Re: [v2] hw: misc: edu: fix 2 off-by-one errors

[Jiri Slaby]

On 17. 10. 22, 15:44, Alexander Bulekov wrote:

On 221015 1710, Chris Friedt wrote:

From: Christopher Friedt 

In the case that size1 was zero, because of the explicit
'end1 > addr' check, the range check would fail and the error
message would read as shown below. The correct comparison
is 'end1 >= addr' (or 'addr <= end1').

EDU: DMA range 0x4-0x3 out of bounds (0x4-0x40fff)!

At the opposite end, in the case that size1 was 4096, within()
would fail because of the non-inclusive check 'end1 < end2',
which should have been 'end1 <= end2'. The error message would
previously say

EDU: DMA range 0x4-0x40fff out of bounds (0x4-0x40fff)!

This change
1. renames local variables to be more less ambiguous
2. fixes the two off-by-one errors described above.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1254

Signed-off-by: Christopher Friedt 


Reviewed-by: Alexander Bulekov 

As a side-note, seems strange that edu_check_range will abort the entire
VM if the check fails, rather than handling the error more elegantly.
Maybe that's useful for students developing kernel drivers against the
device.


Yes, that was exactly the intention. First, as a punishment as they do 
something really wrong. Second, so they notice -- writing something 
wrong to a register of a real HW often freezes a machine too. Especially 
when misprogramming a DMA controller.


OTOH, this sucks too. Ext4 (and other FS too) is fine, they don't lose 
data. However they need to freshly boot, repair FS and investigate/think 
a lot. This trial and run (and crash) takes several loops for some.


So I am for softening it a bit. But they still should be noticed in some 
obvious way.


thanks,
--
js
suse labs

Re: [v2] hw: misc: edu: fix 2 off-by-one errors

[Jiri Slaby]

On 17. 10. 22, 16:13, Peter Maydell wrote:

  * for situations where the guest has misprogrammed the device,
log that with qemu_log_mask(LOG_GUEST_ERROR, ...)
and continue with whatever the real hardware would do, or
some reasonable choice if the h/w spec is vague


As I wrote in the previous mail, can we stop the machine after the print 
somehow, for example? So that the students have to "cont" in the qemu 
console as an acknowledgment when this happens.


thanks,
--
js
suse labs

Re: [v2] hw: misc: edu: fix 2 off-by-one errors

[Jiri Slaby]

On 15. 10. 22, 23:10, Chris Friedt wrote:

From: Christopher Friedt 

In the case that size1 was zero, because of the explicit
'end1 > addr' check, the range check would fail and the error
message would read as shown below. The correct comparison
is 'end1 >= addr' (or 'addr <= end1').

EDU: DMA range 0x4-0x3 out of bounds (0x4-0x40fff)!

At the opposite end, in the case that size1 was 4096, within()
would fail because of the non-inclusive check 'end1 < end2',
which should have been 'end1 <= end2'. The error message would
previously say

EDU: DMA range 0x4-0x40fff out of bounds (0x4-0x40fff)!

This change
1. renames local variables to be more less ambiguous
2. fixes the two off-by-one errors described above.


This should be split into two patches. This way, it's hard to review.


Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1254



thanks,
--
js
suse labs

Re: [PATCH] slirp: samba, set 'server min protocol' to NT1

[Jiri Slaby]

On 25. 02. 20, 11:43, Daniel P. Berrangé wrote:
> On Tue, Feb 25, 2020 at 11:27:58AM +0100, Jiri Slaby wrote:
>> Samba changed the default of server min protocol from LANMAN1 (very old
>> protocol) to SMB2_02 (only Vista and newer) in commit 840b8501b436
>> (docs-xml: change "server min protocol" to SMB2_02).
>>
>> WXP guests cannot use the samba shares since then as it uses a protocol
>> newer than LANMAN1, but older than SMB2_02: NT1 protocol. So set 'server
>> min protocol' in the samba config used in qemu to NT1. This restores
>> support for WinNT and newer (WXP including).
>>
>> Signed-off-by: Jiri Slaby 
>> ---
>>  net/slirp.c | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/net/slirp.c b/net/slirp.c
>> index c4334ee876c7..b3bc4a2bded7 100644
>> --- a/net/slirp.c
>> +++ b/net/slirp.c
>> @@ -887,6 +887,7 @@ static int slirp_smb(SlirpState* s, const char 
>> *exported_dir,
>>  "printing = bsd\n"
>>  "disable spoolss = yes\n"
>>  "usershare max shares = 0\n"
>> +"server min protocol = NT1\n"
>>  "[qemu]\n"
>>  "path=%s\n"
>>  "read only=no\n"
> 
> IIUC, the older protocol version has a number of downsides, both security
> and performance related, which is why Samba has removed it from the
> default config.

Sure, but is it that relevant for a VM? I mean, it's "min" protocol,
newer Win will negotiate the latest.

>  Do we really want to revert this defaults change that
> Samba maintainers made, in order to cope with a guest OS which was
> end-of-life 11 years ago ? It feels questionable to me.

It's 6 years, Vista is 3. (The current default still allows Vista.)

> Maybe QEMU's command line needs to include an option to set the min
> protocol version, so that we don't need to hardcode this obsolete protocol
> version in the source.

That would be great. Though I have no idea how to add one :). Something
like "-net user,smb=/home/smb,smbminproto=NT1" would be perfect by me.

thanks,
-- 
js
suse labs

[PATCH] slirp: samba, set 'server min protocol' to NT1

[Jiri Slaby]

Samba changed the default of server min protocol from LANMAN1 (very old
protocol) to SMB2_02 (only Vista and newer) in commit 840b8501b436
(docs-xml: change "server min protocol" to SMB2_02).

WXP guests cannot use the samba shares since then as it uses a protocol
newer than LANMAN1, but older than SMB2_02: NT1 protocol. So set 'server
min protocol' in the samba config used in qemu to NT1. This restores
support for WinNT and newer (WXP including).

Signed-off-by: Jiri Slaby 
---
 net/slirp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/slirp.c b/net/slirp.c
index c4334ee876c7..b3bc4a2bded7 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -887,6 +887,7 @@ static int slirp_smb(SlirpState* s, const char 
*exported_dir,
 "printing = bsd\n"
 "disable spoolss = yes\n"
 "usershare max shares = 0\n"
+"server min protocol = NT1\n"
 "[qemu]\n"
 "path=%s\n"
 "read only=no\n"
-- 
2.25.1

[Qemu-devel] [PATCH] target/i386: sev: fix failed message typos

[Jiri Slaby]

In these multiline messages, there were typos. Fix them -- add a missing
space and remove a superfluous apostrophe.

Inspired by Tom's patch.

Signed-off-by: Jiri Slaby 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Cc: qemu-triv...@nongnu.org
Cc: Brijesh Singh 
Cc: Tom Lendacky 
---
 target/i386/sev.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 5ba1384ea1f6..f1423cb0c0d1 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -763,7 +763,7 @@ sev_guest_init(const char *id)
 "reduced-phys-bits", NULL);
 if (s->reduced_phys_bits < 1) {
 error_report("%s: reduced_phys_bits check failed, it should be >=1,"
- "' requested '%d'", __func__, s->reduced_phys_bits);
+ " requested '%d'", __func__, s->reduced_phys_bits);
 goto err;
 }
 
@@ -783,7 +783,7 @@ sev_guest_init(const char *id)
 ret = sev_platform_ioctl(s->sev_fd, SEV_PLATFORM_STATUS, ,
  _error);
 if (ret) {
-error_report("%s: failed to get platform status ret=%d"
+error_report("%s: failed to get platform status ret=%d "
  "fw_error='%d: %s'", __func__, ret, fw_error,
  fw_error_to_str(fw_error));
 goto err;
-- 
2.22.0

Re: [Qemu-devel] [PATCH v3 2/3] edu: mmio: allow 64-bit access in read dispatch

[Jiri Slaby]

On 22. 04. 19, 16:11, Li Qiang wrote:
> The edu spec says when address >= 0x80, the MMIO area can
> be accessed by 64-bit.
> 
> Signed-off-by: Li Qiang 
> ---
> Change since v2:
> Fix an error per Phillippe's advice
> 
>  hw/misc/edu.c | 6 +-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/misc/edu.c b/hw/misc/edu.c
> index 65fc32b928..33de05141f 100644
> --- a/hw/misc/edu.c
> +++ b/hw/misc/edu.c
> @@ -185,7 +185,11 @@ static uint64_t edu_mmio_read(void *opaque, hwaddr addr, 
> unsigned size)
>  EduState *edu = opaque;
>  uint64_t val = ~0ULL;
>  
> -if (size != 4) {
> +if (addr < 0x80 && size != 4) {
> +return val;
> +}
> +
> +if (addr >= 0x80 && size != 4 && size != 8) {
>  return val;
>  }

Good catch, thanks.

-- 
js
suse labs

Re: [Qemu-devel] [PATCH v3 3/3] edu: uses uint64_t in dma operation

[Jiri Slaby]

On 22. 04. 19, 16:11, Li Qiang wrote:
> The dma related variable dma.dst/src/cnt is dma_addr_t, it is
> uint64_t in x64 platform. Change these usage from uint32_to
> uint64_t to avoid trancation in edu_dma_timer.
> 
> Signed-off-by: Li Qiang 
> Reviewed-by: Philippe Mathieu-Daude 
> ---
>  hw/misc/edu.c | 15 ---
>  1 file changed, 8 insertions(+), 7 deletions(-)
> 
> diff --git a/hw/misc/edu.c b/hw/misc/edu.c
> index 33de05141f..401ada74af 100644
> --- a/hw/misc/edu.c
> +++ b/hw/misc/edu.c
> @@ -98,23 +98,24 @@ static void edu_lower_irq(EduState *edu, uint32_t val)
>  }
>  }
>  
> -static bool within(uint32_t addr, uint32_t start, uint32_t end)
> +static bool within(uint64_t addr, uint64_t start, uint64_t end)
>  {
>  return start <= addr && addr < end;
>  }
>  
> -static void edu_check_range(uint32_t addr, uint32_t size1, uint32_t start,
> +static void edu_check_range(uint64_t addr, uint64_t size1, uint64_t start,
>  uint32_t size2)

So in this version you don't change size2's type, but you still change
size1's one :)?

Other than that, looks good to me.

>  {
> -uint32_t end1 = addr + size1;
> -uint32_t end2 = start + size2;
> +uint64_t end1 = addr + size1;
> +uint64_t end2 = start + size2;
>  
>  if (within(addr, start, end2) &&
>  end1 > addr && within(end1, start, end2)) {
>  return;
>  }
>  
> -hw_error("EDU: DMA range 0x%.8x-0x%.8x out of bounds (0x%.8x-0x%.8x)!",
> +hw_error("EDU: DMA range 0x%016"PRIx64"-0x%016"PRIx64
> + " out of bounds (0x%016"PRIx64"-0x%016"PRIx64")!",
>  addr, end1 - 1, start, end2 - 1);
>  }



-- 
js
suse labs

Re: [Qemu-devel] [PATCH for-4.0 v9 09/16] qemu_thread: supplement error handling for pci_edu_realize

[Jiri Slaby]

On 07. 01. 19, 18:29, Markus Armbruster wrote:
>static void pci_edu_uninit(PCIDevice *pdev)
>{
>EduState *edu = EDU(pdev);
> 
>qemu_mutex_lock(>thr_mutex);
>edu->stopping = true;
>qemu_mutex_unlock(>thr_mutex);
>qemu_cond_signal(>thr_cond);
>qemu_thread_join(>thread);
> 
>qemu_cond_destroy(>thr_cond);
>qemu_mutex_destroy(>thr_mutex);
> 
>timer_del(>dma_timer);
>}
> 
> Preexisting: pci_edu_uninit() neglects to call msi_uninit().  Jiri?\

I don't know, the MSI support was added in:
commit eabb5782f70b4a10975b24ccd7129929a05ac932
Author: Peter Xu 
Date:   Wed Sep 28 21:03:39 2016 +0800

hw/misc/edu: support MSI interrupt

Hence CCing Peter.

thanks,
-- 
js
suse labs

Re: [Qemu-devel] [PATCH v2 21/30] hw/misc: use the BYTE-based definitions

[Jiri Slaby]

On 03/05/2018, 12:27 PM, Philippe Mathieu-Daudé wrote:
> --- a/hw/misc/auxbus.c
> +++ b/hw/misc/auxbus.c
> @@ -68,7 +68,7 @@ AUXBus *aux_init_bus(DeviceState *parent, const char *name)
>  
>  /* Memory related. */
>  bus->aux_io = g_malloc(sizeof(*bus->aux_io));
> -memory_region_init(bus->aux_io, OBJECT(bus), "aux-io", (1 << 20));
> +memory_region_init(bus->aux_io, OBJECT(bus), "aux-io", 2 * M_BYTE);

Only M_BYTE, not "2 *".

>  address_space_init(>aux_addr_space, bus->aux_io, "aux-io");
>  return bus;
>  }
> diff --git a/hw/misc/edu.c b/hw/misc/edu.c
> index 34eb05d213..ce8235dfc4 100644
> --- a/hw/misc/edu.c
> +++ b/hw/misc/edu.c
> @@ -357,7 +357,7 @@ static void pci_edu_realize(PCIDevice *pdev, Error **errp)
> edu, QEMU_THREAD_JOINABLE);
>  
>  memory_region_init_io(>mmio, OBJECT(edu), _mmio_ops, edu,
> -"edu-mmio", 1 << 20);
> +"edu-mmio", 1 * M_BYTE);

"1 * " is superfluous

thanks,
-- 
js
suse labs

Re: [Qemu-devel] [PATCH] misc: edu: free dma timer in device unit

[Jiri Slaby]

On 02/08/2017, 04:40 AM, Li Qiang wrote:
> From: Li Qiang 
> 
> This can avoid a memory leak when hotplug and unplug.
> 
> Signed-off-by: Li Qiang 
> ---
>  hw/misc/edu.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/misc/edu.c b/hw/misc/edu.c
> index 401039c..7565552 100644
> --- a/hw/misc/edu.c
> +++ b/hw/misc/edu.c
> @@ -375,6 +375,7 @@ static void pci_edu_uninit(PCIDevice *pdev)
>  qemu_mutex_destroy(>thr_mutex);
>  
>  timer_del(>dma_timer);
> +timer_free(>dma_timer);

Freeing a static timer does not sound correct to me?

thanks,
-- 
js
suse labs

[Qemu-devel] [PATCH 1/1] edu: fix license information

[Jiri Slaby]

Signed-off-by: Jiri Slaby jsl...@suse.cz
---
 docs/specs/edu.txt | 4 
 hw/misc/edu.c  | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/specs/edu.txt b/docs/specs/edu.txt
index 360af27ec8b1..1a23df9d21f6 100644
--- a/docs/specs/edu.txt
+++ b/docs/specs/edu.txt
@@ -2,6 +2,10 @@
 EDU device
 ==
 
+Copyleft (c) 2014-2015 Jiri Slaby
+
+This document is licensed under the GPLv2 (or later).
+
 This is an educational device for writing (kernel) drivers. Its original
 intention was to support the Linux kernel lectures taught at the Masaryk
 University. Students are given this virtual device and are expected to write a
diff --git a/hw/misc/edu.c b/hw/misc/edu.c
index c74f9b64540d..9a8088c6898d 100644
--- a/hw/misc/edu.c
+++ b/hw/misc/edu.c
@@ -1,7 +1,7 @@
 /*
  * QEMU educational PCI device
  *
- * Copyright (c) 2012-2014 Jiri Slaby
+ * Copyright (c) 2012-2015 Jiri Slaby
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
  * copy of this software and associated documentation files (the Software),
-- 
2.2.1

Re: [Qemu-devel] [PATCH 1/1] edu: fix license information

[Jiri Slaby]

On 01/22/2015, 10:04 AM, Markus Armbruster wrote:
 Jiri Slaby jsl...@suse.cz writes:
 
 Signed-off-by: Jiri Slaby jsl...@suse.cz
 ---
  docs/specs/edu.txt | 4 
  hw/misc/edu.c  | 2 +-
  2 files changed, 5 insertions(+), 1 deletion(-)

 diff --git a/docs/specs/edu.txt b/docs/specs/edu.txt
 index 360af27ec8b1..1a23df9d21f6 100644
 --- a/docs/specs/edu.txt
 +++ b/docs/specs/edu.txt
 @@ -2,6 +2,10 @@
  EDU device
  ==
  
 +Copyleft (c) 2014-2015 Jiri Slaby
 
 IANAL, but I'm afraid you have to spell this Copyright to carry legal
 weight.

Not quite as (c) is enough. GPLv2 is a copyleft license.

-- 
js
suse labs

Re: [Qemu-devel] [PATCH 1/1] edu: fix license information

[Jiri Slaby]

On 01/22/2015, 04:53 PM, Paolo Bonzini wrote:
 On 22/01/2015 16:39, Eric Blake wrote:
 On 01/22/2015 01:22 AM, Jiri Slaby wrote:
 Signed-off-by: Jiri Slaby jsl...@suse.cz --- docs/specs/edu.txt
 | 4  hw/misc/edu.c  | 2 +- 2 files changed, 5
 insertions(+), 1 deletion(-)

 diff --git a/docs/specs/edu.txt b/docs/specs/edu.txt index
 360af27ec8b1..1a23df9d21f6 100644 --- a/docs/specs/edu.txt +++
 b/docs/specs/edu.txt @@ -2,6 +2,10 @@ EDU device ==

 +Copyleft (c) 2014-2015 Jiri Slaby

 s/Copyleft/Copyright/.  There's legal implications to the word you
 use, and the rest of the code base does not use Copyleft.

 
 Yup, fixed and applied.

Ok, thanks a lot! (I still think copyleft (c) was enough (in all laws
we care) ;).)

-- 
js
suse labs

Re: [Qemu-devel] [PATCH v4 1/1] pci-host: add educational driver

[Jiri Slaby]

On 01/21/2015, 05:40 PM, Paolo Bonzini wrote:
 
 
 On 21/01/2015 17:28, Jiri Slaby wrote:
 +if (atomic_fetch_or(edu-status, EDU_STATUS_COMPUTING)  
 EDU_STATUS_COMPUTING) {
 
 Theoretically the other thread could see EDU_STATUS_COMPUTING here and
 not enter the condvar wait.  So...
 
 +break;
 +}
 +qemu_mutex_lock(edu-thr_mutex);
 +edu-fact = val;
 +qemu_cond_signal(edu-thr_cond);
 +qemu_mutex_unlock(edu-thr_mutex);
 
 ... just one change:
 
if (atomic_read(edu-status)  EDU_STATUS_COMPUTING) {
break;
}
/* EDU_STATUS_COMPUTING cannot go 0-1 concurrently, because
 * it is only set in this function and it is under the iothread
 * mutex.
 */
qemu_mutex_lock(edu-thr_mutex);
edu-fact = val;
atomic_or(edu-status), EDU_STATUS_COMPUTING);
qemu_cond_signal(edu-thr_cond);
qemu_mutex_unlock(edu-thr_mutex);
 
 If you are okay with this change, I'll apply the patch to my tree.

Oh, I see. I will send v5 shortly as I found a bug in documentation too.

Thanks a lot for the review.

-- 
js
suse labs

[Qemu-devel] [PATCH v4 1/1] pci-host: add educational driver

[Jiri Slaby]

I am using qemu for teaching the Linux kernel at our university. I
wrote a simple PCI device that can answer to writes/reads, generate
interrupts and perform DMA. As I am dragging it locally over 2 years,
I am sending it to you now.

Signed-off-by: Jiri Slaby jsl...@suse.cz
---
 MAINTAINERS |   5 +
 default-configs/pci.mak |   1 +
 docs/specs/edu.txt  | 106 +
 hw/misc/Makefile.objs   |   1 +
 hw/misc/edu.c   | 401 
 5 files changed, 514 insertions(+)
 create mode 100644 docs/specs/edu.txt
 create mode 100644 hw/misc/edu.c

diff --git a/MAINTAINERS b/MAINTAINERS
index 430688dcab57..fd335a47bf5c 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -599,6 +599,11 @@ F: hw/net/opencores_eth.c
 
 Devices
 ---
+EDU
+M: Jiri Slaby jsl...@suse.cz
+S: Maintained
+F: hw/misc/edu.c
+
 IDE
 M: Kevin Wolf kw...@redhat.com
 M: Stefan Hajnoczi stefa...@redhat.com
diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index a186c39c0e32..030cdc7d3dd0 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -32,3 +32,4 @@ CONFIG_PCI_TESTDEV=y
 CONFIG_NVME_PCI=y
 CONFIG_SD=y
 CONFIG_SDHCI=y
+CONFIG_EDU=y
diff --git a/docs/specs/edu.txt b/docs/specs/edu.txt
new file mode 100644
index ..a15d6a2545f0
--- /dev/null
+++ b/docs/specs/edu.txt
@@ -0,0 +1,106 @@
+
+EDU device
+==
+
+This is an educational device for writing (kernel) drivers. Its original
+intention was to support the Linux kernel lectures taught at the Masaryk
+University. Students are given this virtual device and are expected to write a
+driver with I/Os, IRQs, DMAs and such.
+
+The devices behaves very similar to the PCI bridge present in the COMBO6 cards
+developed under the Liberouter wings. Both PCI device ID and PCI space is
+inherited from that device.
+
+Command line switches:
+-device edu[,dma_mask=mask]
+
+dma_mask makes the virtual device work with DMA addresses with the given
+mask. For educational purposes, the device supports only 28 bits (256 MiB)
+by default. Students shall set dma_mask for the device in the OS driver
+properly.
+
+PCI specs
+-
+
+PCI ID: 1234:11e8
+
+PCI Region 0:
+   I/O memory, 1 MB in size. Users are supposed to communicate with the card
+   through this memory.
+
+MMIO area spec
+--
+
+Only size == 4 accesses are allowed for addresses  0x80. size == 4 or
+size == 8 for the rest.
+
+0x00 (RO) : identification (0xRRrr00edu)
+   RR -- major version
+   rr -- minor version
+
+0x04 (RW) : card liveness check
+   It is a simple value inversion (~ C operator).
+
+0x08 (RW) : factorial computation
+   The stored value is taken and factorial of it is put back here.
+   This happens only after factorial bit in the status register (0x20
+   below) is cleared.
+
+0x20 (RW) : status register, bitwise OR
+   0x01 -- computing factorial (RO)
+   0x02 -- raise interrupt 0x01 after finishing factorial computation
+
+0x24 (RO) : interrupt status register
+   It contains values which raised the interrupt (see interrupt raise
+   register below).
+
+0x60 (WO) : interrupt raise register
+   Raise an interrupt. The value will be put to the interrupt status
+   register (using bitwise OR).
+
+0x64 (WO) : interrupt acknowledge register
+   Clear an interrupt. The value will be cleared from the interrupt
+   status register. This needs to be done from the ISR to stop
+   generating interrupts.
+
+0x80 (RW) : DMA source address
+   Where to perform the DMA from.
+
+0x88 (RW) : DMA destination address
+   Where to perform the DMA to.
+
+0x90 (RW) : DMA transfer count
+   The size of the area to perform the DMA on.
+
+0x98 (RW) : DMA command register, bitwise OR
+   0x01 -- start transfer
+   0x02 -- direction (0: from RAM to EDU, 1: from EDU to RAM)
+   0x04 -- raise interrupt 0x100 after finishing the DMA
+
+IRQ controller
+--
+An IRQ is generated when written to the interrupt raise register. The value
+appears in interrupt status register when the interrupt is raised and has to
+be written to the interrupt acknowledge register to lower it.
+
+DMA controller
+--
+One has to specify, source, destination, size, and start the transfer. One
+4096 bytes long buffer at offset 0x4 is available in the EDU device. I.e.
+one can perform DMA to/from this space when programmed properly.
+
+Example of transferring a 100 byte block to and from the buffer using a given
+PCI address 'addr':
+addr - DMA source address
+0x4  - DMA destination address
+100  - DMA transfer count
+1- DMA command register
+while (DMA command register  1)
+   ;
+
+0x4  - DMA source address
+addr+100 - DMA destination address
+100  - DMA transfer count
+3- DMA command register
+while (DMA command

[Qemu-devel] [PATCH v5 1/1] hw: misc, add educational driver

[Jiri Slaby]

I am using qemu for teaching the Linux kernel at our university. I
wrote a simple PCI device that can answer to writes/reads, generate
interrupts and perform DMA. As I am dragging it locally over 2 years,
I am sending it to you now.

Signed-off-by: Jiri Slaby jsl...@suse.cz
---
 MAINTAINERS |   5 +
 default-configs/pci.mak |   1 +
 docs/specs/edu.txt  | 106 +
 hw/misc/Makefile.objs   |   1 +
 hw/misc/edu.c   | 409 
 5 files changed, 522 insertions(+)
 create mode 100644 docs/specs/edu.txt
 create mode 100644 hw/misc/edu.c

diff --git a/MAINTAINERS b/MAINTAINERS
index 430688dcab57..fd335a47bf5c 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -599,6 +599,11 @@ F: hw/net/opencores_eth.c
 
 Devices
 ---
+EDU
+M: Jiri Slaby jsl...@suse.cz
+S: Maintained
+F: hw/misc/edu.c
+
 IDE
 M: Kevin Wolf kw...@redhat.com
 M: Stefan Hajnoczi stefa...@redhat.com
diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index a186c39c0e32..030cdc7d3dd0 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -32,3 +32,4 @@ CONFIG_PCI_TESTDEV=y
 CONFIG_NVME_PCI=y
 CONFIG_SD=y
 CONFIG_SDHCI=y
+CONFIG_EDU=y
diff --git a/docs/specs/edu.txt b/docs/specs/edu.txt
new file mode 100644
index ..360af27ec8b1
--- /dev/null
+++ b/docs/specs/edu.txt
@@ -0,0 +1,106 @@
+
+EDU device
+==
+
+This is an educational device for writing (kernel) drivers. Its original
+intention was to support the Linux kernel lectures taught at the Masaryk
+University. Students are given this virtual device and are expected to write a
+driver with I/Os, IRQs, DMAs and such.
+
+The devices behaves very similar to the PCI bridge present in the COMBO6 cards
+developed under the Liberouter wings. Both PCI device ID and PCI space is
+inherited from that device.
+
+Command line switches:
+-device edu[,dma_mask=mask]
+
+dma_mask makes the virtual device work with DMA addresses with the given
+mask. For educational purposes, the device supports only 28 bits (256 MiB)
+by default. Students shall set dma_mask for the device in the OS driver
+properly.
+
+PCI specs
+-
+
+PCI ID: 1234:11e8
+
+PCI Region 0:
+   I/O memory, 1 MB in size. Users are supposed to communicate with the card
+   through this memory.
+
+MMIO area spec
+--
+
+Only size == 4 accesses are allowed for addresses  0x80. size == 4 or
+size == 8 for the rest.
+
+0x00 (RO) : identification (0xRRrr00edu)
+   RR -- major version
+   rr -- minor version
+
+0x04 (RW) : card liveness check
+   It is a simple value inversion (~ C operator).
+
+0x08 (RW) : factorial computation
+   The stored value is taken and factorial of it is put back here.
+   This happens only after factorial bit in the status register (0x20
+   below) is cleared.
+
+0x20 (RW) : status register, bitwise OR
+   0x01 -- computing factorial (RO)
+   0x80 -- raise interrupt 0x01 after finishing factorial computation
+
+0x24 (RO) : interrupt status register
+   It contains values which raised the interrupt (see interrupt raise
+   register below).
+
+0x60 (WO) : interrupt raise register
+   Raise an interrupt. The value will be put to the interrupt status
+   register (using bitwise OR).
+
+0x64 (WO) : interrupt acknowledge register
+   Clear an interrupt. The value will be cleared from the interrupt
+   status register. This needs to be done from the ISR to stop
+   generating interrupts.
+
+0x80 (RW) : DMA source address
+   Where to perform the DMA from.
+
+0x88 (RW) : DMA destination address
+   Where to perform the DMA to.
+
+0x90 (RW) : DMA transfer count
+   The size of the area to perform the DMA on.
+
+0x98 (RW) : DMA command register, bitwise OR
+   0x01 -- start transfer
+   0x02 -- direction (0: from RAM to EDU, 1: from EDU to RAM)
+   0x04 -- raise interrupt 0x100 after finishing the DMA
+
+IRQ controller
+--
+An IRQ is generated when written to the interrupt raise register. The value
+appears in interrupt status register when the interrupt is raised and has to
+be written to the interrupt acknowledge register to lower it.
+
+DMA controller
+--
+One has to specify, source, destination, size, and start the transfer. One
+4096 bytes long buffer at offset 0x4 is available in the EDU device. I.e.
+one can perform DMA to/from this space when programmed properly.
+
+Example of transferring a 100 byte block to and from the buffer using a given
+PCI address 'addr':
+addr - DMA source address
+0x4  - DMA destination address
+100  - DMA transfer count
+1- DMA command register
+while (DMA command register  1)
+   ;
+
+0x4  - DMA source address
+addr+100 - DMA destination address
+100  - DMA transfer count
+3- DMA command register
+while (DMA command

Re: [Qemu-devel] [PATCH v2 1/1] pci-host: add educational driver

[Jiri Slaby]

On 12/05/2014, 10:52 AM, Jiri Slaby wrote:
  hw/misc/edu.c   | 351 
 


 --- a/MAINTAINERS
 +++ b/MAINTAINERS
 @@ -593,6 +593,11 @@ F: hw/net/opencores_eth.c
  
  Devices
  ---
 +EDU
 +M: Jiri Slaby jsl...@suse.cz
 +S: Maintained
 +F: hw/pci-host/edu.c

Which does not really correspond :/

-- 
js
suse labs

[Qemu-devel] [PATCH v2 1/1] pci-host: add educational driver

[Jiri Slaby]

I am using qemu for teaching the Linux kernel at our university. I
wrote a simple PCI device that can answer to writes/reads, generate
interrupts and perform DMA. As I am dragging it locally over 2 years,
I am sending it to you now.

Signed-off-by: Jiri Slaby jsl...@suse.cz
Cc: Paolo Bonzini pbonz...@redhat.com
---
 MAINTAINERS |   5 +
 default-configs/pci.mak |   1 +
 docs/specs/edu.txt  | 105 +++
 hw/misc/Makefile.objs   |   1 +
 hw/misc/edu.c   | 351 
 5 files changed, 463 insertions(+)
 create mode 100644 docs/specs/edu.txt
 create mode 100644 hw/misc/edu.c

diff --git a/MAINTAINERS b/MAINTAINERS
index bcb69e80d2dd..9b69289aa8e3 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -593,6 +593,11 @@ F: hw/net/opencores_eth.c
 
 Devices
 ---
+EDU
+M: Jiri Slaby jsl...@suse.cz
+S: Maintained
+F: hw/pci-host/edu.c
+
 IDE
 M: Kevin Wolf kw...@redhat.com
 M: Stefan Hajnoczi stefa...@redhat.com
diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index 91b1e92da53f..29130aba61d6 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -30,3 +30,4 @@ CONFIG_IPACK=y
 CONFIG_WDT_IB6300ESB=y
 CONFIG_PCI_TESTDEV=y
 CONFIG_NVME_PCI=y
+CONFIG_EDU=y
diff --git a/docs/specs/edu.txt b/docs/specs/edu.txt
new file mode 100644
index ..94409bb58297
--- /dev/null
+++ b/docs/specs/edu.txt
@@ -0,0 +1,105 @@
+
+EDU device
+==
+
+This is an educational device for writing (kernel) drivers. Its original
+intention was to support the Linux kernel lectures taught at the Masaryk
+University. Students are given this virtual device and are expected to write a
+driver with I/Os, IRQs, DMAs and such.
+
+The devices behaves very similar to the PCI bridge present in the COMBO6 cards
+developed under the Liberouter wings. Both PCI device ID and PCI space is
+inherited from that device.
+
+Command line switches:
+-device edu[,dma_mask=mask]
+
+dma_mask makes the virtual device work with DMA addresses with the given
+mask. For educational purposes, the device supports only 28 bits (256 MiB)
+by default. Students shall set dma_mask for the device in the OS driver
+properly.
+
+PCI specs
+-
+
+PCI ID: 1234:11e8
+
+PCI Region 0:
+   I/O memory, 1 MB in size. Users are supposed to communicate with the card
+   through this memory.
+
+MMIO area spec
+--
+
+Only size == 4 accesses are allowed for addresses  0x80. size == 4 or
+size == 8 for the rest.
+
+0x00 (RO) : identification (0xRRrr00edu)
+   RR -- major version
+   rr -- minor version
+
+0x04 (RW) : card liveness check
+   It is a simple value inversion (~ C operator).
+
+0x08 (RW) : factorial computation
+   The stored value is taken and factorial of it is put back here.
+   This happens only after factorial bit in the status register (0x20
+   below) is cleared.
+
+0x20 (RO) : status register, bitwise OR
+   0x01 -- computing factorial
+
+0x24 (RO) : interrupt status register
+   It contains values which raised the interrupt (see interrupt raise
+   register below).
+
+0x60 (WO) : interrupt raise register
+   Raise an interrupt. The value will be put to the interrupt status
+   register (using bitwise OR).
+
+0x64 (WO) : interrupt acknowledge register
+   Clear an interrupt. The value will be cleared from the interrupt
+   status register. This needs to be done from the ISR to stop
+   generating interrupts.
+
+0x80 (RW) : DMA source address
+   Where to perform the DMA from.
+
+0x88 (RW) : DMA destination address
+   Where to perform the DMA to.
+
+0x90 (RW) : DMA transfer count
+   The size of the area to perform the DMA on.
+
+0x98 (RW) : DMA command register, bitwise OR
+   0x01 -- start transfer
+   0x02 -- direction (0: from RAM to EDU, 1: from EDU to RAM)
+   0x04 -- raise interrupt 0x100 after finishing the DMA
+
+IRQ controller
+--
+An IRQ is generated when written to the interrupt raise register. The value
+appears in interrupt status register when the interrupt is raised and has to
+be written to the interrupt acknowledge register to lower it.
+
+DMA controller
+--
+One has to specify, source, destination, size, and start the transfer. One
+4096 bytes long buffer at offset 0x4 is available in the EDU device. I.e.
+one can perform DMA to/from this space when programmed properly.
+
+Example of transferring a 100 byte block to and from the buffer using a given
+PCI address 'addr':
+addr - DMA source address
+0x4  - DMA destination address
+100  - DMA transfer count
+1- DMA command register
+while (DMA command register  1)
+   ;
+
+0x4  - DMA source address
+addr+100 - DMA destination address
+100  - DMA transfer count
+3- DMA command register
+while (DMA command register  1)
+   ;
diff --git

[Qemu-devel] [PATCH v3 1/1] pci-host: add educational driver

[Jiri Slaby]

I am using qemu for teaching the Linux kernel at our university. I
wrote a simple PCI device that can answer to writes/reads, generate
interrupts and perform DMA. As I am dragging it locally over 2 years,
I am sending it to you now.

Signed-off-by: Jiri Slaby jsl...@suse.cz
---
 MAINTAINERS |   5 +
 default-configs/pci.mak |   1 +
 docs/specs/edu.txt  | 105 +++
 hw/misc/Makefile.objs   |   1 +
 hw/misc/edu.c   | 351 
 5 files changed, 463 insertions(+)
 create mode 100644 docs/specs/edu.txt
 create mode 100644 hw/misc/edu.c

diff --git a/MAINTAINERS b/MAINTAINERS
index bcb69e80d2dd..4e3b9f1703bf 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -593,6 +593,11 @@ F: hw/net/opencores_eth.c
 
 Devices
 ---
+EDU
+M: Jiri Slaby jsl...@suse.cz
+S: Maintained
+F: hw/misc/edu.c
+
 IDE
 M: Kevin Wolf kw...@redhat.com
 M: Stefan Hajnoczi stefa...@redhat.com
diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index 91b1e92da53f..29130aba61d6 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -30,3 +30,4 @@ CONFIG_IPACK=y
 CONFIG_WDT_IB6300ESB=y
 CONFIG_PCI_TESTDEV=y
 CONFIG_NVME_PCI=y
+CONFIG_EDU=y
diff --git a/docs/specs/edu.txt b/docs/specs/edu.txt
new file mode 100644
index ..94409bb58297
--- /dev/null
+++ b/docs/specs/edu.txt
@@ -0,0 +1,105 @@
+
+EDU device
+==
+
+This is an educational device for writing (kernel) drivers. Its original
+intention was to support the Linux kernel lectures taught at the Masaryk
+University. Students are given this virtual device and are expected to write a
+driver with I/Os, IRQs, DMAs and such.
+
+The devices behaves very similar to the PCI bridge present in the COMBO6 cards
+developed under the Liberouter wings. Both PCI device ID and PCI space is
+inherited from that device.
+
+Command line switches:
+-device edu[,dma_mask=mask]
+
+dma_mask makes the virtual device work with DMA addresses with the given
+mask. For educational purposes, the device supports only 28 bits (256 MiB)
+by default. Students shall set dma_mask for the device in the OS driver
+properly.
+
+PCI specs
+-
+
+PCI ID: 1234:11e8
+
+PCI Region 0:
+   I/O memory, 1 MB in size. Users are supposed to communicate with the card
+   through this memory.
+
+MMIO area spec
+--
+
+Only size == 4 accesses are allowed for addresses  0x80. size == 4 or
+size == 8 for the rest.
+
+0x00 (RO) : identification (0xRRrr00edu)
+   RR -- major version
+   rr -- minor version
+
+0x04 (RW) : card liveness check
+   It is a simple value inversion (~ C operator).
+
+0x08 (RW) : factorial computation
+   The stored value is taken and factorial of it is put back here.
+   This happens only after factorial bit in the status register (0x20
+   below) is cleared.
+
+0x20 (RO) : status register, bitwise OR
+   0x01 -- computing factorial
+
+0x24 (RO) : interrupt status register
+   It contains values which raised the interrupt (see interrupt raise
+   register below).
+
+0x60 (WO) : interrupt raise register
+   Raise an interrupt. The value will be put to the interrupt status
+   register (using bitwise OR).
+
+0x64 (WO) : interrupt acknowledge register
+   Clear an interrupt. The value will be cleared from the interrupt
+   status register. This needs to be done from the ISR to stop
+   generating interrupts.
+
+0x80 (RW) : DMA source address
+   Where to perform the DMA from.
+
+0x88 (RW) : DMA destination address
+   Where to perform the DMA to.
+
+0x90 (RW) : DMA transfer count
+   The size of the area to perform the DMA on.
+
+0x98 (RW) : DMA command register, bitwise OR
+   0x01 -- start transfer
+   0x02 -- direction (0: from RAM to EDU, 1: from EDU to RAM)
+   0x04 -- raise interrupt 0x100 after finishing the DMA
+
+IRQ controller
+--
+An IRQ is generated when written to the interrupt raise register. The value
+appears in interrupt status register when the interrupt is raised and has to
+be written to the interrupt acknowledge register to lower it.
+
+DMA controller
+--
+One has to specify, source, destination, size, and start the transfer. One
+4096 bytes long buffer at offset 0x4 is available in the EDU device. I.e.
+one can perform DMA to/from this space when programmed properly.
+
+Example of transferring a 100 byte block to and from the buffer using a given
+PCI address 'addr':
+addr - DMA source address
+0x4  - DMA destination address
+100  - DMA transfer count
+1- DMA command register
+while (DMA command register  1)
+   ;
+
+0x4  - DMA source address
+addr+100 - DMA destination address
+100  - DMA transfer count
+3- DMA command register
+while (DMA command register  1)
+   ;
diff --git a/hw/misc/Makefile.objs b/hw/misc

Re: [Qemu-devel] [PATCH v2 1/1] pci-host: add educational driver

[Jiri Slaby]

On 12/05/2014, 11:35 AM, Paolo Bonzini wrote:
 Hi Jirka,
 
 because this is supposed to be a poster of good QEMU practices, the
 review is going to be a bit picky.  Most comments are trivial to apply.

Hi, OK :).

 --- /dev/null
 +++ b/hw/misc/edu.c
 @@ -0,0 +1,351 @@
...
 +static void edu_dma_timer(void *opaque)
 +{
 +EduState *edu = opaque;
 
 If you use timer_init, you might as well use container_of here.

But how? I do not have the timer as a param, right?

 +static uint64_t edu_mmio_read(void *opaque, hwaddr addr, unsigned size)
 +{
 +EduState *edu = opaque;
 +uint64_t val = ~0ULL;
 +
 +if (size != 4)
 +return val;
 +
 +switch (addr) {
 +case 0x00:
 +val = 0x01edu;
 +break;
 +case 0x04:
 +val = edu-addr4;
 +break;
 +case 0x08:
 +qemu_mutex_lock(edu-thr_mutex);
 +val = edu-fact;
 +qemu_mutex_unlock(edu-thr_mutex);
 
 No need for the mutex.

But threads, as you wrote are not protected by the big lock. So
shouldn't this be at least atomic_get()?

 +static void edu_mmio_write(void *opaque, hwaddr addr, uint64_t val,
 +unsigned size)
 +{
 +EduState *edu = opaque;
 +
 +if (addr  0x80  size != 4)
 +return;
 +
 +if (addr = 0x80  size != 4  size != 8)
 +return;
 +
 +switch (addr) {
 +case 0x04:
 +edu-addr4 = ~val;
 +break;
 +case 0x08:
 +if (edu-status  EDU_STATUS_COMPUTING)
 +break;
 +edu-status |= EDU_STATUS_COMPUTING;
 
 atomic_or(edu-status, EDU_STATUS_COMPUTING);
 
 +qemu_mutex_lock(edu-thr_mutex);
 +edu-fact = val;
 
 Probably the write should be ignored if edu-status has the computing
 bit set, otherwise if you write 4 and 5 in rapid succession you will end
 up with 24! in edu-fact.

But it is, AFAICS above?

 +qemu_cond_signal(edu-thr_cond);
 +qemu_mutex_unlock(edu-thr_mutex);
 +break;
 
 If you add the above suggestion to use interrupts, you can do:
 
 case 0x24:
 if (val  EDU_STATUS_FACT_IRQ)
 atomic_or(edu-status, EDU_STATUS_FACT_IRQ);
 else
 atomic_and(edu-status, ~EDU_STATUS_FACT_IRQ);
 break;
 
 to leave bit 0 untouched.

Did you mean case 0x20?

 +case 0x60:
 +edu-irq_status |= val;
 +pci_set_irq(edu-pdev, 1);
 
 Should not set irq if edu-irq_status is zero.

I don't understand this. 0x60 is supposed to raise interrupts mostly
when edu-irq_status is 0.

thanks,
-- 
js
suse labs

Re: [Qemu-devel] [PATCH 1/1] pci-host: add educational driver

[Jiri Slaby]

On 10/13/2014, 03:00 PM, Paolo Bonzini wrote:
 +static void edu_dma_timer(void *opaque)
 +{
 +EduState *edu = opaque;
 +bool raise_irq = false;
 +
 +qemu_mutex_lock(edu-dma_mutex);
 
 dma_mutex and mutex and irq_mutex are not necessary.  All I/O happens
 under the big QEMU lock (qemu_lock/unlock_iothread).  I can certainly
 imagine that edu.c would be one of the first devices we make
 thread-safe, but... not yet. :)

Hi,

I finally got to it. I want to make sure that I understand this
correctly. So even timers are protected by the BQL?

thanks,
-- 
js
suse labs

Re: [Qemu-devel] [PATCH 1/1] pci-host: add educational driver

[Jiri Slaby]

On 10/10/2014, 04:54 PM, Claudio Fontana wrote:
 Hello,
 
 On 10.10.2014 14:09, Jiri Slaby wrote:
 I am using qemu for teaching the Linux kernel at our university. I
 wrote a simple PCI device that can answer to writes/reads, generate
 interrupts and perform DMA. As I am dragging it locally over 2 years,
 I am sending it to you now.

 Signed-off-by: Jiri Slaby jsl...@suse.cz
 
 is this supposed to be architecture independent, or is it X86-specific?

Hi,

I did not plan it to be only x86 specific. If you see any problems, I
will fix them.

 Also at first glance I see multiple 32bit variables used to hold addresses,
 is this 32bit-only?

No, the DMA addresses are on purpose 32-bit: to teach the people always
set the dma mask properly in the driver. This driver copies COMBO6x
devices (liberouter.org) behaviour which I used until the cards got
obsoleted (hard to find PCI-X slots nowadays).

I can make this configurable if you wish.

 I wonder if this work could be merged / integrated with the Generic PCI host 
 patches that are flying around since some time...

Could you point me to some?

thanks,
-- 
js
suse labs

Re: [Qemu-devel] qemu is missing monitor

[Jiri Slaby]

On 10/09/2014, 06:05 PM, Peter Maydell wrote:
 On 9 October 2014 14:37, Jiri Slaby jsl...@suse.cz wrote:
 Hi guys,

 qemu in opensuse latest (factory) does not have monitor. Despite
 libvte-devel is installed, it is not detected by qemu. The problem is
 that configure looks for vte-2.90, but we have vte-2.91 in factory. The
 attached patch fixes that for factory, but it's dirty, of course.
 
 Why the heck have the GTK folk made point releases end up
 needing their own pkg-config library name??

Don't ask me, /me wonders too. I am thinking of one of
* --enable-vte=2.91: we would have to do rpm -q vte-devel in .spec, but
that should work
* for ver in `seq 0 9`; do
if pkg-config --exists vte-2.9$ver; then
  vteversion=vte-2.9$ver
fi
  done
* yell at the author of the versioning to retract and rethink!

thanks,
-- 
js
suse labs

Re: [Qemu-devel] qemu is missing monitor

[Jiri Slaby]

On 10/10/2014, 09:38 AM, Gerd Hoffmann wrote:
 On Do, 2014-10-09 at 17:05 +0100, Peter Maydell wrote:
 On 9 October 2014 14:37, Jiri Slaby jsl...@suse.cz wrote:
 Hi guys,

 qemu in opensuse latest (factory) does not have monitor. Despite
 libvte-devel is installed, it is not detected by qemu. The problem is
 that configure looks for vte-2.90, but we have vte-2.91 in factory. The
 attached patch fixes that for factory, but it's dirty, of course.

 Why the heck have the GTK folk made point releases end up
 needing their own pkg-config library name??
 
 Good question.  They should not do that in the first place unless they
 have a ABI change (i.e. gtk2 - gtk3 switch was a good reason).  The
 point release doesn't look like that though ...

Note, that qemu is terribly broken with 2.91. The monitor window is over
30 000 pixels in height. So there is perhaps some weird API/ABI change.
Built against 2.90, it works fine.

 I'd suggest to try sort that with vte upstream before trying to hack
 around this in qemu (and if we have to we'll need to check for both 2.90
 and 2.91 because you don't know what version the user has installed).

Ok, could you take care of that and sort that out?

-- 
js
suse labs

[Qemu-devel] [patch] qemu educational device

[Jiri Slaby]

Hello guys,

I am using qemu for teaching the Linux kernel at our university. I wrote
a simple PCI device that can answer to writes/reads, generate interrupts
and perform DMA. As I am dragging it locally over 2 years, would you be
interested in including it upstream?

thanks,
-- 
js
suse labs


training-driver.patch
Description: application/mbox

[Qemu-devel] [PATCH 1/1] pci-host: add educational driver

[Jiri Slaby]

I am using qemu for teaching the Linux kernel at our university. I
wrote a simple PCI device that can answer to writes/reads, generate
interrupts and perform DMA. As I am dragging it locally over 2 years,
I am sending it to you now.

Signed-off-by: Jiri Slaby jsl...@suse.cz
---
 MAINTAINERS   |   5 +
 hw/pci-host/Makefile.objs |   1 +
 hw/pci-host/edu.c | 336 ++
 3 files changed, 342 insertions(+)
 create mode 100644 hw/pci-host/edu.c

diff --git a/MAINTAINERS b/MAINTAINERS
index 206bf7ea4582..7f4e8591b74b 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -567,6 +567,11 @@ F: hw/xtensa/xtensa_lx60.c
 
 Devices
 ---
+EDU
+M: Jiri Slaby jsl...@suse.cz
+S: Maintained
+F: hw/pci-host/edu.c
+
 IDE
 M: Kevin Wolf kw...@redhat.com
 M: Stefan Hajnoczi stefa...@redhat.com
diff --git a/hw/pci-host/Makefile.objs b/hw/pci-host/Makefile.objs
index bb65f9c4d2d0..b01f614ed248 100644
--- a/hw/pci-host/Makefile.objs
+++ b/hw/pci-host/Makefile.objs
@@ -13,5 +13,6 @@ common-obj-$(CONFIG_VERSATILE_PCI) += versatile.o
 
 common-obj-$(CONFIG_PCI_APB) += apb.o
 common-obj-$(CONFIG_FULONG) += bonito.o
+common-obj-$(CONFIG_PCI) += edu.o
 common-obj-$(CONFIG_PCI_PIIX) += piix.o
 common-obj-$(CONFIG_PCI_Q35) += q35.o
diff --git a/hw/pci-host/edu.c b/hw/pci-host/edu.c
new file mode 100644
index ..72e09dff6f5d
--- /dev/null
+++ b/hw/pci-host/edu.c
@@ -0,0 +1,336 @@
+/*
+ * QEMU education PCI device
+ *
+ * Copyright (c) 2012 Jiri Slaby
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the Software),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#include hw/pci/pci.h
+#include qemu/timer.h
+
+#define DMA_START  0x4
+#define DMA_SIZE   4096
+#define DMA_IRQ0x0100
+
+typedef struct {
+PCIDevice pdev;
+MemoryRegion mmio;
+
+QemuThread thread;
+QemuMutex thr_mutex;
+QemuCond thr_cond;
+bool stopping;
+
+uint32_t addr4;
+uint32_t fact;
+#define EDU_STATUS_COMPUTING   0x1
+uint32_t status;
+
+uint32_t irq_status;
+QemuMutex irq_mutex;
+
+#define EDU_DMA_RUN0x1
+#define EDU_DMA_DIR(cmd)   (((cmd)  0x2)  1)
+# define EDU_DMA_FROM_PCI  0
+# define EDU_DMA_TO_PCI1
+#define EDU_DMA_IRQ0x4
+struct dma_state {
+   uint32_t src;
+   uint32_t dst;
+   uint32_t cnt;
+   uint32_t cmd;
+} dma;
+QEMUTimer *dma_timer;
+QemuMutex dma_mutex;
+char dma_buf[DMA_SIZE];
+} EduState;
+
+static bool within(uint32_t addr, uint32_t start, uint32_t end)
+{
+   return start = addr  addr  end;
+}
+
+static void check_range(uint32_t addr, uint32_t size1, uint32_t start,
+   uint32_t size2)
+{
+   uint32_t end1 = addr + size1;
+   uint32_t end2 = start + size2;
+
+   if (within(addr, start, end2) 
+   end1  addr  within(end1, start, end2))
+   return;
+
+   hw_error(EDU: DMA range 0x%.8x-0x%.8x out of bounds (0x%.8x-0x%.8x)!,
+   addr, end1 - 1, start, end2 - 1);
+}
+
+static void edu_dma_timer(void *opaque)
+{
+   EduState *edu = opaque;
+   bool raise_irq = false;
+
+   qemu_mutex_lock(edu-dma_mutex);
+   if (!(edu-dma.cmd  EDU_DMA_RUN))
+   goto end;
+
+   if (EDU_DMA_DIR(edu-dma.cmd) == EDU_DMA_FROM_PCI) {
+   uint32_t dst = edu-dma.dst;
+   check_range(dst, edu-dma.cnt, DMA_START, DMA_SIZE);
+   dst -= DMA_START;
+   pci_dma_read(edu-pdev, edu-dma.src, edu-dma_buf + dst,
+   edu-dma.cnt);
+   } else {
+   uint32_t src = edu-dma.src;
+   check_range(src, edu-dma.cnt, DMA_START, DMA_SIZE);
+   src -= DMA_START;
+   pci_dma_write(edu-pdev, edu-dma.dst, edu-dma_buf + src,
+   edu-dma.cnt);
+   }
+
+   edu-dma.cmd = ~EDU_DMA_RUN;
+   if (edu-dma.cmd  EDU_DMA_IRQ

[Qemu-devel] qemu is missing monitor

[Jiri Slaby]

Hi guys,

qemu in opensuse latest (factory) does not have monitor. Despite
libvte-devel is installed, it is not detected by qemu. The problem is
that configure looks for vte-2.90, but we have vte-2.91 in factory. The
attached patch fixes that for factory, but it's dirty, of course.

Any better idea?

thanks,
-- 
js
suse labs



vte-2.91-for-factory.patch
Description: application/mbox

[Qemu-devel] Cannot load initrd 32M via TFTP

[Jiri Slaby]

Hi,

it looks like the largest initrd qemu can pass/pxe can load from the
qemu's TFTP server is 33553920 bytes long. If a larger file is passed,
the laoding in pxelinux hangs (stops printing dots). It seems that qemu
supports tsize, but now it looks like it does not work well?

The command-line I use:
qemu-kvm -k en-us -usbdevice tablet -balloon virtio -hda
/win/vm/suse-stable.img -smp 2 -m 1000M -net
user,tftp=tftp,bootfile=/pxelinux.0 -net nic,model=e1000 -usb

Any ideas?

thanks,
-- 
js