Re: [Qemu-devel] [PATCH] configure: Make epoll_create1 test work around SPARC glibc bug

[Peter Maydell]

On 19 April 2011 21:36, Blue Swirl  wrote:
> Sorry, I just picked a define without much thought. A more specific
> one would be flags parameter of epoll_create1(), like EPOLL_CLOEXEC or
> EPOLL_NONBLOCK. We don't use them now since the target system call
> argument is passed untranslated to host, but that is actually not
> correct, since the bit definitions could be different. So checking for
> one of those should be OK.

Unfortunately the header file on the system in question defines
both EPOLL_CLOEXEC and EPOLL_NONBLOCK even though it doesn't
prototype epoll_create1(). So this idea won't work.
The bug we are effectively trying to work around is the one fixed
by this libc patch:
http://sourceware.org/ml/libc-alpha/2010-08/msg00128.html

The only problem with the header is that it doesn't declare the
function, so the only way to detect it is to do something that
will fail if the function isn't declared, like compiling -Werror.

-- PMM

Re: [Qemu-devel] [PATCH 1/3] pseries: Increase maximum CPUs to 256

[David Gibson]

On Tue, Apr 19, 2011 at 05:02:21PM +0200, Alexander Graf wrote:
> On 04/19/2011 02:44 PM, David Gibson wrote:
> >On Tue, Apr 19, 2011 at 09:38:58AM +0200, Alexander Graf wrote:
> >>On 19.04.2011, at 03:54, David Gibson wrote:
> >>
> >>>From: Anton Blanchard
> >>>
> >>>The original pSeries machine was limited to 32 CPUs, more or less
> >>>arbitrarily.  Particularly when we get SMT KVM guests it will be
> >>>pretty easy to exceed this.  Therefore, raise the max number of CPUs
> >>>in a pseries machine guest to 256.
> >>Are the 256 limited by technical limits or arbitrary as well? :)
> >Still arbitrary, just bigger.
> 
> Can't we set it to the real, technical limit then?

There is no clear real, technical limit.  It would depend on exactly
what generation of pSeries we're talking about, and be in the
thousands.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson

[Qemu-devel] [RFC PATCH 2/3 V8] qapi, nmi: add inject-nmi qmp command

[Lai Jiangshan]

inject-nmi command injects an NMI on all CPUs of guest.
It is only supported for x86 guest currently, it will
returns "Unsupported" error for non-x86 guest.

Signed-off-by: Lai Jiangshan 
---
 qapi-schema.json |   12 
 qmp.c|   17 +
 2 files changed, 29 insertions(+), 0 deletions(-)

diff --git a/qapi-schema.json b/qapi-schema.json
index de6c9a3..6a94d78 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -1498,3 +1498,15 @@
 # Since: 0.14.0
 ##
 { 'option': 'vnc', 'data': 'VncConfig', 'implicit': 'address' }
+
+##
+# @inject-nmi:
+#
+# Inject an NMI on the guest.
+#
+# Returns: Nothing on success.
+#  If the guest(non-x86) does not support NMI injection, Unsupported
+#
+# Since: 0.15.0
+##
+{ 'command': 'inject-nmi' }
diff --git a/qmp.c b/qmp.c
index 9fdde8f..dac411a 100644
--- a/qmp.c
+++ b/qmp.c
@@ -379,3 +379,20 @@ StatusInfo *qmp_query_status(Error **errp)
 
 return info;
 }
+
+#if defined(TARGET_I386)
+void qmp_inject_nmi(Error **errp)
+{
+CPUState *env;
+
+for (env = first_cpu; env != NULL; env = env->next_cpu) {
+cpu_interrupt(env, CPU_INTERRUPT_NMI);
+}
+}
+#else
+void qmp_inject_nmi(Error **errp)
+{
+error_set(errp, QERR_UNSUPPORTED,
+  "Injecting NMI is unsupported for the non-x86 guest");
+}
+#endif
-- 
1.7.4

[Qemu-devel] [RFC PATCH 3/3 V8] qapi-hmp: Convert HMP nmi to use QMP

[Lai Jiangshan]

Convert the name of HMP nmi to inject-nmi, and use QMP inject-nmi.
The behavier is also changed, it injects NMI to all CPUs of the guest.
When the guest is non-x86, it reports "Unsupported" error.

Signed-off-by: Lai Jiangshan 
---
 hmp-commands.hx |   18 --
 hmp.c   |   12 
 hmp.h   |1 +
 monitor.c   |   14 --
 4 files changed, 21 insertions(+), 24 deletions(-)

diff --git a/hmp-commands.hx b/hmp-commands.hx
index c0719eb..70a9dd9 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -705,19 +705,17 @@ The values that can be specified here depend on the 
machine type, but are
 the same that can be specified in the @code{-boot} command line option.
 ETEXI
 
-#if defined(TARGET_I386)
 {
-.name   = "nmi",
-.args_type  = "cpu_index:i",
-.params = "cpu",
-.help   = "inject an NMI on the given CPU",
-.mhandler.cmd = do_inject_nmi,
+.name   = "inject-nmi",
+.args_type  = "",
+.params = "",
+.help   = "inject an NMI on the guest",
+.mhandler.cmd = hmp_inject_nmi,
 },
-#endif
 STEXI
-@item nmi @var{cpu}
-@findex nmi
-Inject an NMI on the given CPU (x86 only).
+@item inject-nmi
+@findex inject-nmi
+Inject an NMI on the guest (x86 only).
 ETEXI
 
 {
diff --git a/hmp.c b/hmp.c
index 758b085..07170fd 100644
--- a/hmp.c
+++ b/hmp.c
@@ -369,6 +369,18 @@ void hmp_closefd(Monitor *mon, const QDict *qdict)
 monitor_printf(mon, "closefd: Command Not Supported, use QMP\n");
 }
 
+void hmp_inject_nmi(Monitor *mon, const QDict *qdict)
+{
+Error *err = NULL;
+
+qmp_inject_nmi(&err);
+
+if (err) {
+monitor_printf(mon, "inject-nmi: %s\n", error_get_pretty(err));
+error_free(err);
+}
+}
+
 void hmp_info_version(Monitor *mon)
 {
 VersionInfo *info;
diff --git a/hmp.h b/hmp.h
index d205b3e..3bc1f54 100644
--- a/hmp.h
+++ b/hmp.h
@@ -31,6 +31,7 @@ void hmp_migrate_set_speed(Monitor *mon, const QDict *qdict);
 void hmp_migrate_set_downtime(Monitor *mon, const QDict *qdict);
 void hmp_getfd(Monitor *mon, const QDict *qdict);
 void hmp_closefd(Monitor *mon, const QDict *qdict);
+void hmp_inject_nmi(Monitor *mon, const QDict *qdict);
 
 void hmp_info_version(Monitor *mon);
 void hmp_info_status(Monitor *mon);
diff --git a/monitor.c b/monitor.c
index 25a4ab5..925c143 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1768,20 +1768,6 @@ static void do_wav_capture(Monitor *mon, const QDict 
*qdict)
 }
 #endif
 
-#if defined(TARGET_I386)
-static void do_inject_nmi(Monitor *mon, const QDict *qdict)
-{
-CPUState *env;
-int cpu_index = qdict_get_int(qdict, "cpu_index");
-
-for (env = first_cpu; env != NULL; env = env->next_cpu)
-if (env->cpu_index == cpu_index) {
-cpu_interrupt(env, CPU_INTERRUPT_NMI);
-break;
-}
-}
-#endif
-
 static qemu_acl *find_acl(Monitor *mon, const char *name)
 {
 qemu_acl *acl = qemu_acl_find(name);
-- 
1.7.4

[Qemu-devel] [RFC PATCH 1/3 V8] QError: Introduce QERR_UNSUPPORTED

[Lai Jiangshan]

New QERR_UNSUPPORTED for unsupported commands or requests.

Signed-off-by: Lai Jiangshan 
---
 qerror.c |4 
 qerror.h |3 +++
 2 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/qerror.c b/qerror.c
index c76257f..bafe520 100644
--- a/qerror.c
+++ b/qerror.c
@@ -213,6 +213,10 @@ static const QErrorStringTable qerror_table[] = {
 .desc  = "Cannot set union '%(name)' of type '%(type)' to value 
'%(new-value)' because it already is set to value '%(value)'"
 },
 {
+.error_fmt = QERR_UNSUPPORTED,
+.desc  = "Unsupported: %(detail)",
+},
+{
 .error_fmt = QERR_VNC_SERVER_FAILED,
 .desc  = "Could not start VNC server on %(target)",
 },
diff --git a/qerror.h b/qerror.h
index 1f98be1..01ec87d 100644
--- a/qerror.h
+++ b/qerror.h
@@ -193,6 +193,9 @@ void qerror_set_desc(QError *qerr, const char *fmt);
 #define QERR_UNION_MULTIPLE_ENTRIES \
 "{ 'class': 'UnionMultipleEntries', 'data': { 'name': %s, 'type': %s, 
'value': %s, 'new-value': %s } }"
 
+#define QERR_UNSUPPORTED \
+"{ 'class': 'Unsupported', 'data': { 'detail': %s } }"
+
 #define QERR_VNC_SERVER_FAILED \
 "{ 'class': 'VNCServerFailed', 'data': { 'target': %s } }"
 
-- 
1.7.4

[Qemu-devel] [RFC PATCH 0/3 V8] QAPI: add inject-nmi qmp command

[Lai Jiangshan]

These patches are applied for "http://repo.or.cz/r/qemu/aliguori.git glib".

These patches add QAPI inject-nmi. They are passed checkpatch.pl and the build.

But the result qemu executable file is not tested, because the result
qemu of "http://repo.or.cz/r/qemu/aliguori.git glib" can't work in my box.

Lai Jiangshan (3):
  QError: Introduce QERR_UNSUPPORTED
  qapi,nmi: add inject-nmi qmp command
  qapi-hmp: Convert HMP nmi to use QMP

 hmp-commands.hx  |   18 --
 hmp.c|   12 
 hmp.h|1 +
 monitor.c|   14 --
 qapi-schema.json |   12 
 qerror.c |4 
 qerror.h |3 +++
 qmp.c|   17 +
 8 files changed, 57 insertions(+), 24 deletions(-)

-- 
1.7.4

Re: [Qemu-devel] [PATCH 2/2 V7] qemu, qmp: add inject-nmi qmp command

[Lai Jiangshan]

On 04/04/2011 09:09 PM, Anthony Liguori wrote:
> On 04/04/2011 07:19 AM, Markus Armbruster wrote:
>> [Note cc: Anthony]
>>
>> "Daniel P. Berrange"  writes:
>>
>>> On Mon, Mar 07, 2011 at 05:46:28PM +0800, Lai Jiangshan wrote:
 From: Lai Jiangshan
 Date: Mon, 7 Mar 2011 17:05:15 +0800
 Subject: [PATCH 2/2] qemu,qmp: add inject-nmi qmp command

 inject-nmi command injects an NMI on all CPUs of guest.
 It is only supported for x86 guest currently, it will
 returns "Unsupported" error for non-x86 guest.

 ---
   hmp-commands.hx |2 +-
   monitor.c   |   18 +-
   qmp-commands.hx |   29 +
   3 files changed, 47 insertions(+), 2 deletions(-)
>>> Does anyone have any feedback on this addition, or are all new
>>> QMP patch proposals blocked pending Anthony's QAPI work ?
>> That would be bad.  Anthony, what's holding this back?
> 
> It doesn't pass checkpath.pl.
> 
> But I'd also expect this to come through Luiz's QMP tree.
> 
> Regards,
> 
> Anthony Liguori
> 

Hi, Anthony,

I cannot find checkpath.pl in the source tree.
And how/where to write errors descriptions? Is the following description
suitable?

##
# @inject-nmi:
#
# Inject an NMI on the guest.
#
# Returns: Nothing on success.
#  If the guest(non-x86) does not support NMI injection, Unsupported
#
# Since: 0.15.0
##
{ 'command': 'inject-nmi' }


Thanks,
Lai

Re: [Qemu-devel] [PATCH 2/2 V7] qemu, qmp: add inject-nmi qmp command

[Lai Jiangshan]

On 04/20/2011 09:53 AM, Lai Jiangshan wrote:
> On 04/04/2011 09:09 PM, Anthony Liguori wrote:
>> On 04/04/2011 07:19 AM, Markus Armbruster wrote:
>>> [Note cc: Anthony]
>>>
>>> "Daniel P. Berrange"  writes:
>>>
 On Mon, Mar 07, 2011 at 05:46:28PM +0800, Lai Jiangshan wrote:
> From: Lai Jiangshan
> Date: Mon, 7 Mar 2011 17:05:15 +0800
> Subject: [PATCH 2/2] qemu,qmp: add inject-nmi qmp command
>
> inject-nmi command injects an NMI on all CPUs of guest.
> It is only supported for x86 guest currently, it will
> returns "Unsupported" error for non-x86 guest.
>
> ---
>   hmp-commands.hx |2 +-
>   monitor.c   |   18 +-
>   qmp-commands.hx |   29 +
>   3 files changed, 47 insertions(+), 2 deletions(-)
 Does anyone have any feedback on this addition, or are all new
 QMP patch proposals blocked pending Anthony's QAPI work ?
>>> That would be bad.  Anthony, what's holding this back?
>>
>> It doesn't pass checkpath.pl.
>>
>> But I'd also expect this to come through Luiz's QMP tree.
>>
>> Regards,
>>
>> Anthony Liguori
>>
> 
> Hi, Anthony,
> 
> I cannot find checkpath.pl in the source tree.

Sorry, I found it in the mainline tree.

> And how/where to write errors descriptions? Is the following description
> suitable?
> 
> ##
> # @inject-nmi:
> #
> # Inject an NMI on the guest.
> #
> # Returns: Nothing on success.
> #  If the guest(non-x86) does not support NMI injection, Unsupported
> #
> # Since: 0.15.0
> ##
> { 'command': 'inject-nmi' }
> 
> 
> Thanks,
> Lai
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

[Qemu-devel] why does qemu i386 userspace emulation crashes when pthread used?

[Yale Zhang]

Hi. I'm want to run some pthread programs using qemu userspace emulation
(target=i386, host=x86_64,arm), but see NPTL support isn't supported for the
i386 target. I have applied a patch from here
http://patchwork.ozlabs.org/patch/45206/ and used it to run a simple pthread
fork, join program. The program is able to launch multiple threads, but the
1st thread that exits causes the program to crash inside the pthread
library.

What are the reasons NPTL isn't supported for i386 and was it ever supported
in the past? I even wrote another simple program that does the equivalent,
but with using fork(), waitpid() instead of pthread_create(),
pthread_join(), and it works correctly. This seems to suggest thread local
storage wasn't implemented correctly?

Thanks,
Yale

Re: [Qemu-devel] QEMU-KVM and hardened (GRSEC/PaX) kernel

[Антон Кочков]

Already changed to Grsecutiry -> Security level -> Virtualization

But issue still here:

qemu-kvm starts, show as running, but nothing inside:

(qemu) info kvm
kvm support: enabled
(qemu) info cpus
* CPU #0: pc=0x0010017c (halted) thread_id=4688
(qemu) info pci
  Bus  0, device   0, function 0:
Host bridge: PCI device 8086:1237
  id ""
  Bus  0, device   1, function 0:
ISA bridge: PCI device 8086:7000
  id ""
  Bus  0, device   1, function 1:
IDE controller: PCI device 8086:7010
  BAR4: I/O at 0xc000 [0xc00f].
  id ""
  Bus  0, device   1, function 3:
Bridge: PCI device 8086:7113
  IRQ 9.
  id ""
  Bus  0, device   2, function 0:
VGA controller: PCI device 1013:00b8
  BAR0: 32 bit prefetchable memory at 0xf000 [0xf1ff].
  BAR1: 32 bit memory at 0xf200 [0xf2000fff].
  BAR6: 32 bit memory at 0x [0xfffe].
  id ""
(qemu) info status
VM status: running
(qemu) info roms
fw=genroms/vapic.bin size=0x002400 name="vapic.bin"
addr=fffe size=0x02 mem=rom name="bios.bin"
(qemu) info registers
EAX= EBX=00187130 ECX=00187130 EDX=
ESI= EDI= EBP= ESP=0ffcfeac
EIP=0010017c EFL=0246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0028   00c09300 DPL=0 DS   [-WA]
CS =0020   00c09b00 DPL=0 CS32 [-RA]
SS =0028   00c09300 DPL=0 DS   [-WA]
DS =0028   00c09300 DPL=0 DS   [-WA]
FS =   
GS =   
LDT=   
TR =0008 0580 0067 8b00 DPL=0 TSS32-busy
GDT= ab80 002f
IDT= 30b8 07ff
CR0=0013 CR2= CR3= CR4=
DR0= DR1= DR2=
DR3=
DR6=0ff0 DR7=0400
EFER=
FCW=037f FSW=0020 [ST=0] FTW=00 MXCSR=1f80
FPR0=f44d002c6000 400d FPR1=80847fe7 400e
FPR2=fa007fa24000 400e FPR3=80e88055f000 400e
FPR4=ea61009c4000 400d FPR5=ea62009c4000 400c
FPR6=bb7fffb9b000 400b FPR7=bb83ffb9b000 400b
XMM00= XMM01=
XMM02= XMM03=
XMM04= XMM05=
XMM06= XMM07=

also if i'm connecting to qemu with gdb it show me only one cmd:

add BYTE PTR [rax],al

and it is in infinite

Cpu load = 0%

Bug updated with new logs/info

Best regards,
Anton Kochkov.




On Tue, Apr 19, 2011 at 23:24, Blue Swirl  wrote:
> 2011/4/17 Антон Кочков :
>> Good day!
>> I'm trying to make working qemu-kvm with hardened gentoo on hardened kernel.
>> When i'm using CONFIG_PAX_KERNPAGEXEC and CONFIG_PAX_MEM_UNDEREF qemu just 
>> start
>> and go to infinite loop and take 100% of one of my CPU core. adn it
>> even can't be killed.
>> Also it is dont give answer for qemu monitor/remote gdb.
>> When I'm changed these two values as disabled, qemu-kvm now start, and
>> stop (i mean qemu monitor show that virtual machine is running, but no
>> any activity/output). Also it's load about 0%.
>> See details in bug http://bugs.gentoo.org/show_bug.cgi?id=363713
>
> Given this description
> http://grsecurity.net/~spender/uderef.txt
> I'd say the problem is PaX vs. KVM (kernel module part of it). UDEREF
> should be overridden for the process in question, which obviously
> defeats security. Maybe CONFIG_GRKERNSEC_HARDENED_VIRTUALIZATION
> suggested in the bug thread already does this, I don't know. It's not
> possible to virtualize for example guests using self-modifying code if
> the kernel protections are in the way. The alternative is to use only
> guests, which never violate W^X, if they exist.
>

Re: [Qemu-devel] [PATCH/RFC] Port Wine preloader to QEMU

[Mike McCormack]

On 04/20/2011 12:33 AM, Richard Henderson wrote:

> Did you try --enable-user-pie?  It may not really help, but I'm curious.

No. I don't think it will help because placement of the executable probably
doesn't account for how large its heap will grow.

You'll still run out of memory as the heap grows and runs into an 
LD_PRELOAD'ed shared object that's been mapped below 0x6000, then crash
without your do_brk() MAP_FIXED patch, or fail with some error code with it.

> Honestly I'm not keen on this patch.  This level of obfuscation on the
> startup and memory map of the host binary is just a gross hack working
> around the lack of proper page tables in user mode.

This mechanism has been used in Wine for 6 years, but Wine doesn't have
any other way to guarantee the memory layout.

> If you really really need to get this working with a 32-bit host binary
> (rather than doing the sensible thing and using a 64-bit PIE binary),
> then working to enable CONFIG_SOFTMMU in user mode instead would be the
> most useful thing you could do.  Indeed, this would fix a number of 
> problems we currently have emulating other guests that have a page size
> different from the host.

Yes, having page tables in user mode emulation would help, but would
probably make the target executable considerably slower too.

thanks,

Mike

[Qemu-devel] Are you Surviving or want to be Free?

[L . Moore]

 Hello friend,

Would you like to join in a program with which,

- You do not have to promote

- You do not need a computer or Internet experience

- You do not have to worry about spam complaints

- You do not have to pay a Monthly Fee
-You do not have to pay full price on Vacation ever again
-You do not have to Sponsor to get paid

What if I told you that Less than $300 could be flipped into  $5000 to $20,000 
over and over and all it takes is a few Minutes a Day or actually waiting for 
it, if you choose to do nothing!


Everyone on the team helps everyone...My people are cycling daily
with only recruiting 1 person and some without recruiting anyone...
With Everyone on the Team Helping Everyone, things go Very Fast!

I have team members making money for the first time in their online
careers. It’s So Fun and Very Exciting to Watch. Smiles Everywhere!

 How does this work?



Want full info?

Reply to my Email and I will send you information with in 24hours.



Sincerely,

L.Moore

Re: [Qemu-devel] [PATCH] vfio: Add an ioctl to reset the device

[Tom Lyon]

On Tuesday, April 19, 2011 01:32:59 pm Alex Williamson wrote:
> When using VFIO to assign a device to a guest, we want to make sure
> the device is quiesced on VM reset to stop all DMA within the guest
> mapped memory.  Add an ioctl which just calls pci_reset_function()
> and returns whether it succeeds.
> 
> Signed-off-by: Alex Williamson 
> ---
> 
> We've recently needed to add this functionality for current KVM
> based device assignment, VFIO should provide a way to do this too.
> An example of it being used in the Qemu VFIO driver can be found
> here:
> 
> https://github.com/awilliam/qemu-vfio/blob/vfio/hw/vfio.c
> 
>  drivers/vfio/vfio_main.c |4 
>  include/linux/vfio.h |3 +++
>  2 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/vfio/vfio_main.c b/drivers/vfio/vfio_main.c
> index 7e427fc..b9bb692 100644
> --- a/drivers/vfio/vfio_main.c
> +++ b/drivers/vfio/vfio_main.c
> @@ -490,6 +490,10 @@ static long vfio_unl_ioctl(struct file *filep,
>   ret = vfio_irq_eoi_eventfd(vdev, fd);
>   break;
> 
> + case VFIO_RESET_FUNCTION:
> + ret = pci_reset_function(vdev->pdev);
> + break;
> +
>   default:
>   return -EINVAL;
>   }
> diff --git a/include/linux/vfio.h b/include/linux/vfio.h
> index f07d8fe..47d9bb9 100644
> --- a/include/linux/vfio.h
> +++ b/include/linux/vfio.h
> @@ -215,6 +215,9 @@ struct vfio_dma_map {
>  /* Re-enable INTx via eventfd */
>  #define  VFIO_IRQ_EOI_EVENTFD_IOW(';', 110, int)
> 
> +/* Reset PCI function */
> +#define VFIO_RESET_FUNCTION  _IO(';', 111)
> +
>  /*
>   * Reads, writes, and mmaps determine which PCI BAR (or config space)
>   * from the high level bits of the file offset

Applied.

Re: [Qemu-devel] [PATCH] vfio: Add an ioctl to reset the device

[Chris Wright]

* Alex Williamson (alex.william...@redhat.com) wrote:
> On Tue, 2011-04-19 at 15:26 -0700, Chris Wright wrote:
> > * Alex Williamson (alex.william...@redhat.com) wrote:
> > > On Tue, 2011-04-19 at 15:07 -0700, Chris Wright wrote:
> > > > * Alex Williamson (alex.william...@redhat.com) wrote:
> > > > > When using VFIO to assign a device to a guest, we want to make sure
> > > > > the device is quiesced on VM reset to stop all DMA within the guest
> > > > > mapped memory.  Add an ioctl which just calls pci_reset_function()
> > > > > and returns whether it succeeds.
> > > > 
> > > > Shouldn't there be a reset when binding/unbinding vfio to/from a pci
> > > > device?
> > > 
> > > There's already one when the /dev/vfioX file is opened, we should add
> > > another on release, and probably add the same PCI save state store/load
> > > that I'm proposing for KVM across those.  Thanks,
> > 
> > Hmm, I looked and didn't see it, hence the question.
> 
> vfio_open() -> pci_reset_function()
> https://github.com/pugs/vfio-linux-2.6/blob/vfio/drivers/vfio/vfio_main.c

Got it, thanks Alex.

Re: [Qemu-devel] [PATCH] vfio: Add an ioctl to reset the device

[Alex Williamson]

On Tue, 2011-04-19 at 15:26 -0700, Chris Wright wrote:
> * Alex Williamson (alex.william...@redhat.com) wrote:
> > On Tue, 2011-04-19 at 15:07 -0700, Chris Wright wrote:
> > > * Alex Williamson (alex.william...@redhat.com) wrote:
> > > > When using VFIO to assign a device to a guest, we want to make sure
> > > > the device is quiesced on VM reset to stop all DMA within the guest
> > > > mapped memory.  Add an ioctl which just calls pci_reset_function()
> > > > and returns whether it succeeds.
> > > 
> > > Shouldn't there be a reset when binding/unbinding vfio to/from a pci
> > > device?
> > 
> > There's already one when the /dev/vfioX file is opened, we should add
> > another on release, and probably add the same PCI save state store/load
> > that I'm proposing for KVM across those.  Thanks,
> 
> Hmm, I looked and didn't see it, hence the question.

vfio_open() -> pci_reset_function()
https://github.com/pugs/vfio-linux-2.6/blob/vfio/drivers/vfio/vfio_main.c

Re: [Qemu-devel] [PATCH] vfio: Add an ioctl to reset the device

[Chris Wright]

* Alex Williamson (alex.william...@redhat.com) wrote:
> On Tue, 2011-04-19 at 15:07 -0700, Chris Wright wrote:
> > * Alex Williamson (alex.william...@redhat.com) wrote:
> > > When using VFIO to assign a device to a guest, we want to make sure
> > > the device is quiesced on VM reset to stop all DMA within the guest
> > > mapped memory.  Add an ioctl which just calls pci_reset_function()
> > > and returns whether it succeeds.
> > 
> > Shouldn't there be a reset when binding/unbinding vfio to/from a pci
> > device?
> 
> There's already one when the /dev/vfioX file is opened, we should add
> another on release, and probably add the same PCI save state store/load
> that I'm proposing for KVM across those.  Thanks,

Hmm, I looked and didn't see it, hence the question.

Re: [Qemu-devel] [PATCH] vfio: Add an ioctl to reset the device

[Alex Williamson]

On Tue, 2011-04-19 at 15:07 -0700, Chris Wright wrote:
> * Alex Williamson (alex.william...@redhat.com) wrote:
> > When using VFIO to assign a device to a guest, we want to make sure
> > the device is quiesced on VM reset to stop all DMA within the guest
> > mapped memory.  Add an ioctl which just calls pci_reset_function()
> > and returns whether it succeeds.
> 
> Shouldn't there be a reset when binding/unbinding vfio to/from a pci
> device?

There's already one when the /dev/vfioX file is opened, we should add
another on release, and probably add the same PCI save state store/load
that I'm proposing for KVM across those.  Thanks,

Alex

Re: [Qemu-devel] [PATCH] vfio: Add an ioctl to reset the device

[Chris Wright]

* Alex Williamson (alex.william...@redhat.com) wrote:
> When using VFIO to assign a device to a guest, we want to make sure
> the device is quiesced on VM reset to stop all DMA within the guest
> mapped memory.  Add an ioctl which just calls pci_reset_function()
> and returns whether it succeeds.

Shouldn't there be a reset when binding/unbinding vfio to/from a pci
device?

Re: [Qemu-devel] [PATCH] vfio: Add an ioctl to reset the device

[Chris Wright]

* Randy Dunlap (rdun...@xenotime.net) wrote:
> I can't find include/linux/vfio.h in linux-next or mainline git, but
> ioctls need to be documented in Documentation/ioctl/ioctl-number.txt

It is in the full patchset: https://github.com/pugs/vfio-linux-2.6

Re: [Qemu-devel] [PATCH] vfio: Add an ioctl to reset the device

[Randy Dunlap]

On Tue, 19 Apr 2011 14:32:59 -0600 Alex Williamson wrote:

> When using VFIO to assign a device to a guest, we want to make sure
> the device is quiesced on VM reset to stop all DMA within the guest
> mapped memory.  Add an ioctl which just calls pci_reset_function()
> and returns whether it succeeds.
> 
> Signed-off-by: Alex Williamson 
> ---
> 
> We've recently needed to add this functionality for current KVM
> based device assignment, VFIO should provide a way to do this too.
> An example of it being used in the Qemu VFIO driver can be found
> here:
> 
> https://github.com/awilliam/qemu-vfio/blob/vfio/hw/vfio.c
> 
>  drivers/vfio/vfio_main.c |4 
>  include/linux/vfio.h |3 +++
>  2 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/vfio/vfio_main.c b/drivers/vfio/vfio_main.c
> index 7e427fc..b9bb692 100644
> --- a/drivers/vfio/vfio_main.c
> +++ b/drivers/vfio/vfio_main.c
> @@ -490,6 +490,10 @@ static long vfio_unl_ioctl(struct file *filep,
>   ret = vfio_irq_eoi_eventfd(vdev, fd);
>   break;
>  
> + case VFIO_RESET_FUNCTION:
> + ret = pci_reset_function(vdev->pdev);
> + break;
> +
>   default:
>   return -EINVAL;
>   }
> diff --git a/include/linux/vfio.h b/include/linux/vfio.h
> index f07d8fe..47d9bb9 100644
> --- a/include/linux/vfio.h
> +++ b/include/linux/vfio.h
> @@ -215,6 +215,9 @@ struct vfio_dma_map {
>  /* Re-enable INTx via eventfd */
>  #define  VFIO_IRQ_EOI_EVENTFD_IOW(';', 110, int)
>  
> +/* Reset PCI function */
> +#define VFIO_RESET_FUNCTION  _IO(';', 111)
> +
>  /*
>   * Reads, writes, and mmaps determine which PCI BAR (or config space)
>   * from the high level bits of the file offset

I can't find include/linux/vfio.h in linux-next or mainline git, but
ioctls need to be documented in Documentation/ioctl/ioctl-number.txt

---
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***

Re: [Qemu-devel] [PATCH] configure: Make epoll_create1 test work around SPARC glibc bug

[Blue Swirl]

On Tue, Apr 19, 2011 at 11:16 PM, Peter Maydell
 wrote:
> On 19 April 2011 20:59, Blue Swirl  wrote:
>> On Tue, Apr 19, 2011 at 10:48 PM, Peter Maydell
>>  wrote:
>>> On 19 April 2011 20:37, Blue Swirl  wrote:
 But then epoll would not be used.
>>>
>>> I think that's fine -- on a system which isn't advertising epoll
>>> in its include files we shouldn't be trying to use it. It might
>>> be buggy, or not the same function at all, for instance.
>>>
>>> Anybody who actually cares about epoll can upgrade their libc :-)
>>
>> Maybe epoll is not so interesting as madvise.
>
> Indeed, it isn't; the only reason we check for it in configure is
> so we know whether we can pass through the relevant syscalls for
> linux-user mode. it's a pretty recent innovation so any guest app
> using it should have a fallback path if it gets ENOSYS.
> Incidentally, note that this configure check is for epoll_create1(),
> not epoll_create(). [Some systems have only the former, so it has
> a separate configure check.]
>
> madvise() is used by qemu itself, so we care more there.
>
>> But the check is not very specific, there could be some unrelated
>> warning with the headers.
>
> The check isn't supposed to be very specific; the idea is that it
> does basically what the actual qemu source code does, ie just
> use the function in a program that's compiled with -Werror. If there's
> an unrelated problem with the header that produces a compile
> warning then we also want that to cause the test to fail, because
> that too will cause qemu compilation to fail later.
>
> I think that the ideal for configure tests is that they test
> for exactly the set of functionality used by the program itself;
> that's what I'm trying to do here.
>
>> How about checking in the compiled file for
>> for example EPOLLIN, that should give a clear build failure if the
>> header is missing?
>
> If the header was missing then that would already be causing a
> compilation failure. The issue with this particular version of
> SPARC glibc is that the header is present but doesn't declare the
> function.
>
> Looking for EPOLLIN isn't a useful test for "is epoll_create1()
> present and OK?" because:
> (1) EPOLLIN will be defined on systems which only have epoll_create(),
> so "is EPOLLIN present?" can be true when "is epoll_create1() OK?" is false
> (2) we don't ever actually use EPOLLIN, so checking for it could
> potentially cause us to not use epoll_create1() even if it was
> present and usable

Sorry, I just picked a define without much thought. A more specific
one would be flags parameter of epoll_create1(), like EPOLL_CLOEXEC or
EPOLL_NONBLOCK. We don't use them now since the target system call
argument is passed untranslated to host, but that is actually not
correct, since the bit definitions could be different. So checking for
one of those should be OK.

[Qemu-devel] [PATCH] vfio: Add an ioctl to reset the device

[Alex Williamson]

When using VFIO to assign a device to a guest, we want to make sure
the device is quiesced on VM reset to stop all DMA within the guest
mapped memory.  Add an ioctl which just calls pci_reset_function()
and returns whether it succeeds.

Signed-off-by: Alex Williamson 
---

We've recently needed to add this functionality for current KVM
based device assignment, VFIO should provide a way to do this too.
An example of it being used in the Qemu VFIO driver can be found
here:

https://github.com/awilliam/qemu-vfio/blob/vfio/hw/vfio.c

 drivers/vfio/vfio_main.c |4 
 include/linux/vfio.h |3 +++
 2 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/drivers/vfio/vfio_main.c b/drivers/vfio/vfio_main.c
index 7e427fc..b9bb692 100644
--- a/drivers/vfio/vfio_main.c
+++ b/drivers/vfio/vfio_main.c
@@ -490,6 +490,10 @@ static long vfio_unl_ioctl(struct file *filep,
ret = vfio_irq_eoi_eventfd(vdev, fd);
break;
 
+   case VFIO_RESET_FUNCTION:
+   ret = pci_reset_function(vdev->pdev);
+   break;
+
default:
return -EINVAL;
}
diff --git a/include/linux/vfio.h b/include/linux/vfio.h
index f07d8fe..47d9bb9 100644
--- a/include/linux/vfio.h
+++ b/include/linux/vfio.h
@@ -215,6 +215,9 @@ struct vfio_dma_map {
 /* Re-enable INTx via eventfd */
 #defineVFIO_IRQ_EOI_EVENTFD_IOW(';', 110, int)
 
+/* Reset PCI function */
+#define VFIO_RESET_FUNCTION_IO(';', 111)
+
 /*
  * Reads, writes, and mmaps determine which PCI BAR (or config space)
  * from the high level bits of the file offset

Re: [Qemu-devel] [PATCH] configure: Make epoll_create1 test work around SPARC glibc bug

[Peter Maydell]

On 19 April 2011 20:59, Blue Swirl  wrote:
> On Tue, Apr 19, 2011 at 10:48 PM, Peter Maydell
>  wrote:
>> On 19 April 2011 20:37, Blue Swirl  wrote:
>>> But then epoll would not be used.
>>
>> I think that's fine -- on a system which isn't advertising epoll
>> in its include files we shouldn't be trying to use it. It might
>> be buggy, or not the same function at all, for instance.
>>
>> Anybody who actually cares about epoll can upgrade their libc :-)
>
> Maybe epoll is not so interesting as madvise.

Indeed, it isn't; the only reason we check for it in configure is
so we know whether we can pass through the relevant syscalls for
linux-user mode. it's a pretty recent innovation so any guest app
using it should have a fallback path if it gets ENOSYS.
Incidentally, note that this configure check is for epoll_create1(),
not epoll_create(). [Some systems have only the former, so it has
a separate configure check.]

madvise() is used by qemu itself, so we care more there.

> But the check is not very specific, there could be some unrelated
> warning with the headers.

The check isn't supposed to be very specific; the idea is that it
does basically what the actual qemu source code does, ie just
use the function in a program that's compiled with -Werror. If there's
an unrelated problem with the header that produces a compile
warning then we also want that to cause the test to fail, because
that too will cause qemu compilation to fail later.

I think that the ideal for configure tests is that they test
for exactly the set of functionality used by the program itself;
that's what I'm trying to do here.

> How about checking in the compiled file for
> for example EPOLLIN, that should give a clear build failure if the
> header is missing?

If the header was missing then that would already be causing a
compilation failure. The issue with this particular version of
SPARC glibc is that the header is present but doesn't declare the
function.

Looking for EPOLLIN isn't a useful test for "is epoll_create1()
present and OK?" because:
(1) EPOLLIN will be defined on systems which only have epoll_create(),
so "is EPOLLIN present?" can be true when "is epoll_create1() OK?" is false
(2) we don't ever actually use EPOLLIN, so checking for it could
potentially cause us to not use epoll_create1() even if it was
present and usable

-- PMM

Re: [Qemu-devel] [PATCH] configure: Make epoll_create1 test work around SPARC glibc bug

[Blue Swirl]

On Tue, Apr 19, 2011 at 10:48 PM, Peter Maydell
 wrote:
> On 19 April 2011 20:37, Blue Swirl  wrote:
>> On Tue, Apr 19, 2011 at 11:57 AM, Peter Maydell
>>  wrote:
>>> Work around a SPARC glibc bug which caused the epoll_create1 configure
>>> test to wrongly claim that the function was present. Some versions of
>>> SPARC glibc provided the function in the library but didn't declare
>>> it in the include file; the result is that gcc warns about an implicit
>>> declaration but a link succeeds. So we build the configure test with
>>> -Werror to avoid the test passing but then a -Werror qemu build
>>> failing.
>>
>> But then epoll would not be used.
>
> I think that's fine -- on a system which isn't advertising epoll
> in its include files we shouldn't be trying to use it. It might
> be buggy, or not the same function at all, for instance.
>
> Anybody who actually cares about epoll can upgrade their libc :-)

Maybe epoll is not so interesting as madvise.

But the check is not very specific, there could be some unrelated
warning with the headers. How about checking in the compiled file for
for example EPOLLIN, that should give a clear build failure if the
header is missing?

Re: [Qemu-devel] [PATCH] configure: Make epoll_create1 test work around SPARC glibc bug

[Peter Maydell]

On 19 April 2011 20:37, Blue Swirl  wrote:
> On Tue, Apr 19, 2011 at 11:57 AM, Peter Maydell
>  wrote:
>> Work around a SPARC glibc bug which caused the epoll_create1 configure
>> test to wrongly claim that the function was present. Some versions of
>> SPARC glibc provided the function in the library but didn't declare
>> it in the include file; the result is that gcc warns about an implicit
>> declaration but a link succeeds. So we build the configure test with
>> -Werror to avoid the test passing but then a -Werror qemu build
>> failing.
>
> But then epoll would not be used.

I think that's fine -- on a system which isn't advertising epoll
in its include files we shouldn't be trying to use it. It might
be buggy, or not the same function at all, for instance.

Anybody who actually cares about epoll can upgrade their libc :-)

-- PMM

Re: [Qemu-devel] [PATCH] configure: Make epoll_create1 test work around SPARC glibc bug

[Blue Swirl]

On Tue, Apr 19, 2011 at 11:57 AM, Peter Maydell
 wrote:
> Work around a SPARC glibc bug which caused the epoll_create1 configure
> test to wrongly claim that the function was present. Some versions of
> SPARC glibc provided the function in the library but didn't declare
> it in the include file; the result is that gcc warns about an implicit
> declaration but a link succeeds. So we build the configure test with
> -Werror to avoid the test passing but then a -Werror qemu build
> failing.

But then epoll would not be used. How about checking for the buggy
glibc and doing something similar to how Solaris madvise() problem is
handled in osdep.c? Both this and madvise() hack could be configure
time checks, though.

Re: [Qemu-devel] QEMU-KVM and hardened (GRSEC/PaX) kernel

[Blue Swirl]

2011/4/17 Антон Кочков :
> Good day!
> I'm trying to make working qemu-kvm with hardened gentoo on hardened kernel.
> When i'm using CONFIG_PAX_KERNPAGEXEC and CONFIG_PAX_MEM_UNDEREF qemu just 
> start
> and go to infinite loop and take 100% of one of my CPU core. adn it
> even can't be killed.
> Also it is dont give answer for qemu monitor/remote gdb.
> When I'm changed these two values as disabled, qemu-kvm now start, and
> stop (i mean qemu monitor show that virtual machine is running, but no
> any activity/output). Also it's load about 0%.
> See details in bug http://bugs.gentoo.org/show_bug.cgi?id=363713

Given this description
http://grsecurity.net/~spender/uderef.txt
I'd say the problem is PaX vs. KVM (kernel module part of it). UDEREF
should be overridden for the process in question, which obviously
defeats security. Maybe CONFIG_GRKERNSEC_HARDENED_VIRTUALIZATION
suggested in the bug thread already does this, I don't know. It's not
possible to virtualize for example guests using self-modifying code if
the kernel protections are in the way. The alternative is to use only
guests, which never violate W^X, if they exist.

Re: [Qemu-devel] [PATCH 12/20] target-i386: fix helper_fxtract() wrt softfloat

[Peter Maydell]

On 18 April 2011 22:00, Aurelien Jarno  wrote:
> With softfloat it's not possible to play with the overflow of an
> unsigned value to get the 0 case partially correct. Use a special case
> for that. Using a division to generate an infinity is the easiest way
> that works for both softfloat and softfloat-native.
>
> Signed-off-by: Aurelien Jarno 

Reviewed-by: Peter Maydell 

-- PMM

Re: [Qemu-devel] [PATCH 18/20] target-i386: fix helper_fprem() and helper_fprem1() wrt softfloat

[Peter Maydell]

On 18 April 2011 22:00, Aurelien Jarno  wrote:
> Signed-off-by: Aurelien Jarno 

Reviewed-by: Peter Maydell 

-- PMM

Re: [Qemu-devel] [PATCH 17/20] target-i386: fix logarithmic and trigonometric helpers wrt softfloat

[Peter Maydell]

On 18 April 2011 22:00, Aurelien Jarno  wrote:
> +#include 

Why does this patch need this? I couldn't see anywhere where
the patch added calls to math functions we weren't calling before,
or did I miss one?

>  void helper_fptan(void)
>  {
> -    CPU86_LDouble fptemp;
> +    double fptemp = CPU86_LDouble_to_double(ST0);
>
> -    fptemp = ST0;
>     if((fptemp > MAXTAN)||(fptemp < -MAXTAN)) {
>         env->fpus |= 0x400;
>     } else {
> -        ST0 = tan(fptemp);
> +        fptemp = tan(fptemp);
> +        ST0 = double_to_CPU86_LDouble(fptemp);
>         fpush();
> -        ST0 = 1.0;
> +        ST0 = double_to_CPU86_LDouble(1.0);

You could just say:
   ST0 = floatx_one;

-- PMM

Re: [Qemu-devel] [PATCH 16/20] target-i386: add CPU86_LDouble <-> double conversion functions

[Peter Maydell]

On 18 April 2011 22:00, Aurelien Jarno  wrote:
> Add functions to convert CPU86_LDouble to double and vice versa. They
> are going to be used to implement logarithmic and trigonometric function
> until softfloat implement them.
>
> Signed-off-by: Aurelien Jarno 

Reviewed-by: Peter Maydell 

-- PMM

Re: [Qemu-devel] [PATCH 20/20] target-i386: switch to softfloat

[Peter Maydell]

On 18 April 2011 22:00, Aurelien Jarno  wrote:
> diff --git a/configure b/configure
> index da2da04..6e445b4 100755
> --- a/configure
> +++ b/configure
> @@ -3276,9 +3276,6 @@ if test ! -z "$gdb_xml_files" ; then
>  fi
>
>  case "$target_arch2" in
> -  i386|x86_64)
> -    echo "CONFIG_NOSOFTFLOAT=y" >> $config_target_mak
> -    ;;
>   *)
>     echo "CONFIG_SOFTFLOAT=y" >> $config_target_mak
>     ;;

Since the only case in this case statement is now "*", I think
it would make more sense to just delete it and have:
 echo "CONFIG_SOFTFLOAT=y" >> $config_target_mak
unconditionally.

-- PMM

Re: [Qemu-devel] [PATCH 19/20] target-i386: fix constants wrt softfloat

[Peter Maydell]

On 18 April 2011 22:00, Aurelien Jarno  wrote:
> Signed-off-by: Aurelien Jarno 

Reviewed-by: Peter Maydell 

-- PMM

Re: [Qemu-devel] [PATCH 15/20] target-i386: replace approx_rsqrt and approx_rcp by softfloat ops

[Peter Maydell]

On 18 April 2011 22:00, Aurelien Jarno  wrote:
> Signed-off-by: Aurelien Jarno 

Reviewed-by: Peter Maydell 

-- PMM

Re: [Qemu-devel] [PATCH 14/20] target-i386: fix helper_fsqrt() wrt softfloat

[Peter Maydell]

On 18 April 2011 22:00, Aurelien Jarno  wrote:
> Signed-off-by: Aurelien Jarno 

Reviewed-by: Peter Maydell 

-- PMM

Re: [Qemu-devel] [PATCH 13/20] target-i386: fix helper_fdiv() wrt softfloat

[Peter Maydell]

On 18 April 2011 22:00, Aurelien Jarno  wrote:
> +++ b/target-i386/op_helper.c
> @@ -3440,9 +3440,10 @@ static void fpu_set_exception(int mask)
>
>  static inline CPU86_LDouble helper_fdiv(CPU86_LDouble a, CPU86_LDouble b)
>  {
> -    if (b == 0.0)
> +    if (floatx_is_zero(b)) {
>         fpu_set_exception(FPUS_ZE);
> -    return a / b;
> +    }
> +    return floatx_div(a, b, &env->fp_status);
>  }

When we get rid of softfloat-native we should be able to just
use softfloat's flag-raising code and get rid of this special
case of zero, right?

Reviewed-by: Peter Maydell 

-- PMM

Re: [Qemu-devel] [PATCH 11/20] target-i386: fix helper_flbd_ST0() wrt softfloat

[Peter Maydell]

On 18 April 2011 22:00, Aurelien Jarno  wrote:
> Signed-off-by: Aurelien Jarno 
> ---
>  target-i386/op_helper.c |    7 ---
>  1 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/target-i386/op_helper.c b/target-i386/op_helper.c
> index f614893..737 100644
> --- a/target-i386/op_helper.c
> +++ b/target-i386/op_helper.c
> @@ -3920,9 +3920,10 @@ void helper_fbld_ST0(target_ulong ptr)
>         v = ldub(ptr + i);
>         val = (val * 100) + ((v >> 4) * 10) + (v & 0xf);
>     }
> -    tmp = val;
> -    if (ldub(ptr + 9) & 0x80)
> -        tmp = -tmp;
> +    if (ldub(ptr + 9) & 0x80) {
> +        val = -val;
> +    }
> +    tmp = int64_to_floatx(val, &env->fp_status);
>     fpush();
>     ST0 = tmp;
>  }

This doesn't do the right thing for -0 (should generate -0,
not +0). I think:

 tmp = int64_to_floatx(val, &env->fp_status);
 if (ldub(ptr + 9) & 0x80) {
 floatx_chs(tmp);
 }

ought to do the right thing and work for both softfloat and
sf-native, but I haven't tested it.

-- PMM

Re: [Qemu-devel] [PATCH 10/20] target-i386: fix helper_fscale() wrt softfloat

[Peter Maydell]

On 18 April 2011 22:00, Aurelien Jarno  wrote:
> Use the scalbn softfloat function to implement helper_fscale(). This
> fixes corner cases (e.g. NaN) and makes a few more GNU libc math tests
> to pass.
>
> Signed-off-by: Aurelien Jarno 

Reviewed-by: Peter Maydell 

-- PMM

[Qemu-devel] [PATCH] target-arm: Set Invalid flag for NaN in float-to-int conversions

[Peter Maydell]

When we catch the special case of an input NaN in ARM float to int
helper functions, set the Invalid flag as well as returning the
correct result.

Signed-off-by: Peter Maydell 
---
 target-arm/helper.c |9 +
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 12127de..d5f2ace 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2542,6 +2542,7 @@ float64 VFP_HELPER(sito, d)(uint32_t x, CPUState *env)
 uint32_t VFP_HELPER(toui, s)(float32 x, CPUState *env)
 {
 if (float32_is_any_nan(x)) {
+float_raise(float_flag_invalid, &env->vfp.fp_status);
 return 0;
 }
 return float32_to_uint32(x, &env->vfp.fp_status);
@@ -2550,6 +2551,7 @@ uint32_t VFP_HELPER(toui, s)(float32 x, CPUState *env)
 uint32_t VFP_HELPER(toui, d)(float64 x, CPUState *env)
 {
 if (float64_is_any_nan(x)) {
+float_raise(float_flag_invalid, &env->vfp.fp_status);
 return 0;
 }
 return float64_to_uint32(x, &env->vfp.fp_status);
@@ -2558,6 +2560,7 @@ uint32_t VFP_HELPER(toui, d)(float64 x, CPUState *env)
 uint32_t VFP_HELPER(tosi, s)(float32 x, CPUState *env)
 {
 if (float32_is_any_nan(x)) {
+float_raise(float_flag_invalid, &env->vfp.fp_status);
 return 0;
 }
 return float32_to_int32(x, &env->vfp.fp_status);
@@ -2566,6 +2569,7 @@ uint32_t VFP_HELPER(tosi, s)(float32 x, CPUState *env)
 uint32_t VFP_HELPER(tosi, d)(float64 x, CPUState *env)
 {
 if (float64_is_any_nan(x)) {
+float_raise(float_flag_invalid, &env->vfp.fp_status);
 return 0;
 }
 return float64_to_int32(x, &env->vfp.fp_status);
@@ -2574,6 +2578,7 @@ uint32_t VFP_HELPER(tosi, d)(float64 x, CPUState *env)
 uint32_t VFP_HELPER(touiz, s)(float32 x, CPUState *env)
 {
 if (float32_is_any_nan(x)) {
+float_raise(float_flag_invalid, &env->vfp.fp_status);
 return 0;
 }
 return float32_to_uint32_round_to_zero(x, &env->vfp.fp_status);
@@ -2582,6 +2587,7 @@ uint32_t VFP_HELPER(touiz, s)(float32 x, CPUState *env)
 uint32_t VFP_HELPER(touiz, d)(float64 x, CPUState *env)
 {
 if (float64_is_any_nan(x)) {
+float_raise(float_flag_invalid, &env->vfp.fp_status);
 return 0;
 }
 return float64_to_uint32_round_to_zero(x, &env->vfp.fp_status);
@@ -2590,6 +2596,7 @@ uint32_t VFP_HELPER(touiz, d)(float64 x, CPUState *env)
 uint32_t VFP_HELPER(tosiz, s)(float32 x, CPUState *env)
 {
 if (float32_is_any_nan(x)) {
+float_raise(float_flag_invalid, &env->vfp.fp_status);
 return 0;
 }
 return float32_to_int32_round_to_zero(x, &env->vfp.fp_status);
@@ -2598,6 +2605,7 @@ uint32_t VFP_HELPER(tosiz, s)(float32 x, CPUState *env)
 uint32_t VFP_HELPER(tosiz, d)(float64 x, CPUState *env)
 {
 if (float64_is_any_nan(x)) {
+float_raise(float_flag_invalid, &env->vfp.fp_status);
 return 0;
 }
 return float64_to_int32_round_to_zero(x, &env->vfp.fp_status);
@@ -2636,6 +2644,7 @@ uint##fsz##_t VFP_HELPER(to##name, p)(float##fsz x, 
uint32_t shift, \
 { \
 float##fsz tmp; \
 if (float##fsz##_is_any_nan(x)) { \
+float_raise(float_flag_invalid, &env->vfp.fp_status); \
 return 0; \
 } \
 tmp = float##fsz##_scalbn(x, shift, &env->vfp.fp_status); \
-- 
1.7.1

Re: [Qemu-devel] [PATCH/RFC] Port Wine preloader to QEMU

[Peter Maydell]

On 19 April 2011 16:48, Riku Voipio  wrote:
> On Tue, Apr 19, 2011 at 06:19:49PM +0900, Mike McCormack wrote:
>>  * modifying do_brk to not use MAP_FIXED - causes an out of memory
>>    failure rather than a crash
>
> Have you tried the patch posted by Peter Maydell yesterday:
>
>  http://www.mail-archive.com/qemu-devel@nongnu.org/msg61733.html

That will presumably get the out-of-memory failure as Mike says :-)
I think that's an improvement over crashing, in the short term...

-- PMM

[Qemu-devel] [PATCH 07/24] target-alpha: Cleanup MMU modes.

[Richard Henderson]

Don't bother including executive and supervisor modes.

Signed-off-by: Richard Henderson 
---
 target-alpha/cpu.h |   36 
 1 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/target-alpha/cpu.h b/target-alpha/cpu.h
index e977705..4737b83 100644
--- a/target-alpha/cpu.h
+++ b/target-alpha/cpu.h
@@ -192,6 +192,33 @@ enum {
 
 #define SWCR_MASK  (SWCR_TRAP_ENABLE_MASK | SWCR_MAP_MASK | SWCR_STATUS_MASK)
 
+/* MMU modes definitions */
+
+/* Alpha has 5 MMU modes: PALcode, kernel, executive, supervisor, and user.
+   The Unix PALcode only exposes the kernel and user modes; presumably
+   executive and supervisor are used by VMS.
+
+   PALcode itself uses physical mode for code and kernel mode for data;
+   there are PALmode instructions that can access data via physical mode
+   or via an os-installed "alternate mode", which is one of the 4 above.
+
+   QEMU does not currently properly distinguish between code/data when
+   looking up addresses.  To avoid having to address this issue, our
+   emulated PALcode will cheat and use the KSEG mapping for its code+data
+   rather than physical addresses.
+
+   Moreover, we're only emulating Unix PALcode, and not attempting VMS.
+
+   All of which allows us to drop all but kernel and user modes.
+   Elide the unused MMU modes to save space.  */
+
+#define NB_MMU_MODES 2
+
+#define MMU_MODE0_SUFFIX _kernel
+#define MMU_MODE1_SUFFIX _user
+#define MMU_KERNEL_IDX   0
+#define MMU_USER_IDX 1
+
 typedef struct CPUAlphaState CPUAlphaState;
 
 struct CPUAlphaState {
@@ -246,16 +273,9 @@ struct CPUAlphaState {
 #define cpu_gen_code cpu_alpha_gen_code
 #define cpu_signal_handler cpu_alpha_signal_handler
 
-/* MMU modes definitions */
-#define NB_MMU_MODES 4
-#define MMU_MODE0_SUFFIX _kernel
-#define MMU_MODE1_SUFFIX _executive
-#define MMU_MODE2_SUFFIX _supervisor
-#define MMU_MODE3_SUFFIX _user
-#define MMU_USER_IDX 3
 static inline int cpu_mmu_index (CPUState *env)
 {
-return (env->ps >> 3) & 3;
+return (env->ps >> 3) & 1;
 }
 
 #include "cpu-all.h"
-- 
1.7.3.4

[Qemu-devel] [PATCH 18/24] target-alpha: Add custom PALcode image for SX164 emulation.

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 .gitmodules   |3 +++
 Makefile  |3 ++-
 configure |2 +-
 pc-bios/palcode-sx164 |  Bin 0 -> 107621 bytes
 roms/qemu-palcode |1 +
 5 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 pc-bios/palcode-sx164
 create mode 16 roms/qemu-palcode

diff --git a/.gitmodules b/.gitmodules
index 44fdd1a..a9a30d4 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -7,3 +7,6 @@
 [submodule "roms/SLOF"]
path = roms/SLOF
url = git://git.qemu.org/SLOF.git
+[submodule "roms/qemu-palcode"]
+   path = roms/qemu-palcode
+   url = git://repo.or.cz/qemu-palcode.git
diff --git a/Makefile b/Makefile
index dc39efd..d8a802e 100644
--- a/Makefile
+++ b/Makefile
@@ -187,7 +187,8 @@ pxe-rtl8139.bin pxe-virtio.bin \
 bamboo.dtb petalogix-s3adsp1800.dtb petalogix-ml605.dtb \
 multiboot.bin linuxboot.bin \
 s390-zipl.rom \
-spapr-rtas.bin slof.bin
+spapr-rtas.bin slof.bin \
+palcode-sx164
 else
 BLOBS=
 endif
diff --git a/configure b/configure
index da2da04..4a93972 100755
--- a/configure
+++ b/configure
@@ -3454,7 +3454,7 @@ FILES="Makefile tests/Makefile"
 FILES="$FILES tests/cris/Makefile tests/cris/.gdbinit"
 FILES="$FILES pc-bios/optionrom/Makefile pc-bios/keymaps"
 FILES="$FILES roms/seabios/Makefile roms/vgabios/Makefile"
-for bios_file in $source_path/pc-bios/*.bin $source_path/pc-bios/*.dtb 
$source_path/pc-bios/openbios-*; do
+for bios_file in $source_path/pc-bios/*.bin $source_path/pc-bios/*.dtb 
$source_path/pc-bios/openbios-* $source_path/pc-bios/palcode-*; do
 FILES="$FILES pc-bios/`basename $bios_file`"
 done
 mkdir -p $DIRS
diff --git a/pc-bios/palcode-sx164 b/pc-bios/palcode-sx164
new file mode 100644
index 
..71626214e61173e7cdfdb18dacbfe16f8eba7b3b
GIT binary patch
literal 107621
zcmeHwdwf*Yx%S$#C&T1I7)ZFuC3_|T!Y!Eul%PN+370@oBbS2KGMOYpk{XgRnUGkO
zM8y_uRcx)L*3Y1#wLP|S&Ox-cO1`6~<+Qd^>uK$2k77$(YSp6kShQ-s=UtbX$x5h~
z`My8C-*4?7Gi$xidf#`w>sjwwd(WQPp>Ngt)h^3o>Tt2ydlS;TLqj3i@aV1t%0jGy
zx$r)Ljbnt4;X28720IR++`mjXsMsw^#w{4T==bp^kAgl#>HQEoM#V5-7%&VN1`Gp+
z0mFb{z%XDKFbo(53GHFkl!k3>XFs1BL;^fMLKeU>GnA7zPXjh5^HXVZbn8
z7%&VN1`Gp+0mFb{z%XDKFbo(53GHFkl!k3>XFs1BL;^fMLKeU>GnA7zPXj
zh5^HXVZbn87%&VN1`Gp+0mFb{z%XDKFbo(53GHFkl!k3>XFs1BL;^fMLKe
zU>GnA7zPXjh5^HXVZbn87%&VN1`Gp+0mFb{z%XDKFbo(53GHFkl!k3>XFs
z1BL;^fMLKeU>GnA7zPXjh5^HXVZbn87%&VN1`Gp+0mFb{z%XDKFbo(53GH
zFkl!k3>XFs1BL;^fMLKeU>GnA7zPXjh5^HXVZbn87%&VN1`Gp+0mFb{z%XDKFbo(5
z3GHFkl!k3>XFs1BL;^fMLKeU>GnA7zPXjh5^HXVZbn87%&VN1`Gp+0mFb{
zz%XDKFbo(53GHFkl!k3>XFs1BL;^fMLKeU>GnA7zPXjh5^HXVZbn87%&VN
z1`Gp+0mFb{z%XDKFbo(53GHFkl!k3>XFs1BL;^fMLKeU>GnA7zWZ|VE>aA
zdwkBF-+#QYoW0j`>hAw89K$Ld#$M_f8me@PQO?C{9$xeDT7cI=ylhsm-OVbuXRz@0
zp`oki?C-gz3hdDee8)xrm&fZ9k$|dG23?7d+7KY#!iBx7o$OTq}gHx0mdrv3I|yKYiHzz
z`v1s%-KP4gY^J_27Xju~eZ76gzDDPxAWAU|W)Hqj-;=}6*&03I_ujnc>TTJ
zO8?xi7OrKPbN!5EUi~NU2Yl}CANq)&_q1`OX@6wQ2gIj!r;87zX+Myr{Vi$Q_oZpy
zk*0m*gYrWsT$AbE!~V^z`qN|Bn`|+Cj{Io(RGDV{rD@uK)OfYwvvFzmKjcX-|4Udw
z6FX(E{J7)ro?@#@SY%tI{ZK}F>;Erl+P|2l{WEFWA4${xp)~CW
z(zL%NP5Zty?K{%652tB=VVd@3xCibFvegzl)lvu;E@PjgMr7UGK}SGlMbw%%D!7Qg*kmw*s1n~)~nSn_G%CF4ff@*f@ZIe
z^^Hl1IXlhqXVdk^N4(}s8+o?q-pwmNf1A(zNeL(>|Q0{e@}TSEgxSnx=h0n)X>~UjJmJdHwbm
zE4}^W#Wd}oNz?vFn)VN+X+Myr{Vi$Q_oZpyk*0k(O?xJ<-@a_6Tz_u*@V_UkOtb&e
zH0=x0v>%tI{SZrU{r)9Q`xn!+e9=iW_mizTJ)9_;buV0CK
zh48~Va@c9;6*N1zXXyBR9a)fzeaG4-1qX4z_N^Wtu!={lPk4c=dwBEZ^~?fUE|le5
zSr*H3o-7O8L-IT0KjSz0@ALaEbbo{H2iUkDF!HzTPmKEeeb)c>WjC|RLJRY;7v<8)
zMV}~P15tV|A;1Q9z2N;Q%TYdnauLddC>NuA6y@0{2T`7b
z@+itBD3776K>0k%r6`Z1JQw9jl;@#5g>o6n(!M(nko{d0WUFpTz^x!u(laN~(sAC*X9_r}t
z=di=_z&RZE;meS3jP*sceG%ktJ%8@R>wCJ-g?7qqhWZz9e?FW26YkHqU7dy49p8gj
zQ|{8eK#P5E&U1SnFFb|kRECC@&t~lXQfA@V5Vq}+SNh5V@3YX)mEMEU3*Iy1es;Xl
zA$`&vD)0ryV?FtpwVF9$ZpWOU6TD~np&W~B;g4|K
z-SzOkANsisWB+SbF?-_S`g<2R3*RcN4fNcz*2`8rY>ltRn72KgiTz><+x2jk`xN-x
z_DKD`ZTFons5<1q*uOBTX)Qf}H2;yvTK|?=wb|}Sl?OaLI~4x8|1BHx@iqRQK&>_2
z@4){dW@R7nFm|GUlDn4doJXu$vSV&5lmWY^q@A*1*8D>^9&VW<@WW%8?wc(<=4b{&23;T)!lULTBzqZi{vB*JIU0vj5Rfkrc-&Yi}
z!j5xMqca8aO0;dpcDEn(gLc@dg`5fbC}bCd9*Z10Wkn8!SYOegU3DmU&!-O*vuh3&
zV=rhy+w+tAih_{Y?nWo@R!wam@CwL71=UUr?Po#0_HY%(*yj{3X{xOw-DLyLR+KT<
zfYS>d3;i8~Z|1H#6v(Kq+6!zS+8yf}=d>L;WV>Hl<3*bbb6w9~dW5mN4|tj1ak*E8
z?z4+Re;+#X=Bc}vgNOG^Z#sPUTGZhaoLV)9*gcOwJO%mC$8(AD;r&v|edO~0Am?T+
z=$Y$3b@!*S7Wx9^Z`G_D@BY)8MN692Wg+qY?y7Tcc(>B=PcEu;vESCX+*P5^V;qb%
zRJ`qqIX3%UO%BFqyCWgSes|t!i3$0-iZN(o?AnTV;fL(sbNK?~W1Pf&>{Lw_IJVpt
zzQ4Jq*nMhXrOoRA1^$P
zH7>^SI@b5L#G13QHhk`v*H~<>|CbmSV{_+?XRmj?GgSE&jfKVm{rjAh^&W#izGuk2
zLVp;;oIg-p{>gsiLfK0H)Wd;kKxMxYI+F_wL8S|g>KH-$3du3Zss5)P?{mZ*(bEA#&+U0%&{*FJ%
zSmEK*L)AFHHaZ9X7D7%BoN%2At)B3DXtm`o58c}n3QchT7P|H1A3mzN59-s_`m`_(
z=$y+CtKziny2lGc;FR{apFDkJ)=!@Pwtp{M;VhhdU~Q1CI0Si?7i)%a!8`4%f_K^@
zL+ma;?Rm8S?ZY#K`|%9n18mpfgY2%ukFqBYSFjZaAHq29ez>R_=MTgv_VUc2gYPq5
zUem@o7whi;^k^;9c_PdGXUrwm0Gn5AvCsIC-(B~1mxQjwIPbl>Bs7NApSbrc3qlhh
z-}9A)p}%5HppVe?$V=KM?|rx=GzV>WPb>}f16vDB^*syEGgANOr}TY2+7aviAlr3-
z)~V(5

[Qemu-devel] [PATCH 00/24] Alpha system emulation, v2

[Richard Henderson]

Changes from v1 to v2:
  - Split patch 5 up into little pieces.  These pieces were compile
tested by applying patch 23 (Enable alpha-softmmu) out of sequence
so that both softmmu and linux-user targets were built.  But in
the end I chickened out and re-ordered the enable patch to last.

  - The TB->FLAGS patch is more comprehensive.  In doing the split I
noticed that we were doing funny things with AMASK that really
ought to have belonged in the TB in the first place.

  - The patch for unassigned addresses is more comprehensive.  I had
previously failed to do the if-deffing dance in the generic part
of QEMU.

  - The PALcode source is added as a submodule.


r~


Richard Henderson (24):
  Export the unassigned_mem read/write functions.
  target-alpha: Disassemble EV6 PALcode instructions.
  pci: Export pci_to_cpu_addr.
  target-alpha: Remove partial support for palcode emulation.
  target-alpha: Tidy exception constants.
  target-alpha: Rationalize internal processor registers.
  target-alpha: Cleanup MMU modes.
  target-alpha: Fixup translation of PALmode instructions.
  target-alpha: Add IPRs to be used by the emulation PALcode.
  target-alpha: Tidy up arithmetic exceptions.
  target-alpha: Merge HW_REI and HW_RET implementations.
  target-alpha: Implement do_interrupt for system mode.
  target-alpha: Swap shadow registers moving to/from PALmode.
  target-alpha: Add various symbolic constants.
  target-alpha: All ISA checks to use TB->FLAGS.
  target-alpha: Disable interrupts properly.
  target-alpha: Implement more CALL_PAL values inline.
  target-alpha: Add custom PALcode image for SX164 emulation.
  target-alpha: Implement cpu_alpha_handle_mmu_fault for system mode.
  target-alpha: Trap for unassigned and unaligned addresses.
  target-alpha: Include the PCC_OFS in the RPCC return value.
  target-alpha: Implement TLB flush primitives.
  target-alpha: Enable the alpha-softmmu target.
  target-alpha: Add SX164 emulation.

 .gitmodules   |3 +
 Makefile  |3 +-
 Makefile.target   |4 +-
 alpha-dis.c   |4 -
 configure |3 +-
 cpu-common.h  |7 +
 cpu-exec.c|   16 +-
 default-configs/alpha-softmmu.mak |9 +
 dis-asm.h |3 +
 disas.c   |2 +-
 exec-all.h|2 +-
 exec.c|   24 +-
 hw/alpha_palcode.c| 1048 
 hw/alpha_pci.c|  327 
 hw/alpha_pyxis.c  | 1057 +
 hw/alpha_sx164.c  |  195 +++
 hw/alpha_sys.h|   41 ++
 hw/pci.c  |3 +-
 hw/pci.h  |1 +
 linux-user/main.c |   49 +--
 pc-bios/palcode-sx164 |  Bin 0 -> 107621 bytes
 roms/qemu-palcode |1 +
 target-alpha/cpu.h|  363 ++
 target-alpha/exec.h   |7 +-
 target-alpha/helper.c |  581 +
 target-alpha/helper.h |   32 +-
 target-alpha/machine.c|   87 +++
 target-alpha/op_helper.c  |  236 -
 target-alpha/translate.c  |  771 
 29 files changed, 2734 insertions(+), 2145 deletions(-)
 create mode 100644 default-configs/alpha-softmmu.mak
 delete mode 100644 hw/alpha_palcode.c
 create mode 100644 hw/alpha_pci.c
 create mode 100644 hw/alpha_pyxis.c
 create mode 100644 hw/alpha_sx164.c
 create mode 100644 hw/alpha_sys.h
 create mode 100644 pc-bios/palcode-sx164
 create mode 16 roms/qemu-palcode
 create mode 100644 target-alpha/machine.c

-- 
1.7.3.4

[Qemu-devel] [PATCH 20/24] target-alpha: Trap for unassigned and unaligned addresses.

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 exec-all.h   |2 +-
 exec.c   |   12 ++--
 target-alpha/cpu.h   |6 +-
 target-alpha/op_helper.c |   39 ++-
 4 files changed, 50 insertions(+), 9 deletions(-)

diff --git a/exec-all.h b/exec-all.h
index 496c001..e525662 100644
--- a/exec-all.h
+++ b/exec-all.h
@@ -323,7 +323,7 @@ static inline tb_page_addr_t get_page_addr_code(CPUState 
*env1, target_ulong add
 }
 pd = env1->tlb_table[mmu_idx][page_index].addr_code & ~TARGET_PAGE_MASK;
 if (pd > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
-#if defined(TARGET_SPARC) || defined(TARGET_MIPS)
+#if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_SPARC)
 do_unassigned_access(addr, 0, 1, 0, 4);
 #else
 cpu_abort(env1, "Trying to execute code outside RAM or ROM at 0x" 
TARGET_FMT_lx "\n", addr);
diff --git a/exec.c b/exec.c
index 994d51b..c3c2809 100644
--- a/exec.c
+++ b/exec.c
@@ -3095,7 +3095,7 @@ uint32_t unassigned_mem_readb(void *opaque, 
target_phys_addr_t addr)
 #ifdef DEBUG_UNASSIGNED
 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
 #endif
-#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
+#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || 
defined(TARGET_MICROBLAZE)
 do_unassigned_access(addr, 0, 0, 0, 1);
 #endif
 return 0;
@@ -3106,7 +3106,7 @@ uint32_t unassigned_mem_readw(void *opaque, 
target_phys_addr_t addr)
 #ifdef DEBUG_UNASSIGNED
 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
 #endif
-#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
+#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || 
defined(TARGET_MICROBLAZE)
 do_unassigned_access(addr, 0, 0, 0, 2);
 #endif
 return 0;
@@ -3117,7 +3117,7 @@ uint32_t unassigned_mem_readl(void *opaque, 
target_phys_addr_t addr)
 #ifdef DEBUG_UNASSIGNED
 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
 #endif
-#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
+#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || 
defined(TARGET_MICROBLAZE)
 do_unassigned_access(addr, 0, 0, 0, 4);
 #endif
 return 0;
@@ -3128,7 +3128,7 @@ void unassigned_mem_writeb(void *opaque, 
target_phys_addr_t addr, uint32_t val)
 #ifdef DEBUG_UNASSIGNED
 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
 #endif
-#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
+#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || 
defined(TARGET_MICROBLAZE)
 do_unassigned_access(addr, 1, 0, 0, 1);
 #endif
 }
@@ -3138,7 +3138,7 @@ void unassigned_mem_writew(void *opaque, 
target_phys_addr_t addr, uint32_t val)
 #ifdef DEBUG_UNASSIGNED
 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
 #endif
-#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
+#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || 
defined(TARGET_MICROBLAZE)
 do_unassigned_access(addr, 1, 0, 0, 2);
 #endif
 }
@@ -3148,7 +3148,7 @@ void unassigned_mem_writel(void *opaque, 
target_phys_addr_t addr, uint32_t val)
 #ifdef DEBUG_UNASSIGNED
 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
 #endif
-#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
+#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || 
defined(TARGET_MICROBLAZE)
 do_unassigned_access(addr, 1, 0, 0, 4);
 #endif
 }
diff --git a/target-alpha/cpu.h b/target-alpha/cpu.h
index d133cc6..f64dcd1 100644
--- a/target-alpha/cpu.h
+++ b/target-alpha/cpu.h
@@ -422,7 +422,11 @@ void do_interrupt (CPUState *env);
 
 uint64_t cpu_alpha_load_fpcr (CPUState *env);
 void cpu_alpha_store_fpcr (CPUState *env, uint64_t val);
-extern void swap_shadow_regs(CPUState *env);
+#ifndef CONFIG_USER_ONLY
+void swap_shadow_regs(CPUState *env);
+extern QEMU_NORETURN void do_unassigned_access(target_phys_addr_t addr,
+   int, int, int, int);
+#endif
 
 /* Bits in TB->FLAGS that control how translation is processed.  */
 enum {
diff --git a/target-alpha/op_helper.c b/target-alpha/op_helper.c
index d502bca..cc8a33d 100644
--- a/target-alpha/op_helper.c
+++ b/target-alpha/op_helper.c
@@ -1242,7 +1242,44 @@ uint64_t helper_stq_c_phys(uint64_t p, uint64_t v)
 return ret;
 }
 
+static void do_restore_state(void *pc_ptr)
+{
+TranslationBlock *tb;
+unsigned long pc = (unsigned long) pc_ptr;
+
+tb = tb_find_pc(pc);
+if (tb) {
+cpu_restore_state(tb, env, pc, NULL);
+}
+}
+
+static void QEMU_NORETURN do_unaligned_access(target_ulong addr, int is_write,
+  int is_user, void *retaddr)
+{
+uint64_t pc;
+uint32_t insn;
+
+do_restore_state(retaddr);
+
+pc = env->pc;
+insn = ldl_code(pc);
+
+env->trap_arg0 = addr;
+env->trap_arg1 = insn >> 26;/* opcode */
+env->trap_arg2 = (insn >> 21) & 31; /* dest regno */
+helper_excp(EXCP_UNALIGN, 0);
+}
+
+voi

[Qemu-devel] [PATCH 13/24] target-alpha: Swap shadow registers moving to/from PALmode.

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/cpu.h   |1 +
 target-alpha/helper.c|   37 -
 target-alpha/op_helper.c |5 -
 3 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/target-alpha/cpu.h b/target-alpha/cpu.h
index dec8b26..f6549f9 100644
--- a/target-alpha/cpu.h
+++ b/target-alpha/cpu.h
@@ -380,6 +380,7 @@ void do_interrupt (CPUState *env);
 
 uint64_t cpu_alpha_load_fpcr (CPUState *env);
 void cpu_alpha_store_fpcr (CPUState *env, uint64_t val);
+extern void swap_shadow_regs(CPUState *env);
 
 static inline void cpu_get_tb_cpu_state(CPUState *env, target_ulong *pc,
 target_ulong *cs_base, int *flags)
diff --git a/target-alpha/helper.c b/target-alpha/helper.c
index d5923e0..ce5f257 100644
--- a/target-alpha/helper.c
+++ b/target-alpha/helper.c
@@ -168,6 +168,38 @@ int cpu_alpha_handle_mmu_fault (CPUState *env, 
target_ulong address, int rw,
 return 1;
 }
 #else
+void swap_shadow_regs(CPUState *env)
+{
+uint64_t i0, i1, i2, i3, i4, i5, i6, i7;
+
+i0 = env->ir[8];
+i1 = env->ir[9];
+i2 = env->ir[10];
+i3 = env->ir[11];
+i4 = env->ir[12];
+i5 = env->ir[13];
+i6 = env->ir[14];
+i7 = env->ir[25];
+
+env->ir[8]  = env->shadow[0];
+env->ir[9]  = env->shadow[1];
+env->ir[10] = env->shadow[2];
+env->ir[11] = env->shadow[3];
+env->ir[12] = env->shadow[4];
+env->ir[13] = env->shadow[5];
+env->ir[14] = env->shadow[6];
+env->ir[25] = env->shadow[7];
+
+env->shadow[0] = i0;
+env->shadow[1] = i1;
+env->shadow[2] = i2;
+env->shadow[3] = i3;
+env->shadow[4] = i4;
+env->shadow[5] = i5;
+env->shadow[6] = i6;
+env->shadow[7] = i7;
+}
+
 target_phys_addr_t cpu_get_phys_page_debug (CPUState *env, target_ulong addr)
 {
 return -1;
@@ -284,7 +316,10 @@ void do_interrupt (CPUState *env)
 env->pc = env->palbr + i;
 
 /* Switch to PALmode.  */
-env->pal_mode = 1;
+if (!env->pal_mode) {
+env->pal_mode = 1;
+swap_shadow_regs(env);
+}
 #endif /* !USER_ONLY */
 }
 
diff --git a/target-alpha/op_helper.c b/target-alpha/op_helper.c
index 9c19c96..d502bca 100644
--- a/target-alpha/op_helper.c
+++ b/target-alpha/op_helper.c
@@ -1166,9 +1166,12 @@ uint64_t helper_cvtqg (uint64_t a)
 void helper_hw_ret (uint64_t a)
 {
 env->pc = a & ~3;
-env->pal_mode = a & 1;
 env->intr_flag = 0;
 env->lock_addr = -1;
+if ((a & 1) == 0) {
+env->pal_mode = 0;
+swap_shadow_regs(env);
+}
 }
 #endif
 
-- 
1.7.3.4

[Qemu-devel] [PATCH 04/24] target-alpha: Remove partial support for palcode emulation.

[Richard Henderson]

This code does not work, and will be replaced by a bios image.

Signed-off-by: Richard Henderson 
---
 Makefile.target  |2 +-
 hw/alpha_palcode.c   | 1048 --
 target-alpha/cpu.h   |   35 --
 target-alpha/helper.c|2 +-
 target-alpha/translate.c |2 -
 5 files changed, 2 insertions(+), 1087 deletions(-)
 delete mode 100644 hw/alpha_palcode.c

diff --git a/Makefile.target b/Makefile.target
index d5761b7..5ea7ce1 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -362,7 +362,7 @@ obj-m68k-y += m68k-semi.o dummy_m68k.o
 
 obj-s390x-y = s390-virtio-bus.o s390-virtio.o
 
-obj-alpha-y = alpha_palcode.o
+obj-alpha-y = 
 
 main.o: QEMU_CFLAGS+=$(GPROF_CFLAGS)
 
diff --git a/hw/alpha_palcode.c b/hw/alpha_palcode.c
deleted file mode 100644
index 033b542..000
--- a/hw/alpha_palcode.c
+++ /dev/null
@@ -1,1048 +0,0 @@
-/*
- *  Alpha emulation - PALcode emulation for qemu.
- *
- *  Copyright (c) 2007 Jocelyn Mayer
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see .
- */
-
-#include 
-#include 
-#include 
-
-#include "cpu.h"
-#include "exec-all.h"
-
-/* Shared handlers */
-static void pal_reset (CPUState *env);
-/* Console handlers */
-static void pal_console_call (CPUState *env, uint32_t palcode);
-/* OpenVMS handlers */
-static void pal_openvms_call (CPUState *env, uint32_t palcode);
-/* UNIX / Linux handlers */
-static void pal_unix_call (CPUState *env, uint32_t palcode);
-
-pal_handler_t pal_handlers[] = {
-/* Console handler */
-{
-.reset = &pal_reset,
-.call_pal = &pal_console_call,
-},
-/* OpenVMS handler */
-{
-.reset = &pal_reset,
-.call_pal = &pal_openvms_call,
-},
-/* UNIX / Linux handler */
-{
-.reset = &pal_reset,
-.call_pal = &pal_unix_call,
-},
-};
-
-#if 0
-/* One must explicitly check that the TB is valid and the FOE bit is reset */
-static void update_itb (void)
-{
-/* This writes into a temp register, not the actual one */
-mtpr(TB_TAG);
-mtpr(TB_CTL);
-/* This commits the TB update */
-mtpr(ITB_PTE);
-}
-
-static void update_dtb (void);
-{
-mtpr(TB_CTL);
-/* This write into a temp register, not the actual one */
-mtpr(TB_TAG);
-/* This commits the TB update */
-mtpr(DTB_PTE);
-}
-#endif
-
-static void pal_reset (CPUState *env)
-{
-}
-
-static void do_swappal (CPUState *env, uint64_t palid)
-{
-pal_handler_t *pal_handler;
-
-switch (palid) {
-case 0 ... 2:
-pal_handler = &pal_handlers[palid];
-env->pal_handler = pal_handler;
-env->ipr[IPR_PAL_BASE] = -1ULL;
-(*pal_handler->reset)(env);
-break;
-case 3 ... 255:
-/* Unknown identifier */
-env->ir[0] = 1;
-return;
-default:
-/* We were given the entry point address */
-env->pal_handler = NULL;
-env->ipr[IPR_PAL_BASE] = palid;
-env->pc = env->ipr[IPR_PAL_BASE];
-cpu_loop_exit();
-}
-}
-
-static void pal_console_call (CPUState *env, uint32_t palcode)
-{
-uint64_t palid;
-
-if (palcode < 0x0080) {
-/* Privileged palcodes */
-if (!(env->ps >> 3)) {
-/* TODO: generate privilege exception */
-}
-}
-switch (palcode) {
-case 0x:
-/* HALT */
-/* REQUIRED */
-break;
-case 0x0001:
-/* CFLUSH */
-break;
-case 0x0002:
-/* DRAINA */
-/* REQUIRED */
-/* Implemented as no-op */
-break;
-case 0x0009:
-/* CSERVE */
-/* REQUIRED */
-break;
-case 0x000A:
-/* SWPPAL */
-/* REQUIRED */
-palid = env->ir[16];
-do_swappal(env, palid);
-break;
-case 0x0080:
-/* BPT */
-/* REQUIRED */
-break;
-case 0x0081:
-/* BUGCHK */
-/* REQUIRED */
-break;
-case 0x0086:
-/* IMB */
-/* REQUIRED */
-/* Implemented as no-op */
-break;
-case 0x009E:
-/* RDUNIQUE */
-/* REQUIRED */
-break;
-case 0x009F:
-/* WRUNIQUE */
-/* REQUIRED */
-break;
-case 0x00AA:
-/* GENTRAP */
-/* REQUIRED */
-break;
-default:
-break;
-   

[Qemu-devel] [PATCH 06/24] target-alpha: Rationalize internal processor registers.

[Richard Henderson]

Delete all the code that tried to emulate the real IPRs of some
unnamed CPU.  Replace those with just 3 slots that we can use to
communicate trap information between the helper functions that
signal exceptions and the OS trap handler.

Signed-off-by: Richard Henderson 
---
 linux-user/main.c|6 +-
 target-alpha/cpu.h   |  147 ++--
 target-alpha/helper.c|  348 +-
 target-alpha/helper.h|2 -
 target-alpha/op_helper.c |   17 +--
 target-alpha/translate.c |   31 +
 6 files changed, 20 insertions(+), 531 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index 5b25736..503d7b8 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -2535,9 +2535,9 @@ void cpu_loop (CPUState *env)
 env->lock_addr = -1;
 info.si_signo = TARGET_SIGSEGV;
 info.si_errno = 0;
-info.si_code = (page_get_flags(env->ipr[IPR_EXC_ADDR]) & PAGE_VALID
+info.si_code = (page_get_flags(env->trap_arg0) & PAGE_VALID
 ? TARGET_SEGV_ACCERR : TARGET_SEGV_MAPERR);
-info._sifields._sigfault._addr = env->ipr[IPR_EXC_ADDR];
+info._sifields._sigfault._addr = env->trap_arg0;
 queue_signal(env, info.si_signo, &info);
 break;
 case EXCP_UNALIGN:
@@ -2545,7 +2545,7 @@ void cpu_loop (CPUState *env)
 info.si_signo = TARGET_SIGBUS;
 info.si_errno = 0;
 info.si_code = TARGET_BUS_ADRALN;
-info._sifields._sigfault._addr = env->ipr[IPR_EXC_ADDR];
+info._sifields._sigfault._addr = env->trap_arg0;
 queue_signal(env, info.si_signo, &info);
 break;
 case EXCP_OPCDEC:
diff --git a/target-alpha/cpu.h b/target-alpha/cpu.h
index f3e939b..e977705 100644
--- a/target-alpha/cpu.h
+++ b/target-alpha/cpu.h
@@ -192,141 +192,12 @@ enum {
 
 #define SWCR_MASK  (SWCR_TRAP_ENABLE_MASK | SWCR_MAP_MASK | SWCR_STATUS_MASK)
 
-/* Internal processor registers */
-/* XXX: TOFIX: most of those registers are implementation dependant */
-enum {
-#if defined(CONFIG_USER_ONLY)
-IPR_EXC_ADDR,
-IPR_EXC_SUM,
-IPR_EXC_MASK,
-#else
-/* Ebox IPRs */
-IPR_CC   = 0xC0,/* 21264 */
-IPR_CC_CTL   = 0xC1,/* 21264 */
-#define IPR_CC_CTL_ENA_SHIFT 32
-#define IPR_CC_CTL_COUNTER_MASK 0xfff0UL
-IPR_VA   = 0xC2,/* 21264 */
-IPR_VA_CTL   = 0xC4,/* 21264 */
-#define IPR_VA_CTL_VA_48_SHIFT 1
-#define IPR_VA_CTL_VPTB_SHIFT 30
-IPR_VA_FORM  = 0xC3,/* 21264 */
-/* Ibox IPRs */
-IPR_ITB_TAG  = 0x00,/* 21264 */
-IPR_ITB_PTE  = 0x01,/* 21264 */
-IPR_ITB_IAP  = 0x02,
-IPR_ITB_IA   = 0x03,/* 21264 */
-IPR_ITB_IS   = 0x04,/* 21264 */
-IPR_PMPC = 0x05,
-IPR_EXC_ADDR = 0x06,/* 21264 */
-IPR_IVA_FORM = 0x07,/* 21264 */
-IPR_CM   = 0x09,/* 21264 */
-#define IPR_CM_SHIFT 3
-#define IPR_CM_MASK (3ULL << IPR_CM_SHIFT)  /* 21264 */
-IPR_IER  = 0x0A,/* 21264 */
-#define IPR_IER_MASK 0x007fe000ULL
-IPR_IER_CM   = 0x0B,/* 21264: = CM | IER */
-IPR_SIRR = 0x0C,/* 21264 */
-#define IPR_SIRR_SHIFT 14
-#define IPR_SIRR_MASK 0x7fff
-IPR_ISUM = 0x0D,/* 21264 */
-IPR_HW_INT_CLR   = 0x0E,/* 21264 */
-IPR_EXC_SUM  = 0x0F,
-IPR_PAL_BASE = 0x10,
-IPR_I_CTL= 0x11,
-#define IPR_I_CTL_CHIP_ID_SHIFT 24  /* 21264 */
-#define IPR_I_CTL_BIST_FAIL (1 << 23)   /* 21264 */
-#define IPR_I_CTL_IC_EN_SHIFT 2 /* 21264 */
-#define IPR_I_CTL_SDE1_SHIFT 7  /* 21264 */
-#define IPR_I_CTL_HWE_SHIFT 12  /* 21264 */
-#define IPR_I_CTL_VA_48_SHIFT 15/* 21264 */
-#define IPR_I_CTL_SPE_SHIFT 3   /* 21264 */
-#define IPR_I_CTL_CALL_PAL_R23_SHIFT 20 /* 21264 */
-IPR_I_STAT   = 0x16,/* 21264 */
-IPR_IC_FLUSH = 0x13,/* 21264 */
-IPR_IC_FLUSH_ASM = 0x12,/* 21264 */
-IPR_CLR_MAP  = 0x15,
-IPR_SLEEP= 0x17,
-IPR_PCTX = 0x40,
-IPR_PCTX_ASN   = 0x01,  /* field */
-#define IPR_PCTX_ASN_SHIFT 39
-IPR_PCTX_ASTER = 0x02,  /* field */
-#define IPR_PCTX_ASTER_SHIFT 5
-IPR_PCTX_ASTRR = 0x04,  /* field */
-#define IPR_PCTX_ASTRR_SHIFT 9
-IPR_PCTX_PPCE  = 0x08,  /* field */
-#define IPR_PCTX_PPCE_SHIFT 1
-IPR_PCTX_FPE   = 0x10,  /* field */
-#define IPR_PCTX_FPE_SHIFT 2
-IPR_PCTX_ALL   = 0x5f,  /* all fields */
-IPR_PCTR_CTL = 0x14,/* 21264 */
-/* Mbox IPRs */
-IPR_DTB_TAG0 = 0x20,/* 21264 */
-IPR_DTB_TAG1 = 0xA0,/* 21264 */
-IPR_DTB_PTE0 = 0x21,/* 21264 *

[Qemu-devel] [PATCH 02/24] target-alpha: Disassemble EV6 PALcode instructions.

[Richard Henderson]

The QEMU emulation PALcode will use EV6 PALcode insns regardless
of the "real" cpu instruction set being emulated.

Signed-off-by: Richard Henderson 
---
 alpha-dis.c |4 
 dis-asm.h   |3 +++
 disas.c |2 +-
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/alpha-dis.c b/alpha-dis.c
index 8a2411e..ae331b3 100644
--- a/alpha-dis.c
+++ b/alpha-dis.c
@@ -238,10 +238,6 @@ extern const unsigned alpha_num_operands;
 #define AXP_REG_SP 30
 #define AXP_REG_ZERO   31
 
-#define bfd_mach_alpha_ev4  0x10
-#define bfd_mach_alpha_ev5  0x20
-#define bfd_mach_alpha_ev6  0x30
-
 enum bfd_reloc_code_real {
 BFD_RELOC_23_PCREL_S2,
 BFD_RELOC_ALPHA_HINT
diff --git a/dis-asm.h b/dis-asm.h
index 296537a..5b07d7f 100644
--- a/dis-asm.h
+++ b/dis-asm.h
@@ -184,6 +184,9 @@ enum bfd_architecture
 #define bfd_mach_sh50x50
   bfd_arch_alpha,  /* Dec Alpha */
 #define bfd_mach_alpha 1
+#define bfd_mach_alpha_ev4  0x10
+#define bfd_mach_alpha_ev5  0x20
+#define bfd_mach_alpha_ev6  0x30
   bfd_arch_arm,/* Advanced Risc Machines ARM */
 #define bfd_mach_arm_unknown   0
 #define bfd_mach_arm_2 1
diff --git a/disas.c b/disas.c
index 223606c..d208c52 100644
--- a/disas.c
+++ b/disas.c
@@ -205,7 +205,7 @@ void target_disas(FILE *out, target_ulong code, 
target_ulong size, int flags)
 disasm_info.mach = bfd_mach_sh4;
 print_insn = print_insn_sh;
 #elif defined(TARGET_ALPHA)
-disasm_info.mach = bfd_mach_alpha;
+disasm_info.mach = bfd_mach_alpha_ev6;
 print_insn = print_insn_alpha;
 #elif defined(TARGET_CRIS)
 if (flags != 32) {
-- 
1.7.3.4

[Qemu-devel] [PATCH 01/24] Export the unassigned_mem read/write functions.

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 cpu-common.h |7 +++
 exec.c   |   12 ++--
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/cpu-common.h b/cpu-common.h
index 96c02ae..e17020b 100644
--- a/cpu-common.h
+++ b/cpu-common.h
@@ -45,6 +45,13 @@ static inline void 
cpu_register_physical_memory(target_phys_addr_t start_addr,
 cpu_register_physical_memory_offset(start_addr, size, phys_offset, 0);
 }
 
+extern CPUReadMemoryFunc unassigned_mem_readb;
+extern CPUReadMemoryFunc unassigned_mem_readw;
+extern CPUReadMemoryFunc unassigned_mem_readl;
+extern CPUWriteMemoryFunc unassigned_mem_writeb;
+extern CPUWriteMemoryFunc unassigned_mem_writew;
+extern CPUWriteMemoryFunc unassigned_mem_writel;
+
 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr);
 ram_addr_t qemu_ram_alloc_from_ptr(DeviceState *dev, const char *name,
 ram_addr_t size, void *host);
diff --git a/exec.c b/exec.c
index b1ee52a..994d51b 100644
--- a/exec.c
+++ b/exec.c
@@ -3090,7 +3090,7 @@ ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
 return ram_addr;
 }
 
-static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
+uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
 {
 #ifdef DEBUG_UNASSIGNED
 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
@@ -3101,7 +3101,7 @@ static uint32_t unassigned_mem_readb(void *opaque, 
target_phys_addr_t addr)
 return 0;
 }
 
-static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
+uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
 {
 #ifdef DEBUG_UNASSIGNED
 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
@@ -3112,7 +3112,7 @@ static uint32_t unassigned_mem_readw(void *opaque, 
target_phys_addr_t addr)
 return 0;
 }
 
-static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
+uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
 {
 #ifdef DEBUG_UNASSIGNED
 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
@@ -3123,7 +3123,7 @@ static uint32_t unassigned_mem_readl(void *opaque, 
target_phys_addr_t addr)
 return 0;
 }
 
-static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, 
uint32_t val)
+void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
 {
 #ifdef DEBUG_UNASSIGNED
 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
@@ -3133,7 +3133,7 @@ static void unassigned_mem_writeb(void *opaque, 
target_phys_addr_t addr, uint32_
 #endif
 }
 
-static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, 
uint32_t val)
+void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
 {
 #ifdef DEBUG_UNASSIGNED
 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
@@ -3143,7 +3143,7 @@ static void unassigned_mem_writew(void *opaque, 
target_phys_addr_t addr, uint32_
 #endif
 }
 
-static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, 
uint32_t val)
+void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
 {
 #ifdef DEBUG_UNASSIGNED
 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
-- 
1.7.3.4

[Qemu-devel] [PATCH 08/24] target-alpha: Fixup translation of PALmode instructions.

[Richard Henderson]

All of the "raw" memory accesses should be "phys" instead.  Fix
some confusion about argument ordering of the store routines.
Fix the implementation of store-conditional.

Delete the "alt-mode" helpers.  Because we only implement two
mmu modes, let /a imply user-mode unconditionally.

For the moment, stub out HW_MTPR and HW_MFPR.

Merge hw_rei with hw_ret.

Signed-off-by: Richard Henderson 
---
 target-alpha/cpu.h   |4 +
 target-alpha/helper.h|   27 +++-
 target-alpha/op_helper.c |  159 ++
 target-alpha/translate.c |  130 ++
 4 files changed, 82 insertions(+), 238 deletions(-)

diff --git a/target-alpha/cpu.h b/target-alpha/cpu.h
index 4737b83..1c848bd 100644
--- a/target-alpha/cpu.h
+++ b/target-alpha/cpu.h
@@ -192,6 +192,8 @@ enum {
 
 #define SWCR_MASK  (SWCR_TRAP_ENABLE_MASK | SWCR_MAP_MASK | SWCR_STATUS_MASK)
 
+#define CPU_SAVE_VERSION1
+
 /* MMU modes definitions */
 
 /* Alpha has 5 MMU modes: PALcode, kernel, executive, supervisor, and user.
@@ -243,6 +245,8 @@ struct CPUAlphaState {
exist for use in user-mode.  */
 uint8_t ps;
 uint8_t intr_flag;
+uint8_t fen;
+uint8_t pal_mode;
 
 /* These pass data from the exception logic in the translator and
helpers to the OS entry point.  This is used for both system
diff --git a/target-alpha/helper.h b/target-alpha/helper.h
index 7435c61..9ffc372 100644
--- a/target-alpha/helper.h
+++ b/target-alpha/helper.h
@@ -100,25 +100,16 @@ DEF_HELPER_1(ieee_input_cmp, i64, i64)
 DEF_HELPER_1(ieee_input_s, i64, i64)
 
 #if !defined (CONFIG_USER_ONLY)
-DEF_HELPER_0(hw_rei, void)
 DEF_HELPER_1(hw_ret, void, i64)
-DEF_HELPER_0(set_alt_mode, void)
-DEF_HELPER_0(restore_mode, void)
-
-DEF_HELPER_1(ld_virt_to_phys, i64, i64)
-DEF_HELPER_1(st_virt_to_phys, i64, i64)
-DEF_HELPER_2(ldl_raw, void, i64, i64)
-DEF_HELPER_2(ldq_raw, void, i64, i64)
-DEF_HELPER_2(ldl_l_raw, void, i64, i64)
-DEF_HELPER_2(ldq_l_raw, void, i64, i64)
-DEF_HELPER_2(ldl_kernel, void, i64, i64)
-DEF_HELPER_2(ldq_kernel, void, i64, i64)
-DEF_HELPER_2(ldl_data, void, i64, i64)
-DEF_HELPER_2(ldq_data, void, i64, i64)
-DEF_HELPER_2(stl_raw, void, i64, i64)
-DEF_HELPER_2(stq_raw, void, i64, i64)
-DEF_HELPER_2(stl_c_raw, i64, i64, i64)
-DEF_HELPER_2(stq_c_raw, i64, i64, i64)
+
+DEF_HELPER_1(ldl_phys, i64, i64)
+DEF_HELPER_1(ldq_phys, i64, i64)
+DEF_HELPER_1(ldl_l_phys, i64, i64)
+DEF_HELPER_1(ldq_l_phys, i64, i64)
+DEF_HELPER_2(stl_phys, void, i64, i64)
+DEF_HELPER_2(stq_phys, void, i64, i64)
+DEF_HELPER_2(stl_c_phys, i64, i64, i64)
+DEF_HELPER_2(stq_c_phys, i64, i64, i64)
 #endif
 
 #include "def-helper.h"
diff --git a/target-alpha/op_helper.c b/target-alpha/op_helper.c
index 5b3f12d..bbf89fe 100644
--- a/target-alpha/op_helper.c
+++ b/target-alpha/op_helper.c
@@ -1155,167 +1155,78 @@ uint64_t helper_cvtqg (uint64_t a)
 
 /* PALcode support special instructions */
 #if !defined (CONFIG_USER_ONLY)
-void helper_hw_rei (void)
-{
-env->pc = env->ipr[IPR_EXC_ADDR] & ~3;
-env->ipr[IPR_EXC_ADDR] = env->ipr[IPR_EXC_ADDR] & 1;
-env->intr_flag = 0;
-env->lock_addr = -1;
-/* XXX: re-enable interrupts and memory mapping */
-}
-
 void helper_hw_ret (uint64_t a)
 {
 env->pc = a & ~3;
-env->ipr[IPR_EXC_ADDR] = a & 1;
+env->pal_mode = a & 1;
 env->intr_flag = 0;
 env->lock_addr = -1;
-/* XXX: re-enable interrupts and memory mapping */
-}
-
-void helper_set_alt_mode (void)
-{
-env->saved_mode = env->ps & 0xC;
-env->ps = (env->ps & ~0xC) | (env->ipr[IPR_ALT_MODE] & 0xC);
-}
-
-void helper_restore_mode (void)
-{
-env->ps = (env->ps & ~0xC) | env->saved_mode;
 }
-
 #endif
 
 /*/
 /* Softmmu support */
 #if !defined (CONFIG_USER_ONLY)
-
-/* XXX: the two following helpers are pure hacks.
- *  Hopefully, we emulate the PALcode, then we should never see
- *  HW_LD / HW_ST instructions.
- */
-uint64_t helper_ld_virt_to_phys (uint64_t virtaddr)
-{
-uint64_t tlb_addr, physaddr;
-int index, mmu_idx;
-void *retaddr;
-
-mmu_idx = cpu_mmu_index(env);
-index = (virtaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
- redo:
-tlb_addr = env->tlb_table[mmu_idx][index].addr_read;
-if ((virtaddr & TARGET_PAGE_MASK) ==
-(tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
-physaddr = virtaddr + env->tlb_table[mmu_idx][index].addend;
-} else {
-/* the page is not in the TLB : fill it */
-retaddr = GETPC();
-tlb_fill(virtaddr, 0, mmu_idx, retaddr);
-goto redo;
-}
-return physaddr;
-}
-
-uint64_t helper_st_virt_to_phys (uint64_t virtaddr)
-{
-uint64_t tlb_addr, physaddr;
-int index, mmu_idx;
-void *retaddr;
-
-mmu_idx = cpu_mmu_index(env);
-index = (virtaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
- redo:
-tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
-   

[Qemu-devel] [PATCH 16/24] target-alpha: Disable interrupts properly.

[Richard Henderson]

Interrupts are disabled in PALmode, and when the PS IL is
high enough.  We don't actually get the interrupt levels
correct yet; settle for interrupts enabled only at IL0.

Signed-off-by: Richard Henderson 
---
 cpu-exec.c  |   16 +---
 target-alpha/exec.h |7 ++-
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/cpu-exec.c b/cpu-exec.c
index 5d6c9a8..68c3d1d 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -529,9 +529,19 @@ int cpu_exec(CPUState *env1)
 next_tb = 0;
 }
 #elif defined(TARGET_ALPHA)
-if (interrupt_request & CPU_INTERRUPT_HARD) {
-do_interrupt(env);
-next_tb = 0;
+if (env->pal_mode == 0 && (env->ps & PS_INT_MASK) == 0) {
+int idx = -1;
+if (interrupt_request & CPU_INTERRUPT_HARD) {
+idx = EXCP_DEV_INTERRUPT;
+}
+if (interrupt_request & CPU_INTERRUPT_TIMER) {
+idx = EXCP_CLK_INTERRUPT;
+}
+if (idx >= 0) {
+env->exception_index = idx;
+do_interrupt(env);
+next_tb = 0;
+}
 }
 #elif defined(TARGET_CRIS)
 if (interrupt_request & CPU_INTERRUPT_HARD
diff --git a/target-alpha/exec.h b/target-alpha/exec.h
index 6ae96d1..a504758 100644
--- a/target-alpha/exec.h
+++ b/target-alpha/exec.h
@@ -39,7 +39,12 @@ register struct CPUAlphaState *env asm(AREG0);
 
 static inline int cpu_has_work(CPUState *env)
 {
-return (env->interrupt_request & CPU_INTERRUPT_HARD);
+/* ??? There's a model-specific mapping between external hardware
+   interrupt numbers and the Unix PALcode interrupt levels.  */
+int req = CPU_INTERRUPT_HARD | CPU_INTERRUPT_TIMER;
+return ((env->interrupt_request & req)
+&& env->pal_mode == 0
+&& (env->ps & PS_INT_MASK) == 0);
 }
 
 static inline void cpu_pc_from_tb(CPUState *env, TranslationBlock *tb)
-- 
1.7.3.4

[Qemu-devel] [PATCH 23/24] target-alpha: Enable the alpha-softmmu target.

[Richard Henderson]

Compiles, but no machine defined yet, so this will crash on startup.

Signed-off-by: Richard Henderson 
---
 Makefile.target   |3 +-
 configure |1 +
 default-configs/alpha-softmmu.mak |9 
 target-alpha/machine.c|   87 +
 4 files changed, 99 insertions(+), 1 deletions(-)
 create mode 100644 default-configs/alpha-softmmu.mak
 create mode 100644 target-alpha/machine.c

diff --git a/Makefile.target b/Makefile.target
index 5ea7ce1..443679b 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -362,7 +362,8 @@ obj-m68k-y += m68k-semi.o dummy_m68k.o
 
 obj-s390x-y = s390-virtio-bus.o s390-virtio.o
 
-obj-alpha-y = 
+obj-alpha-y += i8259.o mc146818rtc.o
+obj-alpha-y += vga.o cirrus_vga.o
 
 main.o: QEMU_CFLAGS+=$(GPROF_CFLAGS)
 
diff --git a/configure b/configure
index 4a93972..872747f 100755
--- a/configure
+++ b/configure
@@ -1011,6 +1011,7 @@ if test -z "$target_list" ; then
 target_list="\
 i386-softmmu \
 x86_64-softmmu \
+alpha-softmmu \
 arm-softmmu \
 cris-softmmu \
 lm32-softmmu \
diff --git a/default-configs/alpha-softmmu.mak 
b/default-configs/alpha-softmmu.mak
new file mode 100644
index 000..abadcff
--- /dev/null
+++ b/default-configs/alpha-softmmu.mak
@@ -0,0 +1,9 @@
+# Default configuration for alpha-softmmu
+
+include pci.mak
+CONFIG_SERIAL=y
+CONFIG_I8254=y
+CONFIG_VGA_PCI=y
+CONFIG_IDE_CORE=y
+CONFIG_IDE_QDEV=y
+CONFIG_VMWARE_VGA=y
diff --git a/target-alpha/machine.c b/target-alpha/machine.c
new file mode 100644
index 000..a13b66a
--- /dev/null
+++ b/target-alpha/machine.c
@@ -0,0 +1,87 @@
+#include "hw/hw.h"
+#include "hw/boards.h"
+
+static int get_fpcr(QEMUFile *f, void *opaque, size_t size)
+{
+CPUAlphaState *env = opaque;
+cpu_alpha_store_fpcr(env, qemu_get_be64(f));
+return 0;
+}
+
+static void put_fpcr(QEMUFile *f, void *opaque, size_t size)
+{
+CPUAlphaState *env = opaque;
+qemu_put_be64(f, cpu_alpha_load_fpcr(env));
+}
+
+static const VMStateInfo vmstate_fpcr = {
+.name = "fpcr",
+.get = get_fpcr,
+.put = put_fpcr,
+};
+
+static VMStateField vmstate_cpu_fields[] = {
+VMSTATE_UINTTL_ARRAY(ir, CPUState, 31),
+VMSTATE_UINTTL_ARRAY(fir, CPUState, 31),
+/* Save the architecture value of the fpcr, not the internally
+   expanded version.  Since this architecture value does not
+   exist in memory to be stored, this requires a but of hoop
+   jumping.  We want OFFSET=0 so that we effectively pass ENV
+   to the helper functions, and we need to fill in the name by
+   hand since there's no field of that name.  */
+{
+.name = "fpcr",
+.version_id = 0,
+.size = sizeof(uint64_t),
+.info = &vmstate_fpcr,
+.flags = VMS_SINGLE,
+.offset = 0
+},
+VMSTATE_UINTTL(pc, CPUState),
+VMSTATE_UINTTL(unique, CPUState),
+VMSTATE_UINTTL(lock_addr, CPUState),
+VMSTATE_UINTTL(lock_value, CPUState),
+/* Note that lock_st_addr is not saved; it is a temporary
+   used during the execution of the st[lq]_c insns.  */
+
+VMSTATE_UINT8(ps, CPUState),
+VMSTATE_UINT8(intr_flag, CPUState),
+VMSTATE_UINT8(fen, CPUState),
+VMSTATE_UINT8(pal_mode, CPUState),
+
+VMSTATE_UINT32(pcc_ofs, CPUState),
+
+VMSTATE_UINTTL(trap_arg0, CPUState),
+VMSTATE_UINTTL(trap_arg1, CPUState),
+VMSTATE_UINTTL(trap_arg2, CPUState),
+
+VMSTATE_UINTTL(exc_addr, CPUState),
+VMSTATE_UINTTL(palbr, CPUState),
+VMSTATE_UINTTL(ptbr, CPUState),
+VMSTATE_UINTTL(vptptr, CPUState),
+VMSTATE_UINTTL(sysval, CPUState),
+VMSTATE_UINTTL(usp, CPUState),
+
+VMSTATE_UINTTL_ARRAY(shadow, CPUState, 8),
+VMSTATE_UINTTL_ARRAY(scratch, CPUState, 24),
+
+VMSTATE_END_OF_LIST()
+};
+
+static const VMStateDescription vmstate_cpu = {
+.name = "cpu",
+.version_id = CPU_SAVE_VERSION,
+.minimum_version_id = 1,
+.minimum_version_id_old = 1,
+.fields = vmstate_cpu_fields,
+};
+
+void cpu_save(QEMUFile *f, void *opaque)
+{
+vmstate_save_state(f, &vmstate_cpu, opaque);
+}
+
+int cpu_load(QEMUFile *f, void *opaque, int version_id)
+{
+return vmstate_load_state(f, &vmstate_cpu, opaque, version_id);
+}
-- 
1.7.3.4

[Qemu-devel] [PATCH 12/24] target-alpha: Implement do_interrupt for system mode.

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/helper.c |  115 
 1 files changed, 105 insertions(+), 10 deletions(-)

diff --git a/target-alpha/helper.c b/target-alpha/helper.c
index c5479fd..d5923e0 100644
--- a/target-alpha/helper.c
+++ b/target-alpha/helper.c
@@ -160,7 +160,6 @@ void cpu_alpha_store_fpcr (CPUState *env, uint64_t val)
 }
 
 #if defined(CONFIG_USER_ONLY)
-
 int cpu_alpha_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
 int mmu_idx, int is_softmmu)
 {
@@ -168,14 +167,7 @@ int cpu_alpha_handle_mmu_fault (CPUState *env, 
target_ulong address, int rw,
 env->trap_arg0 = address;
 return 1;
 }
-
-void do_interrupt (CPUState *env)
-{
-env->exception_index = -1;
-}
-
 #else
-
 target_phys_addr_t cpu_get_phys_page_debug (CPUState *env, target_ulong addr)
 {
 return -1;
@@ -186,12 +178,115 @@ int cpu_alpha_handle_mmu_fault (CPUState *env, 
target_ulong address, int rw,
 {
 return 0;
 }
+#endif /* USER_ONLY */
 
 void do_interrupt (CPUState *env)
 {
-abort();
+int i = env->exception_index;
+
+if (qemu_loglevel_mask(CPU_LOG_INT)) {
+static int count;
+const char *name = "";
+
+switch (i) {
+case EXCP_RESET:
+name = "reset";
+break;
+case EXCP_MCHK:
+name = "mchk";
+break;
+case EXCP_CLK_INTERRUPT:
+name = "clk_interrupt";
+break;
+case EXCP_DEV_INTERRUPT:
+name = "dev_interrupt";
+break;
+case EXCP_MMFAULT:
+name = "mmfault";
+break;
+case EXCP_UNALIGN:
+name = "unalign";
+break;
+case EXCP_OPCDEC:
+name = "opcdec";
+break;
+case EXCP_ARITH:
+name = "arith";
+break;
+case EXCP_FEN:
+name = "fen";
+break;
+case EXCP_CALL_PAL:
+name = "call_pal";
+break;
+case EXCP_STL_C:
+name = "stl_c";
+break;
+case EXCP_STQ_C:
+name = "stq_c";
+break;
+}
+qemu_log("INT %6d: %s(%#x) pc=%016" PRIx64 " sp=%016" PRIx64 "\n",
+ ++count, name, env->error_code, env->pc, env->ir[IR_SP]);
+}
+
+env->exception_index = -1;
+
+#if !defined(CONFIG_USER_ONLY)
+switch (i) {
+case EXCP_RESET:
+i = 0x;
+break;
+case EXCP_MCHK:
+i = 0x0080;
+break;
+case EXCP_CLK_INTERRUPT:
+i = 0x0100;
+break;
+case EXCP_DEV_INTERRUPT:
+i = 0x0180;
+break;
+case EXCP_MMFAULT:
+i = 0x0200;
+break;
+case EXCP_UNALIGN:
+i = 0x0280;
+break;
+case EXCP_OPCDEC:
+i = 0x0300;
+break;
+case EXCP_ARITH:
+i = 0x0380;
+break;
+case EXCP_FEN:
+i = 0x0400;
+break;
+case EXCP_CALL_PAL:
+i = env->error_code;
+/* There are 64 entry points for both privilaged and unprivlaged,
+   with bit 0x80 indicating unprivlaged.  Each entry point gets
+   64 bytes to do its job.  */
+if (i & 0x80) {
+i = 0x2000 + (i - 0x80) * 64;
+} else {
+i = 0x1000 + i * 64;
+}
+break;
+default:
+cpu_abort(env, "Unhandled CPU exception");
+}
+
+/* Remember where the exception happened.  Emulate real hardware in
+   that the low bit of the PC indicates PALmode.  */
+env->exc_addr = env->pc | env->pal_mode;
+
+/* Continue execution at the PALcode entry point.  */
+env->pc = env->palbr + i;
+
+/* Switch to PALmode.  */
+env->pal_mode = 1;
+#endif /* !USER_ONLY */
 }
-#endif
 
 void cpu_dump_state (CPUState *env, FILE *f, fprintf_function cpu_fprintf,
  int flags)
-- 
1.7.3.4

Re: [Qemu-devel] [PATCH/RFC] Port Wine preloader to QEMU

[Riku Voipio]

On Tue, Apr 19, 2011 at 06:19:49PM +0900, Mike McCormack wrote:
>  * modifying do_brk to not use MAP_FIXED - causes an out of memory
>failure rather than a crash

Have you tried the patch posted by Peter Maydell yesterday:

 http://www.mail-archive.com/qemu-devel@nongnu.org/msg61733.html

Riku

[Qemu-devel] [PATCH 03/24] pci: Export pci_to_cpu_addr.

[Richard Henderson]

This is, more or less, the read accessor to pci_bus_set_mem_base
as a write accessor.  It will be needed for implementing sparse
memory spaces for Alpha.

Signed-off-by: Richard Henderson 
---
 hw/pci.c |3 +--
 hw/pci.h |1 +
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index 6b577e1..8c7f52a 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -793,8 +793,7 @@ PCIDevice *pci_register_device(PCIBus *bus, const char 
*name,
 return pci_dev;
 }
 
-static target_phys_addr_t pci_to_cpu_addr(PCIBus *bus,
-  target_phys_addr_t addr)
+target_phys_addr_t pci_to_cpu_addr(PCIBus *bus, target_phys_addr_t addr)
 {
 return addr + bus->mem_base;
 }
diff --git a/hw/pci.h b/hw/pci.h
index 52ee8c9..cb0f738 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -242,6 +242,7 @@ void pci_device_reset(PCIDevice *dev);
 void pci_bus_reset(PCIBus *bus);
 
 void pci_bus_set_mem_base(PCIBus *bus, target_phys_addr_t base);
+target_phys_addr_t pci_to_cpu_addr(PCIBus *bus, target_phys_addr_t addr);
 
 PCIDevice *pci_nic_init(NICInfo *nd, const char *default_model,
 const char *default_devaddr);
-- 
1.7.3.4

[Qemu-devel] [PATCH 14/24] target-alpha: Add various symbolic constants.

[Richard Henderson]

The EXC_M_* constants were being set for the EV6, not as set for
the Unix kernel entry point.

Use PS_USER_MODE instead of hard-coding access to the PS register.

Signed-off-by: Richard Henderson 
---
 target-alpha/cpu.h   |   56 +++--
 target-alpha/translate.c |2 +-
 2 files changed, 44 insertions(+), 14 deletions(-)

diff --git a/target-alpha/cpu.h b/target-alpha/cpu.h
index f6549f9..d8f2514 100644
--- a/target-alpha/cpu.h
+++ b/target-alpha/cpu.h
@@ -290,11 +290,6 @@ struct CPUAlphaState {
 #define cpu_gen_code cpu_alpha_gen_code
 #define cpu_signal_handler cpu_alpha_signal_handler
 
-static inline int cpu_mmu_index (CPUState *env)
-{
-return (env->ps >> 3) & 1;
-}
-
 #include "cpu-all.h"
 
 enum {
@@ -320,14 +315,49 @@ enum {
 EXCP_STQ_C,
 };
 
-/* Arithmetic exception */
-#define EXC_M_IOV   (1<<16) /* Integer Overflow */
-#define EXC_M_INE   (1<<15) /* Inexact result */
-#define EXC_M_UNF   (1<<14) /* Underflow */
-#define EXC_M_FOV   (1<<13) /* Overflow */
-#define EXC_M_DZE   (1<<12) /* Division by zero */
-#define EXC_M_INV   (1<<11) /* Invalid operation */
-#define EXC_M_SWC   (1<<10) /* Software completion */
+/* Hardware interrupt (entInt) constants.  */
+enum {
+INT_K_IP,
+INT_K_CLK,
+INT_K_MCHK,
+INT_K_DEV,
+INT_K_PERF,
+};
+
+/* Memory management (entMM) constants.  */
+enum {
+MM_K_TNV,
+MM_K_ACV,
+MM_K_FOR,
+MM_K_FOE,
+MM_K_FOW
+};
+
+/* Arithmetic exception (entArith) constants.  */
+enum {
+EXC_M_SWC = 1,  /* Software completion */
+EXC_M_INV = 2,  /* Invalid operation */
+EXC_M_DZE = 4,  /* Division by zero */
+EXC_M_FOV = 8,  /* Overflow */
+EXC_M_UNF = 16, /* Underflow */
+EXC_M_INE = 32, /* Inexact result */
+EXC_M_IOV = 64  /* Integer Overflow */
+};
+
+/* Processor status constants.  */
+enum {
+/* Low 3 bits are interrupt mask level.  */
+PS_INT_MASK = 7,
+
+/* Bits 4 and 5 are the mmu mode.  The VMS PALcode uses all 4 modes;
+   The Unix PALcode only uses bit 4.  */
+PS_USER_MODE = 8
+};
+
+static inline int cpu_mmu_index (CPUState *env)
+{
+return (env->ps & PS_USER_MODE) != 0;
+}
 
 enum {
 IR_V0   = 0,
diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index c8ef31d..2c622b9 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -3354,7 +3354,7 @@ CPUAlphaState * cpu_alpha_init (const char *cpu_model)
 env->amask = amask;
 
 #if defined (CONFIG_USER_ONLY)
-env->ps = 1 << 3;
+env->ps = PS_USER_MODE;
 cpu_alpha_store_fpcr(env, (FPCR_INVD | FPCR_DZED | FPCR_OVFD
| FPCR_UNFD | FPCR_INED | FPCR_DNOD));
 #else
-- 
1.7.3.4

[Qemu-devel] [PATCH 15/24] target-alpha: All ISA checks to use TB->FLAGS.

[Richard Henderson]

We had two different methods in use, both of which referenced ENV,
and neither of which indicated to the generic code when different
compilation modes are not compatible.

Signed-off-by: Richard Henderson 
---
 target-alpha/cpu.h   |   32 -
 target-alpha/translate.c |  396 --
 2 files changed, 239 insertions(+), 189 deletions(-)

diff --git a/target-alpha/cpu.h b/target-alpha/cpu.h
index d8f2514..d4edaf8 100644
--- a/target-alpha/cpu.h
+++ b/target-alpha/cpu.h
@@ -412,12 +412,40 @@ uint64_t cpu_alpha_load_fpcr (CPUState *env);
 void cpu_alpha_store_fpcr (CPUState *env, uint64_t val);
 extern void swap_shadow_regs(CPUState *env);
 
+/* Bits in TB->FLAGS that control how translation is processed.  */
+enum {
+TB_FLAGS_PAL_MODE = 1,
+TB_FLAGS_FEN = 2,
+TB_FLAGS_USER_MODE = 8,
+
+TB_FLAGS_AMASK_SHIFT = 4,
+TB_FLAGS_AMASK_BWX = AMASK_BWX << TB_FLAGS_AMASK_SHIFT,
+TB_FLAGS_AMASK_FIX = AMASK_FIX << TB_FLAGS_AMASK_SHIFT,
+TB_FLAGS_AMASK_CIX = AMASK_CIX << TB_FLAGS_AMASK_SHIFT,
+TB_FLAGS_AMASK_MVI = AMASK_MVI << TB_FLAGS_AMASK_SHIFT,
+TB_FLAGS_AMASK_TRAP = AMASK_TRAP << TB_FLAGS_AMASK_SHIFT,
+TB_FLAGS_AMASK_PREFETCH = AMASK_PREFETCH << TB_FLAGS_AMASK_SHIFT,
+};
+
 static inline void cpu_get_tb_cpu_state(CPUState *env, target_ulong *pc,
-target_ulong *cs_base, int *flags)
+target_ulong *cs_base, int *pflags)
 {
+int flags = 0;
+
 *pc = env->pc;
 *cs_base = 0;
-*flags = env->ps;
+
+if (env->pal_mode) {
+flags = TB_FLAGS_PAL_MODE;
+} else {
+flags = env->ps & PS_USER_MODE;
+}
+if (env->fen) {
+flags |= TB_FLAGS_FEN;
+}
+flags |= env->amask << TB_FLAGS_AMASK_SHIFT;
+
+*pflags = flags;
 }
 
 #if defined(CONFIG_USER_ONLY)
diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 2c622b9..47fb4fb 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -47,10 +47,6 @@ struct DisasContext {
 CPUAlphaState *env;
 uint64_t pc;
 int mem_idx;
-#if !defined (CONFIG_USER_ONLY)
-int pal_mode;
-#endif
-uint32_t amask;
 
 /* Current rounding mode for this TB.  */
 int tb_rm;
@@ -1649,20 +1645,22 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 case 0x0A:
 /* LDBU */
-if (!(ctx->amask & AMASK_BWX))
-goto invalid_opc;
-gen_load_mem(ctx, &tcg_gen_qemu_ld8u, ra, rb, disp16, 0, 0);
-break;
+if (ctx->tb->flags & TB_FLAGS_AMASK_BWX) {
+gen_load_mem(ctx, &tcg_gen_qemu_ld8u, ra, rb, disp16, 0, 0);
+break;
+}
+goto invalid_opc;
 case 0x0B:
 /* LDQ_U */
 gen_load_mem(ctx, &tcg_gen_qemu_ld64, ra, rb, disp16, 0, 1);
 break;
 case 0x0C:
 /* LDWU */
-if (!(ctx->amask & AMASK_BWX))
-goto invalid_opc;
-gen_load_mem(ctx, &tcg_gen_qemu_ld16u, ra, rb, disp16, 0, 0);
-break;
+if (ctx->tb->flags & TB_FLAGS_AMASK_BWX) {
+gen_load_mem(ctx, &tcg_gen_qemu_ld16u, ra, rb, disp16, 0, 0);
+break;
+}
+goto invalid_opc;
 case 0x0D:
 /* STW */
 gen_store_mem(ctx, &tcg_gen_qemu_st16, ra, rb, disp16, 0, 0);
@@ -2066,20 +2064,12 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 case 0x61:
 /* AMASK */
 if (likely(rc != 31)) {
-if (islit)
-tcg_gen_movi_i64(cpu_ir[rc], lit);
-else
-tcg_gen_mov_i64(cpu_ir[rc], cpu_ir[rb]);
-switch (ctx->env->implver) {
-case IMPLVER_2106x:
-/* EV4, EV45, LCA, LCA45 & EV5 */
-break;
-case IMPLVER_21164:
-case IMPLVER_21264:
-case IMPLVER_21364:
-tcg_gen_andi_i64(cpu_ir[rc], cpu_ir[rc],
- ~(uint64_t)ctx->amask);
-break;
+uint64_t amask = ctx->tb->flags >> TB_FLAGS_AMASK_SHIFT;
+
+if (islit) {
+tcg_gen_movi_i64(cpu_ir[rc], lit & ~amask);
+} else {
+tcg_gen_andi_i64(cpu_ir[rc], cpu_ir[rb], ~amask);
 }
 }
 break;
@@ -2293,8 +2283,9 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 switch (fpfn) { /* fn11 & 0x3F */
 case 0x04:
 /* ITOFS */
-if (!(ctx->amask & AMASK_FIX))
+if ((ctx->tb->flags & TB_FLAGS_AMASK_FIX) == 0) {
 goto invalid_opc;
+}
 if (likely(rc != 31)) {
 if (ra != 31) {
 TCGv_i32 tmp = tcg_temp_new_i32();
@@ -2307,20 +2298,23 @@ static ExitStatus translate_one(DisasContext *ctx, 

[Qemu-devel] How to test support of a new board?

[Li Xin]

Hi all,

I want to make a new support of arm board "TH68" of THOMSON TELECOM 
in QEMU. This board have a microprocessor called "PNX8019". So I made 
some simulations of the functional blocs.


But I don't know how to test the code in QEMU. Is there anyone have 
any experience or any example?


Thanks in advance!!!

Xin LI

[Qemu-devel] [PATCH 24/24] target-alpha: Add SX164 emulation.

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 Makefile.target  |1 +
 hw/alpha_pci.c   |  327 +
 hw/alpha_pyxis.c | 1057 ++
 hw/alpha_sx164.c |  195 ++
 hw/alpha_sys.h   |   41 +++
 5 files changed, 1621 insertions(+), 0 deletions(-)
 create mode 100644 hw/alpha_pci.c
 create mode 100644 hw/alpha_pyxis.c
 create mode 100644 hw/alpha_sx164.c
 create mode 100644 hw/alpha_sys.h

diff --git a/Makefile.target b/Makefile.target
index 443679b..f702780 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -364,6 +364,7 @@ obj-s390x-y = s390-virtio-bus.o s390-virtio.o
 
 obj-alpha-y += i8259.o mc146818rtc.o
 obj-alpha-y += vga.o cirrus_vga.o
+obj-alpha-y += alpha_pci.o alpha_sx164.o alpha_pyxis.o
 
 main.o: QEMU_CFLAGS+=$(GPROF_CFLAGS)
 
diff --git a/hw/alpha_pci.c b/hw/alpha_pci.c
new file mode 100644
index 000..744b68b
--- /dev/null
+++ b/hw/alpha_pci.c
@@ -0,0 +1,327 @@
+/* There's nothing in here that's Alpha specific, really.  */
+
+#include "config.h"
+#include "alpha_sys.h"
+#include "qemu-log.h"
+
+
+/* PCI IO reads, to byte-word addressable memory.  */
+/* ??? Doesn't handle multiple PCI busses.  */
+
+static uint32_t bw_io_readb(void *opaque, target_phys_addr_t addr)
+{
+return cpu_inb(addr);
+}
+
+static uint32_t bw_io_readw(void *opaque, target_phys_addr_t addr)
+{
+return cpu_inw(addr);
+}
+
+static uint32_t bw_io_readl(void *opaque, target_phys_addr_t addr)
+{
+return cpu_inl(addr);
+}
+
+/* PCI IO writes, to byte-word addressable memory.  */
+/* ??? Doesn't handle multiple PCI busses.  */
+
+static void bw_io_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
+{
+cpu_outb(addr, val);
+}
+
+static void bw_io_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
+{
+cpu_outw(addr, val);
+}
+
+static void bw_io_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
+{
+cpu_outl(addr, val);
+}
+
+CPUReadMemoryFunc * const alpha_pci_bw_io_reads[] = {
+bw_io_readb,
+bw_io_readw,
+bw_io_readl,
+};
+
+CPUWriteMemoryFunc * const alpha_pci_bw_io_writes[] = {
+bw_io_writeb,
+bw_io_writew,
+bw_io_writel,
+};
+
+/* PCI config space reads, to byte-word addressable memory.  */
+static uint32_t bw_conf1_readb(void *opaque, target_phys_addr_t addr)
+{
+PCIHostState *s = opaque;
+return pci_data_read(s->bus, addr, 1);
+}
+
+static uint32_t bw_conf1_readw(void *opaque, target_phys_addr_t addr)
+{
+PCIHostState *s = opaque;
+return pci_data_read(s->bus, addr, 2);
+}
+
+static uint32_t bw_conf1_readl(void *opaque, target_phys_addr_t addr)
+{
+PCIHostState *s = opaque;
+return pci_data_read(s->bus, addr, 4);
+}
+
+/* PCI config space writes, to byte-word addressable memory.  */
+static void bw_conf1_writeb(void *opaque, target_phys_addr_t addr, uint32_t 
val)
+{
+PCIHostState *s = opaque;
+pci_data_write(s->bus, addr, val, 1);
+}
+
+static void bw_conf1_writew(void *opaque, target_phys_addr_t addr, uint32_t 
val)
+{
+PCIHostState *s = opaque;
+pci_data_write(s->bus, addr, val, 2);
+}
+
+static void bw_conf1_writel(void *opaque, target_phys_addr_t addr, uint32_t 
val)
+{
+PCIHostState *s = opaque;
+pci_data_write(s->bus, addr, val, 4);
+}
+
+CPUReadMemoryFunc * const alpha_pci_bw_conf1_reads[] = {
+bw_conf1_readb,
+bw_conf1_readw,
+bw_conf1_readl,
+};
+
+CPUWriteMemoryFunc * const alpha_pci_bw_conf1_writes[] = {
+bw_conf1_writeb,
+bw_conf1_writew,
+bw_conf1_writel,
+};
+
+/* PCI MEM access to dense (but not byte-word addressable) memory.  */
+static uint32_t dense_mem_readl(void *opaque, target_phys_addr_t addr)
+{
+PCIBus *b = opaque;
+return ldl_phys(pci_to_cpu_addr(b, addr));
+}
+
+static void dense_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t v)
+{
+PCIBus *b = opaque;
+stl_phys(pci_to_cpu_addr(b, addr), v);
+}
+
+CPUReadMemoryFunc * const alpha_pci_dense_mem_reads[] = {
+unassigned_mem_readb,
+unassigned_mem_readw,
+dense_mem_readl,
+};
+
+CPUWriteMemoryFunc * const alpha_pci_dense_mem_writes[] = {
+unassigned_mem_writeb,
+unassigned_mem_writew,
+dense_mem_writel,
+};
+
+/* PCI IO to sparse memory.  These are helper routines, which expect that the
+   relevant HAE has already been prepended to ADDR by the core-specific
+   routine that is actually registered with the memory region.  */
+
+uint32_t alpha_sparse_io_read(target_phys_addr_t addr)
+{
+int size = (addr >> 3) & 3;
+uint32_t val;
+
+addr >>= 5;
+switch (size) {
+case 0:
+/* byte access */
+val = cpu_inb(addr);
+break;
+case 1:
+/* word access */
+val = cpu_inw(addr);
+break;
+case 2:
+/* tri-byte access; apparently possible with real pci lines.  */
+qemu_log("pci: tri-byte io read");
+return ~0u;
+default:
+/* long access */
+return cpu_inl(addr);
+}
+
+val <<= (addr &

[Qemu-devel] [PATCH 11/24] target-alpha: Merge HW_REI and HW_RET implementations.

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c |   16 +---
 1 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 7c90ad9..c8ef31d 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -2939,14 +2939,24 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 break;
 #endif
 case 0x1E:
-/* HW_REI (PALcode) */
+/* HW_RET (PALcode) */
 #if defined (CONFIG_USER_ONLY)
 goto invalid_opc;
 #else
 if (!ctx->pal_mode)
 goto invalid_opc;
-gen_helper_hw_ret(cpu_ir[rb]);
-break;
+if (rb == 31) {
+/* Pre-EV6 CPUs interpreted this as HW_REI, loading the return
+   address from EXC_ADDR.  This turns out to be useful for our
+   emulation PALcode, so continue to accept it.  */
+TCGv tmp = tcg_temp_new();
+tcg_gen_ld_i64(tmp, cpu_env, offsetof(CPUState, exc_addr));
+gen_helper_hw_ret(tmp);
+tcg_temp_free(tmp);
+} else {
+gen_helper_hw_ret(cpu_ir[rb]);
+}
+return EXIT_PC_UPDATED;
 #endif
 case 0x1F:
 /* HW_ST (PALcode) */
-- 
1.7.3.4

[Qemu-devel] [PATCH 19/24] target-alpha: Implement cpu_alpha_handle_mmu_fault for system mode.

[Richard Henderson]

Reads the page table how PALcode would, except that the virtual
page table base register is not used.

Signed-off-by: Richard Henderson 
---
 target-alpha/cpu.h|   12 +
 target-alpha/helper.c |  129 +++--
 2 files changed, 137 insertions(+), 4 deletions(-)

diff --git a/target-alpha/cpu.h b/target-alpha/cpu.h
index d4edaf8..d133cc6 100644
--- a/target-alpha/cpu.h
+++ b/target-alpha/cpu.h
@@ -315,6 +315,18 @@ enum {
 EXCP_STQ_C,
 };
 
+enum {
+PTE_VALID = 0x0001,
+PTE_FOR   = 0x0002,  /* used for page protection (fault on read) */
+PTE_FOW   = 0x0004,  /* used for page protection (fault on write) */
+PTE_FOE   = 0x0008,  /* used for page protection (fault on exec) */
+PTE_ASM   = 0x0010,
+PTE_KRE   = 0x0100,
+PTE_URE   = 0x0200,
+PTE_KWE   = 0x1000,
+PTE_UWE   = 0x2000
+};
+
 /* Hardware interrupt (entInt) constants.  */
 enum {
 INT_K_IP,
diff --git a/target-alpha/helper.c b/target-alpha/helper.c
index ce5f257..aaf5108 100644
--- a/target-alpha/helper.c
+++ b/target-alpha/helper.c
@@ -200,14 +200,135 @@ void swap_shadow_regs(CPUState *env)
 env->shadow[7] = i7;
 }
 
-target_phys_addr_t cpu_get_phys_page_debug (CPUState *env, target_ulong addr)
+/* Returns the OSF/1 entMM failure indication, or -1 on success.  */
+static int get_physical_address(CPUState *env, target_ulong addr,
+int prot_need, int mmu_idx,
+target_ulong *pphys, int *pprot)
 {
-return -1;
+target_long saddr = addr;
+target_ulong phys = 0;
+target_ulong L1pte, L2pte, L3pte;
+target_ulong pt, index;
+int prot = 0;
+int ret = MM_K_ACV;
+
+/* Ensure that the virtual address is properly sign-extended from
+   the last implemented virtual address bit.  */
+if (saddr >> TARGET_VIRT_ADDR_SPACE_BITS != saddr >> 63) {
+goto exit;
+}
+
+/* Translate the superpage.  */
+/* ??? When we do more than emulate Unix PALcode, we'll need to
+   determine which superpage is actually active.  */
+if (saddr < 0 && (saddr >> (TARGET_VIRT_ADDR_SPACE_BITS - 2) & 3) == 2) {
+/* User-space cannot access kseg addresses.  */
+if (mmu_idx != MMU_KERNEL_IDX) {
+goto exit;
+}
+
+phys = saddr & ((1ull << 40) - 1);
+prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+ret = -1;
+goto exit;
+}
+
+/* Interpret the page table exactly like PALcode does.  */
+
+pt = env->ptbr;
+
+/* L1 page table read.  */
+index = (addr >> (TARGET_PAGE_BITS + 20)) & 0x3ff;
+L1pte = ldq_phys(pt + index*8);
+
+if (unlikely((L1pte & PTE_VALID) == 0)) {
+ret = MM_K_TNV;
+goto exit;
+}
+if (unlikely((L1pte & PTE_KRE) == 0)) {
+goto exit;
+}
+pt = L1pte >> 32 << TARGET_PAGE_BITS;
+
+/* L2 page table read.  */
+index = (addr >> (TARGET_PAGE_BITS + 10)) & 0x3ff;
+L2pte = ldq_phys(pt + index*8);
+
+if (unlikely((L2pte & PTE_VALID) == 0)) {
+ret = MM_K_TNV;
+goto exit;
+}
+if (unlikely((L2pte & PTE_KRE) == 0)) {
+goto exit;
+}
+pt = L2pte >> 32 << TARGET_PAGE_BITS;
+
+/* L3 page table read.  */
+index = (addr >> TARGET_PAGE_BITS) & 0x3ff;
+L3pte = ldq_phys(pt + index*8);
+
+phys = L3pte >> 32 << TARGET_PAGE_BITS;
+if (unlikely((L3pte & PTE_VALID) == 0)) {
+ret = MM_K_TNV;
+goto exit;
+}
+
+#if PAGE_READ != 1 || PAGE_WRITE != 2 || PAGE_EXEC != 4
+# error page bits out of date
+#endif
+
+/* Check access violations.  */
+if (L3pte & (PTE_KRE << mmu_idx)) {
+prot |= PAGE_READ | PAGE_EXEC;
+}
+if (L3pte & (PTE_KWE << mmu_idx)) {
+prot |= PAGE_WRITE;
+}
+if (unlikely((prot & prot_need) == 0 && prot_need)) {
+goto exit;
+}
+
+/* Check fault-on-operation violations.  */
+prot &= ~(L3pte >> 1);
+ret = -1;
+if (unlikely((prot & prot_need) == 0)) {
+ret = (prot_need & PAGE_EXEC ? MM_K_FOE :
+   prot_need & PAGE_WRITE ? MM_K_FOW :
+   prot_need & PAGE_READ ? MM_K_FOR : -1);
+}
+
+ exit:
+*pphys = phys;
+*pprot = prot;
+return ret;
 }
 
-int cpu_alpha_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
-int mmu_idx, int is_softmmu)
+target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
+{
+target_ulong phys;
+int prot, fail;
+
+fail = get_physical_address(env, addr, 0, 0, &phys, &prot);
+return (fail >= 0 ? -1 : phys);
+}
+
+int cpu_alpha_handle_mmu_fault(CPUState *env, target_ulong addr, int rw,
+   int mmu_idx, int is_softmmu)
 {
+target_ulong phys;
+int prot, fail;
+
+fail = get_physical_address(env, addr, 1 << rw, mmu_idx, &phys, &prot);
+if (unlikely(fail >= 0)) {
+env->exception_index = EXCP_MMFAULT;
+env->trap_a

[Qemu-devel] [PATCH 09/24] target-alpha: Add IPRs to be used by the emulation PALcode.

[Richard Henderson]

These aren't actually used yet, but we can at least access
them via the HW_MFPR and HW_MTPR instructions.

Signed-off-by: Richard Henderson 
---
 target-alpha/cpu.h   |   13 +++
 target-alpha/translate.c |   87 -
 2 files changed, 98 insertions(+), 2 deletions(-)

diff --git a/target-alpha/cpu.h b/target-alpha/cpu.h
index 1c848bd..dec8b26 100644
--- a/target-alpha/cpu.h
+++ b/target-alpha/cpu.h
@@ -247,6 +247,7 @@ struct CPUAlphaState {
 uint8_t intr_flag;
 uint8_t fen;
 uint8_t pal_mode;
+uint32_t pcc_ofs;
 
 /* These pass data from the exception logic in the translator and
helpers to the OS entry point.  This is used for both system
@@ -255,6 +256,18 @@ struct CPUAlphaState {
 uint64_t trap_arg1;
 uint64_t trap_arg2;
 
+#if !defined(CONFIG_USER_ONLY)
+/* The internal data required by our emulation of the Unix PALcode.  */
+uint64_t exc_addr;
+uint64_t palbr;
+uint64_t ptbr;
+uint64_t vptptr;
+uint64_t sysval;
+uint64_t usp;
+uint64_t shadow[8];
+uint64_t scratch[24];
+#endif
+
 #if TARGET_LONG_BITS > HOST_LONG_BITS
 /* temporary fixed-point registers
  * used to emulate 64 bits target on 32 bits hosts
diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index d9b6a72..7c90ad9 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -1464,6 +1464,89 @@ static void gen_rx(int ra, int set)
 tcg_temp_free_i32(tmp);
 }
 
+#ifndef CONFIG_USER_ONLY
+
+#define PR_BYTE 0x10
+#define PR_LONG 0x20
+
+static int cpu_pr_data(int pr)
+{
+switch (pr) {
+case  0: return offsetof(CPUAlphaState, ps) | PR_BYTE;
+case  1: return offsetof(CPUAlphaState, fen) | PR_BYTE;
+case  2: return offsetof(CPUAlphaState, pcc_ofs) | PR_LONG;
+case  3: return offsetof(CPUAlphaState, trap_arg0);
+case  4: return offsetof(CPUAlphaState, trap_arg1);
+case  5: return offsetof(CPUAlphaState, trap_arg2);
+case  6: return offsetof(CPUAlphaState, exc_addr);
+case  7: return offsetof(CPUAlphaState, palbr);
+case  8: return offsetof(CPUAlphaState, ptbr);
+case  9: return offsetof(CPUAlphaState, vptptr);
+case 10: return offsetof(CPUAlphaState, unique);
+case 11: return offsetof(CPUAlphaState, sysval);
+case 12: return offsetof(CPUAlphaState, usp);
+
+case 32 ... 39:
+return offsetof(CPUAlphaState, shadow[pr - 32]);
+case 40 ... 63:
+return offsetof(CPUAlphaState, scratch[pr - 40]);
+}
+return 0;
+}
+
+static void gen_mfpr(int ra, int regno)
+{
+int data = cpu_pr_data(regno);
+
+/* In our emulated PALcode, these processor registers have no
+   side effects from reading.  */
+if (ra == 31) {
+return;
+}
+
+/* The basic registers are data only, and unknown registers
+   are read-zero, write-ignore.  */
+if (data == 0) {
+tcg_gen_movi_i64(cpu_ir[ra], 0);
+} else if (data & PR_BYTE) {
+tcg_gen_ld8u_i64(cpu_ir[ra], cpu_env, data & ~PR_BYTE);
+} else if (data & PR_LONG) {
+tcg_gen_ld32s_i64(cpu_ir[ra], cpu_env, data & ~PR_LONG);
+} else {
+tcg_gen_ld_i64(cpu_ir[ra], cpu_env, data);
+}
+}
+
+static void gen_mtpr(int rb, int regno)
+{
+TCGv tmp;
+int data;
+
+if (rb == 31) {
+tmp = tcg_const_i64(0);
+} else {
+tmp = cpu_ir[rb];
+}
+
+/* The basic registers are data only, and unknown registers
+   are read-zero, write-ignore.  */
+data = cpu_pr_data(regno);
+if (data != 0) {
+if (data & PR_BYTE) {
+tcg_gen_st8_i64(tmp, cpu_env, data & ~PR_BYTE);
+} else if (data & PR_LONG) {
+tcg_gen_st32_i64(tmp, cpu_env, data & ~PR_LONG);
+} else {
+tcg_gen_st_i64(tmp, cpu_env, data);
+}
+}
+
+if (rb == 31) {
+tcg_temp_free(tmp);
+}
+}
+#endif /* !USER_ONLY*/
+
 static ExitStatus translate_one(DisasContext *ctx, uint32_t insn)
 {
 uint32_t palcode;
@@ -2576,7 +2659,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 #else
 if (!ctx->pal_mode)
 goto invalid_opc;
-tcg_abort();
+gen_mfpr(ra, insn & 0x);
 break;
 #endif
 case 0x1A:
@@ -2852,7 +2935,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 #else
 if (!ctx->pal_mode)
 goto invalid_opc;
-abort();
+gen_mtpr(rb, insn & 0x);
 break;
 #endif
 case 0x1E:
-- 
1.7.3.4

[Qemu-devel] [PATCH 17/24] target-alpha: Implement more CALL_PAL values inline.

[Richard Henderson]

In particular, SWPIPL is used quite a lot by the Linux kernel.
Doing this inline makes it significantly easier to step through
without the debugger getting confused by the mode switch.

Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c |  141 --
 1 files changed, 110 insertions(+), 31 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 47fb4fb..c2db1ae 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -85,8 +85,10 @@ static TCGv cpu_pc;
 static TCGv cpu_lock_addr;
 static TCGv cpu_lock_st_addr;
 static TCGv cpu_lock_value;
-#ifdef CONFIG_USER_ONLY
-static TCGv cpu_uniq;
+static TCGv cpu_unique;
+#ifndef CONFIG_USER_ONLY
+static TCGv cpu_sysval;
+static TCGv cpu_usp;
 #endif
 
 /* register names */
@@ -131,9 +133,13 @@ static void alpha_translate_init(void)
offsetof(CPUState, lock_value),
"lock_value");
 
-#ifdef CONFIG_USER_ONLY
-cpu_uniq = tcg_global_mem_new_i64(TCG_AREG0,
-  offsetof(CPUState, unique), "uniq");
+cpu_unique = tcg_global_mem_new_i64(TCG_AREG0,
+offsetof(CPUState, unique), "unique");
+#ifndef CONFIG_USER_ONLY
+cpu_sysval = tcg_global_mem_new_i64(TCG_AREG0,
+offsetof(CPUState, sysval), "sysval");
+cpu_usp = tcg_global_mem_new_i64(TCG_AREG0,
+ offsetof(CPUState, usp), "usp");
 #endif
 
 /* register helpers */
@@ -1460,6 +1466,104 @@ static void gen_rx(int ra, int set)
 tcg_temp_free_i32(tmp);
 }
 
+static ExitStatus gen_call_pal(DisasContext *ctx, int palcode)
+{
+/* We're emulating OSF/1 PALcode.  Many of these are trivial access
+   to internal cpu registers.  */
+
+/* Unprivileged PAL call */
+if (palcode >= 0x80 && palcode < 0xC0) {
+switch (palcode) {
+case 0x86:
+/* IMB */
+/* No-op inside QEMU.  */
+break;
+case 0x9E:
+/* RDUNIQUE */
+tcg_gen_mov_i64(cpu_ir[IR_V0], cpu_unique);
+break;
+case 0x9F:
+/* WRUNIQUE */
+tcg_gen_mov_i64(cpu_unique, cpu_ir[IR_A0]);
+break;
+default:
+return gen_excp(ctx, EXCP_CALL_PAL, palcode & 0xbf);
+}
+return NO_EXIT;
+}
+
+#ifndef CONFIG_USER_ONLY
+/* Privileged PAL code */
+if (palcode < 0x40 && (ctx->tb->flags & TB_FLAGS_USER_MODE) == 0) {
+switch (palcode) {
+case 0x01:
+/* CFLUSH */
+/* No-op inside QEMU.  */
+break;
+case 0x02:
+/* DRAINA */
+/* No-op inside QEMU.  */
+break;
+case 0x2D:
+/* WRVPTPTR */
+tcg_gen_st_i64(cpu_ir[IR_A0], cpu_env, offsetof(CPUState, vptptr));
+break;
+case 0x31:
+/* WRVAL */
+tcg_gen_mov_i64(cpu_sysval, cpu_ir[IR_A0]);
+break;
+case 0x32:
+/* RDVAL */
+tcg_gen_mov_i64(cpu_ir[IR_V0], cpu_sysval);
+break;
+
+case 0x35: {
+/* SWPIPL */
+TCGv tmp;
+
+/* Note that we already know we're in kernel mode, so we know
+   that PS only contains the 3 IPL bits.  */
+tcg_gen_ld8u_i64(cpu_ir[IR_V0], cpu_env, offsetof(CPUState, ps));
+
+/* But make sure and store only the 3 IPL bits from the user.  */
+tmp = tcg_temp_new();
+tcg_gen_andi_i64(tmp, cpu_ir[IR_A0], PS_INT_MASK);
+tcg_gen_st8_i64(tmp, cpu_env, offsetof(CPUState, ps));
+tcg_temp_free(tmp);
+break;
+}
+
+case 0x36:
+/* RDPS */
+tcg_gen_ld8u_i64(cpu_ir[IR_V0], cpu_env,
+ offsetof(CPUAlphaState, ps));
+break;
+case 0x38:
+/* WRUSP */
+tcg_gen_mov_i64(cpu_usp, cpu_ir[IR_A0]);
+break;
+case 0x3A:
+/* RDUSP */
+tcg_gen_mov_i64(cpu_ir[IR_V0], cpu_usp);
+break;
+
+/* TODO:
+ 0x3C Whami
+These merely need more cooperation in designation of
+internal processor registers w/ palcode.  These are
+currently stored in palcode scratch registers and
+should be treated like UNIQUE.  */
+
+default:
+return gen_excp(ctx, EXCP_CALL_PAL, palcode & 0x3f);
+}
+return NO_EXIT;
+}
+#endif
+
+return gen_invalid(ctx);
+}
+
 #ifndef CONFIG_USER_ONLY
 
 #define PR_BYTE 0x10
@@ -1578,32 +1682,7 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 switch (opc) {
 case 0x00:
 /* CALL_PAL */
-#ifdef CONFIG_USER_ONLY
-if (palcode == 0x9E) {
-   

[Qemu-devel] [PATCH 05/24] target-alpha: Tidy exception constants.

[Richard Henderson]

There's no need to attempt to match EXCP_* values with PALcode entry
point offsets.  Instead, compress all the values to make for more
efficient switch statements within QEMU.

We will be doing TLB fill within QEMU proper, not within the PALcode,
so all of the ITB/DTB miss, double fault, and access exceptions can
be compressed to EXCP_MMFAULT.

Compress all of the EXCP_CALL_PAL exceptions into one.
Use env->error_code to store the specific entry point.

Signed-off-by: Richard Henderson 
---
 linux-user/main.c|   43 +--
 target-alpha/cpu.h   |   33 +
 target-alpha/helper.c|6 +-
 target-alpha/translate.c |4 ++--
 4 files changed, 29 insertions(+), 57 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index a1e37e4..5b25736 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -2526,19 +2526,12 @@ void cpu_loop (CPUState *env)
 fprintf(stderr, "Machine check exception. Exit\n");
 exit(1);
 break;
-case EXCP_ARITH:
-env->lock_addr = -1;
-info.si_signo = TARGET_SIGFPE;
-info.si_errno = 0;
-info.si_code = TARGET_FPE_FLTINV;
-info._sifields._sigfault._addr = env->pc;
-queue_signal(env, info.si_signo, &info);
-break;
-case EXCP_HW_INTERRUPT:
+case EXCP_CLK_INTERRUPT:
+case EXCP_DEV_INTERRUPT:
 fprintf(stderr, "External interrupt. Exit\n");
 exit(1);
 break;
-case EXCP_DFAULT:
+case EXCP_MMFAULT:
 env->lock_addr = -1;
 info.si_signo = TARGET_SIGSEGV;
 info.si_errno = 0;
@@ -2547,22 +2540,6 @@ void cpu_loop (CPUState *env)
 info._sifields._sigfault._addr = env->ipr[IPR_EXC_ADDR];
 queue_signal(env, info.si_signo, &info);
 break;
-case EXCP_DTB_MISS_PAL:
-fprintf(stderr, "MMU data TLB miss in PALcode\n");
-exit(1);
-break;
-case EXCP_ITB_MISS:
-fprintf(stderr, "MMU instruction TLB miss\n");
-exit(1);
-break;
-case EXCP_ITB_ACV:
-fprintf(stderr, "MMU instruction access violation\n");
-exit(1);
-break;
-case EXCP_DTB_MISS_NATIVE:
-fprintf(stderr, "MMU data TLB miss\n");
-exit(1);
-break;
 case EXCP_UNALIGN:
 env->lock_addr = -1;
 info.si_signo = TARGET_SIGBUS;
@@ -2580,12 +2557,20 @@ void cpu_loop (CPUState *env)
 info._sifields._sigfault._addr = env->pc;
 queue_signal(env, info.si_signo, &info);
 break;
+case EXCP_ARITH:
+env->lock_addr = -1;
+info.si_signo = TARGET_SIGFPE;
+info.si_errno = 0;
+info.si_code = TARGET_FPE_FLTINV;
+info._sifields._sigfault._addr = env->pc;
+queue_signal(env, info.si_signo, &info);
+break;
 case EXCP_FEN:
 /* No-op.  Linux simply re-enables the FPU.  */
 break;
-case EXCP_CALL_PAL ... (EXCP_CALL_PALP - 1):
+case EXCP_CALL_PAL:
 env->lock_addr = -1;
-switch ((trapnr >> 6) | 0x80) {
+switch (env->error_code) {
 case 0x80:
 /* BPT */
 info.si_signo = TARGET_SIGTRAP;
@@ -2676,8 +2661,6 @@ void cpu_loop (CPUState *env)
 goto do_sigill;
 }
 break;
-case EXCP_CALL_PALP ... (EXCP_CALL_PALE - 1):
-goto do_sigill;
 case EXCP_DEBUG:
 info.si_signo = gdb_handlesig (env, TARGET_SIGTRAP);
 if (info.si_signo) {
diff --git a/target-alpha/cpu.h b/target-alpha/cpu.h
index 0daa556..f3e939b 100644
--- a/target-alpha/cpu.h
+++ b/target-alpha/cpu.h
@@ -391,26 +391,19 @@ enum {
 };
 
 enum {
-EXCP_RESET= 0x,
-EXCP_MCHK = 0x0020,
-EXCP_ARITH= 0x0060,
-EXCP_HW_INTERRUPT = 0x00E0,
-EXCP_DFAULT   = 0x01E0,
-EXCP_DTB_MISS_PAL = 0x09E0,
-EXCP_ITB_MISS = 0x03E0,
-EXCP_ITB_ACV  = 0x07E0,
-EXCP_DTB_MISS_NATIVE  = 0x08E0,
-EXCP_UNALIGN  = 0x11E0,
-EXCP_OPCDEC   = 0x13E0,
-EXCP_FEN  = 0x17E0,
-EXCP_CALL_PAL = 0x2000,
-EXCP_CALL_PALP= 0x3000,
-EXCP_CALL_PALE= 0x4000,
-/* Pseudo exception for console */
-EXCP_CONSOLE_DISPATCH = 0x4001,
-EXCP_CONSOLE_FIXUP= 0x4002,
-EXCP_STL_C= 0x4003,
-EXCP_STQ_C= 0x4004,
+EXCP_RESET,
+EXCP_MCHK,
+EXCP_CLK_INTERRUPT,
+EXCP_DEV_INTERRUPT,
+EXCP_MMFAULT,
+EXCP_UNALIGN,
+EXCP_OPCDEC,
+EXCP_ARITH,
+EXCP_FEN,
+EXCP_CALL_PAL,
+/* For Usermode emulation.  */
+EXCP_STL_C,
+EXCP_STQ_C,
 };

[Qemu-devel] [PATCH 22/24] target-alpha: Implement TLB flush primitives.

[Richard Henderson]

Expose these via MTPR, more or less like the real HW does.

Signed-off-by: Richard Henderson 
---
 target-alpha/helper.h|3 +++
 target-alpha/op_helper.c |   11 ++-
 target-alpha/translate.c |   32 +---
 3 files changed, 34 insertions(+), 12 deletions(-)

diff --git a/target-alpha/helper.h b/target-alpha/helper.h
index 9ffc372..2dec57e 100644
--- a/target-alpha/helper.h
+++ b/target-alpha/helper.h
@@ -110,6 +110,9 @@ DEF_HELPER_2(stl_phys, void, i64, i64)
 DEF_HELPER_2(stq_phys, void, i64, i64)
 DEF_HELPER_2(stl_c_phys, i64, i64, i64)
 DEF_HELPER_2(stq_c_phys, i64, i64, i64)
+
+DEF_HELPER_FLAGS_0(tbia, TCG_CALL_CONST, void)
+DEF_HELPER_FLAGS_1(tbis, TCG_CALL_CONST, void, i64)
 #endif
 
 #include "def-helper.h"
diff --git a/target-alpha/op_helper.c b/target-alpha/op_helper.c
index 5902cd6..718f87d 100644
--- a/target-alpha/op_helper.c
+++ b/target-alpha/op_helper.c
@@ -1174,6 +1174,16 @@ void helper_hw_ret (uint64_t a)
 swap_shadow_regs(env);
 }
 }
+
+void helper_tbia(void)
+{
+tlb_flush(env, 1);
+}
+
+void helper_tbis(uint64_t p)
+{
+tlb_flush_page(env, p);
+}
 #endif
 
 /*/
@@ -1326,5 +1336,4 @@ void tlb_fill (target_ulong addr, int is_write, int 
mmu_idx, void *retaddr)
 }
 env = saved_env;
 }
-
 #endif
diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index c2db1ae..fa0cb09 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -1620,7 +1620,6 @@ static void gen_mfpr(int ra, int regno)
 static void gen_mtpr(int rb, int regno)
 {
 TCGv tmp;
-int data;
 
 if (rb == 31) {
 tmp = tcg_const_i64(0);
@@ -1628,16 +1627,27 @@ static void gen_mtpr(int rb, int regno)
 tmp = cpu_ir[rb];
 }
 
-/* The basic registers are data only, and unknown registers
-   are read-zero, write-ignore.  */
-data = cpu_pr_data(regno);
-if (data != 0) {
-if (data & PR_BYTE) {
-tcg_gen_st8_i64(tmp, cpu_env, data & ~PR_BYTE);
-} else if (data & PR_LONG) {
-tcg_gen_st32_i64(tmp, cpu_env, data & ~PR_LONG);
-} else {
-tcg_gen_st_i64(tmp, cpu_env, data);
+/* These two register numbers perform a TLB cache flush.  Thankfully we
+   can only do this inside PALmode, which means that the current basic
+   block cannot be affected by the change in mappings.  */
+if (regno == 255) {
+/* TBIA */
+gen_helper_tbia();
+} else if (regno == 254) {
+/* TBIS */
+gen_helper_tbis(tmp);
+} else {
+/* The basic registers are data only, and unknown registers
+   are read-zero, write-ignore.  */
+int data = cpu_pr_data(regno);
+if (data != 0) {
+if (data & PR_BYTE) {
+tcg_gen_st8_i64(tmp, cpu_env, data & ~PR_BYTE);
+} else if (data & PR_LONG) {
+tcg_gen_st32_i64(tmp, cpu_env, data & ~PR_LONG);
+} else {
+tcg_gen_st_i64(tmp, cpu_env, data);
+}
 }
 }
 
-- 
1.7.3.4

[Qemu-devel] [PATCH 10/24] target-alpha: Tidy up arithmetic exceptions.

[Richard Henderson]

Introduce and use arith_excp, filling in the trap_arg[01] IPRs.

Signed-off-by: Richard Henderson 
---
 target-alpha/op_helper.c |   34 +-
 1 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/target-alpha/op_helper.c b/target-alpha/op_helper.c
index bbf89fe..9c19c96 100644
--- a/target-alpha/op_helper.c
+++ b/target-alpha/op_helper.c
@@ -32,6 +32,15 @@ void QEMU_NORETURN helper_excp (int excp, int error)
 cpu_loop_exit();
 }
 
+static void QEMU_NORETURN arith_excp(int exc, uint64_t mask)
+{
+env->exception_index = EXCP_ARITH;
+env->error_code = 0;
+env->trap_arg0 = exc;
+env->trap_arg1 = mask;
+cpu_loop_exit();
+}
+
 uint64_t helper_load_pcc (void)
 {
 /* ??? This isn't a timer for which we have any rate info.  */
@@ -53,7 +62,7 @@ uint64_t helper_addqv (uint64_t op1, uint64_t op2)
 uint64_t tmp = op1;
 op1 += op2;
 if (unlikely((tmp ^ op2 ^ (-1ULL)) & (tmp ^ op1) & (1ULL << 63))) {
-helper_excp(EXCP_ARITH, EXC_M_IOV);
+arith_excp(EXC_M_IOV, 0);
 }
 return op1;
 }
@@ -63,7 +72,7 @@ uint64_t helper_addlv (uint64_t op1, uint64_t op2)
 uint64_t tmp = op1;
 op1 = (uint32_t)(op1 + op2);
 if (unlikely((tmp ^ op2 ^ (-1UL)) & (tmp ^ op1) & (1UL << 31))) {
-helper_excp(EXCP_ARITH, EXC_M_IOV);
+arith_excp(EXC_M_IOV, 0);
 }
 return op1;
 }
@@ -73,7 +82,7 @@ uint64_t helper_subqv (uint64_t op1, uint64_t op2)
 uint64_t res;
 res = op1 - op2;
 if (unlikely((op1 ^ op2) & (res ^ op1) & (1ULL << 63))) {
-helper_excp(EXCP_ARITH, EXC_M_IOV);
+arith_excp(EXC_M_IOV, 0);
 }
 return res;
 }
@@ -83,7 +92,7 @@ uint64_t helper_sublv (uint64_t op1, uint64_t op2)
 uint32_t res;
 res = op1 - op2;
 if (unlikely((op1 ^ op2) & (res ^ op1) & (1UL << 31))) {
-helper_excp(EXCP_ARITH, EXC_M_IOV);
+arith_excp(EXC_M_IOV, 0);
 }
 return res;
 }
@@ -93,7 +102,7 @@ uint64_t helper_mullv (uint64_t op1, uint64_t op2)
 int64_t res = (int64_t)op1 * (int64_t)op2;
 
 if (unlikely((int32_t)res != res)) {
-helper_excp(EXCP_ARITH, EXC_M_IOV);
+arith_excp(EXC_M_IOV, 0);
 }
 return (int64_t)((int32_t)res);
 }
@@ -105,7 +114,7 @@ uint64_t helper_mulqv (uint64_t op1, uint64_t op2)
 muls64(&tl, &th, op1, op2);
 /* If th != 0 && th != -1, then we had an overflow */
 if (unlikely((th + 1) > 1)) {
-helper_excp(EXCP_ARITH, EXC_M_IOV);
+arith_excp(EXC_M_IOV, 0);
 }
 return tl;
 }
@@ -373,8 +382,6 @@ void helper_fp_exc_raise(uint32_t exc, uint32_t regno)
 if (exc) {
 uint32_t hw_exc = 0;
 
-env->trap_arg1 = 1ull << regno;
-
 if (exc & float_flag_invalid) {
 hw_exc |= EXC_M_INV;
 }
@@ -390,7 +397,8 @@ void helper_fp_exc_raise(uint32_t exc, uint32_t regno)
 if (exc & float_flag_inexact) {
 hw_exc |= EXC_M_INE;
 }
-helper_excp(EXCP_ARITH, hw_exc);
+
+arith_excp(hw_exc, 1ull << regno);
 }
 }
 
@@ -420,7 +428,7 @@ uint64_t helper_ieee_input(uint64_t val)
 if (env->fpcr_dnz) {
 val &= 1ull << 63;
 } else {
-helper_excp(EXCP_ARITH, EXC_M_UNF);
+arith_excp(EXC_M_UNF, 0);
 }
 }
 } else if (exp == 0x7ff) {
@@ -428,7 +436,7 @@ uint64_t helper_ieee_input(uint64_t val)
 /* ??? I'm not sure these exception bit flags are correct.  I do
know that the Linux kernel, at least, doesn't rely on them and
just emulates the insn to figure out what exception to use.  */
-helper_excp(EXCP_ARITH, frac ? EXC_M_INV : EXC_M_FOV);
+arith_excp(frac ? EXC_M_INV : EXC_M_FOV, 0);
 }
 return val;
 }
@@ -445,12 +453,12 @@ uint64_t helper_ieee_input_cmp(uint64_t val)
 if (env->fpcr_dnz) {
 val &= 1ull << 63;
 } else {
-helper_excp(EXCP_ARITH, EXC_M_UNF);
+arith_excp(EXC_M_UNF, 0);
 }
 }
 } else if (exp == 0x7ff && frac) {
 /* NaN.  */
-helper_excp(EXCP_ARITH, EXC_M_INV);
+arith_excp(EXC_M_INV, 0);
 }
 return val;
 }
-- 
1.7.3.4

[Qemu-devel] [PATCH 21/24] target-alpha: Include the PCC_OFS in the RPCC return value.

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-alpha/op_helper.c |3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/target-alpha/op_helper.c b/target-alpha/op_helper.c
index cc8a33d..5902cd6 100644
--- a/target-alpha/op_helper.c
+++ b/target-alpha/op_helper.c
@@ -44,7 +44,8 @@ static void QEMU_NORETURN arith_excp(int exc, uint64_t mask)
 uint64_t helper_load_pcc (void)
 {
 /* ??? This isn't a timer for which we have any rate info.  */
-return (uint32_t)cpu_get_real_ticks();
+uint64_t ret = env->pcc_ofs;
+return ret << 32 | (uint32_t)cpu_get_real_ticks();
 }
 
 uint64_t helper_load_fpcr (void)
-- 
1.7.3.4

Re: [Qemu-devel] [PATCH/RFC] Port Wine preloader to QEMU

[Richard Henderson]

On 04/19/2011 02:19 AM, Mike McCormack wrote:
> This is the only way I know to get qemu 0.14.0 to work reliably
> with Scratchbox 2 (libsb2.so)
> 
> The problem stems from two things:
> 
>  * The shared object loader is permitted to load LD_PRELOAD objects
>below the QEMU load address (0x6000), and does this with libsb2.so
> 
>  * QEMU's do_brk() (linux-user/syscall.c #738) uses MAP_FIXED, which
>means after allocating enough memory, libsb2.so is clobbered.
> 
> I have tried:
> 
>  * using plain QEMU 0.14.0 - crashes build perl
> 
>  * QEMU 0.14.0, appending -R 512M to qemu's command line in
>scratchbox2/lua_scripts/argvenvp.lua, but
>still get crashes when building perl.
> 
>  * modifying do_brk to not use MAP_FIXED - causes an out of memory
>failure rather than a crash

Did you try --enable-user-pie?  It may not really help, but I'm curious.

Honestly I'm not keen on this patch.  This level of obfuscation on the
startup and memory map of the host binary is just a gross hack working
around the lack of proper page tables in user mode.

If you really really need to get this working with a 32-bit host binary
(rather than doing the sensible thing and using a 64-bit PIE binary),
then working to enable CONFIG_SOFTMMU in user mode instead would be the
most useful thing you could do.  Indeed, this would fix a number of 
problems we currently have emulating other guests that have a page size
different from the host.


r~

[Qemu-devel] [PATCH] hw/arm_boot.c: move initrd load address up to accommodate large kernels

[Peter Maydell]

Newer kernels are large enough that they can overlap the address
where qemu places the initrd. Move the initrd up so that there is
enough space for the kernel again.

Unfortunately it's not possible to automatically determine the
size of the kernel if it is compressed, so this is the best we
can do.

Signed-off-by: Peter Maydell 
---
I think a variant of this patch was posted some time last year but didn't
attract any comment. Anyway, bumping up the arbitrary initrd load address
is a bit ugly but does at least let large kernels boot, and corresponds
to what you'd do on real hardware (ie change the load address in your
u-boot script)...

If anybody has a better solution then I'm happy to implement it; otherwise
I think this patch should be committed.

 hw/arm_boot.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/arm_boot.c b/hw/arm_boot.c
index 41e99d1..bfac982 100644
--- a/hw/arm_boot.c
+++ b/hw/arm_boot.c
@@ -15,7 +15,7 @@
 
 #define KERNEL_ARGS_ADDR 0x100
 #define KERNEL_LOAD_ADDR 0x0001
-#define INITRD_LOAD_ADDR 0x0080
+#define INITRD_LOAD_ADDR 0x00d0
 
 /* The worlds second smallest bootloader.  Set r0-r2, then jump to kernel.  */
 static uint32_t bootloader[] = {
-- 
1.7.1

Re: [Qemu-devel] [PATCH 1/3] pseries: Increase maximum CPUs to 256

[Alexander Graf]

On 04/19/2011 02:44 PM, David Gibson wrote:

On Tue, Apr 19, 2011 at 09:38:58AM +0200, Alexander Graf wrote:

On 19.04.2011, at 03:54, David Gibson wrote:


From: Anton Blanchard

The original pSeries machine was limited to 32 CPUs, more or less
arbitrarily.  Particularly when we get SMT KVM guests it will be
pretty easy to exceed this.  Therefore, raise the max number of CPUs
in a pseries machine guest to 256.

Are the 256 limited by technical limits or arbitrary as well? :)

Still arbitrary, just bigger.


Can't we set it to the real, technical limit then?


Alex

[Qemu-devel] [PATCH 1/2] Implement basic part of SA-1110/SA-1100

[Dmitry Eremin-Solenikov]

Basic implementation of DEC/Intel SA-1100/SA-1110 chips emulation.
Implemented:
 - IRQs
 - GPIO
 - PPC
 - RTC
 - UARTs (no IrDA/etc.)
 - OST reused from pxa25x

Everything else is TODO (esp. PM/idle/sleep!) - see the todo in the
hw/strongarm.c

V6:
  * license fixup
  * DPRINTF

V5:
  * syntax fixup

V4:
  * use bitnames to access RTC and UART registers
  * drop unused casts
  * disable debug printfs in GPIO code

V3:
  * fix the name of UART VMSD
  * fix RTSR reg offset
  * add SSP support

V2:
  * removed all strongarm variants except latest
  * dropped unused casts
  * fixed PIC vmstate
  * fixed new devices created with version_id = 1

Signed-off-by: Dmitry Eremin-Solenikov 

---
 Makefile.target |1 +
 hw/strongarm.c  | 1600 +++
 hw/strongarm.h  |   64 ++
 target-arm/cpu.h|3 +
 target-arm/helper.c |9 +
 5 files changed, 1677 insertions(+), 0 deletions(-)
 create mode 100644 hw/strongarm.c
 create mode 100644 hw/strongarm.h

diff --git a/Makefile.target b/Makefile.target
index d5761b7..9e4cfc0 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -352,6 +352,7 @@ obj-arm-y += syborg.o syborg_fb.o syborg_interrupt.o 
syborg_keyboard.o
 obj-arm-y += syborg_serial.o syborg_timer.o syborg_pointer.o syborg_rtc.o
 obj-arm-y += syborg_virtio.o
 obj-arm-y += vexpress.o
+obj-arm-y += strongarm.o
 
 obj-sh4-y = shix.o r2d.o sh7750.o sh7750_regnames.o tc58128.o
 obj-sh4-y += sh_timer.o sh_serial.o sh_intc.o sh_pci.o sm501.o
diff --git a/hw/strongarm.c b/hw/strongarm.c
new file mode 100644
index 000..c4d777d
--- /dev/null
+++ b/hw/strongarm.c
@@ -0,0 +1,1600 @@
+/*
+ * StrongARM SA-1100/SA-1110 emulation
+ *
+ * Copyright (C) 2011 Dmitry Eremin-Solenikov
+ *
+ * Largely based on StrongARM emulation:
+ * Copyright (c) 2006 Openedhand Ltd.
+ * Written by Andrzej Zaborowski 
+ *
+ * UART code based on QEMU 16550A UART emulation
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ * Copyright (c) 2008 Citrix Systems, Inc.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2 as
+ *  published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ */
+#include "sysbus.h"
+#include "strongarm.h"
+#include "qemu-error.h"
+#include "arm-misc.h"
+#include "sysemu.h"
+#include "ssi.h"
+
+//#define DEBUG
+
+/*
+ TODO
+ - Implement cp15, c14 ?
+ - Implement cp15, c15 !!! (idle used in L)
+ - Implement idle mode handling/DIM
+ - Implement sleep mode/Wake sources
+ - Implement reset control
+ - Implement memory control regs
+ - PCMCIA handling
+ - Maybe support MBGNT/MBREQ
+ - DMA channels
+ - GPCLK
+ - IrDA
+ - MCP
+ - Enhance UART with modem signals
+ */
+
+#ifdef DEBUG
+# define DPRINTF(format, ...) printf(format , ## __VA_ARGS__)
+#else
+# define DPRINTF(format, ...) do { } while (0)
+#endif
+
+static struct {
+target_phys_addr_t io_base;
+int irq;
+} sa_serial[] = {
+{ 0x8001, SA_PIC_UART1 },
+{ 0x8003, SA_PIC_UART2 },
+{ 0x8005, SA_PIC_UART3 },
+{ 0, 0 }
+};
+
+/* Interrupt Controller */
+typedef struct {
+SysBusDevice busdev;
+qemu_irqirq;
+qemu_irqfiq;
+
+uint32_t pending;
+uint32_t enabled;
+uint32_t is_fiq;
+uint32_t int_idle;
+} StrongARMPICState;
+
+#define ICIP0x00
+#define ICMR0x04
+#define ICLR0x08
+#define ICFP0x10
+#define ICPR0x20
+#define ICCR0x0c
+
+#define SA_PIC_SRCS 32
+
+
+static void strongarm_pic_update(void *opaque)
+{
+StrongARMPICState *s = opaque;
+
+/* FIXME: reflect DIM */
+qemu_set_irq(s->fiq, s->pending & s->enabled &  s->is_fiq);
+qemu_set_irq(s->irq, s->pending & s->enabled & ~s->is_fiq);
+}
+
+static void strongarm_pic_set_irq(void *opaque, int irq, int level)
+{
+StrongARMPICState *s = opaque;
+
+if (level) {
+s->pending |= 1 << irq;
+} else {
+s->pending &= ~(1 << irq);
+}
+
+strongarm_pic_update(s);
+}
+
+static uint32_t strongarm_pic_mem_read(void *opaque, target_phys_addr_t offset)
+{
+StrongARMPICState *s = opaque;
+
+switch (offset) {
+case ICIP:
+return s->pending & ~s->is_fiq & s->enabled;
+case ICMR:
+return s->enabled;
+case ICLR:
+return s->is_fiq;
+case ICCR:
+return s->int_idle == 0;
+case ICFP:
+return s->pending & s->is_fiq & s->enabled;
+case ICPR:
+return s->pending;
+default:
+printf("%s: Bad register offset 0x" TARGET_FMT_plx "\n",
+__func__, offset);
+return 0

[Qemu-devel] [PATCH 2/2] Basic implementation of Sharp Zaurus SL-5500 collie PDA

[Dmitry Eremin-Solenikov]

Add very basic implementation of collie PDA emulation. The system lacks
LoCoMo and graphics/sound emulation. Linux kernel boots up to mounting
rootfs (theoretically it can be provided in pflash images).

Signed-off-by: Dmitry Eremin-Solenikov 
---
 Makefile.target |1 +
 hw/collie.c |   69 +++
 2 files changed, 70 insertions(+), 0 deletions(-)
 create mode 100644 hw/collie.c

diff --git a/Makefile.target b/Makefile.target
index 9e4cfc0..0e0ef36 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -353,6 +353,7 @@ obj-arm-y += syborg_serial.o syborg_timer.o 
syborg_pointer.o syborg_rtc.o
 obj-arm-y += syborg_virtio.o
 obj-arm-y += vexpress.o
 obj-arm-y += strongarm.o
+obj-arm-y += collie.o
 
 obj-sh4-y = shix.o r2d.o sh7750.o sh7750_regnames.o tc58128.o
 obj-sh4-y += sh_timer.o sh_serial.o sh_intc.o sh_pci.o sm501.o
diff --git a/hw/collie.c b/hw/collie.c
new file mode 100644
index 000..156404d
--- /dev/null
+++ b/hw/collie.c
@@ -0,0 +1,69 @@
+/*
+ * SA-1110-based Sharp Zaurus SL-5500 platform.
+ *
+ * Copyright (C) 2011 Dmitry Eremin-Solenikov
+ *
+ * This code is licensed under GNU GPL v2.
+ */
+#include "hw.h"
+#include "sysbus.h"
+#include "boards.h"
+#include "devices.h"
+#include "strongarm.h"
+#include "arm-misc.h"
+#include "flash.h"
+#include "blockdev.h"
+
+static struct arm_boot_info collie_binfo = {
+.loader_start = SA_SDCS0,
+.ram_size = 0x2000,
+};
+
+static void collie_init(ram_addr_t ram_size,
+const char *boot_device,
+const char *kernel_filename, const char *kernel_cmdline,
+const char *initrd_filename, const char *cpu_model)
+{
+StrongARMState *s;
+DriveInfo *dinfo;
+ram_addr_t phys_flash;
+
+if (!cpu_model) {
+cpu_model = "sa1110";
+}
+
+s = sa1110_init(collie_binfo.ram_size, cpu_model);
+
+phys_flash = qemu_ram_alloc(NULL, "collie.fl1", 0x0200);
+dinfo = drive_get(IF_PFLASH, 0, 0);
+pflash_cfi01_register(SA_CS0, phys_flash,
+dinfo ? dinfo->bdrv : NULL, (64 * 1024),
+512, 4, 0x00, 0x00, 0x00, 0x00, 0);
+
+phys_flash = qemu_ram_alloc(NULL, "collie.fl2", 0x0200);
+dinfo = drive_get(IF_PFLASH, 0, 1);
+pflash_cfi01_register(SA_CS1, phys_flash,
+dinfo ? dinfo->bdrv : NULL, (64 * 1024),
+512, 4, 0x00, 0x00, 0x00, 0x00, 0);
+
+sysbus_create_simple("scoop", 0x4080, NULL);
+
+collie_binfo.kernel_filename = kernel_filename;
+collie_binfo.kernel_cmdline = kernel_cmdline;
+collie_binfo.initrd_filename = initrd_filename;
+collie_binfo.board_id = 0x208;
+arm_load_kernel(s->env, &collie_binfo);
+}
+
+static QEMUMachine collie_machine = {
+.name = "collie",
+.desc = "Collie PDA (SA-1110)",
+.init = collie_init,
+};
+
+static void collie_machine_init(void)
+{
+qemu_register_machine(&collie_machine);
+}
+
+machine_init(collie_machine_init)
-- 
1.7.4.1

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

[Daisuke Nojiri]

I'll take a look at libpcap and update the thread. Thanks, Avi.

Dai

On Sun, Apr 17, 2011 at 5:36 AM, Avi Kivity  wrote:

> On 04/14/2011 11:04 PM, Daisuke Nojiri wrote:
>
>> Hi, Avi,
>>
>> Complex and complete firewalling is probably out of my focus for now. I'm
>> trying to introduce a simple reverse firewall functionality which filters
>> outgoing patckets based on only destination address and port. Since Qemu
>> doesn't have any reverse firewall currently, I believe this is a good
>> addition and start.
>>
>>
> IMO this is the wrong direction.  Integrating libpcap should be simple (a
> call to pcap_offline_filter()) and immediately satisfy all current and
> future firewalling needs.
>
>
> --
> error compiling committee.c: too many arguments to function
>
>

Re: [Qemu-devel] [PATCH 1/2] Implement basic part of SA-1110/SA-1100

[Dmitry Eremin-Solenikov]

On 4/18/11, Aurelien Jarno  wrote:
> On Thu, Apr 14, 2011 at 10:18:02AM +0400, Dmitry Eremin-Solenikov wrote:
>> Basic implementation of DEC/Intel SA-1100/SA-1110 chips emulation.
>> Implemented:
>>  - IRQs
>>  - GPIO
>>  - PPC
>>  - RTC
>>  - UARTs (no IrDA/etc.)
>>  - OST reused from pxa25x
>>
>> Everything else is TODO (esp. PM/idle/sleep!) - see the todo in the
>> hw/strongarm.c
>>
>> V5:
>>   * syntax fixup
>>
>> V4:
>>   * use bitnames to access RTC and UART registers
>>   * drop unused casts
>>   * disable debug printfs in GPIO code
>>
>> V3:
>>   * fix the name of UART VMSD
>>   * fix RTSR reg offset
>>   * add SSP support
>>
>> V2:
>>   * removed all strongarm variants except latest
>>   * dropped unused casts
>>   * fixed PIC vmstate
>>   * fixed new devices created with version_id = 1
>>
>> Signed-off-by: Dmitry Eremin-Solenikov 
>> ---
>>  Makefile.target |1 +
>>  hw/strongarm.c  | 1587
>> +++
>>  hw/strongarm.h  |   64 ++
>>  target-arm/cpu.h|3 +
>>  target-arm/helper.c |9 +
>>  5 files changed, 1664 insertions(+), 0 deletions(-)
>>  create mode 100644 hw/strongarm.c
>>  create mode 100644 hw/strongarm.h
>
> It seems we are slowly converging, and this is almost ready. See my
> comments below.

I hope not to spam this ML with patches :) Will send V6 in a moment.

-- 
With best wishes
Dmitry

Re: [Qemu-devel] [PATCH 1/3] pseries: Increase maximum CPUs to 256

[David Gibson]

On Tue, Apr 19, 2011 at 09:38:58AM +0200, Alexander Graf wrote:
> 
> On 19.04.2011, at 03:54, David Gibson wrote:
> 
> > From: Anton Blanchard 
> > 
> > The original pSeries machine was limited to 32 CPUs, more or less
> > arbitrarily.  Particularly when we get SMT KVM guests it will be
> > pretty easy to exceed this.  Therefore, raise the max number of CPUs
> > in a pseries machine guest to 256.
> 
> Are the 256 limited by technical limits or arbitrary as well? :)

Still arbitrary, just bigger.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson

Re: [Qemu-devel] [PATCH] trace: allow ) in trace output string

[Stefan Hajnoczi]

On Tue, Apr 19, 2011 at 2:29 PM, Paolo Bonzini  wrote:
> Signed-off-by: Paolo Bonzini 
> ---
>  scripts/tracetool |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)

Acked-by: Stefan Hajnoczi 

I have merged it into my tracing tree and will send a pull request this week.

Stefan

Re: [Qemu-devel] KVM call agenda for April 19th

[Juan Quintela]

Antonio Galindo Castro  wrote:
>Tools for resource accounting the virtual machines.

This was the only topic for today call.  Moving item to next week
agenda. It appears that it is Eastern all around and not everybody able
to attend.

Have a nice day, Juan.

Re: [Qemu-devel] [PATCH 5/5] ide/atapi: Introduce NEED_DISK flag for commands

[Kevin Wolf]

Am 19.04.2011 15:18, schrieb Amit Shah:
> On (Tue) 19 Apr 2011 [14:36:43], Kevin Wolf wrote:
> 
>> diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
>> index 032d1b0..88e7791 100644
>> --- a/hw/ide/atapi.c
>> +++ b/hw/ide/atapi.c
>> @@ -813,11 +813,7 @@ error_cmd:
>>  
>>  static void cmd_test_unit_ready(IDEState *s, uint8_t *buf)
>>  {
>> -if (bdrv_is_inserted(s->bs)) {
>> -ide_atapi_cmd_ok(s);
>> -} else {
>> -ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
>> -}
>> +ide_atapi_cmd_ok(s);
>>  }
> 
> It'll look really weird to have test_unit_ready() to always return
> GOOD status (outside the context of this patch).  A comment will help.

Ok, I'll add a comment for v2.

Kevin

Re: [Qemu-devel] [PATCH 3/5] ide/atapi: Use table instead of switch for commands

[Kevin Wolf]

Am 19.04.2011 15:20, schrieb Amit Shah:
> On (Tue) 19 Apr 2011 [14:36:41], Kevin Wolf wrote:
> 
>> +struct {
>> +void (*handler)(IDEState *s, uint8_t *buf);
>> +int flags;
>> +} atapi_cmd_table[0x100] = {
>> +[ 0x00 ] = { cmd_test_unit_ready,   0 },
>> +[ 0x03 ] = { cmd_request_sense, ALLOW_UA },
>> +[ 0x12 ] = { cmd_inquiry,   ALLOW_UA },
>> +[ 0x1a ] = { cmd_mode_sense, /* (6) */  0 },
>> +[ 0x1b ] = { cmd_start_stop_unit,   0 },
>> +[ 0x1e ] = { cmd_prevent_allow_medium_removal,  0 },
>> +[ 0x25 ] = { cmd_read_cdvd_capacity,0 },
>> +[ 0x28 ] = { cmd_read, /* (10) */   0 },
>> +[ 0x2b ] = { cmd_seek,  0 },
>> +[ 0x43 ] = { cmd_read_toc_pma_atip, 0 },
>> +[ 0x46 ] = { cmd_get_configuration, ALLOW_UA },
>> +[ 0x4a ] = { cmd_get_event_status_notification, ALLOW_UA },
>> +[ 0x5a ] = { cmd_mode_sense, /* (10) */ 0 },
>> +[ 0xa8 ] = { cmd_read, /* (12) */   0 },
>> +[ 0xad ] = { cmd_read_dvd_structure,0 },
>> +[ 0xbb ] = { cmd_set_speed, 0 },
>> +[ 0xbd ] = { cmd_mechanism_status,  0 },
>> +[ 0xbe ] = { cmd_read_cd,   0 },
>> +};
> 
> I'd prefer to use the GPCMD_TEST_UNIT_READY, etc., defines we already
> have in internal.h instead of using the command numbers here.

In fact, I was considering to remove the GPCMD_* definitions because
most of them are unused now (only cmd_mode_sense/cmd_read still use them
to distinguish the variants).

What I like about this table is that you have all information about a
command directly visible: Its opcode, its name and any flags. Using the
constants would hide the opcode again, duplicate the name and probably
make the lines longer than 80 characters.

Kevin

[Qemu-devel] [PATCH] trace: allow ) in trace output string

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 scripts/tracetool |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/scripts/tracetool b/scripts/tracetool
index 412f695..9912f36 100755
--- a/scripts/tracetool
+++ b/scripts/tracetool
@@ -51,7 +51,7 @@ get_args()
 {
 local args
 args=${1#*\(}
-args=${args%\)*}
+args=${args%%\)*}
 echo "$args"
 }
 
-- 
1.7.4.4

Re: [Qemu-devel] [PATCH] acpi_piix4: fix save/load of PIIX4PMState

[Isaku Yamahata]

On Tue, Apr 19, 2011 at 02:33:46PM +0200, Juan Quintela wrote:
> Isaku Yamahata  wrote:
> >> shouldn't last one still be uint16_t?
> >
> > It results in an error by type_check_pointer.
> 
> You are right.  We are just lying.  Will think about how to fix this
> properly (basically move the whole thing to a uint8_t array, and work
> from there.
> 
> >> I guess that on ich9, GPE becomes one array, do you have that code handy
> >> somewhere, just to see what you want to do?
> >
> > I attached acpi_ich9.c.
> > For the full source tree please see the thread of q35 patchset.
> > http://lists.nongnu.org/archive/html/qemu-devel/2011-03/msg01656.html
> >
> > You may want to see only struct ACPIGFP and vmstate_ich9_pm.
> 
> Thanks.
> 
> >
> >> I think that best thing to do at this point is just to revert this whole
> >> patch.  We are creating a new type for uint8_t, that becomes a pointer.
> >> We are not sending the length of that array, so we need to add a new
> >> version/subsection when we add ICH9 anyways.
> >> 
> >> Seeing what you want to do would help me trying to figure out the best
> >> vmstate aproach.
> >
> > What I want to do eventually is to implement ACPI GPE logic generally,
> > to replace the current acpi_piix4's which was very specific to piix4,
> > and to implement ich9 GPE with new GPE code.
> > Thus we can avoid code/logic duplication of ACPI GPE between piix4 and
> > ich9.
> > struct ACPIGPE is used for both piix4 and ich9 with different
> > initialization parameter.
> 
> Do you mean
> 
> > According to the ACPI spec, GPE register length is hw specific.
> > In fact PIIX4 has 4 bytes length gpe
> > (Before patch PIIX4 GPE implementation used uint16_t sts + uint16_t en
> > which is very hw-specific. With the patch they became
> > uint8_t* sts + uint8_t *en which are dynamically allocated).
> > ICH9 has 8 bytes length gpe. (newer chipsets tend to have longer
> > GPE length as they support more and more events)
> >
> > Regarding to save/load, what I want to do is to save/load
> > the dynamically allocated array whose size is determined dynamically,
> > but the size is chip-constant.
> >
> > struct ACPIGPE {
> > uint32_t blk;
> > uint8_t len;< this is determined by chip.
> > < 4 for piix4
> > < 8 for ich9
> >
> > uint8_t *sts;   < ACPI GPE status register
> >  uint8_t array whose size is determined
> >  dynamically
> >  2 bytes for piix4
> >  4 bytes for ich9
> >
> > uint8_t *en; ACPI GPE enable register
> >  uint8_t array whose size is determined
> >  dynamically
> >  2 bytes for piix4
> >  4 bytes for ich9
> > };
> >
> > In order to keep the save/load compatibility of piix4(big endian uint16_t),
> > I had to add ugly hack as above.
> > If you don't like it, only acpi_piix4 part should be reverted.
> 
> I am on vacation Thrusday & Friday, but will try to do something for
> this.  Things would be easiare if we change that struct to something
> like:

Have a good vacation. :-)


> struct ACPIGPE {
>unti32_t blk;
>uint8_t len;
>uint8_t data[8]; /* We can change struct to bigger values when we
>implement new chipsets */
>uint8_t *sts; /* pointer to previous array);
>uint8_t *en;  /* another pointer to previous array */
> }
> 
> my problem here is that you have a len field that means we have 2 arrays
> of len/2 each.  That is very difficult to describe (althought possible).
> This other way, we just separate the logical interface and how things
> are stored.  as an added bonos, we remove two allocations.

I just followed the ACPI spec way. But I don't stick to it.
If necesarry, we can do it differently in coding details
(with a comment on the difference).
-- 
yamahata

Re: [Qemu-devel] [PATCH 0/5] atapi: Some code restructuring

[Amit Shah]

On (Tue) 19 Apr 2011 [14:36:38], Kevin Wolf wrote:
> Not marking this as an RFC because I want to commit itif  everyone is happy
> with it. Otherwise please treat it like an RFC. I don't mind too much if you
> think we shouldn't do this, it's just an option for which I wanted to try
> what it would look like.

I like this cleanup!

Amit

Re: [Qemu-devel] [PATCH 3/5] ide/atapi: Use table instead of switch for commands

[Amit Shah]

On (Tue) 19 Apr 2011 [14:36:41], Kevin Wolf wrote:

> +struct {
> +void (*handler)(IDEState *s, uint8_t *buf);
> +int flags;
> +} atapi_cmd_table[0x100] = {
> +[ 0x00 ] = { cmd_test_unit_ready,   0 },
> +[ 0x03 ] = { cmd_request_sense, ALLOW_UA },
> +[ 0x12 ] = { cmd_inquiry,   ALLOW_UA },
> +[ 0x1a ] = { cmd_mode_sense, /* (6) */  0 },
> +[ 0x1b ] = { cmd_start_stop_unit,   0 },
> +[ 0x1e ] = { cmd_prevent_allow_medium_removal,  0 },
> +[ 0x25 ] = { cmd_read_cdvd_capacity,0 },
> +[ 0x28 ] = { cmd_read, /* (10) */   0 },
> +[ 0x2b ] = { cmd_seek,  0 },
> +[ 0x43 ] = { cmd_read_toc_pma_atip, 0 },
> +[ 0x46 ] = { cmd_get_configuration, ALLOW_UA },
> +[ 0x4a ] = { cmd_get_event_status_notification, ALLOW_UA },
> +[ 0x5a ] = { cmd_mode_sense, /* (10) */ 0 },
> +[ 0xa8 ] = { cmd_read, /* (12) */   0 },
> +[ 0xad ] = { cmd_read_dvd_structure,0 },
> +[ 0xbb ] = { cmd_set_speed, 0 },
> +[ 0xbd ] = { cmd_mechanism_status,  0 },
> +[ 0xbe ] = { cmd_read_cd,   0 },
> +};

I'd prefer to use the GPCMD_TEST_UNIT_READY, etc., defines we already
have in internal.h instead of using the command numbers here.

Amit

Re: [Qemu-devel] [PATCH 5/5] ide/atapi: Introduce NEED_DISK flag for commands

[Amit Shah]

On (Tue) 19 Apr 2011 [14:36:43], Kevin Wolf wrote:

> diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
> index 032d1b0..88e7791 100644
> --- a/hw/ide/atapi.c
> +++ b/hw/ide/atapi.c
> @@ -813,11 +813,7 @@ error_cmd:
>  
>  static void cmd_test_unit_ready(IDEState *s, uint8_t *buf)
>  {
> -if (bdrv_is_inserted(s->bs)) {
> -ide_atapi_cmd_ok(s);
> -} else {
> -ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
> -}
> +ide_atapi_cmd_ok(s);
>  }

It'll look really weird to have test_unit_ready() to always return
GOOD status (outside the context of this patch).  A comment will help.

Amit

Re: [Qemu-devel] [PATCH 09/20] softfloat-native: add float*_is_any_nan() functions

[Peter Maydell]

On 18 April 2011 22:00, Aurelien Jarno  wrote:

> @@ -511,4 +530,11 @@ int floatx80_is_quiet_nan( floatx80 a1 )
>     return ( ( u.i.high & 0x7FFF ) == 0x7FFF ) && (uint64_t) ( u.i.low<<1 );
>  }
>
> +int floatx80_is_any_nan( floatx80 a1 )
> +{
> +    floatx80u u;
> +    u.f = a1;
> +    return ((u.i.high & 0x7FFF) == 0x7FFF) && ( u.i.low<<1 );
> +}
> +
>  #endif

As you can just see from the context, the new function is
actually identical to the existing floatx80_is_quiet_nan(),
but the latter is wrong, not this patch :-)

Nobody seems to use floatx80_is_quiet_nan() so if we're just
going to nuke softfloat-native shortly there's no point fixing
it I guess.

Reviewed-by: Peter Maydell 

-- PMM

Re: [Qemu-devel] [PATCH 08/20] softfloat-native: fix float*_scalbn() functions

[Peter Maydell]

On 18 April 2011 22:00, Aurelien Jarno  wrote:
> float*_scalbn() should be able to take a status parameter. Fix that.
>
> Signed-off-by: Aurelien Jarno 

Reviewed-by: Peter Maydell 

-- PMM

[Qemu-devel] [PATCH 2/5] ide/atapi: Factor some commands out

[Kevin Wolf]

Signed-off-by: Kevin Wolf 
---
 hw/ide/atapi.c |  837 +++-
 1 files changed, 459 insertions(+), 378 deletions(-)

diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index 25a636e..d161bf7 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -621,11 +621,453 @@ static void 
handle_get_event_status_notification(IDEState *s,
 ide_atapi_cmd_reply(s, used_len, max_len);
 }
 
+static void cmd_request_sense(IDEState *s, uint8_t *buf)
+{
+int max_len = buf[4];
+
+memset(buf, 0, 18);
+buf[0] = 0x70 | (1 << 7);
+buf[2] = s->sense_key;
+buf[7] = 10;
+buf[12] = s->asc;
+
+if (s->sense_key == SENSE_UNIT_ATTENTION) {
+s->sense_key = SENSE_NONE;
+}
+
+ide_atapi_cmd_reply(s, 18, max_len);
+}
+
+static void cmd_inquiry(IDEState *s, uint8_t *buf)
+{
+int max_len = buf[4];
+
+buf[0] = 0x05; /* CD-ROM */
+buf[1] = 0x80; /* removable */
+buf[2] = 0x00; /* ISO */
+buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
+buf[4] = 31; /* additional length */
+buf[5] = 0; /* reserved */
+buf[6] = 0; /* reserved */
+buf[7] = 0; /* reserved */
+padstr8(buf + 8, 8, "QEMU");
+padstr8(buf + 16, 16, "QEMU DVD-ROM");
+padstr8(buf + 32, 4, s->version);
+ide_atapi_cmd_reply(s, 36, max_len);
+}
+
+static void cmd_get_configuration(IDEState *s, uint8_t *buf)
+{
+uint32_t len;
+uint8_t index = 0;
+int max_len;
+
+/* only feature 0 is supported */
+if (buf[2] != 0 || buf[3] != 0) {
+ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
+ASC_INV_FIELD_IN_CMD_PACKET);
+return;
+}
+
+/* XXX: could result in alignment problems in some architectures */
+max_len = ube16_to_cpu(buf + 7);
+
+/*
+ * XXX: avoid overflow for io_buffer if max_len is bigger than
+ *  the size of that buffer (dimensioned to max number of
+ *  sectors to transfer at once)
+ *
+ *  Only a problem if the feature/profiles grow.
+ */
+if (max_len > 512) {
+/* XXX: assume 1 sector */
+max_len = 512;
+}
+
+memset(buf, 0, max_len);
+/*
+ * the number of sectors from the media tells us which profile
+ * to use as current.  0 means there is no media
+ */
+if (media_is_dvd(s)) {
+cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
+} else if (media_is_cd(s)) {
+cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
+}
+
+buf[10] = 0x02 | 0x01; /* persistent and current */
+len = 12; /* headers: 8 + 4 */
+len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
+len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
+cpu_to_ube32(buf, len - 4); /* data length */
+
+ide_atapi_cmd_reply(s, len, max_len);
+}
+
+static void cmd_mode_sense(IDEState *s, uint8_t *buf)
+{
+int action, code;
+int max_len;
+
+if (buf[0] == GPCMD_MODE_SENSE_10) {
+max_len = ube16_to_cpu(buf + 7);
+} else {
+max_len = buf[4];
+}
+
+action = buf[2] >> 6;
+code = buf[2] & 0x3f;
+
+switch(action) {
+case 0: /* current values */
+switch(code) {
+case GPMODE_R_W_ERROR_PAGE: /* error recovery */
+cpu_to_ube16(&buf[0], 16 + 6);
+buf[2] = 0x70;
+buf[3] = 0;
+buf[4] = 0;
+buf[5] = 0;
+buf[6] = 0;
+buf[7] = 0;
+
+buf[8] = 0x01;
+buf[9] = 0x06;
+buf[10] = 0x00;
+buf[11] = 0x05;
+buf[12] = 0x00;
+buf[13] = 0x00;
+buf[14] = 0x00;
+buf[15] = 0x00;
+ide_atapi_cmd_reply(s, 16, max_len);
+break;
+case GPMODE_AUDIO_CTL_PAGE:
+cpu_to_ube16(&buf[0], 24 + 6);
+buf[2] = 0x70;
+buf[3] = 0;
+buf[4] = 0;
+buf[5] = 0;
+buf[6] = 0;
+buf[7] = 0;
+
+/* Fill with CDROM audio volume */
+buf[17] = 0;
+buf[19] = 0;
+buf[21] = 0;
+buf[23] = 0;
+
+ide_atapi_cmd_reply(s, 24, max_len);
+break;
+case GPMODE_CAPABILITIES_PAGE:
+cpu_to_ube16(&buf[0], 28 + 6);
+buf[2] = 0x70;
+buf[3] = 0;
+buf[4] = 0;
+buf[5] = 0;
+buf[6] = 0;
+buf[7] = 0;
+
+buf[8] = 0x2a;
+buf[9] = 0x12;
+buf[10] = 0x00;
+buf[11] = 0x00;
+
+/* Claim PLAY_AUDIO capability (0x01) since some Linux
+   code checks for this to automount media. */
+buf[12] = 0x71;
+buf[13] = 3 << 5;
+buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
+if (bdrv_is_locked(s->bs))
+buf[6] |= 1 << 1;
+buf[15] = 0x00;
+cpu_to_ube16(&buf[16], 706);
+buf[18] = 0;
+buf[19] = 2;
+

[Qemu-devel] [PATCH 3/5] ide/atapi: Use table instead of switch for commands

[Kevin Wolf]

Signed-off-by: Kevin Wolf 
---
 hw/ide/atapi.c |  115 +++
 1 files changed, 48 insertions(+), 67 deletions(-)

diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index d161bf7..e8ac764 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -533,10 +533,11 @@ static unsigned int event_status_media(IDEState *s,
 return 8; /* We wrote to 4 extra bytes from the header */
 }
 
-static void handle_get_event_status_notification(IDEState *s,
- uint8_t *buf,
- const uint8_t *packet)
+static void cmd_get_event_status_notification(IDEState *s,
+  uint8_t *buf)
 {
+const uint8_t *packet = (const uint8_t*) buf;
+
 struct {
 uint8_t opcode;
 uint8_t polled;/* lsb bit is polled; others are reserved */
@@ -1064,6 +1065,38 @@ static void cmd_set_speed(IDEState *s, uint8_t* buf)
 ide_atapi_cmd_ok(s);
 }
 
+enum {
+/*
+ * Only commands flagged as ALLOW_UA are allowed to run under a
+ * unit attention condition. (See MMC-5, section 4.1.6.1)
+ */
+ALLOW_UA = 0x01,
+};
+
+struct {
+void (*handler)(IDEState *s, uint8_t *buf);
+int flags;
+} atapi_cmd_table[0x100] = {
+[ 0x00 ] = { cmd_test_unit_ready,   0 },
+[ 0x03 ] = { cmd_request_sense, ALLOW_UA },
+[ 0x12 ] = { cmd_inquiry,   ALLOW_UA },
+[ 0x1a ] = { cmd_mode_sense, /* (6) */  0 },
+[ 0x1b ] = { cmd_start_stop_unit,   0 },
+[ 0x1e ] = { cmd_prevent_allow_medium_removal,  0 },
+[ 0x25 ] = { cmd_read_cdvd_capacity,0 },
+[ 0x28 ] = { cmd_read, /* (10) */   0 },
+[ 0x2b ] = { cmd_seek,  0 },
+[ 0x43 ] = { cmd_read_toc_pma_atip, 0 },
+[ 0x46 ] = { cmd_get_configuration, ALLOW_UA },
+[ 0x4a ] = { cmd_get_event_status_notification, ALLOW_UA },
+[ 0x5a ] = { cmd_mode_sense, /* (10) */ 0 },
+[ 0xa8 ] = { cmd_read, /* (12) */   0 },
+[ 0xad ] = { cmd_read_dvd_structure,0 },
+[ 0xbb ] = { cmd_set_speed, 0 },
+[ 0xbd ] = { cmd_mechanism_status,  0 },
+[ 0xbe ] = { cmd_read_cd,   0 },
+};
+
 void ide_atapi_cmd(IDEState *s)
 {
 const uint8_t *packet;
@@ -1082,21 +1115,17 @@ void ide_atapi_cmd(IDEState *s)
 }
 #endif
 /*
- * If there's a UNIT_ATTENTION condition pending, only
- * REQUEST_SENSE, INQUIRY, GET_CONFIGURATION and
- * GET_EVENT_STATUS_NOTIFICATION commands are allowed to complete.
- * MMC-5, section 4.1.6.1 lists only these commands being allowed
- * to complete, with other commands getting a CHECK condition
- * response unless a higher priority status, defined by the drive
+ * If there's a UNIT_ATTENTION condition pending, only command flagged with
+ * ALLOW_UA are allowed to complete. with other commands getting a CHECK
+ * condition response unless a higher priority status, defined by the drive
  * here, is pending.
  */
 if (s->sense_key == SENSE_UNIT_ATTENTION &&
-s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
-s->io_buffer[0] != GPCMD_INQUIRY &&
-s->io_buffer[0] != GPCMD_GET_EVENT_STATUS_NOTIFICATION) {
+!(atapi_cmd_table[s->io_buffer[0]].flags & ALLOW_UA)) {
 ide_atapi_cmd_check_status(s);
 return;
 }
+
 if (bdrv_is_inserted(s->bs) && s->cdrom_changed) {
 ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
 
@@ -1105,60 +1134,12 @@ void ide_atapi_cmd(IDEState *s)
 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
 return;
 }
-switch(s->io_buffer[0]) {
-case GPCMD_TEST_UNIT_READY:
-cmd_test_unit_ready(s, buf);
-break;
-case GPCMD_MODE_SENSE_6:
-case GPCMD_MODE_SENSE_10:
-cmd_mode_sense(s, buf);
-break;
-case GPCMD_REQUEST_SENSE:
-cmd_request_sense(s, buf);
-break;
-case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
-cmd_prevent_allow_medium_removal(s, buf);
-break;
-case GPCMD_READ_10:
-case GPCMD_READ_12:
-cmd_read(s, buf);
-break;
-case GPCMD_READ_CD:
-cmd_read_cd(s, buf);
-break;
-case GPCMD_SEEK:
-cmd_seek(s, buf);
-break;
-case GPCMD_START_STOP_UNIT:
-cmd_start_stop_unit(s, buf);
-break;
-case GPCMD_MECHANISM_STATUS:
-cmd_mechanism_status(s, buf);
-break;
-case GPCMD_READ_TOC_PMA_ATIP:
-cmd_read_toc_pma_atip(s, buf);
-break;
-case GPCMD_READ_CDVD_CAPACITY:
-cmd_read_cdvd_capacity(s, buf);
-break;
-case GPCMD_READ_DVD_STRUCTURE:
-cmd_read_dvd_structure(s, buf);
-break;
-case GPCMD_SET_SPEED:
-cmd_set_speed(s, buf);
-break;
-case GPC

[Qemu-devel] [PATCH 5/5] ide/atapi: Introduce NEED_DISK flag for commands

[Kevin Wolf]

Some commands require a medium to be present in order to execute successfully.
Instead of duplicating the check in each command implementation, let's add a
flag and check it before calling the command.

This patch only converts existing checks, it does not introduce new checks for
any of the other commands that can/should report a Not Ready Condition.

Signed-off-by: Kevin Wolf 
---
 hw/ide/atapi.c |   46 +-
 1 files changed, 21 insertions(+), 25 deletions(-)

diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index 032d1b0..88e7791 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -813,11 +813,7 @@ error_cmd:
 
 static void cmd_test_unit_ready(IDEState *s, uint8_t *buf)
 {
-if (bdrv_is_inserted(s->bs)) {
-ide_atapi_cmd_ok(s);
-} else {
-ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
-}
+ide_atapi_cmd_ok(s);
 }
 
 static void cmd_prevent_allow_medium_removal(IDEState *s, uint8_t* buf)
@@ -883,11 +879,6 @@ static void cmd_seek(IDEState *s, uint8_t* buf)
 unsigned int lba;
 uint64_t total_sectors = s->nb_sectors >> 2;
 
-if (total_sectors == 0) {
-ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
-return;
-}
-
 lba = ube32_to_cpu(buf + 2);
 if (lba >= total_sectors) {
 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, ASC_LOGICAL_BLOCK_OOR);
@@ -941,13 +932,8 @@ static void cmd_mechanism_status(IDEState *s, uint8_t* buf)
 static void cmd_read_toc_pma_atip(IDEState *s, uint8_t* buf)
 {
 int format, msf, start_track, len;
-uint64_t total_sectors = s->nb_sectors >> 2;
 int max_len;
-
-if (total_sectors == 0) {
-ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
-return;
-}
+uint64_t total_sectors = s->nb_sectors >> 2;
 
 max_len = ube16_to_cpu(buf + 7);
 format = buf[9] >> 6;
@@ -986,11 +972,6 @@ static void cmd_read_cdvd_capacity(IDEState *s, uint8_t* 
buf)
 {
 uint64_t total_sectors = s->nb_sectors >> 2;
 
-if (total_sectors == 0) {
-ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
-return;
-}
-
 /* NOTE: it is really the number of sectors minus 1 */
 cpu_to_ube32(buf, total_sectors - 1);
 cpu_to_ube32(buf + 4, 2048);
@@ -1062,22 +1043,29 @@ enum {
  * unit attention condition. (See MMC-5, section 4.1.6.1)
  */
 ALLOW_UA = 0x01,
+
+/*
+ * Commands flagged with CHECK_READY can only execute if a medium is 
present.
+ * Otherwise they report the Not Ready Condition. (See MMC-5, section
+ * 4.1.8)
+ */
+CHECK_READY = 0x02,
 };
 
 struct {
 void (*handler)(IDEState *s, uint8_t *buf);
 int flags;
 } atapi_cmd_table[0x100] = {
-[ 0x00 ] = { cmd_test_unit_ready,   0 },
+[ 0x00 ] = { cmd_test_unit_ready,   CHECK_READY },
 [ 0x03 ] = { cmd_request_sense, ALLOW_UA },
 [ 0x12 ] = { cmd_inquiry,   ALLOW_UA },
 [ 0x1a ] = { cmd_mode_sense, /* (6) */  0 },
 [ 0x1b ] = { cmd_start_stop_unit,   0 },
 [ 0x1e ] = { cmd_prevent_allow_medium_removal,  0 },
-[ 0x25 ] = { cmd_read_cdvd_capacity,0 },
+[ 0x25 ] = { cmd_read_cdvd_capacity,CHECK_READY },
 [ 0x28 ] = { cmd_read, /* (10) */   0 },
-[ 0x2b ] = { cmd_seek,  0 },
-[ 0x43 ] = { cmd_read_toc_pma_atip, 0 },
+[ 0x2b ] = { cmd_seek,  CHECK_READY },
+[ 0x43 ] = { cmd_read_toc_pma_atip, CHECK_READY },
 [ 0x46 ] = { cmd_get_configuration, ALLOW_UA },
 [ 0x4a ] = { cmd_get_event_status_notification, ALLOW_UA },
 [ 0x5a ] = { cmd_mode_sense, /* (10) */ 0 },
@@ -1126,6 +1114,14 @@ void ide_atapi_cmd(IDEState *s)
 return;
 }
 
+/* Report a Not Ready condition if appropriate for the command */
+if ((atapi_cmd_table[s->io_buffer[0]].flags & CHECK_READY) &&
+(!media_present(s) || !bdrv_is_inserted(s->bs)))
+{
+ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
+return;
+}
+
 /* Execute the command */
 if (atapi_cmd_table[s->io_buffer[0]].handler) {
 atapi_cmd_table[s->io_buffer[0]].handler(s, buf);
-- 
1.7.2.3

[Qemu-devel] [PATCH 4/5] ide/atapi: Replace bdrv_get_geometry calls by s->nb_sectors

[Kevin Wolf]

The disk size can only change when the medium is changed, and the change
callback takes care of updating s->nb_sectors in this case.

Signed-off-by: Kevin Wolf 
---
 hw/ide/atapi.c |   21 ++---
 1 files changed, 6 insertions(+), 15 deletions(-)

diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index e8ac764..032d1b0 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -416,10 +416,10 @@ static int ide_dvd_read_structure(IDEState *s, int format,
 if (layer != 0)
 return -ASC_INV_FIELD_IN_CMD_PACKET;
 
-bdrv_get_geometry(s->bs, &total_sectors);
-total_sectors >>= 2;
-if (total_sectors == 0)
+total_sectors = s->nb_sectors >> 2;
+if (total_sectors == 0) {
 return -ASC_MEDIUM_NOT_PRESENT;
+}
 
 buf[4] = 1;   /* DVD-ROM, part version 1 */
 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
@@ -881,11 +881,8 @@ static void cmd_read_cd(IDEState *s, uint8_t* buf)
 static void cmd_seek(IDEState *s, uint8_t* buf)
 {
 unsigned int lba;
-uint64_t total_sectors;
-
-bdrv_get_geometry(s->bs, &total_sectors);
+uint64_t total_sectors = s->nb_sectors >> 2;
 
-total_sectors >>= 2;
 if (total_sectors == 0) {
 ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
 return;
@@ -944,12 +941,9 @@ static void cmd_mechanism_status(IDEState *s, uint8_t* buf)
 static void cmd_read_toc_pma_atip(IDEState *s, uint8_t* buf)
 {
 int format, msf, start_track, len;
-uint64_t total_sectors;
+uint64_t total_sectors = s->nb_sectors >> 2;
 int max_len;
 
-bdrv_get_geometry(s->bs, &total_sectors);
-
-total_sectors >>= 2;
 if (total_sectors == 0) {
 ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
 return;
@@ -990,11 +984,8 @@ static void cmd_read_toc_pma_atip(IDEState *s, uint8_t* 
buf)
 
 static void cmd_read_cdvd_capacity(IDEState *s, uint8_t* buf)
 {
-uint64_t total_sectors;
-
-bdrv_get_geometry(s->bs, &total_sectors);
+uint64_t total_sectors = s->nb_sectors >> 2;
 
-total_sectors >>= 2;
 if (total_sectors == 0) {
 ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
 return;
-- 
1.7.2.3

[Qemu-devel] [PATCH 0/5] atapi: Some code restructuring

[Kevin Wolf]

Not marking this as an RFC because I want to commit itif  everyone is happy
with it. Otherwise please treat it like an RFC. I don't mind too much if you
think we shouldn't do this, it's just an option for which I wanted to try
what it would look like.

Kevin Wolf (5):
  ide: Split atapi.c out
  ide/atapi: Factor some commands out
  ide/atapi: Use table instead of switch for commands
  ide/atapi: Replace bdrv_get_geometry calls by s->nb_sectors
  ide/atapi: Introduce NEED_DISK flag for commands

 Makefile.objs |2 +-
 hw/ide/atapi.c| 1132 +
 hw/ide/core.c | 1065 +-
 hw/ide/internal.h |   14 +-
 4 files changed, 1147 insertions(+), 1066 deletions(-)
 create mode 100644 hw/ide/atapi.c

-- 
1.7.2.3

Re: [Qemu-devel] [PATCH] acpi_piix4: fix save/load of PIIX4PMState

[Juan Quintela]

Isaku Yamahata  wrote:
>> shouldn't last one still be uint16_t?
>
> It results in an error by type_check_pointer.

You are right.  We are just lying.  Will think about how to fix this
properly (basically move the whole thing to a uint8_t array, and work
from there.

>> I guess that on ich9, GPE becomes one array, do you have that code handy
>> somewhere, just to see what you want to do?
>
> I attached acpi_ich9.c.
> For the full source tree please see the thread of q35 patchset.
> http://lists.nongnu.org/archive/html/qemu-devel/2011-03/msg01656.html
>
> You may want to see only struct ACPIGFP and vmstate_ich9_pm.

Thanks.

>
>> I think that best thing to do at this point is just to revert this whole
>> patch.  We are creating a new type for uint8_t, that becomes a pointer.
>> We are not sending the length of that array, so we need to add a new
>> version/subsection when we add ICH9 anyways.
>> 
>> Seeing what you want to do would help me trying to figure out the best
>> vmstate aproach.
>
> What I want to do eventually is to implement ACPI GPE logic generally,
> to replace the current acpi_piix4's which was very specific to piix4,
> and to implement ich9 GPE with new GPE code.
> Thus we can avoid code/logic duplication of ACPI GPE between piix4 and
> ich9.
> struct ACPIGPE is used for both piix4 and ich9 with different
> initialization parameter.

Do you mean

> According to the ACPI spec, GPE register length is hw specific.
> In fact PIIX4 has 4 bytes length gpe
> (Before patch PIIX4 GPE implementation used uint16_t sts + uint16_t en
> which is very hw-specific. With the patch they became
> uint8_t* sts + uint8_t *en which are dynamically allocated).
> ICH9 has 8 bytes length gpe. (newer chipsets tend to have longer
> GPE length as they support more and more events)
>
> Regarding to save/load, what I want to do is to save/load
> the dynamically allocated array whose size is determined dynamically,
> but the size is chip-constant.
>
> struct ACPIGPE {
> uint32_t blk;
> uint8_t len;< this is determined by chip.
> < 4 for piix4
> < 8 for ich9
>
> uint8_t *sts;   < ACPI GPE status register
>  uint8_t array whose size is determined
>  dynamically
>  2 bytes for piix4
>  4 bytes for ich9
>
> uint8_t *en; ACPI GPE enable register
>  uint8_t array whose size is determined
>  dynamically
>  2 bytes for piix4
>  4 bytes for ich9
> };
>
> In order to keep the save/load compatibility of piix4(big endian uint16_t),
> I had to add ugly hack as above.
> If you don't like it, only acpi_piix4 part should be reverted.

I am on vacation Thrusday & Friday, but will try to do something for
this.  Things would be easiare if we change that struct to something
like:

struct ACPIGPE {
   unti32_t blk;
   uint8_t len;
   uint8_t data[8]; /* We can change struct to bigger values when we
   implement new chipsets */
   uint8_t *sts; /* pointer to previous array);
   uint8_t *en;  /* another pointer to previous array */
}

my problem here is that you have a len field that means we have 2 arrays
of len/2 each.  That is very difficult to describe (althought possible).
This other way, we just separate the logical interface and how things
are stored.  as an added bonos, we remove two allocations.

Later, Juan.

Re: [Qemu-devel] [PATCH 07/20] softfloat: fix float*_scalnb() corner cases

[Peter Maydell]

On 18 April 2011 21:59, Aurelien Jarno  wrote:

> @@ -6349,6 +6352,12 @@ float32 float32_scalbn( float32 a, int n STATUS_PARAM )
>     else if ( aSig == 0 )
>         return a;
>
> +    if (n > 0x80) {
> +        n = 0x80;
> +    } else if (n < -0x80) {
> +        n = -0x80;
> +    }
> +
>     aExp += n - 1;
>     aSig <<= 7;
>     return normalizeRoundAndPackFloat32( aSign, aExp, aSig STATUS_VAR );

I don't think your if() condition is right here. Consider the
float32 0080 (1.0 * 2 ^ -126 ; the smallest possible normalised
number); you can multiply this by, say, 2^253, without overflowing
to infinity. However your if() here means we'll incorrectly
compute the result of multiplying by 2^128 instead. s/0x80/0x200/
should work.

The others look OK to me. I would personally prefer to retain the int16
etc rather than moving to int16_t, but I don't quite feel strongly enough
to argue about it.

-- PMM

Re: [Qemu-devel] [PATCH 06/20] softfloat: add floatx80_compare*() functions

[Peter Maydell]

On 18 April 2011 21:59, Aurelien Jarno  wrote:
> Add floatx80_compare() and floatx80_compare_quiet() functions to match
> the softfloat-native ones.
>
> Signed-off-by: Aurelien Jarno 

Reviewed-by: Peter Maydell 

Re: [Qemu-devel] [PATCH 05/20] softfloat-native: add a few constant values

[Peter Maydell]

On 18 April 2011 21:59, Aurelien Jarno  wrote:
> Signed-off-by: Aurelien Jarno 

Reviewed-by: Peter Maydell 

Re: [Qemu-devel] [PATCH 04/20] softfloat: add pi constants

[Peter Maydell]

On 18 April 2011 21:59, Aurelien Jarno  wrote:
> +#define float64_pi make_float32(0x400921fb54442d18LL)

This doesn't look quite right :-)

-- PMM

Re: [Qemu-devel] [PATCH 03/20] softfloat: add floatx80 constants

[Peter Maydell]

On 18 April 2011 21:59, Aurelien Jarno  wrote:
> Add floatx80 constants similarly to float32 or float64.
>
> Signed-off-by: Aurelien Jarno 

Reviewed-by: Peter Maydell 

NB: I didn't actually check you got the ln2 value right :-)
Also for x86 these constants are stored internally with a 66 bit
mantissa and then rounded according to the current rounding mode,
so strictly speaking using these values isn't always the right
thing, but I think that's being overly picky for now.

-- PMM

[Qemu-devel] [PATCH v2 2b/6] kvm: add kvmclock to its second bit

[Jan Kiszka]

From: Glauber Costa 

We have two bits that can represent kvmclock in cpuid. They signal the
guest which msr set to use. When we tweak flags involving this value -
specially when we use "-", we have to act on both.

[Jan: factored out lookup_feature changes]
Signed-off-by: Jan Kiszka 
---
 target-i386/cpuid.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
index 0ac592f..e479a4d 100644
--- a/target-i386/cpuid.c
+++ b/target-i386/cpuid.c
@@ -73,7 +73,7 @@ static const char *ext3_feature_name[] = {
 };
 
 static const char *kvm_feature_name[] = {
-"kvmclock", "kvm_nopiodelay", "kvm_mmu", NULL, "kvm_asyncpf", NULL, NULL, 
NULL,
+"kvmclock", "kvm_nopiodelay", "kvm_mmu", "kvmclock", "kvm_asyncpf", NULL, 
NULL, NULL,
 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-- 
1.7.1

[Qemu-devel] [PATCH v2 2a/6] x86: Allow multiple cpu feature matches of lookup_feature

[Jan Kiszka]

kvmclock is represented by two feature bits. Therefore, lookup_feature
needs to continue its search even after the first match. Enhance it
accordingly and switch to a bool return type at this chance.

Signed-off-by: Jan Kiszka 
---
 target-i386/cpuid.c |   14 --
 1 files changed, 8 insertions(+), 6 deletions(-)

Glauber, could you check/ack this? Marcelo, please respin the series
afterward. I'd like to see all bits upstream and merged back into
qemu-kvm to proceed with switching the latter to upstream's kvm
infrastructure.

diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
index 814d13e..0ac592f 100644
--- a/target-i386/cpuid.c
+++ b/target-i386/cpuid.c
@@ -182,20 +182,22 @@ static int altcmp(const char *s, const char *e, const 
char *altstr)
 }
 
 /* search featureset for flag *[s..e), if found set corresponding bit in
- * *pval and return success, otherwise return zero
+ * *pval and return true, otherwise return false
  */
-static int lookup_feature(uint32_t *pval, const char *s, const char *e,
-const char **featureset)
+static bool lookup_feature(uint32_t *pval, const char *s, const char *e,
+   const char **featureset)
 {
 uint32_t mask;
 const char **ppc;
+bool found = false;
 
-for (mask = 1, ppc = featureset; mask; mask <<= 1, ++ppc)
+for (mask = 1, ppc = featureset; mask; mask <<= 1, ++ppc) {
 if (*ppc && !altcmp(s, e, *ppc)) {
 *pval |= mask;
-break;
+found = true;
 }
-return (mask ? 1 : 0);
+}
+return found;
 }
 
 static void add_flagname_to_bitmaps(const char *flagname, uint32_t *features,
-- 
1.7.1

Re: [Qemu-devel] [PATCH 02/20] softfloat: fix floatx80_is_infinity()

[Peter Maydell]

On 18 April 2011 21:59, Aurelien Jarno  wrote:
> With floatx80, the explicit bit is set for infinity.
>
> Signed-off-by: Aurelien Jarno 

Reviewed-by: Peter Maydell 

-- PMM