Re: [Qemu-devel] [PATCH v4 11/21] s390x: allow only 1 CPU with TCG

[David Hildenbrand]

On 12.09.2017 14:43, Igor Mammedov wrote:
> On Mon, 11 Sep 2017 17:21:40 +0200
> David Hildenbrand  wrote:
> 
>> Specifying more than 1 CPU (e.g. -smp 5) leads to SIGP errors (the
>> guest tries to bring these CPUs up but fails), because we don't support
>> multiple CPUs on s390x under TCG.
>>
>> Let's bail out if more than 1 is specified, so we don't raise people's
>> hope. Make it a define, so we can easily bump it up later.
>>
>> Tested-by: Matthew Rosato 
>> Signed-off-by: David Hildenbrand 
>> ---
>>  hw/s390x/s390-virtio-ccw.c | 10 ++
>>  1 file changed, 10 insertions(+)
>>
>> diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
>> index f67b4b5d58..f1198b2745 100644
>> --- a/hw/s390x/s390-virtio-ccw.c
>> +++ b/hw/s390x/s390-virtio-ccw.c
>> @@ -23,6 +23,7 @@
>>  #include "hw/s390x/css.h"
>>  #include "virtio-ccw.h"
>>  #include "qemu/config-file.h"
>> +#include "qemu/error-report.h"
>>  #include "s390-pci-bus.h"
>>  #include "hw/s390x/storage-keys.h"
>>  #include "hw/s390x/storage-attributes.h"
>> @@ -47,6 +48,8 @@ S390CPU *s390_cpu_addr2state(uint16_t cpu_addr)
>>  return cpu_states[cpu_addr];
>>  }
>>  
>> +/* #define S390_TCG_SMP_SUPPORT */
> I'd drop define and ifdef for something that doesn't exists

Conny requested it as we might see some work on that area (supporting
smp) soon. So as long as there are no other opinions, I'll stick to the
current version.

Thanks!

-- 

Thanks,

David

Re: [Qemu-devel] [PATCH 4/4] s390x/css: fix incorrect length indication

[Halil Pasic]

On 09/12/2017 04:37 PM, Cornelia Huck wrote:
> On Mon, 11 Sep 2017 13:36:29 +0200
> Halil Pasic  wrote:
> 
>> On 09/11/2017 12:07 PM, Cornelia Huck wrote:
>>> On Fri,  8 Sep 2017 17:24:46 +0200
>>> Halil Pasic  wrote:
>>>   
 We report incorrect length via SCSW program check instead of incorrect
 length check (SCWS word 2 bit 10 instead of bit 9). Since we have there
 is no fitting errno for incorrect length, and since I don't like what we
 do with the errno's, as part of the fix, errnos used for control flow in
 ccw interpretation are replaced with an enum using more speaking names.  
>>>
>>> I'm not sure whether this is the way to go. I mainly dislike the size
>>> of the patch (and the fact that it mixes a fix and a change of function
>>> signature).  
>>
>> Do you agree that we should move away from POSIX errno codes? I think
>> if we do, this cant' get much smaller.
> 
> I'm not really a fan of defining our own return values, tbh.
> 

I've suspected. But your statement, although being useful, does
not answer my question. I think we need to agree on this question
before proceeding.

In my opinion both the EIO bug and this bug are great examples
why the POSIX errno codes are sub-optimal and misleading, but
that's my opinion.

>>
>>>
>>> Can we instead choose a mapping for incorrect length, and defer a
>>> possible rework?
>>>   
>>
>> In the commit message, I say that I don't have a fitting errno.
>> If you tell me which one to use, I would be glad to split this up.
>> I don't like mixing re-factoring and changing behavior myself.
>>
>> Can I have your position on the re-factoring (that is let us
>> imagine I did not change handling for incorrect length)?
> 
> If there is no return code that can be made to fit, we probably won't
> be able to get around some kind of refactoring... but then I'd prefer
> to do the refactoring first and the fix second.
> 

That is a can do. I dislike refactoring known bugs, because fixing
bugs is usually higher priority than making the code nicer, or even
marginally faster. (Btw I found these while trying to refactor.)
This however is a weak principle of mine and can be easily overpowered
by a maintainer request for example.

>>
>>> (Another idea would be to have the callback prepare the scsw via helper
>>> functions. We'd just keep -EAGAIN to keep processing a chain and 0 to
>>> stop.)
>>>   
>>
>> That was my first idea how to improve on this. I should still have the
>> code (patches), but I'm not sure whether it's clean or lumped together
>> with other experiments.
>>
>> After pushing the handling down the call chain (caller would use
>> inline functions to manipulate SCSW), I've realized that it does
>> not buy us much/anything expect the better names, while we get
>> the machine code manipulating the SCSW generated in multiple
>> instead of in one place. I also showed the results to Dong Jia and
>> he was ambivalent too: said something like it does look better,
>> but it ain't better enough to make it worthwhile.
>>
>> This is why I've decided to go with a less intrusive approach:
>> just change the names so that it's obvious what's happening.
> 
> Something like return channel_program_check(...); or so would be quite
> obvious, I think.
> 
> But yes, it will be easier to evaluate this for an actual patch ;)
> 

OK, I will look into this, and probably send an RFC these days.

 For virtio, if incorrect length checking is suppressed we keep the
 current behavior (channel-program check).  
>>>
>>> Confused. If it is suppressed, there should not be an error, no?  
>>
>> No.
>>
>> From VIRTIO 1.0 4.3.1.2  Device Requirements: Basic Concepts
>>
>> "If a driver did suppress length checks for a channel command, the device
>> MUST present a check condition if the transmitted data does not contain
>> enough data to process the command."
>> (http://docs.oasis-open.org/virtio/virtio/v1.0/cs04/virtio-v1.0-cs04.html#x1-1230001)
>>
>> So for virtio we have to present a check condition. Architecturally it
>> might look better if the one refusing is the device and not the CSS, but
>> for that we would have to change the VIRTIO spec. With the given
>> constraints a program check is IMHO the best fit.
> 
> Ah, but that's not general length checking for virtio-ccw :)

What is general length checking for virtio-ccw? Did I say it
was general length checking for virtio-ccw?

> 
> Reword the sentence to use 'short data with incorrect length checking
> suppressed' or so?
> 

Could you provide a whole sentence? I think my original sentence is OK
(purpose: indicate that virtio is special, and that we have to bend the
architecture a bit), but I agree, being a little more verbose may be a
good idea. I just can't come up with a nice sentence.

Halil

Re: [Qemu-devel] [PATCH] scripts: let checkpatch.pl process an entire GIT branch

[Paolo Bonzini]

On 12/09/2017 12:46, Daniel P. Berrange wrote:
> Currently before submitting a series, devs should run checkpatch.pl
> across each patch to be submitted. This can be automated using a
> command such as:
> 
>   git rebase -i master -x 'git show | ./scripts/checkpatch.pl -'
> 
> This is rather long winded to type, so this patch introduces a new
> flag '--branch' to checkpatch.pl which instructs it to check every
> patch on the current GIT branch.

Great idea, though I'm not sure about having a default.  And to keep it
easy to invoke, having a sole argument that ends with ".." might DWIM
and enable --branch too...

Paolo

> For example:
> 
> $ ./scripts/checkpatch.pl --branch
> total: 0 errors, 0 warnings, 297 lines checked
> 
> b886d352a2bf58f0996471fb3991a138373a2957 has no obvious style problems 
> and is ready for submission.
> total: 0 errors, 0 warnings, 182 lines checked
> 
> 2a731f9a9ce145e0e0df6d42dd2a3ce4dfc543fa has no obvious style problems 
> and is ready for submission.
> total: 0 errors, 0 warnings, 102 lines checked
> 
> 11844169bcc0c8ed4449eb3744a69877ed329dd7 has no obvious style problems 
> and is ready for submission.
> 
> By default it checks every patch identified by 'master..', however,
> an alternative origin can be given if desired, if the current branch
> is rebased to another non-master branch:
> 
> $ ./scripts/checkpatch.pl --branch somebranch..
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  scripts/checkpatch.pl | 97 
> +--
>  1 file changed, 71 insertions(+), 26 deletions(-)
> 
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index fa478074b8..f8d080441f 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -19,6 +19,8 @@ my $quiet = 0;
>  my $tree = 1;
>  my $chk_signoff = 1;
>  my $chk_patch = 1;
> +my $chk_branch = 0;
> +my $revlist = "master..";
>  my $tst_only;
>  my $emacs = 0;
>  my $terse = 0;
> @@ -43,6 +45,7 @@ Options:
>--no-tree  run without a kernel tree
>--no-signoff   do not check for 'Signed-off-by' line
>--patchtreat FILE as patchfile (default)
> +  --branch   check all patches on branch since master
>--emacsemacs compile window format
>--terseone line per report
>-f, --file treat FILE as regular source file
> @@ -69,6 +72,7 @@ GetOptions(
>   'tree!' => \$tree,
>   'signoff!'  => \$chk_signoff,
>   'patch!'=> \$chk_patch,
> + 'branch'=> \$chk_branch,
>   'emacs!'=> \$emacs,
>   'terse!'=> \$terse,
>   'f|file!'   => \$file,
> @@ -88,9 +92,19 @@ help(0) if ($help);
>  
>  my $exit = 0;
>  
> -if ($#ARGV < 0) {
> - print "$P: no input files\n";
> - exit(1);
> +if ($chk_branch) {
> + if ($#ARGV > 0) {
> + print "$P: expected zero or one origni revisions\n";
> + exit(1);
> + }
> + if ($#ARGV == 0) {
> + $revlist = shift @ARGV;
> + }
> +} else {
> + if ($#ARGV < 0) {
> + print "$P: no input files\n";
> + exit(1);
> + }
>  }
>  
>  my $dbg_values = 0;
> @@ -251,32 +265,63 @@ $chk_signoff = 0 if ($file);
>  my @rawlines = ();
>  my @lines = ();
>  my $vname;
> -for my $filename (@ARGV) {
> - my $FILE;
> - if ($file) {
> - open($FILE, '-|', "diff -u /dev/null $filename") ||
> - die "$P: $filename: diff failed - $!\n";
> - } elsif ($filename eq '-') {
> - open($FILE, '<&STDIN');
> - } else {
> - open($FILE, '<', "$filename") ||
> - die "$P: $filename: open failed - $!\n";
> - }
> - if ($filename eq '-') {
> - $vname = 'Your patch';
> - } else {
> - $vname = $filename;
> - }
> - while (<$FILE>) {
> +if ($chk_branch) {
> + my @patches;
> + my $HASH;
> + open($HASH, "-|", "git", "log", "--format=%H", $revlist) ||
> + die "$P: git log --format=%H $revlist failed - $!\n";
> +
> + while (<$HASH>) {
>   chomp;
> - push(@rawlines, $_);
> + push @patches, $_;
>   }
> - close($FILE);
> - if (!process($filename)) {
> - $exit = 1;
> +
> + close $HASH;
> +
> + for my $hash (@patches) {
> + my $FILE;
> + open($FILE, '-|', "git", "show", $hash) ||
> + die "$P: git show $hash - $!\n";
> + $vname = $hash;
> + while (<$FILE>) {
> + chomp;
> + push(@rawlines, $_);
> + }
> + close($FILE);
> + if (!process($hash)) {
> + $exit = 1;
> + }
> + @rawlines = ();
> + @lines = ();
> + }
> +} else {
> + for my $filename (@ARGV) {
> + my $F

Re: [Qemu-devel] [PATCH 4/4] s390x/css: fix incorrect length indication

[Cornelia Huck]

On Tue, 12 Sep 2017 17:43:03 +0200
Halil Pasic  wrote:

> On 09/12/2017 04:37 PM, Cornelia Huck wrote:
> > On Mon, 11 Sep 2017 13:36:29 +0200
> > Halil Pasic  wrote:
> >   
> >> On 09/11/2017 12:07 PM, Cornelia Huck wrote:  
> >>> On Fri,  8 Sep 2017 17:24:46 +0200
> >>> Halil Pasic  wrote:
> >>> 
>  We report incorrect length via SCSW program check instead of incorrect
>  length check (SCWS word 2 bit 10 instead of bit 9). Since we have there
>  is no fitting errno for incorrect length, and since I don't like what we
>  do with the errno's, as part of the fix, errnos used for control flow in
>  ccw interpretation are replaced with an enum using more speaking names.  
>    
> >>>
> >>> I'm not sure whether this is the way to go. I mainly dislike the size
> >>> of the patch (and the fact that it mixes a fix and a change of function
> >>> signature).
> >>
> >> Do you agree that we should move away from POSIX errno codes? I think
> >> if we do, this cant' get much smaller.  
> > 
> > I'm not really a fan of defining our own return values, tbh.
> >   
> 
> I've suspected. But your statement, although being useful, does
> not answer my question. I think we need to agree on this question
> before proceeding.
> 
> In my opinion both the EIO bug and this bug are great examples
> why the POSIX errno codes are sub-optimal and misleading, but
> that's my opinion.

It depends. I prefer them over home-grown ones.

(And I tend to dislike absolute statements.)

> 
> >>  
> >>>
> >>> Can we instead choose a mapping for incorrect length, and defer a
> >>> possible rework?
> >>> 
> >>
> >> In the commit message, I say that I don't have a fitting errno.
> >> If you tell me which one to use, I would be glad to split this up.
> >> I don't like mixing re-factoring and changing behavior myself.
> >>
> >> Can I have your position on the re-factoring (that is let us
> >> imagine I did not change handling for incorrect length)?  
> > 
> > If there is no return code that can be made to fit, we probably won't
> > be able to get around some kind of refactoring... but then I'd prefer
> > to do the refactoring first and the fix second.
> >   
> 
> That is a can do. I dislike refactoring known bugs, because fixing
> bugs is usually higher priority than making the code nicer, or even
> marginally faster. (Btw I found these while trying to refactor.)
> This however is a weak principle of mine and can be easily overpowered
> by a maintainer request for example.

If a good fix requires refactoring, I'd prefer to do the refactoring
first. I'd prefer an ugly fix first only for serious issues (and I
don't think that one counts as one.)

>  For virtio, if incorrect length checking is suppressed we keep the
>  current behavior (channel-program check).
> >>>
> >>> Confused. If it is suppressed, there should not be an error, no?
> >>
> >> No.
> >>
> >> From VIRTIO 1.0 4.3.1.2  Device Requirements: Basic Concepts
> >>
> >> "If a driver did suppress length checks for a channel command, the device
> >> MUST present a check condition if the transmitted data does not contain
> >> enough data to process the command."
> >> (http://docs.oasis-open.org/virtio/virtio/v1.0/cs04/virtio-v1.0-cs04.html#x1-1230001)
> >>
> >> So for virtio we have to present a check condition. Architecturally it
> >> might look better if the one refusing is the device and not the CSS, but
> >> for that we would have to change the VIRTIO spec. With the given
> >> constraints a program check is IMHO the best fit.  
> > 
> > Ah, but that's not general length checking for virtio-ccw :)  
> 
> What is general length checking for virtio-ccw? Did I say it
> was general length checking for virtio-ccw?

Hm? Generally, suppressing is supposed to allow incorrect length
specifications. For virtio-ccw, that only applies to 'too much' and not
'not enough'.

Also, reading the statement in the spec: It only talks about a 'check
condition', not _which_ one - so there's no requirement to keep a
channel-program check (other than possibly confusing guests)?

Re: [Qemu-devel] [PATCH 2/3] iotests: use -ccw on s390x for 051

[Cornelia Huck]

On Fri, 8 Sep 2017 17:55:29 +0200
Thomas Huth  wrote:

> On 08.09.2017 13:54, Kevin Wolf wrote:
> > Am 08.09.2017 um 13:24 hat Cornelia Huck geschrieben:  
> >> On Fri, 8 Sep 2017 13:04:25 +0200
> >> Kevin Wolf  wrote:
> >>  
> >>> Am 05.09.2017 um 17:16 hat Cornelia Huck geschrieben:  
>  The default cpu model on s390x does not provide zPCI, which is
>  not yet wired up on tcg. Moreover, virtio-ccw is the standard
>  on s390x, so use the -ccw instead of the -pci versions of virtio
>  devices on s390x.
> 
>  Provide an output file for s390x.
> 
>  Signed-off-by: Cornelia Huck 
>  ---
>   tests/qemu-iotests/051 |   9 +-
>   tests/qemu-iotests/051.s390-ccw-virtio.out | 434 
>  +
>   2 files changed, 442 insertions(+), 1 deletion(-)
>   create mode 100644 tests/qemu-iotests/051.s390-ccw-virtio.out
> >>>
> >>> It's already a pain to have two separate output files for 051, let's try
> >>> to avoid adding a third one. Even more so since I think that the split
> >>> between 051.out and 051.pc.out was already made for s390, so I'm not
> >>> sure if anyone would actually still make use of the plain 051.out
> >>> output if s390 got it's own one.  
> >>
> >> Are there no non-pc and non-s390 machines for which this is run?  
> > 
> > Who knows? But I'm not aware of anyone who is interested in something
> > else and has contributed to the test cases until now.  
> 
> FWIW, as far as I know, Lukáš is running this test also on ppc64 in our
> weekly regression run. So it would be good to keep that working, please :-)
> 
> >> Another approach would be to drop the -pci postfix, but I don't want to
> >> introduce more usage of aliases.  
> > 
> > Maybe that would indeed be the easiest way. As long as we don't intend
> > to remove the alias from qemu, there's no reason not to use it in tests.  
> 
> Maybe we should even use it in a couple of places on purpose - so we get
> some test coverage for them?

FWIW, using the the sed post-run filtering works well for 051, but it
is driving me bonkers on 067 (or maybe I should just call it a day...)

We could use the sed approach for 051 and the alias approach on 067 -
that way we would also test aliases :)

Any preferences by the iotest maintainers?

[I'd be happy if iotests worked again on s390x...]

Re: [Qemu-devel] [PULL 28/32] target/arm: [tcg] Port to generic translation framework

[Laurent Desnogues]

Hello,

On Wed, Sep 6, 2017 at 6:06 PM, Richard Henderson
 wrote:
> From: Lluís Vilanova 
>
> Tested-by: Emilio G. Cota 
> Reviewed-by: Emilio G. Cota 
> Signed-off-by: Lluís Vilanova 
> Message-Id: <150002631325.22386.10348327185029496649.st...@frigg.lan>
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/translate.h |   8 +---
>  target/arm/translate-a64.c | 107 
>  target/arm/translate.c | 109 
> +
>  3 files changed, 41 insertions(+), 183 deletions(-)
>
> diff --git a/target/arm/translate.h b/target/arm/translate.h
> index e8dcec51ac..55d691db40 100644
> --- a/target/arm/translate.h
> +++ b/target/arm/translate.h
> @@ -150,21 +150,15 @@ static void disas_set_insn_syndrome(DisasContext *s, 
> uint32_t syn)
>
>  #ifdef TARGET_AARCH64
>  void a64_translate_init(void);
> -void gen_intermediate_code_a64(DisasContextBase *db, CPUState *cpu,
> -   TranslationBlock *tb);
>  void gen_a64_set_pc_im(uint64_t val);
>  void aarch64_cpu_dump_state(CPUState *cs, FILE *f,
>  fprintf_function cpu_fprintf, int flags);
> +extern const TranslatorOps aarch64_translator_ops;
>  #else
>  static inline void a64_translate_init(void)
>  {
>  }
>
> -static inline void gen_intermediate_code_a64(DisasContextBase *db, CPUState 
> *cpu,
> - TranslationBlock *tb)
> -{
> -}
> -
>  static inline void gen_a64_set_pc_im(uint64_t val)
>  {
>  }
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index 1973a36462..25c6622825 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -11262,6 +11262,11 @@ static int 
> aarch64_tr_init_disas_context(DisasContextBase *dcbase,
>  return max_insns;
>  }
>
> +static void aarch64_tr_tb_start(DisasContextBase *db, CPUState *cpu)
> +{
> +tcg_clear_temp_count();
> +}

Is it really needed to call tcg_clear_temp_count here when it's now
called in translator_loop?

> +
>  static void aarch64_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
>  {
>  DisasContext *dc = container_of(dcbase, DisasContext, base);
> @@ -11325,6 +11330,7 @@ static void 
> aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
>  }
>
>  dc->base.pc_next = dc->pc;
> +translator_loop_temp_check(&dc->base);
>  }
>
>  static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
> @@ -11391,6 +11397,9 @@ static void aarch64_tr_tb_stop(DisasContextBase 
> *dcbase, CPUState *cpu)
>  break;
>  }
>  }
> +
> +/* Functions above can change dc->pc, so re-align db->pc_next */
> +dc->base.pc_next = dc->pc;
>  }
>
>  static void aarch64_tr_disas_log(const DisasContextBase *dcbase,
> @@ -11403,92 +11412,12 @@ static void aarch64_tr_disas_log(const 
> DisasContextBase *dcbase,
>   4 | (bswap_code(dc->sctlr_b) ? 2 : 0));
>  }
>
> -void gen_intermediate_code_a64(DisasContextBase *dcbase, CPUState *cs,
> -   TranslationBlock *tb)
> -{
> -DisasContext *dc = container_of(dcbase, DisasContext, base);
> -int max_insns;
> -
> -dc->base.tb = tb;
> -dc->base.pc_first = dc->base.tb->pc;
> -dc->base.pc_next = dc->base.pc_first;
> -dc->base.is_jmp = DISAS_NEXT;
> -dc->base.num_insns = 0;
> -dc->base.singlestep_enabled = cs->singlestep_enabled;
> -
> -max_insns = dc->base.tb->cflags & CF_COUNT_MASK;
> -if (max_insns == 0) {
> -max_insns = CF_COUNT_MASK;
> -}
> -if (max_insns > TCG_MAX_INSNS) {
> -max_insns = TCG_MAX_INSNS;
> -}
> -max_insns = aarch64_tr_init_disas_context(&dc->base, cs, max_insns);
> -
> -gen_tb_start(tb);
> -
> -tcg_clear_temp_count();
> -
> -do {
> -dc->base.num_insns++;
> -aarch64_tr_insn_start(&dc->base, cs);
> -
> -if (unlikely(!QTAILQ_EMPTY(&cs->breakpoints))) {
> -CPUBreakpoint *bp;
> -QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
> -if (bp->pc == dc->base.pc_next) {
> -if (aarch64_tr_breakpoint_check(&dc->base, cs, bp)) {
> -break;
> -}
> -}
> -}
> -if (dc->base.is_jmp > DISAS_TOO_MANY) {
> -break;
> -}
> -}
> -
> -if (dc->base.num_insns == max_insns && (dc->base.tb->cflags & 
> CF_LAST_IO)) {
> -gen_io_start();
> -}
> -
> -aarch64_tr_translate_insn(&dc->base, cs);
> -
> -if (tcg_check_temp_count()) {
> -fprintf(stderr, "TCG temporary leak before "TARGET_FMT_lx"\n",
> -dc->pc);
> -}
> -
> -if (!dc->base.is_jmp && (tcg_op_buf_full() || cs->singlestep_enabled 
> ||
> -singlestep || dc->base.num_insns >= max_insns)) {
> -dc->base.is_jmp = DISAS_TOO_MANY;

Re: [Qemu-devel] [PATCH] scripts: let checkpatch.pl process an entire GIT branch

[Daniel P. Berrange]

On Tue, Sep 12, 2017 at 05:52:18PM +0200, Paolo Bonzini wrote:
> On 12/09/2017 12:46, Daniel P. Berrange wrote:
> > Currently before submitting a series, devs should run checkpatch.pl
> > across each patch to be submitted. This can be automated using a
> > command such as:
> > 
> >   git rebase -i master -x 'git show | ./scripts/checkpatch.pl -'
> > 
> > This is rather long winded to type, so this patch introduces a new
> > flag '--branch' to checkpatch.pl which instructs it to check every
> > patch on the current GIT branch.
> 
> Great idea, though I'm not sure about having a default.  And to keep it
> easy to invoke, having a sole argument that ends with ".." might DWIM
> and enable --branch too...

I think it is beneficial to have a default, as I figure the majority
of contributors are working on a branch that's rebased against master..
Half as many characters to type in the common case :-)

Sometimes people might write patches against a particular subsystem
staging branch (eg kevin/block), but I don't think there's downside
in assuming 'master..' by default.

> 
> Paolo
> 
> > For example:
> > 
> > $ ./scripts/checkpatch.pl --branch
> > total: 0 errors, 0 warnings, 297 lines checked
> > 
> > b886d352a2bf58f0996471fb3991a138373a2957 has no obvious style problems 
> > and is ready for submission.
> > total: 0 errors, 0 warnings, 182 lines checked
> > 
> > 2a731f9a9ce145e0e0df6d42dd2a3ce4dfc543fa has no obvious style problems 
> > and is ready for submission.
> > total: 0 errors, 0 warnings, 102 lines checked
> > 
> > 11844169bcc0c8ed4449eb3744a69877ed329dd7 has no obvious style problems 
> > and is ready for submission.
> > 
> > By default it checks every patch identified by 'master..', however,
> > an alternative origin can be given if desired, if the current branch
> > is rebased to another non-master branch:
> > 
> > $ ./scripts/checkpatch.pl --branch somebranch..
> > 
> > Signed-off-by: Daniel P. Berrange 
> > ---
> >  scripts/checkpatch.pl | 97 
> > +--
> >  1 file changed, 71 insertions(+), 26 deletions(-)
> > 
> > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> > index fa478074b8..f8d080441f 100755
> > --- a/scripts/checkpatch.pl
> > +++ b/scripts/checkpatch.pl
> > @@ -19,6 +19,8 @@ my $quiet = 0;
> >  my $tree = 1;
> >  my $chk_signoff = 1;
> >  my $chk_patch = 1;
> > +my $chk_branch = 0;
> > +my $revlist = "master..";
> >  my $tst_only;
> >  my $emacs = 0;
> >  my $terse = 0;
> > @@ -43,6 +45,7 @@ Options:
> >--no-tree  run without a kernel tree
> >--no-signoff   do not check for 'Signed-off-by' line
> >--patchtreat FILE as patchfile (default)
> > +  --branch   check all patches on branch since master
> >--emacsemacs compile window format
> >--terseone line per report
> >-f, --file treat FILE as regular source file
> > @@ -69,6 +72,7 @@ GetOptions(
> > 'tree!' => \$tree,
> > 'signoff!'  => \$chk_signoff,
> > 'patch!'=> \$chk_patch,
> > +   'branch'=> \$chk_branch,
> > 'emacs!'=> \$emacs,
> > 'terse!'=> \$terse,
> > 'f|file!'   => \$file,
> > @@ -88,9 +92,19 @@ help(0) if ($help);
> >  
> >  my $exit = 0;
> >  
> > -if ($#ARGV < 0) {
> > -   print "$P: no input files\n";
> > -   exit(1);
> > +if ($chk_branch) {
> > +   if ($#ARGV > 0) {
> > +   print "$P: expected zero or one origni revisions\n";
> > +   exit(1);
> > +   }
> > +   if ($#ARGV == 0) {
> > +   $revlist = shift @ARGV;
> > +   }
> > +} else {
> > +   if ($#ARGV < 0) {
> > +   print "$P: no input files\n";
> > +   exit(1);
> > +   }
> >  }
> >  
> >  my $dbg_values = 0;
> > @@ -251,32 +265,63 @@ $chk_signoff = 0 if ($file);
> >  my @rawlines = ();
> >  my @lines = ();
> >  my $vname;
> > -for my $filename (@ARGV) {
> > -   my $FILE;
> > -   if ($file) {
> > -   open($FILE, '-|', "diff -u /dev/null $filename") ||
> > -   die "$P: $filename: diff failed - $!\n";
> > -   } elsif ($filename eq '-') {
> > -   open($FILE, '<&STDIN');
> > -   } else {
> > -   open($FILE, '<', "$filename") ||
> > -   die "$P: $filename: open failed - $!\n";
> > -   }
> > -   if ($filename eq '-') {
> > -   $vname = 'Your patch';
> > -   } else {
> > -   $vname = $filename;
> > -   }
> > -   while (<$FILE>) {
> > +if ($chk_branch) {
> > +   my @patches;
> > +   my $HASH;
> > +   open($HASH, "-|", "git", "log", "--format=%H", $revlist) ||
> > +   die "$P: git log --format=%H $revlist failed - $!\n";
> > +
> > +   while (<$HASH>) {
> > chomp;
> > -   push(@rawlines, $_);
> > +   push @patches, $_;
> > }
> > -   close($FILE);
> > -   if (!process($filename)) {
> > -   $exit = 1;
> > +
> > +   close $HASH

[Qemu-devel] [PATCH] mps2-an511: Fix wiring of UART overflow interrupt lines

[Peter Maydell]

Fix an error that meant we were wiring every UART's overflow
interrupts into the same inputs 0 and 1 of the OR gate,
rather than giving each its own input.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Peter Maydell 
---
 hw/arm/mps2.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/arm/mps2.c b/hw/arm/mps2.c
index abb0ab6..769cff8 100644
--- a/hw/arm/mps2.c
+++ b/hw/arm/mps2.c
@@ -287,8 +287,8 @@ static void mps2_common_init(MachineState *machine)
 cmsdk_apb_uart_create(uartbase[i],
   qdev_get_gpio_in(txrx_orgate_dev, 0),
   qdev_get_gpio_in(txrx_orgate_dev, 1),
-  qdev_get_gpio_in(orgate_dev, 0),
-  qdev_get_gpio_in(orgate_dev, 1),
+  qdev_get_gpio_in(orgate_dev, i * 2),
+  qdev_get_gpio_in(orgate_dev, i * 2 + 1),
   NULL,
   uartchr, SYSCLK_FRQ);
 }
-- 
2.7.4

Re: [Qemu-devel] [PATCH] scripts: let checkpatch.pl process an entire GIT branch

[Paolo Bonzini]

On 12/09/2017 18:12, Daniel P. Berrange wrote:
> On Tue, Sep 12, 2017 at 05:52:18PM +0200, Paolo Bonzini wrote:
>> On 12/09/2017 12:46, Daniel P. Berrange wrote:
>>> Currently before submitting a series, devs should run checkpatch.pl
>>> across each patch to be submitted. This can be automated using a
>>> command such as:
>>>
>>>   git rebase -i master -x 'git show | ./scripts/checkpatch.pl -'
>>>
>>> This is rather long winded to type, so this patch introduces a new
>>> flag '--branch' to checkpatch.pl which instructs it to check every
>>> patch on the current GIT branch.
>>
>> Great idea, though I'm not sure about having a default.  And to keep it
>> easy to invoke, having a sole argument that ends with ".." might DWIM
>> and enable --branch too...
> 
> I think it is beneficial to have a default, as I figure the majority
> of contributors are working on a branch that's rebased against master..
> Half as many characters to type in the common case :-)

With the DWIM option "--branch" and "master.." are exactly the same
length. :)

> Sometimes people might write patches against a particular subsystem
> staging branch (eg kevin/block), but I don't think there's downside
> in assuming 'master..' by default.

What about "origin/master.." instead?

Paolo

>>
>> Paolo
>>
>>> For example:
>>>
>>> $ ./scripts/checkpatch.pl --branch
>>> total: 0 errors, 0 warnings, 297 lines checked
>>>
>>> b886d352a2bf58f0996471fb3991a138373a2957 has no obvious style problems 
>>> and is ready for submission.
>>> total: 0 errors, 0 warnings, 182 lines checked
>>>
>>> 2a731f9a9ce145e0e0df6d42dd2a3ce4dfc543fa has no obvious style problems 
>>> and is ready for submission.
>>> total: 0 errors, 0 warnings, 102 lines checked
>>>
>>> 11844169bcc0c8ed4449eb3744a69877ed329dd7 has no obvious style problems 
>>> and is ready for submission.
>>>
>>> By default it checks every patch identified by 'master..', however,
>>> an alternative origin can be given if desired, if the current branch
>>> is rebased to another non-master branch:
>>>
>>> $ ./scripts/checkpatch.pl --branch somebranch..
>>>
>>> Signed-off-by: Daniel P. Berrange 
>>> ---
>>>  scripts/checkpatch.pl | 97 
>>> +--
>>>  1 file changed, 71 insertions(+), 26 deletions(-)
>>>
>>> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
>>> index fa478074b8..f8d080441f 100755
>>> --- a/scripts/checkpatch.pl
>>> +++ b/scripts/checkpatch.pl
>>> @@ -19,6 +19,8 @@ my $quiet = 0;
>>>  my $tree = 1;
>>>  my $chk_signoff = 1;
>>>  my $chk_patch = 1;
>>> +my $chk_branch = 0;
>>> +my $revlist = "master..";
>>>  my $tst_only;
>>>  my $emacs = 0;
>>>  my $terse = 0;
>>> @@ -43,6 +45,7 @@ Options:
>>>--no-tree  run without a kernel tree
>>>--no-signoff   do not check for 'Signed-off-by' line
>>>--patchtreat FILE as patchfile (default)
>>> +  --branch   check all patches on branch since master
>>>--emacsemacs compile window format
>>>--terseone line per report
>>>-f, --file treat FILE as regular source file
>>> @@ -69,6 +72,7 @@ GetOptions(
>>> 'tree!' => \$tree,
>>> 'signoff!'  => \$chk_signoff,
>>> 'patch!'=> \$chk_patch,
>>> +   'branch'=> \$chk_branch,
>>> 'emacs!'=> \$emacs,
>>> 'terse!'=> \$terse,
>>> 'f|file!'   => \$file,
>>> @@ -88,9 +92,19 @@ help(0) if ($help);
>>>  
>>>  my $exit = 0;
>>>  
>>> -if ($#ARGV < 0) {
>>> -   print "$P: no input files\n";
>>> -   exit(1);
>>> +if ($chk_branch) {
>>> +   if ($#ARGV > 0) {
>>> +   print "$P: expected zero or one origni revisions\n";
>>> +   exit(1);
>>> +   }
>>> +   if ($#ARGV == 0) {
>>> +   $revlist = shift @ARGV;
>>> +   }
>>> +} else {
>>> +   if ($#ARGV < 0) {
>>> +   print "$P: no input files\n";
>>> +   exit(1);
>>> +   }
>>>  }
>>>  
>>>  my $dbg_values = 0;
>>> @@ -251,32 +265,63 @@ $chk_signoff = 0 if ($file);
>>>  my @rawlines = ();
>>>  my @lines = ();
>>>  my $vname;
>>> -for my $filename (@ARGV) {
>>> -   my $FILE;
>>> -   if ($file) {
>>> -   open($FILE, '-|', "diff -u /dev/null $filename") ||
>>> -   die "$P: $filename: diff failed - $!\n";
>>> -   } elsif ($filename eq '-') {
>>> -   open($FILE, '<&STDIN');
>>> -   } else {
>>> -   open($FILE, '<', "$filename") ||
>>> -   die "$P: $filename: open failed - $!\n";
>>> -   }
>>> -   if ($filename eq '-') {
>>> -   $vname = 'Your patch';
>>> -   } else {
>>> -   $vname = $filename;
>>> -   }
>>> -   while (<$FILE>) {
>>> +if ($chk_branch) {
>>> +   my @patches;
>>> +   my $HASH;
>>> +   open($HASH, "-|", "git", "log", "--format=%H", $revlist) ||
>>> +   die "$P: git log --format=%H $revlist failed - $!\n";
>>> +
>>> +   while (<$HASH>) {
>>> chomp;
>>> -  

Re: [Qemu-devel] [PATCH 2/3] iotests: use -ccw on s390x for 051

[Kevin Wolf]

Am 12.09.2017 um 18:05 hat Cornelia Huck geschrieben:
> On Fri, 8 Sep 2017 17:55:29 +0200
> Thomas Huth  wrote:
> 
> > On 08.09.2017 13:54, Kevin Wolf wrote:
> > > Am 08.09.2017 um 13:24 hat Cornelia Huck geschrieben:  
> > >> On Fri, 8 Sep 2017 13:04:25 +0200
> > >> Kevin Wolf  wrote:
> > >>  
> > >>> Am 05.09.2017 um 17:16 hat Cornelia Huck geschrieben:  
> >  The default cpu model on s390x does not provide zPCI, which is
> >  not yet wired up on tcg. Moreover, virtio-ccw is the standard
> >  on s390x, so use the -ccw instead of the -pci versions of virtio
> >  devices on s390x.
> > 
> >  Provide an output file for s390x.
> > 
> >  Signed-off-by: Cornelia Huck 
> >  ---
> >   tests/qemu-iotests/051 |   9 +-
> >   tests/qemu-iotests/051.s390-ccw-virtio.out | 434 
> >  +
> >   2 files changed, 442 insertions(+), 1 deletion(-)
> >   create mode 100644 tests/qemu-iotests/051.s390-ccw-virtio.out
> > >>>
> > >>> It's already a pain to have two separate output files for 051, let's try
> > >>> to avoid adding a third one. Even more so since I think that the split
> > >>> between 051.out and 051.pc.out was already made for s390, so I'm not
> > >>> sure if anyone would actually still make use of the plain 051.out
> > >>> output if s390 got it's own one.  
> > >>
> > >> Are there no non-pc and non-s390 machines for which this is run?  
> > > 
> > > Who knows? But I'm not aware of anyone who is interested in something
> > > else and has contributed to the test cases until now.  
> > 
> > FWIW, as far as I know, Lukáš is running this test also on ppc64 in our
> > weekly regression run. So it would be good to keep that working, please :-)
> > 
> > >> Another approach would be to drop the -pci postfix, but I don't want to
> > >> introduce more usage of aliases.  
> > > 
> > > Maybe that would indeed be the easiest way. As long as we don't intend
> > > to remove the alias from qemu, there's no reason not to use it in tests.  
> > 
> > Maybe we should even use it in a couple of places on purpose - so we get
> > some test coverage for them?
> 
> FWIW, using the the sed post-run filtering works well for 051, but it
> is driving me bonkers on 067 (or maybe I should just call it a day...)
> 
> We could use the sed approach for 051 and the alias approach on 067 -
> that way we would also test aliases :)
> 
> Any preferences by the iotest maintainers?

Sure, that works for me. I'm happy with anything that works and doesn't
split the reference output in two versions. (Not splitting is also in
your own interest; if anything bitrots, it's the non-pc version.)

Kevin

Re: [Qemu-devel] [Qemu-ppc] [PATCH 2/4] ppc: add CPU IRQ state to PPC VMStateDescription

[Dr. David Alan Gilbert]

* David Gibson (da...@gibson.dropbear.id.au) wrote:
> On Mon, Sep 11, 2017 at 10:30:33AM +0100, Dr. David Alan Gilbert wrote:
> > * Greg Kurz (gr...@kaod.org) wrote:
> > > On Sun, 10 Sep 2017 15:37:33 +0100
> > > Mark Cave-Ayland  wrote:
> > > 
> > > > Commit a90db15 "target-ppc: Convert ppc cpu savevm to 
> > > > VMStateDescription"
> > > > appears to drop the internal CPU IRQ state from the migration stream. 
> > > > Whilst
> > > > testing migration on g3beige/mac99 machines, test images would randomly 
> > > > fail to
> > > > resume unless a key was pressed on the VGA console.
> > > > 
> > > > Further investigation suggests that internal CPU IRQ state isn't being
> > > > preserved and so interrupts asserted at the time of migration are lost. 
> > > > Adding
> > > > the pending_interrupts and irq_input_state fields back into the 
> > > > migration
> > > > stream appears to fix the problem here during local tests.
> > > > 
> > > > As part of this commit we bump the vmstate_ppc version from 5 to 6 to 
> > > > handle
> > > > the additional fields.
> > > > 
> > > 
> > > And so this unconditionally breaks backward migration... what about adding
> > > a subsection for this ?
> > 
> > and wiring it to a flag on the machine type so that older machine types
> > don't send it.
> 
> Right, a subsection is certainly necessary to avoid breaking backwards
> migration.
> 
> But apart from that I want to understand better exactly why this is
> necessary.  What's the state that's being lost, and is it really not
> recoverable from anywhere else.
> 
> The other thing that concerns me is how we're encoding the
> information.  These are essentially internal fields, not reflecting
> something with an architected encoding - adding those to the migration
> stream is often a bad idea - it inhibits our ability to rework
> internal encodings.

Yes, agreed, where possible the contents of the stream should reflect
'real' state that's actually being modelled and be as independent of
the implementation as possible.

Dave

> > 
> > Dave
> > 
> > > > Signed-off-by: Mark Cave-Ayland 
> > > > ---
> > > >  target/ppc/machine.c |6 +-
> > > >  1 file changed, 5 insertions(+), 1 deletion(-)
> > > > 
> > > > diff --git a/target/ppc/machine.c b/target/ppc/machine.c
> > > > index e59049f..8fec1a4 100644
> > > > --- a/target/ppc/machine.c
> > > > +++ b/target/ppc/machine.c
> > > > @@ -647,7 +647,7 @@ static const VMStateDescription vmstate_compat = {
> > > >  
> > > >  const VMStateDescription vmstate_ppc_cpu = {
> > > >  .name = "cpu",
> > > > -.version_id = 5,
> > > > +.version_id = 6,
> > > >  .minimum_version_id = 5,
> > > >  .minimum_version_id_old = 4,
> > > >  .load_state_old = cpu_load_old,
> > > > @@ -678,6 +678,10 @@ const VMStateDescription vmstate_ppc_cpu = {
> > > >  VMSTATE_UINTTL(env.hflags_nmsr, PowerPCCPU),
> > > >  /* FIXME: access_type? */
> > > >  
> > > > +/* Interrupt state */
> > > > +VMSTATE_UINT32_V(env.pending_interrupts, PowerPCCPU, 6),
> > > > +VMSTATE_UINT32_V(env.irq_input_state, PowerPCCPU, 6),
> > > > +
> > > >  /* Sanity checking */
> > > >  VMSTATE_UINTTL_TEST(mig_msr_mask, PowerPCCPU, 
> > > > cpu_pre_2_8_migration),
> > > >  VMSTATE_UINT64_TEST(mig_insns_flags, PowerPCCPU, 
> > > > cpu_pre_2_8_migration),
> > > 
> > 
> > 
> 
> -- 
> David Gibson  | I'll have my music baroque, and my code
> david AT gibson.dropbear.id.au| minimalist, thank you.  NOT _the_ 
> _other_
>   | _way_ _around_!
> http://www.ozlabs.org/~dgibson


--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH] mps2-an511: Fix wiring of UART overflow interrupt lines

[Philippe Mathieu-Daudé]

(CC'ed qemu-arm)

Hi Peter,

On 09/12/2017 01:13 PM, Peter Maydell wrote:

Fix an error that meant we were wiring every UART's overflow
interrupts into the same inputs 0 and 1 of the OR gate,
rather than giving each its own input.


oops tricky to catch



Cc: qemu-sta...@nongnu.org
Signed-off-by: Peter Maydell 
---
  hw/arm/mps2.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/arm/mps2.c b/hw/arm/mps2.c
index abb0ab6..769cff8 100644
--- a/hw/arm/mps2.c
+++ b/hw/arm/mps2.c


/* The overflow IRQs for all UARTs are ORed together.
 * Tx and Rx IRQs for each UART are ORed together.
 */

can you update this comment?

Reviewed-by: Philippe Mathieu-Daudé 


@@ -287,8 +287,8 @@ static void mps2_common_init(MachineState *machine)
  cmsdk_apb_uart_create(uartbase[i],
qdev_get_gpio_in(txrx_orgate_dev, 0),
qdev_get_gpio_in(txrx_orgate_dev, 1),
-  qdev_get_gpio_in(orgate_dev, 0),
-  qdev_get_gpio_in(orgate_dev, 1),
+  qdev_get_gpio_in(orgate_dev, i * 2),
+  qdev_get_gpio_in(orgate_dev, i * 2 + 1),
NULL,
uartchr, SYSCLK_FRQ);
  }

Re: [Qemu-devel] [PATCH] scripts: let checkpatch.pl process an entire GIT branch

[Daniel P. Berrange]

On Tue, Sep 12, 2017 at 06:14:57PM +0200, Paolo Bonzini wrote:
> On 12/09/2017 18:12, Daniel P. Berrange wrote:
> > On Tue, Sep 12, 2017 at 05:52:18PM +0200, Paolo Bonzini wrote:
> >> On 12/09/2017 12:46, Daniel P. Berrange wrote:
> >>> Currently before submitting a series, devs should run checkpatch.pl
> >>> across each patch to be submitted. This can be automated using a
> >>> command such as:
> >>>
> >>>   git rebase -i master -x 'git show | ./scripts/checkpatch.pl -'
> >>>
> >>> This is rather long winded to type, so this patch introduces a new
> >>> flag '--branch' to checkpatch.pl which instructs it to check every
> >>> patch on the current GIT branch.
> >>
> >> Great idea, though I'm not sure about having a default.  And to keep it
> >> easy to invoke, having a sole argument that ends with ".." might DWIM
> >> and enable --branch too...
> > 
> > I think it is beneficial to have a default, as I figure the majority
> > of contributors are working on a branch that's rebased against master..
> > Half as many characters to type in the common case :-)
> 
> With the DWIM option "--branch" and "master.." are exactly the same
> length. :)

Oh hang on. I think I misunderstood what you suggested. I thought you
meant  'checkpatch.pl --branch master..', but IIUC you actually mean
'checkpatch.pl master..' with no flag. That would work with me.


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH] scripts: let checkpatch.pl process an entire GIT branch

[Paolo Bonzini]

On 12/09/2017 18:22, Daniel P. Berrange wrote:
> On Tue, Sep 12, 2017 at 06:14:57PM +0200, Paolo Bonzini wrote:
>> On 12/09/2017 18:12, Daniel P. Berrange wrote:
>>> On Tue, Sep 12, 2017 at 05:52:18PM +0200, Paolo Bonzini wrote:
 On 12/09/2017 12:46, Daniel P. Berrange wrote:
> Currently before submitting a series, devs should run checkpatch.pl
> across each patch to be submitted. This can be automated using a
> command such as:
>
>   git rebase -i master -x 'git show | ./scripts/checkpatch.pl -'
>
> This is rather long winded to type, so this patch introduces a new
> flag '--branch' to checkpatch.pl which instructs it to check every
> patch on the current GIT branch.

 Great idea, though I'm not sure about having a default.  And to keep it
 easy to invoke, having a sole argument that ends with ".." might DWIM
 and enable --branch too...
>>>
>>> I think it is beneficial to have a default, as I figure the majority
>>> of contributors are working on a branch that's rebased against master..
>>> Half as many characters to type in the common case :-)
>>
>> With the DWIM option "--branch" and "master.." are exactly the same
>> length. :)
> 
> Oh hang on. I think I misunderstood what you suggested. I thought you
> meant  'checkpatch.pl --branch master..', but IIUC you actually mean
> 'checkpatch.pl master..' with no flag. That would work with me.

Yes, basically if length(argv) == 1 and argv[0] ends with ".." then
enable branch.  The default for --branch with no ARGV could be
"origin/master.."---or it could ask git-config for the upstream tracking
branch but maybe that's too much to ask.

Paolo

[Qemu-devel] [PATCH v2 00/16] TCG vectorization and example conversion

[Richard Henderson]

I haven't gotten so far as the complex vector op issue that came
up in conversation with Alex this week.  But this is what I was
targeting as v2:

  * Add documentation.  Enough, or is it still lacking?
  * Fixed the bug in tcg/i386 that affected BIC.
  * Fill in the host vector ops for aarch64.


r~


Richard Henderson (16):
  tcg: Add expanders for out-of-line vector helpers
  tcg: Add types for host vectors
  tcg: Add operations for host vectors
  tcg: Add tcg_op_supported
  tcg: Add INDEX_op_invalid
  tcg: Add vector infrastructure and ops for add/sub/logic
  target/arm: Align vector registers
  target/arm: Use vector infrastructure for aa64 add/sub/logic
  tcg/i386: Add vector operations
  tcg/aarch64: Fully convert tcg_target_op_def
  tcg: Remove tcg_regset_clear
  tcg: Remove tcg_regset_set
  tcg: Remove tcg_regset_{or,and,andnot,not}
  tcg: Remove tcg_regset_set32
  tcg: Fix types in tcg_regset_{set,reset}_reg
  tcg/aarch64: Add vector operations

 Makefile.target  |   5 +-
 target/arm/cpu.h |   2 +-
 tcg/aarch64/tcg-target.h |  23 +-
 tcg/i386/tcg-target.h|  46 ++-
 tcg/tcg-gvec-desc.h  |  49 +++
 tcg/tcg-op-gvec.h| 104 +++
 tcg/tcg-opc.h|  91 ++
 tcg/tcg-runtime.h|  16 +
 tcg/tcg.h|  46 ++-
 target/arm/translate-a64.c   | 137 +
 tcg/aarch64/tcg-target.inc.c | 689 +++
 tcg/arm/tcg-target.inc.c |  25 +-
 tcg/i386/tcg-target.inc.c| 468 +
 tcg/mips/tcg-target.inc.c|   2 +-
 tcg/ppc/tcg-target.inc.c |  41 +--
 tcg/s390/tcg-target.inc.c|  22 +-
 tcg/sparc/tcg-target.inc.c   |  52 ++--
 tcg/tcg-op-gvec.c| 582 
 tcg/tcg-runtime-gvec.c   | 192 
 tcg/tcg.c| 334 -
 tcg/tci/tcg-target.inc.c |  13 +-
 21 files changed, 2527 insertions(+), 412 deletions(-)
 create mode 100644 tcg/tcg-gvec-desc.h
 create mode 100644 tcg/tcg-op-gvec.h
 create mode 100644 tcg/tcg-op-gvec.c
 create mode 100644 tcg/tcg-runtime-gvec.c

-- 
2.13.5

[Qemu-devel] [PATCH v2 02/16] tcg: Add types for host vectors

[Richard Henderson]

Nothing uses or enables them yet.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alex Bennée 
Signed-off-by: Richard Henderson 
---
 tcg/tcg.h | 5 +
 tcg/tcg.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index ac94133870..f56ddac31d 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -256,6 +256,11 @@ typedef struct TCGPool {
 typedef enum TCGType {
 TCG_TYPE_I32,
 TCG_TYPE_I64,
+
+TCG_TYPE_V64,
+TCG_TYPE_V128,
+TCG_TYPE_V256,
+
 TCG_TYPE_COUNT, /* number of different types */
 
 /* An alias for the size of the host register.  */
diff --git a/tcg/tcg.c b/tcg/tcg.c
index fd8a3dfe93..bc65d01618 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -116,7 +116,7 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 static bool tcg_out_ldst_finalize(TCGContext *s);
 #endif
 
-static TCGRegSet tcg_target_available_regs[2];
+static TCGRegSet tcg_target_available_regs[TCG_TYPE_COUNT];
 static TCGRegSet tcg_target_call_clobber_regs;
 
 #if TCG_TARGET_INSN_UNIT_SIZE == 1
-- 
2.13.5

[Qemu-devel] [PATCH v2 04/16] tcg: Add tcg_op_supported

[Richard Henderson]

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alex Bennée 
Signed-off-by: Richard Henderson 
---
 tcg/tcg.h |   2 +
 tcg/tcg.c | 310 ++
 2 files changed, 312 insertions(+)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index 69b1fdf457..b81c67a754 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -961,6 +961,8 @@ do {\
 #define tcg_temp_free_ptr(T) tcg_temp_free_i64(TCGV_PTR_TO_NAT(T))
 #endif
 
+bool tcg_op_supported(TCGOpcode op);
+
 void tcg_gen_callN(TCGContext *s, void *func,
TCGArg ret, int nargs, TCGArg *args);
 
diff --git a/tcg/tcg.c b/tcg/tcg.c
index bc65d01618..9aea00d9b4 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -749,6 +749,316 @@ int tcg_check_temp_count(void)
 }
 #endif
 
+/* Return true if OP may appear in the opcode stream.
+   Test the runtime variable that controls each opcode.  */
+bool tcg_op_supported(TCGOpcode op)
+{
+switch (op) {
+case INDEX_op_discard:
+case INDEX_op_set_label:
+case INDEX_op_call:
+case INDEX_op_br:
+case INDEX_op_mb:
+case INDEX_op_insn_start:
+case INDEX_op_exit_tb:
+case INDEX_op_goto_tb:
+case INDEX_op_qemu_ld_i32:
+case INDEX_op_qemu_st_i32:
+case INDEX_op_qemu_ld_i64:
+case INDEX_op_qemu_st_i64:
+return true;
+
+case INDEX_op_goto_ptr:
+return TCG_TARGET_HAS_goto_ptr;
+
+case INDEX_op_mov_i32:
+case INDEX_op_movi_i32:
+case INDEX_op_setcond_i32:
+case INDEX_op_brcond_i32:
+case INDEX_op_ld8u_i32:
+case INDEX_op_ld8s_i32:
+case INDEX_op_ld16u_i32:
+case INDEX_op_ld16s_i32:
+case INDEX_op_ld_i32:
+case INDEX_op_st8_i32:
+case INDEX_op_st16_i32:
+case INDEX_op_st_i32:
+case INDEX_op_add_i32:
+case INDEX_op_sub_i32:
+case INDEX_op_mul_i32:
+case INDEX_op_and_i32:
+case INDEX_op_or_i32:
+case INDEX_op_xor_i32:
+case INDEX_op_shl_i32:
+case INDEX_op_shr_i32:
+case INDEX_op_sar_i32:
+return true;
+
+case INDEX_op_movcond_i32:
+return TCG_TARGET_HAS_movcond_i32;
+case INDEX_op_div_i32:
+case INDEX_op_divu_i32:
+return TCG_TARGET_HAS_div_i32;
+case INDEX_op_rem_i32:
+case INDEX_op_remu_i32:
+return TCG_TARGET_HAS_rem_i32;
+case INDEX_op_div2_i32:
+case INDEX_op_divu2_i32:
+return TCG_TARGET_HAS_div2_i32;
+case INDEX_op_rotl_i32:
+case INDEX_op_rotr_i32:
+return TCG_TARGET_HAS_rot_i32;
+case INDEX_op_deposit_i32:
+return TCG_TARGET_HAS_deposit_i32;
+case INDEX_op_extract_i32:
+return TCG_TARGET_HAS_extract_i32;
+case INDEX_op_sextract_i32:
+return TCG_TARGET_HAS_sextract_i32;
+case INDEX_op_add2_i32:
+return TCG_TARGET_HAS_add2_i32;
+case INDEX_op_sub2_i32:
+return TCG_TARGET_HAS_sub2_i32;
+case INDEX_op_mulu2_i32:
+return TCG_TARGET_HAS_mulu2_i32;
+case INDEX_op_muls2_i32:
+return TCG_TARGET_HAS_muls2_i32;
+case INDEX_op_muluh_i32:
+return TCG_TARGET_HAS_muluh_i32;
+case INDEX_op_mulsh_i32:
+return TCG_TARGET_HAS_mulsh_i32;
+case INDEX_op_ext8s_i32:
+return TCG_TARGET_HAS_ext8s_i32;
+case INDEX_op_ext16s_i32:
+return TCG_TARGET_HAS_ext16s_i32;
+case INDEX_op_ext8u_i32:
+return TCG_TARGET_HAS_ext8u_i32;
+case INDEX_op_ext16u_i32:
+return TCG_TARGET_HAS_ext16u_i32;
+case INDEX_op_bswap16_i32:
+return TCG_TARGET_HAS_bswap16_i32;
+case INDEX_op_bswap32_i32:
+return TCG_TARGET_HAS_bswap32_i32;
+case INDEX_op_not_i32:
+return TCG_TARGET_HAS_not_i32;
+case INDEX_op_neg_i32:
+return TCG_TARGET_HAS_neg_i32;
+case INDEX_op_andc_i32:
+return TCG_TARGET_HAS_andc_i32;
+case INDEX_op_orc_i32:
+return TCG_TARGET_HAS_orc_i32;
+case INDEX_op_eqv_i32:
+return TCG_TARGET_HAS_eqv_i32;
+case INDEX_op_nand_i32:
+return TCG_TARGET_HAS_nand_i32;
+case INDEX_op_nor_i32:
+return TCG_TARGET_HAS_nor_i32;
+case INDEX_op_clz_i32:
+return TCG_TARGET_HAS_clz_i32;
+case INDEX_op_ctz_i32:
+return TCG_TARGET_HAS_ctz_i32;
+case INDEX_op_ctpop_i32:
+return TCG_TARGET_HAS_ctpop_i32;
+
+case INDEX_op_brcond2_i32:
+case INDEX_op_setcond2_i32:
+return TCG_TARGET_REG_BITS == 32;
+
+case INDEX_op_mov_i64:
+case INDEX_op_movi_i64:
+case INDEX_op_setcond_i64:
+case INDEX_op_brcond_i64:
+case INDEX_op_ld8u_i64:
+case INDEX_op_ld8s_i64:
+case INDEX_op_ld16u_i64:
+case INDEX_op_ld16s_i64:
+case INDEX_op_ld32u_i64:
+case INDEX_op_ld32s_i64:
+case INDEX_op_ld_i64:
+case INDEX_op_st8_i64:
+case INDEX_op_st16_i64:
+case INDEX_op_st32_i64:
+case INDEX_op_st_i64:
+case INDEX_op_add_i64:
+case INDEX_op_sub_i64:
+case INDEX_op_mul_i64:
+case INDEX_op_and_i64:
+case INDEX_op_or_i64:
+case INDEX_op_xor_i64:
+case INDEX_op_shl_i6

[Qemu-devel] [PATCH v2 03/16] tcg: Add operations for host vectors

[Richard Henderson]

Nothing uses or implements them yet.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alex Bennée 
Signed-off-by: Richard Henderson 
---
 tcg/tcg-opc.h | 89 +++
 tcg/tcg.h | 24 
 2 files changed, 113 insertions(+)

diff --git a/tcg/tcg-opc.h b/tcg/tcg-opc.h
index 956fb1e9f3..edfdbf8798 100644
--- a/tcg/tcg-opc.h
+++ b/tcg/tcg-opc.h
@@ -206,6 +206,95 @@ DEF(qemu_st_i64, 0, TLADDR_ARGS + DATA64_ARGS, 1,
 
 #undef TLADDR_ARGS
 #undef DATA64_ARGS
+
+/* Host integer vector operations.  */
+/* These opcodes are required whenever the base vector size is enabled.  */
+
+DEF(mov_v64, 1, 1, 0, TCG_OPF_NOT_PRESENT)
+DEF(mov_v128, 1, 1, 0, TCG_OPF_NOT_PRESENT)
+DEF(mov_v256, 1, 1, 0, TCG_OPF_NOT_PRESENT)
+
+DEF(movi_v64, 1, 0, 1, TCG_OPF_NOT_PRESENT)
+DEF(movi_v128, 1, 0, 1, TCG_OPF_NOT_PRESENT)
+DEF(movi_v256, 1, 0, 1, TCG_OPF_NOT_PRESENT)
+
+DEF(ld_v64, 1, 1, 1, IMPL(TCG_TARGET_HAS_v64))
+DEF(ld_v128, 1, 1, 1, IMPL(TCG_TARGET_HAS_v128))
+DEF(ld_v256, 1, 1, 1, IMPL(TCG_TARGET_HAS_v256))
+
+DEF(st_v64, 0, 2, 1, IMPL(TCG_TARGET_HAS_v64))
+DEF(st_v128, 0, 2, 1, IMPL(TCG_TARGET_HAS_v128))
+DEF(st_v256, 0, 2, 1, IMPL(TCG_TARGET_HAS_v256))
+
+DEF(and_v64, 1, 2, 0, IMPL(TCG_TARGET_HAS_v64))
+DEF(and_v128, 1, 2, 0, IMPL(TCG_TARGET_HAS_v128))
+DEF(and_v256, 1, 2, 0, IMPL(TCG_TARGET_HAS_v256))
+
+DEF(or_v64, 1, 2, 0, IMPL(TCG_TARGET_HAS_v64))
+DEF(or_v128, 1, 2, 0, IMPL(TCG_TARGET_HAS_v128))
+DEF(or_v256, 1, 2, 0, IMPL(TCG_TARGET_HAS_v256))
+
+DEF(xor_v64, 1, 2, 0, IMPL(TCG_TARGET_HAS_v64))
+DEF(xor_v128, 1, 2, 0, IMPL(TCG_TARGET_HAS_v128))
+DEF(xor_v256, 1, 2, 0, IMPL(TCG_TARGET_HAS_v256))
+
+DEF(add8_v64, 1, 2, 0, IMPL(TCG_TARGET_HAS_v64))
+DEF(add16_v64, 1, 2, 0, IMPL(TCG_TARGET_HAS_v64))
+DEF(add32_v64, 1, 2, 0, IMPL(TCG_TARGET_HAS_v64))
+
+DEF(add8_v128, 1, 2, 0, IMPL(TCG_TARGET_HAS_v128))
+DEF(add16_v128, 1, 2, 0, IMPL(TCG_TARGET_HAS_v128))
+DEF(add32_v128, 1, 2, 0, IMPL(TCG_TARGET_HAS_v128))
+DEF(add64_v128, 1, 2, 0, IMPL(TCG_TARGET_HAS_v128))
+
+DEF(add8_v256, 1, 2, 0, IMPL(TCG_TARGET_HAS_v256))
+DEF(add16_v256, 1, 2, 0, IMPL(TCG_TARGET_HAS_v256))
+DEF(add32_v256, 1, 2, 0, IMPL(TCG_TARGET_HAS_v256))
+DEF(add64_v256, 1, 2, 0, IMPL(TCG_TARGET_HAS_v256))
+
+DEF(sub8_v64, 1, 2, 0, IMPL(TCG_TARGET_HAS_v64))
+DEF(sub16_v64, 1, 2, 0, IMPL(TCG_TARGET_HAS_v64))
+DEF(sub32_v64, 1, 2, 0, IMPL(TCG_TARGET_HAS_v64))
+
+DEF(sub8_v128, 1, 2, 0, IMPL(TCG_TARGET_HAS_v128))
+DEF(sub16_v128, 1, 2, 0, IMPL(TCG_TARGET_HAS_v128))
+DEF(sub32_v128, 1, 2, 0, IMPL(TCG_TARGET_HAS_v128))
+DEF(sub64_v128, 1, 2, 0, IMPL(TCG_TARGET_HAS_v128))
+
+DEF(sub8_v256, 1, 2, 0, IMPL(TCG_TARGET_HAS_v256))
+DEF(sub16_v256, 1, 2, 0, IMPL(TCG_TARGET_HAS_v256))
+DEF(sub32_v256, 1, 2, 0, IMPL(TCG_TARGET_HAS_v256))
+DEF(sub64_v256, 1, 2, 0, IMPL(TCG_TARGET_HAS_v256))
+
+/* These opcodes are optional.
+   All element counts must be supported if any are.  */
+
+DEF(not_v64, 1, 1, 0, IMPL(TCG_TARGET_HAS_not_v64))
+DEF(not_v128, 1, 1, 0, IMPL(TCG_TARGET_HAS_not_v128))
+DEF(not_v256, 1, 1, 0, IMPL(TCG_TARGET_HAS_not_v256))
+
+DEF(andc_v64, 1, 2, 0, IMPL(TCG_TARGET_HAS_andc_v64))
+DEF(andc_v128, 1, 2, 0, IMPL(TCG_TARGET_HAS_andc_v128))
+DEF(andc_v256, 1, 2, 0, IMPL(TCG_TARGET_HAS_andc_v256))
+
+DEF(orc_v64, 1, 2, 0, IMPL(TCG_TARGET_HAS_orc_v64))
+DEF(orc_v128, 1, 2, 0, IMPL(TCG_TARGET_HAS_orc_v128))
+DEF(orc_v256, 1, 2, 0, IMPL(TCG_TARGET_HAS_orc_v256))
+
+DEF(neg8_v64, 1, 1, 0, IMPL(TCG_TARGET_HAS_neg_v64))
+DEF(neg16_v64, 1, 1, 0, IMPL(TCG_TARGET_HAS_neg_v64))
+DEF(neg32_v64, 1, 1, 0, IMPL(TCG_TARGET_HAS_neg_v64))
+
+DEF(neg8_v128, 1, 1, 0, IMPL(TCG_TARGET_HAS_neg_v128))
+DEF(neg16_v128, 1, 1, 0, IMPL(TCG_TARGET_HAS_neg_v128))
+DEF(neg32_v128, 1, 1, 0, IMPL(TCG_TARGET_HAS_neg_v128))
+DEF(neg64_v128, 1, 1, 0, IMPL(TCG_TARGET_HAS_neg_v128))
+
+DEF(neg8_v256, 1, 1, 0, IMPL(TCG_TARGET_HAS_neg_v256))
+DEF(neg16_v256, 1, 1, 0, IMPL(TCG_TARGET_HAS_neg_v256))
+DEF(neg32_v256, 1, 1, 0, IMPL(TCG_TARGET_HAS_neg_v256))
+DEF(neg64_v256, 1, 1, 0, IMPL(TCG_TARGET_HAS_neg_v256))
+
 #undef IMPL
 #undef IMPL64
 #undef DEF
diff --git a/tcg/tcg.h b/tcg/tcg.h
index f56ddac31d..69b1fdf457 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -166,6 +166,30 @@ typedef uint64_t TCGRegSet;
 #define TCG_TARGET_HAS_rem_i64  0
 #endif
 
+#ifndef TCG_TARGET_HAS_v64
+#define TCG_TARGET_HAS_v64  0
+#define TCG_TARGET_HAS_andc_v64 0
+#define TCG_TARGET_HAS_orc_v64  0
+#define TCG_TARGET_HAS_not_v64  0
+#define TCG_TARGET_HAS_neg_v64  0
+#endif
+
+#ifndef TCG_TARGET_HAS_v128
+#define TCG_TARGET_HAS_v128 0
+#define TCG_TARGET_HAS_andc_v1280
+#define TCG_TARGET_HAS_orc_v128 0
+#define TCG_TARGET_HAS_not_v128 0
+#define TCG_TARGET_HAS_neg_v128 0
+#endif
+
+#ifndef TCG_TARGET_HAS_v256
+#define TCG_TARGET_HAS_v256 0
+#define TCG_TARGET_HAS_andc_v2560
+#define TCG_TARGET_HAS_orc_v256 0
+#define TCG_TARGET_HAS_not_v256

[Qemu-devel] [PATCH v2 01/16] tcg: Add expanders for out-of-line vector helpers

[Richard Henderson]

This is a minimum extraction from a full generic vector patchset
in order to support simultaneous development in target/arm.

Signed-off-by: Richard Henderson 
---
 Makefile.target |  5 +--
 tcg/tcg-gvec-desc.h | 49 
 tcg/tcg-op-gvec.h   | 43 +
 tcg/tcg-op-gvec.c   | 93 +
 4 files changed, 188 insertions(+), 2 deletions(-)
 create mode 100644 tcg/tcg-gvec-desc.h
 create mode 100644 tcg/tcg-op-gvec.h
 create mode 100644 tcg/tcg-op-gvec.c

diff --git a/Makefile.target b/Makefile.target
index 7f42c45db8..e647b6e2cb 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -93,8 +93,9 @@ all: $(PROGS) stap
 # cpu emulator library
 obj-y += exec.o
 obj-y += accel/
-obj-$(CONFIG_TCG) += tcg/tcg.o tcg/tcg-op.o tcg/optimize.o
-obj-$(CONFIG_TCG) += tcg/tcg-common.o tcg/tcg-runtime.o
+obj-$(CONFIG_TCG) += tcg/tcg.o tcg/tcg-op.o tcg/tcg-op-gvec.o
+obj-$(CONFIG_TCG) += tcg/optimize.o tcg/tcg-common.o
+obj-$(CONFIG_TCG) += tcg/tcg-runtime.o
 obj-$(CONFIG_TCG_INTERPRETER) += tcg/tci.o
 obj-$(CONFIG_TCG_INTERPRETER) += disas/tci.o
 obj-y += fpu/softfloat.o
diff --git a/tcg/tcg-gvec-desc.h b/tcg/tcg-gvec-desc.h
new file mode 100644
index 00..8ba9a8168d
--- /dev/null
+++ b/tcg/tcg-gvec-desc.h
@@ -0,0 +1,49 @@
+/*
+ *  Generic vector operation descriptor
+ *
+ *  Copyright (c) 2017 Linaro
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+/* ??? These bit widths are set for ARM SVE, maxing out at 256 byte vectors. */
+#define SIMD_OPRSZ_SHIFT   0
+#define SIMD_OPRSZ_BITS5
+
+#define SIMD_MAXSZ_SHIFT   (SIMD_OPRSZ_SHIFT + SIMD_OPRSZ_BITS)
+#define SIMD_MAXSZ_BITS5
+
+#define SIMD_DATA_SHIFT(SIMD_MAXSZ_SHIFT + SIMD_MAXSZ_BITS)
+#define SIMD_DATA_BITS (32 - SIMD_DATA_SHIFT)
+
+/* Create a descriptor from components.  */
+uint32_t simd_desc(uint32_t oprsz, uint32_t maxsz, int32_t data);
+
+/* Extract the operation size from a descriptor.  */
+static inline intptr_t simd_oprsz(uint32_t desc)
+{
+return (extract32(desc, SIMD_OPRSZ_SHIFT, SIMD_OPRSZ_BITS) + 1) * 8;
+}
+
+/* Extract the max vector size from a descriptor.  */
+static inline intptr_t simd_maxsz(uint32_t desc)
+{
+return (extract32(desc, SIMD_MAXSZ_SHIFT, SIMD_MAXSZ_BITS) + 1) * 8;
+}
+
+/* Extract the operation-specific data from a descriptor.  */
+static inline int32_t simd_data(uint32_t desc)
+{
+return sextract32(desc, SIMD_DATA_SHIFT, SIMD_DATA_BITS);
+}
diff --git a/tcg/tcg-op-gvec.h b/tcg/tcg-op-gvec.h
new file mode 100644
index 00..affb7c2e89
--- /dev/null
+++ b/tcg/tcg-op-gvec.h
@@ -0,0 +1,43 @@
+/*
+ *  Generic vector operation expansion
+ *
+ *  Copyright (c) 2017 Linaro
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+/*
+ * "Generic" vectors.  All operands are given as offsets from ENV,
+ * and therefore cannot also be allocated via tcg_global_mem_new_*.
+ * OPRSZ is the byte size of the vector upon which the operation is performed.
+ * MAXSZ is the byte size of the full vector; bytes beyond OPSZ are cleared.
+ *
+ * All sizes must be 8 or any multiple of 16.
+ * When OPRSZ is 8, the alignment may be 8, otherwise must be 16.
+ * Operands may completely, but not partially, overlap.
+ */
+
+/* Expand a call to a gvec-stype helper, with pointers to three vector
+   operands, and a descriptor (see tcg-gvec-desc.h).  */
+typedef void (gen_helper_gvec_3)(TCGv_ptr, TCGv_ptr, TCGv_ptr, TCGv_i32);
+void tcg_gen_gvec_3_ool(uint32_t dofs, uint32_t aofs, uint32_t bofs,
+uint32_t oprsz, uint32_t maxsz, uint32_t data,
+gen_helper_gvec_3 *fn);
+
+/* Similarly, passing an extra pointer (e.g. env or float_status).  */
+typed

[Qemu-devel] [PATCH v2 13/16] tcg: Remove tcg_regset_{or, and, andnot, not}

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/tcg.h | 4 
 tcg/tcg.c | 2 +-
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index e168bd2c44..8b4208ea03 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -214,10 +214,6 @@ typedef enum TCGOpcode {
 #define tcg_regset_set_reg(d, r) (d) |= 1L << (r)
 #define tcg_regset_reset_reg(d, r) (d) &= ~(1L << (r))
 #define tcg_regset_test_reg(d, r) (((d) >> (r)) & 1)
-#define tcg_regset_or(d, a, b) (d) = (a) | (b)
-#define tcg_regset_and(d, a, b) (d) = (a) & (b)
-#define tcg_regset_andnot(d, a, b) (d) = (a) & ~(b)
-#define tcg_regset_not(d, a) (d) = ~(a)
 
 #ifndef TCG_TARGET_INSN_UNIT_SIZE
 # error "Missing TCG_TARGET_INSN_UNIT_SIZE"
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 873915925f..a19767b5ef 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -2306,7 +2306,7 @@ static TCGReg tcg_reg_alloc(TCGContext *s, TCGRegSet 
desired_regs,
 TCGReg reg;
 TCGRegSet reg_ct;
 
-tcg_regset_andnot(reg_ct, desired_regs, allocated_regs);
+reg_ct = desired_regs & ~allocated_regs;
 order = rev ? indirect_reg_alloc_order : tcg_target_reg_alloc_order;
 
 /* first try free registers */
-- 
2.13.5

[Qemu-devel] [PATCH v2 07/16] target/arm: Align vector registers

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target/arm/cpu.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 98b9b26fd3..419f008277 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -486,7 +486,7 @@ typedef struct CPUARMState {
  * the two execution states, and means we do not need to explicitly
  * map these registers when changing states.
  */
-float64 regs[64];
+float64 regs[64] __attribute__((aligned(16)));
 
 uint32_t xregs[16];
 /* We store these fpcsr fields separately for convenience.  */
-- 
2.13.5

[Qemu-devel] [PATCH v2 06/16] tcg: Add vector infrastructure and ops for add/sub/logic

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 Makefile.target|   2 +-
 tcg/tcg-op-gvec.h  |  61 ++
 tcg/tcg-runtime.h  |  16 ++
 tcg/tcg.h  |   2 +
 tcg/tcg-op-gvec.c  | 489 +
 tcg/tcg-runtime-gvec.c | 192 +++
 tcg/tcg.c  |   4 +-
 7 files changed, 763 insertions(+), 3 deletions(-)
 create mode 100644 tcg/tcg-runtime-gvec.c

diff --git a/Makefile.target b/Makefile.target
index e647b6e2cb..9eefe7cbd7 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -95,7 +95,7 @@ obj-y += exec.o
 obj-y += accel/
 obj-$(CONFIG_TCG) += tcg/tcg.o tcg/tcg-op.o tcg/tcg-op-gvec.o
 obj-$(CONFIG_TCG) += tcg/optimize.o tcg/tcg-common.o
-obj-$(CONFIG_TCG) += tcg/tcg-runtime.o
+obj-$(CONFIG_TCG) += tcg/tcg-runtime.o tcg/tcg-runtime-gvec.o
 obj-$(CONFIG_TCG_INTERPRETER) += tcg/tci.o
 obj-$(CONFIG_TCG_INTERPRETER) += disas/tci.o
 obj-y += fpu/softfloat.o
diff --git a/tcg/tcg-op-gvec.h b/tcg/tcg-op-gvec.h
index affb7c2e89..11d04342b6 100644
--- a/tcg/tcg-op-gvec.h
+++ b/tcg/tcg-op-gvec.h
@@ -41,3 +41,64 @@ typedef void (gen_helper_gvec_3_ptr)(TCGv_ptr, TCGv_ptr, 
TCGv_ptr,
 void tcg_gen_gvec_3_ptr(uint32_t dofs, uint32_t aofs, uint32_t bofs,
 TCGv_ptr ptr, uint32_t oprsz, uint32_t maxsz,
 uint32_t data, gen_helper_gvec_3_ptr *fn);
+
+/* Expand a gvec operation.  Either inline or out-of-line depending on
+   the actual vector size and the operations supported by the host.  */
+typedef struct {
+/* "Small" sizes: expand inline as a 64-bit or 32-bit lane.
+   Only one of these will be non-NULL.  */
+void (*fni8)(TCGv_i64, TCGv_i64, TCGv_i64);
+void (*fni4)(TCGv_i32, TCGv_i32, TCGv_i32);
+/* Larger sizes: expand out-of-line helper w/descriptor.  */
+gen_helper_gvec_3 *fno;
+/* Host vector operations.  */
+TCGOpcode op_v64;
+TCGOpcode op_v128;
+TCGOpcode op_v256;
+} GVecGen3;
+
+void tcg_gen_gvec_3(uint32_t dofs, uint32_t aofs, uint32_t bofs,
+uint32_t opsz, uint32_t clsz, const GVecGen3 *);
+
+/* Expand a specific vector operation.  */
+
+#define DEF(X) \
+void tcg_gen_gvec_##X(uint32_t dofs, uint32_t aofs, uint32_t bofs, \
+  uint32_t opsz, uint32_t clsz)
+
+DEF(add8);
+DEF(add16);
+DEF(add32);
+DEF(add64);
+
+DEF(sub8);
+DEF(sub16);
+DEF(sub32);
+DEF(sub64);
+
+DEF(and);
+DEF(or);
+DEF(xor);
+DEF(andc);
+DEF(orc);
+
+#undef DEF
+
+/*
+ * 64-bit vector operations.  Use these when the register has been allocated
+ * with tcg_global_mem_new_i64, and so we cannot also address it via pointer.
+ * OPRSZ = MAXSZ = 8.
+ */
+
+#define DEF(X) \
+void tcg_gen_vec_##X(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
+
+DEF(add8);
+DEF(add16);
+DEF(add32);
+
+DEF(sub8);
+DEF(sub16);
+DEF(sub32);
+
+#undef DEF
diff --git a/tcg/tcg-runtime.h b/tcg/tcg-runtime.h
index c41d38a557..befb0fa659 100644
--- a/tcg/tcg-runtime.h
+++ b/tcg/tcg-runtime.h
@@ -134,3 +134,19 @@ GEN_ATOMIC_HELPERS(xor_fetch)
 GEN_ATOMIC_HELPERS(xchg)
 
 #undef GEN_ATOMIC_HELPERS
+
+DEF_HELPER_FLAGS_4(gvec_add8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_add16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_add32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_add64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_sub8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_sub16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_sub32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_sub64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_and, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_or, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_xor, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_andc, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_orc, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
diff --git a/tcg/tcg.h b/tcg/tcg.h
index b81c67a754..37ad9fddab 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -824,9 +824,11 @@ int tcg_global_mem_new_internal(TCGType, TCGv_ptr, 
intptr_t, const char *);
 TCGv_i32 tcg_global_reg_new_i32(TCGReg reg, const char *name);
 TCGv_i64 tcg_global_reg_new_i64(TCGReg reg, const char *name);
 
+int tcg_temp_new_internal(TCGType type, int temp_local);
 TCGv_i32 tcg_temp_new_internal_i32(int temp_local);
 TCGv_i64 tcg_temp_new_internal_i64(int temp_local);
 
+void tcg_temp_free_internal(int idx);
 void tcg_temp_free_i32(TCGv_i32 arg);
 void tcg_temp_free_i64(TCGv_i64 arg);
 
diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c
index f48415020d..4b39617682 100644
--- a/tcg/tcg-op-gvec.c
+++ b/tcg/tcg-op-gvec.c
@@ -24,6 +24,30 @@
 #include "tcg-op-gvec.h"
 #include "tcg-gvec-desc.h"
 
+#define REP8(x)((x) * 0x0101010101010101ull)
+#define REP16(x)   ((x) * 0x0001000100010001ull)
+
+#define MAX_U

[Qemu-devel] [PATCH v2 09/16] tcg/i386: Add vector operations

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/i386/tcg-target.h |  46 -
 tcg/i386/tcg-target.inc.c | 438 +-
 2 files changed, 438 insertions(+), 46 deletions(-)

diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index b89dababf4..03f2506223 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -30,11 +30,10 @@
 
 #ifdef __x86_64__
 # define TCG_TARGET_REG_BITS  64
-# define TCG_TARGET_NB_REGS   16
 #else
 # define TCG_TARGET_REG_BITS  32
-# define TCG_TARGET_NB_REGS8
 #endif
+# define TCG_TARGET_NB_REGS   24
 
 typedef enum {
 TCG_REG_EAX = 0,
@@ -56,6 +55,19 @@ typedef enum {
 TCG_REG_R13,
 TCG_REG_R14,
 TCG_REG_R15,
+
+/* SSE registers; 64-bit has access to 8 more, but we won't
+   need more than a few and using only the first 8 minimizes
+   the need for a rex prefix on the sse instructions.  */
+TCG_REG_XMM0,
+TCG_REG_XMM1,
+TCG_REG_XMM2,
+TCG_REG_XMM3,
+TCG_REG_XMM4,
+TCG_REG_XMM5,
+TCG_REG_XMM6,
+TCG_REG_XMM7,
+
 TCG_REG_RAX = TCG_REG_EAX,
 TCG_REG_RCX = TCG_REG_ECX,
 TCG_REG_RDX = TCG_REG_EDX,
@@ -78,6 +90,17 @@ typedef enum {
 extern bool have_bmi1;
 extern bool have_popcnt;
 
+#ifdef __SSE2__
+#define have_sse2  true
+#else
+extern bool have_sse2;
+#endif
+#ifdef __AVX2__
+#define have_avx2  true
+#else
+extern bool have_avx2;
+#endif
+
 /* optional instructions */
 #define TCG_TARGET_HAS_div2_i32 1
 #define TCG_TARGET_HAS_rot_i32  1
@@ -146,6 +169,25 @@ extern bool have_popcnt;
 #define TCG_TARGET_HAS_mulsh_i640
 #endif
 
+#define TCG_TARGET_HAS_v64  have_sse2
+#define TCG_TARGET_HAS_v128 have_sse2
+#define TCG_TARGET_HAS_v256 have_avx2
+
+#define TCG_TARGET_HAS_andc_v64 TCG_TARGET_HAS_v64
+#define TCG_TARGET_HAS_orc_v64  0
+#define TCG_TARGET_HAS_not_v64  0
+#define TCG_TARGET_HAS_neg_v64  0
+
+#define TCG_TARGET_HAS_andc_v128TCG_TARGET_HAS_v128
+#define TCG_TARGET_HAS_orc_v128 0
+#define TCG_TARGET_HAS_not_v128 0
+#define TCG_TARGET_HAS_neg_v128 0
+
+#define TCG_TARGET_HAS_andc_v256TCG_TARGET_HAS_v256
+#define TCG_TARGET_HAS_orc_v256 0
+#define TCG_TARGET_HAS_not_v256 0
+#define TCG_TARGET_HAS_neg_v256 0
+
 #define TCG_TARGET_deposit_i32_valid(ofs, len) \
 (((ofs) == 0 && (len) == 8) || ((ofs) == 8 && (len) == 8) || \
  ((ofs) == 0 && (len) == 16))
diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
index 5231056fd3..fbb41c3b7a 100644
--- a/tcg/i386/tcg-target.inc.c
+++ b/tcg/i386/tcg-target.inc.c
@@ -28,10 +28,11 @@
 static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
 #if TCG_TARGET_REG_BITS == 64
 "%rax", "%rcx", "%rdx", "%rbx", "%rsp", "%rbp", "%rsi", "%rdi",
-"%r8",  "%r9",  "%r10", "%r11", "%r12", "%r13", "%r14", "%r15",
 #else
 "%eax", "%ecx", "%edx", "%ebx", "%esp", "%ebp", "%esi", "%edi",
 #endif
+"%r8",  "%r9",  "%r10", "%r11", "%r12", "%r13", "%r14", "%r15",
+"%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7",
 };
 #endif
 
@@ -61,6 +62,14 @@ static const int tcg_target_reg_alloc_order[] = {
 TCG_REG_EDX,
 TCG_REG_EAX,
 #endif
+TCG_REG_XMM0,
+TCG_REG_XMM1,
+TCG_REG_XMM2,
+TCG_REG_XMM3,
+TCG_REG_XMM4,
+TCG_REG_XMM5,
+TCG_REG_XMM6,
+TCG_REG_XMM7,
 };
 
 static const int tcg_target_call_iarg_regs[] = {
@@ -94,7 +103,7 @@ static const int tcg_target_call_oarg_regs[] = {
 #define TCG_CT_CONST_I32 0x400
 #define TCG_CT_CONST_WSZ 0x800
 
-/* Registers used with L constraint, which are the first argument 
+/* Registers used with L constraint, which are the first argument
registers on x86_64, and two random call clobbered registers on
i386. */
 #if TCG_TARGET_REG_BITS == 64
@@ -126,6 +135,16 @@ static bool have_cmov;
 bool have_bmi1;
 bool have_popcnt;
 
+#ifndef have_sse2
+bool have_sse2;
+#endif
+#ifdef have_avx2
+#define have_avx1  have_avx2
+#else
+static bool have_avx1;
+bool have_avx2;
+#endif
+
 #ifdef CONFIG_CPUID_H
 static bool have_movbe;
 static bool have_bmi2;
@@ -192,6 +211,7 @@ static const char *target_parse_constraint(TCGArgConstraint 
*ct,
 tcg_regset_set_reg(ct->u.regs, TCG_REG_EDI);
 break;
 case 'q':
+/* A register that can be used as a byte operand.  */
 ct->ct |= TCG_CT_REG;
 if (TCG_TARGET_REG_BITS == 64) {
 tcg_regset_set32(ct->u.regs, 0, 0x);
@@ -200,10 +220,12 @@ static const char 
*target_parse_constraint(TCGArgConstraint *ct,
 }
 break;
 case 'Q':
+/* A register with an addressable second byte (e.g. %ah).  */
 ct->ct |= TCG_CT_REG;
 tcg_regset_set32(ct->u.regs, 0, 0xf);
 break;
 case 'r':
+/* A general register.  */
 ct->ct |= TCG_CT_REG;
 if (TCG_TARGET_REG_BITS == 64) {
 tcg_regset_set32(ct

[Qemu-devel] [PATCH v2 10/16] tcg/aarch64: Fully convert tcg_target_op_def

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/aarch64/tcg-target.inc.c | 282 +++
 1 file changed, 151 insertions(+), 131 deletions(-)

diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
index c2f3812214..1ff32e43f5 100644
--- a/tcg/aarch64/tcg-target.inc.c
+++ b/tcg/aarch64/tcg-target.inc.c
@@ -1786,141 +1786,161 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 #undef REG0
 }
 
-static const TCGTargetOpDef aarch64_op_defs[] = {
-{ INDEX_op_exit_tb, { } },
-{ INDEX_op_goto_tb, { } },
-{ INDEX_op_br, { } },
-{ INDEX_op_goto_ptr, { "r" } },
-
-{ INDEX_op_ld8u_i32, { "r", "r" } },
-{ INDEX_op_ld8s_i32, { "r", "r" } },
-{ INDEX_op_ld16u_i32, { "r", "r" } },
-{ INDEX_op_ld16s_i32, { "r", "r" } },
-{ INDEX_op_ld_i32, { "r", "r" } },
-{ INDEX_op_ld8u_i64, { "r", "r" } },
-{ INDEX_op_ld8s_i64, { "r", "r" } },
-{ INDEX_op_ld16u_i64, { "r", "r" } },
-{ INDEX_op_ld16s_i64, { "r", "r" } },
-{ INDEX_op_ld32u_i64, { "r", "r" } },
-{ INDEX_op_ld32s_i64, { "r", "r" } },
-{ INDEX_op_ld_i64, { "r", "r" } },
-
-{ INDEX_op_st8_i32, { "rZ", "r" } },
-{ INDEX_op_st16_i32, { "rZ", "r" } },
-{ INDEX_op_st_i32, { "rZ", "r" } },
-{ INDEX_op_st8_i64, { "rZ", "r" } },
-{ INDEX_op_st16_i64, { "rZ", "r" } },
-{ INDEX_op_st32_i64, { "rZ", "r" } },
-{ INDEX_op_st_i64, { "rZ", "r" } },
-
-{ INDEX_op_add_i32, { "r", "r", "rA" } },
-{ INDEX_op_add_i64, { "r", "r", "rA" } },
-{ INDEX_op_sub_i32, { "r", "r", "rA" } },
-{ INDEX_op_sub_i64, { "r", "r", "rA" } },
-{ INDEX_op_mul_i32, { "r", "r", "r" } },
-{ INDEX_op_mul_i64, { "r", "r", "r" } },
-{ INDEX_op_div_i32, { "r", "r", "r" } },
-{ INDEX_op_div_i64, { "r", "r", "r" } },
-{ INDEX_op_divu_i32, { "r", "r", "r" } },
-{ INDEX_op_divu_i64, { "r", "r", "r" } },
-{ INDEX_op_rem_i32, { "r", "r", "r" } },
-{ INDEX_op_rem_i64, { "r", "r", "r" } },
-{ INDEX_op_remu_i32, { "r", "r", "r" } },
-{ INDEX_op_remu_i64, { "r", "r", "r" } },
-{ INDEX_op_and_i32, { "r", "r", "rL" } },
-{ INDEX_op_and_i64, { "r", "r", "rL" } },
-{ INDEX_op_or_i32, { "r", "r", "rL" } },
-{ INDEX_op_or_i64, { "r", "r", "rL" } },
-{ INDEX_op_xor_i32, { "r", "r", "rL" } },
-{ INDEX_op_xor_i64, { "r", "r", "rL" } },
-{ INDEX_op_andc_i32, { "r", "r", "rL" } },
-{ INDEX_op_andc_i64, { "r", "r", "rL" } },
-{ INDEX_op_orc_i32, { "r", "r", "rL" } },
-{ INDEX_op_orc_i64, { "r", "r", "rL" } },
-{ INDEX_op_eqv_i32, { "r", "r", "rL" } },
-{ INDEX_op_eqv_i64, { "r", "r", "rL" } },
-
-{ INDEX_op_neg_i32, { "r", "r" } },
-{ INDEX_op_neg_i64, { "r", "r" } },
-{ INDEX_op_not_i32, { "r", "r" } },
-{ INDEX_op_not_i64, { "r", "r" } },
-
-{ INDEX_op_shl_i32, { "r", "r", "ri" } },
-{ INDEX_op_shr_i32, { "r", "r", "ri" } },
-{ INDEX_op_sar_i32, { "r", "r", "ri" } },
-{ INDEX_op_rotl_i32, { "r", "r", "ri" } },
-{ INDEX_op_rotr_i32, { "r", "r", "ri" } },
-{ INDEX_op_clz_i32, { "r", "r", "rAL" } },
-{ INDEX_op_ctz_i32, { "r", "r", "rAL" } },
-{ INDEX_op_shl_i64, { "r", "r", "ri" } },
-{ INDEX_op_shr_i64, { "r", "r", "ri" } },
-{ INDEX_op_sar_i64, { "r", "r", "ri" } },
-{ INDEX_op_rotl_i64, { "r", "r", "ri" } },
-{ INDEX_op_rotr_i64, { "r", "r", "ri" } },
-{ INDEX_op_clz_i64, { "r", "r", "rAL" } },
-{ INDEX_op_ctz_i64, { "r", "r", "rAL" } },
-
-{ INDEX_op_brcond_i32, { "r", "rA" } },
-{ INDEX_op_brcond_i64, { "r", "rA" } },
-{ INDEX_op_setcond_i32, { "r", "r", "rA" } },
-{ INDEX_op_setcond_i64, { "r", "r", "rA" } },
-{ INDEX_op_movcond_i32, { "r", "r", "rA", "rZ", "rZ" } },
-{ INDEX_op_movcond_i64, { "r", "r", "rA", "rZ", "rZ" } },
-
-{ INDEX_op_qemu_ld_i32, { "r", "l" } },
-{ INDEX_op_qemu_ld_i64, { "r", "l" } },
-{ INDEX_op_qemu_st_i32, { "lZ", "l" } },
-{ INDEX_op_qemu_st_i64, { "lZ", "l" } },
-
-{ INDEX_op_bswap16_i32, { "r", "r" } },
-{ INDEX_op_bswap32_i32, { "r", "r" } },
-{ INDEX_op_bswap16_i64, { "r", "r" } },
-{ INDEX_op_bswap32_i64, { "r", "r" } },
-{ INDEX_op_bswap64_i64, { "r", "r" } },
-
-{ INDEX_op_ext8s_i32, { "r", "r" } },
-{ INDEX_op_ext16s_i32, { "r", "r" } },
-{ INDEX_op_ext8u_i32, { "r", "r" } },
-{ INDEX_op_ext16u_i32, { "r", "r" } },
-
-{ INDEX_op_ext8s_i64, { "r", "r" } },
-{ INDEX_op_ext16s_i64, { "r", "r" } },
-{ INDEX_op_ext32s_i64, { "r", "r" } },
-{ INDEX_op_ext8u_i64, { "r", "r" } },
-{ INDEX_op_ext16u_i64, { "r", "r" } },
-{ INDEX_op_ext32u_i64, { "r", "r" } },
-{ INDEX_op_ext_i32_i64, { "r", "r" } },
-{ INDEX_op_extu_i32_i64, { "r", "r" } },
-
-{ INDEX_op_deposit_i32, { "r", "0", "rZ" } },
-{ INDEX_op_deposit_i64, { "r", "0", "rZ" } },
-{ INDEX_op_extract_i32, { "r", "r" } },
-{ INDEX_op_extract_i64, { "r", "r" } },
-{ INDEX_op_sextract_i32, { "r", "r" } },
-{ INDEX_

[Qemu-devel] [PATCH v2 08/16] target/arm: Use vector infrastructure for aa64 add/sub/logic

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 137 -
 1 file changed, 87 insertions(+), 50 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 9017e30510..d01a180fba 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -21,6 +21,7 @@
 #include "cpu.h"
 #include "exec/exec-all.h"
 #include "tcg-op.h"
+#include "tcg-op-gvec.h"
 #include "qemu/log.h"
 #include "arm_ldst.h"
 #include "translate.h"
@@ -82,6 +83,7 @@ typedef void NeonGenTwoDoubleOPFn(TCGv_i64, TCGv_i64, 
TCGv_i64, TCGv_ptr);
 typedef void NeonGenOneOpFn(TCGv_i64, TCGv_i64);
 typedef void CryptoTwoOpEnvFn(TCGv_ptr, TCGv_i32, TCGv_i32);
 typedef void CryptoThreeOpEnvFn(TCGv_ptr, TCGv_i32, TCGv_i32, TCGv_i32);
+typedef void GVecGenTwoFn(uint32_t, uint32_t, uint32_t, uint32_t, uint32_t);
 
 /* initialize TCG globals.  */
 void a64_translate_init(void)
@@ -537,6 +539,21 @@ static inline int vec_reg_offset(DisasContext *s, int 
regno,
 return offs;
 }
 
+/* Return the offset info CPUARMState of the "whole" vector register Qn.  */
+static inline int vec_full_reg_offset(DisasContext *s, int regno)
+{
+assert_fp_access_checked(s);
+return offsetof(CPUARMState, vfp.regs[regno * 2]);
+}
+
+/* Return the byte size of the "whole" vector register, VL / 8.  */
+static inline int vec_full_reg_size(DisasContext *s)
+{
+/* FIXME SVE: We should put the composite ZCR_EL* value into tb->flags.
+   In the meantime this is just the AdvSIMD length of 128.  */
+return 128 / 8;
+}
+
 /* Return the offset into CPUARMState of a slice (from
  * the least significant end) of FP register Qn (ie
  * Dn, Sn, Hn or Bn).
@@ -9047,11 +9064,38 @@ static void disas_simd_3same_logic(DisasContext *s, 
uint32_t insn)
 bool is_q = extract32(insn, 30, 1);
 TCGv_i64 tcg_op1, tcg_op2, tcg_res[2];
 int pass;
+GVecGenTwoFn *gvec_op;
 
 if (!fp_access_check(s)) {
 return;
 }
 
+switch (size + 4 * is_u) {
+case 0: /* AND */
+gvec_op = tcg_gen_gvec_and;
+goto do_gvec;
+case 1: /* BIC */
+gvec_op = tcg_gen_gvec_andc;
+goto do_gvec;
+case 2: /* ORR */
+gvec_op = tcg_gen_gvec_or;
+goto do_gvec;
+case 3: /* ORN */
+gvec_op = tcg_gen_gvec_orc;
+goto do_gvec;
+case 4: /* EOR */
+gvec_op = tcg_gen_gvec_xor;
+goto do_gvec;
+do_gvec:
+gvec_op(vec_full_reg_offset(s, rd),
+vec_full_reg_offset(s, rn),
+vec_full_reg_offset(s, rm),
+is_q ? 16 : 8, vec_full_reg_size(s));
+return;
+}
+
+/* Note that we've now eliminated all !is_u.  */
+
 tcg_op1 = tcg_temp_new_i64();
 tcg_op2 = tcg_temp_new_i64();
 tcg_res[0] = tcg_temp_new_i64();
@@ -9061,47 +9105,27 @@ static void disas_simd_3same_logic(DisasContext *s, 
uint32_t insn)
 read_vec_element(s, tcg_op1, rn, pass, MO_64);
 read_vec_element(s, tcg_op2, rm, pass, MO_64);
 
-if (!is_u) {
-switch (size) {
-case 0: /* AND */
-tcg_gen_and_i64(tcg_res[pass], tcg_op1, tcg_op2);
-break;
-case 1: /* BIC */
-tcg_gen_andc_i64(tcg_res[pass], tcg_op1, tcg_op2);
-break;
-case 2: /* ORR */
-tcg_gen_or_i64(tcg_res[pass], tcg_op1, tcg_op2);
-break;
-case 3: /* ORN */
-tcg_gen_orc_i64(tcg_res[pass], tcg_op1, tcg_op2);
-break;
-}
-} else {
-if (size != 0) {
-/* B* ops need res loaded to operate on */
-read_vec_element(s, tcg_res[pass], rd, pass, MO_64);
-}
+/* B* ops need res loaded to operate on */
+read_vec_element(s, tcg_res[pass], rd, pass, MO_64);
 
-switch (size) {
-case 0: /* EOR */
-tcg_gen_xor_i64(tcg_res[pass], tcg_op1, tcg_op2);
-break;
-case 1: /* BSL bitwise select */
-tcg_gen_xor_i64(tcg_op1, tcg_op1, tcg_op2);
-tcg_gen_and_i64(tcg_op1, tcg_op1, tcg_res[pass]);
-tcg_gen_xor_i64(tcg_res[pass], tcg_op2, tcg_op1);
-break;
-case 2: /* BIT, bitwise insert if true */
-tcg_gen_xor_i64(tcg_op1, tcg_op1, tcg_res[pass]);
-tcg_gen_and_i64(tcg_op1, tcg_op1, tcg_op2);
-tcg_gen_xor_i64(tcg_res[pass], tcg_res[pass], tcg_op1);
-break;
-case 3: /* BIF, bitwise insert if false */
-tcg_gen_xor_i64(tcg_op1, tcg_op1, tcg_res[pass]);
-tcg_gen_andc_i64(tcg_op1, tcg_op1, tcg_op2);
-tcg_gen_xor_i64(tcg_res[pass], tcg_res[pass], tcg_op1);
-break;
-}
+switch (size) {
+case 1: /* BSL bitwise select */
+tcg_gen_xor_i

[Qemu-devel] [PATCH v2 05/16] tcg: Add INDEX_op_invalid

[Richard Henderson]

Add with value 0 so that structure zero initialization can
indicate that the field is not present.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alex Bennée 
Signed-off-by: Richard Henderson 
---
 tcg/tcg-opc.h | 2 ++
 tcg/tcg.c | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/tcg/tcg-opc.h b/tcg/tcg-opc.h
index edfdbf8798..b84cd584fb 100644
--- a/tcg/tcg-opc.h
+++ b/tcg/tcg-opc.h
@@ -26,6 +26,8 @@
  * DEF(name, oargs, iargs, cargs, flags)
  */
 
+DEF(invalid, 0, 0, 0, TCG_OPF_NOT_PRESENT)
+
 /* predefined ops */
 DEF(discard, 1, 0, 0, TCG_OPF_NOT_PRESENT)
 DEF(set_label, 0, 0, 1, TCG_OPF_BB_END | TCG_OPF_NOT_PRESENT)
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 9aea00d9b4..8fca202bec 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -754,6 +754,9 @@ int tcg_check_temp_count(void)
 bool tcg_op_supported(TCGOpcode op)
 {
 switch (op) {
+case INDEX_op_invalid:
+return false;
+
 case INDEX_op_discard:
 case INDEX_op_set_label:
 case INDEX_op_call:
-- 
2.13.5

[Qemu-devel] [PATCH v2 15/16] tcg: Fix types in tcg_regset_{set, reset}_reg

[Richard Henderson]

There was a problem here with an ILP32 host with 64 host registers.
E.g. aarch64 running in ILP32 mode.

Signed-off-by: Richard Henderson 
---
 tcg/tcg.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index d4412102ba..c5ada53358 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -210,9 +210,9 @@ typedef enum TCGOpcode {
 NB_OPS,
 } TCGOpcode;
 
-#define tcg_regset_set_reg(d, r) (d) |= 1L << (r)
-#define tcg_regset_reset_reg(d, r) (d) &= ~(1L << (r))
-#define tcg_regset_test_reg(d, r) (((d) >> (r)) & 1)
+#define tcg_regset_set_reg(d, r)   ((d) |= (TCGRegSet)1 << (r))
+#define tcg_regset_reset_reg(d, r) ((d) &= ~((TCGRegSet)1 << (r)))
+#define tcg_regset_test_reg(d, r)  (((d) >> (r)) & 1)
 
 #ifndef TCG_TARGET_INSN_UNIT_SIZE
 # error "Missing TCG_TARGET_INSN_UNIT_SIZE"
-- 
2.13.5

[Qemu-devel] [PATCH v2 12/16] tcg: Remove tcg_regset_set

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/tcg.h | 1 -
 tcg/tcg.c | 8 
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index 7226727ee4..e168bd2c44 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -210,7 +210,6 @@ typedef enum TCGOpcode {
 NB_OPS,
 } TCGOpcode;
 
-#define tcg_regset_set(d, s) (d) = (s)
 #define tcg_regset_set32(d, reg, val32) (d) |= (val32) << (reg)
 #define tcg_regset_set_reg(d, r) (d) |= 1L << (r)
 #define tcg_regset_reset_reg(d, r) (d) &= ~(1L << (r))
diff --git a/tcg/tcg.c b/tcg/tcg.c
index f40cce3364..873915925f 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -2452,7 +2452,7 @@ static void tcg_reg_alloc_mov(TCGContext *s, const 
TCGOpDef *def,
 TCGTemp *ts, *ots;
 TCGType otype, itype;
 
-tcg_regset_set(allocated_regs, s->reserved_regs);
+allocated_regs = s->reserved_regs;
 ots = &s->temps[args[0]];
 ts = &s->temps[args[1]];
 
@@ -2540,8 +2540,8 @@ static void tcg_reg_alloc_op(TCGContext *s,
args + nb_oargs + nb_iargs, 
sizeof(TCGArg) * def->nb_cargs);
 
-tcg_regset_set(i_allocated_regs, s->reserved_regs);
-tcg_regset_set(o_allocated_regs, s->reserved_regs);
+i_allocated_regs = s->reserved_regs;
+o_allocated_regs = s->reserved_regs;
 
 /* satisfy input constraints */ 
 for(k = 0; k < nb_iargs; k++) {
@@ -2741,7 +2741,7 @@ static void tcg_reg_alloc_call(TCGContext *s, int 
nb_oargs, int nb_iargs,
 }
 
 /* assign input registers */
-tcg_regset_set(allocated_regs, s->reserved_regs);
+allocated_regs = s->reserved_regs;
 for(i = 0; i < nb_regs; i++) {
 arg = args[nb_oargs + i];
 if (arg != TCG_CALL_DUMMY_ARG) {
-- 
2.13.5

[Qemu-devel] [PATCH v2 11/16] tcg: Remove tcg_regset_clear

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/tcg.h| 1 -
 tcg/aarch64/tcg-target.inc.c | 2 +-
 tcg/arm/tcg-target.inc.c | 2 +-
 tcg/i386/tcg-target.inc.c| 4 ++--
 tcg/mips/tcg-target.inc.c| 2 +-
 tcg/ppc/tcg-target.inc.c | 2 +-
 tcg/s390/tcg-target.inc.c| 8 
 tcg/sparc/tcg-target.inc.c   | 2 +-
 tcg/tcg.c| 5 ++---
 tcg/tci/tcg-target.inc.c | 2 +-
 10 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index 37ad9fddab..7226727ee4 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -210,7 +210,6 @@ typedef enum TCGOpcode {
 NB_OPS,
 } TCGOpcode;
 
-#define tcg_regset_clear(d) (d) = 0
 #define tcg_regset_set(d, s) (d) = (s)
 #define tcg_regset_set32(d, reg, val32) (d) |= (val32) << (reg)
 #define tcg_regset_set_reg(d, r) (d) |= 1L << (r)
diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
index 1ff32e43f5..141a86a57d 100644
--- a/tcg/aarch64/tcg-target.inc.c
+++ b/tcg/aarch64/tcg-target.inc.c
@@ -1960,7 +1960,7 @@ static void tcg_target_init(TCGContext *s)
  (1 << TCG_REG_X16) | (1 << TCG_REG_X17) |
  (1 << TCG_REG_X18) | (1 << TCG_REG_X30));
 
-tcg_regset_clear(s->reserved_regs);
+s->reserved_regs = 0;
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_SP);
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_FP);
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_TMP);
diff --git a/tcg/arm/tcg-target.inc.c b/tcg/arm/tcg-target.inc.c
index db46aea38c..f0c176554b 100644
--- a/tcg/arm/tcg-target.inc.c
+++ b/tcg/arm/tcg-target.inc.c
@@ -2173,7 +2173,7 @@ static void tcg_target_init(TCGContext *s)
  (1 << TCG_REG_R12) |
  (1 << TCG_REG_R14));
 
-tcg_regset_clear(s->reserved_regs);
+s->reserved_regs = 0;
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_CALL_STACK);
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_TMP);
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_PC);
diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
index fbb41c3b7a..e9766f6686 100644
--- a/tcg/i386/tcg-target.inc.c
+++ b/tcg/i386/tcg-target.inc.c
@@ -2999,7 +2999,7 @@ static void tcg_target_init(TCGContext *s)
 tcg_regset_set32(tcg_target_available_regs[TCG_TYPE_V256], 0, 
0xff);
 }
 
-tcg_regset_clear(tcg_target_call_clobber_regs);
+tcg_target_call_clobber_regs = 0;
 tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_EAX);
 tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_EDX);
 tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_ECX);
@@ -3014,7 +3014,7 @@ static void tcg_target_init(TCGContext *s)
 tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_R11);
 }
 
-tcg_regset_clear(s->reserved_regs);
+s->reserved_regs = 0;
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_CALL_STACK);
 }
 
diff --git a/tcg/mips/tcg-target.inc.c b/tcg/mips/tcg-target.inc.c
index 750baadf37..85c1abd14b 100644
--- a/tcg/mips/tcg-target.inc.c
+++ b/tcg/mips/tcg-target.inc.c
@@ -2629,7 +2629,7 @@ static void tcg_target_init(TCGContext *s)
(1 << TCG_REG_T8) |
(1 << TCG_REG_T9));
 
-tcg_regset_clear(s->reserved_regs);
+s->reserved_regs = 0;
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_ZERO); /* zero register */
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_K0);   /* kernel use only */
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_K1);   /* kernel use only */
diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
index 21d764c102..b1df1e146a 100644
--- a/tcg/ppc/tcg-target.inc.c
+++ b/tcg/ppc/tcg-target.inc.c
@@ -2786,7 +2786,7 @@ static void tcg_target_init(TCGContext *s)
  (1 << TCG_REG_R11) |
  (1 << TCG_REG_R12));
 
-tcg_regset_clear(s->reserved_regs);
+s->reserved_regs = 0;
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_R0); /* tcg temp */
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_R1); /* stack pointer */
 #if defined(_CALL_SYSV)
diff --git a/tcg/s390/tcg-target.inc.c b/tcg/s390/tcg-target.inc.c
index e7ab8e4df3..01baa33673 100644
--- a/tcg/s390/tcg-target.inc.c
+++ b/tcg/s390/tcg-target.inc.c
@@ -413,12 +413,12 @@ static const char 
*target_parse_constraint(TCGArgConstraint *ct,
 break;
 case 'a':  /* force R2 for division */
 ct->ct |= TCG_CT_REG;
-tcg_regset_clear(ct->u.regs);
+ct->u.regs = 0;
 tcg_regset_set_reg(ct->u.regs, TCG_REG_R2);
 break;
 case 'b':  /* force R3 for division */
 ct->ct |= TCG_CT_REG;
-tcg_regset_clear(ct->u.regs);
+ct->u.regs = 0;
 tcg_regset_set_reg(ct->u.regs, TCG_REG_R3);
 break;
 case 'A':
@@ -2522,7 +2522,7 @@ static void tcg_target_init(TCGContext *s)
 tcg_regset_set32(tcg_target_available_regs[TCG_TYPE_I32], 0, 0x);
 tcg_regset_set32(tcg_target_available_r

Re: [Qemu-devel] [PATCH 02/10] qemu-iotests: get rid of AWK_PROG

[Philippe Mathieu-Daudé]

Hi Paolo,

Hmm did you just resend your v1? Except the cover the patches don't have 
"v2" and I remember reviewing this one (also Eric Blake replied with his 
R-b).


On 09/12/2017 11:44 AM, Paolo Bonzini wrote:

Signed-off-by: Paolo Bonzini 
---
  tests/qemu-iotests/check | 4 ++--
  tests/qemu-iotests/common| 2 +-
  tests/qemu-iotests/common.config | 3 ---
  3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/tests/qemu-iotests/check b/tests/qemu-iotests/check
index 4a6ed67b42..5c0d0c51dc 100755
--- a/tests/qemu-iotests/check
+++ b/tests/qemu-iotests/check
@@ -128,7 +128,7 @@ tmp="${TEST_DIR}"/$$
  
  _wallclock()

  {
-date "+%H %M %S" | $AWK_PROG '{ print $1*3600 + $2*60 + $3 }'
+date "+%H %M %S" | awk '{ print $1*3600 + $2*60 + $3 }'
  }
  
  _timestamp()

@@ -147,7 +147,7 @@ _wrapup()
  if [ -f $TIMESTAMP_FILE -a -f $tmp.time ]
  then
  cat $TIMESTAMP_FILE $tmp.time \
-| $AWK_PROG '
+| awk '
  { t[$1] = $2 }
  END{ if (NR > 0) {
  for (i in t) print i " " t[i]
diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common
index 867918895b..130f647a4d 100644
--- a/tests/qemu-iotests/common
+++ b/tests/qemu-iotests/common
@@ -366,7 +366,7 @@ testlist options
  if $xpand
  then
  have_test_arg=true
-$AWK_PROG   
-export AWK_PROG="`set_prog_path awk`"

-[ "$AWK_PROG" = "" ] && _fatal "awk not found"
-
  if [ -z "$QEMU_PROG" ]; then
  export QEMU_PROG="`set_prog_path qemu`"
  fi

[Qemu-devel] [PATCH v2 14/16] tcg: Remove tcg_regset_set32

[Richard Henderson]

It's not even clear what the interface REG and VAL32 were supposed to mean.
All uses had REG = 0 and VAL32 was the bitset assigned to the destination.

Signed-off-by: Richard Henderson 
---
 tcg/tcg.h|  1 -
 tcg/aarch64/tcg-target.inc.c | 33 +++---
 tcg/arm/tcg-target.inc.c | 23 +++--
 tcg/i386/tcg-target.inc.c| 34 ++-
 tcg/ppc/tcg-target.inc.c | 37 +-
 tcg/s390/tcg-target.inc.c| 14 ++---
 tcg/sparc/tcg-target.inc.c   | 48 ++--
 tcg/tci/tcg-target.inc.c | 11 --
 8 files changed, 94 insertions(+), 107 deletions(-)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index 8b4208ea03..d4412102ba 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -210,7 +210,6 @@ typedef enum TCGOpcode {
 NB_OPS,
 } TCGOpcode;
 
-#define tcg_regset_set32(d, reg, val32) (d) |= (val32) << (reg)
 #define tcg_regset_set_reg(d, r) (d) |= 1L << (r)
 #define tcg_regset_reset_reg(d, r) (d) &= ~(1L << (r))
 #define tcg_regset_test_reg(d, r) (((d) >> (r)) & 1)
diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
index 141a86a57d..150530f30e 100644
--- a/tcg/aarch64/tcg-target.inc.c
+++ b/tcg/aarch64/tcg-target.inc.c
@@ -121,11 +121,11 @@ static const char 
*target_parse_constraint(TCGArgConstraint *ct,
 switch (*ct_str++) {
 case 'r':
 ct->ct |= TCG_CT_REG;
-tcg_regset_set32(ct->u.regs, 0, (1ULL << TCG_TARGET_NB_REGS) - 1);
+ct->u.regs = 0xu;
 break;
 case 'l': /* qemu_ld / qemu_st address, data_reg */
 ct->ct |= TCG_CT_REG;
-tcg_regset_set32(ct->u.regs, 0, (1ULL << TCG_TARGET_NB_REGS) - 1);
+ct->u.regs = 0xu;
 #ifdef CONFIG_SOFTMMU
 /* x0 and x1 will be overwritten when reading the tlb entry,
and x2, and x3 for helper args, better to avoid using them. */
@@ -1945,20 +1945,21 @@ static const TCGTargetOpDef 
*tcg_target_op_def(TCGOpcode op)
 
 static void tcg_target_init(TCGContext *s)
 {
-tcg_regset_set32(tcg_target_available_regs[TCG_TYPE_I32], 0, 0x);
-tcg_regset_set32(tcg_target_available_regs[TCG_TYPE_I64], 0, 0x);
-
-tcg_regset_set32(tcg_target_call_clobber_regs, 0,
- (1 << TCG_REG_X0) | (1 << TCG_REG_X1) |
- (1 << TCG_REG_X2) | (1 << TCG_REG_X3) |
- (1 << TCG_REG_X4) | (1 << TCG_REG_X5) |
- (1 << TCG_REG_X6) | (1 << TCG_REG_X7) |
- (1 << TCG_REG_X8) | (1 << TCG_REG_X9) |
- (1 << TCG_REG_X10) | (1 << TCG_REG_X11) |
- (1 << TCG_REG_X12) | (1 << TCG_REG_X13) |
- (1 << TCG_REG_X14) | (1 << TCG_REG_X15) |
- (1 << TCG_REG_X16) | (1 << TCG_REG_X17) |
- (1 << TCG_REG_X18) | (1 << TCG_REG_X30));
+tcg_target_available_regs[TCG_TYPE_I32] = 0xu;
+tcg_target_available_regs[TCG_TYPE_I64] = 0xu;
+
+tcg_target_call_clobber_regs = 0xfffu;
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_X19);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_X20);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_X21);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_X22);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_X23);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_X24);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_X25);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_X26);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_X27);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_X28);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_X29);
 
 s->reserved_regs = 0;
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_SP);
diff --git a/tcg/arm/tcg-target.inc.c b/tcg/arm/tcg-target.inc.c
index f0c176554b..14599a8685 100644
--- a/tcg/arm/tcg-target.inc.c
+++ b/tcg/arm/tcg-target.inc.c
@@ -264,13 +264,13 @@ static const char 
*target_parse_constraint(TCGArgConstraint *ct,
 
 case 'r':
 ct->ct |= TCG_CT_REG;
-tcg_regset_set32(ct->u.regs, 0, (1 << TCG_TARGET_NB_REGS) - 1);
+ct->u.regs = 0x;
 break;
 
 /* qemu_ld address */
 case 'l':
 ct->ct |= TCG_CT_REG;
-tcg_regset_set32(ct->u.regs, 0, (1 << TCG_TARGET_NB_REGS) - 1);
+ct->u.regs = 0x;
 #ifdef CONFIG_SOFTMMU
 /* r0-r2,lr will be overwritten when reading the tlb entry,
so don't use these. */
@@ -284,7 +284,7 @@ static const char *target_parse_constraint(TCGArgConstraint 
*ct,
 /* qemu_st address & data */
 case 's':
 ct->ct |= TCG_CT_REG;
-tcg_regset_set32(ct->u.regs, 0, (1 << TCG_TARGET_NB_REGS) - 1);
+ct->u.regs = 0x;
 /* r0-r2 will be overwritten when reading 

[Qemu-devel] [PATCH v2 16/16] tcg/aarch64: Add vector operations

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/aarch64/tcg-target.h |  23 ++-
 tcg/aarch64/tcg-target.inc.c | 372 ++-
 2 files changed, 350 insertions(+), 45 deletions(-)

diff --git a/tcg/aarch64/tcg-target.h b/tcg/aarch64/tcg-target.h
index c2525066ab..310efa3c1d 100644
--- a/tcg/aarch64/tcg-target.h
+++ b/tcg/aarch64/tcg-target.h
@@ -31,13 +31,22 @@ typedef enum {
 TCG_REG_SP = 31,
 TCG_REG_XZR = 31,
 
+TCG_REG_V0 = 32, TCG_REG_V1, TCG_REG_V2, TCG_REG_V3,
+TCG_REG_V4, TCG_REG_V5, TCG_REG_V6, TCG_REG_V7,
+TCG_REG_V8, TCG_REG_V9, TCG_REG_V10, TCG_REG_V11,
+TCG_REG_V12, TCG_REG_V13, TCG_REG_V14, TCG_REG_V15,
+TCG_REG_V16, TCG_REG_V17, TCG_REG_V18, TCG_REG_V19,
+TCG_REG_V20, TCG_REG_V21, TCG_REG_V22, TCG_REG_V23,
+TCG_REG_V24, TCG_REG_V25, TCG_REG_V26, TCG_REG_V27,
+TCG_REG_V28, TCG_REG_V29, TCG_REG_V30, TCG_REG_V31,
+
 /* Aliases.  */
 TCG_REG_FP = TCG_REG_X29,
 TCG_REG_LR = TCG_REG_X30,
 TCG_AREG0  = TCG_REG_X19,
 } TCGReg;
 
-#define TCG_TARGET_NB_REGS 32
+#define TCG_TARGET_NB_REGS 64
 
 /* used for function call generation */
 #define TCG_REG_CALL_STACK  TCG_REG_SP
@@ -113,6 +122,18 @@ typedef enum {
 #define TCG_TARGET_HAS_mulsh_i641
 #define TCG_TARGET_HAS_direct_jump  1
 
+#define TCG_TARGET_HAS_v64  1
+#define TCG_TARGET_HAS_andc_v64 1
+#define TCG_TARGET_HAS_orc_v64  1
+#define TCG_TARGET_HAS_not_v64  1
+#define TCG_TARGET_HAS_neg_v64  1
+
+#define TCG_TARGET_HAS_v128 1
+#define TCG_TARGET_HAS_andc_v1281
+#define TCG_TARGET_HAS_orc_v128 1
+#define TCG_TARGET_HAS_not_v128 1
+#define TCG_TARGET_HAS_neg_v128 1
+
 #define TCG_TARGET_DEFAULT_MO (0)
 
 static inline void flush_icache_range(uintptr_t start, uintptr_t stop)
diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
index 150530f30e..a2419dcb0c 100644
--- a/tcg/aarch64/tcg-target.inc.c
+++ b/tcg/aarch64/tcg-target.inc.c
@@ -20,10 +20,15 @@ QEMU_BUILD_BUG_ON(TCG_TYPE_I32 != 0 || TCG_TYPE_I64 != 1);
 
 #ifdef CONFIG_DEBUG_TCG
 static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
-"%x0", "%x1", "%x2", "%x3", "%x4", "%x5", "%x6", "%x7",
-"%x8", "%x9", "%x10", "%x11", "%x12", "%x13", "%x14", "%x15",
-"%x16", "%x17", "%x18", "%x19", "%x20", "%x21", "%x22", "%x23",
-"%x24", "%x25", "%x26", "%x27", "%x28", "%fp", "%x30", "%sp",
+"x0", "x1", "x2", "x3", "x4", "x5", "x6", "x7",
+"x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15",
+"x16", "x17", "x18", "x19", "x20", "x21", "x22", "x23",
+"x24", "x25", "x26", "x27", "x28", "fp", "x30", "sp",
+
+"v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+"v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+"v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+"v24", "v25", "v26", "v27", "v28", "fp", "v30", "v31",
 };
 #endif /* CONFIG_DEBUG_TCG */
 
@@ -43,6 +48,14 @@ static const int tcg_target_reg_alloc_order[] = {
 /* X19 reserved for AREG0 */
 /* X29 reserved as fp */
 /* X30 reserved as temporary */
+
+TCG_REG_V0, TCG_REG_V1, TCG_REG_V2, TCG_REG_V3,
+TCG_REG_V4, TCG_REG_V5, TCG_REG_V6, TCG_REG_V7,
+/* V8 - V15 are call-saved, and skipped.  */
+TCG_REG_V16, TCG_REG_V17, TCG_REG_V18, TCG_REG_V19,
+TCG_REG_V20, TCG_REG_V21, TCG_REG_V22, TCG_REG_V23,
+TCG_REG_V24, TCG_REG_V25, TCG_REG_V26, TCG_REG_V27,
+TCG_REG_V28, TCG_REG_V29, TCG_REG_V30, TCG_REG_V31,
 };
 
 static const int tcg_target_call_iarg_regs[8] = {
@@ -119,10 +132,14 @@ static const char 
*target_parse_constraint(TCGArgConstraint *ct,
const char *ct_str, TCGType type)
 {
 switch (*ct_str++) {
-case 'r':
+case 'r': /* general registers */
 ct->ct |= TCG_CT_REG;
 ct->u.regs = 0xu;
 break;
+case 'w': /* advsimd registers */
+ct->ct |= TCG_CT_REG;
+ct->u.regs = 0xull;
+break;
 case 'l': /* qemu_ld / qemu_st address, data_reg */
 ct->ct |= TCG_CT_REG;
 ct->u.regs = 0xu;
@@ -290,6 +307,12 @@ typedef enum {
 I3312_LDRSHX= 0x3800 | LDST_LD_S_X << 22 | MO_16 << 30,
 I3312_LDRSWX= 0x3800 | LDST_LD_S_X << 22 | MO_32 << 30,
 
+I3312_LDRVD = 0x3c00 | LDST_LD << 22 | MO_64 << 30,
+I3312_STRVD = 0x3c00 | LDST_ST << 22 | MO_64 << 30,
+
+I3312_LDRVQ = 0x3c00 | 3 << 22 | 0 << 30,
+I3312_STRVQ = 0x3c00 | 2 << 22 | 0 << 30,
+
 I3312_TO_I3310  = 0x00200800,
 I3312_TO_I3313  = 0x0100,
 
@@ -374,8 +397,33 @@ typedef enum {
 I3510_EON   = 0x4a20,
 I3510_ANDS  = 0x6a00,
 
-NOP = 0xd503201f,
+/* AdvSIMD modified immediate */
+I3606_MOVI  = 0x0f000400,
+
+/* AdvSIMD three same.  */
+I3616_ADD_B = 0x0e208400,
+I3616_ADD_H = 0x0e608400,
+  

Re: [Qemu-devel] [PATCH 6/6] arm: drop intermadiate cpu_model -> cpu type parsing and use cpu type directly

[Alistair Francis]

On Tue, Sep 12, 2017 at 3:53 AM, Igor Mammedov  wrote:
> On Tue, 5 Sep 2017 19:12:26 -0300
> Eduardo Habkost  wrote:
>
>> On Tue, Sep 05, 2017 at 02:47:52PM -0700, Alistair Francis wrote:
>> > On Tue, Sep 5, 2017 at 2:31 PM, Eduardo Habkost  
>> > wrote:
>> [...]
>> > >> diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c
>> > >> index f61e735..1cd6374 100644
>> > >> --- a/hw/arm/stm32f205_soc.c
>> > >> +++ b/hw/arm/stm32f205_soc.c
>> > >> @@ -112,7 +112,7 @@ static void stm32f205_soc_realize(DeviceState 
>> > >> *dev_soc, Error **errp)
>> > >>
>> > >>  armv7m = DEVICE(&s->armv7m);
>> > >>  qdev_prop_set_uint32(armv7m, "num-irq", 96);
>> > >> -qdev_prop_set_string(armv7m, "cpu-model", s->cpu_model);
>> > >> +qdev_prop_set_string(armv7m, "cpu-type", s->cpu_type);
>> > >>  object_property_set_link(OBJECT(&s->armv7m), 
>> > >> OBJECT(get_system_memory()),
>> > >>   "memory", &error_abort);
>> > >>  object_property_set_bool(OBJECT(&s->armv7m), true, "realized", 
>> > >> &err);
>> > >> @@ -200,7 +200,7 @@ static void stm32f205_soc_realize(DeviceState 
>> > >> *dev_soc, Error **errp)
>> > >>  }
>> > >>
>> > >>  static Property stm32f205_soc_properties[] = {
>> > >> -DEFINE_PROP_STRING("cpu-model", STM32F205State, cpu_model),
>> > >> +DEFINE_PROP_STRING("cpu-type", STM32F205State, cpu_type),
>> > >
>> > > Same as armv7m: are we 100% sure users are not setting this
>> > > manually?
>> >
>> > In an embedded board like this it really doesn't make sense to let the
>> > user overwrite the CPU. The SoC will take it as an option, but the
>> > board (which creates the SoC) just blindly always uses the same CPU.
>> > That feature is more for QOMificatoion then any real reason though.
>> >
>>
>> I'm not talking about -cpu (no user-visible change in the
>> handling of -cpu should result from this patch), but about
>> possible cases where the user set the "cpu-model" property using
>> another mechanism, like -global.  Probably it's impossible for an
>> user to override the property successfully, but I would like to
>> be sure.
>>
>>
>> > In saying that I think a warning if the user tries to set the CPU
>> > would make sense. I know that this issues comes up in other ARM boards
>> > (Zynq-7000 has the same issue as well) so maybe a machine property
>> > saying that the board doesn't accept custom CPUs would be a good idea.
> Agreed, it would be useful, however goal of the patch to drop
> cpu_generic_init() preferably without changing behavior
>
> so I'd leave extra stuff you mention upto board maintainers
> to fix up on top.
>
>
>> Yeah, there are multiple cases in this patch where boards are
>> validating the CPU model, but not all boards do that.  A generic
>> MachineClass::valid_cpu_types[] field would be useful.
> so far I've met 3 use cases for valid_cpu_types
>  * no check - just try to use whatever user provided
>  * check for concrete cpu models (leaf classes)
>  * check for super-class based in partial cpu_model match
>
> it is nice to have valid_cpu_types[] /I recall even trying out something 
> similar/
> but then series turns into mess where one tries to fix several things
> and on top of it in all targets, hence I've decided first to get rid of
> all cpu_model handling in boards and only then think about valid_cpus using 
> cpu types.
>
> I'd gladly give up 'valid cpus' to someone else more interested in it,
> there are other users beside of ARM boards for it.
> /seems Alistair is interested in it, at least in ARM part/

Yeah, I'm interested in getting a generic framework to make this
possible in. Still just an RFC, I need to get back to that this week
and tidy it up.

Thanks,
Alistair

>
>
>> > Overall I think this patch is moving in the right direction though and
>> > this CPU option being ignored existed before this series.
>>
>> I agree this is going on the right direction.  However, I don't
>> see any board that ignore the CPU option: all of them seem to use
>> cpu_model when creating the CPUs, already.
> in ARM case there are boards that use
>  * '-cpu' provided model
>  * '-cpu' provided model with valid cpu checks
>  * 'hardcoded' cpu model ignoring '-cpu'/-global
>
> I've thought commit message sufficiently described current situation and 
> changes.

Re: [Qemu-devel] [PATCH] mps2-an511: Fix wiring of UART overflow interrupt lines

[Peter Maydell]

On 12 September 2017 at 17:22, Philippe Mathieu-Daudé  wrote:
> (CC'ed qemu-arm)
>
> Hi Peter,
>
> On 09/12/2017 01:13 PM, Peter Maydell wrote:
>>
>> Fix an error that meant we were wiring every UART's overflow
>> interrupts into the same inputs 0 and 1 of the OR gate,
>> rather than giving each its own input.
>
>
> oops tricky to catch
>
>>
>> Cc: qemu-sta...@nongnu.org
>> Signed-off-by: Peter Maydell 
>> ---
>>   hw/arm/mps2.c | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/arm/mps2.c b/hw/arm/mps2.c
>> index abb0ab6..769cff8 100644
>> --- a/hw/arm/mps2.c
>> +++ b/hw/arm/mps2.c
>
>
> /* The overflow IRQs for all UARTs are ORed together.
>  * Tx and Rx IRQs for each UART are ORed together.
>  */
>
> can you update this comment?

The comment is correct. "txrx_orgate_dev" is a 2-input OR gate,
which we create one of per UART. It ORs together the TX IRQ
and the RX IRQ. "orgate_dev" is a 10-input OR gate, which ORs
together the TX overflow IRQ and the RX overflow IRQ from each
UART. The bug here is just that we were using the wrong input
pins on orgate_dev.

thanks
-- PMM

Re: [Qemu-devel] [PULL 28/32] target/arm: [tcg] Port to generic translation framework

[Richard Henderson]

On 09/12/2017 09:12 AM, Laurent Desnogues wrote:
>> +static void aarch64_tr_tb_start(DisasContextBase *db, CPUState *cpu)
>> +{
>> +tcg_clear_temp_count();
>> +}
> 
> Is it really needed to call tcg_clear_temp_count here when it's now
> called in translator_loop?

Nope, missed while moving these calls around.
Thanks.


r~

Re: [Qemu-devel] [PATCH 02/10] qemu-iotests: get rid of AWK_PROG

[Paolo Bonzini]

On 12/09/2017 18:30, Philippe Mathieu-Daudé wrote:
> Hi Paolo,
> 
> Hmm did you just resend your v1? Except the cover the patches don't have
> "v2" and I remember reviewing this one (also Eric Blake replied with his
> R-b).

I didn't include the R-bs, sorry (most of the later patches had
non-trivial context changes, this one is the exception).

But it's definitely v2, because v1 had 12 patches. :)

Paolo


> On 09/12/2017 11:44 AM, Paolo Bonzini wrote:
>> Signed-off-by: Paolo Bonzini 
>> ---
>>   tests/qemu-iotests/check | 4 ++--
>>   tests/qemu-iotests/common| 2 +-
>>   tests/qemu-iotests/common.config | 3 ---
>>   3 files changed, 3 insertions(+), 6 deletions(-)
>>
>> diff --git a/tests/qemu-iotests/check b/tests/qemu-iotests/check
>> index 4a6ed67b42..5c0d0c51dc 100755
>> --- a/tests/qemu-iotests/check
>> +++ b/tests/qemu-iotests/check
>> @@ -128,7 +128,7 @@ tmp="${TEST_DIR}"/$$
>> _wallclock()
>>   {
>> -date "+%H %M %S" | $AWK_PROG '{ print $1*3600 + $2*60 + $3 }'
>> +date "+%H %M %S" | awk '{ print $1*3600 + $2*60 + $3 }'
>>   }
>> _timestamp()
>> @@ -147,7 +147,7 @@ _wrapup()
>>   if [ -f $TIMESTAMP_FILE -a -f $tmp.time ]
>>   then
>>   cat $TIMESTAMP_FILE $tmp.time \
>> -| $AWK_PROG '
>> +| awk '
>>   { t[$1] = $2 }
>>   END{ if (NR > 0) {
>>   for (i in t) print i " " t[i]
>> diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common
>> index 867918895b..130f647a4d 100644
>> --- a/tests/qemu-iotests/common
>> +++ b/tests/qemu-iotests/common
>> @@ -366,7 +366,7 @@ testlist options
>>   if $xpand
>>   then
>>   have_test_arg=true
>> -$AWK_PROG > +awk >   BEGIN{ for (t='$start'; t<='$end'; t++) printf "%03d\n",t }' \
>>   | while read id
>>   do
>> diff --git a/tests/qemu-iotests/common.config
>> b/tests/qemu-iotests/common.config
>> index b599c72211..0f571d46eb 100644
>> --- a/tests/qemu-iotests/common.config
>> +++ b/tests/qemu-iotests/common.config
>> @@ -56,9 +56,6 @@ _fatal()
>>   exit 1
>>   }
>>   -export AWK_PROG="`set_prog_path awk`"
>> -[ "$AWK_PROG" = "" ] && _fatal "awk not found"
>> -
>>   if [ -z "$QEMU_PROG" ]; then
>>   export QEMU_PROG="`set_prog_path qemu`"
>>   fi
>>

Re: [Qemu-devel] [PATCH 05/27] vhost-user-scsi: connect unix socket before allocating

[Philippe Mathieu-Daudé]

On 08/23/2017 01:19 PM, Marc-André Lureau wrote:

This simplify a little bit memory management in the following patches.

Signed-off-by: Marc-André Lureau 
---
  contrib/vhost-user-scsi/vhost-user-scsi.c | 18 +-
  1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/contrib/vhost-user-scsi/vhost-user-scsi.c 
b/contrib/vhost-user-scsi/vhost-user-scsi.c
index 1fb57da2da..cddaaf8995 100644
--- a/contrib/vhost-user-scsi/vhost-user-scsi.c
+++ b/contrib/vhost-user-scsi/vhost-user-scsi.c
@@ -715,11 +715,11 @@ static void vdev_scsi_deinit(vhost_scsi_dev_t *vdev_scsi)
  }
  }
  
-static vhost_scsi_dev_t *vdev_scsi_new(char *unix_fn)

+static vhost_scsi_dev_t *vdev_scsi_new(int server_sock)
  {
  vhost_scsi_dev_t *vdev_scsi = NULL;
  
-assert(unix_fn);

+assert(server_sock >= 0);


This assert() can't happen anymore.

Removing it:
Reviewed-by: Philippe Mathieu-Daudé 

  
  vdev_scsi = calloc(1, sizeof(vhost_scsi_dev_t));

  if (!vdev_scsi) {
@@ -727,11 +727,7 @@ static vhost_scsi_dev_t *vdev_scsi_new(char *unix_fn)
  return NULL;
  }
  
-vdev_scsi->server_sock = unix_sock_new(unix_fn);

-if (vdev_scsi->server_sock < 0) {
-goto err;
-}
-
+vdev_scsi->server_sock = server_sock;
  vdev_scsi->loop = g_main_loop_new(NULL, FALSE);
  if (!vdev_scsi->loop) {
  PERR("Error creating glib event loop");
@@ -815,7 +811,7 @@ int main(int argc, char **argv)
  vhost_scsi_dev_t *vdev_scsi = NULL;
  char *unix_fn = NULL;
  char *iscsi_uri = NULL;
-int opt, err = EXIT_SUCCESS;
+int sock, opt, err = EXIT_SUCCESS;
  
  while ((opt = getopt(argc, argv, "u:i:")) != -1) {

  switch (opt) {
@@ -835,7 +831,11 @@ int main(int argc, char **argv)
  goto help;
  }
  
-vdev_scsi = vdev_scsi_new(unix_fn);

+sock = unix_sock_new(unix_fn);
+if (sock < 0) {
+goto err;
+}
+vdev_scsi = vdev_scsi_new(sock);
  if (!vdev_scsi) {
  goto err;
  }

[Qemu-devel] [Bug 1716028] Re: qemu 2.10 locks images with no feature flag

[Scott Moser]

Kevin,
thanks again.  You've provided enough support for me at this point.  I had 
looked at trying to coalesce multiple -drive values into a single one, and that 
can definitely be made to work with the newer qemu, but i'm not sure I can make 
it work with older.  

the goal there would be to do something like:
$ qemu-system-x86_64   \
   -drive id=d01,file.filename=disk1.img,format=qcow2,if=none -\
   -device virtio-blk,drive=d01,serial=s01 \
   -device virtio-blk,drive=d01,serial=s02

on newer qemu, that works if i change 'id=' to 'node-name', but on older
qemu I can't convince it to let me have 1 drive associated to multiple
-device.

What we ended up doing is at 
  
https://code.launchpad.net/~smoser/curtin/trunk.lp1716028-hack-file-locking-in-qemu/+merge/330456

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1716028

Title:
  qemu 2.10 locks images with no feature flag

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  New

Bug description:
  1) % lsb_release -rd
  Description:  Ubuntu Artful Aardvark (development branch)
  Release:  17.10

  2) % apt-cache policy qemu-system-x86
  qemu-system-x86:
Installed: 1:2.10~rc3+dfsg-0ubuntu1
Candidate: 1:2.10+dfsg-0ubuntu1
Version table:
   1:2.10+dfsg-0ubuntu1 500
  500 http://archive.ubuntu.com//ubuntu devel/main amd64 Packages
   *** 1:2.10~rc3+dfsg-0ubuntu1 100
  100 /var/lib/dpkg/status

  3) qemu locks image files with no way to discover this feature nor how
  to disable it

  4) qemu provides a way to query if it supports image locking, and what
  the default value is, and how to disable the locking via cli

  qemu 2.10 now will lock image files and warn if an image is currently
  locked.  This prevent qemu from running (and possibly corrupting said
  image).

  However, qemu does not provide any way to determine if a qemu binary
  actually has this capability.  Normally behavior changing features are
  exposed via some change to the qemu help menu or QMP/QAPI output of
  capabilities.

  I believe this slipped through since libvirt already does image
  locking, but direct cli users will be caught by this change.

  In particular, we have a use-case where we simulate multipath disks by
  creating to disks which point to the same file which now breaks
  without adding the 'file.locking=off' to the -drive parameters;  which
  is also completely undocumented and unexposed.

  Some parts of the cli like -device allow querying of settable options
  (qemu-system-x86 -device scsi_hd,?)  but nothing equivalent exists for
  -drive parameters.

  ProblemType: Bug
  DistroRelease: Ubuntu 17.10
  Package: qemu-system-x86 1:2.10~rc3+dfsg-0ubuntu1
  ProcVersionSignature: Ubuntu 4.12.0-11.12-generic 4.12.5
  Uname: Linux 4.12.0-11-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
  ApportVersion: 2.20.6-0ubuntu7
  Architecture: amd64
  Date: Fri Sep  8 12:56:53 2017
  JournalErrors:
   Hint: You are currently not seeing messages from other users and the system.
 Users in groups 'adm', 'systemd-journal' can see all messages.
 Pass -q to turn off this notice.
   -- Logs begin at Mon 2017-01-30 11:56:02 CST, end at Fri 2017-09-08 12:56:46 
CDT. --
   -- No entries --
  KvmCmdLine: COMMAND STAT  EUID  RUID   PID  PPID %CPU COMMAND
  MachineType: HP ProLiant DL360 Gen9
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.12.0-11-generic 
root=UUID=45354276-e0c0-4bf6-9083-f130b89411cc ro --- console=ttyS1,115200
  SourcePackage: qemu
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 03/05/2015
  dmi.bios.vendor: HP
  dmi.bios.version: P89
  dmi.chassis.type: 23
  dmi.chassis.vendor: HP
  dmi.modalias: 
dmi:bvnHP:bvrP89:bd03/05/2015:svnHP:pnProLiantDL360Gen9:pvr:cvnHP:ct23:cvr:
  dmi.product.family: ProLiant
  dmi.product.name: ProLiant DL360 Gen9
  dmi.sys.vendor: HP

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1716028/+subscriptions

Re: [Qemu-devel] [Qemu-ppc] [PATCH 2/4] ppc: add CPU IRQ state to PPC VMStateDescription

[Mark Cave-Ayland]

On 12/09/17 17:21, Dr. David Alan Gilbert wrote:

>> Right, a subsection is certainly necessary to avoid breaking backwards
>> migration.
>>
>> But apart from that I want to understand better exactly why this is
>> necessary.  What's the state that's being lost, and is it really not
>> recoverable from anywhere else.
>>
>> The other thing that concerns me is how we're encoding the
>> information.  These are essentially internal fields, not reflecting
>> something with an architected encoding - adding those to the migration
>> stream is often a bad idea - it inhibits our ability to rework
>> internal encodings.
> 
> Yes, agreed, where possible the contents of the stream should reflect
> 'real' state that's actually being modelled and be as independent of
> the implementation as possible.

Oh sure. However I should re-iterate that I'm not trying to add new
fields into the migration stream, merely reinstate the ones that were
dropped without warning in commit a90db15 by Alexey since without them
TCG state doesn't restore correctly in my local tests.

The commit message mentions that prior to the conversion some CPU state
was missing but it doesn't mention anything about dropping existing
fields as part of the conversion process so I suspect that this was an
accidental side-effect.

I can definitely look at re-implementing the patch using a subsection in
order to preserve backwards compatibility though.


ATB,

Mark.

Re: [Qemu-devel] [PATCH v2 00/16] TCG vectorization and example conversion

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v2 00/16] TCG vectorization and example conversion
Message-id: 20170912162513.21694-1-richard.hender...@linaro.org
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]
patchew/1505232834-20890-1-git-send-email-peter.mayd...@linaro.org -> 
patchew/1505232834-20890-1-git-send-email-peter.mayd...@linaro.org
 * [new tag]   
patchew/20170912162513.21694-1-richard.hender...@linaro.org -> 
patchew/20170912162513.21694-1-richard.hender...@linaro.org
Switched to a new branch 'test'
79dcc568d9 tcg/aarch64: Add vector operations
2775845e94 tcg: Fix types in tcg_regset_{set, reset}_reg
abc6fe1c86 tcg: Remove tcg_regset_set32
fa12f2aa97 tcg: Remove tcg_regset_{or, and, andnot, not}
e28741ea78 tcg: Remove tcg_regset_set
41300b5435 tcg: Remove tcg_regset_clear
af03c3a726 tcg/aarch64: Fully convert tcg_target_op_def
a3963f01e8 tcg/i386: Add vector operations
cb325eb085 target/arm: Use vector infrastructure for aa64 add/sub/logic
d47e03fb01 target/arm: Align vector registers
fbc24565b8 tcg: Add vector infrastructure and ops for add/sub/logic
d707cf2ec8 tcg: Add INDEX_op_invalid
c11bb78f2d tcg: Add tcg_op_supported
32b7f64cc9 tcg: Add operations for host vectors
79f62e0aec tcg: Add types for host vectors
3aaf410faf tcg: Add expanders for out-of-line vector helpers

=== OUTPUT BEGIN ===
Checking PATCH 1/16: tcg: Add expanders for out-of-line vector helpers...
Checking PATCH 2/16: tcg: Add types for host vectors...
Checking PATCH 3/16: tcg: Add operations for host vectors...
Checking PATCH 4/16: tcg: Add tcg_op_supported...
Checking PATCH 5/16: tcg: Add INDEX_op_invalid...
Checking PATCH 6/16: tcg: Add vector infrastructure and ops for add/sub/logic...
ERROR: spaces required around that '&' (ctx:WxO)
#778: FILE: tcg/tcg-runtime-gvec.c:178:
+*(vec64 *)(d + i) = *(vec64 *)(a + i) &~ *(vec64 *)(b + i);
   ^

ERROR: space prohibited after that '~' (ctx:OxW)
#778: FILE: tcg/tcg-runtime-gvec.c:178:
+*(vec64 *)(d + i) = *(vec64 *)(a + i) &~ *(vec64 *)(b + i);
^

ERROR: spaces required around that '|' (ctx:WxO)
#789: FILE: tcg/tcg-runtime-gvec.c:189:
+*(vec64 *)(d + i) = *(vec64 *)(a + i) |~ *(vec64 *)(b + i);
   ^

ERROR: space prohibited after that '~' (ctx:OxW)
#789: FILE: tcg/tcg-runtime-gvec.c:189:
+*(vec64 *)(d + i) = *(vec64 *)(a + i) |~ *(vec64 *)(b + i);
^

total: 4 errors, 0 warnings, 808 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 7/16: target/arm: Align vector registers...
Checking PATCH 8/16: target/arm: Use vector infrastructure for aa64 
add/sub/logic...
Checking PATCH 9/16: tcg/i386: Add vector operations...
WARNING: architecture specific defines should be avoided
#50: FILE: tcg/i386/tcg-target.h:93:
+#ifdef __SSE2__

WARNING: architecture specific defines should be avoided
#55: FILE: tcg/i386/tcg-target.h:98:
+#ifdef __AVX2__

ERROR: Macros with multiple statements should be enclosed in a do - while loop
#558: FILE: tcg/i386/tcg-target.inc.c:2059:
+#define OP_128_256(x) \
+case glue(glue(INDEX_op_, x), _v256): \
+rexw = P_VEXL; /* FALLTHRU */ \
+case glue(glue(INDEX_op_, x), _v128)

ERROR: spaces required around that ':' (ctx:VxE)
#574: FILE: tcg/i386/tcg-target.inc.c:2463:
+OP_64_128_256(add8):
^

ERROR: spaces required around that ':' (ctx:VxE)
#577: FILE: tcg/i386/tcg-target.inc.c:2466:
+OP_64_128_256(add16):
 ^

ERROR: spaces required around that ':' (ctx:VxE)
#580: FILE: tcg/i386/tcg-target.inc.c:2469:
+OP_64_128_256(add32):
 ^

ERROR: spaces required around that ':' (ctx:VxE)
#583: FILE: tcg/i386/tcg-target.inc.c:2472:
+OP_128_256(add64):
  ^

ERROR: spaces required around that ':' (ctx:VxE)
#586: FILE: tcg/i386/tcg-target.inc.c:2475:
+OP_64_128_256(sub8):
^

ERROR: spaces required around that ':' (ctx:VxE)
#589: FILE: tcg/i386/tcg-target.inc.c:2478:
+OP_64_128_256(sub16):

Re: [Qemu-devel] [PATCH 09/27] vhost-user-scsi: also free the gtree

[Philippe Mathieu-Daudé]

On 08/23/2017 01:19 PM, Marc-André Lureau wrote:

Signed-off-by: Marc-André Lureau 


Reviewed-by: Philippe Mathieu-Daudé 


---
  contrib/vhost-user-scsi/vhost-user-scsi.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/contrib/vhost-user-scsi/vhost-user-scsi.c 
b/contrib/vhost-user-scsi/vhost-user-scsi.c
index 5f8ff9d9e5..d0456a5e7c 100644
--- a/contrib/vhost-user-scsi/vhost-user-scsi.c
+++ b/contrib/vhost-user-scsi/vhost-user-scsi.c
@@ -693,6 +693,7 @@ static void vdev_scsi_free(vhost_scsi_dev_t *vdev_scsi)
  }
  
  g_main_loop_unref(vdev_scsi->loop);

+g_tree_destroy(vdev_scsi->fdmap);
  g_free(vdev_scsi);
  }
  

Re: [Qemu-devel] [Qemu-ppc] [PATCH 2/4] ppc: add CPU IRQ state to PPC VMStateDescription

[Mark Cave-Ayland]

On 12/09/17 17:41, Mark Cave-Ayland wrote:

> The commit message mentions that prior to the conversion some CPU state
> was missing but it doesn't mention anything about dropping existing
> fields as part of the conversion process so I suspect that this was an
> accidental side-effect.

Actually I've clicked send a little too early here since re-reading the
last paragraph of a90db15 I can see the inference here: "Exactly what
needs to be saved in what configurations has been more carefully
examined, too".

Alexey - do you recall from your analysis why these fields were no
longer deemed necessary, and how your TCG tests were configured?


ATB,

Mark.

Re: [Qemu-devel] [PATCH 20/27] vhost-user-scsi: don't copy iscsi/scsi-lowlevel.h

[Philippe Mathieu-Daudé]

On 08/23/2017 01:19 PM, Marc-André Lureau wrote:

There is no need to include hw/virtio/virtio-scsi.h, then the conflict
with SCSI_XFER enum goes away.

Signed-off-by: Marc-André Lureau 


Reviewed-by: Philippe Mathieu-Daudé 


---
  contrib/vhost-user-scsi/vhost-user-scsi.c | 96 +++
  1 file changed, 9 insertions(+), 87 deletions(-)

diff --git a/contrib/vhost-user-scsi/vhost-user-scsi.c 
b/contrib/vhost-user-scsi/vhost-user-scsi.c
index 2ab14f1a83..795799ec14 100644
--- a/contrib/vhost-user-scsi/vhost-user-scsi.c
+++ b/contrib/vhost-user-scsi/vhost-user-scsi.c
@@ -12,8 +12,9 @@
  
  #include "qemu/osdep.h"

  #include "contrib/libvhost-user/libvhost-user.h"
-#include "hw/virtio/virtio-scsi.h"
+#include "standard-headers/linux/virtio_scsi.h"
  #include "iscsi/iscsi.h"
+#include "iscsi/scsi-lowlevel.h"
  
  #include 
  
@@ -161,90 +162,11 @@ static void vus_gsrc_new(VusDev *vdev_scsi, int fd, GIOCondition cond,

  (gpointer)(uintptr_t)id);
  }
  
-/* from libiscsi's scsi-lowlevel.h **

- *
- * nb. We can't directly include scsi-lowlevel.h due to a namespace conflict:
- * QEMU's scsi.h also defines "SCSI_XFER_NONE".
- */
-
-#define SCSI_CDB_MAX_SIZE   16
-
-struct scsi_iovector {
-struct scsi_iovec *iov;
-int niov;
-int nalloc;
-size_t offset;
-int consumed;
-};
-
-struct scsi_allocated_memory {
-struct scsi_allocated_memory *next;
-char buf[0];
-};
-
-struct scsi_data {
-intsize;
-unsigned char *data;
-};
-
-enum scsi_sense_key {
-SCSI_SENSE_NO_SENSE= 0x00,
-SCSI_SENSE_RECOVERED_ERROR = 0x01,
-SCSI_SENSE_NOT_READY   = 0x02,
-SCSI_SENSE_MEDIUM_ERROR= 0x03,
-SCSI_SENSE_HARDWARE_ERROR  = 0x04,
-SCSI_SENSE_ILLEGAL_REQUEST = 0x05,
-SCSI_SENSE_UNIT_ATTENTION  = 0x06,
-SCSI_SENSE_DATA_PROTECTION = 0x07,
-SCSI_SENSE_BLANK_CHECK = 0x08,
-SCSI_SENSE_VENDOR_SPECIFIC = 0x09,
-SCSI_SENSE_COPY_ABORTED= 0x0a,
-SCSI_SENSE_COMMAND_ABORTED = 0x0b,
-SCSI_SENSE_OBSOLETE_ERROR_CODE = 0x0c,
-SCSI_SENSE_OVERFLOW_COMMAND= 0x0d,
-SCSI_SENSE_MISCOMPARE  = 0x0e
-};
-
-struct scsi_sense {
-unsigned char   error_type;
-enum scsi_sense_key key;
-int ascq;
-unsignedsense_specific:1;
-unsignedill_param_in_cdb:1;
-unsignedbit_pointer_valid:1;
-unsigned char   bit_pointer;
-uint16_tfield_pointer;
-};
-
-enum scsi_residual {
-SCSI_RESIDUAL_NO_RESIDUAL = 0,
-SCSI_RESIDUAL_UNDERFLOW,
-SCSI_RESIDUAL_OVERFLOW
-};
-
-struct scsi_task {
-int status;
-int cdb_size;
-int xfer_dir;
-int expxferlen;
-unsigned char cdb[SCSI_CDB_MAX_SIZE];
-enum scsi_residual residual_status;
-size_t residual;
-struct scsi_sense sense;
-struct scsi_data datain;
-struct scsi_allocated_memory *mem;
-void *ptr;
-
-uint32_t itt;
-uint32_t cmdsn;
-uint32_t lun;
-
-struct scsi_iovector iovector_in;
-struct scsi_iovector iovector_out;
-};
-
  /** libiscsi integration **/
  
+typedef struct virtio_scsi_cmd_req VirtIOSCSICmdReq;

+typedef struct virtio_scsi_cmd_resp VirtIOSCSICmdResp;
+
  static int vus_iscsi_add_lun(VusIscsiLun *lun, char *iscsi_uri)
  {
  struct iscsi_url *iscsi_url;
@@ -363,12 +285,12 @@ static int handle_cmd_sync(struct iscsi_context *ctx,
  if (!out_len && !in_len) {
  dir = SCSI_XFER_NONE;
  } else if (out_len) {
-dir = SCSI_XFER_TO_DEV;
+dir = SCSI_XFER_WRITE;
  for (i = 0; i < out_len; i++) {
  len += out[i].iov_len;
  }
  } else {
-dir = SCSI_XFER_FROM_DEV;
+dir = SCSI_XFER_READ;
  for (i = 0; i < in_len; i++) {
  len += in[i].iov_len;
  }
@@ -376,10 +298,10 @@ static int handle_cmd_sync(struct iscsi_context *ctx,
  
  task = scsi_task_new(cdb_len, req->cdb, dir, len);
  
-if (dir == SCSI_XFER_TO_DEV) {

+if (dir == SCSI_XFER_WRITE) {
  task->iovector_out.iov = (struct scsi_iovec *)out;
  task->iovector_out.niov = out_len;
-} else if (dir == SCSI_XFER_FROM_DEV) {
+} else if (dir == SCSI_XFER_READ) {
  task->iovector_in.iov = (struct scsi_iovec *)in;
  task->iovector_in.niov = in_len;
  }

Re: [Qemu-devel] [PATCH 25/27] build-sys: fix libvhost-user.a build

[Philippe Mathieu-Daudé]

On 08/23/2017 01:20 PM, Marc-André Lureau wrote:

And actually link to it from vhost-user-bridge.

Signed-off-by: Marc-André Lureau 


Reviewed-by: Philippe Mathieu-Daudé 


---
  Makefile   | 3 ++-
  tests/Makefile.include | 2 +-
  2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 81447b1f08..654b47b9d9 100644
--- a/Makefile
+++ b/Makefile
@@ -345,7 +345,7 @@ dtc/%:
mkdir -p $@
  
  $(SUBDIR_RULES): libqemuutil.a libqemustub.a $(common-obj-y) $(chardev-obj-y) \

-   $(qom-obj-y) $(crypto-aes-obj-$(CONFIG_USER_ONLY))
+   $(qom-obj-y) $(crypto-aes-obj-$(CONFIG_USER_ONLY)) libvhost-user.a
  
  ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))

  # Only keep -O and -g cflags
@@ -366,6 +366,7 @@ Makefile: $(version-obj-y)
  
  libqemustub.a: $(stub-obj-y)

  libqemuutil.a: $(util-obj-y) $(trace-obj-y)
+libvhost-user.a: $(libvhost-user-obj-y)
  
  ##
  
diff --git a/tests/Makefile.include b/tests/Makefile.include

index 37c1bed683..1ca88ef9d2 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -786,7 +786,7 @@ tests/test-filter-redirector$(EXESUF): 
tests/test-filter-redirector.o $(qtest-ob
  tests/test-x86-cpuid-compat$(EXESUF): tests/test-x86-cpuid-compat.o 
$(qtest-obj-y)
  tests/ivshmem-test$(EXESUF): tests/ivshmem-test.o 
contrib/ivshmem-server/ivshmem-server.o $(libqos-pc-obj-y) $(libqos-spapr-obj-y)
  tests/megasas-test$(EXESUF): tests/megasas-test.o $(libqos-spapr-obj-y) 
$(libqos-pc-obj-y)
-tests/vhost-user-bridge$(EXESUF): tests/vhost-user-bridge.o 
contrib/libvhost-user/libvhost-user.o $(test-util-obj-y)
+tests/vhost-user-bridge$(EXESUF): tests/vhost-user-bridge.o $(test-util-obj-y) 
libvhost-user.a
  tests/test-uuid$(EXESUF): tests/test-uuid.o $(test-util-obj-y)
  tests/test-arm-mptimer$(EXESUF): tests/test-arm-mptimer.o
  tests/test-qapi-util$(EXESUF): tests/test-qapi-util.o $(test-util-obj-y)

[Qemu-devel] [PATCH v2] scripts: let checkpatch.pl process an entire GIT branch

[Daniel P. Berrange]

Currently before submitting a series, devs should run checkpatch.pl
across each patch to be submitted. This can be automated using a
command such as:

  git rebase -i master -x 'git show | ./scripts/checkpatch.pl -'

This is rather long winded to type, so this patch introduces a way
to tell checkpatch.pl to validate a series of GIT revisions.

If checkpatch.pl is given a single argument that contains a literal
'..', this is interpreted as a GIT revision list.

For example:

$ ./scripts/checkpatch.pl master..
total: 0 errors, 0 warnings, 297 lines checked

b886d352a2bf58f0996471fb3991a138373a2957 has no obvious style problems and 
is ready for submission.
total: 0 errors, 0 warnings, 182 lines checked

2a731f9a9ce145e0e0df6d42dd2a3ce4dfc543fa has no obvious style problems and 
is ready for submission.
total: 0 errors, 0 warnings, 102 lines checked

11844169bcc0c8ed4449eb3744a69877ed329dd7 has no obvious style problems and 
is ready for submission.

If a genuine patch filename contains the characters '..' it is
possible to force interpretation of the arg as a patch

  $ ./scripts/checkpatch.pl --patch master..

will force it to load a patch file called "master.."

Signed-off-by: Daniel P. Berrange 
---
 scripts/checkpatch.pl | 102 +-
 1 file changed, 77 insertions(+), 25 deletions(-)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index fa478074b8..213777d488 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -18,7 +18,8 @@ use Getopt::Long qw(:config no_auto_abbrev);
 my $quiet = 0;
 my $tree = 1;
 my $chk_signoff = 1;
-my $chk_patch = 1;
+my $chk_patch = undef;
+my $chk_branch = undef;
 my $tst_only;
 my $emacs = 0;
 my $terse = 0;
@@ -35,7 +36,11 @@ sub help {
my ($exitcode) = @_;
 
print << "EOM";
-Usage: $P [OPTION]... [FILE]...
+Usage:
+
+$P [OPTION]... [FILE]...
+$P [OPTION]... [GIT-REV-LIST]
+
 Version: $V
 
 Options:
@@ -88,6 +93,19 @@ help(0) if ($help);
 
 my $exit = 0;
 
+if (!defined $chk_patch) {
+if (!$file) {
+   if ($#ARGV == 0 && $ARGV[0] =~ /\.\./) {
+   $chk_branch = $ARGV[0];
+   $chk_patch = 0;
+   } else {
+   $chk_patch = 1;
+   }
+} else {
+   $chk_patch = 0;
+}
+}
+
 if ($#ARGV < 0) {
print "$P: no input files\n";
exit(1);
@@ -251,32 +269,66 @@ $chk_signoff = 0 if ($file);
 my @rawlines = ();
 my @lines = ();
 my $vname;
-for my $filename (@ARGV) {
-   my $FILE;
-   if ($file) {
-   open($FILE, '-|', "diff -u /dev/null $filename") ||
-   die "$P: $filename: diff failed - $!\n";
-   } elsif ($filename eq '-') {
-   open($FILE, '<&STDIN');
-   } else {
-   open($FILE, '<', "$filename") ||
-   die "$P: $filename: open failed - $!\n";
-   }
-   if ($filename eq '-') {
-   $vname = 'Your patch';
-   } else {
-   $vname = $filename;
-   }
-   while (<$FILE>) {
+if ($chk_branch) {
+   my @patches;
+   my $HASH;
+   open($HASH, "-|", "git", "log", "--format=%H", $chk_branch) ||
+   die "$P: git log --format=%H $chk_branch failed - $!\n";
+
+   while (<$HASH>) {
chomp;
-   push(@rawlines, $_);
+   push @patches, $_;
}
-   close($FILE);
-   if (!process($filename)) {
-   $exit = 1;
+
+   close $HASH;
+
+   die "$P: no revisions returned for revlist '$chk_branch'\n"
+   unless @patches;
+
+   for my $hash (@patches) {
+   my $FILE;
+   open($FILE, '-|', "git", "show", $hash) ||
+   die "$P: git show $hash - $!\n";
+   $vname = $hash;
+   while (<$FILE>) {
+   chomp;
+   push(@rawlines, $_);
+   }
+   close($FILE);
+   if (!process($hash)) {
+   $exit = 1;
+   }
+   @rawlines = ();
+   @lines = ();
+   }
+} else {
+   for my $filename (@ARGV) {
+   my $FILE;
+   if ($file) {
+   open($FILE, '-|', "diff -u /dev/null $filename") ||
+   die "$P: $filename: diff failed - $!\n";
+   } elsif ($filename eq '-') {
+   open($FILE, '<&STDIN');
+   } else {
+   open($FILE, '<', "$filename") ||
+   die "$P: $filename: open failed - $!\n";
+   }
+   if ($filename eq '-') {
+   $vname = 'Your patch';
+   } else {
+   $vname = $filename;
+   }
+   while (<$FILE>) {
+   chomp;
+   push(@rawlines, $_);
+   }
+   close($FILE);
+   if (!

Re: [Qemu-devel] [PATCH] tcg/ppc: disable atomic write check on ppc32

[Richard Henderson]

On 09/11/2017 01:49 PM, Philippe Mathieu-Daudé wrote:
> -atomic_set((uint64_t *)jmp_addr, pair);
> +atomic_set__nocheck((uint64_t *)jmp_addr, pair);
>  flush_icache_range(jmp_addr, jmp_addr + 8);
>  } else {
>  intptr_t diff = addr - jmp_addr;
> 

Queued, thanks.


r~

Re: [Qemu-devel] [PATCH v2] scripts: let checkpatch.pl process an entire GIT branch

[Paolo Bonzini]

On 12/09/2017 18:51, Daniel P. Berrange wrote:
> Currently before submitting a series, devs should run checkpatch.pl
> across each patch to be submitted. This can be automated using a
> command such as:
> 
>   git rebase -i master -x 'git show | ./scripts/checkpatch.pl -'
> 
> This is rather long winded to type, so this patch introduces a way
> to tell checkpatch.pl to validate a series of GIT revisions.
> 
> If checkpatch.pl is given a single argument that contains a literal
> '..', this is interpreted as a GIT revision list.
> 
> For example:
> 
> $ ./scripts/checkpatch.pl master..
> total: 0 errors, 0 warnings, 297 lines checked
> 
> b886d352a2bf58f0996471fb3991a138373a2957 has no obvious style problems 
> and is ready for submission.
> total: 0 errors, 0 warnings, 182 lines checked
> 
> 2a731f9a9ce145e0e0df6d42dd2a3ce4dfc543fa has no obvious style problems 
> and is ready for submission.
> total: 0 errors, 0 warnings, 102 lines checked
> 
> 11844169bcc0c8ed4449eb3744a69877ed329dd7 has no obvious style problems 
> and is ready for submission.
> 
> If a genuine patch filename contains the characters '..' it is
> possible to force interpretation of the arg as a patch
> 
>   $ ./scripts/checkpatch.pl --patch master..
> 
> will force it to load a patch file called "master.."

Looks good, but why no --branch anymore? :)  (I can also try adding it
back on top).

Paolo

> Signed-off-by: Daniel P. Berrange 
> ---
>  scripts/checkpatch.pl | 102 
> +-
>  1 file changed, 77 insertions(+), 25 deletions(-)
> 
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index fa478074b8..213777d488 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -18,7 +18,8 @@ use Getopt::Long qw(:config no_auto_abbrev);
>  my $quiet = 0;
>  my $tree = 1;
>  my $chk_signoff = 1;
> -my $chk_patch = 1;
> +my $chk_patch = undef;
> +my $chk_branch = undef;
>  my $tst_only;
>  my $emacs = 0;
>  my $terse = 0;
> @@ -35,7 +36,11 @@ sub help {
>   my ($exitcode) = @_;
>  
>   print << "EOM";
> -Usage: $P [OPTION]... [FILE]...
> +Usage:
> +
> +$P [OPTION]... [FILE]...
> +$P [OPTION]... [GIT-REV-LIST]
> +
>  Version: $V
>  
>  Options:
> @@ -88,6 +93,19 @@ help(0) if ($help);
>  
>  my $exit = 0;
>  
> +if (!defined $chk_patch) {
> +if (!$file) {
> + if ($#ARGV == 0 && $ARGV[0] =~ /\.\./) {
> + $chk_branch = $ARGV[0];
> + $chk_patch = 0;
> + } else {
> + $chk_patch = 1;
> + }
> +} else {
> + $chk_patch = 0;
> +}
> +}
> +
>  if ($#ARGV < 0) {
>   print "$P: no input files\n";
>   exit(1);
> @@ -251,32 +269,66 @@ $chk_signoff = 0 if ($file);
>  my @rawlines = ();
>  my @lines = ();
>  my $vname;
> -for my $filename (@ARGV) {
> - my $FILE;
> - if ($file) {
> - open($FILE, '-|', "diff -u /dev/null $filename") ||
> - die "$P: $filename: diff failed - $!\n";
> - } elsif ($filename eq '-') {
> - open($FILE, '<&STDIN');
> - } else {
> - open($FILE, '<', "$filename") ||
> - die "$P: $filename: open failed - $!\n";
> - }
> - if ($filename eq '-') {
> - $vname = 'Your patch';
> - } else {
> - $vname = $filename;
> - }
> - while (<$FILE>) {
> +if ($chk_branch) {
> + my @patches;
> + my $HASH;
> + open($HASH, "-|", "git", "log", "--format=%H", $chk_branch) ||
> + die "$P: git log --format=%H $chk_branch failed - $!\n";
> +
> + while (<$HASH>) {
>   chomp;
> - push(@rawlines, $_);
> + push @patches, $_;
>   }
> - close($FILE);
> - if (!process($filename)) {
> - $exit = 1;
> +
> + close $HASH;
> +
> + die "$P: no revisions returned for revlist '$chk_branch'\n"
> + unless @patches;
> +
> + for my $hash (@patches) {
> + my $FILE;
> + open($FILE, '-|', "git", "show", $hash) ||
> + die "$P: git show $hash - $!\n";
> + $vname = $hash;
> + while (<$FILE>) {
> + chomp;
> + push(@rawlines, $_);
> + }
> + close($FILE);
> + if (!process($hash)) {
> + $exit = 1;
> + }
> + @rawlines = ();
> + @lines = ();
> + }
> +} else {
> + for my $filename (@ARGV) {
> + my $FILE;
> + if ($file) {
> + open($FILE, '-|', "diff -u /dev/null $filename") ||
> + die "$P: $filename: diff failed - $!\n";
> + } elsif ($filename eq '-') {
> + open($FILE, '<&STDIN');
> + } else {
> + open($FILE, '<', "$filename") ||
> + die "$P: $filename: open failed - $!\n";
> + }
> + if ($filename eq '-') 

Re: [Qemu-devel] [RFC v2 16/32] vhost+postcopy: Send address back to qemu

[Dr. David Alan Gilbert]

* Peter Xu (pet...@redhat.com) wrote:
> On Thu, Aug 24, 2017 at 08:27:14PM +0100, Dr. David Alan Gilbert (git) wrote:
> > From: "Dr. David Alan Gilbert" 
> > 
> > We need a better way, but at the moment we need the address of the
> > mappings sent back to qemu so it can interpret the messages on the
> > userfaultfd it reads.
> > 
> > Note: We don't ask for the default 'ack' reply since we've got our own.
> > 
> > Signed-off-by: Dr. David Alan Gilbert 
> > ---
> >  contrib/libvhost-user/libvhost-user.c | 15 -
> >  docs/interop/vhost-user.txt   |  6 
> >  hw/virtio/trace-events|  1 +
> >  hw/virtio/vhost-user.c| 57 
> > ++-
> >  4 files changed, 77 insertions(+), 2 deletions(-)
> > 
> > diff --git a/contrib/libvhost-user/libvhost-user.c 
> > b/contrib/libvhost-user/libvhost-user.c
> > index e6ab059a03..5ec54f7d60 100644
> > --- a/contrib/libvhost-user/libvhost-user.c
> > +++ b/contrib/libvhost-user/libvhost-user.c
> > @@ -477,13 +477,26 @@ vu_set_mem_table_exec(VuDev *dev, VhostUserMsg *vmsg)
> >  DPRINT("%s: region %d: Registered userfault for %llx + %llx\n",
> >  __func__, i, reg_struct.range.start, 
> > reg_struct.range.len);
> >  /* TODO: Stash 'zero' support flags somewhere */
> > -/* TODO: Get address back to QEMU */
> >  
> > +/* TODO: We need to find a way for the qemu not to see the 
> > virtual
> > + * addresses of the clients, so as to keep better separation.
> > + */
> > +/* Return the address to QEMU so that it can translate the ufd
> > + * fault addresses back.
> > + */
> > +msg_region->userspace_addr = (uintptr_t)(mmap_addr +
> > + 
> > dev_region->mmap_offset);
> >  }
> >  
> >  close(vmsg->fds[i]);
> >  }
> >  
> > +if (dev->postcopy_listening) {
> > +/* Need to return the addresses - send the updated message back */
> > +vmsg->fd_num = 0;
> > +return true;
> > +}
> > +
> >  return false;
> >  }
> >  
> > diff --git a/docs/interop/vhost-user.txt b/docs/interop/vhost-user.txt
> > index 73c3dd74db..b2a548c94d 100644
> > --- a/docs/interop/vhost-user.txt
> > +++ b/docs/interop/vhost-user.txt
> > @@ -413,12 +413,18 @@ Master message types
> >Id: 5
> >Equivalent ioctl: VHOST_SET_MEM_TABLE
> >Master payload: memory regions description
> > +  Slave payload: (postcopy only) memory regions description
> >  
> >Sets the memory map regions on the slave so it can translate the 
> > vring
> >addresses. In the ancillary data there is an array of file 
> > descriptors
> >for each memory mapped region. The size and ordering of the fds 
> > matches
> >the number and ordering of memory regions.
> >  
> > +  When postcopy-listening has been received, SET_MEM_TABLE replies with
> > +  the bases of the memory mapped regions to the master.  It must have 
> > mmap'd
> > +  the regions and enabled userfaultfd on them.  Note NEED_REPLY_MASK
> > +  is not set in this case.
> > +
> >   * VHOST_USER_SET_LOG_BASE
> >  
> >Id: 6
> > diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events
> > index f736c7c84f..63fd4a79cf 100644
> > --- a/hw/virtio/trace-events
> > +++ b/hw/virtio/trace-events
> > @@ -2,6 +2,7 @@
> >  
> >  # hw/virtio/vhost-user.c
> >  vhost_user_postcopy_listen(void) ""
> > +vhost_user_set_mem_table_postcopy(uint64_t client_addr, uint64_t qhva, int 
> > reply_i, int region_i) "client:0x%"PRIx64" for hva: 0x%"PRIx64" reply %d 
> > region %d"
> >  
> >  # hw/virtio/virtio.c
> >  virtqueue_alloc_element(void *elem, size_t sz, unsigned in_num, unsigned 
> > out_num) "elem %p size %zd in_num %u out_num %u"
> > diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> > index 9178271ab2..2e4eb0864a 100644
> > --- a/hw/virtio/vhost-user.c
> > +++ b/hw/virtio/vhost-user.c
> > @@ -19,6 +19,7 @@
> >  #include "qemu/sockets.h"
> >  #include "migration/migration.h"
> >  #include "migration/postcopy-ram.h"
> > +#include "trace.h"
> >  
> >  #include 
> >  #include 
> > @@ -133,6 +134,7 @@ struct vhost_user {
> >  int slave_fd;
> >  NotifierWithReturn postcopy_notifier;
> >  struct PostCopyFD  postcopy_fd;
> > +uint64_t   postcopy_client_bases[VHOST_MEMORY_MAX_NREGIONS];
> >  };
> >  
> >  static bool ioeventfd_enabled(void)
> > @@ -300,11 +302,13 @@ static int vhost_user_set_log_base(struct vhost_dev 
> > *dev, uint64_t base,
> >  static int vhost_user_set_mem_table(struct vhost_dev *dev,
> >  struct vhost_memory *mem)
> >  {
> > +struct vhost_user *u = dev->opaque;
> >  int fds[VHOST_MEMORY_MAX_NREGIONS];
> >  int i, fd;
> >  size_t fd_num = 0;
> >  bool reply_supported = virtio_has_feature(dev->protocol_features,
> > -

Re: [Qemu-devel] [PATCH 4/4] s390x/css: fix incorrect length indication

[Halil Pasic]

On 09/12/2017 05:59 PM, Cornelia Huck wrote:
> On Tue, 12 Sep 2017 17:43:03 +0200
> Halil Pasic  wrote:
> 
>> On 09/12/2017 04:37 PM, Cornelia Huck wrote:
>>> On Mon, 11 Sep 2017 13:36:29 +0200
>>> Halil Pasic  wrote:
>>>   
 On 09/11/2017 12:07 PM, Cornelia Huck wrote:  
> On Fri,  8 Sep 2017 17:24:46 +0200
> Halil Pasic  wrote:
> 
>> We report incorrect length via SCSW program check instead of incorrect
>> length check (SCWS word 2 bit 10 instead of bit 9). Since we have there
>> is no fitting errno for incorrect length, and since I don't like what we
>> do with the errno's, as part of the fix, errnos used for control flow in
>> ccw interpretation are replaced with an enum using more speaking names.  
>>   
>
> I'm not sure whether this is the way to go. I mainly dislike the size
> of the patch (and the fact that it mixes a fix and a change of function
> signature).

 Do you agree that we should move away from POSIX errno codes? I think
 if we do, this cant' get much smaller.  
>>>
>>> I'm not really a fan of defining our own return values, tbh.
>>>   
>>
>> I've suspected. But your statement, although being useful, does
>> not answer my question. I think we need to agree on this question
>> before proceeding.
>>
>> In my opinion both the EIO bug and this bug are great examples
>> why the POSIX errno codes are sub-optimal and misleading, but
>> that's my opinion.
> 
> It depends. I prefer them over home-grown ones.
> 
> (And I tend to dislike absolute statements.)
> 

Ah, we may have a misunderstanding here. POSIX errno codes are great
if they are used for what they are supposed to. The context was meant
to be implicitly included in the statement limiting it's scope.

Other than spotting a possible misunderstanding (I hope I did
not misunderstand what do you mean by absolute statements myself) this
did not bring me any further.

>>
  
>
> Can we instead choose a mapping for incorrect length, and defer a
> possible rework?
> 

 In the commit message, I say that I don't have a fitting errno.
 If you tell me which one to use, I would be glad to split this up.
 I don't like mixing re-factoring and changing behavior myself.

 Can I have your position on the re-factoring (that is let us
 imagine I did not change handling for incorrect length)?  
>>>
>>> If there is no return code that can be made to fit, we probably won't
>>> be able to get around some kind of refactoring... but then I'd prefer
>>> to do the refactoring first and the fix second.
>>>   
>>
>> That is a can do. I dislike refactoring known bugs, because fixing
>> bugs is usually higher priority than making the code nicer, or even
>> marginally faster. (Btw I found these while trying to refactor.)
>> This however is a weak principle of mine and can be easily overpowered
>> by a maintainer request for example.
> 
> If a good fix requires refactoring, I'd prefer to do the refactoring
> first. I'd prefer an ugly fix first only for serious issues (and I
> don't think that one counts as one.)
> 

Agree, this isn't a serous issue -- I've even asked Viktor M. should
I care about it before doing this patch: along the lines do we care about
adhering to the architecture spec. if our guests are agnostic about the
difference/divergence.

>> For virtio, if incorrect length checking is suppressed we keep the
>> current behavior (channel-program check).
>
> Confused. If it is suppressed, there should not be an error, no?

 No.

 From VIRTIO 1.0 4.3.1.2  Device Requirements: Basic Concepts

 "If a driver did suppress length checks for a channel command, the device
 MUST present a check condition if the transmitted data does not contain
 enough data to process the command."
 (http://docs.oasis-open.org/virtio/virtio/v1.0/cs04/virtio-v1.0-cs04.html#x1-1230001)

 So for virtio we have to present a check condition. Architecturally it
 might look better if the one refusing is the device and not the CSS, but
 for that we would have to change the VIRTIO spec. With the given
 constraints a program check is IMHO the best fit.  
>>>
>>> Ah, but that's not general length checking for virtio-ccw :)  
>>
>> What is general length checking for virtio-ccw? Did I say it
>> was general length checking for virtio-ccw?
> 
> Hm? Generally, suppressing is supposed to allow incorrect length
> specifications. For virtio-ccw, that only applies to 'too much' and not
> 'not enough'.
> 
> Also, reading the statement in the spec: It only talks about a 'check
> condition', not _which_ one - so there's no requirement to keep a
> channel-program check (other than possibly confusing guests)?
> 
.
You are right, and I was wrong. We could also present an unit-check
(that's also check  -- and is the only one in device status. The spec
even says the 'device must present', although I device is

Re: [Qemu-devel] [PULL 02/40] hw/ppc: clear pending_events on machine reset

[Peter Maydell]

On 8 September 2017 at 11:35, David Gibson  wrote:
> From: Daniel Henrique Barboza 
>
> The sPAPR machine isn't clearing up the pending events QTAILQ on
> machine reboot. This allows for unprocessed hotplug/epow events
> to persist in the queue after reset and, when reasserting the IRQs in
> check_exception later on, these will be being processed by the OS.
>
> This patch implements a new function called 'spapr_clear_pending_events'
> that clears up the pending_events QTAILQ. This helper is then called
> inside ppc_spapr_reset to clear up the events queue, preventing
> old/deprecated events from persisting after a reset.
>
> Signed-off-by: Daniel Henrique Barboza 
> Signed-off-by: David Gibson 

> +void spapr_clear_pending_events(sPAPRMachineState *spapr)
> +{
> +sPAPREventLogEntry *entry = NULL;
> +
> +QTAILQ_FOREACH(entry, &spapr->pending_events, next) {
> +QTAILQ_REMOVE(&spapr->pending_events, entry, next);
> +g_free(entry->extended_log);
> +g_free(entry);
> +}
> +}

Coverity points out that this is a use-after-free error,
because QTAILQ_FOREACH will access the list pointers of
entry after the loop body has freed it. You want
QTAILQ_FOREACH_SAFE, I think. (CID 1381017)

thanks
-- PMM

Re: [Qemu-devel] [Qemu-ppc] [RFC PATCH] tests: Add a device_add/del HMP test

[Eduardo Habkost]

On Mon, Sep 11, 2017 at 08:13:21AM +0200, Thomas Huth wrote:
> On 09.09.2017 22:41, Eduardo Habkost wrote:
> > On Wed, Sep 06, 2017 at 08:59:32AM +0200, Markus Armbruster wrote:
> >> Thomas Huth  writes:
> >>
> >>> On 05.09.2017 18:48, Dr. David Alan Gilbert wrote:
>  * Markus Armbruster (arm...@redhat.com) wrote:
> > Thomas Huth  writes:
> >
> >> People tend to forget to mark internal devices with "user_creatable = 
> >> false
> >> or hotpluggable = false, and these devices can crash QEMU if added via 
> >> the
> >> HMP monitor. So let's add a test to run through all devices and that 
> >> tries
> >> to add them blindly (without arguments) to see whether this could 
> >> crash the
> >> QEMU instance.
> [...]
> > * The device supports only cold plug with -device, not hot plug with
> >   device_add.
> >>>
> >>> We've got Eduardo's scripts/device-crash-test script for that already,
> >>> so no need to cover that here.
> >>
> >> Point taken.  So this test is really about hot plug / unplug.  Suggest
> >> to clarify the commit message: s/add them blindly/hotplug and unplug
> >> them blindly/.
> > 
> > We could extend device-crash-test to test device_add too, as it
> > already has extra code to deal with known crashes and testing
> > multiple machine-types.  Also, any additional code we write to
> > ensure we add mandatory arguments or plug only to valid buses
> > would apply to both -device and device_add.  I also think Python
> > test code is easier to maintain and extend, but that's just my
> > personal preference.
> 
> Adding device_add/del support to device-crash-test is certainly an
> option. The problem is that nobody runs it by default, so this won't
> help to avoid that new problems are being committed to the repository.
> 
> I think we really should have a test for "make check", too. So would my
> test be acceptable if I'd rewrite it to use QMP instead (I don't think I
> could do the full list that Markus mentioned, but at least a basic test
> via QMP as a start)?

We can run device-crash-test on "make check", we just need to
choose what's the subset of tests we want to run (because testing
all machine+device+target combinations would take too long).

But while device-crash-test doesn't support hotplug, I think your
test code would be good too.

-- 
Eduardo

Re: [Qemu-devel] [PULL for-2.10 05/15] throttle: Remove throttle_fix_bucket() / throttle_unfix_bucket()

[Peter Maydell]

On 31 August 2017 at 09:22, Stefan Hajnoczi  wrote:
> From: Alberto Garcia 
>
> The throttling code can change internally the value of bkt->max if it
> hasn't been set by the user. The problem with this is that if we want
> to retrieve the original value we have to undo this change first. This
> is ugly and unnecessary: this patch removes the throttle_fix_bucket()
> and throttle_unfix_bucket() functions completely and moves the logic
> to throttle_compute_wait().
>
> Signed-off-by: Alberto Garcia 
> Reviewed-by: Manos Pitsidianakis 
> Message-id: 
> 5b0b9e1ac6eb208d709eddc7b09e7669a523bff3.1503580370.git.be...@igalia.com
> Signed-off-by: Stefan Hajnoczi 
> ---
>  util/throttle.c | 62 
> +
>  1 file changed, 23 insertions(+), 39 deletions(-)
>
> diff --git a/util/throttle.c b/util/throttle.c
> index bde56fe3de..4e80a7ea54 100644
> --- a/util/throttle.c
> +++ b/util/throttle.c
> @@ -95,23 +95,36 @@ static int64_t throttle_do_compute_wait(double limit, 
> double extra)
>  int64_t throttle_compute_wait(LeakyBucket *bkt)
>  {
>  double extra; /* the number of extra units blocking the io */
> +double bucket_size;   /* I/O before throttling to bkt->avg */
> +double burst_bucket_size; /* Before throttling to bkt->max */
>
>  if (!bkt->avg) {
>  return 0;
>  }
>
> -/* If the bucket is full then we have to wait */
> -extra = bkt->level - bkt->max * bkt->burst_length;
> +if (!bkt->max) {
> +/* If bkt->max is 0 we still want to allow short bursts of I/O
> + * from the guest, otherwise every other request will be throttled
> + * and performance will suffer considerably. */
> +bucket_size = bkt->avg / 10;
> +burst_bucket_size = 0;
> +} else {
> +/* If we have a burst limit then we have to wait until all I/O
> + * at burst rate has finished before throttling to bkt->avg */
> +bucket_size = bkt->max * bkt->burst_length;
> +burst_bucket_size = bkt->max / 10;
> +}
> +
> +/* If the main bucket is full then we have to wait */
> +extra = bkt->level - bucket_size;
>  if (extra > 0) {
>  return throttle_do_compute_wait(bkt->avg, extra);
>  }
>
> -/* If the bucket is not full yet we have to make sure that we
> - * fulfill the goal of bkt->max units per second. */
> +/* If the main bucket is not full yet we still have to check the
> + * burst bucket in order to enforce the burst limit */
>  if (bkt->burst_length > 1) {
> -/* We use 1/10 of the max value to smooth the throttling.
> - * See throttle_fix_bucket() for more details. */
> -extra = bkt->burst_level - bkt->max / 10;
> +extra = bkt->burst_level - burst_bucket_size;
>  if (extra > 0) {
>  return throttle_do_compute_wait(bkt->max, extra);
>  }

Coverity thinks there's a division-by-zero issue here: bkt->max could
be zero (we have a test for that up above), but we can here pass it
to throttle_do_compute_wait(), which uses it as a divisor.

Since this is all double arithmetic, the division isn't going
to cause a crash, but the implicit cast of the resulting infinity
to int64_t to return it is undefined behaviour.

This is CID 1381016.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v3 49/50] qapi: make query-cpu-model-expansion depend on s390 or x86

[Eduardo Habkost]

On Mon, Sep 11, 2017 at 01:06:22PM +0200, Marc-André Lureau wrote:
> Signed-off-by: Marc-André Lureau 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

Re: [Qemu-devel] [PATCH v3 50/50] qapi: make query-cpu-definitions depend on specific targets

[Eduardo Habkost]

On Mon, Sep 11, 2017 at 01:06:23PM +0200, Marc-André Lureau wrote:
> It depends on TARGET_PPC || TARGET_ARM || TARGET_I386 || TARGET_S390X.
> 
> Signed-off-by: Marc-André Lureau 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

Re: [Qemu-devel] [PATCH] scripts: let checkpatch.pl process an entire GIT branch

[John Snow]

On 09/12/2017 12:24 PM, Paolo Bonzini wrote:
> On 12/09/2017 18:22, Daniel P. Berrange wrote:
>> On Tue, Sep 12, 2017 at 06:14:57PM +0200, Paolo Bonzini wrote:
>>> On 12/09/2017 18:12, Daniel P. Berrange wrote:
 On Tue, Sep 12, 2017 at 05:52:18PM +0200, Paolo Bonzini wrote:
> On 12/09/2017 12:46, Daniel P. Berrange wrote:
>> Currently before submitting a series, devs should run checkpatch.pl
>> across each patch to be submitted. This can be automated using a
>> command such as:
>>
>>   git rebase -i master -x 'git show | ./scripts/checkpatch.pl -'
>>
>> This is rather long winded to type, so this patch introduces a new
>> flag '--branch' to checkpatch.pl which instructs it to check every
>> patch on the current GIT branch.
>
> Great idea, though I'm not sure about having a default.  And to keep it
> easy to invoke, having a sole argument that ends with ".." might DWIM
> and enable --branch too...

 I think it is beneficial to have a default, as I figure the majority
 of contributors are working on a branch that's rebased against master..
 Half as many characters to type in the common case :-)
>>>
>>> With the DWIM option "--branch" and "master.." are exactly the same
>>> length. :)
>>
>> Oh hang on. I think I misunderstood what you suggested. I thought you
>> meant  'checkpatch.pl --branch master..', but IIUC you actually mean
>> 'checkpatch.pl master..' with no flag. That would work with me.
> 
> Yes, basically if length(argv) == 1 and argv[0] ends with ".." then
> enable branch.  The default for --branch with no ARGV could be
> "origin/master.."---or it could ask git-config for the upstream tracking
> branch but maybe that's too much to ask.
> 
> Paolo
> 

~Crazy suggestion~ is that the default could actually be "@{upstream}.."
which will default to whatever you've configured the upstream to be in
the branch you're working in.

Downside is that if you don't set the tracking branch during branch
creation (`git checkout -b myTopic origin/master`) or at a later date
(`git branch --set-upstream-to=origin/master`) that this reference won't
resolve.

You can check and see if it resolves to anything programmatically, though:

jhuston@probe (review) ~/s/qemu> git rev-parse "@{upstream}"
04ef33052c205170c92df21ca0b4be4f3b102188
jhuston@probe (review) ~/s/qemu> echo $status
0


jhuston@probe (master) ~/s/qemu> git checkout -b foobar
Switched to a new branch 'foobar'
jhuston@probe (foobar) ~/s/qemu> git rev-parse "@{upstream}"
fatal: no upstream configured for branch 'foobar'
jhuston@probe (foobar) ~/s/qemu> echo $status
128

Re: [Qemu-devel] [PATCH] hw/core/qdev: Do not allow hot-plugging without hotplug controller

[Eduardo Habkost]

On Mon, Sep 11, 2017 at 05:06:00PM +0200, Igor Mammedov wrote:
> On Mon, 11 Sep 2017 16:31:39 +0200
> Thomas Huth  wrote:
> 
> > On 11.09.2017 14:53, Igor Mammedov wrote:
> > > On Thu,  7 Sep 2017 11:22:42 +0200
> > > Thomas Huth  wrote:
> > >   
> > >> qdev_unplug() bails out with an assertion if the user tries to device_del
> > >> a hot-plugged device that does not have a hotplug controller. 
> > >> Unfortunately,
> > >> our devices are all marked with hotpluggable = true by default (see the
> > >> device_class_init() function in qdev.c), so it currently can happen that
> > >> the user runs into this situation and QEMU gets terminated unexpectedly:
> > >>
> > >> $ qemu-system-aarch64 -M virt -nographic -nodefaults -monitor stdio -S
> > >> QEMU 2.10.50 monitor - type 'help' for more information
> > >> (qemu) device_add aux-to-i2c-bridge,id=x
> > >> (qemu) device_del x
> > >> **
> > >> ERROR:qdev-monitor.c:872:qdev_unplug: assertion failed: (hotplug_ctrl)
> > >> Aborted (core dumped)
> > >> Hotplugging devices without a hotplug controller does not make much 
> > >> sense,
> > >> so we should disallow this during the device_add process already!
> > >>
> > >> Suggested-by: Paolo Bonzini 
> > >> Signed-off-by: Thomas Huth 
> > >> ---
> > >>  hw/core/qdev.c | 5 +
> > >>  1 file changed, 5 insertions(+)
> > >>
> > >> diff --git a/hw/core/qdev.c b/hw/core/qdev.c
> > >> index 606ab53..d9ccce6 100644
> > >> --- a/hw/core/qdev.c
> > >> +++ b/hw/core/qdev.c
> > >> @@ -908,6 +908,11 @@ static void device_set_realized(Object *obj, bool 
> > >> value, Error **errp)
> > >>  if (local_err != NULL) {
> > >>  goto fail;
> > >>  }
> > >> +} else if (dev->hotplugged) {
> > >> +/* Hot-plugged device without hotplug controller? No way! */
> > >> +error_setg(&local_err, QERR_DEVICE_NO_HOTPLUG,
> > >> +   object_get_typename(obj));
> > >> +goto fail;
> > >>  }
> > >>  
> > >>  if (dc->realize) {  
> > > 
> > > maybe it should be other way around, i.e, fix device so that following 
> > > would work
> > > 
> > >   device_set_realized()
> > > if (dev->hotplugged && !dc->hotpluggable) {   
> > >
> > > error_setg(errp, QERR_DEVICE_NO_HOTPLUG, 
> > > object_get_typename(obj));  
> > > return;   
> > >
> > > }
> > > 
> > > instead of leaving device broken, like in yours
> > >  84ebd3e watchdog/wdt_diag288: Mark diag288 watchdog as non-hotpluggable  
> > 
> > No, that apparently does not work right for new devices since people
> > keep forgetting to set hotpluggable = false there. Both, Paolo and Peter
> > suggested that we should not allow hot-plugging if there's no hot plug
> > controller - it indeed does not make sense, so we should not allow it.
> historically all devices were hotpluggble and conversion to hotplug
> controller didn't fix it which os fine as far as user did not attempt
> unreasonable things. However it should be fixedfor code to work correctly.
> 
> I'd suggest to flip default
>  dc->hotpluggable = false;
> and set it to true explicitly for devices that support hotplug,
> it obviously harder to do than this patch as it requires audit
> of all devices, but it looks more correct than fixing symptoms of
> incorrectly set dc->hotpluggable property.

I agree we should do this.  If we have any device-type that is
not hotpluggable on any machine because no machine will return a
hotplug controller for it, we shouldn't report it as hotpluggable
through QMP and HMP.

But this patch also seems to be required, for cases where not all
machine-types accept hotplug of a given device type.

-- 
Eduardo

[Qemu-devel] [Bug 1716510] Re: qemu 2.10.0 cannot boot Windows 10 familly

[John Snow]

Possibly a duplicate of:

https://bugs.launchpad.net/qemu/+bug/1714331
or
https://bugs.launchpad.net/qemu/+bug/1715700

Can you share with us the version of OVMF you are using and potentially
try a newer version (see lp 1714331) If not, keep your eye on lp 1715700
for updates.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1716510

Title:
  qemu 2.10.0 cannot boot Windows 10 familly

Status in QEMU:
  New

Bug description:
  On qemu 2.10.0 Windows 10 and Windows Server 2016 hangs during boot.
  Below is setup of Windows Server 2016. Downgrading to 2.9 fixes the
  problem.

  /usr/bin/qemu-system-x86_64 -name guest=,debug-threads=on -S
  -object
  secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-2-/master-key.aes -machine pc-q35-2.8,accel=kvm,usb=off,dump-guest-
  core=off -cpu
  
host,nx=on,hv_relaxed,hv_vapic,hv_spinlocks=0x1000,hv_vpindex,hv_runtime,hv_synic,hv_reset,kvm=off
  -drive file=/usr/local/share/edk2.git/ovmf-x64/OVMF-pure-
  efi.fd,if=pflash,format=raw,unit=0 -drive
  file=/var/lib/libvirt/qemu/nvram/_VARS.fd,if=pflash,format=raw,unit=1
  -m 4096 -realtime mlock=off -smp 12,sockets=1,cores=6,threads=2
  -object iothread,id=iothread1 -object iothread,id=iothread2 -object
  iothread,id=iothread3 -object iothread,id=iothread4 -object
  iothread,id=iothread5 -object iothread,id=iothread6 -object
  iothread,id=iothread7 -object iothread,id=iothread8 -object
  iothread,id=iothread9 -object iothread,id=iothread10 -object
  iothread,id=iothread11 -object iothread,id=iothread12 -uuid 
  -no-user-config -nodefaults -chardev
  
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-2-/monitor.sock,server,nowait
  -mon chardev=charmonitor,id=monitor,mode=control -rtc
  base=localtime,clock=vm,driftfix=slew -no-shutdown -boot strict=on
  -device
  ioh3420,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2
  -device ioh3420,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1
  -device ioh3420,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2
  -device ioh3420,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3
  -device ioh3420,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4
  -device ioh3420,port=0x15,chassis=6,id=pci.6,bus=pcie.0,addr=0x2.0x5
  -device nec-usb-xhci,id=usb,bus=pci.3,addr=0x0 -drive
  if=none,media=cdrom,id=drive-sata0-0-0,readonly=on -device ide-
  cd,bus=ide.0,drive=drive-sata0-0-0,id=sata0-0-0,bootindex=2 -drive
  if=none,media=cdrom,id=drive-sata0-0-1,readonly=on -device ide-
  cd,bus=ide.1,drive=drive-sata0-0-1,id=sata0-0-1,bootindex=1 -drive
  file=/dev/mapper/,format=raw,if=none,id=drive-sata0-0-2
  -device ide-hd,bus=ide.2,drive=drive-
  sata0-0-2,id=sata0-0-2,bootindex=3 -netdev
  tap,fd=21,id=hostnet0,vhost=on,vhostfd=23 -device virtio-net-
  pci,netdev=hostnet0,id=net0,mac=,bus=pci.1,addr=0x0 -netdev
  tap,fd=24,id=hostnet1,vhost=on,vhostfd=25 -device virtio-net-
  pci,netdev=hostnet1,id=net1,mac=,bus=pci.2,addr=0x0 -device usb-
  tablet,id=input0,bus=usb.0,port=1 -spice
  unix,addr=/var/lib/libvirt/qemu/domain-2-/spice.sock,disable-
  ticketing,image-compression=auto_glz,seamless-migration=on -vnc
  127.0.0.1:0 -device qxl-
  
vga,id=video0,ram_size=67108864,vram_size=16777216,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pcie.0,addr=0x1
  -device vhost-scsi-
  pci,wwpn=,vhostfd=26,id=hostdev0,bus=pcie.0,addr=0x9 -device
  virtio-balloon-pci,id=balloon0,bus=pci.4,addr=0x0 -object rng-
  random,id=objrng0,filename=/dev/random -device virtio-rng-
  pci,rng=objrng0,id=rng0,max-bytes=1024,period=1000,bus=pci.5,addr=0x0
  -msg timestamp=o

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1716510/+subscriptions

Re: [Qemu-devel] [PATCH v4 1/8] hw/i386: Improve some of the warning messages

[Eduardo Habkost]

On Mon, Sep 11, 2017 at 12:52:43PM -0700, Alistair Francis wrote:
> Signed-off-by: Alistair Francis 
> Suggested-by: Eduardo Habkost 
> Cc: Eduardo Habkost 
> ---
> V4:
>  - Fixup pc_q35.c message
> V3:
>  - Improve the messages
> 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

[Qemu-devel] [PATCH 06/19] nvic: Make ICSR.RETTOBASE handle banked exceptions

[Peter Maydell]

Update the code in nvic_rettobase() so that it checks the
sec_vectors[] array as well as the vectors[] array if needed.

Signed-off-by: Peter Maydell 
---
 hw/intc/armv7m_nvic.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 585b1a7..edaf60c 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -84,9 +84,12 @@ static int nvic_pending_prio(NVICState *s)
 static bool nvic_rettobase(NVICState *s)
 {
 int irq, nhand = 0;
+bool check_sec = arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY);
 
 for (irq = ARMV7M_EXCP_RESET; irq < s->num_irq; irq++) {
-if (s->vectors[irq].active) {
+if (s->vectors[irq].active ||
+(check_sec && irq < NVIC_INTERNAL_VECTORS &&
+ s->sec_vectors[irq].active)) {
 nhand++;
 if (nhand == 2) {
 return 0;
-- 
2.7.4

[Qemu-devel] [PATCH 07/19] nvic: Implement NVIC_ITNS registers

[Peter Maydell]

For v8M, the NVIC has a new set of registers per interrupt,
NVIC_ITNS. These determine whether the interrupt targets Secure
or Non-secure state. Implement the register read/write code for
these, and make them cause NVIC_IABR, NVIC_ICER, NVIC_ISER,
NVIC_ICPR, NVIC_IPR and NVIC_ISPR to RAZ/WI for non-secure
accesses to fields corresponding to interrupts which are
configured to target secure state.

Signed-off-by: Peter Maydell 
---
 include/hw/intc/armv7m_nvic.h |  3 ++
 hw/intc/armv7m_nvic.c | 74 +++
 2 files changed, 70 insertions(+), 7 deletions(-)

diff --git a/include/hw/intc/armv7m_nvic.h b/include/hw/intc/armv7m_nvic.h
index e96e488..ac7997c 100644
--- a/include/hw/intc/armv7m_nvic.h
+++ b/include/hw/intc/armv7m_nvic.h
@@ -58,6 +58,9 @@ typedef struct NVICState {
 /* The PRIGROUP field in AIRCR is banked */
 uint32_t prigroup[M_REG_NUM_BANKS];
 
+/* v8M NVIC_ITNS state (stored as a bool per bit) */
+bool itns[NVIC_MAX_VECTORS];
+
 /* The following fields are all cached state that can be recalculated
  * from the vectors[] and sec_vectors[] arrays and the prigroup field:
  *  - vectpending
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index edaf60c..b97dbe3 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -423,6 +423,25 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, 
MemTxAttrs attrs)
 switch (offset) {
 case 4: /* Interrupt Control Type.  */
 return ((s->num_irq - NVIC_FIRST_IRQ) / 32) - 1;
+case 0x380 ... 0x3bf: /* NVIC_ITNS */
+{
+int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ;
+int i;
+
+if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
+goto bad_offset;
+}
+if (!attrs.secure) {
+return 0;
+}
+val = 0;
+for (i = 0; i < 32 && startvec + i < s->num_irq; i++) {
+if (s->itns[startvec + i]) {
+val |= (1 << i);
+}
+}
+return val;
+}
 case 0xd00: /* CPUID Base.  */
 return cpu->midr;
 case 0xd04: /* Interrupt Control State.  */
@@ -658,6 +677,23 @@ static void nvic_writel(NVICState *s, uint32_t offset, 
uint32_t value,
 ARMCPU *cpu = s->cpu;
 
 switch (offset) {
+case 0x380 ... 0x3bf: /* NVIC_ITNS */
+{
+int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ;
+int i;
+
+if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
+goto bad_offset;
+}
+if (!attrs.secure) {
+break;
+}
+for (i = 0; i < 32 && startvec + i < s->num_irq; i++) {
+s->itns[startvec + i] = value & (1 << i);
+}
+nvic_irq_update(s);
+break;
+}
 case 0xd04: /* Interrupt Control State.  */
 if (value & (1 << 31)) {
 armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI);
@@ -966,7 +1002,8 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr 
addr,
 startvec = offset - 0x180 + NVIC_FIRST_IRQ; /* vector # */
 
 for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) 
{
-if (s->vectors[startvec + i].enabled) {
+if (s->vectors[startvec + i].enabled &&
+(attrs.secure || s->itns[startvec + i])) {
 val |= (1 << i);
 }
 }
@@ -978,7 +1015,8 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr 
addr,
 val = 0;
 startvec = offset - 0x280 + NVIC_FIRST_IRQ; /* vector # */
 for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) 
{
-if (s->vectors[startvec + i].pending) {
+if (s->vectors[startvec + i].pending &&
+(attrs.secure || s->itns[startvec + i])) {
 val |= (1 << i);
 }
 }
@@ -988,7 +1026,8 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr 
addr,
 startvec = offset - 0x300 + NVIC_FIRST_IRQ; /* vector # */
 
 for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) 
{
-if (s->vectors[startvec + i].active) {
+if (s->vectors[startvec + i].active &&
+(attrs.secure || s->itns[startvec + i])) {
 val |= (1 << i);
 }
 }
@@ -998,7 +1037,9 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr 
addr,
 startvec = offset - 0x400 + NVIC_FIRST_IRQ; /* vector # */
 
 for (i = 0; i < size && startvec + i < s->num_irq; i++) {
-val |= s->vectors[startvec + i].prio << (8 * i);
+if (attrs.secure || s->itns[startvec + i]) {
+val |= s->vectors[startvec + i].prio << (8 * i);
+}
 }
 break;
 case 0xd18 ... 0xd23: /* System Handler Priority.  */
@@ -1055,7 +1096,8 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr 
addr,
 startvec = 8 * (offset - 0x180) + NVIC_FIRST_IRQ;
 

[Qemu-devel] [PATCH 02/19] nvic: Add banked exception states

[Peter Maydell]

For the v8M security extension, some exceptions must be banked
between security states. Add the new vecinfo array which holds
the state for the banked exceptions and migrate it if the
CPU the NVIC is attached to implements the security extension.

Signed-off-by: Peter Maydell 
---
 include/hw/intc/armv7m_nvic.h | 14 +
 hw/intc/armv7m_nvic.c | 49 ++-
 2 files changed, 62 insertions(+), 1 deletion(-)

diff --git a/include/hw/intc/armv7m_nvic.h b/include/hw/intc/armv7m_nvic.h
index 1a4cce7..317601e 100644
--- a/include/hw/intc/armv7m_nvic.h
+++ b/include/hw/intc/armv7m_nvic.h
@@ -21,6 +21,8 @@
 
 /* Highest permitted number of exceptions (architectural limit) */
 #define NVIC_MAX_VECTORS 512
+/* Number of internal exceptions */
+#define NVIC_INTERNAL_VECTORS 16
 
 typedef struct VecInfo {
 /* Exception priorities can range from -3 to 255; only the unmodifiable
@@ -41,6 +43,18 @@ typedef struct NVICState {
 ARMCPU *cpu;
 
 VecInfo vectors[NVIC_MAX_VECTORS];
+/* If the v8M security extension is implemented, some of the internal
+ * exceptions are banked between security states (ie there exists both
+ * a Secure and a NonSecure version of the exception and its state):
+ *  HardFault, MemManage, UsageFault, SVCall, PendSV, SysTick (R_PJHV)
+ * The rest (including all the external exceptions) are not banked, though
+ * they may be configurable to target either Secure or NonSecure state.
+ * We store the secure exception state in sec_vectors[] for the banked
+ * exceptions, and otherwise use only vectors[] (including for exceptions
+ * like SecureFault that unconditionally target Secure state).
+ * Entries in sec_vectors[] for non-banked exception numbers are unused.
+ */
+VecInfo sec_vectors[NVIC_INTERNAL_VECTORS];
 uint32_t prigroup;
 
 /* vectpending and exception_prio are both cached state that can
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index d3e2056..694b9e0 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -47,7 +47,7 @@
  * For historical reasons QEMU tends to use "interrupt" and
  * "exception" more or less interchangeably.
  */
-#define NVIC_FIRST_IRQ 16
+#define NVIC_FIRST_IRQ NVIC_INTERNAL_VECTORS
 #define NVIC_MAX_IRQ (NVIC_MAX_VECTORS - NVIC_FIRST_IRQ)
 
 /* Effective running priority of the CPU when no exception is active
@@ -1158,6 +1158,43 @@ static const VMStateDescription vmstate_VecInfo = {
 }
 };
 
+static bool nvic_security_needed(void *opaque)
+{
+NVICState *s = opaque;
+
+return arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY);
+}
+
+static int nvic_security_post_load(void *opaque, int version_id)
+{
+NVICState *s = opaque;
+int i;
+
+/* Check for out of range priority settings */
+if (s->sec_vectors[ARMV7M_EXCP_HARD].prio != -1) {
+return 1;
+}
+for (i = ARMV7M_EXCP_MEM; i < ARRAY_SIZE(s->sec_vectors); i++) {
+if (s->sec_vectors[i].prio & ~0xff) {
+return 1;
+}
+}
+return 0;
+}
+
+static const VMStateDescription vmstate_nvic_security = {
+.name = "nvic/m-security",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = nvic_security_needed,
+.post_load = &nvic_security_post_load,
+.fields = (VMStateField[]) {
+VMSTATE_STRUCT_ARRAY(sec_vectors, NVICState, NVIC_INTERNAL_VECTORS, 1,
+ vmstate_VecInfo, VecInfo),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static const VMStateDescription vmstate_nvic = {
 .name = "armv7m_nvic",
 .version_id = 4,
@@ -1195,6 +1232,16 @@ static void armv7m_nvic_reset(DeviceState *dev)
 s->vectors[ARMV7M_EXCP_NMI].prio = -2;
 s->vectors[ARMV7M_EXCP_HARD].prio = -1;
 
+if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY)) {
+s->sec_vectors[ARMV7M_EXCP_HARD].enabled = 1;
+s->sec_vectors[ARMV7M_EXCP_SVC].enabled = 1;
+s->sec_vectors[ARMV7M_EXCP_PENDSV].enabled = 1;
+s->sec_vectors[ARMV7M_EXCP_SYSTICK].enabled = 1;
+
+/* AIRCR.BFHFNMINS resets to 0 so Secure HF is priority -1 (R_CMTC) */
+s->sec_vectors[ARMV7M_EXCP_HARD].prio = -1;
+}
+
 /* Strictly speaking the reset handler should be enabled.
  * However, we don't simulate soft resets through the NVIC,
  * and the reset vector should never be pended.
-- 
2.7.4

[Qemu-devel] [PATCH 00/19] ARMv8M: support security extn in the NVIC

[Peter Maydell]

This patchset is another lump of v8M support. It mostly
covers the NVIC, which has extensive changes to handle the
fact that some exceptions are now banked. It sits on top of
the set of minor fixes that I sent out the other day.

(I have a chunk of patches that follow on from this to add
the security extension support to exception entry and exit
code, thus using the API changes made for the acknowledge
and complete functions in the last patch. They need a little
bit more baking, though, and 19 patches is enough as it is.)

Testing status: I'm pretty happy that these patches are the
right shape, but they might have minor bugs in the details.
(My uvisor test case won't currently run very far because
it wants the SG instruction.)
They shouldn't break v7M code, though, and it seems better to
me to move things into master and bugfix them later if necessary
rather than hold onto an enormous stack of patches that's
unreviewably large.

thanks
-- PMM

Peter Maydell (19):
  target/arm: Implement MSR/MRS access to NS banked registers
  nvic: Add banked exception states
  nvic: Add cached vectpending_is_s_banked state
  nvic: Add cached vectpending_prio state
  nvic: Implement AIRCR changes for v8M
  nvic: Make ICSR.RETTOBASE handle banked exceptions
  nvic: Implement NVIC_ITNS registers
  nvic: Handle banked exceptions in nvic_recompute_state()
  nvic: Make set_pending and clear_pending take a secure parameter
  nvic: Make SHPR registers banked
  nvic: Compare group priority for escalation to HF
  nvic: In escalation to HardFault, support HF not being priority -1
  nvic: Implement v8M changes to fixed priority exceptions
  nvic: Disable the non-secure HardFault if AIRCR.BFHFNMINS is clear
  nvic: Handle v8M changes in nvic_exec_prio()
  target/arm: Handle banking in negative-execution-priority check in
cpu_mmu_index()
  nvic: Make ICSR banked for v8M
  nvic: Make SHCSR banked for v8M
  nvic: Support banked exceptions in acknowledge and complete

 include/hw/intc/armv7m_nvic.h |  33 +-
 target/arm/cpu.h  |  62 ++-
 hw/intc/armv7m_nvic.c | 909 +++---
 target/arm/cpu.c  |   7 +
 target/arm/helper.c   | 142 ++-
 hw/intc/trace-events  |  13 +-
 6 files changed, 996 insertions(+), 170 deletions(-)

-- 
2.7.4

[Qemu-devel] [PATCH 04/19] nvic: Add cached vectpending_prio state

[Peter Maydell]

Instead of looking up the pending priority
in nvic_pending_prio(), cache it in a new state struct
field. The calculation of the pending priority given
the interrupt number is more complicated in v8M with
the security extension, so the caching will be worthwhile.

This changes nvic_pending_prio() from returning a full
(group + subpriority) priority value to returning a group
priority. This doesn't require changes to its callsites
because we use it only in comparisons of the form
  execution_prio > nvic_pending_prio()
and execution priority is always a group priority, so
a test (exec prio > full prio) is true if and only if
(execprio > group_prio).

(Architecturally the expected comparison is with the
group priority for this sort of "would we preempt" test;
we were only doing a test with a full priority as an
optimisation to avoid the mask, which is possible
precisely because the two comparisons always give the
same answer.)

Signed-off-by: Peter Maydell 
---
 include/hw/intc/armv7m_nvic.h |  2 ++
 hw/intc/armv7m_nvic.c | 23 +--
 hw/intc/trace-events  |  2 +-
 3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/include/hw/intc/armv7m_nvic.h b/include/hw/intc/armv7m_nvic.h
index 87c78b3..329774e 100644
--- a/include/hw/intc/armv7m_nvic.h
+++ b/include/hw/intc/armv7m_nvic.h
@@ -62,6 +62,7 @@ typedef struct NVICState {
  *  - vectpending
  *  - vectpending_is_secure
  *  - exception_prio
+ *  - vectpending_prio
  */
 unsigned int vectpending; /* highest prio pending enabled exception */
 /* true if vectpending is a banked secure exception, ie it is in
@@ -69,6 +70,7 @@ typedef struct NVICState {
  */
 bool vectpending_is_s_banked;
 int exception_prio; /* group prio of the highest prio active exception */
+int vectpending_prio; /* group prio of the exeception in vectpending */
 
 MemoryRegion sysregmem;
 MemoryRegion sysreg_ns_mem;
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 417a456..8388d64 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -61,10 +61,10 @@ static const uint8_t nvic_id[] = {
 
 static int nvic_pending_prio(NVICState *s)
 {
-/* return the priority of the current pending interrupt,
+/* return the group priority of the current pending interrupt,
  * or NVIC_NOEXC_PRIO if no interrupt is pending
  */
-return s->vectpending ? s->vectors[s->vectpending].prio : NVIC_NOEXC_PRIO;
+return s->vectpending_prio;
 }
 
 /* Return the value of the ISCR RETTOBASE bit:
@@ -156,10 +156,17 @@ static void nvic_recompute_state(NVICState *s)
 active_prio &= nvic_gprio_mask(s);
 }
 
+if (pend_prio > 0) {
+pend_prio &= nvic_gprio_mask(s);
+}
+
 s->vectpending = pend_irq;
+s->vectpending_prio = pend_prio;
 s->exception_prio = active_prio;
 
-trace_nvic_recompute_state(s->vectpending, s->exception_prio);
+trace_nvic_recompute_state(s->vectpending,
+   s->vectpending_prio,
+   s->exception_prio);
 }
 
 /* Return the current execution priority of the CPU
@@ -323,7 +330,6 @@ void armv7m_nvic_acknowledge_irq(void *opaque)
 CPUARMState *env = &s->cpu->env;
 const int pending = s->vectpending;
 const int running = nvic_exec_prio(s);
-int pendgroupprio;
 VecInfo *vec;
 
 assert(pending > ARMV7M_EXCP_RESET && pending < s->num_irq);
@@ -333,13 +339,9 @@ void armv7m_nvic_acknowledge_irq(void *opaque)
 assert(vec->enabled);
 assert(vec->pending);
 
-pendgroupprio = vec->prio;
-if (pendgroupprio > 0) {
-pendgroupprio &= nvic_gprio_mask(s);
-}
-assert(pendgroupprio < running);
+assert(s->vectpending_prio < running);
 
-trace_nvic_acknowledge_irq(pending, vec->prio);
+trace_nvic_acknowledge_irq(pending, s->vectpending_prio);
 
 vec->active = 1;
 vec->pending = 0;
@@ -1251,6 +1253,7 @@ static void armv7m_nvic_reset(DeviceState *dev)
 s->exception_prio = NVIC_NOEXC_PRIO;
 s->vectpending = 0;
 s->vectpending_is_s_banked = false;
+s->vectpending_prio = NVIC_NOEXC_PRIO;
 }
 
 static void nvic_systick_trigger(void *opaque, int n, int level)
diff --git a/hw/intc/trace-events b/hw/intc/trace-events
index 4762329..5635a5f 100644
--- a/hw/intc/trace-events
+++ b/hw/intc/trace-events
@@ -167,7 +167,7 @@ gicv3_redist_set_irq(uint32_t cpu, int irq, int level) 
"GICv3 redistributor 0x%x
 gicv3_redist_send_sgi(uint32_t cpu, int irq) "GICv3 redistributor 0x%x pending 
SGI %d"
 
 # hw/intc/armv7m_nvic.c
-nvic_recompute_state(int vectpending, int exception_prio) "NVIC state 
recomputed: vectpending %d exception_prio %d"
+nvic_recompute_state(int vectpending, int vectpending_prio, int 
exception_prio) "NVIC state recomputed: vectpending %d vectpending_prio %d 
exception_prio %d"
 nvic_set_prio(int irq, uint8_t prio) "NVIC set irq %d priority %d"
 nvic_irq_update(int vectpending, int pendprio, int except

[Qemu-devel] [PATCH 14/19] nvic: Disable the non-secure HardFault if AIRCR.BFHFNMINS is clear

[Peter Maydell]

If AIRCR.BFHFNMINS is clear, then although NonSecure HardFault
can still be pended via SHCSR.HARDFAULTPENDED it mustn't actually
preempt execution. The simple way to achieve this is to clear the
enable bit for it, since the enable bit isn't guest visible.

Signed-off-by: Peter Maydell 
---
 hw/intc/armv7m_nvic.c | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index db2f170..91d2f33 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -937,11 +937,16 @@ static void nvic_writel(NVICState *s, uint32_t offset, 
uint32_t value,
 (R_V7M_AIRCR_SYSRESETREQS_MASK |
  R_V7M_AIRCR_BFHFNMINS_MASK |
  R_V7M_AIRCR_PRIS_MASK);
-/* BFHFNMINS changes the priority of Secure HardFault */
+/* BFHFNMINS changes the priority of Secure HardFault, and
+ * allows a pending Non-secure HardFault to preempt (which
+ * we implement by marking it enabled).
+ */
 if (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {
 s->sec_vectors[ARMV7M_EXCP_HARD].prio = -3;
+s->vectors[ARMV7M_EXCP_HARD].enabled = 1;
 } else {
 s->sec_vectors[ARMV7M_EXCP_HARD].prio = -1;
+s->vectors[ARMV7M_EXCP_HARD].enabled = 0;
 }
 }
 nvic_irq_update(s);
@@ -1562,7 +1567,6 @@ static void armv7m_nvic_reset(DeviceState *dev)
 NVICState *s = NVIC(dev);
 
 s->vectors[ARMV7M_EXCP_NMI].enabled = 1;
-s->vectors[ARMV7M_EXCP_HARD].enabled = 1;
 /* MEM, BUS, and USAGE are enabled through
  * the System Handler Control register
  */
@@ -1584,6 +1588,10 @@ static void armv7m_nvic_reset(DeviceState *dev)
 
 /* AIRCR.BFHFNMINS resets to 0 so Secure HF is priority -1 (R_CMTC) */
 s->sec_vectors[ARMV7M_EXCP_HARD].prio = -1;
+/* If AIRCR.BFHFNMINS is 0 then NS HF is (effectively) disabled */
+s->vectors[ARMV7M_EXCP_HARD].enabled = 0;
+} else {
+s->vectors[ARMV7M_EXCP_HARD].enabled = 1;
 }
 
 /* Strictly speaking the reset handler should be enabled.
-- 
2.7.4

[Qemu-devel] [PATCH 05/19] nvic: Implement AIRCR changes for v8M

[Peter Maydell]

The Application Interrupt and Reset Control Register has some changes
for v8M:
 * new bits SYSRESETREQS, BFHFNMINS and PRIS: these all have
   real state if the security extension is implemented and otherwise
   are constant
 * the PRIGROUP field is banked between security states
 * non-secure code can be blocked from using the SYSRESET bit
   to reset the system if SYSRESETREQS is set

Implement the new state and the changes to register read and write.
For the moment we ignore the effects of the secure PRIGROUP.
We will implement the effects of PRIS and BFHFNMIS later.

Signed-off-by: Peter Maydell 
---
 include/hw/intc/armv7m_nvic.h |  3 ++-
 target/arm/cpu.h  | 12 +++
 hw/intc/armv7m_nvic.c | 49 +--
 target/arm/cpu.c  |  7 +++
 4 files changed, 59 insertions(+), 12 deletions(-)

diff --git a/include/hw/intc/armv7m_nvic.h b/include/hw/intc/armv7m_nvic.h
index 329774e..e96e488 100644
--- a/include/hw/intc/armv7m_nvic.h
+++ b/include/hw/intc/armv7m_nvic.h
@@ -55,7 +55,8 @@ typedef struct NVICState {
  * Entries in sec_vectors[] for non-banked exception numbers are unused.
  */
 VecInfo sec_vectors[NVIC_INTERNAL_VECTORS];
-uint32_t prigroup;
+/* The PRIGROUP field in AIRCR is banked */
+uint32_t prigroup[M_REG_NUM_BANKS];
 
 /* The following fields are all cached state that can be recalculated
  * from the vectors[] and sec_vectors[] arrays and the prigroup field:
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 5a1f957..7e661c8 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -449,6 +449,7 @@ typedef struct CPUARMState {
 int exception;
 uint32_t primask[M_REG_NUM_BANKS];
 uint32_t faultmask[M_REG_NUM_BANKS];
+uint32_t aircr; /* only holds r/w state if security extn implemented */
 uint32_t secure; /* Is CPU in Secure state? (not guest visible) */
 } v7m;
 
@@ -1200,6 +1201,17 @@ FIELD(V7M_CCR, STKALIGN, 9, 1)
 FIELD(V7M_CCR, DC, 16, 1)
 FIELD(V7M_CCR, IC, 17, 1)
 
+/* V7M AIRCR bits */
+FIELD(V7M_AIRCR, VECTRESET, 0, 1)
+FIELD(V7M_AIRCR, VECTCLRACTIVE, 1, 1)
+FIELD(V7M_AIRCR, SYSRESETREQ, 2, 1)
+FIELD(V7M_AIRCR, SYSRESETREQS, 3, 1)
+FIELD(V7M_AIRCR, PRIGROUP, 8, 3)
+FIELD(V7M_AIRCR, BFHFNMINS, 13, 1)
+FIELD(V7M_AIRCR, PRIS, 14, 1)
+FIELD(V7M_AIRCR, ENDIANNESS, 15, 1)
+FIELD(V7M_AIRCR, VECTKEY, 16, 16)
+
 /* V7M CFSR bits for MMFSR */
 FIELD(V7M_CFSR, IACCVIOL, 0, 1)
 FIELD(V7M_CFSR, DACCVIOL, 1, 1)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 8388d64..585b1a7 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -129,7 +129,7 @@ static bool nvic_isrpending(NVICState *s)
  */
 static inline uint32_t nvic_gprio_mask(NVICState *s)
 {
-return ~0U << (s->prigroup + 1);
+return ~0U << (s->prigroup[M_REG_NS] + 1);
 }
 
 /* Recompute vectpending and exception_prio */
@@ -451,8 +451,21 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, 
MemTxAttrs attrs)
 return val;
 case 0xd08: /* Vector Table Offset.  */
 return cpu->env.v7m.vecbase[attrs.secure];
-case 0xd0c: /* Application Interrupt/Reset Control.  */
-return 0xfa05 | (s->prigroup << 8);
+case 0xd0c: /* Application Interrupt/Reset Control (AIRCR) */
+val = 0xfa05 | (s->prigroup[attrs.secure] << 8);
+if (attrs.secure) {
+/* s->aircr stores PRIS, BFHFNMINS, SYSRESETREQS */
+val |= cpu->env.v7m.aircr;
+} else {
+if (arm_feature(&cpu->env, ARM_FEATURE_V8)) {
+/* BFHFNMINS is R/O from NS; other bits are RAZ/WI. If
+ * security isn't supported then BFHFNMINS is RAO (and
+ * the bit in env.v7m.aircr is always set).
+ */
+val |= cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK;
+}
+}
+return val;
 case 0xd10: /* System Control.  */
 /* TODO: Implement SLEEPONEXIT.  */
 return 0;
@@ -660,22 +673,35 @@ static void nvic_writel(NVICState *s, uint32_t offset, 
uint32_t value,
 case 0xd08: /* Vector Table Offset.  */
 cpu->env.v7m.vecbase[attrs.secure] = value & 0xff80;
 break;
-case 0xd0c: /* Application Interrupt/Reset Control.  */
-if ((value >> 16) == 0x05fa) {
-if (value & 4) {
-qemu_irq_pulse(s->sysresetreq);
+case 0xd0c: /* Application Interrupt/Reset Control (AIRCR) */
+if ((value >> R_V7M_AIRCR_VECTKEY_SHIFT) == 0x05fa) {
+if (value & R_V7M_AIRCR_SYSRESETREQ_MASK) {
+if (attrs.secure ||
+!(cpu->env.v7m.aircr & R_V7M_AIRCR_SYSRESETREQS_MASK)) {
+qemu_irq_pulse(s->sysresetreq);
+}
 }
-if (value & 2) {
+if (value & R_V7M_AIRCR_VECTCLRACTIVE_MASK) {
 qemu_log_mask(LOG_GUEST_ERROR,
   "Se

[Qemu-devel] [PATCH 03/19] nvic: Add cached vectpending_is_s_banked state

[Peter Maydell]

With banked exceptions, just the exception number in
s->vectpending is no longer sufficient to uniquely identify
the pending exception. Add a vectpending_is_s_banked bool
which is true if the exception is using the sec_vectors[]
array.

Signed-off-by: Peter Maydell 
---
 include/hw/intc/armv7m_nvic.h | 11 +--
 hw/intc/armv7m_nvic.c |  1 +
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/include/hw/intc/armv7m_nvic.h b/include/hw/intc/armv7m_nvic.h
index 317601e..87c78b3 100644
--- a/include/hw/intc/armv7m_nvic.h
+++ b/include/hw/intc/armv7m_nvic.h
@@ -57,10 +57,17 @@ typedef struct NVICState {
 VecInfo sec_vectors[NVIC_INTERNAL_VECTORS];
 uint32_t prigroup;
 
-/* vectpending and exception_prio are both cached state that can
- * be recalculated from the vectors[] array and the prigroup field.
+/* The following fields are all cached state that can be recalculated
+ * from the vectors[] and sec_vectors[] arrays and the prigroup field:
+ *  - vectpending
+ *  - vectpending_is_secure
+ *  - exception_prio
  */
 unsigned int vectpending; /* highest prio pending enabled exception */
+/* true if vectpending is a banked secure exception, ie it is in
+ * sec_vectors[] rather than vectors[]
+ */
+bool vectpending_is_s_banked;
 int exception_prio; /* group prio of the highest prio active exception */
 
 MemoryRegion sysregmem;
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 694b9e0..417a456 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -1250,6 +1250,7 @@ static void armv7m_nvic_reset(DeviceState *dev)
 
 s->exception_prio = NVIC_NOEXC_PRIO;
 s->vectpending = 0;
+s->vectpending_is_s_banked = false;
 }
 
 static void nvic_systick_trigger(void *opaque, int n, int level)
-- 
2.7.4

[Qemu-devel] [PATCH 16/19] target/arm: Handle banking in negative-execution-priority check in cpu_mmu_index()

[Peter Maydell]

Now that we have a banked FAULTMASK register and banked exceptions,
we can implement the correct check in cpu_mmu_index() for whether
the MPU_CTRL.HFNMIENA bit's effect should apply. This bit causes
handlers which have requested a negative execution priority to run
with the MPU disabled. In v8M the test has to check this for the
current security state and so takes account of banking.

Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h  | 21 -
 hw/intc/armv7m_nvic.c | 29 +
 2 files changed, 45 insertions(+), 5 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 7a93354..02be3ca 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1498,6 +1498,21 @@ int armv7m_nvic_complete_irq(void *opaque, int irq);
  * (v8M ARM ARM I_PKLD.)
  */
 int armv7m_nvic_raw_execution_priority(void *opaque);
+/**
+ * armv7m_nvic_neg_prio_requested: return true if the requested execution
+ * priority is negative for the specified security state.
+ * @opaque: the NVIC
+ * @secure: the security state to test
+ * This corresponds to the pseudocode IsReqExecPriNeg().
+ */
+#ifndef CONFIG_USER_ONLY
+bool armv7m_nvic_neg_prio_requested(void *opaque, bool secure);
+#else
+static inline bool armv7m_nvic_neg_prio_requested(void *opaque, bool secure)
+{
+return false;
+}
+#endif
 
 /* Interface for defining coprocessor registers.
  * Registers are defined in tables of arm_cp_reginfo structs
@@ -2280,11 +2295,7 @@ static inline int cpu_mmu_index(CPUARMState *env, bool 
ifetch)
 if (arm_feature(env, ARM_FEATURE_M)) {
 ARMMMUIdx mmu_idx = el == 0 ? ARMMMUIdx_MUser : ARMMMUIdx_MPriv;
 
-/* Execution priority is negative if FAULTMASK is set or
- * we're in a HardFault or NMI handler.
- */
-if ((env->v7m.exception > 0 && env->v7m.exception <= 3)
-|| env->v7m.faultmask[env->v7m.secure]) {
+if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) {
 mmu_idx = ARMMMUIdx_MNegPri;
 }
 
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index b13327d..5e5aecd 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -368,6 +368,35 @@ static inline int nvic_exec_prio(NVICState *s)
 return MIN(running, s->exception_prio);
 }
 
+bool armv7m_nvic_neg_prio_requested(void *opaque, bool secure)
+{
+/* Return true if the requested execution priority is negative
+ * for the specified security state, ie that security state
+ * has an active NMI or HardFault or has set its FAULTMASK.
+ * Note that this is not the same as whether the execution
+ * priority is actually negative (for instance AIRCR.PRIS may
+ * mean we don't allow FAULTMASK_NS to actually make the execution
+ * priority negative). Compare pseudocode IsReqExcPriNeg().
+ */
+NVICState *s = opaque;
+
+if (s->cpu->env.v7m.faultmask[secure]) {
+return true;
+}
+
+if (secure ? s->sec_vectors[ARMV7M_EXCP_HARD].active :
+s->vectors[ARMV7M_EXCP_HARD].active) {
+return true;
+}
+
+if (s->vectors[ARMV7M_EXCP_NMI].active &&
+exc_targets_secure(s, ARMV7M_EXCP_NMI) == secure) {
+return true;
+}
+
+return false;
+}
+
 bool armv7m_nvic_can_take_pending_exception(void *opaque)
 {
 NVICState *s = opaque;
-- 
2.7.4

[Qemu-devel] [PATCH 19/19] nvic: Support banked exceptions in acknowledge and complete

[Peter Maydell]

Update armv7m_nvic_acknowledge_irq() and armv7m_nvic_complete_irq()
to handle banked exceptions:
 * acknowledge needs to use the correct vector, which may be
   in sec_vectors[]
 * acknowledge needs to return to its caller whether the
   exception should be taken to secure or non-secure state
 * complete needs its caller to tell it whether the exception
   being completed is a secure one or not

Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h  | 15 +--
 hw/intc/armv7m_nvic.c | 26 --
 target/arm/helper.c   |  8 +---
 hw/intc/trace-events  |  4 ++--
 4 files changed, 40 insertions(+), 13 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 02be3ca..9c336bc 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1476,18 +1476,29 @@ static inline bool 
armv7m_nvic_can_take_pending_exception(void *opaque)
  * of architecturally banked exceptions.
  */
 void armv7m_nvic_set_pending(void *opaque, int irq, bool secure);
-void armv7m_nvic_acknowledge_irq(void *opaque);
+/**
+ * armv7m_nvic_acknowledge_irq: make highest priority pending exception active
+ * @opaque: the NVIC
+ *
+ * Move the current highest priority pending exception from the pending
+ * state to the active state, and update v7m.exception to indicate that
+ * it is the exception currently being handled.
+ *
+ * Returns: true if exception should be taken to Secure state, false for NS
+ */
+bool armv7m_nvic_acknowledge_irq(void *opaque);
 /**
  * armv7m_nvic_complete_irq: complete specified interrupt or exception
  * @opaque: the NVIC
  * @irq: the exception number to complete
+ * @secure: true if this exception was secure
  *
  * Returns: -1 if the irq was not active
  *   1 if completing this irq brought us back to base (no active irqs)
  *   0 if there is still an irq active after this one was completed
  * (Ignoring -1, this is the same as the RETTOBASE value before completion.)
  */
-int armv7m_nvic_complete_irq(void *opaque, int irq);
+int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure);
 /**
  * armv7m_nvic_raw_execution_priority: return the raw execution priority
  * @opaque: the NVIC
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 9613990..078532a 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -586,24 +586,32 @@ void armv7m_nvic_set_pending(void *opaque, int irq, bool 
secure)
 }
 
 /* Make pending IRQ active.  */
-void armv7m_nvic_acknowledge_irq(void *opaque)
+bool armv7m_nvic_acknowledge_irq(void *opaque)
 {
 NVICState *s = (NVICState *)opaque;
 CPUARMState *env = &s->cpu->env;
 const int pending = s->vectpending;
 const int running = nvic_exec_prio(s);
 VecInfo *vec;
+bool targets_secure;
 
 assert(pending > ARMV7M_EXCP_RESET && pending < s->num_irq);
 
-vec = &s->vectors[pending];
+if (s->vectpending_is_s_banked) {
+vec = &s->sec_vectors[pending];
+targets_secure = true;
+} else {
+vec = &s->vectors[pending];
+targets_secure = !exc_is_banked(s->vectpending) &&
+exc_targets_secure(s, s->vectpending);
+}
 
 assert(vec->enabled);
 assert(vec->pending);
 
 assert(s->vectpending_prio < running);
 
-trace_nvic_acknowledge_irq(pending, s->vectpending_prio);
+trace_nvic_acknowledge_irq(pending, s->vectpending_prio, targets_secure);
 
 vec->active = 1;
 vec->pending = 0;
@@ -611,9 +619,11 @@ void armv7m_nvic_acknowledge_irq(void *opaque)
 env->v7m.exception = s->vectpending;
 
 nvic_irq_update(s);
+
+return targets_secure;
 }
 
-int armv7m_nvic_complete_irq(void *opaque, int irq)
+int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure)
 {
 NVICState *s = (NVICState *)opaque;
 VecInfo *vec;
@@ -621,9 +631,13 @@ int armv7m_nvic_complete_irq(void *opaque, int irq)
 
 assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq);
 
-vec = &s->vectors[irq];
+if (secure && exc_is_banked(irq)) {
+vec = &s->sec_vectors[irq];
+} else {
+vec = &s->vectors[irq];
+}
 
-trace_nvic_complete_irq(irq);
+trace_nvic_complete_irq(irq, secure);
 
 if (!vec->active) {
 /* Tell the caller this was an illegal exception return */
diff --git a/target/arm/helper.c b/target/arm/helper.c
index b64acd8..8be78ea 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6218,6 +6218,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
 bool return_to_sp_process = false;
 bool return_to_handler = false;
 bool rettobase = false;
+bool exc_secure = false;
 
 /* We can only get here from an EXCP_EXCEPTION_EXIT, and
  * gen_bx_excret() enforces the architectural rule
@@ -6256,16 +6257,17 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
  * which security state's faultmask to clear. (v8M ARM ARM R_KBNF.)
  */
 if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
-int es = excret & R_V7M_EXCRET_ES_MASK;
+ 

[Qemu-devel] [PATCH 01/19] target/arm: Implement MSR/MRS access to NS banked registers

[Peter Maydell]

In v8M the MSR and MRS instructions have extra register value
encodings to allow secure code to access the non-secure banked
version of various special registers.

(We don't implement the MSPLIM_NS or PSPLIM_NS aliases, because
we don't currently implement the stack limit registers at all.)

Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 110 
 1 file changed, 110 insertions(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 4f41841..f4f2a87 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8892,12 +8892,68 @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
 break;
 case 20: /* CONTROL */
 return env->v7m.control[env->v7m.secure];
+case 0x94: /* CONTROL_NS */
+/* We have to handle this here because unprivileged Secure code
+ * can read the NS CONTROL register.
+ */
+if (!env->v7m.secure) {
+return 0;
+}
+return env->v7m.control[M_REG_NS];
 }
 
 if (el == 0) {
 return 0; /* unprivileged reads others as zero */
 }
 
+if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
+switch (reg) {
+case 0x88: /* MSP_NS */
+if (!env->v7m.secure) {
+return 0;
+}
+return env->v7m.other_ss_msp;
+case 0x89: /* PSP_NS */
+if (!env->v7m.secure) {
+return 0;
+}
+return env->v7m.other_ss_psp;
+case 0x90: /* PRIMASK_NS */
+if (!env->v7m.secure) {
+return 0;
+}
+return env->v7m.primask[M_REG_NS];
+case 0x91: /* BASEPRI_NS */
+if (!env->v7m.secure) {
+return 0;
+}
+return env->v7m.basepri[M_REG_NS];
+case 0x93: /* FAULTMASK_NS */
+if (!env->v7m.secure) {
+return 0;
+}
+return env->v7m.faultmask[M_REG_NS];
+case 0x98: /* SP_NS */
+{
+/* This gives the non-secure SP selected based on whether we're
+ * currently in handler mode or not, using the NS CONTROL.SPSEL.
+ */
+bool spsel = env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK;
+
+if (!env->v7m.secure) {
+return 0;
+}
+if (!arm_v7m_is_handler_mode(env) && spsel) {
+return env->v7m.other_ss_psp;
+} else {
+return env->v7m.other_ss_msp;
+}
+}
+default:
+break;
+}
+}
+
 switch (reg) {
 case 8: /* MSP */
 return (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK) ?
@@ -8936,6 +8992,60 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, 
uint32_t val)
 return;
 }
 
+if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
+switch (reg) {
+case 0x88: /* MSP_NS */
+if (!env->v7m.secure) {
+return;
+}
+env->v7m.other_ss_msp = val;
+return;
+case 0x89: /* PSP_NS */
+if (!env->v7m.secure) {
+return;
+}
+env->v7m.other_ss_psp = val;
+return;
+case 0x90: /* PRIMASK_NS */
+if (!env->v7m.secure) {
+return;
+}
+env->v7m.primask[M_REG_NS] = val & 1;
+return;
+case 0x91: /* BASEPRI_NS */
+if (!env->v7m.secure) {
+return;
+}
+env->v7m.basepri[M_REG_NS] = val & 0xff;
+return;
+case 0x93: /* FAULTMASK_NS */
+if (!env->v7m.secure) {
+return;
+}
+env->v7m.faultmask[M_REG_NS] = val & 1;
+return;
+case 0x98: /* SP_NS */
+{
+/* This gives the non-secure SP selected based on whether we're
+ * currently in handler mode or not, using the NS CONTROL.SPSEL.
+ */
+bool spsel = env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK;
+
+if (!env->v7m.secure) {
+return;
+}
+if (!arm_v7m_is_handler_mode(env) && spsel) {
+env->v7m.other_ss_psp = val;
+} else {
+env->v7m.other_ss_msp = val;
+}
+return;
+}
+default:
+break;
+}
+}
+
 switch (reg) {
 case 0 ... 7: /* xPSR sub-fields */
 /* only APSR is actually writable */
-- 
2.7.4

[Qemu-devel] [PATCH 12/19] nvic: In escalation to HardFault, support HF not being priority -1

[Peter Maydell]

When escalating to HardFault, we must go into Lockup if we
can't take the synchronous HardFault because the current
execution priority is already at or below the priority of
HardFault. In v7M HF is always priority -1 so a simple < 0
comparison sufficed; in v8M the priority of HardFault can
vary depending on whether it is a Secure or NonSecure
HardFault, so we must check against the priority of the
HardFault exception vector we're about to use.

Signed-off-by: Peter Maydell 
---
 hw/intc/armv7m_nvic.c | 23 ---
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 3361a28..c4670f7 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -487,18 +487,8 @@ void armv7m_nvic_set_pending(void *opaque, int irq, bool 
secure)
 }
 
 if (escalate) {
-if (running < 0) {
-/* We want to escalate to HardFault but we can't take a
- * synchronous HardFault at this point either. This is a
- * Lockup condition due to a guest bug. We don't model
- * Lockup, so report via cpu_abort() instead.
- */
-cpu_abort(&s->cpu->parent_obj,
-  "Lockup: can't escalate %d to HardFault "
-  "(current priority %d)\n", irq, running);
-}
 
-/* We can do the escalation, so we take HardFault instead.
+/* We need to escalate this exception to a synchronous HardFault.
  * If BFHFNMINS is set then we escalate to the banked HF for
  * the target security state of the original exception; otherwise
  * we take a Secure HardFault.
@@ -511,6 +501,17 @@ void armv7m_nvic_set_pending(void *opaque, int irq, bool 
secure)
 } else {
 vec = &s->vectors[irq];
 }
+if (running <= vec->prio) {
+/* We want to escalate to HardFault but we can't take the
+ * synchronous HardFault at this point either. This is a
+ * Lockup condition due to a guest bug. We don't model
+ * Lockup, so report via cpu_abort() instead.
+ */
+cpu_abort(&s->cpu->parent_obj,
+  "Lockup: can't escalate %d to HardFault "
+  "(current priority %d)\n", irq, running);
+}
+
 /* HF may be banked but there is only one shared HFSR */
 s->cpu->env.v7m.hfsr |= R_V7M_HFSR_FORCED_MASK;
 }
-- 
2.7.4

[Qemu-devel] [PATCH 09/19] nvic: Make set_pending and clear_pending take a secure parameter

[Peter Maydell]

Make the armv7m_nvic_set_pending() and armv7m_nvic_clear_pending()
functions take a bool indicating whether to pend the secure
or non-secure version of a banked interrupt, and update the
callsites accordingly.

In most callsites we can simply pass the correct security
state in; in a couple of cases we use TODO comments to indicate
that we will return the code in a subsequent commit.

Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h  | 14 ++-
 hw/intc/armv7m_nvic.c | 64 ++-
 target/arm/helper.c   | 24 +++
 hw/intc/trace-events  |  4 ++--
 4 files changed, 77 insertions(+), 29 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 7e661c8..7a93354 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1463,7 +1463,19 @@ static inline bool 
armv7m_nvic_can_take_pending_exception(void *opaque)
 return true;
 }
 #endif
-void armv7m_nvic_set_pending(void *opaque, int irq);
+/**
+ * armv7m_nvic_set_pending: mark the specified exception as pending
+ * @opaque: the NVIC
+ * @irq: the exception number to mark pending
+ * @secure: false for non-banked exceptions or for the nonsecure
+ * version of a banked exception, true for the secure version of a banked
+ * exception.
+ *
+ * Marks the specified exception as pending. Note that we will assert()
+ * if @secure is true and @irq does not specify one of the fixed set
+ * of architecturally banked exceptions.
+ */
+void armv7m_nvic_set_pending(void *opaque, int irq, bool secure);
 void armv7m_nvic_acknowledge_irq(void *opaque);
 /**
  * armv7m_nvic_complete_irq: complete specified interrupt or exception
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index fb824e6..852db11 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -384,31 +384,50 @@ static void nvic_irq_update(NVICState *s)
 qemu_set_irq(s->excpout, lvl);
 }
 
-static void armv7m_nvic_clear_pending(void *opaque, int irq)
+/**
+ * armv7m_nvic_clear_pending: mark the specified exception as not pending
+ * @opaque: the NVIC
+ * @irq: the exception number to mark as not pending
+ * @secure: false for non-banked exceptions or for the nonsecure
+ * version of a banked exception, true for the secure version of a banked
+ * exception.
+ *
+ * Marks the specified exception as not pending. Note that we will assert()
+ * if @secure is true and @irq does not specify one of the fixed set
+ * of architecturally banked exceptions.
+ */
+static void armv7m_nvic_clear_pending(void *opaque, int irq, bool secure)
 {
 NVICState *s = (NVICState *)opaque;
 VecInfo *vec;
 
 assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq);
 
-vec = &s->vectors[irq];
-trace_nvic_clear_pending(irq, vec->enabled, vec->prio);
+if (secure) {
+assert(exc_is_banked(irq));
+vec = &s->sec_vectors[irq];
+} else {
+vec = &s->vectors[irq];
+}
+trace_nvic_clear_pending(irq, secure, vec->enabled, vec->prio);
 if (vec->pending) {
 vec->pending = 0;
 nvic_irq_update(s);
 }
 }
 
-void armv7m_nvic_set_pending(void *opaque, int irq)
+void armv7m_nvic_set_pending(void *opaque, int irq, bool secure)
 {
 NVICState *s = (NVICState *)opaque;
+bool banked = exc_is_banked(irq);
 VecInfo *vec;
 
 assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq);
+assert(!secure || banked);
 
-vec = &s->vectors[irq];
-trace_nvic_set_pending(irq, vec->enabled, vec->prio);
+vec = (banked && secure) ? &s->sec_vectors[irq] : &s->vectors[irq];
 
+trace_nvic_set_pending(irq, secure, vec->enabled, vec->prio);
 
 if (irq >= ARMV7M_EXCP_HARD && irq < ARMV7M_EXCP_PENDSV) {
 /* If a synchronous exception is pending then it may be
@@ -454,9 +473,20 @@ void armv7m_nvic_set_pending(void *opaque, int irq)
   "(current priority %d)\n", irq, running);
 }
 
-/* We can do the escalation, so we take HardFault instead */
+/* We can do the escalation, so we take HardFault instead.
+ * If BFHFNMINS is set then we escalate to the banked HF for
+ * the target security state of the original exception; otherwise
+ * we take a Secure HardFault.
+ */
 irq = ARMV7M_EXCP_HARD;
-vec = &s->vectors[irq];
+if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY) &&
+(secure ||
+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK))) {
+vec = &s->sec_vectors[irq];
+} else {
+vec = &s->vectors[irq];
+}
+/* HF may be banked but there is only one shared HFSR */
 s->cpu->env.v7m.hfsr |= R_V7M_HFSR_FORCED_MASK;
 }
 }
@@ -551,7 +581,7 @@ static void set_irq_level(void *opaque, int n, int level)
 if (level != vec->level) {
 vec->level = level;
 if (level) {
-armv7m_nvic_set_pending(

Re: [Qemu-devel] [PATCH v2 0/5] move user-exec, tcg-runtime, atomic_template.h to accel/tcg/

[Richard Henderson]

On 09/11/2017 02:33 PM, Philippe Mathieu-Daudé wrote:
> 
> Philippe Mathieu-Daudé (4):
>   tcg: move user-exec
>   tcg: move tcg-runtime to accel/tcg/
>   tcg: move atomic_template.h to accel/tcg/
>   tcg: restrict i386 regs definitions
> 
> Thomas Huth (1):
>   tcg: Move softmmu_template.h to the accel/tcg/ folder

Queued 1-4.


r~

[Qemu-devel] [PATCH 08/19] nvic: Handle banked exceptions in nvic_recompute_state()

[Peter Maydell]

Update the nvic_recompute_state() code to handle the security
extension and its associated banked registers.

Code that uses the resulting cached state (ie the irq
acknowledge and complete code) will be updated in a later
commit.

Signed-off-by: Peter Maydell 
---
 hw/intc/armv7m_nvic.c | 151 --
 hw/intc/trace-events  |   1 +
 2 files changed, 147 insertions(+), 5 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index b97dbe3..fb824e6 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -54,6 +54,8 @@
  * (higher than the highest possible priority value)
  */
 #define NVIC_NOEXC_PRIO 0x100
+/* Maximum priority of non-secure exceptions when AIRCR.PRIS is set */
+#define NVIC_NS_PRIO_LIMIT 0x80
 
 static const uint8_t nvic_id[] = {
 0x00, 0xb0, 0x1b, 0x00, 0x0d, 0xe0, 0x05, 0xb1
@@ -126,13 +128,139 @@ static bool nvic_isrpending(NVICState *s)
 return false;
 }
 
+static bool exc_is_banked(int exc)
+{
+/* Return true if this is one of the limited set of exceptions which
+ * are banked (and thus have state in sec_vectors[])
+ */
+return exc == ARMV7M_EXCP_HARD ||
+exc == ARMV7M_EXCP_MEM ||
+exc == ARMV7M_EXCP_USAGE ||
+exc == ARMV7M_EXCP_SVC ||
+exc == ARMV7M_EXCP_PENDSV ||
+exc == ARMV7M_EXCP_SYSTICK;
+}
+
 /* Return a mask word which clears the subpriority bits from
  * a priority value for an M-profile exception, leaving only
  * the group priority.
  */
-static inline uint32_t nvic_gprio_mask(NVICState *s)
+static inline uint32_t nvic_gprio_mask(NVICState *s, bool secure)
+{
+return ~0U << (s->prigroup[secure] + 1);
+}
+
+static bool exc_targets_secure(NVICState *s, int exc)
+{
+/* Return true if this non-banked exception targets Secure state. */
+if (!arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY)) {
+return false;
+}
+
+if (exc >= NVIC_FIRST_IRQ) {
+return !s->itns[exc];
+}
+
+/* Function shouldn't be called for banked exceptions. */
+assert(!exc_is_banked(exc));
+
+switch (exc) {
+case ARMV7M_EXCP_NMI:
+case ARMV7M_EXCP_BUS:
+return !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK);
+case ARMV7M_EXCP_SECURE:
+return true;
+case ARMV7M_EXCP_DEBUG:
+/* TODO: controlled by DEMCR.SDME, which we don't yet implement */
+return false;
+default:
+/* reset, and reserved (unused) low exception numbers.
+ * We'll get called by code that loops through all the exception
+ * numbers, but it doesn't matter what we return here as these
+ * non-existent exceptions will never be pended or active.
+ */
+return true;
+}
+}
+
+static int exc_group_prio(NVICState *s, int rawprio, bool targets_secure)
+{
+/* Return the group priority for this exception, given its raw
+ * (group-and-subgroup) priority value and whether it is targeting
+ * secure state or not.
+ */
+if (rawprio < 0) {
+return rawprio;
+}
+rawprio &= nvic_gprio_mask(s, targets_secure);
+/* AIRCR.PRIS causes us to squash all NS priorities into the
+ * lower half of the total range
+ */
+if (!targets_secure &&
+(s->cpu->env.v7m.aircr & R_V7M_AIRCR_PRIS_MASK)) {
+rawprio = (rawprio >> 1) + NVIC_NS_PRIO_LIMIT;
+}
+return rawprio;
+}
+
+/* Recompute vectpending and exception_prio for a CPU which implements
+ * the Security extension
+ */
+static void nvic_recompute_state_secure(NVICState *s)
 {
-return ~0U << (s->prigroup[M_REG_NS] + 1);
+int i, bank;
+int pend_prio = NVIC_NOEXC_PRIO;
+int active_prio = NVIC_NOEXC_PRIO;
+int pend_irq = 0;
+bool pending_is_s_banked = false;
+
+/* R_CQRV: precedence is by:
+ *  - lowest group priority; if both the same then
+ *  - lowest subpriority; if both the same then
+ *  - lowest exception number; if both the same (ie banked) then
+ *  - secure exception takes precedence
+ * Compare pseudocode RawExecutionPriority.
+ * Annoyingly, now we have two prigroup values (for S and NS)
+ * we can't do the loop comparison on raw priority values.
+ */
+for (i = 1; i < s->num_irq; i++) {
+for (bank = M_REG_S; bank >= M_REG_NS; bank--) {
+VecInfo *vec;
+int prio;
+bool targets_secure;
+
+if (bank == M_REG_S) {
+if (!exc_is_banked(i)) {
+continue;
+}
+vec = &s->sec_vectors[i];
+targets_secure = true;
+} else {
+vec = &s->vectors[i];
+targets_secure = !exc_is_banked(i) && exc_targets_secure(s, i);
+}
+
+prio = exc_group_prio(s, vec->prio, targets_secure);
+if (vec->enabled && vec->pending && prio < pend_prio) {
+pend_prio = prio;
+pend_irq = i;
+

[Qemu-devel] [PATCH 11/19] nvic: Compare group priority for escalation to HF

[Peter Maydell]

In armv7m_nvic_set_pending() we have to compare the
priority of an exception against the execution priority
to decide whether it needs to be escalated to HardFault.
In the specification this is a comparison against the
exception's group priority; for v7M we implemented it
as a comparison against the raw exception priority
because the two comparisons will always give the
same answer. For v8M the existence of AIRCR.PRIS and
the possibility of different PRIGROUP values for secure
and nonsecure exceptions means we need to explicitly
calculate the vector's group priority for this check.

Signed-off-by: Peter Maydell 
---
 hw/intc/armv7m_nvic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 00c03b4..3361a28 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -478,7 +478,7 @@ void armv7m_nvic_set_pending(void *opaque, int irq, bool 
secure)
 int running = nvic_exec_prio(s);
 bool escalate = false;
 
-if (vec->prio >= running) {
+if (exc_group_prio(s, vec->prio, secure) >= running) {
 trace_nvic_escalate_prio(irq, vec->prio, running);
 escalate = true;
 } else if (!vec->enabled) {
-- 
2.7.4

[Qemu-devel] [PATCH 18/19] nvic: Make SHCSR banked for v8M

[Peter Maydell]

Handle banking of SHCSR: some register bits are banked between
Secure and Non-Secure, and some are only accessible to Secure.

Signed-off-by: Peter Maydell 
---
 hw/intc/armv7m_nvic.c | 221 ++
 1 file changed, 169 insertions(+), 52 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 21fd199..9613990 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -770,50 +770,117 @@ static uint32_t nvic_readl(NVICState *s, uint32_t 
offset, MemTxAttrs attrs)
 val = cpu->env.v7m.ccr[attrs.secure];
 val |= cpu->env.v7m.ccr[M_REG_NS] & R_V7M_CCR_BFHFNMIGN_MASK;
 return val;
-case 0xd24: /* System Handler Status.  */
+case 0xd24: /* System Handler Control and State (SHCSR) */
 val = 0;
-if (s->vectors[ARMV7M_EXCP_MEM].active) {
-val |= (1 << 0);
-}
-if (s->vectors[ARMV7M_EXCP_BUS].active) {
-val |= (1 << 1);
-}
-if (s->vectors[ARMV7M_EXCP_USAGE].active) {
-val |= (1 << 3);
+if (attrs.secure) {
+if (s->sec_vectors[ARMV7M_EXCP_MEM].active) {
+val |= (1 << 0);
+}
+if (s->sec_vectors[ARMV7M_EXCP_HARD].active) {
+val |= (1 << 2);
+}
+if (s->sec_vectors[ARMV7M_EXCP_USAGE].active) {
+val |= (1 << 3);
+}
+if (s->sec_vectors[ARMV7M_EXCP_SVC].active) {
+val |= (1 << 7);
+}
+if (s->sec_vectors[ARMV7M_EXCP_PENDSV].active) {
+val |= (1 << 10);
+}
+if (s->sec_vectors[ARMV7M_EXCP_SYSTICK].active) {
+val |= (1 << 11);
+}
+if (s->sec_vectors[ARMV7M_EXCP_USAGE].pending) {
+val |= (1 << 12);
+}
+if (s->sec_vectors[ARMV7M_EXCP_MEM].pending) {
+val |= (1 << 13);
+}
+if (s->sec_vectors[ARMV7M_EXCP_SVC].pending) {
+val |= (1 << 15);
+}
+if (s->sec_vectors[ARMV7M_EXCP_MEM].enabled) {
+val |= (1 << 16);
+}
+if (s->sec_vectors[ARMV7M_EXCP_USAGE].enabled) {
+val |= (1 << 18);
+}
+if (s->sec_vectors[ARMV7M_EXCP_HARD].pending) {
+val |= (1 << 21);
+}
+/* SecureFault is not banked but is always RAZ/WI to NS */
+if (s->vectors[ARMV7M_EXCP_SECURE].active) {
+val |= (1 << 4);
+}
+if (s->vectors[ARMV7M_EXCP_SECURE].enabled) {
+val |= (1 << 19);
+}
+if (s->vectors[ARMV7M_EXCP_SECURE].pending) {
+val |= (1 << 20);
+}
+} else {
+if (s->vectors[ARMV7M_EXCP_MEM].active) {
+val |= (1 << 0);
+}
+if (arm_feature(&cpu->env, ARM_FEATURE_V8)) {
+/* HARDFAULTACT, HARDFAULTPENDED not present in v7M */
+if (s->vectors[ARMV7M_EXCP_HARD].active) {
+val |= (1 << 2);
+}
+if (s->vectors[ARMV7M_EXCP_HARD].pending) {
+val |= (1 << 21);
+}
+}
+if (s->vectors[ARMV7M_EXCP_USAGE].active) {
+val |= (1 << 3);
+}
+if (s->vectors[ARMV7M_EXCP_SVC].active) {
+val |= (1 << 7);
+}
+if (s->vectors[ARMV7M_EXCP_PENDSV].active) {
+val |= (1 << 10);
+}
+if (s->vectors[ARMV7M_EXCP_SYSTICK].active) {
+val |= (1 << 11);
+}
+if (s->vectors[ARMV7M_EXCP_USAGE].pending) {
+val |= (1 << 12);
+}
+if (s->vectors[ARMV7M_EXCP_MEM].pending) {
+val |= (1 << 13);
+}
+if (s->vectors[ARMV7M_EXCP_SVC].pending) {
+val |= (1 << 15);
+}
+if (s->vectors[ARMV7M_EXCP_MEM].enabled) {
+val |= (1 << 16);
+}
+if (s->vectors[ARMV7M_EXCP_USAGE].enabled) {
+val |= (1 << 18);
+}
 }
-if (s->vectors[ARMV7M_EXCP_SVC].active) {
-val |= (1 << 7);
+if (attrs.secure || (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) 
{
+if (s->vectors[ARMV7M_EXCP_BUS].active) {
+val |= (1 << 1);
+}
+if (s->vectors[ARMV7M_EXCP_BUS].pending) {
+val |= (1 << 14);
+}
+if (s->vectors[ARMV7M_EXCP_BUS].enabled) {
+val |= (1 << 17);
+}
+if (arm_feature(&cpu->env, ARM_FEATURE_V8) &&
+s->vectors[ARMV7M_EXCP_NMI].active) {
+/* NMIACT is not present in v7M */
+val |= (1 << 5);
+}
   

[Qemu-devel] [PATCH 10/19] nvic: Make SHPR registers banked

[Peter Maydell]

Make the set_prio() function take a bool indicating
whether to pend the secure or non-secure version of a banked
interrupt, and use this to implement the correct banking
semantics for the SHPR registers.

Signed-off-by: Peter Maydell 
---
 hw/intc/armv7m_nvic.c | 96 ++-
 hw/intc/trace-events  |  2 +-
 2 files changed, 88 insertions(+), 10 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 852db11..00c03b4 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -349,15 +349,40 @@ int armv7m_nvic_raw_execution_priority(void *opaque)
 return s->exception_prio;
 }
 
-/* caller must call nvic_irq_update() after this */
-static void set_prio(NVICState *s, unsigned irq, uint8_t prio)
+/* caller must call nvic_irq_update() after this.
+ * secure indicates the bank to use for banked exceptions (we assert if
+ * we are passed secure=true for a non-banked exception).
+ */
+static void set_prio(NVICState *s, unsigned irq, bool secure, uint8_t prio)
 {
 assert(irq > ARMV7M_EXCP_NMI); /* only use for configurable prios */
 assert(irq < s->num_irq);
 
-s->vectors[irq].prio = prio;
+if (secure) {
+assert(exc_is_banked(irq));
+s->sec_vectors[irq].prio = prio;
+} else {
+s->vectors[irq].prio = prio;
+}
+
+trace_nvic_set_prio(irq, secure, prio);
+}
+
+/* Return the current raw priority register value.
+ * secure indicates the bank to use for banked exceptions (we assert if
+ * we are passed secure=true for a non-banked exception).
+ */
+static int get_prio(NVICState *s, unsigned irq, bool secure)
+{
+assert(irq > ARMV7M_EXCP_NMI); /* only use for configurable prios */
+assert(irq < s->num_irq);
 
-trace_nvic_set_prio(irq, prio);
+if (secure) {
+assert(exc_is_banked(irq));
+return s->sec_vectors[irq].prio;
+} else {
+return s->vectors[irq].prio;
+}
 }
 
 /* Recompute state and assert irq line accordingly.
@@ -1149,6 +1174,47 @@ static bool nvic_user_access_ok(NVICState *s, hwaddr 
offset, MemTxAttrs attrs)
 }
 }
 
+static int shpr_bank(NVICState *s, int exc, MemTxAttrs attrs)
+{
+/* Behaviour for the SHPR register field for this exception:
+ * return M_REG_NS to use the nonsecure vector (including for
+ * non-banked exceptions), M_REG_S for the secure version of
+ * a banked exception, and -1 if this field should RAZ/WI.
+ */
+switch (exc) {
+case ARMV7M_EXCP_MEM:
+case ARMV7M_EXCP_USAGE:
+case ARMV7M_EXCP_SVC:
+case ARMV7M_EXCP_PENDSV:
+case ARMV7M_EXCP_SYSTICK:
+/* Banked exceptions */
+return attrs.secure;
+case ARMV7M_EXCP_BUS:
+/* Not banked, RAZ/WI from nonsecure if BFHFNMINS is zero */
+if (!attrs.secure &&
+!(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
+return -1;
+}
+return M_REG_NS;
+case ARMV7M_EXCP_SECURE:
+/* Not banked, RAZ/WI from nonsecure */
+if (!attrs.secure) {
+return -1;
+}
+return M_REG_NS;
+case ARMV7M_EXCP_DEBUG:
+/* Not banked. TODO should RAZ/WI if DEMCR.SDME is set */
+return M_REG_NS;
+case 8 ... 10:
+case 13:
+/* RES0 */
+return -1;
+default:
+/* Not reachable due to decode of SHPR register addresses */
+g_assert_not_reached();
+}
+}
+
 static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,
 uint64_t *data, unsigned size,
 MemTxAttrs attrs)
@@ -1213,10 +1279,16 @@ static MemTxResult nvic_sysreg_read(void *opaque, 
hwaddr addr,
 }
 }
 break;
-case 0xd18 ... 0xd23: /* System Handler Priority.  */
+case 0xd18 ... 0xd23: /* System Handler Priority (SHPR1, SHPR2, SHPR3) */
 val = 0;
 for (i = 0; i < size; i++) {
-val |= s->vectors[(offset - 0xd14) + i].prio << (i * 8);
+unsigned hdlidx = (offset - 0xd14) + i;
+int sbank = shpr_bank(s, hdlidx, attrs);
+
+if (sbank < 0) {
+continue;
+}
+val = deposit32(val, i * 8, 8, get_prio(s, hdlidx, sbank));
 }
 break;
 case 0xfe0 ... 0xfff: /* ID.  */
@@ -1299,15 +1371,21 @@ static MemTxResult nvic_sysreg_write(void *opaque, 
hwaddr addr,
 
 for (i = 0; i < size && startvec + i < s->num_irq; i++) {
 if (attrs.secure || s->itns[startvec + i]) {
-set_prio(s, startvec + i, (value >> (i * 8)) & 0xff);
+set_prio(s, startvec + i, false, (value >> (i * 8)) & 0xff);
 }
 }
 nvic_irq_update(s);
 return MEMTX_OK;
-case 0xd18 ... 0xd23: /* System Handler Priority.  */
+case 0xd18 ... 0xd23: /* System Handler Priority (SHPR1, SHPR2, SHPR3) */
 for (i = 0; i < size; i++) {
 unsigned hdlidx = (offse

[Qemu-devel] [PATCH 13/19] nvic: Implement v8M changes to fixed priority exceptions

[Peter Maydell]

In v7M, the fixed-priority exceptions are:
 Reset: -3
 NMI: -2
 HardFault: -1

In v8M, this changes because Secure HardFault may need
to be prioritised above NMI:
 Reset: -4
 Secure HardFault if AIRCR.BFHFNMINS == 1: -3
 NMI: -2
 Secure HardFault if AIRCR.BFHFNMINS == 0: -1
 NonSecure HardFault: -1

Make these changes, including support for changing the
priority of Secure HardFault as AIRCR.BFHFNMINS changes.

Signed-off-by: Peter Maydell 
---
 hw/intc/armv7m_nvic.c | 22 +++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index c4670f7..db2f170 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -937,6 +937,12 @@ static void nvic_writel(NVICState *s, uint32_t offset, 
uint32_t value,
 (R_V7M_AIRCR_SYSRESETREQS_MASK |
  R_V7M_AIRCR_BFHFNMINS_MASK |
  R_V7M_AIRCR_PRIS_MASK);
+/* BFHFNMINS changes the priority of Secure HardFault */
+if (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {
+s->sec_vectors[ARMV7M_EXCP_HARD].prio = -3;
+} else {
+s->sec_vectors[ARMV7M_EXCP_HARD].prio = -1;
+}
 }
 nvic_irq_update(s);
 }
@@ -1452,9 +1458,12 @@ static int nvic_post_load(void *opaque, int version_id)
 {
 NVICState *s = opaque;
 unsigned i;
+int resetprio;
 
 /* Check for out of range priority settings */
-if (s->vectors[ARMV7M_EXCP_RESET].prio != -3 ||
+resetprio = arm_feature(&s->cpu->env, ARM_FEATURE_V8) ? -4 : -3;
+
+if (s->vectors[ARMV7M_EXCP_RESET].prio != resetprio ||
 s->vectors[ARMV7M_EXCP_NMI].prio != -2 ||
 s->vectors[ARMV7M_EXCP_HARD].prio != -1) {
 return 1;
@@ -1497,7 +1506,12 @@ static int nvic_security_post_load(void *opaque, int 
version_id)
 int i;
 
 /* Check for out of range priority settings */
-if (s->sec_vectors[ARMV7M_EXCP_HARD].prio != -1) {
+if (s->sec_vectors[ARMV7M_EXCP_HARD].prio != -1
+&& s->sec_vectors[ARMV7M_EXCP_HARD].prio != -3) {
+/* We can't cross-check against AIRCR.BFHFNMINS as we don't know
+ * if the CPU state has been migrated yet; a mismatch won't
+ * cause the emulation to blow up, though.
+ */
 return 1;
 }
 for (i = ARMV7M_EXCP_MEM; i < ARRAY_SIZE(s->sec_vectors); i++) {
@@ -1544,6 +1558,7 @@ static Property props_nvic[] = {
 
 static void armv7m_nvic_reset(DeviceState *dev)
 {
+int resetprio;
 NVICState *s = NVIC(dev);
 
 s->vectors[ARMV7M_EXCP_NMI].enabled = 1;
@@ -1556,7 +1571,8 @@ static void armv7m_nvic_reset(DeviceState *dev)
 s->vectors[ARMV7M_EXCP_PENDSV].enabled = 1;
 s->vectors[ARMV7M_EXCP_SYSTICK].enabled = 1;
 
-s->vectors[ARMV7M_EXCP_RESET].prio = -3;
+resetprio = arm_feature(&s->cpu->env, ARM_FEATURE_V8) ? -4 : -3;
+s->vectors[ARMV7M_EXCP_RESET].prio = resetprio;
 s->vectors[ARMV7M_EXCP_NMI].prio = -2;
 s->vectors[ARMV7M_EXCP_HARD].prio = -1;
 
-- 
2.7.4

Re: [Qemu-devel] [Qemu-ppc] [PULL 02/40] hw/ppc: clear pending_events on machine reset

[Greg Kurz]

On Tue, 12 Sep 2017 18:28:04 +0100
Peter Maydell  wrote:

> On 8 September 2017 at 11:35, David Gibson  
> wrote:
> > From: Daniel Henrique Barboza 
> >
> > The sPAPR machine isn't clearing up the pending events QTAILQ on
> > machine reboot. This allows for unprocessed hotplug/epow events
> > to persist in the queue after reset and, when reasserting the IRQs in
> > check_exception later on, these will be being processed by the OS.
> >
> > This patch implements a new function called 'spapr_clear_pending_events'
> > that clears up the pending_events QTAILQ. This helper is then called
> > inside ppc_spapr_reset to clear up the events queue, preventing
> > old/deprecated events from persisting after a reset.
> >
> > Signed-off-by: Daniel Henrique Barboza 
> > Signed-off-by: David Gibson   
> 
> > +void spapr_clear_pending_events(sPAPRMachineState *spapr)
> > +{
> > +sPAPREventLogEntry *entry = NULL;
> > +
> > +QTAILQ_FOREACH(entry, &spapr->pending_events, next) {
> > +QTAILQ_REMOVE(&spapr->pending_events, entry, next);
> > +g_free(entry->extended_log);
> > +g_free(entry);
> > +}
> > +}  
> 
> Coverity points out that this is a use-after-free error,
> because QTAILQ_FOREACH will access the list pointers of
> entry after the loop body has freed it. You want
> QTAILQ_FOREACH_SAFE, I think. (CID 1381017)
> 

Yes indeed, QTAILQ_FOREACH_SAFE() is needed when removing
the current element from the list. I'll send a patch.

> thanks
> -- PMM
> 



pgpfAn5SxQYGI.pgp
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 15/19] nvic: Handle v8M changes in nvic_exec_prio()

[Peter Maydell]

Update nvic_exec_prio() to support the v8M changes:
 * BASEPRI, FAULTMASK and PRIMASK are all banked
 * AIRCR.PRIS can affect NS priorities
 * AIRCR.BFHFNMINS affects FAULTMASK behaviour

These changes mean that it's no longer possible to
definitely say that if FAULTMASK is set it overrides
PRIMASK, and if PRIMASK is set it overrides BASEPRI
(since if PRIMASK_NS is set and AIRCR.PRIS is set then
whether that 0x80 priority should take effect or the
priority in BASEPRI_S depends on the value of BASEPRI_S,
for instance). So we switch to the same approach used
by the pseudocode of working through BASEPRI, PRIMASK
and FAULTMASK and overriding the previous values if
needed.

Signed-off-by: Peter Maydell 
---
 hw/intc/armv7m_nvic.c | 51 ++-
 1 file changed, 42 insertions(+), 9 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 91d2f33..b13327d 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -319,18 +319,51 @@ static void nvic_recompute_state(NVICState *s)
 static inline int nvic_exec_prio(NVICState *s)
 {
 CPUARMState *env = &s->cpu->env;
-int running;
+int running = NVIC_NOEXC_PRIO;
 
-if (env->v7m.faultmask[env->v7m.secure]) {
-running = -1;
-} else if (env->v7m.primask[env->v7m.secure]) {
+if (env->v7m.basepri[M_REG_NS] > 0) {
+running = exc_group_prio(s, env->v7m.basepri[M_REG_NS], M_REG_NS);
+}
+
+if (env->v7m.basepri[M_REG_S] > 0) {
+int basepri = exc_group_prio(s, env->v7m.basepri[M_REG_S], M_REG_S);
+if (running > basepri) {
+running = basepri;
+}
+}
+
+if (env->v7m.primask[M_REG_NS]) {
+if (env->v7m.aircr & R_V7M_AIRCR_PRIS_MASK) {
+if (running > NVIC_NS_PRIO_LIMIT) {
+running = NVIC_NS_PRIO_LIMIT;
+}
+} else {
+running = 0;
+}
+}
+
+if (env->v7m.primask[M_REG_S]) {
 running = 0;
-} else if (env->v7m.basepri[env->v7m.secure] > 0) {
-running = env->v7m.basepri[env->v7m.secure] &
-nvic_gprio_mask(s, env->v7m.secure);
-} else {
-running = NVIC_NOEXC_PRIO; /* lower than any possible priority */
 }
+
+if (env->v7m.faultmask[M_REG_NS]) {
+if (env->v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {
+running = -1;
+} else {
+if (env->v7m.aircr & R_V7M_AIRCR_PRIS_MASK) {
+if (running > NVIC_NS_PRIO_LIMIT) {
+running = NVIC_NS_PRIO_LIMIT;
+}
+} else {
+running = 0;
+}
+}
+}
+
+if (env->v7m.faultmask[M_REG_S]) {
+running = (env->v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) ? -3 : -1;
+}
+
 /* consider priority of active handler */
 return MIN(running, s->exception_prio);
 }
-- 
2.7.4

Re: [Qemu-devel] Monitor socket will close after parse command error. Qemu-2.6.2

[Dr. David Alan Gilbert]

* Sam (batmanu...@gmail.com) wrote:
> [gangyewei-3@yf-mos-test-net07 tests]$ telnet 127.0.0.1 55919
> Trying 127.0.0.1...
> Connected to 127.0.0.1.
> Escape character is '^]'.
> QEMU 2.6.2 monitor - type 'help' for more information
> (qemu) chardev-add
> socket,id=char-test_intf1,path=/usr/local/var/run/openvswitch/test_intf1,server=on
> chardev-add
> socket,id=char-test_intf1,path=/usr/local/var/run/openvswitch/test_intf1,server=on
> (qemu)
> (qemu) netdev_add
> vhost-user,id=test_intf1,chardev=char-test_intf1,vhostforce=on
> netdev_add vhost-user,id=test_intf1,chardev=char-test_intf1,vhostforce=on
> (qemu)
> (qemu) device_add
> virtio-net-pci,netdev=test_intf1,mac=00:22:79:29:d2:6c,id=netdev-test_intf1
> device_add
> virtio-net-pci,netdev=test_intf1,mac=00:22:79:29:d2:6c,id=netdev-test_intf1
> (qemu)
> (qemu) device_del netdev-test_intf1
> device_del netdev-test_intf1
> (qemu)
> (qemu) netdev_del test_intf1
> netdev_del test_intf1
> (qemu)
> (qemu) chardev-remove char-test_intf1
> chardev-remove char-test_intf1
> Chardev 'char-test_intf1' is busy
> (qemu)
> (qemu) chardev-remove char-test_intf1
> chardev-remove char-test_intf1
> Chardev 'char-test_intf1' is busy
> (qemu)
> (qemu) chardev-remove char-test_intf1
> chardev-remove char-test_intf1
> Chardev 'char-test_intf1' is busy
> (qemu)
> (qemu) chardev-add
> socket,id=char-test_intf1,path=/usr/local/var/run/openvswitch/test_intf1,server=on
> chardev-add
> socket,id=char-test_intf1,path=/usr/local/var/run/openvswitch/test_intf1,server=on
> Duplicate ID 'char-test_intf1' for chardev
> Parsing chardev args failed
> (qemu)
> (qemu) ^[[A^[[A
> chardev-remove char-test_intf1
> Chardev 'char-test_intf1' is busy
> (qemu)
> (qemu)
> 
> (qemu)
> (qemu)
> 
> (qemu)
> (qemu) netdev_add
> vhost-user,id=test_intf1,chardev=char-test_intf1,vhostforce=on
> netdev_add vhost-user,id=test_intf1,chardev=char-test_intf1,vhostforce=on
> Connection closed by foreign host.

Is QEMU just crashing at that point?  i.e. segfaulting or aborting?

Dave

> 2017-09-08 11:32 GMT+08:00 Sam :
> 
> > BTW, same result while using `telnet 127.0.0.1 55919`, which means also
> > have the two problem in the email before.
> >
> > 2017-09-08 11:23 GMT+08:00 Sam :
> >
> >> Hi all,
> >>
> >> I'm using HMP socket to send command to add netdev, my command like this:
> >>
> >> [gangyewei-3@yf-mos-test-net07 tests]$ sudo  python monitor.py 55919
> >>> (qemu):
> >>>  Connected to qemu monitor ...
> >>> on_monitor_open
> >>> ds
> >>> (qemu):
> >>> {'return': ["unknown command: 'ds'"]}
> >>> chardev-add socket,id=char-test_intf1,path=/usr/local/var/run/openvswitc
> >>> h/test_intf1,server=on
> >>> (qemu):
> >>> \{'return': []}
> >>> netdev_add vhost-user,id=test_intf1,chardev=char-test_intf1,vhostforce=
> >>> on
> >>> (qemu):
> >>> {'return': ["unknown command: '\\netdev_add'"]}
> >>> netdev_add vhost-user,id=test_intf1,chardev=char-test_intf1,vhostforce=
> >>> on
> >>> (qemu):
> >>> {'return': []}
> >>> device_add virtio-net-pci,netdev=test_intf1,mac=00:22:79:29:d2:6c,id=
> >>> netdev-test_intf1
> >>> (qemu):
> >>> {'return': []}
> >>> device_del netdev-test_intf1
> >>> (qemu):
> >>> {'return': []}
> >>> netdev_del test_intf1
> >>> (qemu):
> >>> {'return': []}
> >>> chardev-remove char-test_intf1
> >>> (qemu):
> >>> {'return': ["Chardev 'char-test_intf1' is busy"]}
> >>> chardev-remove char-test_intf1
> >>> (qemu):
> >>> {'return': ["Chardev 'char-test_intf1' is busy"]}
> >>> ds
> >>> (qemu):
> >>> {'return': ["unknown command: 'ds'"]}
> >>> chardev-add socket,id=char-test_intf1,path=/usr/local/var/run/openvswitc
> >>> h/test_intf1,server=on
> >>> (qemu):
> >>> {'return': ["Duplicate ID 'char-test_intf1' for chardev", 'Parsing
> >>> chardev args failed']}
> >>> netdev_add vhost-user,id=test_intf1,chardev=char-test_intf1,vhostforce=
> >>> on
> >>> (qemu):
> >>> on_monitor_close
> >>> Disconnect ...
> >>> Bye...
> >>> [gangyewei-3@yf-mos-test-net07 tests]$ telnet 127.0.0.1 55919
> >>> Trying 127.0.0.1...
> >>> telnet: connect to address 127.0.0.1: Connection refused
> >>
> >>
> >> the monitor.py is same like telnet, which send command to 127.0.0.1:55919
> >> socket.
> >> At the last 5th line, you could see "on_monitor_close", this is because
> >> server side of 127.0.0.1:55919 socket is down.
> >>
> >> I have few questions:
> >> 1. Why I got "{'return': ["Chardev 'char-test_intf1' is busy"]}" while
> >> using "chardev-remove char-test_intf1"?
> >> 2. Why the server side will close while get "{'return': ["Duplicate ID
> >> 'char-test_intf1' for chardev", 'Parsing chardev args failed']}" and then
> >> send same command?
> >>
> >> Thank you~
> >>
> >
> >
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[Qemu-devel] [PATCH 17/19] nvic: Make ICSR banked for v8M

[Peter Maydell]

The ICSR NVIC register is banked for v8M. This doesn't
require any new state, but it does mean that some bits
are controlled by BFHNFNMINS and some bits must work
with the correct banked exception. There is also a new
in v8M PENDNMICLR bit.

Signed-off-by: Peter Maydell 
---
 hw/intc/armv7m_nvic.c | 45 -
 1 file changed, 32 insertions(+), 13 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 5e5aecd..21fd199 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -703,7 +703,7 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, 
MemTxAttrs attrs)
 }
 case 0xd00: /* CPUID Base.  */
 return cpu->midr;
-case 0xd04: /* Interrupt Control State.  */
+case 0xd04: /* Interrupt Control State (ICSR) */
 /* VECTACTIVE */
 val = cpu->env.v7m.exception;
 /* VECTPENDING */
@@ -716,19 +716,32 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, 
MemTxAttrs attrs)
 if (nvic_rettobase(s)) {
 val |= (1 << 11);
 }
-/* PENDSTSET */
-if (s->vectors[ARMV7M_EXCP_SYSTICK].pending) {
-val |= (1 << 26);
-}
-/* PENDSVSET */
-if (s->vectors[ARMV7M_EXCP_PENDSV].pending) {
-val |= (1 << 28);
+if (attrs.secure) {
+/* PENDSTSET */
+if (s->sec_vectors[ARMV7M_EXCP_SYSTICK].pending) {
+val |= (1 << 26);
+}
+/* PENDSVSET */
+if (s->sec_vectors[ARMV7M_EXCP_PENDSV].pending) {
+val |= (1 << 28);
+}
+} else {
+/* PENDSTSET */
+if (s->vectors[ARMV7M_EXCP_SYSTICK].pending) {
+val |= (1 << 26);
+}
+/* PENDSVSET */
+if (s->vectors[ARMV7M_EXCP_PENDSV].pending) {
+val |= (1 << 28);
+}
 }
 /* NMIPENDSET */
-if (s->vectors[ARMV7M_EXCP_NMI].pending) {
+if ((cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) &&
+s->vectors[ARMV7M_EXCP_NMI].pending) {
 val |= (1 << 31);
 }
-/* ISRPREEMPT not implemented */
+/* ISRPREEMPT: RES0 when halting debug not implemented */
+/* STTNS: RES0 for the Main Extension */
 return val;
 case 0xd08: /* Vector Table Offset.  */
 return cpu->env.v7m.vecbase[attrs.secure];
@@ -953,9 +966,15 @@ static void nvic_writel(NVICState *s, uint32_t offset, 
uint32_t value,
 nvic_irq_update(s);
 break;
 }
-case 0xd04: /* Interrupt Control State.  */
-if (value & (1 << 31)) {
-armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI, false);
+case 0xd04: /* Interrupt Control State (ICSR) */
+if (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {
+if (value & (1 << 31)) {
+armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI, false);
+} else if (value & (1 << 30) &&
+   arm_feature(&cpu->env, ARM_FEATURE_V8)) {
+/* PENDNMICLR didn't exist in v7M */
+armv7m_nvic_clear_pending(s, ARMV7M_EXCP_NMI, false);
+}
 }
 if (value & (1 << 28)) {
 armv7m_nvic_set_pending(s, ARMV7M_EXCP_PENDSV, attrs.secure);
-- 
2.7.4

[Qemu-devel] [PATCH] spapr_events: use QTAILQ_FOREACH_SAFE() in spapr_clear_pending_events()

[Greg Kurz]

QTAILQ_FOREACH_SAFE() must be used when removing the current element
inside the loop block.

This fixes a user-after-free error introduced by commit 56258174238eb
and reported by Coverity (CID 1381017).

Signed-off-by: Greg Kurz 
---
 hw/ppc/spapr_events.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index 66b8164f30be..e377fc7ddea2 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -702,9 +702,9 @@ static void event_scan(PowerPCCPU *cpu, sPAPRMachineState 
*spapr,
 
 void spapr_clear_pending_events(sPAPRMachineState *spapr)
 {
-sPAPREventLogEntry *entry = NULL;
+sPAPREventLogEntry *entry = NULL, *next_entry;
 
-QTAILQ_FOREACH(entry, &spapr->pending_events, next) {
+QTAILQ_FOREACH_SAFE(entry, &spapr->pending_events, next, next_entry) {
 QTAILQ_REMOVE(&spapr->pending_events, entry, next);
 g_free(entry->extended_log);
 g_free(entry);

Re: [Qemu-devel] [PATCH v2 07/16] target/arm: Align vector registers

[Philippe Mathieu-Daudé]

Hi Richard,

On 09/12/2017 01:25 PM, Richard Henderson wrote:

Signed-off-by: Richard Henderson 
---
  target/arm/cpu.h | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 98b9b26fd3..419f008277 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -486,7 +486,7 @@ typedef struct CPUARMState {
   * the two execution states, and means we do not need to explicitly
   * map these registers when changing states.
   */
-float64 regs[64];
+float64 regs[64] __attribute__((aligned(16)));


I understand this should be aligned to the biggest vector register the 
host support, i.e. for AVX-512 this would be QEMU_ALIGNED(64), is it 
correct?


I'd rather use a #define such HOST_VECTOR_LENGTH_BITS_MAX and 
QEMU_ALIGNED(HOST_VECTOR_LENGTH_BITS_MAX / BITS_PER_BYTE) or directly 
QEMU_ALIGNED(HOST_VECTOR_LENGTH_MAX), using the define makes it 
self-explanatory. Or shorter:


float64 regs[64] QEMU_ALIGNED(HOST_VECTOR_SIZE);

What do you think?

Regards,

Phil.

  
  uint32_t xregs[16];

  /* We store these fpcsr fields separately for convenience.  */

Re: [Qemu-devel] [PATCH v2 12/16] tcg: Remove tcg_regset_set

[Philippe Mathieu-Daudé]

On 09/12/2017 01:25 PM, Richard Henderson wrote:

Signed-off-by: Richard Henderson 


Reviewed-by: Philippe Mathieu-Daudé 


---
  tcg/tcg.h | 1 -
  tcg/tcg.c | 8 
  2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index 7226727ee4..e168bd2c44 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -210,7 +210,6 @@ typedef enum TCGOpcode {
  NB_OPS,
  } TCGOpcode;
  
-#define tcg_regset_set(d, s) (d) = (s)

  #define tcg_regset_set32(d, reg, val32) (d) |= (val32) << (reg)
  #define tcg_regset_set_reg(d, r) (d) |= 1L << (r)
  #define tcg_regset_reset_reg(d, r) (d) &= ~(1L << (r))
diff --git a/tcg/tcg.c b/tcg/tcg.c
index f40cce3364..873915925f 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -2452,7 +2452,7 @@ static void tcg_reg_alloc_mov(TCGContext *s, const 
TCGOpDef *def,
  TCGTemp *ts, *ots;
  TCGType otype, itype;
  
-tcg_regset_set(allocated_regs, s->reserved_regs);

+allocated_regs = s->reserved_regs;
  ots = &s->temps[args[0]];
  ts = &s->temps[args[1]];
  
@@ -2540,8 +2540,8 @@ static void tcg_reg_alloc_op(TCGContext *s,

 args + nb_oargs + nb_iargs,
 sizeof(TCGArg) * def->nb_cargs);
  
-tcg_regset_set(i_allocated_regs, s->reserved_regs);

-tcg_regset_set(o_allocated_regs, s->reserved_regs);
+i_allocated_regs = s->reserved_regs;
+o_allocated_regs = s->reserved_regs;
  
  /* satisfy input constraints */

  for(k = 0; k < nb_iargs; k++) {
@@ -2741,7 +2741,7 @@ static void tcg_reg_alloc_call(TCGContext *s, int 
nb_oargs, int nb_iargs,
  }
  
  /* assign input registers */

-tcg_regset_set(allocated_regs, s->reserved_regs);
+allocated_regs = s->reserved_regs;
  for(i = 0; i < nb_regs; i++) {
  arg = args[nb_oargs + i];
  if (arg != TCG_CALL_DUMMY_ARG) {

Re: [Qemu-devel] [PATCH v2 11/16] tcg: Remove tcg_regset_clear

[Philippe Mathieu-Daudé]

On 09/12/2017 01:25 PM, Richard Henderson wrote:

Signed-off-by: Richard Henderson 


Reviewed-by: Philippe Mathieu-Daudé 


---
  tcg/tcg.h| 1 -
  tcg/aarch64/tcg-target.inc.c | 2 +-
  tcg/arm/tcg-target.inc.c | 2 +-
  tcg/i386/tcg-target.inc.c| 4 ++--
  tcg/mips/tcg-target.inc.c| 2 +-
  tcg/ppc/tcg-target.inc.c | 2 +-
  tcg/s390/tcg-target.inc.c| 8 
  tcg/sparc/tcg-target.inc.c   | 2 +-
  tcg/tcg.c| 5 ++---
  tcg/tci/tcg-target.inc.c | 2 +-
  10 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index 37ad9fddab..7226727ee4 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -210,7 +210,6 @@ typedef enum TCGOpcode {
  NB_OPS,
  } TCGOpcode;
  
-#define tcg_regset_clear(d) (d) = 0

  #define tcg_regset_set(d, s) (d) = (s)
  #define tcg_regset_set32(d, reg, val32) (d) |= (val32) << (reg)
  #define tcg_regset_set_reg(d, r) (d) |= 1L << (r)
diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
index 1ff32e43f5..141a86a57d 100644
--- a/tcg/aarch64/tcg-target.inc.c
+++ b/tcg/aarch64/tcg-target.inc.c
@@ -1960,7 +1960,7 @@ static void tcg_target_init(TCGContext *s)
   (1 << TCG_REG_X16) | (1 << TCG_REG_X17) |
   (1 << TCG_REG_X18) | (1 << TCG_REG_X30));
  
-tcg_regset_clear(s->reserved_regs);

+s->reserved_regs = 0;
  tcg_regset_set_reg(s->reserved_regs, TCG_REG_SP);
  tcg_regset_set_reg(s->reserved_regs, TCG_REG_FP);
  tcg_regset_set_reg(s->reserved_regs, TCG_REG_TMP);
diff --git a/tcg/arm/tcg-target.inc.c b/tcg/arm/tcg-target.inc.c
index db46aea38c..f0c176554b 100644
--- a/tcg/arm/tcg-target.inc.c
+++ b/tcg/arm/tcg-target.inc.c
@@ -2173,7 +2173,7 @@ static void tcg_target_init(TCGContext *s)
   (1 << TCG_REG_R12) |
   (1 << TCG_REG_R14));
  
-tcg_regset_clear(s->reserved_regs);

+s->reserved_regs = 0;
  tcg_regset_set_reg(s->reserved_regs, TCG_REG_CALL_STACK);
  tcg_regset_set_reg(s->reserved_regs, TCG_REG_TMP);
  tcg_regset_set_reg(s->reserved_regs, TCG_REG_PC);
diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
index fbb41c3b7a..e9766f6686 100644
--- a/tcg/i386/tcg-target.inc.c
+++ b/tcg/i386/tcg-target.inc.c
@@ -2999,7 +2999,7 @@ static void tcg_target_init(TCGContext *s)
  tcg_regset_set32(tcg_target_available_regs[TCG_TYPE_V256], 0, 
0xff);
  }
  
-tcg_regset_clear(tcg_target_call_clobber_regs);

+tcg_target_call_clobber_regs = 0;
  tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_EAX);
  tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_EDX);
  tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_ECX);
@@ -3014,7 +3014,7 @@ static void tcg_target_init(TCGContext *s)
  tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_R11);
  }
  
-tcg_regset_clear(s->reserved_regs);

+s->reserved_regs = 0;
  tcg_regset_set_reg(s->reserved_regs, TCG_REG_CALL_STACK);
  }
  
diff --git a/tcg/mips/tcg-target.inc.c b/tcg/mips/tcg-target.inc.c

index 750baadf37..85c1abd14b 100644
--- a/tcg/mips/tcg-target.inc.c
+++ b/tcg/mips/tcg-target.inc.c
@@ -2629,7 +2629,7 @@ static void tcg_target_init(TCGContext *s)
 (1 << TCG_REG_T8) |
 (1 << TCG_REG_T9));
  
-tcg_regset_clear(s->reserved_regs);

+s->reserved_regs = 0;
  tcg_regset_set_reg(s->reserved_regs, TCG_REG_ZERO); /* zero register */
  tcg_regset_set_reg(s->reserved_regs, TCG_REG_K0);   /* kernel use only */
  tcg_regset_set_reg(s->reserved_regs, TCG_REG_K1);   /* kernel use only */
diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
index 21d764c102..b1df1e146a 100644
--- a/tcg/ppc/tcg-target.inc.c
+++ b/tcg/ppc/tcg-target.inc.c
@@ -2786,7 +2786,7 @@ static void tcg_target_init(TCGContext *s)
   (1 << TCG_REG_R11) |
   (1 << TCG_REG_R12));
  
-tcg_regset_clear(s->reserved_regs);

+s->reserved_regs = 0;
  tcg_regset_set_reg(s->reserved_regs, TCG_REG_R0); /* tcg temp */
  tcg_regset_set_reg(s->reserved_regs, TCG_REG_R1); /* stack pointer */
  #if defined(_CALL_SYSV)
diff --git a/tcg/s390/tcg-target.inc.c b/tcg/s390/tcg-target.inc.c
index e7ab8e4df3..01baa33673 100644
--- a/tcg/s390/tcg-target.inc.c
+++ b/tcg/s390/tcg-target.inc.c
@@ -413,12 +413,12 @@ static const char 
*target_parse_constraint(TCGArgConstraint *ct,
  break;
  case 'a':  /* force R2 for division */
  ct->ct |= TCG_CT_REG;
-tcg_regset_clear(ct->u.regs);
+ct->u.regs = 0;
  tcg_regset_set_reg(ct->u.regs, TCG_REG_R2);
  break;
  case 'b':  /* force R3 for division */
  ct->ct |= TCG_CT_REG;
-tcg_regset_clear(ct->u.regs);
+ct->u.regs = 0;
  tcg_regset_set_reg(ct->u.regs, TCG_REG_R3);
  break;
  case 'A':
@@ -2522,7 +2522,7 @@

Re: [Qemu-devel] [PATCH v2 13/16] tcg: Remove tcg_regset_{or, and, andnot, not}

[Philippe Mathieu-Daudé]

On 09/12/2017 01:25 PM, Richard Henderson wrote:

Signed-off-by: Richard Henderson 


Reviewed-by: Philippe Mathieu-Daudé 


---
  tcg/tcg.h | 4 
  tcg/tcg.c | 2 +-
  2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index e168bd2c44..8b4208ea03 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -214,10 +214,6 @@ typedef enum TCGOpcode {
  #define tcg_regset_set_reg(d, r) (d) |= 1L << (r)
  #define tcg_regset_reset_reg(d, r) (d) &= ~(1L << (r))
  #define tcg_regset_test_reg(d, r) (((d) >> (r)) & 1)
-#define tcg_regset_or(d, a, b) (d) = (a) | (b)
-#define tcg_regset_and(d, a, b) (d) = (a) & (b)
-#define tcg_regset_andnot(d, a, b) (d) = (a) & ~(b)
-#define tcg_regset_not(d, a) (d) = ~(a)
  
  #ifndef TCG_TARGET_INSN_UNIT_SIZE

  # error "Missing TCG_TARGET_INSN_UNIT_SIZE"
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 873915925f..a19767b5ef 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -2306,7 +2306,7 @@ static TCGReg tcg_reg_alloc(TCGContext *s, TCGRegSet 
desired_regs,
  TCGReg reg;
  TCGRegSet reg_ct;
  
-tcg_regset_andnot(reg_ct, desired_regs, allocated_regs);

+reg_ct = desired_regs & ~allocated_regs;
  order = rev ? indirect_reg_alloc_order : tcg_target_reg_alloc_order;
  
  /* first try free registers */

Re: [Qemu-devel] [PATCH v2 07/16] target/arm: Align vector registers

[Peter Maydell]

On 12 September 2017 at 17:25, Richard Henderson
 wrote:
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/cpu.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 98b9b26fd3..419f008277 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -486,7 +486,7 @@ typedef struct CPUARMState {
>   * the two execution states, and means we do not need to explicitly
>   * map these registers when changing states.
>   */
> -float64 regs[64];
> +float64 regs[64] __attribute__((aligned(16)));
>
>  uint32_t xregs[16];
>  /* We store these fpcsr fields separately for convenience.  */
> --
> 2.13.5

I notice we have a QEMU_ALIGNED() macro to wrap the __attribute__,
though we use it less often than not at the moment...

thanks
-- PMM

[Qemu-devel] [Bug 1716510] Re: qemu 2.10.0 cannot boot Windows 10 familly

[Maciej Piechotka]

Ok. It looks like EDK was added to my distro and using it fixed it -
https://packages.gentoo.org/packages/sys-firmware/edk2-ovmf (at least
W16 - I'll try W10 tonight).

Unfortunately when I run strings on edk I haven't seen anything which
looked like version.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1716510

Title:
  qemu 2.10.0 cannot boot Windows 10 familly

Status in QEMU:
  New

Bug description:
  On qemu 2.10.0 Windows 10 and Windows Server 2016 hangs during boot.
  Below is setup of Windows Server 2016. Downgrading to 2.9 fixes the
  problem.

  /usr/bin/qemu-system-x86_64 -name guest=,debug-threads=on -S
  -object
  secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-2-/master-key.aes -machine pc-q35-2.8,accel=kvm,usb=off,dump-guest-
  core=off -cpu
  
host,nx=on,hv_relaxed,hv_vapic,hv_spinlocks=0x1000,hv_vpindex,hv_runtime,hv_synic,hv_reset,kvm=off
  -drive file=/usr/local/share/edk2.git/ovmf-x64/OVMF-pure-
  efi.fd,if=pflash,format=raw,unit=0 -drive
  file=/var/lib/libvirt/qemu/nvram/_VARS.fd,if=pflash,format=raw,unit=1
  -m 4096 -realtime mlock=off -smp 12,sockets=1,cores=6,threads=2
  -object iothread,id=iothread1 -object iothread,id=iothread2 -object
  iothread,id=iothread3 -object iothread,id=iothread4 -object
  iothread,id=iothread5 -object iothread,id=iothread6 -object
  iothread,id=iothread7 -object iothread,id=iothread8 -object
  iothread,id=iothread9 -object iothread,id=iothread10 -object
  iothread,id=iothread11 -object iothread,id=iothread12 -uuid 
  -no-user-config -nodefaults -chardev
  
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-2-/monitor.sock,server,nowait
  -mon chardev=charmonitor,id=monitor,mode=control -rtc
  base=localtime,clock=vm,driftfix=slew -no-shutdown -boot strict=on
  -device
  ioh3420,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2
  -device ioh3420,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1
  -device ioh3420,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2
  -device ioh3420,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3
  -device ioh3420,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4
  -device ioh3420,port=0x15,chassis=6,id=pci.6,bus=pcie.0,addr=0x2.0x5
  -device nec-usb-xhci,id=usb,bus=pci.3,addr=0x0 -drive
  if=none,media=cdrom,id=drive-sata0-0-0,readonly=on -device ide-
  cd,bus=ide.0,drive=drive-sata0-0-0,id=sata0-0-0,bootindex=2 -drive
  if=none,media=cdrom,id=drive-sata0-0-1,readonly=on -device ide-
  cd,bus=ide.1,drive=drive-sata0-0-1,id=sata0-0-1,bootindex=1 -drive
  file=/dev/mapper/,format=raw,if=none,id=drive-sata0-0-2
  -device ide-hd,bus=ide.2,drive=drive-
  sata0-0-2,id=sata0-0-2,bootindex=3 -netdev
  tap,fd=21,id=hostnet0,vhost=on,vhostfd=23 -device virtio-net-
  pci,netdev=hostnet0,id=net0,mac=,bus=pci.1,addr=0x0 -netdev
  tap,fd=24,id=hostnet1,vhost=on,vhostfd=25 -device virtio-net-
  pci,netdev=hostnet1,id=net1,mac=,bus=pci.2,addr=0x0 -device usb-
  tablet,id=input0,bus=usb.0,port=1 -spice
  unix,addr=/var/lib/libvirt/qemu/domain-2-/spice.sock,disable-
  ticketing,image-compression=auto_glz,seamless-migration=on -vnc
  127.0.0.1:0 -device qxl-
  
vga,id=video0,ram_size=67108864,vram_size=16777216,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pcie.0,addr=0x1
  -device vhost-scsi-
  pci,wwpn=,vhostfd=26,id=hostdev0,bus=pcie.0,addr=0x9 -device
  virtio-balloon-pci,id=balloon0,bus=pci.4,addr=0x0 -object rng-
  random,id=objrng0,filename=/dev/random -device virtio-rng-
  pci,rng=objrng0,id=rng0,max-bytes=1024,period=1000,bus=pci.5,addr=0x0
  -msg timestamp=o

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1716510/+subscriptions

Re: [Qemu-devel] [RFC] Buffers/caches in VirtIO Balloon driver stats

[Tomáš Golembiovský]

Resending. It did not reach virtio-dev the first time.

On Tue, 12 Sep 2017 16:29:47 +0200
Tomáš Golembiovský  wrote:

> On Tue, 29 Aug 2017 20:01:53 +0800
> Wei Wang  wrote:
> 
> > On 08/29/2017 05:57 PM, Stefan Hajnoczi wrote:
> > > On Sun, Aug 27, 2017 at 11:30:33PM +0200, Tomáš Golembiovský wrote:  
> > >> Hi,  
> > > I have CCed the relevant mailing lists and people most recently involved
> > > in virtio-balloon discussions.  Hopefully this will help get the right
> > > people to see your questions.
> > >  
> > >> We'd like to include information about reclaimable memory into the
> > >> statistics in VirtiO Balloon driver. Namely, we'd like to include
> > >> counters for bufferes and caches of Linux kernel. The patch itself is
> > >> pretty trivial -- no problem there. But before we do that I'd like to
> > >> get some input from the QEMU community.
> > >>
> > >> 1) Is there any reason not to have the stats there?  
> > 
> > Could you please share the usages of reclaimable memory via the stats?
> 
> I'll go ahead then and start sending patches. What would be the proper
> course of action here? Send patch for the driver first, or send patch
> for QEMU first or send both patches right away?
> 
> 
> > >>
> > >> 2) Considering the balloon device is multiplatform (Linux, BSD,
> > >> Windows), is there a problem with including buffers/caches? These seem
> > >> to be specific to the Linux virtual memory subsystem. Of course, other
> > >> OSes could just report zeros. Are there some internal stats on those
> > >> OSes that could be filled in? I don't now if such or similar statistic
> > >> are available on BSD. On Windows only SystemCache stat looks like
> > >> something relevant. Anyone familiar with those OSes has any suggestions?
> > >>
> > >>   
> > 
> > One of the solutions that I'm thinking about is to make virtio 
> > platform-ware.
> 
> This is not necessary. IIUC the driver does not need to send all the
> stats. We can simply treat those stats as specific to Linux driver and
> other drivers will not send them. Then QEMU will treat them as if zero
> was reported.
> 
> > 
> > That is, the device by default supports
> > VIRTIO_F_LINUX,
> > VIRTIO_F_WINDOWS,
> > VIRTIO_F_BSD.
> > 
> > For the Linux driver, only VIRTIO_F_LINUX is supported, then we can
> > have Linux specific driver implementations under that feature.
> 
> 
> Since there were no suggestions for similar stats on other OSes I'd say
> we treat the stats for buffers and caches as Linux specific. If there is
> any need to send similar stats for other OSes we will add new stat fields
> (specific for that particular OS).
> 
> 
> Thanks,
> 
> Tomas
> 
> -- 
> Tomáš Golembiovský 


-- 
Tomáš Golembiovský 

Re: [Qemu-devel] [PATCH v6 05/18] dirty-bitmap: Change bdrv_dirty_bitmap_size() to report bytes

[Eric Blake]

On 09/08/2017 09:04 AM, Eric Blake wrote:

>>>  void bdrv_dirty_bitmap_truncate(BlockDriverState *bs)
>>>  {
>>>  BdrvDirtyBitmap *bitmap;
>>> -uint64_t size = bdrv_nb_sectors(bs);
>>> +int64_t size = bdrv_getlength(bs);
>>>
>>> +assert(size >= 0);
>>
>> How can you assert that there will never be an error? Even if it's
>> correct (I don't know whether you can have dirty bitmaps on devices that
>> don't use the cached value), this needs at least a comment.
> 
> The old code wasn't checking for errors; if an error occurs, we have no
> way to report it. So I indeed need to audit whether all callers have a
> cached length at this point in time (it can't fail), or else change
> bdrv_dirty_bitmap_truncate() to be able to fail (pass failure along) and
> update all callers.  This may indeed be reason for a respin, depending
> on what I find.

Verdict - it can indeed fail; bdrv_truncate() was blindly calling the
dirty bitmap resize even after a failed refresh_total_sectors(), which
could then resize the dirty bitmap to -1.  At least bdrv_truncate()
itself still failed, but it's cleaner to fail up front rather than get
internal state even more botched in the meantime, so fixing that will be
a separate patch in v7.  Sadly, the failure is probably more
theoretical, and I did not quickly see an easy way to write an iotests
to expose it (which has been the case with a lot of our recent
bdrv_nb_sectors/bdrv_getlength failure cleanup patches).

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 07/16] target/arm: Align vector registers

[Philippe Mathieu-Daudé]

On 09/12/2017 03:55 PM, Peter Maydell wrote:

I notice we have a QEMU_ALIGNED() macro to wrap the __attribute__,
though we use it less often than not at the moment...


Aesthetic aside, I find it useful to deal with the 80 characters style 
limit.

Re: [Qemu-devel] [PATCH v2 07/16] target/arm: Align vector registers

[Peter Maydell]

On 12 September 2017 at 21:17, Philippe Mathieu-Daudé  wrote:
> On 09/12/2017 03:55 PM, Peter Maydell wrote:
>>
>> I notice we have a QEMU_ALIGNED() macro to wrap the __attribute__,
>> though we use it less often than not at the moment...
>
>
> Aesthetic aside, I find it useful to deal with the 80 characters style
> limit.

They do say that constraints are vital for art :-)

thanks
-- PMM

[Qemu-devel] [PATCH v7 03/20] qcow2: Ensure bitmap serialization is aligned

[Eric Blake]

When subdividing a bitmap serialization, the code in hbitmap.c
enforces that start/count parameters are aligned (except that
count can end early at end-of-bitmap).  We exposed this required
alignment through bdrv_dirty_bitmap_serialization_align(), but
forgot to actually check that we comply with it.

Fortunately, qcow2 is never dividing bitmap serialization smaller
than one cluster (which is a minimum of 512 bytes); so we are
always compliant with the serialization alignment (which insists
that we partition at least 64 bits per chunk) because we are doing
at least 4k bits per chunk.

Still, it's safer to add an assertion (for the unlikely case that
we'd ever support a cluster smaller than 512 bytes, or if the
hbitmap implementation changes what it considers to be aligned),
rather than leaving bdrv_dirty_bitmap_serialization_align()
without a caller.

Signed-off-by: Eric Blake 
Reviewed-by: John Snow 

---
v5: no change
v4: new patch
---
 block/qcow2-bitmap.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
index e8d3bdbd6e..b3ee4c794a 100644
--- a/block/qcow2-bitmap.c
+++ b/block/qcow2-bitmap.c
@@ -274,10 +274,13 @@ static int free_bitmap_clusters(BlockDriverState *bs, 
Qcow2BitmapTable *tb)
 static uint64_t sectors_covered_by_bitmap_cluster(const BDRVQcow2State *s,
   const BdrvDirtyBitmap 
*bitmap)
 {
-uint32_t sector_granularity =
+uint64_t sector_granularity =
 bdrv_dirty_bitmap_granularity(bitmap) >> BDRV_SECTOR_BITS;
+uint64_t sbc = sector_granularity * (s->cluster_size << 3);

-return (uint64_t)sector_granularity * (s->cluster_size << 3);
+assert(QEMU_IS_ALIGNED(sbc,
+   bdrv_dirty_bitmap_serialization_align(bitmap)));
+return sbc;
 }

 /* load_bitmap_data
-- 
2.13.5

[Qemu-devel] [PATCH v7 00/20] make dirty-bitmap byte-based

[Eric Blake]

There are patches floating around to add NBD_CMD_BLOCK_STATUS,
but NBD wants to report status on byte granularity (even if the
reporting will probably be naturally aligned to sectors or even
much higher levels).  I've therefore started the task of
converting our block status code to report at a byte granularity
rather than sectors.

Now that 2.11 is open, I'm rebasing/reposting the remaining patches.

The overall conversion currently looks like:
part 1: bdrv_is_allocated (merged in 2.10, commit 51b0a488)
part 2: dirty-bitmap (this series, v6 was here [1])
part 3: bdrv_get_block_status (v3 is posted [2] and is mostly reviewed, but
needs a rebase)
part 4: .bdrv_co_block_status (v2 is posted [3], but needs a rebase)

Available as a tag at:
git fetch git://repo.or.cz/qemu/ericb.git nbd-byte-dirty-v7

[1] https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg06247.html
[2] https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03853.html
[3] https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg04370.html

Diff from v6:
- split v6 patch 5/18 into 3 parts in 5-7/20 [Kevin]
- improve bdrv_dirty_iter_next() interface in 11/20 [Kevin]
- fix missing trace conversion in 12/20 [Kevin]
- stricter conversions in 16/20, 18/20 [Kevin]
- rebase to above in 20/20

001/20:[] [--] 'block: Make bdrv_img_create() size selection easier to read'
002/20:[] [--] 'hbitmap: Rename serialization_granularity to 
serialization_align'
003/20:[] [--] 'qcow2: Ensure bitmap serialization is aligned'
004/20:[] [--] 'dirty-bitmap: Drop unused functions'
005/20:[down] 'dirty-bitmap: Check for size query failure during truncate'
006/20:[0028] [FC] 'dirty-bitmap: Change bdrv_dirty_bitmap_size() to report 
bytes'
007/20:[down] 'dirty-bitmap: Track bitmap size by bytes'
008/20:[] [--] 'dirty-bitmap: Change bdrv_dirty_bitmap_*serialize*() to 
take bytes'
009/20:[] [--] 'qcow2: Switch sectors_covered_by_bitmap_cluster() to 
byte-based'
010/20:[] [-C] 'dirty-bitmap: Set iterator start by offset, not sector'
011/20:[0005] [FC] 'dirty-bitmap: Change bdrv_dirty_iter_next() to report byte 
offset'
012/20:[0003] [FC] 'dirty-bitmap: Change bdrv_get_dirty_count() to report bytes'
013/20:[] [--] 'dirty-bitmap: Change bdrv_get_dirty_locked() to take bytes'
014/20:[] [--] 'dirty-bitmap: Change bdrv_[re]set_dirty_bitmap() to use 
bytes'
015/20:[] [--] 'mirror: Switch mirror_dirty_init() to byte-based iteration'
016/20:[0002] [FC] 'qcow2: Switch qcow2_measure() to byte-based iteration'
017/20:[] [--] 'qcow2: Switch load_bitmap_data() to byte-based iteration'
018/20:[0006] [FC] 'qcow2: Switch store_bitmap_data() to byte-based iteration'
019/20:[] [--] 'dirty-bitmap: Switch bdrv_set_dirty() to bytes'
020/20:[0003] [FC] 'dirty-bitmap: Convert internal hbitmap size/granularity'

Eric Blake (20):
  block: Make bdrv_img_create() size selection easier to read
  hbitmap: Rename serialization_granularity to serialization_align
  qcow2: Ensure bitmap serialization is aligned
  dirty-bitmap: Drop unused functions
  dirty-bitmap: Check for size query failure during truncate
  dirty-bitmap: Change bdrv_dirty_bitmap_size() to report bytes
  dirty-bitmap: Track bitmap size by bytes
  dirty-bitmap: Change bdrv_dirty_bitmap_*serialize*() to take bytes
  qcow2: Switch sectors_covered_by_bitmap_cluster() to byte-based
  dirty-bitmap: Set iterator start by offset, not sector
  dirty-bitmap: Change bdrv_dirty_iter_next() to report byte offset
  dirty-bitmap: Change bdrv_get_dirty_count() to report bytes
  dirty-bitmap: Change bdrv_get_dirty_locked() to take bytes
  dirty-bitmap: Change bdrv_[re]set_dirty_bitmap() to use bytes
  mirror: Switch mirror_dirty_init() to byte-based iteration
  qcow2: Switch qcow2_measure() to byte-based iteration
  qcow2: Switch load_bitmap_data() to byte-based iteration
  qcow2: Switch store_bitmap_data() to byte-based iteration
  dirty-bitmap: Switch bdrv_set_dirty() to bytes
  dirty-bitmap: Convert internal hbitmap size/granularity

 include/block/block_int.h|   2 +-
 include/block/dirty-bitmap.h |  43 +-
 include/qemu/hbitmap.h   |   8 +--
 block/io.c   |   6 +-
 block.c  |  21 +--
 block/backup.c   |   7 +--
 block/dirty-bitmap.c | 137 +++
 block/mirror.c   |  79 ++---
 block/qcow2-bitmap.c |  57 +-
 block/qcow2.c|  22 ---
 migration/block.c|  12 ++--
 tests/test-hbitmap.c |  10 ++--
 util/hbitmap.c   |   8 +--
 13 files changed, 175 insertions(+), 237 deletions(-)

-- 
2.13.5

[Qemu-devel] [PATCH v7 02/20] hbitmap: Rename serialization_granularity to serialization_align

[Eric Blake]

The only client of hbitmap_serialization_granularity() is dirty-bitmap's
bdrv_dirty_bitmap_serialization_align().  Keeping the two names consistent
is worthwhile, and the shorter name is more representative of what the
function returns (the required alignment to be used for start/count of
other serialization functions, where violating the alignment causes
assertion failures).

Signed-off-by: Eric Blake 
Reviewed-by: John Snow 

---
v5: no change
v4: new patch
---
 include/qemu/hbitmap.h |  8 
 block/dirty-bitmap.c   |  2 +-
 tests/test-hbitmap.c   | 10 +-
 util/hbitmap.c |  8 
 4 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/include/qemu/hbitmap.h b/include/qemu/hbitmap.h
index d3a74a21fc..81e78043d1 100644
--- a/include/qemu/hbitmap.h
+++ b/include/qemu/hbitmap.h
@@ -159,16 +159,16 @@ bool hbitmap_get(const HBitmap *hb, uint64_t item);
 bool hbitmap_is_serializable(const HBitmap *hb);

 /**
- * hbitmap_serialization_granularity:
+ * hbitmap_serialization_align:
  * @hb: HBitmap to operate on.
  *
- * Granularity of serialization chunks, used by other serialization functions.
- * For every chunk:
+ * Required alignment of serialization chunks, used by other serialization
+ * functions. For every chunk:
  * 1. Chunk start should be aligned to this granularity.
  * 2. Chunk size should be aligned too, except for last chunk (for which
  *  start + count == hb->size)
  */
-uint64_t hbitmap_serialization_granularity(const HBitmap *hb);
+uint64_t hbitmap_serialization_align(const HBitmap *hb);

 /**
  * hbitmap_serialization_size:
diff --git a/block/dirty-bitmap.c b/block/dirty-bitmap.c
index 30462d4f9a..0490ca3aff 100644
--- a/block/dirty-bitmap.c
+++ b/block/dirty-bitmap.c
@@ -617,7 +617,7 @@ uint64_t bdrv_dirty_bitmap_serialization_size(const 
BdrvDirtyBitmap *bitmap,

 uint64_t bdrv_dirty_bitmap_serialization_align(const BdrvDirtyBitmap *bitmap)
 {
-return hbitmap_serialization_granularity(bitmap->bitmap);
+return hbitmap_serialization_align(bitmap->bitmap);
 }

 void bdrv_dirty_bitmap_serialize_part(const BdrvDirtyBitmap *bitmap,
diff --git a/tests/test-hbitmap.c b/tests/test-hbitmap.c
index 1acb353889..af41642346 100644
--- a/tests/test-hbitmap.c
+++ b/tests/test-hbitmap.c
@@ -738,15 +738,15 @@ static void test_hbitmap_meta_one(TestHBitmapData *data, 
const void *unused)
 }
 }

-static void test_hbitmap_serialize_granularity(TestHBitmapData *data,
-   const void *unused)
+static void test_hbitmap_serialize_align(TestHBitmapData *data,
+ const void *unused)
 {
 int r;

 hbitmap_test_init(data, L3 * 2, 3);
 g_assert(hbitmap_is_serializable(data->hb));

-r = hbitmap_serialization_granularity(data->hb);
+r = hbitmap_serialization_align(data->hb);
 g_assert_cmpint(r, ==, 64 << 3);
 }

@@ -974,8 +974,8 @@ int main(int argc, char **argv)
 hbitmap_test_add("/hbitmap/meta/word", test_hbitmap_meta_word);
 hbitmap_test_add("/hbitmap/meta/sector", test_hbitmap_meta_sector);

-hbitmap_test_add("/hbitmap/serialize/granularity",
- test_hbitmap_serialize_granularity);
+hbitmap_test_add("/hbitmap/serialize/align",
+ test_hbitmap_serialize_align);
 hbitmap_test_add("/hbitmap/serialize/basic",
  test_hbitmap_serialize_basic);
 hbitmap_test_add("/hbitmap/serialize/part",
diff --git a/util/hbitmap.c b/util/hbitmap.c
index 21535cc90b..2f9d0fdbd0 100644
--- a/util/hbitmap.c
+++ b/util/hbitmap.c
@@ -413,14 +413,14 @@ bool hbitmap_is_serializable(const HBitmap *hb)
 {
 /* Every serialized chunk must be aligned to 64 bits so that endianness
  * requirements can be fulfilled on both 64 bit and 32 bit hosts.
- * We have hbitmap_serialization_granularity() which converts this
+ * We have hbitmap_serialization_align() which converts this
  * alignment requirement from bitmap bits to items covered (e.g. sectors).
  * That value is:
  *64 << hb->granularity
  * Since this value must not exceed UINT64_MAX, hb->granularity must be
  * less than 58 (== 64 - 6, where 6 is ld(64), i.e. 1 << 6 == 64).
  *
- * In order for hbitmap_serialization_granularity() to always return a
+ * In order for hbitmap_serialization_align() to always return a
  * meaningful value, bitmaps that are to be serialized must have a
  * granularity of less than 58. */

@@ -437,7 +437,7 @@ bool hbitmap_get(const HBitmap *hb, uint64_t item)
 return (hb->levels[HBITMAP_LEVELS - 1][pos >> BITS_PER_LEVEL] & bit) != 0;
 }

-uint64_t hbitmap_serialization_granularity(const HBitmap *hb)
+uint64_t hbitmap_serialization_align(const HBitmap *hb)
 {
 assert(hbitmap_is_serializable(hb));

@@ -454,7 +454,7 @@ static void serialization_chunk(const HBitmap *hb,
 unsigned long **first_el, uint64_t *el_count)
 {
 uint64_t last = sta

[Qemu-devel] [PATCH v7 01/20] block: Make bdrv_img_create() size selection easier to read

[Eric Blake]

All callers of bdrv_img_create() pass in a size, or -1 to read the
size from the backing file.  We then set that size as the QemuOpt
default, which means we will reuse that default rather than the
final parameter to qemu_opt_get_size() several lines later.  But
it is rather confusing to read subsequent checks of 'size == -1'
when it looks (without seeing the full context) like size defaults
to 0; it also doesn't help that a size of 0 is valid (for some
formats).

Rework the logic to make things more legible.

Signed-off-by: Eric Blake 
Reviewed-by: John Snow 

---
v6: Combine into a series rather than being a standalone patch (more for
ease of tracking than for being on topic)
---
 block.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block.c b/block.c
index 6dd47e414e..ee6a48976e 100644
--- a/block.c
+++ b/block.c
@@ -4393,7 +4393,7 @@ void bdrv_img_create(const char *filename, const char 
*fmt,

 /* The size for the image must always be specified, unless we have a 
backing
  * file and we have not been forbidden from opening it. */
-size = qemu_opt_get_size(opts, BLOCK_OPT_SIZE, 0);
+size = qemu_opt_get_size(opts, BLOCK_OPT_SIZE, img_size);
 if (backing_file && !(flags & BDRV_O_NO_BACKING)) {
 BlockDriverState *bs;
 char *full_backing = g_new0(char, PATH_MAX);
-- 
2.13.5

[Qemu-devel] [PATCH v7 04/20] dirty-bitmap: Drop unused functions

[Eric Blake]

We had several functions that no one is currently using, and which
use sector-based interfaces.  I'm trying to convert towards byte-based
interfaces, so it's easier to just drop the unused functions:

bdrv_dirty_bitmap_get_meta
bdrv_dirty_bitmap_get_meta_locked
bdrv_dirty_bitmap_reset_meta
bdrv_dirty_bitmap_meta_granularity

Signed-off-by: Eric Blake 
Reviewed-by: John Snow 

---
v5: no change
v4: rebase to Vladimir's persistent bitmaps (bdrv_dirty_bitmap_size now
in use), dropped R-b
v3: rebase to upstream changes (bdrv_dirty_bitmap_get_meta_locked was
added in b64bd51e with no clients), kept R-b
v2: tweak commit message based on review, no code change
---
 include/block/dirty-bitmap.h | 10 --
 block/dirty-bitmap.c | 44 
 2 files changed, 54 deletions(-)

diff --git a/include/block/dirty-bitmap.h b/include/block/dirty-bitmap.h
index a79a58d2c3..8fd842eac9 100644
--- a/include/block/dirty-bitmap.h
+++ b/include/block/dirty-bitmap.h
@@ -34,7 +34,6 @@ void bdrv_enable_dirty_bitmap(BdrvDirtyBitmap *bitmap);
 BlockDirtyInfoList *bdrv_query_dirty_bitmaps(BlockDriverState *bs);
 uint32_t bdrv_get_default_bitmap_granularity(BlockDriverState *bs);
 uint32_t bdrv_dirty_bitmap_granularity(const BdrvDirtyBitmap *bitmap);
-uint32_t bdrv_dirty_bitmap_meta_granularity(BdrvDirtyBitmap *bitmap);
 bool bdrv_dirty_bitmap_enabled(BdrvDirtyBitmap *bitmap);
 bool bdrv_dirty_bitmap_frozen(BdrvDirtyBitmap *bitmap);
 const char *bdrv_dirty_bitmap_name(const BdrvDirtyBitmap *bitmap);
@@ -44,15 +43,6 @@ void bdrv_set_dirty_bitmap(BdrvDirtyBitmap *bitmap,
int64_t cur_sector, int64_t nr_sectors);
 void bdrv_reset_dirty_bitmap(BdrvDirtyBitmap *bitmap,
  int64_t cur_sector, int64_t nr_sectors);
-int bdrv_dirty_bitmap_get_meta(BlockDriverState *bs,
-   BdrvDirtyBitmap *bitmap, int64_t sector,
-   int nb_sectors);
-int bdrv_dirty_bitmap_get_meta_locked(BlockDriverState *bs,
-  BdrvDirtyBitmap *bitmap, int64_t sector,
-  int nb_sectors);
-void bdrv_dirty_bitmap_reset_meta(BlockDriverState *bs,
-  BdrvDirtyBitmap *bitmap, int64_t sector,
-  int nb_sectors);
 BdrvDirtyBitmapIter *bdrv_dirty_meta_iter_new(BdrvDirtyBitmap *bitmap);
 BdrvDirtyBitmapIter *bdrv_dirty_iter_new(BdrvDirtyBitmap *bitmap,
  uint64_t first_sector);
diff --git a/block/dirty-bitmap.c b/block/dirty-bitmap.c
index 0490ca3aff..42a55e4a4b 100644
--- a/block/dirty-bitmap.c
+++ b/block/dirty-bitmap.c
@@ -173,45 +173,6 @@ void bdrv_release_meta_dirty_bitmap(BdrvDirtyBitmap 
*bitmap)
 qemu_mutex_unlock(bitmap->mutex);
 }

-int bdrv_dirty_bitmap_get_meta_locked(BlockDriverState *bs,
-  BdrvDirtyBitmap *bitmap, int64_t sector,
-  int nb_sectors)
-{
-uint64_t i;
-int sectors_per_bit = 1 << hbitmap_granularity(bitmap->meta);
-
-/* To optimize: we can make hbitmap to internally check the range in a
- * coarse level, or at least do it word by word. */
-for (i = sector; i < sector + nb_sectors; i += sectors_per_bit) {
-if (hbitmap_get(bitmap->meta, i)) {
-return true;
-}
-}
-return false;
-}
-
-int bdrv_dirty_bitmap_get_meta(BlockDriverState *bs,
-   BdrvDirtyBitmap *bitmap, int64_t sector,
-   int nb_sectors)
-{
-bool dirty;
-
-qemu_mutex_lock(bitmap->mutex);
-dirty = bdrv_dirty_bitmap_get_meta_locked(bs, bitmap, sector, nb_sectors);
-qemu_mutex_unlock(bitmap->mutex);
-
-return dirty;
-}
-
-void bdrv_dirty_bitmap_reset_meta(BlockDriverState *bs,
-  BdrvDirtyBitmap *bitmap, int64_t sector,
-  int nb_sectors)
-{
-qemu_mutex_lock(bitmap->mutex);
-hbitmap_reset(bitmap->meta, sector, nb_sectors);
-qemu_mutex_unlock(bitmap->mutex);
-}
-
 int64_t bdrv_dirty_bitmap_size(const BdrvDirtyBitmap *bitmap)
 {
 return bitmap->size;
@@ -511,11 +472,6 @@ uint32_t bdrv_dirty_bitmap_granularity(const 
BdrvDirtyBitmap *bitmap)
 return BDRV_SECTOR_SIZE << hbitmap_granularity(bitmap->bitmap);
 }

-uint32_t bdrv_dirty_bitmap_meta_granularity(BdrvDirtyBitmap *bitmap)
-{
-return BDRV_SECTOR_SIZE << hbitmap_granularity(bitmap->meta);
-}
-
 BdrvDirtyBitmapIter *bdrv_dirty_iter_new(BdrvDirtyBitmap *bitmap,
  uint64_t first_sector)
 {
-- 
2.13.5

[Qemu-devel] [PATCH v7 05/20] dirty-bitmap: Check for size query failure during truncate

[Eric Blake]

We've previously fixed several places where we failed to account
for possible errors from bdrv_nb_sectors().  Fix another one by
making bdrv_dirty_bitmap_truncate() report the error rather then
silently resizing bitmaps to -1.  Then adjust the sole caller
bdrv_truncate() to both reduce the likelihood of failure (blindly
calling bdrv_dirty_bitmap_truncate() after refresh_total_sectors()
fails was not nice) as well as propagate any actual failures.

Signed-off-by: Eric Blake 

---
v7: new patch [Kevin]
---
 include/block/dirty-bitmap.h |  2 +-
 block.c  | 19 ++-
 block/dirty-bitmap.c | 12 
 3 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/include/block/dirty-bitmap.h b/include/block/dirty-bitmap.h
index 8fd842eac9..15101b59d5 100644
--- a/include/block/dirty-bitmap.h
+++ b/include/block/dirty-bitmap.h
@@ -83,7 +83,7 @@ int64_t bdrv_dirty_iter_next(BdrvDirtyBitmapIter *iter);
 void bdrv_set_dirty_iter(BdrvDirtyBitmapIter *hbi, int64_t sector_num);
 int64_t bdrv_get_dirty_count(BdrvDirtyBitmap *bitmap);
 int64_t bdrv_get_meta_dirty_count(BdrvDirtyBitmap *bitmap);
-void bdrv_dirty_bitmap_truncate(BlockDriverState *bs);
+int bdrv_dirty_bitmap_truncate(BlockDriverState *bs);
 bool bdrv_dirty_bitmap_readonly(const BdrvDirtyBitmap *bitmap);
 bool bdrv_has_readonly_bitmaps(BlockDriverState *bs);
 bool bdrv_dirty_bitmap_get_autoload(const BdrvDirtyBitmap *bitmap);
diff --git a/block.c b/block.c
index ee6a48976e..790dcce360 100644
--- a/block.c
+++ b/block.c
@@ -3450,12 +3450,21 @@ int bdrv_truncate(BdrvChild *child, int64_t offset, 
PreallocMode prealloc,
 assert(!(bs->open_flags & BDRV_O_INACTIVE));

 ret = drv->bdrv_truncate(bs, offset, prealloc, errp);
-if (ret == 0) {
-ret = refresh_total_sectors(bs, offset >> BDRV_SECTOR_BITS);
-bdrv_dirty_bitmap_truncate(bs);
-bdrv_parent_cb_resize(bs);
-atomic_inc(&bs->write_gen);
+if (ret < 0) {
+return ret;
 }
+ret = refresh_total_sectors(bs, offset >> BDRV_SECTOR_BITS);
+if (ret < 0) {
+error_setg_errno(errp, -ret, "Could not refresh total sector count");
+return ret;
+}
+ret = bdrv_dirty_bitmap_truncate(bs);
+if (ret < 0) {
+error_setg_errno(errp, -ret, "Could not refresh total sector count");
+return ret;
+}
+bdrv_parent_cb_resize(bs);
+atomic_inc(&bs->write_gen);
 return ret;
 }

diff --git a/block/dirty-bitmap.c b/block/dirty-bitmap.c
index 42a55e4a4b..52f7a399b2 100644
--- a/block/dirty-bitmap.c
+++ b/block/dirty-bitmap.c
@@ -1,7 +1,7 @@
 /*
  * Block Dirty Bitmap
  *
- * Copyright (c) 2016 Red Hat. Inc
+ * Copyright (c) 2016-2017 Red Hat. Inc
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to 
deal
@@ -300,13 +300,16 @@ BdrvDirtyBitmap 
*bdrv_reclaim_dirty_bitmap(BlockDriverState *bs,

 /**
  * Truncates _all_ bitmaps attached to a BDS.
- * Called with BQL taken.
+ * Called with BQL taken, returns -errno on failure.
  */
-void bdrv_dirty_bitmap_truncate(BlockDriverState *bs)
+int bdrv_dirty_bitmap_truncate(BlockDriverState *bs)
 {
 BdrvDirtyBitmap *bitmap;
-uint64_t size = bdrv_nb_sectors(bs);
+int64_t size = bdrv_nb_sectors(bs);

+if (size < 0) {
+return size;
+}
 bdrv_dirty_bitmaps_lock(bs);
 QLIST_FOREACH(bitmap, &bs->dirty_bitmaps, list) {
 assert(!bdrv_dirty_bitmap_frozen(bitmap));
@@ -315,6 +318,7 @@ void bdrv_dirty_bitmap_truncate(BlockDriverState *bs)
 bitmap->size = size;
 }
 bdrv_dirty_bitmaps_unlock(bs);
+return 0;
 }

 static bool bdrv_dirty_bitmap_has_name(BdrvDirtyBitmap *bitmap)
-- 
2.13.5

[Qemu-devel] [PATCH v7 06/20] dirty-bitmap: Change bdrv_dirty_bitmap_size() to report bytes

[Eric Blake]

We're already reporting bytes for bdrv_dirty_bitmap_granularity();
mixing bytes and sectors in our return values is a recipe for
confusion.  A later cleanup will convert dirty bitmap internals
to be entirely byte-based, but in the meantime, we should report
the bitmap size in bytes.

The only external caller in qcow2-bitmap.c is temporarily more verbose
(because it is still using sector-based math), but will later be
switched to track progress by bytes instead of sectors.

Signed-off-by: Eric Blake 

---
v7: split external from internal change [Kevin], drop R-b
v6: no change
v5: fix bdrv_dirty_bitmap_truncate [John], drop R-b
v4: retitle from "Track size in bytes", rebase to persistent bitmaps,
round up when converting bytes to sectors
v3: no change
v2: tweak commit message, no code change
---
 block/dirty-bitmap.c |  2 +-
 block/qcow2-bitmap.c | 14 --
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/block/dirty-bitmap.c b/block/dirty-bitmap.c
index 52f7a399b2..56a01699e9 100644
--- a/block/dirty-bitmap.c
+++ b/block/dirty-bitmap.c
@@ -175,7 +175,7 @@ void bdrv_release_meta_dirty_bitmap(BdrvDirtyBitmap *bitmap)

 int64_t bdrv_dirty_bitmap_size(const BdrvDirtyBitmap *bitmap)
 {
-return bitmap->size;
+return bitmap->size * BDRV_SECTOR_SIZE;
 }

 const char *bdrv_dirty_bitmap_name(const BdrvDirtyBitmap *bitmap)
diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
index b3ee4c794a..65122e9ae1 100644
--- a/block/qcow2-bitmap.c
+++ b/block/qcow2-bitmap.c
@@ -295,10 +295,11 @@ static int load_bitmap_data(BlockDriverState *bs,
 BDRVQcow2State *s = bs->opaque;
 uint64_t sector, sbc;
 uint64_t bm_size = bdrv_dirty_bitmap_size(bitmap);
+uint64_t bm_sectors = DIV_ROUND_UP(bm_size, BDRV_SECTOR_SIZE);
 uint8_t *buf = NULL;
 uint64_t i, tab_size =
 size_to_clusters(s,
-bdrv_dirty_bitmap_serialization_size(bitmap, 0, bm_size));
+bdrv_dirty_bitmap_serialization_size(bitmap, 0, bm_sectors));

 if (tab_size != bitmap_table_size || tab_size > BME_MAX_TABLE_SIZE) {
 return -EINVAL;
@@ -307,7 +308,7 @@ static int load_bitmap_data(BlockDriverState *bs,
 buf = g_malloc(s->cluster_size);
 sbc = sectors_covered_by_bitmap_cluster(s, bitmap);
 for (i = 0, sector = 0; i < tab_size; ++i, sector += sbc) {
-uint64_t count = MIN(bm_size - sector, sbc);
+uint64_t count = MIN(bm_sectors - sector, sbc);
 uint64_t entry = bitmap_table[i];
 uint64_t offset = entry & BME_TABLE_ENTRY_OFFSET_MASK;

@@ -1077,13 +1078,14 @@ static uint64_t *store_bitmap_data(BlockDriverState *bs,
 int64_t sector;
 uint64_t sbc;
 uint64_t bm_size = bdrv_dirty_bitmap_size(bitmap);
+uint64_t bm_sectors = DIV_ROUND_UP(bm_size, BDRV_SECTOR_SIZE);
 const char *bm_name = bdrv_dirty_bitmap_name(bitmap);
 uint8_t *buf = NULL;
 BdrvDirtyBitmapIter *dbi;
 uint64_t *tb;
 uint64_t tb_size =
 size_to_clusters(s,
-bdrv_dirty_bitmap_serialization_size(bitmap, 0, bm_size));
+bdrv_dirty_bitmap_serialization_size(bitmap, 0, bm_sectors));

 if (tb_size > BME_MAX_TABLE_SIZE ||
 tb_size * s->cluster_size > BME_MAX_PHYS_SIZE)
@@ -1101,7 +1103,7 @@ static uint64_t *store_bitmap_data(BlockDriverState *bs,
 dbi = bdrv_dirty_iter_new(bitmap, 0);
 buf = g_malloc(s->cluster_size);
 sbc = sectors_covered_by_bitmap_cluster(s, bitmap);
-assert(DIV_ROUND_UP(bm_size, sbc) == tb_size);
+assert(DIV_ROUND_UP(bm_sectors, sbc) == tb_size);

 while ((sector = bdrv_dirty_iter_next(dbi)) != -1) {
 uint64_t cluster = sector / sbc;
@@ -1109,7 +,7 @@ static uint64_t *store_bitmap_data(BlockDriverState *bs,
 int64_t off;

 sector = cluster * sbc;
-end = MIN(bm_size, sector + sbc);
+end = MIN(bm_sectors, sector + sbc);
 write_size =
 bdrv_dirty_bitmap_serialization_size(bitmap, sector, end - sector);
 assert(write_size <= s->cluster_size);
@@ -1141,7 +1143,7 @@ static uint64_t *store_bitmap_data(BlockDriverState *bs,
 goto fail;
 }

-if (end >= bm_size) {
+if (end >= bm_sectors) {
 break;
 }

-- 
2.13.5

[Qemu-devel] [PATCH v7 13/20] dirty-bitmap: Change bdrv_get_dirty_locked() to take bytes

[Eric Blake]

Half the callers were already scaling bytes to sectors; the other
half can eventually be simplified to use byte iteration.  Both
callers were already using the result as a bool, so make that
explicit.  Making the change also makes it easier for a future
dirty-bitmap patch to offload scaling over to the internal hbitmap.

Remember, asking whether a byte is dirty is effectively asking
whether the entire granularity containing the byte is dirty, since
we only track dirtiness by granularity.

Signed-off-by: Eric Blake 
Reviewed-by: John Snow 
Reviewed-by: Juan Quintela 

---
v4: only context change
v3: rebase to _locked rename was straightforward enough that R-b kept
v2: tweak commit message, no code change
---
 include/block/dirty-bitmap.h | 4 ++--
 block/dirty-bitmap.c | 8 
 block/mirror.c   | 3 +--
 migration/block.c| 3 ++-
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/include/block/dirty-bitmap.h b/include/block/dirty-bitmap.h
index 842e57416c..94a8d76f26 100644
--- a/include/block/dirty-bitmap.h
+++ b/include/block/dirty-bitmap.h
@@ -72,8 +72,8 @@ void bdrv_dirty_bitmap_set_persistance(BdrvDirtyBitmap 
*bitmap,
 /* Functions that require manual locking.  */
 void bdrv_dirty_bitmap_lock(BdrvDirtyBitmap *bitmap);
 void bdrv_dirty_bitmap_unlock(BdrvDirtyBitmap *bitmap);
-int bdrv_get_dirty_locked(BlockDriverState *bs, BdrvDirtyBitmap *bitmap,
-  int64_t sector);
+bool bdrv_get_dirty_locked(BlockDriverState *bs, BdrvDirtyBitmap *bitmap,
+   int64_t offset);
 void bdrv_set_dirty_bitmap_locked(BdrvDirtyBitmap *bitmap,
   int64_t cur_sector, int64_t nr_sectors);
 void bdrv_reset_dirty_bitmap_locked(BdrvDirtyBitmap *bitmap,
diff --git a/block/dirty-bitmap.c b/block/dirty-bitmap.c
index ee0afb5e1a..96b15d232a 100644
--- a/block/dirty-bitmap.c
+++ b/block/dirty-bitmap.c
@@ -443,13 +443,13 @@ BlockDirtyInfoList 
*bdrv_query_dirty_bitmaps(BlockDriverState *bs)
 }

 /* Called within bdrv_dirty_bitmap_lock..unlock */
-int bdrv_get_dirty_locked(BlockDriverState *bs, BdrvDirtyBitmap *bitmap,
-  int64_t sector)
+bool bdrv_get_dirty_locked(BlockDriverState *bs, BdrvDirtyBitmap *bitmap,
+   int64_t offset)
 {
 if (bitmap) {
-return hbitmap_get(bitmap->bitmap, sector);
+return hbitmap_get(bitmap->bitmap, offset >> BDRV_SECTOR_BITS);
 } else {
-return 0;
+return false;
 }
 }

diff --git a/block/mirror.c b/block/mirror.c
index 7113d47db4..e36fc81df3 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -361,8 +361,7 @@ static uint64_t coroutine_fn 
mirror_iteration(MirrorBlockJob *s)
 int64_t next_offset = offset + nb_chunks * s->granularity;
 int64_t next_chunk = next_offset / s->granularity;
 if (next_offset >= s->bdev_length ||
-!bdrv_get_dirty_locked(source, s->dirty_bitmap,
-   next_offset >> BDRV_SECTOR_BITS)) {
+!bdrv_get_dirty_locked(source, s->dirty_bitmap, next_offset)) {
 break;
 }
 if (test_bit(next_chunk, s->in_flight_bitmap)) {
diff --git a/migration/block.c b/migration/block.c
index a3512945da..b618869661 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -530,7 +530,8 @@ static int mig_save_device_dirty(QEMUFile *f, 
BlkMigDevState *bmds,
 blk_mig_unlock();
 }
 bdrv_dirty_bitmap_lock(bmds->dirty_bitmap);
-if (bdrv_get_dirty_locked(bs, bmds->dirty_bitmap, sector)) {
+if (bdrv_get_dirty_locked(bs, bmds->dirty_bitmap,
+  sector * BDRV_SECTOR_SIZE)) {
 if (total_sectors - sector < BDRV_SECTORS_PER_DIRTY_CHUNK) {
 nr_sectors = total_sectors - sector;
 } else {
-- 
2.13.5