Re: [Qemu-devel] STM32F205 SysTick emulation

[Alistair Francis]

On Sun, May 31, 2015 at 5:18 AM, Liviu Ionescu  wrote:
>
>> On 30 May 2015, at 07:17, Alistair Francis  wrote:
>>
>> I also have a lot better support out of tree, I'm still slowly working
>> on upstreaming it (I should have another patch series today).
>
> my implementation is based on the existing Stellaris MCUs, and SysTick was 
> functional from the very beginning, perhaps you can check the differences 
> between your implememtation and Stellaris.

Ok, thanks. I'll have another look and see what I can find.

>
>> Is this what you are talking about?
>> https://github.com/alistair23/qemu/commit/c30ed1b5b39b32488d63e3782a540906bb10617a
>
> that might also be necessary, but there must be something else.

Do you have the tests you are using available anywhere?

It'd be great to have more tests to run on the machine.

Thanks,

Alistair

>
>
> regards,
>
> Liviu
>

[Qemu-devel] [PATCH v1 0/8] Extend Microblaze Properties

[Alistair Francis]

This patch series extends the MicroBlaze properties
that I have been working on. It applies on top of my
original work:
'Add Microblaze configuration options'.

This patch series converts various MicroBlaze PVR registers
to properties. This then allows the individual Microblaze
machine reset functions to be removed as well as some other
dead code.


Alistair Francis (8):
  target-microblaze: Convert use-mmu to a CPU property
  target-microblaze: Convert dcache-writeback to a CPU property
  target-microblaze: Convert endi to a CPU property
  target-microblaze: Convert version_mask to a CPU property
  target-microblaze: Convert pvr-full to a CPU property
  ml605_mmu: Move the hardcoded values to the init function
  s3adsp1800: Remove the hardcoded values from the reset
  target-microblaze: Remove dead code

 hw/microblaze/petalogix_ml605_mmu.c  |   25 +++--
 hw/microblaze/petalogix_s3adsp1800_mmu.c |9 +
 target-microblaze/cpu-qom.h  |5 +
 target-microblaze/cpu.c  |   23 +++
 target-microblaze/cpu.h  |4 ++--
 target-microblaze/helper.c   |6 +++---
 6 files changed, 37 insertions(+), 35 deletions(-)

[Qemu-devel] On x86 MMU modes

[Sandhya Kumar]

[Query on intended logic]

I am trying to learn qemu's MMU emulation logic for x86 and came across H.
Peter Anvin's SMAP commit (link
). I
have the following doubt on the intended logic (apologies if it is trivial)

As per my understanding (which matches versions prior to this commit), we
generally maintain only two TLBs [one for kernel and one for user] in x86
ISA for caching address translations. With this commit we seem to have
three modes of MMU, although only two will be actually used (either KSMAP
or KNOSMAP). Is my claim valid ? Why cannot those two original modes serve
the purpose and why is the separation (of KNOMAP and KSMAP) needed?

Thanks in advance,
Sandhya

Re: [Qemu-devel] [PATCH v3 1/4] iotests: fix exclusion option

[Fam Zheng]

On Tue, 06/02 15:18, John Snow wrote:
> If you are running out-of-tree, the -x option to exclude
> a certain iotest is broken.
> 
> Replace porcelain usage of ls with a sturdier awk command.
> 
> Signed-off-by: John Snow 
> ---

Reviewed-by: Fam Zheng 

>  tests/qemu-iotests/common | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common
> index 1030aaf..84b6f16 100644
> --- a/tests/qemu-iotests/common
> +++ b/tests/qemu-iotests/common
> @@ -83,7 +83,8 @@ s/ .*//p
>  elif $xgroup
>  then
>  # arg after -x
> -[ ! -s $tmp.list ] && ls [0-9][0-9][0-9] [0-9][0-9][0-9][0-9] 
> >$tmp.list 2>/dev/null
> +# Populate $tmp.list with all tests
> +awk '/^[0-9]{3,}/ {print $1}' "${source_iotests}/group" > $tmp.list 
> 2>/dev/null
>  group_list=`sed -n <"$source_iotests/group" -e 's/$/ /' -e 
> "/^[0-9][0-9][0-9].* $r /"'{
>  s/ .*//p
>  }'`
> -- 
> 2.1.0
> 

Re: [Qemu-devel] [PATCH v7 1/3] sysbus: register reset handler for main_system_bus when created

[Zhu Guihua]

Hi Eduardo,

On 06/02/2015 11:53 PM, Eduardo Habkost wrote:

On Tue, Jun 02, 2015 at 05:23:55PM +0800, Zhu Guihua wrote:

Since icc bus will be droped and apic reset should be after bus
reset in x86, this patch moves reset handler for main_system_bus
from vl.c to sysbus.c

So, you are changing reset ordering for all machines because of a
x86-specific requirement?

Other machines can have different ordering requirements and may break if
you unconditionally change the reset order for all machines.

Like I said on v6: if x86 has specific CPU reset ordering requirements,
we should be able to ensure the expected ordering in x86-specific code
(in pc.c?), not hardcode reset ordering for all machines.

Maybe we can change the qemu_register_reset() API to accept an explicit
ordering parameter, so ordering requirements are visibly encoded in the
qemu_register_reset() calls instead of depending on non-obvious
initialization code ordering.

While we don't have a better API, we can probably ensure the x86 reset
ordering without affecting the other machines by calling
qemu_register_reset() for the CPUs in a machine_init_done notifier
registered by PC.


I try to call qemu_register_reset() for the CPUs in 
pc_guest_info_machine_done (),

the notifier is in hw/i386/pc.c. And I have tested this, it works well.

Thanks,
Zhu

Re: [Qemu-devel] [PATCH 0/2] sh4 linux-user cpu and hwcap

[Richard Henderson]

On 05/24/2015 03:51 PM, Aurelien Jarno wrote:

On 2015-05-23 15:06, Richard Henderson wrote:

As reported by Rich the other day.  As I don't have a user-land
binary that depends on this, I merely note that it still runs
the linux-user-test sh4 binary.  And gdb confirms that the LLSC
bit does get set.


How would you like to see this patches merged? As they basically touch
linux-user code only, I think they should go through Riku.



Ideally, but maybe just easier to generate a pull.


r~

Re: [Qemu-devel] [PATCH] exec: optimize phys_page_set_level

[Richard Henderson]

On 05/21/2015 06:19 AM, Paolo Bonzini wrote:

memcpy is faster than struct assignment, which copies each bitfield
individually.  Arguably a compiler bug, but memcpy is super-special
cased anyway so what could go wrong?



The compiler has the option of doing the copy either way.  Any way to actually 
show that the small memcpy is faster?  That's one of those things where I'm 
sure there's a cost calculation that said per member was better.




r~

[Qemu-devel] [PATCH v4 4/4] monitor: remove debug prints

[Bandan Das]

The preferred solution is to use tracepoints and there
is good chance of bitrot with the debug prints not being
enabled at compile time. Remove them.

Suggested-by: Markus Armbruster 
Signed-off-by: Bandan Das 
---
 monitor.c | 19 +--
 1 file changed, 1 insertion(+), 18 deletions(-)

diff --git a/monitor.c b/monitor.c
index cbc3cc6..44bd787 100644
--- a/monitor.c
+++ b/monitor.c
@@ -81,9 +81,6 @@
 #endif
 #include "hw/lm32/lm32_pic.h"
 
-//#define DEBUG
-//#define DEBUG_COMPLETION
-
 /*
  * Supported types:
  *
@@ -3700,9 +3697,6 @@ static const mon_cmd_t *monitor_parse_command(Monitor 
*mon,
 const mon_cmd_t *cmd;
 char cmdname[256];
 
-#ifdef DEBUG
-monitor_printf(mon, "command='%s', start='%c'\n", cmdline, **cmdp);
-#endif
 
 /* extract the command name */
 p = get_command_name(*cmdp, cmdname, sizeof(cmdname));
@@ -4207,10 +4201,7 @@ static void file_completion(Monitor *mon, const char 
*input)
 path[input_path_len] = '\0';
 pstrcpy(file_prefix, sizeof(file_prefix), p + 1);
 }
-#ifdef DEBUG_COMPLETION
-monitor_printf(mon, "input='%s' path='%s' prefix='%s'\n",
-   input, path, file_prefix);
-#endif
+
 ffs = opendir(path);
 if (!ffs)
 return;
@@ -4788,14 +4779,6 @@ static void monitor_find_completion(void *opaque,
 if (parse_cmdline(cmdline, &nb_args, args) < 0) {
 return;
 }
-#ifdef DEBUG_COMPLETION
-{
-int i;
-for (i = 0; i < nb_args; i++) {
-monitor_printf(mon, "arg%d = '%s'\n", i, args[i]);
-}
-}
-#endif
 
 /* if the line ends with a space, it means we want to complete the
next arg */
-- 
2.1.0

[Qemu-devel] [PATCH v4 3/4] monitor: Fix failure path for "S" argument type

[Bandan Das]

The "S" argument is only used with ? and we don't
reach it. Fix it nevertheless.

Signed-off-by: Bandan Das 
---
 monitor.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/monitor.c b/monitor.c
index 6777cbe..cbc3cc6 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4069,7 +4069,7 @@ static QDict *monitor_parse_arguments(Monitor *mon,
 if (len <= 0) {
 monitor_printf(mon, "%s: string expected\n",
cmd->name);
-break;
+goto fail;
 }
 qdict_put(qdict, key, qstring_from_str(p));
 p += len;
-- 
2.1.0

[Qemu-devel] [PATCH v4 2/4] When a command fails due to incorrect syntax or input, suggest using the "help" command to get more information about the command. This is only applicable for HMP.

[Bandan Das]

Before:
(qemu) drive_add usb_flash_drive
drive_add: string expected
After:
(qemu) drive_add usb_flash_drive
drive_add: string expected
Try "help drive_add" for more information

Reviewed-by: Markus Armbruster 
Signed-off-by: Bandan Das 
---
 monitor.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/monitor.c b/monitor.c
index a89cbbb..6777cbe 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4134,6 +4134,8 @@ static void handle_user_command(Monitor *mon, const char 
*cmdline)
 
 qdict = monitor_parse_arguments(mon, &cmdline, cmd);
 if (!qdict) {
+monitor_printf(mon, "Try \"help %s\" for more information\n",
+   cmd->name);
 return;
 }
 
-- 
2.1.0

[Qemu-devel] [PATCH v4 0/4] monitor: suggest running "help" for command errors

[Bandan Das]

v4:
Better name for cmdline index pointer [1/4]
Change comment for monitor_parse_command as suggested in review [1/4]
Fix potential compilation failure in debug print [1/4]
New - Fix failure path for argument type "S" [3/4]
New - Remove debug prints [4/4]

v3:
Track the current location directly in the command line [1/2]
Fix potential qdict leak [1/2]
Document char **endp [1/2]
Rebase on top of changes and add reviewed-by [2/2]

v2:
Split up the command name and arguments parsing into
separate functions. [1/2]
Skip checking for failures with commands that use the .cmd_new
interface or the async interface since they are scheduled
for removal [2/2]

Bandan Das (4):
  monitor: cleanup parsing of cmd name and cmd arguments
  When a command fails due to incorrect syntax or input, suggest
using the "help" command to get more information about the
command. This is only applicable for HMP.
  monitor: Fix failure path for "S" argument
  monitor: remove debug prints

 monitor.c | 121 +++---
 1 file changed, 61 insertions(+), 60 deletions(-)

-- 
2.1.0

[Qemu-devel] [PATCH v4 1/4] monitor: cleanup parsing of cmd name and cmd arguments

[Bandan Das]

There's too much going on in monitor_parse_command().
Split up the arguments parsing bits into a separate function
monitor_parse_arguments(). Let the original function check for
command validity and sub-commands if any and return data (*cmd)
that the newly introduced function can process and return a
QDict. Also, pass a pointer to the cmdline to track current
parser location.

Suggested-by: Markus Armbruster 
Signed-off-by: Bandan Das 
---
 monitor.c | 100 --
 1 file changed, 58 insertions(+), 42 deletions(-)

diff --git a/monitor.c b/monitor.c
index b2561e1..a89cbbb 100644
--- a/monitor.c
+++ b/monitor.c
@@ -3683,43 +3683,36 @@ static const mon_cmd_t *qmp_find_cmd(const char 
*cmdname)
 }
 
 /*
- * Parse @cmdline according to command table @table.
- * If @cmdline is blank, return NULL.
- * If it can't be parsed, report to @mon, and return NULL.
- * Else, insert command arguments into @qdict, and return the command.
- * If a sub-command table exists, and if @cmdline contains an additional string
- * for a sub-command, this function will try to search the sub-command table.
- * If no additional string for a sub-command is present, this function will
- * return the command found in @table.
- * Do not assume the returned command points into @table!  It doesn't
- * when the command is a sub-command.
+ * Parse command name from @cmdp according to command table @table.
+ * If blank, return NULL.
+ * Else, if no valid command can be found, report to @mon, and return
+ * NULL.
+ * Else, change @cmdp to point right behind the name, and return its
+ * command table entry.
+ * Do not assume the return value points into @table!  It doesn't when
+ * the command is found in a sub-command table.
  */
 static const mon_cmd_t *monitor_parse_command(Monitor *mon,
-  const char *cmdline,
-  int start,
-  mon_cmd_t *table,
-  QDict *qdict)
+  const char **cmdp,
+  mon_cmd_t *table)
 {
-const char *p, *typestr;
-int c;
+const char *p;
 const mon_cmd_t *cmd;
 char cmdname[256];
-char buf[1024];
-char *key;
 
 #ifdef DEBUG
-monitor_printf(mon, "command='%s', start='%d'\n", cmdline, start);
+monitor_printf(mon, "command='%s', start='%c'\n", cmdline, **cmdp);
 #endif
 
 /* extract the command name */
-p = get_command_name(cmdline + start, cmdname, sizeof(cmdname));
+p = get_command_name(*cmdp, cmdname, sizeof(cmdname));
 if (!p)
 return NULL;
 
 cmd = search_dispatch_table(table, cmdname);
 if (!cmd) {
 monitor_printf(mon, "unknown command: '%.*s'\n",
-   (int)(p - cmdline), cmdline);
+   (int)(p - *cmdp), *cmdp);
 return NULL;
 }
 
@@ -3727,16 +3720,34 @@ static const mon_cmd_t *monitor_parse_command(Monitor 
*mon,
 while (qemu_isspace(*p)) {
 p++;
 }
+
+*cmdp = p;
 /* search sub command */
-if (cmd->sub_table != NULL) {
-/* check if user set additional command */
-if (*p == '\0') {
-return cmd;
-}
-return monitor_parse_command(mon, cmdline, p - cmdline,
- cmd->sub_table, qdict);
+if (cmd->sub_table != NULL && *p != '\0') {
+return monitor_parse_command(mon, cmdp, cmd->sub_table);
 }
 
+return cmd;
+}
+
+/*
+ * Parse arguments for @cmd
+ * If it can't be parsed, report to @mon, and return NULL.
+ * Else, insert command arguments into a QDict, and return it.
+ * Note: On success, caller has to free the QDict structure
+ */
+
+static QDict *monitor_parse_arguments(Monitor *mon,
+  const char **endp,
+  const mon_cmd_t *cmd)
+{
+const char *typestr;
+char *key;
+int c;
+const char *p = *endp;
+char buf[1024];
+QDict *qdict = qdict_new();
+
 /* parse the parameters */
 typestr = cmd->args_type;
 for(;;) {
@@ -3766,14 +3777,14 @@ static const mon_cmd_t *monitor_parse_command(Monitor 
*mon,
 switch(c) {
 case 'F':
 monitor_printf(mon, "%s: filename expected\n",
-   cmdname);
+   cmd->name);
 break;
 case 'B':
 monitor_printf(mon, "%s: block device name expected\n",
-   cmdname);
+   cmd->name);
 break;
 default:
-monitor_printf(mon, "%s: string expected\n", cmdname);
+monitor_printf(mon, "%s: string 

Re: [Qemu-devel] [RFC v8.1 06/13] vfio: add check host bus reset is support or not

[Chen Fan]

On 06/03/2015 12:47 AM, Alex Williamson wrote:

On Tue, 2015-06-02 at 15:54 +0800, Chen Fan wrote:

On 05/28/2015 05:32 AM, Alex Williamson wrote:

On Wed, 2015-05-27 at 10:46 +0800, Chen Fan wrote:

we introduce a has_bus_reset capability to sign the vfio
devices if support host bus reset.

Signed-off-by: Chen Fan 
---
   hw/vfio/pci.c | 123 
++
   1 file changed, 123 insertions(+)

diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index f4e7855..5934fd7 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -33,6 +33,7 @@
   #include "hw/pci/msix.h"
   #include "hw/pci/pci.h"
   #include "hw/pci/pci_bridge.h"
+#include "hw/pci/pci_bus.h"
   #include "qemu-common.h"
   #include "qemu/error-report.h"
   #include "qemu/event_notifier.h"
@@ -170,6 +171,7 @@ typedef struct VFIOPCIDevice {
   bool req_enabled;
   bool has_flr;
   bool has_pm_reset;
+bool has_bus_reset;

I still think that caching this is a bad idea, there's no point at which
we can blindly assume the capability is still present.


   bool rom_read_failed;
   } VFIOPCIDevice;
   
@@ -203,6 +205,7 @@ static uint32_t vfio_pci_read_config(PCIDevice *pdev, uint32_t addr, int len);

   static void vfio_pci_write_config(PCIDevice *pdev, uint32_t addr,
 uint32_t val, int len);
   static void vfio_mmap_set_enabled(VFIOPCIDevice *vdev, bool enabled);
+static void vfio_check_host_bus_reset(VFIOPCIDevice *vdev);
   
   /*

* Disabling BAR mmaping can be slow, but toggling it around INTx can
@@ -2853,6 +2856,20 @@ static int vfio_setup_aer(VFIOPCIDevice *vdev, int pos, 
uint16_t size)
   dev_iter = pci_bridge_get_device(dev_iter->bus);
   }
   
+/*

+ * Don't check bus reset capability when device is enabled during
+ * qemu machine creation, which is done by machine init function.
+ */
+if (DEVICE(vdev)->hotplugged) {
+vfio_check_host_bus_reset(vdev);
+if (!vdev->has_bus_reset) {
+error_report("vfio: Cannot enable AER for device %s, "
+ "which is not support host bus reset.",

"which does not support host bus reset."


+ vdev->vbasedev.name);
+goto error;
+}
+}
+
   errcap = vfio_pci_read_config(pdev, pdev->exp.aer_cap + PCI_ERR_CAP, 4);
   /*
* The ability to record multiple headers is depending on
@@ -3678,6 +3695,112 @@ static void vfio_setup_resetfn(VFIOPCIDevice *vdev)
   }
   }
   
+struct VfioDeviceFind {

We use VFIOFooBar for all other camel case definitions, much like PCIBus
and PCIDevice below.


+PCIBus *pbus;
+PCIDevice *pdev;
+bool found;
+};
+
+static void find_devices(PCIBus *bus, void *opaque)
+{
+struct VfioDeviceFind *find = opaque;
+int i;
+
+if (find->found == true) {

if (find->found) {...


+return;
+}
+
+for (i = 0; i < ARRAY_SIZE(bus->devices); i++) {
+if (!bus->devices[i]) {
+continue;
+}
+
+if (bus->devices[i] == find->pdev) {
+find->pbus = bus;
+find->found = true;
+break;
+}
+}
+}
+
+static void vfio_check_host_bus_reset(VFIOPCIDevice *vdev)
+{
+PCIBus *bus = vdev->pdev.bus;
+struct vfio_pci_hot_reset_info *info = NULL;
+struct vfio_pci_dependent_device *devices;
+VFIOGroup *group;
+int ret, i;
+bool has_bus_reset = false;
+
+ret = vfio_get_hot_reset_info(vdev, &info);
+if (ret < 0) {

if (ret) {...


+goto out;
+}
+
+/* List all affected devices by bus reset */
+devices = &info->devices[0];
+
+/* Verify that we have all the groups required */
+for (i = 0; i < info->count; i++) {
+PCIHostDeviceAddress host;
+VFIOPCIDevice *tmp;
+VFIODevice *vbasedev_iter;
+
+host.domain = devices[i].segment;
+host.bus = devices[i].bus;
+host.slot = PCI_SLOT(devices[i].devfn);
+host.function = PCI_FUNC(devices[i].devfn);
+
+/* Skip the current device */
+if (vfio_pci_host_match(&host, &vdev->host)) {
+continue;
+}
+
+/* Ensure we own the group of the affected device */
+QLIST_FOREACH(group, &vfio_group_list, next) {
+if (group->groupid == devices[i].group_id) {
+break;
+}
+}
+
+if (!group) {
+goto out;
+}
+
+/* Ensure affected devices for reset under the same bus */
+QLIST_FOREACH(vbasedev_iter, &group->device_list, next) {
+if (vbasedev_iter->type != VFIO_DEVICE_TYPE_PCI) {
+continue;
+}
+tmp = container_of(vbasedev_iter, VFIOPCIDevice, vbasedev);
+if (vfio_pci_host_match(&host, &tmp->host)) {
+struct VfioDeviceFind find = { .pdev = &tmp->pdev, .found = 
false };
+
+pci_for_each_bus(bus, find_devices, &find);
+  

Re: [Qemu-devel] [PATCH target-arm v1 9/9] arm: xlnx-zynqmp: Add 2xCortexR5 CPUs

[Alistair Francis]

On Tue, Jun 2, 2015 at 4:04 AM, Peter Crosthwaite
 wrote:
> Add the 2xCortexR5 CPUs to zynqmp board. They are powered off on reset
> (this is true of real hardware).
>
> Signed-off-by: Peter Crosthwaite 
> ---
>  hw/arm/xlnx-zynqmp.c | 26 ++
>  include/hw/arm/xlnx-zynqmp.h |  2 ++
>  2 files changed, 28 insertions(+)
>
> diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
> index 6faa578..bf46f7c 100644
> --- a/hw/arm/xlnx-zynqmp.c
> +++ b/hw/arm/xlnx-zynqmp.c
> @@ -71,6 +71,13 @@ static void xlnx_zynqmp_init(Object *obj)
>&error_abort);
>  }
>
> +for (i = 0; i < XLNX_ZYNQMP_NUM_RCPUS; i++) {
> +object_initialize(&s->rcpu[i], sizeof(s->rcpu[i]),
> +  "cortex-r5-" TYPE_ARM_CPU);
> +object_property_add_child(obj, "rcpu[*]", OBJECT(&s->rcpu[i]),
> +  &error_abort);
> +}
> +

Hey Peter,

Same comment about rcpu, I think it should just be rpu.

>  object_initialize(&s->gic, sizeof(s->gic), TYPE_ARM_GIC);
>  qdev_set_parent_bus(DEVICE(&s->gic), sysbus_get_default());
>
> @@ -155,6 +162,25 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>  qdev_connect_gpio_out(DEVICE(&s->acpu[i]), 1, irq);
>  }
>
> +for (i = 0; i < XLNX_ZYNQMP_NUM_RCPUS; i++) {
> +/* RCPUs and held in reset on startup, by the reset controller */
> +object_property_set_bool(OBJECT(&s->rcpu[i]), true,
> + "start-powered-off", &error_abort);
> +
> +object_property_set_bool(OBJECT(&s->rcpu[i]), true, "reset-hivecs",
> + &err);
> +if (err != NULL) {

You don't need the '!= NULL'.

> +error_propagate(errp, err);
> +return;
> +}
> +
> +object_property_set_bool(OBJECT(&s->rcpu[i]), true, "realized", 
> &err);
> +if (err) {
> +error_propagate((errp), (err));

You don't need the brackets around the errp and err.

Although looking above they all have brackets around them, so I guess
you are conforming with the reset of the style.

Thanks,

Alistair

> +return;
> +}
> +}
> +
>  for (i = 0; i < GIC_NUM_SPI_INTR; i++) {
>  gic_spi[i] = qdev_get_gpio_in(DEVICE(&s->gic), i);
>  }
> diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
> index bb67ef6..1272be3 100644
> --- a/include/hw/arm/xlnx-zynqmp.h
> +++ b/include/hw/arm/xlnx-zynqmp.h
> @@ -28,6 +28,7 @@
> TYPE_XLNX_ZYNQMP)
>
>  #define XLNX_ZYNQMP_NUM_ACPUS 4
> +#define XLNX_ZYNQMP_NUM_RCPUS 2
>  #define XLNX_ZYNQMP_NUM_GEMS 4
>  #define XLNX_ZYNQMP_NUM_UARTS 2
>
> @@ -48,6 +49,7 @@ typedef struct XlnxZynqMPState {
>
>  /*< public >*/
>  ARMCPU acpu[XLNX_ZYNQMP_NUM_ACPUS];
> +ARMCPU rcpu[XLNX_ZYNQMP_NUM_RCPUS];
>  GICState gic;
>  MemoryRegion gic_mr[XLNX_ZYNQMP_GIC_REGIONS][XLNX_ZYNQMP_GIC_ALIASES];
>  CadenceGEMState gem[XLNX_ZYNQMP_NUM_GEMS];
> --
> 2.4.2.3.g2ffcb72
>
>

Re: [Qemu-devel] [PATCH target-arm v1 8/9] arm: xlnx-zynqmp: Preface CPU variables with "A"

[Alistair Francis]

On Tue, Jun 2, 2015 at 4:04 AM, Peter Crosthwaite
 wrote:
> The CPUs currently supported by zynqmp are the APU (application
> processing unit) CPUs. There are other CPUs in Zynqmp so unqualified
> "cpus" in ambiguous. Preface the variables with "A" accordingly, to
> prepare support adding the RPU (realtime processing unit) processors.
>
> Signed-off-by: Peter Crosthwaite 
> ---
>  hw/arm/xlnx-ep108.c  |  2 +-
>  hw/arm/xlnx-zynqmp.c | 24 
>  include/hw/arm/xlnx-zynqmp.h |  4 ++--
>  3 files changed, 15 insertions(+), 15 deletions(-)
>
> diff --git a/hw/arm/xlnx-ep108.c b/hw/arm/xlnx-ep108.c
> index b924f5e..1893b9f 100644
> --- a/hw/arm/xlnx-ep108.c
> +++ b/hw/arm/xlnx-ep108.c
> @@ -65,7 +65,7 @@ static void xlnx_ep108_init(MachineState *machine)
>  xlnx_ep108_binfo.kernel_cmdline = machine->kernel_cmdline;
>  xlnx_ep108_binfo.initrd_filename = machine->initrd_filename;
>  xlnx_ep108_binfo.loader_start = 0;
> -arm_load_kernel(&s->soc.cpu[0], &xlnx_ep108_binfo);
> +arm_load_kernel(&s->soc.acpu[0], &xlnx_ep108_binfo);
>  }
>

Hey Peter,

Why is this acpu instead of apu? APU follows the standard ZynqMP naming
conventions, while Application Central Processing Unit (ACPU) doesn't really
make sense.

Thanks,

Alistair

>  static QEMUMachine xlnx_ep108_machine = {
> diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
> index 6b01965..6faa578 100644
> --- a/hw/arm/xlnx-zynqmp.c
> +++ b/hw/arm/xlnx-zynqmp.c
> @@ -64,10 +64,10 @@ static void xlnx_zynqmp_init(Object *obj)
>  XlnxZynqMPState *s = XLNX_ZYNQMP(obj);
>  int i;
>
> -for (i = 0; i < XLNX_ZYNQMP_NUM_CPUS; i++) {
> -object_initialize(&s->cpu[i], sizeof(s->cpu[i]),
> +for (i = 0; i < XLNX_ZYNQMP_NUM_ACPUS; i++) {
> +object_initialize(&s->acpu[i], sizeof(s->acpu[i]),
>"cortex-a53-" TYPE_ARM_CPU);
> -object_property_add_child(obj, "cpu[*]", OBJECT(&s->cpu[i]),
> +object_property_add_child(obj, "acpu[*]", OBJECT(&s->acpu[i]),
>&error_abort);
>  }
>
> @@ -95,7 +95,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>
>  qdev_prop_set_uint32(DEVICE(&s->gic), "num-irq", GIC_NUM_SPI_INTR + 32);
>  qdev_prop_set_uint32(DEVICE(&s->gic), "revision", 2);
> -qdev_prop_set_uint32(DEVICE(&s->gic), "num-cpu", XLNX_ZYNQMP_NUM_CPUS);
> +qdev_prop_set_uint32(DEVICE(&s->gic), "num-cpu", XLNX_ZYNQMP_NUM_ACPUS);
>  object_property_set_bool(OBJECT(&s->gic), true, "realized", &err);
>  if (err) {
>  error_propagate((errp), (err));
> @@ -121,38 +121,38 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>  }
>  }
>
> -for (i = 0; i < XLNX_ZYNQMP_NUM_CPUS; i++) {
> +for (i = 0; i < XLNX_ZYNQMP_NUM_ACPUS; i++) {
>  qemu_irq irq;
>
> -object_property_set_int(OBJECT(&s->cpu[i]), QEMU_PSCI_CONDUIT_SMC,
> +object_property_set_int(OBJECT(&s->acpu[i]), QEMU_PSCI_CONDUIT_SMC,
>  "psci-conduit", &error_abort);
>  if (i > 0) {
>  /* Secondary CPUs start in PSCI powered-down state */
> -object_property_set_bool(OBJECT(&s->cpu[i]), true,
> +object_property_set_bool(OBJECT(&s->acpu[i]), true,
>   "start-powered-off", &error_abort);
>  }
>
> -object_property_set_int(OBJECT(&s->cpu[i]), GIC_BASE_ADDR,
> +object_property_set_int(OBJECT(&s->acpu[i]), GIC_BASE_ADDR,
>  "reset-cbar", &err);
>  if (err) {
>  error_propagate((errp), (err));
>  return;
>  }
>
> -object_property_set_bool(OBJECT(&s->cpu[i]), true, "realized", &err);
> +object_property_set_bool(OBJECT(&s->acpu[i]), true, "realized", 
> &err);
>  if (err) {
>  error_propagate((errp), (err));
>  return;
>  }
>
>  sysbus_connect_irq(SYS_BUS_DEVICE(&s->gic), i,
> -   qdev_get_gpio_in(DEVICE(&s->cpu[i]), 
> ARM_CPU_IRQ));
> +   qdev_get_gpio_in(DEVICE(&s->acpu[i]), 
> ARM_CPU_IRQ));
>  irq = qdev_get_gpio_in(DEVICE(&s->gic),
> arm_gic_ppi_index(i, ARM_PHYS_TIMER_PPI));
> -qdev_connect_gpio_out(DEVICE(&s->cpu[i]), 0, irq);
> +qdev_connect_gpio_out(DEVICE(&s->acpu[i]), 0, irq);
>  irq = qdev_get_gpio_in(DEVICE(&s->gic),
> arm_gic_ppi_index(i, ARM_VIRT_TIMER_PPI));
> -qdev_connect_gpio_out(DEVICE(&s->cpu[i]), 1, irq);
> +qdev_connect_gpio_out(DEVICE(&s->acpu[i]), 1, irq);
>  }
>
>  for (i = 0; i < GIC_NUM_SPI_INTR; i++) {
> diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
> index 79c2b0b..bb67ef6 100644
> --- a/include/hw/arm/xlnx-zynqmp.h
> +++ b/include/hw/arm/xlnx-zynqmp.h
> @@ -27,7 +27,7 @@
>  #defin

Re: [Qemu-devel] [PATCH 05/10 v11] arget-tilegx/opcode_tilegx.h: Modify it to fit qemu using

[Andreas Färber]

Am 03.06.2015 um 02:43 schrieb Peter Maydell:
> On 30 May 2015 at 22:14, Chen Gang  wrote:
>> Use 'inline' instead of '__inline', and also use 'uint64_t' instead of
>> "unsigned long long"
>>
>> Signed-off-by: Chen Gang 
>> ---
>>  target-tilegx/opcode_tilegx.h | 220 
>> +-
>>  1 file changed, 110 insertions(+), 110 deletions(-)
> 
> Reviewed-by: Peter Maydell 

There's a "t" missing in the subject and the grammar is wrong - "usage"?
Also "QEMU".

Deserves a mention in the commit message why this is not being squashed.

Andreas

-- 
SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton; HRB
21284 (AG Nürnberg)

Re: [Qemu-devel] [PULL 1/8] target-sh4: use bit number for SR constants

[Christopher Covington]

Hi Aurelien,

On 06/01/2015 05:29 PM, Aurelien Jarno wrote:
> Use the bit number for SR constants instead of using a bit mask. This
> make possible to also use the constants for shifts.
> 
> Reviewed-by: Richard Henderson 
> Signed-off-by: Aurelien Jarno 
> ---
>  target-sh4/cpu.c   |  3 +-
>  target-sh4/cpu.h   | 30 ++--
>  target-sh4/gdbstub.c   |  4 +--
>  target-sh4/helper.c| 27 +-
>  target-sh4/op_helper.c | 26 -
>  target-sh4/translate.c | 75 
> ++
>  6 files changed, 85 insertions(+), 80 deletions(-)
> 
> diff --git a/target-sh4/cpu.c b/target-sh4/cpu.c
> index d187a2b..cccb14f 100644
> --- a/target-sh4/cpu.c
> +++ b/target-sh4/cpu.c
> @@ -61,7 +61,8 @@ static void superh_cpu_reset(CPUState *s)
>  env->fpscr = FPSCR_PR; /* value for userspace according to the kernel */
>  set_float_rounding_mode(float_round_nearest_even, &env->fp_status); /* 
> ?! */
>  #else
> -env->sr = SR_MD | SR_RB | SR_BL | SR_I3 | SR_I2 | SR_I1 | SR_I0;
> +env->sr = (1u << SR_MD) | (1u << SR_RB) | (1u << SR_BL) |
> +  (1u << SR_I3) | (1u << SR_I2) | (1u << SR_I1) | (1u << SR_I0);

I like using the BIT() macro for this kind of thing.

Chris

-- 
Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project

[Qemu-devel] GSoC 2015 (Mac OS 9 support) report, week 5

[Alexander Graf]

[This Week]
  - Finals ヽ(ｏ`皿′ｏ)ﾉ
  - Test all patches
  - Patch: Combined Adler-32 and copyright
- This patch will be split into two separate ones as suggested by Mark.
  - Remove extraneous "interrupts" property from /pci/mac-io
- I'm having trouble tracking down where the property is actually being
  set. The mac-io devices are defined in drivers/pci_database.c, but the
  pci_dev_t struct (drivers/pci_database.h) doesn't appear to have an
  interrupts field. Much of the mac-io related functionality is defined in
  drivers/macio.c, but there's no mention of interrupts there so I'm kind
  of at a loss.
- This originates from the PCI device's announcement of an IRQ pin which
  really shouldn't be there
- This only requires minimal changes, so the patch is ready. Just has to be
  tested before submission.

[Next Week]
  - Test and debug boot script loader
  - Progress past quiesce() client interface call
- At the moment, this function simply closes all USB devices (`usb_exit()`)
  and sets the Instruction and Data Address Translation bits in the MSR
  (@agraf: does this cause any side effects?). The stack diagram shows no
  arguments or return values, and none of the other `ciface` functions make
  any modifications to the stack other than their arguments or return
  values.
- Looks like `quiesce` either hangs on `mtmsr` or makes a jump out of the
  function.
- MSR.IR and MSR.DR enable paging for instructions and data respectively.
  IIRC we disable paging when quiesce gets called because it's the last
  call that Linux runs before it executes non-OF aware code IIRC.
- Try to run qemu with -d in_asm,cpu,int -D log and check where the code
  execution hangs :). There's a good chance we're already in the Mac OS 9
  kernel.
- It would appear that execution has branched off into invalid memory.
  invalid/unsupported opcode: 00 - 00 - 00 () 00f03000 0 IN:
  0x00f03000:  .long 0x0
- Awesome. What code gets executed before that? Maybe we shouldn't turn off
  IR/DR?
- Actually looking at the code, the MSR IR/DR part is surround by a #if 0
  ... #endif pair... maybe something in usb_exit() is breaking things?
  Possibly try removing it temporarily?
- usb_exit() doesn't appear to be causing any issues.
- This is probably where things go wrong. At 0x0740 I can't see a
  ToolboxImage:  ToolboxImage current logical address = 0x0740,
  ToolboxImage final physical address = 0x00C0.
- Is it just the virt<->phys map that is missing, i.e. can you see if the
  toolbox image is present in physical memory using the QEMU monitor "xp"
  command? In that case it might be that we need to mark a region as free
  in the virtual memory properties in order to allow the mapping to
  succeed. A DEBUG_CIF enabled log would help here.
- IIRC we're just using a 1:1 map for almost everything, so I doubt that
  it's an MMU problem. From a small glimpse it almost looked like the
  binary simply never got loaded to the address it thought it would be
  loaded at.
  - Enable debugging in MOL
- The installation is now broken after a failed make. Tried reinstalling
  from Zypper but it couldn't find the config files -- do they have to be
  added manually?
- The config files are at a different location when you compile manually,
  but I don't remember where everything was :). Just run mol with strace,
  it will tell you where it's looking for things. The current ones should
  be somewhere in /etc.

[Long Term]
  - Continue updating project log
  - Create and send patches
- [ ] Patch: Boot script loader
- [ ] ROM node
  - Patch: RTAS node
- Patch has been sent in and is awaiting review.

Re: [Qemu-devel] [PATCH v5 00/12] Dirty bitmaps migration

[John Snow]

On 05/28/2015 04:56 PM, Denis V. Lunev wrote:
> On 28/05/15 23:09, John Snow wrote:
>>
>> On 05/26/2015 10:51 AM, Denis V. Lunev wrote:
>>> On 26/05/15 17:48, Denis V. Lunev wrote:
 On 21/05/15 19:44, John Snow wrote:
> On 05/21/2015 09:57 AM, Denis V. Lunev wrote:
>> On 21/05/15 16:51, Vladimir Sementsov-Ogievskiy wrote:
>>> Hi all.
>>>
>>> Hmm. There is an interesting suggestion from Denis Lunev (in CC)
>>> about
>>> how to drop meta bitmaps and make things easer.
>>>
>>> method:
>>>
 start migration
>>> disk and memory are migrated, but not dirty bitmaps.
 stop vm
>>> create all necessary bitmaps in destination vm (empty, but with same
>>> names and granularities and enabled flag)
 start destination vm
>>> empty bitmaps are tracking now
 start migrating dirty bitmaps. merge them to corresponding bitmaps
>>> in destination
>>> while bitmaps are migrating, they should be in some kind of
>>> 'inconsistent' state.
>>> so, we can't start backup or other migration while bitmaps are
>>> migrating, but vm is already _running_ on destination.
>>>
>>> what do you think about it?
>>>
>> the description is a bit incorrect
>>
>> - start migration process, perform memory and disk migration
>>  as usual. VM is still executed at source
>> - start VM on target. VM on source should be on pause as usual,
>>  do not finish migration process. Running VM on target "writes"
>>  normally setting dirty bits as usual
>> - copy active dirty bitmaps from source to target. This is safe
>>  as VM on source is not running
>> - "OR" copied bitmaps with ones running on target
>> - finish migration process (stop source VM).
>>
>> Downtime will not be increased due to dirty bitmaps with this
>> approach, migration process is very simple - plain data copy.
>>
>> Regards,
>>   Den
>>
> I was actually just discussing the live migration approach a little
> bit
> ago with Stefan, trying to decide on the "right" packet format (The
> only
> two patches I haven't ACKed yet are ones in which we need to choose a
> send size) and we decided that 1KiB chunk sends would be
> appropriate for
> live migration.
>
> I think I'm okay with that method, but obviously this approach
> outlined
> here would also work very well and would avoid meta bitmaps, chunk
> sizes, migration tuning, convergence questions, etc etc etc.
>
> You'd need to add a new status to the bitmap on the target (maybe
> "INCOMPLETE" or "MIGRATING") that prevents it from being used for a
> backup operation without preventing it from recording new writes.
>
> My only concern is how easy it will be to work this into the migration
> workflow.
>
> It would require some sort of "post-migration" ternary phase, I
> suppose,
> for devices/data that can be transferred after the VM starts -- and I
> suspect we'll be the only use of that phase for now.
>
> David, what are your thoughts, here? Would you prefer Vladimir and I
> push forward on the live migration approach, or add a new post-hoc
> phase? This approach might be simpler on the block layer, but I
> would be
> rather upset if he scrapped his entire series for the second time for
> another approach that also didn't get accepted.
>
> --js
 hmmm It looks like we should proceed with this to fit 2.4 dates.
 There is not much interest at the moment. I think that we could
 implement this later in 2.5 etc...

 Regards,
  Den
>>> oops. I have written something strange. Anyway, I think that for
>>> now we should proceed with this patchset to fit QEMU 2.4 dates.
>>> The implementation with additional stage (my proposal) could be
>>> added later, f.e. in 2.5 as I do not see much interest from migration
>>> gurus.
>>>
>>> In this case the review will take a ... lot of time.
>>>
>>> Regards,
>>>  Den
>>>
>> That sounds good to me. I think this solution is workable for 2.4, and
>> we can begin working on a post-migration phase for the future to help
>> simplify our cases a lot.
>>
>> I have been out sick much of this week, so apologies in my lack of
>> fervor getting this series upstream recently.
>>
>> --js
> no prob :)

Had a chat with Stefan about this approach and apparently that's what
the postcopy migration patches on-list are all about.

Stefan brought up the point of post-hoc reliability: It's possible to
transfer control to the new VM and then lose your link, making migration
completion impossible. Adding a post-copy phase to our existing live
migration is a non-starter, because it introduces unfairly this
unreliability to the existing system.

However, we can make this idea work for migrations started via the
post-copy mechanism, because the entire migration al

Re: [Qemu-devel] [PATCH v5 00/12] Dirty bitmaps migration

[John Snow]

On 05/13/2015 11:29 AM, Vladimir Sementsov-Ogievskiy wrote:
> These patches provide dirty bitmap migration feature. Only named dirty
> bitmaps are to be migrated. Migration may be enabled using migration
> capabilities.
> 
> v5:
> - rebase on master
> - drop [PATCH RFC v4 10/13] iotests: add event_wait to VM class
> - remove rfc, as incremental backup series by John Snow are in
>   upstream
> 
> 

[...]

I believe as of now I've reviewed all of these patches. One more respin
may be warranted, but I'd like to start pressing for this to be merged
into Kevin's tree (iotests, core) or Stefan's (migration).

My hunch if Stefan's, since we touch those bits more, and he's already
reviewed the core functionality we're modifying, here.

It might be nice to have a maintainer review prior to Vladimir
respinning the series for my minor nitpicks on v5 so that we can spin up
a v6 expecting it to be the final iteration.

Vladimir: With this hopefully out of the way soon, would you like to
rebase your persistence series now so we can begin picking through that
on-list so we can push that through for 2.4?

Thanks!

--js

Re: [Qemu-devel] [PATCH 11/12] iotests: add dirty bitmap migration test

[John Snow]

On 05/13/2015 11:30 AM, Vladimir Sementsov-Ogievskiy wrote:
> The test starts two vms (vm_a, vm_b), create dirty bitmap in
> the first one, do several writes to corresponding device and
> then migrate vm_a to vm_b with dirty bitmaps.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
>  tests/qemu-iotests/117 | 84 
> ++
>  tests/qemu-iotests/117.out |  5 +++
>  tests/qemu-iotests/group   |  1 +
>  3 files changed, 90 insertions(+)
>  create mode 100755 tests/qemu-iotests/117
>  create mode 100644 tests/qemu-iotests/117.out
> 
> diff --git a/tests/qemu-iotests/117 b/tests/qemu-iotests/117
> new file mode 100755
> index 000..9fab5d0
> --- /dev/null
> +++ b/tests/qemu-iotests/117
> @@ -0,0 +1,84 @@
> +#!/usr/bin/env python
> +#
> +# Tests for dirty bitmaps migration.
> +#
> +# (C) Vladimir Sementsov-Ogievskiy 2015
> +#
> +# This program is free software; you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation; either version 2 of the License, or
> +# (at your option) any later version.
> +#
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program.  If not, see .
> +#
> +
> +import os
> +import iotests
> +import time
> +from iotests import qemu_img
> +
> +disk_a = os.path.join(iotests.test_dir, 'disk_a')
> +disk_b = os.path.join(iotests.test_dir, 'disk_b')
> +fifo   = os.path.join(iotests.test_dir, 'fifo')
> +
> +size   = 0x4000 # 1G
> +sector_size = 512
> +granularity = 0x1
> +regions = [
> +{ 'start': 0,  'count': 0x10 },
> +{ 'start': 0x1000, 'count': 0x2  },
> +{ 'start': 0x3999, 'count': 0x1  }
> +]
> +
> +class TestDirtyBitmapMigration(iotests.QMPTestCase):
> +
> +def setUp(self):
> +os.mkfifo(fifo)
> +qemu_img('create', '-f', iotests.imgfmt, disk_a, str(size))
> +qemu_img('create', '-f', iotests.imgfmt, disk_b, str(size))
> +self.vm_a = iotests.VM().add_drive(disk_a)
> +self.vm_b = iotests.VM().add_drive(disk_b)
> +self.vm_b.add_incoming_migration("exec: cat " + fifo)
> +self.vm_a.launch()
> +self.vm_b.launch()
> +
> +def tearDown(self):
> +self.vm_a.shutdown()
> +self.vm_b.shutdown()
> +os.remove(disk_a)
> +os.remove(disk_b)
> +os.remove(fifo)
> +
> +def test_migration(self):
> +result = self.vm_a.qmp('block-dirty-bitmap-add', node='drive0',
> +   name='bitmap', granularity=granularity)
> +self.assert_qmp(result, 'return', {});
> +
> +for r in regions:
> +  self.vm_a.hmp_qemu_io('drive0',
> +'write %d %d' % (r['start'], r['count']))
> +
> +result = self.vm_a.qmp('query-block');
> +md5 = result['return'][0]['dirty-bitmaps'][0]['md5']
> +
> +result = self.vm_a.qmp('migrate-set-capabilities',
> +   capabilities=[{'capability': 'dirty-bitmaps',
> +  'state': True}])
> +self.assert_qmp(result, 'return', {})
> +
> +result = self.vm_a.qmp('migrate', uri='exec:cat>' + fifo)
> +self.assertIsNotNone(self.vm_a.event_wait("STOP"))
> +self.assertIsNotNone(self.vm_b.event_wait("RESUME"))

I recently got stung for this myself, but apparently certain versions we
target with QEMU don't have Python 2.7, which is when the
assertIsNotNone helper was introduced.

We can use e.g. assertNotEqual(self.vm_a.event_wait("STOP"), None) instead.

> +
> +result = self.vm_b.qmp('query-block');
> +self.assert_qmp(result, 'return[0]/dirty-bitmaps[0]/md5', md5);
> +
> +
> +if __name__ == '__main__':
> +iotests.main()
> diff --git a/tests/qemu-iotests/117.out b/tests/qemu-iotests/117.out
> new file mode 100644
> index 000..ae1213e
> --- /dev/null
> +++ b/tests/qemu-iotests/117.out
> @@ -0,0 +1,5 @@
> +.
> +--
> +Ran 1 tests
> +
> +OK
> diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
> index 6ca3466..6812681 100644
> --- a/tests/qemu-iotests/group
> +++ b/tests/qemu-iotests/group
> @@ -121,6 +121,7 @@
>  114 rw auto quick
>  115 rw auto
>  116 rw auto quick
> +117 rw auto quick
>  121 rw auto
>  122 rw auto
>  123 rw auto quick
> 

With that edit:

Reviewed-by: John Snow 

Re: [Qemu-devel] [PATCH 07/12] migration: add migration/block-dirty-bitmap.c

[John Snow]

On 05/13/2015 11:30 AM, Vladimir Sementsov-Ogievskiy wrote:
> Live migration of dirty bitmaps. Only named dirty bitmaps, associated with
> root nodes and non-root named nodes are migrated.
> 
> If destination qemu is already containing a dirty bitmap with the same name
> as a migrated bitmap (for the same node), than, if their granularities are
> the same the migration will be done, otherwise the error will be generated.
> 
> If destination qemu doesn't contain such bitmap it will be created.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
>  include/migration/block.h  |   1 +
>  migration/Makefile.objs|   2 +-
>  migration/block-dirty-bitmap.c | 728 
> +
>  vl.c   |   1 +
>  4 files changed, 731 insertions(+), 1 deletion(-)
>  create mode 100644 migration/block-dirty-bitmap.c
> 
> diff --git a/include/migration/block.h b/include/migration/block.h
> index ffa8ac0..566bb9f 100644
> --- a/include/migration/block.h
> +++ b/include/migration/block.h
> @@ -14,6 +14,7 @@
>  #ifndef BLOCK_MIGRATION_H
>  #define BLOCK_MIGRATION_H
>  
> +void dirty_bitmap_mig_init(void);
>  void blk_mig_init(void);
>  int blk_mig_active(void);
>  uint64_t blk_mig_bytes_transferred(void);
> diff --git a/migration/Makefile.objs b/migration/Makefile.objs
> index d929e96..128612d 100644
> --- a/migration/Makefile.objs
> +++ b/migration/Makefile.objs
> @@ -6,5 +6,5 @@ common-obj-y += xbzrle.o
>  common-obj-$(CONFIG_RDMA) += rdma.o
>  common-obj-$(CONFIG_POSIX) += exec.o unix.o fd.o
>  
> -common-obj-y += block.o
> +common-obj-y += block.o block-dirty-bitmap.o
>  
> diff --git a/migration/block-dirty-bitmap.c b/migration/block-dirty-bitmap.c
> new file mode 100644
> index 000..2d3ba23
> --- /dev/null
> +++ b/migration/block-dirty-bitmap.c
> @@ -0,0 +1,728 @@
> +/*
> + * QEMU dirty bitmap migration
> + *
> + * Live migration of dirty bitmaps. Only named dirty bitmaps, associated with
> + * root nodes and non-root named nodes are migrated. Live iteration is 
> disabled
> + * for small data amount (see MIN_LIVE_SIZE).
> + *
> + * If destination qemu is already containing a dirty bitmap with the same 
> name
> + * as a migrated bitmap (for the same node), than, if their granularities are
> + * the same the migration will be done, otherwise the error will be 
> generated.
> + *
> + * If destination qemu doesn't contain such bitmap it will be created.
> + *
> + * format of migration:
> + *
> + * # Header (shared for different chunk types)
> + * 1, 2 or 4 bytes: flags (see qemu_{put,put}_flags)
> + * [ 1 byte: node name size ] \  flags & DEVICE_NAME
> + * [ n bytes: node name ] /
> + * [ 1 byte: bitmap name size ] \  flags & BITMAP_NAME
> + * [ n bytes: bitmap name ] /
> + *
> + * # Start of bitmap migration (flags & START)
> + * header
> + * be64: granularity
> + *
> + * # Complete of bitmap migration (flags & COMPLETE)
> + * header
> + * 1 byte: bitmap enabled flag
> + *
> + * # Data chunk of bitmap migration
> + * header
> + * be64: start sector
> + * be32: number of sectors
> + * [ be64: buffer size  ] \ ! (flags & ZEROES)
> + * [ n bytes: buffer] /
> + *
> + * The last chunk in stream should contain flags & EOS. The chunk may skip
> + * device and/or bitmap names, assuming them to be the same with the previous
> + * chunk.
> + *
> + *
> + * This file is derived from migration/block.c
> + *
> + * Author:
> + * Vladimir Sementsov-Ogievskiy 
> + *
> + * original copyright message:
> + * =
> + * Copyright IBM, Corp. 2009
> + *
> + * Authors:
> + *  Liran Schour   
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2.  See
> + * the COPYING file in the top-level directory.
> + *
> + * Contributions after 2012-01-13 are licensed under the terms of the
> + * GNU GPL, version 2 or (at your option) any later version.
> + * =
> + */
> +
> +#include "block/block.h"
> +#include "block/block_int.h"
> +#include "sysemu/block-backend.h"
> +#include "qemu/main-loop.h"
> +#include "qemu/error-report.h"
> +#include "migration/block.h"
> +#include "migration/migration.h"
> +#include "qemu/hbitmap.h"
> +#include 
> +
> +#define CHUNK_SIZE (1 << 10)
> +#define MIN_LIVE_SIZE  (1 << 20)
> +
> +/* Flags occupy from one to four bytes. In all but one the 7-th (EXTRA_FLAGS)
> + * bit should be set. */
> +#define DIRTY_BITMAP_MIG_FLAG_EOS   0x01
> +#define DIRTY_BITMAP_MIG_FLAG_ZEROES0x02
> +#define DIRTY_BITMAP_MIG_FLAG_BITMAP_NAME   0x04
> +#define DIRTY_BITMAP_MIG_FLAG_DEVICE_NAME   0x08
> +#define DIRTY_BITMAP_MIG_FLAG_START 0x10
> +#define DIRTY_BITMAP_MIG_FLAG_COMPLETE  0x20
> +#define DIRTY_BITMAP_MIG_FLAG_BITS  0x40
> +
> +#define DIRTY_BITMAP_MIG_EXTRA_FLAGS0x80
> +#define DIRTY_BITMAP_MIG_FLAGS_SIZE_16  0x8000
> +#define DIRTY_BITMAP_MIG_FLAGS_SIZE_3

Re: [Qemu-devel] [PATCH 09/10 v11] target-tilegx: Generate tcg instructions to finish "Hello world"

[Chen Gang]

On 6/3/15 00:32, Richard Henderson wrote:
> On 06/01/2015 01:54 PM, Chen Gang wrote:
>>> Further, the < TILEGX_R_COUNT restriction is also incorrect.  True, you 
>>> don't
>>> actually implement the top 7 special registers, but that doesn't matter, you
>>> should still be incrementing them.
>>>
>>
>> We did not implement them, so can not increment them, either.
>>
>> They are hidden to outside, or we have to define and implement them.
>>
>> So for me, the current code is correct.
> 
> It isn't correct, it's simply functional.  These registers may eventually be
> implemented, and at that point this code will fail.  You'll note that your
> store_add functions don't have the same problem, because they don't have this
> R_COUNT check.  It would be better to increase the number of buffer slots and
> do the right thing here in load_add.
> 

For me, it is about 2 discussions:

 - Whether need implement additional 7 registers.

   I guess not. But if we will really implement them in future, we need
   only let TILEGX_R_COUNT = TILEGX_R_ZERO, and all things should still
   be OK.

 - Whether need 2 or more tmp variables for one pipe.

   It is not necessary, but it will let the code simplier.


> My suggestion is to expand tmp_regs to 4, drop tmp_regcur, and have dest_gr
> manage all of the indexing.  I.e.
> 
> static TCGv dest_gr(DisasContext *dc, uint8_t rdst)
> {
> int n = dc->n_tmp_regs++;
> assert(n < ARRAY_SIZE(dc->tmp_regs));
> dc->tmp_regs[n].idx = rdst;
> return dc->tmp_regs[n].val = tcg_temp_new_i64();
> }
> 
> In this way you can in fact call dest_gr twice within load_add and everything
> will Just Work.
> 

For me, the code is fine (and reset dc->n_tmp_regs for each bundle).

Thanks.
-- 
Chen Gang

Open, share, and attitude like air, water, and life which God blessed

Re: [Qemu-devel] [PATCH RFC 3/5] softmmu: add a tlb_vaddr_to_host_fill function

[Peter Maydell]

On 2 June 2015 at 21:58, Richard Henderson  wrote:
> On 06/02/2015 01:10 PM, Aurelien Jarno wrote:
>> It looks like we have to go through the MMIO functions to get the
>> TLB_NOTDIRTY bit cleaned correctly. This is something we don't want for
>> probe_write, so we definitely want two different functions.
>
> I think that's why target-arm does it's somewhat convoluted loop in which it
> stores one byte to the page and then tries again to use tlb_vaddr_to_host.

Also if we take a fault we must do so with the fault address set
to the exact address passed in by the guest in the register,
even if that isn't the first (QEMU) page in the region being cleared.
So we must test that exact byte first.

-- PMM

Re: [Qemu-devel] [PATCH RFC 3/5] softmmu: add a tlb_vaddr_to_host_fill function

[Richard Henderson]

On 06/02/2015 01:10 PM, Aurelien Jarno wrote:
> It looks like we have to go through the MMIO functions to get the
> TLB_NOTDIRTY bit cleaned correctly. This is something we don't want for
> probe_write, so we definitely want two different functions.

I think that's why target-arm does it's somewhat convoluted loop in which it
stores one byte to the page and then tries again to use tlb_vaddr_to_host.

If the page isn't in the tlb, we perform a complete store and thus both pull
the page into the tlb as well as mark it dirty.  Thus if the page still isn't
present for the second vaddr_to_host, it really is I/O, or is being watched by
the debugger, or something equally unlikely.


r~

Re: [Qemu-devel] [PATCH RFC 3/5] softmmu: add a tlb_vaddr_to_host_fill function

[Richard Henderson]

On 06/02/2015 04:26 AM, Aurelien Jarno wrote:
>  int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
> -CPUTLBEntry *tlbentry = &env->tlb_table[mmu_idx][index];
> +CPUTLBEntry *tlbentry;
>  target_ulong tlb_addr;
>  uintptr_t haddr;
>  
> +again:
> +tlbentry = &env->tlb_table[mmu_idx][index];
> +
>  switch (access_type) {
> -case 0:
> +case MMU_DATA_LOAD:
>  tlb_addr = tlbentry->addr_read;
>  break;
> -case 1:
> +case MMU_DATA_STORE:
>  tlb_addr = tlbentry->addr_write;
>  break;
> -case 2:
> +case MMU_INST_FETCH:
>  tlb_addr = tlbentry->addr_code;
>  break;
>  default:
> @@ -347,10 +350,14 @@ static inline void *tlb_vaddr_to_host(CPUArchState 
> *env, target_ulong addr,
>  if ((addr & TARGET_PAGE_MASK)
>  != (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
>  /* TLB entry is for a different page */
> +if (fill) {
> +tlb_fill(ENV_GET_CPU(env), addr, access_type, mmu_idx, retaddr);
> +goto again;
> +}
>  return NULL;
>  }

To properly perform a fill, you also ought to check the victim cache.
There's a macro to do that in softmmu_template.h, which is why I
placed probe_write there.  It's not so convenient to use with a
variable type though.

In addition, the address of tlbentry cannot change, so there's no
point in recomputing that.  Indeed, you'd probably be better off
saving &addr_foo so that you only have to go through the switch once.

  switch (access_type) {
  case N:
tlb_addr_ptr = &tlbentry->addr_foo;
break;
  }
  tlb_addr = *tlb_addr_ptr;
  if (...) {
if (!VICTIM_TLB_HIT(...)) {
  if (!fill) {
return NULL;
  }
  tlb_fill(...);
}
tlb_addr = *tlb_addr_ptr;
  }

and thus there's no loop to be mis-predicted.


r~

Re: [Qemu-devel] [PATCH 06/10 v11] target-tilegx: Add special register information from Tilera Corporation

[Chen Gang]

On 6/3/15 01:44, Peter Maydell wrote:
> On 30 May 2015 at 22:15, Chen Gang  wrote:
>> The related copy is from Linux kernel "arch/tile/include/uapi/arch/
>> spr_def_64.h".
>>
>> Signed-off-by: Chen Gang 
>> ---
>>  target-tilegx/spr_def_64.h | 216 
>> +
>>  1 file changed, 216 insertions(+)
>>  create mode 100644 target-tilegx/spr_def_64.h
> 
> I'd care more about the possibility of conflicts with the
> actual user header if we supported building QEMU on
> a tilegx host. But since we don't this is OK.
> 

it contents "#ifndef __ARCH_SPR_DEF_64_H__", and belongs to UAPI which
should be no changes (at least should be compatible with old version),
so for me, it should be no conflicts on a tilegx host.

> Reviewed-by: Peter Maydell 
> 

OK Thanks.

-- 
Chen Gang

Open, share, and attitude like air, water, and life which God blessed

Re: [Qemu-devel] [PATCH 06/10 v11] target-tilegx: Add special register information from Tilera Corporation

[Chen Gang]

On 6/3/15 01:44, Peter Maydell wrote:
> On 30 May 2015 at 22:15, Chen Gang  wrote:
>> The related copy is from Linux kernel "arch/tile/include/uapi/arch/
>> spr_def_64.h".
>>
>> Signed-off-by: Chen Gang 
>> ---
>>  target-tilegx/spr_def_64.h | 216 
>> +
>>  1 file changed, 216 insertions(+)
>>  create mode 100644 target-tilegx/spr_def_64.h
> 
> I'd care more about the possibility of conflicts with the
> actual user header if we supported building QEMU on
> a tilegx host. But since we don't this is OK.
> 

it contents "#ifndef __ARCH_SPR_DEF_64_H__", and belongs to UAPI which
should be no changes (at least should be compitable with old version),
so for me, it should be no conflicts on a tilegx host.

> Reviewed-by: Peter Maydell 
> 

OK Thanks.

-- 
Chen Gang

Open, share, and attitude like air, water, and life which God blessed

Re: [Qemu-devel] [PATCH 07/10 v11] target-tilegx: Add cpu basic features for linux-user

[Chen Gang]

Firstly, thank you very much for your valuable work for all patches.

On 6/3/15 01:51, Peter Maydell wrote:
> On 30 May 2015 at 22:15, Chen Gang  wrote:
>> +
>> +#define TILEGX_IS_ERRNO(ret) \
>> +   ((ret) > 0xf000ULL) /* errno is 0 -- 
>> 4096 */
> 
> TILEGX_IS_ERRNO is specific to the Linux syscall ABI; it
> belongs in linux-user/ somewhere, not here.
> 

OK, thanks. I shall move it to linux-user/tilegx/syscall.h.

>> +#define ENV_GET_CPU(e) CPU(tilegx_env_get_cpu(e))
>> +
>> +#define ENV_OFFSET offsetof(TileGXCPU, env)
>> +
>> +/* TILE-Gx memory attributes */
>> +#define TARGET_PAGE_BITS 16  /* TILE-Gx uses 64KB page size */
>> +#define MMAP_SHIFT TARGET_PAGE_BITS
> 
> MMAP_SHIFT is linux ABI specific and doesn't belong in this file.
> 

OK, thanks. I shall move it to linux-user/tilegx/syscall.h (although
all the other targets still put it in "target-*/cpu.h").


>> +#define TARGET_PHYS_ADDR_SPACE_BITS 42 /* It has 42 bit physical addresses 
>> */
>> +#define TARGET_VIRT_ADDR_SPACE_BITS 64 /* It has 64 bit virtual addresses */
> 
> These comments are stating the obvious and can be deleted.
>

OK, thanks.
 

-- 
Chen Gang

Open, share, and attitude like air, water, and life which God blessed

Re: [Qemu-devel] [PATCH 09/13] target-s390x: implement TRANSLATE EXTENDED instruction

[Richard Henderson]

On 06/02/2015 12:05 PM, Aurelien Jarno wrote:
>> But why don't we just pass and return (most) of the data to the helper?  Like
>>
>>   C(0xb2a5, TRE, RRE,   Z,   0, r2, r1_P, 0, tre, 0)
>>
>>   potential_page_fault(s);
>>   gen_helper_tre(o->out, cpu_env, o->out, o->out2, o->in2);
>>   return_low128(o->out2);
>>   set_cc_static(s);
> 
> My point was that we need to pass 4 values (reg0, r1, r1+1 and r2) and
> return 3 values (r1, r1+1 and cc), so it's probably better to pass all
> of them the same way. It's the strategy chosen for other similar
> instructions (e.g mvcl), except for cc.
> 
> I'll change that in the next version.

The reg0 and cc data is at a fixed location, and are
therefore more amenable to passing implicitly.

It's r1, r1+1, and r2 that are in varying locations,
and therefore you either have to pass their register
number or their contents.

For mvcl, there are 5 return values, so we're pretty
much stuck passing register numbers.


r~

Re: [Qemu-devel] [PATCH 10/10 v11] target-tilegx: Add TILE-Gx building files

[Chen Gang]

On 6/3/15 01:52, Peter Maydell wrote:
> On 30 May 2015 at 22:19, Chen Gang  wrote:
>> Add related configuration, make files for tilegx. Now, qemu tilegx can
>> pass building, and finish running "Hello world" static/shared elf64
>> binary.
>>
>> Signed-off-by: Chen Gang 
> 
> Reviewed-by: Peter Maydell 
> 

OK, thanks.

-- 
Chen Gang

Open, share, and attitude like air, water, and life which God blessed

Re: [Qemu-devel] [PATCH 09/10 v11] target-tilegx: Generate tcg instructions to finish "Hello world"

[Chen Gang]

On 6/3/15 01:54, Peter Maydell wrote:
> On 30 May 2015 at 22:18, Chen Gang  wrote:
>> Generate related tcg instructions, and qemu tilegx can finish running
>> "Hello world". The elf64 binary can be static or shared.
>>
>> Signed-off-by: Chen Gang 
>> ---
>>  target-tilegx/translate.c | 2787 
>> +
>>  1 file changed, 2787 insertions(+)
>>  create mode 100644 target-tilegx/translate.c
> 
> For me, this patch is just too long to review sensibly.
> (Simply trying to deal with replying to this email in my mail
> client was a pain.)
> 
> But Richard is going to review this so I'll let him make
> that decision.
> 

OK, thanks.


-- 
Chen Gang

Open, share, and attitude like air, water, and life which God blessed

Re: [Qemu-devel] [RFC] extensions to the -m memory option

[Peter Crosthwaite]

On Tue, Jun 2, 2015 at 4:01 AM, Liviu Ionescu  wrote:
>
>> On 02 Jun 2015, at 13:42, Peter Maydell  wrote:
>>
>> On 2 June 2015 at 11:32, Peter Crosthwaite  
>> wrote:
>>> On Tue, Jun 2, 2015 at 3:15 AM, Liviu Ionescu  wrote:
 similar content is also present in Table B3-1 "ARMv7-M address map", in 
 ARM DDI 0403D, "ARMv7-M Architecture Reference Manual".

 0x-0x1FFF | Code | Typically ROM or flash memory. Memory 
 required from address 0x0 to support the vector table for system boot code 
 on reset.
 0x2000-0x3FFF | SRAM | SRAM region typically used for on-chip RAM.

>>>
>>> The Devil is in the "typically" which means it's not actually specced
>>> on the processor layer. I think the case is reasonable for your
>>> intermediate layer though with a critical mass of vendors opting into
>>> this "typical" case.
>>
>> Yep. The CPU itself (and the M profile architecture) are opinionated
>> about the memory map layout (much more so than A/R profile), but don't
>> actually insist on it, and the flash/ROM are outside the core proper.
>
> the  "ARMv7-M Architecture Reference Manual" does not mandate on a specific 
> memory type ("Typically ROM or flash memory"), but when it writes "Memory 
> required from address 0x0 to support the vector table for system boot code on 
> reset.", my understanding is that this is a mandatory requirement.
>

So translated loosely this is "Something memory mapped must be at
address 0". We shouldn't make any assumptions of what on the proc
layer. It could be an external bus, a hardcoded short rom section that
trampolines the vectors somewhere else or either RAM or ROM.

> anyway, my implementation includes a "cortexm-mcu" type, which is intended as 
> base type for specific vendor mcu objects, and as such it includes rom and 
> ram.
>

But practical reality seems different so this solution makes sense to me so far.

Regards,
Peter

> regards,
>
> Liviu
>
>

Re: [Qemu-devel] [PATCH v2 3/3] qmp/hmp: Add throttle ratio to query-migrate and info migrate

[Eric Blake]

On 06/02/2015 11:46 AM, Jason J. Herne wrote:
> Report throttle ratio in info migrate and query-migrate responses when cpu
> throttling is active.
> 
> Signed-off-by: Jason J. Herne 
> ---
>  hmp.c | 5 +
>  migration/migration.c | 5 +
>  qapi-schema.json  | 3 ++-
>  3 files changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/hmp.c b/hmp.c
> index e17852d..cb3c137 100644
> --- a/hmp.c
> +++ b/hmp.c
> @@ -229,6 +229,11 @@ void hmp_info_migrate(Monitor *mon, const QDict *qdict)
> info->xbzrle_cache->overflow);
>  }
>  
> +if (info->has_x_cpu_throttle_ratio) {
> +monitor_printf(mon, "cpu throttle ratio : %0.2f\n",

s/ :/:/

How big or small can the ratio get? Is %g going to be nicer than %f if
the ratio goes through a large range of possibilities?

> +++ b/qapi-schema.json
> @@ -483,7 +483,8 @@
> '*total-time': 'int',
> '*expected-downtime': 'int',
> '*downtime': 'int',
> -   '*setup-time': 'int'} }
> +   '*setup-time': 'int',
> +   '*x-cpu-throttle-ratio': 'number'} }

Even though it is marked experimental, it is still worth documenting
this parameter, and include mention of how to interpret it (0.0 means no
throttling, 1.0 means 50% duty cycle, 2.0 means 33% duty cycle, right?).
Documentation should mention '(since 2.4)'

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH RFC 3/5] softmmu: add a tlb_vaddr_to_host_fill function

[Aurelien Jarno]

On 2015-06-02 13:26, Aurelien Jarno wrote:
> The softmmu code already provides a tlb_vaddr_to_host function, which
> returns the host address corresponding to a guest virtual address,
> *if it is already in the QEMU MMU TLB*.
> 
> This patch is an attempt to have a function which try to fill the TLB
> entry if it is not already in the QEMU MMU TLB, possibly trigger a guest
> fault. It can be used directly in helpers. For that it creates a common
> function with a boolean to tell if the TLB needs to be filled or not. If
> yes, it causes tlb_fill, which might trigger an exception or succeed in
> which case the tlbentry pointer need to be reloaded.
> 
> I also had to change the MMIO test part. It seems that in write mode
> some TLB entries are filled with TLB_NOTDIRTY. They are caught by the
> MMIO test and a NULL pointer is returned instead. I am not sure of my
> change, but I guess the current softmmu code has the same issue.

It looks like we have to go through the MMIO functions to get the
TLB_NOTDIRTY bit cleaned correctly. This is something we don't want for
probe_write, so we definitely want two different functions.

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PATCH v2 2/3] migration: Dynamic cpu throttling for auto-converge

[Eric Blake]

On 06/02/2015 11:46 AM, Jason J. Herne wrote:
> Remove traditional auto-converge static 30ms throttling code and replace it
> with a dynamic throttling algorithm.
> 
> Additionally, be more aggressive when deciding when to start throttling.
> Previously we waited until four unproductive memory passes. Now we begin
> throttling after only two unproductive memory passes. Four seemed quite
> arbitrary and only waiting for two passes allows us to complete the migration
> faster.
> 
> Signed-off-by: Jason J. Herne 
> Reviewed-by: Matthew Rosato 
> ---
>  arch_init.c   | 95 
> +--
>  migration/migration.c |  9 +
>  2 files changed, 41 insertions(+), 63 deletions(-)
> 

> +static void mig_throttle_guest_down(void)
> +{
> +CPUState *cpu;
> +
> +CPU_FOREACH(cpu) {
> +/* We have not started throttling yet. Lets start it.*/

s/Lets/Let's/
s|it.*/|it. */|

> +if (!cpu_throttle_active(cpu)) {
> +cpu_throttle_start(cpu, 0.2);
> +}
> +
> +/* Throttling is already in place. Just increase the throttling rate 
> */
> +else {

Unusual layout.  More typical would be:

if (...) {
   ...
} else {
   /* comment */
   ...
}

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 0/4] macio: change DMA methods over to offset/len implementation

[John Snow]

On 05/31/2015 04:05 PM, Mark Cave-Ayland wrote:
> This patchset follows on from my recent work on fixing issues with the
> macio controller, and remodels the new pmac_dma_read() and pmac_dma_write()
> functions in a similar manner to the unaligned block functions.
> 
> With this in place, long chains of overlapping unaligned requests as used
> by OS X/Darwin will now work correctly without introducting torn sector
> errors when writing to disk.
> 
> Also included are some tidy-ups as a result of the above changes.
> 
> Signed-off-by: Mark Cave-Ayland 
> 
> Mark Cave-Ayland (4):
>   macio: switch pmac_dma_read() over to new offset/len implementation
>   macio: switch pmac_dma_write() over to new offset/len implementation
>   macio: update comment/constants to reflect the new code
>   macio: remove remainder_len DBDMA_io property
> 
>  hw/ide/macio.c |  271 
> +---
>  include/hw/ppc/mac_dbdma.h |4 +-
>  2 files changed, 105 insertions(+), 170 deletions(-)
> 

Provided the printfs get fixed:

Reviewed-by: John Snow 

If you resend, I'll stage it.

Thanks!
--js

Re: [Qemu-devel] [PATCH 1/4] macio: switch pmac_dma_read() over to new offset/len implementation

[John Snow]

On 05/31/2015 04:05 PM, Mark Cave-Ayland wrote:
> For better handling of unaligned block device accesses.
> 
> Signed-off-by: Mark Cave-Ayland 
> ---
>  hw/ide/macio.c |  102 
> ++--
>  1 file changed, 40 insertions(+), 62 deletions(-)
> 
> diff --git a/hw/ide/macio.c b/hw/ide/macio.c
> index 585a27b..f1ac001 100644
> --- a/hw/ide/macio.c
> +++ b/hw/ide/macio.c
> @@ -52,7 +52,7 @@ static const int debug_macio = 0;
>  #define MACIO_PAGE_SIZE 4096
>  
>  static void pmac_dma_read(BlockBackend *blk,
> -  int64_t sector_num, int nb_sectors,
> +  int64_t offset, unsigned int bytes,
>void (*cb)(void *opaque, int ret), void *opaque)
>  {
>  DBDMA_io *io = opaque;
> @@ -60,76 +60,48 @@ static void pmac_dma_read(BlockBackend *blk,
>  IDEState *s = idebus_active_if(&m->bus);
>  dma_addr_t dma_addr, dma_len;
>  void *mem;
> -int nsector, remainder;
> +int64_t sector_num;
> +int nsector;
> +uint64_t align = BDRV_SECTOR_SIZE;
> +size_t head_bytes, tail_bytes;
>  
>  qemu_iovec_destroy(&io->iov);
>  qemu_iovec_init(&io->iov, io->len / MACIO_PAGE_SIZE + 1);
>  
> -if (io->remainder_len > 0) {
> -/* Return remainder of request */
> -int transfer = MIN(io->remainder_len, io->len);
> +sector_num = (offset >> 9);
> +nsector = (io->len >> 9);
>  
> -MACIO_DPRINTF("--- DMA read pop - bounce addr: %p addr: %"
> -  HWADDR_PRIx " remainder_len: %x\n",
> -  &io->remainder + (0x200 - transfer), io->addr,
> -  io->remainder_len);
> +MACIO_DPRINTF("--- DMA read transfer (0x%" HWADDR_PRIx ",0x%x): "
> +  "sector_num: %ld, nsector: %d\n", io->addr, io->len,
> +  sector_num, nsector);
>  
> -cpu_physical_memory_write(io->addr,
> -  &io->remainder + (0x200 - transfer),
> -  transfer);
> +dma_addr = io->addr;
> +dma_len = io->len;
> +mem = dma_memory_map(&address_space_memory, dma_addr, &dma_len,
> + DMA_DIRECTION_FROM_DEVICE);
>  
> -io->remainder_len -= transfer;
> -io->len -= transfer;
> -io->addr += transfer;
> +if (offset & (align - 1)) {
> +head_bytes = offset & (align - 1);
>  
> -s->io_buffer_index += transfer;
> -s->io_buffer_size -= transfer;
> +MACIO_DPRINTF("--- DMA unaligned head: sector %ld, "
> +  "discarding %ld bytes\n", sector_num, head_bytes);
>  
> -if (io->remainder_len != 0) {
> -/* Still waiting for remainder */
> -return;
> -}
> +qemu_iovec_add(&io->iov, &io->remainder, head_bytes);
>  
> -if (io->len == 0) {
> -MACIO_DPRINTF("--- finished all read processing; go and 
> finish\n");
> -cb(opaque, 0);
> -return;
> -}
> +bytes += offset & (align - 1);
> +offset = offset & ~(align - 1);
>  }
>  
> -if (s->drive_kind == IDE_CD) {
> -sector_num = (int64_t)(s->lba << 2) + (s->io_buffer_index >> 9);
> -} else {
> -sector_num = ide_get_sector(s) + (s->io_buffer_index >> 9);
> -}
> +qemu_iovec_add(&io->iov, mem, io->len);
>  
> -nsector = ((io->len + 0x1ff) >> 9);
> -remainder = (nsector << 9) - io->len;
> +if ((offset + bytes) & (align - 1)) {
> +tail_bytes = (offset + bytes) & (align - 1);
>  
> -MACIO_DPRINTF("--- DMA read transfer - addr: %" HWADDR_PRIx " len: %x\n",
> -  io->addr, io->len);
> -
> -dma_addr = io->addr;
> -dma_len = io->len;
> -mem = dma_memory_map(&address_space_memory, dma_addr, &dma_len,
> - DMA_DIRECTION_FROM_DEVICE);
> +MACIO_DPRINTF("--- DMA unaligned tail: sector %ld, "
> +  "discarding bytes %ld\n", sector_num, tail_bytes);
>  
> -if (!remainder) {
> -MACIO_DPRINTF("--- DMA read aligned - addr: %" HWADDR_PRIx
> -  " len: %x\n", io->addr, io->len);
> -qemu_iovec_add(&io->iov, mem, io->len);
> -} else {
> -MACIO_DPRINTF("--- DMA read unaligned - addr: %" HWADDR_PRIx
> -  " len: %x\n", io->addr, io->len);
> -qemu_iovec_add(&io->iov, mem, io->len);
> -
> -MACIO_DPRINTF("--- DMA read push- bounce addr: %p "
> -  "remainder_len: %x\n",
> -  &io->remainder + 0x200 - remainder, remainder);
> -qemu_iovec_add(&io->iov, &io->remainder + 0x200 - remainder,
> -   remainder);
> -
> -io->remainder_len = remainder;
> +qemu_iovec_add(&io->iov, &io->remainder, align - tail_bytes);
> +bytes = ROUND_UP(bytes, align);
>  }
>  
>  s->io_buffer_size -= io->len;
> @@ -137,11 +109,11 @@ static 

[Qemu-devel] [PULL v2 3/8] target-sh4: optimize addc using add2

[Aurelien Jarno]

Signed-off-by: Aurelien Jarno 
---
 target-sh4/translate.c | 14 ++
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/target-sh4/translate.c b/target-sh4/translate.c
index f9bc24c..a7a8f39 100644
--- a/target-sh4/translate.c
+++ b/target-sh4/translate.c
@@ -642,17 +642,15 @@ static void _decode_opc(DisasContext * ctx)
return;
 case 0x300e:   /* addc Rm,Rn */
 {
-TCGv t0, t1;
-t0 = tcg_temp_new();
+TCGv t0, t1, t2;
+t0 = tcg_const_tl(0);
 t1 = tcg_temp_new();
-tcg_gen_add_i32(t0, REG(B7_4), REG(B11_8));
-tcg_gen_add_i32(t1, cpu_sr_t, t0);
-tcg_gen_setcond_i32(TCG_COND_GTU, cpu_sr_t, REG(B11_8), t0);
-tcg_gen_setcond_i32(TCG_COND_GTU, t0, t0, t1);
-tcg_gen_or_i32(cpu_sr_t, cpu_sr_t, t0);
+t2 = tcg_temp_new();
+tcg_gen_add2_i32(t1, t2, REG(B11_8), t0, REG(B7_4), t0);
+tcg_gen_add2_i32(REG(B11_8), cpu_sr_t, t1, t2, cpu_sr_t, t0);
 tcg_temp_free(t0);
-tcg_gen_mov_i32(REG(B11_8), t1);
 tcg_temp_free(t1);
+tcg_temp_free(t2);
 }
return;
 case 0x300f:   /* addv Rm,Rn */
-- 
2.1.4

Re: [Qemu-devel] [PATCH v4 1/2] qga: add additional win32 cflags and libraries

[Paolo Bonzini]

On 02/06/2015 17:30, Kirk Allan wrote:
> I was assuming that if you set _WIN32_WINNT=0x0600 (needed to gain
> access to the OnLinkPrefixLength field when running on Windows
> Vista/2008 and greater) you would also want to set WINVER=0x600 to
> match.  Having WINVER in the flags as both 501 and 600 causes
> configure errors.

Hmm, right.  It gives a "redefined" warning as if you had #define.  And
the warning is fatal.  So

Reviewed-by: Paolo Bonzini 

Paolo

> Testing with _WIN32_WINNT=0x0600 and WINVER=0x501 seems to be ok.

[Qemu-devel] [PULL v2 2/8] target-sh4: Split out T from SR

[Aurelien Jarno]

In preparation for more efficient setting of this field.

Signed-off-by: Aurelien Jarno 
---
 target-sh4/cpu.h   |  14 +++-
 target-sh4/gdbstub.c   |   4 +-
 target-sh4/helper.c|   2 +-
 target-sh4/op_helper.c |  32 ++--
 target-sh4/translate.c | 212 -
 5 files changed, 111 insertions(+), 153 deletions(-)

diff --git a/target-sh4/cpu.h b/target-sh4/cpu.h
index 76fda35..a308c53 100644
--- a/target-sh4/cpu.h
+++ b/target-sh4/cpu.h
@@ -138,7 +138,8 @@ typedef struct CPUSH4State {
 uint32_t flags;/* general execution flags */
 uint32_t gregs[24];/* general registers */
 float32 fregs[32]; /* floating point registers */
-uint32_t sr;   /* status register */
+uint32_t sr;/* status register (with T split out) */
+uint32_t sr_t;  /* T bit of status register */
 uint32_t ssr;  /* saved status register */
 uint32_t spc;  /* saved program counter */
 uint32_t gbr;  /* global base register */
@@ -331,6 +332,17 @@ static inline int cpu_ptel_pr (uint32_t ptel)
 
 #define TB_FLAG_PENDING_MOVCA  (1 << 4)
 
+static inline target_ulong cpu_read_sr(CPUSH4State *env)
+{
+return env->sr | (env->sr_t << SR_T);
+}
+
+static inline void cpu_write_sr(CPUSH4State *env, target_ulong sr)
+{
+env->sr_t = sr & (1u << SR_T);
+env->sr = sr & ~(1u << SR_T);
+}
+
 static inline void cpu_get_tb_cpu_state(CPUSH4State *env, target_ulong *pc,
 target_ulong *cs_base, int *flags)
 {
diff --git a/target-sh4/gdbstub.c b/target-sh4/gdbstub.c
index 05ba728..a365a27 100644
--- a/target-sh4/gdbstub.c
+++ b/target-sh4/gdbstub.c
@@ -51,7 +51,7 @@ int superh_cpu_gdb_read_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 case 21:
 return gdb_get_regl(mem_buf, env->macl);
 case 22:
-return gdb_get_regl(mem_buf, env->sr);
+return gdb_get_regl(mem_buf, cpu_read_sr(env));
 case 23:
 return gdb_get_regl(mem_buf, env->fpul);
 case 24:
@@ -111,7 +111,7 @@ int superh_cpu_gdb_write_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 env->macl = ldl_p(mem_buf);
 break;
 case 22:
-env->sr = ldl_p(mem_buf);
+cpu_write_sr(env, ldl_p(mem_buf));
 break;
 case 23:
 env->fpul = ldl_p(mem_buf);
diff --git a/target-sh4/helper.c b/target-sh4/helper.c
index 1cb0e8d..a533f08 100644
--- a/target-sh4/helper.c
+++ b/target-sh4/helper.c
@@ -162,7 +162,7 @@ void superh_cpu_do_interrupt(CPUState *cs)
 log_cpu_state(cs, 0);
 }
 
-env->ssr = env->sr;
+env->ssr = cpu_read_sr(env);
 env->spc = env->pc;
 env->sgr = env->gregs[15];
 env->sr |= (1u << SR_BL) | (1u << SR_MD) | (1u << SR_RB);
diff --git a/target-sh4/op_helper.c b/target-sh4/op_helper.c
index 6f34292..524d7f6 100644
--- a/target-sh4/op_helper.c
+++ b/target-sh4/op_helper.c
@@ -156,11 +156,11 @@ void helper_ocbi(CPUSH4State *env, uint32_t address)
 }
 }
 
-#define T (env->sr & (1u << SR_T))
+#define T (env->sr_t)
 #define Q (env->sr & (1u << SR_Q) ? 1 : 0)
 #define M (env->sr & (1u << SR_M) ? 1 : 0)
-#define SETT (env->sr |= (1u << SR_T))
-#define CLRT (env->sr &= ~(1u << SR_T))
+#define SETT (env->sr_t = 1)
+#define CLRT (env->sr_t = 0)
 #define SETQ (env->sr |= (1u << SR_Q))
 #define CLRQ (env->sr &= ~(1u << SR_Q))
 #define SETM (env->sr |= (1u << SR_M))
@@ -309,16 +309,6 @@ void helper_macw(CPUSH4State *env, uint32_t arg0, uint32_t 
arg1)
 }
 }
 
-static inline void set_t(CPUSH4State *env)
-{
-env->sr |= (1u << SR_T);
-}
-
-static inline void clr_t(CPUSH4State *env)
-{
-env->sr &= ~(1u << SR_T);
-}
-
 void helper_ld_fpscr(CPUSH4State *env, uint32_t val)
 {
 env->fpscr = val & FPSCR_MASK;
@@ -403,10 +393,8 @@ void helper_fcmp_eq_FT(CPUSH4State *env, float32 t0, 
float32 t1)
 relation = float32_compare(t0, t1, &env->fp_status);
 if (unlikely(relation == float_relation_unordered)) {
 update_fpscr(env, GETPC());
-} else if (relation == float_relation_equal) {
-set_t(env);
 } else {
-clr_t(env);
+env->sr_t = (relation == float_relation_equal);
 }
 }
 
@@ -418,10 +406,8 @@ void helper_fcmp_eq_DT(CPUSH4State *env, float64 t0, 
float64 t1)
 relation = float64_compare(t0, t1, &env->fp_status);
 if (unlikely(relation == float_relation_unordered)) {
 update_fpscr(env, GETPC());
-} else if (relation == float_relation_equal) {
-set_t(env);
 } else {
-clr_t(env);
+env->sr_t = (relation == float_relation_equal);
 }
 }
 
@@ -433,10 +419,8 @@ void helper_fcmp_gt_FT(CPUSH4State *env, float32 t0, 
float32 t1)
 relation = float32_compare(t0, t1, &env->fp_status);
 if (unlikely(relation == float_relation_unordered)) {
 update_fpscr(env, GETPC());
-} else if (relation == float_relation_greater) {
-set_t(env);

[Qemu-devel] [PULL v2 1/8] target-sh4: use bit number for SR constants

[Aurelien Jarno]

Use the bit number for SR constants instead of using a bit mask. This
make possible to also use the constants for shifts.

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-sh4/cpu.c   |  3 +-
 target-sh4/cpu.h   | 30 ++--
 target-sh4/gdbstub.c   |  4 +--
 target-sh4/helper.c| 27 +-
 target-sh4/op_helper.c | 26 -
 target-sh4/translate.c | 75 ++
 6 files changed, 85 insertions(+), 80 deletions(-)

diff --git a/target-sh4/cpu.c b/target-sh4/cpu.c
index d187a2b..cccb14f 100644
--- a/target-sh4/cpu.c
+++ b/target-sh4/cpu.c
@@ -61,7 +61,8 @@ static void superh_cpu_reset(CPUState *s)
 env->fpscr = FPSCR_PR; /* value for userspace according to the kernel */
 set_float_rounding_mode(float_round_nearest_even, &env->fp_status); /* ?! 
*/
 #else
-env->sr = SR_MD | SR_RB | SR_BL | SR_I3 | SR_I2 | SR_I1 | SR_I0;
+env->sr = (1u << SR_MD) | (1u << SR_RB) | (1u << SR_BL) |
+  (1u << SR_I3) | (1u << SR_I2) | (1u << SR_I1) | (1u << SR_I0);
 env->fpscr = FPSCR_DN | FPSCR_RM_ZERO; /* CPU reset value according to SH4 
manual */
 set_float_rounding_mode(float_round_to_zero, &env->fp_status);
 set_flush_to_zero(1, &env->fp_status);
diff --git a/target-sh4/cpu.h b/target-sh4/cpu.h
index c8dea6c..76fda35 100644
--- a/target-sh4/cpu.h
+++ b/target-sh4/cpu.h
@@ -47,18 +47,18 @@
 #define TARGET_PHYS_ADDR_SPACE_BITS 32
 #define TARGET_VIRT_ADDR_SPACE_BITS 32
 
-#define SR_MD (1 << 30)
-#define SR_RB (1 << 29)
-#define SR_BL (1 << 28)
-#define SR_FD (1 << 15)
-#define SR_M  (1 << 9)
-#define SR_Q  (1 << 8)
-#define SR_I3 (1 << 7)
-#define SR_I2 (1 << 6)
-#define SR_I1 (1 << 5)
-#define SR_I0 (1 << 4)
-#define SR_S  (1 << 1)
-#define SR_T  (1 << 0)
+#define SR_MD 30
+#define SR_RB 29
+#define SR_BL 28
+#define SR_FD 15
+#define SR_M  9
+#define SR_Q  8
+#define SR_I3 7
+#define SR_I2 6
+#define SR_I1 5
+#define SR_I0 4
+#define SR_S  1
+#define SR_T  0
 
 #define FPSCR_MASK (0x003f)
 #define FPSCR_FR   (1 << 21)
@@ -234,7 +234,7 @@ void cpu_load_tlb(CPUSH4State * env);
 #define MMU_USER_IDX 1
 static inline int cpu_mmu_index (CPUSH4State *env)
 {
-return (env->sr & SR_MD) == 0 ? 1 : 0;
+return (env->sr & (1u << SR_MD)) == 0 ? 1 : 0;
 }
 
 #include "exec/cpu-all.h"
@@ -339,8 +339,8 @@ static inline void cpu_get_tb_cpu_state(CPUSH4State *env, 
target_ulong *pc,
 *flags = (env->flags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL
 | DELAY_SLOT_TRUE | DELAY_SLOT_CLEARME))   /* Bits  0- 3 */
 | (env->fpscr & (FPSCR_FR | FPSCR_SZ | FPSCR_PR))  /* Bits 19-21 */
-| (env->sr & (SR_MD | SR_RB))  /* Bits 29-30 */
-| (env->sr & SR_FD)/* Bit 15 */
+| (env->sr & ((1u << SR_MD) | (1u << SR_RB)))  /* Bits 29-30 */
+| (env->sr & (1u << SR_FD))/* Bit 15 */
 | (env->movcal_backup ? TB_FLAG_PENDING_MOVCA : 0); /* Bit 4 */
 }
 
diff --git a/target-sh4/gdbstub.c b/target-sh4/gdbstub.c
index df4fa2a..05ba728 100644
--- a/target-sh4/gdbstub.c
+++ b/target-sh4/gdbstub.c
@@ -31,7 +31,7 @@ int superh_cpu_gdb_read_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 
 switch (n) {
 case 0 ... 7:
-if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
+if ((env->sr & (1u << SR_MD)) && (env->sr & (1u << SR_RB))) {
 return gdb_get_regl(mem_buf, env->gregs[n + 16]);
 } else {
 return gdb_get_regl(mem_buf, env->gregs[n]);
@@ -83,7 +83,7 @@ int superh_cpu_gdb_write_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 
 switch (n) {
 case 0 ... 7:
-if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
+if ((env->sr & (1u << SR_MD)) && (env->sr & (1u << SR_RB))) {
 env->gregs[n + 16] = ldl_p(mem_buf);
 } else {
 env->gregs[n] = ldl_p(mem_buf);
diff --git a/target-sh4/helper.c b/target-sh4/helper.c
index 5811360..1cb0e8d 100644
--- a/target-sh4/helper.c
+++ b/target-sh4/helper.c
@@ -93,7 +93,7 @@ void superh_cpu_do_interrupt(CPUState *cs)
 do_exp = cs->exception_index != -1;
 do_irq = do_irq && (cs->exception_index == -1);
 
-if (env->sr & SR_BL) {
+if (env->sr & (1u << SR_BL)) {
 if (do_exp && cs->exception_index != 0x1e0) {
 cs->exception_index = 0x000; /* masked exception -> reset */
 }
@@ -165,7 +165,7 @@ void superh_cpu_do_interrupt(CPUState *cs)
 env->ssr = env->sr;
 env->spc = env->pc;
 env->sgr = env->gregs[15];
-env->sr |= SR_BL | SR_MD | SR_RB;
+env->sr |= (1u << SR_BL) | (1u << SR_MD) | (1u << SR_RB);
 
 if (env->flags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)) {
 /* Branch instruction should be executed again before delay slot. */
@@ -182,7 +182,7 @@ void superh_cpu_do_interrupt(CPUState *cs)
 case 0x000:
  

[Qemu-devel] [PULL v2 6/8] target-sh4: split out Q and M from of SR and optimize div1

[Aurelien Jarno]

Splitting Q and M out of SR, it's possible to optimize div1 by using
TCG code instead of an helper.

At the same time removed the now unused gen_copy_bit_i32 function.

Signed-off-by: Aurelien Jarno 
---
 target-sh4/cpu.h   |  12 +++--
 target-sh4/helper.h|   1 -
 target-sh4/op_helper.c | 118 -
 target-sh4/translate.c |  88 
 4 files changed, 69 insertions(+), 150 deletions(-)

diff --git a/target-sh4/cpu.h b/target-sh4/cpu.h
index a308c53..4a027a6 100644
--- a/target-sh4/cpu.h
+++ b/target-sh4/cpu.h
@@ -139,6 +139,8 @@ typedef struct CPUSH4State {
 uint32_t gregs[24];/* general registers */
 float32 fregs[32]; /* floating point registers */
 uint32_t sr;/* status register (with T split out) */
+uint32_t sr_m;  /* M bit of status register */
+uint32_t sr_q;  /* Q bit of status register */
 uint32_t sr_t;  /* T bit of status register */
 uint32_t ssr;  /* saved status register */
 uint32_t spc;  /* saved program counter */
@@ -334,13 +336,17 @@ static inline int cpu_ptel_pr (uint32_t ptel)
 
 static inline target_ulong cpu_read_sr(CPUSH4State *env)
 {
-return env->sr | (env->sr_t << SR_T);
+return env->sr | (env->sr_m << SR_M) |
+ (env->sr_q << SR_Q) |
+ (env->sr_t << SR_T);
 }
 
 static inline void cpu_write_sr(CPUSH4State *env, target_ulong sr)
 {
-env->sr_t = sr & (1u << SR_T);
-env->sr = sr & ~(1u << SR_T);
+env->sr_m = (sr >> SR_M) & 1;
+env->sr_q = (sr >> SR_Q) & 1;
+env->sr_t = (sr >> SR_T) & 1;
+env->sr = sr & ~((1u << SR_M) | (1u << SR_Q) | (1u << SR_T));
 }
 
 static inline void cpu_get_tb_cpu_state(CPUSH4State *env, target_ulong *pc,
diff --git a/target-sh4/helper.h b/target-sh4/helper.h
index 3b5c436..c9bc407 100644
--- a/target-sh4/helper.h
+++ b/target-sh4/helper.h
@@ -11,7 +11,6 @@ DEF_HELPER_3(movcal, void, env, i32, i32)
 DEF_HELPER_1(discard_movcal_backup, void, env)
 DEF_HELPER_2(ocbi, void, env, i32)
 
-DEF_HELPER_3(div1, i32, env, i32, i32)
 DEF_HELPER_3(macl, void, env, i32, i32)
 DEF_HELPER_3(macw, void, env, i32, i32)
 
diff --git a/target-sh4/op_helper.c b/target-sh4/op_helper.c
index 524d7f6..cbc11ae 100644
--- a/target-sh4/op_helper.c
+++ b/target-sh4/op_helper.c
@@ -156,124 +156,6 @@ void helper_ocbi(CPUSH4State *env, uint32_t address)
 }
 }
 
-#define T (env->sr_t)
-#define Q (env->sr & (1u << SR_Q) ? 1 : 0)
-#define M (env->sr & (1u << SR_M) ? 1 : 0)
-#define SETT (env->sr_t = 1)
-#define CLRT (env->sr_t = 0)
-#define SETQ (env->sr |= (1u << SR_Q))
-#define CLRQ (env->sr &= ~(1u << SR_Q))
-#define SETM (env->sr |= (1u << SR_M))
-#define CLRM (env->sr &= ~(1u << SR_M))
-
-uint32_t helper_div1(CPUSH4State *env, uint32_t arg0, uint32_t arg1)
-{
-uint32_t tmp0, tmp2;
-uint8_t old_q, tmp1 = 0xff;
-
-//printf("div1 arg0=0x%08x arg1=0x%08x M=%d Q=%d T=%d\n", arg0, arg1, M, 
Q, T);
-old_q = Q;
-if ((0x8000 & arg1) != 0)
-   SETQ;
-else
-   CLRQ;
-tmp2 = arg0;
-arg1 <<= 1;
-arg1 |= T;
-switch (old_q) {
-case 0:
-   switch (M) {
-   case 0:
-   tmp0 = arg1;
-   arg1 -= tmp2;
-   tmp1 = arg1 > tmp0;
-   switch (Q) {
-   case 0:
-   if (tmp1)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   case 1:
-   if (tmp1 == 0)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   }
-   break;
-   case 1:
-   tmp0 = arg1;
-   arg1 += tmp2;
-   tmp1 = arg1 < tmp0;
-   switch (Q) {
-   case 0:
-   if (tmp1 == 0)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   case 1:
-   if (tmp1)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   }
-   break;
-   }
-   break;
-case 1:
-   switch (M) {
-   case 0:
-   tmp0 = arg1;
-   arg1 += tmp2;
-   tmp1 = arg1 < tmp0;
-   switch (Q) {
-   case 0:
-   if (tmp1)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   case 1:
-   if (tmp1 == 0)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   }
-   break;
-   case 1:
-   tmp0 = arg1;
-   arg1 -= tmp2;
-   tmp1 = arg1 > tmp0;
-   switch (Q) {
-   case 0:
-   if (tmp1 == 0)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   case 1:
-   if (tmp1)
-   SETQ;

[Qemu-devel] [PULL v2 8/8] target-sh4: remove dead code

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-sh4/translate.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/target-sh4/translate.c b/target-sh4/translate.c
index 31a6947..f0a11a6 100644
--- a/target-sh4/translate.c
+++ b/target-sh4/translate.c
@@ -18,7 +18,6 @@
  */
 
 #define DEBUG_DISAS
-//#define SH4_SINGLE_STEP
 
 #include "cpu.h"
 #include "disas/disas.h"
-- 
2.1.4

[Qemu-devel] [PULL v2 5/8] target-sh4: optimize negc using add2 and sub2

[Aurelien Jarno]

Signed-off-by: Aurelien Jarno 
---
 target-sh4/translate.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/target-sh4/translate.c b/target-sh4/translate.c
index d5b448e..250632a 100644
--- a/target-sh4/translate.c
+++ b/target-sh4/translate.c
@@ -795,12 +795,12 @@ static void _decode_opc(DisasContext * ctx)
return;
 case 0x600a:   /* negc Rm,Rn */
 {
-TCGv t0 = tcg_temp_new();
-tcg_gen_neg_i32(t0, REG(B7_4));
-tcg_gen_sub_i32(REG(B11_8), t0, cpu_sr_t);
-tcg_gen_setcondi_i32(TCG_COND_GTU, cpu_sr_t, t0, 0);
-tcg_gen_setcond_i32(TCG_COND_GTU, t0, REG(B11_8), t0);
-tcg_gen_or_i32(cpu_sr_t, cpu_sr_t, t0);
+TCGv t0 = tcg_const_i32(0);
+tcg_gen_add2_i32(REG(B11_8), cpu_sr_t,
+ REG(B7_4), t0, cpu_sr_t, t0);
+tcg_gen_sub2_i32(REG(B11_8), cpu_sr_t,
+ t0, t0, REG(B11_8), cpu_sr_t);
+tcg_gen_andi_i32(cpu_sr_t, cpu_sr_t, 1);
 tcg_temp_free(t0);
 }
return;
-- 
2.1.4

[Qemu-devel] [PULL v2 4/8] target-sh4: optimize subc using sub2

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-sh4/translate.c | 15 ++-
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/target-sh4/translate.c b/target-sh4/translate.c
index a7a8f39..d5b448e 100644
--- a/target-sh4/translate.c
+++ b/target-sh4/translate.c
@@ -881,18 +881,15 @@ static void _decode_opc(DisasContext * ctx)
 case 0x300a:   /* subc Rm,Rn */
 {
 TCGv t0, t1, t2;
-t0 = tcg_temp_new();
+t0 = tcg_const_tl(0);
 t1 = tcg_temp_new();
-tcg_gen_sub_i32(t1, REG(B11_8), REG(B7_4));
-tcg_gen_sub_i32(t0, t1, cpu_sr_t);
 t2 = tcg_temp_new();
-tcg_gen_setcond_i32(TCG_COND_LTU, t2, REG(B11_8), t1);
-tcg_gen_setcond_i32(TCG_COND_LTU, t1, t1, t0);
-tcg_gen_or_i32(cpu_sr_t, t1, t2);
-tcg_temp_free(t2);
-tcg_temp_free(t1);
-tcg_gen_mov_i32(REG(B11_8), t0);
+tcg_gen_sub2_i32(t1, t2, REG(B11_8), t0, REG(B7_4), t0);
+tcg_gen_sub2_i32(REG(B11_8), cpu_sr_t, t1, t2, cpu_sr_t, t0);
+tcg_gen_andi_i32(cpu_sr_t, cpu_sr_t, 1);
 tcg_temp_free(t0);
+tcg_temp_free(t1);
+tcg_temp_free(t2);
 }
return;
 case 0x300b:   /* subv Rm,Rn */
-- 
2.1.4

[Qemu-devel] [PULL v2 0/8] SH4 patches for upstream

[Aurelien Jarno]

The following changes since commit f5790c3bc81702c98c7ddadedb274758cff8cbe7:

  Revert "target-alpha: Add vector implementation for CMPBGE" (2015-05-22 
12:30:13 +0100)

are available in the git repository at:

  git://git.aurel32.net/qemu.git tags/pull-qemu-sh4-2015-06-02

for you to fetch changes up to ef49c0190dd8ec74f1e8582cbce574d1963ef075:

  target-sh4: remove dead code (2015-06-02 19:38:20 +0200)


sh4 patches for upstream


Aurelien Jarno (8):
  target-sh4: use bit number for SR constants
  target-sh4: Split out T from SR
  target-sh4: optimize addc using add2
  target-sh4: optimize subc using sub2
  target-sh4: optimize negc using add2 and sub2
  target-sh4: split out Q and M from of SR and optimize div1
  target-sh4: factorize fmov implementation
  target-sh4: remove dead code

 target-sh4/cpu.c   |   3 +-
 target-sh4/cpu.h   |  50 +---
 target-sh4/gdbstub.c   |   8 +-
 target-sh4/helper.c|  29 ++---
 target-sh4/helper.h|   1 -
 target-sh4/op_helper.c | 148 +-
 target-sh4/translate.c | 325 -
 7 files changed, 217 insertions(+), 347 deletions(-)

-- 
2.1.4

[Qemu-devel] [PULL v2 7/8] target-sh4: factorize fmov implementation

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-sh4/translate.c | 18 ++
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/target-sh4/translate.c b/target-sh4/translate.c
index 6031d91..31a6947 100644
--- a/target-sh4/translate.c
+++ b/target-sh4/translate.c
@@ -1011,24 +1011,18 @@ static void _decode_opc(DisasContext * ctx)
return;
 case 0xf00b: /* fmov {F,D,X}Rm,@-Rn - FPSCR: Nothing */
CHECK_FPU_ENABLED
+const int fr = XREG(B7_4);
+TCGv addr = tcg_temp_new_i32();
+tcg_gen_subi_i32(addr, REG(B11_8), 4);
 if (ctx->flags & FPSCR_SZ) {
-   TCGv addr = tcg_temp_new_i32();
-   int fr = XREG(B7_4);
-   tcg_gen_subi_i32(addr, REG(B11_8), 4);
 tcg_gen_qemu_st_i32(cpu_fregs[fr+1], addr, ctx->memidx, MO_TEUL);
tcg_gen_subi_i32(addr, addr, 4);
 tcg_gen_qemu_st_i32(cpu_fregs[fr], addr, ctx->memidx, MO_TEUL);
-   tcg_gen_mov_i32(REG(B11_8), addr);
-   tcg_temp_free(addr);
} else {
-   TCGv addr;
-   addr = tcg_temp_new_i32();
-   tcg_gen_subi_i32(addr, REG(B11_8), 4);
-tcg_gen_qemu_st_i32(cpu_fregs[FREG(B7_4)], addr,
-ctx->memidx, MO_TEUL);
-   tcg_gen_mov_i32(REG(B11_8), addr);
-   tcg_temp_free(addr);
+tcg_gen_qemu_st_i32(cpu_fregs[fr], addr, ctx->memidx, MO_TEUL);
}
+tcg_gen_mov_i32(REG(B11_8), addr);
+tcg_temp_free(addr);
return;
 case 0xf006: /* fmov @(R0,Rm),{F,D,X}Rm - FPSCR: Nothing */
CHECK_FPU_ENABLED
-- 
2.1.4

[Qemu-devel] [PULL 5/5] arch_init: Drop target-x86_64.conf

[Eduardo Habkost]

From: Ikey Doherty 

The target-x86_64.conf sysconfig file has been empty and essentially ignored
now for several years. This change removes the unused file to enable moving
towards a stateless configuration.

Signed-off-by: Ikey Doherty 
Acked-by: Paolo Bonzini 
Reviewed-by: Eduardo Habkost 
Signed-off-by: Eduardo Habkost 
---
 Makefile | 7 +--
 arch_init.c  | 1 -
 sysconfigs/target/target-x86_64.conf | 0
 3 files changed, 1 insertion(+), 7 deletions(-)
 delete mode 100644 sysconfigs/target/target-x86_64.conf

diff --git a/Makefile b/Makefile
index d945804..2d52536 100644
--- a/Makefile
+++ b/Makefile
@@ -389,13 +389,8 @@ ifneq (,$(findstring qemu-ga,$(TOOLS)))
 endif
 endif
 
-install-confdir:
-   $(INSTALL_DIR) "$(DESTDIR)$(qemu_confdir)"
 
-install-sysconfig: install-datadir install-confdir
-   $(INSTALL_DATA) $(SRC_PATH)/sysconfigs/target/target-x86_64.conf 
"$(DESTDIR)$(qemu_confdir)"
-
-install: all $(if $(BUILD_DOCS),install-doc) install-sysconfig \
+install: all $(if $(BUILD_DOCS),install-doc) \
 install-datadir install-localstatedir
 ifneq ($(TOOLS),)
$(call install-prog,$(TOOLS),$(DESTDIR)$(bindir))
diff --git a/arch_init.c b/arch_init.c
index 23d3feb..b5d90a4 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -136,7 +136,6 @@ static struct defconfig_file {
 bool userconfig;
 } default_config_files[] = {
 { CONFIG_QEMU_CONFDIR "/qemu.conf",   true },
-{ CONFIG_QEMU_CONFDIR "/target-" TARGET_NAME ".conf", true },
 { NULL }, /* end of list */
 };
 
diff --git a/sysconfigs/target/target-x86_64.conf 
b/sysconfigs/target/target-x86_64.conf
deleted file mode 100644
index e69de29..000
-- 
2.1.0

[Qemu-devel] [PULL 3/5] apic: convert ->busdev.qdev casts to C casts

[Eduardo Habkost]

From: Zhu Guihua 

Use C casts to avoid accessing ICCDevice's qdev field
directly.

Signed-off-by: Zhu Guihua 
Reviewed-by: Igor Mammedov 
Reviewed-by: Andreas Färber 
Acked-by: Andreas Färber 
Signed-off-by: Eduardo Habkost 
---
 hw/intc/apic.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/hw/intc/apic.c b/hw/intc/apic.c
index 0f97b47..77b639c 100644
--- a/hw/intc/apic.c
+++ b/hw/intc/apic.c
@@ -370,13 +370,14 @@ static int apic_irq_pending(APICCommonState *s)
 static void apic_update_irq(APICCommonState *s)
 {
 CPUState *cpu;
+DeviceState *dev = (DeviceState *)s;
 
 cpu = CPU(s->cpu);
 if (!qemu_cpu_is_self(cpu)) {
 cpu_interrupt(cpu, CPU_INTERRUPT_POLL);
 } else if (apic_irq_pending(s) > 0) {
 cpu_interrupt(cpu, CPU_INTERRUPT_HARD);
-} else if (!apic_accept_pic_intr(&s->busdev.qdev) || 
!pic_get_output(isa_pic)) {
+} else if (!apic_accept_pic_intr(dev) || !pic_get_output(isa_pic)) {
 cpu_reset_interrupt(cpu, CPU_INTERRUPT_HARD);
 }
 }
@@ -549,10 +550,12 @@ static void apic_deliver(DeviceState *dev, uint8_t dest, 
uint8_t dest_mode,
 
 static bool apic_check_pic(APICCommonState *s)
 {
-if (!apic_accept_pic_intr(&s->busdev.qdev) || !pic_get_output(isa_pic)) {
+DeviceState *dev = (DeviceState *)s;
+
+if (!apic_accept_pic_intr(dev) || !pic_get_output(isa_pic)) {
 return false;
 }
-apic_deliver_pic_intr(&s->busdev.qdev, 1);
+apic_deliver_pic_intr(dev, 1);
 return true;
 }
 
-- 
2.1.0

[Qemu-devel] [PULL 1/5] pc: Ensure non-zero CPU ref count after attaching to ICC bus

[Eduardo Habkost]

From: Andreas Färber 

Setting the parent bus of a device increases its ref count, which we
ultimately want to level out. However it is only safe to do so after the
last reference to the device in local code, as qom-set or similar operations
might decrease the ref count.

Therefore move the object_unref() from pc_new_cpu() into its callers.

The APIC operations on the last CPU in pc_cpus_init() are still potentially
insecure, but that is beyond the scope of this code movement.

Signed-off-by: Andreas Färber 
Acked-by: Michael S. Tsirkin 
Reviewed-by: Eduardo Habkost 
Signed-off-by: Eduardo Habkost 
---
 hw/i386/pc.c | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 1eb1db0..9c4d0ea 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1006,7 +1006,6 @@ static X86CPU *pc_new_cpu(const char *cpu_model, int64_t 
apic_id,
 }
 
 qdev_set_parent_bus(DEVICE(cpu), qdev_get_child_bus(icc_bridge, "icc"));
-object_unref(OBJECT(cpu));
 
 object_property_set_int(OBJECT(cpu), apic_id, "apic-id", &local_err);
 object_property_set_bool(OBJECT(cpu), true, "realized", &local_err);
@@ -1025,7 +1024,9 @@ static const char *current_cpu_model;
 void pc_hot_add_cpu(const int64_t id, Error **errp)
 {
 DeviceState *icc_bridge;
+X86CPU *cpu;
 int64_t apic_id = x86_cpu_apic_id_from_index(id);
+Error *local_err = NULL;
 
 if (id < 0) {
 error_setg(errp, "Invalid CPU id: %" PRIi64, id);
@@ -1053,7 +1054,12 @@ void pc_hot_add_cpu(const int64_t id, Error **errp)
 
 icc_bridge = DEVICE(object_resolve_path_type("icc-bridge",
  TYPE_ICC_BRIDGE, NULL));
-pc_new_cpu(current_cpu_model, apic_id, icc_bridge, errp);
+cpu = pc_new_cpu(current_cpu_model, apic_id, icc_bridge, &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+object_unref(OBJECT(cpu));
 }
 
 void pc_cpus_init(const char *cpu_model, DeviceState *icc_bridge)
@@ -1087,6 +1093,7 @@ void pc_cpus_init(const char *cpu_model, DeviceState 
*icc_bridge)
 error_report_err(error);
 exit(1);
 }
+object_unref(OBJECT(cpu));
 }
 
 /* map APIC MMIO area if CPU has APIC */
-- 
2.1.0

[Qemu-devel] [PULL 4/5] target-i386: Register QOM properties for feature flags

[Eduardo Habkost]

This uses the feature name arrays to register QOM properties for feature
flags. This simply adds properties that can be configured using -global,
but doesn't change x86_cpu_parse_featurestr() to use them yet.

Reviewed-by: Igor Mammedov 
Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 122 ++
 1 file changed, 122 insertions(+)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 3305e09..99ad551 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2841,12 +2841,126 @@ out:
 }
 }
 
+typedef struct BitProperty {
+uint32_t *ptr;
+uint32_t mask;
+} BitProperty;
+
+static void x86_cpu_get_bit_prop(Object *obj,
+ struct Visitor *v,
+ void *opaque,
+ const char *name,
+ Error **errp)
+{
+BitProperty *fp = opaque;
+bool value = (*fp->ptr & fp->mask) == fp->mask;
+visit_type_bool(v, &value, name, errp);
+}
+
+static void x86_cpu_set_bit_prop(Object *obj,
+ struct Visitor *v,
+ void *opaque,
+ const char *name,
+ Error **errp)
+{
+DeviceState *dev = DEVICE(obj);
+BitProperty *fp = opaque;
+Error *local_err = NULL;
+bool value;
+
+if (dev->realized) {
+qdev_prop_set_after_realize(dev, name, errp);
+return;
+}
+
+visit_type_bool(v, &value, name, &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+
+if (value) {
+*fp->ptr |= fp->mask;
+} else {
+*fp->ptr &= ~fp->mask;
+}
+}
+
+static void x86_cpu_release_bit_prop(Object *obj, const char *name,
+ void *opaque)
+{
+BitProperty *prop = opaque;
+g_free(prop);
+}
+
+/* Register a boolean property to get/set a single bit in a uint32_t field.
+ *
+ * The same property name can be registered multiple times to make it affect
+ * multiple bits in the same FeatureWord. In that case, the getter will return
+ * true only if all bits are set.
+ */
+static void x86_cpu_register_bit_prop(X86CPU *cpu,
+  const char *prop_name,
+  uint32_t *field,
+  int bitnr)
+{
+BitProperty *fp;
+ObjectProperty *op;
+uint32_t mask = (1UL << bitnr);
+
+op = object_property_find(OBJECT(cpu), prop_name, NULL);
+if (op) {
+fp = op->opaque;
+assert(fp->ptr == field);
+fp->mask |= mask;
+} else {
+fp = g_new0(BitProperty, 1);
+fp->ptr = field;
+fp->mask = mask;
+object_property_add(OBJECT(cpu), prop_name, "bool",
+x86_cpu_get_bit_prop,
+x86_cpu_set_bit_prop,
+x86_cpu_release_bit_prop, fp, &error_abort);
+}
+}
+
+static void x86_cpu_register_feature_bit_props(X86CPU *cpu,
+   FeatureWord w,
+   int bitnr)
+{
+Object *obj = OBJECT(cpu);
+int i;
+char **names;
+FeatureWordInfo *fi = &feature_word_info[w];
+
+if (!fi->feat_names) {
+return;
+}
+if (!fi->feat_names[bitnr]) {
+return;
+}
+
+names = g_strsplit(fi->feat_names[bitnr], "|", 0);
+
+feat2prop(names[0]);
+x86_cpu_register_bit_prop(cpu, names[0], &cpu->env.features[w], bitnr);
+
+for (i = 1; names[i]; i++) {
+feat2prop(names[i]);
+object_property_add_alias(obj, names[i], obj, g_strdup(names[0]),
+  &error_abort);
+}
+
+g_strfreev(names);
+}
+
 static void x86_cpu_initfn(Object *obj)
 {
 CPUState *cs = CPU(obj);
 X86CPU *cpu = X86_CPU(obj);
 X86CPUClass *xcc = X86_CPU_GET_CLASS(obj);
 CPUX86State *env = &cpu->env;
+FeatureWord w;
 static int inited;
 
 cs->env_ptr = env;
@@ -2887,6 +3001,14 @@ static void x86_cpu_initfn(Object *obj)
 cpu->apic_id = -1;
 #endif
 
+for (w = 0; w < FEATURE_WORDS; w++) {
+int bitnr;
+
+for (bitnr = 0; bitnr < 32; bitnr++) {
+x86_cpu_register_feature_bit_props(cpu, w, bitnr);
+}
+}
+
 x86_cpu_load_def(cpu, xcc->cpu_def, &error_abort);
 
 /* init various static tables used in TCG mode */
-- 
2.1.0

[Qemu-devel] [PULL 0/5] X86 queue 2015-06-02

[Eduardo Habkost]

The following changes since commit 42d58e7c6760cb9c55627c28ae538e27dcf2f144:

  Merge remote-tracking branch 'remotes/sstabellini/tags/xen-15-06-02-tag' into 
staging (2015-06-02 16:47:31 +0100)

are available in the git repository at:

  git://github.com/ehabkost/qemu.git tags/x86-pull-request

for you to fetch changes up to 1b93c9a1040b3c12320cf55c6284882a2e6e8ff3:

  arch_init: Drop target-x86_64.conf (2015-06-02 15:15:52 -0300)


X86 queue 2015-06-02



Andreas Färber (1):
  pc: Ensure non-zero CPU ref count after attaching to ICC bus

Eduardo Habkost (2):
  target-i386: Fix signedness of MSR_IA32_APICBASE_BASE
  target-i386: Register QOM properties for feature flags

Ikey Doherty (1):
  arch_init: Drop target-x86_64.conf

Zhu Guihua (1):
  apic: convert ->busdev.qdev casts to C casts

 Makefile |   7 +-
 arch_init.c  |   1 -
 hw/i386/pc.c |  11 +++-
 hw/intc/apic.c   |   9 ++-
 sysconfigs/target/target-x86_64.conf |   0
 target-i386/cpu.c| 122 +++
 target-i386/cpu.h|   2 +-
 7 files changed, 139 insertions(+), 13 deletions(-)
 delete mode 100644 sysconfigs/target/target-x86_64.conf

-- 
2.1.0

[Qemu-devel] [PULL 2/5] target-i386: Fix signedness of MSR_IA32_APICBASE_BASE

[Eduardo Habkost]

Existing definition triggers the following when using clang
-fsanitize=undefined:

hw/intc/apic_common.c:314:55: runtime error: left shift of 1048575 by 12
places cannot be represented in type 'int'

Fix it so we won't try to shift a 1 to the sign bit of a signed integer.

Suggested-by: Peter Maydell 
Reviewed-by: Igor Mammedov 
Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index 4ee12ca..26182bd 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -305,7 +305,7 @@
 #define MSR_IA32_APICBASE   0x1b
 #define MSR_IA32_APICBASE_BSP   (1<<8)
 #define MSR_IA32_APICBASE_ENABLE(1<<11)
-#define MSR_IA32_APICBASE_BASE  (0xf<<12)
+#define MSR_IA32_APICBASE_BASE  (0xfU<<12)
 #define MSR_IA32_FEATURE_CONTROL0x003a
 #define MSR_TSC_ADJUST  0x003b
 #define MSR_IA32_TSCDEADLINE0x6e0
-- 
2.1.0

[Qemu-devel] [PATCH v3 2/4] iotests: Add dependency info to groups list

[John Snow]

Add a few external dependency groups to the iotests groups list,
such as "qemu", "nbd", and "scm".

This will assist us in knowing which tests need to be re-run
when those dependencies are updated, or by helping us to avoid
tests that we know are broken for a certain file.

qemu-img and qemu-io are so ubiquitous that it's not worth
amending this information to the groups file.

Reviewed-by: Fam Zheng 
Signed-off-by: John Snow 
---
 tests/qemu-iotests/group | 70 +---
 1 file changed, 37 insertions(+), 33 deletions(-)

diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index 0b817ca..745021d 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -3,9 +3,13 @@
 # Defines test groups
 # - do not start group names with a digit
 #
-
+# External dependency groups:
+# qemu Relies on the qemu binary.
+# nbd  Relies on the qemu-nbd binary.
+# scm  Relies on the socket scm helper binary.
 #
-# test-group association ... one line per test
+# Format, one line per test:
+# nnn [GROUP]...
 #
 001 rw auto quick
 002 rw auto quick
@@ -13,7 +17,7 @@
 004 rw auto quick
 005 img auto quick
 # 006 was removed, do not reuse
-007 snapshot auto
+007 snapshot auto qemu
 008 rw auto quick
 009 rw auto quick
 010 rw auto quick
@@ -34,9 +38,9 @@
 025 rw auto quick
 026 rw blkdbg auto
 027 rw auto quick
-028 rw backing auto quick
+028 rw backing auto quick qemu
 029 rw auto quick
-030 rw auto backing
+030 rw auto backing qemu
 031 rw auto quick
 032 rw auto quick
 033 rw auto quick
@@ -46,38 +50,38 @@
 037 rw auto backing quick
 038 rw auto backing quick
 039 rw auto quick
-040 rw auto
-041 rw auto backing
+040 rw auto qemu
+041 rw auto backing qemu
 042 rw auto quick
 043 rw auto backing
 044 rw auto
-045 rw auto quick
+045 rw auto quick scm qemu
 046 rw auto aio quick
 047 rw auto quick
 048 img auto quick
 049 rw auto
 050 rw auto backing quick
-051 rw auto
+051 rw auto qemu
 052 rw auto backing quick
 053 rw auto quick
 054 rw auto quick
-055 rw auto
-056 rw auto backing
-057 rw auto
-058 rw auto quick
+055 rw auto qemu
+056 rw auto backing qemu
+057 rw auto qemu
+058 rw auto quick nbd
 059 rw auto quick
 060 rw auto quick
 061 rw auto
 062 rw auto quick
 063 rw auto quick
 064 rw auto quick
-065 rw auto quick
+065 rw auto quick qemu
 066 rw auto quick
-067 rw auto quick
-068 rw auto quick
+067 rw auto quick qemu
+068 rw auto quick qemu
 069 rw auto quick
 070 rw auto quick
-071 rw auto quick
+071 rw auto quick qemu
 072 rw auto quick
 073 rw auto quick
 074 rw auto quick
@@ -87,46 +91,46 @@
 078 rw auto quick
 079 rw auto
 080 rw auto
-081 rw auto quick
+081 rw auto quick qemu
 082 rw auto quick
-083 rw auto
+083 rw auto nbd
 084 img auto quick
-085 rw auto
+085 rw auto qemu
 086 rw auto quick
-087 rw auto quick
+087 rw auto quick qemu
 088 rw auto quick
 089 rw auto quick
 090 rw auto quick
-091 rw auto
+091 rw auto qemu
 092 rw auto quick
-093 auto
-094 rw auto quick
-095 rw auto quick
+093 auto qemu
+094 rw auto quick qemu nbd
+095 rw auto quick qemu
 097 rw auto backing
 098 rw auto backing quick
-099 rw auto quick
+099 rw auto quick qemu
 100 rw auto quick
 101 rw auto quick
-102 rw auto quick
+102 rw auto quick qemu
 103 rw auto quick
 104 rw auto
 105 rw auto quick
 107 rw auto quick
 108 rw auto quick
-109 rw auto
+109 rw auto qemu
 110 rw auto backing quick
 111 rw auto quick
 112 rw auto
-113 rw auto quick
+113 rw auto quick nbd
 114 rw auto quick
 115 rw auto
 116 rw auto quick
 121 rw auto
 122 rw auto
-123 rw auto quick
-124 rw auto backing
+123 rw auto quick nbd
+124 rw auto backing qemu
 128 rw auto quick
-129 rw auto quick
-130 rw auto quick
+129 rw auto quick qemu
+130 rw auto quick qemu
 131 rw auto quick
 134 rw auto quick
-- 
2.1.0

[Qemu-devel] [PATCH v3 1/4] iotests: fix exclusion option

[John Snow]

If you are running out-of-tree, the -x option to exclude
a certain iotest is broken.

Replace porcelain usage of ls with a sturdier awk command.

Signed-off-by: John Snow 
---
 tests/qemu-iotests/common | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common
index 1030aaf..84b6f16 100644
--- a/tests/qemu-iotests/common
+++ b/tests/qemu-iotests/common
@@ -83,7 +83,8 @@ s/ .*//p
 elif $xgroup
 then
 # arg after -x
-[ ! -s $tmp.list ] && ls [0-9][0-9][0-9] [0-9][0-9][0-9][0-9] 
>$tmp.list 2>/dev/null
+# Populate $tmp.list with all tests
+awk '/^[0-9]{3,}/ {print $1}' "${source_iotests}/group" > $tmp.list 
2>/dev/null
 group_list=`sed -n <"$source_iotests/group" -e 's/$/ /' -e 
"/^[0-9][0-9][0-9].* $r /"'{
 s/ .*//p
 }'`
-- 
2.1.0

[Qemu-devel] [PATCH v3 4/4] iotests: clarify help text

[John Snow]

Split the help text to highlight the groups of options
a little better, carving out a clear "format" and
"protocols" section.

Reviewed-by: Fam Zheng 
Signed-off-by: John Snow 
---
 tests/qemu-iotests/common | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common
index 395c28c..edfc434 100644
--- a/tests/qemu-iotests/common
+++ b/tests/qemu-iotests/common
@@ -136,7 +136,7 @@ common options
 -v  verbose
 -d  debug
 
-check options
+image format options
 -rawtest raw (default)
 -bochs  test bochs
 -cloop  test cloop
@@ -148,6 +148,8 @@ check options
 -vpctest vpc
 -vhdx   test vhdx
 -vmdk   test vmdk
+
+image protocol options
 -file   test file (default)
 -rbdtest rbd
 -sheepdog   test sheepdog
@@ -155,6 +157,8 @@ check options
 -sshtest ssh
 -nfstest nfs
 -archipelagotest archipelago
+
+other options
 -xdiff  graphical mode diff
 -nocacheuse O_DIRECT on backing file
 -misalign   misalign memory allocations
-- 
2.1.0

[Qemu-devel] [PATCH v3 3/4] iotests: add timestamp skip feature

[John Snow]

Like a makefile, try to skip tests if we know they have already been
executed using the current set of external dependencies.

If a user passes the -ts option to ./check, if a test or its output
or its dependencies (qemu, qemu-nbd, qemu-io, qemu-img,
socket-scm-helper) have been modified, the test will be skipped.

This is primarily to speed up running bisectability tests for larger
series where each interim patch may or may not change all of the
dependencies, so some tests can be skipped.

Reviewed-by: Fam Zheng 
Signed-off-by: John Snow 
---
 tests/qemu-iotests/check  | 56 ++-
 tests/qemu-iotests/common |  6 +
 2 files changed, 61 insertions(+), 1 deletion(-)

diff --git a/tests/qemu-iotests/check b/tests/qemu-iotests/check
index 1fa6319..800c7b0 100755
--- a/tests/qemu-iotests/check
+++ b/tests/qemu-iotests/check
@@ -141,6 +141,51 @@ _timestamp()
 echo -n " [$now]"
 }
 
+_okfile()
+{
+echo "ts/${IMGPROTO}/${IMGFMT}/${1}.ok"
+}
+
+# _hasdep  
+_hasdep()
+{
+grep -q "^${1}.*${2}" "${source_iotests}/group"
+}
+
+# _skippable 
+_skippable()
+{
+tsfile=$(_okfile "${1}")
+deps=(${QEMU_IMG} \
+  ${QEMU_IO} \
+  "${source_iotests}/${1}" \
+  "${source_iotests}/${1}.out" \
+  "${source_iotests}/common" \
+  "${source_iotests}/common.rc" \
+  "${source_iotests}/common.env" \
+  "${source_iotests}/common.config")
+
+if _hasdep "${1}" "scm"; then
+deps+=("${SOCKET_SCM_HELPER}")
+fi
+
+if _hasdep "${1}" "nbd" || [ "$IMGPROTO" = "nbd" ]; then
+deps+=("${QEMU_NBD}")
+fi
+
+if _hasdep "${1}" "qemu"; then
+deps+=("${QEMU}")
+fi
+
+if [ ! -e "${tsfile}" ]; then return 1; fi
+for dep in "${deps[@]}"; do
+if [ "${tsfile}" -ot "${dep}" ]; then return 1; fi
+done
+
+# Looks skippable, .ok file is newer than all external dependencies.
+return 0
+}
+
 _wrapup()
 {
 # for hangcheck ...
@@ -268,6 +313,10 @@ do
 echo " - expunged"
 rm -f $seq.out.bad
 echo "/^$seq\$/d" >>$tmp.expunged
+
+elif [ "${ts_skip}" == "true" ] && _skippable "${seq}"; then
+echo " [skip] (Results are recent)"
+
 elif [ ! -f "$source_iotests/$seq" ]
 then
 echo " - no such test?"
@@ -275,7 +324,8 @@ do
 else
 # really going to try and run this one
 #
-rm -f $seq.out.bad
+tsfile="$(_okfile ${seq})"
+rm -f $seq.out.bad "${tsfile}"
 lasttime=`sed -n -e "/^$seq /s/.* //p" >$tmp.time
 fi
 else
diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common
index 84b6f16..395c28c 100644
--- a/tests/qemu-iotests/common
+++ b/tests/qemu-iotests/common
@@ -163,6 +163,8 @@ check options
 -T  output timestamps
 -r  randomize test order
 -c mode cache mode
+-ts timestamp skip: skip tests when already ran and
+   no dependencies have changed on disk.
 
 testlist options
 -g group[,group...]include tests from these groups
@@ -321,6 +323,10 @@ testlist options
 xpand=false
 ;;
 
+-ts)
+ts_skip=true
+xpand=false
+;;
 -v)
 verbose=true
 xpand=false
-- 
2.1.0

[Qemu-devel] [PATCH v3 0/4] iotests: skip tests with unchanged dependencies

[John Snow]

This patchset is a little off the beaten path, but:

Add the ability to skip tests that have already been run whose external
dependencies have remained unchanged since the last test run.

This is useful for, say, re-running a test set to see if a failure was
a one-off or is reproducible by just re-running the last command, which
will skip all the tests that completed, but hitting all the ones that
failed or were not run.

It's also useful for testing patchsets for publication against bisect
problems by only running tests after each patch that have changed anything
worth testing -- for instance, a patch that only changes documentation
is not going to change any of the binaries, so we can skip a large swath
of tests here.

The new feature is, of course, optional and can be invoked with -ts.

===
v3:
===

- Fixed commit message for patch 1 (s/grep/awk/)
- Added a pinch of dependency group documentation to patch 2

===
v2:
===

- Replaced grep script for awk in patch 1
- Added qemu dependency in patch 2

==
For convenience, this branch is available at:
https://github.com/jnsnow/qemu.git branch ch3ck
https://github.com/jnsnow/qemu/tree/ch3ck

This version is tagged ch3ck-v3:
https://github.com/jnsnow/qemu/releases/tag/ch3ck-v3
==

John Snow (4):
  iotests: fix exclusion option
  iotests: Add dependency info to groups list
  iotests: add timestamp skip feature
  iotests: clarify help text

 tests/qemu-iotests/check  | 56 -
 tests/qemu-iotests/common | 15 --
 tests/qemu-iotests/group  | 70 +--
 3 files changed, 105 insertions(+), 36 deletions(-)

-- 
2.1.0

Re: [Qemu-devel] [Qemu-block] [PATCH] sheepdog: Fix error message if failed to load vmstate

[John Snow]

On 06/02/2015 06:26 AM, Fam Zheng wrote:
> On Tue, 06/02 13:16, Michael Tokarev wrote:
>> 02.06.2015 12:32, Fam Zheng wrote:
>>>  if (ret < 0) {
>>> -error_report("failed to save vmstate %s", strerror(errno));
>>> +if (load) {
>>> +error_report("failed to load vmstate %s", strerror(errno));
>>> +} else {
>>> +error_report("failed to save vmstate %s", strerror(errno));
>>> +}
>>
>>  +error_report("failed to %s vmstate: %s", load ? "load" : 
>> "save", strerror(errno));
> 
> The reason I didn't use a one-liner was, "git grep 'failed to load vmstate'"
> in the code base would just work, besides my eyes also like the readability.
> 

+1, Error messages should be kept on one line and intact where possible
and convenient. Greppable code is happy code.

>>
>> (note also the addition of ":")
> 
> Yes that applies to all error_report() in this file.
> 
>> (besides what Kevin said).
>>
>> Thanks,
> 
> Thanks,
> 
> Fam
> 

Re: [Qemu-devel] [edk2] NVMe question

[Keith Busch]

Hi,

On Tue, 2 Jun 2015, Laszlo Ersek wrote:

removed the nonzero initialization of Cc.Iosqes (submission queue size?)
and Cc.Iocqes (completion queue size?) in function
NvmeEnableController(). And the removal of these field initializations
seems to cause the early sanity check in QEMU's nvme_start_ctrl() to
fail -- my guess at least.

The question is now if QEMU is right (according to the NVMe spec) to
require those fields, or if edk2 is right not to initialize them.


The host driver definitely needs to initialize these for the device to
understand the queue's entry sizes. Without proper values, it would have
no idea how much memory a queue occupies. If you have a real device that
ignores these, it's breaking spec.

Re: [Qemu-devel] [PATCH] Add .dir-locals.el file to configure emacs coding style

[John Snow]

On 06/02/2015 12:02 PM, Eric Blake wrote:
> On 06/02/2015 09:26 AM, Daniel P. Berrange wrote:
>> The default emacs setup indents by 2 spaces and uses tabs
>> which is counter to the QEMU coding style rules. Adding a
>> .dir-locals.el file in the top level of the GIT repo will
>> inform emacs about the QEMU coding style, and so assist
>> contributors in avoiding common style mistakes before
>> they submit patches.
>>
>> Signed-off-by: Daniel P. Berrange 
>> ---
>>  .dir-locals.el | 8 
>>  1 file changed, 8 insertions(+)
>>  create mode 100644 .dir-locals.el
> 
> Since we already have .exrc to do the same for vim users, I'm all in
> favor of this.
> 

+1

> Reviewed-by: Eric Blake 
> 

Reviewed-by: John Snow 

Re: [Qemu-devel] [PATCH v2 01/17] mips jazz: compile only in 64 bit little endian

[Aurelien Jarno]

On 2015-06-02 20:04, Hervé Poussineau wrote:
> Le 02/06/2015 13:02, Aurelien Jarno a écrit :
> >On 2015-05-27 14:19, Hervé Poussineau wrote:
> >>Remove now useless device models from other MIPS configurations
> >>
> >>We're now compiling 18 files less than before.
> >>
> >>Signed-off-by: Hervé Poussineau 
> >>---
> >>  default-configs/mips-softmmu.mak | 5 -
> >>  default-configs/mips64-softmmu.mak   | 5 -
> >>  default-configs/mips64el-softmmu.mak | 1 +
> >>  default-configs/mipsel-softmmu.mak   | 5 -
> >>  hw/mips/Makefile.objs| 3 ++-
> >>  hw/mips/mips_jazz.c  | 5 -
> >>  tests/endianness-test.c  | 4 
> >>  7 files changed, 3 insertions(+), 25 deletions(-)
> >>
> >>diff --git a/default-configs/mips-softmmu.mak 
> >>b/default-configs/mips-softmmu.mak
> >>index cce2c81..f62a21a 100644
> >>--- a/default-configs/mips-softmmu.mak
> >>+++ b/default-configs/mips-softmmu.mak
> >>@@ -21,14 +21,9 @@ CONFIG_PIIX4=y
> >>  CONFIG_IDE_ISA=y
> >>  CONFIG_IDE_PIIX=y
> >>  CONFIG_NE2000_ISA=y
> >>-CONFIG_RC4030=y
> >>-CONFIG_DP8393X=y
> >>-CONFIG_DS1225Y=y
> >>  CONFIG_MIPSNET=y
> >>  CONFIG_PFLASH_CFI01=y
> >>-CONFIG_G364FB=y
> >>  CONFIG_I8259=y
> >>-CONFIG_JAZZ_LED=y
> >>  CONFIG_MC146818RTC=y
> >>  CONFIG_ISA_TESTDEV=y
> >>  CONFIG_EMPTY_SLOT=y
> >>diff --git a/default-configs/mips64-softmmu.mak 
> >>b/default-configs/mips64-softmmu.mak
> >>index 7a88a08..accedca 100644
> >>--- a/default-configs/mips64-softmmu.mak
> >>+++ b/default-configs/mips64-softmmu.mak
> >>@@ -21,14 +21,9 @@ CONFIG_PIIX4=y
> >>  CONFIG_IDE_ISA=y
> >>  CONFIG_IDE_PIIX=y
> >>  CONFIG_NE2000_ISA=y
> >>-CONFIG_RC4030=y
> >>-CONFIG_DP8393X=y
> >>-CONFIG_DS1225Y=y
> >>  CONFIG_MIPSNET=y
> >>  CONFIG_PFLASH_CFI01=y
> >>-CONFIG_G364FB=y
> >>  CONFIG_I8259=y
> >>-CONFIG_JAZZ_LED=y
> >>  CONFIG_MC146818RTC=y
> >>  CONFIG_ISA_TESTDEV=y
> >>  CONFIG_EMPTY_SLOT=y
> >
> >TTBOMK, MIPS Magnum machines are dual endian, so why remove the 64-bit
> >big endian version?
> >
> >On the other hand, I am all for removing the 32-bit versions.
> >
> 
> Yes, MIPS Magnum are dual endian. However, they always start in little-endian 
> mode, and firmware switches CPU to big-endian if required.
> If you prefer that I keep the 64 bit big-endian variant, I can do it.

I guess QEMU doesn't support the endian switch, so we have to keep the
two versions so that people can use either a little or a big endian
guest.

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PATCH 09/13] target-s390x: implement TRANSLATE EXTENDED instruction

[Aurelien Jarno]

On 2015-06-02 10:07, Richard Henderson wrote:
> On 06/01/2015 02:24 PM, Aurelien Jarno wrote:
> > +/* TRANSLATE EXTENDED */
> > +C(0xb2a5, TRE, RRE,   Z,   0, 0, 0, 0, tre, 0)
> ...
> > +static ExitStatus op_tre(DisasContext *s, DisasOps *o)
> > +{
> > +TCGv_i32 r1 = tcg_const_i32(get_field(s->fields, r1));
> > +TCGv_i32 r2 = tcg_const_i32(get_field(s->fields, r2));
> > +potential_page_fault(s);
> > +gen_helper_tre(cpu_env, r1, r2);
> > +tcg_temp_free_i32(r1);
> > +tcg_temp_free_i32(r2);
> > +set_cc_static(s);
> > +return NO_EXIT;
> > +}
> 
> Missing the specification exception for odd r1.

Good catch.

> Easily fixable by using prep_r1_P.  You don't necessarily have to do anything
> else -- merely prepping out+out2 are sufficient.
> 
> But why don't we just pass and return (most) of the data to the helper?  Like
> 
>   C(0xb2a5, TRE, RRE,   Z,   0, r2, r1_P, 0, tre, 0)
> 
>   potential_page_fault(s);
>   gen_helper_tre(o->out, cpu_env, o->out, o->out2, o->in2);
>   return_low128(o->out2);
>   set_cc_static(s);

My point was that we need to pass 4 values (reg0, r1, r1+1 and r2) and
return 3 values (r1, r1+1 and cc), so it's probably better to pass all
of them the same way. It's the strategy chosen for other similar
instructions (e.g mvcl), except for cc.

I'll change that in the next version.

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PULL 0/8] SH4 patches for upstream

[Aurelien Jarno]

On 2015-06-02 18:23, Peter Maydell wrote:
> On 1 June 2015 at 22:29, Aurelien Jarno  wrote:
> > The following changes since commit f5790c3bc81702c98c7ddadedb274758cff8cbe7:
> >
> >   Revert "target-alpha: Add vector implementation for CMPBGE" (2015-05-22 
> > 12:30:13 +0100)
> >
> > are available in the git repository at:
> >
> >   git://git.aurel32.net/qemu.git tags/pull-qemu-sh4-2015-06-01
> >
> > for you to fetch changes up to c9967fd80d4686f44ee725a8c2af66b387b393a5:
> >
> >   target-sh4: remove dead code (2015-05-25 01:28:56 +0200)
> >
> > 
> > SH4 patches for upstream
> >
> > 
> > Aurelien Jarno (8):
> >   target-sh4: use bit number for SR constants
> >   target-sh4: Split out T from SR
> >   target-sh4: optimize addc using add2
> >   target-sh4: optimize subc using sub2
> >   target-sh4: optimize negc using add2 and sub2
> >   target-sh4: split out Q and M from of SR and optimize div1
> >   target-sh4: factorize fmov implementation
> >   target-sh4: remove dead code
> 
> Hi. I'm afraid this fails to build under clang:

Oops sorry about that.

> target-sh4/translate.c:282:20: error: unused
>   function 'gen_copy_bit_i32' [-Werror,-Wunused-function]
> static inline void gen_copy_bit_i32(TCGv t0, int p0, TCGv t1, int p1)
>^
> 1 error generated.
> 
> (Clang will warn about unused static inline functions defined
> in in a .c file; gcc doesn't.)

That's actually a good catch. One of the goal of the patch set was to
remove this function, but after converting everything, I forgot to
remove it.

I'll send a new PULL request with this fixed.

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

[Qemu-devel] [PATCH] tpm: Prevent a call to TPM if no TPM support is requested

[Stefan Berger]

Prevent the function tpm_tis_get_tpm_version() from being called
if not TPM support is requested.

Signed-off-by: Stefan Berger 
---
 include/sysemu/tpm.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
index c143890..c8afa17 100644
--- a/include/sysemu/tpm.h
+++ b/include/sysemu/tpm.h
@@ -32,11 +32,13 @@ TPMVersion tpm_tis_get_tpm_version(Object *obj);
 
 static inline TPMVersion tpm_get_version(void)
 {
+#ifdef CONFIG_TPM
 Object *obj = object_resolve_path_type("", TYPE_TPM_TIS, NULL);
 
 if (obj) {
 return tpm_tis_get_tpm_version(obj);
 }
+#endif
 return TPM_VERSION_UNSPEC;
 }
 
-- 
1.9.3

Re: [Qemu-devel] [PATCH v2 14/17] net/dp8393x: correctly reset in_use field

[Hervé Poussineau]

Le 02/06/2015 13:04, Aurelien Jarno a écrit :

On 2015-05-27 14:19, Hervé Poussineau wrote:

Don't write more than the field width, which is always 16 bit.
Fixes network in NetBSD 5.1/arc

Signed-off-by: Hervé Poussineau 
---
  hw/net/dp8393x.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 4184045..b72b0b1 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -761,10 +761,10 @@ static ssize_t dp8393x_receive(NetClientState *nc, const 
uint8_t * buf,
  /* EOL detected */
  s->regs[SONIC_ISR] |= SONIC_ISR_RDE;
  } else {
-data[0 * width] = 0; /* in_use */
+uint16_t in_use = 0;
  address_space_rw(&s->as,
  ((s->regs[SONIC_URDA] << 16) | s->regs[SONIC_CRDA]) + 
sizeof(uint16_t) * 6 * width,
-MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 1);
+MEMTXATTRS_UNSPECIFIED, (uint8_t *)&in_use, sizeof(uint16_t), 1);


Why not initialising both data[0] and data[1] to 0 and a fixed size of 2
bytes instead of using a new variable?


I'll do that if a v3 is required.




  s->regs[SONIC_CRDA] = s->regs[SONIC_LLFA];
  s->regs[SONIC_ISR] |= SONIC_ISR_PKTRX;
  s->regs[SONIC_RSC] = (s->regs[SONIC_RSC] & 0xff00) | (((s->regs[SONIC_RSC] 
& 0x00ff) + 1) & 0x00ff);


That said:
Reviewed-by: Aurelien Jarno 



Hervé

Re: [Qemu-devel] [PATCH v2 01/17] mips jazz: compile only in 64 bit little endian

[Hervé Poussineau]

Le 02/06/2015 13:02, Aurelien Jarno a écrit :

On 2015-05-27 14:19, Hervé Poussineau wrote:

Remove now useless device models from other MIPS configurations

We're now compiling 18 files less than before.

Signed-off-by: Hervé Poussineau 
---
  default-configs/mips-softmmu.mak | 5 -
  default-configs/mips64-softmmu.mak   | 5 -
  default-configs/mips64el-softmmu.mak | 1 +
  default-configs/mipsel-softmmu.mak   | 5 -
  hw/mips/Makefile.objs| 3 ++-
  hw/mips/mips_jazz.c  | 5 -
  tests/endianness-test.c  | 4 
  7 files changed, 3 insertions(+), 25 deletions(-)

diff --git a/default-configs/mips-softmmu.mak b/default-configs/mips-softmmu.mak
index cce2c81..f62a21a 100644
--- a/default-configs/mips-softmmu.mak
+++ b/default-configs/mips-softmmu.mak
@@ -21,14 +21,9 @@ CONFIG_PIIX4=y
  CONFIG_IDE_ISA=y
  CONFIG_IDE_PIIX=y
  CONFIG_NE2000_ISA=y
-CONFIG_RC4030=y
-CONFIG_DP8393X=y
-CONFIG_DS1225Y=y
  CONFIG_MIPSNET=y
  CONFIG_PFLASH_CFI01=y
-CONFIG_G364FB=y
  CONFIG_I8259=y
-CONFIG_JAZZ_LED=y
  CONFIG_MC146818RTC=y
  CONFIG_ISA_TESTDEV=y
  CONFIG_EMPTY_SLOT=y
diff --git a/default-configs/mips64-softmmu.mak 
b/default-configs/mips64-softmmu.mak
index 7a88a08..accedca 100644
--- a/default-configs/mips64-softmmu.mak
+++ b/default-configs/mips64-softmmu.mak
@@ -21,14 +21,9 @@ CONFIG_PIIX4=y
  CONFIG_IDE_ISA=y
  CONFIG_IDE_PIIX=y
  CONFIG_NE2000_ISA=y
-CONFIG_RC4030=y
-CONFIG_DP8393X=y
-CONFIG_DS1225Y=y
  CONFIG_MIPSNET=y
  CONFIG_PFLASH_CFI01=y
-CONFIG_G364FB=y
  CONFIG_I8259=y
-CONFIG_JAZZ_LED=y
  CONFIG_MC146818RTC=y
  CONFIG_ISA_TESTDEV=y
  CONFIG_EMPTY_SLOT=y


TTBOMK, MIPS Magnum machines are dual endian, so why remove the 64-bit
big endian version?

On the other hand, I am all for removing the 32-bit versions.



Yes, MIPS Magnum are dual endian. However, they always start in little-endian 
mode, and firmware switches CPU to big-endian if required.
If you prefer that I keep the 64 bit big-endian variant, I can do it.

Regards,

Hervé

Re: [Qemu-devel] [PATCH 13/13] target-s390x: implement high-word facility

[Richard Henderson]

On 06/01/2015 02:24 PM, Aurelien Jarno wrote:
> Besides RISBHG and RISBLG, all high-word instructions are not
> implemented. Fix that.
> 
> Cc: Alexander Graf 
> Cc: Richard Henderson 
> Signed-off-by: Aurelien Jarno 
> ---
>  target-s390x/insn-data.def | 47 ++
>  target-s390x/translate.c   | 51 
> ++
>  2 files changed, 98 insertions(+)

Reviewed-by: Richard Henderson 


r~

[Qemu-devel] [PATCH v6 2/2] qga: win32 qmp_guest_network_get_interfaces implementation

[Kirk Allan]

By default, IPv4 prefixes will be derived by matching the address
to those returned by GetAdaptersInfo.  IPv6 prefixes can not be
matched this way due to the unpredictable order of entries.

In Windows Vista/2008 guests and newer, both IPv4 and IPv6 prefixes
can be retrieved from OnLinkPrefixLength.  Setting --extra-cflags
in the build configuration to "-D_WIN32_WINNT=0x600"
or greater makes OnLinkPrefixLength available.  Setting --extra-cflags
is not required and if not set, the default approach to get the prefix
will be taken.

Signed-off-by: Kirk Allan 
---
 qga/commands-win32.c | 220 ++-
 1 file changed, 217 insertions(+), 3 deletions(-)

diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index 3ef0549..209eba7 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -16,11 +16,17 @@
 #include 
 #include 
 #include 
+#include 
+#include 
+#include 
+#include 
+#include 
 #include "qga/guest-agent-core.h"
 #include "qga/vss-win32.h"
 #include "qga-qmp-commands.h"
 #include "qapi/qmp/qerror.h"
 #include "qemu/queue.h"
+#include "qemu/host-utils.h"
 
 #ifndef SHTDN_REASON_FLAG_PLANNED
 #define SHTDN_REASON_FLAG_PLANNED 0x8000
@@ -589,12 +595,220 @@ void qmp_guest_suspend_hybrid(Error **errp)
 error_set(errp, QERR_UNSUPPORTED);
 }
 
-GuestNetworkInterfaceList *qmp_guest_network_get_interfaces(Error **errp)
+static IP_ADAPTER_ADDRESSES *guest_get_adapters_addresses(Error **errp)
 {
-error_set(errp, QERR_UNSUPPORTED);
+IP_ADAPTER_ADDRESSES *adptr_addrs = NULL;
+ULONG adptr_addrs_len = 0;
+DWORD ret;
+
+/* Call the first time to get the adptr_addrs_len. */
+GetAdaptersAddresses(AF_UNSPEC, GAA_FLAG_INCLUDE_PREFIX,
+ NULL, adptr_addrs, &adptr_addrs_len);
+
+adptr_addrs = g_malloc(adptr_addrs_len);
+ret = GetAdaptersAddresses(AF_UNSPEC, GAA_FLAG_INCLUDE_PREFIX,
+   NULL, adptr_addrs, &adptr_addrs_len);
+if (ret != ERROR_SUCCESS) {
+error_setg_win32(errp, ret, "failed to get adapters addresses");
+g_free(adptr_addrs);
+adptr_addrs = NULL;
+}
+return adptr_addrs;
+}
+
+static char *guest_wctomb_dup(WCHAR *wstr)
+{
+char *str;
+size_t i;
+
+i = wcslen(wstr) + 1;
+str = g_malloc(i);
+WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK,
+wstr, -1, str, i, NULL, NULL);
+return str;
+}
+
+static char *guest_addr_to_str(IP_ADAPTER_UNICAST_ADDRESS *ip_addr,
+   Error **errp)
+{
+char addr_str[INET6_ADDRSTRLEN + INET_ADDRSTRLEN];
+DWORD len;
+int ret;
+
+if (ip_addr->Address.lpSockaddr->sa_family == AF_INET ||
+ip_addr->Address.lpSockaddr->sa_family == AF_INET6) {
+len = sizeof(addr_str);
+ret = WSAAddressToString(ip_addr->Address.lpSockaddr,
+ ip_addr->Address.iSockaddrLength,
+ NULL,
+ addr_str,
+ &len);
+if (ret != 0) {
+error_setg_win32(errp, WSAGetLastError(),
+"failed address presentation form conversion");
+return NULL;
+}
+return g_strdup(addr_str);
+}
 return NULL;
 }
 
+#if (_WIN32_WINNT >= 0x0600)
+static int64_t guest_ip_prefix(IP_ADAPTER_UNICAST_ADDRESS *ip_addr)
+{
+/* For Windows Vista/2008 and newer, use the OnLinkPrefixLength
+ * field to obtain the prefix.
+ */
+return ip_addr->OnLinkPrefixLength;
+}
+#else
+/* When using the Windows XP and 2003 build environment, do the best we can to
+ * figure out the prefix.
+ */
+static IP_ADAPTER_INFO *guest_get_adapters_info(void)
+{
+IP_ADAPTER_INFO *adptr_info = NULL;
+ULONG adptr_info_len = 0;
+DWORD ret;
+
+/* Call the first time to get the adptr_info_len. */
+GetAdaptersInfo(adptr_info, &adptr_info_len);
+
+adptr_info = g_malloc(adptr_info_len);
+ret = GetAdaptersInfo(adptr_info, &adptr_info_len);
+if (ret != ERROR_SUCCESS) {
+g_free(adptr_info);
+adptr_info = NULL;
+}
+return adptr_info;
+}
+
+static int64_t guest_ip_prefix(IP_ADAPTER_UNICAST_ADDRESS *ip_addr)
+{
+int64_t prefix = -1; /* Use for AF_INET6 and unknown/undetermined values. 
*/
+IP_ADAPTER_INFO *adptr_info, *info;
+IP_ADDR_STRING *ip;
+struct in_addr *p;
+
+if (ip_addr->Address.lpSockaddr->sa_family != AF_INET) {
+return prefix;
+}
+adptr_info = guest_get_adapters_info();
+if (adptr_info == NULL) {
+return prefix;
+}
+
+/* Match up the passed in ip_addr with one found in adaptr_info.
+ * The matching one in adptr_info will have the netmask.
+ */
+p = &((struct sockaddr_in *)ip_addr->Address.lpSockaddr)->sin_addr;
+for (info = adptr_info; info; info = info->Next) {
+for (ip = &info->IpAddressList; ip; ip = ip->Next) {
+if (p->S_un.S_addr == i

[Qemu-devel] [PATCH v6 0/2] qga: qmp_guest_network_get_interfaces for win32

[Kirk Allan]

Changes from v5:
- Patch 1/2 removed testing for WINVER in QEMU_CFLAGS.

Changes from v4:
- Fixed up the commit messages to remove the utf-8 characters.

Changes from v3:
- Patch 1/2 removed setting ARCH_$ARCH
- Patch 2/2 implemented feedback from v3. Use WSAAddressToString for
inet_ntop functionality.  WSAStringToAddress is available in all versions
of Windows.

This patch set is to implement qmp_guest_network_get_interfaces for win32.

This patch set contains two patches: configuration and implementation.

The configuration patch adds the iphlpapi library.  The implementation
patch for commands-win32.c takes advantage of _WIN32_WINNT if set to 0x600
or greater for Windows Vista/2008 guests or newer to use OnLinkPrefixLength
for prefixes.  WSAStringToAddress is used for inet_ntop functionality.

Kirk Allan (2):
  qga: add win32 library iphlpapi
  qga: win32 qmp_guest_network_get_interfaces implementation

 configure|   2 +-
 qga/commands-win32.c | 220 ++-
 2 files changed, 218 insertions(+), 4 deletions(-)

-- 
1.8.5.6

[Qemu-devel] [PATCH v6 1/2] qga: add win32 library iphlpapi

[Kirk Allan]

Add the iphlpapi library to use APIs such as GetAdaptersInfo and
GetAdaptersAddresses.

Signed-off-by: Kirk Allan 
---
 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure b/configure
index 4e2f78a..60df96d 100755
--- a/configure
+++ b/configure
@@ -724,7 +724,7 @@ if test "$mingw32" = "yes" ; then
   sysconfdir="\${prefix}"
   local_statedir=
   confsuffix=""
-  libs_qga="-lws2_32 -lwinmm -lpowrprof $libs_qga"
+  libs_qga="-lws2_32 -lwinmm -lpowrprof -liphlpapi $libs_qga"
 fi
 
 werror=""
-- 
1.8.5.6

Re: [Qemu-devel] [PATCH 09/10 v11] target-tilegx: Generate tcg instructions to finish "Hello world"

[Peter Maydell]

On 30 May 2015 at 22:18, Chen Gang  wrote:
> Generate related tcg instructions, and qemu tilegx can finish running
> "Hello world". The elf64 binary can be static or shared.
>
> Signed-off-by: Chen Gang 
> ---
>  target-tilegx/translate.c | 2787 
> +
>  1 file changed, 2787 insertions(+)
>  create mode 100644 target-tilegx/translate.c

For me, this patch is just too long to review sensibly.
(Simply trying to deal with replying to this email in my mail
client was a pain.)

But Richard is going to review this so I'll let him make
that decision.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 10/10 v11] target-tilegx: Add TILE-Gx building files

[Peter Maydell]

On 30 May 2015 at 22:19, Chen Gang  wrote:
> Add related configuration, make files for tilegx. Now, qemu tilegx can
> pass building, and finish running "Hello world" static/shared elf64
> binary.
>
> Signed-off-by: Chen Gang 

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH 07/10 v11] target-tilegx: Add cpu basic features for linux-user

[Peter Maydell]

On 30 May 2015 at 22:15, Chen Gang  wrote:
> It implements minimized cpu features for linux-user.
>
> Signed-off-by: Chen Gang 
> ---
>  target-tilegx/cpu.c | 143 +++
>  target-tilegx/cpu.h | 171 
> 
>  2 files changed, 314 insertions(+)
>  create mode 100644 target-tilegx/cpu.c
>  create mode 100644 target-tilegx/cpu.h
>
> diff --git a/target-tilegx/cpu.c b/target-tilegx/cpu.c
> new file mode 100644
> index 000..663fcb6
> --- /dev/null
> +++ b/target-tilegx/cpu.c
> @@ -0,0 +1,143 @@
> +/*
> + * QEMU TILE-Gx CPU
> + *
> + *  Copyright (c) 2015 Chen Gang
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see
> + * 
> + */
> +
> +#include "cpu.h"
> +#include "qemu-common.h"
> +#include "hw/qdev-properties.h"
> +#include "migration/vmstate.h"
> +
> +TileGXCPU *cpu_tilegx_init(const char *cpu_model)
> +{
> +TileGXCPU *cpu;
> +
> +cpu = TILEGX_CPU(object_new(TYPE_TILEGX_CPU));
> +
> +object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
> +
> +return cpu;
> +}
> +
> +static void tilegx_cpu_set_pc(CPUState *cs, vaddr value)
> +{
> +TileGXCPU *cpu = TILEGX_CPU(cs);
> +
> +cpu->env.pc = value;
> +}
> +
> +static bool tilegx_cpu_has_work(CPUState *cs)
> +{
> +return true;
> +}
> +
> +static void tilegx_cpu_reset(CPUState *s)
> +{
> +TileGXCPU *cpu = TILEGX_CPU(s);
> +TileGXCPUClass *tcc = TILEGX_CPU_GET_CLASS(cpu);
> +CPUTLGState *env = &cpu->env;
> +
> +tcc->parent_reset(s);
> +
> +memset(env, 0, sizeof(CPUTLGState));
> +tlb_flush(s, 1);
> +}
> +
> +static void tilegx_cpu_realizefn(DeviceState *dev, Error **errp)
> +{
> +CPUState *cs = CPU(dev);
> +TileGXCPUClass *tcc = TILEGX_CPU_GET_CLASS(dev);
> +
> +cpu_reset(cs);
> +qemu_init_vcpu(cs);
> +
> +tcc->parent_realize(dev, errp);
> +}
> +
> +static void tilegx_cpu_initfn(Object *obj)
> +{
> +CPUState *cs = CPU(obj);
> +TileGXCPU *cpu = TILEGX_CPU(obj);
> +CPUTLGState *env = &cpu->env;
> +static bool tcg_initialized;
> +
> +cs->env_ptr = env;
> +cpu_exec_init(env);
> +
> +if (tcg_enabled() && !tcg_initialized) {
> +tcg_initialized = true;
> +tilegx_tcg_init();
> +}
> +}
> +
> +static void tilegx_cpu_do_interrupt(CPUState *cs)
> +{
> +cs->exception_index = -1;
> +}
> +
> +static int tilegx_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int rw,
> +   int mmu_idx)
> +{
> +cpu_dump_state(cs, stderr, fprintf, 0);
> +return 1;
> +}
> +
> +static bool tilegx_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
> +{
> +if (interrupt_request & CPU_INTERRUPT_HARD) {
> +tilegx_cpu_do_interrupt(cs);
> +return true;
> +}
> +return false;
> +}
> +
> +static void tilegx_cpu_class_init(ObjectClass *oc, void *data)
> +{
> +DeviceClass *dc = DEVICE_CLASS(oc);
> +CPUClass *cc = CPU_CLASS(oc);
> +TileGXCPUClass *tcc = TILEGX_CPU_CLASS(oc);
> +
> +tcc->parent_realize = dc->realize;
> +dc->realize = tilegx_cpu_realizefn;
> +
> +tcc->parent_reset = cc->reset;
> +cc->reset = tilegx_cpu_reset;
> +
> +cc->has_work = tilegx_cpu_has_work;
> +cc->do_interrupt = tilegx_cpu_do_interrupt;
> +cc->cpu_exec_interrupt = tilegx_cpu_exec_interrupt;
> +cc->set_pc = tilegx_cpu_set_pc;
> +cc->handle_mmu_fault = tilegx_cpu_handle_mmu_fault;
> +cc->gdb_num_core_regs = 0;
> +}
> +
> +static const TypeInfo tilegx_cpu_type_info = {
> +.name = TYPE_TILEGX_CPU,
> +.parent = TYPE_CPU,
> +.instance_size = sizeof(TileGXCPU),
> +.instance_init = tilegx_cpu_initfn,
> +.class_size = sizeof(TileGXCPUClass),
> +.class_init = tilegx_cpu_class_init,
> +};
> +
> +static void tilegx_cpu_register_types(void)
> +{
> +type_register_static(&tilegx_cpu_type_info);
> +}
> +
> +type_init(tilegx_cpu_register_types)
> diff --git a/target-tilegx/cpu.h b/target-tilegx/cpu.h
> new file mode 100644
> index 000..a0f4c6f
> --- /dev/null
> +++ b/target-tilegx/cpu.h
> @@ -0,0 +1,171 @@
> +/*
> + *  TILE-Gx virtual CPU header
> + *
> + *  Copyright (c) 2015 Chen Gang
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> 

[Qemu-devel] [PATCH v2 0/3] migration: Dynamic cpu throttling for auto-converge

[Jason J. Herne]

This patch set provides a new method for throttling a vcpu and makes use of said
method to dynamically increase cpu throttling during an autoconverge
migration until the migration completes. This method ensures that all migrations
will eventually converge.

The method used here for throttling vcpus is likely not the best. However, I
believe that it is preferable to what is used for autoconverge today.

This work is related to the following discussion:
https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg00287.html

Changelog
---
v2
- Add cpu throttle ratio output to hmp/qmp info/query migrate commands
v1
- Initial

Jason J. Herne (3):
  cpu: Provide vcpu throttling interface
  migration: Dynamic cpu throttling for auto-converge
  qmp/hmp: Add throttle ratio to query-migrate and info migrate

 arch_init.c   | 95 +--
 cpus.c| 62 +
 hmp.c |  5 +++
 include/qom/cpu.h | 46 +
 migration/migration.c | 14 
 qapi-schema.json  |  3 +-
 6 files changed, 161 insertions(+), 64 deletions(-)

-- 
1.9.1

[Qemu-devel] [PATCH v2 1/3] cpu: Provide vcpu throttling interface

[Jason J. Herne]

Provide a method to throttle guest cpu execution. CPUState is augmented with
timeout controls and throttle start/stop functions. To throttle the guest cpu
the caller simply has to call the throttle start function and provide a ratio of
sleep time to normal execution time.

Signed-off-by: Jason J. Herne 
Reviewed-by: Matthew Rosato 
---
 cpus.c| 62 +++
 include/qom/cpu.h | 46 +
 2 files changed, 108 insertions(+)

diff --git a/cpus.c b/cpus.c
index de6469f..7568357 100644
--- a/cpus.c
+++ b/cpus.c
@@ -64,6 +64,9 @@
 
 #endif /* CONFIG_LINUX */
 
+/* Number of ms between cpu throttle operations */
+#define CPU_THROTTLE_TIMESLICE 10
+
 static CPUState *next_cpu;
 int64_t max_delay;
 int64_t max_advance;
@@ -919,6 +922,65 @@ static void qemu_kvm_wait_io_event(CPUState *cpu)
 qemu_wait_io_event_common(cpu);
 }
 
+static void cpu_throttle_thread(void *opq)
+{
+CPUState *cpu = (CPUState *)opq;
+long sleeptime_ms = (long)(cpu->throttle_ratio * CPU_THROTTLE_TIMESLICE);
+
+/* Stop the timer if needed */
+if (cpu->throttle_timer_stop) {
+timer_del(cpu->throttle_timer);
+timer_free(cpu->throttle_timer);
+cpu->throttle_timer = NULL;
+return;
+}
+
+qemu_mutex_unlock_iothread();
+g_usleep(sleeptime_ms * 1000); /* Convert ms to us for usleep call */
+qemu_mutex_lock_iothread();
+
+timer_mod(cpu->throttle_timer, qemu_clock_get_ms(QEMU_CLOCK_REALTIME) +
+   CPU_THROTTLE_TIMESLICE);
+}
+
+static void cpu_throttle_timer_pop(void *opq)
+{
+CPUState *cpu = (CPUState *)opq;
+
+async_run_on_cpu(cpu, cpu_throttle_thread, cpu);
+}
+
+void cpu_throttle_start(CPUState *cpu, float throttle_ratio)
+{
+assert(throttle_ratio > 0);
+cpu->throttle_ratio = throttle_ratio;
+
+if (!cpu_throttle_active(cpu)) {
+cpu->throttle_timer = timer_new_ms(QEMU_CLOCK_REALTIME,
+   cpu_throttle_timer_pop, cpu);
+timer_mod(cpu->throttle_timer, qemu_clock_get_ms(QEMU_CLOCK_REALTIME) +
+   CPU_THROTTLE_TIMESLICE);
+cpu->throttle_timer_stop = false;
+}
+}
+
+void cpu_throttle_stop(CPUState *cpu)
+{
+assert(cpu_throttle_active(cpu));
+cpu->throttle_timer_stop = true;
+}
+
+bool cpu_throttle_active(CPUState *cpu)
+{
+return (cpu->throttle_timer != NULL);
+}
+
+float cpu_throttle_get_ratio(CPUState *cpu)
+{
+assert(cpu_throttle_active(cpu));
+return cpu->throttle_ratio;
+}
+
 static void *qemu_kvm_cpu_thread_fn(void *arg)
 {
 CPUState *cpu = arg;
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 39f0f19..9d16e6a 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -310,6 +310,11 @@ struct CPUState {
 uint32_t can_do_io;
 int32_t exception_index; /* used by m68k TCG */
 
+/* vcpu throttling controls */
+QEMUTimer *throttle_timer;
+bool throttle_timer_stop;
+float throttle_ratio;
+
 /* Note that this is accessed at the start of every TB via a negative
offset from AREG0.  Leave this field at the end so as to make the
(absolute value) offset as small as possible.  This reduces code
@@ -553,6 +558,47 @@ CPUState *qemu_get_cpu(int index);
  */
 bool cpu_exists(int64_t id);
 
+/**
+ * cpu_throttle_start:
+ * @cpu: The vcpu to throttle
+ *
+ * Throttles a vcpu by forcing it to sleep. The duration of the sleep is a
+ * ratio of sleep time to running time. A ratio of 1.0 corresponds to a 50%
+ * duty cycle (example: 10ms sleep for every 10ms awake).
+ *
+ * cpu_throttle_start can be called as needed to adjust the throttle ratio.
+ * Once the throttling starts, it will remain in effect until cpu_throttle_stop
+ * is called.
+ */
+void cpu_throttle_start(CPUState *cpu, float throttle_ratio);
+
+/**
+ * cpu_throttle_stop:
+ * @cpu: The vcpu to stop throttling
+ *
+ * Stops the vcpu throttling started by cpu_throttle_start.
+ */
+void cpu_throttle_stop(CPUState *cpu);
+
+/**
+ * cpu_throttle_active:
+ * @cpu: The vcpu to check
+ *
+ * Returns %true if this vcpu is currently being throttled, %false otherwise.
+ */
+bool cpu_throttle_active(CPUState *cpu);
+
+/**
+ * cpu_throttle_get_ratio:
+ * @cpu: The vcpu whose throttle ratio to return.
+ *
+ * Returns the ratio being used to throttle this vcpu. See cpu_throttle_start
+ * for details.
+ *
+ * Returns The ratio being used to throttle this vcpu.
+ */
+float cpu_throttle_get_ratio(CPUState *cpu);
+
 #ifndef CONFIG_USER_ONLY
 
 typedef void (*CPUInterruptHandler)(CPUState *, int);
-- 
1.9.1

[Qemu-devel] [PATCH v2 3/3] qmp/hmp: Add throttle ratio to query-migrate and info migrate

[Jason J. Herne]

Report throttle ratio in info migrate and query-migrate responses when cpu
throttling is active.

Signed-off-by: Jason J. Herne 
---
 hmp.c | 5 +
 migration/migration.c | 5 +
 qapi-schema.json  | 3 ++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/hmp.c b/hmp.c
index e17852d..cb3c137 100644
--- a/hmp.c
+++ b/hmp.c
@@ -229,6 +229,11 @@ void hmp_info_migrate(Monitor *mon, const QDict *qdict)
info->xbzrle_cache->overflow);
 }
 
+if (info->has_x_cpu_throttle_ratio) {
+monitor_printf(mon, "cpu throttle ratio : %0.2f\n",
+   info->x_cpu_throttle_ratio);
+}
+
 qapi_free_MigrationInfo(info);
 qapi_free_MigrationCapabilityStatusList(caps);
 }
diff --git a/migration/migration.c b/migration/migration.c
index c9545df..98cc03a 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -263,6 +263,11 @@ MigrationInfo *qmp_query_migrate(Error **errp)
 info->disk->total = blk_mig_bytes_total();
 }
 
+if (cpu_throttle_active(first_cpu)) {
+info->has_x_cpu_throttle_ratio = true;
+info->x_cpu_throttle_ratio = cpu_throttle_get_ratio(first_cpu);
+}
+
 get_xbzrle_cache_stats(info);
 break;
 case MIGRATION_STATUS_COMPLETED:
diff --git a/qapi-schema.json b/qapi-schema.json
index f97ffa1..5e732e0 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -483,7 +483,8 @@
'*total-time': 'int',
'*expected-downtime': 'int',
'*downtime': 'int',
-   '*setup-time': 'int'} }
+   '*setup-time': 'int',
+   '*x-cpu-throttle-ratio': 'number'} }
 
 ##
 # @query-migrate
-- 
1.9.1

[Qemu-devel] [PATCH v2 2/3] migration: Dynamic cpu throttling for auto-converge

[Jason J. Herne]

Remove traditional auto-converge static 30ms throttling code and replace it
with a dynamic throttling algorithm.

Additionally, be more aggressive when deciding when to start throttling.
Previously we waited until four unproductive memory passes. Now we begin
throttling after only two unproductive memory passes. Four seemed quite
arbitrary and only waiting for two passes allows us to complete the migration
faster.

Signed-off-by: Jason J. Herne 
Reviewed-by: Matthew Rosato 
---
 arch_init.c   | 95 +--
 migration/migration.c |  9 +
 2 files changed, 41 insertions(+), 63 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 23d3feb..73ae494 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -111,9 +111,7 @@ int graphic_depth = 32;
 #endif
 
 const uint32_t arch_type = QEMU_ARCH;
-static bool mig_throttle_on;
 static int dirty_rate_high_cnt;
-static void check_guest_throttling(void);
 
 static uint64_t bitmap_sync_count;
 
@@ -487,6 +485,31 @@ static size_t save_page_header(QEMUFile *f, RAMBlock 
*block, ram_addr_t offset)
 return size;
 }
 
+/* Reduce amount of guest cpu execution to hopefully slow down memory writes.
+ * If guest dirty memory rate is reduced below the rate at which we can
+ * transfer pages to the destination then we should be able to complete
+ * migration. Some workloads dirty memory way too fast and will not effectively
+ * converge, even with auto-converge. For these workloads we will continue to
+ * increase throttling until the guest is paused long enough to complete the
+ * migration. This essentially becomes a non-live migration.
+ */
+static void mig_throttle_guest_down(void)
+{
+CPUState *cpu;
+
+CPU_FOREACH(cpu) {
+/* We have not started throttling yet. Lets start it.*/
+if (!cpu_throttle_active(cpu)) {
+cpu_throttle_start(cpu, 0.2);
+}
+
+/* Throttling is already in place. Just increase the throttling rate */
+else {
+cpu_throttle_start(cpu, cpu_throttle_get_ratio(cpu) * 2);
+}
+}
+}
+
 /* Update the xbzrle cache to reflect a page that's been sent as all 0.
  * The important thing is that a stale (not-yet-0'd) page be replaced
  * by the new data.
@@ -714,21 +737,21 @@ static void migration_bitmap_sync(void)
 /* The following detection logic can be refined later. For now:
Check to see if the dirtied bytes is 50% more than the approx.
amount of bytes that just got transferred since the last time we
-   were in this routine. If that happens >N times (for now N==4)
-   we turn on the throttle down logic */
+   were in this routine. If that happens twice, start or increase
+   throttling */
 bytes_xfer_now = ram_bytes_transferred();
+
 if (s->dirty_pages_rate &&
(num_dirty_pages_period * TARGET_PAGE_SIZE >
(bytes_xfer_now - bytes_xfer_prev)/2) &&
-   (dirty_rate_high_cnt++ > 4)) {
+   (dirty_rate_high_cnt++ >= 2)) {
 trace_migration_throttle();
-mig_throttle_on = true;
 dirty_rate_high_cnt = 0;
+mig_throttle_guest_down();
  }
  bytes_xfer_prev = bytes_xfer_now;
-} else {
- mig_throttle_on = false;
 }
+
 if (migrate_use_xbzrle()) {
 if (iterations_prev != acct_info.iterations) {
 acct_info.xbzrle_cache_miss_rate =
@@ -1197,7 +1220,6 @@ static int ram_save_setup(QEMUFile *f, void *opaque)
 RAMBlock *block;
 int64_t ram_bitmap_pages; /* Size of bitmap in pages, including gaps */
 
-mig_throttle_on = false;
 dirty_rate_high_cnt = 0;
 bitmap_sync_count = 0;
 migration_bitmap_sync_init();
@@ -1301,12 +1323,7 @@ static int ram_save_iterate(QEMUFile *f, void *opaque)
 }
 pages_sent += pages;
 acct_info.iterations++;
-check_guest_throttling();
-/* we want to check in the 1st loop, just in case it was the 1st time
-   and we had to sync the dirty bitmap.
-   qemu_get_clock_ns() is a bit expensive, so we only check each some
-   iterations
-*/
+
 if ((i & 63) == 0) {
 uint64_t t1 = (qemu_clock_get_ns(QEMU_CLOCK_REALTIME) - t0) / 
100;
 if (t1 > MAX_WAIT) {
@@ -1913,51 +1930,3 @@ TargetInfo *qmp_query_target(Error **errp)
 return info;
 }
 
-/* Stub function that's gets run on the vcpu when its brought out of the
-   VM to run inside qemu via async_run_on_cpu()*/
-static void mig_sleep_cpu(void *opq)
-{
-qemu_mutex_unlock_iothread();
-g_usleep(30*1000);
-qemu_mutex_lock_iothread();
-}
-
-/* To reduce the dirty rate explicitly disallow the VCPUs from spending
-   much time in the VM. The migration thread will try to catchup.
-   Workload will experience a performance 

Re: [Qemu-devel] [PATCH 06/10 v11] target-tilegx: Add special register information from Tilera Corporation

[Peter Maydell]

On 30 May 2015 at 22:15, Chen Gang  wrote:
> The related copy is from Linux kernel "arch/tile/include/uapi/arch/
> spr_def_64.h".
>
> Signed-off-by: Chen Gang 
> ---
>  target-tilegx/spr_def_64.h | 216 
> +
>  1 file changed, 216 insertions(+)
>  create mode 100644 target-tilegx/spr_def_64.h

I'd care more about the possibility of conflicts with the
actual user header if we supported building QEMU on
a tilegx host. But since we don't this is OK.

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH 05/10 v11] arget-tilegx/opcode_tilegx.h: Modify it to fit qemu using

[Peter Maydell]

On 30 May 2015 at 22:14, Chen Gang  wrote:
> Use 'inline' instead of '__inline', and also use 'uint64_t' instead of
> "unsigned long long"
>
> Signed-off-by: Chen Gang 
> ---
>  target-tilegx/opcode_tilegx.h | 220 
> +-
>  1 file changed, 110 insertions(+), 110 deletions(-)

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH 04/10 v11] target-tilegx: Add opcode basic implementation from Tilera Corporation

[Peter Maydell]

On 30 May 2015 at 22:13, Chen Gang  wrote:
> It is copied from Linux kernel "arch/tile/include/uapi/arch/
> opcode_tilegx.h".
>
> Signed-off-by: Chen Gang 
> ---
>  target-tilegx/opcode_tilegx.h | 1406 
> +
>  1 file changed, 1406 insertions(+)
>  create mode 100644 target-tilegx/opcode_tilegx.h

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH 03/10 v11] linux-user/syscall.c: conditionalize syscalls which are not defined in tilegx

[Peter Maydell]

On 30 May 2015 at 22:12, Chen Gang  wrote:
> Some of architectures (e.g. tilegx), several syscall macros are not
> supported, so switch them.
>
> Signed-off-by: Chen Gang 

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH 02/10 v11] linux-user: Support tilegx architecture in linux-user

[Peter Maydell]

On 30 May 2015 at 22:10, Chen Gang  wrote:
> Add main working flow feature, system call processing feature, and elf64
> tilegx binary loading feature, based on Linux kernel tilegx 64-bit
> implementation.
>
> Signed-off-by: Chen Gang 
> ---
>  include/elf.h |   2 +
>  linux-user/elfload.c  |  23 +
>  linux-user/main.c | 236 
> ++
>  linux-user/syscall_defs.h |  14 ++-
>  4 files changed, 270 insertions(+), 5 deletions(-)
>
> diff --git a/include/elf.h b/include/elf.h
> index 4afd474..79859f0 100644
> --- a/include/elf.h
> +++ b/include/elf.h
> @@ -133,6 +133,8 @@ typedef int64_t  Elf64_Sxword;
>
>  #define EM_AARCH64  183
>
> +#define EM_TILEGX   191 /* TILE-Gx */
> +
>  /* This is the info that is needed to parse the dynamic section of the file 
> */
>  #define DT_NULL0
>  #define DT_NEEDED  1
> diff --git a/linux-user/elfload.c b/linux-user/elfload.c
> index 0ba9706..fbf9212 100644
> --- a/linux-user/elfload.c
> +++ b/linux-user/elfload.c
> @@ -1189,6 +1189,29 @@ static inline void init_thread(struct target_pt_regs 
> *regs, struct image_info *i
>
>  #endif /* TARGET_S390X */
>
> +#ifdef TARGET_TILEGX
> +
> +/* 42 bits real used address, a half for user mode */
> +#define ELF_START_MMAP (0x00200ULL)
> +
> +#define elf_check_arch(x) ((x) == EM_TILEGX)
> +
> +#define ELF_CLASS   ELFCLASS64
> +#define ELF_DATAELFDATA2LSB
> +#define ELF_ARCHEM_TILEGX
> +
> +static inline void init_thread(struct target_pt_regs *regs,
> +   struct image_info *infop)
> +{
> +regs->pc = infop->entry;
> +regs->sp = infop->start_stack;
> +
> +}
> +
> +#define ELF_EXEC_PAGESIZE65536 /* TILE-Gx page size is 64KB */
> +
> +#endif /* TARGET_TILEGX */
> +
>  #ifndef ELF_PLATFORM
>  #define ELF_PLATFORM (NULL)
>  #endif
> diff --git a/linux-user/main.c b/linux-user/main.c
> index 3f32db0..8e7fe86 100644
> --- a/linux-user/main.c
> +++ b/linux-user/main.c
> @@ -3416,6 +3416,231 @@ void cpu_loop(CPUS390XState *env)
>
>  #endif /* TARGET_S390X */
>
> +#ifdef TARGET_TILEGX
> +
> +static uint64_t get_regval(CPUTLGState *env, uint8_t reg)
> +{
> +if (likely(reg < TILEGX_R_COUNT)) {
> +return env->regs[reg];
> +} else if (reg != TILEGX_R_ZERO) {
> +fprintf(stderr, "invalid register r%d for reading.\n", reg);
> +g_assert_not_reached();

You don't appear to be guaranteeing that the register value
is < TILEGX_R_COUNT anywhere: get_SrcA_X1() and friends
mask with 0x3f, but that only means you're guaranteed the
value is between 0 and 63, wherease TILEGX_R_COUNT is 56.
What does real hardware do if the encoded register value
is 56..63 ?

Also, if (something) {
  g_assert_not_reached();
  }

is an awkward way to write
g_assert(!something);

> +}
> +return 0;
> +}
> +
> +static void set_regval(CPUTLGState *env, uint8_t reg, uint64_t val)
> +{
> +if (likely(reg < TILEGX_R_COUNT)) {
> +env->regs[reg] = val;
> +} else if (reg != TILEGX_R_ZERO) {
> +fprintf(stderr, "invalid register r%d for writing.\n", reg);
> +g_assert_not_reached();
> +}
> +}
> +
> +/*
> + * Compare the 8-byte contents of the CmpValue SPR with the 8-byte value in
> + * memory at the address held in the first source register. If the values are
> + * not equal, then no memory operation is performed. If the values are equal,
> + * the 8-byte quantity from the second source register is written into memory
> + * at the address held in the first source register. In either case, the 
> result
> + * of the instruc- tion is the value read from memory. The compare and write 
> to

stray "- ".

> + * memory are atomic and thus can be used for synchronization purposes. This
> + * instruction only operates for addresses aligned to a 8-byte boundary.
> + * Unaligned memory access causes an Unaligned Data Reference interrupt.
> + *
> + * Functional Description (64-bit)
> + *   uint64_t memVal = memoryReadDoubleWord (rf[SrcA]);
> + *   rf[Dest] = memVal;
> + *   if (memVal == SPR[CmpValueSPR])
> + *   memoryWriteDoubleWord (rf[SrcA], rf[SrcB]);
> + *
> + * Functional Description (32-bit)
> + *   uint64_t memVal = signExtend32 (memoryReadWord (rf[SrcA]));
> + *   rf[Dest] = memVal;
> + *   if (memVal == signExtend32 (SPR[CmpValueSPR]))
> + *   memoryWriteWord (rf[SrcA], rf[SrcB]);
> + *
> + *
> + * For exch(4), will no cmp spr.

Not sure what this sentence means?

> + */
> +static void do_exch(CPUTLGState *env, int8_t quad, int8_t cmp)

quad and cmp are just booleans, right? Why int8_t not bool?

> +{
> +uint8_t rdst, rsrc, rsrcb;
> +target_ulong addr, tmp;
> +target_long val, sprval;
> +target_siginfo_t info;
> +
> +start_exclusive();
> +
> +rdst = (env->excparam >> 16) & 0xff;
> +rsrc = (env->excparam >> 8) & 0xff;
> +rsrcb = env->excparam & 0xff;

Consider extract32().

> +
> +addr

Re: [Qemu-devel] [PATCH v2 0/8] fdc: Clean up and fix command processing

[John Snow]

On 05/21/2015 09:19 AM, Kevin Wolf wrote:
> The hotfix for CVE-2015-3456 fixed the security problem, but didn't
> fully correct the behaviour of the emulated floppy controller.  This
> series fixes the bug that was the root cause for the problem, and does
> some cleanup in the FIFO access functions to make the command processing
> more obvious.
> 
> v2:
> - Patch 3: Include fdctrl->phase in the migration state. [Peter]
> - Patch 4: Added a comment to clarify an assertion [Peter]
> - Patch 5: Check pos == 0 instead of fdctrl->data_pos == 1 [John]
> - Patch 7: Improved commit message [John]
> 
> FWIW, when testing this, I found that migration with active I/O on a
> floppy drive doesn't work very reliably. These problems were there
> before the series and they stay after the series. I verified as good
> as I could that the subsection magic does its job, and I'll leave
> fixing the other floppy migration bugs for someone else.
> 
> 
> Kevin Wolf (8):
>   fdc: Rename fdctrl_reset_fifo() to fdctrl_to_command_phase()
>   fdc: Rename fdctrl_set_fifo() to fdctrl_to_result_phase()
>   fdc: Introduce fdctrl->phase
>   fdc: Use phase in fdctrl_write_data()
>   fdc: Code cleanup in fdctrl_write_data()
>   fdc: Disentangle phases in fdctrl_read_data()
>   fdc: Fix MSR.RQM flag
>   fdc-test: Test state for existing cases more thoroughly
> 
>  hw/block/fdc.c   | 296 
> ---
>  tests/fdc-test.c |  34 +++
>  2 files changed, 253 insertions(+), 77 deletions(-)
> 

>From what I can tell, it seems like Kevin's current migration approach
is appropriate for now, regardless of the migration policy debate that's
still ongoing.

It looks okay to me and David Gilbert gave it his ACK, so I have staged
this in my increasingly inaccurately named IDE branch, thanks.

https://github.com/jnsnow/qemu/commits/ide

--js

Re: [Qemu-devel] [PATCH 12/13] target-s390x: implement load-and-trap facility

[Richard Henderson]

On 06/01/2015 02:24 PM, Aurelien Jarno wrote:
> At the same time move the trap code from op_ct into gen_trap and use it
> for all new functions. The value needs to be stored back to register
> before the exception, but also before the brcond (as we don't use
> temp locals). That's why we can't use wout helper.
> 
> Cc: Alexander Graf 
> Cc: Richard Henderson 
> Signed-off-by: Aurelien Jarno 
> ---
>  target-s390x/insn-data.def | 10 ++
>  target-s390x/translate.c   | 80 
> --
>  2 files changed, 81 insertions(+), 9 deletions(-)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v6 2/8] qmp: Add optional bool "unmap" to drive-mirror

[Eric Blake]

On 05/27/2015 11:29 PM, Fam Zheng wrote:
> If specified as "true", it allows discarding on target sectors where source is
> not allocated.
> 
> Signed-off-by: Fam Zheng 
> ---

> +++ b/qapi/block-core.json
> @@ -954,6 +954,11 @@
>  # @on-target-error: #optional the action to take on an error on the target,
>  #   default 'report' (no limitations, since this applies to
>  #   a different block device than @device).
> +# @unmap: #optional Whether to try to unmap target sectors where source has
> +# only zero. If true, and target unallocated sectors will read as 
> zero,
> +# target image sectors will be unmapped; otherwise, zeroes will be
> +# written. Both will result in identical contents.
> +# Default is true. (Since 2.4)

Just making sure I understand:

The guest sees identical contents, but with "unmap":true, the host file
is potentially sparse, while with "unmap":false, the host file is
fully-allocated.

Also, while the default is now true, this doesn't tell me what the
behavior was in 2.3.  Is this a new default behavior (where in 2.3 you
could not preserve sparseness), or a new knob (previously you always got
a sparse copy, and could not request full allocation)?  I'm okay either
way, but I'm trying to understand whether libvirt should advertise this
knob to higher-level apps, and if so, what libvirt should do when it
detects qemu 2.3 (that is, should it tell upper-level apps that
sparseness cannot be preserved, or that full allocation cannot be
guaranteed, when the "unmap" parameter is not detected).

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PULL 0/8] SH4 patches for upstream

[Peter Maydell]

On 1 June 2015 at 22:29, Aurelien Jarno  wrote:
> The following changes since commit f5790c3bc81702c98c7ddadedb274758cff8cbe7:
>
>   Revert "target-alpha: Add vector implementation for CMPBGE" (2015-05-22 
> 12:30:13 +0100)
>
> are available in the git repository at:
>
>   git://git.aurel32.net/qemu.git tags/pull-qemu-sh4-2015-06-01
>
> for you to fetch changes up to c9967fd80d4686f44ee725a8c2af66b387b393a5:
>
>   target-sh4: remove dead code (2015-05-25 01:28:56 +0200)
>
> 
> SH4 patches for upstream
>
> 
> Aurelien Jarno (8):
>   target-sh4: use bit number for SR constants
>   target-sh4: Split out T from SR
>   target-sh4: optimize addc using add2
>   target-sh4: optimize subc using sub2
>   target-sh4: optimize negc using add2 and sub2
>   target-sh4: split out Q and M from of SR and optimize div1
>   target-sh4: factorize fmov implementation
>   target-sh4: remove dead code

Hi. I'm afraid this fails to build under clang:

target-sh4/translate.c:282:20: error: unused
  function 'gen_copy_bit_i32' [-Werror,-Wunused-function]
static inline void gen_copy_bit_i32(TCGv t0, int p0, TCGv t1, int p1)
   ^
1 error generated.

(Clang will warn about unused static inline functions defined
in in a .c file; gcc doesn't.)

thanks
-- PMM

[Qemu-devel] [PULL 05/22] target-arm: Add TPIDR_EL2

[Peter Maydell]

From: "Edgar E. Iglesias" 

Signed-off-by: Edgar E. Iglesias 
Message-id: 1432881807-18164-7-git-send-email-edgar.igles...@gmail.com
[PMM: reordered fields into preferred opc0/opc1/crn/crm/opc2 order]
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target-arm/helper.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 334e008..27cfd12 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2530,6 +2530,9 @@ static const ARMCPRegInfo v8_el3_no_el2_cp_reginfo[] = {
 { .name = "SCTLR_EL2", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 0, .opc2 = 0,
   .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = "TPIDR_EL2", .state = ARM_CP_STATE_BOTH,
+  .opc0 = 3, .opc1 = 4, .crn = 13, .crm = 0, .opc2 = 2,
+  .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 REGINFO_SENTINEL
 };
 
@@ -2618,6 +2621,10 @@ static const ARMCPRegInfo v8_el2_cp_reginfo[] = {
   .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 0, .opc2 = 0,
   .access = PL2_RW, .raw_writefn = raw_write, .writefn = sctlr_write,
   .fieldoffset = offsetof(CPUARMState, cp15.sctlr_el[2]) },
+{ .name = "TPIDR_EL2", .state = ARM_CP_STATE_BOTH,
+  .opc0 = 3, .opc1 = 4, .crn = 13, .crm = 0, .opc2 = 2,
+  .access = PL2_RW, .resetvalue = 0,
+  .fieldoffset = offsetof(CPUARMState, cp15.tpidr_el[2]) },
 REGINFO_SENTINEL
 };
 
-- 
1.9.1

[Qemu-devel] [PULL 00/22] target-arm queue

[Peter Maydell]

There's more stuff in the pipeline for ARM, but 22 patches
is a respectable number, so let's drain the queue.

-- PMM


The following changes since commit 3fc827d591679f3e262b9d1f8b34528eabfca8c0:

  target-arm: Correct check for non-EL3 (2015-06-02 13:22:29 +0100)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20150602

for you to fetch changes up to 94edf02c4c94781fa777c459fe86b52131b83cb6:

  hw/arm/virt: change indentation in a15memmap (2015-06-02 16:31:18 +0100)


target-arm queue:
 * more EL2 preparation patches
 * revert a no-longer-necessary workaround for old glib versions
 * add GICv2m support to virt board (MSI support)
 * pl061: fix wrong calculation of GPIOMIS register
 * support MSI via irqfd
 * remove a confusing v8_ prefix from some variable names
 * add dynamic sysbus device support to the virt board


Christoffer Dall (4):
  target-arm: Add GIC phandle to VirtBoardInfo
  arm_gicv2m: Add GICv2m widget to support MSIs
  target-arm: Extend the gic node properties
  target-arm: Add the GICv2m to the virt board

Edgar E. Iglesias (9):
  target-arm: Break down TLB_LOCKDOWN
  target-arm: Add MAIR_EL2
  target-arm: Add TCR_EL2
  target-arm: Add SCTLR_EL2
  target-arm: Add TPIDR_EL2
  target-arm: Add TTBR0_EL2
  target-arm: Add TLBI_ALLE1{IS}
  target-arm: Add TLBI_ALLE2
  target-arm: Add TLBI_VAE2{IS}

Eric Auger (6):
  kvm: introduce kvm_arch_msi_data_to_gsi
  arm_gicv2m: set kvm_gsi_direct_mapping and kvm_msi_via_irqfd_allowed
  hw/arm/sysbus-fdt: helpers for platform bus nodes addition
  hw/arm/boot: arm_load_kernel implemented as a machine init done notifier
  hw/arm/virt: add dynamic sysbus device support
  hw/arm/virt: change indentation in a15memmap

Markus Armbruster (1):
  Revert "target-arm: Avoid g_hash_table_get_keys()"

Peter Maydell (1):
  target-arm: Remove v8_ prefix from names of non-v8-specific cpreg arrays

Victor CLEMENT (1):
  pl061: fix wrong calculation of GPIOMIS register

 hw/arm/Makefile.objs|   1 +
 hw/arm/boot.c   |  14 +++-
 hw/arm/sysbus-fdt.c | 174 +++
 hw/arm/virt.c   | 157 +---
 hw/gpio/pl061.c |   2 +-
 hw/intc/Makefile.objs   |   1 +
 hw/intc/arm_gicv2m.c| 192 
 include/hw/arm/arm.h|  28 +++
 include/hw/arm/sysbus-fdt.h |  60 ++
 include/hw/arm/virt.h   |   3 +
 include/sysemu/kvm.h|   2 +
 kvm-all.c   |   2 +-
 target-arm/helper.c | 121 ++--
 target-arm/kvm.c|   5 ++
 target-i386/kvm.c   |   5 ++
 target-mips/kvm.c   |   5 ++
 target-ppc/kvm.c|   5 ++
 target-s390x/kvm.c  |   5 ++
 18 files changed, 722 insertions(+), 60 deletions(-)
 create mode 100644 hw/arm/sysbus-fdt.c
 create mode 100644 hw/intc/arm_gicv2m.c
 create mode 100644 include/hw/arm/sysbus-fdt.h

[Qemu-devel] [PULL 22/22] hw/arm/virt: change indentation in a15memmap

[Peter Maydell]

From: Eric Auger 

Re-indent in a15memmap after VIRT_PLATFORM_BUS introduction

Signed-off-by: Eric Auger 
Reviewed-by: Alex Bennée 
Reviewed-by: Shannon Zhao 
Message-id: 1433244554-12898-5-git-send-email-eric.au...@linaro.org
Signed-off-by: Peter Maydell 
---
 hw/arm/virt.c | 28 ++--
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 02b91ba..0a75cc8 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -111,22 +111,22 @@ typedef struct {
  */
 static const MemMapEntry a15memmap[] = {
 /* Space up to 0x800 is reserved for a boot ROM */
-[VIRT_FLASH] =  {  0, 0x0800 },
-[VIRT_CPUPERIPHS] = { 0x0800, 0x0002 },
+[VIRT_FLASH] =  {  0, 0x0800 },
+[VIRT_CPUPERIPHS] = { 0x0800, 0x0002 },
 /* GIC distributor and CPU interfaces sit inside the CPU peripheral space 
*/
-[VIRT_GIC_DIST] =   { 0x0800, 0x0001 },
-[VIRT_GIC_CPU] ={ 0x0801, 0x0001 },
-[VIRT_GIC_V2M] ={ 0x0802, 0x1000 },
-[VIRT_UART] =   { 0x0900, 0x1000 },
-[VIRT_RTC] ={ 0x0901, 0x1000 },
-[VIRT_FW_CFG] = { 0x0902, 0x000a },
-[VIRT_MMIO] =   { 0x0a00, 0x0200 },
+[VIRT_GIC_DIST] =   { 0x0800, 0x0001 },
+[VIRT_GIC_CPU] ={ 0x0801, 0x0001 },
+[VIRT_GIC_V2M] ={ 0x0802, 0x1000 },
+[VIRT_UART] =   { 0x0900, 0x1000 },
+[VIRT_RTC] ={ 0x0901, 0x1000 },
+[VIRT_FW_CFG] = { 0x0902, 0x000a },
+[VIRT_MMIO] =   { 0x0a00, 0x0200 },
 /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
-[VIRT_PLATFORM_BUS] =   { 0x0c00, 0x0200 },
-[VIRT_PCIE_MMIO] =  { 0x1000, 0x2eff },
-[VIRT_PCIE_PIO] =   { 0x3eff, 0x0001 },
-[VIRT_PCIE_ECAM] =  { 0x3f00, 0x0100 },
-[VIRT_MEM] ={ 0x4000, 30ULL * 1024 * 1024 * 1024 },
+[VIRT_PLATFORM_BUS] =   { 0x0c00, 0x0200 },
+[VIRT_PCIE_MMIO] =  { 0x1000, 0x2eff },
+[VIRT_PCIE_PIO] =   { 0x3eff, 0x0001 },
+[VIRT_PCIE_ECAM] =  { 0x3f00, 0x0100 },
+[VIRT_MEM] ={ 0x4000, 30ULL * 1024 * 1024 * 1024 },
 };
 
 static const int a15irqmap[] = {
-- 
1.9.1

[Qemu-devel] [PULL 21/22] hw/arm/virt: add dynamic sysbus device support

[Peter Maydell]

From: Eric Auger 

Allows sysbus devices to be instantiated from command line by
using -device option. Machvirt creates a platform bus at init.
The dynamic sysbus devices are attached to this platform bus device.

The platform bus device registers a machine init done notifier
whose role will be to bind the dynamic sysbus devices. Indeed
dynamic sysbus devices are created after machine init.

machvirt also registers a notifier that will build the device
tree nodes for the platform bus and its children dynamic sysbus
devices.

Signed-off-by: Eric Auger 
Reviewed-by: Alex Bennée 
Message-id: 1433244554-12898-4-git-send-email-eric.au...@linaro.org
Signed-off-by: Peter Maydell 
---
 hw/arm/virt.c | 60 ++-
 include/hw/arm/virt.h |  1 +
 2 files changed, 60 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 4bb7175..02b91ba 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -45,9 +45,11 @@
 #include "qemu/error-report.h"
 #include "hw/pci-host/gpex.h"
 #include "hw/arm/virt-acpi-build.h"
+#include "hw/arm/sysbus-fdt.h"
+#include "hw/platform-bus.h"
 
 /* Number of external interrupt lines to configure the GIC with */
-#define NUM_IRQS 128
+#define NUM_IRQS 256
 
 #define GIC_FDT_IRQ_TYPE_SPI 0
 #define GIC_FDT_IRQ_TYPE_PPI 1
@@ -60,6 +62,10 @@
 #define GIC_FDT_IRQ_PPI_CPU_START 8
 #define GIC_FDT_IRQ_PPI_CPU_WIDTH 8
 
+#define PLATFORM_BUS_NUM_IRQS 64
+
+static ARMPlatformBusSystemParams platform_bus_params;
+
 typedef struct VirtBoardInfo {
 struct arm_boot_info bootinfo;
 const char *cpu_model;
@@ -116,6 +122,7 @@ static const MemMapEntry a15memmap[] = {
 [VIRT_FW_CFG] = { 0x0902, 0x000a },
 [VIRT_MMIO] =   { 0x0a00, 0x0200 },
 /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
+[VIRT_PLATFORM_BUS] =   { 0x0c00, 0x0200 },
 [VIRT_PCIE_MMIO] =  { 0x1000, 0x2eff },
 [VIRT_PCIE_PIO] =   { 0x3eff, 0x0001 },
 [VIRT_PCIE_ECAM] =  { 0x3f00, 0x0100 },
@@ -128,6 +135,7 @@ static const int a15irqmap[] = {
 [VIRT_PCIE] = 3, /* ... to 6 */
 [VIRT_MMIO] = 16, /* ...to 16 + NUM_VIRTIO_TRANSPORTS - 1 */
 [VIRT_GIC_V2M] = 48, /* ...to 48 + NUM_GICV2M_SPIS - 1 */
+[VIRT_PLATFORM_BUS] = 112, /* ...to 112 + PLATFORM_BUS_NUM_IRQS -1 */
 };
 
 static VirtBoardInfo machines[] = {
@@ -728,6 +736,47 @@ static void create_pcie(const VirtBoardInfo *vbi, qemu_irq 
*pic)
 g_free(nodename);
 }
 
+static void create_platform_bus(VirtBoardInfo *vbi, qemu_irq *pic)
+{
+DeviceState *dev;
+SysBusDevice *s;
+int i;
+ARMPlatformBusFDTParams *fdt_params = g_new(ARMPlatformBusFDTParams, 1);
+MemoryRegion *sysmem = get_system_memory();
+
+platform_bus_params.platform_bus_base = 
vbi->memmap[VIRT_PLATFORM_BUS].base;
+platform_bus_params.platform_bus_size = 
vbi->memmap[VIRT_PLATFORM_BUS].size;
+platform_bus_params.platform_bus_first_irq = 
vbi->irqmap[VIRT_PLATFORM_BUS];
+platform_bus_params.platform_bus_num_irqs = PLATFORM_BUS_NUM_IRQS;
+
+fdt_params->system_params = &platform_bus_params;
+fdt_params->binfo = &vbi->bootinfo;
+fdt_params->intc = "/intc";
+/*
+ * register a machine init done notifier that creates the device tree
+ * nodes of the platform bus and its children dynamic sysbus devices
+ */
+arm_register_platform_bus_fdt_creator(fdt_params);
+
+dev = qdev_create(NULL, TYPE_PLATFORM_BUS_DEVICE);
+dev->id = TYPE_PLATFORM_BUS_DEVICE;
+qdev_prop_set_uint32(dev, "num_irqs",
+platform_bus_params.platform_bus_num_irqs);
+qdev_prop_set_uint32(dev, "mmio_size",
+platform_bus_params.platform_bus_size);
+qdev_init_nofail(dev);
+s = SYS_BUS_DEVICE(dev);
+
+for (i = 0; i < platform_bus_params.platform_bus_num_irqs; i++) {
+int irqn = platform_bus_params.platform_bus_first_irq + i;
+sysbus_connect_irq(s, i, pic[irqn]);
+}
+
+memory_region_add_subregion(sysmem,
+platform_bus_params.platform_bus_base,
+sysbus_mmio_get_region(s, 0));
+}
+
 static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size)
 {
 const VirtBoardInfo *board = (const VirtBoardInfo *)binfo;
@@ -865,6 +914,14 @@ static void machvirt_init(MachineState *machine)
 vbi->bootinfo.get_dtb = machvirt_dtb;
 vbi->bootinfo.firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0);
 arm_load_kernel(ARM_CPU(first_cpu), &vbi->bootinfo);
+
+/*
+ * arm_load_kernel machine init done notifier registration must
+ * happen before the platform_bus_create call. In this latter,
+ * another notifier is registered which adds platform bus nodes.
+ * Notifiers are executed in registration reverse order.
+ */
+create_platform_bus(vbi, pic);
 }
 
 static bool virt_get_secure(Object *obj, Error **errp)
@@ -903,6 +960,7 @@ static void virt_class_in

[Qemu-devel] [PULL 16/22] kvm: introduce kvm_arch_msi_data_to_gsi

[Peter Maydell]

From: Eric Auger 

On ARM the MSI data corresponds to the shared peripheral interrupt (SPI)
ID. This latter equals to the SPI index + 32. to retrieve the SPI index,
matching the gsi, an architecture specific function is introduced.

Signed-off-by: Eric Auger 
Acked-by: Christoffer Dall 
Acked-by: Cornelia Huck 
Signed-off-by: Peter Maydell 
---
 include/sysemu/kvm.h | 2 ++
 kvm-all.c| 2 +-
 target-arm/kvm.c | 5 +
 target-i386/kvm.c| 5 +
 target-mips/kvm.c| 5 +
 target-ppc/kvm.c | 5 +
 target-s390x/kvm.c   | 5 +
 7 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 4878959..f459fbd 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -287,6 +287,8 @@ void kvm_arch_init_irq_routing(KVMState *s);
 int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route,
  uint64_t address, uint32_t data);
 
+int kvm_arch_msi_data_to_gsi(uint32_t data);
+
 int kvm_set_irq(KVMState *s, int irq, int level);
 int kvm_irqchip_send_msi(KVMState *s, MSIMessage msg);
 
diff --git a/kvm-all.c b/kvm-all.c
index 17a3771..b2b1bc3 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -1228,7 +1228,7 @@ int kvm_irqchip_add_msi_route(KVMState *s, MSIMessage msg)
 int virq;
 
 if (kvm_gsi_direct_mapping()) {
-return msg.data & 0x;
+return kvm_arch_msi_data_to_gsi(msg.data);
 }
 
 if (!kvm_gsi_routing_enabled()) {
diff --git a/target-arm/kvm.c b/target-arm/kvm.c
index 16abbf1..548bfd7 100644
--- a/target-arm/kvm.c
+++ b/target-arm/kvm.c
@@ -600,3 +600,8 @@ int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry 
*route,
 {
 return 0;
 }
+
+int kvm_arch_msi_data_to_gsi(uint32_t data)
+{
+return (data - 32) & 0x;
+}
diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index a26d25a..ca2da84 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -2766,3 +2766,8 @@ int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry 
*route,
 {
 return 0;
 }
+
+int kvm_arch_msi_data_to_gsi(uint32_t data)
+{
+abort();
+}
diff --git a/target-mips/kvm.c b/target-mips/kvm.c
index 59eb111..948619f 100644
--- a/target-mips/kvm.c
+++ b/target-mips/kvm.c
@@ -696,3 +696,8 @@ int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry 
*route,
 {
 return 0;
 }
+
+int kvm_arch_msi_data_to_gsi(uint32_t data)
+{
+abort();
+}
diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index 1da9ea8..8f7cee5 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -2410,3 +2410,8 @@ int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry 
*route,
 {
 return 0;
 }
+
+int kvm_arch_msi_data_to_gsi(uint32_t data)
+{
+return data & 0x;
+}
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 6de7759..2740ec4 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -2216,3 +2216,8 @@ int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry 
*route,
 route->u.adapter.adapter_id = pbdev->routes.adapter.adapter_id;
 return 0;
 }
+
+int kvm_arch_msi_data_to_gsi(uint32_t data)
+{
+abort();
+}
-- 
1.9.1

[Qemu-devel] [PULL 07/22] target-arm: Add TLBI_ALLE1{IS}

[Peter Maydell]

From: "Edgar E. Iglesias" 

Signed-off-by: Edgar E. Iglesias 
Message-id: 1432881807-18164-9-git-send-email-edgar.igles...@gmail.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target-arm/helper.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 54c7041..5505ba5 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2368,6 +2368,14 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
   .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 2,
   .access = PL1_W, .type = ARM_CP_NOP },
 /* TLBI operations */
+{ .name = "TLBI_ALLE1", .state = ARM_CP_STATE_AA64,
+  .opc0 = 1, .opc1 = 4, .crn = 8, .crm = 7, .opc2 = 4,
+  .access = PL2_W, .type = ARM_CP_NO_RAW,
+  .writefn = tlbiall_write },
+{ .name = "TLBI_ALLE1IS", .state = ARM_CP_STATE_AA64,
+  .opc0 = 1, .opc1 = 4, .crn = 8, .crm = 3, .opc2 = 4,
+  .access = PL2_W, .type = ARM_CP_NO_RAW,
+  .writefn = tlbiall_write },
 { .name = "TLBI_VMALLE1IS", .state = ARM_CP_STATE_AA64,
   .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 0,
   .access = PL1_W, .type = ARM_CP_NO_RAW,
-- 
1.9.1

Re: [Qemu-devel] [PULL 0/11] Xen PCI Passthrough security fixes

[Peter Maydell]

On 2 June 2015 at 16:39, Stefano Stabellini
 wrote:
> The following changes since commit 3fc827d591679f3e262b9d1f8b34528eabfca8c0:
>
>   target-arm: Correct check for non-EL3 (2015-06-02 13:22:29 +0100)
>
> are available in the git repository at:
>
>   git://xenbits.xen.org/people/sstabellini/qemu-dm.git xen-15-06-02
>
> for you to fetch changes up to c25bbf1545a53ac051f9e51d4140e397660c10ae:
>
>   xen/pt: unknown PCI config space fields should be read-only (2015-06-02 
> 15:07:01 +)
>
> 
> Jan Beulich (11):
>   xen: properly gate host writes of modified PCI CFG contents
>   xen: don't allow guest to control MSI mask register
>   xen/MSI-X: limit error messages
>   xen/MSI: don't open-code pass-through of enable bit modifications
>   xen/pt: consolidate PM capability emu_mask
>   xen/pt: correctly handle PM status bit
>   xen/pt: split out calculation of throughable mask in PCI config space 
> handling
>   xen/pt: mark all PCIe capability bits read-only
>   xen/pt: mark reserved bits in PCI config space fields
>   xen/pt: add a few PCI config space field descriptions
>   xen/pt: unknown PCI config space fields should be read-only
>
>  hw/pci/msi.c|4 -
>  hw/xen/xen_pt.c |   51 +-
>  hw/xen/xen_pt.h |7 +-
>  hw/xen/xen_pt_config_init.c |  235 
> ---
>  hw/xen/xen_pt_msi.c |   12 ++-
>  include/hw/pci/pci_regs.h   |2 +
>  6 files changed, 217 insertions(+), 94 deletions(-)

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH 11/13] target-s390x: implement miscellaneous-instruction-extensions facility

[Richard Henderson]

On 06/01/2015 02:24 PM, Aurelien Jarno wrote:
> RISBGN is the same as RISBG, but without setting the condition code.
> CLT and CLGT are the same as CLRT and CLGRT, but using memory for the
> second operand.
> 
> Cc: Alexander Graf 
> Cc: Richard Henderson 
> Signed-off-by: Aurelien Jarno 
> ---
>  target-s390x/insn-data.def | 3 +++
>  target-s390x/translate.c   | 1 +
>  2 files changed, 4 insertions(+)

Reviewed-by: Richard Henderson 


r~

[Qemu-devel] [PULL 03/22] target-arm: Add TCR_EL2

[Peter Maydell]

From: "Edgar E. Iglesias" 

Signed-off-by: Edgar E. Iglesias 
Message-id: 1432881807-18164-5-git-send-email-edgar.igles...@gmail.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target-arm/helper.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 427cfab..7dadc8a 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2524,6 +2524,9 @@ static const ARMCPRegInfo v8_el3_no_el2_cp_reginfo[] = {
 { .name = "HMAIR1", .state = ARM_CP_STATE_AA32,
   .opc1 = 4, .crn = 10, .crm = 2, .opc2 = 1,
   .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = "TCR_EL2", .state = ARM_CP_STATE_BOTH,
+  .opc0 = 3, .opc1 = 4, .crn = 2, .crm = 0, .opc2 = 2,
+  .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 REGINFO_SENTINEL
 };
 
@@ -2603,6 +2606,11 @@ static const ARMCPRegInfo v8_el2_cp_reginfo[] = {
   .opc1 = 4, .crn = 10, .crm = 2, .opc2 = 1,
   .access = PL2_RW, .type = ARM_CP_ALIAS,
   .fieldoffset = offsetofhigh32(CPUARMState, cp15.mair_el[2]) },
+{ .name = "TCR_EL2", .state = ARM_CP_STATE_BOTH,
+  .opc0 = 3, .opc1 = 4, .crn = 2, .crm = 0, .opc2 = 2,
+  .access = PL2_RW, .writefn = vmsa_tcr_el1_write,
+  .resetfn = vmsa_ttbcr_reset, .raw_writefn = raw_write,
+  .fieldoffset = offsetof(CPUARMState, cp15.tcr_el[2]) },
 REGINFO_SENTINEL
 };
 
-- 
1.9.1

[Qemu-devel] [PULL 15/22] pl061: fix wrong calculation of GPIOMIS register

[Peter Maydell]

From: Victor CLEMENT 

The masked interrupt status register should be the state of the interrupt
after masking.
There should be a logical AND instead of a logical OR between the
interrupt status and the interrupt mask.

Signed-off-by: Victor CLEMENT 
Reviewed-by: Peter Crosthwaite 
Message-id: 1433154824-6927-1-git-send-email-victor.clem...@openwide.fr
Signed-off-by: Peter Maydell 
---
 hw/gpio/pl061.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/gpio/pl061.c b/hw/gpio/pl061.c
index bd03e99..4ba730b 100644
--- a/hw/gpio/pl061.c
+++ b/hw/gpio/pl061.c
@@ -173,7 +173,7 @@ static uint64_t pl061_read(void *opaque, hwaddr offset,
 case 0x414: /* Raw interrupt status */
 return s->istate;
 case 0x418: /* Masked interrupt status */
-return s->istate | s->im;
+return s->istate & s->im;
 case 0x420: /* Alternate function select */
 return s->afsel;
 case 0x500: /* 2mA drive */
-- 
1.9.1

Re: [Qemu-devel] [PATCH 09/10 v11] target-tilegx: Generate tcg instructions to finish "Hello world"

[Richard Henderson]

On 06/01/2015 01:54 PM, Chen Gang wrote:
>> Further, the < TILEGX_R_COUNT restriction is also incorrect.  True, you don't
>> actually implement the top 7 special registers, but that doesn't matter, you
>> should still be incrementing them.
>>
> 
> We did not implement them, so can not increment them, either.
> 
> They are hidden to outside, or we have to define and implement them.
> 
> So for me, the current code is correct.

It isn't correct, it's simply functional.  These registers may eventually be
implemented, and at that point this code will fail.  You'll note that your
store_add functions don't have the same problem, because they don't have this
R_COUNT check.  It would be better to increase the number of buffer slots and
do the right thing here in load_add.

My suggestion is to expand tmp_regs to 4, drop tmp_regcur, and have dest_gr
manage all of the indexing.  I.e.

static TCGv dest_gr(DisasContext *dc, uint8_t rdst)
{
int n = dc->n_tmp_regs++;
assert(n < ARRAY_SIZE(dc->tmp_regs));
dc->tmp_regs[n].idx = rdst;
return dc->tmp_regs[n].val = tcg_temp_new_i64();
}

In this way you can in fact call dest_gr twice within load_add and everything
will Just Work.


r~

Re: [Qemu-devel] [PATCH 10/13] target-s390x: implement LPDFR and LNDFR instructions

[Richard Henderson]

On 06/01/2015 02:24 PM, Aurelien Jarno wrote:
> This complete the floating point support sign handling facility.
> 
> Cc: Alexander Graf 
> Cc: Richard Henderson 
> Signed-off-by: Aurelien Jarno 
> ---
>  target-s390x/insn-data.def | 2 ++
>  1 file changed, 2 insertions(+)

Reviewed-by: Richard Henderson 


r~