Re: [Qemu-devel] [PATCH v6 2/2] target-ppc: spapr: e500: fix to use cpu_dt_id
Am 01.02.2014 01:24, schrieb Alexey Kardashevskiy:
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 1cb276d..4e0a70e 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -131,7 +131,7 @@ static void rtas_query_cpu_stopped_state(PowerPCCPU *cpu_,
uint32_t nret, target_ulong rets)
{
target_ulong id;
-CPUState *cpu;
+PowerPCCPU *cpu;
if (nargs != 1 || nret != 2) {
rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
@@ -139,9 +139,9 @@ static void rtas_query_cpu_stopped_state(PowerPCCPU *cpu_,
}
id = rtas_ld(args, 0);
-cpu = qemu_get_cpu(id);
+cpu = ppc_get_vcpu_by_dt_id(id);
if (cpu != NULL) {
-if (cpu-halted) {
+if (cpu-parent_obj.halted) {
Sorry for not noticing this earlier, but the purpose of parent_obj is
to make it a checkpatch error at some point - it should not be accessed
by regular code. Use CPU(cpu) to access the parent's fields, and to
avoid CPU(cpu)-halted, use a local variable please.
rtas_st(rets, 1, 0);
} else {
rtas_st(rets, 1, 2);
[snip]
Regards,
Andreas
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
[Qemu-devel] [PATCH] linux-user: Fix trampoline code for CRIS
__put_user can write bytes, words (2 bytes) or longwords (4 bytes).
Here obviously words should have been written, but bytes were written,
so values like 0x9c5f were truncated to 0x5f.
Fix this by changing retcode from uint8_t to to uint16_t in
target_signal_frame and also in the unused rt_signal_frame.
This problem was reported by static code analysis (smatch).
Cc: qemu-sta...@nongnu.org
Signed-off-by: Stefan Weil s...@weilnetz.de
---
Please review this patch. I don't know details of the CRIS code
and cannot check my modification, so I don't know whether the new
code works as expected. Especially the byte order should be
checked.
Old and new code use tab characters, therefore checkpatch.pl
reports errors.
S. W.
linux-user/signal.c |8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/linux-user/signal.c b/linux-user/signal.c
index 01d7c39..697f46b 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -3659,7 +3659,7 @@ struct target_sigcontext {
struct target_signal_frame {
struct target_sigcontext sc;
uint32_t extramask[TARGET_NSIG_WORDS - 1];
-uint8_t retcode[8]; /* Trampoline code. */
+uint16_t retcode[4]; /* Trampoline code. */
};
struct rt_signal_frame {
@@ -3667,7 +3667,7 @@ struct rt_signal_frame {
void *puc;
siginfo_t info;
struct ucontext uc;
-uint8_t retcode[8]; /* Trampoline code. */
+uint16_t retcode[4]; /* Trampoline code. */
};
static void setup_sigcontext(struct target_sigcontext *sc, CPUCRISState *env)
@@ -3745,8 +3745,8 @@ static void setup_frame(int sig, struct target_sigaction
*ka,
*/
err |= __put_user(0x9c5f, frame-retcode+0);
err |= __put_user(TARGET_NR_sigreturn,
- frame-retcode+2);
- err |= __put_user(0xe93d, frame-retcode+4);
+ frame-retcode + 1);
+ err |= __put_user(0xe93d, frame-retcode + 2);
/* Save the mask. */
err |= __put_user(set-sig[0], frame-sc.oldmask);
--
1.7.10.4
Re: [Qemu-devel] [Qemu-trivial] [PATCH] i386: Add missing include file for QEMU_PACKED
01.02.2014 02:05, Stefan Weil wrote: Instead of packing BiosLinkerLoaderEntry, an unused global variable called QEMU_PACKED was created (detected by smatch static code analysis). Including qemu-common.h gets the right definition and also includes some standard include files which now can be removed here. A good one. Thanks, applied to the trivial patches queue. /mjt
Re: [Qemu-devel] [Qemu-trivial] [PATCH] tcg/s390: Remove sigill_handler
30.01.2014 01:08, Richard Henderson wrote: Commit c9baa30f42a87f61627391698f63fa4d1566d9d8 failed to delete all of the relevant code, leading to Werrors about unused symbols. Applied to the trivial-patches queue, thank you! /mjt
Re: [Qemu-devel] [Qemu-trivial] [PATCH] readline: Add missing GCC_FMT_ATTR
25.01.2014 21:18, Stefan Weil wrote: This fixes a compiler warning with -Werror=missing-format-attribute and allows improved compiler checks for variable argument lists. Thanks, applied to the trivial-patches queue. /mjt
Re: [Qemu-devel] [Qemu-trivial] [PATCH] hw/ppc: Remove unused defines
Unused in the code indeed. Thanks, applied to the trivial-patches queue. /mjt
Re: [Qemu-devel] [Qemu-trivial] [PATCH] qapi: cleanup redundant variable
23.01.2014 12:54, Amos Kong wrote:
No need to re-append an expr list, it's ok to return schema.exprs
Signed-off-by: Amos Kong ak...@redhat.com
---
scripts/qapi.py | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/scripts/qapi.py b/scripts/qapi.py
index 7b92689..718f1ad 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -175,8 +175,6 @@ def parse_schema(fp):
print sys.stderr, e
exit(1)
-exprs = []
-
for expr in schema.exprs:
if expr.has_key('enum'):
add_enum(expr['enum'])
@@ -185,9 +183,8 @@ def parse_schema(fp):
add_enum('%sKind' % expr['union'])
elif expr.has_key('type'):
add_struct(expr)
-exprs.append(expr)
-return exprs
+return schema.exprs
I don't really know python. Does it mean that previously,
this function returned a copy of schema.exprs, but now it
returns schema.exprs itself, so a caller can modify it?
Thanks,
/mjt
Re: [Qemu-devel] [Qemu-trivial] [PATCH] ide: cmd_exec_dev_diagnostic() always set error register to 0x01
15.01.2014 20:15, Michael Tokarev wrote: 25.12.2013 18:17, David du Colombier wrote: This notably fix IDE CD probing on the Plan 9 operating system, which rely on the error register set by the Execute Device Diagnostic command to detect drive configurations. While this is a one-liner, I'm not sure it is trivial enough, just because it is not at all obvious we shuold clear error here and not somewhere else. I mean, shouldn't s-error be cleared somewhere when next request is queued, or something like that? That's basically why I haven't applied this initially. CC'ing qemu-devel. I've applied this to qemu-trivial 3 weeks ago, and now this change has been applied to the master branch, -- still without any additional comments, which is somewhat troubling me, but here we go. Thanks, /mjt
Re: [Qemu-devel] [Qemu-trivial] [PATCH v2 0/6] configure: make output and errors more friendly
24.01.2014 05:39, Stewart Smith wrote: This expands on my previous patch which was just the configure: helpfully output package names for some missing dependencies patch. Based on feedback I've added a hint to the could not find DTC error message. There's also other changes that were suggested and the ordering of output from configure and configure --help which I found rather useful when attempting to find what package was needed for each configure option. Stewart Smith (6): 1 configure: add hint of libfdt to DTC dependency not found message 2 configure: sort output of configure results alphabetically 3 configure: alphabetize output of --help and separate into groups 4 configure: add help for --disable-xfsctl and --enable-xfsctl 5 configure: add hints to a remedy for feature_not_found errors 6 configure: helpfully output package names for some missing dependencies. I think I'd happily take 1, 2, 5 and 6, but 3 and 4 really needs to be redone, mentioning every option just once, not twice as it is done now. After that's done, it might be not necessary anymore for 3 at all. Or I can wait for a resend of whole series. Or alternatively I can try to rework it myself, but for now I'm quite busy so can't promise anything. Please note that major tweaks in ./configure will most likely conflict with modules support series which has been posted for revew again. What should I do? Thanks, /mjt
Re: [Qemu-devel] [Qemu-trivial] [PATCH] tests/.gitignore: Ignoretests/check-qom-interfacee
27.01.2014 15:20, Alex Bennée wrote: f...@redhat.com writes: Signed-off-by: Fam Zheng f...@redhat.com --- tests/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/.gitignore b/tests/.gitignore index 1aed224..9ba9d96 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -4,6 +4,7 @@ check-qint check-qjson check-qlist check-qstring +check-qom-interface test-aio test-bitops test-throttle I've applied this change for now to trivial-patches queue. Are these generated test files? I've been looking at the tcg-tests and while architecture ones won't clash there are a bunch of generic linux tests that should probably be built one per target architecture. Should we just be building all test files in the per-target build directories like we do with qemu itself? Or allow running whole testsuite in a separate directory. This makes sense, but it is a much larger change, so for now let's pick smaller changes which lets to build stuff cleanly. Thanks, /mjt Cheers, -- Alex Bennée QEMU/KVM Hacker for Linaro
Re: [Qemu-devel] osx bootloader
Am 01.02.2014 um 01:38 schrieb BALATON Zoltan bala...@eik.bme.hu: On Wed, 29 Jan 2014, Gabriel L. Somlo wrote: I managed to boot OVMF following their wiki; It seems to work with kvm enabled, but not with -M q35. My current command line is: I've tried with the version compiled from the edk2 HEAD and that also fails with -M q35. I've managed to get some debug output via the options described in OVMF's readme file and the error is around where initialising the graphics card. With q35 it stops with: ASSERT .../edk2/MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c(163): (Port 3) == 0 This function is IoRead32 and it says the port must be 32-bit aligned. I've tried to find what port it tries to access but qemu -d ioport option generates no output for me. Any hints on how to use this debug option of qemu? The assert happens inside the guest, so I'm afraid you'll have to add debugging output to edk2. Just print out the port number if port 3 in the code path above. Alex Regards, BALATON Zoltan
[Qemu-devel] Native MinGW build crashes when partitioning hard disk in guest
(I am reposting this as my first post seems to have fallen through the cracks.) I am building the official Qemu 1.7.0 release from source natively under MinGW for myself. I execute the i386 target. Qemu starts fine, but it crashes when I try to partition a 2G hard disk under an MS-DOS 6.22 guest. Details of the build and reproducing the crash are below. The problem also occurs for me with the 1.6.2 release. The problem does not occur with these binaries from other people: Eric Lassauge's Qemu-1.6.0-windows.zip Prashant Satish's qemu-1.6.0-win32-sdl.tar.lzma Stefan Weil's qemu-w32-setup-20131128, qemu-w32-setup-20140118.exe The problem does not occur when I add the --enable-debug flag to configure! Whatever optimisation is removed as a result seems to avoid the crash. How can I troubleshoot what the problem is? What should I change about my build to solve the problem? Host: Windows 7 64-bit Build environment: (32-bit) MinGW fresh install including: mingw32-gettext bin 0.18.3.1-1 mingw32-gettext dev 0.18.3.1-1 mingw32-gettext dll 0.18.3.1-1 mingw32-libintl dll 0.18.3.1-1 mingw32-libz dev 1.2.8-1 mingw32-libz dll 1.2.8-1 MSYS shell fresh install Glib libraries and dependencies: glib_2.34.3-1_win32 glib-dev_2.34.3-1_win32 pkg-config_0.28-1_win32 pkg-config-dev_0.28-1_win32 SDL-devel-1.2.15-mingw32 Qemu 1.7.0 source is in /mingw/build/qemu-1.7.0 Build process: (out-of-tree build) using MSYS shell, in /mingw/build/qemu-1.7.0-obj directory: ../qemu-1.7.0/configure --python=C:/Python27/python --prefix=/mingw/build/qemu-1.7.0-bin --target-list=i386-softmmu --disable-coroutine-pool make make install To reproduce crash: have a 1.44 floppy image of MS-DOS 6.22 boot disk place the disk image with name dos.img in /mingw/build/qemu-test directory using MSYS shell, in /mingw/build/qemu-test directory: ../qemu-1.7.0-bin/qemu-img create -f qcow2 test.img 2G ../qemu-1.7.0-bin/qemu-system-i386 -fda dos.img -hda test.img -boot a once DOS boots up, type fdisk and try to create a single partition using all available space Qemu crashes Regards, Legorol
Re: [Qemu-devel] [PATCH v2] qmp: expose list of supported character device backends
On Fri, Jan 31, 2014 at 10:20:42AM -0700, Eric Blake wrote:
On 01/31/2014 09:49 AM, Martin Kletzander wrote:
Introduce 'query-chardev-backends' QMP command which lists all
supported character device backends.
Signed-off-by: Martin Kletzander mklet...@redhat.com
---
v2:
- Version changed from 1.8.0 to 2.0
qapi-schema.json | 22 ++
qemu-char.c | 19 +++
qmp-commands.hx | 41 +
3 files changed, 82 insertions(+)
+
+- { execute: query-chardev-backends }
+- {
+ return:[
+ {
+name:udp,
+ },
Sorry for not noticing earlier, but this is not valid JSON. Lose the
trailing comma after each name:value, since the last element in a
JSON struct is not permitted to have a comma.
At first, I had it as a list of strings, maybe that's why I left it
there by mistake, hopefully v3 will be OK.
Thanks for the review,
Martin
+ {
+name:tcp,
+ },
+ {
+name:unix,
+ },
+ {
+name:spiceport,
+ }
With that change to all four spots,
Reviewed-by: Eric Blake ebl...@redhat.com
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: Digital signature
Re: [Qemu-devel] Native MinGW build crashes when partitioning hard disk in guest
Am 01.02.2014 11:47, schrieb Legorol: (I am reposting this as my first post seems to have fallen through the cracks.) I am building the official Qemu 1.7.0 release from source natively under MinGW for myself. I execute the i386 target. Qemu starts fine, but it crashes when I try to partition a 2G hard disk under an MS-DOS 6.22 guest. Details of the build and reproducing the crash are below. The problem also occurs for me with the 1.6.2 release. The problem does not occur with these binaries from other people: Eric Lassauge's Qemu-1.6.0-windows.zip Prashant Satish's qemu-1.6.0-win32-sdl.tar.lzma Stefan Weil's qemu-w32-setup-20131128, qemu-w32-setup-20140118.exe The problem does not occur when I add the --enable-debug flag to configure! Whatever optimisation is removed as a result seems to avoid the crash. How can I troubleshoot what the problem is? What should I change about my build to solve the problem? Hi, I assume that this is caused by a known problem with coroutines (which are used by QEMU's block operations) for Windows. Any file operation can cause that crash. See this discussion for details: http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg04197.html The problem is caused by buggy code produced by the MinGW compilers when optimisation is enabled. There exist several workarounds which fix the problem: * disable optimisation for coroutine-win32.c (that's what --enable-debug does) * disable the coroutine pool * modify the code of function qemu_coroutine_switch in coroutine-win32.c (that's what I use for my binaries) Try this patch: http://repo.or.cz/w/qemu/ar7.git/commitdiff/c777d5d62a729fd8b19847aaa0aad3d7a1f73f47 Regards Stefan
[Qemu-devel] [PATCH v3] qmp: expose list of supported character device backends
Introduce 'query-chardev-backends' QMP command which lists all
supported character device backends.
Signed-off-by: Martin Kletzander mklet...@redhat.com
---
v3:
- Omit commas at the end of list in JSON
v2:
- Version changed from 1.8.0 to 2.0
qapi-schema.json | 22 ++
qemu-char.c | 19 +++
qmp-commands.hx | 41 +
3 files changed, 82 insertions(+)
diff --git a/qapi-schema.json b/qapi-schema.json
index 05ced9d..ebd278a 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -437,6 +437,28 @@
{ 'command': 'query-chardev', 'returns': ['ChardevInfo'] }
##
+# @ChardevBackendInfo:
+#
+# Information about a character device backend
+#
+# @name: The backend name
+#
+# Since: 2.0
+##
+{ 'type': 'ChardevBackendInfo', 'data': {'name': 'str'} }
+
+##
+# @query-chardev-backends:
+#
+# Returns information about character device backends.
+#
+# Returns: a list of @ChardevBackendInfo
+#
+# Since: 2.0
+##
+{ 'command': 'query-chardev-backends', 'returns': ['ChardevBackendInfo'] }
+
+##
# @DataFormat:
#
# An enumeration of data format.
diff --git a/qemu-char.c b/qemu-char.c
index 30c5a6a..c88f1c4 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -3432,6 +3432,25 @@ ChardevInfoList *qmp_query_chardev(Error **errp)
return chr_list;
}
+ChardevBackendInfoList *qmp_query_chardev_backends(Error **errp)
+{
+ChardevBackendInfoList *backend_list = NULL;
+CharDriver *c = NULL;
+GSList *i = NULL;
+
+for (i = backends; i; i = i-next) {
+ChardevBackendInfoList *info = g_malloc0(sizeof(*info));
+c = i-data;
+info-value = g_malloc0(sizeof(*info-value));
+info-value-name = g_strdup(c-name);
+
+info-next = backend_list;
+backend_list = info;
+}
+
+return backend_list;
+}
+
CharDriverState *qemu_chr_find(const char *name)
{
CharDriverState *chr;
diff --git a/qmp-commands.hx b/qmp-commands.hx
index cce6b81..8a0e832 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -1924,6 +1924,47 @@ EQMP
},
SQMP
+query-chardev-backends
+-
+
+List available character device backends.
+
+Each backend is represented by a json-object, the returned value is a
json-array
+of all backends.
+
+Each json-object contains:
+
+- name: backend name (json-string)
+
+Example:
+
+- { execute: query-chardev-backends }
+- {
+ return:[
+ {
+name:udp
+ },
+ {
+name:tcp
+ },
+ {
+name:unix
+ },
+ {
+name:spiceport
+ }
+ ]
+ }
+
+EQMP
+
+{
+.name = query-chardev-backends,
+.args_type = ,
+.mhandler.cmd_new = qmp_marshal_input_query_chardev_backends,
+},
+
+SQMP
query-block
---
--
1.8.5.3
Re: [Qemu-devel] [PATCH] linux-user: Fix trampoline code for CRIS
On 1 February 2014 08:41, Stefan Weil s...@weilnetz.de wrote: __put_user can write bytes, words (2 bytes) or longwords (4 bytes). Here obviously words should have been written, but bytes were written, so values like 0x9c5f were truncated to 0x5f. Fix this by changing retcode from uint8_t to to uint16_t in target_signal_frame and also in the unused rt_signal_frame. I believe this will do the right thing. The other possible approach would be to do what the kernel does here (and what some of the QEMU code for other targets does, eg x86) and put in the cast: http://lxr.free-electrons.com/source/arch/cris/arch-v10/kernel/signal.c#L261 261 /* This is movu.w __NR_sigreturn, r9; break 13; */ 262 err |= __put_user(0x9c5f, (short __user*)(frame-retcode+0)); 263 err |= __put_user(__NR_sigreturn, (short __user*)(frame-retcode+2)); 264 err |= __put_user(0xe93d, (short __user*)(frame-retcode+4)); (obviously we'd want (uint16_t *)). Since CRIS looks (from a scan through its translate.c) like a variable-width instruction set (in the sense that insns can have immediate operands which might be 1/2/4 bytes long) I think there's an argument here for following the kernel and keeping retcode[] a byte array, for the implausible case where we want to change the trampoline sequence to include an insn with a 1 byte immediate value or something. Either way I believe the endianness handling should be correct since __put_user does host-to-target swapping for us. It might be possible to test this by extracting some of the userspace binaries from the cris system emulation test image on the QEMU wiki (or it might not). thanks -- PMM
Re: [Qemu-devel] [PATCH v3 01/19] bsd-user: refresh freebsd system call numbers
On 27 January 2014 14:30, Peter Maydell peter.mayd...@linaro.org wrote: though this patch would look much nicer if you hadn't changed every single line in the file including the ones for syscalls we already had the #defines for. The new version of this file was generated from the canonical FreeBSD syscall numbering, using the same script that's in the FreeBSD tree (makesyscalls.sh). Future updates shouldn't encounter this again. -Ed
[Qemu-devel] [Bug 601946] Re: [Feature request] qemu-img multi-threaded compressed image conversion
I'd like to note, that I use qemu-img to backup snapshots of images. This works fine, it's just so slow. Of my 24 cores only 1 is used to compress the image. It could be so much faster. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/601946 Title: [Feature request] qemu-img multi-threaded compressed image conversion Status in QEMU: New Bug description: Feature request: qemu-img multi-threaded compressed image conversion Suppose I want to convert raw image to compressed qcow2. Multi- threaded conversion will be much faster, because bottleneck is compressing data. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/601946/+subscriptions
Re: [Qemu-devel] [PATCH 1/4] qemu-io: New option -a to aio_read and aio_write
On Wed, 01/29 16:58, Paolo Bonzini wrote:
Il 29/01/2014 09:40, Fam Zheng ha scritto:
This option will enable accounting of aio requests.
Signed-off-by: Fam Zheng f...@redhat.com
---
qemu-io-cmds.c | 35 +++
1 file changed, 31 insertions(+), 4 deletions(-)
diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index f1de24c..d6e20e6 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -1346,6 +1346,7 @@ out:
}
struct aio_ctx {
+BlockDriverState *bs;
QEMUIOVector qiov;
int64_t offset;
char *buf;
@@ -1353,6 +1354,8 @@ struct aio_ctx {
int vflag;
int Cflag;
int Pflag;
+int aflag;
+BlockAcctCookie acct;
int pattern;
struct timeval t1;
};
@@ -1370,6 +1373,10 @@ static void aio_write_done(void *opaque, int ret)
goto out;
}
+if (ctx-aflag) {
+bdrv_acct_done(ctx-bs, ctx-acct);
+}
+
if (ctx-qflag) {
goto out;
}
@@ -1407,6 +1414,10 @@ static void aio_read_done(void *opaque, int ret)
g_free(cmp_buf);
}
+if (ctx-aflag) {
+bdrv_acct_done(ctx-bs, ctx-acct);
+}
+
if (ctx-qflag) {
goto out;
}
@@ -1442,6 +1453,7 @@ static void aio_read_help(void)
-P, -- use a pattern to verify read data\n
-v, -- dump buffer to standard output\n
-q, -- quiet mode, do not show I/O statistics\n
+ -a, -- account IO\n
\n);
}
@@ -1452,7 +1464,7 @@ static const cmdinfo_t aio_read_cmd = {
.cfunc = aio_read_f,
.argmin = 2,
.argmax = -1,
-.args = [-Cqv] [-P pattern ] off len [len..],
+.args = [-Cqva] [-P pattern ] off len [len..],
.oneline= asynchronously reads a number of bytes,
.help = aio_read_help,
};
@@ -1462,7 +1474,8 @@ static int aio_read_f(BlockDriverState *bs, int argc,
char **argv)
int nr_iov, c;
struct aio_ctx *ctx = g_new0(struct aio_ctx, 1);
-while ((c = getopt(argc, argv, CP:qv)) != EOF) {
+ctx-bs = bs;
+while ((c = getopt(argc, argv, CP:qva)) != EOF) {
switch (c) {
case 'C':
ctx-Cflag = 1;
@@ -1481,6 +1494,9 @@ static int aio_read_f(BlockDriverState *bs, int argc,
char **argv)
case 'v':
ctx-vflag = 1;
break;
+case 'a':
+ctx-aflag = 1;
+break;
default:
g_free(ctx);
return qemuio_command_usage(aio_read_cmd);
@@ -1515,6 +1531,9 @@ static int aio_read_f(BlockDriverState *bs, int argc,
char **argv)
}
gettimeofday(ctx-t1, NULL);
+if (ctx-aflag) {
+bdrv_acct_start(bs, ctx-acct, ctx-qiov.size, BDRV_ACCT_READ);
+}
bdrv_aio_readv(bs, ctx-offset 9, ctx-qiov,
ctx-qiov.size 9, aio_read_done, ctx);
return 0;
@@ -1537,6 +1556,7 @@ static void aio_write_help(void)
-P, -- use different pattern to fill file\n
-C, -- report statistics in a machine parsable format\n
-q, -- quiet mode, do not show I/O statistics\n
+ -a, -- account IO\n
\n);
}
@@ -1547,7 +1567,7 @@ static const cmdinfo_t aio_write_cmd = {
.cfunc = aio_write_f,
.argmin = 2,
.argmax = -1,
-.args = [-Cq] [-P pattern ] off len [len..],
+.args = [-Cqa] [-P pattern ] off len [len..],
.oneline= asynchronously writes a number of bytes,
.help = aio_write_help,
};
@@ -1558,7 +1578,8 @@ static int aio_write_f(BlockDriverState *bs, int argc,
char **argv)
int pattern = 0xcd;
struct aio_ctx *ctx = g_new0(struct aio_ctx, 1);
-while ((c = getopt(argc, argv, CqP:)) != EOF) {
+ctx-bs = bs;
+while ((c = getopt(argc, argv, CqP:a)) != EOF) {
switch (c) {
case 'C':
ctx-Cflag = 1;
@@ -1573,6 +1594,9 @@ static int aio_write_f(BlockDriverState *bs, int argc,
char **argv)
return 0;
}
break;
+case 'a':
+ctx-aflag = 1;
+break;
default:
g_free(ctx);
return qemuio_command_usage(aio_write_cmd);
@@ -1607,6 +1631,9 @@ static int aio_write_f(BlockDriverState *bs, int argc,
char **argv)
}
gettimeofday(ctx-t1, NULL);
+if (ctx-aflag) {
+bdrv_acct_start(bs, ctx-acct, ctx-qiov.size, BDRV_ACCT_WRITE);
+}
bdrv_aio_writev(bs, ctx-offset 9, ctx-qiov,
ctx-qiov.size 9, aio_write_done, ctx);
return 0;
Why can't it be enabled unconditionally?
So the default behavior is unchanged.
Fam
Re: [Qemu-devel] OVMF with q35 (was: osx bootloader)
On Sat, 1 Feb 2014, Alexander Graf wrote: The assert happens inside the guest, so I'm afraid you'll have to add debugging output to edk2. Just print out the port number if port 3 in the code path above. I've come this same conclusion too after I managed to enable qemu iport debugging but it wasn't helpful. I've added logging to edk2 but I still don't know what's going on. This is what I got: Without -M q35 where it works: (qemu) info pci Bus 0, device 0, function 0: Host bridge: PCI device 8086:1237 id Bus 0, device 1, function 0: ISA bridge: PCI device 8086:7000 id Bus 0, device 1, function 1: IDE controller: PCI device 8086:7010 BAR4: I/O at 0x [0x000e]. id Bus 0, device 1, function 3: Bridge: PCI device 8086:7113 IRQ 0. id Bus 0, device 2, function 0: VGA controller: PCI device 1013:00b8 BAR0: 32 bit prefetchable memory at 0x [0x01fe]. BAR1: 32 bit memory at 0x [0x0ffe]. BAR6: 32 bit memory at 0x [0xfffe]. id Bus 0, device 3, function 0: Ethernet controller: PCI device 8086:100e IRQ 0. BAR0: 32 bit memory at 0x [0x0001fffe]. BAR1: I/O at 0x [0x003e]. BAR6: 32 bit memory at 0x [0x0003fffe]. id PciBus: Resource Map for Root Bridge PciRoot(0x0) Type = Io16; Base = 0xC000; Length = 0x1000;Alignment = 0xFFF Base = 0xC000; Length = 0x40; Alignment = 0x3F; Owner = PCI [00|03|00:14] Base = 0xC040; Length = 0x10; Alignment = 0xF;Owner = PCI [00|01|01:20] Type = Mem32; Base = 0x8000; Length = 0x210; Alignment = 0x1FF Base = 0x8000; Length = 0x200; Alignment = 0x1FF; Owner = PCI [00|02|00:10] Base = 0x8200; Length = 0x2; Alignment = 0x1;Owner = PCI [00|03|00:10] Base = 0x8202; Length = 0x1000;Alignment = 0xFFF; Owner = PCI [00|02|00:14] [...] IoWrite32 CF8 8820 IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8824 IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8828 IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 882C IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8830 IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8834 IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8838 IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 883C IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8804 IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8804 IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8B40 IoRead32 CFC IoWrite32 CF8 IoRead32 B008 IoRead32 CF8 IoWrite32 CF8 8B40 IoRead32 CFC IoWrite32 CF8 IoRead32 B008 and so on repeating. With -M q35 where it stops at the assertion: (qemu) info pci Bus 0, device 0, function 0: Host bridge: PCI device 8086:29c0 id Bus 0, device 1, function 0: VGA controller: PCI device 1013:00b8 BAR0: 32 bit prefetchable memory at 0x [0x01fe]. BAR1: 32 bit memory at 0x [0x0ffe]. BAR6: 32 bit memory at 0x [0xfffe]. id Bus 0, device 2, function 0: Ethernet controller: PCI device 8086:100e IRQ 0. BAR0: 32 bit memory at 0x [0x0001fffe]. BAR1: I/O at 0x [0x003e]. BAR6: 32 bit memory at 0x [0x0003fffe]. id Bus 0, device 31, function 0: ISA bridge: PCI device 8086:2918 id Bus 0, device 31, function 2: SATA controller: PCI device 8086:2922 IRQ 0. BAR4: I/O at 0x [0x001e]. BAR5: 32 bit memory at 0x [0x0ffe]. id Bus 0, device 31, function 3: SMBus: PCI device 8086:2930 IRQ 0. BAR4: I/O at 0x [0x003e]. id PciBus: Resource Map for Root Bridge PciRoot(0x0) Type = Io16; Base = 0xC000; Length = 0x1000;Alignment = 0xFFF Base = 0xC000; Length = 0x40; Alignment = 0x3F; Owner = PCI [00|1F|03:20] Base = 0xC040; Length = 0x40; Alignment = 0x3F; Owner = PCI [00|02|00:14] Base = 0xC080; Length = 0x20; Alignment = 0x1F; Owner = PCI [00|1F|02:20] Type = Mem32; Base = 0x8000; Length = 0x210; Alignment = 0x1FF Base = 0x8000; Length = 0x200; Alignment = 0x1FF; Owner = PCI [00|01|00:10] Base = 0x8200; Length = 0x2; Alignment = 0x1;Owner = PCI [00|02|00:10] Base = 0x8202; Length = 0x1000;Alignment = 0xFFF; Owner = PCI [00|1F|02:24] Base = 0x82021000; Length = 0x1000;Alignment = 0xFFF; Owner = PCI [00|01|00:14] [...] IoWrite32 CF8 80001020 IoRead32 CFC
[Qemu-devel] [PATCH v7 0/2] target-ppc: CPU device tree id
This is some cleanup. Please, comment. Thanks! Changes: v7: * cleaned up a bit of QOM use v6: * removed kvmppc_fixup_cpu() v5: * cleanup * removed cpustate::kvm_cpu_id * split into 2 patches - new PPC API and the usage of the API Alexey Kardashevskiy (2): target-ppc: add PowerPCCPU::cpu_dt_id target-ppc: spapr: e500: fix to use cpu_dt_id hw/intc/openpic_kvm.c | 2 +- hw/intc/xics.c | 15 +-- hw/intc/xics_kvm.c | 10 +- hw/ppc/e500.c | 7 +-- hw/ppc/ppc.c| 22 ++ hw/ppc/spapr.c | 9 + hw/ppc/spapr_hcall.c| 6 +++--- hw/ppc/spapr_rtas.c | 14 +++--- target-ppc/cpu-qom.h| 2 ++ target-ppc/cpu.h| 18 ++ target-ppc/kvm.c| 15 +-- target-ppc/kvm_ppc.h| 6 -- target-ppc/translate_init.c | 11 +-- 13 files changed, 87 insertions(+), 50 deletions(-) -- 1.8.4.rc4
[Qemu-devel] [PATCH v7 1/2] target-ppc: add PowerPCCPU::cpu_dt_id
Normally CPUState::cpu_index is used to pick the right CPU for various
operations. However default consecutive numbering does not always work
for POWERPC.
These indexes are reflected in /proc/device-tree/cpus/PowerPC,POWER7@XX
and used to call KVM VCPU's ioctls. In order to achieve this,
kvmppc_fixup_cpu() was introduced. Roughly speaking, it multiplies
cpu_index by the number of threads per core.
This approach has disadvantages such as:
1. NUMA configuration stays broken after the fixup;
2. CPU-targeted commands from the QEMU Monitor do not work properly as
CPU indexes have been fixed and there is no clear way for the user to
know what the new CPU indexes are.
This introduces a @cpu_dt_id field in the CPUPPCState struct which
is initialized from @cpu_index by default and can be fixed later
to meet the device tree requirements.
This adds an API to handle @cpu_dt_id.
This removes kvmppc_fixup_cpu() as it is not more needed, @cpu_dt_id
is calculated in ppc_cpu_realize().
This will be used later in machine code.
Signed-off-by: Alexey Kardashevskiy a...@ozlabs.ru
---
Changes:
v6: inlined kvmppc_fixup_cpu()
---
hw/ppc/ppc.c| 22 ++
target-ppc/cpu-qom.h| 2 ++
target-ppc/cpu.h| 18 ++
target-ppc/kvm.c| 13 -
target-ppc/kvm_ppc.h| 6 --
target-ppc/translate_init.c | 10 --
6 files changed, 46 insertions(+), 25 deletions(-)
diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
index 114be64..0e82719 100644
--- a/hw/ppc/ppc.c
+++ b/hw/ppc/ppc.c
@@ -26,6 +26,7 @@
#include hw/ppc/ppc_e500.h
#include qemu/timer.h
#include sysemu/sysemu.h
+#include sysemu/cpus.h
#include hw/timer/m48t59.h
#include qemu/log.h
#include hw/loader.h
@@ -1362,3 +1363,24 @@ int PPC_NVRAM_set_params (nvram_t *nvram, uint16_t
NVRAM_size,
return 0;
}
+
+/* CPU device-tree ID helpers */
+int ppc_get_vcpu_dt_id(PowerPCCPU *cpu)
+{
+return cpu-cpu_dt_id;
+}
+
+PowerPCCPU *ppc_get_vcpu_by_dt_id(int cpu_dt_id)
+{
+CPUState *cs;
+
+CPU_FOREACH(cs) {
+PowerPCCPU *cpu = POWERPC_CPU(cs);
+
+if (cpu-cpu_dt_id == cpu_dt_id) {
+return cpu;
+}
+}
+
+return NULL;
+}
diff --git a/target-ppc/cpu-qom.h b/target-ppc/cpu-qom.h
index 72b2232..b17c024 100644
--- a/target-ppc/cpu-qom.h
+++ b/target-ppc/cpu-qom.h
@@ -79,6 +79,7 @@ typedef struct PowerPCCPUClass {
/**
* PowerPCCPU:
* @env: #CPUPPCState
+ * @cpu_dt_id: CPU index used in the device tree. KVM uses this index too
*
* A PowerPC CPU.
*/
@@ -88,6 +89,7 @@ typedef struct PowerPCCPU {
/* public */
CPUPPCState env;
+int cpu_dt_id;
} PowerPCCPU;
static inline PowerPCCPU *ppc_env_get_cpu(CPUPPCState *env)
diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index 51bcd4a..d8577ae 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -2154,4 +2154,22 @@ static inline bool cpu_has_work(CPUState *cpu)
void dump_mmu(FILE *f, fprintf_function cpu_fprintf, CPUPPCState *env);
+/**
+ * ppc_get_vcpu_dt_id:
+ * @cs: a PowerPCCPU struct.
+ *
+ * Returns a device-tree ID for a CPU.
+ */
+int ppc_get_vcpu_dt_id(PowerPCCPU *cpu);
+
+/**
+ * ppc_get_vcpu_by_dt_id:
+ * @cpu_dt_id: a device tree id
+ *
+ * Searches for a CPU by @cpu_dt_id.
+ *
+ * Returns: a PowerPCCPU struct
+ */
+PowerPCCPU *ppc_get_vcpu_by_dt_id(int cpu_dt_id);
+
#endif /* !defined (__CPU_PPC_H__) */
diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index 781b72f..8bcc5fb 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -1766,19 +1766,6 @@ static void kvmppc_host_cpu_class_init(ObjectClass *oc,
void *data)
}
}
-int kvmppc_fixup_cpu(PowerPCCPU *cpu)
-{
-CPUState *cs = CPU(cpu);
-int smt;
-
-/* Adjust cpu index for SMT */
-smt = kvmppc_smt_threads();
-cs-cpu_index = (cs-cpu_index / smp_threads) * smt
-+ (cs-cpu_index % smp_threads);
-
-return 0;
-}
-
bool kvmppc_has_cap_epr(void)
{
return cap_epr;
diff --git a/target-ppc/kvm_ppc.h b/target-ppc/kvm_ppc.h
index 5f78e4b..f3afcdb 100644
--- a/target-ppc/kvm_ppc.h
+++ b/target-ppc/kvm_ppc.h
@@ -36,7 +36,6 @@ int kvmppc_remove_spapr_tce(void *table, int pfd, uint32_t
window_size);
int kvmppc_reset_htab(int shift_hint);
uint64_t kvmppc_rma_size(uint64_t current_size, unsigned int hash_shift);
#endif /* !CONFIG_USER_ONLY */
-int kvmppc_fixup_cpu(PowerPCCPU *cpu);
bool kvmppc_has_cap_epr(void);
int kvmppc_define_rtas_kernel_token(uint32_t token, const char *function);
int kvmppc_get_htab_fd(bool write);
@@ -155,11 +154,6 @@ static inline int kvmppc_update_sdr1(CPUPPCState *env)
#endif /* !CONFIG_USER_ONLY */
-static inline int kvmppc_fixup_cpu(PowerPCCPU *cpu)
-{
-return -1;
-}
-
static inline bool kvmppc_has_cap_epr(void)
{
return false;
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index 35470d4..6de7126 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -7808,14 +7808,12 @@
[Qemu-devel] [PATCH v7 2/2] target-ppc: spapr: e500: fix to use cpu_dt_id
This makes use of @cpu_dt_id and related API in:
1. emulated XICS hypercall handlers as they receive fixed CPU indexes;
2. XICS-KVM to enable in-kernel XICS on right CPU;
3. device-tree renderer.
This removes @cpu_index fixup as @cpu_dt_id is used instead so QEMU monitor
can accept command-line CPU indexes again.
This changes kvm_arch_vcpu_id() to use ppc_get_vcpu_dt_id() as at the moment
KVM CPU id and device tree ID are calculated using the same algorithm.
Signed-off-by: Alexey Kardashevskiy a...@ozlabs.ru
---
Changes:
v7:
* replaced referencing to PowerPCCPU::parent_obj with the CPU macro
---
hw/intc/openpic_kvm.c | 2 +-
hw/intc/xics.c | 15 +--
hw/intc/xics_kvm.c | 10 +-
hw/ppc/e500.c | 7 +--
hw/ppc/spapr.c | 9 +
hw/ppc/spapr_hcall.c| 6 +++---
hw/ppc/spapr_rtas.c | 14 +++---
target-ppc/kvm.c| 2 +-
target-ppc/translate_init.c | 1 +
9 files changed, 41 insertions(+), 25 deletions(-)
diff --git a/hw/intc/openpic_kvm.c b/hw/intc/openpic_kvm.c
index c7f7b84..87fdb12 100644
--- a/hw/intc/openpic_kvm.c
+++ b/hw/intc/openpic_kvm.c
@@ -228,7 +228,7 @@ int kvm_openpic_connect_vcpu(DeviceState *d, CPUState *cs)
encap.cap = KVM_CAP_IRQ_MPIC;
encap.args[0] = opp-fd;
-encap.args[1] = cs-cpu_index;
+encap.args[1] = kvm_arch_vcpu_id(cs);
return kvm_vcpu_ioctl(cs, KVM_ENABLE_CAP, encap);
}
diff --git a/hw/intc/xics.c b/hw/intc/xics.c
index b437563..64aabe7 100644
--- a/hw/intc/xics.c
+++ b/hw/intc/xics.c
@@ -33,6 +33,17 @@
#include qemu/error-report.h
#include qapi/visitor.h
+static int get_cpu_index_by_dt_id(int cpu_dt_id)
+{
+PowerPCCPU *cpu = ppc_get_vcpu_by_dt_id(cpu_dt_id);
+
+if (cpu) {
+return cpu-parent_obj.cpu_index;
+}
+
+return -1;
+}
+
void xics_cpu_setup(XICSState *icp, PowerPCCPU *cpu)
{
CPUState *cs = CPU(cpu);
@@ -659,7 +670,7 @@ static target_ulong h_cppr(PowerPCCPU *cpu,
sPAPREnvironment *spapr,
static target_ulong h_ipi(PowerPCCPU *cpu, sPAPREnvironment *spapr,
target_ulong opcode, target_ulong *args)
{
-target_ulong server = args[0];
+target_ulong server = get_cpu_index_by_dt_id(args[0]);
target_ulong mfrr = args[1];
if (server = spapr-icp-nr_servers) {
@@ -728,7 +739,7 @@ static void rtas_set_xive(PowerPCCPU *cpu, sPAPREnvironment
*spapr,
}
nr = rtas_ld(args, 0);
-server = rtas_ld(args, 1);
+server = get_cpu_index_by_dt_id(rtas_ld(args, 1));
priority = rtas_ld(args, 2);
if (!ics_valid_irq(ics, nr) || (server = ics-icp-nr_servers)
diff --git a/hw/intc/xics_kvm.c b/hw/intc/xics_kvm.c
index c203646..a5bbc24 100644
--- a/hw/intc/xics_kvm.c
+++ b/hw/intc/xics_kvm.c
@@ -65,7 +65,7 @@ static void icp_get_kvm_state(ICPState *ss)
ret = kvm_vcpu_ioctl(ss-cs, KVM_GET_ONE_REG, reg);
if (ret != 0) {
error_report(Unable to retrieve KVM interrupt controller state
- for CPU %d: %s, ss-cs-cpu_index, strerror(errno));
+ for CPU %ld: %s, kvm_arch_vcpu_id(ss-cs), strerror(errno));
exit(1);
}
@@ -97,7 +97,7 @@ static int icp_set_kvm_state(ICPState *ss, int version_id)
ret = kvm_vcpu_ioctl(ss-cs, KVM_SET_ONE_REG, reg);
if (ret != 0) {
error_report(Unable to restore KVM interrupt controller state (0x%
-PRIx64 ) for CPU %d: %s, state, ss-cs-cpu_index,
+PRIx64 ) for CPU %ld: %s, state, kvm_arch_vcpu_id(ss-cs),
strerror(errno));
return ret;
}
@@ -325,15 +325,15 @@ static void xics_kvm_cpu_setup(XICSState *icp, PowerPCCPU
*cpu)
struct kvm_enable_cap xics_enable_cap = {
.cap = KVM_CAP_IRQ_XICS,
.flags = 0,
-.args = {icpkvm-kernel_xics_fd, cs-cpu_index, 0, 0},
+.args = {icpkvm-kernel_xics_fd, kvm_arch_vcpu_id(cs), 0, 0},
};
ss-cs = cs;
ret = kvm_vcpu_ioctl(ss-cs, KVM_ENABLE_CAP, xics_enable_cap);
if (ret 0) {
-error_report(Unable to connect CPU%d to kernel XICS: %s,
-cs-cpu_index, strerror(errno));
+error_report(Unable to connect CPU%ld to kernel XICS: %s,
+kvm_arch_vcpu_id(cs), strerror(errno));
exit(1);
}
}
diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index b37ce9d..8a08752 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -238,6 +238,7 @@ static int ppce500_load_device_tree(QEMUMachineInitArgs
*args,
the first node as boot node and be happy */
for (i = smp_cpus - 1; i = 0; i--) {
CPUState *cpu;
+PowerPCCPU *pcpu;
char cpu_name[128];
uint64_t cpu_release_addr = MPC8544_SPIN_BASE + (i * 0x20);
@@ -246,14 +247,16 @@ static int ppce500_load_device_tree(QEMUMachineInitArgs
*args,
continue;
}
env = cpu-env_ptr;
+pcpu =
Re: [Qemu-devel] OVMF with q35 (was: osx bootloader)
Am 01.02.2014 um 15:35 schrieb BALATON Zoltan bala...@eik.bme.hu: On Sat, 1 Feb 2014, Alexander Graf wrote: The assert happens inside the guest, so I'm afraid you'll have to add debugging output to edk2. Just print out the port number if port 3 in the code path above. I've come this same conclusion too after I managed to enable qemu iport debugging but it wasn't helpful. I've added logging to edk2 but I still don't know what's going on. This is what I got: Without -M q35 where it works: (qemu) info pci Bus 0, device 0, function 0: Host bridge: PCI device 8086:1237 id Bus 0, device 1, function 0: ISA bridge: PCI device 8086:7000 id Bus 0, device 1, function 1: IDE controller: PCI device 8086:7010 BAR4: I/O at 0x [0x000e]. id Bus 0, device 1, function 3: Bridge: PCI device 8086:7113 IRQ 0. id Bus 0, device 2, function 0: VGA controller: PCI device 1013:00b8 BAR0: 32 bit prefetchable memory at 0x [0x01fe]. BAR1: 32 bit memory at 0x [0x0ffe]. BAR6: 32 bit memory at 0x [0xfffe]. id Bus 0, device 3, function 0: Ethernet controller: PCI device 8086:100e IRQ 0. BAR0: 32 bit memory at 0x [0x0001fffe]. BAR1: I/O at 0x [0x003e]. BAR6: 32 bit memory at 0x [0x0003fffe]. id PciBus: Resource Map for Root Bridge PciRoot(0x0) Type = Io16; Base = 0xC000; Length = 0x1000;Alignment = 0xFFF Base = 0xC000; Length = 0x40; Alignment = 0x3F; Owner = PCI [00|03|00:14] Base = 0xC040; Length = 0x10; Alignment = 0xF;Owner = PCI [00|01|01:20] Type = Mem32; Base = 0x8000; Length = 0x210; Alignment = 0x1FF Base = 0x8000; Length = 0x200; Alignment = 0x1FF; Owner = PCI [00|02|00:10] Base = 0x8200; Length = 0x2; Alignment = 0x1;Owner = PCI [00|03|00:10] Base = 0x8202; Length = 0x1000;Alignment = 0xFFF; Owner = PCI [00|02|00:14] [...] IoWrite32 CF8 8820 IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8824 IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8828 IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 882C IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8830 IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8834 IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8838 IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 883C IoRead32 CFC IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8804 IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8804 IoWrite32 CF8 IoRead32 CF8 IoWrite32 CF8 8B40 IoRead32 CFC IoWrite32 CF8 IoRead32 B008 IoRead32 CF8 IoWrite32 CF8 8B40 IoRead32 CFC IoWrite32 CF8 IoRead32 B008 and so on repeating. With -M q35 where it stops at the assertion: (qemu) info pci Bus 0, device 0, function 0: Host bridge: PCI device 8086:29c0 id Bus 0, device 1, function 0: VGA controller: PCI device 1013:00b8 BAR0: 32 bit prefetchable memory at 0x [0x01fe]. BAR1: 32 bit memory at 0x [0x0ffe]. BAR6: 32 bit memory at 0x [0xfffe]. id Bus 0, device 2, function 0: Ethernet controller: PCI device 8086:100e IRQ 0. BAR0: 32 bit memory at 0x [0x0001fffe]. BAR1: I/O at 0x [0x003e]. BAR6: 32 bit memory at 0x [0x0003fffe]. id Bus 0, device 31, function 0: ISA bridge: PCI device 8086:2918 id Bus 0, device 31, function 2: SATA controller: PCI device 8086:2922 IRQ 0. BAR4: I/O at 0x [0x001e]. BAR5: 32 bit memory at 0x [0x0ffe]. id Bus 0, device 31, function 3: SMBus: PCI device 8086:2930 IRQ 0. BAR4: I/O at 0x [0x003e]. id PciBus: Resource Map for Root Bridge PciRoot(0x0) Type = Io16; Base = 0xC000; Length = 0x1000;Alignment = 0xFFF Base = 0xC000; Length = 0x40; Alignment = 0x3F; Owner = PCI [00|1F|03:20] Base = 0xC040; Length = 0x40; Alignment = 0x3F; Owner = PCI [00|02|00:14] Base = 0xC080; Length = 0x20; Alignment = 0x1F; Owner = PCI [00|1F|02:20] Type = Mem32; Base = 0x8000; Length = 0x210; Alignment = 0x1FF Base = 0x8000; Length = 0x200; Alignment = 0x1FF; Owner = PCI [00|01|00:10] Base = 0x8200; Length = 0x2; Alignment = 0x1;Owner = PCI [00|02|00:10] Base = 0x8202; Length = 0x1000;Alignment = 0xFFF; Owner = PCI
Re: [Qemu-devel] AmigaOS 4.x on QEMU
On 25/01/14 00:20, BALATON Zoltan wrote: On Sun, 12 Jan 2014, Alpha Mule wrote: Hi. AmigaOS 4.x runs natively on some niche PowerPC boards. I was wondering about the viability of running AmigaOS 4.x on QEMU. Specifically, I was wondering if there has been any development on that and/or what needs to be done to get it fully working. Any information would be appreciated. Thanks. Looks like not much info is available on this... I think that the first difficulty is that AmigaOS 4.x is not freely available (AFAIK) so it's hard to do any testing with it. I've found that a demo version of MorphOS (which is not the same but runs on similar hardware) is available and runs on some Mac hardware that may be closer to what qemu already has support for so it may be an easier target to test. I've tried to boot it on qemu but haven't got very far and I think qemu is missing some features MorphOS needs so it may not be easy to make it work. Here's what I've found: 1. The CPU type MorphOS seems to prefer is G4 7447A. This CPU type may not be fully supported by qemu yet and specifying it with -cpu makes the VM hang in the openbios firmware before it even gets to boot the OS. By using the default G4 CPU without any -cpu option it gets further and hangs later in the OS's boot loader. 2. None of the video cards MorphOS can work with is emulated by qemu and I think those qemu has do not work with MorphOS. So even if it was running otherwise there would be no display. Theoretically this may be got around (for testing at least) with the PCI pass-through of an appropriate card from the host but I don't have such a video card at hand and don't know if this would be possible in practice at all. 3. The farthest I got is with the 'boot cd:,\mac_ppc32\boot.img' command line from openbios which seems to at least start to boot but hangs without any messages (even on the serial console) quite early and I don't know enough to debug this further. All I got was some debug logs which seem to go astray around here: IN: 0x00441b14: dcbtst r8,r10 0x00441b18: stw r5,4(r10) 0x00441b1c: stw r5,8(r10) 0x00441b20: stw r5,12(r10) 0x00441b24: stw r5,16(r10) 0x00441b28: stw r5,20(r10) 0x00441b2c: stw r5,24(r10) 0x00441b30: stw r5,28(r10) 0x00441b34: stwu r5,32(r10) 0x00441b38: bdnz+ 0x441b14 Raise exception at 00441b18 = 0002 (00) invalid/unsupported opcode: 00 - 00 - 00 () 0080 0 IN: 0x0034: addi r1,r1,16 0x0038: lwz r0,52(r1) 0x003c: mtlr r0 0x0040: lwz r0,56(r1) 0x0044: mtcr r0 FWIW I do have a MorphOS image in my OpenBIOS test suite which I run as part of the release process from time to time, although of course it never seems to get further than the bootloader. Last time I spent some time checking this in detail, it seemed to get stuck in an infinite loop whilst traversing the firmware tree but it's been a while since I started digging any deeper into this. I did find some of the developers on IRC and asked a few questions about this a couple of years ago, however the responses I got back were unhelpful and rather immature so I simply gave up. ATB, Mark.
Re: [Qemu-devel] [PATCH v13 00/14] Drop in_use from BlockDriverState and enable point-in-time snapshot exporting over NBD
On Fri, 01/31 19:00, Ian Main wrote:
On Wed, Jan 29, 2014 at 01:07:27PM +0800, Fam Zheng wrote:
This series adds for point-in-time snapshot NBD exporting based on
blockdev-backup (variant of drive-backup with existing device as target).
We get a thin point-in-time snapshot by COW mechanism of drive-backup, and
export it through built in NBD server. The steps are as below:
1. (SHELL) qemu-img create -f qcow2 BACKUP.qcow2 source size here
(Alternatively we can use -o backing_file=RUNNING-VM.img to omit
explicitly
providing the size by ourselves, but it's risky because
RUNNING-VM.qcow2 is
used r/w by guest. Whether or not setting backing file in the image file
doesn't matter, as we are going to override the backing hd in the next
step)
2. (QMP) blockdev-add backing=source-drive file.driver=file
file.filename=BACKUP.qcow2 id=target0 if=none driver=qcow2
It seems like we have a regression here. I sent you a private email
earlier and after some more testing I am finding that the setup that I
had to test this before is no longer working. Now when I try to use
blockdev-add I get:
rsp = srv.cmd(command, {'options': {
'backing': 'ide0-hd0',
'driver': 'qcow2',
'id': 'target0',
'file': {
'driver': 'file',
'filename': '/home/imain/tmp/BACKUP.qcow2'
}
}
})
rsp is {u'error': {u'class': u'GenericError', u'desc': ucould not open
disk image target0: Block format 'qcow2' used by device 'target0'
doesn't support the option 'backing'}}
It's possible I'm messing something up but I'm pretty sure something has
changed with the options handling in bdrv_open() to make this not work
anymore.
My local test script is very similar to this, so as the case added in this
series. They both work here. Have you found what is wrong there yet?
Fam
Re: [Qemu-devel] [PATCH 2/4] qemu-iotests: Add VM method qtest_cmd() to iotests.py
On Wed, 01/29 15:22, Stefan Hajnoczi wrote:
On Wed, Jan 29, 2014 at 04:40:41PM +0800, Fam Zheng wrote:
This will allow test case to run command in qtest protocol. It's
write-only for now.
Signed-off-by: Fam Zheng f...@redhat.com
---
tests/qemu-iotests/iotests.py | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index e4fa9af..ca79d09 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -153,13 +153,16 @@ class VM(object):
stderr=sys.stderr)
return p.wait()
+def qtest_cmd(self, cmd):
+self._popen.stdin.write(cmd + \n)
+
def launch(self):
'''Launch the VM and establish a QMP connection'''
-devnull = open('/dev/null', 'rb')
qemulog = open(self._qemu_log_path, 'wb')
try:
self._qmp = qmp.QEMUMonitorProtocol(self._monitor_path,
server=True)
-self._popen = subprocess.Popen(self._args, stdin=devnull,
stdout=qemulog,
+self._popen = subprocess.Popen(self._args,
stdin=subprocess.PIPE,
+ stdout=qemulog,
stderr=subprocess.STDOUT)
Commit 0fd05e8dd1ee7ae143fba3d6bcc6abe3fbeaeb34 (qemu-iotests: start
vms in qtest mode) put qtest on stdio. I think that was a mistake and
it should be fixed if you want to drive qtest.
Let's not mix qtest output with QEMU stderr. If you need to drive
qtest, put it on a dedicated UNIX domain socket
(just like QMP).
Implement the qtest protocol as documented in qtest.c:
* Line based protocol, request/response based. Server can send async
messages
* so clients should always handle many async messages before the response
* comes in.
OK, good idea, I'll respin for a better qtest support.
Fam
Re: [Qemu-devel] [PATCH 3/4] qemu-iotests: Allow caller to disable underscore convertion for qmp
On Wed, 01/29 07:09, Eric Blake wrote:
On 01/29/2014 01:40 AM, Fam Zheng wrote:
s/convertion/conversion/ in the subject
QMP command block_set_io_throttle expects underscores in parameters
instead of dashes: {iops,bps}_{rd,wr,max}.
Add optional argument conv_keys (defaults to True, backward compatible),
it will be used in IO throttling test case.
Signed-off-by: Fam Zheng f...@redhat.com
---
tests/qemu-iotests/iotests.py | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
You know, it might be nice to get the '-'/'_' looseness into QMP itself
when invoked via JSON strings over the monitor, rather than just the
testsuite wrapper, since we're already inconsistent in several commands.
But that's a bigger project for another day.
I agree. Let's stick to this now and leave the loosing in QMP for later.
Fam
Re: [Qemu-devel] [PATCH v3] implementing victim TLB for QEMU system emulated TLB
Hi QEMU Community
This patch provides significant performance improvement (10.76% on
average) for QEMU system emulation. so I urge the someone in the QEMU
community to review this patch so that it has the hope of making into
the mainline. I understand that I have made mistakes in patch
submission before. But i've learned from the mistakes and will try to
have future patch submission done according to guidelines.
Best Regards,
Xin
On Wed, Jan 29, 2014 at 10:03 AM, Xin Tong trent.t...@gmail.com wrote:
can someone please review this patch ?
Thank you,
Xin
On Tue, Jan 28, 2014 at 11:31 AM, Xin Tong trent.t...@gmail.com wrote:
This patch adds a victim TLB to the QEMU system mode TLB.
QEMU system mode page table walks are expensive. Taken by running QEMU
qemu-system-x86_64 system mode on Intel PIN , a TLB miss and walking a
4-level page tables in guest Linux OS takes ~450 X86 instructions on
average.
QEMU system mode TLB is implemented using a directly-mapped hashtable.
This structure suffers from conflict misses. Increasing the
associativity of the TLB may not be the solution to conflict misses as
all the ways may have to be walked in serial.
A victim TLB is a TLB used to hold translations evicted from the
primary TLB upon replacement. The victim TLB lies between the main TLB
and its refill path. Victim TLB is of greater associativity (fully
associative in this patch). It takes longer to lookup the victim TLB,
but its likely better than a full page table walk. The memory
translation path is changed as follows :
Before Victim TLB:
1. Inline TLB lookup
2. Exit code cache on TLB miss.
3. Check for unaligned, IO accesses
4. TLB refill.
5. Do the memory access.
6. Return to code cache.
After Victim TLB:
1. Inline TLB lookup
2. Exit code cache on TLB miss.
3. Check for unaligned, IO accesses
4. Victim TLB lookup.
5. If victim TLB misses, TLB refill
6. Do the memory access.
7. Return to code cache
The advantage is that victim TLB can offer more associativity to a
directly mapped TLB and thus potentially fewer page table walks while
still keeping the time taken to flush within reasonable limits.
However, placing a victim TLB before the refill path increase TLB
refill path as the victim TLB is consulted before the TLB refill. The
performance results demonstrate that the pros outweigh the cons.
some performance results taken on SPECINT2006 train
datasets and kernel boot and qemu configure script on an
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz Linux machine are shown in the
Google Doc link below.
In summary, victim TLB improves the performance of qemu-system-x86_64 by
10.7% on average on SPECINT2006 and with highest improvement of in 25.4%
in 464.h264ref. And victim TLB does not result in any performance
degradation in any of the measured benchmarks. Furthermore, the
implemented victim TLB is architecture independent and is expected to
benefit other architectures in QEMU as well.
https://docs.google.com/spreadsheet/ccc?key=0AiZRCc8IxzMRdGV5ZFRrM2F2OU9sTnR2Y3JFdjNveUEusp=sharing
Although there are measurement fluctuations, the performance
improvement is very significant and by no means in the range of
noises.
Signed-off-by: Xin Tong trent.t...@gmail.com
---
cputlb.c| 50 -
include/exec/cpu-defs.h | 12 ++---
include/exec/exec-all.h | 2 ++
include/exec/softmmu_template.h | 55
++---
4 files changed, 111 insertions(+), 8 deletions(-)
diff --git a/cputlb.c b/cputlb.c
index b533f3f..caee78e 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -34,6 +34,22 @@
/* statistics */
int tlb_flush_count;
+/* swap the 2 given TLB entries as well as their corresponding IOTLB */
+inline void swap_tlb(CPUTLBEntry *te, CPUTLBEntry *se, hwaddr *iote,
+ hwaddr *iose)
+{
+ hwaddr iotmp;
+ CPUTLBEntry tmp;
+ /* swap tlb */
+ tmp = *te;
+ *te = *se;
+ *se = tmp;
+ /* swap iotlb */
+ iotmp = *iote;
+ *iote = *iose;
+ *iose = iotmp;
+}
+
/* NOTE:
* If flush_global is true (the usual case), flush all tlb entries.
* If flush_global is false, flush (at least) all tlb entries not
@@ -58,8 +74,10 @@ void tlb_flush(CPUArchState *env, int flush_global)
cpu-current_tb = NULL;
memset(env-tlb_table, -1, sizeof(env-tlb_table));
+memset(env-tlb_v_table, -1, sizeof(env-tlb_v_table));
memset(env-tb_jmp_cache, 0, sizeof(env-tb_jmp_cache));
+env-vtlb_index = 0;
env-tlb_flush_addr = -1;
env-tlb_flush_mask = 0;
tlb_flush_count++;
@@ -106,6 +124,14 @@ void tlb_flush_page(CPUArchState *env, target_ulong
addr)
tlb_flush_entry(env-tlb_table[mmu_idx][i], addr);
}
+/* check whether there are entries that need to be flushed in the vtlb
*/
+for (mmu_idx = 0; mmu_idx NB_MMU_MODES; mmu_idx++) {
+unsigned int k;
+for (k =
Re: [Qemu-devel] Native MinGW build crashes when partitioning hard disk in guest
On 1 February 2014 12:51, Stefan Weil s...@weilnetz.de wrote: Am 01.02.2014 11:47, schrieb Legorol: (I am reposting this as my first post seems to have fallen through the cracks.) I am building the official Qemu 1.7.0 release from source natively under MinGW for myself. I execute the i386 target. Qemu starts fine, but it crashes when I try to partition a 2G hard disk under an MS-DOS 6.22 guest. Details of the build and reproducing the crash are below. The problem also occurs for me with the 1.6.2 release. The problem does not occur with these binaries from other people: Eric Lassauge's Qemu-1.6.0-windows.zip Prashant Satish's qemu-1.6.0-win32-sdl.tar.lzma Stefan Weil's qemu-w32-setup-20131128, qemu-w32-setup-20140118.exe The problem does not occur when I add the --enable-debug flag to configure! Whatever optimisation is removed as a result seems to avoid the crash. How can I troubleshoot what the problem is? What should I change about my build to solve the problem? Hi, I assume that this is caused by a known problem with coroutines (which are used by QEMU's block operations) for Windows. Any file operation can cause that crash. See this discussion for details: http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg04197.html Thanks for the pointer. I have actually already seen that discussion and read every related post in that thread. The problem is caused by buggy code produced by the MinGW compilers when optimisation is enabled. There exist several workarounds which fix the problem: * disable optimisation for coroutine-win32.c (that's what --enable-debug does) * disable the coroutine pool As per the discussion you linked, I've already been compiling with the --disable-coroutine-pool flag, as indicated in my description. * modify the code of function qemu_coroutine_switch in coroutine-win32.c (that's what I use for my binaries) Try this patch: http://repo.or.cz/w/qemu/ar7.git/commitdiff/c777d5d62a729fd8b19847aaa0aad3d7a1f73f47 Regards Stefan I tried the patch (in addition to disabling the coroutine pool), and it worked! I no longer get the crash. There is something still amiss though, if you say that disabling the coroutine pool OR applying the patch should do the trick. Just disabling the coroutine pool wasn't enough for me. Thanks, Legorol
Re: [Qemu-devel] OVMF with q35 (was: osx bootloader)
On Sat, 1 Feb 2014, Alexander Graf wrote: Easiest is probably to attach gdb and get a backtrace to see who accesses that port. Only if I knew how to do that... I can start qemu with -s and attach gdb to it but how to get symbols for the OVMF.fd file and how to set the breakpoint? I've tried gdb OVMF.fd but it cannot load it directly. I've also found *.debug files in the edk2/Build directory but they are only for parts of the whole fw image and none of them seems to be for the part which defines the IoRead32 function. Does anyone know how to debug OVMF firmware running in qemu? Regards, BALATON Zoltan
Re: [Qemu-devel] [PULL v4 01/12] lm32_sys: increase test case name length limit
On 20 January 2014 19:34, Michael Walle mich...@walle.cc wrote:
The new MMU tests use longer names.
Signed-off-by: Michael Walle mich...@walle.cc
---
hw/misc/lm32_sys.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/misc/lm32_sys.c b/hw/misc/lm32_sys.c
index 9bdb781..8176cdb 100644
--- a/hw/misc/lm32_sys.c
+++ b/hw/misc/lm32_sys.c
@@ -42,7 +42,7 @@ enum {
R_MAX
};
-#define MAX_TESTNAME_LEN 16
+#define MAX_TESTNAME_LEN 32
#define TYPE_LM32_SYS lm32-sys
#define LM32_SYS(obj) OBJECT_CHECK(LM32SysState, (obj), TYPE_LM32_SYS)
@@ -80,7 +80,7 @@ static void sys_write(void *opaque, hwaddr addr,
case R_PASSFAIL:
s-regs[addr] = value;
testname = (char *)s-testname;
-qemu_log(TC %-16s %s\n, testname, (value) ? FAILED : OK);
+qemu_log(TC %-32s %s\n, testname, (value) ? FAILED : OK);
You could avoid the duplication of the 32 here by using
qemu_log(TCG %-*s %s\n, MAX_TESTNAME_LEN, testname, value ?
FAILED : OK);
thanks
-- PMM
Re: [Qemu-devel] osx bootloader
On Wed, 29 Jan 2014, Alexander Graf wrote: You will need an EFI HFS+ driver (look at the refind pointer) because boot.efi will use EFI callbacks to read the kernel and kext cache. Probably we will need more than that. I've copied boot.efi to the EFI partition and tried to start it from OMVF (without -M q35) but it only printed: Can not initialize console Boot failed, sleeping for 10 seconds before exiting... Regards, BALATON Zoltan
Re: [Qemu-devel] live migration between amd fam15h-fam10h
On 01/27/2014 08:20 AM, Markus Kovero wrote: Hi, I am getting a frozen guest when migrating from an Opteron 6274 host (amd fam15h) to an Opteron 6174 host (amd fam10h). The live migration completes succesfully, but the guest is frozen: vcn screen is still there, but no input is possible and no kernel output is seen. Trying c on the qemu-monitor does not help. I am using -cpu Opteron_G3 which I assumed would be ok for both host cpus. In the opposite direction (migrating from an amd fam10h host to an amdfam15h host) the guest continues to run on the destination. However, on most of these successfull live migrations, I notice a clocksource unstable message on the guest kernel (using the default kvm-clock clocksource) e.g. Clocksource tsc unstable (delta = -1500533439 ns) Same situation (guest runs on destination with clocksource unstable message) happens when migrating between fam15h hosts (I have not tried between fam10h hosts) Changing the clocksource (tsc, acpi_pm, hpet) does not solve the issue. Also tried with -cpu kvm64 with same result. qemu-kvm version: 0.15.1, 1.0 or qemu-kvm/master Host kernel: 3.0.15 (on both hosts) Guest kernel: 3.0.6 or 3.2 this is the qemu-kvm command line used on the source host: kvm -enable-kvm -m 1024 -smp 1 -cpu Opteron_G3,check -drive \ file=/opt/test.img,if=none,id=drive-virtio-disk1,format=raw,cache=writethrough,boot=on -device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,id=virtio-disk1 -monitor stdio -vnc 0.0.0.0:6 -vga std -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -usb -device usb-tablet,id=input0 The destination host has the same command line with an added -incoming tcp:. I have mainly tested this with non-shared storage (but also shared storage has the same result). Migration is triggered with migrate -b tcp:destip: Do the TSC microarchitecture changes in amdfam15h (see AMD SW optimiization guide for fam15h, 47414 Rev 3.02 Appendix E) affect pvclock stability on migration in same family or across families? cpuid information follows in case it's helpful. ..snip.. Hi, I can confirm this problem still exists in live migrations between Opteron 6128HE and Opteron 6274. Live migration from 6100-series to 6200-series work, but never from 6200 to 6100. Issue is reproducible and symptoms are identical with previous poster. I have tested with 3.10.5 host-kernel and 1.7 qemu, also with 3.1.4 and 1.0 qemu, guest kernel seems to be irrelevant at this point (as it crashes any OS). I would say this needs attention, and I'm willing to help to get this sorted out. Did it ever work? If so, I'd start by git bisecting to find out where it broke. Thanks for your thoughts. Yours Markus Kovero +358 40 577 1129
Re: [Qemu-devel] [PULL v4 02/12] tests: lm32: new rule for single test cases
On 20 January 2014 19:34, Michael Walle mich...@walle.cc wrote: Introduce new target check_% to run indiviudal test caes, eg. make check_mmu individual. Otherwise Reviewed-by: Peter Maydell peter.mayd...@linaro.org Signed-off-by: Michael Walle mich...@walle.cc --- tests/tcg/lm32/Makefile |3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/tcg/lm32/Makefile b/tests/tcg/lm32/Makefile index 9a00ef7..19e0664 100644 --- a/tests/tcg/lm32/Makefile +++ b/tests/tcg/lm32/Makefile @@ -101,5 +101,8 @@ check: $(CRT) $(SYS) $(TESTCASES) $(SIM) $(SIMFLAGS) ./$$case; \ done +check_%: test_%.tst $(CRT) $(SYS) + $(SIM) $(SIMFLAGS) $ + clean: $(RM) -fr $(TESTCASES) $(CRT) You could reimplement the 'check' target to just depend on $(TESTCASES:test_%.tst=check_%) rather than doing an explicit loop if you like, but that's optional. thanks -- PMM
Re: [Qemu-devel] [PULL v4 03/12] milkymist-uart: use qemu_chr_fe_write_all() instead of qemu_chr_fe_write()
On 20 January 2014 19:34, Michael Walle mich...@walle.cc wrote: From: Antony Pavlov antonynpav...@gmail.com qemu_chr_fe_write() is capable of returning 0 to indicate EAGAIN (and friends) and we don't handle this. Just change it to qemu_chr_fe_write_all() to fix. Reported-by: Peter Crosthwaite peter.crosthwa...@xilinx.com Acked-by: Peter Crosthwaite peter.crosthwa...@xilinx.com Signed-off-by: Antony Pavlov antonynpav...@gmail.com Signed-off-by: Michael Walle mich...@walle.cc Reviewed-by: Peter Maydell peter.mayd...@linaro.org thanks -- PMM
Re: [Qemu-devel] [PULL v4 04/12] lm32_uart/lm32_juart: use qemu_chr_fe_write_all()
On 20 January 2014 19:34, Michael Walle mich...@walle.cc wrote: qemu_chr_fe_write() may return EAGAIN. Therefore, use qemu_chr_fe_write_all(). Signed-off-by: Michael Walle mich...@walle.cc Reviewed-by: Peter Maydell peter.mayd...@linaro.org -- PMM
Re: [Qemu-devel] [PULL v4 05/12] milkymist-vgafb: swap pixel data in source buffer
On 20 January 2014 19:34, Michael Walle mich...@walle.cc wrote:
In commit fc97bb5ba3e7239c0b6d24095df6784868dfebbf the lduw_raw() call was
eliminated. But we are reading from the target buffer a 16-bit value, which
is in big-endian format. Therefore, swap the bytes if we are building for a
little-endian host.
Paolo, can you remember why you included this change in that commit?
It purports to just be moving the display devices around but it seems to
have included the introduction of this bug, and also a removal of a lduw_raw()
call from (what is now) hw/display/blizzard_template.h which I suspect is
also wrong...
Cc: Paolo Bonzini pbonz...@redhat.com
Signed-off-by: Michael Walle mich...@walle.cc
---
hw/display/milkymist-vgafb_template.h |1 +
1 file changed, 1 insertion(+)
diff --git a/hw/display/milkymist-vgafb_template.h
b/hw/display/milkymist-vgafb_template.h
index e0036e1..3f25484 100644
--- a/hw/display/milkymist-vgafb_template.h
+++ b/hw/display/milkymist-vgafb_template.h
@@ -62,6 +62,7 @@ static void glue(draw_line_, BITS)(void *opaque, uint8_t
*d, const uint8_t *s,
while (width--) {
memcpy(rgb565, s, sizeof(rgb565));
+rgb565 = be16_to_cpu(rgb565);
If we know the framebuffer is always bigendian (regardless of the
target CPU endianness) then rather than memcpy and then
byteswap we might as well just
rgb565 = lduw_be_p(s);
I think.
r = ((rgb565 11) 0x1f) 3;
g = ((rgb565 5) 0x3f) 2;
b = ((rgb565 0) 0x1f) 3;
thanks
-- PMM
Re: [Qemu-devel] [PULL v4 09/12] lm32_sys: print test result on stderr
On 20 January 2014 19:34, Michael Walle mich...@walle.cc wrote: Do not use qemu_log(). Signed-off-by: Michael Walle mich...@walle.cc --- hw/misc/lm32_sys.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/misc/lm32_sys.c b/hw/misc/lm32_sys.c index 8176cdb..6af0cca 100644 --- a/hw/misc/lm32_sys.c +++ b/hw/misc/lm32_sys.c @@ -80,7 +80,7 @@ static void sys_write(void *opaque, hwaddr addr, case R_PASSFAIL: s-regs[addr] = value; testname = (char *)s-testname; -qemu_log(TC %-32s %s\n, testname, (value) ? FAILED : OK); +fprintf(stderr, TC %-32s %s\n, testname, (value) ? FAILED : OK); break; This looks wrong to me -- devices shouldn't print to stderr, ideally. thanks -- PMM
Re: [Qemu-devel] [PULL v4 11/12] target-lm32: stop VM on illegal or unknown instruction
On 20 January 2014 19:34, Michael Walle mich...@walle.cc wrote:
Instead of translating the instruction to a no-op, pause the VM and display
a message to the user.
As a side effect, this also works for instructions where the operands are
only known at runtime.
Signed-off-by: Michael Walle mich...@walle.cc
---
target-lm32/helper.h|1 +
target-lm32/op_helper.c | 17 +
target-lm32/translate.c | 91
+++
3 files changed, 79 insertions(+), 30 deletions(-)
diff --git a/target-lm32/helper.h b/target-lm32/helper.h
index ad44fdf..f4442e0 100644
--- a/target-lm32/helper.h
+++ b/target-lm32/helper.h
@@ -13,5 +13,6 @@ DEF_HELPER_1(rcsr_im, i32, env)
DEF_HELPER_1(rcsr_ip, i32, env)
DEF_HELPER_1(rcsr_jtx, i32, env)
DEF_HELPER_1(rcsr_jrx, i32, env)
+DEF_HELPER_1(ill, void, env)
#include exec/def-helper.h
diff --git a/target-lm32/op_helper.c b/target-lm32/op_helper.c
index 71f21d1..7189cb5 100644
--- a/target-lm32/op_helper.c
+++ b/target-lm32/op_helper.c
@@ -8,6 +8,10 @@
#include exec/softmmu_exec.h
+#ifndef CONFIG_USER_ONLY
+#include sysemu/sysemu.h
+#endif
+
#if !defined(CONFIG_USER_ONLY)
#define MMUSUFFIX _mmu
#define SHIFT 0
@@ -39,6 +43,19 @@ void HELPER(hlt)(CPULM32State *env)
cpu_loop_exit(env);
}
+void HELPER(ill)(CPULM32State *env)
+{
+#ifndef CONFIG_USER_ONLY
+CPUState *cs = CPU(lm32_env_get_cpu(env));
+fprintf(stderr, VM paused due to illegal instruction.
+Connect a debugger or switch to the monitor console
+to find out more.\n);
+qemu_system_vmstop_request(RUN_STATE_PAUSED);
+cs-halted = 1;
+raise_exception(env, EXCP_HALTED);
+#endif
Not really convinced this is a great idea. This one target CPU
type does something that none of the others do seems less
than ideal for QEMU as a whole.
+}
+
void HELPER(wcsr_bp)(CPULM32State *env, uint32_t bp, uint32_t idx)
{
uint32_t addr = bp ~1;
diff --git a/target-lm32/translate.c b/target-lm32/translate.c
index f20460a..43ea4e6 100644
--- a/target-lm32/translate.c
+++ b/target-lm32/translate.c
@@ -122,6 +122,12 @@ static inline void t_gen_raise_exception(DisasContext
*dc, uint32_t index)
tcg_temp_free_i32(tmp);
}
+static inline void t_gen_illegal_insn(DisasContext *dc)
+{
+tcg_gen_movi_tl(cpu_pc, dc-pc);
+gen_helper_ill(cpu_env);
+}
+
static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
{
TranslationBlock *tb;
@@ -425,6 +431,7 @@ static void dec_divu(DisasContext *dc)
if (!(dc-features LM32_FEATURE_DIVIDE)) {
qemu_log_mask(LOG_GUEST_ERROR, hardware divider is not
available\n);
+t_gen_illegal_insn(dc);
return;
}
@@ -504,6 +511,7 @@ static void dec_modu(DisasContext *dc)
if (!(dc-features LM32_FEATURE_DIVIDE)) {
qemu_log_mask(LOG_GUEST_ERROR, hardware divider is not
available\n);
+t_gen_illegal_insn(dc);
return;
}
@@ -527,6 +535,7 @@ static void dec_mul(DisasContext *dc)
if (!(dc-features LM32_FEATURE_MULTIPLY)) {
qemu_log_mask(LOG_GUEST_ERROR,
hardware multiplier is not available\n);
+t_gen_illegal_insn(dc);
return;
}
@@ -595,17 +604,18 @@ static void dec_scall(DisasContext *dc)
LOG_DIS(scall\n);
} else if (dc-imm5 == 2) {
LOG_DIS(break\n);
-} else {
-qemu_log_mask(LOG_GUEST_ERROR, invalid opcode @0x%x, dc-pc);
-return;
}
if (dc-imm5 == 7) {
tcg_gen_movi_tl(cpu_pc, dc-pc);
t_gen_raise_exception(dc, EXCP_SYSTEMCALL);
-} else {
+} else if (dc-imm5 == 2) {
tcg_gen_movi_tl(cpu_pc, dc-pc);
t_gen_raise_exception(dc, EXCP_BREAKPOINT);
+} else {
+qemu_log_mask(LOG_GUEST_ERROR, invalid opcode @0x%x, dc-pc);
+t_gen_illegal_insn(dc);
+return;
}
This leaves this function with two consecutive identical if..elseif..else
ladders: why not combine them together? (optionally, use
switch(dc-imm5).)
The rest looks OK.
thanks
-- PMM
Re: [Qemu-devel] [PULL v4 12/12] hw/lm32: print error if cpu model is not found
On 20 January 2014 19:34, Michael Walle mich...@walle.cc wrote: QEMU crashed if a the given cpu_model is not found. Signed-off-by: Michael Walle mich...@walle.cc Reviewed-by: Peter Maydell peter.mayd...@linaro.org -- PMM
Re: [Qemu-devel] [PULL v4 08/12] target-lm32: add breakpoint/watchpoint support
On 20 January 2014 19:34, Michael Walle mich...@walle.cc wrote:
This patch adds in-target breakpoint and watchpoint support.
This looks at least superficially OK, but I'm not really familiar
with QEMU's breakpoint/watchpoint support code. RTH: do
you want to have a look over this one?
A style point, since I'm not really able to review for much
else:
+void lm32_debug_excp_handler(CPULM32State *env)
+{
+CPUBreakpoint *bp;
+
+if (env-watchpoint_hit) {
+if (env-watchpoint_hit-flags BP_CPU) {
+env-watchpoint_hit = NULL;
+if (check_watchpoints(env)) {
+raise_exception(env, EXCP_WATCHPOINT);
+} else {
+cpu_resume_from_signal(env, NULL);
+}
+}
+} else {
+QTAILQ_FOREACH(bp, env-breakpoints, entry)
+if (bp-pc == env-pc) {
+if (bp-flags BP_CPU) {
+raise_exception(env, EXCP_BREAKPOINT);
+}
+break;
+}
Braces around the QTAILQ_FOREACH's body, please.
+}
+}
thanks
-- PMM
Re: [Qemu-devel] [PULL v4 00/12] target-lm32 updates
On 20 January 2014 19:34, Michael Walle mich...@walle.cc wrote: Hi Anthony, this is a pull request for various updates and fixes for the LatticeMico32 target. Please pull. Apologies for doing a review pass on this rather than pulling it. However given that most of the patches didn't have reviewed-by tags I gave them a quick eyeball and felt there were enough minor issues there that I would rather err on the side of caution. If you address the issues I'll review a respin of this patch series and I'm happy to apply a pull request once the patches have got review. thanks -- PMM
[Qemu-devel] [Bug 685096] Re: USB Passthrough not working for Windows 7 guest
Hi, I had the same problem. Tested a lot. My solution to passthrough usb
devices to a windows 7 x64 guest:
parameter part:
-device usb-ehci,id=usb,bus=pci.0,addr=0x4 -device usb-
host,vendorid=0x{},productid=0x{},id=hostdev0,bus=usb.0
I also tried the device
piix4-usb-uhci
instead of usb-ehci
piix4-usb-uhci caused the Code 10 error in the windows device manager.
lsusb will give you a list of plugged in usb devices. eg.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
1d6b:0002
and
1d6b:0003
are vendorid:prouctid
replace {} with the ids and it should work. I tested it with
- ssd usb 3.0 drive
- retail usb seagate usb 2.0 hdd drive.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/685096
Title:
USB Passthrough not working for Windows 7 guest
Status in QEMU:
Confirmed
Status in “qemu-kvm” package in Ubuntu:
Confirmed
Bug description:
USB Passthrough from host to guest is not working for a 32-bit Windows
7 guest, while it works perfectly for a 32-bit Windows XP guest.
The device appears in the device manager of Windows 7, but with Error
code 10: device cannot start. I have tried this with numerous USB
thumbdrives and a USB wireless NIC, all with the same result. The
device name and functionality is recognized, so at least some USB
negotiation is taking place.
I am trying this with the latest git-pull of QEMU-KVM.
The command line to launch qemu-kvm for win7 is:
sudo /home/user/local_install/bin/qemu-system-x86_64 -cpu core2duo -m 1024
-smp 2 -vga std -hda ./disk_images/win7.qcow -vnc :1 -boot c -usb -usbdevice
tablet -usbdevice host:0781:5150
The command line to launch qemu-kvm for winxp is:
sudo /home/user/local_install/bin/qemu-system-x86_64 -cpu core2duo -m 1024
-smp 2 -usb -vga std -hda ./winxpsp3.qcow -vnc :0 -boot c -usbdevice tablet
-usbdevice host:0781:5150
Any help is appreciated.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/685096/+subscriptions
Re: [Qemu-devel] [PULL v4 09/12] lm32_sys: print test result on stderr
Am Samstag, 1. Februar 2014, 19:00:01 schrieb Peter Maydell: On 20 January 2014 19:34, Michael Walle mich...@walle.cc wrote: Do not use qemu_log(). Signed-off-by: Michael Walle mich...@walle.cc --- hw/misc/lm32_sys.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/misc/lm32_sys.c b/hw/misc/lm32_sys.c index 8176cdb..6af0cca 100644 --- a/hw/misc/lm32_sys.c +++ b/hw/misc/lm32_sys.c @@ -80,7 +80,7 @@ static void sys_write(void *opaque, hwaddr addr, case R_PASSFAIL: s-regs[addr] = value; testname = (char *)s-testname; -qemu_log(TC %-32s %s\n, testname, (value) ? FAILED : OK); +fprintf(stderr, TC %-32s %s\n, testname, (value) ? FAILED : OK); break; This looks wrong to me -- devices shouldn't print to stderr, ideally. lm32_sys is actually no real device. it is just used for unit testing. -michael
Re: [Qemu-devel] [PULL v4 11/12] target-lm32: stop VM on illegal or unknown instruction
Am Samstag, 1. Februar 2014, 19:06:40 schrieb Peter Maydell:
On 20 January 2014 19:34, Michael Walle mich...@walle.cc wrote:
Instead of translating the instruction to a no-op, pause the VM and
display a message to the user.
As a side effect, this also works for instructions where the operands are
only known at runtime.
Signed-off-by: Michael Walle mich...@walle.cc
---
target-lm32/helper.h|1 +
target-lm32/op_helper.c | 17 +
target-lm32/translate.c | 91
+++ 3 files changed, 79
insertions(+), 30 deletions(-)
diff --git a/target-lm32/helper.h b/target-lm32/helper.h
index ad44fdf..f4442e0 100644
--- a/target-lm32/helper.h
+++ b/target-lm32/helper.h
@@ -13,5 +13,6 @@ DEF_HELPER_1(rcsr_im, i32, env)
DEF_HELPER_1(rcsr_ip, i32, env)
DEF_HELPER_1(rcsr_jtx, i32, env)
DEF_HELPER_1(rcsr_jrx, i32, env)
+DEF_HELPER_1(ill, void, env)
#include exec/def-helper.h
diff --git a/target-lm32/op_helper.c b/target-lm32/op_helper.c
index 71f21d1..7189cb5 100644
--- a/target-lm32/op_helper.c
+++ b/target-lm32/op_helper.c
@@ -8,6 +8,10 @@
#include exec/softmmu_exec.h
+#ifndef CONFIG_USER_ONLY
+#include sysemu/sysemu.h
+#endif
+
#if !defined(CONFIG_USER_ONLY)
#define MMUSUFFIX _mmu
#define SHIFT 0
@@ -39,6 +43,19 @@ void HELPER(hlt)(CPULM32State *env)
cpu_loop_exit(env);
}
+void HELPER(ill)(CPULM32State *env)
+{
+#ifndef CONFIG_USER_ONLY
+CPUState *cs = CPU(lm32_env_get_cpu(env));
+fprintf(stderr, VM paused due to illegal instruction.
+Connect a debugger or switch to the monitor console
+to find out more.\n);
+qemu_system_vmstop_request(RUN_STATE_PAUSED);
+cs-halted = 1;
+raise_exception(env, EXCP_HALTED);
+#endif
Not really convinced this is a great idea. This one target CPU
type does something that none of the others do seems less
than ideal for QEMU as a whole.
this was discussed some time ago. unfortunately, i don't find the thread atm.
the particular problem with the lm32 target is that there is no defined
behaviour if some unsupported opcode is executed on the real hardware, esp.
there are no exceptions if that happens.
therefore the suggested behaviour was to just stop the emulation and give the
developer the chance to look at it by connecting a debugger.
keep in mind that the lm32 target is more a development aid, rather than a
real virtualization target.
-michael
[Qemu-devel] [Bug 685096] Re: USB Passthrough not working for Windows 7 guest
followup: my understanding is there are a bunch of usb interfaces: uhci is usb 1.0 ehci is usb 2.0 xhci is usb 3.0 … -device piix3-usb-uhci will create an usb 1.0 interface. I guess usb 1.0 is insufficent for modern usb devices so windows errors with code 10. ehci have enough to bring full support for modern usb devices. qemu is like LEGO where you can wire it all together :-) refference: https://github.com/qemu/qemu/blob/master/docs/usb2.txt https://en.wikipedia.org/wiki/Host_controller_interface_(USB,_Firewire)#USB -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/685096 Title: USB Passthrough not working for Windows 7 guest Status in QEMU: Confirmed Status in “qemu-kvm” package in Ubuntu: Confirmed Bug description: USB Passthrough from host to guest is not working for a 32-bit Windows 7 guest, while it works perfectly for a 32-bit Windows XP guest. The device appears in the device manager of Windows 7, but with Error code 10: device cannot start. I have tried this with numerous USB thumbdrives and a USB wireless NIC, all with the same result. The device name and functionality is recognized, so at least some USB negotiation is taking place. I am trying this with the latest git-pull of QEMU-KVM. The command line to launch qemu-kvm for win7 is: sudo /home/user/local_install/bin/qemu-system-x86_64 -cpu core2duo -m 1024 -smp 2 -vga std -hda ./disk_images/win7.qcow -vnc :1 -boot c -usb -usbdevice tablet -usbdevice host:0781:5150 The command line to launch qemu-kvm for winxp is: sudo /home/user/local_install/bin/qemu-system-x86_64 -cpu core2duo -m 1024 -smp 2 -usb -vga std -hda ./winxpsp3.qcow -vnc :0 -boot c -usbdevice tablet -usbdevice host:0781:5150 Any help is appreciated. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/685096/+subscriptions
Re: [Qemu-devel] [PULL v4 00/12] target-lm32 updates
Am Samstag, 1. Februar 2014, 19:21:28 schrieb Peter Maydell: On 20 January 2014 19:34, Michael Walle mich...@walle.cc wrote: Hi Anthony, this is a pull request for various updates and fixes for the LatticeMico32 target. Please pull. Apologies for doing a review pass on this rather than pulling it. However given that most of the patches didn't have reviewed-by tags I gave them a quick eyeball and felt there were enough minor issues there that I would rather err on the side of caution. If you address the issues I'll review a respin of this patch series and I'm happy to apply a pull request once the patches have got review. thanks -- PMM no problem and thanks for the review. i'm happy to post a cleaned up v5 ;) -michael
Re: [Qemu-devel] [PULL 0/1] xen-140130
On 30 January 2014 14:24, Stefano Stabellini stefano.stabell...@eu.citrix.com wrote: The following changes since commit 0169c511554cb0014a00290b0d3d26c31a49818f: Merge remote-tracking branch 'qemu-kvm/uq/master' into staging (2014-01-24 15:52:44 -0800) are available in the git repository at: git://xenbits.xen.org/people/sstabellini/qemu-dm.git xen-140130 for you to fetch changes up to 360e607b88a23d378f6efaa769c76d26f538234d: address_space_translate: do not cross page boundaries (2014-01-30 14:20:45 +) Stefano Stabellini (1): address_space_translate: do not cross page boundaries exec.c |6 -- 1 file changed, 4 insertions(+), 2 deletions(-) Applied, thanks. -- PMM
Re: [Qemu-devel] osx bootloader
Il 01/02/2014 01:38, BALATON Zoltan ha scritto: I managed to boot OVMF following their wiki; It seems to work with kvm enabled, but not with -M q35. My current command line is: I've tried with the version compiled from the edk2 HEAD and that also fails with -M q35. I've managed to get some debug output via the options described in OVMF's readme file and the error is around where initialising the graphics card. With q35 it stops with: ASSERT .../edk2/MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c(163): (Port 3) == 0 This function is IoRead32 and it says the port must be 32-bit aligned. I've tried to find what port it tries to access but qemu -d ioport option generates no output for me. Any hints on how to use this debug option of qemu? The firmware has to be ported to each new chipset. OVMF was never ported to anything but PIIX. Paolo
Re: [Qemu-devel] [PATCH v3] implementing victim TLB for QEMU system emulated TLB
Il 01/02/2014 17:35, Xin Tong ha scritto: Hi QEMU Community This patch provides significant performance improvement (10.76% on average) for QEMU system emulation. so I urge the someone in the QEMU community to review this patch so that it has the hope of making into the mainline. I understand that I have made mistakes in patch submission before. But i've learned from the mistakes and will try to have future patch submission done according to guidelines. Don't worry, the patch is a very nice optimization and I'm sure you'll get a review soon. I guess people are just busy. Paolo
Re: [Qemu-devel] [PATCH v3] implementing victim TLB for QEMU system emulated TLB
On 28 January 2014 17:31, Xin Tong trent.t...@gmail.com wrote:
This patch adds a victim TLB to the QEMU system mode TLB.
QEMU system mode page table walks are expensive. Taken by running QEMU
qemu-system-x86_64 system mode on Intel PIN , a TLB miss and walking a
4-level page tables in guest Linux OS takes ~450 X86 instructions on
average.
My review below is largely limited to style issues; I'm assuming
rth will do the substantive review.
Signed-off-by: Xin Tong trent.t...@gmail.com
---
cputlb.c| 50 -
include/exec/cpu-defs.h | 12 ++---
include/exec/exec-all.h | 2 ++
include/exec/softmmu_template.h | 55
++---
4 files changed, 111 insertions(+), 8 deletions(-)
diff --git a/cputlb.c b/cputlb.c
index b533f3f..caee78e 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -34,6 +34,22 @@
/* statistics */
int tlb_flush_count;
+/* swap the 2 given TLB entries as well as their corresponding IOTLB */
+inline void swap_tlb(CPUTLBEntry *te, CPUTLBEntry *se, hwaddr *iote,
+ hwaddr *iose)
+{
+ hwaddr iotmp;
+ CPUTLBEntry tmp;
+ /* swap tlb */
+ tmp = *te;
+ *te = *se;
+ *se = tmp;
+ /* swap iotlb */
+ iotmp = *iote;
+ *iote = *iose;
+ *iose = iotmp;
+}
+
/* NOTE:
* If flush_global is true (the usual case), flush all tlb entries.
* If flush_global is false, flush (at least) all tlb entries not
@@ -58,8 +74,10 @@ void tlb_flush(CPUArchState *env, int flush_global)
cpu-current_tb = NULL;
memset(env-tlb_table, -1, sizeof(env-tlb_table));
+memset(env-tlb_v_table, -1, sizeof(env-tlb_v_table));
memset(env-tb_jmp_cache, 0, sizeof(env-tb_jmp_cache));
+env-vtlb_index = 0;
env-tlb_flush_addr = -1;
env-tlb_flush_mask = 0;
tlb_flush_count++;
@@ -106,6 +124,14 @@ void tlb_flush_page(CPUArchState *env, target_ulong addr)
tlb_flush_entry(env-tlb_table[mmu_idx][i], addr);
}
+/* check whether there are entries that need to be flushed in the vtlb */
+for (mmu_idx = 0; mmu_idx NB_MMU_MODES; mmu_idx++) {
+unsigned int k;
Just plain int is fine.
+for (k = 0; k CPU_VTLB_SIZE; k++) {
+tlb_flush_entry(env-tlb_v_table[mmu_idx][k], addr);
+}
+}
+
tb_flush_jmp_cache(env, addr);
}
@@ -170,6 +196,11 @@ void cpu_tlb_reset_dirty_all(ram_addr_t start1,
ram_addr_t length)
tlb_reset_dirty_range(env-tlb_table[mmu_idx][i],
start1, length);
}
+
+for (i = 0; i CPU_VTLB_SIZE; i++) {
+tlb_reset_dirty_range(env-tlb_v_table[mmu_idx][i],
+ start1, length);
+}
}
}
}
@@ -193,6 +224,13 @@ void tlb_set_dirty(CPUArchState *env, target_ulong vaddr)
for (mmu_idx = 0; mmu_idx NB_MMU_MODES; mmu_idx++) {
tlb_set_dirty1(env-tlb_table[mmu_idx][i], vaddr);
}
+
+for (mmu_idx = 0; mmu_idx NB_MMU_MODES; mmu_idx++) {
+unsigned int k;
+for (k = 0; k CPU_VTLB_SIZE; k++) {
+tlb_set_dirty1(env-tlb_v_table[mmu_idx][k], vaddr);
+}
+}
}
/* Our TLB does not support large pages, so remember the area covered by
@@ -264,8 +302,18 @@ void tlb_set_page(CPUArchState *env, target_ulong vaddr,
prot, address);
index = (vaddr TARGET_PAGE_BITS) (CPU_TLB_SIZE - 1);
-env-iotlb[mmu_idx][index] = iotlb - vaddr;
te = env-tlb_table[mmu_idx][index];
+
+/* do not discard the translation in te, evict it into a victim tlb */
+unsigned vidx = env-vtlb_index++ % CPU_VTLB_SIZE;
+env-tlb_v_table[mmu_idx][vidx].addr_read = te-addr_read;
+env-tlb_v_table[mmu_idx][vidx].addr_write = te-addr_write;
+env-tlb_v_table[mmu_idx][vidx].addr_code = te-addr_code;
+env-tlb_v_table[mmu_idx][vidx].addend = te-addend;
You're still writing structure assignments out longhand. These four
lines should all be replaced with
env-tlb_v_table[mmu_idx][vidx] = *te;
+env-iotlb_v[mmu_idx][vidx]= env-iotlb[mmu_idx][index];
+
+/* refill the tlb */
+env-iotlb[mmu_idx][index] = iotlb - vaddr;
te-addend = addend - vaddr;
if (prot PAGE_READ) {
te-addr_read = address;
diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index 01cd8c7..2631d6b 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -74,6 +74,8 @@ typedef uint64_t target_ulong;
#if !defined(CONFIG_USER_ONLY)
#define CPU_TLB_BITS 8
#define CPU_TLB_SIZE (1 CPU_TLB_BITS)
+/* use a fully associative victim tlb */
+#define CPU_VTLB_SIZE 8
#if HOST_LONG_BITS == 32 TARGET_LONG_BITS == 32
#define CPU_TLB_ENTRY_BITS 4
@@ -103,12 +105,16 @@ typedef struct CPUTLBEntry {
Re: [Qemu-devel] [PULL v2 0/8] vfio pull request
Applied, thanks. For the record, it doesn't matter if you cc me or not, because I've set my mail client to look for the magic words for you to fetch changes up to :-) thanks -- PMM On 28 January 2014 15:58, Alex Williamson alex.william...@redhat.com wrote: I guess I should be addressing these to both Anthony and Peter now. Thanks for stepping in, Peter. Thanks, Alex On Tue, 2014-01-28 at 08:44 -0700, Alex Williamson wrote: Anthony, My last vfio pull request didn't seem to make the most recent round of merges. The only difference in this request is trivial patch 8/8, the rest is a resend. I've not rebased in order to maintain the commit IDs from my previous tag, the merge to current HEAD is still clean. Please pull. Thanks, Alex The following changes since commit 1cf892ca2689c84960b4ce4d2723b6bee453711c: SPARC: Fix LEON3 power down instruction (2014-01-15 15:37:33 +1000) are available in the git repository at: git://github.com/awilliam/qemu-vfio.git tags/vfio-pci-for-qemu-20140128.0 for you to fetch changes up to 8b6d14087d487203f4d1a67aeaddc3be6c73f49f: vfio: correct debug macro typo (2014-01-28 08:23:19 -0700) vfio-pci updates include: - Destroy MemoryRegions on device teardown - Print warnings around PCI option ROM failures - Skip bogus mappings from 64bit BAR sizing - Act on DMA mapping failures - Fix alignment to avoid MSI-X table mapping - Fix debug macro typo Alex Williamson (3): vfio: Destroy memory regions vfio: Filter out bogus mappings vfio-pci: Fail initfn on DMA mapping errors Alexey Kardashevskiy (2): kvm: initialize qemu_host_page_size vfio: fix mapping of MSIX bar Bandan Das (3): vfio: warn if host device rom can't be read vfio: Do not reattempt a failed rom read vfio: correct debug macro typo hw/misc/vfio.c | 78 ++--- include/exec/exec-all.h | 1 + kvm-all.c | 1 + translate-all.c | 14 + 4 files changed, 77 insertions(+), 17 deletions(-)
[Qemu-devel] [PATCH v2 05/13] target-arm: A64: Implement scalar pairwise ops
Implement the instructions in the scalar pairwise group (C3.6.8).
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Reviewed-by: Richard Henderson r...@twiddle.net
---
target-arm/translate-a64.c | 114 -
1 file changed, 113 insertions(+), 1 deletion(-)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 01f6b79..452b1fb 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -5501,7 +5501,119 @@ static void disas_simd_scalar_copy(DisasContext *s,
uint32_t insn)
*/
static void disas_simd_scalar_pairwise(DisasContext *s, uint32_t insn)
{
-unsupported_encoding(s, insn);
+int u = extract32(insn, 29, 1);
+int size = extract32(insn, 22, 2);
+int opcode = extract32(insn, 12, 5);
+int rn = extract32(insn, 5, 5);
+int rd = extract32(insn, 0, 5);
+TCGv_ptr fpst;
+
+/* For some ops (the FP ones), size[1] is part of the encoding.
+ * For ADDP strictly it is not but size[1] is always 1 for valid
+ * encodings.
+ */
+opcode |= (extract32(size, 1, 1) 5);
+
+switch (opcode) {
+case 0x3b: /* ADDP */
+if (u || size != 3) {
+unallocated_encoding(s);
+return;
+}
+TCGV_UNUSED_PTR(fpst);
+break;
+case 0xc: /* FMAXNMP */
+case 0xd: /* FADDP */
+case 0xf: /* FMAXP */
+case 0x2c: /* FMINNMP */
+case 0x2f: /* FMINP */
+/* FP op, size[0] is 32 or 64 bit */
+if (!u) {
+unallocated_encoding(s);
+return;
+}
+size = extract32(size, 0, 1) ? 3 : 2;
+fpst = get_fpstatus_ptr();
+break;
+default:
+unallocated_encoding(s);
+return;
+}
+
+if (size == 3) {
+TCGv_i64 tcg_op1 = tcg_temp_new_i64();
+TCGv_i64 tcg_op2 = tcg_temp_new_i64();
+TCGv_i64 tcg_res = tcg_temp_new_i64();
+
+read_vec_element(s, tcg_op1, rn, 0, MO_64);
+read_vec_element(s, tcg_op2, rn, 1, MO_64);
+
+switch (opcode) {
+case 0x3b: /* ADDP */
+tcg_gen_add_i64(tcg_res, tcg_op1, tcg_op2);
+break;
+case 0xc: /* FMAXNMP */
+gen_helper_vfp_maxnumd(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0xd: /* FADDP */
+gen_helper_vfp_addd(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0xf: /* FMAXP */
+gen_helper_vfp_maxd(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0x2c: /* FMINNMP */
+gen_helper_vfp_minnumd(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0x2f: /* FMINP */
+gen_helper_vfp_mind(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+default:
+g_assert_not_reached();
+}
+
+write_fp_dreg(s, rd, tcg_res);
+
+tcg_temp_free_i64(tcg_op1);
+tcg_temp_free_i64(tcg_op2);
+tcg_temp_free_i64(tcg_res);
+} else {
+TCGv_i32 tcg_op1 = tcg_temp_new_i32();
+TCGv_i32 tcg_op2 = tcg_temp_new_i32();
+TCGv_i32 tcg_res = tcg_temp_new_i32();
+
+read_vec_element_i32(s, tcg_op1, rn, 0, MO_32);
+read_vec_element_i32(s, tcg_op2, rn, 1, MO_32);
+
+switch (opcode) {
+case 0xc: /* FMAXNMP */
+gen_helper_vfp_maxnums(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0xd: /* FADDP */
+gen_helper_vfp_adds(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0xf: /* FMAXP */
+gen_helper_vfp_maxs(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0x2c: /* FMINNMP */
+gen_helper_vfp_minnums(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0x2f: /* FMINP */
+gen_helper_vfp_mins(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+default:
+g_assert_not_reached();
+}
+
+write_fp_sreg(s, rd, tcg_res);
+
+tcg_temp_free_i32(tcg_op1);
+tcg_temp_free_i32(tcg_op2);
+tcg_temp_free_i32(tcg_res);
+}
+
+if (!TCGV_IS_UNUSED_PTR(fpst)) {
+tcg_temp_free_ptr(fpst);
+}
}
/*
--
1.8.5
[Qemu-devel] [PATCH v2 00/13] A64: Add Neon instructions, third set
This is the v2 from my 'Neon second and third sets' patch from last week. The first 8 patches from that were all OK so have gone into target-arm.next. Changes v1-v2: * squashed fixes to patch 2 that were lurking in patch 3 back into patch 2 * moved the patch 3 min/max helper functions into patch 2, to use them for plain max/min as well as pairwise max/min * patch 7: use -(test) not (!test - 1) * patch 12: special case REV of byte elements to use bswap; also fixed a shift left by a negative number (we were calculating revmask too early, before the invalid case was thrown out) RTH: you've reviewed everything here except patch 2 (which I felt had slightly too much churn to retain your tag for) and patch 12 (for the REV special case code). thanks -- PMM Alex Bennée (1): target-arm: A64: Add 2-reg-misc REV* instructions Peter Maydell (12): target-arm: A64: Implement SIMD 3-reg-same shift and saturate insns target-arm: A64: Implement remaining non-pairwise int SIMD 3-reg-same insns target-arm: A64: Implement pairwise integer ops from 3-reg-same SIMD tcg: Add TCGV_UNUSED_PTR, TCGV_IS_UNUSED_PTR, TCGV_EQUAL_PTR target-arm: A64: Implement scalar pairwise ops target-arm: A64: Implement remaining integer scalar-3-same insns target-arm: A64: Add SIMD simple 64 bit insns from scalar 2-reg misc target-arm: A64: Add skeleton decode for SIMD 2-reg misc group target-arm: A64: Implement 2-register misc compares, ABS, NEG target-arm: A64: Implement 2-reg-misc CNT, NOT and RBIT target-arm: A64: Add narrowing 2-reg-misc instructions target-arm: A64: Add FNEG and FABS to the SIMD 2-reg-misc group target-arm/helper.h|1 + target-arm/neon_helper.c | 12 + target-arm/translate-a64.c | 1211 tcg/tcg.h |3 + 4 files changed, 1136 insertions(+), 91 deletions(-) -- 1.8.5
[Qemu-devel] [PATCH v2 09/13] target-arm: A64: Implement 2-register misc compares, ABS, NEG
Implement the simple 2-register-misc operations we can share
with the scalar-two-register-misc code. (SUQADD, USQADD, SQABS,
SQNEG also fall into this category, but aren't implemented in
the scalar-2-register case yet either.)
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Reviewed-by: Richard Henderson r...@twiddle.net
---
target-arm/translate-a64.c | 136 -
1 file changed, 134 insertions(+), 2 deletions(-)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index b0011da..c071663 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -7377,6 +7377,8 @@ static void disas_simd_two_reg_misc(DisasContext *s,
uint32_t insn)
int opcode = extract32(insn, 12, 5);
bool u = extract32(insn, 29, 1);
bool is_q = extract32(insn, 30, 1);
+int rn = extract32(insn, 5, 5);
+int rd = extract32(insn, 0, 5);
switch (opcode) {
case 0x0: /* REV64, REV32 */
@@ -7415,8 +7417,6 @@ static void disas_simd_two_reg_misc(DisasContext *s,
uint32_t insn)
return;
}
/* fall through */
-case 0x3: /* SUQADD, USQADD */
-case 0x7: /* SQABS, SQNEG */
case 0x8: /* CMGT, CMGE */
case 0x9: /* CMEQ, CMLE */
case 0xb: /* ABS, NEG */
@@ -7424,6 +7424,13 @@ static void disas_simd_two_reg_misc(DisasContext *s,
uint32_t insn)
unallocated_encoding(s);
return;
}
+break;
+case 0x3: /* SUQADD, USQADD */
+case 0x7: /* SQABS, SQNEG */
+if (size == 3 !is_q) {
+unallocated_encoding(s);
+return;
+}
unsupported_encoding(s, insn);
return;
case 0xc ... 0xf:
@@ -7482,6 +7489,131 @@ static void disas_simd_two_reg_misc(DisasContext *s,
uint32_t insn)
unallocated_encoding(s);
return;
}
+
+if (size == 3) {
+/* All 64-bit element operations can be shared with scalar 2misc */
+int pass;
+
+for (pass = 0; pass (is_q ? 2 : 1); pass++) {
+TCGv_i64 tcg_op = tcg_temp_new_i64();
+TCGv_i64 tcg_res = tcg_temp_new_i64();
+
+read_vec_element(s, tcg_op, rn, pass, MO_64);
+
+handle_2misc_64(s, opcode, u, tcg_res, tcg_op);
+
+write_vec_element(s, tcg_res, rd, pass, MO_64);
+
+tcg_temp_free_i64(tcg_res);
+tcg_temp_free_i64(tcg_op);
+}
+} else {
+int pass;
+
+for (pass = 0; pass (is_q ? 4 : 2); pass++) {
+TCGv_i32 tcg_op = tcg_temp_new_i32();
+TCGv_i32 tcg_res = tcg_temp_new_i32();
+TCGCond cond;
+
+read_vec_element_i32(s, tcg_op, rn, pass, MO_32);
+
+if (size == 2) {
+/* Special cases for 32 bit elements */
+switch (opcode) {
+case 0xa: /* CMLT */
+/* 32 bit integer comparison against zero, result is
+ * test ? (2^32 - 1) : 0. We implement via setcond(test)
+ * and inverting.
+ */
+cond = TCG_COND_LT;
+do_cmop:
+tcg_gen_setcondi_i32(cond, tcg_res, tcg_op, 0);
+tcg_gen_neg_i32(tcg_res, tcg_res);
+break;
+case 0x8: /* CMGT, CMGE */
+cond = u ? TCG_COND_GE : TCG_COND_GT;
+goto do_cmop;
+case 0x9: /* CMEQ, CMLE */
+cond = u ? TCG_COND_LE : TCG_COND_EQ;
+goto do_cmop;
+case 0xb: /* ABS, NEG */
+if (u) {
+tcg_gen_neg_i32(tcg_res, tcg_op);
+} else {
+TCGv_i32 tcg_zero = tcg_const_i32(0);
+tcg_gen_neg_i32(tcg_res, tcg_op);
+tcg_gen_movcond_i32(TCG_COND_GT, tcg_res, tcg_op,
+tcg_zero, tcg_op, tcg_res);
+tcg_temp_free_i32(tcg_zero);
+}
+break;
+default:
+g_assert_not_reached();
+}
+} else {
+/* Use helpers for 8 and 16 bit elements */
+switch (opcode) {
+case 0x8: /* CMGT, CMGE */
+case 0x9: /* CMEQ, CMLE */
+case 0xa: /* CMLT */
+{
+static NeonGenTwoOpFn * const fns[3][2] = {
+{ gen_helper_neon_cgt_s8, gen_helper_neon_cgt_s16 },
+{ gen_helper_neon_cge_s8, gen_helper_neon_cge_s16 },
+{ gen_helper_neon_ceq_u8, gen_helper_neon_ceq_u16 },
+};
+NeonGenTwoOpFn *genfn;
+int comp;
+bool reverse;
+TCGv_i32 tcg_zero = tcg_const_i32(0);
+
+
[Qemu-devel] [PATCH v2 12/13] target-arm: A64: Add 2-reg-misc REV* instructions
From: Alex Bennée alex.ben...@linaro.org
Add the byte-reverse operations REV64, REV32 and REV16 from the
two-reg-misc group.
Signed-off-by: Alex Bennée alex.ben...@linaro.org
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/translate-a64.c | 71 +-
1 file changed, 70 insertions(+), 1 deletion(-)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 42457e4..a941c48 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -7446,6 +7446,75 @@ static void handle_2misc_narrow(DisasContext *s, int
opcode, bool u, bool is_q,
}
}
+static void handle_rev(DisasContext *s, int opcode, bool u,
+ bool is_q, int size, int rn, int rd)
+{
+int op = (opcode 1) | u;
+int opsz = op + size;
+int grp_size = 3 - opsz;
+int dsize = is_q ? 128 : 64;
+int i;
+
+if (opsz = 3) {
+unallocated_encoding(s);
+return;
+}
+
+if (size == 0) {
+/* Special case bytes, use bswap op on each group of elements */
+int groups = dsize / (8 grp_size);
+
+for (i = 0; i groups; i++) {
+TCGv_i64 tcg_tmp = tcg_temp_new_i64();
+
+read_vec_element(s, tcg_tmp, rn, i, grp_size);
+switch (grp_size) {
+case MO_16:
+tcg_gen_bswap16_i64(tcg_tmp, tcg_tmp);
+break;
+case MO_32:
+tcg_gen_bswap32_i64(tcg_tmp, tcg_tmp);
+break;
+case MO_64:
+tcg_gen_bswap64_i64(tcg_tmp, tcg_tmp);
+break;
+default:
+g_assert_not_reached();
+}
+write_vec_element(s, tcg_tmp, rd, i, grp_size);
+tcg_temp_free_i64(tcg_tmp);
+}
+if (!is_q) {
+clear_vec_high(s, rd);
+}
+} else {
+int revmask = (1 grp_size) - 1;
+int esize = 8 size;
+int elements = dsize / esize;
+TCGv_i64 tcg_rn = tcg_temp_new_i64();
+TCGv_i64 tcg_rd = tcg_const_i64(0);
+TCGv_i64 tcg_rd_hi = tcg_const_i64(0);
+
+for (i = 0; i elements; i++) {
+int e_rev = (i 0xf) ^ revmask;
+int off = e_rev * esize;
+read_vec_element(s, tcg_rn, rn, i, size);
+if (off = 64) {
+tcg_gen_deposit_i64(tcg_rd_hi, tcg_rd_hi,
+tcg_rn, off - 64, esize);
+} else {
+tcg_gen_deposit_i64(tcg_rd, tcg_rd, tcg_rn, off, esize);
+}
+}
+write_vec_element(s, tcg_rd, rd, 0, MO_64);
+write_vec_element(s, tcg_rd_hi, rd, 1, MO_64);
+
+tcg_temp_free_i64(tcg_rd_hi);
+tcg_temp_free_i64(tcg_rd);
+tcg_temp_free_i64(tcg_rn);
+}
+}
+
/* C3.6.17 AdvSIMD two reg misc
* 31 30 29 28 24 23 22 21 17 1612 11 10 95 40
* +---+---+---+---+--+---++-+--+--+
@@ -7464,7 +7533,7 @@ static void disas_simd_two_reg_misc(DisasContext *s,
uint32_t insn)
switch (opcode) {
case 0x0: /* REV64, REV32 */
case 0x1: /* REV16 */
-unsupported_encoding(s, insn);
+handle_rev(s, opcode, u, is_q, size, rn, rd);
return;
case 0x5: /* CNT, NOT, RBIT */
if (u size == 0) {
--
1.8.5
[Qemu-devel] [PATCH v2 07/13] target-arm: A64: Add SIMD simple 64 bit insns from scalar 2-reg misc
Implement the simple 64 bit integer operations from the SIMD
scalar 2-register misc group (C3.6.12): the comparisons against
zero, plus ABS and NEG.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Reviewed-by: Richard Henderson r...@twiddle.net
---
target-arm/translate-a64.c | 87 +-
1 file changed, 86 insertions(+), 1 deletion(-)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 323d5b3..dd6785a 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -6212,6 +6212,48 @@ static void
disas_simd_scalar_three_reg_same(DisasContext *s, uint32_t insn)
tcg_temp_free_i64(tcg_rd);
}
+static void handle_2misc_64(DisasContext *s, int opcode, bool u,
+TCGv_i64 tcg_rd, TCGv_i64 tcg_rn)
+{
+/* Handle 64-64 opcodes which are shared between the scalar and
+ * vector 2-reg-misc groups. We cover every integer opcode where size == 3
+ * is valid in either group.
+ */
+TCGCond cond;
+
+switch (opcode) {
+case 0xa: /* CMLT */
+/* 64 bit integer comparison against zero, result is
+ * test ? (2^64 - 1) : 0. We implement via setcond(!test) and
+ * subtracting 1.
+ */
+cond = TCG_COND_LT;
+do_cmop:
+tcg_gen_setcondi_i64(cond, tcg_rd, tcg_rn, 0);
+tcg_gen_neg_i64(tcg_rd, tcg_rd);
+break;
+case 0x8: /* CMGT, CMGE */
+cond = u ? TCG_COND_GE : TCG_COND_GT;
+goto do_cmop;
+case 0x9: /* CMEQ, CMLE */
+cond = u ? TCG_COND_LE : TCG_COND_EQ;
+goto do_cmop;
+case 0xb: /* ABS, NEG */
+if (u) {
+tcg_gen_neg_i64(tcg_rd, tcg_rn);
+} else {
+TCGv_i64 tcg_zero = tcg_const_i64(0);
+tcg_gen_neg_i64(tcg_rd, tcg_rn);
+tcg_gen_movcond_i64(TCG_COND_GT, tcg_rd, tcg_rn, tcg_zero,
+tcg_rn, tcg_rd);
+tcg_temp_free_i64(tcg_zero);
+}
+break;
+default:
+g_assert_not_reached();
+}
+}
+
/* C3.6.12 AdvSIMD scalar two reg misc
* 31 30 29 28 24 23 22 21 17 1612 11 10 95 40
* +-+---+---+--+---++-+--+--+
@@ -6220,7 +6262,50 @@ static void
disas_simd_scalar_three_reg_same(DisasContext *s, uint32_t insn)
*/
static void disas_simd_scalar_two_reg_misc(DisasContext *s, uint32_t insn)
{
-unsupported_encoding(s, insn);
+int rd = extract32(insn, 0, 5);
+int rn = extract32(insn, 5, 5);
+int opcode = extract32(insn, 12, 5);
+int size = extract32(insn, 22, 2);
+bool u = extract32(insn, 29, 1);
+
+switch (opcode) {
+case 0xa: /* CMLT */
+if (u) {
+unallocated_encoding(s);
+return;
+}
+/* fall through */
+case 0x8: /* CMGT, CMGE */
+case 0x9: /* CMEQ, CMLE */
+case 0xb: /* ABS, NEG */
+if (size != 3) {
+unallocated_encoding(s);
+return;
+}
+break;
+default:
+/* Other categories of encoding in this class:
+ * + floating point (single and double)
+ * + SUQADD/USQADD/SQABS/SQNEG : size 8, 16, 32 or 64
+ * + SQXTN/SQXTN2/SQXTUN/SQXTUN2/UQXTN/UQXTN2:
+ *narrowing saturate ops: size 64/32/16 - 32/16/8
+ */
+unsupported_encoding(s, insn);
+return;
+}
+
+if (size == 3) {
+TCGv_i64 tcg_rn = read_fp_dreg(s, rn);
+TCGv_i64 tcg_rd = tcg_temp_new_i64();
+
+handle_2misc_64(s, opcode, u, tcg_rd, tcg_rn);
+write_fp_dreg(s, rd, tcg_rd);
+tcg_temp_free_i64(tcg_rd);
+tcg_temp_free_i64(tcg_rn);
+} else {
+/* the 'size might not be 64' ops aren't implemented yet */
+g_assert_not_reached();
+}
}
/* C3.6.13 AdvSIMD scalar x indexed element
--
1.8.5
[Qemu-devel] [PATCH v2 06/13] target-arm: A64: Implement remaining integer scalar-3-same insns
Implement the remaining integer instructions in the scalar-three-reg-same
group: SQADD, UQADD, SQSUB, UQSUB, SQSHL, UQSHL, SQRSHL, UQRSHL,
SQDMULH, SQRDMULH.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Reviewed-by: Richard Henderson r...@twiddle.net
---
target-arm/translate-a64.c | 106 +
1 file changed, 87 insertions(+), 19 deletions(-)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 452b1fb..323d5b3 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -6066,8 +6066,6 @@ static void disas_simd_scalar_three_reg_same(DisasContext
*s, uint32_t insn)
int rm = extract32(insn, 16, 5);
int size = extract32(insn, 22, 2);
bool u = extract32(insn, 29, 1);
-TCGv_i64 tcg_rn;
-TCGv_i64 tcg_rm;
TCGv_i64 tcg_rd;
if (opcode = 0x18) {
@@ -6098,8 +6096,9 @@ static void disas_simd_scalar_three_reg_same(DisasContext
*s, uint32_t insn)
switch (opcode) {
case 0x1: /* SQADD, UQADD */
case 0x5: /* SQSUB, UQSUB */
-unsupported_encoding(s, insn);
-return;
+case 0x9: /* SQSHL, UQSHL */
+case 0xb: /* SQRSHL, UQRSHL */
+break;
case 0x8: /* SSHL, USHL */
case 0xa: /* SRSHL, URSHL */
case 0x6: /* CMGT, CMHI */
@@ -6111,36 +6110,105 @@ static void
disas_simd_scalar_three_reg_same(DisasContext *s, uint32_t insn)
return;
}
break;
-case 0x9: /* SQSHL, UQSHL */
-case 0xb: /* SQRSHL, UQRSHL */
-unsupported_encoding(s, insn);
-return;
case 0x16: /* SQDMULH, SQRDMULH (vector) */
if (size != 1 size != 2) {
unallocated_encoding(s);
return;
}
-unsupported_encoding(s, insn);
-return;
+break;
default:
unallocated_encoding(s);
return;
}
-tcg_rn = read_fp_dreg(s, rn); /* op1 */
-tcg_rm = read_fp_dreg(s, rm); /* op2 */
tcg_rd = tcg_temp_new_i64();
-/* For the moment we only support the opcodes which are
- * 64-bit-width only. The size != 3 cases will
- * be handled later when the relevant ops are implemented.
- */
-handle_3same_64(s, opcode, u, tcg_rd, tcg_rn, tcg_rm);
+if (size == 3) {
+TCGv_i64 tcg_rn = read_fp_dreg(s, rn);
+TCGv_i64 tcg_rm = read_fp_dreg(s, rm);
+
+handle_3same_64(s, opcode, u, tcg_rd, tcg_rn, tcg_rm);
+tcg_temp_free_i64(tcg_rn);
+tcg_temp_free_i64(tcg_rm);
+} else {
+/* Do a single operation on the lowest element in the vector.
+ * We use the standard Neon helpers and rely on 0 OP 0 == 0 with
+ * no side effects for all these operations.
+ * OPTME: special-purpose helpers would avoid doing some
+ * unnecessary work in the helper for the 8 and 16 bit cases.
+ */
+NeonGenTwoOpEnvFn *genenvfn;
+TCGv_i32 tcg_rn = tcg_temp_new_i32();
+TCGv_i32 tcg_rm = tcg_temp_new_i32();
+TCGv_i32 tcg_rd32 = tcg_temp_new_i32();
+
+read_vec_element_i32(s, tcg_rn, rn, 0, size);
+read_vec_element_i32(s, tcg_rm, rm, 0, size);
+
+switch (opcode) {
+case 0x1: /* SQADD, UQADD */
+{
+static NeonGenTwoOpEnvFn * const fns[3][2] = {
+{ gen_helper_neon_qadd_s8, gen_helper_neon_qadd_u8 },
+{ gen_helper_neon_qadd_s16, gen_helper_neon_qadd_u16 },
+{ gen_helper_neon_qadd_s32, gen_helper_neon_qadd_u32 },
+};
+genenvfn = fns[size][u];
+break;
+}
+case 0x5: /* SQSUB, UQSUB */
+{
+static NeonGenTwoOpEnvFn * const fns[3][2] = {
+{ gen_helper_neon_qsub_s8, gen_helper_neon_qsub_u8 },
+{ gen_helper_neon_qsub_s16, gen_helper_neon_qsub_u16 },
+{ gen_helper_neon_qsub_s32, gen_helper_neon_qsub_u32 },
+};
+genenvfn = fns[size][u];
+break;
+}
+case 0x9: /* SQSHL, UQSHL */
+{
+static NeonGenTwoOpEnvFn * const fns[3][2] = {
+{ gen_helper_neon_qshl_s8, gen_helper_neon_qshl_u8 },
+{ gen_helper_neon_qshl_s16, gen_helper_neon_qshl_u16 },
+{ gen_helper_neon_qshl_s32, gen_helper_neon_qshl_u32 },
+};
+genenvfn = fns[size][u];
+break;
+}
+case 0xb: /* SQRSHL, UQRSHL */
+{
+static NeonGenTwoOpEnvFn * const fns[3][2] = {
+{ gen_helper_neon_qrshl_s8, gen_helper_neon_qrshl_u8 },
+{ gen_helper_neon_qrshl_s16, gen_helper_neon_qrshl_u16 },
+{ gen_helper_neon_qrshl_s32, gen_helper_neon_qrshl_u32 },
+};
+genenvfn = fns[size][u];
+break;
+}
+case 0x16: /* SQDMULH, SQRDMULH */
+{
+static NeonGenTwoOpEnvFn * const fns[2][2] = {
+{
[Qemu-devel] [PATCH v2 01/13] target-arm: A64: Implement SIMD 3-reg-same shift and saturate insns
Implement the SIMD 3-reg-same instructions SQADD, UQADD,
SQSUB, UQSUB, SSHL, USHL, SQSHl, UQSHL, SRSHL, URSHL,
SQRSHL, UQRSHL; these are all simple calls to existing
Neon helpers. We also enable SSHL, USHL, SRSHL and URSHL
for the 3-reg-same-scalar category (but not the others
because they can have non-size-64 operands and the
scalar_3reg_same function doesn't support that yet.)
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Reviewed-by: Richard Henderson r...@twiddle.net
---
target-arm/translate-a64.c | 134 +
1 file changed, 112 insertions(+), 22 deletions(-)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 6c1ec1e..e67cdbb 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -74,6 +74,7 @@ typedef struct AArch64DecodeTable {
/* Function prototype for gen_ functions for calling Neon helpers */
typedef void NeonGenTwoOpFn(TCGv_i32, TCGv_i32, TCGv_i32);
+typedef void NeonGenTwoOpEnvFn(TCGv_i32, TCGv_ptr, TCGv_i32, TCGv_i32);
/* initialize TCG globals. */
void a64_translate_init(void)
@@ -5738,6 +5739,20 @@ static void handle_3same_64(DisasContext *s, int opcode,
bool u,
TCGCond cond;
switch (opcode) {
+case 0x1: /* SQADD */
+if (u) {
+gen_helper_neon_qadd_u64(tcg_rd, cpu_env, tcg_rn, tcg_rm);
+} else {
+gen_helper_neon_qadd_s64(tcg_rd, cpu_env, tcg_rn, tcg_rm);
+}
+break;
+case 0x5: /* SQSUB */
+if (u) {
+gen_helper_neon_qsub_u64(tcg_rd, cpu_env, tcg_rn, tcg_rm);
+} else {
+gen_helper_neon_qsub_s64(tcg_rd, cpu_env, tcg_rn, tcg_rm);
+}
+break;
case 0x6: /* CMGT, CMHI */
/* 64 bit integer comparison, result = test ? (2^64 - 1) : 0.
* We implement this using setcond (test) and then negating.
@@ -5760,19 +5775,41 @@ static void handle_3same_64(DisasContext *s, int
opcode, bool u,
tcg_gen_setcondi_i64(TCG_COND_NE, tcg_rd, tcg_rd, 0);
tcg_gen_neg_i64(tcg_rd, tcg_rd);
break;
-case 0x10: /* ADD, SUB */
+case 0x8: /* SSHL, USHL */
if (u) {
-tcg_gen_sub_i64(tcg_rd, tcg_rn, tcg_rm);
+gen_helper_neon_shl_u64(tcg_rd, tcg_rn, tcg_rm);
} else {
-tcg_gen_add_i64(tcg_rd, tcg_rn, tcg_rm);
+gen_helper_neon_shl_s64(tcg_rd, tcg_rn, tcg_rm);
}
break;
-case 0x1: /* SQADD */
-case 0x5: /* SQSUB */
-case 0x8: /* SSHL, USHL */
case 0x9: /* SQSHL, UQSHL */
+if (u) {
+gen_helper_neon_qshl_u64(tcg_rd, cpu_env, tcg_rn, tcg_rm);
+} else {
+gen_helper_neon_qshl_s64(tcg_rd, cpu_env, tcg_rn, tcg_rm);
+}
+break;
case 0xa: /* SRSHL, URSHL */
+if (u) {
+gen_helper_neon_rshl_u64(tcg_rd, tcg_rn, tcg_rm);
+} else {
+gen_helper_neon_rshl_s64(tcg_rd, tcg_rn, tcg_rm);
+}
+break;
case 0xb: /* SQRSHL, UQRSHL */
+if (u) {
+gen_helper_neon_qrshl_u64(tcg_rd, cpu_env, tcg_rn, tcg_rm);
+} else {
+gen_helper_neon_qrshl_s64(tcg_rd, cpu_env, tcg_rn, tcg_rm);
+}
+break;
+case 0x10: /* ADD, SUB */
+if (u) {
+tcg_gen_sub_i64(tcg_rd, tcg_rn, tcg_rm);
+} else {
+tcg_gen_add_i64(tcg_rd, tcg_rn, tcg_rm);
+}
+break;
default:
g_assert_not_reached();
}
@@ -5949,10 +5986,10 @@ static void
disas_simd_scalar_three_reg_same(DisasContext *s, uint32_t insn)
switch (opcode) {
case 0x1: /* SQADD, UQADD */
case 0x5: /* SQSUB, UQSUB */
-case 0x8: /* SSHL, USHL */
-case 0xa: /* SRSHL, URSHL */
unsupported_encoding(s, insn);
return;
+case 0x8: /* SSHL, USHL */
+case 0xa: /* SRSHL, URSHL */
case 0x6: /* CMGT, CMHI */
case 0x7: /* CMGE, CMHS */
case 0x11: /* CMTST, CMEQ */
@@ -6621,18 +6658,6 @@ static void disas_simd_3same_int(DisasContext *s,
uint32_t insn)
}
unsupported_encoding(s, insn);
return;
-case 0x1: /* SQADD */
-case 0x5: /* SQSUB */
-case 0x8: /* SSHL, USHL */
-case 0x9: /* SQSHL, UQSHL */
-case 0xa: /* SRSHL, URSHL */
-case 0xb: /* SQRSHL, UQRSHL */
-if (size == 3 !is_q) {
-unallocated_encoding(s);
-return;
-}
-unsupported_encoding(s, insn);
-return;
case 0x16: /* SQDMULH, SQRDMULH */
if (size == 0 || size == 3) {
unallocated_encoding(s);
@@ -6670,12 +6695,33 @@ static void disas_simd_3same_int(DisasContext *s,
uint32_t insn)
TCGv_i32 tcg_op1 = tcg_temp_new_i32();
TCGv_i32 tcg_op2 = tcg_temp_new_i32();
TCGv_i32 tcg_res = tcg_temp_new_i32();
-NeonGenTwoOpFn *genfn;
+NeonGenTwoOpFn *genfn = NULL;
+NeonGenTwoOpEnvFn *genenvfn = NULL;
[Qemu-devel] [PATCH v2 04/13] tcg: Add TCGV_UNUSED_PTR, TCGV_IS_UNUSED_PTR, TCGV_EQUAL_PTR
We have macros for marking TCGv values as unused, checking if they are unused and comparing them to each other. However these only exist for TCGv_i32 and TCGv_i64; add them for TCGv_ptr as well. Signed-off-by: Peter Maydell peter.mayd...@linaro.org Reviewed-by: Richard Henderson r...@twiddle.net --- tcg/tcg.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tcg/tcg.h b/tcg/tcg.h index c72af6c..f7efcb4 100644 --- a/tcg/tcg.h +++ b/tcg/tcg.h @@ -324,13 +324,16 @@ typedef int TCGv_i64; #define TCGV_EQUAL_I32(a, b) (GET_TCGV_I32(a) == GET_TCGV_I32(b)) #define TCGV_EQUAL_I64(a, b) (GET_TCGV_I64(a) == GET_TCGV_I64(b)) +#define TCGV_EQUAL_PTR(a, b) (GET_TCGV_PTR(a) == GET_TCGV_PTR(b)) /* Dummy definition to avoid compiler warnings. */ #define TCGV_UNUSED_I32(x) x = MAKE_TCGV_I32(-1) #define TCGV_UNUSED_I64(x) x = MAKE_TCGV_I64(-1) +#define TCGV_UNUSED_PTR(x) x = MAKE_TCGV_PTR(-1) #define TCGV_IS_UNUSED_I32(x) (GET_TCGV_I32(x) == -1) #define TCGV_IS_UNUSED_I64(x) (GET_TCGV_I64(x) == -1) +#define TCGV_IS_UNUSED_PTR(x) (GET_TCGV_PTR(x) == -1) /* call flags */ /* Helper does not read globals (either directly or through an exception). It -- 1.8.5
[Qemu-devel] [PATCH v2 11/13] target-arm: A64: Add narrowing 2-reg-misc instructions
Add the narrowing integer instructions in the 2-reg-misc class.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Reviewed-by: Richard Henderson r...@twiddle.net
---
target-arm/translate-a64.c | 85 --
1 file changed, 83 insertions(+), 2 deletions(-)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index dd1bbeb..42457e4 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -75,6 +75,8 @@ typedef struct AArch64DecodeTable {
/* Function prototype for gen_ functions for calling Neon helpers */
typedef void NeonGenTwoOpFn(TCGv_i32, TCGv_i32, TCGv_i32);
typedef void NeonGenTwoOpEnvFn(TCGv_i32, TCGv_ptr, TCGv_i32, TCGv_i32);
+typedef void NeonGenNarrowFn(TCGv_i32, TCGv_i64);
+typedef void NeonGenNarrowEnvFn(TCGv_i32, TCGv_ptr, TCGv_i64);
/* initialize TCG globals. */
void a64_translate_init(void)
@@ -7371,6 +7373,79 @@ static void disas_simd_three_reg_same(DisasContext *s,
uint32_t insn)
}
}
+static void handle_2misc_narrow(DisasContext *s, int opcode, bool u, bool is_q,
+int size, int rn, int rd)
+{
+/* Handle 2-reg-misc ops which are narrowing (so each 2*size element
+ * in the source becomes a size element in the destination).
+ */
+int pass;
+TCGv_i32 tcg_res[2];
+int destelt = is_q ? 2 : 0;
+
+for (pass = 0; pass 2; pass++) {
+TCGv_i64 tcg_op = tcg_temp_new_i64();
+NeonGenNarrowFn *genfn = NULL;
+NeonGenNarrowEnvFn *genenvfn = NULL;
+
+read_vec_element(s, tcg_op, rn, pass, MO_64);
+tcg_res[pass] = tcg_temp_new_i32();
+
+switch (opcode) {
+case 0x12: /* XTN, SQXTUN */
+{
+static NeonGenNarrowFn * const xtnfns[3] = {
+gen_helper_neon_narrow_u8,
+gen_helper_neon_narrow_u16,
+tcg_gen_trunc_i64_i32,
+};
+static NeonGenNarrowEnvFn * const sqxtunfns[3] = {
+gen_helper_neon_unarrow_sat8,
+gen_helper_neon_unarrow_sat16,
+gen_helper_neon_unarrow_sat32,
+};
+if (u) {
+genenvfn = sqxtunfns[size];
+} else {
+genfn = xtnfns[size];
+}
+break;
+}
+case 0x14: /* SQXTN, UQXTN */
+{
+static NeonGenNarrowEnvFn * const fns[3][2] = {
+{ gen_helper_neon_narrow_sat_s8,
+ gen_helper_neon_narrow_sat_u8 },
+{ gen_helper_neon_narrow_sat_s16,
+ gen_helper_neon_narrow_sat_u16 },
+{ gen_helper_neon_narrow_sat_s32,
+ gen_helper_neon_narrow_sat_u32 },
+};
+genenvfn = fns[size][u];
+break;
+}
+default:
+g_assert_not_reached();
+}
+
+if (genfn) {
+genfn(tcg_res[pass], tcg_op);
+} else {
+genenvfn(tcg_res[pass], cpu_env, tcg_op);
+}
+
+tcg_temp_free_i64(tcg_op);
+}
+
+for (pass = 0; pass 2; pass++) {
+write_vec_element_i32(s, tcg_res[pass], rd, destelt + pass, MO_32);
+tcg_temp_free_i32(tcg_res[pass]);
+}
+if (!is_q) {
+clear_vec_high(s, rd);
+}
+}
+
/* C3.6.17 AdvSIMD two reg misc
* 31 30 29 28 24 23 22 21 17 1612 11 10 95 40
* +---+---+---+---+--+---++-+--+--+
@@ -7405,11 +7480,17 @@ static void disas_simd_two_reg_misc(DisasContext *s,
uint32_t insn)
}
unallocated_encoding(s);
return;
+case 0x12: /* XTN, XTN2, SQXTUN, SQXTUN2 */
+case 0x14: /* SQXTN, SQXTN2, UQXTN, UQXTN2 */
+if (size == 3) {
+unallocated_encoding(s);
+return;
+}
+handle_2misc_narrow(s, opcode, u, is_q, size, rn, rd);
+return;
case 0x2: /* SADDLP, UADDLP */
case 0x4: /* CLS, CLZ */
case 0x6: /* SADALP, UADALP */
-case 0x12: /* XTN, XTN2, SQXTUN, SQXTUN2 */
-case 0x14: /* SQXTN, SQXTN2, UQXTN, UQXTN2 */
if (size == 3) {
unallocated_encoding(s);
return;
--
1.8.5
[Qemu-devel] [PATCH v2 08/13] target-arm: A64: Add skeleton decode for SIMD 2-reg misc group
Add a skeleton decode for the SIMD 2-reg misc group.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Reviewed-by: Richard Henderson r...@twiddle.net
---
target-arm/translate-a64.c | 110 -
1 file changed, 109 insertions(+), 1 deletion(-)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index dd6785a..b0011da 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -7373,7 +7373,115 @@ static void disas_simd_three_reg_same(DisasContext *s,
uint32_t insn)
*/
static void disas_simd_two_reg_misc(DisasContext *s, uint32_t insn)
{
-unsupported_encoding(s, insn);
+int size = extract32(insn, 22, 2);
+int opcode = extract32(insn, 12, 5);
+bool u = extract32(insn, 29, 1);
+bool is_q = extract32(insn, 30, 1);
+
+switch (opcode) {
+case 0x0: /* REV64, REV32 */
+case 0x1: /* REV16 */
+unsupported_encoding(s, insn);
+return;
+case 0x5: /* CNT, NOT, RBIT */
+if ((u == 0 size 0) ||
+(u == 1 size 1)) {
+unallocated_encoding(s);
+return;
+}
+unsupported_encoding(s, insn);
+return;
+case 0x2: /* SADDLP, UADDLP */
+case 0x4: /* CLS, CLZ */
+case 0x6: /* SADALP, UADALP */
+case 0x12: /* XTN, XTN2, SQXTUN, SQXTUN2 */
+case 0x14: /* SQXTN, SQXTN2, UQXTN, UQXTN2 */
+if (size == 3) {
+unallocated_encoding(s);
+return;
+}
+unsupported_encoding(s, insn);
+return;
+case 0x13: /* SHLL, SHLL2 */
+if (u == 0 || size == 3) {
+unallocated_encoding(s);
+return;
+}
+unsupported_encoding(s, insn);
+return;
+case 0xa: /* CMLT */
+if (u == 1) {
+unallocated_encoding(s);
+return;
+}
+/* fall through */
+case 0x3: /* SUQADD, USQADD */
+case 0x7: /* SQABS, SQNEG */
+case 0x8: /* CMGT, CMGE */
+case 0x9: /* CMEQ, CMLE */
+case 0xb: /* ABS, NEG */
+if (size == 3 !is_q) {
+unallocated_encoding(s);
+return;
+}
+unsupported_encoding(s, insn);
+return;
+case 0xc ... 0xf:
+case 0x16 ... 0x1d:
+case 0x1f:
+{
+/* Floating point: U, size[1] and opcode indicate operation;
+ * size[0] indicates single or double precision.
+ */
+opcode |= (extract32(size, 1, 1) 5) | (u 6);
+size = extract32(size, 0, 1) ? 3 : 2;
+switch (opcode) {
+case 0x16: /* FCVTN, FCVTN2 */
+case 0x17: /* FCVTL, FCVTL2 */
+case 0x18: /* FRINTN */
+case 0x19: /* FRINTM */
+case 0x1a: /* FCVTNS */
+case 0x1b: /* FCVTMS */
+case 0x1c: /* FCVTAS */
+case 0x1d: /* SCVTF */
+case 0x2c: /* FCMGT (zero) */
+case 0x2d: /* FCMEQ (zero) */
+case 0x2e: /* FCMLT (zero) */
+case 0x2f: /* FABS */
+case 0x38: /* FRINTP */
+case 0x39: /* FRINTZ */
+case 0x3a: /* FCVTPS */
+case 0x3b: /* FCVTZS */
+case 0x3c: /* URECPE */
+case 0x3d: /* FRECPE */
+case 0x56: /* FCVTXN, FCVTXN2 */
+case 0x58: /* FRINTA */
+case 0x59: /* FRINTX */
+case 0x5a: /* FCVTNU */
+case 0x5b: /* FCVTMU */
+case 0x5c: /* FCVTAU */
+case 0x5d: /* UCVTF */
+case 0x6c: /* FCMGE (zero) */
+case 0x6d: /* FCMLE (zero) */
+case 0x6f: /* FNEG */
+case 0x79: /* FRINTI */
+case 0x7a: /* FCVTPU */
+case 0x7b: /* FCVTZU */
+case 0x7c: /* URSQRTE */
+case 0x7d: /* FRSQRTE */
+case 0x7f: /* FSQRT */
+unsupported_encoding(s, insn);
+return;
+default:
+unallocated_encoding(s);
+return;
+}
+break;
+}
+default:
+unallocated_encoding(s);
+return;
+}
}
/* C3.6.18 AdvSIMD vector x indexed element
--
1.8.5
[Qemu-devel] [PATCH v2 10/13] target-arm: A64: Implement 2-reg-misc CNT, NOT and RBIT
Implement the 2-reg-misc CNT, NOT and RBIT instructions.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Reviewed-by: Richard Henderson r...@twiddle.net
---
target-arm/helper.h| 1 +
target-arm/neon_helper.c | 12
target-arm/translate-a64.c | 34 --
3 files changed, 41 insertions(+), 6 deletions(-)
diff --git a/target-arm/helper.h b/target-arm/helper.h
index 71b8411..951e6ad 100644
--- a/target-arm/helper.h
+++ b/target-arm/helper.h
@@ -320,6 +320,7 @@ DEF_HELPER_1(neon_cls_s8, i32, i32)
DEF_HELPER_1(neon_cls_s16, i32, i32)
DEF_HELPER_1(neon_cls_s32, i32, i32)
DEF_HELPER_1(neon_cnt_u8, i32, i32)
+DEF_HELPER_FLAGS_1(neon_rbit_u8, TCG_CALL_NO_RWG_SE, i32, i32)
DEF_HELPER_3(neon_qdmulh_s16, i32, env, i32, i32)
DEF_HELPER_3(neon_qrdmulh_s16, i32, env, i32, i32)
diff --git a/target-arm/neon_helper.c b/target-arm/neon_helper.c
index be6fbd9..b4c8690 100644
--- a/target-arm/neon_helper.c
+++ b/target-arm/neon_helper.c
@@ -1133,6 +1133,18 @@ uint32_t HELPER(neon_cnt_u8)(uint32_t x)
return x;
}
+/* Reverse bits in each 8 bit word */
+uint32_t HELPER(neon_rbit_u8)(uint32_t x)
+{
+x = ((x 0xf0f0f0f0) 4)
+ | ((x 0x0f0f0f0f) 4);
+x = ((x 0x) 3)
+ | ((x 0x) 1)
+ | ((x 0x) 1)
+ | ((x 0x) 3);
+return x;
+}
+
#define NEON_QDMULH16(dest, src1, src2, round) do { \
uint32_t tmp = (int32_t)(int16_t) src1 * (int16_t) src2; \
if ((tmp ^ (tmp 1)) SIGNBIT) { \
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index c071663..dd1bbeb 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -6222,6 +6222,12 @@ static void handle_2misc_64(DisasContext *s, int opcode,
bool u,
TCGCond cond;
switch (opcode) {
+case 0x5: /* NOT */
+/* This opcode is shared with CNT and RBIT but we have earlier
+ * enforced that size == 3 if and only if this is the NOT insn.
+ */
+tcg_gen_not_i64(tcg_rd, tcg_rn);
+break;
case 0xa: /* CMLT */
/* 64 bit integer comparison against zero, result is
* test ? (2^64 - 1) : 0. We implement via setcond(!test) and
@@ -7385,13 +7391,19 @@ static void disas_simd_two_reg_misc(DisasContext *s,
uint32_t insn)
case 0x1: /* REV16 */
unsupported_encoding(s, insn);
return;
-case 0x5: /* CNT, NOT, RBIT */
-if ((u == 0 size 0) ||
-(u == 1 size 1)) {
-unallocated_encoding(s);
-return;
+case 0x5: /* CNT, NOT, RBIT */
+if (u size == 0) {
+/* NOT: adjust size so we can use the 64-bits-at-a-time loop. */
+size = 3;
+break;
+} else if (u size == 1) {
+/* RBIT */
+break;
+} else if (!u size == 0) {
+/* CNT */
+break;
}
-unsupported_encoding(s, insn);
+unallocated_encoding(s);
return;
case 0x2: /* SADDLP, UADDLP */
case 0x4: /* CLS, CLZ */
@@ -7553,6 +7565,16 @@ static void disas_simd_two_reg_misc(DisasContext *s,
uint32_t insn)
} else {
/* Use helpers for 8 and 16 bit elements */
switch (opcode) {
+case 0x5: /* CNT, RBIT */
+/* For these two insns size is part of the opcode specifier
+ * (handled earlier); they always operate on byte elements.
+ */
+if (u) {
+gen_helper_neon_rbit_u8(tcg_res, tcg_op);
+} else {
+gen_helper_neon_cnt_u8(tcg_res, tcg_op);
+}
+break;
case 0x8: /* CMGT, CMGE */
case 0x9: /* CMEQ, CMLE */
case 0xa: /* CMLT */
--
1.8.5
[Qemu-devel] [PATCH v2 13/13] target-arm: A64: Add FNEG and FABS to the SIMD 2-reg-misc group
Add the SIMD FNEG and FABS instructions in the SIMD 2-reg-misc group.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Reviewed-by: Richard Henderson r...@twiddle.net
---
target-arm/translate-a64.c | 23 ---
1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index a941c48..5698b3e 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -6219,7 +6219,7 @@ static void handle_2misc_64(DisasContext *s, int opcode,
bool u,
{
/* Handle 64-64 opcodes which are shared between the scalar and
* vector 2-reg-misc groups. We cover every integer opcode where size == 3
- * is valid in either group.
+ * is valid in either group and also the double-precision fp ops.
*/
TCGCond cond;
@@ -6257,6 +6257,12 @@ static void handle_2misc_64(DisasContext *s, int opcode,
bool u,
tcg_temp_free_i64(tcg_zero);
}
break;
+case 0x2f: /* FABS */
+gen_helper_vfp_absd(tcg_rd, tcg_rn);
+break;
+case 0x6f: /* FNEG */
+gen_helper_vfp_negd(tcg_rd, tcg_rn);
+break;
default:
g_assert_not_reached();
}
@@ -7605,6 +7611,13 @@ static void disas_simd_two_reg_misc(DisasContext *s,
uint32_t insn)
opcode |= (extract32(size, 1, 1) 5) | (u 6);
size = extract32(size, 0, 1) ? 3 : 2;
switch (opcode) {
+case 0x2f: /* FABS */
+case 0x6f: /* FNEG */
+if (size == 3 !is_q) {
+unallocated_encoding(s);
+return;
+}
+break;
case 0x16: /* FCVTN, FCVTN2 */
case 0x17: /* FCVTL, FCVTL2 */
case 0x18: /* FRINTN */
@@ -7616,7 +7629,6 @@ static void disas_simd_two_reg_misc(DisasContext *s,
uint32_t insn)
case 0x2c: /* FCMGT (zero) */
case 0x2d: /* FCMEQ (zero) */
case 0x2e: /* FCMLT (zero) */
-case 0x2f: /* FABS */
case 0x38: /* FRINTP */
case 0x39: /* FRINTZ */
case 0x3a: /* FCVTPS */
@@ -7632,7 +7644,6 @@ static void disas_simd_two_reg_misc(DisasContext *s,
uint32_t insn)
case 0x5d: /* UCVTF */
case 0x6c: /* FCMGE (zero) */
case 0x6d: /* FCMLE (zero) */
-case 0x6f: /* FNEG */
case 0x79: /* FRINTI */
case 0x7a: /* FCVTPU */
case 0x7b: /* FCVTZU */
@@ -7709,6 +7720,12 @@ static void disas_simd_two_reg_misc(DisasContext *s,
uint32_t insn)
tcg_temp_free_i32(tcg_zero);
}
break;
+case 0x2f: /* FABS */
+gen_helper_vfp_abss(tcg_res, tcg_op);
+break;
+case 0x6f: /* FNEG */
+gen_helper_vfp_negs(tcg_res, tcg_op);
+break;
default:
g_assert_not_reached();
}
--
1.8.5
[Qemu-devel] [PATCH v2 03/13] target-arm: A64: Implement pairwise integer ops from 3-reg-same SIMD
Implement the pairwise integer operations in the 3-reg-same SIMD group:
ADDP, SMAXP, SMINP, UMAXP and UMINP.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Reviewed-by: Richard Henderson r...@twiddle.net
---
target-arm/translate-a64.c | 124 -
1 file changed, 123 insertions(+), 1 deletion(-)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 8d996e9..01f6b79 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -6580,7 +6580,129 @@ static void gen_min_u32(TCGv_i32 res, TCGv_i32 op1,
TCGv_i32 op2)
/* Pairwise op subgroup of C3.6.16. */
static void disas_simd_3same_pair(DisasContext *s, uint32_t insn)
{
-unsupported_encoding(s, insn);
+int is_q = extract32(insn, 30, 1);
+int u = extract32(insn, 29, 1);
+int size = extract32(insn, 22, 2);
+int opcode = extract32(insn, 11, 5);
+int rm = extract32(insn, 16, 5);
+int rn = extract32(insn, 5, 5);
+int rd = extract32(insn, 0, 5);
+int pass;
+
+if (size == 3 !is_q) {
+unallocated_encoding(s);
+return;
+}
+
+switch (opcode) {
+case 0x14: /* SMAXP, UMAXP */
+case 0x15: /* SMINP, UMINP */
+if (size == 3) {
+unallocated_encoding(s);
+return;
+}
+break;
+case 0x17:
+if (u) {
+unallocated_encoding(s);
+return;
+}
+break;
+default:
+g_assert_not_reached();
+}
+
+/* These operations work on the concatenated rm:rn, with each pair of
+ * adjacent elements being operated on to produce an element in the result.
+ */
+if (size == 3) {
+TCGv_i64 tcg_res[2];
+
+for (pass = 0; pass 2; pass++) {
+TCGv_i64 tcg_op1 = tcg_temp_new_i64();
+TCGv_i64 tcg_op2 = tcg_temp_new_i64();
+int passreg = (pass == 0) ? rn : rm;
+
+read_vec_element(s, tcg_op1, passreg, 0, MO_64);
+read_vec_element(s, tcg_op2, passreg, 1, MO_64);
+tcg_res[pass] = tcg_temp_new_i64();
+
+/* The only 64 bit pairwise integer op is ADDP */
+assert(opcode == 0x17);
+tcg_gen_add_i64(tcg_res[pass], tcg_op1, tcg_op2);
+
+tcg_temp_free_i64(tcg_op1);
+tcg_temp_free_i64(tcg_op2);
+}
+
+for (pass = 0; pass 2; pass++) {
+write_vec_element(s, tcg_res[pass], rd, pass, MO_64);
+tcg_temp_free_i64(tcg_res[pass]);
+}
+} else {
+int maxpass = is_q ? 4 : 2;
+TCGv_i32 tcg_res[4];
+
+for (pass = 0; pass maxpass; pass++) {
+TCGv_i32 tcg_op1 = tcg_temp_new_i32();
+TCGv_i32 tcg_op2 = tcg_temp_new_i32();
+NeonGenTwoOpFn *genfn;
+int passreg = pass (maxpass / 2) ? rn : rm;
+int passelt = (is_q (pass 1)) ? 2 : 0;
+
+read_vec_element_i32(s, tcg_op1, passreg, passelt, MO_32);
+read_vec_element_i32(s, tcg_op2, passreg, passelt + 1, MO_32);
+tcg_res[pass] = tcg_temp_new_i32();
+
+switch (opcode) {
+case 0x17: /* ADDP */
+{
+static NeonGenTwoOpFn * const fns[3] = {
+gen_helper_neon_padd_u8,
+gen_helper_neon_padd_u16,
+tcg_gen_add_i32,
+};
+genfn = fns[size];
+break;
+}
+case 0x14: /* SMAXP, UMAXP */
+{
+static NeonGenTwoOpFn * const fns[3][2] = {
+{ gen_helper_neon_pmax_s8, gen_helper_neon_pmax_u8 },
+{ gen_helper_neon_pmax_s16, gen_helper_neon_pmax_u16 },
+{ gen_max_s32, gen_max_u32 },
+};
+genfn = fns[size][u];
+break;
+}
+case 0x15: /* SMINP, UMINP */
+{
+static NeonGenTwoOpFn * const fns[3][2] = {
+{ gen_helper_neon_pmin_s8, gen_helper_neon_pmin_u8 },
+{ gen_helper_neon_pmin_s16, gen_helper_neon_pmin_u16 },
+{ gen_min_s32, gen_min_u32 },
+};
+genfn = fns[size][u];
+break;
+}
+default:
+g_assert_not_reached();
+}
+
+genfn(tcg_res[pass], tcg_op1, tcg_op2);
+
+tcg_temp_free_i32(tcg_op1);
+tcg_temp_free_i32(tcg_op2);
+}
+
+for (pass = 0; pass maxpass; pass++) {
+write_vec_element_i32(s, tcg_res[pass], rd, pass, MO_32);
+tcg_temp_free_i32(tcg_res[pass]);
+}
+if (!is_q) {
+clear_vec_high(s, rd);
+}
+}
}
/* Floating point op subgroup of C3.6.16. */
--
1.8.5
[Qemu-devel] [PATCH v2 02/13] target-arm: A64: Implement remaining non-pairwise int SIMD 3-reg-same insns
Implement the SIMD 3-reg-same instructions where the size == 3 case
is reserved: SHADD, UHADD, SRHADD, URHADD, SHSUB, UHSUB, SMAX,
UMAX, SMIN, UMIN, SABD, UABD, SABA, UABA, MLA, MLS, MUL, PMUL,
SQRDMULH, SQDMULH. (None of these have scalar-3-same versions.)
This completes the non-pairwise integer instructions in this category.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-arm/translate-a64.c | 131 +++--
1 file changed, 127 insertions(+), 4 deletions(-)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index e67cdbb..8d996e9 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -6556,6 +6556,27 @@ static void disas_simd_3same_logic(DisasContext *s,
uint32_t insn)
tcg_temp_free_i64(tcg_res[1]);
}
+/* Helper functions for 32 bit comparisons */
+static void gen_max_s32(TCGv_i32 res, TCGv_i32 op1, TCGv_i32 op2)
+{
+tcg_gen_movcond_i32(TCG_COND_GE, res, op1, op2, op1, op2);
+}
+
+static void gen_max_u32(TCGv_i32 res, TCGv_i32 op1, TCGv_i32 op2)
+{
+tcg_gen_movcond_i32(TCG_COND_GEU, res, op1, op2, op1, op2);
+}
+
+static void gen_min_s32(TCGv_i32 res, TCGv_i32 op1, TCGv_i32 op2)
+{
+tcg_gen_movcond_i32(TCG_COND_LE, res, op1, op2, op1, op2);
+}
+
+static void gen_min_u32(TCGv_i32 res, TCGv_i32 op1, TCGv_i32 op2)
+{
+tcg_gen_movcond_i32(TCG_COND_LEU, res, op1, op2, op1, op2);
+}
+
/* Pairwise op subgroup of C3.6.16. */
static void disas_simd_3same_pair(DisasContext *s, uint32_t insn)
{
@@ -6656,15 +6677,13 @@ static void disas_simd_3same_int(DisasContext *s,
uint32_t insn)
unallocated_encoding(s);
return;
}
-unsupported_encoding(s, insn);
-return;
+break;
case 0x16: /* SQDMULH, SQRDMULH */
if (size == 0 || size == 3) {
unallocated_encoding(s);
return;
}
-unsupported_encoding(s, insn);
-return;
+break;
default:
if (size == 3 !is_q) {
unallocated_encoding(s);
@@ -6702,6 +6721,16 @@ static void disas_simd_3same_int(DisasContext *s,
uint32_t insn)
read_vec_element_i32(s, tcg_op2, rm, pass, MO_32);
switch (opcode) {
+case 0x0: /* SHADD, UHADD */
+{
+static NeonGenTwoOpFn * const fns[3][2] = {
+{ gen_helper_neon_hadd_s8, gen_helper_neon_hadd_u8 },
+{ gen_helper_neon_hadd_s16, gen_helper_neon_hadd_u16 },
+{ gen_helper_neon_hadd_s32, gen_helper_neon_hadd_u32 },
+};
+genfn = fns[size][u];
+break;
+}
case 0x1: /* SQADD, UQADD */
{
static NeonGenTwoOpEnvFn * const fns[3][2] = {
@@ -6712,6 +6741,26 @@ static void disas_simd_3same_int(DisasContext *s,
uint32_t insn)
genenvfn = fns[size][u];
break;
}
+case 0x2: /* SRHADD, URHADD */
+{
+static NeonGenTwoOpFn * const fns[3][2] = {
+{ gen_helper_neon_rhadd_s8, gen_helper_neon_rhadd_u8 },
+{ gen_helper_neon_rhadd_s16, gen_helper_neon_rhadd_u16 },
+{ gen_helper_neon_rhadd_s32, gen_helper_neon_rhadd_u32 },
+};
+genfn = fns[size][u];
+break;
+}
+case 0x4: /* SHSUB, UHSUB */
+{
+static NeonGenTwoOpFn * const fns[3][2] = {
+{ gen_helper_neon_hsub_s8, gen_helper_neon_hsub_u8 },
+{ gen_helper_neon_hsub_s16, gen_helper_neon_hsub_u16 },
+{ gen_helper_neon_hsub_s32, gen_helper_neon_hsub_u32 },
+};
+genfn = fns[size][u];
+break;
+}
case 0x5: /* SQSUB, UQSUB */
{
static NeonGenTwoOpEnvFn * const fns[3][2] = {
@@ -6782,6 +6831,38 @@ static void disas_simd_3same_int(DisasContext *s,
uint32_t insn)
genenvfn = fns[size][u];
break;
}
+case 0xc: /* SMAX, UMAX */
+{
+static NeonGenTwoOpFn * const fns[3][2] = {
+{ gen_helper_neon_max_s8, gen_helper_neon_max_u8 },
+{ gen_helper_neon_max_s16, gen_helper_neon_max_u16 },
+{ gen_max_s32, gen_max_u32 },
+};
+genfn = fns[size][u];
+break;
+}
+
+case 0xd: /* SMIN, UMIN */
+{
+static NeonGenTwoOpFn * const fns[3][2] = {
+{ gen_helper_neon_min_s8, gen_helper_neon_min_u8 },
+{ gen_helper_neon_min_s16, gen_helper_neon_min_u16 },
+{ gen_min_s32, gen_min_u32 },
+};
+genfn = fns[size][u];
+break;
+
Re: [Qemu-devel] [PULL v2 00/34] target-arm queue
On 31 January 2014 15:10, Peter Maydell peter.mayd...@linaro.org wrote: v2 of target-arm queue, with the KVM irqchip creation patchset dropped; since the other 34 patches are unchanged I'm not retransmitting them. Please pull. Applied, thanks. -- PMM
Re: [Qemu-devel] [PULL 0/5] QMP queue
On 28 January 2014 17:27, Luiz Capitulino lcapitul...@redhat.com wrote: The changes (since 0169c511554cb0014a00290b0d3d26c31a49818f) are available in the following repository: git://repo.or.cz/qemu/qmp-unstable.git queue/qmp Applied, thanks. -- PMM
Re: [Qemu-devel] [PATCH 1/4] qemu-io: New option -a to aio_read and aio_write
Il 01/02/2014 15:31, Fam Zheng ha scritto: Why can't it be enabled unconditionally? So the default behavior is unchanged. For the stand-alone executable there is no difference, is there anything that breaks for the monitor if you always do the accounting? Paolo
Re: [Qemu-devel] [PATCH] linux-user: Fix trampoline code for CRIS
On Sat, Feb 01, 2014 at 12:09:06PM +, Peter Maydell wrote: On 1 February 2014 08:41, Stefan Weil s...@weilnetz.de wrote: __put_user can write bytes, words (2 bytes) or longwords (4 bytes). Here obviously words should have been written, but bytes were written, so values like 0x9c5f were truncated to 0x5f. Fix this by changing retcode from uint8_t to to uint16_t in target_signal_frame and also in the unused rt_signal_frame. I believe this will do the right thing. The other possible approach would be to do what the kernel does here (and what some of the QEMU code for other targets does, eg x86) and put in the cast: http://lxr.free-electrons.com/source/arch/cris/arch-v10/kernel/signal.c#L261 261 /* This is movu.w __NR_sigreturn, r9; break 13; */ 262 err |= __put_user(0x9c5f, (short __user*)(frame-retcode+0)); 263 err |= __put_user(__NR_sigreturn, (short __user*)(frame-retcode+2)); 264 err |= __put_user(0xe93d, (short __user*)(frame-retcode+4)); (obviously we'd want (uint16_t *)). Since CRIS looks (from a scan through its translate.c) like a variable-width instruction set (in the sense that insns can have immediate operands which might be 1/2/4 bytes long) I think there's an argument here for following the kernel and keeping retcode[] a byte array, for the implausible case where we want to change the trampoline sequence to include an insn with a 1 byte immediate value or something. Either way I believe the endianness handling should be correct since __put_user does host-to-target swapping for us. It might be possible to test this by extracting some of the userspace binaries from the cris system emulation test image on the QEMU wiki (or it might not). Hi, I've tested the patch, it works. CRIS insn stream is always 16bit aligned, I think Stefans patch is OK. Cheers, Edgar
Re: [Qemu-devel] [PATCH] linux-user: Fix trampoline code for CRIS
On 2 February 2014 00:42, Edgar E. Iglesias edgar.igles...@gmail.com wrote: On Sat, Feb 01, 2014 at 12:09:06PM +, Peter Maydell wrote: Since CRIS looks (from a scan through its translate.c) like a variable-width instruction set (in the sense that insns can have immediate operands which might be 1/2/4 bytes long) I think there's an argument here for following the kernel and keeping retcode[] a byte array, for the implausible case where we want to change the trampoline sequence to include an insn with a 1 byte immediate value or something. Either way I believe the endianness handling should be correct since __put_user does host-to-target swapping for us. It might be possible to test this by extracting some of the userspace binaries from the cris system emulation test image on the QEMU wiki (or it might not). I've tested the patch, it works. CRIS insn stream is always 16bit aligned, I think Stefans patch is OK. OK, if you're happy with this version I don't object to it (it's just one of those 50/50 cases where my personal taste would have tipped the other way). Reviewed-by: Peter Maydell peter.mayd...@linaro.org thanks -- PMM
Re: [Qemu-devel] [PATCH v13 00/14] Drop in_use from BlockDriverState and enable point-in-time snapshot exporting over NBD
On Sat, Feb 01, 2014 at 11:21:17PM +0800, Fam Zheng wrote:
On Fri, 01/31 19:00, Ian Main wrote:
On Wed, Jan 29, 2014 at 01:07:27PM +0800, Fam Zheng wrote:
This series adds for point-in-time snapshot NBD exporting based on
blockdev-backup (variant of drive-backup with existing device as target).
We get a thin point-in-time snapshot by COW mechanism of drive-backup, and
export it through built in NBD server. The steps are as below:
1. (SHELL) qemu-img create -f qcow2 BACKUP.qcow2 source size here
(Alternatively we can use -o backing_file=RUNNING-VM.img to omit
explicitly
providing the size by ourselves, but it's risky because
RUNNING-VM.qcow2 is
used r/w by guest. Whether or not setting backing file in the image
file
doesn't matter, as we are going to override the backing hd in the next
step)
2. (QMP) blockdev-add backing=source-drive file.driver=file
file.filename=BACKUP.qcow2 id=target0 if=none driver=qcow2
It seems like we have a regression here. I sent you a private email
earlier and after some more testing I am finding that the setup that I
had to test this before is no longer working. Now when I try to use
blockdev-add I get:
rsp = srv.cmd(command, {'options': {
'backing': 'ide0-hd0',
'driver': 'qcow2',
'id': 'target0',
'file': {
'driver': 'file',
'filename': '/home/imain/tmp/BACKUP.qcow2'
}
}
})
rsp is {u'error': {u'class': u'GenericError', u'desc': ucould not open
disk image target0: Block format 'qcow2' used by device 'target0'
doesn't support the option 'backing'}}
It's possible I'm messing something up but I'm pretty sure something has
changed with the options handling in bdrv_open() to make this not work
anymore.
My local test script is very similar to this, so as the case added in this
series. They both work here. Have you found what is wrong there yet?
Hrrm, so I cleaned up my tree, pulled to latest and applied these and it
worked. Not sure what happened there but it all seems good now. I
should have tried that before I posted.
Ian
[Qemu-devel] NetClientInfo::can_receive change notification and its purpose
Hello, is there any way to notify networking core that adapter's NetClientInfo::can_receive return value is about to change from 0 to 1? I'm trying to talk to DHCP server from the recent (2014.01) u-boot running in the xtensa system emulation over the tap interface. On the guest I see the following picture (lines marked **...** are printed from the qemu): U-Boot dhcp **open_eth_can_receive: 0** **open_eth_can_receive: 0** BOOTP broadcast 1 BOOTP broadcast 2 BOOTP broadcast 3 BOOTP broadcast 4 BOOTP broadcast 5 Retry count exceeded; starting again ethoc BOOTP broadcast 1 BOOTP broadcast 2 BOOTP broadcast 3 BOOTP broadcast 4 BOOTP broadcast 5 Retry count exceeded; starting again ^C **open_eth_can_receive: 1** **open_eth_can_receive: 1** The u-boot driver enables packet reception on the network adapter just before it starts sending packets, but on the networking core doesn't check that NetClientInfo::can_receive has changed until I press ^C to interrupt it. Then it receives some of the pending packets, but throws them away. On the host side I see that DHCP server replies immediately. When I remove NetClientInfo::can_receive callback from my network adapter and throw away packets that cannot be received in the NetClientInfo::receive callback it all works well. So I've got two questions: - is there any way to push NetClientInfo::can_receive update to the network core? - wouldn't it be more correct to emulate real hardware more closely: always be ready to receive a packet, but throw it away if there's e.g. no buffers or the receiver is disabled? -- Thanks. -- Max
Re: [Qemu-devel] osx bootloader
On Sat, 1 Feb 2014, Paolo Bonzini wrote: The firmware has to be ported to each new chipset. OVMF was never ported to anything but PIIX. Looks like this is the case. Now I can see that OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c has hardcoded pci paths in it corresponding to the pc machine type with PIIX and it tries to access these devices unconditionally even if they do not exist (as on q35 machine). So this obviously won't work. I think I give up at this point because I don't know enough about Q35 and I don't see how could it be hacked into Ovmf. Additionally it seems that this alone would not be enough to use Apple's boot.efi verbatim but something more complex, very much resembling Clover would be needed to boot OS X with Ovmf EFI which is not much cleaner solution than using Chameleon with Seabios that already works now. Regards, BALATON Zoltan
[Qemu-devel] [PATCH] hw/xtensa: add support for ML605 and KC705 FPGA board
Signed-off-by: Max Filippov jcmvb...@gmail.com
---
hw/xtensa/xtensa_lx60.c | 51 +
1 file changed, 47 insertions(+), 4 deletions(-)
diff --git a/hw/xtensa/xtensa_lx60.c b/hw/xtensa/xtensa_lx60.c
index 22e124d..49c58d1 100644
--- a/hw/xtensa/xtensa_lx60.c
+++ b/hw/xtensa/xtensa_lx60.c
@@ -40,6 +40,7 @@
#include xtensa_bootparam.h
typedef struct LxBoardDesc {
+hwaddr flash_base;
size_t flash_size;
size_t flash_sector_size;
size_t sram_size;
@@ -219,7 +220,7 @@ static void lx_init(const LxBoardDesc *board,
QEMUMachineInitArgs *args)
dinfo = drive_get(IF_PFLASH, 0, 0);
if (dinfo) {
-flash = pflash_cfi01_register(0xf800,
+flash = pflash_cfi01_register(board-flash_base,
NULL, lx60.io.flash, board-flash_size,
dinfo-bdrv, board-flash_sector_size,
board-flash_size / board-flash_sector_size,
@@ -265,7 +266,9 @@ static void lx_init(const LxBoardDesc *board,
QEMUMachineInitArgs *args)
MemoryRegion *flash_io = g_malloc(sizeof(*flash_io));
memory_region_init_alias(flash_io, NULL, lx60.flash,
-flash_mr, 0, board-flash_size);
+flash_mr, 0,
+board-flash_size 0x0200 ?
+board-flash_size : 0x0200);
memory_region_add_subregion(system_memory, 0xfe00,
flash_io);
}
@@ -275,7 +278,8 @@ static void lx_init(const LxBoardDesc *board,
QEMUMachineInitArgs *args)
static void xtensa_lx60_init(QEMUMachineInitArgs *args)
{
static const LxBoardDesc lx60_board = {
-.flash_size = 0x40,
+.flash_base = 0xf800,
+.flash_size = 0x0040,
.flash_sector_size = 0x1,
.sram_size = 0x2,
};
@@ -285,13 +289,36 @@ static void xtensa_lx60_init(QEMUMachineInitArgs *args)
static void xtensa_lx200_init(QEMUMachineInitArgs *args)
{
static const LxBoardDesc lx200_board = {
-.flash_size = 0x100,
+.flash_base = 0xf800,
+.flash_size = 0x0100,
.flash_sector_size = 0x2,
.sram_size = 0x200,
};
lx_init(lx200_board, args);
}
+static void xtensa_ml605_init(QEMUMachineInitArgs *args)
+{
+static const LxBoardDesc ml605_board = {
+.flash_base = 0xf800,
+.flash_size = 0x0200,
+.flash_sector_size = 0x2,
+.sram_size = 0x200,
+};
+lx_init(ml605_board, args);
+}
+
+static void xtensa_kc705_init(QEMUMachineInitArgs *args)
+{
+static const LxBoardDesc kc705_board = {
+.flash_base = 0xf000,
+.flash_size = 0x0800,
+.flash_sector_size = 0x2,
+.sram_size = 0x200,
+};
+lx_init(kc705_board, args);
+}
+
static QEMUMachine xtensa_lx60_machine = {
.name = lx60,
.desc = lx60 EVB ( XTENSA_DEFAULT_CPU_MODEL ),
@@ -306,10 +333,26 @@ static QEMUMachine xtensa_lx200_machine = {
.max_cpus = 4,
};
+static QEMUMachine xtensa_ml605_machine = {
+.name = ml605,
+.desc = ml605 EVB ( XTENSA_DEFAULT_CPU_MODEL ),
+.init = xtensa_ml605_init,
+.max_cpus = 4,
+};
+
+static QEMUMachine xtensa_kc705_machine = {
+.name = kc705,
+.desc = kc705 EVB ( XTENSA_DEFAULT_CPU_MODEL ),
+.init = xtensa_kc705_init,
+.max_cpus = 4,
+};
+
static void xtensa_lx_machines_init(void)
{
qemu_register_machine(xtensa_lx60_machine);
qemu_register_machine(xtensa_lx200_machine);
+qemu_register_machine(xtensa_ml605_machine);
+qemu_register_machine(xtensa_kc705_machine);
}
machine_init(xtensa_lx_machines_init);
--
1.8.1.4
[Qemu-devel] who should I report this to?
Under kvm (ubuntu 12.04.03 LTS) when logged in via VNC and installing 10-RELEASE the installer just boots you during the disk initialization phase. Who should this be reported to? -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
[Qemu-devel] [PATCH 1/6] cris: Add a CRISv32 default any CPU for user mode emulation
From: Edgar E. Iglesias edgar.igles...@xilinx.com
Signed-off-by: Edgar E. Iglesias edgar.igles...@xilinx.com
---
target-cris/cpu.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/target-cris/cpu.c b/target-cris/cpu.c
index 44301a4..21f1860 100644
--- a/target-cris/cpu.c
+++ b/target-cris/cpu.c
@@ -239,7 +239,14 @@ static const TypeInfo cris_cpu_model_type_infos[] = {
.name = TYPE(crisv32),
.parent = TYPE_CRIS_CPU,
.class_init = crisv32_cpu_class_init,
+},
+#if defined(CONFIG_USER_ONLY)
+{
+.name = TYPE(any),
+.parent = TYPE_CRIS_CPU,
+.class_init = crisv32_cpu_class_init,
}
+#endif
};
#undef TYPE
--
1.8.3.2
[Qemu-devel] [PATCH 0/6] CRIS queue
From: Edgar E. Iglesias edgar.igles...@xilinx.com These fixes and cleanups are sitting on my CRIS queue. Restores CRISv32 as default linux-user CPU. Fix CRIS linux-user signal handling. Removes CRIS PIC glue. Cheers, Edgar Edgar E. Iglesias (5): cris: Add a CRISv32 default any CPU for user mode emulation cris: Abort when a v10 takes interrupts while in a delayslot cris: Add interrupt signals to the CPU device axis-dev88: Connect the PIC upstream IRQs directly to the CPU cris: Remove the CRIS PIC glue Stefan Weil (1): linux-user: Fix trampoline code for CRIS hw/cris/Makefile.objs | 1 - hw/cris/axis_dev88.c | 7 +++ hw/cris/pic_cpu.c | 47 --- include/hw/cris/etraxfs.h | 2 -- linux-user/signal.c | 8 target-cris/cpu.c | 27 +++ target-cris/cpu.h | 4 target-cris/helper.c | 5 + 8 files changed, 43 insertions(+), 58 deletions(-) delete mode 100644 hw/cris/pic_cpu.c -- 1.8.3.2
[Qemu-devel] [PATCH 2/6] cris: Abort when a v10 takes interrupts while in a delayslot
From: Edgar E. Iglesias edgar.igles...@xilinx.com
This is an internal error as the CRISv10 should mask interrupts
while executing delay slots. Bail out sooner rather than later.
Signed-off-by: Edgar E. Iglesias edgar.igles...@xilinx.com
---
target-cris/helper.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target-cris/helper.c b/target-cris/helper.c
index d274b38..c940582 100644
--- a/target-cris/helper.c
+++ b/target-cris/helper.c
@@ -126,6 +126,11 @@ void crisv10_cpu_do_interrupt(CPUState *cs)
env-exception_index,
cs-interrupt_request);
+if (env-dslot) {
+/* CRISv10 never takes interrupts while in a delay-slot. */
+cpu_abort(env, CRIS: Interrupt on delay-slot\n);
+}
+
assert(!(env-pregs[PR_CCS] PFIX_FLAG));
switch (env-exception_index) {
case EXCP_BREAK:
--
1.8.3.2
[Qemu-devel] [PATCH 3/6] cris: Add interrupt signals to the CPU device
From: Edgar E. Iglesias edgar.igles...@xilinx.com
Signed-off-by: Edgar E. Iglesias edgar.igles...@xilinx.com
---
target-cris/cpu.c | 20
target-cris/cpu.h | 4
2 files changed, 24 insertions(+)
diff --git a/target-cris/cpu.c b/target-cris/cpu.c
index 21f1860..7dea0f0 100644
--- a/target-cris/cpu.c
+++ b/target-cris/cpu.c
@@ -146,6 +146,21 @@ static void cris_cpu_realizefn(DeviceState *dev, Error
**errp)
ccc-parent_realize(dev, errp);
}
+#ifndef CONFIG_USER_ONLY
+static void cris_cpu_set_irq(void *opaque, int irq, int level)
+{
+CRISCPU *cpu = opaque;
+CPUState *cs = CPU(cpu);
+int type = irq == CRIS_CPU_IRQ ? CPU_INTERRUPT_HARD : CPU_INTERRUPT_NMI;
+
+if (level) {
+cpu_interrupt(cs, type);
+} else {
+cpu_reset_interrupt(cs, type);
+}
+}
+#endif
+
static void cris_cpu_initfn(Object *obj)
{
CPUState *cs = CPU(obj);
@@ -159,6 +174,11 @@ static void cris_cpu_initfn(Object *obj)
env-pregs[PR_VR] = ccc-vr;
+#ifndef CONFIG_USER_ONLY
+/* IRQ and NMI lines. */
+qdev_init_gpio_in(DEVICE(cpu), cris_cpu_set_irq, 2);
+#endif
+
if (tcg_enabled() !tcg_initialized) {
tcg_initialized = true;
if (env-pregs[PR_VR] 32) {
diff --git a/target-cris/cpu.h b/target-cris/cpu.h
index 4b9fc4c..1d7d80d 100644
--- a/target-cris/cpu.h
+++ b/target-cris/cpu.h
@@ -42,6 +42,10 @@
/* CRIS-specific interrupt pending bits. */
#define CPU_INTERRUPT_NMI CPU_INTERRUPT_TGT_EXT_3
+/* CRUS CPU device objects interrupt lines. */
+#define CRIS_CPU_IRQ 0
+#define CRIS_CPU_NMI 1
+
/* Register aliases. R0 - R15 */
#define R_FP 8
#define R_SP 14
--
1.8.3.2
[Qemu-devel] [PATCH 5/6] cris: Remove the CRIS PIC glue
From: Edgar E. Iglesias edgar.igles...@xilinx.com
Signed-off-by: Edgar E. Iglesias edgar.igles...@xilinx.com
---
hw/cris/Makefile.objs | 1 -
hw/cris/pic_cpu.c | 47 ---
include/hw/cris/etraxfs.h | 2 --
3 files changed, 50 deletions(-)
delete mode 100644 hw/cris/pic_cpu.c
diff --git a/hw/cris/Makefile.objs b/hw/cris/Makefile.objs
index 776db7c..7624173 100644
--- a/hw/cris/Makefile.objs
+++ b/hw/cris/Makefile.objs
@@ -1,3 +1,2 @@
-obj-y += pic_cpu.o
obj-y += boot.o
obj-y += axis_dev88.o
diff --git a/hw/cris/pic_cpu.c b/hw/cris/pic_cpu.c
deleted file mode 100644
index bd47bf1..000
--- a/hw/cris/pic_cpu.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * QEMU CRIS CPU interrupt wrapper logic.
- *
- * Copyright (c) 2009 Edgar E. Iglesias, Axis Communications AB.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the Software), to
deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include hw/sysbus.h
-#include hw/hw.h
-#include hw/cris/etraxfs.h
-
-#define D(x)
-
-static void cris_pic_cpu_handler(void *opaque, int irq, int level)
-{
-CRISCPU *cpu = opaque;
-CPUState *cs = CPU(cpu);
-int type = irq ? CPU_INTERRUPT_NMI : CPU_INTERRUPT_HARD;
-
-if (level) {
-cpu_interrupt(cs, type);
-} else {
-cpu_reset_interrupt(cs, type);
-}
-}
-
-qemu_irq *cris_pic_init_cpu(CPUCRISState *env)
-{
-return qemu_allocate_irqs(cris_pic_cpu_handler, cris_env_get_cpu(env), 2);
-}
diff --git a/include/hw/cris/etraxfs.h b/include/hw/cris/etraxfs.h
index ab30559..73a6134 100644
--- a/include/hw/cris/etraxfs.h
+++ b/include/hw/cris/etraxfs.h
@@ -28,8 +28,6 @@
#include net/net.h
#include hw/cris/etraxfs_dma.h
-qemu_irq *cris_pic_init_cpu(CPUCRISState *env);
-
/* Instantiate an ETRAXFS Ethernet MAC. */
static inline DeviceState *
etraxfs_eth_init(NICInfo *nd, hwaddr base, int phyaddr,
--
1.8.3.2
[Qemu-devel] [PATCH 4/6] axis-dev88: Connect the PIC upstream IRQs directly to the CPU
From: Edgar E. Iglesias edgar.igles...@xilinx.com
Signed-off-by: Edgar E. Iglesias edgar.igles...@xilinx.com
---
hw/cris/axis_dev88.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/hw/cris/axis_dev88.c b/hw/cris/axis_dev88.c
index 5524088..645e45c 100644
--- a/hw/cris/axis_dev88.c
+++ b/hw/cris/axis_dev88.c
@@ -254,7 +254,7 @@ void axisdev88_init(QEMUMachineInitArgs *args)
DeviceState *dev;
SysBusDevice *s;
DriveInfo *nand;
-qemu_irq irq[30], nmi[2], *cpu_irq;
+qemu_irq irq[30], nmi[2];
void *etraxfs_dmac;
struct etraxfs_dma_client *dma_eth;
int i;
@@ -296,15 +296,14 @@ void axisdev88_init(QEMUMachineInitArgs *args)
gpio_state.iomem);
-cpu_irq = cris_pic_init_cpu(env);
dev = qdev_create(NULL, etraxfs,pic);
/* FIXME: Is there a proper way to signal vectors to the CPU core? */
qdev_prop_set_ptr(dev, interrupt_vector, env-interrupt_vector);
qdev_init_nofail(dev);
s = SYS_BUS_DEVICE(dev);
sysbus_mmio_map(s, 0, 0x3001c000);
-sysbus_connect_irq(s, 0, cpu_irq[0]);
-sysbus_connect_irq(s, 1, cpu_irq[1]);
+sysbus_connect_irq(s, 0, qdev_get_gpio_in(DEVICE(cpu), CRIS_CPU_IRQ));
+sysbus_connect_irq(s, 1, qdev_get_gpio_in(DEVICE(cpu), CRIS_CPU_NMI));
for (i = 0; i 30; i++) {
irq[i] = qdev_get_gpio_in(dev, i);
}
--
1.8.3.2
[Qemu-devel] [PATCH 6/6] linux-user: Fix trampoline code for CRIS
From: Stefan Weil s...@weilnetz.de
__put_user can write bytes, words (2 bytes) or longwords (4 bytes).
Here obviously words should have been written, but bytes were written,
so values like 0x9c5f were truncated to 0x5f.
Fix this by changing retcode from uint8_t to to uint16_t in
target_signal_frame and also in the unused rt_signal_frame.
This problem was reported by static code analysis (smatch).
Cc: qemu-sta...@nongnu.org
Signed-off-by: Stefan Weil s...@weilnetz.de
Reviewed-by: Peter Maydell peter.mayd...@linaro.org
Tested-by: Edgar E. Iglesias edgar.igles...@xilinx.com
Reviewed-by: Edgar E. Iglesias edgar.igles...@xilinx.com
Signed-off-by: Edgar E. Iglesias edgar.igles...@xilinx.com
---
linux-user/signal.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/linux-user/signal.c b/linux-user/signal.c
index 01d7c39..82e8592 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -3659,7 +3659,7 @@ struct target_sigcontext {
struct target_signal_frame {
struct target_sigcontext sc;
uint32_t extramask[TARGET_NSIG_WORDS - 1];
-uint8_t retcode[8]; /* Trampoline code. */
+uint16_t retcode[4]; /* Trampoline code. */
};
struct rt_signal_frame {
@@ -3667,7 +3667,7 @@ struct rt_signal_frame {
void *puc;
siginfo_t info;
struct ucontext uc;
-uint8_t retcode[8]; /* Trampoline code. */
+uint16_t retcode[4]; /* Trampoline code. */
};
static void setup_sigcontext(struct target_sigcontext *sc, CPUCRISState *env)
@@ -3745,8 +3745,8 @@ static void setup_frame(int sig, struct target_sigaction
*ka,
*/
err |= __put_user(0x9c5f, frame-retcode+0);
err |= __put_user(TARGET_NR_sigreturn,
- frame-retcode+2);
- err |= __put_user(0xe93d, frame-retcode+4);
+ frame-retcode + 1);
+ err |= __put_user(0xe93d, frame-retcode + 2);
/* Save the mask. */
err |= __put_user(set-sig[0], frame-sc.oldmask);
--
1.8.3.2
