn_list for filter-rewriter
  net/colo.c: fix segmentation fault when packet is not parsed correctly

 net/colo-compare.c|  2 +-
 net/colo.c| 11 +--
 net/filter-rewriter.c |  2 +-
 net/trace-events  |  1 +
 softmmu/runstate.c|  1 +
 5 files changed, 13 insertions(+), 4 deletions(-)

-- 
2.25.1

[PATCH v4 7/9] aspeed/soc : Add AST1030 support

[Jamin Lin]

From: Steven Lee 

The embedded core of AST1030 SoC is ARM Coretex M4.
It is hard to be integrated in the common Aspeed Soc framework.
We introduce a new ast1030 class with instance_init and realize
handlers.

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
---
 hw/arm/aspeed_ast10xx.c | 299 
 hw/arm/meson.build  |   6 +-
 include/hw/arm/aspeed_soc.h |   3 +
 3 files changed, 307 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/aspeed_ast10xx.c

diff --git a/hw/arm/aspeed_ast10xx.c b/hw/arm/aspeed_ast10xx.c
new file mode 100644
index 00..0567527671
--- /dev/null
+++ b/hw/arm/aspeed_ast10xx.c
@@ -0,0 +1,299 @@
+/*
+ * ASPEED AST10xx SoC
+ *
+ * Copyright (C) 2022 ASPEED Technology Inc.
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ *
+ * Implementation extracted from the AST2600 and adapted for AST10xx.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "exec/address-spaces.h"
+#include "sysemu/sysemu.h"
+#include "hw/qdev-clock.h"
+#include "hw/misc/unimp.h"
+#include "hw/char/serial.h"
+#include "hw/arm/aspeed_soc.h"
+
+#define ASPEED_SOC_IOMEM_SIZE 0x0020
+
+static const hwaddr aspeed_soc_ast1030_memmap[] = {
+[ASPEED_DEV_SRAM]  = 0x,
+[ASPEED_DEV_SBC]   = 0x7900,
+[ASPEED_DEV_IOMEM] = 0x7E60,
+[ASPEED_DEV_PWM]   = 0x7E61,
+[ASPEED_DEV_FMC]   = 0x7E62,
+[ASPEED_DEV_SPI1]  = 0x7E63,
+[ASPEED_DEV_SPI2]  = 0x7E64,
+[ASPEED_DEV_SCU]   = 0x7E6E2000,
+[ASPEED_DEV_ADC]   = 0x7E6E9000,
+[ASPEED_DEV_SBC]   = 0x7E6F2000,
+[ASPEED_DEV_GPIO]  = 0x7E78,
+[ASPEED_DEV_TIMER1]= 0x7E782000,
+[ASPEED_DEV_UART5] = 0x7E784000,
+[ASPEED_DEV_WDT]   = 0x7E785000,
+[ASPEED_DEV_LPC]   = 0x7E789000,
+[ASPEED_DEV_I2C]   = 0x7E7B,
+};
+
+static const int aspeed_soc_ast1030_irqmap[] = {
+[ASPEED_DEV_UART5] = 8,
+[ASPEED_DEV_GPIO]  = 11,
+[ASPEED_DEV_TIMER1]= 16,
+[ASPEED_DEV_TIMER2]= 17,
+[ASPEED_DEV_TIMER3]= 18,
+[ASPEED_DEV_TIMER4]= 19,
+[ASPEED_DEV_TIMER5]= 20,
+[ASPEED_DEV_TIMER6]= 21,
+[ASPEED_DEV_TIMER7]= 22,
+[ASPEED_DEV_TIMER8]= 23,
+[ASPEED_DEV_WDT]   = 24,
+[ASPEED_DEV_LPC]   = 35,
+[ASPEED_DEV_FMC]   = 39,
+[ASPEED_DEV_PWM]   = 44,
+[ASPEED_DEV_ADC]   = 46,
+[ASPEED_DEV_SPI1]  = 65,
+[ASPEED_DEV_SPI2]  = 66,
+[ASPEED_DEV_I2C]   = 110, /* 110 ~ 123 */
+[ASPEED_DEV_KCS]   = 138, /* 138 -> 142 */
+};
+
+static qemu_irq aspeed_soc_get_irq(AspeedSoCState *s, int ctrl)
+{
+AspeedSoCClass *sc = ASPEED_SOC_GET_CLASS(s);
+
+return qdev_get_gpio_in(DEVICE(>armv7m), sc->irqmap[ctrl]);
+}
+
+static void aspeed_soc_ast1030_init(Object *obj)
+{
+AspeedSoCState *s = ASPEED_SOC(obj);
+AspeedSoCClass *sc = ASPEED_SOC_GET_CLASS(s);
+char socname[8];
+char typename[64];
+int i;
+
+if (sscanf(sc->name, "%7s", socname) != 1) {
+g_assert_not_reached();
+}
+
+object_initialize_child(obj, "armv7m", >armv7m, TYPE_ARMV7M);
+
+s->sysclk = qdev_init_clock_in(DEVICE(s), "sysclk", NULL, NULL, 0);
+
+snprintf(typename, sizeof(typename), "aspeed.scu-%s", socname);
+object_initialize_child(obj, "scu", >scu, typename);
+qdev_prop_set_uint32(DEVICE(>scu), "silicon-rev", sc->silicon_rev);
+
+object_property_add_alias(obj, "hw-strap1", OBJECT(>scu), "hw-strap1");
+object_property_add_alias(obj, "hw-strap2", OBJECT(>scu), "hw-strap2");
+
+snprintf(typename, sizeof(typename), "aspeed.timer-%s", socname);
+object_initialize_child(obj, "timerctrl", >timerctrl, typename);
+
+snprintf(typename, sizeof(typename), "aspeed.adc-%s", socname);
+object_initialize_child(obj, "adc", >adc, typename);
+
+snprintf(typename, sizeof(typename), "aspeed.fmc-%s", socname);
+object_initialize_child(obj, "fmc", >fmc, typename);
+
+for (i = 0; i < sc->spis_num; i++) {
+snprintf(typename, sizeof(typename), "aspeed.spi%d-%s", i + 1, 
socname);
+object_initialize_child(obj, "spi[*]", >spi[i], typename);
+}
+
+object_initialize_child(obj, "lpc", >lpc, TYPE_ASPEED_LPC);
+
+object_initialize_child(obj, "sbc", >sbc, TYPE_ASPEED_SBC);
+
+for (i = 0; i < sc->wdts_num; i++) {
+snprintf(typename, sizeof(typename), "aspeed.wdt-%s", socname);
+object_initialize_child(obj, "wdt[*]", >wdt[i], typename);
+}
+}
+
+static void aspeed_soc_ast1030_realize(DeviceState *dev_soc, Error **errp)
+{
+AspeedSoCState *s = ASPEED_SOC(dev_soc);
+AspeedSoCClass *sc = ASPEED_SOC_GET_CLASS(s);
+MemoryRegion *system_memory = get_system_memory();
+DeviceState *armv7m;
+Error *err = NULL;
+int i;
+
+if (!clock_has_source(s->sysclk)) {
+

[PATCH v4 9/9] test/avocado/machine_aspeed.py: Add ast1030 test case

[Jamin Lin]

Add test case to test "ast1030-evb" machine with zephyr os

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
Reviewed-by: Cédric Le Goater 
---
 tests/avocado/machine_aspeed.py | 36 +
 1 file changed, 36 insertions(+)
 create mode 100644 tests/avocado/machine_aspeed.py

diff --git a/tests/avocado/machine_aspeed.py b/tests/avocado/machine_aspeed.py
new file mode 100644
index 00..33090af199
--- /dev/null
+++ b/tests/avocado/machine_aspeed.py
@@ -0,0 +1,36 @@
+# Functional test that boots the ASPEED SoCs with firmware
+#
+# Copyright (C) 2022 ASPEED Technology Inc
+#
+# This work is licensed under the terms of the GNU GPL, version 2 or
+# later.  See the COPYING file in the top-level directory.
+
+from avocado_qemu import QemuSystemTest
+from avocado_qemu import wait_for_console_pattern
+from avocado_qemu import exec_command_and_wait_for_pattern
+from avocado.utils import archive
+
+
+class AST1030Machine(QemuSystemTest):
+"""Boots the zephyr os and checks that the console is operational"""
+
+timeout = 10
+
+def test_ast1030_zephyros(self):
+"""
+:avocado: tags=arch:arm
+:avocado: tags=machine:ast1030-evb
+"""
+tar_url = ('https://github.com/AspeedTech-BMC'
+   '/zephyr/releases/download/v00.01.04/ast1030-evb-demo.zip')
+tar_hash = '4c6a8ce3a8ba76ef1a65dae419ae3409343c4b20'
+tar_path = self.fetch_asset(tar_url, asset_hash=tar_hash)
+archive.extract(tar_path, self.workdir)
+kernel_file = self.workdir + "/ast1030-evb-demo/zephyr.elf"
+self.vm.set_console()
+self.vm.add_args('-kernel', kernel_file,
+ '-nographic')
+self.vm.launch()
+wait_for_console_pattern(self, "Booting Zephyr OS")
+exec_command_and_wait_for_pattern(self, "help",
+  "Available commands")
-- 
2.17.1

[PATCH v4 8/9] aspeed: Add an AST1030 eval board

[Jamin Lin]

The image should be supplied with ELF binary.
$ qemu-system-arm -M ast1030-evb -kernel zephyr.elf -nographic

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
---
 hw/arm/aspeed.c | 97 +
 include/hw/arm/aspeed.h |  6 +--
 2 files changed, 100 insertions(+), 3 deletions(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index d205384d98..30b49d2db1 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -24,6 +24,7 @@
 #include "hw/loader.h"
 #include "qemu/error-report.h"
 #include "qemu/units.h"
+#include "hw/qdev-clock.h"
 
 static struct arm_boot_info aspeed_board_binfo = {
 .board_id = -1, /* device-tree-only board */
@@ -1361,3 +1362,99 @@ static const TypeInfo aspeed_machine_types[] = {
 };
 
 DEFINE_TYPES(aspeed_machine_types)
+
+#define AST1030_INTERNAL_FLASH_SIZE (1024 * 1024)
+/* Main SYSCLK frequency in Hz (200MHz) */
+#define SYSCLK_FRQ 2ULL
+
+static void aspeed_minibmc_machine_ast1030_evb_class_init(ObjectClass *oc,
+  void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+AspeedMachineClass *amc = ASPEED_MINIBMC_MACHINE_CLASS(oc);
+
+mc->desc = "Aspeed AST1030 MiniBMC (Cortex-M4)";
+amc->soc_name = "ast1030-a1";
+amc->hw_strap1 = 0;
+amc->hw_strap2 = 0;
+mc->default_ram_size = 0;
+mc->default_cpus = mc->min_cpus = mc->max_cpus = 1;
+amc->fmc_model = "sst25vf032b";
+amc->spi_model = "sst25vf032b";
+amc->num_cs = 2;
+}
+
+static void ast1030_machine_instance_init(Object *obj)
+{
+ASPEED_MINIBMC_MACHINE(obj)->mmio_exec = false;
+}
+
+static void aspeed_minibmc_machine_init(MachineState *machine)
+{
+AspeedMachineState *bmc = ASPEED_MINIBMC_MACHINE(machine);
+AspeedMachineClass *amc = ASPEED_MINIBMC_MACHINE_GET_CLASS(machine);
+Clock *sysclk;
+
+sysclk = clock_new(OBJECT(machine), "SYSCLK");
+clock_set_hz(sysclk, SYSCLK_FRQ);
+
+object_initialize_child(OBJECT(machine), "soc", >soc, amc->soc_name);
+qdev_connect_clock_in(DEVICE(>soc), "sysclk", sysclk);
+
+qdev_prop_set_uint32(DEVICE(>soc), "uart-default",
+ amc->uart_default);
+qdev_realize(DEVICE(>soc), NULL, _abort);
+
+aspeed_board_init_flashes(>soc.fmc,
+  bmc->fmc_model ? bmc->fmc_model : amc->fmc_model,
+  amc->num_cs,
+  0);
+
+aspeed_board_init_flashes(>soc.spi[0],
+  bmc->spi_model ? bmc->spi_model : amc->spi_model,
+  amc->num_cs, amc->num_cs);
+
+aspeed_board_init_flashes(>soc.spi[1],
+  bmc->spi_model ? bmc->spi_model : amc->spi_model,
+  amc->num_cs, (amc->num_cs * 2));
+
+if (amc->i2c_init) {
+amc->i2c_init(bmc);
+}
+
+armv7m_load_kernel(ARM_CPU(first_cpu),
+   machine->kernel_filename,
+   AST1030_INTERNAL_FLASH_SIZE);
+}
+
+static void aspeed_minibmc_machine_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+AspeedMachineClass *amc = ASPEED_MINIBMC_MACHINE_CLASS(oc);
+
+mc->init = aspeed_minibmc_machine_init;
+mc->no_floppy = 1;
+mc->no_cdrom = 1;
+mc->no_parallel = 1;
+mc->default_ram_id = "ram";
+amc->uart_default = ASPEED_DEV_UART5;
+}
+
+static const TypeInfo aspeed_minibmc_machine_types[] = {
+{
+.name   = MACHINE_TYPE_NAME("ast1030-evb"),
+.parent = TYPE_ASPEED_MINIBMC_MACHINE,
+.class_init = aspeed_minibmc_machine_ast1030_evb_class_init,
+}, {
+.name   = TYPE_ASPEED_MINIBMC_MACHINE,
+.parent = TYPE_MACHINE,
+.instance_size  = sizeof(AspeedMachineState),
+.instance_init  = ast1030_machine_instance_init,
+.class_size= sizeof(AspeedMachineClass),
+.class_init= aspeed_minibmc_machine_class_init,
+.abstract  = true,
+}
+};
+
+DEFINE_TYPES(aspeed_minibmc_machine_types)
+
diff --git a/include/hw/arm/aspeed.h b/include/hw/arm/aspeed.h
index cbeacb214c..b7411c860d 100644
--- a/include/hw/arm/aspeed.h
+++ b/include/hw/arm/aspeed.h
@@ -13,18 +13,19 @@
 #include "qom/object.h"
 
 typedef struct AspeedMachineState AspeedMachineState;
-
 #define TYPE_ASPEED_MACHINE   MACHINE_TYPE_NAME("aspeed")
+#define TYPE_ASPEED_MINIBMC_MACHINE MACHINE_TYPE_NAME("aspeed-minibmc")
 typedef struct AspeedMachineClass AspeedMachineClass;
 DECLARE_OBJ_CHECKERS(AspeedMachineState, AspeedMachineClass,
  ASPEED_MACHINE, TYPE_ASPEED_MACHINE)
+DECLARE_OBJ_CHECKERS(AspeedMachineState, AspeedMachineClass,
+ ASPEED_MINIBMC_MACHINE, TYPE_ASPEED_MINIBMC_MACHINE)
 
 #define ASPEED_MAC0_ON   (1 << 0)
 #define ASPEED_MAC1_ON   (1 << 1)
 #define ASPEED_MAC2_ON   (1 << 2)
 #define ASPEED_MAC3_ON   (1 << 3)
 
-
 

[PATCH v4 3/9] aspeed/wdt: Fix ast2500/ast2600 default reload value.

[Jamin Lin]

From: Steven Lee 

Per ast2500_2520_datasheet_v1.8 and ast2600v11.pdf, the default value of
WDT00 and WDT04 is 0x014FB180 for ast2500/ast2600.
Add default_status and default_reload_value attributes for storing
counter status and reload value as they are different from ast2400.

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
Reviewed-by: Cédric Le Goater 
---
 hw/watchdog/wdt_aspeed.c | 10 --
 include/hw/watchdog/wdt_aspeed.h |  2 ++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw/watchdog/wdt_aspeed.c b/hw/watchdog/wdt_aspeed.c
index 6aa6f90b66..386928e9c0 100644
--- a/hw/watchdog/wdt_aspeed.c
+++ b/hw/watchdog/wdt_aspeed.c
@@ -232,8 +232,8 @@ static void aspeed_wdt_reset(DeviceState *dev)
 AspeedWDTState *s = ASPEED_WDT(dev);
 AspeedWDTClass *awc = ASPEED_WDT_GET_CLASS(s);
 
-s->regs[WDT_STATUS] = 0x3EF1480;
-s->regs[WDT_RELOAD_VALUE] = 0x03EF1480;
+s->regs[WDT_STATUS] = awc->default_status;
+s->regs[WDT_RELOAD_VALUE] = awc->default_reload_value;
 s->regs[WDT_RESTART] = 0;
 s->regs[WDT_CTRL] = awc->sanitize_ctrl(0);
 s->regs[WDT_RESET_WIDTH] = 0xFF;
@@ -319,6 +319,8 @@ static void aspeed_2400_wdt_class_init(ObjectClass *klass, 
void *data)
 awc->reset_ctrl_reg = SCU_RESET_CONTROL1;
 awc->wdt_reload = aspeed_wdt_reload;
 awc->sanitize_ctrl = aspeed_2400_sanitize_ctrl;
+awc->default_status = 0x03EF1480;
+awc->default_reload_value = 0x03EF1480;
 }
 
 static const TypeInfo aspeed_2400_wdt_info = {
@@ -355,6 +357,8 @@ static void aspeed_2500_wdt_class_init(ObjectClass *klass, 
void *data)
 awc->reset_pulse = aspeed_2500_wdt_reset_pulse;
 awc->wdt_reload = aspeed_wdt_reload_1mhz;
 awc->sanitize_ctrl = aspeed_2500_sanitize_ctrl;
+awc->default_status = 0x014FB180;
+awc->default_reload_value = 0x014FB180;
 }
 
 static const TypeInfo aspeed_2500_wdt_info = {
@@ -376,6 +380,8 @@ static void aspeed_2600_wdt_class_init(ObjectClass *klass, 
void *data)
 awc->reset_pulse = aspeed_2500_wdt_reset_pulse;
 awc->wdt_reload = aspeed_wdt_reload_1mhz;
 awc->sanitize_ctrl = aspeed_2600_sanitize_ctrl;
+awc->default_status = 0x014FB180;
+awc->default_reload_value = 0x014FB180;
 }
 
 static const TypeInfo aspeed_2600_wdt_info = {
diff --git a/include/hw/watchdog/wdt_aspeed.h b/include/hw/watchdog/wdt_aspeed.h
index f945cd6c58..0e37f39f38 100644
--- a/include/hw/watchdog/wdt_aspeed.h
+++ b/include/hw/watchdog/wdt_aspeed.h
@@ -45,6 +45,8 @@ struct AspeedWDTClass {
 void (*reset_pulse)(AspeedWDTState *s, uint32_t property);
 void (*wdt_reload)(AspeedWDTState *s);
 uint64_t (*sanitize_ctrl)(uint64_t data);
+uint32_t default_status;
+uint32_t default_reload_value;
 };
 
 #endif /* WDT_ASPEED_H */
-- 
2.17.1

[PATCH v4 4/9] aspeed/wdt: Add AST1030 support

[Jamin Lin]

From: Steven Lee 

AST1030 wdt controller is similiar to AST2600's wdt, but it has extra
registers.
Introduce ast1030 object class and increse the number of regs(offset) of
ast1030 model.

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
Reviewed-by: Cédric Le Goater 
---
 hw/watchdog/wdt_aspeed.c | 24 
 include/hw/watchdog/wdt_aspeed.h |  1 +
 2 files changed, 25 insertions(+)

diff --git a/hw/watchdog/wdt_aspeed.c b/hw/watchdog/wdt_aspeed.c
index 386928e9c0..31855afdf4 100644
--- a/hw/watchdog/wdt_aspeed.c
+++ b/hw/watchdog/wdt_aspeed.c
@@ -391,6 +391,29 @@ static const TypeInfo aspeed_2600_wdt_info = {
 .class_init = aspeed_2600_wdt_class_init,
 };
 
+static void aspeed_1030_wdt_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+AspeedWDTClass *awc = ASPEED_WDT_CLASS(klass);
+
+dc->desc = "ASPEED 1030 Watchdog Controller";
+awc->offset = 0x80;
+awc->ext_pulse_width_mask = 0xf; /* TODO */
+awc->reset_ctrl_reg = AST2600_SCU_RESET_CONTROL1;
+awc->reset_pulse = aspeed_2500_wdt_reset_pulse;
+awc->wdt_reload = aspeed_wdt_reload_1mhz;
+awc->sanitize_ctrl = aspeed_2600_sanitize_ctrl;
+awc->default_status = 0x014FB180;
+awc->default_reload_value = 0x014FB180;
+}
+
+static const TypeInfo aspeed_1030_wdt_info = {
+.name = TYPE_ASPEED_1030_WDT,
+.parent = TYPE_ASPEED_WDT,
+.instance_size = sizeof(AspeedWDTState),
+.class_init = aspeed_1030_wdt_class_init,
+};
+
 static void wdt_aspeed_register_types(void)
 {
 watchdog_add_model();
@@ -398,6 +421,7 @@ static void wdt_aspeed_register_types(void)
 type_register_static(_2400_wdt_info);
 type_register_static(_2500_wdt_info);
 type_register_static(_2600_wdt_info);
+type_register_static(_1030_wdt_info);
 }
 
 type_init(wdt_aspeed_register_types)
diff --git a/include/hw/watchdog/wdt_aspeed.h b/include/hw/watchdog/wdt_aspeed.h
index 0e37f39f38..dfa5dfa424 100644
--- a/include/hw/watchdog/wdt_aspeed.h
+++ b/include/hw/watchdog/wdt_aspeed.h
@@ -19,6 +19,7 @@ OBJECT_DECLARE_TYPE(AspeedWDTState, AspeedWDTClass, 
ASPEED_WDT)
 #define TYPE_ASPEED_2400_WDT TYPE_ASPEED_WDT "-ast2400"
 #define TYPE_ASPEED_2500_WDT TYPE_ASPEED_WDT "-ast2500"
 #define TYPE_ASPEED_2600_WDT TYPE_ASPEED_WDT "-ast2600"
+#define TYPE_ASPEED_1030_WDT TYPE_ASPEED_WDT "-ast1030"
 
 #define ASPEED_WDT_REGS_MAX(0x20 / 4)
 
-- 
2.17.1

[PATCH v4 6/9] aspeed/scu: Add AST1030 support

[Jamin Lin]

From: Steven Lee 

Per ast1030_v07.pdf, AST1030 SOC doesn't have SCU300, the pclk divider
selection is defined in SCU310[11:8].
Add a get_apb_freq function and a class init handler for ast1030.

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
Reviewed-by: Cédric Le Goater 
---
 hw/misc/aspeed_scu.c | 63 
 include/hw/misc/aspeed_scu.h | 25 ++
 2 files changed, 88 insertions(+)

diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
index 150567f98a..19b03471fc 100644
--- a/hw/misc/aspeed_scu.c
+++ b/hw/misc/aspeed_scu.c
@@ -235,6 +235,15 @@ static uint32_t 
aspeed_2600_scu_get_apb_freq(AspeedSCUState *s)
 / asc->apb_divider;
 }
 
+static uint32_t aspeed_1030_scu_get_apb_freq(AspeedSCUState *s)
+{
+AspeedSCUClass *asc = ASPEED_SCU_GET_CLASS(s);
+uint32_t hpll = asc->calc_hpll(s, s->regs[AST2600_HPLL_PARAM]);
+
+return hpll / (SCU_AST1030_CLK_GET_PCLK_DIV(s->regs[AST2600_CLK_SEL4]) + 1)
+/ asc->apb_divider;
+}
+
 static uint64_t aspeed_scu_read(void *opaque, hwaddr offset, unsigned size)
 {
 AspeedSCUState *s = ASPEED_SCU(opaque);
@@ -482,6 +491,8 @@ static uint32_t aspeed_silicon_revs[] = {
 AST2600_A1_SILICON_REV,
 AST2600_A2_SILICON_REV,
 AST2600_A3_SILICON_REV,
+AST1030_A0_SILICON_REV,
+AST1030_A1_SILICON_REV,
 };
 
 bool is_supported_silicon_rev(uint32_t silicon_rev)
@@ -770,12 +781,64 @@ static const TypeInfo aspeed_2600_scu_info = {
 .class_init = aspeed_2600_scu_class_init,
 };
 
+static const uint32_t ast1030_a1_resets[ASPEED_AST2600_SCU_NR_REGS] = {
+[AST2600_SYS_RST_CTRL]  = 0xFFC3FED8,
+[AST2600_SYS_RST_CTRL2] = 0x09FC,
+[AST2600_CLK_STOP_CTRL] = 0x7F8A,
+[AST2600_CLK_STOP_CTRL2]= 0xFFF0FFF0,
+[AST2600_DEBUG_CTRL2]   = 0x,
+[AST2600_HPLL_PARAM]= 0x10004077,
+[AST2600_HPLL_EXT]  = 0x0031,
+[AST2600_CLK_SEL4]  = 0x43F90900,
+[AST2600_CLK_SEL5]  = 0x4000,
+[AST2600_CHIP_ID0]  = 0xDEADBEEF,
+[AST2600_CHIP_ID1]  = 0x0BADCAFE,
+};
+
+static void aspeed_ast1030_scu_reset(DeviceState *dev)
+{
+AspeedSCUState *s = ASPEED_SCU(dev);
+AspeedSCUClass *asc = ASPEED_SCU_GET_CLASS(dev);
+
+memcpy(s->regs, asc->resets, asc->nr_regs * 4);
+
+s->regs[AST2600_SILICON_REV] = AST1030_A1_SILICON_REV;
+s->regs[AST2600_SILICON_REV2] = s->silicon_rev;
+s->regs[AST2600_HW_STRAP1] = s->hw_strap1;
+s->regs[AST2600_HW_STRAP2] = s->hw_strap2;
+s->regs[PROT_KEY] = s->hw_prot_key;
+}
+
+static void aspeed_1030_scu_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+AspeedSCUClass *asc = ASPEED_SCU_CLASS(klass);
+
+dc->desc = "ASPEED 1030 System Control Unit";
+dc->reset = aspeed_ast1030_scu_reset;
+asc->resets = ast1030_a1_resets;
+asc->calc_hpll = aspeed_2600_scu_calc_hpll;
+asc->get_apb = aspeed_1030_scu_get_apb_freq;
+asc->apb_divider = 2;
+asc->nr_regs = ASPEED_AST2600_SCU_NR_REGS;
+asc->clkin_25Mhz = true;
+asc->ops = _ast2600_scu_ops;
+}
+
+static const TypeInfo aspeed_1030_scu_info = {
+.name = TYPE_ASPEED_1030_SCU,
+.parent = TYPE_ASPEED_SCU,
+.instance_size = sizeof(AspeedSCUState),
+.class_init = aspeed_1030_scu_class_init,
+};
+
 static void aspeed_scu_register_types(void)
 {
 type_register_static(_scu_info);
 type_register_static(_2400_scu_info);
 type_register_static(_2500_scu_info);
 type_register_static(_2600_scu_info);
+type_register_static(_1030_scu_info);
 }
 
 type_init(aspeed_scu_register_types);
diff --git a/include/hw/misc/aspeed_scu.h b/include/hw/misc/aspeed_scu.h
index fdc721846c..d71aa66e40 100644
--- a/include/hw/misc/aspeed_scu.h
+++ b/include/hw/misc/aspeed_scu.h
@@ -19,6 +19,7 @@ OBJECT_DECLARE_TYPE(AspeedSCUState, AspeedSCUClass, 
ASPEED_SCU)
 #define TYPE_ASPEED_2400_SCU TYPE_ASPEED_SCU "-ast2400"
 #define TYPE_ASPEED_2500_SCU TYPE_ASPEED_SCU "-ast2500"
 #define TYPE_ASPEED_2600_SCU TYPE_ASPEED_SCU "-ast2600"
+#define TYPE_ASPEED_1030_SCU TYPE_ASPEED_SCU "-ast1030"
 
 #define ASPEED_SCU_NR_REGS (0x1A8 >> 2)
 #define ASPEED_AST2600_SCU_NR_REGS (0xE20 >> 2)
@@ -45,6 +46,8 @@ struct AspeedSCUState {
 #define AST2600_A1_SILICON_REV   0x05010303U
 #define AST2600_A2_SILICON_REV   0x05020303U
 #define AST2600_A3_SILICON_REV   0x05030303U
+#define AST1030_A0_SILICON_REV   0x8000U
+#define AST1030_A1_SILICON_REV   0x8001U
 
 #define ASPEED_IS_AST2500(si_rev) si_rev) >> 24) & 0xff) == 0x04)
 
@@ -335,4 +338,26 @@ uint32_t aspeed_scu_get_apb_freq(AspeedSCUState *s);
 #define SCU_AST2600_H_PLL_BYPASS_EN(0x1 << 24)
 #define SCU_AST2600_H_PLL_OFF  (0x1 << 23)
 
+/*
+ * SCU310   Clock Selection Register Set 4 (for Aspeed AST1030 SOC)
+ *
+ *  31 I3C Clock Source selection
+ *  30:28  I3C clock divider selection
+ *  26:24 

[PATCH v4 2/9] aspeed/smc: Add AST1030 support

[Jamin Lin]

From: Steven Lee 

AST1030 spi controller's address decoding unit is 1MB that is identical
to ast2600, but fmc address decoding unit is 512kb.
Introduce seg_to_reg and reg_to_seg handlers for ast1030 fmc controller.
In addition, add ast1030 fmc, spi1, and spi2 class init handler.

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
Reviewed-by: Cédric Le Goater 
---
 hw/ssi/aspeed_smc.c | 157 
 1 file changed, 157 insertions(+)

diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index 48305e1574..68aa697164 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -1696,6 +1696,160 @@ static const TypeInfo aspeed_2600_spi2_info = {
 .class_init = aspeed_2600_spi2_class_init,
 };
 
+/*
+ * The FMC Segment Registers of the AST1030 have a 512KB unit.
+ * Only bits [27:19] are used for decoding.
+ */
+#define AST1030_SEG_ADDR_MASK 0x0ff8
+
+static uint32_t aspeed_1030_smc_segment_to_reg(const AspeedSMCState *s,
+const AspeedSegments *seg)
+{
+uint32_t reg = 0;
+
+/* Disabled segments have a nil register */
+if (!seg->size) {
+return 0;
+}
+
+reg |= (seg->addr & AST1030_SEG_ADDR_MASK) >> 16; /* start offset */
+reg |= (seg->addr + seg->size - 1) & AST1030_SEG_ADDR_MASK; /* end offset 
*/
+return reg;
+}
+
+static void aspeed_1030_smc_reg_to_segment(const AspeedSMCState *s,
+uint32_t reg, AspeedSegments *seg)
+{
+uint32_t start_offset = (reg << 16) & AST1030_SEG_ADDR_MASK;
+uint32_t end_offset = reg & AST1030_SEG_ADDR_MASK;
+AspeedSMCClass *asc = ASPEED_SMC_GET_CLASS(s);
+
+if (reg) {
+seg->addr = asc->flash_window_base + start_offset;
+seg->size = end_offset + (512 * KiB) - start_offset;
+} else {
+seg->addr = asc->flash_window_base;
+seg->size = 0;
+}
+}
+
+static const uint32_t aspeed_1030_fmc_resets[ASPEED_SMC_R_MAX] = {
+[R_CONF] = (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE0 |
+CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE1),
+};
+
+static const AspeedSegments aspeed_1030_fmc_segments[] = {
+{ 0x0, 128 * MiB }, /* start address is readonly */
+{ 128 * MiB, 128 * MiB }, /* default is disabled but needed for -kernel */
+{ 0x0, 0 }, /* disabled */
+};
+
+static void aspeed_1030_fmc_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+AspeedSMCClass *asc = ASPEED_SMC_CLASS(klass);
+
+dc->desc   = "Aspeed 1030 FMC Controller";
+asc->r_conf= R_CONF;
+asc->r_ce_ctrl = R_CE_CTRL;
+asc->r_ctrl0   = R_CTRL0;
+asc->r_timings = R_TIMINGS;
+asc->nregs_timings = 2;
+asc->conf_enable_w0= CONF_ENABLE_W0;
+asc->cs_num_max= 2;
+asc->segments  = aspeed_1030_fmc_segments;
+asc->segment_addr_mask = 0x0ff80ff8;
+asc->resets= aspeed_1030_fmc_resets;
+asc->flash_window_base = 0x8000;
+asc->flash_window_size = 0x1000;
+asc->features  = ASPEED_SMC_FEATURE_DMA;
+asc->dma_flash_mask= 0x0FFC;
+asc->dma_dram_mask = 0x000BFFFC;
+asc->nregs = ASPEED_SMC_R_MAX;
+asc->segment_to_reg= aspeed_1030_smc_segment_to_reg;
+asc->reg_to_segment= aspeed_1030_smc_reg_to_segment;
+asc->dma_ctrl  = aspeed_2600_smc_dma_ctrl;
+}
+
+static const TypeInfo aspeed_1030_fmc_info = {
+.name =  "aspeed.fmc-ast1030",
+.parent = TYPE_ASPEED_SMC,
+.class_init = aspeed_1030_fmc_class_init,
+};
+
+static const AspeedSegments aspeed_1030_spi1_segments[] = {
+{ 0x0, 128 * MiB }, /* start address is readonly */
+{ 0x0, 0 }, /* disabled */
+};
+
+static void aspeed_1030_spi1_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+AspeedSMCClass *asc = ASPEED_SMC_CLASS(klass);
+
+dc->desc   = "Aspeed 1030 SPI1 Controller";
+asc->r_conf= R_CONF;
+asc->r_ce_ctrl = R_CE_CTRL;
+asc->r_ctrl0   = R_CTRL0;
+asc->r_timings = R_TIMINGS;
+asc->nregs_timings = 2;
+asc->conf_enable_w0= CONF_ENABLE_W0;
+asc->cs_num_max= 2;
+asc->segments  = aspeed_1030_spi1_segments;
+asc->segment_addr_mask = 0x0ff00ff0;
+asc->flash_window_base = 0x9000;
+asc->flash_window_size = 0x1000;
+asc->features  = ASPEED_SMC_FEATURE_DMA;
+asc->dma_flash_mask= 0x0FFC;
+asc->dma_dram_mask = 0x000BFFFC;
+asc->nregs = ASPEED_SMC_R_MAX;
+asc->segment_to_reg= aspeed_2600_smc_segment_to_reg;
+asc->reg_to_segment= aspeed_2600_smc_reg_to_segment;
+asc->dma_ctrl  = aspeed_2600_smc_dma_ctrl;
+}
+
+static const TypeInfo aspeed_1030_spi1_info = {
+.name =  "aspeed.spi1-ast1030",
+.parent = TYPE_ASPEED_SMC,
+.class_init = aspeed_1030_spi1_class_init,
+};
+static const 

[PATCH v4 5/9] aspeed/timer: Add AST1030 support

[Jamin Lin]

From: Steven Lee 

ast1030 tmc(timer controller) is identical to ast2600 tmc.

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
Reviewed-by: Cédric Le Goater 
---
 hw/timer/aspeed_timer.c | 17 +
 include/hw/timer/aspeed_timer.h |  1 +
 2 files changed, 18 insertions(+)

diff --git a/hw/timer/aspeed_timer.c b/hw/timer/aspeed_timer.c
index 42c47d2ce6..9c20b3d6ad 100644
--- a/hw/timer/aspeed_timer.c
+++ b/hw/timer/aspeed_timer.c
@@ -745,12 +745,29 @@ static const TypeInfo aspeed_2600_timer_info = {
 .class_init = aspeed_2600_timer_class_init,
 };
 
+static void aspeed_1030_timer_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+AspeedTimerClass *awc = ASPEED_TIMER_CLASS(klass);
+
+dc->desc = "ASPEED 1030 Timer";
+awc->read = aspeed_2600_timer_read;
+awc->write = aspeed_2600_timer_write;
+}
+
+static const TypeInfo aspeed_1030_timer_info = {
+.name = TYPE_ASPEED_1030_TIMER,
+.parent = TYPE_ASPEED_TIMER,
+.class_init = aspeed_1030_timer_class_init,
+};
+
 static void aspeed_timer_register_types(void)
 {
 type_register_static(_timer_info);
 type_register_static(_2400_timer_info);
 type_register_static(_2500_timer_info);
 type_register_static(_2600_timer_info);
+type_register_static(_1030_timer_info);
 }
 
 type_init(aspeed_timer_register_types)
diff --git a/include/hw/timer/aspeed_timer.h b/include/hw/timer/aspeed_timer.h
index d36034a10c..07dc6b6f2c 100644
--- a/include/hw/timer/aspeed_timer.h
+++ b/include/hw/timer/aspeed_timer.h
@@ -31,6 +31,7 @@ OBJECT_DECLARE_TYPE(AspeedTimerCtrlState, AspeedTimerClass, 
ASPEED_TIMER)
 #define TYPE_ASPEED_2400_TIMER TYPE_ASPEED_TIMER "-ast2400"
 #define TYPE_ASPEED_2500_TIMER TYPE_ASPEED_TIMER "-ast2500"
 #define TYPE_ASPEED_2600_TIMER TYPE_ASPEED_TIMER "-ast2600"
+#define TYPE_ASPEED_1030_TIMER TYPE_ASPEED_TIMER "-ast1030"
 
 #define ASPEED_TIMER_NR_TIMERS 8
 
-- 
2.17.1

[PATCH v4 1/9] aspeed/adc: Add AST1030 support

[Jamin Lin]

From: Steven Lee 

Per ast1030_v7.pdf, AST1030 ADC engine is identical to AST2600's ADC.

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
Reviewed-by: Cédric Le Goater 
---
 hw/adc/aspeed_adc.c | 16 
 include/hw/adc/aspeed_adc.h |  1 +
 2 files changed, 17 insertions(+)

diff --git a/hw/adc/aspeed_adc.c b/hw/adc/aspeed_adc.c
index c5fcae29f6..0d29663129 100644
--- a/hw/adc/aspeed_adc.c
+++ b/hw/adc/aspeed_adc.c
@@ -389,6 +389,15 @@ static void aspeed_2600_adc_class_init(ObjectClass *klass, 
void *data)
 aac->nr_engines = 2;
 }
 
+static void aspeed_1030_adc_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+AspeedADCClass *aac = ASPEED_ADC_CLASS(klass);
+
+dc->desc = "ASPEED 1030 ADC Controller";
+aac->nr_engines = 2;
+}
+
 static const TypeInfo aspeed_adc_info = {
 .name = TYPE_ASPEED_ADC,
 .parent = TYPE_SYS_BUS_DEVICE,
@@ -415,6 +424,12 @@ static const TypeInfo aspeed_2600_adc_info = {
 .class_init = aspeed_2600_adc_class_init,
 };
 
+static const TypeInfo aspeed_1030_adc_info = {
+.name = TYPE_ASPEED_1030_ADC,
+.parent = TYPE_ASPEED_ADC,
+.class_init = aspeed_1030_adc_class_init, /* No change since AST2600 */
+};
+
 static void aspeed_adc_register_types(void)
 {
 type_register_static(_adc_engine_info);
@@ -422,6 +437,7 @@ static void aspeed_adc_register_types(void)
 type_register_static(_2400_adc_info);
 type_register_static(_2500_adc_info);
 type_register_static(_2600_adc_info);
+type_register_static(_1030_adc_info);
 }
 
 type_init(aspeed_adc_register_types);
diff --git a/include/hw/adc/aspeed_adc.h b/include/hw/adc/aspeed_adc.h
index 2f166e8be1..ff1d06ea91 100644
--- a/include/hw/adc/aspeed_adc.h
+++ b/include/hw/adc/aspeed_adc.h
@@ -17,6 +17,7 @@
 #define TYPE_ASPEED_2400_ADC TYPE_ASPEED_ADC "-ast2400"
 #define TYPE_ASPEED_2500_ADC TYPE_ASPEED_ADC "-ast2500"
 #define TYPE_ASPEED_2600_ADC TYPE_ASPEED_ADC "-ast2600"
+#define TYPE_ASPEED_1030_ADC TYPE_ASPEED_ADC "-ast1030"
 OBJECT_DECLARE_TYPE(AspeedADCState, AspeedADCClass, ASPEED_ADC)
 
 #define TYPE_ASPEED_ADC_ENGINE "aspeed.adc.engine"
-- 
2.17.1

[PATCH v4 0/9] Add support for AST1030 SoC

[Jamin Lin]

Changes from v4:
- drop the ASPEED_SMC_FEATURE_WDT_CONTROL flag in hw/ssi/aspeed_smc.c

Changes from v3:
- remove AspeedMiniBmcMachineState state structure and
  AspeedMiniBmcMachineClass class
- remove redundant new line in hw/arm/aspeed_ast10xx.c
- drop the ASPEED_SMC_FEATURE_WDT_CONTROL flag in hw/ssi/aspeed_smc.c

Changes from v2:
- replace aspeed_ast1030.c with aspeed_ast10xx.c for minibmc SOCs family support
- Add "ast1030-evb" machine in aspeed.c and removes aspeed_minibmc.c

Changes from v1:
The patch series supports ADC, SCU, SMC, TIMER, and WDT for AST1030 SoC.
Add avocado test case for "ast1030-evb" machine.

Test steps:
1. Download image from
   
https://github.com/AspeedTech-BMC/zephyr/releases/download/v00.01.04/ast1030-evb-demo.zip
2. Extract the zip file to obtain zephyr.elf
3. Run ./qemu-system-arm -M ast1030-evb -kernel $PATH/zephyr.elf -nographic
4. Test IO by Zephyr command line, commands are refer to Aspeed Zephyr
   SDK User Guide below
   
https://github.com/AspeedTech-BMC/zephyr/releases/download/v00.01.04/Aspeed_Zephy_SDK_User_Guide_v00.01.04.pdf
   - ADC(channel 0):
   uart:~$ adc ADC0 resolution 10
   uart:~$ adc ADC0 calibrate 1
   uart:~$ adc ADC0 read_format 1
   uart:~$ adc ADC0 read 0
   [Result]
   read: 1416mv

   - SCU
   uart:~$ md 7e6e2040
   uart:~$ md 7e6e2080
   uart:~$ md 7e6e20d0
   uart:~$ md 7e6e2200
   uart:~$ md 7e6e2300
   uart:~$ md 7e6e25b0
   [Result]
   The register value should match the value of ast1030_a1_resets
   in aspeed_scu.c

   - Flash(fmc_cs0):
   uart:~$ flash write fmc_cs0 0 0x12345678 0x87654321 0x34127856 0x78563412
   uart:~$ flash read fmc_cs0 0 10
   [Result]
   : 78 56 34 12 21 43 65 87  56 78 12 34 12 34 56 78 |xV4.!Ce. 
Vx.4.4Vx|

   uart:~$ flash erase fmc_cs0 0
   uart:~$ flash read fmc_cs0 0 10
   [Result]
   : ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff | 
|

   - Timer(TIMER0):
   uart:~$ timer start TIMER0 -p 2000 -t 0
   TIMER0: period 2 ms, type 0
   [Result]
   timer expired after 2 seconds

   - Watchdog(WDT1):
   uart:~$ mw 7e785008 4755
   uart:~$ mw 7e78500c 1
   [Result]
   soc reset after 22 seconds

Based-on: 20220315075753.8591-3-steven_...@aspeedtech.com
([v2,2/2] hw: aspeed_scu: Introduce clkin_25Mhz attribute)

Jamin Lin (2):
  aspeed: Add an AST1030 eval board
  test/avocado/machine_aspeed.py: Add ast1030 test case

Steven Lee (7):
  aspeed/adc: Add AST1030 support
  aspeed/smc: Add AST1030 support
  aspeed/wdt: Fix ast2500/ast2600 default reload value.
  aspeed/wdt: Add AST1030 support
  aspeed/timer: Add AST1030 support
  aspeed/scu: Add AST1030 support
  aspeed/soc : Add AST1030 support

 hw/adc/aspeed_adc.c  |  16 ++
 hw/arm/aspeed.c  |  97 ++
 hw/arm/aspeed_ast10xx.c  | 299 +++
 hw/arm/meson.build   |   6 +-
 hw/misc/aspeed_scu.c |  63 +++
 hw/ssi/aspeed_smc.c  | 157 
 hw/timer/aspeed_timer.c  |  17 ++
 hw/watchdog/wdt_aspeed.c |  34 +++-
 include/hw/adc/aspeed_adc.h  |   1 +
 include/hw/arm/aspeed.h  |   6 +-
 include/hw/arm/aspeed_soc.h  |   3 +
 include/hw/misc/aspeed_scu.h |  25 +++
 include/hw/timer/aspeed_timer.h  |   1 +
 include/hw/watchdog/wdt_aspeed.h |   3 +
 tests/avocado/machine_aspeed.py  |  36 
 15 files changed, 758 insertions(+), 6 deletions(-)
 create mode 100644 hw/arm/aspeed_ast10xx.c
 create mode 100644 tests/avocado/machine_aspeed.py

-- 
2.17.1

Re: [PATCH v2 2/4] target/ppc: init 'lpcr' in kvmppc_enable_cap_large_decr()

[David Gibson]

On Thu, Mar 31, 2022 at 03:46:57PM -0300, Daniel Henrique Barboza wrote:
> 
> 
> On 3/31/22 14:36, Richard Henderson wrote:
> > On 3/31/22 11:17, Daniel Henrique Barboza wrote:
> > > > Hmm... this is seeming a bit like whack-a-mole.  Could we instead use
> > > > one of the valgrind hinting mechanisms to inform it that
> > > > kvm_get_one_reg() writes the variable at *target?
> > > 
> > > I didn't find a way of doing that looking in the memcheck helpers
> > > (https://valgrind.org/docs/manual/mc-manual.html section 4.7). That would 
> > > be a
> > > good way of solving this warning because we would put stuff inside a 
> > > specific
> > > function X and all callers of X would be covered by it.
> > > 
> > > What I did find instead is a memcheck macro called 
> > > VALGRIND_MAKE_MEM_DEFINED that
> > > tells Valgrind that the var was initialized.
> > > 
> > > This patch would then be something as follows:
> > > 
> > > 
> > > diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
> > > index dc93b99189..b0e22fa283 100644
> > > --- a/target/ppc/kvm.c
> > > +++ b/target/ppc/kvm.c
> > > @@ -56,6 +56,10 @@
> > >   #define DEBUG_RETURN_GUEST 0
> > >   #define DEBUG_RETURN_GDB   1
> > > 
> > > +#ifdef CONFIG_VALGRIND_H
> > > +#include 
> > > +#endif
> > > +
> > >   const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
> > >   KVM_CAP_LAST_INFO
> > >   };
> > > @@ -2539,6 +2543,10 @@ int kvmppc_enable_cap_large_decr(PowerPCCPU *cpu, 
> > > int enable)
> > >   CPUState *cs = CPU(cpu);
> > >   uint64_t lpcr;
> > > 
> > > +#ifdef CONFIG_VALGRIND_H
> > > +    VALGRIND_MAKE_MEM_DEFINED(lpcr, sizeof(uint64_t));
> > > +#endif
> > > +
> > >   kvm_get_one_reg(cs, KVM_REG_PPC_LPCR_64, );
> > >   /* Do we need to modify the LPCR? */
> > > 
> > > 
> > > CONFIG_VALGRIND_H needs 'valgrind-devel´ installed.
> > > 
> > > I agree that this "Valgrind is complaining about variable initialization" 
> > > is a whack-a-mole
> > > situation that will keep happening in the future if we keep adding this 
> > > same code pattern
> > > (passing as reference an uninitialized var). For now, given that we have 
> > > only 4 instances
> > > to fix it in ppc code (as far as I'm aware of), and we don't have a 
> > > better way of telling
> > > Valgrind that we know what we're doing, I think we're better of 
> > > initializing these vars.
> > 
> > I would instead put this annotation inside kvm_get_one_reg, so that it 
> > covers all kvm hosts.  But it's too late to do this for 7.0.
> 
> I wasn't planning on pushing these changes for 7.0 since they aren't fixing 
> mem
> leaks or anything really bad. It's more of a quality of life improvement when
> using Valgrind.
> 
> I also tried to put this annotation in kvm_get_one_reg() and it didn't solve 
> the
> warning.

That's weird, I'm pretty sure that should work.  I'd double check to
make sure you had all the parameters right (e.g. could you have marked
the pointer itself as initialized, rather than the memory it points
to).

> I didn't find a way of telling Valgrind "consider that every time this
> function is called with parameter X it initializes X". That would be a good 
> solution
> to put in the common KVM files and fix the problem for everybody.
> 
> 
> Daniel
> 
> 
> 
> > 
> > 
> > r~
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH v2 2/4] target/ppc: init 'lpcr' in kvmppc_enable_cap_large_decr()

[David Gibson]

On Thu, Mar 31, 2022 at 02:17:42PM -0300, Daniel Henrique Barboza wrote:
> 
> 
> On 3/30/22 22:25, David Gibson wrote:
> > On Wed, Mar 30, 2022 at 09:17:15PM -0300, Daniel Henrique Barboza wrote:
> > > 'lpcr' is used as an input of kvm_get_one_reg(). Valgrind doesn't
> > > understand that and it returns warnings as such for this function:
> > > 
> > > ==55240== Thread 1:
> > > ==55240== Conditional jump or move depends on uninitialised value(s)
> > > ==55240==at 0xB011E4: kvmppc_enable_cap_large_decr (kvm.c:2546)
> > > ==55240==by 0x92F28F: cap_large_decr_cpu_apply (spapr_caps.c:523)
> > > ==55240==by 0x930C37: spapr_caps_cpu_apply (spapr_caps.c:921)
> > > ==55240==by 0x955D3B: spapr_reset_vcpu (spapr_cpu_core.c:73)
> > > ==55240==by 0x95612B: spapr_cpu_core_reset (spapr_cpu_core.c:209)
> > > ==55240==by 0x95619B: spapr_cpu_core_reset_handler 
> > > (spapr_cpu_core.c:218)
> > > ==55240==by 0xD3605F: qemu_devices_reset (reset.c:69)
> > > ==55240==by 0x92112B: spapr_machine_reset (spapr.c:1641)
> > > ==55240==by 0x4FBD63: qemu_system_reset (runstate.c:444)
> > > ==55240==by 0x62812B: qdev_machine_creation_done (machine.c:1247)
> > > ==55240==by 0x5064C3: qemu_machine_creation_done (vl.c:2725)
> > > ==55240==by 0x5065DF: qmp_x_exit_preconfig (vl.c:2748)
> > > ==55240==  Uninitialised value was created by a stack allocation
> > > ==55240==at 0xB01158: kvmppc_enable_cap_large_decr (kvm.c:2540)
> > > 
> > > Init 'lpcr' to avoid this warning.
> > 
> > Hmm... this is seeming a bit like whack-a-mole.  Could we instead use
> > one of the valgrind hinting mechanisms to inform it that
> > kvm_get_one_reg() writes the variable at *target?
> 
> I didn't find a way of doing that looking in the memcheck helpers
> (https://valgrind.org/docs/manual/mc-manual.html section 4.7). That would be a
> good way of solving this warning because we would put stuff inside a specific
> function X and all callers of X would be covered by it.
> 
> What I did find instead is a memcheck macro called VALGRIND_MAKE_MEM_DEFINED 
> that
> tells Valgrind that the var was initialized.

I think that's the one I was thinking of.

> This patch would then be something as follows:
> 
> 
> diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
> index dc93b99189..b0e22fa283 100644
> --- a/target/ppc/kvm.c
> +++ b/target/ppc/kvm.c
> @@ -56,6 +56,10 @@
>  #define DEBUG_RETURN_GUEST 0
>  #define DEBUG_RETURN_GDB   1
> +#ifdef CONFIG_VALGRIND_H
> +#include 
> +#endif
> +
>  const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
>  KVM_CAP_LAST_INFO
>  };
> @@ -2539,6 +2543,10 @@ int kvmppc_enable_cap_large_decr(PowerPCCPU *cpu, int 
> enable)
>  CPUState *cs = CPU(cpu);
>  uint64_t lpcr;
> +#ifdef CONFIG_VALGRIND_H
> +VALGRIND_MAKE_MEM_DEFINED(lpcr, sizeof(uint64_t));
> +#endif
> +
>  kvm_get_one_reg(cs, KVM_REG_PPC_LPCR_64, );
>  /* Do we need to modify the LPCR? */

The macro call should only go after the get_one_reg, of course.

> CONFIG_VALGRIND_H needs 'valgrind-devel´ installed.

Right.. better would probably be to make a wrapper macro defined as a
no-op in the !CONFIG_VALGRIND_H case, so you don't need the ifdefs at
the point you use it.
> 
> I agree that this "Valgrind is complaining about variable initialization" is 
> a whack-a-mole
> situation that will keep happening in the future if we keep adding this same 
> code pattern
> (passing as reference an uninitialized var). For now, given that we have only 
> 4 instances
> to fix it in ppc code (as far as I'm aware of), and we don't have a better 
> way of telling
> Valgrind that we know what we're doing, I think we're better of
> initializing these vars.

Hmm... still feels like it would be better to put the
MAKE_MEM_DEFINED inside kvm_get_one_reg().  I think the difficulty
with that is that it handles both 32-bit and 64-bit registers and I'm
not sure if there's an easy way to work out exactly how many bits
*have* been initialized.

> 
> 
> Thanks,
> 
> 
> Daniel
> 
> 
> 
> > 
> > > Reviewed-by: Philippe Mathieu-Daudé 
> > > Signed-off-by: Daniel Henrique Barboza 
> > > ---
> > >   target/ppc/kvm.c | 2 +-
> > >   1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
> > > index 858866ecd4..42814e1b97 100644
> > > --- a/target/ppc/kvm.c
> > > +++ b/target/ppc/kvm.c
> > > @@ -2538,7 +2538,7 @@ int kvmppc_get_cap_large_decr(void)
> > >   int kvmppc_enable_cap_large_decr(PowerPCCPU *cpu, int enable)
> > >   {
> > >   CPUState *cs = CPU(cpu);
> > > -uint64_t lpcr;
> > > +uint64_t lpcr = 0;
> > >   kvm_get_one_reg(cs, KVM_REG_PPC_LPCR_64, );
> > >   /* Do we need to modify the LPCR? */
> > 
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: 

RE: [PATCH 2/4] net/colo: Fix a "double free" crash to clear the conn_list

[Zhang, Chen]

> -Original Message-
> From: lizhij...@fujitsu.com 
> Sent: Friday, April 1, 2022 9:47 AM
> To: Zhang, Chen ; Jason Wang
> 
> Cc: qemu-dev ; Like Xu 
> Subject: Re: [PATCH 2/4] net/colo: Fix a "double free" crash to clear the
> conn_list
> 
> 
> 
> On 31/03/2022 10:25, Zhang, Chen wrote:
> >
> >> -Original Message-
> >> From: lizhij...@fujitsu.com 
> >> Sent: Thursday, March 31, 2022 9:15 AM
> >> To: Zhang, Chen ; Jason Wang
> >> 
> >> Cc: qemu-dev ; Like Xu
> >> 
> >> Subject: Re: [PATCH 2/4] net/colo: Fix a "double free" crash to clear
> >> the conn_list
> >>
> >>
> >> connection_track_table
> >> -+--
> >> key1 | conn
> >> |---+
> >> -+--   
> >> |
> >> key2 | conn|--+
> >> |
> >> -+--  |
> >> |
> >> key3 | conn|-+|
> >> |
> >> -+-- ||
> >> |
> >>||  
> >>   |
> >>||  
> >>   |
> >>   + CompareState ++||  
> >>   |
> >>   |   |VV  
> >>   V
> >>   +---+   +---+ +---+
> >>   |conn_list  +--->conn   +->conn   | 
> >> connx
> >>   +---+   +---+ +---+
> >>   |   | |   | |  |
> >>   +---+ +---v+  +---v++---v+ +---v+
> >> |primary |  |secondary|primary | |secondary
> >> |packet  |  |packet  +|packet  | |packet  +
> >> ++  ++++ ++
> >> |   | |  |
> >> +---v+  +---v++---v+ +---v+
> >> |primary |  |secondary|primary | |secondary
> >> |packet  |  |packet  +|packet  | |packet  +
> >> ++  ++++ ++
> >> |   | |  |
> >> +---v+  +---v++---v+ +---v+
> >> |primary |  |secondary|primary | |secondary
> >> |packet  |  |packet  +|packet  | |packet  +
> >> ++  ++++ ++
> >>
> >> I recalled that we should above relationships between
> >> connection_track_table conn_list and conn.
> >> That means both connection_track_table and conn_list reference to the
> >> same conn instance.
> >>
> >> So before this patch, connection_get() is possible to
> >> use-after-free/double free conn. where 1st was in
> >> connection_hashtable_reset() and 2nd was
> >> 221 while (!g_queue_is_empty(conn_list)) {
> >> 222 connection_destroy(g_queue_pop_head(conn_list));
> >> 223 }
> >>
> >> I also doubt that your current abort was just due to above use-after-
> >> free/double free.
> >> If so, looks it's enough we just update to g_queue_clear(conn_list)
> >> in the 2nd place.
> > Make sense, but It also means the original patch works here, skip free conn
> in connection_hashtable_reset() and do it in:
> > 221 while (!g_queue_is_empty(conn_list)) {
> >   222 connection_destroy(g_queue_pop_head(conn_list));
> >   223 }.
> > It also avoid use-after-free/double free conn.
> Although you will not use-after-free here, you have to consider other
> situations carefully that
> g_hash_table_remove_all() g_hash_table_destroy() were called where the
> conn_list should also be freed with you approach.
> 
> 

I re-checked the code, it looks fine to me.

> 
> 
> > Maybe we can keep the original version to fix it?
> And your commit log should be more clear.

OK, I will update V2 for commit log.

Thanks
Chen 

> 
> Thanks
> Zhijian
> 
> >
> > Thanks
> > Chen
> >
> >> Thanks
> >> Zhijian
> >>
> >>
> >> On 28/03/2022 17:13, Zhang, Chen wrote:
>  -Original Message-
>  From: lizhij...@fujitsu.com 
>  Sent: Monday, March 21, 2022 11:06 AM
>  To: Zhang, Chen ; Jason Wang
>  ; lizhij...@fujitsu.com
>  Cc: qemu-dev ; Like Xu
>  
>  Subject: Re: [PATCH 2/4] net/colo: Fix a "double free" crash to
>  clear the conn_list
> 
> 
> 
>  On 09/03/2022 16:38, Zhang Chen wrote:
> > We notice the QEMU may crash when the guest has too many

Re: [PATCH v3 0/9] Add support for AST1030 SoC

[Jamin Lin]

The 04/01/2022 03:04, Jamin Lin wrote:
Please ignore this patch series, I lost to drop
ASPEED_SMC_FEATURE_WDT_CONTROL flag.
will resend v4 patch
Thanks-Jamin
> Changes from v3:
> - remove AspeedMiniBmcMachineState state structure and
>   AspeedMiniBmcMachineClass class
> - remove redundant new line in hw/arm/aspeed_ast10xx.c
> - drop the ASPEED_SMC_FEATURE_WDT_CONTROL flag in hw/ssi/aspeed_smc.c
> 
> Changes from v2:
> - replace aspeed_ast1030.c with aspeed_ast10xx.c for minibmc SOCs family 
> support
> - Add "ast1030-evb" machine in aspeed.c and removes aspeed_minibmc.c
> 
> Changes from v1:
> The patch series supports ADC, SCU, SMC, TIMER, and WDT for AST1030 SoC.
> Add avocado test case for "ast1030-evb" machine.
> 
> Test steps:
> 1. Download image from
>
> https://github.com/AspeedTech-BMC/zephyr/releases/download/v00.01.04/ast1030-evb-demo.zip
> 2. Extract the zip file to obtain zephyr.elf
> 3. Run ./qemu-system-arm -M ast1030-evb -kernel $PATH/zephyr.elf -nographic
> 4. Test IO by Zephyr command line, commands are refer to Aspeed Zephyr
>SDK User Guide below
>
> https://github.com/AspeedTech-BMC/zephyr/releases/download/v00.01.04/Aspeed_Zephy_SDK_User_Guide_v00.01.04.pdf
>- ADC(channel 0):
>uart:~$ adc ADC0 resolution 10
>uart:~$ adc ADC0 calibrate 1
>uart:~$ adc ADC0 read_format 1
>uart:~$ adc ADC0 read 0
>[Result]
>read: 1416mv
> 
>- SCU
>uart:~$ md 7e6e2040
>uart:~$ md 7e6e2080
>uart:~$ md 7e6e20d0
>uart:~$ md 7e6e2200
>uart:~$ md 7e6e2300
>uart:~$ md 7e6e25b0
>[Result]
>The register value should match the value of ast1030_a1_resets
>in aspeed_scu.c
> 
>- Flash(fmc_cs0):
>uart:~$ flash write fmc_cs0 0 0x12345678 0x87654321 0x34127856 
> 0x78563412
>uart:~$ flash read fmc_cs0 0 10
>[Result]
>: 78 56 34 12 21 43 65 87  56 78 12 34 12 34 56 78 |xV4.!Ce. 
> Vx.4.4Vx|
> 
>uart:~$ flash erase fmc_cs0 0
>uart:~$ flash read fmc_cs0 0 10
>[Result]
>: ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff | 
> |
> 
>- Timer(TIMER0):
>uart:~$ timer start TIMER0 -p 2000 -t 0
>TIMER0: period 2 ms, type 0
>[Result]
>timer expired after 2 seconds
> 
>- Watchdog(WDT1):
>uart:~$ mw 7e785008 4755
>uart:~$ mw 7e78500c 1
>[Result]
>soc reset after 22 seconds
> 
> Based-on: 20220315075753.8591-3-steven_...@aspeedtech.com
> ([v2,2/2] hw: aspeed_scu: Introduce clkin_25Mhz attribute)
> 
> 
> Jamin Lin (2):
>   aspeed: Add an AST1030 eval board
>   test/avocado/machine_aspeed.py: Add ast1030 test case
> 
> Steven Lee (7):
>   aspeed/adc: Add AST1030 support
>   aspeed/smc: Add AST1030 support
>   aspeed/wdt: Fix ast2500/ast2600 default reload value.
>   aspeed/wdt: Add AST1030 support
>   aspeed/timer: Add AST1030 support
>   aspeed/scu: Add AST1030 support
>   aspeed/soc : Add AST1030 support
> 
>  hw/adc/aspeed_adc.c  |  16 ++
>  hw/arm/aspeed.c  |  97 ++
>  hw/arm/aspeed_ast10xx.c  | 299 +++
>  hw/arm/meson.build   |   6 +-
>  hw/misc/aspeed_scu.c |  63 +++
>  hw/ssi/aspeed_smc.c  | 159 
>  hw/timer/aspeed_timer.c  |  17 ++
>  hw/watchdog/wdt_aspeed.c |  34 +++-
>  include/hw/adc/aspeed_adc.h  |   1 +
>  include/hw/arm/aspeed.h  |   6 +-
>  include/hw/arm/aspeed_soc.h  |   3 +
>  include/hw/misc/aspeed_scu.h |  25 +++
>  include/hw/timer/aspeed_timer.h  |   1 +
>  include/hw/watchdog/wdt_aspeed.h |   3 +
>  tests/avocado/machine_aspeed.py  |  36 
>  15 files changed, 760 insertions(+), 6 deletions(-)
>  create mode 100644 hw/arm/aspeed_ast10xx.c
>  create mode 100644 tests/avocado/machine_aspeed.py
> 
> -- 
> 2.17.1
> 

Re: [PATCH v4] vdpa: reset the backend device in the end of vhost_net_stop()

[Michael Qiu]

On 2022/4/1 10:53, Jason Wang wrote:

On Fri, Apr 1, 2022 at 9:31 AM Michael Qiu  wrote:


Currently, when VM poweroff, it will trigger vdpa
device(such as mlx bluefield2 VF) reset many times(with 1 datapath
queue pair and one control queue, triggered 3 times), this
leads to below issue:

vhost VQ 2 ring restore failed: -22: Invalid argument (22)

This because in vhost_net_stop(), it will stop all vhost device bind to
this virtio device, and in vhost_dev_stop(), qemu tries to stop the device
, then stop the queue: vhost_virtqueue_stop().

In vhost_dev_stop(), it resets the device, which clear some flags
in low level driver, and in next loop(stop other vhost backends),
qemu try to stop the queue corresponding to the vhost backend,
  the driver finds that the VQ is invalied, this is the root cause.

To solve the issue, vdpa should set vring unready, and
remove reset ops in device stop: vhost_dev_start(hdev, false).

and implement a new function vhost_dev_reset, only reset backend
device after all vhost(per-queue) stoped.


Typo.



Signed-off-by: Michael Qiu
Acked-by: Jason Wang 


Rethink this patch, consider there're devices that don't support
set_vq_ready(). I wonder if we need

1) uAPI to tell the user space whether or not it supports set_vq_ready()
2) userspace will call SET_VRING_ENABLE() when the device supports
otherwise it will use RESET.


if the device does not support set_vq_ready() in kernel, it will trigger 
kernel oops, at least in current kernel, it does not check where 
set_vq_ready has been implemented.


And I checked all vdpa driver in kernel, all drivers has implemented 
this ops.


So I think it is OK to call set_vq_ready without check.



And for safety, I suggest tagging this as 7.1.


---
v4 --> v3
 Nothing changed, becasue of issue with mimecast,
 when the From: tag is different from the sender,
 the some mail client will take the patch as an
 attachment, RESEND v3 does not work, So resend
 the patch as v4

v3 --> v2:
 Call vhost_dev_reset() at the end of vhost_net_stop().

 Since the vDPA device need re-add the status bit
 VIRTIO_CONFIG_S_ACKNOWLEDGE and VIRTIO_CONFIG_S_DRIVER,
 simply, add them inside vhost_vdpa_reset_device, and
 the only way calling vhost_vdpa_reset_device is in
 vhost_net_stop(), so it keeps the same behavior as before.

v2 --> v1:
Implement a new function vhost_dev_reset,
reset the backend kernel device at last.
---
  hw/net/vhost_net.c| 24 +---
  hw/virtio/vhost-vdpa.c| 15 +--
  hw/virtio/vhost.c | 15 ++-
  include/hw/virtio/vhost.h |  1 +
  4 files changed, 45 insertions(+), 10 deletions(-)

diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index 30379d2..422c9bf 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -325,7 +325,7 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
  int total_notifiers = data_queue_pairs * 2 + cvq;
  VirtIONet *n = VIRTIO_NET(dev);
  int nvhosts = data_queue_pairs + cvq;
-struct vhost_net *net;
+struct vhost_net *net = NULL;
  int r, e, i, index_end = data_queue_pairs * 2;
  NetClientState *peer;

@@ -391,8 +391,17 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
  err_start:
  while (--i >= 0) {
  peer = qemu_get_peer(ncs , i);
-vhost_net_stop_one(get_vhost_net(peer), dev);
+
+net = get_vhost_net(peer);
+
+vhost_net_stop_one(net, dev);
  }
+
+/* We only reset backend vdpa device */
+if (net && net->dev.vhost_ops->backend_type == VHOST_BACKEND_TYPE_VDPA) {
+vhost_dev_reset(>dev);
+}
+
  e = k->set_guest_notifiers(qbus->parent, total_notifiers, false);
  if (e < 0) {
  fprintf(stderr, "vhost guest notifier cleanup failed: %d\n", e);
@@ -410,6 +419,7 @@ void vhost_net_stop(VirtIODevice *dev, NetClientState *ncs,
  VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
  VirtIONet *n = VIRTIO_NET(dev);
  NetClientState *peer;
+struct vhost_net *net = NULL;
  int total_notifiers = data_queue_pairs * 2 + cvq;
  int nvhosts = data_queue_pairs + cvq;
  int i, r;
@@ -420,7 +430,15 @@ void vhost_net_stop(VirtIODevice *dev, NetClientState *ncs,
  } else {
  peer = qemu_get_peer(ncs, n->max_queue_pairs);
  }
-vhost_net_stop_one(get_vhost_net(peer), dev);
+
+net = get_vhost_net(peer);
+
+vhost_net_stop_one(net, dev);
+}
+
+/* We only reset backend vdpa device */
+if (net && net->dev.vhost_ops->backend_type == VHOST_BACKEND_TYPE_VDPA) {
+vhost_dev_reset(>dev);
  }


So we've already reset the device in vhost_vdpa_dev_start(), any
reason we need to do it again here?


reset device in vhost_vdpa_dev_start if there is some error with start.






  r = k->set_guest_notifiers(qbus->parent, total_notifiers, false);
diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index 

[PATCH v3 5/9] aspeed/timer: Add AST1030 support

[Jamin Lin]

From: Steven Lee 

ast1030 tmc(timer controller) is identical to ast2600 tmc.

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
Reviewed-by: Cédric Le Goater 
---
 hw/timer/aspeed_timer.c | 17 +
 include/hw/timer/aspeed_timer.h |  1 +
 2 files changed, 18 insertions(+)

diff --git a/hw/timer/aspeed_timer.c b/hw/timer/aspeed_timer.c
index 42c47d2ce6..9c20b3d6ad 100644
--- a/hw/timer/aspeed_timer.c
+++ b/hw/timer/aspeed_timer.c
@@ -745,12 +745,29 @@ static const TypeInfo aspeed_2600_timer_info = {
 .class_init = aspeed_2600_timer_class_init,
 };
 
+static void aspeed_1030_timer_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+AspeedTimerClass *awc = ASPEED_TIMER_CLASS(klass);
+
+dc->desc = "ASPEED 1030 Timer";
+awc->read = aspeed_2600_timer_read;
+awc->write = aspeed_2600_timer_write;
+}
+
+static const TypeInfo aspeed_1030_timer_info = {
+.name = TYPE_ASPEED_1030_TIMER,
+.parent = TYPE_ASPEED_TIMER,
+.class_init = aspeed_1030_timer_class_init,
+};
+
 static void aspeed_timer_register_types(void)
 {
 type_register_static(_timer_info);
 type_register_static(_2400_timer_info);
 type_register_static(_2500_timer_info);
 type_register_static(_2600_timer_info);
+type_register_static(_1030_timer_info);
 }
 
 type_init(aspeed_timer_register_types)
diff --git a/include/hw/timer/aspeed_timer.h b/include/hw/timer/aspeed_timer.h
index d36034a10c..07dc6b6f2c 100644
--- a/include/hw/timer/aspeed_timer.h
+++ b/include/hw/timer/aspeed_timer.h
@@ -31,6 +31,7 @@ OBJECT_DECLARE_TYPE(AspeedTimerCtrlState, AspeedTimerClass, 
ASPEED_TIMER)
 #define TYPE_ASPEED_2400_TIMER TYPE_ASPEED_TIMER "-ast2400"
 #define TYPE_ASPEED_2500_TIMER TYPE_ASPEED_TIMER "-ast2500"
 #define TYPE_ASPEED_2600_TIMER TYPE_ASPEED_TIMER "-ast2600"
+#define TYPE_ASPEED_1030_TIMER TYPE_ASPEED_TIMER "-ast1030"
 
 #define ASPEED_TIMER_NR_TIMERS 8
 
-- 
2.17.1

[PATCH v3 7/9] aspeed/soc : Add AST1030 support

[Jamin Lin]

From: Steven Lee 

The embedded core of AST1030 SoC is ARM Coretex M4.
It is hard to be integrated in the common Aspeed Soc framework.
We introduce a new ast1030 class with instance_init and realize
handlers.

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
---
 hw/arm/aspeed_ast10xx.c | 299 
 hw/arm/meson.build  |   6 +-
 include/hw/arm/aspeed_soc.h |   3 +
 3 files changed, 307 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/aspeed_ast10xx.c

diff --git a/hw/arm/aspeed_ast10xx.c b/hw/arm/aspeed_ast10xx.c
new file mode 100644
index 00..0567527671
--- /dev/null
+++ b/hw/arm/aspeed_ast10xx.c
@@ -0,0 +1,299 @@
+/*
+ * ASPEED AST10xx SoC
+ *
+ * Copyright (C) 2022 ASPEED Technology Inc.
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ *
+ * Implementation extracted from the AST2600 and adapted for AST10xx.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "exec/address-spaces.h"
+#include "sysemu/sysemu.h"
+#include "hw/qdev-clock.h"
+#include "hw/misc/unimp.h"
+#include "hw/char/serial.h"
+#include "hw/arm/aspeed_soc.h"
+
+#define ASPEED_SOC_IOMEM_SIZE 0x0020
+
+static const hwaddr aspeed_soc_ast1030_memmap[] = {
+[ASPEED_DEV_SRAM]  = 0x,
+[ASPEED_DEV_SBC]   = 0x7900,
+[ASPEED_DEV_IOMEM] = 0x7E60,
+[ASPEED_DEV_PWM]   = 0x7E61,
+[ASPEED_DEV_FMC]   = 0x7E62,
+[ASPEED_DEV_SPI1]  = 0x7E63,
+[ASPEED_DEV_SPI2]  = 0x7E64,
+[ASPEED_DEV_SCU]   = 0x7E6E2000,
+[ASPEED_DEV_ADC]   = 0x7E6E9000,
+[ASPEED_DEV_SBC]   = 0x7E6F2000,
+[ASPEED_DEV_GPIO]  = 0x7E78,
+[ASPEED_DEV_TIMER1]= 0x7E782000,
+[ASPEED_DEV_UART5] = 0x7E784000,
+[ASPEED_DEV_WDT]   = 0x7E785000,
+[ASPEED_DEV_LPC]   = 0x7E789000,
+[ASPEED_DEV_I2C]   = 0x7E7B,
+};
+
+static const int aspeed_soc_ast1030_irqmap[] = {
+[ASPEED_DEV_UART5] = 8,
+[ASPEED_DEV_GPIO]  = 11,
+[ASPEED_DEV_TIMER1]= 16,
+[ASPEED_DEV_TIMER2]= 17,
+[ASPEED_DEV_TIMER3]= 18,
+[ASPEED_DEV_TIMER4]= 19,
+[ASPEED_DEV_TIMER5]= 20,
+[ASPEED_DEV_TIMER6]= 21,
+[ASPEED_DEV_TIMER7]= 22,
+[ASPEED_DEV_TIMER8]= 23,
+[ASPEED_DEV_WDT]   = 24,
+[ASPEED_DEV_LPC]   = 35,
+[ASPEED_DEV_FMC]   = 39,
+[ASPEED_DEV_PWM]   = 44,
+[ASPEED_DEV_ADC]   = 46,
+[ASPEED_DEV_SPI1]  = 65,
+[ASPEED_DEV_SPI2]  = 66,
+[ASPEED_DEV_I2C]   = 110, /* 110 ~ 123 */
+[ASPEED_DEV_KCS]   = 138, /* 138 -> 142 */
+};
+
+static qemu_irq aspeed_soc_get_irq(AspeedSoCState *s, int ctrl)
+{
+AspeedSoCClass *sc = ASPEED_SOC_GET_CLASS(s);
+
+return qdev_get_gpio_in(DEVICE(>armv7m), sc->irqmap[ctrl]);
+}
+
+static void aspeed_soc_ast1030_init(Object *obj)
+{
+AspeedSoCState *s = ASPEED_SOC(obj);
+AspeedSoCClass *sc = ASPEED_SOC_GET_CLASS(s);
+char socname[8];
+char typename[64];
+int i;
+
+if (sscanf(sc->name, "%7s", socname) != 1) {
+g_assert_not_reached();
+}
+
+object_initialize_child(obj, "armv7m", >armv7m, TYPE_ARMV7M);
+
+s->sysclk = qdev_init_clock_in(DEVICE(s), "sysclk", NULL, NULL, 0);
+
+snprintf(typename, sizeof(typename), "aspeed.scu-%s", socname);
+object_initialize_child(obj, "scu", >scu, typename);
+qdev_prop_set_uint32(DEVICE(>scu), "silicon-rev", sc->silicon_rev);
+
+object_property_add_alias(obj, "hw-strap1", OBJECT(>scu), "hw-strap1");
+object_property_add_alias(obj, "hw-strap2", OBJECT(>scu), "hw-strap2");
+
+snprintf(typename, sizeof(typename), "aspeed.timer-%s", socname);
+object_initialize_child(obj, "timerctrl", >timerctrl, typename);
+
+snprintf(typename, sizeof(typename), "aspeed.adc-%s", socname);
+object_initialize_child(obj, "adc", >adc, typename);
+
+snprintf(typename, sizeof(typename), "aspeed.fmc-%s", socname);
+object_initialize_child(obj, "fmc", >fmc, typename);
+
+for (i = 0; i < sc->spis_num; i++) {
+snprintf(typename, sizeof(typename), "aspeed.spi%d-%s", i + 1, 
socname);
+object_initialize_child(obj, "spi[*]", >spi[i], typename);
+}
+
+object_initialize_child(obj, "lpc", >lpc, TYPE_ASPEED_LPC);
+
+object_initialize_child(obj, "sbc", >sbc, TYPE_ASPEED_SBC);
+
+for (i = 0; i < sc->wdts_num; i++) {
+snprintf(typename, sizeof(typename), "aspeed.wdt-%s", socname);
+object_initialize_child(obj, "wdt[*]", >wdt[i], typename);
+}
+}
+
+static void aspeed_soc_ast1030_realize(DeviceState *dev_soc, Error **errp)
+{
+AspeedSoCState *s = ASPEED_SOC(dev_soc);
+AspeedSoCClass *sc = ASPEED_SOC_GET_CLASS(s);
+MemoryRegion *system_memory = get_system_memory();
+DeviceState *armv7m;
+Error *err = NULL;
+int i;
+
+if (!clock_has_source(s->sysclk)) {
+

[PATCH v3 1/9] aspeed/adc: Add AST1030 support

[Jamin Lin]

From: Steven Lee 

Per ast1030_v7.pdf, AST1030 ADC engine is identical to AST2600's ADC.

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
Reviewed-by: Cédric Le Goater 
---
 hw/adc/aspeed_adc.c | 16 
 include/hw/adc/aspeed_adc.h |  1 +
 2 files changed, 17 insertions(+)

diff --git a/hw/adc/aspeed_adc.c b/hw/adc/aspeed_adc.c
index c5fcae29f6..0d29663129 100644
--- a/hw/adc/aspeed_adc.c
+++ b/hw/adc/aspeed_adc.c
@@ -389,6 +389,15 @@ static void aspeed_2600_adc_class_init(ObjectClass *klass, 
void *data)
 aac->nr_engines = 2;
 }
 
+static void aspeed_1030_adc_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+AspeedADCClass *aac = ASPEED_ADC_CLASS(klass);
+
+dc->desc = "ASPEED 1030 ADC Controller";
+aac->nr_engines = 2;
+}
+
 static const TypeInfo aspeed_adc_info = {
 .name = TYPE_ASPEED_ADC,
 .parent = TYPE_SYS_BUS_DEVICE,
@@ -415,6 +424,12 @@ static const TypeInfo aspeed_2600_adc_info = {
 .class_init = aspeed_2600_adc_class_init,
 };
 
+static const TypeInfo aspeed_1030_adc_info = {
+.name = TYPE_ASPEED_1030_ADC,
+.parent = TYPE_ASPEED_ADC,
+.class_init = aspeed_1030_adc_class_init, /* No change since AST2600 */
+};
+
 static void aspeed_adc_register_types(void)
 {
 type_register_static(_adc_engine_info);
@@ -422,6 +437,7 @@ static void aspeed_adc_register_types(void)
 type_register_static(_2400_adc_info);
 type_register_static(_2500_adc_info);
 type_register_static(_2600_adc_info);
+type_register_static(_1030_adc_info);
 }
 
 type_init(aspeed_adc_register_types);
diff --git a/include/hw/adc/aspeed_adc.h b/include/hw/adc/aspeed_adc.h
index 2f166e8be1..ff1d06ea91 100644
--- a/include/hw/adc/aspeed_adc.h
+++ b/include/hw/adc/aspeed_adc.h
@@ -17,6 +17,7 @@
 #define TYPE_ASPEED_2400_ADC TYPE_ASPEED_ADC "-ast2400"
 #define TYPE_ASPEED_2500_ADC TYPE_ASPEED_ADC "-ast2500"
 #define TYPE_ASPEED_2600_ADC TYPE_ASPEED_ADC "-ast2600"
+#define TYPE_ASPEED_1030_ADC TYPE_ASPEED_ADC "-ast1030"
 OBJECT_DECLARE_TYPE(AspeedADCState, AspeedADCClass, ASPEED_ADC)
 
 #define TYPE_ASPEED_ADC_ENGINE "aspeed.adc.engine"
-- 
2.17.1

[PATCH v3 8/9] aspeed: Add an AST1030 eval board

[Jamin Lin]

The image should be supplied with ELF binary.
$ qemu-system-arm -M ast1030-evb -kernel zephyr.elf -nographic

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
---
 hw/arm/aspeed.c | 97 +
 include/hw/arm/aspeed.h |  6 +--
 2 files changed, 100 insertions(+), 3 deletions(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index d205384d98..30b49d2db1 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -24,6 +24,7 @@
 #include "hw/loader.h"
 #include "qemu/error-report.h"
 #include "qemu/units.h"
+#include "hw/qdev-clock.h"
 
 static struct arm_boot_info aspeed_board_binfo = {
 .board_id = -1, /* device-tree-only board */
@@ -1361,3 +1362,99 @@ static const TypeInfo aspeed_machine_types[] = {
 };
 
 DEFINE_TYPES(aspeed_machine_types)
+
+#define AST1030_INTERNAL_FLASH_SIZE (1024 * 1024)
+/* Main SYSCLK frequency in Hz (200MHz) */
+#define SYSCLK_FRQ 2ULL
+
+static void aspeed_minibmc_machine_ast1030_evb_class_init(ObjectClass *oc,
+  void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+AspeedMachineClass *amc = ASPEED_MINIBMC_MACHINE_CLASS(oc);
+
+mc->desc = "Aspeed AST1030 MiniBMC (Cortex-M4)";
+amc->soc_name = "ast1030-a1";
+amc->hw_strap1 = 0;
+amc->hw_strap2 = 0;
+mc->default_ram_size = 0;
+mc->default_cpus = mc->min_cpus = mc->max_cpus = 1;
+amc->fmc_model = "sst25vf032b";
+amc->spi_model = "sst25vf032b";
+amc->num_cs = 2;
+}
+
+static void ast1030_machine_instance_init(Object *obj)
+{
+ASPEED_MINIBMC_MACHINE(obj)->mmio_exec = false;
+}
+
+static void aspeed_minibmc_machine_init(MachineState *machine)
+{
+AspeedMachineState *bmc = ASPEED_MINIBMC_MACHINE(machine);
+AspeedMachineClass *amc = ASPEED_MINIBMC_MACHINE_GET_CLASS(machine);
+Clock *sysclk;
+
+sysclk = clock_new(OBJECT(machine), "SYSCLK");
+clock_set_hz(sysclk, SYSCLK_FRQ);
+
+object_initialize_child(OBJECT(machine), "soc", >soc, amc->soc_name);
+qdev_connect_clock_in(DEVICE(>soc), "sysclk", sysclk);
+
+qdev_prop_set_uint32(DEVICE(>soc), "uart-default",
+ amc->uart_default);
+qdev_realize(DEVICE(>soc), NULL, _abort);
+
+aspeed_board_init_flashes(>soc.fmc,
+  bmc->fmc_model ? bmc->fmc_model : amc->fmc_model,
+  amc->num_cs,
+  0);
+
+aspeed_board_init_flashes(>soc.spi[0],
+  bmc->spi_model ? bmc->spi_model : amc->spi_model,
+  amc->num_cs, amc->num_cs);
+
+aspeed_board_init_flashes(>soc.spi[1],
+  bmc->spi_model ? bmc->spi_model : amc->spi_model,
+  amc->num_cs, (amc->num_cs * 2));
+
+if (amc->i2c_init) {
+amc->i2c_init(bmc);
+}
+
+armv7m_load_kernel(ARM_CPU(first_cpu),
+   machine->kernel_filename,
+   AST1030_INTERNAL_FLASH_SIZE);
+}
+
+static void aspeed_minibmc_machine_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+AspeedMachineClass *amc = ASPEED_MINIBMC_MACHINE_CLASS(oc);
+
+mc->init = aspeed_minibmc_machine_init;
+mc->no_floppy = 1;
+mc->no_cdrom = 1;
+mc->no_parallel = 1;
+mc->default_ram_id = "ram";
+amc->uart_default = ASPEED_DEV_UART5;
+}
+
+static const TypeInfo aspeed_minibmc_machine_types[] = {
+{
+.name   = MACHINE_TYPE_NAME("ast1030-evb"),
+.parent = TYPE_ASPEED_MINIBMC_MACHINE,
+.class_init = aspeed_minibmc_machine_ast1030_evb_class_init,
+}, {
+.name   = TYPE_ASPEED_MINIBMC_MACHINE,
+.parent = TYPE_MACHINE,
+.instance_size  = sizeof(AspeedMachineState),
+.instance_init  = ast1030_machine_instance_init,
+.class_size= sizeof(AspeedMachineClass),
+.class_init= aspeed_minibmc_machine_class_init,
+.abstract  = true,
+}
+};
+
+DEFINE_TYPES(aspeed_minibmc_machine_types)
+
diff --git a/include/hw/arm/aspeed.h b/include/hw/arm/aspeed.h
index cbeacb214c..b7411c860d 100644
--- a/include/hw/arm/aspeed.h
+++ b/include/hw/arm/aspeed.h
@@ -13,18 +13,19 @@
 #include "qom/object.h"
 
 typedef struct AspeedMachineState AspeedMachineState;
-
 #define TYPE_ASPEED_MACHINE   MACHINE_TYPE_NAME("aspeed")
+#define TYPE_ASPEED_MINIBMC_MACHINE MACHINE_TYPE_NAME("aspeed-minibmc")
 typedef struct AspeedMachineClass AspeedMachineClass;
 DECLARE_OBJ_CHECKERS(AspeedMachineState, AspeedMachineClass,
  ASPEED_MACHINE, TYPE_ASPEED_MACHINE)
+DECLARE_OBJ_CHECKERS(AspeedMachineState, AspeedMachineClass,
+ ASPEED_MINIBMC_MACHINE, TYPE_ASPEED_MINIBMC_MACHINE)
 
 #define ASPEED_MAC0_ON   (1 << 0)
 #define ASPEED_MAC1_ON   (1 << 1)
 #define ASPEED_MAC2_ON   (1 << 2)
 #define ASPEED_MAC3_ON   (1 << 3)
 
-
 

[PATCH v3 9/9] test/avocado/machine_aspeed.py: Add ast1030 test case

[Jamin Lin]

Add test case to test "ast1030-evb" machine with zephyr os

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
Reviewed-by: Cédric Le Goater 
---
 tests/avocado/machine_aspeed.py | 36 +
 1 file changed, 36 insertions(+)
 create mode 100644 tests/avocado/machine_aspeed.py

diff --git a/tests/avocado/machine_aspeed.py b/tests/avocado/machine_aspeed.py
new file mode 100644
index 00..33090af199
--- /dev/null
+++ b/tests/avocado/machine_aspeed.py
@@ -0,0 +1,36 @@
+# Functional test that boots the ASPEED SoCs with firmware
+#
+# Copyright (C) 2022 ASPEED Technology Inc
+#
+# This work is licensed under the terms of the GNU GPL, version 2 or
+# later.  See the COPYING file in the top-level directory.
+
+from avocado_qemu import QemuSystemTest
+from avocado_qemu import wait_for_console_pattern
+from avocado_qemu import exec_command_and_wait_for_pattern
+from avocado.utils import archive
+
+
+class AST1030Machine(QemuSystemTest):
+"""Boots the zephyr os and checks that the console is operational"""
+
+timeout = 10
+
+def test_ast1030_zephyros(self):
+"""
+:avocado: tags=arch:arm
+:avocado: tags=machine:ast1030-evb
+"""
+tar_url = ('https://github.com/AspeedTech-BMC'
+   '/zephyr/releases/download/v00.01.04/ast1030-evb-demo.zip')
+tar_hash = '4c6a8ce3a8ba76ef1a65dae419ae3409343c4b20'
+tar_path = self.fetch_asset(tar_url, asset_hash=tar_hash)
+archive.extract(tar_path, self.workdir)
+kernel_file = self.workdir + "/ast1030-evb-demo/zephyr.elf"
+self.vm.set_console()
+self.vm.add_args('-kernel', kernel_file,
+ '-nographic')
+self.vm.launch()
+wait_for_console_pattern(self, "Booting Zephyr OS")
+exec_command_and_wait_for_pattern(self, "help",
+  "Available commands")
-- 
2.17.1

[PATCH v3 6/9] aspeed/scu: Add AST1030 support

[Jamin Lin]

From: Steven Lee 

Per ast1030_v07.pdf, AST1030 SOC doesn't have SCU300, the pclk divider
selection is defined in SCU310[11:8].
Add a get_apb_freq function and a class init handler for ast1030.

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
Reviewed-by: Cédric Le Goater 
---
 hw/misc/aspeed_scu.c | 63 
 include/hw/misc/aspeed_scu.h | 25 ++
 2 files changed, 88 insertions(+)

diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
index 150567f98a..19b03471fc 100644
--- a/hw/misc/aspeed_scu.c
+++ b/hw/misc/aspeed_scu.c
@@ -235,6 +235,15 @@ static uint32_t 
aspeed_2600_scu_get_apb_freq(AspeedSCUState *s)
 / asc->apb_divider;
 }
 
+static uint32_t aspeed_1030_scu_get_apb_freq(AspeedSCUState *s)
+{
+AspeedSCUClass *asc = ASPEED_SCU_GET_CLASS(s);
+uint32_t hpll = asc->calc_hpll(s, s->regs[AST2600_HPLL_PARAM]);
+
+return hpll / (SCU_AST1030_CLK_GET_PCLK_DIV(s->regs[AST2600_CLK_SEL4]) + 1)
+/ asc->apb_divider;
+}
+
 static uint64_t aspeed_scu_read(void *opaque, hwaddr offset, unsigned size)
 {
 AspeedSCUState *s = ASPEED_SCU(opaque);
@@ -482,6 +491,8 @@ static uint32_t aspeed_silicon_revs[] = {
 AST2600_A1_SILICON_REV,
 AST2600_A2_SILICON_REV,
 AST2600_A3_SILICON_REV,
+AST1030_A0_SILICON_REV,
+AST1030_A1_SILICON_REV,
 };
 
 bool is_supported_silicon_rev(uint32_t silicon_rev)
@@ -770,12 +781,64 @@ static const TypeInfo aspeed_2600_scu_info = {
 .class_init = aspeed_2600_scu_class_init,
 };
 
+static const uint32_t ast1030_a1_resets[ASPEED_AST2600_SCU_NR_REGS] = {
+[AST2600_SYS_RST_CTRL]  = 0xFFC3FED8,
+[AST2600_SYS_RST_CTRL2] = 0x09FC,
+[AST2600_CLK_STOP_CTRL] = 0x7F8A,
+[AST2600_CLK_STOP_CTRL2]= 0xFFF0FFF0,
+[AST2600_DEBUG_CTRL2]   = 0x,
+[AST2600_HPLL_PARAM]= 0x10004077,
+[AST2600_HPLL_EXT]  = 0x0031,
+[AST2600_CLK_SEL4]  = 0x43F90900,
+[AST2600_CLK_SEL5]  = 0x4000,
+[AST2600_CHIP_ID0]  = 0xDEADBEEF,
+[AST2600_CHIP_ID1]  = 0x0BADCAFE,
+};
+
+static void aspeed_ast1030_scu_reset(DeviceState *dev)
+{
+AspeedSCUState *s = ASPEED_SCU(dev);
+AspeedSCUClass *asc = ASPEED_SCU_GET_CLASS(dev);
+
+memcpy(s->regs, asc->resets, asc->nr_regs * 4);
+
+s->regs[AST2600_SILICON_REV] = AST1030_A1_SILICON_REV;
+s->regs[AST2600_SILICON_REV2] = s->silicon_rev;
+s->regs[AST2600_HW_STRAP1] = s->hw_strap1;
+s->regs[AST2600_HW_STRAP2] = s->hw_strap2;
+s->regs[PROT_KEY] = s->hw_prot_key;
+}
+
+static void aspeed_1030_scu_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+AspeedSCUClass *asc = ASPEED_SCU_CLASS(klass);
+
+dc->desc = "ASPEED 1030 System Control Unit";
+dc->reset = aspeed_ast1030_scu_reset;
+asc->resets = ast1030_a1_resets;
+asc->calc_hpll = aspeed_2600_scu_calc_hpll;
+asc->get_apb = aspeed_1030_scu_get_apb_freq;
+asc->apb_divider = 2;
+asc->nr_regs = ASPEED_AST2600_SCU_NR_REGS;
+asc->clkin_25Mhz = true;
+asc->ops = _ast2600_scu_ops;
+}
+
+static const TypeInfo aspeed_1030_scu_info = {
+.name = TYPE_ASPEED_1030_SCU,
+.parent = TYPE_ASPEED_SCU,
+.instance_size = sizeof(AspeedSCUState),
+.class_init = aspeed_1030_scu_class_init,
+};
+
 static void aspeed_scu_register_types(void)
 {
 type_register_static(_scu_info);
 type_register_static(_2400_scu_info);
 type_register_static(_2500_scu_info);
 type_register_static(_2600_scu_info);
+type_register_static(_1030_scu_info);
 }
 
 type_init(aspeed_scu_register_types);
diff --git a/include/hw/misc/aspeed_scu.h b/include/hw/misc/aspeed_scu.h
index fdc721846c..d71aa66e40 100644
--- a/include/hw/misc/aspeed_scu.h
+++ b/include/hw/misc/aspeed_scu.h
@@ -19,6 +19,7 @@ OBJECT_DECLARE_TYPE(AspeedSCUState, AspeedSCUClass, 
ASPEED_SCU)
 #define TYPE_ASPEED_2400_SCU TYPE_ASPEED_SCU "-ast2400"
 #define TYPE_ASPEED_2500_SCU TYPE_ASPEED_SCU "-ast2500"
 #define TYPE_ASPEED_2600_SCU TYPE_ASPEED_SCU "-ast2600"
+#define TYPE_ASPEED_1030_SCU TYPE_ASPEED_SCU "-ast1030"
 
 #define ASPEED_SCU_NR_REGS (0x1A8 >> 2)
 #define ASPEED_AST2600_SCU_NR_REGS (0xE20 >> 2)
@@ -45,6 +46,8 @@ struct AspeedSCUState {
 #define AST2600_A1_SILICON_REV   0x05010303U
 #define AST2600_A2_SILICON_REV   0x05020303U
 #define AST2600_A3_SILICON_REV   0x05030303U
+#define AST1030_A0_SILICON_REV   0x8000U
+#define AST1030_A1_SILICON_REV   0x8001U
 
 #define ASPEED_IS_AST2500(si_rev) si_rev) >> 24) & 0xff) == 0x04)
 
@@ -335,4 +338,26 @@ uint32_t aspeed_scu_get_apb_freq(AspeedSCUState *s);
 #define SCU_AST2600_H_PLL_BYPASS_EN(0x1 << 24)
 #define SCU_AST2600_H_PLL_OFF  (0x1 << 23)
 
+/*
+ * SCU310   Clock Selection Register Set 4 (for Aspeed AST1030 SOC)
+ *
+ *  31 I3C Clock Source selection
+ *  30:28  I3C clock divider selection
+ *  26:24 

[PATCH v3 4/9] aspeed/wdt: Add AST1030 support

[Jamin Lin]

From: Steven Lee 

AST1030 wdt controller is similiar to AST2600's wdt, but it has extra
registers.
Introduce ast1030 object class and increse the number of regs(offset) of
ast1030 model.

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
Reviewed-by: Cédric Le Goater 
---
 hw/watchdog/wdt_aspeed.c | 24 
 include/hw/watchdog/wdt_aspeed.h |  1 +
 2 files changed, 25 insertions(+)

diff --git a/hw/watchdog/wdt_aspeed.c b/hw/watchdog/wdt_aspeed.c
index 386928e9c0..31855afdf4 100644
--- a/hw/watchdog/wdt_aspeed.c
+++ b/hw/watchdog/wdt_aspeed.c
@@ -391,6 +391,29 @@ static const TypeInfo aspeed_2600_wdt_info = {
 .class_init = aspeed_2600_wdt_class_init,
 };
 
+static void aspeed_1030_wdt_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+AspeedWDTClass *awc = ASPEED_WDT_CLASS(klass);
+
+dc->desc = "ASPEED 1030 Watchdog Controller";
+awc->offset = 0x80;
+awc->ext_pulse_width_mask = 0xf; /* TODO */
+awc->reset_ctrl_reg = AST2600_SCU_RESET_CONTROL1;
+awc->reset_pulse = aspeed_2500_wdt_reset_pulse;
+awc->wdt_reload = aspeed_wdt_reload_1mhz;
+awc->sanitize_ctrl = aspeed_2600_sanitize_ctrl;
+awc->default_status = 0x014FB180;
+awc->default_reload_value = 0x014FB180;
+}
+
+static const TypeInfo aspeed_1030_wdt_info = {
+.name = TYPE_ASPEED_1030_WDT,
+.parent = TYPE_ASPEED_WDT,
+.instance_size = sizeof(AspeedWDTState),
+.class_init = aspeed_1030_wdt_class_init,
+};
+
 static void wdt_aspeed_register_types(void)
 {
 watchdog_add_model();
@@ -398,6 +421,7 @@ static void wdt_aspeed_register_types(void)
 type_register_static(_2400_wdt_info);
 type_register_static(_2500_wdt_info);
 type_register_static(_2600_wdt_info);
+type_register_static(_1030_wdt_info);
 }
 
 type_init(wdt_aspeed_register_types)
diff --git a/include/hw/watchdog/wdt_aspeed.h b/include/hw/watchdog/wdt_aspeed.h
index 0e37f39f38..dfa5dfa424 100644
--- a/include/hw/watchdog/wdt_aspeed.h
+++ b/include/hw/watchdog/wdt_aspeed.h
@@ -19,6 +19,7 @@ OBJECT_DECLARE_TYPE(AspeedWDTState, AspeedWDTClass, 
ASPEED_WDT)
 #define TYPE_ASPEED_2400_WDT TYPE_ASPEED_WDT "-ast2400"
 #define TYPE_ASPEED_2500_WDT TYPE_ASPEED_WDT "-ast2500"
 #define TYPE_ASPEED_2600_WDT TYPE_ASPEED_WDT "-ast2600"
+#define TYPE_ASPEED_1030_WDT TYPE_ASPEED_WDT "-ast1030"
 
 #define ASPEED_WDT_REGS_MAX(0x20 / 4)
 
-- 
2.17.1

[PATCH v3 2/9] aspeed/smc: Add AST1030 support

[Jamin Lin]

From: Steven Lee 

AST1030 spi controller's address decoding unit is 1MB that is identical
to ast2600, but fmc address decoding unit is 512kb.
Introduce seg_to_reg and reg_to_seg handlers for ast1030 fmc controller.
In addition, add ast1030 fmc, spi1, and spi2 class init handler.

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
Reviewed-by: Cédric Le Goater 
---
 hw/ssi/aspeed_smc.c | 159 
 1 file changed, 159 insertions(+)

diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index 48305e1574..39367489a7 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -1696,6 +1696,162 @@ static const TypeInfo aspeed_2600_spi2_info = {
 .class_init = aspeed_2600_spi2_class_init,
 };
 
+/*
+ * The FMC Segment Registers of the AST1030 have a 512KB unit.
+ * Only bits [27:19] are used for decoding.
+ */
+#define AST1030_SEG_ADDR_MASK 0x0ff8
+
+static uint32_t aspeed_1030_smc_segment_to_reg(const AspeedSMCState *s,
+const AspeedSegments *seg)
+{
+uint32_t reg = 0;
+
+/* Disabled segments have a nil register */
+if (!seg->size) {
+return 0;
+}
+
+reg |= (seg->addr & AST1030_SEG_ADDR_MASK) >> 16; /* start offset */
+reg |= (seg->addr + seg->size - 1) & AST1030_SEG_ADDR_MASK; /* end offset 
*/
+return reg;
+}
+
+static void aspeed_1030_smc_reg_to_segment(const AspeedSMCState *s,
+uint32_t reg, AspeedSegments *seg)
+{
+uint32_t start_offset = (reg << 16) & AST1030_SEG_ADDR_MASK;
+uint32_t end_offset = reg & AST1030_SEG_ADDR_MASK;
+AspeedSMCClass *asc = ASPEED_SMC_GET_CLASS(s);
+
+if (reg) {
+seg->addr = asc->flash_window_base + start_offset;
+seg->size = end_offset + (512 * KiB) - start_offset;
+} else {
+seg->addr = asc->flash_window_base;
+seg->size = 0;
+}
+}
+
+static const uint32_t aspeed_1030_fmc_resets[ASPEED_SMC_R_MAX] = {
+[R_CONF] = (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE0 |
+CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE1),
+};
+
+static const AspeedSegments aspeed_1030_fmc_segments[] = {
+{ 0x0, 128 * MiB }, /* start address is readonly */
+{ 128 * MiB, 128 * MiB }, /* default is disabled but needed for -kernel */
+{ 0x0, 0 }, /* disabled */
+};
+
+static void aspeed_1030_fmc_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+AspeedSMCClass *asc = ASPEED_SMC_CLASS(klass);
+
+dc->desc   = "Aspeed 1030 FMC Controller";
+asc->r_conf= R_CONF;
+asc->r_ce_ctrl = R_CE_CTRL;
+asc->r_ctrl0   = R_CTRL0;
+asc->r_timings = R_TIMINGS;
+asc->nregs_timings = 2;
+asc->conf_enable_w0= CONF_ENABLE_W0;
+asc->cs_num_max= 2;
+asc->segments  = aspeed_1030_fmc_segments;
+asc->segment_addr_mask = 0x0ff80ff8;
+asc->resets= aspeed_1030_fmc_resets;
+asc->flash_window_base = 0x8000;
+asc->flash_window_size = 0x1000;
+asc->features  = ASPEED_SMC_FEATURE_DMA;
+asc->dma_flash_mask= 0x0FFC;
+asc->dma_dram_mask = 0x000BFFFC;
+asc->nregs = ASPEED_SMC_R_MAX;
+asc->segment_to_reg= aspeed_1030_smc_segment_to_reg;
+asc->reg_to_segment= aspeed_1030_smc_reg_to_segment;
+asc->dma_ctrl  = aspeed_2600_smc_dma_ctrl;
+}
+
+static const TypeInfo aspeed_1030_fmc_info = {
+.name =  "aspeed.fmc-ast1030",
+.parent = TYPE_ASPEED_SMC,
+.class_init = aspeed_1030_fmc_class_init,
+};
+
+static const AspeedSegments aspeed_1030_spi1_segments[] = {
+{ 0x0, 128 * MiB }, /* start address is readonly */
+{ 0x0, 0 }, /* disabled */
+};
+
+static void aspeed_1030_spi1_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+AspeedSMCClass *asc = ASPEED_SMC_CLASS(klass);
+
+dc->desc   = "Aspeed 1030 SPI1 Controller";
+asc->r_conf= R_CONF;
+asc->r_ce_ctrl = R_CE_CTRL;
+asc->r_ctrl0   = R_CTRL0;
+asc->r_timings = R_TIMINGS;
+asc->nregs_timings = 2;
+asc->conf_enable_w0= CONF_ENABLE_W0;
+asc->cs_num_max= 2;
+asc->segments  = aspeed_1030_spi1_segments;
+asc->segment_addr_mask = 0x0ff00ff0;
+asc->flash_window_base = 0x9000;
+asc->flash_window_size = 0x1000;
+asc->features  = ASPEED_SMC_FEATURE_DMA |
+ ASPEED_SMC_FEATURE_WDT_CONTROL;
+asc->dma_flash_mask= 0x0FFC;
+asc->dma_dram_mask = 0x000BFFFC;
+asc->nregs = ASPEED_SMC_R_MAX;
+asc->segment_to_reg= aspeed_2600_smc_segment_to_reg;
+asc->reg_to_segment= aspeed_2600_smc_reg_to_segment;
+asc->dma_ctrl  = aspeed_2600_smc_dma_ctrl;
+}
+
+static const TypeInfo aspeed_1030_spi1_info = {
+.name =  "aspeed.spi1-ast1030",
+.parent = TYPE_ASPEED_SMC,
+

[PATCH v3 3/9] aspeed/wdt: Fix ast2500/ast2600 default reload value.

[Jamin Lin]

From: Steven Lee 

Per ast2500_2520_datasheet_v1.8 and ast2600v11.pdf, the default value of
WDT00 and WDT04 is 0x014FB180 for ast2500/ast2600.
Add default_status and default_reload_value attributes for storing
counter status and reload value as they are different from ast2400.

Signed-off-by: Troy Lee 
Signed-off-by: Jamin Lin 
Signed-off-by: Steven Lee 
Reviewed-by: Cédric Le Goater 
---
 hw/watchdog/wdt_aspeed.c | 10 --
 include/hw/watchdog/wdt_aspeed.h |  2 ++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw/watchdog/wdt_aspeed.c b/hw/watchdog/wdt_aspeed.c
index 6aa6f90b66..386928e9c0 100644
--- a/hw/watchdog/wdt_aspeed.c
+++ b/hw/watchdog/wdt_aspeed.c
@@ -232,8 +232,8 @@ static void aspeed_wdt_reset(DeviceState *dev)
 AspeedWDTState *s = ASPEED_WDT(dev);
 AspeedWDTClass *awc = ASPEED_WDT_GET_CLASS(s);
 
-s->regs[WDT_STATUS] = 0x3EF1480;
-s->regs[WDT_RELOAD_VALUE] = 0x03EF1480;
+s->regs[WDT_STATUS] = awc->default_status;
+s->regs[WDT_RELOAD_VALUE] = awc->default_reload_value;
 s->regs[WDT_RESTART] = 0;
 s->regs[WDT_CTRL] = awc->sanitize_ctrl(0);
 s->regs[WDT_RESET_WIDTH] = 0xFF;
@@ -319,6 +319,8 @@ static void aspeed_2400_wdt_class_init(ObjectClass *klass, 
void *data)
 awc->reset_ctrl_reg = SCU_RESET_CONTROL1;
 awc->wdt_reload = aspeed_wdt_reload;
 awc->sanitize_ctrl = aspeed_2400_sanitize_ctrl;
+awc->default_status = 0x03EF1480;
+awc->default_reload_value = 0x03EF1480;
 }
 
 static const TypeInfo aspeed_2400_wdt_info = {
@@ -355,6 +357,8 @@ static void aspeed_2500_wdt_class_init(ObjectClass *klass, 
void *data)
 awc->reset_pulse = aspeed_2500_wdt_reset_pulse;
 awc->wdt_reload = aspeed_wdt_reload_1mhz;
 awc->sanitize_ctrl = aspeed_2500_sanitize_ctrl;
+awc->default_status = 0x014FB180;
+awc->default_reload_value = 0x014FB180;
 }
 
 static const TypeInfo aspeed_2500_wdt_info = {
@@ -376,6 +380,8 @@ static void aspeed_2600_wdt_class_init(ObjectClass *klass, 
void *data)
 awc->reset_pulse = aspeed_2500_wdt_reset_pulse;
 awc->wdt_reload = aspeed_wdt_reload_1mhz;
 awc->sanitize_ctrl = aspeed_2600_sanitize_ctrl;
+awc->default_status = 0x014FB180;
+awc->default_reload_value = 0x014FB180;
 }
 
 static const TypeInfo aspeed_2600_wdt_info = {
diff --git a/include/hw/watchdog/wdt_aspeed.h b/include/hw/watchdog/wdt_aspeed.h
index f945cd6c58..0e37f39f38 100644
--- a/include/hw/watchdog/wdt_aspeed.h
+++ b/include/hw/watchdog/wdt_aspeed.h
@@ -45,6 +45,8 @@ struct AspeedWDTClass {
 void (*reset_pulse)(AspeedWDTState *s, uint32_t property);
 void (*wdt_reload)(AspeedWDTState *s);
 uint64_t (*sanitize_ctrl)(uint64_t data);
+uint32_t default_status;
+uint32_t default_reload_value;
 };
 
 #endif /* WDT_ASPEED_H */
-- 
2.17.1

[PATCH v3 0/9] Add support for AST1030 SoC

[Jamin Lin]

Changes from v3:
- remove AspeedMiniBmcMachineState state structure and
  AspeedMiniBmcMachineClass class
- remove redundant new line in hw/arm/aspeed_ast10xx.c
- drop the ASPEED_SMC_FEATURE_WDT_CONTROL flag in hw/ssi/aspeed_smc.c

Changes from v2:
- replace aspeed_ast1030.c with aspeed_ast10xx.c for minibmc SOCs family support
- Add "ast1030-evb" machine in aspeed.c and removes aspeed_minibmc.c

Changes from v1:
The patch series supports ADC, SCU, SMC, TIMER, and WDT for AST1030 SoC.
Add avocado test case for "ast1030-evb" machine.

Test steps:
1. Download image from
   
https://github.com/AspeedTech-BMC/zephyr/releases/download/v00.01.04/ast1030-evb-demo.zip
2. Extract the zip file to obtain zephyr.elf
3. Run ./qemu-system-arm -M ast1030-evb -kernel $PATH/zephyr.elf -nographic
4. Test IO by Zephyr command line, commands are refer to Aspeed Zephyr
   SDK User Guide below
   
https://github.com/AspeedTech-BMC/zephyr/releases/download/v00.01.04/Aspeed_Zephy_SDK_User_Guide_v00.01.04.pdf
   - ADC(channel 0):
   uart:~$ adc ADC0 resolution 10
   uart:~$ adc ADC0 calibrate 1
   uart:~$ adc ADC0 read_format 1
   uart:~$ adc ADC0 read 0
   [Result]
   read: 1416mv

   - SCU
   uart:~$ md 7e6e2040
   uart:~$ md 7e6e2080
   uart:~$ md 7e6e20d0
   uart:~$ md 7e6e2200
   uart:~$ md 7e6e2300
   uart:~$ md 7e6e25b0
   [Result]
   The register value should match the value of ast1030_a1_resets
   in aspeed_scu.c

   - Flash(fmc_cs0):
   uart:~$ flash write fmc_cs0 0 0x12345678 0x87654321 0x34127856 0x78563412
   uart:~$ flash read fmc_cs0 0 10
   [Result]
   : 78 56 34 12 21 43 65 87  56 78 12 34 12 34 56 78 |xV4.!Ce. 
Vx.4.4Vx|

   uart:~$ flash erase fmc_cs0 0
   uart:~$ flash read fmc_cs0 0 10
   [Result]
   : ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff | 
|

   - Timer(TIMER0):
   uart:~$ timer start TIMER0 -p 2000 -t 0
   TIMER0: period 2 ms, type 0
   [Result]
   timer expired after 2 seconds

   - Watchdog(WDT1):
   uart:~$ mw 7e785008 4755
   uart:~$ mw 7e78500c 1
   [Result]
   soc reset after 22 seconds

Based-on: 20220315075753.8591-3-steven_...@aspeedtech.com
([v2,2/2] hw: aspeed_scu: Introduce clkin_25Mhz attribute)


Jamin Lin (2):
  aspeed: Add an AST1030 eval board
  test/avocado/machine_aspeed.py: Add ast1030 test case

Steven Lee (7):
  aspeed/adc: Add AST1030 support
  aspeed/smc: Add AST1030 support
  aspeed/wdt: Fix ast2500/ast2600 default reload value.
  aspeed/wdt: Add AST1030 support
  aspeed/timer: Add AST1030 support
  aspeed/scu: Add AST1030 support
  aspeed/soc : Add AST1030 support

 hw/adc/aspeed_adc.c  |  16 ++
 hw/arm/aspeed.c  |  97 ++
 hw/arm/aspeed_ast10xx.c  | 299 +++
 hw/arm/meson.build   |   6 +-
 hw/misc/aspeed_scu.c |  63 +++
 hw/ssi/aspeed_smc.c  | 159 
 hw/timer/aspeed_timer.c  |  17 ++
 hw/watchdog/wdt_aspeed.c |  34 +++-
 include/hw/adc/aspeed_adc.h  |   1 +
 include/hw/arm/aspeed.h  |   6 +-
 include/hw/arm/aspeed_soc.h  |   3 +
 include/hw/misc/aspeed_scu.h |  25 +++
 include/hw/timer/aspeed_timer.h  |   1 +
 include/hw/watchdog/wdt_aspeed.h |   3 +
 tests/avocado/machine_aspeed.py  |  36 
 15 files changed, 760 insertions(+), 6 deletions(-)
 create mode 100644 hw/arm/aspeed_ast10xx.c
 create mode 100644 tests/avocado/machine_aspeed.py

-- 
2.17.1

Re: [PATCH v3] vdpa: reset the backend device in the end of vhost_net_stop()

[Jason Wang]

On Thu, Mar 31, 2022 at 5:12 PM Maxime Coquelin
 wrote:
>
> Hi,
>
> On 3/31/22 10:55, Jason Wang wrote:
> > On Thu, Mar 31, 2022 at 1:20 PM <08005...@163.com> wrote:
> >
> > Hi:
> >
> > For some reason, I see the patch as an attachment.
>
> We are starting to see this more and more since yesterday on DPDK
> mailing list. It seems like an issue with mimecast, when the From: tag
> is different from the sender.
>
> Maxime

I see. Thanks

>
> > Thanks
> >
> >
>

Re: [PATCH v4] vdpa: reset the backend device in the end of vhost_net_stop()

[Jason Wang]

On Fri, Apr 1, 2022 at 9:31 AM Michael Qiu  wrote:
>
> Currently, when VM poweroff, it will trigger vdpa
> device(such as mlx bluefield2 VF) reset many times(with 1 datapath
> queue pair and one control queue, triggered 3 times), this
> leads to below issue:
>
> vhost VQ 2 ring restore failed: -22: Invalid argument (22)
>
> This because in vhost_net_stop(), it will stop all vhost device bind to
> this virtio device, and in vhost_dev_stop(), qemu tries to stop the device
> , then stop the queue: vhost_virtqueue_stop().
>
> In vhost_dev_stop(), it resets the device, which clear some flags
> in low level driver, and in next loop(stop other vhost backends),
> qemu try to stop the queue corresponding to the vhost backend,
>  the driver finds that the VQ is invalied, this is the root cause.
>
> To solve the issue, vdpa should set vring unready, and
> remove reset ops in device stop: vhost_dev_start(hdev, false).
>
> and implement a new function vhost_dev_reset, only reset backend
> device after all vhost(per-queue) stoped.

Typo.

>
> Signed-off-by: Michael Qiu
> Acked-by: Jason Wang 

Rethink this patch, consider there're devices that don't support
set_vq_ready(). I wonder if we need

1) uAPI to tell the user space whether or not it supports set_vq_ready()
2) userspace will call SET_VRING_ENABLE() when the device supports
otherwise it will use RESET.

And for safety, I suggest tagging this as 7.1.

> ---
> v4 --> v3
> Nothing changed, becasue of issue with mimecast,
> when the From: tag is different from the sender,
> the some mail client will take the patch as an
> attachment, RESEND v3 does not work, So resend
> the patch as v4
>
> v3 --> v2:
> Call vhost_dev_reset() at the end of vhost_net_stop().
>
> Since the vDPA device need re-add the status bit
> VIRTIO_CONFIG_S_ACKNOWLEDGE and VIRTIO_CONFIG_S_DRIVER,
> simply, add them inside vhost_vdpa_reset_device, and
> the only way calling vhost_vdpa_reset_device is in
> vhost_net_stop(), so it keeps the same behavior as before.
>
> v2 --> v1:
>Implement a new function vhost_dev_reset,
>reset the backend kernel device at last.
> ---
>  hw/net/vhost_net.c| 24 +---
>  hw/virtio/vhost-vdpa.c| 15 +--
>  hw/virtio/vhost.c | 15 ++-
>  include/hw/virtio/vhost.h |  1 +
>  4 files changed, 45 insertions(+), 10 deletions(-)
>
> diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
> index 30379d2..422c9bf 100644
> --- a/hw/net/vhost_net.c
> +++ b/hw/net/vhost_net.c
> @@ -325,7 +325,7 @@ int vhost_net_start(VirtIODevice *dev, NetClientState 
> *ncs,
>  int total_notifiers = data_queue_pairs * 2 + cvq;
>  VirtIONet *n = VIRTIO_NET(dev);
>  int nvhosts = data_queue_pairs + cvq;
> -struct vhost_net *net;
> +struct vhost_net *net = NULL;
>  int r, e, i, index_end = data_queue_pairs * 2;
>  NetClientState *peer;
>
> @@ -391,8 +391,17 @@ int vhost_net_start(VirtIODevice *dev, NetClientState 
> *ncs,
>  err_start:
>  while (--i >= 0) {
>  peer = qemu_get_peer(ncs , i);
> -vhost_net_stop_one(get_vhost_net(peer), dev);
> +
> +net = get_vhost_net(peer);
> +
> +vhost_net_stop_one(net, dev);
>  }
> +
> +/* We only reset backend vdpa device */
> +if (net && net->dev.vhost_ops->backend_type == VHOST_BACKEND_TYPE_VDPA) {
> +vhost_dev_reset(>dev);
> +}
> +
>  e = k->set_guest_notifiers(qbus->parent, total_notifiers, false);
>  if (e < 0) {
>  fprintf(stderr, "vhost guest notifier cleanup failed: %d\n", e);
> @@ -410,6 +419,7 @@ void vhost_net_stop(VirtIODevice *dev, NetClientState 
> *ncs,
>  VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
>  VirtIONet *n = VIRTIO_NET(dev);
>  NetClientState *peer;
> +struct vhost_net *net = NULL;
>  int total_notifiers = data_queue_pairs * 2 + cvq;
>  int nvhosts = data_queue_pairs + cvq;
>  int i, r;
> @@ -420,7 +430,15 @@ void vhost_net_stop(VirtIODevice *dev, NetClientState 
> *ncs,
>  } else {
>  peer = qemu_get_peer(ncs, n->max_queue_pairs);
>  }
> -vhost_net_stop_one(get_vhost_net(peer), dev);
> +
> +net = get_vhost_net(peer);
> +
> +vhost_net_stop_one(net, dev);
> +}
> +
> +/* We only reset backend vdpa device */
> +if (net && net->dev.vhost_ops->backend_type == VHOST_BACKEND_TYPE_VDPA) {
> +vhost_dev_reset(>dev);
>  }

So we've already reset the device in vhost_vdpa_dev_start(), any
reason we need to do it again here?

>
>  r = k->set_guest_notifiers(qbus->parent, total_notifiers, false);
> diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
> index c5ed7a3..3ef0199 100644
> --- a/hw/virtio/vhost-vdpa.c
> +++ b/hw/virtio/vhost-vdpa.c
> @@ -708,6 +708,11 @@ static int vhost_vdpa_reset_device(struct vhost_dev *dev)
>
>  ret = vhost_vdpa_call(dev, VHOST_VDPA_SET_STATUS, );
>  trace_vhost_vdpa_reset_device(dev, 

Re: [PATCH 7/7] vhost-vdpa: backend feature should set only once

[Jason Wang]

On Thu, Mar 31, 2022 at 5:20 PM Eugenio Perez Martin
 wrote:
>
> On Thu, Mar 31, 2022 at 10:54 AM Jason Wang  wrote:
> >
> >
> > 在 2022/3/31 下午4:02, Eugenio Perez Martin 写道:
> > > On Thu, Mar 31, 2022 at 1:03 AM Si-Wei Liu  wrote:
> > >>
> > >>
> > >> On 3/30/2022 12:01 PM, Eugenio Perez Martin wrote:
> > >>> On Wed, Mar 30, 2022 at 8:33 AM Si-Wei Liu  
> > >>> wrote:
> >  The vhost_vdpa_one_time_request() branch in
> >  vhost_vdpa_set_backend_cap() incorrectly sends down
> >  iotls on vhost_dev with non-zero index. This may
> >  end up with multiple VHOST_SET_BACKEND_FEATURES
> >  ioctl calls sent down on the vhost-vdpa fd that is
> >  shared between all these vhost_dev's.
> > 
> > >>> Not only that. This means that qemu thinks the device supports iotlb
> > >>> batching as long as the device does not have cvq. If vdpa does not
> > >>> support batching, it will return an error later with no possibility of
> > >>> doing it ok.
> > >> I think the implicit assumption here is that the caller should back off
> > >> to where it was if it comes to error i.e. once the first
> > >> vhost_dev_set_features call gets an error, vhost_dev_start() will fail
> > >> straight.
> > > Sorry, I don't follow you here, and maybe my message was not clear enough.
> > >
> > > What I meant is that your patch fixes another problem not stated in
> > > the message: it is not possible to initialize a net vdpa device that
> > > does not have cvq and does not support iotlb batches without it. Qemu
> > > will assume that the device supports batching, so the write of
> > > VHOST_IOTLB_BATCH_BEGIN will fail. I didn't test what happens next but
> > > it probably cannot continue.
> >
> >
> > So you mean we actually didn't call VHOST_SET_BACKEND_CAP in this case.
> > Fortunately, kernel didn't check the backend cap when accepting batching
> > hints.
> >
> > We are probably fine?
> >
>
> We're fine as long as the vdpa driver in the kernel effectively
> supports batching. If not, qemu will try to batch, and it will fail.
>
> It was introduced in v5.9, so qemu has not supported kernel <5.9 since
> we introduced multiqueue support (I didn't test). Unless we apply this
> patch. That's the reason it should be marked as fixed and backported
> to stable IMO.

Ok, so it looks to me we have more issues.

In vhost_vdpa_set_backend_cap() we fail when
VHOST_VDPA_GET_BACKEND_FEATURES fails. This breaks the older kernel
since that ioctl is introduced in

653055b9acd4 ("vhost-vdpa: support get/set backend features")

We should:

1) make it work by not failing the vhost_vdpa_set_backend_cap() and
assuming MSG_V2.
2) check the batching support in vhost_vdpa_listener_begin_batch()
instead of trying to set VHOST_IOTLB_BATCH_BEGIN uncondtionally

Thanks

>
> Thanks!
>
> > Thanks
> >
> >
> > > In that regard, this commit needs to be marked as "Fixes: ...", either
> > > ("a5bd058 vhost-vdpa: batch updating IOTLB mappings") or maybe better
> > > ("4d191cf vhost-vdpa: classify one time request"). We have a
> > > regression if we introduce both, or the second one and the support of
> > > any other backend feature.
> > >
> > >> Noted that the VHOST_SET_BACKEND_FEATURES ioctl is not per-vq
> > >> and it doesn't even need to. There seems to me no possibility for it to
> > >> fail in a way as thought here. The capture is that IOTLB batching is at
> > >> least a vdpa device level backend feature, if not per-kernel. Same as
> > >> IOTLB_MSG_V2.
> > >>
> > > At this moment it is per-kernel, yes. With your patch there is no need
> > > to fail because of the lack of _F_IOTLB_BATCH, the code should handle
> > > this case ok.
> > >
> > > But if VHOST_GET_BACKEND_FEATURES returns no support for
> > > VHOST_BACKEND_F_IOTLB_MSG_V2, the qemu code will happily send v2
> > > messages anyway. This has nothing to do with the patch, I'm just
> > > noting it here.
> > >
> > > In that case, maybe it is better to return something like -ENOTSUP?
> > >
> > > Thanks!
> > >
> > >> -Siwei
> > >>
> > >>>Some open questions:
> > >>>
> > >>> Should we make the vdpa driver return error as long as a feature is
> > >>> used but not set by qemu, or let it as undefined? I guess we have to
> > >>> keep the batching at least without checking so the kernel supports old
> > >>> versions of qemu.
> > >>>
> > >>> On the other hand, should we return an error if IOTLB_MSG_V2 is not
> > >>> supported here? We're basically assuming it in other functions.
> > >>>
> >  To fix it, send down ioctl only once via the first
> >  vhost_dev with index 0. Toggle the polarity of the
> >  vhost_vdpa_one_time_request() test would do the trick.
> > 
> >  Signed-off-by: Si-Wei Liu 
> > >>> Acked-by: Eugenio Pérez 
> > >>>
> >  ---
> > hw/virtio/vhost-vdpa.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> >  diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
> >  index c5ed7a3..27ea706 100644
> >  --- 

Re: [PATCH] virtio-net: use g_memdup2() instead of unsafe g_memdup()

[Jason Wang]

On Fri, Apr 1, 2022 at 2:29 AM Eugenio Pérez  wrote:
>
> Fixing that literal checkpatch.pl because it will complain when we modify the 
> file
>
> Signed-off-by: Eugenio Pérez 

Acked-by: Jason Wang 

> ---
>  hw/net/virtio-net.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> index 1067e72b39..e4748a7e6c 100644
> --- a/hw/net/virtio-net.c
> +++ b/hw/net/virtio-net.c
> @@ -1443,7 +1443,8 @@ static void virtio_net_handle_ctrl(VirtIODevice *vdev, 
> VirtQueue *vq)
>  }
>
>  iov_cnt = elem->out_num;
> -iov2 = iov = g_memdup(elem->out_sg, sizeof(struct iovec) * 
> elem->out_num);
> +iov2 = iov = g_memdup2(elem->out_sg,
> +   sizeof(struct iovec) * elem->out_num);
>  s = iov_to_buf(iov, iov_cnt, 0, , sizeof(ctrl));
>  iov_discard_front(, _cnt, sizeof(ctrl));
>  if (s != sizeof(ctrl)) {
> --
> 2.27.0
>

Re: [PATCH] util: Return void on iova_tree_remove

[Jason Wang]

On Fri, Apr 1, 2022 at 2:17 AM Eugenio Pérez  wrote:
>
> It always returns IOVA_OK so nobody uses it.
>
> Signed-off-by: Eugenio Pérez 

Acked-by: Jason Wang 

> ---
>  include/qemu/iova-tree.h | 4 +---
>  util/iova-tree.c | 4 +---
>  2 files changed, 2 insertions(+), 6 deletions(-)
>
> diff --git a/include/qemu/iova-tree.h b/include/qemu/iova-tree.h
> index c938fb0793..16bbfdf5f8 100644
> --- a/include/qemu/iova-tree.h
> +++ b/include/qemu/iova-tree.h
> @@ -72,10 +72,8 @@ int iova_tree_insert(IOVATree *tree, const DMAMap *map);
>   * provided.  The range does not need to be exactly what has inserted,
>   * all the mappings that are included in the provided range will be
>   * removed from the tree.  Here map->translated_addr is meaningless.
> - *
> - * Return: 0 if succeeded, or <0 if error.
>   */
> -int iova_tree_remove(IOVATree *tree, const DMAMap *map);
> +void iova_tree_remove(IOVATree *tree, const DMAMap *map);
>
>  /**
>   * iova_tree_find:
> diff --git a/util/iova-tree.c b/util/iova-tree.c
> index 6dff29c1f6..fee530a579 100644
> --- a/util/iova-tree.c
> +++ b/util/iova-tree.c
> @@ -164,15 +164,13 @@ void iova_tree_foreach(IOVATree *tree, 
> iova_tree_iterator iterator)
>  g_tree_foreach(tree->tree, iova_tree_traverse, iterator);
>  }
>
> -int iova_tree_remove(IOVATree *tree, const DMAMap *map)
> +void iova_tree_remove(IOVATree *tree, const DMAMap *map)
>  {
>  const DMAMap *overlap;
>
>  while ((overlap = iova_tree_find(tree, map))) {
>  g_tree_remove(tree->tree, overlap);
>  }
> -
> -return IOVA_OK;
>  }
>
>  /**
> --
> 2.27.0
>

Re: [PATCH] vhost: Fix bad return of descriptors to SVQ

[Jason Wang]

On Fri, Apr 1, 2022 at 2:14 AM Eugenio Pérez  wrote:
>
> Only the first one of them were properly enqueued back.
>
> Fixes: 100890f7ca ("vhost: Shadow virtqueue buffers forwarding")
> Signed-off-by: Eugenio Pérez 
> ---
>  hw/virtio/vhost-shadow-virtqueue.c | 17 +++--
>  1 file changed, 15 insertions(+), 2 deletions(-)
>
> diff --git a/hw/virtio/vhost-shadow-virtqueue.c 
> b/hw/virtio/vhost-shadow-virtqueue.c
> index b232803d1b..c17506df20 100644
> --- a/hw/virtio/vhost-shadow-virtqueue.c
> +++ b/hw/virtio/vhost-shadow-virtqueue.c
> @@ -333,13 +333,25 @@ static void 
> vhost_svq_disable_notification(VhostShadowVirtqueue *svq)
>  svq->vring.avail->flags |= cpu_to_le16(VRING_AVAIL_F_NO_INTERRUPT);
>  }
>
> +static uint16_t vhost_svq_last_desc_of_chain(VhostShadowVirtqueue *svq,
> + uint16_t i)
> +{
> +vring_desc_t *descs = svq->vring.desc;
> +
> +while (le16_to_cpu(descs[i].flags) & VRING_DESC_F_NEXT) {
> +i = le16_to_cpu(descs[i].next);


This seems to be a guest trigger-able infinite loop?

Thanks


> +}
> +
> +return i;
> +}
> +
>  static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
> uint32_t *len)
>  {
>  vring_desc_t *descs = svq->vring.desc;
>  const vring_used_t *used = svq->vring.used;
>  vring_used_elem_t used_elem;
> -uint16_t last_used;
> +uint16_t last_used, last_used_chain;
>
>  if (!vhost_svq_more_used(svq)) {
>  return NULL;
> @@ -365,7 +377,8 @@ static VirtQueueElement 
> *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
>  return NULL;
>  }
>
> -descs[used_elem.id].next = svq->free_head;
> +last_used_chain = vhost_svq_last_desc_of_chain(svq, used_elem.id);
> +descs[last_used_chain].next = svq->free_head;
>  svq->free_head = used_elem.id;
>
>  *len = used_elem.len;
> --
> 2.27.0
>

[PATCH] intel-iommu: correct the value used for error_setg_errno()

[Jason Wang]

error_setg_errno() expects a normal errno value, not a negated
one, so we should use ENOTSUP instead of -ENOSUP.

Fixes: Coverity CID 1487174
Fixes: ("intel_iommu: support snoop control")
Signed-off-by: Jason Wang 
---
 hw/i386/intel_iommu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index c64aa81a83..e05d69a2c0 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -3032,7 +3032,7 @@ static int 
vtd_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu,
 
 /* TODO: add support for VFIO and vhost users */
 if (s->snoop_control) {
-error_setg_errno(errp, -ENOTSUP,
+error_setg_errno(errp, ENOTSUP,
  "Snoop Control with vhost or VFIO is not supported");
 return -ENOTSUP;
 }
-- 
2.25.1

Re: [PATCH v4 10/11] tests/tcg/s390x: Tests for Vector Enhancements Facility 2

[David Miller]

On Thu, Mar 31, 2022 at 10:15 PM David Miller  wrote:
>
> Hi,
>
> There is some issue with instruction sub/alt encodings not matching,
> but I worked around it easily.
>
> I'm dropping the updated patch for the tests in here.
> I know I should resend the entire patch series as a higher version
> really, and will do so.
> I'm hoping someone can tell me if it's ok to use .insn vrr  in place
> of vri(-d) as it doesn't match vri.
> [https://sourceware.org/binutils/docs-2.37/as/s390-Formats.html]
>
> .insn doesn't deal with sub encodings and there is no good alternative
> that I know of.
>
> example:
>
> /* vri-d as vrr */
> asm volatile(".insn vrr, 0xE786, %[v1], %[v2], %[v3], 0, %[I], 
> 0\n"
> : [v1] "=v" (v1->v)
> : [v2]  "v" (v2->v)
> , [v3]  "v" (v3->v)
> , [I]   "i" (I & 7));
>
> Patch is attached
>
>
> Thanks
> - David Miller
>
>
> On Thu, Mar 31, 2022 at 2:26 PM David Miller  wrote:
> >
> > Sorry,
> >Didn't notice this, as it was on v4 patch emails.
> > I assume since there is no other follow up after a week,
> >  CI jobs are not being updated and I should change samples to use .insn.
> > I will try to get this out tomorrow.
> >
> > Thanks,
> > - David Miller
> >
> > On Wed, Mar 23, 2022 at 1:13 PM Thomas Huth  wrote:
> > >
> > > On 22/03/2022 11.31, Thomas Huth wrote:
> > > > On 22/03/2022 09.53, David Hildenbrand wrote:
> > > >> On 22.03.22 01:04, David Miller wrote:
> > > > [...]
> > > >>> diff --git a/tests/tcg/s390x/Makefile.target
> > > >>> b/tests/tcg/s390x/Makefile.target
> > > >>> index 8c9b6a13ce..921a056dd1 100644
> > > >>> --- a/tests/tcg/s390x/Makefile.target
> > > >>> +++ b/tests/tcg/s390x/Makefile.target
> > > >>> @@ -16,6 +16,14 @@ TESTS+=shift
> > > >>>   TESTS+=trap
> > > >>>   TESTS+=signals-s390x
> > > >>> +VECTOR_TESTS=vxeh2_vs
> > > >>> +VECTOR_TESTS+=vxeh2_vcvt
> > > >>> +VECTOR_TESTS+=vxeh2_vlstr
> > > >>> +
> > > >>> +TESTS+=$(VECTOR_TESTS)
> > > >>> +
> > > >>> +$(VECTOR_TESTS): CFLAGS+=-march=z15 -O2
> > > >>
> > > >> @Thomas, will that survive our test framework already, or do we have to
> > > >> wait for the debain11 changes?
> > > >
> > > > Alex' update to the container has already been merged:
> > > >
> > > > https://gitlab.com/qemu-project/qemu/-/commit/89767579cad2e371b
> > > >
> > > > ... and seems like it's working in Travis on s390x, too:
> > > >
> > > > https://app.travis-ci.com/github/huth/qemu/jobs/564188977#L12797
> > > >
> > > > ... so it seems like it should be OK now (considering that we drop 
> > > > support
> > > > for the old Ubuntu version 18.04 in QEMU 7.1, too).
> > >
> > > Looks like I spoke a little bit too soon - some of the CI pipelines are
> > > still using Debian 10 for running the TCG tests, and they are failing with
> > > these patches applied:
> > >
> > > https://gitlab.com/thuth/qemu/-/jobs/2238422870#L3499
> > >
> > > Thus we either need to update the CI jobs to use Debian 11, or use
> > > handcrafted instruction opcodes here again...
> > >
> > >   Thomas
> > >
From bb6bf2f9529c4d76db9a9eff2ff7fa1235657103 Mon Sep 17 00:00:00 2001
From: David Miller 
Date: Mon, 21 Mar 2022 16:58:57 -0400
Subject: [PATCH v5 10/11] tests/tcg/s390x: Tests for Vector Enhancements
 Facility 2

Signed-off-by: David Miller 
---
 tests/tcg/s390x/Makefile.target |   8 ++
 tests/tcg/s390x/vx.h|  19 +
 tests/tcg/s390x/vxeh2_vcvt.c|  88 
 tests/tcg/s390x/vxeh2_vlstr.c   | 139 
 tests/tcg/s390x/vxeh2_vs.c  |  95 ++
 5 files changed, 349 insertions(+)
 create mode 100644 tests/tcg/s390x/vx.h
 create mode 100644 tests/tcg/s390x/vxeh2_vcvt.c
 create mode 100644 tests/tcg/s390x/vxeh2_vlstr.c
 create mode 100644 tests/tcg/s390x/vxeh2_vs.c

diff --git a/tests/tcg/s390x/Makefile.target b/tests/tcg/s390x/Makefile.target
index 8c9b6a13ce..921a056dd1 100644
--- a/tests/tcg/s390x/Makefile.target
+++ b/tests/tcg/s390x/Makefile.target
@@ -16,6 +16,14 @@ TESTS+=shift
 TESTS+=trap
 TESTS+=signals-s390x
 
+VECTOR_TESTS=vxeh2_vs
+VECTOR_TESTS+=vxeh2_vcvt
+VECTOR_TESTS+=vxeh2_vlstr
+
+TESTS+=$(VECTOR_TESTS)
+
+$(VECTOR_TESTS): CFLAGS+=-march=z15 -O2
+
 ifneq ($(HAVE_GDB_BIN),)
 GDB_SCRIPT=$(SRC_PATH)/tests/guest-debug/run-test.py
 
diff --git a/tests/tcg/s390x/vx.h b/tests/tcg/s390x/vx.h
new file mode 100644
index 00..2e66f8b714
--- /dev/null
+++ b/tests/tcg/s390x/vx.h
@@ -0,0 +1,19 @@
+#ifndef QEMU_TESTS_S390X_VX_H
+#define QEMU_TESTS_S390X_VX_H
+
+typedef union S390Vector {
+uint64_t d[2];  /* doubleword */
+uint32_t w[4];  /* word */
+uint16_t h[8];  /* halfword */
+uint8_t  b[16]; /* byte */
+floatf[4];  /* float32 */
+double   fd[2]; /* float64 */
+__uint128_t v;
+} S390Vector;
+
+#define ES8  0
+#define ES16 1
+#define ES32 2
+#define ES64 3
+
+#endif
\ No newline at end of file
diff --git a/tests/tcg/s390x/vxeh2_vcvt.c b/tests/tcg/s390x/vxeh2_vcvt.c
new file mode 

Re: [PATCH v4 10/11] tests/tcg/s390x: Tests for Vector Enhancements Facility 2

[David Miller]

Hi,

There is some issue with instruction sub/alt encodings not matching,
but I worked around it easily.

I'm dropping the updated patch for the tests in here.
I know I should resend the entire patch series as a higher version
really, and will do so.
I'm hoping someone can tell me if it's ok to use .insn vrr  in place
of vri(-d) as it doesn't match vri.
[https://sourceware.org/binutils/docs-2.37/as/s390-Formats.html]

.insn doesn't deal with sub encodings and there is no good alternative
that I know of.

example:

/* vri-d as vrr */
asm volatile(".insn vrr, 0xE786, %[v1], %[v2], %[v3], 0, %[I], 0\n"
: [v1] "=v" (v1->v)
: [v2]  "v" (v2->v)
, [v3]  "v" (v3->v)
, [I]   "i" (I & 7));

Patch is attached


Thanks
- David Miller


On Thu, Mar 31, 2022 at 2:26 PM David Miller  wrote:
>
> Sorry,
>Didn't notice this, as it was on v4 patch emails.
> I assume since there is no other follow up after a week,
>  CI jobs are not being updated and I should change samples to use .insn.
> I will try to get this out tomorrow.
>
> Thanks,
> - David Miller
>
> On Wed, Mar 23, 2022 at 1:13 PM Thomas Huth  wrote:
> >
> > On 22/03/2022 11.31, Thomas Huth wrote:
> > > On 22/03/2022 09.53, David Hildenbrand wrote:
> > >> On 22.03.22 01:04, David Miller wrote:
> > > [...]
> > >>> diff --git a/tests/tcg/s390x/Makefile.target
> > >>> b/tests/tcg/s390x/Makefile.target
> > >>> index 8c9b6a13ce..921a056dd1 100644
> > >>> --- a/tests/tcg/s390x/Makefile.target
> > >>> +++ b/tests/tcg/s390x/Makefile.target
> > >>> @@ -16,6 +16,14 @@ TESTS+=shift
> > >>>   TESTS+=trap
> > >>>   TESTS+=signals-s390x
> > >>> +VECTOR_TESTS=vxeh2_vs
> > >>> +VECTOR_TESTS+=vxeh2_vcvt
> > >>> +VECTOR_TESTS+=vxeh2_vlstr
> > >>> +
> > >>> +TESTS+=$(VECTOR_TESTS)
> > >>> +
> > >>> +$(VECTOR_TESTS): CFLAGS+=-march=z15 -O2
> > >>
> > >> @Thomas, will that survive our test framework already, or do we have to
> > >> wait for the debain11 changes?
> > >
> > > Alex' update to the container has already been merged:
> > >
> > > https://gitlab.com/qemu-project/qemu/-/commit/89767579cad2e371b
> > >
> > > ... and seems like it's working in Travis on s390x, too:
> > >
> > > https://app.travis-ci.com/github/huth/qemu/jobs/564188977#L12797
> > >
> > > ... so it seems like it should be OK now (considering that we drop support
> > > for the old Ubuntu version 18.04 in QEMU 7.1, too).
> >
> > Looks like I spoke a little bit too soon - some of the CI pipelines are
> > still using Debian 10 for running the TCG tests, and they are failing with
> > these patches applied:
> >
> > https://gitlab.com/thuth/qemu/-/jobs/2238422870#L3499
> >
> > Thus we either need to update the CI jobs to use Debian 11, or use
> > handcrafted instruction opcodes here again...
> >
> >   Thomas
> >

Re: [PULL v4 15/47] intel_iommu: support snoop control

[Jason Wang]

On Thu, Mar 31, 2022 at 5:51 PM Peter Maydell  wrote:
>
> On Mon, 7 Mar 2022 at 22:45, Michael S. Tsirkin  wrote:
> >
> > From: Jason Wang 
> >
> > SC is required for some kernel features like vhost-vDPA. So this patch
> > implements basic SC feature. The idea is pretty simple, for software
> > emulated DMA it would be always coherent. In this case we can simple
> > advertise ECAP_SC bit. For VFIO and vhost, thing will be more much
> > complicated, so this patch simply fail the IOMMU notifier
> > registration.
> >
> > In the future, we may want to have a dedicated notifiers flag or
> > similar mechanism to demonstrate the coherency so VFIO could advertise
> > that if it has VFIO_DMA_CC_IOMMU, for vhost kernel backend we don't
> > need that since it's a software backend.
>
> Hi; Coverity points out (CID 1487174) an error in this change:
>
> > --- a/hw/i386/intel_iommu.c
> > +++ b/hw/i386/intel_iommu.c
> > @@ -3030,6 +3030,13 @@ static int 
> > vtd_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu,
> >  VTDAddressSpace *vtd_as = container_of(iommu, VTDAddressSpace, iommu);
> >  IntelIOMMUState *s = vtd_as->iommu_state;
> >
> > +/* TODO: add support for VFIO and vhost users */
> > +if (s->snoop_control) {
> > +error_setg_errno(errp, -ENOTSUP,
> > + "Snoop Control with vhost or VFIO is not 
> > supported");
> > +return -ENOTSUP;
> > +}
>
> error_setg_errno() expects a normal errno value, not a negated
> one, so we should be passing it "ENOTSUP" here, not "-ENOTSUP".

Will post a fix soon.

Thanks

>
> thanks
> -- PMM
>

Re: who's maintaining amd_iommu.c these days?

[Jason Wang]

On Fri, Apr 1, 2022 at 2:30 AM Peter Xu  wrote:
>
> On Thu, Mar 31, 2022 at 05:01:52PM +0100, Peter Maydell wrote:
> > Coverity points out some problems with hw/i386/amd_iommu.c's event
> > logging code -- specifically, CID 1487115 1487116 1487190 1487200
> > 1487232 1487258 are all the same basic problem, which is that various
> > functions declare a local "uint64_t evt[4]", populate only some
> > bits of it and then write it to guest memory, so we end up using
> > uninitialized host data and leaking it to the guest. I was going to
> > write a fix for this, but in looking at the code I noticed that
> > it has more extensive problems:
> >
> > (1) these functions allocate an array of 4 64-bit values,
> > but we only copy 2 to the guest, because AMDVI_EVENT_LEN is 16.
> > Looking at the spec, I think that the length is right and it's
> > really 4 32-bit values (or 2 64-bit values, if you like).
> >
> > (2) There are host-endianness bugs, because we assemble the
> > event as a set of host-endianness values but then write them
> > to guest memory as a bag-of-bytes with dma_memory_write()
> >
> > (3) amdvi_encode_event() is throwing away most of its
> > "addr" argument, because it calls
> >   amdvi_setevent_bits(evt, addr, 63, 64) apparently intending
> > that to write 64 bits starting at 63 bits into the packet, but
> > the amdvi_setevent_bits() function only ever updates one
> > uint64_t in the array, so it will in fact write bit 63 and
> > nothing else.
> >
> > (4) The claimed bit layout of the event structure doesn't
> > match up with the one in the spec document I found. This
> > could be because I found a document for some other bit
> > of hardware, of course.
> >
> > Anyway, adding all these up, the event logging probably
> > needs a bit of a restructuring, and that should ideally be
> > done by somebody who (a) knows the hardware we're emulating
> > here and (b) is in a position to test things. Any volunteers?
>
> Copying some AMD developers (from where I saw the last patches from)...

Btw, the AMD IOMMU seems not to work for a while (just boot it with
virtio-blk and it still doesn't work).

Thanks

>
> --
> Peter Xu
>

Re: [PULL 19/35] ppc/pnv: Add models for POWER9 PHB4 PCIe Host bridge

[Benjamin Herrenschmidt]

On Thu, 2022-03-31 at 18:51 +0100, Peter Maydell wrote:
> 
> Hi; Coverity has just spotted an error in this old change
> (CID 1487176):

Oh my this is old ... I don't work for IBM anymore but I found the
relevant doc here: 
https://wiki.raptorcs.com/w/images/a/a5/POWER9_PCIe_controller_v11_27JUL2018_pub.pdf

So

> > +++ b/hw/pci-host/pnv_phb4_pec.c
> > +static void pnv_pec_pci_xscom_write(void *opaque, hwaddr addr,
> > +uint64_t val, unsigned size)
> > +{
> > +PnvPhb4PecState *pec = PNV_PHB4_PEC(opaque);
> > +uint32_t reg = addr >> 3;
> > +
> > +switch (reg) {
> > +case PEC_PCI_PBAIB_HW_CONFIG:
> > +case PEC_PCI_PBAIB_READ_STK_OVR:
> > +pec->pci_regs[reg] = val;
> 
> This write function switches on 'reg' and is written assuming
> that these PEC_PCI* constants are valid array indexes...

They should be but...

> > +break;
> > +default:
> > +phb_pec_error(pec, "%s @0x%"HWADDR_PRIx"=%"PRIx64"\n",
> > __func__,
> > +  addr, val);
> > +}
> > +}
> > +++ b/include/hw/pci-host/pnv_phb4.h
> > +struct PnvPhb4PecStatimages/images/e {
> > +DeviceState parent;
> > +
> > +/* PEC number in chip */
> > +uint32_t index;
> > +uint32_t chip_id;images/
> > +
> > +MemoryRegion *system_memory;
> > +
> > +/* Nest registers, excuding per-stack */
> > +#define PHB4_PEC_NEST_REGS_COUNT0xf
> > +uint64_t nest_regs[PHB4_PEC_NEST_REGS_COUNT];
> > +MemoryRegion nest_regs_mr;
> > +
> > +/* PCI registers, excluding per-stack */
> > +#define PHB4_PEC_PCI_REGS_COUNT 0x2
> > +uint64_t pci_regs[PHB4_PEC_PCI_REGS_COUNT];
> > +MemoryRegion pci_regs_mr;
> 
> ...but we define the pci_regs[] array in PnvPhb4PecState to
> have only 2 elements...
> 
> > +++ b/include/hw/pci-host/pnv_phb4_regs.h
> > +/* XSCOM PCI global registers */
> > +#define PEC_PCI_PBAIB_HW_CONFIG 0x00
> > +#define PEC_PCI_PBAIB_READ_STK_OVR  0x02
> 
> ...and here we define PEC_PCI_PBAIB_READ_STK_OVR as 2, which makes
> it not a valid index into pci_regs[].
> 
> 
> Which of these is wrong?

This one:

#define PHB4_PEC_PCI_REGS_COUNT 0x2

Should be

#define PHB4_PEC_PCI_REGS_COUNT 0x3

There is no register at 0x1 though.

Cheers,
Ben.

[PATCH v2] target/riscv: Call probe_write() before atomic operations

[Alistair Francis]

From: Alistair Francis 

If an atomic operation fails on RISC-V we want to generate a store/amo
fault and not a load fault.

Currently if we have no permissions to access the memory location the
atomic operation will sometimes fail with a load fault (depending on the
path taken in tcg/tcg-op.c) as the atomic helpers perform a load then a
store.

By performing a probe_write() on the memory first, we can ensure we have
permissions to perform the atomic operation. As RISC-V doesn't have
write only pages this should be pretty robust (PMP might be the
exception).

Note that this only fixes the fault for memory regions. I/O and
non-existant regions will still trigger a load fault.

Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.h  |  2 ++
 target/riscv/helper.h   |  2 ++
 target/riscv/cpu_helper.c   |  2 +-
 target/riscv/op_helper.c| 14 ++
 target/riscv/insn_trans/trans_rva.c.inc |  3 +++
 5 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index c069fe85fa..c215cd1b6a 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -179,6 +179,8 @@ struct CPUArchState {
 uint64_t mie;
 uint64_t mideleg;
 
+bool amo_store_fault;
+
 target_ulong satp;   /* since: priv-1.10.0 */
 target_ulong stval;
 target_ulong medeleg;
diff --git a/target/riscv/helper.h b/target/riscv/helper.h
index 26bbab2fab..12f8a0acea 100644
--- a/target/riscv/helper.h
+++ b/target/riscv/helper.h
@@ -106,6 +106,8 @@ DEF_HELPER_1(wfi, void, env)
 DEF_HELPER_1(tlb_flush, void, env)
 #endif
 
+DEF_HELPER_3(atomic_check, void, env, tl, int)
+
 /* Hypervisor functions */
 #ifndef CONFIG_USER_ONLY
 DEF_HELPER_1(hyp_tlb_flush, void, env)
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 1c60fb2e80..294687f001 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -1139,7 +1139,7 @@ void riscv_cpu_do_transaction_failed(CPUState *cs, hwaddr 
physaddr,
 RISCVCPU *cpu = RISCV_CPU(cs);
 CPURISCVState *env = >env;
 
-if (access_type == MMU_DATA_STORE) {
+if (access_type == MMU_DATA_STORE || env->amo_store_fault) {
 cs->exception_index = RISCV_EXCP_STORE_AMO_ACCESS_FAULT;
 } else if (access_type == MMU_DATA_LOAD) {
 cs->exception_index = RISCV_EXCP_LOAD_ACCESS_FAULT;
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index 1a75ba11e6..d0343b15f8 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -114,6 +114,20 @@ target_ulong helper_csrrw_i128(CPURISCVState *env, int csr,
 return int128_getlo(rv);
 }
 
+void helper_atomic_check(CPURISCVState *env, target_ulong address,
+ int mmu_idx)
+{
+#ifndef CONFIG_USER_ONLY
+void *phost;
+int ret = probe_access_flags(env, address, MMU_DATA_STORE, mmu_idx, false,
+ , GETPC());
+
+if (ret & TLB_MMIO) {
+env->amo_store_fault = true;
+}
+#endif
+}
+
 #ifndef CONFIG_USER_ONLY
 
 target_ulong helper_sret(CPURISCVState *env)
diff --git a/target/riscv/insn_trans/trans_rva.c.inc 
b/target/riscv/insn_trans/trans_rva.c.inc
index 45db82c9be..b3e05613d7 100644
--- a/target/riscv/insn_trans/trans_rva.c.inc
+++ b/target/riscv/insn_trans/trans_rva.c.inc
@@ -83,6 +83,9 @@ static bool gen_amo(DisasContext *ctx, arg_atomic *a,
 TCGv dest = dest_gpr(ctx, a->rd);
 TCGv src1 = get_address(ctx, a->rs1, 0);
 TCGv src2 = get_gpr(ctx, a->rs2, EXT_NONE);
+TCGv_i32 mem_idx = tcg_constant_i32(ctx->mem_idx);
+
+gen_helper_atomic_check(cpu_env, src1, mem_idx);
 
 func(dest, src1, src2, ctx->mem_idx, mop);
 
-- 
2.35.1

Re: [PATCH 2/4] net/colo: Fix a "double free" crash to clear the conn_list

[lizhij...@fujitsu.com]

On 31/03/2022 10:25, Zhang, Chen wrote:
>
>> -Original Message-
>> From: lizhij...@fujitsu.com 
>> Sent: Thursday, March 31, 2022 9:15 AM
>> To: Zhang, Chen ; Jason Wang
>> 
>> Cc: qemu-dev ; Like Xu 
>> Subject: Re: [PATCH 2/4] net/colo: Fix a "double free" crash to clear the
>> conn_list
>>
>>
>> connection_track_table
>> -+--
>> key1 | conn|---+
>> -+--   |
>> key2 | conn|--+|
>> -+--  ||
>> key3 | conn|-+||
>> -+-- |||
>>||
>> |
>>||
>> |
>>   + CompareState ++||
>> |
>>   |   |VV
>> V
>>   +---+   +---+ +---+
>>   |conn_list  +--->conn   +->conn   | 
>> connx
>>   +---+   +---+ +---+
>>   |   | |   | |  |
>>   +---+ +---v+  +---v++---v+ +---v+
>> |primary |  |secondary|primary | |secondary
>> |packet  |  |packet  +|packet  | |packet  +
>> ++  ++++ ++
>> |   | |  |
>> +---v+  +---v++---v+ +---v+
>> |primary |  |secondary|primary | |secondary
>> |packet  |  |packet  +|packet  | |packet  +
>> ++  ++++ ++
>> |   | |  |
>> +---v+  +---v++---v+ +---v+
>> |primary |  |secondary|primary | |secondary
>> |packet  |  |packet  +|packet  | |packet  +
>> ++  ++++ ++
>>
>> I recalled that we should above relationships between
>> connection_track_table conn_list and conn.
>> That means both connection_track_table and conn_list reference to the
>> same conn instance.
>>
>> So before this patch, connection_get() is possible to use-after-free/double
>> free conn. where 1st was in
>> connection_hashtable_reset() and 2nd was
>> 221 while (!g_queue_is_empty(conn_list)) {
>> 222 connection_destroy(g_queue_pop_head(conn_list));
>> 223 }
>>
>> I also doubt that your current abort was just due to above use-after-
>> free/double free.
>> If so, looks it's enough we just update to g_queue_clear(conn_list) in the 
>> 2nd
>> place.
> Make sense, but It also means the original patch works here, skip free conn 
> in connection_hashtable_reset() and do it in:
> 221 while (!g_queue_is_empty(conn_list)) {
>   222 connection_destroy(g_queue_pop_head(conn_list));
>   223 }.
> It also avoid use-after-free/double free conn.
Although you will not use-after-free here, you have to consider other 
situations carefully that
g_hash_table_remove_all() g_hash_table_destroy() were called where the 
conn_list should also be freed
with you approach.




> Maybe we can keep the original version to fix it?
And your commit log should be more clear.

Thanks
Zhijian

>
> Thanks
> Chen
>
>> Thanks
>> Zhijian
>>
>>
>> On 28/03/2022 17:13, Zhang, Chen wrote:
 -Original Message-
 From: lizhij...@fujitsu.com 
 Sent: Monday, March 21, 2022 11:06 AM
 To: Zhang, Chen ; Jason Wang
 ; lizhij...@fujitsu.com
 Cc: qemu-dev ; Like Xu
 
 Subject: Re: [PATCH 2/4] net/colo: Fix a "double free" crash to clear
 the conn_list



 On 09/03/2022 16:38, Zhang Chen wrote:
> We notice the QEMU may crash when the guest has too many incoming
> network connections with the following log:
>
> 15197@1593578622.668573:colo_proxy_main : colo proxy connection
> hashtable full, clear it
> free(): invalid pointer
> [1]15195 abort (core dumped)  qemu-system-x86_64 
>
> This is because we create the s->connection_track_table with
> g_hash_table_new_full() which is defined as:
>
> GHashTable * g_hash_table_new_full (GHashFunc hash_func,
>   GEqualFunc key_equal_func,
>   GDestroyNotify key_destroy_func,
>   

Re: [PATCH RESEND v3] vdpa: reset the backend device in the end of vhost_net_stop()

[Michael Qiu]

On 2022/4/1 9:12, Si-Wei Liu worte:



On 3/31/2022 2:25 AM, qiud...@archeros.com wrote:

From: Michael Qiu 

Currently, when VM poweroff, it will trigger vdpa
device(such as mlx bluefield2 VF) reset many times(with 1 datapath
queue pair and one control queue, triggered 3 times), this
leads to below issue:

vhost VQ 2 ring restore failed: -22: Invalid argument (22)

This because in vhost_net_stop(), it will stop all vhost device bind to
this virtio device, and in vhost_dev_stop(), qemu tries to stop the 
device

, then stop the queue: vhost_virtqueue_stop().

In vhost_dev_stop(), it resets the device, which clear some flags
in low level driver, and in next loop(stop other vhost backends),
qemu try to stop the queue corresponding to the vhost backend,
  the driver finds that the VQ is invalied, this is the root cause.

To solve the issue, vdpa should set vring unready, and
remove reset ops in device stop: vhost_dev_start(hdev, false).

and implement a new function vhost_dev_reset, only reset backend
device after all vhost(per-queue) stoped.

Signed-off-by: Michael Qiu
Acked-by: Jason Wang 
---
v3 --> v2:
 Call vhost_dev_reset() at the end of vhost_net_stop().

 Since the vDPA device need re-add the status bit
 VIRTIO_CONFIG_S_ACKNOWLEDGE and VIRTIO_CONFIG_S_DRIVER,
 simply, add them inside vhost_vdpa_reset_device, and
 the only way calling vhost_vdpa_reset_device is in
 vhost_net_stop(), so it keeps the same behavior as before.

v2 --> v1:
    Implement a new function vhost_dev_reset,
    reset the backend kernel device at last.
---
  hw/net/vhost_net.c    | 24 +---
  hw/virtio/vhost-vdpa.c    | 15 +--
  hw/virtio/vhost.c | 15 ++-
  include/hw/virtio/vhost.h |  1 +
  4 files changed, 45 insertions(+), 10 deletions(-)

diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index 30379d2..422c9bf 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -325,7 +325,7 @@ int vhost_net_start(VirtIODevice *dev, 
NetClientState *ncs,

  int total_notifiers = data_queue_pairs * 2 + cvq;
  VirtIONet *n = VIRTIO_NET(dev);
  int nvhosts = data_queue_pairs + cvq;
-    struct vhost_net *net;
+    struct vhost_net *net = NULL;
  int r, e, i, index_end = data_queue_pairs * 2;
  NetClientState *peer;
@@ -391,8 +391,17 @@ int vhost_net_start(VirtIODevice *dev, 
NetClientState *ncs,

  err_start:
  while (--i >= 0) {
  peer = qemu_get_peer(ncs , i);
-    vhost_net_stop_one(get_vhost_net(peer), dev);
+
+    net = get_vhost_net(peer);
+
+    vhost_net_stop_one(net, dev);
  }
+
+    /* We only reset backend vdpa device */
+    if (net && net->dev.vhost_ops->backend_type == 
VHOST_BACKEND_TYPE_VDPA) {
I would reset the device anyway regardless the first vhost_dev. Some 
ioctl calls may have well changed device state in vhost_dev_start() that 
has no way to get back than reset.


Here I just use the first vhost_dev as nothing is different in each 
vhost_dev, reset just set 0 to the vhost-vdpa socket FD. In all 
vhost_dev, FD is the same.



+    vhost_dev_reset(>dev);
I would move this to the end as it's more sensible to reset the device 
after guest notifier is disabled.


I will move it in next patch


+    }
+
  e = k->set_guest_notifiers(qbus->parent, total_notifiers, false);
  if (e < 0) {
  fprintf(stderr, "vhost guest notifier cleanup failed: %d\n", 
e);
@@ -410,6 +419,7 @@ void vhost_net_stop(VirtIODevice *dev, 
NetClientState *ncs,

  VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
  VirtIONet *n = VIRTIO_NET(dev);
  NetClientState *peer;
+    struct vhost_net *net = NULL;
  int total_notifiers = data_queue_pairs * 2 + cvq;
  int nvhosts = data_queue_pairs + cvq;
  int i, r;
@@ -420,7 +430,15 @@ void vhost_net_stop(VirtIODevice *dev, 
NetClientState *ncs,

  } else {
  peer = qemu_get_peer(ncs, n->max_queue_pairs);
  }
-    vhost_net_stop_one(get_vhost_net(peer), dev);
+
+    net = get_vhost_net(peer);
+
+    vhost_net_stop_one(net, dev);
+    }
+
+    /* We only reset backend vdpa device */
+    if (net && net->dev.vhost_ops->backend_type == 
VHOST_BACKEND_TYPE_VDPA) {
Yikes, I think it needs some code refactoring here without having to 
check VHOST_BACKEND_TYPE_VDPA explicitly. Historically the 
.vhost_reset_device() op was misnamed: it was initially meant for 
RESET_OWNER but never got used. Could you add a new .vhost_reset_owner() 
op to VhostOps (via another patch) and rename properly, e.g. from 
vhost_kernel_reset_device() to vhost_kernel_reset_owner()? For 
vhost_user_reset_device(), you can safely factor out the 
VHOST_USER_RESET_OWNER case to a new vhost_user_reset_owner() function, 
and only reset the device in vhost_user_reset_device() depending on the 
VHOST_USER_PROTOCOL_F_RESET_DEVICE protocol feature.


With this change, vhost_reset_device will be effectively a no-op on 
vhost_kernel (NULL) 

[PATCH v4] vdpa: reset the backend device in the end of vhost_net_stop()

[Michael Qiu]

Currently, when VM poweroff, it will trigger vdpa
device(such as mlx bluefield2 VF) reset many times(with 1 datapath
queue pair and one control queue, triggered 3 times), this
leads to below issue:

vhost VQ 2 ring restore failed: -22: Invalid argument (22)

This because in vhost_net_stop(), it will stop all vhost device bind to
this virtio device, and in vhost_dev_stop(), qemu tries to stop the device
, then stop the queue: vhost_virtqueue_stop().

In vhost_dev_stop(), it resets the device, which clear some flags
in low level driver, and in next loop(stop other vhost backends),
qemu try to stop the queue corresponding to the vhost backend,
 the driver finds that the VQ is invalied, this is the root cause.

To solve the issue, vdpa should set vring unready, and
remove reset ops in device stop: vhost_dev_start(hdev, false).

and implement a new function vhost_dev_reset, only reset backend
device after all vhost(per-queue) stoped.

Signed-off-by: Michael Qiu
Acked-by: Jason Wang 
---
v4 --> v3
Nothing changed, becasue of issue with mimecast,
when the From: tag is different from the sender,
the some mail client will take the patch as an
attachment, RESEND v3 does not work, So resend
the patch as v4

v3 --> v2:
Call vhost_dev_reset() at the end of vhost_net_stop().

Since the vDPA device need re-add the status bit 
VIRTIO_CONFIG_S_ACKNOWLEDGE and VIRTIO_CONFIG_S_DRIVER,
simply, add them inside vhost_vdpa_reset_device, and
the only way calling vhost_vdpa_reset_device is in
vhost_net_stop(), so it keeps the same behavior as before.

v2 --> v1:
   Implement a new function vhost_dev_reset,
   reset the backend kernel device at last.
---
 hw/net/vhost_net.c| 24 +---
 hw/virtio/vhost-vdpa.c| 15 +--
 hw/virtio/vhost.c | 15 ++-
 include/hw/virtio/vhost.h |  1 +
 4 files changed, 45 insertions(+), 10 deletions(-)

diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index 30379d2..422c9bf 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -325,7 +325,7 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
 int total_notifiers = data_queue_pairs * 2 + cvq;
 VirtIONet *n = VIRTIO_NET(dev);
 int nvhosts = data_queue_pairs + cvq;
-struct vhost_net *net;
+struct vhost_net *net = NULL;
 int r, e, i, index_end = data_queue_pairs * 2;
 NetClientState *peer;
 
@@ -391,8 +391,17 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
 err_start:
 while (--i >= 0) {
 peer = qemu_get_peer(ncs , i);
-vhost_net_stop_one(get_vhost_net(peer), dev);
+
+net = get_vhost_net(peer);
+
+vhost_net_stop_one(net, dev);
 }
+
+/* We only reset backend vdpa device */
+if (net && net->dev.vhost_ops->backend_type == VHOST_BACKEND_TYPE_VDPA) {
+vhost_dev_reset(>dev);
+}
+
 e = k->set_guest_notifiers(qbus->parent, total_notifiers, false);
 if (e < 0) {
 fprintf(stderr, "vhost guest notifier cleanup failed: %d\n", e);
@@ -410,6 +419,7 @@ void vhost_net_stop(VirtIODevice *dev, NetClientState *ncs,
 VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
 VirtIONet *n = VIRTIO_NET(dev);
 NetClientState *peer;
+struct vhost_net *net = NULL;
 int total_notifiers = data_queue_pairs * 2 + cvq;
 int nvhosts = data_queue_pairs + cvq;
 int i, r;
@@ -420,7 +430,15 @@ void vhost_net_stop(VirtIODevice *dev, NetClientState *ncs,
 } else {
 peer = qemu_get_peer(ncs, n->max_queue_pairs);
 }
-vhost_net_stop_one(get_vhost_net(peer), dev);
+
+net = get_vhost_net(peer);
+
+vhost_net_stop_one(net, dev);
+}
+
+/* We only reset backend vdpa device */
+if (net && net->dev.vhost_ops->backend_type == VHOST_BACKEND_TYPE_VDPA) {
+vhost_dev_reset(>dev);
 }
 
 r = k->set_guest_notifiers(qbus->parent, total_notifiers, false);
diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index c5ed7a3..3ef0199 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
@@ -708,6 +708,11 @@ static int vhost_vdpa_reset_device(struct vhost_dev *dev)
 
 ret = vhost_vdpa_call(dev, VHOST_VDPA_SET_STATUS, );
 trace_vhost_vdpa_reset_device(dev, status);
+
+/* Add back this status, so that the device could work next time*/
+vhost_vdpa_add_status(dev, VIRTIO_CONFIG_S_ACKNOWLEDGE |
+   VIRTIO_CONFIG_S_DRIVER);
+
 return ret;
 }
 
@@ -719,14 +724,14 @@ static int vhost_vdpa_get_vq_index(struct vhost_dev *dev, 
int idx)
 return idx;
 }
 
-static int vhost_vdpa_set_vring_ready(struct vhost_dev *dev)
+static int vhost_vdpa_set_vring_ready(struct vhost_dev *dev, unsigned int 
ready)
 {
 int i;
 trace_vhost_vdpa_set_vring_ready(dev);
 for (i = 0; i < dev->nvqs; ++i) {
 struct vhost_vring_state state = {
 .index = dev->vq_index + i,
-.num = 1,
+.num = ready,

Re: [PATCH v2 2/9] aspeed/smc: Add AST1030 support

[Jamin Lin]

The 03/31/2022 15:59, Cédric Le Goater wrote:
> Hello Jamin,
> 
> On 3/31/22 10:15, Jamin Lin wrote:
> > From: Steven Lee 
> > 
> > AST1030 spi controller's address decoding unit is 1MB that is identical
> > to ast2600, but fmc address decoding unit is 512kb.
> > Introduce seg_to_reg and reg_to_seg handlers for ast1030 fmc controller.
> > In addition, add ast1030 fmc, spi1, and spi2 class init handler.
> > 
> > Signed-off-by: Troy Lee 
> > Signed-off-by: Jamin Lin 
> > Signed-off-by: Steven Lee 
> 
> I did a review of this patch, anyhow
> 
> Reviewed-by: Cédric Le Goater 
> 
> but please drop the ASPEED_SMC_FEATURE_WDT_CONTROL flag which is not
> upstream.
> 
> Thanks,
> 
> C.
> 
> 
Sorry, I lost to remove it.
Will fix
> > ---
> >   hw/ssi/aspeed_smc.c | 160 
> >   1 file changed, 160 insertions(+)
> > 
> > diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
> > index 48305e1574..81af783729 100644
> > --- a/hw/ssi/aspeed_smc.c
> > +++ b/hw/ssi/aspeed_smc.c
> > @@ -1696,6 +1696,163 @@ static const TypeInfo aspeed_2600_spi2_info = {
> >   .class_init = aspeed_2600_spi2_class_init,
> >   };
> >   
> > +/*
> > + * The FMC Segment Registers of the AST1030 have a 512KB unit.
> > + * Only bits [27:19] are used for decoding.
> > + */
> > +#define AST1030_SEG_ADDR_MASK 0x0ff8
> > +
> > +static uint32_t aspeed_1030_smc_segment_to_reg(const AspeedSMCState *s,
> > +const AspeedSegments *seg)
> > +{
> > +uint32_t reg = 0;
> > +
> > +/* Disabled segments have a nil register */
> > +if (!seg->size) {
> > +return 0;
> > +}
> > +
> > +reg |= (seg->addr & AST1030_SEG_ADDR_MASK) >> 16; /* start offset */
> > +reg |= (seg->addr + seg->size - 1) & AST1030_SEG_ADDR_MASK; /* end 
> > offset */
> > +return reg;
> > +}
> > +
> > +static void aspeed_1030_smc_reg_to_segment(const AspeedSMCState *s,
> > +uint32_t reg, AspeedSegments *seg)
> > +{
> > +uint32_t start_offset = (reg << 16) & AST1030_SEG_ADDR_MASK;
> > +uint32_t end_offset = reg & AST1030_SEG_ADDR_MASK;
> > +AspeedSMCClass *asc = ASPEED_SMC_GET_CLASS(s);
> > +
> > +if (reg) {
> > +seg->addr = asc->flash_window_base + start_offset;
> > +seg->size = end_offset + (512 * KiB) - start_offset;
> > +} else {
> > +seg->addr = asc->flash_window_base;
> > +seg->size = 0;
> > +}
> > +}
> > +
> > +static const uint32_t aspeed_1030_fmc_resets[ASPEED_SMC_R_MAX] = {
> > +[R_CONF] = (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE0 |
> > +CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE1),
> > +};
> > +
> > +static const AspeedSegments aspeed_1030_fmc_segments[] = {
> > +{ 0x0, 128 * MiB }, /* start address is readonly */
> > +{ 128 * MiB, 128 * MiB }, /* default is disabled but needed for 
> > -kernel */
> > +{ 0x0, 0 }, /* disabled */
> > +};
> > +
> > +static void aspeed_1030_fmc_class_init(ObjectClass *klass, void *data)
> > +{
> > +DeviceClass *dc = DEVICE_CLASS(klass);
> > +AspeedSMCClass *asc = ASPEED_SMC_CLASS(klass);
> > +
> > +dc->desc   = "Aspeed 1030 FMC Controller";
> > +asc->r_conf= R_CONF;
> > +asc->r_ce_ctrl = R_CE_CTRL;
> > +asc->r_ctrl0   = R_CTRL0;
> > +asc->r_timings = R_TIMINGS;
> > +asc->nregs_timings = 2;
> > +asc->conf_enable_w0= CONF_ENABLE_W0;
> > +asc->cs_num_max= 2;
> > +asc->segments  = aspeed_1030_fmc_segments;
> > +asc->segment_addr_mask = 0x0ff80ff8;
> > +asc->resets= aspeed_1030_fmc_resets;
> > +asc->flash_window_base = 0x8000;
> > +asc->flash_window_size = 0x1000;
> > +asc->features  = ASPEED_SMC_FEATURE_DMA |
> > + ASPEED_SMC_FEATURE_WDT_CONTROL;
> > +asc->dma_flash_mask= 0x0FFC;
> > +asc->dma_dram_mask = 0x000BFFFC;
> > +asc->nregs = ASPEED_SMC_R_MAX;
> > +asc->segment_to_reg= aspeed_1030_smc_segment_to_reg;
> > +asc->reg_to_segment= aspeed_1030_smc_reg_to_segment;
> > +asc->dma_ctrl  = aspeed_2600_smc_dma_ctrl;
> > +}
> > +
> > +static const TypeInfo aspeed_1030_fmc_info = {
> > +.name =  "aspeed.fmc-ast1030",
> > +.parent = TYPE_ASPEED_SMC,
> > +.class_init = aspeed_1030_fmc_class_init,
> > +};
> > +
> > +static const AspeedSegments aspeed_1030_spi1_segments[] = {
> > +{ 0x0, 128 * MiB }, /* start address is readonly */
> > +{ 0x0, 0 }, /* disabled */
> > +};
> > +
> > +static void aspeed_1030_spi1_class_init(ObjectClass *klass, void *data)
> > +{
> > +DeviceClass *dc = DEVICE_CLASS(klass);
> > +AspeedSMCClass *asc = ASPEED_SMC_CLASS(klass);
> > +
> > +dc->desc   = "Aspeed 1030 SPI1 Controller";
> > +asc->r_conf= R_CONF;
> > +asc->r_ce_ctrl = R_CE_CTRL;
> > +asc->r_ctrl0   = R_CTRL0;
> > +asc->r_timings = R_TIMINGS;
> > 

Re: [PATCH v2 7/9] aspeed/soc : Add AST1030 support

[Jamin Lin]

The 03/31/2022 11:08, Cédric Le Goater wrote:
> On 3/31/22 10:15, Jamin Lin wrote:
> > From: Steven Lee 
> > 
> > The embedded core of AST1030 SoC is ARM Coretex M4.
> > It is hard to be integrated in the common Aspeed Soc framework.
> > We introduce a new ast1030 class with instance_init and realize
> > handlers.
> > 
> > Signed-off-by: Troy Lee 
> > Signed-off-by: Jamin Lin 
> > Signed-off-by: Steven Lee 
> 
> LTGM
> 
> Reviewed-by: Cédric Le Goater 
> 
> In case you resend, please remove the double newlines. There are
> a few below.
> 
> Thanks,
> 
> C.
> 
Will fix
> > ---
> >   hw/arm/aspeed_ast10xx.c | 303 
> >   hw/arm/meson.build  |   6 +-
> >   include/hw/arm/aspeed_soc.h |   3 +
> >   3 files changed, 311 insertions(+), 1 deletion(-)
> >   create mode 100644 hw/arm/aspeed_ast10xx.c
> > 
> > diff --git a/hw/arm/aspeed_ast10xx.c b/hw/arm/aspeed_ast10xx.c
> > new file mode 100644
> > index 00..939a183a6a
> > --- /dev/null
> > +++ b/hw/arm/aspeed_ast10xx.c
> > @@ -0,0 +1,303 @@
> > +/*
> > + * ASPEED AST10xx SoC
> > + *
> > + * Copyright (C) 2022 ASPEED Technology Inc.
> > + *
> > + * This code is licensed under the GPL version 2 or later.  See
> > + * the COPYING file in the top-level directory.
> > + *
> > + * Implementation extracted from the AST2600 and adapted for AST10xx
> > + */
> > +
> > +#include "qemu/osdep.h"
> > +#include "qapi/error.h"
> > +#include "exec/address-spaces.h"
> > +#include "sysemu/sysemu.h"
> > +#include "hw/qdev-clock.h"
> > +#include "hw/misc/unimp.h"
> > +#include "hw/char/serial.h"
> > +
> > +#include "hw/arm/aspeed_soc.h"
> > +
> > +#define ASPEED_SOC_IOMEM_SIZE 0x0020
> > +
> > +static const hwaddr aspeed_soc_ast1030_memmap[] = {
> > +[ASPEED_DEV_SRAM]  = 0x,
> > +[ASPEED_DEV_SBC]   = 0x7900,
> > +[ASPEED_DEV_IOMEM] = 0x7E60,
> > +[ASPEED_DEV_PWM]   = 0x7E61,
> > +[ASPEED_DEV_FMC]   = 0x7E62,
> > +[ASPEED_DEV_SPI1]  = 0x7E63,
> > +[ASPEED_DEV_SPI2]  = 0x7E64,
> > +[ASPEED_DEV_SCU]   = 0x7E6E2000,
> > +[ASPEED_DEV_ADC]   = 0x7E6E9000,
> > +[ASPEED_DEV_SBC]   = 0x7E6F2000,
> > +[ASPEED_DEV_GPIO]  = 0x7E78,
> > +[ASPEED_DEV_TIMER1]= 0x7E782000,
> > +[ASPEED_DEV_UART5] = 0x7E784000,
> > +[ASPEED_DEV_WDT]   = 0x7E785000,
> > +[ASPEED_DEV_LPC]   = 0x7E789000,
> > +[ASPEED_DEV_I2C]   = 0x7E7B,
> > +};
> > +
> > +static const int aspeed_soc_ast1030_irqmap[] = {
> > +[ASPEED_DEV_UART5] = 8,
> > +[ASPEED_DEV_GPIO]  = 11,
> > +[ASPEED_DEV_TIMER1]= 16,
> > +[ASPEED_DEV_TIMER2]= 17,
> > +[ASPEED_DEV_TIMER3]= 18,
> > +[ASPEED_DEV_TIMER4]= 19,
> > +[ASPEED_DEV_TIMER5]= 20,
> > +[ASPEED_DEV_TIMER6]= 21,
> > +[ASPEED_DEV_TIMER7]= 22,
> > +[ASPEED_DEV_TIMER8]= 23,
> > +[ASPEED_DEV_WDT]   = 24,
> > +[ASPEED_DEV_LPC]   = 35,
> > +[ASPEED_DEV_FMC]   = 39,
> > +[ASPEED_DEV_PWM]   = 44,
> > +[ASPEED_DEV_ADC]   = 46,
> > +[ASPEED_DEV_SPI1]  = 65,
> > +[ASPEED_DEV_SPI2]  = 66,
> > +[ASPEED_DEV_I2C]   = 110, /* 110 ~ 123 */
> > +[ASPEED_DEV_KCS]   = 138, /* 138 -> 142 */
> > +};
> > +
> > +static qemu_irq aspeed_soc_get_irq(AspeedSoCState *s, int ctrl)
> > +{
> > +AspeedSoCClass *sc = ASPEED_SOC_GET_CLASS(s);
> > +
> > +return qdev_get_gpio_in(DEVICE(>armv7m), sc->irqmap[ctrl]);
> > +}
> > +
> > +
> > +static void aspeed_soc_ast1030_init(Object *obj)
> > +{
> > +AspeedSoCState *s = ASPEED_SOC(obj);
> > +AspeedSoCClass *sc = ASPEED_SOC_GET_CLASS(s);
> > +char socname[8];
> > +char typename[64];
> > +int i;
> > +
> > +if (sscanf(sc->name, "%7s", socname) != 1) {
> > +g_assert_not_reached();
> > +}
> > +
> > +object_initialize_child(obj, "armv7m", >armv7m, TYPE_ARMV7M);
> > +
> > +s->sysclk = qdev_init_clock_in(DEVICE(s), "sysclk", NULL, NULL, 0);
> > +
> > +
> > +snprintf(typename, sizeof(typename), "aspeed.scu-%s", socname);
> > +object_initialize_child(obj, "scu", >scu, typename);
> > +qdev_prop_set_uint32(DEVICE(>scu), "silicon-rev", sc->silicon_rev);
> > +
> > +object_property_add_alias(obj, "hw-strap1", OBJECT(>scu), 
> > "hw-strap1");
> > +object_property_add_alias(obj, "hw-strap2", OBJECT(>scu), 
> > "hw-strap2");
> > +
> > +snprintf(typename, sizeof(typename), "aspeed.timer-%s", socname);
> > +object_initialize_child(obj, "timerctrl", >timerctrl, typename);
> > +
> > +snprintf(typename, sizeof(typename), "aspeed.adc-%s", socname);
> > +object_initialize_child(obj, "adc", >adc, typename);
> > +
> > +snprintf(typename, sizeof(typename), "aspeed.fmc-%s", socname);
> > +object_initialize_child(obj, "fmc", >fmc, typename);
> > +
> > +for (i = 0; i < sc->spis_num; i++) {
> > +snprintf(typename, sizeof(typename), 

Re: [PATCH v2 8/9] aspeed: Add an AST1030 eval board

[Jamin Lin]

The 03/31/2022 11:04, Cédric Le Goater wrote:
Hi Cedric,
> Hello Jamin,
> 
> On 3/31/22 10:15, Jamin Lin wrote:
> > The image should be supplied with ELF binary.
> > $ qemu-system-arm -M ast1030-evb -kernel zephyr.elf -nographic
> > 
> > Signed-off-by: Troy Lee 
> > Signed-off-by: Jamin Lin 
> > Signed-off-by: Steven Lee 
> > ---
> >   hw/arm/aspeed.c | 111 
> >   include/hw/arm/aspeed.h |  21 
> >   2 files changed, 132 insertions(+)
> > 
> > diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
> > index d205384d98..14ce0dff8b 100644
> > --- a/hw/arm/aspeed.c
> > +++ b/hw/arm/aspeed.c
> > @@ -24,6 +24,7 @@
> >   #include "hw/loader.h"
> >   #include "qemu/error-report.h"
> >   #include "qemu/units.h"
> > +#include "hw/qdev-clock.h"
> >   
> >   static struct arm_boot_info aspeed_board_binfo = {
> >   .board_id = -1, /* device-tree-only board */
> > @@ -1361,3 +1362,113 @@ static const TypeInfo aspeed_machine_types[] = {
> >   };
> >   
> >   DEFINE_TYPES(aspeed_machine_types)
> > +
> > +#define AST1030_INTERNAL_FLASH_SIZE (1024 * 1024)
> > +
> > +struct AspeedMiniBmcMachineState {
> > +/* Private */
> > +MachineState parent_obj;
> > +/* Public */
> > +
> > +AspeedSoCState soc;
> > +MemoryRegion ram_container;
> > +MemoryRegion max_ram;
> > +bool mmio_exec;
> > +char *fmc_model;
> > +char *spi_model;
> > +};
> >
> 
> Why duplicate the state structure since it is the same ?
> 
Will fix
> > +/* Main SYSCLK frequency in Hz (200MHz) */
> > +#define SYSCLK_FRQ 2ULL
> > +
> > +static void aspeed_minibmc_machine_ast1030_evb_class_init(ObjectClass *oc,
> > +  void *data)
> > +{
> > +MachineClass *mc = MACHINE_CLASS(oc);
> > +AspeedMiniBmcMachineClass *amc = ASPEED_MINIBMC_MACHINE_CLASS(oc);
> > +
> > +mc->desc = "Aspeed AST1030 MiniBMC (Cortex-M4)";
> > +amc->soc_name = "ast1030-a1";
> > +amc->hw_strap1 = 0;
> > +amc->hw_strap2 = 0;
> > +mc->default_ram_size = 0;
> > +mc->default_cpus = mc->min_cpus = mc->max_cpus = 1;
> > +amc->fmc_model = "sst25vf032b";
> > +amc->spi_model = "sst25vf032b";
> > +amc->num_cs = 2;
> > +}
> > +
> > +static void ast1030_machine_instance_init(Object *obj)
> > +{
> > +ASPEED_MINIBMC_MACHINE(obj)->mmio_exec = false;
> > +}
> > +
> > +static void aspeed_minibmc_machine_init(MachineState *machine)
> > +{
> > +AspeedMiniBmcMachineState *bmc = ASPEED_MINIBMC_MACHINE(machine);
> > +AspeedMiniBmcMachineClass *amc = 
> > ASPEED_MINIBMC_MACHINE_GET_CLASS(machine);
> > +Clock *sysclk;
> > +
> > +sysclk = clock_new(OBJECT(machine), "SYSCLK");
> > +clock_set_hz(sysclk, SYSCLK_FRQ);
> > +
> > +object_initialize_child(OBJECT(machine), "soc", >soc, 
> > amc->soc_name);
> > +qdev_connect_clock_in(DEVICE(>soc), "sysclk", sysclk);
> > +
> > +qdev_prop_set_uint32(DEVICE(>soc), "uart-default",
> > + amc->uart_default);
> > +qdev_realize(DEVICE(>soc), NULL, _abort);
> > +
> > +aspeed_board_init_flashes(>soc.fmc,
> > +  bmc->fmc_model ? bmc->fmc_model : 
> > amc->fmc_model,
> > +  amc->num_cs,
> > +  0);
> > +
> > +aspeed_board_init_flashes(>soc.spi[0],
> > +  bmc->spi_model ? bmc->spi_model : 
> > amc->spi_model,
> > +  amc->num_cs, amc->num_cs);
> > +
> > +aspeed_board_init_flashes(>soc.spi[1],
> > +  bmc->spi_model ? bmc->spi_model : 
> > amc->spi_model,
> > +  amc->num_cs, (amc->num_cs * 2));
> > +
> > +if (amc->i2c_init) {
> > +amc->i2c_init(bmc);
> > +}
> > +
> > +armv7m_load_kernel(ARM_CPU(first_cpu),
> > +   machine->kernel_filename,
> > +   AST1030_INTERNAL_FLASH_SIZE);
> > +}
> > +
> > +static void aspeed_minibmc_machine_class_init(ObjectClass *oc, void *data)
> > +{
> > +MachineClass *mc = MACHINE_CLASS(oc);
> > +AspeedMiniBmcMachineClass *amc = ASPEED_MINIBMC_MACHINE_CLASS(oc);
> > +
> > +mc->init = aspeed_minibmc_machine_init;
> > +mc->no_floppy = 1;
> > +mc->no_cdrom = 1;
> > +mc->no_parallel = 1;
> > +mc->default_ram_id = "ram";
> > +amc->uart_default = ASPEED_DEV_UART5;
> > +}
> > +
> > +static const TypeInfo aspeed_minibmc_machine_types[] = {
> > +{
> > +.name   = MACHINE_TYPE_NAME("ast1030-evb"),
> > +.parent = TYPE_ASPEED_MINIBMC_MACHINE,
> > +.class_init = aspeed_minibmc_machine_ast1030_evb_class_init,
> > +}, {
> > +.name   = TYPE_ASPEED_MINIBMC_MACHINE,
> > +.parent = TYPE_MACHINE,
> > +.instance_size  = sizeof(AspeedMiniBmcMachineState),
> > +.instance_init  = ast1030_machine_instance_init,
> > +.class_size= 

Re: [PATCH RESEND v3] vdpa: reset the backend device in the end of vhost_net_stop()

[Si-Wei Liu]

On 3/31/2022 2:25 AM, qiud...@archeros.com wrote:

From: Michael Qiu 

Currently, when VM poweroff, it will trigger vdpa
device(such as mlx bluefield2 VF) reset many times(with 1 datapath
queue pair and one control queue, triggered 3 times), this
leads to below issue:

vhost VQ 2 ring restore failed: -22: Invalid argument (22)

This because in vhost_net_stop(), it will stop all vhost device bind to
this virtio device, and in vhost_dev_stop(), qemu tries to stop the device
, then stop the queue: vhost_virtqueue_stop().

In vhost_dev_stop(), it resets the device, which clear some flags
in low level driver, and in next loop(stop other vhost backends),
qemu try to stop the queue corresponding to the vhost backend,
  the driver finds that the VQ is invalied, this is the root cause.

To solve the issue, vdpa should set vring unready, and
remove reset ops in device stop: vhost_dev_start(hdev, false).

and implement a new function vhost_dev_reset, only reset backend
device after all vhost(per-queue) stoped.

Signed-off-by: Michael Qiu
Acked-by: Jason Wang 
---
v3 --> v2:
 Call vhost_dev_reset() at the end of vhost_net_stop().

 Since the vDPA device need re-add the status bit
 VIRTIO_CONFIG_S_ACKNOWLEDGE and VIRTIO_CONFIG_S_DRIVER,
 simply, add them inside vhost_vdpa_reset_device, and
 the only way calling vhost_vdpa_reset_device is in
 vhost_net_stop(), so it keeps the same behavior as before.

v2 --> v1:
Implement a new function vhost_dev_reset,
reset the backend kernel device at last.
---
  hw/net/vhost_net.c| 24 +---
  hw/virtio/vhost-vdpa.c| 15 +--
  hw/virtio/vhost.c | 15 ++-
  include/hw/virtio/vhost.h |  1 +
  4 files changed, 45 insertions(+), 10 deletions(-)

diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index 30379d2..422c9bf 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -325,7 +325,7 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
  int total_notifiers = data_queue_pairs * 2 + cvq;
  VirtIONet *n = VIRTIO_NET(dev);
  int nvhosts = data_queue_pairs + cvq;
-struct vhost_net *net;
+struct vhost_net *net = NULL;
  int r, e, i, index_end = data_queue_pairs * 2;
  NetClientState *peer;
  
@@ -391,8 +391,17 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,

  err_start:
  while (--i >= 0) {
  peer = qemu_get_peer(ncs , i);
-vhost_net_stop_one(get_vhost_net(peer), dev);
+
+net = get_vhost_net(peer);
+
+vhost_net_stop_one(net, dev);
  }
+
+/* We only reset backend vdpa device */
+if (net && net->dev.vhost_ops->backend_type == VHOST_BACKEND_TYPE_VDPA) {
I would reset the device anyway regardless the first vhost_dev. Some 
ioctl calls may have well changed device state in vhost_dev_start() that 
has no way to get back than reset.



+vhost_dev_reset(>dev);
I would move this to the end as it's more sensible to reset the device 
after guest notifier is disabled.

+}
+
  e = k->set_guest_notifiers(qbus->parent, total_notifiers, false);
  if (e < 0) {
  fprintf(stderr, "vhost guest notifier cleanup failed: %d\n", e);
@@ -410,6 +419,7 @@ void vhost_net_stop(VirtIODevice *dev, NetClientState *ncs,
  VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
  VirtIONet *n = VIRTIO_NET(dev);
  NetClientState *peer;
+struct vhost_net *net = NULL;
  int total_notifiers = data_queue_pairs * 2 + cvq;
  int nvhosts = data_queue_pairs + cvq;
  int i, r;
@@ -420,7 +430,15 @@ void vhost_net_stop(VirtIODevice *dev, NetClientState *ncs,
  } else {
  peer = qemu_get_peer(ncs, n->max_queue_pairs);
  }
-vhost_net_stop_one(get_vhost_net(peer), dev);
+
+net = get_vhost_net(peer);
+
+vhost_net_stop_one(net, dev);
+}
+
+/* We only reset backend vdpa device */
+if (net && net->dev.vhost_ops->backend_type == VHOST_BACKEND_TYPE_VDPA) {
Yikes, I think it needs some code refactoring here without having to 
check VHOST_BACKEND_TYPE_VDPA explicitly. Historically the 
.vhost_reset_device() op was misnamed: it was initially meant for 
RESET_OWNER but never got used. Could you add a new .vhost_reset_owner() 
op to VhostOps (via another patch) and rename properly, e.g. from 
vhost_kernel_reset_device() to vhost_kernel_reset_owner()? For 
vhost_user_reset_device(), you can safely factor out the 
VHOST_USER_RESET_OWNER case to a new vhost_user_reset_owner() function, 
and only reset the device in vhost_user_reset_device() depending on the 
VHOST_USER_PROTOCOL_F_RESET_DEVICE protocol feature.


With this change, vhost_reset_device will be effectively a no-op on 
vhost_kernel (NULL) and vhost_user (only applicable to vhost-user-scsi 
backend which supports VHOST_USER_PROTOCOL_F_RESET_DEVICE).

+vhost_dev_reset(>dev);
I would move this to the end as it's more sensible to reset the device 
after guest notifier is 

Re: [PATCH] hw/riscv: Enable TPM backends

[Bin Meng]

On Fri, Apr 1, 2022 at 8:19 AM Alistair Francis
 wrote:
>
> From: Alistair Francis 
>
> Imply the TPM sysbus devices. This allows users to add TPM devices to
> the RISC-V virt board.
>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/942
> Signed-off-by: Alistair Francis 
> ---
>  hw/riscv/Kconfig | 1 +
>  1 file changed, 1 insertion(+)
>

Reviewed-by: Bin Meng 

[PATCH] hw/riscv: Enable TPM backends

[Alistair Francis]

From: Alistair Francis 

Imply the TPM sysbus devices. This allows users to add TPM devices to
the RISC-V virt board.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/942
Signed-off-by: Alistair Francis 
---
 hw/riscv/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/riscv/Kconfig b/hw/riscv/Kconfig
index 91bb9d21c4..fccc14ca0b 100644
--- a/hw/riscv/Kconfig
+++ b/hw/riscv/Kconfig
@@ -34,6 +34,7 @@ config RISCV_VIRT
 imply PCI_DEVICES
 imply VIRTIO_VGA
 imply TEST_DEVICES
+imply TPM_TIS_SYSBUS
 select RISCV_NUMA
 select GOLDFISH_RTC
 select MSI_NONBROKEN
-- 
2.35.1

[PULL 2/2] target/riscv: rvv: Add missing early exit condition for whole register load/store

[Alistair Francis]

From: "Yueh-Ting (eop) Chen" 

According to v-spec (section 7.9):
The instructions operate with an effective vector length, evl=NFIELDS*VLEN/EEW,
regardless of current settings in vtype and vl. The usual property that no
elements are written if vstart ≥ vl does not apply to these instructions.
Instead, no elements are written if vstart ≥ evl.

Signed-off-by: eop Chen 
Reviewed-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-Id: <164762720573.18409.393193122799748352...@git.sr.ht>
Signed-off-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rvv.c.inc | 5 +
 1 file changed, 5 insertions(+)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index 275fded6e4..4ea7e41e1a 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -1121,6 +1121,10 @@ static bool ldst_whole_trans(uint32_t vd, uint32_t rs1, 
uint32_t nf,
  gen_helper_ldst_whole *fn, DisasContext *s,
  bool is_store)
 {
+uint32_t evl = (s->cfg_ptr->vlen / 8) * nf / (1 << s->sew);
+TCGLabel *over = gen_new_label();
+tcg_gen_brcondi_tl(TCG_COND_GEU, cpu_vstart, evl, over);
+
 TCGv_ptr dest;
 TCGv base;
 TCGv_i32 desc;
@@ -1140,6 +1144,7 @@ static bool ldst_whole_trans(uint32_t vd, uint32_t rs1, 
uint32_t nf,
 if (!is_store) {
 mark_vs_dirty(s);
 }
+gen_set_label(over);
 
 return true;
 }
-- 
2.35.1

[PULL 1/2] target/riscv: Avoid leaking "no translation" TLB entries

[Alistair Francis]

From: Palmer Dabbelt 

The ISA doesn't allow bare mappings to be cached, as the caches are
translations and bare mppings are not translated.  We cache these
translations in QEMU in order to utilize the TLB code, but that leaks
out to the guest.

Suggested-by: phan...@zju.edu.cn # no name in the From field
Fixes: 1e0d985fa9 ("target/riscv: Only flush TLB if SATP.ASID changes")
Signed-off-by: Palmer Dabbelt 
Reviewed-by: Alistair Francis 
Message-Id: <20220330165913.8836-1-pal...@rivosinc.com>
Signed-off-by: Alistair Francis 
---
 target/riscv/csr.c | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 0606cd0ea8..341c2e6f23 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1844,7 +1844,7 @@ static RISCVException read_satp(CPURISCVState *env, int 
csrno,
 static RISCVException write_satp(CPURISCVState *env, int csrno,
  target_ulong val)
 {
-target_ulong vm, mask, asid;
+target_ulong vm, mask;
 
 if (!riscv_feature(env, RISCV_FEATURE_MMU)) {
 return RISCV_EXCP_NONE;
@@ -1853,20 +1853,22 @@ static RISCVException write_satp(CPURISCVState *env, 
int csrno,
 if (riscv_cpu_mxl(env) == MXL_RV32) {
 vm = validate_vm(env, get_field(val, SATP32_MODE));
 mask = (val ^ env->satp) & (SATP32_MODE | SATP32_ASID | SATP32_PPN);
-asid = (val ^ env->satp) & SATP32_ASID;
 } else {
 vm = validate_vm(env, get_field(val, SATP64_MODE));
 mask = (val ^ env->satp) & (SATP64_MODE | SATP64_ASID | SATP64_PPN);
-asid = (val ^ env->satp) & SATP64_ASID;
 }
 
 if (vm && mask) {
 if (env->priv == PRV_S && get_field(env->mstatus, MSTATUS_TVM)) {
 return RISCV_EXCP_ILLEGAL_INST;
 } else {
-if (asid) {
-tlb_flush(env_cpu(env));
-}
+/*
+ * The ISA defines SATP.MODE=Bare as "no translation", but we still
+ * pass these through QEMU's TLB emulation as it improves
+ * performance.  Flushing the TLB on SATP writes with paging
+ * enabled avoids leaking those invalid cached mappings.
+ */
+tlb_flush(env_cpu(env));
 env->satp = val;
 }
 }
-- 
2.35.1

[PULL 0/2] riscv-to-apply queue

[Alistair Francis]

From: Alistair Francis 

The following changes since commit d5341e09135b871199073572f53bc11ae9b44897:

  Merge tag 'pull-tcg-20220331' of https://gitlab.com/rth7680/qemu into staging 
(2022-03-31 18:36:08 +0100)

are available in the Git repository at:

  g...@github.com:alistair23/qemu.git tags/pull-riscv-to-apply-20220401

for you to fetch changes up to 8ff8ac63298611c8373b294ec936475b1a33f63f:

  target/riscv: rvv: Add missing early exit condition for whole register 
load/store (2022-04-01 08:40:55 +1000)


Sixth RISC-V PR for QEMU 7.0

This is a last minute RISC-V PR for 7.0.

It includes a fix to avoid leaking no translation TLB entries. This
incorrectly cached uncachable baremetal entries. This would break Linux
boot while single stepping. As the fix is pretty straight forward (flush
the cache more often) it's being pulled in for 7.0.

At the same time I have included a RISC-V vector extension fixup patch.


Palmer Dabbelt (1):
  target/riscv: Avoid leaking "no translation" TLB entries

Yueh-Ting (eop) Chen (1):
  target/riscv: rvv: Add missing early exit condition for whole register 
load/store

 target/riscv/csr.c  | 14 --
 target/riscv/insn_trans/trans_rvv.c.inc |  5 +
 2 files changed, 13 insertions(+), 6 deletions(-)

Re: use of uninitialized variable involving visit_type_uint32() and friends

[Daniel Henrique Barboza]

On 3/31/22 14:35, Peter Maydell wrote:

Coverity warns about use of uninitialized data in what seems
to be a common pattern of use of visit_type_uint32() and similar
functions. Here's an example from target/arm/cpu64.c:

static void cpu_max_set_sve_max_vq(Object *obj, Visitor *v, const char *name,
void *opaque, Error **errp)
{
 ARMCPU *cpu = ARM_CPU(obj);
 uint32_t max_vq;

 if (!visit_type_uint32(v, name, _vq, errp)) {
 return;
 }

 [code that does something with max_vq here]
}

This doesn't initialize max_vq, on the apparent assumption
that visit_type_uint32() will do so. But that function is:


bool visit_type_uint32(Visitor *v, const char *name, uint32_t *obj,
Error **errp)
{
 uint64_t value;
 bool ok;

 trace_visit_type_uint32(v, name, obj);
 value = *obj;
 ok = visit_type_uintN(v, , name, UINT32_MAX, "uint32_t", errp);
 *obj = value;
 return ok;
}

So it reads the value of *obj (the uninitialized max_vq).

What's the right way to write this kind of object-property
setter function? Just pre-initialize the variable to 0?



This reminds me of Valgrind ppc-related warnings I sent patches yesterday. In a
code like this:

(target/ppc/kvm.c)

 int kvmppc_enable_cap_large_decr(PowerPCCPU *cpu, int enable)
 {
CPUState *cs = CPU(cpu);
uint64_t lpcr;

kvm_get_one_reg(cs, KVM_REG_PPC_LPCR_64, );
/* Do we need to modify the LPCR? */
if (!!(lpcr & LPCR_LD) != !!enable) {

Valgrind complains of "Conditional jump or move depends on uninitialised 
value(s)"
because we're using 'lpcr' in the conditional and 'lpcr' isn't being 
initialized.
Valgrind doesn't seem to care that kvm_get_one_reg() might be writing 'lpcr'.
The fix I proposed consists of initializing the vars in these cases.


My suggestion in this case is to initialize 'max_vq' as well. Apparently these 
static
code analysis tools don't handle the "var being initialized by being passed as 
reference
to another function" scenarios.


Thanks,


Daniel





thanks
-- PMM

[PATCH v1 2/2] hw/arm/xlnx-zynqmp: Connect 4 TTC timers

[Edgar E. Iglesias]

From: "Edgar E. Iglesias" 

Connect the 4 TTC timers on the ZynqMP.

Signed-off-by: Edgar E. Iglesias 
---
 include/hw/arm/xlnx-zynqmp.h |  4 
 hw/arm/xlnx-zynqmp.c | 22 ++
 2 files changed, 26 insertions(+)

diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
index 9d9a9d0bf9..85fd9f53da 100644
--- a/include/hw/arm/xlnx-zynqmp.h
+++ b/include/hw/arm/xlnx-zynqmp.h
@@ -41,6 +41,7 @@
 #include "hw/or-irq.h"
 #include "hw/misc/xlnx-zynqmp-apu-ctrl.h"
 #include "hw/misc/xlnx-zynqmp-crf.h"
+#include "hw/timer/cadence_ttc.h"
 
 #define TYPE_XLNX_ZYNQMP "xlnx-zynqmp"
 OBJECT_DECLARE_SIMPLE_TYPE(XlnxZynqMPState, XLNX_ZYNQMP)
@@ -84,6 +85,8 @@ OBJECT_DECLARE_SIMPLE_TYPE(XlnxZynqMPState, XLNX_ZYNQMP)
 #define XLNX_ZYNQMP_MAX_RAM_SIZE (XLNX_ZYNQMP_MAX_LOW_RAM_SIZE + \
   XLNX_ZYNQMP_MAX_HIGH_RAM_SIZE)
 
+#define XLNX_ZYNQMP_NUM_TTC 4
+
 /*
  * Unimplemented mmio regions needed to boot some images.
  */
@@ -128,6 +131,7 @@ struct XlnxZynqMPState {
 qemu_or_irq qspi_irq_orgate;
 XlnxZynqMPAPUCtrl apu_ctrl;
 XlnxZynqMPCRF crf;
+CadenceTTCState ttc[XLNX_ZYNQMP_NUM_TTC];
 
 char *boot_cpu;
 ARMCPU *boot_cpu_ptr;
diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
index 5bfe285a19..375309e68e 100644
--- a/hw/arm/xlnx-zynqmp.c
+++ b/hw/arm/xlnx-zynqmp.c
@@ -68,6 +68,9 @@
 #define APU_ADDR0xfd5c
 #define APU_IRQ 153
 
+#define TTC0_ADDR   0xFF11
+#define TTC0_IRQ36
+
 #define IPI_ADDR0xFF30
 #define IPI_IRQ 64
 
@@ -316,6 +319,24 @@ static void xlnx_zynqmp_create_crf(XlnxZynqMPState *s, 
qemu_irq *gic)
 sysbus_connect_irq(sbd, 0, gic[CRF_IRQ]);
 }
 
+static void xlnx_zynqmp_create_ttc(XlnxZynqMPState *s, qemu_irq *gic)
+{
+SysBusDevice *sbd;
+int i, irq;
+
+for (i = 0; i < XLNX_ZYNQMP_NUM_TTC; i++) {
+object_initialize_child(OBJECT(s), "ttc[*]", >ttc[i],
+TYPE_CADENCE_TTC);
+sbd = SYS_BUS_DEVICE(>ttc[i]);
+
+sysbus_realize(sbd, _fatal);
+sysbus_mmio_map(sbd, 0, TTC0_ADDR + i * 0x1);
+for (irq = 0; irq < 3; irq++) {
+sysbus_connect_irq(sbd, irq, gic[TTC0_IRQ + i * 3 + irq]);
+}
+}
+}
+
 static void xlnx_zynqmp_create_unimp_mmio(XlnxZynqMPState *s)
 {
 static const struct UnimpInfo {
@@ -721,6 +742,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
**errp)
 xlnx_zynqmp_create_efuse(s, gic_spi);
 xlnx_zynqmp_create_apu_ctrl(s, gic_spi);
 xlnx_zynqmp_create_crf(s, gic_spi);
+xlnx_zynqmp_create_ttc(s, gic_spi);
 xlnx_zynqmp_create_unimp_mmio(s);
 
 for (i = 0; i < XLNX_ZYNQMP_NUM_GDMA_CH; i++) {
-- 
2.25.1

[PATCH v1 1/2] timer: cadence_ttc: Break out header file to allow embedding

[Edgar E. Iglesias]

From: "Edgar E. Iglesias" 

Break out header file to allow embedding of the the TTC.

Signed-off-by: Edgar E. Iglesias 
---
 include/hw/timer/cadence_ttc.h | 54 ++
 hw/timer/cadence_ttc.c | 32 ++--
 2 files changed, 56 insertions(+), 30 deletions(-)
 create mode 100644 include/hw/timer/cadence_ttc.h

diff --git a/include/hw/timer/cadence_ttc.h b/include/hw/timer/cadence_ttc.h
new file mode 100644
index 00..e1251383f2
--- /dev/null
+++ b/include/hw/timer/cadence_ttc.h
@@ -0,0 +1,54 @@
+/*
+ * Xilinx Zynq cadence TTC model
+ *
+ * Copyright (c) 2011 Xilinx Inc.
+ * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.crosthwa...@petalogix.com)
+ * Copyright (c) 2012 PetaLogix Pty Ltd.
+ * Written By Haibing Ma
+ *M. Habib
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+#ifndef HW_TIMER_CADENCE_TTC_H
+#define HW_TIMER_CADENCE_TTC_H
+
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+
+typedef struct {
+QEMUTimer *timer;
+int freq;
+
+uint32_t reg_clock;
+uint32_t reg_count;
+uint32_t reg_value;
+uint16_t reg_interval;
+uint16_t reg_match[3];
+uint32_t reg_intr;
+uint32_t reg_intr_en;
+uint32_t reg_event_ctrl;
+uint32_t reg_event;
+
+uint64_t cpu_time;
+unsigned int cpu_time_valid;
+
+qemu_irq irq;
+} CadenceTimerState;
+
+#define TYPE_CADENCE_TTC "cadence_ttc"
+OBJECT_DECLARE_SIMPLE_TYPE(CadenceTTCState, CADENCE_TTC)
+
+struct CadenceTTCState {
+SysBusDevice parent_obj;
+
+MemoryRegion iomem;
+CadenceTimerState timer[3];
+};
+
+#endif
diff --git a/hw/timer/cadence_ttc.c b/hw/timer/cadence_ttc.c
index 64108241ba..e57a0f5f09 100644
--- a/hw/timer/cadence_ttc.c
+++ b/hw/timer/cadence_ttc.c
@@ -24,6 +24,8 @@
 #include "qemu/timer.h"
 #include "qom/object.h"
 
+#include "hw/timer/cadence_ttc.h"
+
 #ifdef CADENCE_TTC_ERR_DEBUG
 #define DB_PRINT(...) do { \
 fprintf(stderr,  ": %s: ", __func__); \
@@ -49,36 +51,6 @@
 #define CLOCK_CTRL_PS_EN0x0001
 #define CLOCK_CTRL_PS_V 0x001e
 
-typedef struct {
-QEMUTimer *timer;
-int freq;
-
-uint32_t reg_clock;
-uint32_t reg_count;
-uint32_t reg_value;
-uint16_t reg_interval;
-uint16_t reg_match[3];
-uint32_t reg_intr;
-uint32_t reg_intr_en;
-uint32_t reg_event_ctrl;
-uint32_t reg_event;
-
-uint64_t cpu_time;
-unsigned int cpu_time_valid;
-
-qemu_irq irq;
-} CadenceTimerState;
-
-#define TYPE_CADENCE_TTC "cadence_ttc"
-OBJECT_DECLARE_SIMPLE_TYPE(CadenceTTCState, CADENCE_TTC)
-
-struct CadenceTTCState {
-SysBusDevice parent_obj;
-
-MemoryRegion iomem;
-CadenceTimerState timer[3];
-};
-
 static void cadence_timer_update(CadenceTimerState *s)
 {
 qemu_set_irq(s->irq, !!(s->reg_intr & s->reg_intr_en));
-- 
2.25.1

[PULL 1/4] linux-user/sh4/termbits: Silence warning about TIOCSER_TEMT double definition

[Laurent Vivier]

From: Thomas Huth 

Seen while compiling on Alpine:

 In file included from ../linux-user/strace.c:17:
 In file included from ../linux-user/qemu.h:11:
 In file included from ../linux-user/syscall_defs.h:1247:
 ../linux-user/sh4/termbits.h:276:10: warning: 'TIOCSER_TEMT' macro redefined
  [-Wmacro-redefined]
 # define TIOCSER_TEMT0x01   /* Transmitter physically empty */
  ^
 /usr/include/sys/ioctl.h:50:9: note: previous definition is here
 #define TIOCSER_TEMT 1
 ^
 1 warning generated.

Add the TARGET_ prefix here, too, like we do it on the other architectures.

Signed-off-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Laurent Vivier 
Reviewed-by: Yoshinori Sato 
Message-Id: <20220330134302.979686-1-th...@redhat.com>
Signed-off-by: Laurent Vivier 
---
 linux-user/sh4/termbits.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/sh4/termbits.h b/linux-user/sh4/termbits.h
index f91b5c51cf83..eeabd2d7a9ce 100644
--- a/linux-user/sh4/termbits.h
+++ b/linux-user/sh4/termbits.h
@@ -273,7 +273,7 @@ ebugging only */
 #define TARGET_TIOCSERGETLSR   TARGET_IOR('T', 89, unsigned int) /* 0x5459 */ 
/* Get line sta
 tus register */
   /* ioctl (fd, TIOCSERGETLSR, ) where result may be as below */
-# define TIOCSER_TEMT0x01   /* Transmitter physically empty */
+# define TARGET_TIOCSER_TEMT   0x01   /* Transmitter physically empty */
 #define TARGET_TIOCSERGETMULTI TARGET_IOR('T', 90, int) /* 0x545A
 */ /* Get multiport config  */
 #define TARGET_TIOCSERSETMULTI TARGET_IOW('T', 91, int) /* 0x545B
-- 
2.35.1

[PULL 2/4] target/sh4: Remove old README.sh4 file

[Laurent Vivier]

From: Thomas Huth 

This file didn't have any non-trivial update since it was initially
added in 2006, and looking at the content, it seems incredibly outdated,
saying e.g. "The sh4 target is not ready at all yet for integration in
qemu" or "A sh4 user-mode has also somewhat started but will be worked
on afterwards"... Sounds like nobody is interested in this README file
anymore, so let's simply remove it now.

Signed-off-by: Thomas Huth 
Reviewed-by: Peter Maydell 
Reviewed-by: Richard Henderson 
Reviewed-by: Yoshinori Sato 
Message-Id: <20220329151955.472306-1-th...@redhat.com>
Signed-off-by: Laurent Vivier 
---
 target/sh4/README.sh4 | 150 --
 1 file changed, 150 deletions(-)
 delete mode 100644 target/sh4/README.sh4

diff --git a/target/sh4/README.sh4 b/target/sh4/README.sh4
deleted file mode 100644
index a192ca7540cc..
--- a/target/sh4/README.sh4
+++ /dev/null
@@ -1,150 +0,0 @@
-qemu target:   sh4
-author:Samuel Tardieu 
-last modified: Tue Dec  6 07:22:44 CET 2005
-
-The sh4 target is not ready at all yet for integration in qemu. This
-file describes the current state of implementation.
-
-Most places requiring attention and/or modification can be detected by
-looking for "X" or "abort()".
-
-The sh4 core is located in target/sh4/*, while the 7750 peripheral
-features (IO ports for example) are located in hw/sh7750.[ch]. The
-main board description is in hw/shix.c, and the NAND flash in
-hw/tc58128.[ch].
-
-All the shortcomings indicated here will eventually be resolved. This
-is a work in progress. Features are added in a semi-random order: if a
-point is blocking to progress on booting the Linux kernel for the shix
-board, it is addressed first; if feedback is necessary and no progress
-can be made on blocking points until it is received, a random feature
-is worked on.
-
-Goals
--
-
-The primary model being worked on is the soft MMU target to be able to
-emulate the Shix 2.0 board by Alexis Polti, described at
-https://web.archive.org/web/20070917001736/http://perso.enst.fr/~polti/realisations/shix20/
-
-Ultimately, qemu will be coupled with a system C or a verilog
-simulator to simulate the whole board functionalities.
-
-A sh4 user-mode has also somewhat started but will be worked on
-afterwards. The goal is to automate tests for GNAT (GNU Ada) compiler
-that I ported recently to the sh4-linux target.
-
-Registers
--
-
-16 general purpose registers are available at any time. The first 8
-registers are banked and the non-directly visible ones can be accessed
-by privileged instructions. In qemu, we define 24 general purpose
-registers and the code generation use either [0-7]+[8-15] or
-[16-23]+[8-15] depending on the MD and RB flags in the sr
-configuration register.
-
-Instructions
-
-
-Most sh4 instructions have been implemented. The missing ones at this
-time are:
-  - FPU related instructions
-  - LDTLB to load a new MMU entry
-  - SLEEP to put the processor in sleep mode
-
-Most instructions could be optimized a lot. This will be worked on
-after the current model is fully functional unless debugging
-convenience requires that it is done early.
-
-Many instructions did not have a chance to be tested yet. The plan is
-to implement unit and regression testing of those in the future.
-
-MMU

-
-The MMU is implemented in the sh4 core. MMU management has not been
-tested at all yet. In the sh7750, it can be manipulated through memory
-mapped registers and this part has not yet been implemented.
-
-Exceptions
---
-
-Exceptions are implemented as described in the sh4 reference manual
-but have not been tested yet. They do not use qemu EXCP_ features
-yet.
-
-IRQ

-
-IRQ are not implemented yet.
-
-Peripheral features

-
-  + Serial ports
-
-Configuration and use of the first serial port (SCI) without
-interrupts is supported. Input has not yet been tested.
-
-Configuration of the second serial port (SCIF) is supported. FIFO
-handling infrastructure has been started but is not completed yet.
-
-  + GPIO ports
-
-GPIO ports have been implemented. A registration function allows
-external modules to register interest in some port changes (see
-hw/tc58128.[ch] for an example) and will be called back. Interrupt
-generation is not yet supported but some infrastructure is in place
-for this purpose. Note that in the current model a peripheral module
-cannot directly simulate a H->L->H input port transition and have an
-interrupt generated on the low level.
-
-  + TC58128 NAND flash
-
-TC58128 NAND flash is partially implemented through GPIO ports. It
-supports reading from flash.
-
-GDB

-
-GDB remote target support has been implemented and lightly tested.
-
-Files
--
-
-File names are hardcoded at this time. The bootloader must be stored in
-shix_bios.bin in the current directory. The initial Linux image must
-be stored in shix_linux_nand.bin in the current directory in NAND

[PATCH v1 0/2] hw/arm: zynqmp: Add the 4 TTC timers

[Edgar E. Iglesias]

From: "Edgar E. Iglesias" 

This adds the 4 TTC timers in the Xilinx ZynqMP.
This is for after the 7.0.0 release.

Cheers,
Edgar

Edgar E. Iglesias (2):
  timer: cadence_ttc: Break out header file to allow embedding
  hw/arm/xlnx-zynqmp: Connect 4 TTC timers

 include/hw/arm/xlnx-zynqmp.h   |  4 +++
 include/hw/timer/cadence_ttc.h | 54 ++
 hw/arm/xlnx-zynqmp.c   | 22 ++
 hw/timer/cadence_ttc.c | 32 ++--
 4 files changed, 82 insertions(+), 30 deletions(-)
 create mode 100644 include/hw/timer/cadence_ttc.h

-- 
2.25.1

[PULL 3/4] vhost-vdpa: fix typo in a comment

[Laurent Vivier]

From: Stefano Garzarella 

Replace vpda with vdpa.

Signed-off-by: Stefano Garzarella 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20220328152022.73245-1-sgarz...@redhat.com>
Signed-off-by: Laurent Vivier 
---
 hw/virtio/vhost-vdpa.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index c5ed7a377939..8adf7c0b92d9 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
@@ -299,7 +299,7 @@ static void vhost_vdpa_listener_region_del(MemoryListener 
*listener,
 memory_region_unref(section->mr);
 }
 /*
- * IOTLB API is used by vhost-vpda which requires incremental updating
+ * IOTLB API is used by vhost-vdpa which requires incremental updating
  * of the mapping. So we can not use generic vhost memory listener which
  * depends on the addnop().
  */
-- 
2.35.1

[PULL 0/4] Trivial branch for 7.0 patches

[Laurent Vivier]

The following changes since commit cace6c6f3aca7b88afc42995f90bbefb37a0ed57:

  Merge tag 'pull-qapi-2022-03-31' of git://repo.or.cz/qemu/armbru into staging 
(2022-03-31 11:56:52 +0100)

are available in the Git repository at:

  https://gitlab.com/laurent_vivier/qemu.git 
tags/trivial-branch-for-7.0-pull-request

for you to fetch changes up to 04cca669b237337cc8734788c3ad968aa8e0b57f:

  tests/lcitool: Do not use a hard-coded /usr/bin/python3 as python interpreter 
(2022-03-31 21:32:49 +0200)


Trivial branch pull request 20220401

Fix sh4 linux-user build on Alpine
and some trivial updates



Stefano Garzarella (1):
  vhost-vdpa: fix typo in a comment

Thomas Huth (3):
  linux-user/sh4/termbits: Silence warning about TIOCSER_TEMT double
definition
  target/sh4: Remove old README.sh4 file
  tests/lcitool: Do not use a hard-coded /usr/bin/python3 as python
interpreter

 hw/virtio/vhost-vdpa.c |   2 +-
 linux-user/sh4/termbits.h  |   2 +-
 target/sh4/README.sh4  | 150 -
 tests/lcitool/Makefile.include |   2 +-
 tests/lcitool/refresh  |   2 +-
 5 files changed, 4 insertions(+), 154 deletions(-)
 delete mode 100644 target/sh4/README.sh4

-- 
2.35.1

[PULL 4/4] tests/lcitool: Do not use a hard-coded /usr/bin/python3 as python interpreter

[Laurent Vivier]

From: Thomas Huth 

When running "make lcitool-refresh", this currently uses the hard-coded
/usr/bin/python3 from the script's shebang line for running Python.
That's bad, since neither /usr/bin/python3 is guaranteed to exist, nor
does it honor the python interpreter that the user might have chosen
while running the "configure" script. Thus let's rather use $(PYTHON)
in the Makefile, and improve the shebang line in the script in case
someone runs this directly.

Signed-off-by: Thomas Huth 
Reviewed-by: Daniel P. Berrangé 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20220329063958.262669-1-th...@redhat.com>
Signed-off-by: Laurent Vivier 
---
 tests/lcitool/Makefile.include | 2 +-
 tests/lcitool/refresh  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/lcitool/Makefile.include b/tests/lcitool/Makefile.include
index 6b215adcd1e0..3780185c7c45 100644
--- a/tests/lcitool/Makefile.include
+++ b/tests/lcitool/Makefile.include
@@ -14,4 +14,4 @@ lcitool-help: lcitool
 
 lcitool-refresh:
$(call quiet-command, cd $(SRC_PATH) && git submodule update --init 
tests/lcitool/libvirt-ci)
-   $(call quiet-command, $(LCITOOL_REFRESH))
+   $(call quiet-command, $(PYTHON) $(LCITOOL_REFRESH))
diff --git a/tests/lcitool/refresh b/tests/lcitool/refresh
index 1f00281b443d..2d198ad281a0 100755
--- a/tests/lcitool/refresh
+++ b/tests/lcitool/refresh
@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 #
 # Re-generate container recipes
 #
-- 
2.35.1

Re: [PATCH v8 04/46] hw/cxl/device: Introduce a CXL device (8.2.8)

[Adam Manzanares]

On Wed, Mar 30, 2022 at 06:48:48PM +0100, Jonathan Cameron wrote:
> On Tue, 29 Mar 2022 18:13:59 +
> Adam Manzanares  wrote:
> 
> > On Fri, Mar 18, 2022 at 03:05:53PM +, Jonathan Cameron wrote:
> > > From: Ben Widawsky 
> > > 
> > > A CXL device is a type of CXL component. Conceptually, a CXL device
> > > would be a leaf node in a CXL topology. From an emulation perspective,
> > > CXL devices are the most complex and so the actual implementation is
> > > reserved for discrete commits.
> > > 
> > > This new device type is specifically catered towards the eventual
> > > implementation of a Type3 CXL.mem device, 8.2.8.5 in the CXL 2.0
> > > specification.
> > > 
> > > Signed-off-by: Ben Widawsky 
> > > Signed-off-by: Jonathan Cameron 
> > > Reviewed-by: Alex Bennée 
> 
> ...
> 
> > > diff --git a/include/hw/cxl/cxl_device.h b/include/hw/cxl/cxl_device.h
> > > new file mode 100644
> > > index 00..b2416e45bf
> > > --- /dev/null
> > > +++ b/include/hw/cxl/cxl_device.h
> > > @@ -0,0 +1,165 @@
> > > +/*
> > > + * QEMU CXL Devices
> > > + *
> > > + * Copyright (c) 2020 Intel
> > > + *
> > > + * This work is licensed under the terms of the GNU GPL, version 2. See 
> > > the
> > > + * COPYING file in the top-level directory.
> > > + */
> > > +
> > > +#ifndef CXL_DEVICE_H
> > > +#define CXL_DEVICE_H
> > > +
> > > +#include "hw/register.h"
> > > +
> > > +/*
> > > + * The following is how a CXL device's MMIO space is laid out. The only
> > > + * requirement from the spec is that the capabilities array and the 
> > > capability
> > > + * headers start at offset 0 and are contiguously packed. The headers 
> > > themselves
> > > + * provide offsets to the register fields. For this emulation, registers 
> > > will
> > > + * start at offset 0x80 (m == 0x80). No secondary mailbox is implemented 
> > > which
> > > + * means that n = m + sizeof(mailbox registers) + sizeof(device 
> > > registers).  
> > 
> > What is n here, the start offset of the mailbox registers, this question is 
> > based on the figure below?
> 
> I'll expand on this to say
> 
> means that the offset of the start of the mailbox payload (n) is given by
> n = m + sizeof
> 
> Which means the diagram below is wrong as should align with top
> of mailbox registers.
> 
> > 
> > > + *
> > > + * This is roughly described in 8.2.8 Figure 138 of the CXL 2.0 spec
> I'm going drop this comment as that figure appears unrelated to me.
> 
> > > + *
> > > + *   +-+
> > > + *   | |
> > > + *   |Memory Device Registers  |
> > > + *   | |
> > > + * n + PAYLOAD_SIZE_MAX  ---
> > > + *  ^| |
> > > + *  || |
> > > + *  || |
> > > + *  || |
> > > + *  || |
> > > + *  || Mailbox Payload |
> > > + *  || |
> > > + *  || |
> > > + *  || |
> > > + *  |---
> > > + *  ||   Mailbox Registers |
> > > + *  || |
> > > + *  n---
> > > + *  ^| |
> > > + *  ||Device Registers |
> > > + *  || |
> > > + *  m-->
> > > + *  ^|  Memory Device Capability Header|
> > > + *  |---
> > > + *  || Mailbox Capability Header   |
> > > + *  |-- 
> > > + *  || Device Capability Header|
> > > + *  |---
> > > + *  || |
> > > + *  || |
> > > + *  ||  Device Cap Array[0..n] |
> > > + *  || |
> > > + *  || |
> > > + *   | |
> > > + *  0+-+  
> > 
> > Would it make sense to add CXL cap header register to the diagram?
> 
> Too many similar names in the CXL spec. I'm not sure which one you mean,
> could you let 

Re: [PATCH] target/riscv: Avoid leaking "no translation" TLB entries

[Alistair Francis]

On Thu, Mar 31, 2022 at 3:11 AM Palmer Dabbelt  wrote:
>
> The ISA doesn't allow bare mappings to be cached, as the caches are
> translations and bare mppings are not translated.  We cache these
> translations in QEMU in order to utilize the TLB code, but that leaks
> out to the guest.
>
> Suggested-by: phan...@zju.edu.cn # no name in the From field
> Fixes: 1e0d985fa9 ("target/riscv: Only flush TLB if SATP.ASID changes")
> Signed-off-by: Palmer Dabbelt 

Thanks!

Applied to riscv-to-apply.next

Alistair

>
> ---
>
> Another way to fix this would be to utilize a MMU index that cooresponds
> to no ASID to hold these direct mappings, but given that we're not
> currently taking advantage of ASIDs for translation performance that
> would be a larger chunk of work.  This causes a Linux boot regression,
> so the band-aid seems appropriate.
>
> I think the original version of this was also more broadly broken, in
> that changing to ASID 0 would allow old mappings, but I might be missing
> something there.  I seem to remember ASID 0 as having been special at
> some point, but it's not in the ISA as it stands so maybe I'm just
> crazy.
>
> This, when applied on top of Alistair's riscv-to-apply.next, boots my
> for-next (which is very close to Linus' master).
> ---
>  target/riscv/csr.c | 14 --
>  1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index 0606cd0ea8..cabef5a20b 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -1844,7 +1844,7 @@ static RISCVException read_satp(CPURISCVState *env, int 
> csrno,
>  static RISCVException write_satp(CPURISCVState *env, int csrno,
>   target_ulong val)
>  {
> -target_ulong vm, mask, asid;
> +target_ulong vm, mask;
>
>  if (!riscv_feature(env, RISCV_FEATURE_MMU)) {
>  return RISCV_EXCP_NONE;
> @@ -1853,20 +1853,22 @@ static RISCVException write_satp(CPURISCVState *env, 
> int csrno,
>  if (riscv_cpu_mxl(env) == MXL_RV32) {
>  vm = validate_vm(env, get_field(val, SATP32_MODE));
>  mask = (val ^ env->satp) & (SATP32_MODE | SATP32_ASID | SATP32_PPN);
> -asid = (val ^ env->satp) & SATP32_ASID;
>  } else {
>  vm = validate_vm(env, get_field(val, SATP64_MODE));
>  mask = (val ^ env->satp) & (SATP64_MODE | SATP64_ASID | SATP64_PPN);
> -asid = (val ^ env->satp) & SATP64_ASID;
>  }
>
>  if (vm && mask) {
>  if (env->priv == PRV_S && get_field(env->mstatus, MSTATUS_TVM)) {
>  return RISCV_EXCP_ILLEGAL_INST;
>  } else {
> -if (asid) {
> -tlb_flush(env_cpu(env));
> -}
> +   /*
> +* The ISA defines SATP.MODE=Bare as "no translation", but we 
> still
> +* pass these through QEMU's TLB emulation as it improves
> +* performance.  Flushing the TLB on SATP writes with paging
> +* enabled avoids leaking those invalid cached mappings.
> +*/
> +tlb_flush(env_cpu(env));
>  env->satp = val;
>  }
>  }
> --
> 2.34.1
>
>

Re: [EXT] Re: [PATCH] hw/riscv: virt: Warn the user if -bios is provided when using KVM

[Ralf Ramsauer]

On 31/03/2022 02:11, Alistair Francis wrote:

On Thu, Mar 24, 2022 at 7:08 PM Daniel P. Berrangé  wrote:


On Wed, Mar 23, 2022 at 06:13:46PM +0100, Ralf Ramsauer wrote:

The -bios option is silently ignored if used in combination with -enable-kvm.
The reason is that the machine starts in S-Mode, and the bios typically runs in
M-Mode.

Warn the user that the bios won't be loaded.

Signed-off-by: Ralf Ramsauer 
---
  hw/riscv/virt.c | 3 +++
  1 file changed, 3 insertions(+)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 4496a15346..a4d13114ee 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -1312,6 +1312,9 @@ static void virt_machine_init(MachineState *machine)
   * when KVM is enabled.
   */
  if (kvm_enabled()) {
+if (machine->firmware && strcmp(machine->firmware, "none"))
+warn_report("BIOS is not supported in combination with KVM. "
+"Ignoring BIOS.");


If the usage scenario isn't supportable, then ultimately we should be
raising an error and immediately exiting.

If you know of common usage that is already mistakenly passing -bios,
then we could start with a warning and list it as deprecated, then
change to an error_report 2 releases later. If we don't thing people
are often mistakenly passing -bios, then go straight for error_report
and exit.


That's a good point. The original thinking was that we did support
-bios and so we should warn the user that it's unlikely they want to
use it. This would still allow S mode UEFI loaders to be used (they
don't exist today).

Considering we are currently just ignoring the option I agree it's
better to report an error.

Do you mind sending a v2 Ralf?


Yes, will return with another revision. Anyway, I'll choose to exit 
immediately, as I doubt that there are any non-development users of this 
particular feature (RISCV/Qemu + KVM) due to the lack of physical hardware.


Thanks
  Ralf



Alistair




  g_free(machine->firmware);
  machine->firmware = g_strdup("none");
  }
--
2.32.0




With regards,
Daniel
--
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH v8 04/46] hw/cxl/device: Introduce a CXL device (8.2.8)

[Adam Manzanares]

On Wed, Mar 30, 2022 at 01:15:58PM +0100, Jonathan Cameron wrote:
> On Tue, 29 Mar 2022 12:53:51 -0700
> Davidlohr Bueso  wrote:
> 
> > On Tue, 29 Mar 2022, Adam Manzanares wrote:
> > >> +typedef struct cxl_device_state {
> > >> +MemoryRegion device_registers;
> > >> +
> > >> +/* mmio for device capabilities array - 8.2.8.2 */
> > >> +MemoryRegion device;
> > >> +MemoryRegion caps;
> > >> +
> > >> +/* mmio for the mailbox registers 8.2.8.4 */
> > >> +MemoryRegion mailbox;
> > >> +
> > >> +/* memory region for persistent memory, HDM */
> > >> +uint64_t pmem_size;  
> > >
> > >Can we switch this to mem_size and drop the persistent comment? It is my
> > >understanding that HDM is independent of persistence.  
> > 
> > Agreed, but ideally both volatile and persistent capacities would have been
> > supported in this patchset. I'm also probably missing specific reasons as to
> > why this isn't the case.
> 
> Whilst it doesn't add a huge amount of complexity it does add some
> and the software paths in Linux we were developing this for are pmem focused.
> Hence volatile is on the todo list rather than in this first patch set.
> Not sensible to aim for feature complete in one go.

Makes complete sense. We can help with the Linux development for the volatile 
side. I will add a couple of folks on cc. In addition, we would like to help
the CXL ecosystem in general so I anticipate we will have more reviews and 
patches for CXL in general.

> 
> > 
> > Looking at it briefly could it be just a matter of adding to cxl_type3_dev
> > a new hostmem along with it's AddressSpace for the volatile? If so, I'm
> > thinking something along these lines:
> > 
> > @@ -123,8 +123,8 @@ typedef struct cxl_device_state {
> >  uint64_t host_set;
> >   } timestamp;
> > 
> > -/* memory region for persistent memory, HDM */
> > -uint64_t pmem_size;
> > +/* memory region for persistent and volatile memory, HDM */
> > +uint64_t pmem_size, mem_size;
> >   } CXLDeviceState;
> > 
> >   /* Initialize the register block for a device */
> > @@ -235,9 +235,9 @@ typedef struct cxl_type3_dev {
> >   PCIDevice parent_obj;
> > 
> >   /* Properties */
> > -AddressSpace hostmem_as;
> > +AddressSpace hostmem_as, hostmemv_as;
> >   uint64_t size;
> > -HostMemoryBackend *hostmem;
> > +HostMemoryBackend *hostmem, *hostmemv;
> >   HostMemoryBackend *lsa;
> >   uint64_t sn;
> > 
> > Then for cxl_setup_memory(), with ct3d->hostmem and/or ct3d->hostmemv
> > non-nil, set the respective MemoryRegions:
> > 
> > +if (ct3d->hostmem) {
> > +memory_region_set_nonvolatile(mr, true);
> > +memory_region_set_enabled(mr, true);
> > +host_memory_backend_set_mapped(ct3d->hostmem, true);
> > +address_space_init(>hostmem_as, mr, name);
> > +ct3d->cxl_dstate.pmem_size = ct3d->hostmem->size;
> > +}
> > +if (ct3d->hostmemv) {
> > +memory_region_set_nonvolatile(mrv, false);
> > +memory_region_set_enabled(mrv, true);
> > +host_memory_backend_set_mapped(ct3d->hostmemv, true);
> > +address_space_init(>hostmem_as, mrv, name);
> > +ct3d->cxl_dstate.pmem_size = ct3d->hostmem->size;
> > +}
> > 
> > For corresponding MB commands, it's mostly IDENTIFY_MEMORY_DEVICE that needs
> > updating:
> > 
> > @@ -281,7 +281,7 @@ static ret_code cmd_identify_memory_device(struct 
> > cxl_cmd *cmd,
> > 
> >   CXLType3Dev *ct3d = container_of(cxl_dstate, CXLType3Dev, cxl_dstate);
> >   CXLType3Class *cvc = CXL_TYPE3_DEV_GET_CLASS(ct3d);
> > -uint64_t size = cxl_dstate->pmem_size;
> > +uint64_t size = cxl_dstate->pmem_size + cxl_dstate->mem_size;
> > 
> >   if (!QEMU_IS_ALIGNED(size, 256 << 20)) {
> >  return CXL_MBOX_INTERNAL_ERROR;
> > @@ -290,11 +290,11 @@ static ret_code cmd_identify_memory_device(struct 
> > cxl_cmd *cmd,
> >   id = (void *)cmd->payload;
> >   memset(id, 0, sizeof(*id));
> > 
> > -/* PMEM only */
> >   snprintf(id->fw_revision, 0x10, "BWFW VERSION %02d", 0);
> > 
> >   id->total_capacity = size / (256 << 20);
> > -id->persistent_capacity = size / (256 << 20);
> > +id->persistent_capacity = cxl_dstate->pmem_size / (256 << 20);
> > +id->volatile_capacity = cxl_dstate->mem_size / (256 << 20);
> >   id->lsa_size = cvc->get_lsa_size(ct3d);
> > 
> >   *len = sizeof(*id);
> > @@ -312,16 +312,16 @@ static ret_code cmd_ccls_get_partition_info(struct 
> > cxl_cmd *cmd,
> >  uint64_t next_pmem;
> >   } QEMU_PACKED *part_info = (void *)cmd->payload;
> >   QEMU_BUILD_BUG_ON(sizeof(*part_info) != 0x20);
> > -uint64_t size = cxl_dstate->pmem_size;
> > +uint64_t psize = cxl_dstate->pmem_size;
> > +uint64_t vsize = cxl_dstate->mem_size;
> > 
> > -if (!QEMU_IS_ALIGNED(size, 256 << 20)) {
> > +if (!QEMU_IS_ALIGNED(psize + vsize, 256 << 20)) {
> >  return CXL_MBOX_INTERNAL_ERROR;
> 

Re: [PATCH 7/7] vhost-vdpa: backend feature should set only once

[Si-Wei Liu]

On 3/31/2022 1:02 AM, Eugenio Perez Martin wrote:

On Thu, Mar 31, 2022 at 1:03 AM Si-Wei Liu  wrote:



On 3/30/2022 12:01 PM, Eugenio Perez Martin wrote:

On Wed, Mar 30, 2022 at 8:33 AM Si-Wei Liu  wrote:

The vhost_vdpa_one_time_request() branch in
vhost_vdpa_set_backend_cap() incorrectly sends down
iotls on vhost_dev with non-zero index. This may
end up with multiple VHOST_SET_BACKEND_FEATURES
ioctl calls sent down on the vhost-vdpa fd that is
shared between all these vhost_dev's.


Not only that. This means that qemu thinks the device supports iotlb
batching as long as the device does not have cvq. If vdpa does not
support batching, it will return an error later with no possibility of
doing it ok.

I think the implicit assumption here is that the caller should back off
to where it was if it comes to error i.e. once the first
vhost_dev_set_features call gets an error, vhost_dev_start() will fail
straight.

Sorry, I don't follow you here, and maybe my message was not clear enough.

What I meant is that your patch fixes another problem not stated in
the message: it is not possible to initialize a net vdpa device that
does not have cvq and does not support iotlb batches without it. Qemu
will assume that the device supports batching, so the write of
VHOST_IOTLB_BATCH_BEGIN will fail.
This is not what I see from the code? For e.g. 
vhost_vdpa_iotlb_batch_begin_once() has the following:


 140 if (v->dev->backend_cap & (0x1ULL << 
VHOST_BACKEND_F_IOTLB_BATCH) &&

 141 !v->iotlb_batch_begin_sent) {
 142 vhost_vdpa_listener_begin_batch(v);
 143 }

If backend_cap doesn't contain the VHOST_BACKEND_F_IOTLB_BATCH bit, QEMU 
shouldn't send down VHOST_IOTLB_BATCH_BEGIN...


Noted in vhost_vdpa_set_backend_cap(), VHOST_GET_BACKEND_FEATURES was 
supposed to get the backend capability from the kernel ahead of the 
VHOST_SET_BACKEND_FEATURES call. In which case of your concern, at least 
feature VHOST_BACKEND_F_IOTLB_MSG_V2 should be successfully returned and 
stored in the backend_cap, even if the VHOST_SET_BACKEND_FEATURES ioctl 
was missed in between. Hence the resulting backend_cap shouldn't have 
the VHOST_BACKEND_F_IOTLB_BATCH bit set. What am I missing here?




  I didn't test what happens next but
it probably cannot continue.

In that regard, this commit needs to be marked as "Fixes: ...", either
("a5bd058 vhost-vdpa: batch updating IOTLB mappings") or maybe better
("4d191cf vhost-vdpa: classify one time request"). We have a
regression if we introduce both, or the second one and the support of
any other backend feature.
Sure, it's not that I am unwilling to add the "Fixes" tag, though I'd 
like to make sure if the worry is real upfront. Thanks for pointing it 
out anyway.


Thanks,
-Siwei




Noted that the VHOST_SET_BACKEND_FEATURES ioctl is not per-vq
and it doesn't even need to. There seems to me no possibility for it to
fail in a way as thought here. The capture is that IOTLB batching is at
least a vdpa device level backend feature, if not per-kernel. Same as
IOTLB_MSG_V2.


At this moment it is per-kernel, yes. With your patch there is no need
to fail because of the lack of _F_IOTLB_BATCH, the code should handle
this case ok.

But if VHOST_GET_BACKEND_FEATURES returns no support for
VHOST_BACKEND_F_IOTLB_MSG_V2, the qemu code will happily send v2
messages anyway. This has nothing to do with the patch, I'm just
noting it here.

In that case, maybe it is better to return something like -ENOTSUP?

Thanks!


-Siwei


   Some open questions:

Should we make the vdpa driver return error as long as a feature is
used but not set by qemu, or let it as undefined? I guess we have to
keep the batching at least without checking so the kernel supports old
versions of qemu.

On the other hand, should we return an error if IOTLB_MSG_V2 is not
supported here? We're basically assuming it in other functions.


To fix it, send down ioctl only once via the first
vhost_dev with index 0. Toggle the polarity of the
vhost_vdpa_one_time_request() test would do the trick.

Signed-off-by: Si-Wei Liu 

Acked-by: Eugenio Pérez 


---
   hw/virtio/vhost-vdpa.c | 2 +-
   1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index c5ed7a3..27ea706 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
@@ -665,7 +665,7 @@ static int vhost_vdpa_set_backend_cap(struct vhost_dev *dev)

   features &= f;

-if (vhost_vdpa_one_time_request(dev)) {
+if (!vhost_vdpa_one_time_request(dev)) {
   r = vhost_vdpa_call(dev, VHOST_SET_BACKEND_FEATURES, );
   if (r) {
   return -EFAULT;
--
1.8.3.1

Re: [PATCH] qga: replace usleep() with g_usleep()

[Philippe Mathieu-Daudé]

On 31/3/22 22:53, marcandre.lur...@redhat.com wrote:

From: Marc-André Lureau 

The latter simply requires glib.h, while the former is not in the
Windows API (but provided by mingw header & CRT)

Also simplify the expression for 1/10s.

Signed-off-by: Marc-André Lureau 
---
  qga/main.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH 2/3] i386: factor out x86_firmware_configure()

[Philippe Mathieu-Daudé]

On 31/3/22 10:35, Gerd Hoffmann wrote:

move sev firmware setup to separate function so it can be used from
other code paths.  No functional change.

Signed-off-by: Gerd Hoffmann 
Tested-by: Xiaoyao Li 
---
  include/hw/i386/x86.h |  3 +++
  hw/i386/pc_sysfw.c| 36 ++--
  2 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h
index 916cc325eeb1..4841a49f86c0 100644
--- a/include/hw/i386/x86.h
+++ b/include/hw/i386/x86.h
@@ -140,4 +140,7 @@ void gsi_handler(void *opaque, int n, int level);
  void ioapic_init_gsi(GSIState *gsi_state, const char *parent_name);
  DeviceState *ioapic_init_secondary(GSIState *gsi_state);
  
+/* pc_sysfw.c */

+void x86_firmware_configure(void *ptr, int size);
+
  #endif
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index c8b17af95353..36b6121b77b9 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -148,7 +148,6 @@ static void pc_system_flash_map(PCMachineState *pcms,
  MemoryRegion *flash_mem;
  void *flash_ptr;
  int flash_size;
-int ret;
  
  assert(PC_MACHINE_GET_CLASS(pcms)->pci_enabled);
  
@@ -196,19 +195,7 @@ static void pc_system_flash_map(PCMachineState *pcms,

  if (sev_enabled()) {


^^^


  flash_ptr = memory_region_get_ram_ptr(flash_mem);
  flash_size = memory_region_size(flash_mem);

Can we remove the SEV check ...


-/*
- * OVMF places a GUIDed structures in the flash, so
- * search for them
- */
-pc_system_parse_ovmf_flash(flash_ptr, flash_size);
-
-ret = sev_es_save_reset_vector(flash_ptr, flash_size);
-if (ret) {
-error_report("failed to locate and/or save reset vector");
-exit(1);
-}
-
-sev_encrypt_flash(flash_ptr, flash_size, _fatal);
+x86_firmware_configure(flash_ptr, flash_size);


... making this code generic ...?


  }
  }
  }
@@ -260,3 +247,24 @@ void pc_system_firmware_init(PCMachineState *pcms,
  
  pc_system_flash_cleanup_unused(pcms);

  }
+
+void x86_firmware_configure(void *ptr, int size)
+{
+int ret;
+
+/*
+ * OVMF places a GUIDed structures in the flash, so
+ * search for them
+ */
+pc_system_parse_ovmf_flash(ptr, size);
+
+if (sev_enabled()) {


... because we are still checking SEV here.


+ret = sev_es_save_reset_vector(ptr, size);
+if (ret) {
+error_report("failed to locate and/or save reset vector");
+exit(1);
+}
+
+sev_encrypt_flash(ptr, size, _fatal);
+}
+}

[PATCH] qga: replace usleep() with g_usleep()

[marcandre . lureau]

From: Marc-André Lureau 

The latter simply requires glib.h, while the former is not in the
Windows API (but provided by mingw header & CRT)

Also simplify the expression for 1/10s.

Signed-off-by: Marc-André Lureau 
---
 qga/main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qga/main.c b/qga/main.c
index 1deb0ee2fbfe..6a5be23225d0 100644
--- a/qga/main.c
+++ b/qga/main.c
@@ -610,7 +610,7 @@ static gboolean channel_event_cb(GIOCondition condition, 
gpointer data)
  * host-side chardev. sleep a bit to mitigate this
  */
 if (s->virtio) {
-usleep(100 * 1000);
+g_usleep(G_USEC_PER_SEC / 10);
 }
 return true;
 default:
-- 
2.35.1.693.g805e0a68082a

Re: [PATCH 3/3] i386: firmware parsing and sev setup for -bios loaded firmware

[Philippe Mathieu-Daudé]

On 31/3/22 10:35, Gerd Hoffmann wrote:

Don't register firmware as rom, not needed (see comment).
Add x86_firmware_configure() call for proper sev initialization.

Signed-off-by: Gerd Hoffmann 
Tested-by: Xiaoyao Li 
---
  hw/i386/x86.c | 25 +++--
  1 file changed, 19 insertions(+), 6 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH 1/3] i386: move bios load error message

[Philippe Mathieu-Daudé]

On 31/3/22 10:35, Gerd Hoffmann wrote:

Switch to usual goto-end-of-function error handling style.
No functional change.

Signed-off-by: Gerd Hoffmann 
Tested-by: Xiaoyao Li 
---
  hw/i386/x86.c | 9 ++---
  1 file changed, 6 insertions(+), 3 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [RFC PATCH 3/4] hw/i2c: add slave mode for aspeed_i2c

[Philippe Mathieu-Daudé]

On 31/3/22 18:57, Klaus Jensen wrote:

From: Klaus Jensen 

Add slave mode functionality for the Aspeed I2C controller. This is
implemented by creating an Aspeed I2C Slave device that attaches to the
bus.

This i2c slave device only implements the asynchronous version of
i2c_send() and the event callback.

Signed-off-by: Klaus Jensen 
---
  hw/i2c/aspeed_i2c.c | 95 +
  hw/i2c/trace-events |  2 +-
  hw/misc/meson.build |  2 +
  include/hw/i2c/aspeed_i2c.h |  8 
  4 files changed, 97 insertions(+), 10 deletions(-)



@@ -558,14 +565,19 @@ static void aspeed_i2c_bus_write(void *opaque, hwaddr 
offset,
  bus->controller->intr_status &= ~(1 << bus->id);
  qemu_irq_lower(aic->bus_get_irq(bus));
  }
-if (handle_rx && (bus->cmd & (I2CD_M_RX_CMD | I2CD_M_S_RX_CMD_LAST))) {
-aspeed_i2c_handle_rx_cmd(bus);
-aspeed_i2c_bus_raise_interrupt(bus);
+
+if (handle_rx) {
+if (bus->cmd & (I2CD_M_RX_CMD | I2CD_M_S_RX_CMD_LAST)) {
+aspeed_i2c_handle_rx_cmd(bus);
+aspeed_i2c_bus_raise_interrupt(bus);


Eventually split this hunk into a separate patch to have better readability.


+}
  }



diff --git a/hw/misc/meson.build b/hw/misc/meson.build
index 6fb69612e064..c1c1abea41dd 100644
--- a/hw/misc/meson.build
+++ b/hw/misc/meson.build
@@ -122,6 +122,8 @@ softmmu_ss.add(when: 'CONFIG_NRF51_SOC', if_true: 
files('nrf51_rng.c'))
  
  softmmu_ss.add(when: 'CONFIG_GRLIB', if_true: files('grlib_ahb_apb_pnp.c'))
  
+softmmu_ss.add(when: 'CONFIG_I2C', if_true: files('i2c-echo.c'))


This change belongs to the next patch.

Re: [PATCH] build-sys: remove MSI's QEMU_GA_MSI_MINGW_DLL_PATH

[Philippe Mathieu-Daudé]

On 31/3/22 22:11, marcandre.lur...@redhat.com wrote:

From: Marc-André Lureau 

Since the introduction of the variable in commit 9dacf32d2cb ("qemu-ga:
Building Windows MSI installation with configure/Makefile"), nothing
makes use of the Mingw_dlls variable in the .wxs file.

Signed-off-by: Marc-André Lureau 
---
  configure   | 3 ---
  qga/meson.build | 1 -
  2 files changed, 4 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH RESEND v3] vdpa: reset the backend device in the end of vhost_net_stop()

[Michael S. Tsirkin]

On Thu, Mar 31, 2022 at 06:19:37PM +0800, Michael Qiu wrote:
> Hi, Jason
> 
> Does it work this time?

Nope. Just use git-send-email.

-- 
MST

Re: [RFC PATCH 0/4] hw/i2c: i2c slave mode support

[Corey Minyard]

On Thu, Mar 31, 2022 at 06:57:33PM +0200, Klaus Jensen wrote:
> From: Klaus Jensen 
> 
> Hi all,
> 
> This RFC series adds I2C "slave mode" support for the Aspeed I2C
> controller as well as the necessary infrastructure in the i2c core to
> support this.

I've been wondering when this would happen :).  I had put some thought
into how this would work, but hadn't come up with anything good.

The big disadvantage of this is you are adding an interface that is
incompatible with the current masters and slaves.  So you are using the
same I2C bus, but slaves written this way cannot talk to existing
masters, and masters written this way cannot talk to existing slave.
You could adapt the masters to be able to work either way, and I suppose
some slaves that could do it could have both an async send and a normal
send.  But you could not adapt a slave device for the Aspeed to do both.

But that said, I don't know of a better way to handle this.

You don't have the ability to nack a byte in what you have currently.
That's probably something that will be needed.

This is obviously not something useful by itself.  How do you plan to
tie this in to something else that would use it?

-corey

> 
> Background
> ~~
> We are working on an emulated NVM Express Management Interface[1] for
> testing and validation purposes. NVMe-MI is based on the MCTP
> protocol[2] which may use a variety of underlying transports. The one we
> are interested in is I2C[3].
> 
> The first general trickery here is that all MCTP transactions are based
> on the SMBus Block Write bus protocol[4]. This means that the slave must
> be able to master the bus to communicate. As you know, hw/i2c/core.c
> currently does not support this use case.
> 
> The second issue is how to interact with these mastering devices. Jeremy
> and Matt (CC'ed) have been working on an MCTP stack for the Linux Kernel
> (already upstream) and an I2C binding driver[5] is currently under
> review. This binding driver relies on I2C slave mode support in the I2C
> controller.
> 
> This series
> ~~~
> Patch 1 adds support for multiple masters in the i2c core, allowing
> slaves to master the bus and safely issue i2c_send/recv(). Patch 2 adds
> an asynchronous send i2c_send_async(I2CBus *, uint8) on the bus that
> must be paired with an explicit ack using i2c_ack(I2CBus *).
> 
> Patch 3 adds the slave mode functionality to the emulated Aspeed I2C
> controller. The implementation is probably buggy since I had to rely on
> the implementation of the kernel driver to reverse engineer the behavior
> of the controller slave mode (I do not have access to a spec sheet for
> the Aspeed, but maybe someone can help me out with that?).
> 
> Finally, patch 4 adds an example device using this new API. The device
> is a simple "echo" device that upon being sent a set of bytes uses the
> first byte as the address of the slave to echo to.
> 
> With this combined I am able to boot up Linux on an emulated Aspeed 2600
> evaluation board and have the i2c echo device write into a Linux slave
> EEPROM. Assuming the echo device is on address 0x42:
> 
>   # echo slave-24c02 0x1064 > /sys/bus/i2c/devices/i2c-15/new_device
>   i2c i2c-15: new_device: Instantiated device slave-24c02 at 0x64
>   # i2cset -y 15 0x42 0x64 0x00 0xaa i
>   # hexdump /sys/bus/i2c/devices/15-1064/slave-eeprom
>   000 ffaa       
>   010        
>   *
>   100
> 
>   [1]: https://nvmexpress.org/developers/nvme-mi-specification/
>   [2]: 
> https://www.dmtf.org/sites/default/files/standards/documents/DSP0236_1.3.1.pdf
>   [3]: 
> https://www.dmtf.org/sites/default/files/standards/documents/DSP0237_1.2.0.pdf
>   [4]: http://www.smbus.org/specs/SMBus_3_1_20180319.pdf
>   [5]: 
> https://lore.kernel.org/linux-i2c/20220218055106.1944485-1-m...@codeconstruct.com.au/
> 
> Klaus Jensen (4):
>   hw/i2c: support multiple masters
>   hw/i2c: add async send
>   hw/i2c: add slave mode for aspeed_i2c
>   hw/misc: add a toy i2c echo device
> 
>  hw/i2c/aspeed_i2c.c |  95 +---
>  hw/i2c/core.c   |  57 +-
>  hw/i2c/trace-events |   2 +-
>  hw/misc/i2c-echo.c  | 144 
>  hw/misc/meson.build |   2 +
>  include/hw/i2c/aspeed_i2c.h |   8 ++
>  include/hw/i2c/i2c.h|  19 +
>  7 files changed, 316 insertions(+), 11 deletions(-)
>  create mode 100644 hw/misc/i2c-echo.c
> 
> -- 
> 2.35.1
> 
> 

Re: [PATCH 0/3] i386: firmware parsing and sev setup for -bios loaded firmware

[Michael S. Tsirkin]

On Thu, Mar 31, 2022 at 10:35:46AM +0200, Gerd Hoffmann wrote:
> 


Looks good.
Acked-by: Michael S. Tsirkin 


Who's merging this? Yourself?

> Gerd Hoffmann (3):
>   i386: move bios load error message
>   i386: factor out x86_firmware_configure()
>   i386: firmware parsing and sev setup for -bios loaded firmware
> 
>  include/hw/i386/x86.h |  3 +++
>  hw/i386/pc_sysfw.c| 36 ++--
>  hw/i386/x86.c | 32 
>  3 files changed, 49 insertions(+), 22 deletions(-)
> 
> -- 
> 2.35.1
> 

[PATCH] build-sys: remove MSI's QEMU_GA_MSI_MINGW_DLL_PATH

[marcandre . lureau]

From: Marc-André Lureau 

Since the introduction of the variable in commit 9dacf32d2cb ("qemu-ga:
Building Windows MSI installation with configure/Makefile"), nothing
makes use of the Mingw_dlls variable in the .wxs file.

Signed-off-by: Marc-André Lureau 
---
 configure   | 3 ---
 qga/meson.build | 1 -
 2 files changed, 4 deletions(-)

diff --git a/configure b/configure
index 7c08c18358be..8cbe55ac82e8 100755
--- a/configure
+++ b/configure
@@ -2704,8 +2704,6 @@ if test "$QEMU_GA_VERSION" = ""; then
 QEMU_GA_VERSION=$(cat $source_path/VERSION)
 fi
 
-QEMU_GA_MSI_MINGW_DLL_PATH="$($pkg_config --variable=prefix glib-2.0)/bin"
-
 # Mac OS X ships with a broken assembler
 roms=
 if { test "$cpu" = "i386" || test "$cpu" = "x86_64"; } && \
@@ -2792,7 +2790,6 @@ if test "$debug_tcg" = "yes" ; then
 fi
 if test "$mingw32" = "yes" ; then
   echo "CONFIG_WIN32=y" >> $config_host_mak
-  echo "QEMU_GA_MSI_MINGW_DLL_PATH=${QEMU_GA_MSI_MINGW_DLL_PATH}" >> 
$config_host_mak
   echo "QEMU_GA_MANUFACTURER=${QEMU_GA_MANUFACTURER}" >> $config_host_mak
   echo "QEMU_GA_DISTRO=${QEMU_GA_DISTRO}" >> $config_host_mak
   echo "QEMU_GA_VERSION=${QEMU_GA_VERSION}" >> $config_host_mak
diff --git a/qga/meson.build b/qga/meson.build
index 62472747f1bb..94fa64eb9bd8 100644
--- a/qga/meson.build
+++ b/qga/meson.build
@@ -131,7 +131,6 @@ if targetos == 'windows'
   wixl, '-o', '@OUTPUT0@', '@INPUT0@',
   qemu_ga_msi_arch[cpu],
   qemu_ga_msi_vss,
-  '-D', 'Mingw_dlls=' + 
config_host['QEMU_GA_MSI_MINGW_DLL_PATH'],
 ])
 all_qga += [qga_msi]
 alias_target('msi', qga_msi)
-- 
2.35.1.693.g805e0a68082a

Re: [PATCH v2] 9p: move P9_XATTR_SIZE_MAX from 9p.h to 9p.c

[Will Cohen]

On Thu, Mar 31, 2022 at 4:00 PM Peter Maydell 
wrote:

> On Thu, 31 Mar 2022 at 19:27, Will Cohen  wrote:
> >
> > The patch set adding 9p functionality to darwin introduced an issue
> > where limits.h, which defines XATTR_SIZE_MAX, is included in 9p.c,
> > though the referenced constant is needed in 9p.h. This commit fixes that
> > issue by moving the definition of P9_XATTR_SIZE_MAX, which uses
> > XATTR_SIZE_MAX, to also be in 9p.c.
> >
> > Additionally, this commit moves the location of the system headers
> > include in 9p.c to occur before the project headers.
> >
> > Resolves: https://gitlab.com/qemu-project/qemu/-/issues/950
> > Fixes: 38d7fd68b0 ("9p: darwin: Move XATTR_SIZE_MAX->P9_XATTR_SIZE_MAX")
> >
> > Signed-off-by: Will Cohen 
> > ---
> >  hw/9pfs/9p.c | 28 +++-
> >  hw/9pfs/9p.h | 18 --
> >  2 files changed, 23 insertions(+), 23 deletions(-)
> >
> > diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
> > index dcaa602d4c..b9152c7882 100644
> > --- a/hw/9pfs/9p.c
> > +++ b/hw/9pfs/9p.c
> > @@ -16,6 +16,11 @@
> >   * https://wiki.qemu.org/Documentation/9p
> >   */
> >
> > +#ifdef CONFIG_LINUX
> > +#include 
> > +#else
> > +#include 
> > +#endif
> >  #include "qemu/osdep.h"
>
> osdep.h must always be the first include line in any .c file.
>

Understood, apologies -- if there's other changes for a v3 I can resubmit
accordingly, but if this otherwise looks okay then I would be fine with a
QEMU maintainer adjusting the header placement as needed when preparing for
submission to the main tree.

Will


>
> thanks
> -- PMM
>

Re: [PATCH v2] 9p: move P9_XATTR_SIZE_MAX from 9p.h to 9p.c

[Peter Maydell]

On Thu, 31 Mar 2022 at 19:27, Will Cohen  wrote:
>
> The patch set adding 9p functionality to darwin introduced an issue
> where limits.h, which defines XATTR_SIZE_MAX, is included in 9p.c,
> though the referenced constant is needed in 9p.h. This commit fixes that
> issue by moving the definition of P9_XATTR_SIZE_MAX, which uses
> XATTR_SIZE_MAX, to also be in 9p.c.
>
> Additionally, this commit moves the location of the system headers
> include in 9p.c to occur before the project headers.
>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/950
> Fixes: 38d7fd68b0 ("9p: darwin: Move XATTR_SIZE_MAX->P9_XATTR_SIZE_MAX")
>
> Signed-off-by: Will Cohen 
> ---
>  hw/9pfs/9p.c | 28 +++-
>  hw/9pfs/9p.h | 18 --
>  2 files changed, 23 insertions(+), 23 deletions(-)
>
> diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
> index dcaa602d4c..b9152c7882 100644
> --- a/hw/9pfs/9p.c
> +++ b/hw/9pfs/9p.c
> @@ -16,6 +16,11 @@
>   * https://wiki.qemu.org/Documentation/9p
>   */
>
> +#ifdef CONFIG_LINUX
> +#include 
> +#else
> +#include 
> +#endif
>  #include "qemu/osdep.h"

osdep.h must always be the first include line in any .c file.

thanks
-- PMM

Re: [PULL 0/1] Last minute tcg/aarch64 fix for 7.0

[Peter Maydell]

On Thu, 31 Mar 2022 at 18:07, Richard Henderson
 wrote:
>
> The following changes since commit cace6c6f3aca7b88afc42995f90bbefb37a0ed57:
>
>   Merge tag 'pull-qapi-2022-03-31' of git://repo.or.cz/qemu/armbru into 
> staging (2022-03-31 11:56:52 +0100)
>
> are available in the Git repository at:
>
>   https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220331
>
> for you to fetch changes up to 7ceee3a19b31818e6f7c8e429e25b219aefa8dd6:
>
>   tcg/aarch64: Use 'ull' suffix to force 64-bit constant (2022-03-31 11:03:59 
> -0600)
>
> 
> Fix tcg/aarch64 buglet for Windows on ARM host (#947).
>
> 
> Richard Henderson (1):
>   tcg/aarch64: Use 'ull' suffix to force 64-bit constant
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.0
for any user-visible changes.

-- PMM

[PATCH 1/3] block/copy-before-write: create block_copy bitmap in filter node

[Vladimir Sementsov-Ogievskiy]

Currently block_copy creates copy_bitmap in source node. But that is in
bad relation with .independent_close=true of copy-before-write filter:
source node may be detached and removed before .bdrv_close() handler
called, which should call block_copy_state_free(), which in turn should
remove copy_bitmap.

That's all not ideal: it would be better if internal bitmap of
block-copy object is not attached to any node. But that is not possible
now.

The simplest solution is just create copy_bitmap in filter node, where
anyway two other bitmaps are created.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 block/block-copy.c |   3 +-
 block/copy-before-write.c  |   2 +-
 include/block/block-copy.h |   1 +
 tests/qemu-iotests/257.out | 112 ++---
 4 files changed, 60 insertions(+), 58 deletions(-)

diff --git a/block/block-copy.c b/block/block-copy.c
index ec46775ea5..9626043480 100644
--- a/block/block-copy.c
+++ b/block/block-copy.c
@@ -342,6 +342,7 @@ static int64_t 
block_copy_calculate_cluster_size(BlockDriverState *target,
 }
 
 BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
+ BlockDriverState *copy_bitmap_bs,
  const BdrvDirtyBitmap *bitmap,
  Error **errp)
 {
@@ -356,7 +357,7 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, 
BdrvChild *target,
 return NULL;
 }
 
-copy_bitmap = bdrv_create_dirty_bitmap(source->bs, cluster_size, NULL,
+copy_bitmap = bdrv_create_dirty_bitmap(copy_bitmap_bs, cluster_size, NULL,
errp);
 if (!copy_bitmap) {
 return NULL;
diff --git a/block/copy-before-write.c b/block/copy-before-write.c
index 90a9c7874a..79cf12380e 100644
--- a/block/copy-before-write.c
+++ b/block/copy-before-write.c
@@ -398,7 +398,7 @@ static int cbw_open(BlockDriverState *bs, QDict *options, 
int flags,
 ((BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK) &
  bs->file->bs->supported_zero_flags);
 
-s->bcs = block_copy_state_new(bs->file, s->target, bitmap, errp);
+s->bcs = block_copy_state_new(bs->file, s->target, bs, bitmap, errp);
 if (!s->bcs) {
 error_prepend(errp, "Cannot create block-copy-state: ");
 return -EINVAL;
diff --git a/include/block/block-copy.h b/include/block/block-copy.h
index 68bbd344b2..b03eb5f016 100644
--- a/include/block/block-copy.h
+++ b/include/block/block-copy.h
@@ -25,6 +25,7 @@ typedef struct BlockCopyState BlockCopyState;
 typedef struct BlockCopyCallState BlockCopyCallState;
 
 BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
+ BlockDriverState *copy_bitmap_bs,
  const BdrvDirtyBitmap *bitmap,
  Error **errp);
 
diff --git a/tests/qemu-iotests/257.out b/tests/qemu-iotests/257.out
index aa76131ca9..c33dd7f3a9 100644
--- a/tests/qemu-iotests/257.out
+++ b/tests/qemu-iotests/257.out
@@ -120,16 +120,16 @@ write -P0x67 0x3fe 0x2
 "granularity": 65536,
 "persistent": false,
 "recording": false
-  }
-],
-"drive0": [
+  },
   {
 "busy": false,
 "count": 0,
 "granularity": 65536,
 "persistent": false,
 "recording": false
-  },
+  }
+],
+"drive0": [
   {
 "busy": false,
 "count": 458752,
@@ -596,16 +596,16 @@ write -P0x67 0x3fe 0x2
 "granularity": 65536,
 "persistent": false,
 "recording": false
-  }
-],
-"drive0": [
+  },
   {
 "busy": false,
 "count": 0,
 "granularity": 65536,
 "persistent": false,
 "recording": false
-  },
+  }
+],
+"drive0": [
   {
 "busy": false,
 "count": 458752,
@@ -865,16 +865,16 @@ write -P0x67 0x3fe 0x2
 "granularity": 65536,
 "persistent": false,
 "recording": false
-  }
-],
-"drive0": [
+  },
   {
 "busy": false,
 "count": 0,
 "granularity": 65536,
 "persistent": false,
 "recording": false
-  },
+  }
+],
+"drive0": [
   {
 "busy": false,
 "count": 458752,
@@ -1341,16 +1341,16 @@ write -P0x67 0x3fe 0x2
 "granularity": 65536,
 "persistent": false,
 "recording": false
-  }
-],
-"drive0": [
+  },
   {
 "busy": false,
 "count": 0,
 "granularity": 65536,
 "persistent": false,
 "recording": false
-  },
+  }
+],
+"drive0": [
   {
 "busy": false,
 "count": 458752,
@@ -1610,16 +1610,16 @@ write -P0x67 0x3fe 0x2
 "granularity": 65536,
 "persistent": false,
 "recording": false
-  }
-

[PATCH 2/3] qapi: blockdev-backup: add discard-source parameter

[Vladimir Sementsov-Ogievskiy]

Add a parameter that enables discard-after-copy. That is mostly useful
in "push backup with fleecing" scheme, when source is snapshot-access
format driver node, based on copy-before-write filter snapshot-access
API:

[guest]  [snapshot-access] ~~ blockdev-backup ~~> [backup target]
   ||
   | root   | file
   vv
[copy-before-write]
   | |
   | file| target
   v v
[active disk]   [temp.img]

In this case discard-after-copy does two things:

 - discard data in temp.img to save disk space
 - avoid further copy-before-write operation in discarded area

Note that we have to declare WRITE permission on source in
copy-before-write filter, for discard to work. Alternative is to pass
an option to bdrv_cbw_append(), add some internal open-option for
copy-before-write filter to require WRITE permission only for backup
with discard-source=true. But I'm not sure it worth the complexity.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 block/backup.c |  5 +++--
 block/block-copy.c | 10 --
 block/copy-before-write.c  |  2 +-
 block/replication.c|  4 ++--
 blockdev.c |  2 +-
 include/block/block-copy.h |  2 +-
 include/block/block_int-global-state.h |  2 +-
 qapi/block-core.json   |  4 
 8 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/block/backup.c b/block/backup.c
index 5cfd0b999c..d0d512ec61 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -355,7 +355,7 @@ BlockJob *backup_job_create(const char *job_id, 
BlockDriverState *bs,
   BlockDriverState *target, int64_t speed,
   MirrorSyncMode sync_mode, BdrvDirtyBitmap *sync_bitmap,
   BitmapSyncMode bitmap_mode,
-  bool compress,
+  bool compress, bool discard_source,
   const char *filter_node_name,
   BackupPerf *perf,
   BlockdevOnError on_source_error,
@@ -486,7 +486,8 @@ BlockJob *backup_job_create(const char *job_id, 
BlockDriverState *bs,
 job->len = len;
 job->perf = *perf;
 
-block_copy_set_copy_opts(bcs, perf->use_copy_range, compress);
+block_copy_set_copy_opts(bcs, perf->use_copy_range, compress,
+ discard_source);
 block_copy_set_progress_meter(bcs, >common.job.progress);
 block_copy_set_speed(bcs, speed);
 
diff --git a/block/block-copy.c b/block/block-copy.c
index 9626043480..2d8373f63f 100644
--- a/block/block-copy.c
+++ b/block/block-copy.c
@@ -133,6 +133,7 @@ typedef struct BlockCopyState {
 CoMutex lock;
 int64_t in_flight_bytes;
 BlockCopyMethod method;
+bool discard_source;
 BlockReqList reqs;
 QLIST_HEAD(, BlockCopyCallState) calls;
 /*
@@ -278,11 +279,12 @@ static uint32_t block_copy_max_transfer(BdrvChild 
*source, BdrvChild *target)
 }
 
 void block_copy_set_copy_opts(BlockCopyState *s, bool use_copy_range,
-  bool compress)
+  bool compress, bool discard_source)
 {
 /* Keep BDRV_REQ_SERIALISING set (or not set) in block_copy_state_new() */
 s->write_flags = (s->write_flags & BDRV_REQ_SERIALISING) |
 (compress ? BDRV_REQ_WRITE_COMPRESSED : 0);
+s->discard_source = discard_source;
 
 if (s->max_transfer < s->cluster_size) {
 /*
@@ -405,7 +407,7 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, 
BdrvChild *target,
 cluster_size),
 };
 
-block_copy_set_copy_opts(s, false, false);
+block_copy_set_copy_opts(s, false, false, false);
 
 ratelimit_init(>rate_limit);
 qemu_co_mutex_init(>lock);
@@ -575,6 +577,10 @@ static coroutine_fn int block_copy_task_entry(AioTask 
*task)
 co_put_to_shres(s->mem, t->req.bytes);
 block_copy_task_end(t, ret);
 
+if (s->discard_source && ret == 0) {
+bdrv_co_pdiscard(s->source, t->req.offset, t->req.bytes);
+}
+
 return ret;
 }
 
diff --git a/block/copy-before-write.c b/block/copy-before-write.c
index 79cf12380e..3e77313a9a 100644
--- a/block/copy-before-write.c
+++ b/block/copy-before-write.c
@@ -319,7 +319,7 @@ static void cbw_child_perm(BlockDriverState *bs, BdrvChild 
*c,
 bdrv_default_perms(bs, c, role, reopen_queue,
perm, shared, nperm, nshared);
 
-*nperm = *nperm | BLK_PERM_CONSISTENT_READ;
+*nperm = *nperm | BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE;
 *nshared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
 }
 }
diff --git a/block/replication.c b/block/replication.c
index 2f17397764..f6a0b23563 100644
--- a/block/replication.c
+++ b/block/replication.c
@@ -587,8 +587,8 @@ static void replication_start(ReplicationState *rs, 
ReplicationMode mode,
 
 s->backup_job = backup_job_create(
 NULL, s->secondary_disk->bs, 

[PATCH 3/3] iotests: add backup-discard-source

[Vladimir Sementsov-Ogievskiy]

Add test for a new backup option: discard-source.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 .../qemu-iotests/tests/backup-discard-source  | 154 ++
 .../tests/backup-discard-source.out   |   5 +
 2 files changed, 159 insertions(+)
 create mode 100755 tests/qemu-iotests/tests/backup-discard-source
 create mode 100644 tests/qemu-iotests/tests/backup-discard-source.out

diff --git a/tests/qemu-iotests/tests/backup-discard-source 
b/tests/qemu-iotests/tests/backup-discard-source
new file mode 100755
index 00..d301fbd2d1
--- /dev/null
+++ b/tests/qemu-iotests/tests/backup-discard-source
@@ -0,0 +1,154 @@
+#!/usr/bin/env python3
+#
+# Test removing persistent bitmap from backing
+#
+# Copyright (c) 2022 Virtuozzo International GmbH.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import os
+
+import iotests
+from iotests import qemu_img_create, qemu_img_map, qemu_io
+
+
+temp_img = os.path.join(iotests.test_dir, 'temp')
+source_img = os.path.join(iotests.test_dir, 'source')
+target_img = os.path.join(iotests.test_dir, 'target')
+size = '1M'
+
+def get_actual_size(vm, node_name):
+nodes = vm.qmp('query-named-block-nodes', flat=True)['return']
+node = next(n for n in nodes if n['node-name'] == node_name)
+return node['image']['actual-size']
+
+
+class TestBackup(iotests.QMPTestCase):
+def setUp(self):
+qemu_img_create('-f', iotests.imgfmt, source_img, size)
+qemu_img_create('-f', iotests.imgfmt, temp_img, size)
+qemu_img_create('-f', iotests.imgfmt, target_img, size)
+qemu_io('-c', 'write 0 1M', source_img)
+
+self.vm = iotests.VM()
+self.vm.launch()
+
+result = self.vm.qmp('blockdev-add', {
+'node-name': 'cbw',
+'driver': 'copy-before-write',
+'file': {
+'driver': iotests.imgfmt,
+'file': {
+'driver': 'file',
+'filename': source_img,
+}
+},
+'target': {
+'driver': iotests.imgfmt,
+'discard': 'unmap',
+'node-name': 'temp',
+'file': {
+'driver': 'file',
+'filename': temp_img
+}
+}
+})
+self.assert_qmp(result, 'return', {})
+
+result = self.vm.qmp('blockdev-add', {
+'node-name': 'access',
+'discard': 'unmap',
+'driver': 'snapshot-access',
+'file': 'cbw'
+})
+self.assert_qmp(result, 'return', {})
+
+result = self.vm.qmp('blockdev-add', {
+'driver': iotests.imgfmt,
+'node-name': 'target',
+'file': {
+'driver': 'file',
+'filename': target_img
+}
+})
+self.assert_qmp(result, 'return', {})
+
+self.assertLess(get_actual_size(self.vm, 'temp'), 512 * 1024)
+
+def tearDown(self):
+# That should fail, because region is discarded
+self.vm.hmp_qemu_io('access', 'read 0 1M')
+
+self.vm.shutdown()
+
+self.assertTrue('read failed: Permission denied' in self.vm.get_log())
+
+# Final check that temp image is empty
+mapping = qemu_img_map(temp_img)
+self.assertEqual(len(mapping), 1)
+self.assertEqual(mapping[0]['start'], 0)
+self.assertEqual(mapping[0]['length'], 1024 * 1024)
+self.assertEqual(mapping[0]['data'], False)
+
+os.remove(temp_img)
+os.remove(source_img)
+os.remove(target_img)
+
+def do_backup(self):
+result = self.vm.qmp('blockdev-backup', device='access',
+ sync='full', target='target',
+ job_id='backup0',
+ discard_source=True)
+self.assert_qmp(result, 'return', {})
+
+self.vm.event_wait(name='BLOCK_JOB_COMPLETED')
+
+def test_discard_written(self):
+"""
+1. Guest writes
+2. copy-before-write operation, data is stored to temp
+3. start backup(discard_source=True), check that data is
+   removed from temp
+"""
+# Trigger copy-before-write operation
+result = self.vm.hmp_qemu_io('cbw', 'write 0 1M')
+self.assert_qmp(result, 'return', '')
+
+# 

[PATCH 0/3] backup: discard-source parameter

[Vladimir Sementsov-Ogievskiy]

Hi all!

Here is a new option for backup, that brings two things into
push-backup-with-fleecing scheme:

 - discard copied region in temporary image to save disk space
 - avoid extra copy-before-write operation in the region that is already
   copied

This is based on
"[PATCH v5 00/45] Transactional block-graph modifying API"
Based-on: <20220330212902.590099-1-vsement...@openvz.org>

Vladimir Sementsov-Ogievskiy (3):
  block/copy-before-write: create block_copy bitmap in filter node
  qapi: blockdev-backup: add discard-source parameter
  iotests: add backup-discard-source

 block/backup.c|   5 +-
 block/block-copy.c|  13 +-
 block/copy-before-write.c |   4 +-
 block/replication.c   |   4 +-
 blockdev.c|   2 +-
 include/block/block-copy.h|   3 +-
 include/block/block_int-global-state.h|   2 +-
 qapi/block-core.json  |   4 +
 tests/qemu-iotests/257.out| 112 ++---
 .../qemu-iotests/tests/backup-discard-source  | 154 ++
 .../tests/backup-discard-source.out   |   5 +
 11 files changed, 240 insertions(+), 68 deletions(-)
 create mode 100755 tests/qemu-iotests/tests/backup-discard-source
 create mode 100644 tests/qemu-iotests/tests/backup-discard-source.out

-- 
2.35.1

Re: Re: [PATCH] target/riscv: Exit current TB after an sfence.vma

[Palmer Dabbelt]

On Wed, 30 Mar 2022 22:13:39 PDT (-0700), alistai...@gmail.com wrote:

On Thu, Mar 31, 2022 at 2:36 PM Palmer Dabbelt  wrote:


On Wed, 30 Mar 2022 20:23:21 PDT (-0700), alistai...@gmail.com wrote:
> On Thu, Mar 31, 2022 at 3:11 AM Idan Horowitz  wrote:
>>
>> On Wed, 30 Mar 2022 at 19:11, Palmer Dabbelt  wrote:
>> >
>> >
>> > Presumably you mean "revert" here?  That might be the right way to go,
>> > just to avoid breaking users (even if we fix the kernel bug, it'll take
>> > a while to get everyone to update).  That said, this smells like the
>> > sort of thing that's going to crop up at arbitrary times in dynamic
>> > systems so while a revert looks like it'd work around the boot issue we
>> > might be making more headaches for folks down the road.
>> >
>>
>> The opposite in fact, I did not suggest to revert it, but rather undo
>> the revert (as Alistair already removed it from the apply-next tree),
>> since my original patch fixes buggy behaviour that is blocking the
>> testing of some embedded software on QEMU.

Ah, sorry -- the QEMU tree I was looking at still had the patch in
there, must have just been an old one.

> So, this is a little tricky.
>
> We want to apply the fix, but that will break current users.
>
> Once the fix is merged into Linux we can apply it here. That should
> hopefully be right at the start of the 7.1 QEMU development window,
> which should give time for the fix to propagate into stable kernels
> and not break too many people by the time QEMU is released.

If you think this is a Linux bug then that makes sense, but I think this
is a QEMU bug -- I sent a patch, not sure if it went through as it didn't
make it to lore.


Ah whoops. I saw the patch but didn't read it, then I assumed it was a
Linux bug from your diff earlier.


No problem, that was the first thing I sent in the morning so I doubt it 
made any sense.






I also think the bug will manifest without the TB exit patch, maybe in
single-step mode and definately if we happen to exit the TB at that
point for other reasons.  Assuming my reasoning is correct in that
patch, we may also be hitting this as arbitrary corruption anywhere.
I'd started to write up a "QEMU errata" Linux patch for this, but then
convinced myself that just adding the sfence.vma was insufficient.


Yeah, looking at it now I agree, I'll send a PR for 7.0.


Thanks!

Re: [PATCH] tests/lcitool: Do not use a hard-coded /usr/bin/python3 as python interpreter

[Laurent Vivier]

Le 29/03/2022 à 08:39, Thomas Huth a écrit :

When running "make lcitool-refresh", this currently uses the hard-coded
/usr/bin/python3 from the script's shebang line for running Python.
That's bad, since neither /usr/bin/python3 is guaranteed to exist, nor
does it honor the python interpreter that the user might have chosen
while running the "configure" script. Thus let's rather use $(PYTHON)
in the Makefile, and improve the shebang line in the script in case
someone runs this directly.

Signed-off-by: Thomas Huth 
---
  tests/lcitool/Makefile.include | 2 +-
  tests/lcitool/refresh  | 2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/lcitool/Makefile.include b/tests/lcitool/Makefile.include
index 6b215adcd1..3780185c7c 100644
--- a/tests/lcitool/Makefile.include
+++ b/tests/lcitool/Makefile.include
@@ -14,4 +14,4 @@ lcitool-help: lcitool
  
  lcitool-refresh:

$(call quiet-command, cd $(SRC_PATH) && git submodule update --init 
tests/lcitool/libvirt-ci)
-   $(call quiet-command, $(LCITOOL_REFRESH))
+   $(call quiet-command, $(PYTHON) $(LCITOOL_REFRESH))
diff --git a/tests/lcitool/refresh b/tests/lcitool/refresh
index 1f00281b44..2d198ad281 100755
--- a/tests/lcitool/refresh
+++ b/tests/lcitool/refresh
@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
  #
  # Re-generate container recipes
  #


Applied to my trivial-patches branch.

Thanks,
Laurent

Re: [PATCH] vhost-vdpa: fix typo in a comment

[Laurent Vivier]

Le 28/03/2022 à 17:20, Stefano Garzarella a écrit :

Replace vpda with vdpa.

Signed-off-by: Stefano Garzarella 
---
  hw/virtio/vhost-vdpa.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index c5ed7a3779..8adf7c0b92 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
@@ -299,7 +299,7 @@ static void vhost_vdpa_listener_region_del(MemoryListener 
*listener,
  memory_region_unref(section->mr);
  }
  /*
- * IOTLB API is used by vhost-vpda which requires incremental updating
+ * IOTLB API is used by vhost-vdpa which requires incremental updating
   * of the mapping. So we can not use generic vhost memory listener which
   * depends on the addnop().
   */


Applied to my trivial-patches branch.

Thanks,
Laurent

Re: [PATCH] target/sh4: Remove old README.sh4 file

[Laurent Vivier]

Le 29/03/2022 à 17:19, Thomas Huth a écrit :

This file didn't have any non-trivial update since it was initially
added in 2006, and looking at the content, it seems incredibly outdated,
saying e.g. "The sh4 target is not ready at all yet for integration in
qemu" or "A sh4 user-mode has also somewhat started but will be worked
on afterwards"... Sounds like nobody is interested in this README file
anymore, so let's simply remove it now.

Signed-off-by: Thomas Huth 
---
  target/sh4/README.sh4 | 150 --
  1 file changed, 150 deletions(-)
  delete mode 100644 target/sh4/README.sh4

diff --git a/target/sh4/README.sh4 b/target/sh4/README.sh4
deleted file mode 100644
index a192ca7540..00
--- a/target/sh4/README.sh4
+++ /dev/null
@@ -1,150 +0,0 @@
-qemu target:   sh4
-author:Samuel Tardieu 
-last modified: Tue Dec  6 07:22:44 CET 2005
-
-The sh4 target is not ready at all yet for integration in qemu. This
-file describes the current state of implementation.
-
-Most places requiring attention and/or modification can be detected by
-looking for "X" or "abort()".
-
-The sh4 core is located in target/sh4/*, while the 7750 peripheral
-features (IO ports for example) are located in hw/sh7750.[ch]. The
-main board description is in hw/shix.c, and the NAND flash in
-hw/tc58128.[ch].
-
-All the shortcomings indicated here will eventually be resolved. This
-is a work in progress. Features are added in a semi-random order: if a
-point is blocking to progress on booting the Linux kernel for the shix
-board, it is addressed first; if feedback is necessary and no progress
-can be made on blocking points until it is received, a random feature
-is worked on.
-
-Goals
--
-
-The primary model being worked on is the soft MMU target to be able to
-emulate the Shix 2.0 board by Alexis Polti, described at
-https://web.archive.org/web/20070917001736/http://perso.enst.fr/~polti/realisations/shix20/
-
-Ultimately, qemu will be coupled with a system C or a verilog
-simulator to simulate the whole board functionalities.
-
-A sh4 user-mode has also somewhat started but will be worked on
-afterwards. The goal is to automate tests for GNAT (GNU Ada) compiler
-that I ported recently to the sh4-linux target.
-
-Registers
--
-
-16 general purpose registers are available at any time. The first 8
-registers are banked and the non-directly visible ones can be accessed
-by privileged instructions. In qemu, we define 24 general purpose
-registers and the code generation use either [0-7]+[8-15] or
-[16-23]+[8-15] depending on the MD and RB flags in the sr
-configuration register.
-
-Instructions
-
-
-Most sh4 instructions have been implemented. The missing ones at this
-time are:
-  - FPU related instructions
-  - LDTLB to load a new MMU entry
-  - SLEEP to put the processor in sleep mode
-
-Most instructions could be optimized a lot. This will be worked on
-after the current model is fully functional unless debugging
-convenience requires that it is done early.
-
-Many instructions did not have a chance to be tested yet. The plan is
-to implement unit and regression testing of those in the future.
-
-MMU

-
-The MMU is implemented in the sh4 core. MMU management has not been
-tested at all yet. In the sh7750, it can be manipulated through memory
-mapped registers and this part has not yet been implemented.
-
-Exceptions
---
-
-Exceptions are implemented as described in the sh4 reference manual
-but have not been tested yet. They do not use qemu EXCP_ features
-yet.
-
-IRQ

-
-IRQ are not implemented yet.
-
-Peripheral features

-
-  + Serial ports
-
-Configuration and use of the first serial port (SCI) without
-interrupts is supported. Input has not yet been tested.
-
-Configuration of the second serial port (SCIF) is supported. FIFO
-handling infrastructure has been started but is not completed yet.
-
-  + GPIO ports
-
-GPIO ports have been implemented. A registration function allows
-external modules to register interest in some port changes (see
-hw/tc58128.[ch] for an example) and will be called back. Interrupt
-generation is not yet supported but some infrastructure is in place
-for this purpose. Note that in the current model a peripheral module
-cannot directly simulate a H->L->H input port transition and have an
-interrupt generated on the low level.
-
-  + TC58128 NAND flash
-
-TC58128 NAND flash is partially implemented through GPIO ports. It
-supports reading from flash.
-
-GDB

-
-GDB remote target support has been implemented and lightly tested.
-
-Files
--
-
-File names are hardcoded at this time. The bootloader must be stored in
-shix_bios.bin in the current directory. The initial Linux image must
-be stored in shix_linux_nand.bin in the current directory in NAND
-format. Test files can be obtained from
-http://perso.enst.fr/~polti/robot/ as well as the various datasheets I
-use.
-
-qemu disk parameter on the 

Re: [PATCH] linux-user/sh4/termbits: Silence warning about TIOCSER_TEMT double definition

[Laurent Vivier]

Le 30/03/2022 à 15:43, Thomas Huth a écrit :

Seen while compiling on Alpine:

  In file included from ../linux-user/strace.c:17:
  In file included from ../linux-user/qemu.h:11:
  In file included from ../linux-user/syscall_defs.h:1247:
  ../linux-user/sh4/termbits.h:276:10: warning: 'TIOCSER_TEMT' macro redefined
   [-Wmacro-redefined]
  # define TIOCSER_TEMT0x01   /* Transmitter physically empty */
   ^
  /usr/include/sys/ioctl.h:50:9: note: previous definition is here
  #define TIOCSER_TEMT 1
  ^
  1 warning generated.

Add the TARGET_ prefix here, too, like we do it on the other architectures.

Signed-off-by: Thomas Huth 
---
  linux-user/sh4/termbits.h | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/sh4/termbits.h b/linux-user/sh4/termbits.h
index f91b5c51cf..eeabd2d7a9 100644
--- a/linux-user/sh4/termbits.h
+++ b/linux-user/sh4/termbits.h
@@ -273,7 +273,7 @@ ebugging only */
  #define TARGET_TIOCSERGETLSR   TARGET_IOR('T', 89, unsigned int) /* 0x5459 */ 
/* Get line sta
  tus register */
/* ioctl (fd, TIOCSERGETLSR, ) where result may be as below */
-# define TIOCSER_TEMT0x01   /* Transmitter physically empty */
+# define TARGET_TIOCSER_TEMT   0x01   /* Transmitter physically empty */
  #define TARGET_TIOCSERGETMULTI TARGET_IOR('T', 90, int) /* 0x545A
  */ /* Get multiport config  */
  #define TARGET_TIOCSERSETMULTI TARGET_IOW('T', 91, int) /* 0x545B


Applied to my trivial-patches branch.

Thanks,
Laurent

[PATCH v1 2/9] qapi: fix examples: replay-break and replay-seek

[Victor Toso]

Both examples outputs are using @data member for the arguments. This
is wrong. The expected member for the QMP is @arguments. Fix it.

Signed-off-by: Victor Toso 
---
 qapi/replay.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/qapi/replay.json b/qapi/replay.json
index b4d1ba253b..351898f60d 100644
--- a/qapi/replay.json
+++ b/qapi/replay.json
@@ -81,7 +81,7 @@
 #
 # Example:
 #
-# -> { "execute": "replay-break", "data": { "icount": 220414 } }
+# -> { "execute": "replay-break", "arguments": { "icount": 220414 } }
 #
 ##
 { 'command': 'replay-break', 'data': { 'icount': 'int' } }
@@ -117,6 +117,6 @@
 #
 # Example:
 #
-# -> { "execute": "replay-seek", "data": { "icount": 220414 } }
+# -> { "execute": "replay-seek", "arguments": { "icount": 220414 } }
 ##
 { 'command': 'replay-seek', 'data': { 'icount': 'int' } }
-- 
2.35.1