Re: [Qemu-devel] [PATCH 2/2] configure: Make AVX2 test robust to non-ELF systems

[Stefan Weil]

Am 19.06.2016 um 00:05 schrieb Peter Maydell:
> From: Peter Maydell 
> 
> The AVX2 optimization test assumes that the object format
> is ELF and the system has the readelf utility. If this isn't
> true then configure might fail or emit a warning (since in
> a pipe "foo | bar >/dev/null 2>&1" does not redirect the
> stderr of foo, only of bar). Adjust the check so that if
> we don't have readelf or don't have an ELF object then we
> just don't enable the AVX2 optimization.
> 
> Reported-by: Stefan Weil 
> Signed-off-by: Peter Maydell 
> ---
>  configure | 6 --
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/configure b/configure
> index 7beefcd..30bca55 100755
> --- a/configure
> +++ b/configure
> @@ -1792,8 +1792,10 @@ int foo(void *a) __attribute__((ifunc("bar_ifunc")));
>  int main(int argc, char *argv[]) { return foo(argv[0]);}
>  EOF
>  if compile_object "" ; then
> -if readelf --syms $TMPO |grep "IFUNC.*foo" >/dev/null 2>&1; then
> -avx2_opt="yes"
> +if has readelf; then
> +if readelf --syms $TMPO 2>/dev/null |grep -q "IFUNC.*foo"; then
> +avx2_opt="yes"
> +fi
>  fi
>  fi
>  
> 

You could check "has readelf" earlier and avoid the compile test
if there is no readelf (saves a little time).

The final I/O redirection is still needed (otherwise Linux users will
see the grep output).

Regards
Stefan

Re: [Qemu-devel] [PATCH 1/2] configure: Improve usermode relocation linker option probe

[Stefan Weil]

Am 19.06.2016 um 00:05 schrieb Peter Maydell:
> From: Peter Maydell 
> 
> The probe we do to determine what flags to use to make the usermode
> executables use a non-default text address has some flaws:
>  * we run it even if we're not building the user binaries
>  * we don't expect "ld --verbose" to fail
> 
> The combination of these two results in a harmless but
> ugly "ld: unknown option: --verbose" message when running
> configure on OSX.
> 
> Improve the probe to only run when we need it and to fail
> nicely when even the backstop 'ld --verbose' approach fails.
> 
> Reported-by: Stefan Weil 
> Signed-off-by: Peter Maydell 
> ---
>  configure | 12 +++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/configure b/configure
> index 10cb212..7beefcd 100755
> --- a/configure
> +++ b/configure
> @@ -4700,7 +4700,7 @@ if test "$cpu" = "s390x" ; then
>  fi
>  
>  # Probe for the need for relocating the user-only binary.
> -if test "$pie" = "no" ; then
> +if ( [ "$linux_user" = yes ] || [ "$bsd_user" = yes ] ) && [ "$pie" = no ]; 
> then
>textseg_addr=
>case "$cpu" in
>  arm | i386 | ppc* | s390* | sparc* | x86_64 | x32)
> @@ -4722,6 +4722,16 @@ EOF
># In case ld does not support -Ttext-segment, edit the default linker
># script via sed to set the .text start addr.  This is needed on 
> FreeBSD
># at least.
> +  if ! $ld --verbose >/dev/null 2>&1; then
> +error_exit \
> +"We need to link the QEMU user mode binaries at a" \
> +"specific text address. Unfortunately your linker" \
> +"doesn't support either the -Ttext-segment option or" \
> +"printing the default linker script with --verbose." \
> +"If you don't want the user mode binaries, pass the" \
> +"--disable-user option to configure."
> +  fi
> +
>$ld --verbose | sed \
>  -e '1,/==/d' \
>  -e '/==/,$d' \
> 

Reviewed-by: Stefan Weil 

Thanks.

[Qemu-devel] [Bug 1594069] [NEW] SIMD instructions translated to scalar host instructions

[Timothy Pearson]

Public bug reported:

SIMD instructions inside the guest (NEON, MMX, SSE, SSE2, AVX) are
translated to scalar instructions on the host instead of SIMD
instructions.  It appears that there have been a few efforts to rectify
this [1], and even a submitted patch series, but all discussion has
effectively died out [2].

I would like to see better SIMD performance on qemu, especially as
non-x86 architectures are becoming widely used (e.g. ARM).

[1] 
http://dl.acm.org/citation.cfm?id=2757098=ACM=DL=633095244=12352103
[2] https://lists.nongnu.org/archive/html/qemu-devel/2014-10/msg01720.html

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594069

Title:
  SIMD instructions translated to scalar host instructions

Status in QEMU:
  New

Bug description:
  SIMD instructions inside the guest (NEON, MMX, SSE, SSE2, AVX) are
  translated to scalar instructions on the host instead of SIMD
  instructions.  It appears that there have been a few efforts to
  rectify this [1], and even a submitted patch series, but all
  discussion has effectively died out [2].

  I would like to see better SIMD performance on qemu, especially as
  non-x86 architectures are becoming widely used (e.g. ARM).

  [1] 
http://dl.acm.org/citation.cfm?id=2757098=ACM=DL=633095244=12352103
  [2] https://lists.nongnu.org/archive/html/qemu-devel/2014-10/msg01720.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594069/+subscriptions

Re: [Qemu-devel] [QEMU 7/7] migration: skip free pages during live migration

[Michael S. Tsirkin]

On Mon, Jun 13, 2016 at 06:16:49PM +0800, Liang Li wrote:
> After sending out the request for free pages, live migration
> process will start without waiting for the free page bitmap is
> ready. If the free page bitmap is not ready when doing the 1st
> migration_bitmap_sync() after ram_save_setup(), the free page
> bitmap will be ignored, this means the free pages will not be
> filtered out in this case.
> The current implementation can not work with post copy, if post
> copy is enabled, we simply ignore the free pages. Will make it
> work later.
> 
> Signed-off-by: Liang Li 

Tying migration to balloon in this way seems rather ugly.
So with request ID, the logic would basically be

- add memory listener with high priority
- before sync bitmap, increment request id
- when we get response, if it has latest request id,
  clear qemu migration bitmap
  otherwise, ignore


> ---
>  migration/ram.c | 93 
> +
>  1 file changed, 93 insertions(+)
> 
> diff --git a/migration/ram.c b/migration/ram.c
> index 844ea46..5f1c3ff 100644
> --- a/migration/ram.c
> +++ b/migration/ram.c
> @@ -43,6 +43,8 @@
>  #include "trace.h"
>  #include "exec/ram_addr.h"
>  #include "qemu/rcu_queue.h"
> +#include "sysemu/balloon.h"
> +#include "sysemu/kvm.h"
>  
>  #ifdef DEBUG_MIGRATION_RAM
>  #define DPRINTF(fmt, ...) \
> @@ -228,6 +230,7 @@ static QemuMutex migration_bitmap_mutex;
>  static uint64_t migration_dirty_pages;
>  static uint32_t last_version;
>  static bool ram_bulk_stage;
> +static bool ignore_freepage_rsp;
>  
>  /* used by the search for pages to send */
>  struct PageSearchStatus {
> @@ -244,6 +247,7 @@ static struct BitmapRcu {
>  struct rcu_head rcu;
>  /* Main migration bitmap */
>  unsigned long *bmap;
> +unsigned long *free_page_bmap;
>  /* bitmap of pages that haven't been sent even once
>   * only maintained and used in postcopy at the moment
>   * where it's used to send the dirtymap at the start
> @@ -639,6 +643,7 @@ static void migration_bitmap_sync(void)
>  rcu_read_unlock();
>  qemu_mutex_unlock(_bitmap_mutex);
>  
> +ignore_freepage_rsp = true;
>  trace_migration_bitmap_sync_end(migration_dirty_pages
>  - num_dirty_pages_init);
>  num_dirty_pages_period += migration_dirty_pages - num_dirty_pages_init;
> @@ -1417,6 +1422,7 @@ static void migration_bitmap_free(struct BitmapRcu 
> *bmap)
>  {
>  g_free(bmap->bmap);
>  g_free(bmap->unsentmap);
> +g_free(bmap->free_page_bmap);
>  g_free(bmap);
>  }
>  
> @@ -1487,6 +1493,85 @@ void migration_bitmap_extend(ram_addr_t old, 
> ram_addr_t new)
>  }
>  }
>  
> +static void filter_out_guest_free_page(unsigned long *free_page_bmap,
> +   long nbits)
> +{
> +long i, page_count = 0, len;
> +unsigned long *bitmap;
> +
> +tighten_guest_free_page_bmap(free_page_bmap);
> +qemu_mutex_lock(_bitmap_mutex);
> +bitmap = atomic_rcu_read(_bitmap_rcu)->bmap;
> +slow_bitmap_complement(bitmap, free_page_bmap, nbits);
> +
> +len = (last_ram_offset() >> TARGET_PAGE_BITS) / BITS_PER_LONG;
> +for (i = 0; i < len; i++) {
> +page_count += hweight_long(bitmap[i]);
> +}
> +
> +migration_dirty_pages = page_count;
> +qemu_mutex_unlock(_bitmap_mutex);
> +}
> +
> +static void ram_request_free_page(unsigned long *bmap, unsigned long max_pfn)
> +{
> +BalloonReqStatus status;
> +
> +status = balloon_get_free_pages(bmap, max_pfn);
> +switch (status) {
> +case REQ_DONE:
> +ignore_freepage_rsp = false;
> +break;
> +case REQ_ERROR:
> +error_report("Errro happend when request free page");
> +break;
> +default:
> +error_report("unexpected response status: %d", status);
> +break;
> +}
> +}
> +
> +static void ram_handle_free_page(void)
> +{
> +unsigned long nbits;
> +RAMBlock *pc_ram_block;
> +BalloonReqStatus status;
> +
> +status = balloon_get_free_pages(migration_bitmap_rcu->free_page_bmap,
> +get_guest_max_pfn());
> +switch (status) {
> +case REQ_DONE:
> +rcu_read_lock();
> +pc_ram_block = QLIST_FIRST_RCU(_list.blocks);
> +nbits = pc_ram_block->used_length >> TARGET_PAGE_BITS;
> +filter_out_guest_free_page(migration_bitmap_rcu->free_page_bmap, 
> nbits);
> +rcu_read_unlock();
> +
> +qemu_mutex_lock_iothread();
> +migration_bitmap_sync();
> +qemu_mutex_unlock_iothread();
> +/*
> + * bulk stage assumes in (migration_bitmap_find_and_reset_dirty) that
> + * every page is dirty, that's no longer ture at this point.
> + */
> +ram_bulk_stage = false;
> +last_seen_block = NULL;
> +last_sent_block = NULL;
> +last_offset = 0;
> +break;
> +

Re: [Qemu-devel] [QEMU 6/7] kvm: Add two new arch specific functions

[Michael S. Tsirkin]

On Mon, Jun 13, 2016 at 06:16:48PM +0800, Liang Li wrote:
> Add a new function to get the vm's max pfn and a new function
> to filter out the holes to get a tight free page bitmap.
> They are implemented on X86, and all the arches should implement
> them for live migration optimization.
> 
> Signed-off-by: Liang Li 
> ---
>  include/sysemu/kvm.h |  2 ++
>  target-arm/kvm.c | 14 ++
>  target-i386/kvm.c| 35 +++
>  target-mips/kvm.c| 14 ++
>  target-ppc/kvm.c | 14 ++
>  target-s390x/kvm.c   | 14 ++
>  6 files changed, 93 insertions(+)
> 
> diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
> index ad6f837..50915f9 100644
> --- a/include/sysemu/kvm.h
> +++ b/include/sysemu/kvm.h
> @@ -230,6 +230,8 @@ int kvm_remove_breakpoint(CPUState *cpu, target_ulong 
> addr,
>target_ulong len, int type);
>  void kvm_remove_all_breakpoints(CPUState *cpu);
>  int kvm_update_guest_debug(CPUState *cpu, unsigned long reinject_trap);
> +unsigned long *tighten_guest_free_page_bmap(unsigned long *bmap);
> +unsigned long get_guest_max_pfn(void);
>  #ifndef _WIN32
>  int kvm_set_signal_mask(CPUState *cpu, const sigset_t *sigset);
>  #endif
> diff --git a/target-arm/kvm.c b/target-arm/kvm.c
> index 83da447..6464542 100644
> --- a/target-arm/kvm.c
> +++ b/target-arm/kvm.c
> @@ -627,3 +627,17 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
>  {
>  return (data - 32) & 0x;
>  }
> +
> +unsigned long get_guest_max_pfn(void)
> +{
> +/* To be done */
> +
> +return 0;
> +}
> +
> +unsigned long *tighten_guest_free_page_bmap(unsigned long *bmap)
> +{
> +/* To be done */
> +
> +return bmap;
> +}
> diff --git a/target-i386/kvm.c b/target-i386/kvm.c
> index abf50e6..0b394cb 100644
> --- a/target-i386/kvm.c
> +++ b/target-i386/kvm.c
> @@ -3327,3 +3327,38 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
>  {
>  abort();
>  }
> +
> +unsigned long get_guest_max_pfn(void)
> +{
> +PCMachineState *pcms = PC_MACHINE(current_machine);
> +ram_addr_t above_4g_mem = pcms->above_4g_mem_size;
> +unsigned long max_pfn;
> +
> +if (above_4g_mem) {
> +max_pfn = ((1ULL << 32) + above_4g_mem) >> TARGET_PAGE_BITS;
> +} else {
> +max_pfn = pcms->below_4g_mem_size >> TARGET_PAGE_BITS;
> +}
> +
> +return max_pfn;
> +}

Why is this in kvm?

> +
> +unsigned long *tighten_guest_free_page_bmap(unsigned long *bmap)
> +{
> +PCMachineState *pcms = PC_MACHINE(current_machine);
> +ram_addr_t above_4g_mem = pcms->above_4g_mem_size;
> +
> +if (above_4g_mem) {
> +unsigned long *src, *dst, len, pos;
> +ram_addr_t below_4g_mem = pcms->below_4g_mem_size;
> +src = bmap + ((1ULL << 32) >> TARGET_PAGE_BITS) / BITS_PER_LONG;
> +dst = bmap + (below_4g_mem >> TARGET_PAGE_BITS) / BITS_PER_LONG;
> +bitmap_move(dst, src, above_4g_mem >> TARGET_PAGE_BITS);
> +
> +pos = (above_4g_mem + below_4g_mem) >> TARGET_PAGE_BITS;
> +len = ((1ULL << 32) - below_4g_mem) >> TARGET_PAGE_BITS;
> +bitmap_clear(bmap, pos, len);
> +}
> +
> +return bmap;
> +}

what does this do? External APIs should have documentation.

> diff --git a/target-mips/kvm.c b/target-mips/kvm.c
> index a854e4d..89a54e5 100644
> --- a/target-mips/kvm.c
> +++ b/target-mips/kvm.c
> @@ -1048,3 +1048,17 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
>  {
>  abort();
>  }
> +
> +unsigned long get_guest_max_pfn(void)
> +{
> +/* To be done */
> +
> +return 0;
> +}
> +
> +unsigned long *tighten_guest_free_page_bmap(unsigned long *bmap)
> +{
> +/* To be done */
> +
> +return bmap;
> +}
> diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
> index 24d6032..e222b31 100644
> --- a/target-ppc/kvm.c
> +++ b/target-ppc/kvm.c
> @@ -2579,3 +2579,17 @@ int kvmppc_enable_hwrng(void)
>  
>  return kvmppc_enable_hcall(kvm_state, H_RANDOM);
>  }
> +
> +unsigned long get_guest_max_pfn(void)
> +{
> +/* To be done */
> +
> +return 0;
> +}
> +
> +unsigned long *tighten_guest_free_page_bmap(unsigned long *bmap)
> +{
> +/* To be done */
> +
> +return bmap;
> +}
> diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
> index 8f46fd0..893755b 100644
> --- a/target-s390x/kvm.c
> +++ b/target-s390x/kvm.c
> @@ -2271,3 +2271,17 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
>  {
>  abort();
>  }
> +
> +unsigned long get_guest_max_pfn(void)
> +{
> +/* To be done */
> +
> +return 0;
> +}
> +
> +unsigned long *tighten_guest_free_page_bmap(unsigned long *bmap)
> +{
> +/* To be done */
> +
> +return bmap;
> +}
> -- 
> 1.9.1

Re: [Qemu-devel] [QEMU 4/7] balloon: get free page info from guest

[Michael S. Tsirkin]

On Mon, Jun 13, 2016 at 06:16:46PM +0800, Liang Li wrote:
> Add a new feature to get the free page information from guest,
> the free page information is saved in a bitmap. Please note that
> 'free page' only means these pages are free before the request,
> some of the pages will become no free during the process of
> sending the free page bitmap to QEMU.
> 
> Signed-off-by: Liang Li 


I don't much like this request interface.
The meaning of free page is rather fuzzy too - so at what
point are they free?


My suggestion would be:
report free page request ID to guest
include request ID when guest sends free page list

the definition is then:
page was free sometime after host set this value of request
ID and before it received response with the same ID





> ---
>  balloon.c  | 24 +++-
>  hw/virtio/virtio-balloon.c | 75 
> +-
>  include/hw/virtio/virtio-balloon.h |  4 ++
>  include/sysemu/balloon.h   |  8 
>  4 files changed, 108 insertions(+), 3 deletions(-)
> 
> diff --git a/balloon.c b/balloon.c
> index 3d96111..c74c472 100644
> --- a/balloon.c
> +++ b/balloon.c
> @@ -37,6 +37,7 @@
>  static QEMUBalloonEvent *balloon_event_fn;
>  static QEMUBalloonStatus *balloon_stat_fn;
>  static QEMUBalloonDropCache *balloon_drop_cache_fn;
> +static QEMUBalloonGetFreePage *balloon_get_free_page_fn;
>  static void *balloon_opaque;
>  static bool balloon_inhibited;
>  
> @@ -68,10 +69,11 @@ static bool have_balloon(Error **errp)
>  int qemu_add_balloon_handler(QEMUBalloonEvent *event_func,
>   QEMUBalloonStatus *stat_func,
>   QEMUBalloonDropCache *drop_cache_func,
> + QEMUBalloonGetFreePage *get_free_page_func,
>   void *opaque)
>  {
>  if (balloon_event_fn || balloon_stat_fn || balloon_drop_cache_fn
> -|| balloon_opaque) {
> +|| balloon_get_free_page_fn || balloon_opaque) {
>  /* We're already registered one balloon handler.  How many can
>   * a guest really have?
>   */
> @@ -80,6 +82,7 @@ int qemu_add_balloon_handler(QEMUBalloonEvent *event_func,
>  balloon_event_fn = event_func;
>  balloon_stat_fn = stat_func;
>  balloon_drop_cache_fn = drop_cache_func;
> +balloon_get_free_page_fn = get_free_page_func;
>  balloon_opaque = opaque;
>  return 0;
>  }
> @@ -92,6 +95,7 @@ void qemu_remove_balloon_handler(void *opaque)
>  balloon_event_fn = NULL;
>  balloon_stat_fn = NULL;
>  balloon_drop_cache_fn = NULL;
> +balloon_get_free_page_fn = NULL;
>  balloon_opaque = NULL;
>  }
>  
> @@ -141,3 +145,21 @@ void qmp_balloon_drop_cache(DropCacheType type, Error 
> **errp)
>  
>  balloon_drop_cache_fn(balloon_opaque, type);
>  }
> +
> +bool balloon_free_pages_support(void)
> +{
> +return balloon_get_free_page_fn ? true : false;
> +}
> +
> +BalloonReqStatus balloon_get_free_pages(unsigned long *bitmap, unsigned long 
> len)
> +{
> +if (!balloon_get_free_page_fn) {
> +return REQ_UNSUPPORT;
> +}
> +
> +if (!bitmap) {
> +return REQ_INVALID_PARAM;
> +}
> +
> +return balloon_get_free_page_fn(balloon_opaque, bitmap, len);
> +}
> diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
> index 4757ba5..30ba074 100644
> --- a/hw/virtio/virtio-balloon.c
> +++ b/hw/virtio/virtio-balloon.c
> @@ -38,6 +38,7 @@
>  
>  enum balloon_req_id {
> BALLOON_DROP_CACHE,
> +   BALLOON_GET_FREE_PAGES,
>  };
>  
>  static void balloon_page(void *addr, int deflate)
> @@ -435,7 +436,8 @@ static void virtio_balloon_handle_resp(VirtIODevice 
> *vdev, VirtQueue *vq)
>  VirtIOBalloon *s = VIRTIO_BALLOON(vdev);
>  VirtQueueElement *elem;
>  size_t offset = 0;
> -uint32_t tmp32, id = 0;
> +uint32_t tmp32, id = 0, page_shift;
> +uint64_t base_pfn, tmp64, bmap_len;
>  
>  elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
>  if (!elem) {
> @@ -457,6 +459,32 @@ static void virtio_balloon_handle_resp(VirtIODevice 
> *vdev, VirtQueue *vq)
>  case BALLOON_DROP_CACHE:
>  s->req_status = REQ_DONE;
>  break;
> +case BALLOON_GET_FREE_PAGES:
> +iov_to_buf(elem->out_sg, elem->out_num, offset,
> +   , sizeof(uint32_t));
> +page_shift = virtio_ldl_p(vdev, );
> +offset += sizeof(uint32_t);
> +s->page_shift = page_shift;
> +
> +iov_to_buf(elem->out_sg, elem->out_num, offset,
> +   , sizeof(uint64_t));
> +base_pfn = virtio_ldq_p(vdev, );
> +offset += sizeof(uint64_t);
> +s->base_pfn = base_pfn;
> +
> +iov_to_buf(elem->out_sg, elem->out_num, offset,
> +   , sizeof(uint64_t));
> +bmap_len = virtio_ldq_p(vdev, );
> +offset += sizeof(uint64_t);
> +if (s->bmap_len < bmap_len) {
> + 

Re: [Qemu-devel] [QEMU 2/7] virtio-balloon: add drop cache support

[Michael S. Tsirkin]

On Mon, Jun 13, 2016 at 06:16:44PM +0800, Liang Li wrote:
> virtio-balloon can make use of the amount of free memory to determine
> the amount of memory to be filled in the balloon, but the amount of
> free memory will be effected by the page cache, which can be reclaimed.
> Drop the cache before getting the amount of free memory will be very
> helpful to relect the exact amount of memroy that can be reclaimed.

Can't we just extend stats to report "reclaimable" memory?

> This patch add a new feature to the balloon device to support this
> operation, hypervisor can request the VM to drop it's cache, so as to
> reclaim more memory.
> 
> Signed-off-by: Liang Li 
> ---
>  balloon.c   | 10 ++-
>  hw/virtio/virtio-balloon.c  | 85 
> -
>  include/hw/virtio/virtio-balloon.h  | 19 +-
>  include/standard-headers/linux/virtio_balloon.h |  1 +
>  include/sysemu/balloon.h|  5 +-
>  5 files changed, 115 insertions(+), 5 deletions(-)
> 
> diff --git a/balloon.c b/balloon.c
> index f2ef50c..0fb34bf 100644
> --- a/balloon.c
> +++ b/balloon.c
> @@ -36,6 +36,7 @@
>  
>  static QEMUBalloonEvent *balloon_event_fn;
>  static QEMUBalloonStatus *balloon_stat_fn;
> +static QEMUBalloonDropCache *balloon_drop_cache_fn;
>  static void *balloon_opaque;
>  static bool balloon_inhibited;
>  
> @@ -65,9 +66,12 @@ static bool have_balloon(Error **errp)
>  }
>  
>  int qemu_add_balloon_handler(QEMUBalloonEvent *event_func,
> - QEMUBalloonStatus *stat_func, void *opaque)
> + QEMUBalloonStatus *stat_func,
> + QEMUBalloonDropCache *drop_cache_func,
> + void *opaque)
>  {
> -if (balloon_event_fn || balloon_stat_fn || balloon_opaque) {
> +if (balloon_event_fn || balloon_stat_fn || balloon_drop_cache_fn
> +|| balloon_opaque) {
>  /* We're already registered one balloon handler.  How many can
>   * a guest really have?
>   */
> @@ -75,6 +79,7 @@ int qemu_add_balloon_handler(QEMUBalloonEvent *event_func,
>  }
>  balloon_event_fn = event_func;
>  balloon_stat_fn = stat_func;
> +balloon_drop_cache_fn = drop_cache_func;
>  balloon_opaque = opaque;
>  return 0;
>  }
> @@ -86,6 +91,7 @@ void qemu_remove_balloon_handler(void *opaque)
>  }
>  balloon_event_fn = NULL;
>  balloon_stat_fn = NULL;
> +balloon_drop_cache_fn = NULL;
>  balloon_opaque = NULL;
>  }
>  
> diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
> index 8cf74c2..4757ba5 100644
> --- a/hw/virtio/virtio-balloon.c
> +++ b/hw/virtio/virtio-balloon.c
> @@ -36,6 +36,10 @@
>  
>  #define BALLOON_PAGE_SIZE  (1 << VIRTIO_BALLOON_PFN_SHIFT)
>  
> +enum balloon_req_id {
> +   BALLOON_DROP_CACHE,
> +};
> +
>  static void balloon_page(void *addr, int deflate)
>  {
>  #if defined(__linux__)
> @@ -154,6 +158,12 @@ static bool balloon_page_bitmap_supported(const 
> VirtIOBalloon *s)
>  return virtio_vdev_has_feature(vdev, VIRTIO_BALLOON_F_PAGE_BITMAP);
>  }
>  
> +static bool balloon_misc_supported(const VirtIOBalloon *s)
> +{
> +VirtIODevice *vdev = VIRTIO_DEVICE(s);
> +return virtio_vdev_has_feature(vdev, VIRTIO_BALLOON_F_MISC);
> +}
> +
>  static bool balloon_stats_enabled(const VirtIOBalloon *s)
>  {
>  return s->stats_poll_interval > 0;
> @@ -420,6 +430,39 @@ out:
>  }
>  }
>  
> +static void virtio_balloon_handle_resp(VirtIODevice *vdev, VirtQueue *vq)
> +{
> +VirtIOBalloon *s = VIRTIO_BALLOON(vdev);
> +VirtQueueElement *elem;
> +size_t offset = 0;
> +uint32_t tmp32, id = 0;
> +
> +elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
> +if (!elem) {
> +s->req_status = REQ_ERROR;
> +return;
> +}
> +
> +s->misc_vq_elem = elem;
> +
> +if (!elem->out_num) {
> +return;
> +}
> +
> +iov_to_buf(elem->out_sg, elem->out_num, offset,
> +   , sizeof(uint32_t));
> +id = virtio_ldl_p(vdev, );
> +offset += sizeof(uint32_t);
> +switch (id) {
> +case BALLOON_DROP_CACHE:
> +s->req_status = REQ_DONE;
> +break;
> +default:
> +break;
> +}
> +
> +}
> +
>  static void virtio_balloon_get_config(VirtIODevice *vdev, uint8_t 
> *config_data)
>  {
>  VirtIOBalloon *dev = VIRTIO_BALLOON(vdev);
> @@ -490,6 +533,7 @@ static uint64_t virtio_balloon_get_features(VirtIODevice 
> *vdev, uint64_t f,
>  f |= dev->host_features;
>  virtio_add_feature(, VIRTIO_BALLOON_F_STATS_VQ);
>  virtio_add_feature(, VIRTIO_BALLOON_F_PAGE_BITMAP);
> +virtio_add_feature(, VIRTIO_BALLOON_F_MISC);
>  return f;
>  }
>  
> @@ -500,6 +544,36 @@ static void virtio_balloon_stat(void *opaque, 
> BalloonInfo *info)
>   VIRTIO_BALLOON_PFN_SHIFT);
>  }
>  
> +static int 

Re: [Qemu-devel] [QEMU 1/7] balloon: speed up inflating & deflating process

[Michael S. Tsirkin]

On Mon, Jun 13, 2016 at 06:16:43PM +0800, Liang Li wrote:
> The implementation of the current virtio-balloon is not very efficient,
> Bellow is test result of time spends on inflating the balloon to 3GB of
> a 4GB idle guest:
> 
> a. allocating pages (6.5%, 103ms)
> b. sending PFNs to host (68.3%, 787ms)
> c. address translation (6.1%, 96ms)
> d. madvise (19%, 300ms)
> 
> It takes about 1577ms for the whole inflating process to complete. The
> test shows that the bottle neck is the stage b and stage d.
> 
> If using a bitmap to send the page info instead of the PFNs, we can
> reduce the overhead spends on stage b quite a lot. Furthermore, it's
> possible to do the address translation and do the madvise with a bulk
> of pages, instead of the current page per page way, so the overhead of
> stage c and stage d can also be reduced a lot.
> 
> This patch is the QEMU side implementation which is intended to speed
> up the inflating & deflating process by adding a new feature to the
> virtio-balloon device. And now, inflating the balloon to 3GB of a 4GB
> idle guest only takes 210ms, it's about 8 times as fast as before.
> 
> TODO: optimize stage a by allocating/freeing a chunk of pages instead
> of a single page at a time.
> 
> Signed-off-by: Liang Li 
> ---
>  hw/virtio/virtio-balloon.c  | 159 
> 
>  include/standard-headers/linux/virtio_balloon.h |   1 +
>  2 files changed, 139 insertions(+), 21 deletions(-)
> 
> diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
> index 8c15e09..8cf74c2 100644
> --- a/hw/virtio/virtio-balloon.c
> +++ b/hw/virtio/virtio-balloon.c
> @@ -47,6 +47,76 @@ static void balloon_page(void *addr, int deflate)
>  #endif
>  }
>  
> +static void do_balloon_bulk_pages(ram_addr_t base_pfn, int page_shift,
> +  unsigned long len, bool deflate)
> +{
> +ram_addr_t size, processed, chunk, base;
> +void *addr;
> +MemoryRegionSection section = {.mr = NULL};
> +
> +size = (len << page_shift);
> +base = (base_pfn << page_shift);
> +
> +for (processed = 0; processed < size; processed += chunk) {
> +chunk = size - processed;
> +while (chunk >= TARGET_PAGE_SIZE) {
> +section = memory_region_find(get_system_memory(),
> + base + processed, chunk);
> +if (!section.mr) {
> +chunk = QEMU_ALIGN_DOWN(chunk / 2, TARGET_PAGE_SIZE);
> +} else {
> +break;
> +}
> +}
> +
> +if (section.mr &&
> +(int128_nz(section.size) && memory_region_is_ram(section.mr))) {
> +addr = section.offset_within_region +
> +   memory_region_get_ram_ptr(section.mr);
> +qemu_madvise(addr, chunk,
> + deflate ? QEMU_MADV_WILLNEED : QEMU_MADV_DONTNEED);
> +} else {
> +fprintf(stderr, "can't find the chunk, skip\n");
> +chunk = TARGET_PAGE_SIZE;
> +}
> +}
> +}
> +
> +static void balloon_bulk_pages(ram_addr_t base_pfn, unsigned long *bitmap,
> +   unsigned long len, int page_shift, bool 
> deflate)
> +{
> +#if defined(__linux__)
> +unsigned long end  = len * 8;
> +unsigned long current = 0;
> +
> +if (!qemu_balloon_is_inhibited() && (!kvm_enabled() ||
> + kvm_has_sync_mmu())) {
> +while (current < end) {
> +unsigned long one = find_next_bit(bitmap, end, current);
> +
> +if (one < end) {
> +unsigned long zero = find_next_zero_bit(bitmap, end, one + 
> 1);
> +unsigned long page_length;
> +
> +if (zero >= end) {
> +page_length = end - one;
> +} else {
> +page_length = zero - one;
> +}
> +
> +if (page_length) {
> +do_balloon_bulk_pages(base_pfn + one, page_shift,
> +  page_length, deflate);
> +}
> +current = one + page_length;
> +} else {
> +current = one;
> +}
> +}
> +}
> +#endif
> +}
> +
>  static const char *balloon_stat_names[] = {
> [VIRTIO_BALLOON_S_SWAP_IN] = "stat-swap-in",
> [VIRTIO_BALLOON_S_SWAP_OUT] = "stat-swap-out",
> @@ -78,6 +148,12 @@ static bool balloon_stats_supported(const VirtIOBalloon 
> *s)
>  return virtio_vdev_has_feature(vdev, VIRTIO_BALLOON_F_STATS_VQ);
>  }
>  
> +static bool balloon_page_bitmap_supported(const VirtIOBalloon *s)
> +{
> +VirtIODevice *vdev = VIRTIO_DEVICE(s);
> +return virtio_vdev_has_feature(vdev, VIRTIO_BALLOON_F_PAGE_BITMAP);
> +}
> +
>  static bool balloon_stats_enabled(const VirtIOBalloon *s)
>  {
>  return s->stats_poll_interval > 0;
> @@ -224,27 +300,66 @@ static void 

Re: [Qemu-devel] [RFC 0/9] Introduce light weight PC platform pc-lite

[Michael S. Tsirkin]

On Fri, Jun 17, 2016 at 04:14:08AM -0400, Chao Peng wrote:
> - it is FAST;

Any numbers to demonstrate just how fast it is and fast at what?

> -- 
> 1.8.3.1

Re: [Qemu-devel] [PATCH 4/5] x86: Allow physical address bits to be set

[Michael S. Tsirkin]

On Fri, Jun 17, 2016 at 03:38:53PM +0200, Paolo Bonzini wrote:
> Making the guest's phys-bits larger than host-phys-bits would be okay if
> you reserve the area in the e820 and assume the guest doesn't touch it.

How would it touch it if there's no RAM there?
PCI BARs is the only thing that comes to mind,
but we fix that by making a sane _CRS.

What did I miss?

> But it is not a great idea too, because e820 describes RAM, so you're
> telling the guest "look, there's 64 TB of reserved RAM up there".
> 
> >>3) Is it better to stick to sizes that correspond to real hardware
> >>   if you can?  For example I don't know of any machines with 37 bits
> >>   - in practice I think it's best to stick with sizes that correspond
> >>   to some real hardware.
> > 
> > Yeah, "as small as possible" could be actually "the smallest
> > possible value from a set of known-to-exist values". e.g. if we
> > find out that we need 37 bits, it's probably better to simply use
> > 39 bits.
> > 
> > Choosing from a smaller set of values also makes corner cases
> > (like the example above) less likely to happen.
> 
> Not really, because any value that doesn't match the host is
> problematic, albeit in different ways.
> 
> Paolo

Re: [Qemu-devel] [PATCH RFC 3/4] range: Drop the previous commit's trickery

[Michael S. Tsirkin]

On Wed, Jun 15, 2016 at 10:41:49PM +0200, Markus Armbruster wrote:
> Signed-off-by: Markus Armbruster 

Agree with Eric about squashing this.

Reviewed-by: Michael S. Tsirkin 

> ---
>  include/qemu/range.h | 21 -
>  util/range.c |  1 -
>  2 files changed, 22 deletions(-)
> 
> diff --git a/include/qemu/range.h b/include/qemu/range.h
> index 9296ba0..c8c46a9 100644
> --- a/include/qemu/range.h
> +++ b/include/qemu/range.h
> @@ -30,16 +30,6 @@
>   *   - this can not represent a full 0 to ~0x0LL range.
>   */
>  
> -bool range_is_empty(Range *range);
> -bool range_contains(Range *range, uint64_t val);
> -void range_make_empty(Range *range);
> -void range_set_bounds(Range *range, uint64_t lob, uint64_t upb);
> -void range_set_bounds1(Range *range, uint64_t lob, uint64_t upb_plus1);
> -uint64_t range_lob(Range *range);
> -uint64_t range_upb(Range *range);
> -void range_extend(Range *range, Range *extend_by);
> -#ifdef RANGE_IMPL
> -
>  /* A structure representing a range of addresses. */
>  struct Range {
>  uint64_t begin; /* First byte of the range, or 0 if empty. */
> @@ -52,9 +42,6 @@ static inline void range_invariant(Range *range)
> || range->begin <= range->end - 1); /* non-empty */
>  }
>  
> -#define static
> -#define inline
> -
>  /* Compound literal encoding the empty range */
>  #define range_empty ((Range){ .begin = 0, .end = 0 })
>  
> @@ -148,14 +135,6 @@ static inline void range_extend(Range *range, Range 
> *extend_by)
>  assert(!range_is_empty(range));
>  }
>  
> -#undef static
> -#undef inline
> -#else
> -struct Range {
> -uint64_t begin_, end_;
> -};
> -#endif
> -
>  /* Get last byte of a range from offset + length.
>   * Undefined for ranges that wrap around 0. */
>  static inline uint64_t range_get_last(uint64_t offset, uint64_t len)
> diff --git a/util/range.c b/util/range.c
> index ab5102a..ca149a0 100644
> --- a/util/range.c
> +++ b/util/range.c
> @@ -19,7 +19,6 @@
>   */
>  
>  #include "qemu/osdep.h"
> -#define RANGE_IMPL
>  #include "qemu/range.h"
>  
>  /*
> -- 
> 2.5.5

Re: [Qemu-devel] [PATCH RFC 2/4] range: Eliminate direct Range member access

[Michael S. Tsirkin]

On Wed, Jun 15, 2016 at 10:41:48PM +0200, Markus Armbruster wrote:
> Users of struct Range mess liberally with its members, which makes
> refactoring hard.  Create a set of methods, and convert all users to
> call them instead of accessing members.  The methods have carefully
> worded contracts, and use assertions to check them.
> 
> To help with tracking down the places that access members of struct
> Range directly, hide the implementation of struct Range outside of
> range.c by trickery.  The trickery will be dropped in the next commit.
> 
> Signed-off-by: Markus Armbruster 

Reviewed-by: Michael S. Tsirkin 

I guess you want me to merge this because of the changes in pc and pci?

> ---
>  hw/i386/acpi-build.c |  35 +++---
>  hw/pci-host/piix.c   |  26 +++
>  hw/pci-host/q35.c|  41 +++--
>  hw/pci/pci.c |  17 +++
>  include/qemu/range.h | 106 
> ++-
>  qapi/string-input-visitor.c  |  20 
>  qapi/string-output-visitor.c |  18 
>  util/log.c   |   5 +-
>  util/range.c |   4 +-
>  9 files changed, 198 insertions(+), 74 deletions(-)
> 
> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> index 02fc534..6c36c24 100644
> --- a/hw/i386/acpi-build.c
> +++ b/hw/i386/acpi-build.c
> @@ -232,18 +232,20 @@ static void acpi_get_pci_holes(Range *hole, Range 
> *hole64)
>  pci_host = acpi_get_i386_pci_host();
>  g_assert(pci_host);
>  
> -hole->begin = object_property_get_int(pci_host,
> -  PCI_HOST_PROP_PCI_HOLE_START,
> -  NULL);
> -hole->end = object_property_get_int(pci_host,
> -PCI_HOST_PROP_PCI_HOLE_END,
> -NULL);
> -hole64->begin = object_property_get_int(pci_host,
> -PCI_HOST_PROP_PCI_HOLE64_START,
> -NULL);
> -hole64->end = object_property_get_int(pci_host,
> -  PCI_HOST_PROP_PCI_HOLE64_END,
> -  NULL);
> +range_set_bounds1(hole,
> +  object_property_get_int(pci_host,
> +  PCI_HOST_PROP_PCI_HOLE_START,
> +  NULL),
> +  object_property_get_int(pci_host,
> +  PCI_HOST_PROP_PCI_HOLE_END,
> +  NULL));
> +range_set_bounds1(hole64,
> +  object_property_get_int(pci_host,
> +  PCI_HOST_PROP_PCI_HOLE64_START,
> +  NULL),
> +  object_property_get_int(pci_host,
> +  PCI_HOST_PROP_PCI_HOLE64_END,
> +  NULL));
>  }
>  
>  #define ACPI_PORT_SMI_CMD   0x00b2 /* TODO: this is APM_CNT_IOPORT */
> @@ -2015,7 +2017,8 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
>   0, 0x000A, 0x000B, 0, 0x0002));
>  
>  crs_replace_with_free_ranges(mem_ranges,
> - pci_hole->begin, pci_hole->end - 1);
> + range_lob(pci_hole),
> + range_upb(pci_hole));
>  for (i = 0; i < mem_ranges->len; i++) {
>  entry = g_ptr_array_index(mem_ranges, i);
>  aml_append(crs,
> @@ -2025,12 +2028,12 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
>   0, entry->limit - entry->base + 1));
>  }
>  
> -if (pci_hole64->begin) {
> +if (!range_is_empty(pci_hole64)) {
>  aml_append(crs,
>  aml_qword_memory(AML_POS_DECODE, AML_MIN_FIXED, AML_MAX_FIXED,
>   AML_CACHEABLE, AML_READ_WRITE,
> - 0, pci_hole64->begin, pci_hole64->end - 1, 0,
> - pci_hole64->end - pci_hole64->begin));
> + 0, range_lob(pci_hole64), 
> range_upb(pci_hole64), 0,
> + range_upb(pci_hole64) + 1 - 
> range_lob(pci_hole64)));
>  }
>  
>  if (misc->tpm_version != TPM_VERSION_UNSPEC) {
> diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
> index 8db0f09..1df327f 100644
> --- a/hw/pci-host/piix.c
> +++ b/hw/pci-host/piix.c
> @@ -221,8 +221,12 @@ static void i440fx_pcihost_get_pci_hole_start(Object 
> *obj, Visitor *v,
>Error **errp)
>  {
>  I440FXState *s = I440FX_PCI_HOST_BRIDGE(obj);
> -uint32_t value = s->pci_hole.begin;
> +uint64_t val64;
> +uint32_t value;
>  
> +

Re: [Qemu-devel] [PATCH RFC 4/4] range: Replace internal representation of Range

[Michael S. Tsirkin]

On Wed, Jun 15, 2016 at 10:41:50PM +0200, Markus Armbruster wrote:
> Range represents a range as follows.  Member @start is the inclusive
> lower bound, member @end is the exclusive upper bound.  Zero @end is
> special: if @start is also zero, the range is empty, else @end is to
> be interpreted as 2^64.  No other empty ranges may occur.
> 
> The range [0,2^64-1] cannot be represented.  If you try to create it
> with range_set_bounds1(), you get the empty range instead.  If you try
> to create it with range_set_bounds() or range_extend(), assertions
> fail.  Before range_set_bounds() existed, the open-coded creation
> usually got you the empty range instead.  Open deathtrap.
> 
> Moreover, the code dealing with the janus-faced @end is too clever by
> half.
> 
> Dumb this down to a more pedestrian representation: members @lob and
> @upb are inclusive lower and upper bounds.  The empty range is encoded
> as @lob = 1, @upb = 0.
> 
> Signed-off-by: Markus Armbruster 

And now we can create the range [0,2^64-1] without issues. Nice!
Add a test for that then?

> ---
>  include/qemu/range.h | 55 
> +---
>  util/range.c | 13 +++--
>  2 files changed, 29 insertions(+), 39 deletions(-)
> 
> diff --git a/include/qemu/range.h b/include/qemu/range.h
> index c8c46a9..06ff361 100644
> --- a/include/qemu/range.h
> +++ b/include/qemu/range.h
> @@ -26,37 +26,37 @@
>  /*
>   * Operations on 64 bit address ranges.
>   * Notes:
> - *   - ranges must not wrap around 0, but can include the last byte ~0x0LL.
> - *   - this can not represent a full 0 to ~0x0LL range.
> + * - Ranges must not wrap around 0, but can include UINT64_MAX.
>   */
>  
> -/* A structure representing a range of addresses. */
>  struct Range {
> -uint64_t begin; /* First byte of the range, or 0 if empty. */
> -uint64_t end;   /* 1 + the last byte. 0 if range empty or ends at 
> ~0x0LL. */
> +/*
> + * A non-empty range has @lob <= @upb.
> + * An empty range has @lob == @upb + 1.
> + */
> +uint64_t lob;/* inclusive lower bound */
> +uint64_t upb;/* inclusive upper bound */
>  };
>  
>  static inline void range_invariant(Range *range)
>  {
> -assert((!range->begin && !range->end) /* empty */
> -   || range->begin <= range->end - 1); /* non-empty */
> +assert(range->lob <= range->upb || range->lob == range->upb + 1);
>  }
>  
>  /* Compound literal encoding the empty range */
> -#define range_empty ((Range){ .begin = 0, .end = 0 })
> +#define range_empty ((Range){ .lob = 1, .upb = 0 })
>  
>  /* Is @range empty? */
>  static inline bool range_is_empty(Range *range)
>  {
>  range_invariant(range);
> -return !range->begin && !range->end;
> +return range->lob > range->upb;
>  }
>  
>  /* Does @range contain @val? */
>  static inline bool range_contains(Range *range, uint64_t val)
>  {
> -return !range_is_empty(range)
> -&& val >= range->begin && val <= range->end - 1;
> +return val >= range->lob && val <= range->upb;
>  }
>  
>  /* Initialize @range to the empty range */
> @@ -71,14 +71,11 @@ static inline void range_make_empty(Range *range)
>   * Both bounds are inclusive.
>   * The interval must not be empty, i.e. @lob must be less than or
>   * equal @upb.
> - * The interval must not be [0,UINT64_MAX], because Range can't
> - * represent that.
>   */
>  static inline void range_set_bounds(Range *range, uint64_t lob, uint64_t upb)
>  {
> -assert(lob <= upb);
> -range->begin = lob;
> -range->end = upb + 1;   /* may wrap to zero, that's okay */
> +range->lob = lob;
> +range->upb = upb;
>  assert(!range_is_empty(range));
>  }
>  
> @@ -91,8 +88,12 @@ static inline void range_set_bounds(Range *range, uint64_t 
> lob, uint64_t upb)
>  static inline void range_set_bounds1(Range *range,
>   uint64_t lob, uint64_t upb_plus1)
>  {
> -range->begin = lob;
> -range->end = upb_plus1;
> +if (!lob && !upb_plus1) {
> +*range = range_empty;
> +} else {
> +range->lob = lob;
> +range->upb = upb_plus1 - 1;
> +}
>  range_invariant(range);
>  }
>  
> @@ -100,20 +101,18 @@ static inline void range_set_bounds1(Range *range,
>  static inline uint64_t range_lob(Range *range)
>  {
>  assert(!range_is_empty(range));
> -return range->begin;
> +return range->lob;
>  }
>  
>  /* Return @range's upper bound.  @range must not be empty. */
>  static inline uint64_t range_upb(Range *range)
>  {
>  assert(!range_is_empty(range));
> -return range->end - 1;
> +return range->upb;
>  }
>  
>  /*
>   * Extend @range to the smallest interval that includes @extend_by, too.
> - * This must not extend @range to cover the interval [0,UINT64_MAX],
> - * because Range can't represent that.
>   */
>  static inline void range_extend(Range *range, Range *extend_by)
>  {
> @@ -124,15 +123,13 @@ static inline 

Re: [Qemu-devel] [PATCH RFC 1/4] log: Clean up misuse of Range for -dfilter

[Michael S. Tsirkin]

On Wed, Jun 15, 2016 at 10:41:47PM +0200, Markus Armbruster wrote:
> Range encodes an integer interval [a,b] as { begin = a, end = b + 1 },
> where a \in [0,2^64-1] and b \in [1,2^64].  Thus, zero end is to be
> interpreted as 2^64.
> 
> The implementation of -dfilter (commit 3514552) uses Range
> differently: it encodes [a,b] as { begin = a, end = b }.  The code
> works, but it contradicts the specification of Range in range.h.
> 
> Switch to the specified representation.  Since it can't represent
> [0,UINT64_MAX], we have to reject that now.  Add a test for it.
> 
> While we're rejecting anyway: observe that we reject -dfilter LOB..UPB
> where LOB > UPB when UPB is zero, but happily create an empty Range
> when it isn't.  Reject it then, too, and add a test for it.
> 
> While there, add a positive test for the problematic upper bound
> UINT64_MAX.
> 
> Signed-off-by: Markus Armbruster 

Reviewed-by: Michael S. Tsirkin 

> ---
>  tests/test-logging.c | 10 ++
>  util/log.c   | 28 +++-
>  2 files changed, 25 insertions(+), 13 deletions(-)
> 
> diff --git a/tests/test-logging.c b/tests/test-logging.c
> index 440e75f..b6fa94e 100644
> --- a/tests/test-logging.c
> +++ b/tests/test-logging.c
> @@ -68,6 +68,16 @@ static void test_parse_range(void)
>  g_assert(qemu_log_in_addr_range(0x2050));
>  g_assert(qemu_log_in_addr_range(0x3050));
>  
> +qemu_set_dfilter_ranges("0x-1", _abort);
> +g_assert(qemu_log_in_addr_range(UINT64_MAX));
> +g_assert_false(qemu_log_in_addr_range(UINT64_MAX - 1));
> +
> +qemu_set_dfilter_ranges("0..0x", );
> +error_free_or_abort();
> +
> +qemu_set_dfilter_ranges("2..1", );
> +error_free_or_abort();
> +
>  qemu_set_dfilter_ranges("0x1000+onehundred", );
>  error_free_or_abort();
>  
> diff --git a/util/log.c b/util/log.c
> index 32e4160..f811d61 100644
> --- a/util/log.c
> +++ b/util/log.c
> @@ -131,8 +131,8 @@ bool qemu_log_in_addr_range(uint64_t addr)
>  if (debug_regions) {
>  int i = 0;
>  for (i = 0; i < debug_regions->len; i++) {
> -struct Range *range = _array_index(debug_regions, Range, i);
> -if (addr >= range->begin && addr <= range->end) {
> +Range *range = _array_index(debug_regions, Range, i);
> +if (addr >= range->begin && addr <= range->end - 1) {
>  return true;
>  }
>  }
> @@ -158,7 +158,7 @@ void qemu_set_dfilter_ranges(const char *filter_spec, 
> Error **errp)
>  for (i = 0; ranges[i]; i++) {
>  const char *r = ranges[i];
>  const char *range_op, *r2, *e;
> -uint64_t r1val, r2val;
> +uint64_t r1val, r2val, lob, upb;
>  struct Range range;
>  
>  range_op = strstr(r, "-");
> @@ -187,27 +187,29 @@ void qemu_set_dfilter_ranges(const char *filter_spec, 
> Error **errp)
> (int)(r2 - range_op), range_op);
>  goto out;
>  }
> -if (r2val == 0) {
> -error_setg(errp, "Invalid range");
> -goto out;
> -}
>  
>  switch (*range_op) {
>  case '+':
> -range.begin = r1val;
> -range.end = r1val + (r2val - 1);
> +lob = r1val;
> +upb = r1val + r2val - 1;
>  break;
>  case '-':
> -range.end = r1val;
> -range.begin = r1val - (r2val - 1);
> +upb = r1val;
> +lob = r1val - (r2val - 1);
>  break;
>  case '.':
> -range.begin = r1val;
> -range.end = r2val;
> +lob = r1val;
> +upb = r2val;
>  break;
>  default:
>  g_assert_not_reached();
>  }
> +if (lob > upb || (lob == 0 && upb == UINT64_MAX)) {
> +error_setg(errp, "Invalid range");
> +goto out;
> +}
> +range.begin = lob;
> +range.end = upb + 1;
>  g_array_append_val(debug_regions, range);
>  }
>  out:
> -- 
> 2.5.5

[Qemu-devel] [PATCH] ppc: Improve emulation of THRM registers

[Benjamin Herrenschmidt]

The 75x and 74xx processors have some thermal monitoring SPRs that
some OSes such as MacOS do use. Our current "dumb" implementation
isn't good enough and will cause some versions of MacOS to hang during
boot.

This lifts an improved emulation from MacOnLinux and adapts it to
qemu, thus fixing the problem.

Signed-off-by: Benjamin Herrenschmidt 
---
 target-ppc/helper.h |  1 +
 target-ppc/misc_helper.c| 41 +
 target-ppc/translate_init.c | 13 ++---
 3 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index f4410a8..18eb52f 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -670,3 +670,4 @@ DEF_HELPER_4(dscli, void, env, fprp, fprp, i32)
 DEF_HELPER_4(dscliq, void, env, fprp, fprp, i32)
 
 DEF_HELPER_1(tbegin, void, env)
+DEF_HELPER_1(fixup_thrm, void, env)
diff --git a/target-ppc/misc_helper.c b/target-ppc/misc_helper.c
index 7d41b01..4315778 100644
--- a/target-ppc/misc_helper.c
+++ b/target-ppc/misc_helper.c
@@ -166,3 +166,44 @@ void ppc_store_msr(CPUPPCState *env, target_ulong value)
 {
 hreg_store_msr(env, value, 0);
 }
+
+/* This code is lifted from MacOnLinux. It is called whenever
+ * THRM1,2 or 3 is read an fixes up the values in such a way
+ * that will mac MacOS not hang. These registers exist on some
+ * 75x and 74xx processors.
+ */
+void helper_fixup_thrm(CPUPPCState *env)
+{
+target_ulong v, t;
+int i;
+
+#define THRM1_TIN   (1 << 31)
+#define THRM1_TIV   (1 << 30)
+#define THRM1_THRES(x)  ((x&0x7f)<<23)
+#define THRM1_TID   (1<<2)
+#define THRM1_TIE   (1<<1)
+#define THRM1_V (1<<0)
+#define THRM3_E (1<<0)
+
+if(!(env->spr[SPR_THRM3] & THRM3_E)) {
+return;
+}
+
+/* Note: Thermal interrupts are unimplemented */
+for (i=SPR_THRM1 ; i<= SPR_THRM2 ; i++) {
+v = env->spr[i];
+if (!(v & THRM1_V)) {
+continue;
+}
+v |= THRM1_TIV;
+v &= ~THRM1_TIN;
+t = v & THRM1_THRES(127);
+if ((v & THRM1_TID) && t < THRM1_THRES(24)) {
+v |= THRM1_TIN;
+}
+if (!(v & THRM1_TID) && t > THRM1_THRES(24)) {
+v |= THRM1_TIN;
+}
+env->spr[i] = v;
+}
+}
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index ca894ff..0f18abf 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -1179,23 +1179,30 @@ static void gen_spr_amr(CPUPPCState *env, bool has_iamr)
 }
 #endif /* TARGET_PPC64 */
 
+static void spr_read_thrm(DisasContext *ctx, int gprn, int sprn)
+{
+gen_helper_fixup_thrm(cpu_env);
+gen_load_spr(cpu_gpr[gprn], sprn);
+spr_load_dump_spr(sprn);
+}
+
 static void gen_spr_thrm (CPUPPCState *env)
 {
 /* Thermal management */
 /* XXX : not implemented */
 spr_register(env, SPR_THRM1, "THRM1",
  SPR_NOACCESS, SPR_NOACCESS,
- _read_generic, _write_generic,
+ _read_thrm, _write_generic,
  0x);
 /* XXX : not implemented */
 spr_register(env, SPR_THRM2, "THRM2",
  SPR_NOACCESS, SPR_NOACCESS,
- _read_generic, _write_generic,
+ _read_thrm, _write_generic,
  0x);
 /* XXX : not implemented */
 spr_register(env, SPR_THRM3, "THRM3",
  SPR_NOACCESS, SPR_NOACCESS,
- _read_generic, _write_generic,
+ _read_thrm, _write_generic,
  0x);
 }
 

[Qemu-devel] [PATCH 4/7] This patch adds initial user-virtualization support for the DRM (type 'd') IOCTLs in linux. With it and a corresponding architecture chroot (say aarch64), I am able to success

[Timothy Pearson]

1. It will only work with open drivers as their IOCTLs are documented.
2. i965+ is only supported. That is any haswell, ivybridge, etc. GPU will work.
3. X doesn't start yet, though this patch eliminates all the visible
unsupported DRM IOCTL calls as observed by setting QEMU_STRACE=1.
4. Intel open drivers components except for Beignet are architecture
independent AFAICT and compile cleanly in foreign architecture
environments.
5. The DRM table provided is current as of linux-3.17-rc2, however,
compiling it with older kernel headers might require conditional
guards that this patch doesn't provide yet.
6. syscalls.c now includes  files, which should be available
in any valid linux-user build environment.

Using a Debian aarch64 chroot on ubuntu amd64, I have successfully run
nexuiz and
compiled and run qemu-system-i386 with SDL emulation (+ patch for
forcing OpenGL).
---
 linux-user/ioctls.h| 137 ++
 linux-user/syscall.c   |   2 +
 linux-user/syscall_defs.h  | 139 ++
 linux-user/syscall_types.h | 651 +
 4 files changed, 929 insertions(+)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index e672655..60bbe33 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -386,3 +386,140 @@
 MK_PTR(MK_STRUCT(STRUCT_rtentry)))
   IOCTL_SPECIAL(SIOCDELRT, IOC_W, do_ioctl_rt,
 MK_PTR(MK_STRUCT(STRUCT_rtentry)))
+
+  IOCTL(DRM_IOCTL_VERSION, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_version)))
+  IOCTL(DRM_IOCTL_GET_UNIQUE, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_unique)))
+  IOCTL(DRM_IOCTL_GET_MAGIC, IOC_R, MK_PTR(MK_STRUCT(STRUCT_drm_auth)))
+  IOCTL(DRM_IOCTL_IRQ_BUSID, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_irq_busid)))
+  IOCTL(DRM_IOCTL_GET_MAP, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_map)))
+  IOCTL(DRM_IOCTL_GET_CLIENT, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_client)))
+  IOCTL(DRM_IOCTL_GET_STATS, IOC_R, MK_PTR(MK_STRUCT(STRUCT_drm_stats)))
+  IOCTL(DRM_IOCTL_SET_VERSION, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_set_version)))
+  IOCTL(DRM_IOCTL_MODESET_CTL, IOC_W, 
MK_PTR(MK_STRUCT(STRUCT_drm_modeset_ctl)))
+  IOCTL(DRM_IOCTL_GEM_CLOSE, IOC_W , MK_PTR(MK_STRUCT(STRUCT_drm_gem_close)))
+  IOCTL(DRM_IOCTL_GEM_FLINK, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_gem_flink)))
+  IOCTL(DRM_IOCTL_GEM_OPEN, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_gem_open)))
+  IOCTL(DRM_IOCTL_GET_CAP, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_get_cap)))
+  IOCTL(DRM_IOCTL_SET_CLIENT_CAP, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_set_client_cap)))
+  IOCTL(DRM_IOCTL_SET_UNIQUE, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_unique)))
+  IOCTL(DRM_IOCTL_AUTH_MAGIC, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_auth)))
+  IOCTL(DRM_IOCTL_BLOCK, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_block)))
+  IOCTL(DRM_IOCTL_UNBLOCK, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_block)))
+  IOCTL(DRM_IOCTL_CONTROL, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_control)))
+  IOCTL(DRM_IOCTL_ADD_MAP, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_map)))
+  IOCTL(DRM_IOCTL_ADD_BUFS, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_buf_desc)))
+  IOCTL(DRM_IOCTL_MARK_BUFS, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_buf_desc)))
+  IOCTL(DRM_IOCTL_INFO_BUFS, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_buf_info)))
+  IOCTL(DRM_IOCTL_MAP_BUFS, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_buf_map)))
+  IOCTL(DRM_IOCTL_FREE_BUFS, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_buf_free)))
+  IOCTL(DRM_IOCTL_RM_MAP, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_map)))
+  IOCTL(DRM_IOCTL_SET_SAREA_CTX, IOC_W, 
MK_PTR(MK_STRUCT(STRUCT_drm_ctx_priv_map)))
+  IOCTL(DRM_IOCTL_GET_SAREA_CTX, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_ctx_priv_map)))
+  IOCTL(DRM_IOCTL_SET_MASTER, 0, TYPE_NULL)
+  IOCTL(DRM_IOCTL_DROP_MASTER, 0, TYPE_NULL)
+  IOCTL(DRM_IOCTL_ADD_CTX, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_ctx)))
+  IOCTL(DRM_IOCTL_RM_CTX, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_ctx)))
+  IOCTL(DRM_IOCTL_MOD_CTX, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_ctx)))
+  IOCTL(DRM_IOCTL_GET_CTX, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_ctx)))
+  IOCTL(DRM_IOCTL_SWITCH_CTX, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_ctx)))
+  IOCTL(DRM_IOCTL_NEW_CTX, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_ctx)))
+  IOCTL(DRM_IOCTL_RES_CTX, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_ctx_res)))
+  IOCTL(DRM_IOCTL_ADD_DRAW, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_draw)))
+  IOCTL(DRM_IOCTL_RM_DRAW, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_draw)))
+  IOCTL(DRM_IOCTL_DMA, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_dma)))
+  IOCTL(DRM_IOCTL_LOCK, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_lock)))
+  IOCTL(DRM_IOCTL_UNLOCK, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_lock)))
+  IOCTL(DRM_IOCTL_FINISH, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_lock)))
+  IOCTL(DRM_IOCTL_PRIME_HANDLE_TO_FD, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_prime_handle)))
+  IOCTL(DRM_IOCTL_PRIME_FD_TO_HANDLE, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_prime_handle)))
+  IOCTL(DRM_IOCTL_AGP_ACQUIRE, 0, TYPE_NULL)
+  IOCTL(DRM_IOCTL_AGP_RELEASE, 0, TYPE_NULL)
+  IOCTL(DRM_IOCTL_AGP_ENABLE, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_agp_mode)))
+  IOCTL(DRM_IOCTL_AGP_INFO, IOC_R, 

[Qemu-devel] [PATCH 1/7] Add initial x86_64 signal handlers

[Timothy Pearson]

Note that x86_64 systems only offer the _rt signal handler variants,
so the legacy signal handlers remain unimplemented on this platform.

Signed-off-by: Timothy Pearson 
---
 linux-user/signal.c | 302 +++-
 1 file changed, 299 insertions(+), 3 deletions(-)

diff --git a/linux-user/signal.c b/linux-user/signal.c
index 61c1145..88d8fd3 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -26,6 +26,16 @@
 #include "target_signal.h"
 #include "trace.h"
 
+/*
+ * This looks more complex than it should be. But we need to
+ * get the type for the ~ right in round_down (it needs to be
+ * as wide as the result!), and we want to evaluate the macro
+ * arguments just once each.
+ */
+#define __round_mask(x, y) ((__typeof__(x))((y)-1))
+#define round_up(x, y) x)-1) | __round_mask(x, y))+1)
+#define round_down(x, y) ((x) & ~__round_mask(x, y))
+
 static struct target_sigaltstack target_sigaltstack_used = {
 .ss_sp = 0,
 .ss_size = 0,
@@ -256,8 +266,7 @@ int do_sigprocmask(int how, const sigset_t *set, sigset_t 
*oldset)
 return 0;
 }
 
-#if !defined(TARGET_OPENRISC) && !defined(TARGET_UNICORE32) && \
-!defined(TARGET_X86_64)
+#if !defined(TARGET_OPENRISC) && !defined(TARGET_UNICORE32)
 /* Just set the guest's signal mask to the specified value; the
  * caller is assumed to have called block_signals() already.
  */
@@ -1185,6 +1194,292 @@ badframe:
 return 0;
 }
 
+#elif defined(TARGET_X86_64) && TARGET_ABI_BITS == 64
+
+struct target_fpxreg {
+uint16_t significand[4];
+uint16_t exponent;
+uint16_t padding[3];
+};
+
+struct target_xmmreg {
+abi_ulong element[4];
+};
+
+struct target_fpstate {
+unsigned short cwd;
+unsigned short swd;
+unsigned short twd;
+
+unsigned short fop;
+uint64_t rip;
+uint64_t rdp;
+abi_ulong mxcsr;
+abi_ulong mxcsr_mask;
+struct target_fpxreg _fxsr_st[8]; /* FXSR FPU reg data is ignored */
+struct target_xmmreg _xmm[16];
+__u32 padding[24];
+};
+
+#define X86_FXSR_MAGIC 0x
+
+struct target_sigcontext {
+uint64_t r8;
+uint64_t r9;
+uint64_t r10;
+uint64_t r11;
+uint64_t r12;
+uint64_t r13;
+uint64_t r14;
+uint64_t r15;
+uint64_t edi;
+uint64_t esi;
+uint64_t ebp;
+uint64_t ebx;
+uint64_t edx;
+uint64_t eax;
+uint64_t ecx;
+uint64_t esp;
+uint64_t eip;
+uint64_t eflags;
+uint16_t cs;
+uint16_t gs;
+uint16_t fs;
+uint16_t __pad0;
+uint64_t err;
+uint64_t trapno;
+uint64_t oldmask;
+uint64_t cr2;
+
+uint64_t fpstate;
+uint64_t reserved1[8];
+};
+
+struct target_ucontext {
+abi_ulong  tuc_flags;
+struct target_sigcontext*  tuc_link;
+target_stack_t tuc_stack;
+struct target_sigcontext   tuc_mcontext;
+target_sigset_ttuc_sigmask;  /* mask last for extensibility */
+};
+
+struct rt_sigframe
+{
+char* pretcode;
+struct target_ucontext uc;
+struct target_siginfo info;
+struct target_fpstate fpstate;
+};
+
+/*
+ * Set up a signal frame.
+ */
+
+/* XXX: save x87 state */
+static void setup_sigcontext(struct target_sigcontext *sc,
+struct target_fpstate *fpstate, CPUX86State *env, abi_ulong mask,
+abi_ulong fpstate_addr)
+{
+CPUState *cs = CPU(x86_env_get_cpu(env));
+
+/* already locked in setup_frame() */
+__put_user(env->regs[R_EDI], >edi);
+__put_user(env->regs[R_ESI], >esi);
+__put_user(env->regs[R_EBP], >ebp);
+__put_user(env->regs[R_ESP], >esp);
+__put_user(env->regs[R_EBX], >ebx);
+__put_user(env->regs[R_EDX], >edx);
+__put_user(env->regs[R_ECX], >ecx);
+__put_user(env->regs[R_EAX], >eax);
+__put_user(env->regs[8], >r8);
+__put_user(env->regs[9], >r9);
+__put_user(env->regs[10], >r10);
+__put_user(env->regs[11], >r11);
+__put_user(env->regs[12], >r12);
+__put_user(env->regs[13], >r13);
+__put_user(env->regs[14], >r14);
+__put_user(env->regs[15], >r15);
+__put_user(cs->exception_index, >trapno);
+__put_user(env->error_code, >err);
+__put_user(env->eip, >eip);
+__put_user(env->eflags, >eflags);
+__put_user(env->segs[R_CS].selector, (unsigned int *)>cs);
+__put_user(0, >gs);
+__put_user(0, >fs);
+
+cpu_x86_fsave(env, fpstate_addr, 1);
+__put_user(fpstate_addr, >fpstate);
+
+/* non-iBCS2 extensions.. */
+__put_user(mask, >oldmask);
+__put_user(env->cr[2], >cr2);
+}
+
+/*
+ * Determine which stack to use..
+ */
+
+static inline abi_ulong
+get_sigframe(struct target_sigaction *ka, CPUX86State *env, size_t frame_size)
+{
+unsigned long esp;
+
+/* Default to using normal stack */
+esp = env->regs[R_ESP];
+
+/* redzone */
+esp -= 128;
+
+/* This is the X/Open sanctioned signal stack switching.  */
+if (ka->sa_flags & TARGET_SA_ONSTACK) {
+if (sas_ss_flags(esp) == 0) {
+  

[Qemu-devel] [Bug 1591611] Re: chroot using qemu-x86_64-static fails on ppc64el

[Timothy Pearson]

Patch series sent to mailing list here:
http://lists.nongnu.org/archive/html/qemu-devel/2016-06/msg05334.html

In particular, this patch handles the original signal handler problem:
http://lists.nongnu.org/archive/html/qemu-devel/2016-06/msg05335.html

** Changed in: qemu
   Status: New => In Progress

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1591611

Title:
  chroot using qemu-x86_64-static fails on ppc64el

Status in QEMU:
  In Progress

Bug description:
  When attempting to use qemu-x86_64-static from qemu 2.5.0 on a ppc64el
  host to chroot into an amd64 environment, all commands fail with an
  assertion error.  /usr/bin/qemu-x86_64-static from the host was copied
  into the chroot /usr/bin, and the host has multiformat support in the
  kernel.

  Sample output illustrating the problem, as well as bash builtins
  working:

  # chroot /virtualbox/scratchdisks_local_001/amd64_chroot qemu-x86_64-static 
/bin/bash
  # ls
  bash: ../sysdeps/nptl/fork.c:136: __libc_fork: Assertion `({ __typeof 
(self->tid) __value; if (sizeof (__value) == 1) asm volatile ("movb 
%%fs:%P2,%b0" : "=q" (__value) : "0" (0), "i" (__builtin_offsetof (struct 
pthread, tid))); else if (sizeof (__value) == 4) asm volatile ("movl 
%%fs:%P1,%0" : "=r" (__value) : "i" (__builtin_offsetof (struct pthread, 
tid))); else { if (sizeof (__value) != 8) abort (); asm volatile ("movq 
%%fs:%P1,%q0" : "=r" (__value) : "i" (__builtin_offsetof (struct pthread, 
tid))); } __value; }) != ppid' failed.
  setup_frame: not implemented
  setup_frame: not implemented
  qemu: uncaught target signal 11 (Segmentation fault) - core dumped
  Segmentation fault
  setup_frame: not implemented
  setup_frame: not implemented
  # echo TEST
  TEST
  # cat test
  bash: ../sysdeps/nptl/fork.c:136: __libc_fork: Assertion `({ __typeof 
(self->tid) __value; if (sizeof (__value) == 1) asm volatile ("movb 
%%fs:%P2,%b0" : "=q" (__value) : "0" (0), "i" (__builtin_offsetof (struct 
pthread, tid))); else if (sizeof (__value) == 4) asm volatile ("movl 
%%fs:%P1,%0" : "=r" (__value) : "i" (__builtin_offsetof (struct pthread, 
tid))); else { if (sizeof (__value) != 8) abort (); asm volatile ("movq 
%%fs:%P1,%q0" : "=r" (__value) : "i" (__builtin_offsetof (struct pthread, 
tid))); } __value; }) != ppid' failed.
  qemu: uncaught target signal 11 (Segmentation fault) - core dumped
  Segmentation fault

  It is currently unknown if other host architectures (e.g. aarch64) are
  also affected.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1591611/+subscriptions

[Qemu-devel] [PATCH 3/7] Pass select() arguments directly to do_select() on x86 platforms

[Timothy Pearson]

This matches the calling conventions in the Linux kernel and
resolves select() hangs on i386/x86_64 guests.

Signed-off-by: Timothy Pearson 
---
 linux-user/syscall.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 2968b57..644a490 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4785,6 +4785,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
 void *argptr;
 
 ie = ioctl_entries;
+
 for(;;) {
 if (ie->target_cmd == 0) {
 gemu_log("Unsupported ioctl: cmd=0x%04lx\n", (long)cmd);
@@ -7899,7 +7900,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 break;
 #if defined(TARGET_NR_select)
 case TARGET_NR_select:
-#if defined(TARGET_S390X) || defined(TARGET_ALPHA)
+#if defined(TARGET_S390X) || defined(TARGET_ALPHA) || defined(TARGET_I386) || 
defined(TARGET_X86_64)
 ret = do_select(arg1, arg2, arg3, arg4, arg5);
 #else
 {
-- 
2.1.4

[Qemu-devel] [PATCH 7/7] Add ALSA ioctls

[Timothy Pearson]

Tested with ExtremeTuxRacer in guest with HDMI audio sink on host

Signed-off-by: Timothy Pearson 
---
 linux-user/ioctls.h|  72 
 linux-user/syscall.c   |   1 +
 linux-user/syscall_defs.h  |  73 
 linux-user/syscall_types.h | 273 +
 4 files changed, 419 insertions(+)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index a06e263..29734f0 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -387,6 +387,78 @@
   IOCTL_SPECIAL(SIOCDELRT, IOC_W, do_ioctl_rt,
 MK_PTR(MK_STRUCT(STRUCT_rtentry)))
 
+  IOCTL(SNDRV_CTL_IOCTL_PVERSION, IOC_R, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_CARD_INFO, IOC_R, 
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_card_info)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_LIST, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_list)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_INFO, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_info)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_READ, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_value)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_WRITE, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_value)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_LOCK, IOC_W, 
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_id)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_UNLOCK, IOC_W, 
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_id)))
+  IOCTL(SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS, IOC_RW, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_ADD, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_info)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_REPLACE, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_info)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_REMOVE, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_id)))
+  IOCTL(SNDRV_CTL_IOCTL_TLV_READ, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_tlv)))
+  IOCTL(SNDRV_CTL_IOCTL_TLV_WRITE, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_tlv)))
+  IOCTL(SNDRV_CTL_IOCTL_TLV_COMMAND, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_tlv)))
+  IOCTL(SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE, IOC_RW, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_HWDEP_INFO, IOC_R, 
MK_PTR(MK_STRUCT(STRUCT_snd_hwdep_info)))
+  IOCTL(SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE, IOC_R, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_PCM_INFO, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_info)))
+  IOCTL(SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE, IOC_W, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE, IOC_RW, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_RAWMIDI_INFO, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_rawmidi_info)))
+  IOCTL(SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE, IOC_W, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_POWER, IOC_RW, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_POWER_STATE, IOC_R, TYPE_INT)
+
+  IOCTL(SNDRV_PCM_IOCTL_PVERSION, IOC_R, TYPE_INT)
+  IOCTL(SNDRV_PCM_IOCTL_INFO, IOC_R, 
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_info)))
+  IOCTL(SNDRV_PCM_IOCTL_TSTAMP  , IOC_W, TYPE_INT)
+  IOCTL(SNDRV_PCM_IOCTL_TTSTAMP , IOC_W, TYPE_INT)
+  IOCTL(SNDRV_PCM_IOCTL_HW_REFINE   , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_hw_params)))
+  IOCTL(SNDRV_PCM_IOCTL_HW_PARAMS   , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_hw_params)))
+  IOCTL(SNDRV_PCM_IOCTL_HW_FREE , 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_SW_PARAMS   , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_sw_params)))
+  IOCTL(SNDRV_PCM_IOCTL_STATUS  , IOC_R, 
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_status)))
+  IOCTL(SNDRV_PCM_IOCTL_DELAY   , IOC_R, TYPE_ULONG)
+  IOCTL(SNDRV_PCM_IOCTL_HWSYNC  , 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_SYNC_PTR, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_sync_ptr)))
+  IOCTL(SNDRV_PCM_IOCTL_STATUS_EXT  , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_status)))
+  IOCTL(SNDRV_PCM_IOCTL_CHANNEL_INFO, IOC_R, 
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_channel_info)))
+  IOCTL(SNDRV_PCM_IOCTL_PREPARE , 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_RESET   , 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_START   , 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_DROP, 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_DRAIN   , 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_PAUSE   , IOC_W, TYPE_INT)
+  IOCTL(SNDRV_PCM_IOCTL_REWIND  , IOC_W, TYPE_ULONG)
+  IOCTL(SNDRV_PCM_IOCTL_RESUME  , 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_XRUN, 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_FORWARD , IOC_W, TYPE_ULONG)
+  IOCTL(SNDRV_PCM_IOCTL_WRITEI_FRAMES   , IOC_W, 
MK_PTR(MK_STRUCT(STRUCT_snd_xferi)))
+  IOCTL(SNDRV_PCM_IOCTL_READI_FRAMES, IOC_R, 
MK_PTR(MK_STRUCT(STRUCT_snd_xferi)))
+  IOCTL(SNDRV_PCM_IOCTL_WRITEN_FRAMES   , IOC_W, 
MK_PTR(MK_STRUCT(STRUCT_snd_xfern)))
+  IOCTL(SNDRV_PCM_IOCTL_READN_FRAMES, IOC_R, 
MK_PTR(MK_STRUCT(STRUCT_snd_xfern)))
+  IOCTL(SNDRV_PCM_IOCTL_LINK, IOC_W, TYPE_INT)
+  IOCTL(SNDRV_PCM_IOCTL_UNLINK  , 0, TYPE_NULL)
+
+  IOCTL(SNDRV_TIMER_IOCTL_PVERSION  , IOC_R, TYPE_INT)
+  IOCTL(SNDRV_TIMER_IOCTL_NEXT_DEVICE   , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_snd_timer_id)))
+  IOCTL(SNDRV_TIMER_IOCTL_TREAD , IOC_W, TYPE_INT)
+  

[Qemu-devel] [PATCH 7/7] Add ALSA ioctls

[Timothy Pearson]

Tested with ExtremeTuxRacer in guest with HDMI audio sink on host

Signed-off-by: Timothy Pearson 
---
 linux-user/ioctls.h|  72 
 linux-user/syscall.c   |   1 +
 linux-user/syscall_defs.h  |  73 
 linux-user/syscall_types.h | 273
+
 4 files changed, 419 insertions(+)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index a06e263..29734f0 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -387,6 +387,78 @@
   IOCTL_SPECIAL(SIOCDELRT, IOC_W, do_ioctl_rt,
 MK_PTR(MK_STRUCT(STRUCT_rtentry)))
 +  IOCTL(SNDRV_CTL_IOCTL_PVERSION, IOC_R, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_CARD_INFO, IOC_R,
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_card_info)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_LIST, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_list)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_INFO, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_info)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_READ, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_value)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_WRITE, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_value)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_LOCK, IOC_W,
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_id)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_UNLOCK, IOC_W,
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_id)))
+  IOCTL(SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS, IOC_RW, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_ADD, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_info)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_REPLACE, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_info)))
+  IOCTL(SNDRV_CTL_IOCTL_ELEM_REMOVE, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_elem_id)))
+  IOCTL(SNDRV_CTL_IOCTL_TLV_READ, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_tlv)))
+  IOCTL(SNDRV_CTL_IOCTL_TLV_WRITE, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_tlv)))
+  IOCTL(SNDRV_CTL_IOCTL_TLV_COMMAND, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_ctl_tlv)))
+  IOCTL(SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE, IOC_RW, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_HWDEP_INFO, IOC_R,
MK_PTR(MK_STRUCT(STRUCT_snd_hwdep_info)))
+  IOCTL(SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE, IOC_R, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_PCM_INFO, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_info)))
+  IOCTL(SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE, IOC_W, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE, IOC_RW, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_RAWMIDI_INFO, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_rawmidi_info)))
+  IOCTL(SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE, IOC_W, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_POWER, IOC_RW, TYPE_INT)
+  IOCTL(SNDRV_CTL_IOCTL_POWER_STATE, IOC_R, TYPE_INT)
+
+  IOCTL(SNDRV_PCM_IOCTL_PVERSION, IOC_R, TYPE_INT)
+  IOCTL(SNDRV_PCM_IOCTL_INFO, IOC_R,
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_info)))
+  IOCTL(SNDRV_PCM_IOCTL_TSTAMP  , IOC_W, TYPE_INT)
+  IOCTL(SNDRV_PCM_IOCTL_TTSTAMP , IOC_W, TYPE_INT)
+  IOCTL(SNDRV_PCM_IOCTL_HW_REFINE   , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_hw_params)))
+  IOCTL(SNDRV_PCM_IOCTL_HW_PARAMS   , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_hw_params)))
+  IOCTL(SNDRV_PCM_IOCTL_HW_FREE , 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_SW_PARAMS   , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_sw_params)))
+  IOCTL(SNDRV_PCM_IOCTL_STATUS  , IOC_R,
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_status)))
+  IOCTL(SNDRV_PCM_IOCTL_DELAY   , IOC_R, TYPE_ULONG)
+  IOCTL(SNDRV_PCM_IOCTL_HWSYNC  , 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_SYNC_PTR, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_sync_ptr)))
+  IOCTL(SNDRV_PCM_IOCTL_STATUS_EXT  , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_status)))
+  IOCTL(SNDRV_PCM_IOCTL_CHANNEL_INFO, IOC_R,
MK_PTR(MK_STRUCT(STRUCT_snd_pcm_channel_info)))
+  IOCTL(SNDRV_PCM_IOCTL_PREPARE , 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_RESET   , 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_START   , 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_DROP, 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_DRAIN   , 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_PAUSE   , IOC_W, TYPE_INT)
+  IOCTL(SNDRV_PCM_IOCTL_REWIND  , IOC_W, TYPE_ULONG)
+  IOCTL(SNDRV_PCM_IOCTL_RESUME  , 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_XRUN, 0, TYPE_NULL)
+  IOCTL(SNDRV_PCM_IOCTL_FORWARD , IOC_W, TYPE_ULONG)
+  IOCTL(SNDRV_PCM_IOCTL_WRITEI_FRAMES   , IOC_W,
MK_PTR(MK_STRUCT(STRUCT_snd_xferi)))
+  IOCTL(SNDRV_PCM_IOCTL_READI_FRAMES, IOC_R,
MK_PTR(MK_STRUCT(STRUCT_snd_xferi)))
+  IOCTL(SNDRV_PCM_IOCTL_WRITEN_FRAMES   , IOC_W,
MK_PTR(MK_STRUCT(STRUCT_snd_xfern)))
+  IOCTL(SNDRV_PCM_IOCTL_READN_FRAMES, IOC_R,
MK_PTR(MK_STRUCT(STRUCT_snd_xfern)))
+  IOCTL(SNDRV_PCM_IOCTL_LINK, IOC_W, TYPE_INT)
+  IOCTL(SNDRV_PCM_IOCTL_UNLINK  , 0, TYPE_NULL)
+
+  IOCTL(SNDRV_TIMER_IOCTL_PVERSION  , IOC_R, TYPE_INT)
+  IOCTL(SNDRV_TIMER_IOCTL_NEXT_DEVICE   , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_snd_timer_id)))
+  IOCTL(SNDRV_TIMER_IOCTL_TREAD , IOC_W, TYPE_INT)
+  IOCTL(SNDRV_TIMER_IOCTL_GINFO , 

[Qemu-devel] [PATCH 6/7] Add radeon DRM interface ioctls

[Timothy Pearson]

Tested on a Radeon R290X with multiple 3D applications.

Signed-off-by: Timothy Pearson 
---
 linux-user/ioctls.h|  45 +-
 linux-user/syscall.c   |  15 
 linux-user/syscall_defs.h  |  45 +-
 linux-user/syscall_types.h | 209 -
 4 files changed, 311 insertions(+), 3 deletions(-)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index 60bbe33..a06e263 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -522,4 +522,47 @@
   IOCTL(DRM_IOCTL_I915_GEM_GET_CACHING, IOC_W, 
MK_PTR(MK_STRUCT(STRUCT_drm_i915_gem_caching)))
   IOCTL(DRM_IOCTL_I915_REG_READ, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_i915_reg_read)))
   IOCTL(DRM_IOCTL_I915_GET_RESET_STATS, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_i915_reset_stats)))
-  IOCTL(DRM_IOCTL_I915_GEM_USERPTR, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_i915_gem_userptr)))
\ No newline at end of file
+  IOCTL(DRM_IOCTL_I915_GEM_USERPTR, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_i915_gem_userptr)))
+
+  IOCTL(DRM_IOCTL_RADEON_CP_INIT, IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_init_t)))
+  IOCTL(DRM_IOCTL_RADEON_CP_START   , 0,  TYPE_NULL)
+  IOCTL(DRM_IOCTL_RADEON_CP_STOP, IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_cp_stop_t)))
+  IOCTL(DRM_IOCTL_RADEON_CP_RESET   , 0,  TYPE_NULL)
+  IOCTL(DRM_IOCTL_RADEON_CP_IDLE, 0,  TYPE_NULL)
+  IOCTL(DRM_IOCTL_RADEON_RESET  , 0,  TYPE_NULL)
+  IOCTL(DRM_IOCTL_RADEON_FULLSCREEN , IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_fullscreen_t)))
+  IOCTL(DRM_IOCTL_RADEON_SWAP   , 0,  TYPE_NULL)
+  IOCTL(DRM_IOCTL_RADEON_CLEAR  , IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_clear_t)))
+  IOCTL(DRM_IOCTL_RADEON_VERTEX , IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_vertex_t)))
+  IOCTL(DRM_IOCTL_RADEON_INDICES, IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_indices_t)))
+  IOCTL(DRM_IOCTL_RADEON_STIPPLE, IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_stipple_t)))
+  IOCTL(DRM_IOCTL_RADEON_INDIRECT   , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_indirect_t)))
+  IOCTL(DRM_IOCTL_RADEON_TEXTURE, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_texture_t)))
+  IOCTL(DRM_IOCTL_RADEON_VERTEX2, IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_vertex2_t)))
+  IOCTL(DRM_IOCTL_RADEON_CMDBUF , IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_cmd_buffer_t)))
+  IOCTL(DRM_IOCTL_RADEON_GETPARAM   , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_getparam_t)))
+  IOCTL(DRM_IOCTL_RADEON_FLIP   , 0,  TYPE_NULL)
+  IOCTL(DRM_IOCTL_RADEON_ALLOC  , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_mem_alloc_t)))
+  IOCTL(DRM_IOCTL_RADEON_FREE   , IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_mem_free_t)))
+  IOCTL(DRM_IOCTL_RADEON_INIT_HEAP  , IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_mem_init_heap_t)))
+  IOCTL(DRM_IOCTL_RADEON_IRQ_EMIT   , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_irq_emit_t)))
+  IOCTL(DRM_IOCTL_RADEON_IRQ_WAIT   , IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_irq_wait_t)))
+  IOCTL(DRM_IOCTL_RADEON_CP_RESUME  , 0,  TYPE_NULL)
+  IOCTL(DRM_IOCTL_RADEON_SETPARAM   , IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_setparam_t)))
+  IOCTL(DRM_IOCTL_RADEON_SURF_ALLOC , IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_surface_alloc_t)))
+  IOCTL(DRM_IOCTL_RADEON_SURF_FREE  , IOC_W,  
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_surface_free_t)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_INFO   , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_info)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_CREATE , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_create)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_MMAP   , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_mmap)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_PREAD  , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_pread)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_PWRITE , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_pwrite)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_SET_DOMAIN , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_set_domain)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_WAIT_IDLE  , IOC_W, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_wait_idle)))
+  IOCTL(DRM_IOCTL_RADEON_CS , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_cs)))
+  IOCTL(DRM_IOCTL_RADEON_INFO   , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_info)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_SET_TILING , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_set_tiling)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_GET_TILING , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_get_tiling)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_BUSY   , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_busy)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_VA , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_va)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_OP , IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_op)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_USERPTR, IOC_RW, 
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_userptr)))
\ No newline at end of file
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 96d285a..602e445 100644
--- 

[Qemu-devel] [PATCH 2/7] QEMU does not currently support host pages that are larger than guest pages, likely due to glibc using fixed mmap requests.

[Timothy Pearson]

Attempting to use host pages larger than the guest leads to
alignment errors during ELF load in the best case, and an
initialization failure inside NPTL in the worst case, causing
all fork() requests inside the guest to fail.

Warn when thread space cannot be set up, and suggest reducing
host page size if applicable.

Signed-off-by: Timothy Pearson 
---
 linux-user/syscall.c | 27 +--
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 1c17b74..2968b57 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5482,8 +5482,13 @@ static int do_fork(CPUArchState *env, unsigned int 
flags, abi_ulong newsp,
 /* Wait for the child to initialize.  */
 pthread_cond_wait(, );
 ret = info.tid;
-if (flags & CLONE_PARENT_SETTID)
-put_user_u32(ret, parent_tidptr);
+if (flags & CLONE_PARENT_SETTID) {
+if (put_user_u32(ret, parent_tidptr)) {
+fprintf(stderr, "do_fork: put_user_u32() failed, child 
process state invalid\n");
+if (qemu_real_host_page_size > TARGET_PAGE_SIZE)
+fprintf(stderr, "do_fork: host page size > target page 
size; reduce host page size and try again\n");
+}
+}
 } else {
 ret = -1;
 }
@@ -5514,10 +5519,20 @@ static int do_fork(CPUArchState *env, unsigned int 
flags, abi_ulong newsp,
(not implemented) or having *_tidptr to point at a shared memory
mapping.  We can't repeat the spinlock hack used above because
the child process gets its own copy of the lock.  */
-if (flags & CLONE_CHILD_SETTID)
-put_user_u32(gettid(), child_tidptr);
-if (flags & CLONE_PARENT_SETTID)
-put_user_u32(gettid(), parent_tidptr);
+if (flags & CLONE_CHILD_SETTID) {
+if (put_user_u32(gettid(), child_tidptr)) {
+fprintf(stderr, "do_fork: put_user_u32() failed, child 
process state invalid\n");
+if (qemu_real_host_page_size > TARGET_PAGE_SIZE)
+fprintf(stderr, "do_fork: host page size > target page 
size; reduce host page size and try again\n");
+}
+}
+if (flags & CLONE_PARENT_SETTID) {
+if (put_user_u32(gettid(), parent_tidptr)) {
+fprintf(stderr, "do_fork: put_user_u32() failed, child 
process state invalid\n");
+if (qemu_real_host_page_size > TARGET_PAGE_SIZE)
+fprintf(stderr, "do_fork: host page size > target page 
size; reduce host page size and try again\n");
+}
+}
 ts = (TaskState *)cpu->opaque;
 if (flags & CLONE_SETTLS)
 cpu_set_tls (env, newtls);
-- 
2.1.4

[Qemu-devel] [PATCH 6/7] Add radeon DRM interface ioctls

[Timothy Pearson]

Tested on a Radeon R290X with multiple 3D applications.

Signed-off-by: Timothy Pearson 
---
 linux-user/ioctls.h|  45 +-
 linux-user/syscall.c   |  15 
 linux-user/syscall_defs.h  |  45 +-
 linux-user/syscall_types.h | 209
-
 4 files changed, 311 insertions(+), 3 deletions(-)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index 60bbe33..a06e263 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -522,4 +522,47 @@
   IOCTL(DRM_IOCTL_I915_GEM_GET_CACHING, IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_i915_gem_caching)))
   IOCTL(DRM_IOCTL_I915_REG_READ, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_i915_reg_read)))
   IOCTL(DRM_IOCTL_I915_GET_RESET_STATS, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_i915_reset_stats)))
-  IOCTL(DRM_IOCTL_I915_GEM_USERPTR, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_i915_gem_userptr)))
\ No newline at end of file
+  IOCTL(DRM_IOCTL_I915_GEM_USERPTR, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_i915_gem_userptr)))
+
+  IOCTL(DRM_IOCTL_RADEON_CP_INIT, IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_init_t)))
+  IOCTL(DRM_IOCTL_RADEON_CP_START   , 0,  TYPE_NULL)
+  IOCTL(DRM_IOCTL_RADEON_CP_STOP, IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_cp_stop_t)))
+  IOCTL(DRM_IOCTL_RADEON_CP_RESET   , 0,  TYPE_NULL)
+  IOCTL(DRM_IOCTL_RADEON_CP_IDLE, 0,  TYPE_NULL)
+  IOCTL(DRM_IOCTL_RADEON_RESET  , 0,  TYPE_NULL)
+  IOCTL(DRM_IOCTL_RADEON_FULLSCREEN , IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_fullscreen_t)))
+  IOCTL(DRM_IOCTL_RADEON_SWAP   , 0,  TYPE_NULL)
+  IOCTL(DRM_IOCTL_RADEON_CLEAR  , IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_clear_t)))
+  IOCTL(DRM_IOCTL_RADEON_VERTEX , IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_vertex_t)))
+  IOCTL(DRM_IOCTL_RADEON_INDICES, IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_indices_t)))
+  IOCTL(DRM_IOCTL_RADEON_STIPPLE, IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_stipple_t)))
+  IOCTL(DRM_IOCTL_RADEON_INDIRECT   , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_indirect_t)))
+  IOCTL(DRM_IOCTL_RADEON_TEXTURE, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_texture_t)))
+  IOCTL(DRM_IOCTL_RADEON_VERTEX2, IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_vertex2_t)))
+  IOCTL(DRM_IOCTL_RADEON_CMDBUF , IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_cmd_buffer_t)))
+  IOCTL(DRM_IOCTL_RADEON_GETPARAM   , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_getparam_t)))
+  IOCTL(DRM_IOCTL_RADEON_FLIP   , 0,  TYPE_NULL)
+  IOCTL(DRM_IOCTL_RADEON_ALLOC  , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_mem_alloc_t)))
+  IOCTL(DRM_IOCTL_RADEON_FREE   , IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_mem_free_t)))
+  IOCTL(DRM_IOCTL_RADEON_INIT_HEAP  , IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_mem_init_heap_t)))
+  IOCTL(DRM_IOCTL_RADEON_IRQ_EMIT   , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_irq_emit_t)))
+  IOCTL(DRM_IOCTL_RADEON_IRQ_WAIT   , IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_irq_wait_t)))
+  IOCTL(DRM_IOCTL_RADEON_CP_RESUME  , 0,  TYPE_NULL)
+  IOCTL(DRM_IOCTL_RADEON_SETPARAM   , IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_setparam_t)))
+  IOCTL(DRM_IOCTL_RADEON_SURF_ALLOC , IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_surface_alloc_t)))
+  IOCTL(DRM_IOCTL_RADEON_SURF_FREE  , IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_surface_free_t)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_INFO   , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_info)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_CREATE , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_create)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_MMAP   , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_mmap)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_PREAD  , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_pread)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_PWRITE , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_pwrite)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_SET_DOMAIN , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_set_domain)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_WAIT_IDLE  , IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_wait_idle)))
+  IOCTL(DRM_IOCTL_RADEON_CS , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_cs)))
+  IOCTL(DRM_IOCTL_RADEON_INFO   , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_info)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_SET_TILING , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_set_tiling)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_GET_TILING , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_get_tiling)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_BUSY   , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_busy)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_VA , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_va)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_OP , IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_op)))
+  IOCTL(DRM_IOCTL_RADEON_GEM_USERPTR, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_radeon_gem_userptr)))
\ No newline at end of file
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 96d285a..602e445 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -84,6 +84,7 

[Qemu-devel] RE-SEND: [PATCH 0/7] Enable multimedia applications on x86_64 guests

[Timothy Pearson]

Note: This is a resend due to my prior messages being word-wrapped accidentally.
Apologies for the duplicates!
--

With increasing interest in non-x86 architectures (e.g. ARM64, POWER8),
there is a growing desire to execute legacy x86 applications that cannot
be recompiled on these new architectures.

This series enables 3D multimedia applications (e.g. games) to function
correctly on an emulated x86_64 host in user mode.  It resolves several
issues noted within the x86_64 user mode, and adds 3D ioctls for Intel
and AMD graphics.  Furthermore, it adds ALSA sound ioctls.

NOTE: The initial DRM ioctl patch was taken from the qemu mailing list:
https://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg02405.html

Aaditya Chandrasekhar Azad (1):
  This patch adds initial user-virtualization support for the DRM (type 
   'd') IOCTLs in linux. With it and a corresponding architecture
chroot (say aarch64), I am able to successfully run a few 2D and
3D applications with native graphics acceleration. Some
notes/caveats are:

Timothy Pearson (6):
  Add initial x86_64 signal handlers
  QEMU does not currently support host pages that are larger than
guest pages, likely due to glibc using fixed mmap requests.
  Pass select() arguments directly to do_select() on x86 platforms
  TIOCGPTN and related terminal control ioctls were not converted to
the guest ioctl format on x86_64 targets.  Convert these ioctls
to enable terminal functionality on x86_64 guests.
  Add radeon DRM interface ioctls
  Add ALSA ioctls

 linux-user/ioctls.h  |  252 ++
 linux-user/signal.c  |  302 ++-
 linux-user/syscall.c |   48 +-
 linux-user/syscall_defs.h|  255 ++
 linux-user/syscall_types.h   | 1131 ++
 linux-user/x86_64/termbits.h |   12 +-
 6 files changed, 1984 insertions(+), 16 deletions(-)

-- 
2.1.4

[Qemu-devel] [PATCH 4/7] This patch adds initial user-virtualization support for the DRM (type 'd') IOCTLs in linux. With it and a corresponding architecture chroot (say aarch64), I am able to success

[Timothy Pearson]

1. It will only work with open drivers as their IOCTLs are documented.
2. i965+ is only supported. That is any haswell, ivybridge, etc. GPU
will work.
3. X doesn't start yet, though this patch eliminates all the visible
unsupported DRM IOCTL calls as observed by setting QEMU_STRACE=1.
4. Intel open drivers components except for Beignet are architecture
independent AFAICT and compile cleanly in foreign architecture
environments.
5. The DRM table provided is current as of linux-3.17-rc2, however,
compiling it with older kernel headers might require conditional
guards that this patch doesn't provide yet.
6. syscalls.c now includes  files, which should be available
in any valid linux-user build environment.

Using a Debian aarch64 chroot on ubuntu amd64, I have successfully run
nexuiz and
compiled and run qemu-system-i386 with SDL emulation (+ patch for
forcing OpenGL).
---
 linux-user/ioctls.h| 137 ++
 linux-user/syscall.c   |   2 +
 linux-user/syscall_defs.h  | 139 ++
 linux-user/syscall_types.h | 651
+
 4 files changed, 929 insertions(+)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index e672655..60bbe33 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -386,3 +386,140 @@
 MK_PTR(MK_STRUCT(STRUCT_rtentry)))
   IOCTL_SPECIAL(SIOCDELRT, IOC_W, do_ioctl_rt,
 MK_PTR(MK_STRUCT(STRUCT_rtentry)))
+
+  IOCTL(DRM_IOCTL_VERSION, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_version)))
+  IOCTL(DRM_IOCTL_GET_UNIQUE, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_unique)))
+  IOCTL(DRM_IOCTL_GET_MAGIC, IOC_R, MK_PTR(MK_STRUCT(STRUCT_drm_auth)))
+  IOCTL(DRM_IOCTL_IRQ_BUSID, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_irq_busid)))
+  IOCTL(DRM_IOCTL_GET_MAP, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_map)))
+  IOCTL(DRM_IOCTL_GET_CLIENT, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_client)))
+  IOCTL(DRM_IOCTL_GET_STATS, IOC_R, MK_PTR(MK_STRUCT(STRUCT_drm_stats)))
+  IOCTL(DRM_IOCTL_SET_VERSION, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_set_version)))
+  IOCTL(DRM_IOCTL_MODESET_CTL, IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_modeset_ctl)))
+  IOCTL(DRM_IOCTL_GEM_CLOSE, IOC_W ,
MK_PTR(MK_STRUCT(STRUCT_drm_gem_close)))
+  IOCTL(DRM_IOCTL_GEM_FLINK, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_gem_flink)))
+  IOCTL(DRM_IOCTL_GEM_OPEN, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_gem_open)))
+  IOCTL(DRM_IOCTL_GET_CAP, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_get_cap)))
+  IOCTL(DRM_IOCTL_SET_CLIENT_CAP, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_set_client_cap)))
+  IOCTL(DRM_IOCTL_SET_UNIQUE, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_unique)))
+  IOCTL(DRM_IOCTL_AUTH_MAGIC, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_auth)))
+  IOCTL(DRM_IOCTL_BLOCK, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_block)))
+  IOCTL(DRM_IOCTL_UNBLOCK, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_block)))
+  IOCTL(DRM_IOCTL_CONTROL, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_control)))
+  IOCTL(DRM_IOCTL_ADD_MAP, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_map)))
+  IOCTL(DRM_IOCTL_ADD_BUFS, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_buf_desc)))
+  IOCTL(DRM_IOCTL_MARK_BUFS, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_buf_desc)))
+  IOCTL(DRM_IOCTL_INFO_BUFS, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_buf_info)))
+  IOCTL(DRM_IOCTL_MAP_BUFS, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_buf_map)))
+  IOCTL(DRM_IOCTL_FREE_BUFS, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_buf_free)))
+  IOCTL(DRM_IOCTL_RM_MAP, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_map)))
+  IOCTL(DRM_IOCTL_SET_SAREA_CTX, IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_ctx_priv_map)))
+  IOCTL(DRM_IOCTL_GET_SAREA_CTX, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_ctx_priv_map)))
+  IOCTL(DRM_IOCTL_SET_MASTER, 0, TYPE_NULL)
+  IOCTL(DRM_IOCTL_DROP_MASTER, 0, TYPE_NULL)
+  IOCTL(DRM_IOCTL_ADD_CTX, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_ctx)))
+  IOCTL(DRM_IOCTL_RM_CTX, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_ctx)))
+  IOCTL(DRM_IOCTL_MOD_CTX, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_ctx)))
+  IOCTL(DRM_IOCTL_GET_CTX, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_ctx)))
+  IOCTL(DRM_IOCTL_SWITCH_CTX, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_ctx)))
+  IOCTL(DRM_IOCTL_NEW_CTX, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_ctx)))
+  IOCTL(DRM_IOCTL_RES_CTX, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_ctx_res)))
+  IOCTL(DRM_IOCTL_ADD_DRAW, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_draw)))
+  IOCTL(DRM_IOCTL_RM_DRAW, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_draw)))
+  IOCTL(DRM_IOCTL_DMA, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_drm_dma)))
+  IOCTL(DRM_IOCTL_LOCK, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_lock)))
+  IOCTL(DRM_IOCTL_UNLOCK, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_lock)))
+  IOCTL(DRM_IOCTL_FINISH, IOC_W, MK_PTR(MK_STRUCT(STRUCT_drm_lock)))
+  IOCTL(DRM_IOCTL_PRIME_HANDLE_TO_FD, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_prime_handle)))
+  IOCTL(DRM_IOCTL_PRIME_FD_TO_HANDLE, IOC_RW,
MK_PTR(MK_STRUCT(STRUCT_drm_prime_handle)))
+  IOCTL(DRM_IOCTL_AGP_ACQUIRE, 0, TYPE_NULL)
+  IOCTL(DRM_IOCTL_AGP_RELEASE, 0, TYPE_NULL)
+  IOCTL(DRM_IOCTL_AGP_ENABLE, IOC_W,
MK_PTR(MK_STRUCT(STRUCT_drm_agp_mode)))
+  IOCTL(DRM_IOCTL_AGP_INFO, IOC_R, 

[Qemu-devel] [PATCH 5/7] TIOCGPTN and related terminal control ioctls were not converted to the guest ioctl format on x86_64 targets. Convert these ioctls to enable terminal functionality on x86_64 gu

[Timothy Pearson]

Signed-off-by: Timothy Pearson 
---
 linux-user/x86_64/termbits.h | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/linux-user/x86_64/termbits.h b/linux-user/x86_64/termbits.h
index 1c3445c..5fc4639 100644
--- a/linux-user/x86_64/termbits.h
+++ b/linux-user/x86_64/termbits.h
@@ -209,12 +209,12 @@ struct target_termios {
 #define TARGET_TIOCSBRK0x5427  /* BSD compatibility */
 #define TARGET_TIOCCBRK0x5428  /* BSD compatibility */
 #define TARGET_TIOCGSID0x5429  /* Return the session ID of FD */
-#define TARGET_TCGETS2 _IOR('T',0x2A, struct termios2)
-#define TARGET_TCSETS2 _IOW('T',0x2B, struct termios2)
-#define TARGET_TCSETSW2_IOW('T',0x2C, struct termios2)
-#define TARGET_TCSETSF2_IOW('T',0x2D, struct termios2)
-#define TARGET_TIOCGPTN_IOR('T',0x30, unsigned int) /* Get Pty Number
(of pty-mux device) */
-#define TARGET_TIOCSPTLCK  _IOW('T',0x31, int)  /* Lock/unlock Pty */
+#define TARGET_TCGETS2 TARGET_IOR('T',0x2A, struct termios2)
+#define TARGET_TCSETS2 TARGET_IOW('T',0x2B, struct termios2)
+#define TARGET_TCSETSW2TARGET_IOW('T',0x2C, struct termios2)
+#define TARGET_TCSETSF2TARGET_IOW('T',0x2D, struct termios2)
+#define TARGET_TIOCGPTNTARGET_IOR('T',0x30, unsigned int) /* 
Get Pty
Number (of pty-mux device) */
+#define TARGET_TIOCSPTLCK  TARGET_IOW('T',0x31, int)  /* Lock/unlock Pty */
  #define TARGET_FIONCLEX   0x5450  /* these numbers need to be adjusted. */
 #define TARGET_FIOCLEX 0x5451
-- 
2.1.4

[Qemu-devel] [PATCH 5/7] TIOCGPTN and related terminal control ioctls were not converted to the guest ioctl format on x86_64 targets. Convert these ioctls to enable terminal functionality on x86_64 gu

[Timothy Pearson]

Signed-off-by: Timothy Pearson 
---
 linux-user/x86_64/termbits.h | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/linux-user/x86_64/termbits.h b/linux-user/x86_64/termbits.h
index 1c3445c..5fc4639 100644
--- a/linux-user/x86_64/termbits.h
+++ b/linux-user/x86_64/termbits.h
@@ -209,12 +209,12 @@ struct target_termios {
 #define TARGET_TIOCSBRK0x5427  /* BSD compatibility */
 #define TARGET_TIOCCBRK0x5428  /* BSD compatibility */
 #define TARGET_TIOCGSID0x5429  /* Return the session ID of FD */
-#define TARGET_TCGETS2 _IOR('T',0x2A, struct termios2)
-#define TARGET_TCSETS2 _IOW('T',0x2B, struct termios2)
-#define TARGET_TCSETSW2_IOW('T',0x2C, struct termios2)
-#define TARGET_TCSETSF2_IOW('T',0x2D, struct termios2)
-#define TARGET_TIOCGPTN_IOR('T',0x30, unsigned int) /* Get Pty Number 
(of pty-mux device) */
-#define TARGET_TIOCSPTLCK  _IOW('T',0x31, int)  /* Lock/unlock Pty */
+#define TARGET_TCGETS2 TARGET_IOR('T',0x2A, struct termios2)
+#define TARGET_TCSETS2 TARGET_IOW('T',0x2B, struct termios2)
+#define TARGET_TCSETSW2TARGET_IOW('T',0x2C, struct termios2)
+#define TARGET_TCSETSF2TARGET_IOW('T',0x2D, struct termios2)
+#define TARGET_TIOCGPTNTARGET_IOR('T',0x30, unsigned int) /* 
Get Pty Number (of pty-mux device) */
+#define TARGET_TIOCSPTLCK  TARGET_IOW('T',0x31, int)  /* Lock/unlock Pty */
 
 #define TARGET_FIONCLEX0x5450  /* these numbers need to be adjusted. */
 #define TARGET_FIOCLEX 0x5451
-- 
2.1.4

[Qemu-devel] [PATCH 3/7] Pass select() arguments directly to do_select() on x86 platforms

[Timothy Pearson]

This matches the calling conventions in the Linux kernel and
resolves select() hangs on i386/x86_64 guests.

Signed-off-by: Timothy Pearson 
---
 linux-user/syscall.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 2968b57..644a490 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4785,6 +4785,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long
arg)
 void *argptr;
  ie = ioctl_entries;
+
 for(;;) {
 if (ie->target_cmd == 0) {
 gemu_log("Unsupported ioctl: cmd=0x%04lx\n", (long)cmd);
@@ -7899,7 +7900,7 @@ abi_long do_syscall(void *cpu_env, int num,
abi_long arg1,
 break;
 #if defined(TARGET_NR_select)
 case TARGET_NR_select:
-#if defined(TARGET_S390X) || defined(TARGET_ALPHA)
+#if defined(TARGET_S390X) || defined(TARGET_ALPHA) ||
defined(TARGET_I386) || defined(TARGET_X86_64)
 ret = do_select(arg1, arg2, arg3, arg4, arg5);
 #else
 {
-- 
2.1.4

[Qemu-devel] [PATCH 2/7] QEMU does not currently support host pages that are larger than guest pages, likely due to glibc using fixed mmap requests.

[Timothy Pearson]

Attempting to use host pages larger than the guest leads to
alignment errors during ELF load in the best case, and an
initialization failure inside NPTL in the worst case, causing
all fork() requests inside the guest to fail.

Warn when thread space cannot be set up, and suggest reducing
host page size if applicable.

Signed-off-by: Timothy Pearson 
---
 linux-user/syscall.c | 27 +--
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 1c17b74..2968b57 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5482,8 +5482,13 @@ static int do_fork(CPUArchState *env, unsigned
int flags, abi_ulong newsp,
 /* Wait for the child to initialize.  */
 pthread_cond_wait(, );
 ret = info.tid;
-if (flags & CLONE_PARENT_SETTID)
-put_user_u32(ret, parent_tidptr);
+if (flags & CLONE_PARENT_SETTID) {
+if (put_user_u32(ret, parent_tidptr)) {
+fprintf(stderr, "do_fork: put_user_u32() failed,
child process state invalid\n");
+if (qemu_real_host_page_size > TARGET_PAGE_SIZE)
+fprintf(stderr, "do_fork: host page size >
target page size; reduce host page size and try again\n");
+}
+}
 } else {
 ret = -1;
 }
@@ -5514,10 +5519,20 @@ static int do_fork(CPUArchState *env, unsigned
int flags, abi_ulong newsp,
(not implemented) or having *_tidptr to point at a
shared memory
mapping.  We can't repeat the spinlock hack used above
because
the child process gets its own copy of the lock.  */
-if (flags & CLONE_CHILD_SETTID)
-put_user_u32(gettid(), child_tidptr);
-if (flags & CLONE_PARENT_SETTID)
-put_user_u32(gettid(), parent_tidptr);
+if (flags & CLONE_CHILD_SETTID) {
+if (put_user_u32(gettid(), child_tidptr)) {
+fprintf(stderr, "do_fork: put_user_u32() failed,
child process state invalid\n");
+if (qemu_real_host_page_size > TARGET_PAGE_SIZE)
+fprintf(stderr, "do_fork: host page size >
target page size; reduce host page size and try again\n");
+}
+}
+if (flags & CLONE_PARENT_SETTID) {
+if (put_user_u32(gettid(), parent_tidptr)) {
+fprintf(stderr, "do_fork: put_user_u32() failed,
child process state invalid\n");
+if (qemu_real_host_page_size > TARGET_PAGE_SIZE)
+fprintf(stderr, "do_fork: host page size >
target page size; reduce host page size and try again\n");
+}
+}
 ts = (TaskState *)cpu->opaque;
 if (flags & CLONE_SETTLS)
 cpu_set_tls (env, newtls);
-- 
2.1.4

[Qemu-devel] [PATCH 1/7] Add initial x86_64 signal handlers

[Timothy Pearson]

Note that x86_64 systems only offer the _rt signal handler variants,
so the legacy signal handlers remain unimplemented on this platform.

Signed-off-by: Timothy Pearson 
---
 linux-user/signal.c | 302
+++-
 1 file changed, 299 insertions(+), 3 deletions(-)

diff --git a/linux-user/signal.c b/linux-user/signal.c
index 61c1145..88d8fd3 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -26,6 +26,16 @@
 #include "target_signal.h"
 #include "trace.h"
 +/*
+ * This looks more complex than it should be. But we need to
+ * get the type for the ~ right in round_down (it needs to be
+ * as wide as the result!), and we want to evaluate the macro
+ * arguments just once each.
+ */
+#define __round_mask(x, y) ((__typeof__(x))((y)-1))
+#define round_up(x, y) x)-1) | __round_mask(x, y))+1)
+#define round_down(x, y) ((x) & ~__round_mask(x, y))
+
 static struct target_sigaltstack target_sigaltstack_used = {
 .ss_sp = 0,
 .ss_size = 0,
@@ -256,8 +266,7 @@ int do_sigprocmask(int how, const sigset_t *set,
sigset_t *oldset)
 return 0;
 }
 -#if !defined(TARGET_OPENRISC) && !defined(TARGET_UNICORE32) && \
-!defined(TARGET_X86_64)
+#if !defined(TARGET_OPENRISC) && !defined(TARGET_UNICORE32)
 /* Just set the guest's signal mask to the specified value; the
  * caller is assumed to have called block_signals() already.
  */
@@ -1185,6 +1194,292 @@ badframe:
 return 0;
 }
 +#elif defined(TARGET_X86_64) && TARGET_ABI_BITS == 64
+
+struct target_fpxreg {
+uint16_t significand[4];
+uint16_t exponent;
+uint16_t padding[3];
+};
+
+struct target_xmmreg {
+abi_ulong element[4];
+};
+
+struct target_fpstate {
+unsigned short cwd;
+unsigned short swd;
+unsigned short twd;
+
+unsigned short fop;
+uint64_t rip;
+uint64_t rdp;
+abi_ulong mxcsr;
+abi_ulong mxcsr_mask;
+struct target_fpxreg _fxsr_st[8]; /* FXSR FPU reg data is ignored */
+struct target_xmmreg _xmm[16];
+__u32 padding[24];
+};
+
+#define X86_FXSR_MAGIC 0x
+
+struct target_sigcontext {
+uint64_t r8;
+uint64_t r9;
+uint64_t r10;
+uint64_t r11;
+uint64_t r12;
+uint64_t r13;
+uint64_t r14;
+uint64_t r15;
+uint64_t edi;
+uint64_t esi;
+uint64_t ebp;
+uint64_t ebx;
+uint64_t edx;
+uint64_t eax;
+uint64_t ecx;
+uint64_t esp;
+uint64_t eip;
+uint64_t eflags;
+uint16_t cs;
+uint16_t gs;
+uint16_t fs;
+uint16_t __pad0;
+uint64_t err;
+uint64_t trapno;
+uint64_t oldmask;
+uint64_t cr2;
+
+uint64_t fpstate;
+uint64_t reserved1[8];
+};
+
+struct target_ucontext {
+abi_ulong  tuc_flags;
+struct target_sigcontext*  tuc_link;
+target_stack_t tuc_stack;
+struct target_sigcontext   tuc_mcontext;
+target_sigset_ttuc_sigmask;  /* mask last for extensibility */
+};
+
+struct rt_sigframe
+{
+char* pretcode;
+struct target_ucontext uc;
+struct target_siginfo info;
+struct target_fpstate fpstate;
+};
+
+/*
+ * Set up a signal frame.
+ */
+
+/* XXX: save x87 state */
+static void setup_sigcontext(struct target_sigcontext *sc,
+struct target_fpstate *fpstate, CPUX86State *env, abi_ulong mask,
+abi_ulong fpstate_addr)
+{
+CPUState *cs = CPU(x86_env_get_cpu(env));
+
+/* already locked in setup_frame() */
+__put_user(env->regs[R_EDI], >edi);
+__put_user(env->regs[R_ESI], >esi);
+__put_user(env->regs[R_EBP], >ebp);
+__put_user(env->regs[R_ESP], >esp);
+__put_user(env->regs[R_EBX], >ebx);
+__put_user(env->regs[R_EDX], >edx);
+__put_user(env->regs[R_ECX], >ecx);
+__put_user(env->regs[R_EAX], >eax);
+__put_user(env->regs[8], >r8);
+__put_user(env->regs[9], >r9);
+__put_user(env->regs[10], >r10);
+__put_user(env->regs[11], >r11);
+__put_user(env->regs[12], >r12);
+__put_user(env->regs[13], >r13);
+__put_user(env->regs[14], >r14);
+__put_user(env->regs[15], >r15);
+__put_user(cs->exception_index, >trapno);
+__put_user(env->error_code, >err);
+__put_user(env->eip, >eip);
+__put_user(env->eflags, >eflags);
+__put_user(env->segs[R_CS].selector, (unsigned int *)>cs);
+__put_user(0, >gs);
+__put_user(0, >fs);
+
+cpu_x86_fsave(env, fpstate_addr, 1);
+__put_user(fpstate_addr, >fpstate);
+
+/* non-iBCS2 extensions.. */
+__put_user(mask, >oldmask);
+__put_user(env->cr[2], >cr2);
+}
+
+/*
+ * Determine which stack to use..
+ */
+
+static inline abi_ulong
+get_sigframe(struct target_sigaction *ka, CPUX86State *env, size_t
frame_size)
+{
+unsigned long esp;
+
+/* Default to using normal stack */
+esp = env->regs[R_ESP];
+
+/* redzone */
+esp -= 128;
+
+/* This is the X/Open sanctioned signal stack switching.  */
+if (ka->sa_flags & TARGET_SA_ONSTACK) {
+if (sas_ss_flags(esp) == 0) {
+  

[Qemu-devel] [PATCH 0/7] Enable multimedia applications on x86_64 guests

[Timothy Pearson]

With increasing interest in non-x86 architectures (e.g. ARM64, POWER8),
there is a growing desire to execute legacy x86 applications that cannot
be recompiled on these new architectures.

This series enables 3D multimedia applications (e.g. games) to function
correctly on an emulated x86_64 host in user mode.  It resolves several
issues noted within the x86_64 user mode, and adds 3D ioctls for Intel
and AMD graphics.  Furthermore, it adds ALSA sound ioctls.

NOTE: The initial DRM ioctl patch was taken from the qemu mailing list:
https://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg02405.html

Aaditya Chandrasekhar Azad (1):
  This patch adds initial user-virtualization support for the DRM (type
   'd') IOCTLs in linux. With it and a corresponding architecture
chroot (say aarch64), I am able to successfully run a few 2D and
3D applications with native graphics acceleration. Some
notes/caveats are:

Timothy Pearson (6):
  Add initial x86_64 signal handlers
  QEMU does not currently support host pages that are larger than
 guest pages, likely due to glibc using fixed mmap requests.
  Pass select() arguments directly to do_select() on x86 platforms
  TIOCGPTN and related terminal control ioctls were not converted to
the guest ioctl format on x86_64 targets.  Convert these ioctls
   to enable terminal functionality on x86_64 guests.
  Add radeon DRM interface ioctls
  Add ALSA ioctls

 linux-user/ioctls.h  |  252 ++
 linux-user/signal.c  |  302 ++-
 linux-user/syscall.c |   48 +-
 linux-user/syscall_defs.h|  255 ++
 linux-user/syscall_types.h   | 1131
++
 linux-user/x86_64/termbits.h |   12 +-
 6 files changed, 1984 insertions(+), 16 deletions(-)

-- 
2.1.4

Re: [Qemu-devel] [Qemu-ppc] [PATCH 01/10] ppc: Fix rfi/rfid/hrfi/... emulation

[Benjamin Herrenschmidt]

On Fri, 2016-06-17 at 16:32 +0200, Cédric Le Goater wrote:
> The instruction set PPC_POWER_BR contains nearly all the deleted 
> instructions from isa2. rfi is not part of it and should. Also, only 
> the cpus "PowerPC 601*" make a use of it in their insns_flags.

Are you sure those arent the old POWER instructions as in pre-powerPC
architecture that 601 (and only 601) supports ?

> So, we would want this set to be in all the "PowerPC {6,7}*" cpus. 
> Are there more ? 

All 32-bit hash based CPUs are arch 1.x and support rfi

All 64-bit hash based CPUs we support (ie, POWER4 and later) are
architecture 2.x and later.

So my test is correct in the context of what we emulate today.

Cheers,
Ben.

Re: [Qemu-devel] [Qemu-ppc] [PATCH 01/10] ppc: Fix rfi/rfid/hrfi/... emulation

[Benjamin Herrenschmidt]

On Fri, 2016-06-17 at 13:02 +0200, Thomas Huth wrote:
> According to the PPC970FX user manual that I have:
> 
> "The 970FX does not provide support for the following optional or
>  obsolete instructions (or instruction forms).
>  Attempted use of these will result in an illegal instruction type
>  program interrupt.
>   [...]
>   · rfi - Return from interrupt (obsolete) "
> 
> So if OpenBIOS is using this instruction in 970 mode, it's maybe
> OpenBIOS that should be fixed instead?

Right, I was about to say that ... This instruction *might* have
existed on POWER3 which we don't emulate, but definitely not on
POWER4 and later.

Cheers,
Ben.

Re: [Qemu-devel] [Qemu-ppc] [PATCH 01/10] ppc: Fix rfi/rfid/hrfi/... emulation

[Benjamin Herrenschmidt]

<1465795496-15071-2-git-send-email-...@kaod.org>


<20160616010702.gi28...@voom.fritz.box>


<20160617022731.ga19...@voom.fritz.box> <57639095.5010...@kaod.org>


<576392b1.6030...@kaod.org> <5763a258.2010...@redhat.com>
 <5763d3ef.6060...@kaod.org>
Organization: IBM Australia
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.20.3 (3.20.3-1.fc24) 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit

On Fri, 2016-06-17 at 12:41 +0200, Cédric Le Goater wrote:
> 
> This is too brutal :
> 
> +    /* This instruction doesn't exist anymore on 64-bit server
> +     * processors compliant with arch 2.x
> +     */
> +    if (ctx->insns_flags & PPC_SEGMENT_64B) {
> +        gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
> +        return;
> +    }
>         
> 
> There are a couple of instructions which have been deleted from 
> ISA 2.x. rfi is one of them. Could we use a insn_flag to filter
> them  ? 

Why is it too brutal ? We don't really support pre-arch 2.0 64-bit
processors do we ?

Cheers,
Ben.

[Qemu-devel] [PATCH 0/2] configure: Avoid warnings on OSX

[Peter Maydell]

From: Peter Maydell 

This patchset fixes a couple of minor issues with configure
tests that result in configure printing out warning messages
as it runs on OSX. (The warnings don't result in configure
actually failing.) Both reported by Stefan Weil.

Peter Maydell (2):
  configure: Improve usermode relocation linker option probe
  configure: Make AVX2 test robust to non-ELF systems

 configure | 18 +++---
 1 file changed, 15 insertions(+), 3 deletions(-)

-- 
2.6.2

[Qemu-devel] [PATCH 2/2] configure: Make AVX2 test robust to non-ELF systems

[Peter Maydell]

From: Peter Maydell 

The AVX2 optimization test assumes that the object format
is ELF and the system has the readelf utility. If this isn't
true then configure might fail or emit a warning (since in
a pipe "foo | bar >/dev/null 2>&1" does not redirect the
stderr of foo, only of bar). Adjust the check so that if
we don't have readelf or don't have an ELF object then we
just don't enable the AVX2 optimization.

Reported-by: Stefan Weil 
Signed-off-by: Peter Maydell 
---
 configure | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 7beefcd..30bca55 100755
--- a/configure
+++ b/configure
@@ -1792,8 +1792,10 @@ int foo(void *a) __attribute__((ifunc("bar_ifunc")));
 int main(int argc, char *argv[]) { return foo(argv[0]);}
 EOF
 if compile_object "" ; then
-if readelf --syms $TMPO |grep "IFUNC.*foo" >/dev/null 2>&1; then
-avx2_opt="yes"
+if has readelf; then
+if readelf --syms $TMPO 2>/dev/null |grep -q "IFUNC.*foo"; then
+avx2_opt="yes"
+fi
 fi
 fi
 
-- 
2.6.2

[Qemu-devel] [PATCH 1/2] configure: Improve usermode relocation linker option probe

[Peter Maydell]

From: Peter Maydell 

The probe we do to determine what flags to use to make the usermode
executables use a non-default text address has some flaws:
 * we run it even if we're not building the user binaries
 * we don't expect "ld --verbose" to fail

The combination of these two results in a harmless but
ugly "ld: unknown option: --verbose" message when running
configure on OSX.

Improve the probe to only run when we need it and to fail
nicely when even the backstop 'ld --verbose' approach fails.

Reported-by: Stefan Weil 
Signed-off-by: Peter Maydell 
---
 configure | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/configure b/configure
index 10cb212..7beefcd 100755
--- a/configure
+++ b/configure
@@ -4700,7 +4700,7 @@ if test "$cpu" = "s390x" ; then
 fi
 
 # Probe for the need for relocating the user-only binary.
-if test "$pie" = "no" ; then
+if ( [ "$linux_user" = yes ] || [ "$bsd_user" = yes ] ) && [ "$pie" = no ]; 
then
   textseg_addr=
   case "$cpu" in
 arm | i386 | ppc* | s390* | sparc* | x86_64 | x32)
@@ -4722,6 +4722,16 @@ EOF
   # In case ld does not support -Ttext-segment, edit the default linker
   # script via sed to set the .text start addr.  This is needed on FreeBSD
   # at least.
+  if ! $ld --verbose >/dev/null 2>&1; then
+error_exit \
+"We need to link the QEMU user mode binaries at a" \
+"specific text address. Unfortunately your linker" \
+"doesn't support either the -Ttext-segment option or" \
+"printing the default linker script with --verbose." \
+"If you don't want the user mode binaries, pass the" \
+"--disable-user option to configure."
+  fi
+
   $ld --verbose | sed \
 -e '1,/==/d' \
 -e '/==/,$d' \
-- 
2.6.2

[Qemu-devel] [Bug 1593605] Re: windows2008r2 boot failed with uefi

[Laszlo Ersek (Red Hat)]

... In addition to what I said above in comment #9 (which stands), the
technical problem with turning the memory allocation in question into
AcpiNVS type is that it would prevent *all* OSes from reusing the area.

It would prevent the Windows 7 memory manager from deallocating page #0
(thereby saving Windows 7 HAL's buttocks), correct, but the page would
also be lost for other, actually UEFI-abiding, OSes as well. That's a
way too high price to pay for bug-compatibility with Windows 7.

This is actually documented in the commit message of
https://github.com/tianocore/edk2/commit/90803342b1b6 . An excerpt:

The Int10h real-mode IVT entry is covered with a Boot Services Code page,
making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes
different from the Windows 2008 family can reclaim the page. The Windows
2008 family accesses the page at zero regardless of the allocation type.)

This was in fact a difference between v1 and v2 of the patch. V1 used
EfiReservedMemoryType, but v2 changed that, so that no other OSes would
be punished. See esp. the Notes section of v2:

http://thread.gmane.org/gmane.comp.bios.tianocore.devel/7047
http://thread.gmane.org/gmane.comp.bios.tianocore.devel/7127

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1593605

Title:
  windows2008r2 boot failed with uefi

Status in QEMU:
  Invalid

Bug description:
  I want to run my win2008r2 with uefi. Hypervisor is ubuntu16.04 and my
  qemu command line show below:

  qemu-system-x86_64 -enable-kvm -name win2008r2 -S -machine pc-
  i440fx-2.5,accel=kvm,usb=off -cpu
  host,hv_time,hv_relaxed,hv_spinlocks=0x2000 -drive
  file=/usr/share/qemu/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on
  -drive
  file=/var/lib/libvirt/qemu/nvram/win2008r2_VARS.fd,if=pflash,format=raw,unit=1
  -m size=8388608k,slots=10,maxmem=1073741824k -realtime mlock=off -smp
  8,maxcpus=96,sockets=24,cores=4,threads=1 -numa
  node,nodeid=0,cpus=0-7,mem=8192 -uuid 030638c5-c6aa-
  4f06-82f8-dd2d04fd5705 -no-user-config -nodefaults -chardev
  socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-
  win2008r2/monitor.sock,server,nowait -mon
  chardev=charmonitor,id=monitor,mode=control -rtc
  base=localtime,clock=vm,driftfix=slew -no-hpet -no-shutdown -boot
  strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device
  usb-ehci,id=usb1,bus=pci.0,addr=0x4 -device nec-usb-
  xhci,id=usb2,bus=pci.0,addr=0x5 -device
  lsi,id=scsi0,bus=pci.0,addr=0x6 -device virtio-scsi-
  pci,id=scsi1,bus=pci.0,addr=0x7 -device virtio-serial-pci,id=virtio-
  serial0,bus=pci.0,addr=0x8 -drive
  file=/vms/images/win2008r2,format=qcow2,if=none,id=drive-
  ide0-0-0,cache=directsync -device ide-hd,bus=ide.0,unit=0,drive=drive-
  ide0-0-0,id=ide0-0-0,bootindex=1 -drive
  
file=/vms/isos/cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598.iso,format=raw,if=none,id
  =drive-ide0-1-1,readonly=on -device ide-cd,bus=ide.1,unit=1,drive
  =drive-ide0-1-1,id=ide0-1-1,bootindex=2 -chardev pty,id=charserial0
  -device isa-serial,chardev=charserial0,id=serial0 -chardev
  
socket,id=charchannel0,path=/var/lib/libvirt/qemu/win2008r2.agent,server,nowait
  -device virtserialport,bus=virtio-
  serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
  -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -device
  VGA,id=video0,vgamem_mb=16,bus=pci.0,addr=0x2 -device virtio-balloon-
  pci,id=balloon0,bus=pci.0,addr=0xa -msg timestamp=on

  
  OVMF.fd is download from http://sourceforge.net/projects/edk2/files/OVMF/ 
OVMF-X64-r15214.zip.

  When I boot my domain with windows2008 iso, the kvm was caught in
  endless interrupt. I enable trace on my host and I got this.


  1. echo 1 > /sys/kernel/debug/tracing/events/kvm/enable
  2. cat /sys/kernel/debug/tracing/trace_pipe 
  qemu-system-x86-1969  [006]   2093.019588: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.019590: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.021424: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.021429: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.021430: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.021683: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.021686: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022592: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80ef
   qemu-system-x86-1969  [006] d...  2093.022595: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022746: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.022749: kvm_entry: 

Re: [Qemu-devel] OSX 10.7 build failure

[Peter Maydell]

On 18 June 2016 at 21:51, Peter Maydell  wrote:
> On 18 June 2016 at 20:09, Stefan Weil  wrote:
>> Here is a list of problems which I noticed:
>>
>> configure:
>>
>> readelf: Error: Not an ELF file - it has the wrong magic bytes at
>> the start
>
> We should make our configure test correctly send stderr
> to /dev/null, since "not an ELF file" is OK and just
> means "test should not pass".
>
>> ld: unknown option: --verbose
>
> This whole test should be 'only if doing linux-user or
> bsd-user builds' I guess, since it's only for those.

I'll put some patches together for these at least.

thanks
-- PMM

[Qemu-devel] [PATCH] i386: pci-assign: Fix MSI-X table size

[Ido Yariv]

The current code creates a whole page mmio region for the MSI-X table
size.

However, the page containing the MSI-X table may contain other registers
not related to MSI-X. Creating an mmio region for the whole page masks
such registers and may break drivers in the guest OS.

Since maximal number of entries is known, use that instead to deduce the
table size when setting up the mmio region.

Signed-off-by: Ido Yariv 
---
 hw/i386/kvm/pci-assign.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
index f9c9014..98997d1 100644
--- a/hw/i386/kvm/pci-assign.c
+++ b/hw/i386/kvm/pci-assign.c
@@ -36,8 +36,6 @@
 #include "kvm_i386.h"
 #include "hw/pci/pci-assign.h"
 
-#define MSIX_PAGE_SIZE 0x1000
-
 /* From linux/ioport.h */
 #define IORESOURCE_IO   0x0100  /* Resource type */
 #define IORESOURCE_MEM  0x0200
@@ -122,6 +120,7 @@ typedef struct AssignedDevice {
 int *msi_virq;
 MSIXTableEntry *msix_table;
 hwaddr msix_table_addr;
+uint16_t msix_table_size;
 uint16_t msix_max;
 MemoryRegion mmio;
 char *configfd_name;
@@ -1310,6 +1309,7 @@ static int assigned_device_pci_cap_init(PCIDevice 
*pci_dev, Error **errp)
 bar_nr = msix_table_entry & PCI_MSIX_FLAGS_BIRMASK;
 msix_table_entry &= ~PCI_MSIX_FLAGS_BIRMASK;
 dev->msix_table_addr = pci_region[bar_nr].base_addr + msix_table_entry;
+dev->msix_table_size = msix_max * sizeof(MSIXTableEntry);
 dev->msix_max = msix_max;
 }
 
@@ -1633,7 +1633,7 @@ static void assigned_dev_msix_reset(AssignedDevice *dev)
 return;
 }
 
-memset(dev->msix_table, 0, MSIX_PAGE_SIZE);
+memset(dev->msix_table, 0, dev->msix_table_size);
 
 for (i = 0, entry = dev->msix_table; i < dev->msix_max; i++, entry++) {
 entry->ctrl = cpu_to_le32(0x1); /* Masked */
@@ -1642,8 +1642,8 @@ static void assigned_dev_msix_reset(AssignedDevice *dev)
 
 static void assigned_dev_register_msix_mmio(AssignedDevice *dev, Error **errp)
 {
-dev->msix_table = mmap(NULL, MSIX_PAGE_SIZE, PROT_READ|PROT_WRITE,
-   MAP_ANONYMOUS|MAP_PRIVATE, 0, 0);
+dev->msix_table = mmap(NULL, dev->msix_table_size, PROT_READ | PROT_WRITE,
+   MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
 if (dev->msix_table == MAP_FAILED) {
 error_setg_errno(errp, errno, "failed to allocate msix_table");
 dev->msix_table = NULL;
@@ -1653,7 +1653,7 @@ static void 
assigned_dev_register_msix_mmio(AssignedDevice *dev, Error **errp)
 assigned_dev_msix_reset(dev);
 
 memory_region_init_io(>mmio, OBJECT(dev), _dev_msix_mmio_ops,
-  dev, "assigned-dev-msix", MSIX_PAGE_SIZE);
+  dev, "assigned-dev-msix", dev->msix_table_size);
 }
 
 static void assigned_dev_unregister_msix_mmio(AssignedDevice *dev)
@@ -1662,7 +1662,7 @@ static void 
assigned_dev_unregister_msix_mmio(AssignedDevice *dev)
 return;
 }
 
-if (munmap(dev->msix_table, MSIX_PAGE_SIZE) == -1) {
+if (munmap(dev->msix_table, dev->msix_table_size) == -1) {
 error_report("error unmapping msix_table! %s", strerror(errno));
 }
 dev->msix_table = NULL;
-- 
2.5.5

Re: [Qemu-devel] OSX 10.7 build failure

[Peter Maydell]

On 18 June 2016 at 20:09, Stefan Weil  wrote:
> Here is a list of problems which I noticed:
>
> configure:
>
> readelf: Error: Not an ELF file - it has the wrong magic bytes at
> the start

We should make our configure test correctly send stderr
to /dev/null, since "not an ELF file" is OK and just
means "test should not pass".

> ld: unknown option: --verbose

This whole test should be 'only if doing linux-user or
bsd-user builds' I guess, since it's only for those.

> make:
>
> /Users/admin/src/qemu/qemu.org/qemu/qemu-doc.texi:7: warning:
> unrecognized encoding name `UTF-8'.

This is because OSX's texinfo is ancient.

None of the three things above cause build failures, though,
even with warnings-as-errors.

> /Users/admin/src/qemu/qemu.org/qemu/hw/audio/fmopl.c:1082:39:
> warning: shifting a negative signed value is undefined
> [-Wshift-negative-value]
> /Users/admin/src/qemu/qemu.org/qemu/ui/vnc.c:3766:20: warning:
> 'sasl_server_init' is deprecated: first deprecated in OS X 10.11
> [-Wdeprecated-declarations]
> (more sasl related deprecation warnings follow)
> /Users/admin/src/qemu/qemu.org/qemu/target-mips/op_helper.c:1326:68:
> warning: shifting a negative signed value is undefined
> [-Wshift-negative-value]
> (more similar warnings follow)

Hmm. I don't get any warnings about shifting negative values,
so they're presumably new with the clang from 10.11.
We really should figure out what we're doing about those
and get our compiler flags and/or code in line accordingly.

I'm still on 10.10.5 so I don't see the sasl_server_init()
deprecation.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] gt64xxx: access right I/O port when activating byte swapping

[Hervé Poussineau]

Hi Aurélien,

Le 20/05/2016 à 21:56, Aurelien Jarno a écrit :

On 2016-05-20 15:05, Hervé Poussineau wrote:

Incidentally, this fixes YAMON on big endian guest.

Signed-off-by: Hervé Poussineau 
---
 hw/mips/gt64xxx_pci.c | 62 +--
 1 file changed, 60 insertions(+), 2 deletions(-)

diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
index 3f4523d..c76ee88 100644
--- a/hw/mips/gt64xxx_pci.c
+++ b/hw/mips/gt64xxx_pci.c
@@ -177,6 +177,7 @@

 /* PCI Internal */
 #define GT_PCI0_CMD(0xc00 >> 2)
+#define   GT_CMD_MWORDSWAP  (1 << 10)
 #define GT_PCI0_TOR(0xc04 >> 2)
 #define GT_PCI0_BS_SCS10   (0xc08 >> 2)
 #define GT_PCI0_BS_SCS32   (0xc0c >> 2)
@@ -294,6 +295,62 @@ static void gt64120_isd_mapping(GT64120State *s)
 memory_region_add_subregion(get_system_memory(), s->ISD_start, 
>ISD_mem);
 }

+static uint64_t gt64120_pci_io_read(void *opaque, hwaddr addr,
+unsigned int size)
+{
+GT64120State *s = opaque;
+uint8_t buf[4];
+
+if (s->regs[GT_PCI0_CMD] & GT_CMD_MWORDSWAP) {


First of all, it should be noted that this bit doesn't control byte
swapping, but swaps the 2 4-byte words in a 8-byte word.


+addr = (addr & ~3) + 4 - size - (addr & 3);


This looks complicated, and I don't think it is correct. In addition
this doesn't behave correctly at the edges of the address space. For
example a 2 byte access at address 0x3 would access address
0x.

For sizes <= 4, swapping the 2 words should be done with addr ^= 4.
Maybe you should also check for MBYTESWAP which also swaps the bytes
within a 8-byte word.


The real word problem (ie the one from Yamon) is:
In LE Yamon, there is a read a 0x4d1 (len = 1). MWORDSWAP and MBYTESWAP are 
disabled
In BE Yamon, the same read is at address 0x4d2. MWORDSWAP is enabled while 
MBYTESWAP is disabled.

MWORDSWAP documentation is:
"The GT-64120 PCI master swaps the words of the incoming and outgoing PCI data (swap 
the 2 words of a long word)"

Do we have to ignore it, as QEMU only handles 4-bytes accesses?

Then, how to change this address 0x4d2 to 0x4d1, address where is located the 
i8259 ELCR register?
Next accesses are for the RTC, at address 0x72 in BE and address 0x71 in LE.
I think I'm missing something.




+}
+
+address_space_read(_space_io, addr, MEMTXATTRS_UNSPECIFIED,
+   buf, size);
+
+if (size == 1) {
+return buf[0];
+} else if (size == 2) {
+return lduw_le_p(buf);
+} else if (size == 4) {
+return ldl_le_p(buf);
+} else {
+g_assert_not_reached();
+}


The device is configured is little endian, and then the little endian
value converted into native endianness. Wouldn't it be simple to declare
it as DEVICE_NATIVE_ENDIAN?


OK for this part, DEVICE_NATIVE_ENDIAN is indeed better and simplifies code.

Hervé

Re: [Qemu-devel] [PATCH] configure: Don't run AVX optimization requirement check on Mac OS X

[Peter Maydell]

On 18 June 2016 at 20:49, Stefan Weil  wrote:
> The test currently only works with ELF and requires readelf,
> but OS X does not use ELF binaries.
>
> Signed-off-by: Stefan Weil 
> ---
>  configure | 7 +++
>  1 file changed, 7 insertions(+)

Would be neater to use "if has readelf" I think,
rather than making it OS specific. (I assume readelf
itself does the right thing if fed a non-ELF object,
or we'd already be breaking windows builds.)

thanks
-- PMM

[Qemu-devel] [PATCH v8 08/12] target-avr: adding instruction translation

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
---
 target-avr/translate-inst.c | 2629 +++
 target-avr/translate.h  |  119 ++
 2 files changed, 2748 insertions(+)
 create mode 100644 target-avr/translate-inst.c
 create mode 100644 target-avr/translate.h

diff --git a/target-avr/translate-inst.c b/target-avr/translate-inst.c
new file mode 100644
index 000..280705b
--- /dev/null
+++ b/target-avr/translate-inst.c
@@ -0,0 +1,2629 @@
+/*
+ *  QEMU AVR CPU
+ *
+ *  Copyright (c) 2016 Michael Rolnik
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2.1 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, see
+ *  
+ */
+
+#include "translate.h"
+#include "translate-inst.h"
+#include "qemu/bitops.h"
+
+static void gen_add_CHf(TCGv R, TCGv Rd, TCGv Rr);
+static void gen_add_Vf(TCGv R, TCGv Rd, TCGv Rr);
+static void gen_sub_CHf(TCGv R, TCGv Rd, TCGv Rr);
+static void gen_sub_Vf(TCGv R, TCGv Rd, TCGv Rr);
+static void gen_ZNSf(TCGv R);
+static void gen_push_ret(CPUAVRState *env, int ret);
+static void gen_pop_ret(CPUAVRState *env, TCGv ret);
+static void gen_jmp_ez(void);
+static void gen_jmp_z(void);
+
+/*
+in the following 2 functions
+H assumed to be in 0x00ff format
+M assumed to be in 0x00ff format
+L assumed to be in 0x00ff format
+*/
+static void gen_set_addr(TCGv addr, TCGv H, TCGv M, TCGv l); /* H:M:L = addr */
+static TCGv gen_get_addr(TCGv H, TCGv M, TCGv L);/* addr = H:M:L */
+
+static void gen_set_xaddr(TCGv addr);
+static void gen_set_yaddr(TCGv addr);
+static void gen_set_zaddr(TCGv addr);
+
+static TCGv gen_get_xaddr(void);
+static TCGv gen_get_yaddr(void);
+static TCGv gen_get_zaddr(void);
+
+void gen_add_CHf(TCGv R, TCGv Rd, TCGv Rr)
+{
+TCGv t1 = tcg_temp_new_i32();
+TCGv t2 = tcg_temp_new_i32();
+TCGv t3 = tcg_temp_new_i32();
+
+tcg_gen_and_tl(t1, Rd, Rr); /*  t1 = Rd & Rr  */
+tcg_gen_andc_tl(t2, Rd, R); /*  t2 = Rd & ~R  */
+tcg_gen_andc_tl(t3, Rr, R); /*  t3 = Rr & ~R  */
+tcg_gen_or_tl(t1, t1, t2);  /*  t1 = t1 | t2 | t3  */
+tcg_gen_or_tl(t1, t1, t3);
+
+tcg_gen_shri_tl(cpu_Cf, t1, 7); /*  Cf = t1(7)  */
+tcg_gen_shri_tl(cpu_Hf, t1, 3); /*  Hf = t1(3)  */
+tcg_gen_andi_tl(cpu_Hf, cpu_Hf, 1);
+
+tcg_temp_free_i32(t3);
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t1);
+}
+
+void gen_add_Vf(TCGv R, TCGv Rd, TCGv Rr)
+{
+TCGv t1 = tcg_temp_new_i32();
+TCGv t2 = tcg_temp_new_i32();
+
+/*  t1 = Rd & Rr & ~R | ~Rd & ~Rr & R = (Rd ^ R) & ~(Rd ^ Rr)   */
+tcg_gen_xor_tl(t1, Rd, R);
+tcg_gen_xor_tl(t2, Rd, Rr);
+tcg_gen_andc_tl(t1, t1, t2);
+
+tcg_gen_shri_tl(cpu_Vf, t1, 7); /*  Vf = t1(7)  */
+
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t1);
+}
+
+void gen_sub_CHf(TCGv R, TCGv Rd, TCGv Rr)
+{
+TCGv t1 = tcg_temp_new_i32();
+TCGv t2 = tcg_temp_new_i32();
+TCGv t3 = tcg_temp_new_i32();
+
+/*  Cf & Hf  */
+tcg_gen_not_tl(t1, Rd); /*  t1 = ~Rd  */
+tcg_gen_and_tl(t2, t1, Rr); /*  t2 = ~Rd & Rr  */
+tcg_gen_or_tl(t3, t1, Rr);  /*  t3 = (~Rd | Rr) & R  */
+tcg_gen_and_tl(t3, t3, R);
+tcg_gen_or_tl(t2, t2, t3);  /*  t2 = ~Rd & Rr | ~Rd & R | R & Rr  
*/
+tcg_gen_shri_tl(cpu_Cf, t2, 7); /*  Cf = t2(7)  */
+tcg_gen_shri_tl(cpu_Hf, t2, 3); /*  Hf = t2(3)  */
+tcg_gen_andi_tl(cpu_Hf, cpu_Hf, 1);
+
+tcg_temp_free_i32(t3);
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t1);
+}
+
+void gen_sub_Vf(TCGv R, TCGv Rd, TCGv Rr)
+{
+TCGv t1 = tcg_temp_new_i32();
+TCGv t2 = tcg_temp_new_i32();
+
+/*  Vf  */
+/*  t1 = Rd & ~Rr & ~R | ~Rd & Rr & R  = (Rd ^ R) & (Rd ^ R)*/
+tcg_gen_xor_tl(t1, Rd, R);
+tcg_gen_xor_tl(t2, Rd, Rr);
+tcg_gen_and_tl(t1, t1, t2);
+tcg_gen_shri_tl(cpu_Vf, t1, 7); /*  Vf = t1(7)  */
+
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t1);
+}
+
+void gen_ZNSf(TCGv R)
+{
+tcg_gen_mov_tl(cpu_Zf, R);  /*  Zf = R  */
+tcg_gen_shri_tl(cpu_Nf, R, 7);  /*  Nf = R(7)  */
+tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /*  Sf = Nf ^ Vf  */
+}
+
+void gen_push_ret(CPUAVRState *env, int ret)
+{
+if (avr_feature(env, AVR_FEATURE_1_BYTE_PC)) {
+
+TCGv t0 = tcg_const_i32((ret & 0xff));
+
+tcg_gen_qemu_st_tl(t0, cpu_sp, 

[Qemu-devel] [PATCH v8 12/12] target-avr: adding maintainer

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
---
 MAINTAINERS | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index fe2279e..6a4e398 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -110,6 +110,12 @@ F: disas/arm.c
 F: disas/arm-a64.cc
 F: disas/libvixl/
 
+AVR
+M: Michael Rolnik 
+S: Maintained
+F: target-avr/
+F: hw/avr/
+
 CRIS
 M: Edgar E. Iglesias 
 S: Maintained
-- 
2.4.9 (Apple Git-60)

[Qemu-devel] [PATCH v8 05/12] target-avr: adding AVR interrupt handling

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
---
 target-avr/helper.c | 59 -
 1 file changed, 58 insertions(+), 1 deletion(-)

diff --git a/target-avr/helper.c b/target-avr/helper.c
index ad8f83e..f96fa27 100644
--- a/target-avr/helper.c
+++ b/target-avr/helper.c
@@ -31,11 +31,68 @@
 
 bool avr_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
 {
-return  false;
+CPUClass *cc = CPU_GET_CLASS(cs);
+AVRCPU *cpu = AVR_CPU(cs);
+CPUAVRState *env = >env;
+
+bool ret = false;
+
+if (interrupt_request & CPU_INTERRUPT_RESET) {
+if (cpu_interrupts_enabled(env)) {
+cs->exception_index = EXCP_RESET;
+cc->do_interrupt(cs);
+
+cs->interrupt_request   &= ~CPU_INTERRUPT_RESET;
+
+ret = true;
+}
+}
+if (interrupt_request & CPU_INTERRUPT_HARD) {
+if (cpu_interrupts_enabled(env) && env->intsrc != 0) {
+int index = ctz32(env->intsrc);
+cs->exception_index = EXCP_INT(index);
+cc->do_interrupt(cs);
+
+env->intsrc &= env->intsrc - 1; /* clear the interrupt */
+cs->interrupt_request &= ~CPU_INTERRUPT_HARD;
+
+ret = true;
+}
+}
+return ret;
 }
 
 void avr_cpu_do_interrupt(CPUState *cs)
 {
+AVRCPU *cpu = AVR_CPU(cs);
+CPUAVRState*env = >env;
+
+uint32_t ret = env->pc_w;
+int vector = 0;
+int size = avr_feature(env, AVR_FEATURE_JMP_CALL) ? 2 : 1;
+int base = 0;/* TODO: where to get it */
+
+if (cs->exception_index == EXCP_RESET) {
+vector = 0;
+} else if (env->intsrc != 0) {
+vector = ctz32(env->intsrc) + 1;
+}
+
+if (avr_feature(env, AVR_FEATURE_3_BYTE_PC)) {
+stb_phys(cs->as, env->sp--, (ret & 0xff));
+stb_phys(cs->as, env->sp--, (ret & 0x00ff00) >>  8);
+stb_phys(cs->as, env->sp--, (ret & 0xff) >> 16);
+} else if (avr_feature(env, AVR_FEATURE_2_BYTE_PC)) {
+stb_phys(cs->as, env->sp--, (ret & 0xff));
+stb_phys(cs->as, env->sp--, (ret & 0x00ff00) >>  8);
+} else {
+stb_phys(cs->as, env->sp--, (ret & 0xff));
+}
+
+env->pc_w = base + vector * size;
+env->sregI = 0;/*  clear Global Interrupt Flag */
+
+cs->exception_index = -1;
 }
 
 int avr_cpu_memory_rw_debug(CPUState *cs, vaddr addr, uint8_t *buf,
-- 
2.4.9 (Apple Git-60)

[Qemu-devel] [PATCH v8 09/12] target-avr: updating translate.c to use instructions translation

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
---
 target-avr/Makefile.objs |   4 +-
 target-avr/translate.c   | 137 ---
 2 files changed, 61 insertions(+), 80 deletions(-)

diff --git a/target-avr/Makefile.objs b/target-avr/Makefile.objs
index 2a10104..9757721 100644
--- a/target-avr/Makefile.objs
+++ b/target-avr/Makefile.objs
@@ -18,6 +18,8 @@
 #  
 #
 
-obj-y   += translate.o cpu.o helper.o
+obj-y   += translate.o helper.o cpu.o translate-inst.o
 obj-y   += gdbstub.o
 obj-$(CONFIG_SOFTMMU) += machine.o
+
+obj-y   += decode.o
diff --git a/target-avr/translate.c b/target-avr/translate.c
index 81ee44e..146d43a 100644
--- a/target-avr/translate.c
+++ b/target-avr/translate.c
@@ -18,60 +18,30 @@
  *  
  */
 
-#include "qemu/osdep.h"
-
-#include "cpu.h"
-#include "exec/exec-all.h"
-#include "disas/disas.h"
-#include "tcg-op.h"
-#include "exec/cpu_ldst.h"
-
-#include "exec/helper-proto.h"
-#include "exec/helper-gen.h"
-#include "exec/log.h"
-
-typedef struct DisasContext DisasContext;
-typedef struct InstInfo InstInfo;
-
-/*This is the state at translation time.  */
-struct DisasContext {
-struct TranslationBlock*tb;
-
-/*Routine used to access memory */
-int memidx;
-int bstate;
-int singlestep;
-};
-
-enum {
-BS_NONE = 0,/*  Nothing special (none of the below  */
-BS_STOP = 1,/*  We want to stop translation for any reason  */
-BS_BRANCH = 2,/*  A branch condition is reached   */
-BS_EXCP = 3,/*  An exception condition is reached   */
-};
-
-static TCGv_env cpu_env;
-
-static TCGv cpu_pc;
-
-static TCGv cpu_Cf;
-static TCGv cpu_Zf;
-static TCGv cpu_Nf;
-static TCGv cpu_Vf;
-static TCGv cpu_Sf;
-static TCGv cpu_Hf;
-static TCGv cpu_Tf;
-static TCGv cpu_If;
-
-static TCGv cpu_rampD;
-static TCGv cpu_rampX;
-static TCGv cpu_rampY;
-static TCGv cpu_rampZ;
-
-static TCGv cpu_io[64];
-static TCGv cpu_r[32];
-static TCGv cpu_eind;
-static TCGv cpu_sp;
+#include "translate.h"
+
+TCGv_env cpu_env;
+
+TCGv cpu_pc;
+
+TCGv cpu_Cf;
+TCGv cpu_Zf;
+TCGv cpu_Nf;
+TCGv cpu_Vf;
+TCGv cpu_Sf;
+TCGv cpu_Hf;
+TCGv cpu_Tf;
+TCGv cpu_If;
+
+TCGv cpu_rampD;
+TCGv cpu_rampX;
+TCGv cpu_rampY;
+TCGv cpu_rampZ;
+
+TCGv cpu_io[64];
+TCGv cpu_r[32];
+TCGv cpu_eind;
+TCGv cpu_sp;
 
 #include "exec/gen-icount.h"
 #define REG(x)  (cpu_r[x])
@@ -120,25 +90,27 @@ void avr_translate_init(void)
 done_init = 1;
 }
 
-static inline void gen_goto_tb(CPUAVRState *env, DisasContext *ctx, int n,
-target_ulong dest)
+static void decode_opc(AVRCPU *cpu, DisasContext *ctx, InstInfo *inst)
 {
-TranslationBlock   *tb;
+CPUAVRState*env = >env;
 
-tb = ctx->tb;
+inst->opcode = cpu_ldl_code(env, inst->cpc * 2);/*  pc points to words  */
+inst->length = 16;
+inst->translate = NULL;
 
-if ((tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK)
-&&  (ctx->singlestep == 0)) {
-tcg_gen_goto_tb(n);
-tcg_gen_movi_i32(cpu_pc, dest);
-tcg_gen_exit_tb((uintptr_t)tb + n);
-} else {
-tcg_gen_movi_i32(cpu_pc, dest);
+/*  the following function looks onto the opcode as a string of bytes   */
+avr_decode(inst->cpc, >length, inst->opcode, >translate);
 
-if (ctx->singlestep) {
-gen_helper_debug(cpu_env);
-}
-tcg_gen_exit_tb(0);
+if (inst->length == 16) {
+inst->npc = inst->cpc + 1;
+/*  get opcode as 16bit value   */
+inst->opcode = inst->opcode & 0x;
+}
+if (inst->length == 32) {
+inst->npc = inst->cpc + 2;
+/*  get opcode as 32bit value   */
+inst->opcode = (inst->opcode << 16)
+ | (inst->opcode >> 16);
 }
 }
 
@@ -172,18 +144,21 @@ void gen_intermediate_code(CPUAVRState *env, struct 
TranslationBlock *tb)
 gen_tb_start(tb);
 
 /*  decode first instruction*/
-cpc = pc_start;
-npc = cpc + 1;
+ctx.inst[0].cpc = pc_start;
+decode_opc(cpu, , [0]);
 do {
-/*  translate current instruction   */
+/*  set curr/next PCs   */
+cpc = ctx.inst[0].cpc;
+npc = ctx.inst[0].npc;
+
+/*  decode next instruction */
+ctx.inst[1].cpc = ctx.inst[0].npc;
+decode_opc(cpu, , [1]);
+
+/*  translate current instruction */
 tcg_gen_insn_start(cpc);
 num_insns++;
 
-/*  just skip to next instruction   */
-cpc++;
-npc++;
-ctx.bstate = BS_NONE;
-
 if (unlikely(cpu_breakpoint_test(cs, cpc * 2, BP_ANY))) {
 tcg_gen_movi_i32(cpu_pc, cpc);
 

[Qemu-devel] [PATCH v8 10/12] target-avr: saving sreg, rampD, rampX, rampY, rampD, eind in HW representation saving cpu features

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
---
 target-avr/cpu-qom.h |   2 +-
 target-avr/cpu.c |   2 +-
 target-avr/machine.c | 107 ---
 3 files changed, 87 insertions(+), 24 deletions(-)

diff --git a/target-avr/cpu-qom.h b/target-avr/cpu-qom.h
index bf588ca..c5d4f92 100644
--- a/target-avr/cpu-qom.h
+++ b/target-avr/cpu-qom.h
@@ -70,7 +70,7 @@ static inline AVRCPU   *avr_env_get_cpu(CPUAVRState *env)
 #define ENV_OFFSET  offsetof(AVRCPU, env)
 
 #ifndef CONFIG_USER_ONLY
-extern const struct VMStateDescription vmstate_avr_cpu;
+extern const struct VMStateDescription vms_avr_cpu;
 #endif
 
 void avr_cpu_do_interrupt(CPUState *cpu);
diff --git a/target-avr/cpu.c b/target-avr/cpu.c
index 197f9ac..64e6f57 100644
--- a/target-avr/cpu.c
+++ b/target-avr/cpu.c
@@ -187,7 +187,7 @@ static void avr_cpu_class_init(ObjectClass *oc, void *data)
 cc->handle_mmu_fault = avr_cpu_handle_mmu_fault;
 #else
 cc->get_phys_page_debug = avr_cpu_get_phys_page_debug;
-cc->vmsd = _avr_cpu;
+cc->vmsd = _avr_cpu;
 #endif
 cc->disas_set_info = avr_cpu_disas_set_info;
 cc->synchronize_from_tb = avr_cpu_synchronize_from_tb;
diff --git a/target-avr/machine.c b/target-avr/machine.c
index 39f1ee6..13e10db 100644
--- a/target-avr/machine.c
+++ b/target-avr/machine.c
@@ -23,31 +23,94 @@
 #include "cpu.h"
 #include "hw/boards.h"
 #include "machine.h"
+#include "migration/qemu-file.h"
 
-const VMStateDescription vmstate_avr_cpu = {
+static int get_sreg(QEMUFile *f, void *opaque, size_t size)
+{
+CPUAVRState *env = opaque;
+uint8_t sreg;
+
+qemu_get_8s(f, );
+cpu_set_sreg(env, sreg);
+return 0;
+}
+
+static void put_sreg(QEMUFile *f, void *opaque, size_t size)
+{
+CPUAVRState *env = opaque;
+uint8_t sreg = cpu_get_sreg(env);
+
+qemu_put_8s(f, );
+}
+
+static const VMStateInfo vms_sreg = {
+.name = "sreg",
+.get  = get_sreg,
+.put  = put_sreg,
+};
+
+static int get_segment(QEMUFile *f, void *opaque, size_t size)
+{
+uint32_t *ramp = opaque;
+uint8_t temp = *ramp >> 16;
+
+qemu_get_8s(f, );
+return 0;
+}
+
+static void put_segment(QEMUFile *f, void *opaque, size_t size)
+{
+uint32_t *ramp = opaque;
+uint8_t temp;
+
+qemu_put_8s(f, );
+*ramp = ((uint32_t)temp) << 16;
+}
+
+static const VMStateInfo vms_rampD = {
+.name = "rampD",
+.get  = get_segment,
+.put  = put_segment,
+};
+static const VMStateInfo vms_rampX = {
+.name = "rampX",
+.get  = get_segment,
+.put  = put_segment,
+};
+static const VMStateInfo vms_rampY = {
+.name = "rampY",
+.get  = get_segment,
+.put  = put_segment,
+};
+static const VMStateInfo vms_rampZ = {
+.name = "rampZ",
+.get  = get_segment,
+.put  = put_segment,
+};
+static const VMStateInfo vms_eind = {
+.name = "eind",
+.get  = get_segment,
+.put  = put_segment,
+};
+
+const VMStateDescription vms_avr_cpu = {
 .name   = "cpu",
-.version_id = 1,
-.minimum_version_id = 1,
+.version_id = 0,
+.minimum_version_id = 0,
 .fields = (VMStateField[]) {
-VMSTATE_UINT32_ARRAY(r, CPUAVRState, 32),
-
-VMSTATE_UINT32(sregC, CPUAVRState),
-VMSTATE_UINT32(sregZ, CPUAVRState),
-VMSTATE_UINT32(sregN, CPUAVRState),
-VMSTATE_UINT32(sregV, CPUAVRState),
-VMSTATE_UINT32(sregS, CPUAVRState),
-VMSTATE_UINT32(sregH, CPUAVRState),
-VMSTATE_UINT32(sregT, CPUAVRState),
-VMSTATE_UINT32(sregI, CPUAVRState),
-
-VMSTATE_UINT32(rampD, CPUAVRState),
-VMSTATE_UINT32(rampX, CPUAVRState),
-VMSTATE_UINT32(rampY, CPUAVRState),
-VMSTATE_UINT32(rampZ, CPUAVRState),
-
-VMSTATE_UINT32(eind, CPUAVRState),
-VMSTATE_UINT32(sp, CPUAVRState),
-VMSTATE_UINT32(pc_w, CPUAVRState),
+VMSTATE_UINT32(env.features, AVRCPU),
+VMSTATE_UINT32(env.pc_w, AVRCPU),
+VMSTATE_UINT32(env.sp, AVRCPU),
+
+VMSTATE_UINT32_ARRAY(env.r, AVRCPU, 32),
+VMSTATE_UINT32_ARRAY(env.io, AVRCPU, 64),
+
+VMSTATE_SINGLE_TEST(env, AVRCPU, NULL, 0, vms_sreg, CPUAVRState),
+VMSTATE_SINGLE_TEST(env.rampD, AVRCPU, NULL, 0, vms_rampD, uint32_t),
+VMSTATE_SINGLE_TEST(env.rampX, AVRCPU, NULL, 0, vms_rampX, uint32_t),
+VMSTATE_SINGLE_TEST(env.rampY, AVRCPU, NULL, 0, vms_rampY, uint32_t),
+VMSTATE_SINGLE_TEST(env.rampZ, AVRCPU, NULL, 0, vms_rampZ, uint32_t),
+VMSTATE_SINGLE_TEST(env.eind, AVRCPU, NULL, 0, vms_eind, uint32_t),
 
 VMSTATE_END_OF_LIST()
 }
-- 
2.4.9 (Apple Git-60)

[Qemu-devel] [PATCH v8 11/12] target-avr: decoder generator. currently not used by the build, can be used manually

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
---
 target-avr/cpugen/CMakeLists.txt   |  38 +++
 target-avr/cpugen/README.md|  17 ++
 target-avr/cpugen/cpu/avr.yaml | 214 ++
 target-avr/cpugen/src/CMakeLists.txt   |  62 
 target-avr/cpugen/src/cpugen.cpp   | 460 +
 target-avr/cpugen/src/utils.cpp|  27 ++
 target-avr/cpugen/src/utils.h  |  79 +
 target-avr/cpugen/xsl/decode.c.xsl | 103 +++
 target-avr/cpugen/xsl/translate-inst.h.xsl | 118 
 target-avr/cpugen/xsl/utils.xsl| 108 +++
 10 files changed, 1226 insertions(+)
 create mode 100644 target-avr/cpugen/CMakeLists.txt
 create mode 100644 target-avr/cpugen/README.md
 create mode 100644 target-avr/cpugen/cpu/avr.yaml
 create mode 100644 target-avr/cpugen/src/CMakeLists.txt
 create mode 100644 target-avr/cpugen/src/cpugen.cpp
 create mode 100644 target-avr/cpugen/src/utils.cpp
 create mode 100644 target-avr/cpugen/src/utils.h
 create mode 100644 target-avr/cpugen/xsl/decode.c.xsl
 create mode 100644 target-avr/cpugen/xsl/translate-inst.h.xsl
 create mode 100644 target-avr/cpugen/xsl/utils.xsl

diff --git a/target-avr/cpugen/CMakeLists.txt b/target-avr/cpugen/CMakeLists.txt
new file mode 100644
index 000..ded391c
--- /dev/null
+++ b/target-avr/cpugen/CMakeLists.txt
@@ -0,0 +1,38 @@
+cmake_minimum_required(VERSION 2.8)
+
+project(cpugen)
+
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -ggdb -g3")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++0x")
+
+set(Boost_USE_STATIC_LIBS   ON)
+find_package(
+Boost 1.60.0
+REQUIRED
+COMPONENTS
+system
+regex)
+#set(BUILD_SHARED_LIBS   OFF)
+#set(BUILD_STATIC_LIBS   ON)
+add_subdirectory(tinyxml2)
+add_subdirectory(yaml-cpp)
+
+include_directories(
+${CMAKE_CURRENT_SOURCE_DIR}
+${CMAKE_CURRENT_SOURCE_DIR}/..
+${CMAKE_CURRENT_SOURCE_DIR}/../yaml-cpp/include
+${Boost_INCLUDE_DIRS}
+)
+
+add_executable(
+cpugen
+src/cpugen.cpp
+src/utils.cpp
+)
+
+target_link_libraries(
+cpugen
+yaml-cpp
+tinyxml2
+${Boost_LIBRARIES}
+)
diff --git a/target-avr/cpugen/README.md b/target-avr/cpugen/README.md
new file mode 100644
index 000..f0caa8b
--- /dev/null
+++ b/target-avr/cpugen/README.md
@@ -0,0 +1,17 @@
+# CPUGEN
+## How to build
+within ```cpugen``` directory do
+```
+git clone https://github.com/leethomason/tinyxml2
+git clone https://github.com/jbeder/yaml-cpp
+mkdir build
+cd build
+cmake ..
+make
+```
+## How to use
+```
+cpugen ../cpu/avr.yaml
+xsltproc ../xsl/decode.c.xsl output.xml > ../../decode.c
+xsltproc ../xsl/translate-inst.h.xsl output.xml > ../../translate-inst.h
+```
diff --git a/target-avr/cpugen/cpu/avr.yaml b/target-avr/cpugen/cpu/avr.yaml
new file mode 100644
index 000..a626859
--- /dev/null
+++ b/target-avr/cpugen/cpu/avr.yaml
@@ -0,0 +1,214 @@
+cpu:
+name: avr
+instructions:
+- ADC:
+opcode: 0001 11 hRr[1] Rd[5] lRr[4]
+- ADD:
+opcode:  11 hRr[1] Rd[5] lRr[4]
+- ADIW:
+opcode: 1001 0110 hImm[2] Rd[2] lImm[4]
+- AND:
+opcode: 0010 00 hRr[1] Rd[5] lRr[4]
+- ANDI:
+opcode: 0111 hImm[4] Rd[4] lImm[4]
+- ASR:
+opcode: 1001 010 Rd[5] 0101
+- BCLR:
+opcode: 1001 0100 1 Bit[3] 1000
+- BLD:
+opcode:  100 Rd[5] 0 Bit[3]
+- BRBC:
+opcode:  01 Imm[7] Bit[3]
+- BRBS:
+opcode:  00 Imm[7] Bit[3]
+- BREAK:
+opcode: 1001 0101 1001 1000
+- BSET:
+opcode: 1001 0100 0 Bit[3] 1000
+- BST:
+opcode:  101 Rd[5] 0 Bit[3]
+- CALL:
+opcode: 1001 010 hImm[5] 111 lImm[17]
+- CBI:
+opcode: 1001 1000 Imm[5] Bit[3]
+- COM:
+opcode: 1001 010 Rd[5] 
+- CP:
+opcode: 0001 01 hRr[1] Rd[5] lRr[4]
+- CPC:
+opcode:  01 hRr[1] Rd[5] lRr[4]
+- CPI:
+opcode: 0011 hImm[4] Rd[4] lImm[4]
+- CPSE:
+opcode: 0001 00 hRr[1] Rd[5] lRr[4]
+- DEC:
+opcode: 1001 010 Rd[5] 1010
+- DES:
+opcode: 1001 0100 Imm[4] 1011
+- EICALL:
+opcode: 1001 0101 0001 1001
+- EIJMP:
+opcode: 1001 0100 0001 1001
+- ELPM1:
+opcode: 1001 0101 1101 1000
+- ELPM2:
+opcode: 1001 000 Rd[5] 0110
+- ELPMX:
+opcode: 1001 000 Rd[5] 0111
+- EOR:
+opcode: 0010 01 hRr[1] Rd[5] lRr[4]
+- FMUL:
+opcode:  0011 0 Rd[3] 1 Rr[3]
+- FMULS:
+opcode:  0011 1 Rd[3] 0 Rr[3]
+- FMULSU:
+opcode:  0011 1 Rd[3] 1 Rr[3]
+- ICALL:
+opcode: 1001 0101  1001
+- IJMP:
+

[Qemu-devel] [PATCH v8 06/12] target-avr: adding helpers for IN, OUT, SLEEP, WBR & unsupported instructions

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
---
 target-avr/helper.c | 147 
 target-avr/helper.h |   5 ++
 2 files changed, 142 insertions(+), 10 deletions(-)

diff --git a/target-avr/helper.c b/target-avr/helper.c
index f96fa27..44d8f44 100644
--- a/target-avr/helper.c
+++ b/target-avr/helper.c
@@ -42,14 +42,14 @@ bool avr_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 cs->exception_index = EXCP_RESET;
 cc->do_interrupt(cs);
 
-cs->interrupt_request   &= ~CPU_INTERRUPT_RESET;
+cs->interrupt_request &= ~CPU_INTERRUPT_RESET;
 
 ret = true;
 }
 }
 if (interrupt_request & CPU_INTERRUPT_HARD) {
 if (cpu_interrupts_enabled(env) && env->intsrc != 0) {
-int index = ctz32(env->intsrc);
+int index = ctz32(env->intsrc);
 cs->exception_index = EXCP_INT(index);
 cc->do_interrupt(cs);
 
@@ -64,8 +64,8 @@ bool avr_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 
 void avr_cpu_do_interrupt(CPUState *cs)
 {
-AVRCPU *cpu = AVR_CPU(cs);
-CPUAVRState*env = >env;
+AVRCPU *cpu = AVR_CPU(cs);
+CPUAVRState *env = >env;
 
 uint32_t ret = env->pc_w;
 int vector = 0;
@@ -79,14 +79,14 @@ void avr_cpu_do_interrupt(CPUState *cs)
 }
 
 if (avr_feature(env, AVR_FEATURE_3_BYTE_PC)) {
-stb_phys(cs->as, env->sp--, (ret & 0xff));
-stb_phys(cs->as, env->sp--, (ret & 0x00ff00) >>  8);
-stb_phys(cs->as, env->sp--, (ret & 0xff) >> 16);
+cpu_stb_data(env, env->sp--, (ret & 0xff));
+cpu_stb_data(env, env->sp--, (ret & 0x00ff00) >>  8);
+cpu_stb_data(env, env->sp--, (ret & 0xff) >> 16);
 } else if (avr_feature(env, AVR_FEATURE_2_BYTE_PC)) {
-stb_phys(cs->as, env->sp--, (ret & 0xff));
-stb_phys(cs->as, env->sp--, (ret & 0x00ff00) >>  8);
+cpu_stb_data(env, env->sp--, (ret & 0xff));
+cpu_stb_data(env, env->sp--, (ret & 0x00ff00) >>  8);
 } else {
-stb_phys(cs->as, env->sp--, (ret & 0xff));
+cpu_stb_data(env, env->sp--, (ret & 0xff));
 }
 
 env->pc_w = base + vector * size;
@@ -133,6 +133,28 @@ void tlb_fill(CPUState *cs, target_ulong vaddr, int 
is_write,
 
 tlb_set_page_with_attrs(cs, vaddr, paddr, attrs, prot, mmu_idx, page_size);
 }
+void helper_sleep(CPUAVRState *env)
+{
+CPUState *cs = CPU(avr_env_get_cpu(env));
+
+cs->exception_index = EXCP_HLT;
+cpu_loop_exit(cs);
+}
+void helper_unsupported(CPUAVRState *env)
+{
+CPUState *cs = CPU(avr_env_get_cpu(env));
+
+/*
+I count not find what happens on the real platform, so
+it's EXCP_DEBUG for meanwhile
+*/
+cs->exception_index = EXCP_DEBUG;
+if (qemu_loglevel_mask(LOG_UNIMP)) {
+qemu_log("UNSUPPORTED\n");
+cpu_dump_state(cs, qemu_logfile, fprintf, 0);
+}
+cpu_loop_exit(cs);
+}
 
 void helper_debug(CPUAVRState *env)
 {
@@ -142,3 +164,108 @@ void helper_debug(CPUAVRState *env)
 cpu_loop_exit(cs);
 }
 
+void helper_wdr(CPUAVRState *env)
+{
+CPUState *cs = CPU(avr_env_get_cpu(env));
+
+/*
+WD is not implemented yet, placeholder
+*/
+cs->exception_index = EXCP_DEBUG;
+cpu_loop_exit(cs);
+}
+
+target_ulong helper_inb(CPUAVRState *env, uint32_t port)
+{
+switch (port) {
+case0x38: {
+return  0xff & (env->rampD >> 16);  /*  RAMPD   */
+}
+case0x39: {
+return  0xff & (env->rampX >> 16);  /*  RAMPX   */
+}
+case0x3a: {
+return  0xff & (env->rampY >> 16);  /*  RAMPY   */
+}
+case0x3b: {
+return  0xff & (env->rampZ >> 16);  /*  RAMPZ   */
+}
+case0x3c: {
+return  0xff & (env->eind  >> 16);  /*  EIND*/
+}
+case0x3d: { /*  SPL */
+return  env->sp & 0x00ff;
+}
+case0x3e: { /*  SPH */
+return  env->sp >> 8;
+}
+case0x3f: { /*  SREG*/
+return cpu_get_sreg(env);
+}
+default: {
+qemu_log("in: io[%02x]\n", port);
+}
+}
+return  0;
+}
+
+void helper_outb(CPUAVRState *env, uint32_t port, uint32_t data)
+{
+data&= 0x00ff;
+
+switch (port) {
+case0x04: {
+qemu_irqirq;
+CPUState   *cpu = CPU(avr_env_get_cpu(env));
+irq = qdev_get_gpio_in(DEVICE(cpu), 3);
+qemu_set_irq(irq, 1);
+break;
+}
+case0x38: {
+if (avr_feature(env, AVR_FEATURE_RAMPD)) {
+env->rampD = (data & 0xff) << 16;   /*  RAMPD   */
+}
+break;
+}
+case0x39: {
+if (avr_feature(env, 

[Qemu-devel] [PATCH v8 01/12] target-avr: AVR cores support is added. 1. basic CPU structure 2. registers 3. no instructions

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
---
 arch_init.c |   2 +
 configure   |   5 +
 default-configs/avr-softmmu.mak |  21 +++
 include/disas/bfd.h |   6 +
 include/sysemu/arch_init.h  |   1 +
 target-avr/Makefile.objs|  23 +++
 target-avr/cpu-qom.h|  84 +++
 target-avr/cpu.c| 304 
 target-avr/cpu.h| 158 +
 target-avr/gdbstub.c|  84 +++
 target-avr/helper.c |  87 
 target-avr/helper.h |  21 +++
 target-avr/machine.c|  54 +++
 target-avr/machine.h|  21 +++
 target-avr/translate.c  | 290 ++
 15 files changed, 1161 insertions(+)
 create mode 100644 default-configs/avr-softmmu.mak
 create mode 100644 target-avr/Makefile.objs
 create mode 100644 target-avr/cpu-qom.h
 create mode 100644 target-avr/cpu.c
 create mode 100644 target-avr/cpu.h
 create mode 100644 target-avr/gdbstub.c
 create mode 100644 target-avr/helper.c
 create mode 100644 target-avr/helper.h
 create mode 100644 target-avr/machine.c
 create mode 100644 target-avr/machine.h
 create mode 100644 target-avr/translate.c

diff --git a/arch_init.c b/arch_init.c
index fa05973..be6e6de 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -80,6 +80,8 @@ int graphic_depth = 32;
 #define QEMU_ARCH QEMU_ARCH_UNICORE32
 #elif defined(TARGET_TRICORE)
 #define QEMU_ARCH QEMU_ARCH_TRICORE
+#elif defined(TARGET_AVR)
+#define QEMU_ARCH QEMU_ARCH_AVR
 #endif
 
 const uint32_t arch_type = QEMU_ARCH;
diff --git a/configure b/configure
index 10cb212..69ba02f 100755
--- a/configure
+++ b/configure
@@ -5621,6 +5621,8 @@ case "$target_name" in
   x86_64)
 TARGET_BASE_ARCH=i386
   ;;
+  avr)
+  ;;
   alpha)
   ;;
   arm|armeb)
@@ -5817,6 +5819,9 @@ disas_config() {
 
 for i in $ARCH $TARGET_BASE_ARCH ; do
   case "$i" in
+  avr)
+disas_config "AVR"
+  ;;
   alpha)
 disas_config "ALPHA"
   ;;
diff --git a/default-configs/avr-softmmu.mak b/default-configs/avr-softmmu.mak
new file mode 100644
index 000..003465d
--- /dev/null
+++ b/default-configs/avr-softmmu.mak
@@ -0,0 +1,21 @@
+#
+#  QEMU AVR CPU
+#
+#  Copyright (c) 2016 Michael Rolnik
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation; either
+#  version 2.1 of the License, or (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, see
+#  
+#
+
+# Default configuration for avr-softmmu
diff --git a/include/disas/bfd.h b/include/disas/bfd.h
index a112e9c..b13fc53 100644
--- a/include/disas/bfd.h
+++ b/include/disas/bfd.h
@@ -213,6 +213,12 @@ enum bfd_architecture
 #define bfd_mach_m32r  0  /* backwards compatibility */
   bfd_arch_mn10200,/* Matsushita MN10200 */
   bfd_arch_mn10300,/* Matsushita MN10300 */
+  bfd_arch_avr,   /* Atmel AVR microcontrollers.  */
+#define bfd_mach_avr1  1
+#define bfd_mach_avr2  2
+#define bfd_mach_avr3  3
+#define bfd_mach_avr4  4
+#define bfd_mach_avr5  5
   bfd_arch_cris,   /* Axis CRIS */
 #define bfd_mach_cris_v0_v10   255
 #define bfd_mach_cris_v32  32
diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
index d690dfa..8c75777 100644
--- a/include/sysemu/arch_init.h
+++ b/include/sysemu/arch_init.h
@@ -23,6 +23,7 @@ enum {
 QEMU_ARCH_UNICORE32 = (1 << 14),
 QEMU_ARCH_MOXIE = (1 << 15),
 QEMU_ARCH_TRICORE = (1 << 16),
+QEMU_ARCH_AVR = (1 << 17),
 };
 
 extern const uint32_t arch_type;
diff --git a/target-avr/Makefile.objs b/target-avr/Makefile.objs
new file mode 100644
index 000..2a10104
--- /dev/null
+++ b/target-avr/Makefile.objs
@@ -0,0 +1,23 @@
+#
+#  QEMU AVR CPU
+#
+#  Copyright (c) 2016 Michael Rolnik
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation; either
+#  version 2.1 of the License, or (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if 

[Qemu-devel] [PATCH v8 02/12] target-avr: adding AVR CPU features/flavors

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
---
 target-avr/cpu.c | 307 ++-
 target-avr/cpu.h |  53 ++
 2 files changed, 359 insertions(+), 1 deletion(-)

diff --git a/target-avr/cpu.c b/target-avr/cpu.c
index 99bd788..197f9ac 100644
--- a/target-avr/cpu.c
+++ b/target-avr/cpu.c
@@ -203,6 +203,296 @@ static void avr_cpu_class_init(ObjectClass *oc, void 
*data)
 dc->cannot_destroy_with_object_finalize_yet = true;
 }
 
+static void avr_avr1_initfn(Object *obj)
+{
+AVRCPU *cpu = AVR_CPU(obj);
+CPUAVRState *env = >env;
+
+avr_set_feature(env, AVR_FEATURE_LPM);
+avr_set_feature(env, AVR_FEATURE_2_BYTE_SP);
+avr_set_feature(env, AVR_FEATURE_2_BYTE_PC);
+}
+static void avr_avr2_initfn(Object *obj)
+{
+AVRCPU *cpu = AVR_CPU(obj);
+CPUAVRState *env = >env;
+
+avr_set_feature(env, AVR_FEATURE_LPM);
+avr_set_feature(env, AVR_FEATURE_IJMP_ICALL);
+avr_set_feature(env, AVR_FEATURE_ADIW_SBIW);
+avr_set_feature(env, AVR_FEATURE_SRAM);
+avr_set_feature(env, AVR_FEATURE_BREAK);
+
+avr_set_feature(env, AVR_FEATURE_2_BYTE_PC);
+avr_set_feature(env, AVR_FEATURE_2_BYTE_SP);
+}
+
+static void avr_avr25_initfn(Object *obj)
+{
+AVRCPU *cpu = AVR_CPU(obj);
+CPUAVRState *env = >env;
+
+avr_set_feature(env, AVR_FEATURE_LPM);
+avr_set_feature(env, AVR_FEATURE_IJMP_ICALL);
+avr_set_feature(env, AVR_FEATURE_ADIW_SBIW);
+avr_set_feature(env, AVR_FEATURE_SRAM);
+avr_set_feature(env, AVR_FEATURE_BREAK);
+
+avr_set_feature(env, AVR_FEATURE_2_BYTE_PC);
+avr_set_feature(env, AVR_FEATURE_2_BYTE_SP);
+avr_set_feature(env, AVR_FEATURE_LPMX);
+avr_set_feature(env, AVR_FEATURE_MOVW);
+}
+
+static void avr_avr3_initfn(Object *obj)
+{
+AVRCPU *cpu = AVR_CPU(obj);
+CPUAVRState *env = >env;
+
+avr_set_feature(env, AVR_FEATURE_LPM);
+avr_set_feature(env, AVR_FEATURE_IJMP_ICALL);
+avr_set_feature(env, AVR_FEATURE_ADIW_SBIW);
+avr_set_feature(env, AVR_FEATURE_SRAM);
+avr_set_feature(env, AVR_FEATURE_BREAK);
+
+avr_set_feature(env, AVR_FEATURE_2_BYTE_PC);
+avr_set_feature(env, AVR_FEATURE_2_BYTE_SP);
+avr_set_feature(env, AVR_FEATURE_JMP_CALL);
+}
+
+static void avr_avr31_initfn(Object *obj)
+{
+AVRCPU *cpu = AVR_CPU(obj);
+CPUAVRState *env = >env;
+
+avr_set_feature(env, AVR_FEATURE_LPM);
+avr_set_feature(env, AVR_FEATURE_IJMP_ICALL);
+avr_set_feature(env, AVR_FEATURE_ADIW_SBIW);
+avr_set_feature(env, AVR_FEATURE_SRAM);
+avr_set_feature(env, AVR_FEATURE_BREAK);
+
+avr_set_feature(env, AVR_FEATURE_2_BYTE_PC);
+avr_set_feature(env, AVR_FEATURE_2_BYTE_SP);
+avr_set_feature(env, AVR_FEATURE_RAMPZ);
+avr_set_feature(env, AVR_FEATURE_ELPM);
+avr_set_feature(env, AVR_FEATURE_JMP_CALL);
+}
+
+static void avr_avr35_initfn(Object *obj)
+{
+AVRCPU *cpu = AVR_CPU(obj);
+CPUAVRState *env = >env;
+
+avr_set_feature(env, AVR_FEATURE_LPM);
+avr_set_feature(env, AVR_FEATURE_IJMP_ICALL);
+avr_set_feature(env, AVR_FEATURE_ADIW_SBIW);
+avr_set_feature(env, AVR_FEATURE_SRAM);
+avr_set_feature(env, AVR_FEATURE_BREAK);
+
+avr_set_feature(env, AVR_FEATURE_2_BYTE_PC);
+avr_set_feature(env, AVR_FEATURE_2_BYTE_SP);
+avr_set_feature(env, AVR_FEATURE_JMP_CALL);
+avr_set_feature(env, AVR_FEATURE_LPMX);
+avr_set_feature(env, AVR_FEATURE_MOVW);
+}
+
+static void avr_avr4_initfn(Object *obj)
+{
+AVRCPU *cpu = AVR_CPU(obj);
+CPUAVRState *env = >env;
+
+avr_set_feature(env, AVR_FEATURE_LPM);
+avr_set_feature(env, AVR_FEATURE_IJMP_ICALL);
+avr_set_feature(env, AVR_FEATURE_ADIW_SBIW);
+avr_set_feature(env, AVR_FEATURE_SRAM);
+avr_set_feature(env, AVR_FEATURE_BREAK);
+
+avr_set_feature(env, AVR_FEATURE_2_BYTE_PC);
+avr_set_feature(env, AVR_FEATURE_2_BYTE_SP);
+avr_set_feature(env, AVR_FEATURE_LPMX);
+avr_set_feature(env, AVR_FEATURE_MOVW);
+avr_set_feature(env, AVR_FEATURE_MUL);
+}
+
+static void avr_avr5_initfn(Object *obj)
+{
+AVRCPU *cpu = AVR_CPU(obj);
+CPUAVRState *env = >env;
+
+avr_set_feature(env, AVR_FEATURE_LPM);
+avr_set_feature(env, AVR_FEATURE_IJMP_ICALL);
+avr_set_feature(env, AVR_FEATURE_ADIW_SBIW);
+avr_set_feature(env, AVR_FEATURE_SRAM);
+avr_set_feature(env, AVR_FEATURE_BREAK);
+
+avr_set_feature(env, AVR_FEATURE_2_BYTE_PC);
+avr_set_feature(env, AVR_FEATURE_2_BYTE_SP);
+avr_set_feature(env, AVR_FEATURE_JMP_CALL);
+avr_set_feature(env, AVR_FEATURE_LPMX);
+avr_set_feature(env, AVR_FEATURE_MOVW);
+avr_set_feature(env, AVR_FEATURE_MUL);
+}
+
+static void avr_avr51_initfn(Object *obj)
+{
+AVRCPU *cpu = AVR_CPU(obj);
+CPUAVRState *env = >env;
+
+avr_set_feature(env, AVR_FEATURE_LPM);
+avr_set_feature(env, AVR_FEATURE_IJMP_ICALL);
+avr_set_feature(env, AVR_FEATURE_ADIW_SBIW);
+avr_set_feature(env, AVR_FEATURE_SRAM);
+avr_set_feature(env, 

[Qemu-devel] [PATCH v8 04/12] target-avr: adding instructions encodings

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
---
 target-avr/translate-inst.h | 762 
 1 file changed, 762 insertions(+)
 create mode 100644 target-avr/translate-inst.h

diff --git a/target-avr/translate-inst.h b/target-avr/translate-inst.h
new file mode 100644
index 000..0c082d3
--- /dev/null
+++ b/target-avr/translate-inst.h
@@ -0,0 +1,762 @@
+/*
+ *  QEMU AVR CPU
+ *
+ *  Copyright (c) 2016 Michael Rolnik
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2.1 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, see
+ *  
+ */
+
+
+#ifndef AVR_TRANSLATE_INST_H_
+#define AVR_TRANSLATE_INST_H_
+
+typedef struct DisasContextDisasContext;
+
+int avr_translate_NOP(CPUAVRState *env, DisasContext* ctx, uint32_t opcode);
+
+int avr_translate_MOVW(CPUAVRState *env, DisasContext* ctx, uint32_t opcode);
+static inline uint32_t MOVW_Rr(uint32_t opcode)
+{
+return extract32(opcode, 0, 4);
+}
+static inline uint32_t MOVW_Rd(uint32_t opcode)
+{
+return extract32(opcode, 4, 4);
+}
+
+int avr_translate_MULS(CPUAVRState *env, DisasContext* ctx, uint32_t opcode);
+static inline uint32_t MULS_Rr(uint32_t opcode)
+{
+return extract32(opcode, 0, 4);
+}
+static inline uint32_t MULS_Rd(uint32_t opcode)
+{
+return extract32(opcode, 4, 4);
+}
+
+int avr_translate_MULSU(CPUAVRState *env, DisasContext* ctx, uint32_t opcode);
+static inline uint32_t MULSU_Rr(uint32_t opcode)
+{
+return extract32(opcode, 0, 3);
+}
+static inline uint32_t MULSU_Rd(uint32_t opcode)
+{
+return extract32(opcode, 4, 3);
+}
+
+int avr_translate_FMUL(CPUAVRState *env, DisasContext* ctx, uint32_t opcode);
+static inline uint32_t FMUL_Rr(uint32_t opcode)
+{
+return extract32(opcode, 0, 3);
+}
+static inline uint32_t FMUL_Rd(uint32_t opcode)
+{
+return extract32(opcode, 4, 3);
+}
+
+int avr_translate_FMULS(CPUAVRState *env, DisasContext* ctx, uint32_t opcode);
+static inline uint32_t FMULS_Rr(uint32_t opcode)
+{
+return extract32(opcode, 0, 3);
+}
+static inline uint32_t FMULS_Rd(uint32_t opcode)
+{
+return extract32(opcode, 4, 3);
+}
+
+int avr_translate_FMULSU(CPUAVRState *env, DisasContext* ctx, uint32_t opcode);
+static inline uint32_t FMULSU_Rr(uint32_t opcode)
+{
+return extract32(opcode, 0, 3);
+}
+static inline uint32_t FMULSU_Rd(uint32_t opcode)
+{
+return extract32(opcode, 4, 3);
+}
+
+int avr_translate_CPC(CPUAVRState *env, DisasContext* ctx, uint32_t opcode);
+static inline uint32_t CPC_Rd(uint32_t opcode)
+{
+return extract32(opcode, 4, 5);
+}
+static inline uint32_t CPC_Rr(uint32_t opcode)
+{
+return (extract32(opcode, 9, 1) << 4) |
+(extract32(opcode, 0, 4));
+}
+
+int avr_translate_SBC(CPUAVRState *env, DisasContext* ctx, uint32_t opcode);
+static inline uint32_t SBC_Rd(uint32_t opcode)
+{
+return extract32(opcode, 4, 5);
+}
+static inline uint32_t SBC_Rr(uint32_t opcode)
+{
+return (extract32(opcode, 9, 1) << 4) |
+(extract32(opcode, 0, 4));
+}
+
+int avr_translate_ADD(CPUAVRState *env, DisasContext* ctx, uint32_t opcode);
+static inline uint32_t ADD_Rd(uint32_t opcode)
+{
+return extract32(opcode, 4, 5);
+}
+static inline uint32_t ADD_Rr(uint32_t opcode)
+{
+return (extract32(opcode, 9, 1) << 4) |
+(extract32(opcode, 0, 4));
+}
+
+int avr_translate_AND(CPUAVRState *env, DisasContext* ctx, uint32_t opcode);
+static inline uint32_t AND_Rd(uint32_t opcode)
+{
+return extract32(opcode, 4, 5);
+}
+static inline uint32_t AND_Rr(uint32_t opcode)
+{
+return (extract32(opcode, 9, 1) << 4) |
+(extract32(opcode, 0, 4));
+}
+
+int avr_translate_EOR(CPUAVRState *env, DisasContext* ctx, uint32_t opcode);
+static inline uint32_t EOR_Rd(uint32_t opcode)
+{
+return extract32(opcode, 4, 5);
+}
+static inline uint32_t EOR_Rr(uint32_t opcode)
+{
+return (extract32(opcode, 9, 1) << 4) |
+(extract32(opcode, 0, 4));
+}
+
+int avr_translate_OR(CPUAVRState *env, DisasContext* ctx, uint32_t opcode);
+static inline uint32_t OR_Rd(uint32_t opcode)
+{
+return extract32(opcode, 4, 5);
+}
+static inline uint32_t OR_Rr(uint32_t opcode)
+{
+return (extract32(opcode, 9, 1) << 4) |
+(extract32(opcode, 0, 4));
+}
+
+int avr_translate_MOV(CPUAVRState *env, DisasContext* ctx, uint32_t opcode);
+static inline uint32_t MOV_Rd(uint32_t opcode)
+{
+return extract32(opcode, 4, 

[Qemu-devel] [PATCH v8 07/12] target-avr: adding instruction decoder

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
---
 target-avr/decode.c | 693 
 1 file changed, 693 insertions(+)
 create mode 100644 target-avr/decode.c

diff --git a/target-avr/decode.c b/target-avr/decode.c
new file mode 100644
index 000..44a5815
--- /dev/null
+++ b/target-avr/decode.c
@@ -0,0 +1,693 @@
+/*
+ * QEMU AVR CPU
+ *
+ * Copyright (c) 2016 Michael Rolnik
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+
+#include 
+#include "translate.h"
+
+void avr_decode(uint32_t pc, uint32_t *l, uint32_t c, translate_function_t *t)
+{
+uint32_t opc  = extract32(c, 0, 16);
+switch (opc & 0xd000) {
+case 0x: {
+switch (opc & 0x2c00) {
+case 0x: {
+switch (opc & 0x0300) {
+case 0x: {
+*l = 16;
+*t = _translate_NOP;
+break;
+}
+case 0x0100: {
+*l = 16;
+*t = _translate_MOVW;
+break;
+}
+case 0x0200: {
+*l = 16;
+*t = _translate_MULS;
+break;
+}
+case 0x0300: {
+switch (opc & 0x0088) {
+case 0x: {
+*l = 16;
+*t = _translate_MULSU;
+break;
+}
+case 0x0008: {
+*l = 16;
+*t = _translate_FMUL;
+break;
+}
+case 0x0080: {
+*l = 16;
+*t = _translate_FMULS;
+break;
+}
+case 0x0088: {
+*l = 16;
+*t = _translate_FMULSU;
+break;
+}
+}
+break;
+}
+}
+break;
+}
+case 0x0400: {
+*l = 16;
+*t = _translate_CPC;
+break;
+}
+case 0x0800: {
+*l = 16;
+*t = _translate_SBC;
+break;
+}
+case 0x0c00: {
+*l = 16;
+*t = _translate_ADD;
+break;
+}
+case 0x2000: {
+*l = 16;
+*t = _translate_AND;
+break;
+}
+case 0x2400: {
+*l = 16;
+*t = _translate_EOR;
+break;
+}
+case 0x2800: {
+*l = 16;
+*t = _translate_OR;
+break;
+}
+case 0x2c00: {
+*l = 16;
+*t = _translate_MOV;
+break;
+}
+}
+break;
+}
+case 0x1000: {
+switch (opc & 0x2000) {
+case 0x: {
+switch (opc & 0x0c00) {
+case 0x: {
+*l = 16;
+*t = _translate_CPSE;
+break;
+}
+case 0x0400: {
+*l = 16;
+*t = _translate_CP;
+break;
+}
+case 

[Qemu-devel] [PATCH v8 03/12] target-avr: adding a sample AVR board

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
---
 hw/Makefile.objs |   1 +
 hw/avr/Makefile.objs |  21 +
 hw/avr/sample-io.c   | 215 +++
 hw/avr/sample.c  | 118 
 4 files changed, 355 insertions(+)
 create mode 100644 hw/avr/Makefile.objs
 create mode 100644 hw/avr/sample-io.c
 create mode 100644 hw/avr/sample.c

diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 4a07ed4..262ca15 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -33,6 +33,7 @@ devices-dirs-$(CONFIG_SOFTMMU) += watchdog/
 devices-dirs-$(CONFIG_SOFTMMU) += xen/
 devices-dirs-$(CONFIG_MEM_HOTPLUG) += mem/
 devices-dirs-$(CONFIG_SMBIOS) += smbios/
+devices-dirs-$(CONFIG_SOFTMMU) += avr/
 devices-dirs-y += core/
 common-obj-y += $(devices-dirs-y)
 obj-y += $(devices-dirs-y)
diff --git a/hw/avr/Makefile.objs b/hw/avr/Makefile.objs
new file mode 100644
index 000..c080e4e
--- /dev/null
+++ b/hw/avr/Makefile.objs
@@ -0,0 +1,21 @@
+#
+#  QEMU AVR CPU
+#
+#  Copyright (c) 2016 Michael Rolnik
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation; either
+#  version 2.1 of the License, or (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, see
+#  
+#
+
+obj-y   += sample.o sample-io.o
diff --git a/hw/avr/sample-io.c b/hw/avr/sample-io.c
new file mode 100644
index 000..e0fee77
--- /dev/null
+++ b/hw/avr/sample-io.c
@@ -0,0 +1,215 @@
+/*
+ *  QEMU AVR CPU
+ *
+ *  Copyright (c) 2016 Michael Rolnik
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2.1 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, see
+ *  
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "include/hw/sysbus.h"
+
+#define TYPE_SAMPLEIO   "SampleIO"
+#define SAMPLEIO(obj)   OBJECT_CHECK(SAMPLEIOState, (obj), TYPE_SAMPLEIO)
+
+#ifndef DEBUG_SAMPLEIO
+#define DEBUG_SAMPLEIO 1
+#endif
+
+#define DPRINTF(fmt, args...) \
+do {  \
+if (DEBUG_SAMPLEIO) { \
+fprintf(stderr, "[%s]%s: " fmt , TYPE_SAMPLEIO, __func__, ##args);\
+} \
+} \
+while (0)
+
+#define AVR_IO_CPU_REGS_SIZE0x0020
+#define AVR_IO_CPU_IO_SIZE  0x0040
+#define AVR_IO_EXTERN_IO_SIZE   0x00a0
+#define AVR_IO_SIZE (AVR_IO_CPU_REGS_SIZE   \
++ AVR_IO_CPU_IO_SIZE\
++ AVR_IO_EXTERN_IO_SIZE)
+
+#define AVR_IO_CPU_REGS_BASE0x
+#define AVR_IO_CPU_IO_BASE  (AVR_IO_CPU_REGS_BASE   \
++ AVR_IO_CPU_REGS_SIZE)
+#define AVR_IO_EXTERN_IO_BASE   (AVR_IO_CPU_IO_BASE \
++ AVR_IO_CPU_IO_SIZE)
+
+
+typedef struct SAMPLEIOState {
+SysBusDeviceparent;
+
+MemoryRegioniomem;
+
+AVRCPU *cpu;
+
+uint8_t io[0x40];
+uint8_t exio[0xa0];
+} SAMPLEIOState;
+
+static uint64_t sample_io_read(void *opaque, hwaddr offset, unsigned size);
+static void sample_io_write(void *opaque, hwaddr offset, uint64_t value,
+unsigned size);
+static int sample_io_init(DeviceState *sbd);
+static void sample_io_class_init(ObjectClass *klass, void *data);
+static void sample_io_register_types(void);
+
+static void write_Rx(CPUAVRState *env, int inst, uint8_t data);
+static uint8_t read_Rx(CPUAVRState *env, int inst);
+
+static const MemoryRegionOps sample_io_ops = {
+.read = sample_io_read,
+.write = sample_io_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static Property sample_io_properties[] = 

[Qemu-devel] [PATCH v8 00/12] 8bit AVR cores

[Michael Rolnik]

This series of patches adds 8bit AVR cores to QEMU.
All instruction, except BREAK/DES/SPM/SPMX, are implemented. Not fully tested 
yet.
However I was able to execute simple code with functions. e.g fibonacci 
calculation.
This series of patches include a non real, sample board.
No fuses support yet. PC is set to 0 at reset.

the patches include the following
1. just a basic 8bit AVR CPU, without instruction decoding or translation
2. CPU features which allow define the following 8bit AVR cores
 avr1
 avr2 avr25
 avr3 avr31 avr35
 avr4
 avr5 avr51
 avr6
 xmega2 xmega4 xmega5 xmega6 xmega7
3. a definition of sample machine with SRAM, FLASH and CPU which allows to 
execute simple code
4. encoding for all AVR instructions
5. interrupt handling
6. helpers for IN, OUT, SLEEP, WBR & unsupported instructions
7. a decoder which given an opcode decides what istruction it is
8. translation of AVR instruction into TCG
9. all features together

changes since v3
1. rampD/X/Y/Z registers are encoded as 0x00ff (instead of 0x00ff) for 
faster address manipulaton
2. ffs changed to ctz32
3. duplicate code removed at avr_cpu_do_interrupt
4. using andc instead of not + and
5. fixing V flag calculation in varios instructions
6. freeing local variables in PUSH
7. tcg_const_local_i32 -> tcg_const_i32
8. using sextract32 instead of my implementation
9. fixing BLD instruction
10.xor(r) instead of 0xff - r at COM
11.fixing MULS/MULSU not to modify inputs' content
12.using SUB for NEG
13.fixing tcg_gen_qemu_ld/st call in XCH

changes since v4
1. target is now defined as big endian in order to optimize push_ret/pop_ret
2. all style warnings are fixed
3. adding cpu_set/get_sreg functions
4. simplifying gen_goto_tb as there is no real paging
5. env->pc -> env->pc_w
6. making flag dump more compact
7. more spacing
8. renaming CODE/DATA_INDEX -> MMU_CODE/DATA_IDX
9. removing avr_set_feature
10. SPL/SPH set bug fix
11. switching stb_phys to cpu_stb_data
12. cleaning up avr_decode
13. saving sreg, rampD/X/Y/Z, eind in HW format (savevm)
14. saving CPU features (savevm)

changes since v5
1. BLD bug fix
2. decoder generator is added

chages since v6
1. using cpu_get_sreg/cpu_set_sreg in 
avr_cpu_gdb_read_register/avr_cpu_gdb_write_register
2. configure the target as little endian because otherwise GDB does not work
3. fixing and testing gen_push_ret/gen_pop_ret

changes since v7
1. folding back v6 
2. logging at helper_outb and helper_inb are done for non supported yet 
registers only
3. MAINTAINERS updated



Michael Rolnik (12):
  target-avr: AVR cores support is added. 1. basic CPU
structure 2. registers 3. no instructions
  target-avr: adding AVR CPU features/flavors
  target-avr: adding a sample AVR board
  target-avr: adding instructions encodings
  target-avr: adding AVR interrupt handling
  target-avr: adding helpers for IN, OUT, SLEEP, WBR & unsupported
instructions
  target-avr: adding instruction decoder
  target-avr: adding instruction translation
  target-avr: updating translate.c to use instructions translation
  target-avr: saving sreg, rampD, rampX, rampY, rampD, eind in HW
representation saving cpu features
  target-avr: decoder generator. currently not used by the build, can be
used manually
  target-avr: adding maintainer

 MAINTAINERS|6 +
 arch_init.c|2 +
 configure  |5 +
 default-configs/avr-softmmu.mak|   21 +
 hw/Makefile.objs   |1 +
 hw/avr/Makefile.objs   |   21 +
 hw/avr/sample-io.c |  215 +++
 hw/avr/sample.c|  118 ++
 include/disas/bfd.h|6 +
 include/sysemu/arch_init.h |1 +
 target-avr/Makefile.objs   |   25 +
 target-avr/cpu-qom.h   |   84 +
 target-avr/cpu.c   |  609 +++
 target-avr/cpu.h   |  211 +++
 target-avr/cpugen/CMakeLists.txt   |   38 +
 target-avr/cpugen/README.md|   17 +
 target-avr/cpugen/cpu/avr.yaml |  214 +++
 target-avr/cpugen/src/CMakeLists.txt   |   62 +
 target-avr/cpugen/src/cpugen.cpp   |  460 +
 target-avr/cpugen/src/utils.cpp|   27 +
 target-avr/cpugen/src/utils.h  |   79 +
 target-avr/cpugen/xsl/decode.c.xsl |  103 ++
 target-avr/cpugen/xsl/translate-inst.h.xsl |  118 ++
 target-avr/cpugen/xsl/utils.xsl|  108 ++
 target-avr/decode.c|  693 
 target-avr/gdbstub.c   |   84 +
 target-avr/helper.c|  271 +++
 target-avr/helper.h|   26 +
 target-avr/machine.c   |  117 ++
 target-avr/machine.h   |   21 +
 target-avr/translate-inst.c  

[Qemu-devel] [PATCH] configure: Don't run AVX optimization requirement check on Mac OS X

[Stefan Weil]

The test currently only works with ELF and requires readelf,
but OS X does not use ELF binaries.

Signed-off-by: Stefan Weil 
---
 configure | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/configure b/configure
index 10cb212..89ffd28 100755
--- a/configure
+++ b/configure
@@ -1778,6 +1778,11 @@ fi
 ##
 # avx2 optimization requirement check
 
+# This check currently only works for hosts with ELF,
+# so don't run it on Darwin.
+
+if [ "$darwin" != "yes" ] ; then
+
 cat > $TMPC << EOF
 #pragma GCC push_options
 #pragma GCC target("avx2")
@@ -1797,6 +1802,8 @@ if compile_object "" ; then
 fi
 fi
 
+fi # "$darwin" != "yes"
+
 #
 # zlib check
 
-- 
2.1.4

Re: [Qemu-devel] OSX 10.7 build failure

[Stefan Weil]

Am 18.06.2016 um 21:09 schrieb Stefan Weil:

> The resulting binary qemu-system-x86_64 boots the BIOS with curses,
> but not with cocoa which does not show any window or other output.

This problem is solved: I had used a remote shell for building on the Mac
and tried qemu-system-x86_64 as I do it when running a remote shell
on any of my Linux build machines. This works with X Window, but
Cocoa shows the output on the Mac's screen.

Stefan




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] OSX 10.7 build failure

[Stefan Weil]

Am 17.06.2016 um 17:49 schrieb Peter Maydell:
> QEMU 2.6 builds without any deprecation warnings being generated.
>
>
> ** Changed in: qemu
>Status: New => Fix Released

The deprecation warnings from
https://bugs.launchpad.net/bugs/960378 are fixed,
but I get new ones with OS X 10.11.5 and latest XCode.

Here is a list of problems which I noticed:

configure:

readelf: Error: Not an ELF file - it has the wrong magic bytes at
the start
ld: unknown option: --verbose

make:

/Users/admin/src/qemu/qemu.org/qemu/qemu-doc.texi:7: warning:
unrecognized encoding name `UTF-8'.
/Users/admin/src/qemu/qemu.org/qemu/hw/audio/fmopl.c:1082:39:
warning: shifting a negative signed value is undefined
[-Wshift-negative-value]
/Users/admin/src/qemu/qemu.org/qemu/ui/vnc.c:3766:20: warning:
'sasl_server_init' is deprecated: first deprecated in OS X 10.11
[-Wdeprecated-declarations]
(more sasl related deprecation warnings follow)
/Users/admin/src/qemu/qemu.org/qemu/target-mips/op_helper.c:1326:68:
warning: shifting a negative signed value is undefined
[-Wshift-negative-value]
(more similar warnings follow)

The complete build protocol is available from
https://qemu.weilnetz.de/test/Mac-OS-X-10.11.5.txt

The resulting binary qemu-system-x86_64 boots the BIOS with curses,
but not with cocoa which does not show any window or other output.

Regards,
Stefan




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v7 12/12] target-avr: 1. use cpu_get/set_sreg function at avr_cpu_gdb_read_register/avr_cpu_gdb_read_register 2. configuring target as little endian 3. fixing and testing gen_p

[Richard Henderson]

On 06/14/2016 11:09 AM, Michael Rolnik wrote:

Signed-off-by: Michael Rolnik 
---
 configure   |  2 +-
 target-avr/gdbstub.c| 19 ++-
 target-avr/translate-inst.c | 45 +
 target-avr/translate.c  |  5 -
 4 files changed, 28 insertions(+), 43 deletions(-)


This patch needs to be folded back into the previous patches.
Otherwise this patch set is about ready for merging.

Please also include a patch to MAINTAINERS, adding yourself for the AVR target.


r~

Re: [Qemu-devel] [PATCH v2] target-ppc: Fix rlwimi, rlwinm, rlwnm

[Anton Blanchard]

Hi rth,

> In 63ae0915f8ec, I arranged to use a 32-bit rotate, without
> considering the effect of a mask value that wraps around to
> the high bits of the word.

Thanks, that passes my tests.

Tested-by: Anton Blanchard 

Anton

> Signed-off-by: Richard Henderson 
> ---
>  target-ppc/translate.c | 73
> +++--- 1 file changed, 51
> insertions(+), 22 deletions(-)
> 
> diff --git a/target-ppc/translate.c b/target-ppc/translate.c
> index b689475..23bc054 100644
> --- a/target-ppc/translate.c
> +++ b/target-ppc/translate.c
> @@ -1636,7 +1636,6 @@ static void gen_rlwimi(DisasContext *ctx)
>  tcg_gen_deposit_tl(t_ra, t_ra, t_rs, sh, me - mb + 1);
>  } else {
>  target_ulong mask;
> -TCGv_i32 t0;
>  TCGv t1;
>  
>  #if defined(TARGET_PPC64)
> @@ -1645,12 +1644,21 @@ static void gen_rlwimi(DisasContext *ctx)
>  #endif
>  mask = MASK(mb, me);
>  
> -t0 = tcg_temp_new_i32();
>  t1 = tcg_temp_new();
> -tcg_gen_trunc_tl_i32(t0, t_rs);
> -tcg_gen_rotli_i32(t0, t0, sh);
> -tcg_gen_extu_i32_tl(t1, t0);
> -tcg_temp_free_i32(t0);
> +if (mask <= 0xu) {
> +TCGv_i32 t0 = tcg_temp_new_i32();
> +tcg_gen_trunc_tl_i32(t0, t_rs);
> +tcg_gen_rotli_i32(t0, t0, sh);
> +tcg_gen_extu_i32_tl(t1, t0);
> +tcg_temp_free_i32(t0);
> +} else {
> +#if defined(TARGET_PPC64)
> +tcg_gen_deposit_i64(t1, t_rs, t_rs, 32, 32);
> +tcg_gen_rotli_i64(t1, t1, sh);
> +#else
> +g_assert_not_reached();
> +#endif
> +}
>  
>  tcg_gen_andi_tl(t1, t1, mask);
>  tcg_gen_andi_tl(t_ra, t_ra, ~mask);
> @@ -1678,20 +1686,28 @@ static void gen_rlwinm(DisasContext *ctx)
>  tcg_gen_ext32u_tl(t_ra, t_rs);
>  tcg_gen_shri_tl(t_ra, t_ra, mb);
>  } else {
> +target_ulong mask;
>  #if defined(TARGET_PPC64)
>  mb += 32;
>  me += 32;
>  #endif
> -if (sh == 0) {
> -tcg_gen_andi_tl(t_ra, t_rs, MASK(mb, me));
> -} else {
> -TCGv_i32 t0 = tcg_temp_new_i32();
> +mask = MASK(mb, me);
>  
> +if (mask <= 0xu) {
> +TCGv_i32 t0 = tcg_temp_new_i32();
>  tcg_gen_trunc_tl_i32(t0, t_rs);
>  tcg_gen_rotli_i32(t0, t0, sh);
> -tcg_gen_andi_i32(t0, t0, MASK(mb, me));
> +tcg_gen_andi_i32(t0, t0, mask);
>  tcg_gen_extu_i32_tl(t_ra, t0);
>  tcg_temp_free_i32(t0);
> +} else {
> +#if defined(TARGET_PPC64)
> +tcg_gen_deposit_i64(t_ra, t_rs, t_rs, 32, 32);
> +tcg_gen_rotli_i64(t_ra, t_ra, sh);
> +tcg_gen_andi_i64(t_ra, t_ra, mask);
> +#else
> +g_assert_not_reached();
> +#endif
>  }
>  }
>  if (unlikely(Rc(ctx->opcode) != 0)) {
> @@ -1707,24 +1723,37 @@ static void gen_rlwnm(DisasContext *ctx)
>  TCGv t_rb = cpu_gpr[rB(ctx->opcode)];
>  uint32_t mb = MB(ctx->opcode);
>  uint32_t me = ME(ctx->opcode);
> -TCGv_i32 t0, t1;
> +target_ulong mask;
>  
>  #if defined(TARGET_PPC64)
>  mb += 32;
>  me += 32;
>  #endif
> +mask = MASK(mb, me);
>  
> -t0 = tcg_temp_new_i32();
> -t1 = tcg_temp_new_i32();
> -tcg_gen_trunc_tl_i32(t0, t_rb);
> -tcg_gen_trunc_tl_i32(t1, t_rs);
> -tcg_gen_andi_i32(t0, t0, 0x1f);
> -tcg_gen_rotl_i32(t1, t1, t0);
> -tcg_temp_free_i32(t0);
> +if (mask <= 0xu) {
> +TCGv_i32 t0 = tcg_temp_new_i32();
> +TCGv_i32 t1 = tcg_temp_new_i32();
> +tcg_gen_trunc_tl_i32(t0, t_rb);
> +tcg_gen_trunc_tl_i32(t1, t_rs);
> +tcg_gen_andi_i32(t0, t0, 0x1f);
> +tcg_gen_rotl_i32(t1, t1, t0);
> +tcg_gen_extu_i32_tl(t_ra, t1);
> +tcg_temp_free_i32(t0);
> +tcg_temp_free_i32(t1);
> +} else {
> +#if defined(TARGET_PPC64)
> +TCGv_i64 t0 = tcg_temp_new_i64();
> +tcg_gen_andi_i64(t0, t_rb, 0x1f);
> +tcg_gen_deposit_i64(t_ra, t_rs, t_rs, 32, 32);
> +tcg_gen_rotl_i64(t_ra, t_ra, t0);
> +tcg_temp_free_i64(t0);
> +#else
> +g_assert_not_reached();
> +#endif
> +}
>  
> -tcg_gen_andi_i32(t1, t1, MASK(mb, me));
> -tcg_gen_extu_i32_tl(t_ra, t1);
> -tcg_temp_free_i32(t1);
> +tcg_gen_andi_tl(t_ra, t_ra, mask);
>  
>  if (unlikely(Rc(ctx->opcode) != 0)) {
>  gen_set_Rc0(ctx, t_ra);

[Qemu-devel] [Bug 1593605] Re: windows2008r2 boot failed with uefi

[Denis V. Lunev]

Actually I can provide you with the patch which makes win2k8 + UEFI
working if you willing to accept it for mainstream QEMU. It was quite
simple. We have prepared it but not sent. Parallels Server 6/Parallels
Desktop have this hack around 3-5 years.

I have missed you comment. Closing again.

** Changed in: qemu
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1593605

Title:
  windows2008r2 boot failed with uefi

Status in QEMU:
  Invalid

Bug description:
  I want to run my win2008r2 with uefi. Hypervisor is ubuntu16.04 and my
  qemu command line show below:

  qemu-system-x86_64 -enable-kvm -name win2008r2 -S -machine pc-
  i440fx-2.5,accel=kvm,usb=off -cpu
  host,hv_time,hv_relaxed,hv_spinlocks=0x2000 -drive
  file=/usr/share/qemu/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on
  -drive
  file=/var/lib/libvirt/qemu/nvram/win2008r2_VARS.fd,if=pflash,format=raw,unit=1
  -m size=8388608k,slots=10,maxmem=1073741824k -realtime mlock=off -smp
  8,maxcpus=96,sockets=24,cores=4,threads=1 -numa
  node,nodeid=0,cpus=0-7,mem=8192 -uuid 030638c5-c6aa-
  4f06-82f8-dd2d04fd5705 -no-user-config -nodefaults -chardev
  socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-
  win2008r2/monitor.sock,server,nowait -mon
  chardev=charmonitor,id=monitor,mode=control -rtc
  base=localtime,clock=vm,driftfix=slew -no-hpet -no-shutdown -boot
  strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device
  usb-ehci,id=usb1,bus=pci.0,addr=0x4 -device nec-usb-
  xhci,id=usb2,bus=pci.0,addr=0x5 -device
  lsi,id=scsi0,bus=pci.0,addr=0x6 -device virtio-scsi-
  pci,id=scsi1,bus=pci.0,addr=0x7 -device virtio-serial-pci,id=virtio-
  serial0,bus=pci.0,addr=0x8 -drive
  file=/vms/images/win2008r2,format=qcow2,if=none,id=drive-
  ide0-0-0,cache=directsync -device ide-hd,bus=ide.0,unit=0,drive=drive-
  ide0-0-0,id=ide0-0-0,bootindex=1 -drive
  
file=/vms/isos/cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598.iso,format=raw,if=none,id
  =drive-ide0-1-1,readonly=on -device ide-cd,bus=ide.1,unit=1,drive
  =drive-ide0-1-1,id=ide0-1-1,bootindex=2 -chardev pty,id=charserial0
  -device isa-serial,chardev=charserial0,id=serial0 -chardev
  
socket,id=charchannel0,path=/var/lib/libvirt/qemu/win2008r2.agent,server,nowait
  -device virtserialport,bus=virtio-
  serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
  -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -device
  VGA,id=video0,vgamem_mb=16,bus=pci.0,addr=0x2 -device virtio-balloon-
  pci,id=balloon0,bus=pci.0,addr=0xa -msg timestamp=on

  
  OVMF.fd is download from http://sourceforge.net/projects/edk2/files/OVMF/ 
OVMF-X64-r15214.zip.

  When I boot my domain with windows2008 iso, the kvm was caught in
  endless interrupt. I enable trace on my host and I got this.


  1. echo 1 > /sys/kernel/debug/tracing/events/kvm/enable
  2. cat /sys/kernel/debug/tracing/trace_pipe 
  qemu-system-x86-1969  [006]   2093.019588: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.019590: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.021424: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.021429: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.021430: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.021683: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.021686: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022592: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80ef
   qemu-system-x86-1969  [006] d...  2093.022595: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022746: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.022749: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.023434: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.023444: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.023446: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.023610: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.023612: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.025430: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.025435: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.025436: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.025599: kvm_exit: reason 

[Qemu-devel] [Bug 1593605] Re: windows2008r2 boot failed with uefi

[Denis V. Lunev]

sorry, I meant not QEMU but UEFI above.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1593605

Title:
  windows2008r2 boot failed with uefi

Status in QEMU:
  Invalid

Bug description:
  I want to run my win2008r2 with uefi. Hypervisor is ubuntu16.04 and my
  qemu command line show below:

  qemu-system-x86_64 -enable-kvm -name win2008r2 -S -machine pc-
  i440fx-2.5,accel=kvm,usb=off -cpu
  host,hv_time,hv_relaxed,hv_spinlocks=0x2000 -drive
  file=/usr/share/qemu/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on
  -drive
  file=/var/lib/libvirt/qemu/nvram/win2008r2_VARS.fd,if=pflash,format=raw,unit=1
  -m size=8388608k,slots=10,maxmem=1073741824k -realtime mlock=off -smp
  8,maxcpus=96,sockets=24,cores=4,threads=1 -numa
  node,nodeid=0,cpus=0-7,mem=8192 -uuid 030638c5-c6aa-
  4f06-82f8-dd2d04fd5705 -no-user-config -nodefaults -chardev
  socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-
  win2008r2/monitor.sock,server,nowait -mon
  chardev=charmonitor,id=monitor,mode=control -rtc
  base=localtime,clock=vm,driftfix=slew -no-hpet -no-shutdown -boot
  strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device
  usb-ehci,id=usb1,bus=pci.0,addr=0x4 -device nec-usb-
  xhci,id=usb2,bus=pci.0,addr=0x5 -device
  lsi,id=scsi0,bus=pci.0,addr=0x6 -device virtio-scsi-
  pci,id=scsi1,bus=pci.0,addr=0x7 -device virtio-serial-pci,id=virtio-
  serial0,bus=pci.0,addr=0x8 -drive
  file=/vms/images/win2008r2,format=qcow2,if=none,id=drive-
  ide0-0-0,cache=directsync -device ide-hd,bus=ide.0,unit=0,drive=drive-
  ide0-0-0,id=ide0-0-0,bootindex=1 -drive
  
file=/vms/isos/cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598.iso,format=raw,if=none,id
  =drive-ide0-1-1,readonly=on -device ide-cd,bus=ide.1,unit=1,drive
  =drive-ide0-1-1,id=ide0-1-1,bootindex=2 -chardev pty,id=charserial0
  -device isa-serial,chardev=charserial0,id=serial0 -chardev
  
socket,id=charchannel0,path=/var/lib/libvirt/qemu/win2008r2.agent,server,nowait
  -device virtserialport,bus=virtio-
  serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
  -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -device
  VGA,id=video0,vgamem_mb=16,bus=pci.0,addr=0x2 -device virtio-balloon-
  pci,id=balloon0,bus=pci.0,addr=0xa -msg timestamp=on

  
  OVMF.fd is download from http://sourceforge.net/projects/edk2/files/OVMF/ 
OVMF-X64-r15214.zip.

  When I boot my domain with windows2008 iso, the kvm was caught in
  endless interrupt. I enable trace on my host and I got this.


  1. echo 1 > /sys/kernel/debug/tracing/events/kvm/enable
  2. cat /sys/kernel/debug/tracing/trace_pipe 
  qemu-system-x86-1969  [006]   2093.019588: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.019590: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.021424: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.021429: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.021430: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.021683: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.021686: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022592: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80ef
   qemu-system-x86-1969  [006] d...  2093.022595: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022746: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.022749: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.023434: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.023444: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.023446: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.023610: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.023612: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.025430: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.025435: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.025436: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.025599: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.025601: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006] .N..  2093.026593: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80ef
   qemu-system-x86-1969  [006] d...  2093.026596: kvm_fpu: unload
 

[Qemu-devel] [Bug 1593605] Re: windows2008r2 boot failed with uefi

[Denis V. Lunev]

** Changed in: qemu
   Status: Invalid => Confirmed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1593605

Title:
  windows2008r2 boot failed with uefi

Status in QEMU:
  Confirmed

Bug description:
  I want to run my win2008r2 with uefi. Hypervisor is ubuntu16.04 and my
  qemu command line show below:

  qemu-system-x86_64 -enable-kvm -name win2008r2 -S -machine pc-
  i440fx-2.5,accel=kvm,usb=off -cpu
  host,hv_time,hv_relaxed,hv_spinlocks=0x2000 -drive
  file=/usr/share/qemu/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on
  -drive
  file=/var/lib/libvirt/qemu/nvram/win2008r2_VARS.fd,if=pflash,format=raw,unit=1
  -m size=8388608k,slots=10,maxmem=1073741824k -realtime mlock=off -smp
  8,maxcpus=96,sockets=24,cores=4,threads=1 -numa
  node,nodeid=0,cpus=0-7,mem=8192 -uuid 030638c5-c6aa-
  4f06-82f8-dd2d04fd5705 -no-user-config -nodefaults -chardev
  socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-
  win2008r2/monitor.sock,server,nowait -mon
  chardev=charmonitor,id=monitor,mode=control -rtc
  base=localtime,clock=vm,driftfix=slew -no-hpet -no-shutdown -boot
  strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device
  usb-ehci,id=usb1,bus=pci.0,addr=0x4 -device nec-usb-
  xhci,id=usb2,bus=pci.0,addr=0x5 -device
  lsi,id=scsi0,bus=pci.0,addr=0x6 -device virtio-scsi-
  pci,id=scsi1,bus=pci.0,addr=0x7 -device virtio-serial-pci,id=virtio-
  serial0,bus=pci.0,addr=0x8 -drive
  file=/vms/images/win2008r2,format=qcow2,if=none,id=drive-
  ide0-0-0,cache=directsync -device ide-hd,bus=ide.0,unit=0,drive=drive-
  ide0-0-0,id=ide0-0-0,bootindex=1 -drive
  
file=/vms/isos/cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598.iso,format=raw,if=none,id
  =drive-ide0-1-1,readonly=on -device ide-cd,bus=ide.1,unit=1,drive
  =drive-ide0-1-1,id=ide0-1-1,bootindex=2 -chardev pty,id=charserial0
  -device isa-serial,chardev=charserial0,id=serial0 -chardev
  
socket,id=charchannel0,path=/var/lib/libvirt/qemu/win2008r2.agent,server,nowait
  -device virtserialport,bus=virtio-
  serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
  -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -device
  VGA,id=video0,vgamem_mb=16,bus=pci.0,addr=0x2 -device virtio-balloon-
  pci,id=balloon0,bus=pci.0,addr=0xa -msg timestamp=on

  
  OVMF.fd is download from http://sourceforge.net/projects/edk2/files/OVMF/ 
OVMF-X64-r15214.zip.

  When I boot my domain with windows2008 iso, the kvm was caught in
  endless interrupt. I enable trace on my host and I got this.


  1. echo 1 > /sys/kernel/debug/tracing/events/kvm/enable
  2. cat /sys/kernel/debug/tracing/trace_pipe 
  qemu-system-x86-1969  [006]   2093.019588: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.019590: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.021424: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.021429: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.021430: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.021683: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.021686: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022592: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80ef
   qemu-system-x86-1969  [006] d...  2093.022595: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022746: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.022749: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.023434: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.023444: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.023446: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.023610: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.023612: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.025430: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.025435: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.025436: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.025599: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.025601: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006] .N..  2093.026593: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80ef
   qemu-system-x86-1969  [006] d...  

[Qemu-devel] [Bug 1593605] Re: windows2008r2 boot failed with uefi

[Laszlo Ersek (Red Hat)]

Denis, thanks a lot for the reminder and the analysis here. I knew about
this issue at one point -- see
https://bugzilla.redhat.com/show_bug.cgi?id=1185253 -- but by now I've
completely forgotten that HyperV enlightenments and UEFI SMP Win7 don't
mix.

Also, for your analysis in comment #7 -- thanks for that too; I've never
dug into it this deep. In the RHBZ I referenced above, there's a link to
MSDN -- https://technet.microsoft.com/en-us/library/dn282285.aspx --
which indicates that the UEFI Win7 family was never meant to be run as
HyperV guests. Those docs were enough explanation to me.

I don't think hacking on OVMF's VBE shim would be smart at this point --
the VBE shim is already an ugly hack to trick Win7 into working. I think
the best course of action here is to disable HyperV enlightenments for
Win7 UEFI guests. That's what virt-manager does as well:

https://github.com/virt-manager/virt-manager/commit/cbba1c4dd381

Given that this is not a QEMU issue, I'm closing the report (again).

** Changed in: qemu
   Status: Incomplete => Invalid

** Bug watch added: Red Hat Bugzilla #1185253
   https://bugzilla.redhat.com/show_bug.cgi?id=1185253

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1593605

Title:
  windows2008r2 boot failed with uefi

Status in QEMU:
  Invalid

Bug description:
  I want to run my win2008r2 with uefi. Hypervisor is ubuntu16.04 and my
  qemu command line show below:

  qemu-system-x86_64 -enable-kvm -name win2008r2 -S -machine pc-
  i440fx-2.5,accel=kvm,usb=off -cpu
  host,hv_time,hv_relaxed,hv_spinlocks=0x2000 -drive
  file=/usr/share/qemu/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on
  -drive
  file=/var/lib/libvirt/qemu/nvram/win2008r2_VARS.fd,if=pflash,format=raw,unit=1
  -m size=8388608k,slots=10,maxmem=1073741824k -realtime mlock=off -smp
  8,maxcpus=96,sockets=24,cores=4,threads=1 -numa
  node,nodeid=0,cpus=0-7,mem=8192 -uuid 030638c5-c6aa-
  4f06-82f8-dd2d04fd5705 -no-user-config -nodefaults -chardev
  socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-
  win2008r2/monitor.sock,server,nowait -mon
  chardev=charmonitor,id=monitor,mode=control -rtc
  base=localtime,clock=vm,driftfix=slew -no-hpet -no-shutdown -boot
  strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device
  usb-ehci,id=usb1,bus=pci.0,addr=0x4 -device nec-usb-
  xhci,id=usb2,bus=pci.0,addr=0x5 -device
  lsi,id=scsi0,bus=pci.0,addr=0x6 -device virtio-scsi-
  pci,id=scsi1,bus=pci.0,addr=0x7 -device virtio-serial-pci,id=virtio-
  serial0,bus=pci.0,addr=0x8 -drive
  file=/vms/images/win2008r2,format=qcow2,if=none,id=drive-
  ide0-0-0,cache=directsync -device ide-hd,bus=ide.0,unit=0,drive=drive-
  ide0-0-0,id=ide0-0-0,bootindex=1 -drive
  
file=/vms/isos/cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598.iso,format=raw,if=none,id
  =drive-ide0-1-1,readonly=on -device ide-cd,bus=ide.1,unit=1,drive
  =drive-ide0-1-1,id=ide0-1-1,bootindex=2 -chardev pty,id=charserial0
  -device isa-serial,chardev=charserial0,id=serial0 -chardev
  
socket,id=charchannel0,path=/var/lib/libvirt/qemu/win2008r2.agent,server,nowait
  -device virtserialport,bus=virtio-
  serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
  -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -device
  VGA,id=video0,vgamem_mb=16,bus=pci.0,addr=0x2 -device virtio-balloon-
  pci,id=balloon0,bus=pci.0,addr=0xa -msg timestamp=on

  
  OVMF.fd is download from http://sourceforge.net/projects/edk2/files/OVMF/ 
OVMF-X64-r15214.zip.

  When I boot my domain with windows2008 iso, the kvm was caught in
  endless interrupt. I enable trace on my host and I got this.


  1. echo 1 > /sys/kernel/debug/tracing/events/kvm/enable
  2. cat /sys/kernel/debug/tracing/trace_pipe 
  qemu-system-x86-1969  [006]   2093.019588: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.019590: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.021424: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.021429: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.021430: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.021683: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.021686: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022592: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80ef
   qemu-system-x86-1969  [006] d...  2093.022595: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022746: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.022749: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.023434: kvm_set_irq: 

Re: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to allocate stack with correct perms

[Laszlo Ersek]

On 06/17/16 16:11, Peter Maydell wrote:
> Some architectures require the stack to be executable; notably
> this includes MIPS, because the kernel's floating point emulator
> may try to put trampoline code on the stack to handle some cases.
> (See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815409
> for an example of this causing QEMU to crash.)
> 
> Create a utility function qemu_alloc_stack() which allocates a
> block of memory for use as a stack with the correct permissions.
> Since we would prefer to make the stack non-executable if we can
> as a defence against code execution exploits, we detect whether
> the existing stack is mapped executable. Unfortunately this
> requires us to grovel through /proc/self/maps to determine the
> permissions on it.
> 
> Signed-off-by: Peter Maydell 
> ---
> This method of figuring out the correct perms for the stack is
> not exactly pretty; better suggestions welcome.
> 
> NB that this utility function also gives us a handy place to put
> code for allocating a guard page at the bottom of the stack, or
> mapping it as MAP_GROWSDOWN, or whatever.
> ---
>  include/sysemu/os-posix.h| 12 
>  util/coroutine-sigaltstack.c |  2 +-
>  util/coroutine-ucontext.c|  2 +-
>  util/oslib-posix.c   | 70 
> 
>  4 files changed, 84 insertions(+), 2 deletions(-)
> 
> diff --git a/include/sysemu/os-posix.h b/include/sysemu/os-posix.h
> index 9c7dfdf..1dc9d3c 100644
> --- a/include/sysemu/os-posix.h
> +++ b/include/sysemu/os-posix.h
> @@ -60,4 +60,16 @@ int qemu_utimens(const char *path, const qemu_timespec 
> *times);
>  
>  bool is_daemonized(void);
>  
> +/**
> + * qemu_alloc_stack:
> + * @sz: size of required stack in bytes
> + *
> + * Allocate memory that can be used as a stack, for instance for
> + * coroutines. If the memory cannot be allocated, this function
> + * will abort (like g_malloc()).
> + *
> + * Returns: pointer to (the lowest address of) the stack memory.
> + */
> +void *qemu_alloc_stack(size_t sz);
> +
>  #endif
> diff --git a/util/coroutine-sigaltstack.c b/util/coroutine-sigaltstack.c
> index a7c3366..209f6e5 100644
> --- a/util/coroutine-sigaltstack.c
> +++ b/util/coroutine-sigaltstack.c
> @@ -164,7 +164,7 @@ Coroutine *qemu_coroutine_new(void)
>   */
>  
>  co = g_malloc0(sizeof(*co));
> -co->stack = g_malloc(stack_size);
> +co->stack = qemu_alloc_stack(stack_size);
>  co->base.entry_arg = _env; /* stash away our jmp_buf */
>  
>  coTS = coroutine_get_thread_state();
> diff --git a/util/coroutine-ucontext.c b/util/coroutine-ucontext.c
> index 2bb7e10..a455519 100644
> --- a/util/coroutine-ucontext.c
> +++ b/util/coroutine-ucontext.c
> @@ -101,7 +101,7 @@ Coroutine *qemu_coroutine_new(void)
>  }
>  
>  co = g_malloc0(sizeof(*co));
> -co->stack = g_malloc(stack_size);
> +co->stack = qemu_alloc_stack(stack_size);
>  co->base.entry_arg = _env; /* stash away our jmp_buf */
>  
>  uc.uc_link = _uc;
> diff --git a/util/oslib-posix.c b/util/oslib-posix.c
> index e2e1d4d..311093e 100644
> --- a/util/oslib-posix.c
> +++ b/util/oslib-posix.c
> @@ -497,3 +497,73 @@ pid_t qemu_fork(Error **errp)
>  }
>  return pid;
>  }
> +
> +#if defined(__linux__)
> +static int stack_prot(void)
> +{
> +static int prot;
> +gchar *maps, *start, *end;
> +
> +if (prot) {
> +return prot;
> +}
> +
> +/* Some architectures (notably MIPS) require an executable stack, but
> + * we would prefer to avoid making the stack executable unnecessarily,
> + * to defend against code execution exploits.
> + * Check whether the current stack is executable, and follow its lead.
> + * Unfortunately to do this we have to wade through /proc/self/maps
> + * looking for the stack memory. We default to assuming we need an
> + * executable stack and remove the permission only if we can successfully
> + * confirm that non-executable is OK.
> + */
> +
> +prot = PROT_READ | PROT_WRITE | PROT_EXEC;
> +
> +if (!g_file_get_contents("/proc/self/maps", , NULL, NULL)) {
> +return prot;
> +}
> +
> +/* We are looking for a line like this:
> + *  7fffbe217000-7fffbe238000 rw-p  00:00 0  [stack]
> + * and checking whether it says 'rw-' or 'rwx'.
> + * We look forwards for [stack], then back to the preceding newline,
> + * then forwards for the rw- between the two.
> + */
> +end = g_strstr_len(maps, -1, "[stack]");
> +if (!end) {
> +return prot;
> +}
> +start = g_strrstr_len(maps, end - maps, "\n");
> +if (!start) {
> +start = maps;
> +}
> +if (g_strstr_len(start, end - start, "rw-")) {
> +prot &= ~PROT_EXEC;
> +}
> +
> +return prot;
> +}
> +
> +#else
> +static int stack_prot(void)
> +{
> +/* Assume an executable stack is needed, since we can't detect it. */
> +return PROT_READ | PROT_WRITE | 

[Qemu-devel] [Bug 1593605] Re: windows2008r2 boot failed with uefi

[Richard Zhang]

Thank you very much. After disabling all HyperV feature, Win2k8 can
runnig with multi-vcpus in my enviroment.

Referring to your advice, I will try to runnig Win2k8 with HyperV
feature. Thank you very much.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1593605

Title:
  windows2008r2 boot failed with uefi

Status in QEMU:
  Incomplete

Bug description:
  I want to run my win2008r2 with uefi. Hypervisor is ubuntu16.04 and my
  qemu command line show below:

  qemu-system-x86_64 -enable-kvm -name win2008r2 -S -machine pc-
  i440fx-2.5,accel=kvm,usb=off -cpu
  host,hv_time,hv_relaxed,hv_spinlocks=0x2000 -drive
  file=/usr/share/qemu/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on
  -drive
  file=/var/lib/libvirt/qemu/nvram/win2008r2_VARS.fd,if=pflash,format=raw,unit=1
  -m size=8388608k,slots=10,maxmem=1073741824k -realtime mlock=off -smp
  8,maxcpus=96,sockets=24,cores=4,threads=1 -numa
  node,nodeid=0,cpus=0-7,mem=8192 -uuid 030638c5-c6aa-
  4f06-82f8-dd2d04fd5705 -no-user-config -nodefaults -chardev
  socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-
  win2008r2/monitor.sock,server,nowait -mon
  chardev=charmonitor,id=monitor,mode=control -rtc
  base=localtime,clock=vm,driftfix=slew -no-hpet -no-shutdown -boot
  strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device
  usb-ehci,id=usb1,bus=pci.0,addr=0x4 -device nec-usb-
  xhci,id=usb2,bus=pci.0,addr=0x5 -device
  lsi,id=scsi0,bus=pci.0,addr=0x6 -device virtio-scsi-
  pci,id=scsi1,bus=pci.0,addr=0x7 -device virtio-serial-pci,id=virtio-
  serial0,bus=pci.0,addr=0x8 -drive
  file=/vms/images/win2008r2,format=qcow2,if=none,id=drive-
  ide0-0-0,cache=directsync -device ide-hd,bus=ide.0,unit=0,drive=drive-
  ide0-0-0,id=ide0-0-0,bootindex=1 -drive
  
file=/vms/isos/cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598.iso,format=raw,if=none,id
  =drive-ide0-1-1,readonly=on -device ide-cd,bus=ide.1,unit=1,drive
  =drive-ide0-1-1,id=ide0-1-1,bootindex=2 -chardev pty,id=charserial0
  -device isa-serial,chardev=charserial0,id=serial0 -chardev
  
socket,id=charchannel0,path=/var/lib/libvirt/qemu/win2008r2.agent,server,nowait
  -device virtserialport,bus=virtio-
  serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
  -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -device
  VGA,id=video0,vgamem_mb=16,bus=pci.0,addr=0x2 -device virtio-balloon-
  pci,id=balloon0,bus=pci.0,addr=0xa -msg timestamp=on

  
  OVMF.fd is download from http://sourceforge.net/projects/edk2/files/OVMF/ 
OVMF-X64-r15214.zip.

  When I boot my domain with windows2008 iso, the kvm was caught in
  endless interrupt. I enable trace on my host and I got this.


  1. echo 1 > /sys/kernel/debug/tracing/events/kvm/enable
  2. cat /sys/kernel/debug/tracing/trace_pipe 
  qemu-system-x86-1969  [006]   2093.019588: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.019590: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.021424: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.021429: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.021430: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.021683: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.021686: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022592: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80ef
   qemu-system-x86-1969  [006] d...  2093.022595: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022746: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.022749: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.023434: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.023444: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.023446: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.023610: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.023612: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.025430: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.025435: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.025436: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.025599: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.025601: kvm_entry: vcpu 0
   

[Qemu-devel] [PATCH] vmxnet3: Fix reading/writing guest memory specially when behind an IOMMU

[KarimAllah Ahmed]

When a PCI device lives behind an IOMMU, it should use 'pci_dma_*' family of
functions when any transfer from/to guest memory is required while
'cpu_physical_memory_*' family of functions completely bypass any MMU/IOMMU in
the system.

vmxnet3 was exclusively using 'cpu_physical_memory_*' family of functions which
works fine with the default QEMU setup where IOMMU is not enabled but fails
miserably when IOMMU is enabled. This commit converts all such instances in
favor of 'pci_dma_*'

Cc: Dmitry Fleytman 
Cc: Jason Wang 
Cc: qemu-devel@nongnu.org
Cc: Anthony Liguori 
Signed-off-by: KarimAllah Ahmed 
---
 hw/net/vmware_utils.h  |  55 +++--
 hw/net/vmxnet3.c   | 207 +++--
 hw/net/vmxnet_tx_pkt.c |  19 ++---
 hw/net/vmxnet_tx_pkt.h |   8 +-
 4 files changed, 161 insertions(+), 128 deletions(-)

diff --git a/hw/net/vmware_utils.h b/hw/net/vmware_utils.h
index c0dbb2f..5500601 100644
--- a/hw/net/vmware_utils.h
+++ b/hw/net/vmware_utils.h
@@ -26,97 +26,104 @@
  *
  */
 static inline void
-vmw_shmem_read(hwaddr addr, void *buf, int len)
+vmw_shmem_read(PCIDevice *d, hwaddr addr, void *buf, int len)
 {
 VMW_SHPRN("SHMEM r: %" PRIx64 ", len: %d to %p", addr, len, buf);
-cpu_physical_memory_read(addr, buf, len);
+pci_dma_read(d, addr, buf, len);
 }
 
 static inline void
-vmw_shmem_write(hwaddr addr, void *buf, int len)
+vmw_shmem_write(PCIDevice *d, hwaddr addr, void *buf, int len)
 {
 VMW_SHPRN("SHMEM w: %" PRIx64 ", len: %d to %p", addr, len, buf);
-cpu_physical_memory_write(addr, buf, len);
+pci_dma_write(d, addr, buf, len);
 }
 
 static inline void
-vmw_shmem_rw(hwaddr addr, void *buf, int len, int is_write)
+vmw_shmem_rw(PCIDevice *d, hwaddr addr, void *buf, int len, int is_write)
 {
 VMW_SHPRN("SHMEM r/w: %" PRIx64 ", len: %d (to %p), is write: %d",
   addr, len, buf, is_write);
 
-cpu_physical_memory_rw(addr, buf, len, is_write);
+if (is_write)
+pci_dma_write(d, addr, buf, len);
+else
+pci_dma_read(d, addr, buf, len);
 }
 
 static inline void
-vmw_shmem_set(hwaddr addr, uint8_t val, int len)
+vmw_shmem_set(PCIDevice *d, hwaddr addr, uint8_t val, int len)
 {
 int i;
 VMW_SHPRN("SHMEM set: %" PRIx64 ", len: %d (value 0x%X)", addr, len, val);
 
 for (i = 0; i < len; i++) {
-cpu_physical_memory_write(addr + i, , 1);
+pci_dma_write(d, addr + i, , 1);
 }
 }
 
 static inline uint32_t
-vmw_shmem_ld8(hwaddr addr)
+vmw_shmem_ld8(PCIDevice *d, hwaddr addr)
 {
-uint8_t res = ldub_phys(_space_memory, addr);
+uint8_t res;
+pci_dma_read(d, addr, , 1);
 VMW_SHPRN("SHMEM load8: %" PRIx64 " (value 0x%X)", addr, res);
 return res;
 }
 
 static inline void
-vmw_shmem_st8(hwaddr addr, uint8_t value)
+vmw_shmem_st8(PCIDevice *d, hwaddr addr, uint8_t value)
 {
 VMW_SHPRN("SHMEM store8: %" PRIx64 " (value 0x%X)", addr, value);
-stb_phys(_space_memory, addr, value);
+pci_dma_write(d, addr, , 1);
 }
 
 static inline uint32_t
-vmw_shmem_ld16(hwaddr addr)
+vmw_shmem_ld16(PCIDevice *d, hwaddr addr)
 {
-uint16_t res = lduw_le_phys(_space_memory, addr);
+uint16_t res;
+pci_dma_read(d, addr, , 2);
 VMW_SHPRN("SHMEM load16: %" PRIx64 " (value 0x%X)", addr, res);
 return res;
 }
 
 static inline void
-vmw_shmem_st16(hwaddr addr, uint16_t value)
+vmw_shmem_st16(PCIDevice *d, hwaddr addr, uint16_t value)
 {
 VMW_SHPRN("SHMEM store16: %" PRIx64 " (value 0x%X)", addr, value);
-stw_le_phys(_space_memory, addr, value);
+pci_dma_write(d, addr, , 2);
 }
 
 static inline uint32_t
-vmw_shmem_ld32(hwaddr addr)
+vmw_shmem_ld32(PCIDevice *d, hwaddr addr)
 {
-uint32_t res = ldl_le_phys(_space_memory, addr);
+uint32_t res;
+pci_dma_read(d, addr, , 4);
 VMW_SHPRN("SHMEM load32: %" PRIx64 " (value 0x%X)", addr, res);
 return res;
 }
 
 static inline void
-vmw_shmem_st32(hwaddr addr, uint32_t value)
+vmw_shmem_st32(PCIDevice *d, hwaddr addr, uint32_t value)
 {
 VMW_SHPRN("SHMEM store32: %" PRIx64 " (value 0x%X)", addr, value);
-stl_le_phys(_space_memory, addr, value);
+pci_dma_write(d, addr, , 4);
 }
 
 static inline uint64_t
-vmw_shmem_ld64(hwaddr addr)
+vmw_shmem_ld64(PCIDevice *d, hwaddr addr)
 {
-uint64_t res = ldq_le_phys(_space_memory, addr);
+uint64_t res;
+pci_dma_read(d, addr, , 8);
 VMW_SHPRN("SHMEM load64: %" PRIx64 " (value %" PRIx64 ")", addr, res);
 return res;
 }
 
 static inline void
-vmw_shmem_st64(hwaddr addr, uint64_t value)
+vmw_shmem_st64(PCIDevice *d, hwaddr addr, uint64_t value)
 {
 VMW_SHPRN("SHMEM store64: %" PRIx64 " (value %" PRIx64 ")", addr, value);
-stq_le_phys(_space_memory, addr, value);
+pci_dma_write(d, addr, , 8);
 }
 
 /* Macros for simplification of operations on array-style registers */
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 20f26b7..367f775 

Re: [Qemu-devel] 答复： Re: [PATCH] Show all of snapshot info on every block device in output of 'info snapshots'

[Max Reitz]

On 17.06.2016 10:18, Lin Ma wrote:
> 
> 
 Max Reitz mre...@redhat.com> 2016/6/15 星期三 上午 1:43 >>
>  2016/6/15 星期三 上午 1:43 >>>
> ..
>>I have many comments, but don't worry, it's nothing that can't be fixed.
>>The overall design looks good to me.
> Thank you so much for reviewing the patch very carefully and gave me so many
> comments. I would take most of your comments but except some of below:
> 
> ..
>>Nit pick: The following code will always leave an empty line after
>>everything. I think that's superfluous, and it can be amended as follows
>>(if you want to amend it, that is; if you really like that empty line,
>>then feel free to disregard my suggestion):
>>
>>> +monitor_printf(mon, "\n");
>>
>>Drop this.
>>
>>> +QTAILQ_FOREACH(image_entry, _list, next) {
>>> +if (QTAILQ_EMPTY(_entry->snapshots)) {
>>> +continue;
>>> +}
>>
>>Put monitor_printf(mon, "\n"); here.
> OK.
> 
>>> +monitor_printf(mon, "List of partial (non-loadable)
> snapshots on '%s':",
>>> +   image_entry->imagename);
>>> +monitor_printf(mon, "\n");
>>
>>(Why did you not concatenate these two strings in a single
>>monitor_printf() call?)
> OK.
> 
>>> +bdrv_snapshot_dump((fprintf_function)monitor_printf, mon, NULL);
>>> +monitor_printf(mon, "\n");
>>
>>Drop this.
>>
>>> +QTAILQ_FOREACH(snapshot_entry, _entry->snapshots, next) {
>>
>>Put monitor_printf(mon, "\n"); here.
> If so, It causes the output looks like this:
> -FROM:
> List of partial (non-loadable) snapshots on 'drive_image1':
> IDTAG VM SIZEDATE   VM CLOCK
> 3 snapb 0 2016-06-16 17:37:25   00:00:00.000
> 4 snapc 0 2016-06-16 17:37:30   00:00:00.000
> 5 snap2 0 2016-06-16 17:37:34   00:00:00.000
> (qemu)
> -TO:
> List of partial (non-loadable) snapshots on 'drive_image1':
> IDTAG VM SIZEDATE   VM CLOCK
> 3 snapb 0 2016-06-16 17:37:25   00:00:00.000
>  
> 4 snapc 0 2016-06-16 17:37:30   00:00:00.000
>  
> 5 snap2 0 2016-06-16 17:37:34   00:00:00.000
> (qemu)
>  
> So I'll keep the code.
>  
>>> +bdrv_snapshot_dump((fprintf_function)monitor_printf, mon,
>>> +   snapshot_entry->sn);
>>> +monitor_printf(mon, "\n");
>>
>>And drop this. Again, the suggestions on moving the
>>monitor_printf(mon, "\n"); calls around are just suggestions, and it's
>>up to you whether you want to follow them or not.
> If so, It causes the output looks like this:
> -FROM:
> List of partial (non-loadable) snapshots on 'drive_image1':
> IDTAG VM SIZEDATE   VM CLOCK
> 3 snapb 0 2016-06-16 17:37:25   00:00:00.000
> 4 snapc 0 2016-06-16 17:37:30   00:00:00.000
> 5 snap2 0 2016-06-16 17:37:34   00:00:00.000
> (qemu)
> -TO:
> List of partial (non-loadable) snapshots on 'drive_image1':
> IDTAG VM SIZEDATE   VM CLOCK
> 3 snapb 0 2016-06-16 17:37:25  00:00:00.0004  
>snapc 0 2016-06-16 17:37:30  00:00:00.0005 
> snap2 0 2016-06-16 17:37:34  
> 00:00:00.000(qemu)
>  
> So I'll keep the code.

Well, the idea was to do all of the suggestions, and then these two
would counteract each other.

However, I just noticed that I was completely wrong about my nit pick
anyway. The code won't leave an empty line after printing everything, I
made a mistake there.

My suggestion instead leads to not having an end-of-line after
everything, which is definitely wrong (sorry!).

So you should probably leave all the monitor_printf(mon, "\n")
statements as they are, except the one where I asked about concatenating
it with the previous one.

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [V11 2/4] hw/i386: ACPI IVRS table

[Jan Kiszka]

On 2016-06-18 14:32, Peter Xu wrote:
> On Sat, Jun 18, 2016 at 11:18:29AM +0300, David Kiarie wrote:
>> On Tue, May 24, 2016 at 10:06 AM, Valentine Sinitsyn
>>  wrote:
>>> Hi all,
>>>
>>>
>>> On 24.05.2016 11:54, Peter Xu wrote:

 On Sun, May 22, 2016 at 01:21:52PM +0300, David Kiarie wrote:
 [...]
>
> +static void
> +build_amd_iommu(GArray *table_data, GArray *linker)
> +{
> +int iommu_start = table_data->len;
> +bool iommu_ambig;
> +
> +/* IVRS definition  - table header has an extra 2-byte field */
> +acpi_data_push(table_data, (sizeof(AcpiTableHeader)));
> +/* common virtualization information */
> +build_append_int_noprefix(table_data, AMD_IOMMU_HOST_ADDRESS_WIDTH
> << 8, 4);
> +/* reserved */
> +build_append_int_noprefix(table_data, 0, 8);
> +
> +AMDVIState *s = (AMDVIState *)object_resolve_path_type("",
> +TYPE_AMD_IOMMU_DEVICE, _ambig);
> +
> +/* IVDB definition - type 10h */
> +if (!iommu_ambig) {
> +/* IVHD definition - type 10h */
> +build_append_int_noprefix(table_data, 0x10, 1);
> +/* virtualization flags */
> +build_append_int_noprefix(table_data, (IVHD_HT_TUNEN |
> + IVHD_PPRSUP | IVHD_IOTLBSUP | IVHD_PREFSUP), 1);
> +/* ivhd length */
> +build_append_int_noprefix(table_data, 0x20, 2);
> +/* iommu device id */
> +build_append_int_noprefix(table_data, PCI_DEVICE_ID_RD890_IOMMU,
> 2);
> +/* offset of capability registers */
> +build_append_int_noprefix(table_data, s->capab_offset, 2);
> +/* mmio base register */
> +build_append_int_noprefix(table_data, s->mmio.addr, 8);
> +/* pci segment */
> +build_append_int_noprefix(table_data, 0, 2);
> +/* interrupt numbers */
> +build_append_int_noprefix(table_data, 0, 2);
> +/* feature reporting */
> +build_append_int_noprefix(table_data, (IVHD_EFR_GTSUP |
> +IVHD_EFR_HATS | IVHD_EFR_GATS), 4);
> +/* Add device flags here
> + *   These are 4-byte device entries currently reporting the
> range of
> + *   devices 00h - h; all devices
> + *   Device setting affecting all devices should be made here
> + *
> + *   Refer to
> + *
> (http://developer.amd.com/wordpress/media/2012/10/488821.pdf)
> + *   Table 95


 I failed to find Table 95 in the document. Is that typo?
>>>
>>> I guess it should be "Table 75". David, am I right?
>>> On a side note, 2.0 specification you mention is rather outdated.
>>> Please consider referencing something newer, like 2.6.
>>>
>>>

 [...]

>   static
>   void acpi_build(AcpiBuildTables *tables, MachineState *machine)
>   {
> @@ -2657,6 +2721,7 @@ void acpi_build(AcpiBuildTables *tables,
> MachineState *machine)
>   AcpiMcfgInfo mcfg;
>   PcPciInfo pci;
>   uint8_t *u;
> +IommuType IOMMUType = has_iommu();
>   size_t aml_len = 0;
>   GArray *tables_blob = tables->table_data;
>   AcpiSlicOem slic_oem = { .id = NULL, .table_id = NULL };
> @@ -2722,7 +2787,13 @@ void acpi_build(AcpiBuildTables *tables,
> MachineState *machine)
>   acpi_add_table(table_offsets, tables_blob);
>   build_mcfg_q35(tables_blob, tables->linker, );
>   }
> -if (acpi_has_iommu()) {
> +
> +if (IOMMUType == TYPE_AMD) {
> +acpi_add_table(table_offsets, tables_blob);
> +build_amd_iommu(tables_blob, tables->linker);
> +}
> +
> +if (IOMMUType == TYPE_INTEL) {
>   acpi_add_table(table_offsets, tables_blob);
>   build_dmar_q35(tables_blob, tables->linker);
>   }


 Nit: I'd prefer:

  if (type == Intel) {
  ...
  } else if (type == AMD) {
  ...
  }

>>
>> I missed this is the last version of the patch I should fix it in next 
>> version.
>>
>> On taking a closer look at this there might be larger problem where
>> with the advent of -device  users can possibly emulate two
>> IOMMUs at the same time ? A proposed solution was to have
>> pci_setup_iommu check that DMA hook as not been setup yet and fail if
>> yes. I should send a fix for that too.
> 
> Currently we should only support single vIOMMU.  If you are going to
> rebase to x86-iommu codes, there is a patch that includes the check:
> 
>   "[PATCH v9 02/25] x86-iommu: provide x86_iommu_get_default"
> 
> by:
> 
>   assert(x86_iommu_default == NULL);
> 
> Maybe we should print something more readable, like "multiple vIOMMUs
> are not supported yet", rather than an 

Re: [Qemu-devel] [V11 2/4] hw/i386: ACPI IVRS table

[Peter Xu]

On Sat, Jun 18, 2016 at 11:18:29AM +0300, David Kiarie wrote:
> On Tue, May 24, 2016 at 10:06 AM, Valentine Sinitsyn
>  wrote:
> > Hi all,
> >
> >
> > On 24.05.2016 11:54, Peter Xu wrote:
> >>
> >> On Sun, May 22, 2016 at 01:21:52PM +0300, David Kiarie wrote:
> >> [...]
> >>>
> >>> +static void
> >>> +build_amd_iommu(GArray *table_data, GArray *linker)
> >>> +{
> >>> +int iommu_start = table_data->len;
> >>> +bool iommu_ambig;
> >>> +
> >>> +/* IVRS definition  - table header has an extra 2-byte field */
> >>> +acpi_data_push(table_data, (sizeof(AcpiTableHeader)));
> >>> +/* common virtualization information */
> >>> +build_append_int_noprefix(table_data, AMD_IOMMU_HOST_ADDRESS_WIDTH
> >>> << 8, 4);
> >>> +/* reserved */
> >>> +build_append_int_noprefix(table_data, 0, 8);
> >>> +
> >>> +AMDVIState *s = (AMDVIState *)object_resolve_path_type("",
> >>> +TYPE_AMD_IOMMU_DEVICE, _ambig);
> >>> +
> >>> +/* IVDB definition - type 10h */
> >>> +if (!iommu_ambig) {
> >>> +/* IVHD definition - type 10h */
> >>> +build_append_int_noprefix(table_data, 0x10, 1);
> >>> +/* virtualization flags */
> >>> +build_append_int_noprefix(table_data, (IVHD_HT_TUNEN |
> >>> + IVHD_PPRSUP | IVHD_IOTLBSUP | IVHD_PREFSUP), 1);
> >>> +/* ivhd length */
> >>> +build_append_int_noprefix(table_data, 0x20, 2);
> >>> +/* iommu device id */
> >>> +build_append_int_noprefix(table_data, PCI_DEVICE_ID_RD890_IOMMU,
> >>> 2);
> >>> +/* offset of capability registers */
> >>> +build_append_int_noprefix(table_data, s->capab_offset, 2);
> >>> +/* mmio base register */
> >>> +build_append_int_noprefix(table_data, s->mmio.addr, 8);
> >>> +/* pci segment */
> >>> +build_append_int_noprefix(table_data, 0, 2);
> >>> +/* interrupt numbers */
> >>> +build_append_int_noprefix(table_data, 0, 2);
> >>> +/* feature reporting */
> >>> +build_append_int_noprefix(table_data, (IVHD_EFR_GTSUP |
> >>> +IVHD_EFR_HATS | IVHD_EFR_GATS), 4);
> >>> +/* Add device flags here
> >>> + *   These are 4-byte device entries currently reporting the
> >>> range of
> >>> + *   devices 00h - h; all devices
> >>> + *   Device setting affecting all devices should be made here
> >>> + *
> >>> + *   Refer to
> >>> + *
> >>> (http://developer.amd.com/wordpress/media/2012/10/488821.pdf)
> >>> + *   Table 95
> >>
> >>
> >> I failed to find Table 95 in the document. Is that typo?
> >
> > I guess it should be "Table 75". David, am I right?
> > On a side note, 2.0 specification you mention is rather outdated.
> > Please consider referencing something newer, like 2.6.
> >
> >
> >>
> >> [...]
> >>
> >>>   static
> >>>   void acpi_build(AcpiBuildTables *tables, MachineState *machine)
> >>>   {
> >>> @@ -2657,6 +2721,7 @@ void acpi_build(AcpiBuildTables *tables,
> >>> MachineState *machine)
> >>>   AcpiMcfgInfo mcfg;
> >>>   PcPciInfo pci;
> >>>   uint8_t *u;
> >>> +IommuType IOMMUType = has_iommu();
> >>>   size_t aml_len = 0;
> >>>   GArray *tables_blob = tables->table_data;
> >>>   AcpiSlicOem slic_oem = { .id = NULL, .table_id = NULL };
> >>> @@ -2722,7 +2787,13 @@ void acpi_build(AcpiBuildTables *tables,
> >>> MachineState *machine)
> >>>   acpi_add_table(table_offsets, tables_blob);
> >>>   build_mcfg_q35(tables_blob, tables->linker, );
> >>>   }
> >>> -if (acpi_has_iommu()) {
> >>> +
> >>> +if (IOMMUType == TYPE_AMD) {
> >>> +acpi_add_table(table_offsets, tables_blob);
> >>> +build_amd_iommu(tables_blob, tables->linker);
> >>> +}
> >>> +
> >>> +if (IOMMUType == TYPE_INTEL) {
> >>>   acpi_add_table(table_offsets, tables_blob);
> >>>   build_dmar_q35(tables_blob, tables->linker);
> >>>   }
> >>
> >>
> >> Nit: I'd prefer:
> >>
> >>  if (type == Intel) {
> >>  ...
> >>  } else if (type == AMD) {
> >>  ...
> >>  }
> >>
> 
> I missed this is the last version of the patch I should fix it in next 
> version.
> 
> On taking a closer look at this there might be larger problem where
> with the advent of -device  users can possibly emulate two
> IOMMUs at the same time ? A proposed solution was to have
> pci_setup_iommu check that DMA hook as not been setup yet and fail if
> yes. I should send a fix for that too.

Currently we should only support single vIOMMU.  If you are going to
rebase to x86-iommu codes, there is a patch that includes the check:

  "[PATCH v9 02/25] x86-iommu: provide x86_iommu_get_default"

by:

  assert(x86_iommu_default == NULL);

Maybe we should print something more readable, like "multiple vIOMMUs
are not supported yet", rather than an assertion fail.

-- peterx

[Qemu-devel] [Bug 1529226] Re: qemu-i386-user on 32-bit Linux: uncaught target signal 11

[PeteVine]

A simpler way to reproduce would probably be to wrap the regular,
installed rustc that way and try running some compilations using cargo.
That should be enough to elicit the same problem.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1529226

Title:
  qemu-i386-user on 32-bit Linux: uncaught target signal 11

Status in QEMU:
  New

Bug description:
  Even though the command I'm trying to run (a wrapper script for
  qemu-i386-user running rustc, the rust compiler)  produces the
  expected  compiled output, the build process is interrupted:

  qemu: uncaught target signal 11 (Segmentation fault) - core dumped
  i686-unknown-linux-gnu/stage0/bin/rustc: line 1:  7474 Segmentation fault 
 /usr/local/bin/qemu-i386 -cpu qemu32 /home/petevine/stage0/rustc.bin -C 
target-cpu=pentium2 -L 
/home/petevine/unpacked/rust-master/i686-unknown-linux-gnu/stage0/lib/rustlib/i686-unknown-linux-gnu/lib/
 "$@"
  make: *** 
[i686-unknown-linux-gnu/stage0/lib/rustlib/i686-unknown-linux-gnu/lib/stamp.rustc_back]
 Error 139

  The stamp file is not being created so this could be about forking
  bash after finishing the wrapper script.

  Qemu was compiled from the latest git source.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1529226/+subscriptions

Re: [Qemu-devel] [PATCH v6 02/22] qapi: Add lock-mode in blockdev-add options

[Fam Zheng]

On Fri, 06/17 11:17, Kevin Wolf wrote:
> Am 03.06.2016 um 10:48 hat Fam Zheng geschrieben:
> > To allow overriding the default locking behavior when opening the image.
> > 
> > Signed-off-by: Fam Zheng 
> > ---
> >  qapi/block-core.json | 19 ++-
> >  1 file changed, 18 insertions(+), 1 deletion(-)
> > 
> > diff --git a/qapi/block-core.json b/qapi/block-core.json
> > index 98a20d2..23ec31d 100644
> > --- a/qapi/block-core.json
> > +++ b/qapi/block-core.json
> > @@ -2032,6 +2032,20 @@
> >  '*read-pattern': 'QuorumReadPattern' } }
> >  
> >  ##
> > +# @BlockdevLockMode
> > +#
> > +# Describes how QEMU should lock the image.
> > +#
> > +# @off:   Disabled
> > +# @shared:Use shared lock for both RO and RW images.
> > +# @exclusive: Use exclusive lock for RW images, and shared lock for RO 
> > images.
> 
> This feels odd. If I request 'exclusive', I want to have exclusive.
> Reasons may include that I anticipate reopening the image r/w later for
> a commit operation and don't want to have this blocked by other readers.
> 
> I see where you're coming from, though, because this might not be a good
> default. Perhaps we need to have both then, an 'exclusive' option that
> does what it promises and a 'default' option that infers the wanted
> locking mode from the writability of the image.

Fair enough, though I'd call it "auto" instead of "default", what do you think?

Fam

[Qemu-devel] [Bug 1593605] Re: windows2008r2 boot failed with uefi

[Denis V. Lunev]

you CAN run, but you have to disable HyperV enlightments. This means
that these options "hv_time,hv_relaxed,hv_spinlocks=0x2000" must NOT be
set.

I have not found exact patch, sorry. But something like the following
should be done even to start thinking on running win2k8 with EFI if
HyperV is enabled. Look into OvmfPkg/QemuVideoDxe/ and replace
allocations of EfiBootServicesData/EfiBootServicesCode with
EfiACPIMemoryNVS.

For our case we have found that "The problem is triggered by the Windows
memory manager unmapping the page #0 while Windows HAL keeps thinking
it's still available and accesses it.

The unmapping happens because the page #0 is marked by OVMF as
EfiBootServicesCode.

Reportedly the access of the page #0 by HAL only happens when the VM announces
the support for Hyper-V enlightenments; otherwise no crashes are observed."

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1593605

Title:
  windows2008r2 boot failed with uefi

Status in QEMU:
  Incomplete

Bug description:
  I want to run my win2008r2 with uefi. Hypervisor is ubuntu16.04 and my
  qemu command line show below:

  qemu-system-x86_64 -enable-kvm -name win2008r2 -S -machine pc-
  i440fx-2.5,accel=kvm,usb=off -cpu
  host,hv_time,hv_relaxed,hv_spinlocks=0x2000 -drive
  file=/usr/share/qemu/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on
  -drive
  file=/var/lib/libvirt/qemu/nvram/win2008r2_VARS.fd,if=pflash,format=raw,unit=1
  -m size=8388608k,slots=10,maxmem=1073741824k -realtime mlock=off -smp
  8,maxcpus=96,sockets=24,cores=4,threads=1 -numa
  node,nodeid=0,cpus=0-7,mem=8192 -uuid 030638c5-c6aa-
  4f06-82f8-dd2d04fd5705 -no-user-config -nodefaults -chardev
  socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-
  win2008r2/monitor.sock,server,nowait -mon
  chardev=charmonitor,id=monitor,mode=control -rtc
  base=localtime,clock=vm,driftfix=slew -no-hpet -no-shutdown -boot
  strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device
  usb-ehci,id=usb1,bus=pci.0,addr=0x4 -device nec-usb-
  xhci,id=usb2,bus=pci.0,addr=0x5 -device
  lsi,id=scsi0,bus=pci.0,addr=0x6 -device virtio-scsi-
  pci,id=scsi1,bus=pci.0,addr=0x7 -device virtio-serial-pci,id=virtio-
  serial0,bus=pci.0,addr=0x8 -drive
  file=/vms/images/win2008r2,format=qcow2,if=none,id=drive-
  ide0-0-0,cache=directsync -device ide-hd,bus=ide.0,unit=0,drive=drive-
  ide0-0-0,id=ide0-0-0,bootindex=1 -drive
  
file=/vms/isos/cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598.iso,format=raw,if=none,id
  =drive-ide0-1-1,readonly=on -device ide-cd,bus=ide.1,unit=1,drive
  =drive-ide0-1-1,id=ide0-1-1,bootindex=2 -chardev pty,id=charserial0
  -device isa-serial,chardev=charserial0,id=serial0 -chardev
  
socket,id=charchannel0,path=/var/lib/libvirt/qemu/win2008r2.agent,server,nowait
  -device virtserialport,bus=virtio-
  serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
  -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -device
  VGA,id=video0,vgamem_mb=16,bus=pci.0,addr=0x2 -device virtio-balloon-
  pci,id=balloon0,bus=pci.0,addr=0xa -msg timestamp=on

  
  OVMF.fd is download from http://sourceforge.net/projects/edk2/files/OVMF/ 
OVMF-X64-r15214.zip.

  When I boot my domain with windows2008 iso, the kvm was caught in
  endless interrupt. I enable trace on my host and I got this.


  1. echo 1 > /sys/kernel/debug/tracing/events/kvm/enable
  2. cat /sys/kernel/debug/tracing/trace_pipe 
  qemu-system-x86-1969  [006]   2093.019588: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.019590: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.021424: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.021429: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.021430: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.021683: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.021686: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022592: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80ef
   qemu-system-x86-1969  [006] d...  2093.022595: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022746: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.022749: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.023434: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.023444: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.023446: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.023610: kvm_exit: reason 

[Qemu-devel] [Bug 1593605] Re: windows2008r2 boot failed with uefi

[Richard Zhang]

Hi Denis, thank you very much. I do really be interested in it. If the
patch can be found, it readlly help me.

And I still have another question. I notice that Win2k8 cound runnig
with UEFI normally on Xen and VMare. Is there any diffrence between them
abount handling with video, especially on Xen enviroment？

Thank you very much!

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1593605

Title:
  windows2008r2 boot failed with uefi

Status in QEMU:
  Incomplete

Bug description:
  I want to run my win2008r2 with uefi. Hypervisor is ubuntu16.04 and my
  qemu command line show below:

  qemu-system-x86_64 -enable-kvm -name win2008r2 -S -machine pc-
  i440fx-2.5,accel=kvm,usb=off -cpu
  host,hv_time,hv_relaxed,hv_spinlocks=0x2000 -drive
  file=/usr/share/qemu/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on
  -drive
  file=/var/lib/libvirt/qemu/nvram/win2008r2_VARS.fd,if=pflash,format=raw,unit=1
  -m size=8388608k,slots=10,maxmem=1073741824k -realtime mlock=off -smp
  8,maxcpus=96,sockets=24,cores=4,threads=1 -numa
  node,nodeid=0,cpus=0-7,mem=8192 -uuid 030638c5-c6aa-
  4f06-82f8-dd2d04fd5705 -no-user-config -nodefaults -chardev
  socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-
  win2008r2/monitor.sock,server,nowait -mon
  chardev=charmonitor,id=monitor,mode=control -rtc
  base=localtime,clock=vm,driftfix=slew -no-hpet -no-shutdown -boot
  strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device
  usb-ehci,id=usb1,bus=pci.0,addr=0x4 -device nec-usb-
  xhci,id=usb2,bus=pci.0,addr=0x5 -device
  lsi,id=scsi0,bus=pci.0,addr=0x6 -device virtio-scsi-
  pci,id=scsi1,bus=pci.0,addr=0x7 -device virtio-serial-pci,id=virtio-
  serial0,bus=pci.0,addr=0x8 -drive
  file=/vms/images/win2008r2,format=qcow2,if=none,id=drive-
  ide0-0-0,cache=directsync -device ide-hd,bus=ide.0,unit=0,drive=drive-
  ide0-0-0,id=ide0-0-0,bootindex=1 -drive
  
file=/vms/isos/cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598.iso,format=raw,if=none,id
  =drive-ide0-1-1,readonly=on -device ide-cd,bus=ide.1,unit=1,drive
  =drive-ide0-1-1,id=ide0-1-1,bootindex=2 -chardev pty,id=charserial0
  -device isa-serial,chardev=charserial0,id=serial0 -chardev
  
socket,id=charchannel0,path=/var/lib/libvirt/qemu/win2008r2.agent,server,nowait
  -device virtserialport,bus=virtio-
  serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
  -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -device
  VGA,id=video0,vgamem_mb=16,bus=pci.0,addr=0x2 -device virtio-balloon-
  pci,id=balloon0,bus=pci.0,addr=0xa -msg timestamp=on

  
  OVMF.fd is download from http://sourceforge.net/projects/edk2/files/OVMF/ 
OVMF-X64-r15214.zip.

  When I boot my domain with windows2008 iso, the kvm was caught in
  endless interrupt. I enable trace on my host and I got this.


  1. echo 1 > /sys/kernel/debug/tracing/events/kvm/enable
  2. cat /sys/kernel/debug/tracing/trace_pipe 
  qemu-system-x86-1969  [006]   2093.019588: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.019590: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.021424: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.021429: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.021430: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.021683: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.021686: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022592: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80ef
   qemu-system-x86-1969  [006] d...  2093.022595: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022746: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.022749: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.023434: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.023444: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.023446: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.023610: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.023612: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.025430: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.025435: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.025436: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.025599: kvm_exit: reason 
EXTERNAL_INTERRUPT 

Re: [Qemu-devel] [PATCH 2/2] Explicitly print out default vnc option in use

[Robert Hu]

On Wed, 2016-06-08 at 16:22 +0200, Markus Armbruster wrote:
> Robert Hu  writes:
> 
> > On Mon, 2016-06-06 at 09:28 +0200, Markus Armbruster wrote:
> >> Robert Hu  writes:
> >> 
> >> > On Tue, 2016-05-31 at 13:17 +0200, Markus Armbruster wrote:
> >> >> Robert Hu  writes:
> >> >> 
> >> >> > On Tue, 2016-05-31 at 09:51 +0200, Markus Armbruster wrote:
> > [trim...]
> >> > I don't see a './configure' option related to this '-vnc to' param. Is
> >> > there any?
> >> > '--help', you mean 'qemu-system_x86-64 --help'? or './configure --help'?
> > [seems repeated contents, trim...]
> >> > I don't see a './configure' option related to this '-vnc to' param. Is
> >> > there any?
> >> > '--help', you mean 'qemu-system_x86-64 --help'? or './configure --help'?
> >> 
> >> The former.
> >> 
> >> The modern way to select a display is -display.  The older -nographic,
> >> -curses, -sdl are retained for backward compatibility.
> >> 
> >> Relevant parts of -help:
> >> 
> >> Display options:
> >> -display sdl[,frame=on|off][,alt_grab=on|off][,ctrl_grab=on|off]
> >> [,window_close=on|off]|curses|none|
> >> gtk[,grab_on_hover=on|off]|
> >> vnc=[,]
> >> select display type
> >> -nographic  disable graphical output and redirect serial I/Os to 
> >> console
> >> -curses use a curses/ncurses interface instead of SDL
> >> [...]
> >> -sdlenable SDL
> >> [...]
> >> -vnc displaystart a VNC server on display
> >> 
> >> Issues:
> >> 
> >> * Help for -display is broken: the mutually exclusive option arguments
> >>   are concatenated.  -display curses and -display none are undocumented.
> >>   It should look more like this:
> >> 
> >> -display sdl[,frame=on|off][,alt_grab=on|off][,ctrl_grab=on|off]
> >> [,window_close=on|off]|curses|none|
> >> -display gtk[,grab_on_hover=on|off]|
> >> -display vnc=[,]
> >> -display curses
> >> -display none
> >> select display type
> >> 
> >> * -display sdl,gl=on|off and -display gtk,gl=on|off are undocumented
> >>(missed in commit 0b71a5d5c and 97edf3b).
> >> 
> >> * There is no help on the  in -display vnc=.
> >> 
> >> * There is no help on the default.  main() picks the default depending
> >>   on configure options:
> >> 
> >> #if defined(CONFIG_GTK)
> >> display_type = DT_GTK;
> >> #elif defined(CONFIG_SDL)
> >> display_type = DT_SDL;
> >> #elif defined(CONFIG_COCOA)
> >> display_type = DT_COCOA;
> >> #elif defined(CONFIG_VNC)
> >> vnc_parse("localhost:0,to=99,id=default", _abort);
> >> show_vnc_port = 1;
> >> #else
> >> display_type = DT_NONE;
> >> #endif
> >> 
> >>   Help should show the default this binary will pick.  This is what I
> >>   meant by "Ideally, --help output would show the defaults for this
> >>   build's configuration."
> >> 
> >> * Help should explain syntacic sugar:
> >>   -curses is sugar for -display curses
> >>   -sdl is sugar for -display sdl
> >>   -vnc display is sugar for -display vnc=display
> >> 
> >>   -nographic is also sugar, but too complicated to explain; I'd leave it
> >>   as is.
> >> 
> >> Non-issue
> >> 
> >> * Help shows options even when they're not compiled in.  That's okay,
> >>   because trying to use them fails with an "FOO support is disabled"
> >>   error message.
> >> 
> >> >> If we decide users need more information than the current "VNC server
> >> >> running on" line, perhaps it should be included right in that line.
> >> 
> >> This would complement, but not replace better -help ouput.
> >> 
> >> If you would like to work on these issues, let us know.
> >
> > OK, if not in a hurry and assuming this is not a huge amount of work.
> > I also need to look into the build arch so that completely understand
> > your 'the default this binary will pick', till now I don't.
> >
> > Another concern is that I'm not a native English speaker, so those
> > description words may not be that apt and concise.
> 
> Imperfect English can be addressed in review.  Can be inefficient when
> most of the work is English rather than code.  But if you want to try
> anyway, go right ahead regardless.

Hi Markus,

After did some part-time investigation, I'd like to confirm with you:
this change you required seems also just qemu-options.hx involved, am I
right?
If so, I'd like to do that.

> 
> [...]

[Qemu-devel] [RFC PATCH v0 1/1] spapr: Support setting of compat CPU type for CPU cores

[Bharata B Rao]

Compat CPU type is typically specified on -cpu cmdline option like:
-cpu host,compat=power7 or -cpu POWER8E,compat=power7 etc.
With the introduction of sPAPR CPU core devices, we need to support
the same for core devices too.

Support the specification of CPU compat type on device_add command for
sPAPRCPUCore devices like:
(qemu) device_add POWER8E-spapr-cpu-core,id=core3,compat=power7,core-id=24

Signed-off-by: Bharata B Rao 
---
Applies on ppc-for-2.7 branch of David Gibson's tree.

 hw/ppc/spapr.c  |  8 +
 hw/ppc/spapr_cpu_core.c | 73 +
 include/hw/ppc/spapr_cpu_core.h |  2 ++
 3 files changed, 83 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 778fa25..2049d7d 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1807,6 +1807,7 @@ static void ppc_spapr_init(MachineState *machine)
 if (i < spapr_cores) {
 char *type = spapr_get_cpu_core_type(machine->cpu_model);
 Object *core;
+char *compat;
 
 if (!object_class_by_name(type)) {
 error_report("Unable to find sPAPR CPU Core definition");
@@ -1818,6 +1819,13 @@ static void ppc_spapr_init(MachineState *machine)
 _fatal);
 object_property_set_int(core, core_dt_id, 
CPU_CORE_PROP_CORE_ID,
 _fatal);
+compat = spapr_get_cpu_compat_type(machine->cpu_model);
+if (compat) {
+object_property_set_str(core, compat, "compat",
+_fatal);
+g_free(compat);
+}
+
 object_property_set_bool(core, true, "realized", _fatal);
 }
 }
diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index 3a5da09..9eb63cc 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -96,6 +96,24 @@ char *spapr_get_cpu_core_type(const char *model)
 return core_type;
 }
 
+/*
+ * Returns the CPU compat type specified in -cpu @model.
+ */
+char *spapr_get_cpu_compat_type(const char *model)
+{
+char *compat_type = NULL;
+gchar **model_pieces = g_strsplit(model, ",", 2);
+
+if (model_pieces[1]) {
+gchar **compat_pieces = g_strsplit(model_pieces[1], "=", 2);
+
+compat_type = g_strdup_printf("%s", compat_pieces[1]);
+}
+
+g_strfreev(model_pieces);
+return compat_type;
+}
+
 static void spapr_core_release(DeviceState *dev, void *opaque)
 {
 sPAPRCPUCore *sc = SPAPR_CPU_CORE(OBJECT(dev));
@@ -223,12 +241,31 @@ void spapr_core_pre_plug(HotplugHandler *hotplug_dev, 
DeviceState *dev,
 CPUCore *cc = CPU_CORE(dev);
 char *base_core_type = spapr_get_cpu_core_type(machine->cpu_model);
 const char *type = object_get_typename(OBJECT(dev));
+char *base_compat_type = NULL;
+char *compat = NULL;
+bool compat_set;
 
 if (strcmp(base_core_type, type)) {
 error_setg(_err, "CPU core type should be %s", base_core_type);
 goto out;
 }
 
+base_compat_type = spapr_get_cpu_compat_type(machine->cpu_model);
+compat = object_property_get_str(OBJECT(dev), "compat", NULL);
+compat_set = (compat && *compat) ? true : false;
+
+if (base_compat_type) {
+if ((compat_set && strcmp(base_compat_type, compat)) ||
+!compat_set) {
+error_setg(_err, "CPU compat type should be %s",
+   base_compat_type);
+goto out;
+}
+} else if (compat_set) {
+error_setg(_err, "CPU compat type shouldn't be set");
+goto out;
+}
+
 if (!smc->dr_cpu_enabled && dev->hotplugged) {
 error_setg(_err, "CPU hotplug not supported for this machine");
 goto out;
@@ -256,6 +293,8 @@ void spapr_core_pre_plug(HotplugHandler *hotplug_dev, 
DeviceState *dev,
 }
 
 out:
+g_free(compat);
+g_free(base_compat_type);
 g_free(base_core_type);
 error_propagate(errp, local_err);
 }
@@ -288,6 +327,8 @@ static void spapr_cpu_core_realize(DeviceState *dev, Error 
**errp)
 Error *local_err = NULL;
 Object *obj;
 int i;
+char *compat = object_property_get_str(OBJECT(sc), "compat", NULL);
+bool compat_set = (compat && *compat) ? true : false;
 
 sc->threads = g_malloc0(size * cc->nr_threads);
 for (i = 0; i < cc->nr_threads; i++) {
@@ -298,9 +339,19 @@ static void spapr_cpu_core_realize(DeviceState *dev, Error 
**errp)
 snprintf(id, sizeof(id), "thread[%d]", i);
 object_property_add_child(OBJECT(sc), id, obj, _err);
 if (local_err) {
+g_free(compat);
 goto err;
 }
+if (compat_set) {
+CPUClass *cc = CPU_GET_CLASS(CPU(obj));
+char *featurestr = g_strdup_printf("compat=%s", compat);
+
+cc->parse_features(CPU(obj), featurestr, _err);
+

Re: [Qemu-devel] [V11 2/4] hw/i386: ACPI IVRS table

[David Kiarie]

On Tue, May 24, 2016 at 10:06 AM, Valentine Sinitsyn
 wrote:
> Hi all,
>
>
> On 24.05.2016 11:54, Peter Xu wrote:
>>
>> On Sun, May 22, 2016 at 01:21:52PM +0300, David Kiarie wrote:
>> [...]
>>>
>>> +static void
>>> +build_amd_iommu(GArray *table_data, GArray *linker)
>>> +{
>>> +int iommu_start = table_data->len;
>>> +bool iommu_ambig;
>>> +
>>> +/* IVRS definition  - table header has an extra 2-byte field */
>>> +acpi_data_push(table_data, (sizeof(AcpiTableHeader)));
>>> +/* common virtualization information */
>>> +build_append_int_noprefix(table_data, AMD_IOMMU_HOST_ADDRESS_WIDTH
>>> << 8, 4);
>>> +/* reserved */
>>> +build_append_int_noprefix(table_data, 0, 8);
>>> +
>>> +AMDVIState *s = (AMDVIState *)object_resolve_path_type("",
>>> +TYPE_AMD_IOMMU_DEVICE, _ambig);
>>> +
>>> +/* IVDB definition - type 10h */
>>> +if (!iommu_ambig) {
>>> +/* IVHD definition - type 10h */
>>> +build_append_int_noprefix(table_data, 0x10, 1);
>>> +/* virtualization flags */
>>> +build_append_int_noprefix(table_data, (IVHD_HT_TUNEN |
>>> + IVHD_PPRSUP | IVHD_IOTLBSUP | IVHD_PREFSUP), 1);
>>> +/* ivhd length */
>>> +build_append_int_noprefix(table_data, 0x20, 2);
>>> +/* iommu device id */
>>> +build_append_int_noprefix(table_data, PCI_DEVICE_ID_RD890_IOMMU,
>>> 2);
>>> +/* offset of capability registers */
>>> +build_append_int_noprefix(table_data, s->capab_offset, 2);
>>> +/* mmio base register */
>>> +build_append_int_noprefix(table_data, s->mmio.addr, 8);
>>> +/* pci segment */
>>> +build_append_int_noprefix(table_data, 0, 2);
>>> +/* interrupt numbers */
>>> +build_append_int_noprefix(table_data, 0, 2);
>>> +/* feature reporting */
>>> +build_append_int_noprefix(table_data, (IVHD_EFR_GTSUP |
>>> +IVHD_EFR_HATS | IVHD_EFR_GATS), 4);
>>> +/* Add device flags here
>>> + *   These are 4-byte device entries currently reporting the
>>> range of
>>> + *   devices 00h - h; all devices
>>> + *   Device setting affecting all devices should be made here
>>> + *
>>> + *   Refer to
>>> + *
>>> (http://developer.amd.com/wordpress/media/2012/10/488821.pdf)
>>> + *   Table 95
>>
>>
>> I failed to find Table 95 in the document. Is that typo?
>
> I guess it should be "Table 75". David, am I right?
> On a side note, 2.0 specification you mention is rather outdated.
> Please consider referencing something newer, like 2.6.
>
>
>>
>> [...]
>>
>>>   static
>>>   void acpi_build(AcpiBuildTables *tables, MachineState *machine)
>>>   {
>>> @@ -2657,6 +2721,7 @@ void acpi_build(AcpiBuildTables *tables,
>>> MachineState *machine)
>>>   AcpiMcfgInfo mcfg;
>>>   PcPciInfo pci;
>>>   uint8_t *u;
>>> +IommuType IOMMUType = has_iommu();
>>>   size_t aml_len = 0;
>>>   GArray *tables_blob = tables->table_data;
>>>   AcpiSlicOem slic_oem = { .id = NULL, .table_id = NULL };
>>> @@ -2722,7 +2787,13 @@ void acpi_build(AcpiBuildTables *tables,
>>> MachineState *machine)
>>>   acpi_add_table(table_offsets, tables_blob);
>>>   build_mcfg_q35(tables_blob, tables->linker, );
>>>   }
>>> -if (acpi_has_iommu()) {
>>> +
>>> +if (IOMMUType == TYPE_AMD) {
>>> +acpi_add_table(table_offsets, tables_blob);
>>> +build_amd_iommu(tables_blob, tables->linker);
>>> +}
>>> +
>>> +if (IOMMUType == TYPE_INTEL) {
>>>   acpi_add_table(table_offsets, tables_blob);
>>>   build_dmar_q35(tables_blob, tables->linker);
>>>   }
>>
>>
>> Nit: I'd prefer:
>>
>>  if (type == Intel) {
>>  ...
>>  } else if (type == AMD) {
>>  ...
>>  }
>>

I missed this is the last version of the patch I should fix it in next version.

On taking a closer look at this there might be larger problem where
with the advent of -device  users can possibly emulate two
IOMMUs at the same time ? A proposed solution was to have
pci_setup_iommu check that DMA hook as not been setup yet and fail if
yes. I should send a fix for that too.

>> for better readability.
>>
>> Thanks,
>>
>> -- peterx
>>
>
> Best,
> Valentine

[Qemu-devel] [Bug 1591611] Re: chroot using qemu-x86_64-static fails on ppc64el

[Timothy Pearson]

Finally figured it out!

It's the page size.  qemu user mode does NOT support a host page that is
greater than 4k on x86/x86_64 systems, despite some claims to the
contrary on older documentation pages.

I'll be updating the patch to print a clear warning on failure instead
of allowing corrupt data and the resultant cryptic target messages.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1591611

Title:
  chroot using qemu-x86_64-static fails on ppc64el

Status in QEMU:
  New

Bug description:
  When attempting to use qemu-x86_64-static from qemu 2.5.0 on a ppc64el
  host to chroot into an amd64 environment, all commands fail with an
  assertion error.  /usr/bin/qemu-x86_64-static from the host was copied
  into the chroot /usr/bin, and the host has multiformat support in the
  kernel.

  Sample output illustrating the problem, as well as bash builtins
  working:

  # chroot /virtualbox/scratchdisks_local_001/amd64_chroot qemu-x86_64-static 
/bin/bash
  # ls
  bash: ../sysdeps/nptl/fork.c:136: __libc_fork: Assertion `({ __typeof 
(self->tid) __value; if (sizeof (__value) == 1) asm volatile ("movb 
%%fs:%P2,%b0" : "=q" (__value) : "0" (0), "i" (__builtin_offsetof (struct 
pthread, tid))); else if (sizeof (__value) == 4) asm volatile ("movl 
%%fs:%P1,%0" : "=r" (__value) : "i" (__builtin_offsetof (struct pthread, 
tid))); else { if (sizeof (__value) != 8) abort (); asm volatile ("movq 
%%fs:%P1,%q0" : "=r" (__value) : "i" (__builtin_offsetof (struct pthread, 
tid))); } __value; }) != ppid' failed.
  setup_frame: not implemented
  setup_frame: not implemented
  qemu: uncaught target signal 11 (Segmentation fault) - core dumped
  Segmentation fault
  setup_frame: not implemented
  setup_frame: not implemented
  # echo TEST
  TEST
  # cat test
  bash: ../sysdeps/nptl/fork.c:136: __libc_fork: Assertion `({ __typeof 
(self->tid) __value; if (sizeof (__value) == 1) asm volatile ("movb 
%%fs:%P2,%b0" : "=q" (__value) : "0" (0), "i" (__builtin_offsetof (struct 
pthread, tid))); else if (sizeof (__value) == 4) asm volatile ("movl 
%%fs:%P1,%0" : "=r" (__value) : "i" (__builtin_offsetof (struct pthread, 
tid))); else { if (sizeof (__value) != 8) abort (); asm volatile ("movq 
%%fs:%P1,%q0" : "=r" (__value) : "i" (__builtin_offsetof (struct pthread, 
tid))); } __value; }) != ppid' failed.
  qemu: uncaught target signal 11 (Segmentation fault) - core dumped
  Segmentation fault

  It is currently unknown if other host architectures (e.g. aarch64) are
  also affected.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1591611/+subscriptions

[Qemu-devel] [PATCH v2] Change net/socket.c to use socket_*() functions

[Ashijeet Acharya]

Use socket_*() functions from include/qemu/sockets.h instead of 
listen()/bind()/  connect()/parse_host_port(). socket_*() fucntions are QAPI 
based and this patch   performs this api conversion since everything will be 
using QAPI based sockets in the future. Also add a helper function 
socket_address_to_string() in  util/qemu-sockets.c which returns 
the string representation of socket address. Thetask was listed on 
http://wiki.qemu.org/BiteSizedTasks page.

Signed-off-by: Ashijeet Acharya 
---
 include/qemu/sockets.h | 16 ++-
 net/socket.c   | 55 +-
 util/qemu-sockets.c| 36 +
 3 files changed, 78 insertions(+), 29 deletions(-)

diff --git a/include/qemu/sockets.h b/include/qemu/sockets.h
index 1bd9218..3a1a887 100644
--- a/include/qemu/sockets.h
+++ b/include/qemu/sockets.h
@@ -110,4 +110,18 @@ SocketAddress *socket_remote_address(int fd, Error **errp);
 void qapi_copy_SocketAddress(SocketAddress **p_dest,
  SocketAddress *src);
 
-#endif /* QEMU_SOCKET_H */
+/**
+ * socket_address_to_string:
+ * @addr: the socket address struct
+ * @errp: pointer to uninitialized error object
+ *
+ * Get the string representation of the socket
+ * address. A pointer to the char array containing
+ * string format will be returned, the caller is
+ * required to release the returned value when no
+ * longer required with g_free.
+ *
+ * Returns: the socket address in string format, or NULL on error
+ */
+char *socket_address_to_string(struct SocketAddress *addr, Error **errp);
+#endif /* QEMU_SOCKET_H */
\ No newline at end of file
diff --git a/net/socket.c b/net/socket.c
index 333fb9e..ae6f921 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -489,41 +489,30 @@ static int net_socket_listen_init(NetClientState *peer,
 {
 NetClientState *nc;
 NetSocketState *s;
-struct sockaddr_in saddr;
-int fd, ret;
+SocketAddress *saddr;
+int ret;
+Error *local_error = NULL;
 
-if (parse_host_port(, host_str) < 0)
-return -1;
-
-fd = qemu_socket(PF_INET, SOCK_STREAM, 0);
-if (fd < 0) {
-perror("socket");
+saddr = socket_parse(host_str, _error);
+if (saddr == NULL) {
+error_report_err(local_error);
 return -1;
 }
-qemu_set_nonblock(fd);
 
-socket_set_fast_reuse(fd);
-
-ret = bind(fd, (struct sockaddr *), sizeof(saddr));
+ret = socket_listen(saddr, _error);
 if (ret < 0) {
-perror("bind");
-closesocket(fd);
-return -1;
-}
-ret = listen(fd, 0);
-if (ret < 0) {
-perror("listen");
-closesocket(fd);
+error_report_err(local_error);
 return -1;
 }
 
 nc = qemu_new_net_client(_socket_info, peer, model, name);
 s = DO_UPCAST(NetSocketState, nc, nc);
 s->fd = -1;
-s->listen_fd = fd;
+s->listen_fd = ret;
 s->nc.link_down = true;
 
 qemu_set_fd_handler(s->listen_fd, net_socket_accept, NULL, s);
+qapi_free_SocketAddress(saddr);
 return 0;
 }
 
@@ -534,10 +523,15 @@ static int net_socket_connect_init(NetClientState *peer,
 {
 NetSocketState *s;
 int fd, connected, ret;
-struct sockaddr_in saddr;
+char *addr_str;
+SocketAddress *saddr;
+Error *local_error = NULL;
 
-if (parse_host_port(, host_str) < 0)
+saddr = socket_parse(host_str, _error);
+if (saddr == NULL) {
+error_report_err(local_error);
 return -1;
+}
 
 fd = qemu_socket(PF_INET, SOCK_STREAM, 0);
 if (fd < 0) {
@@ -545,10 +539,9 @@ static int net_socket_connect_init(NetClientState *peer,
 return -1;
 }
 qemu_set_nonblock(fd);
-
 connected = 0;
 for(;;) {
-ret = connect(fd, (struct sockaddr *), sizeof(saddr));
+ret = socket_connect(saddr, _error, NULL, NULL);
 if (ret < 0) {
 if (errno == EINTR || errno == EWOULDBLOCK) {
 /* continue */
@@ -557,7 +550,7 @@ static int net_socket_connect_init(NetClientState *peer,
errno == EINVAL) {
 break;
 } else {
-perror("connect");
+error_report_err(local_error);
 closesocket(fd);
 return -1;
 }
@@ -569,9 +562,15 @@ static int net_socket_connect_init(NetClientState *peer,
 s = net_socket_fd_init(peer, model, name, fd, connected);
 if (!s)
 return -1;
+
+addr_str = socket_address_to_string(saddr, _error);
+if (addr_str == NULL)
+return -1;
+
 snprintf(s->nc.info_str, sizeof(s->nc.info_str),
- "socket: connect to %s:%d",
- inet_ntoa(saddr.sin_addr), ntohs(saddr.sin_port));
+ "socket: connect to %s", addr_str);
+qapi_free_SocketAddress(saddr);
+g_free(addr_str);
 return 0;
 }
 
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 

[Qemu-devel] [Bug 1593605] Re: windows2008r2 boot failed with uefi

[Denis V. Lunev]

Win2k8 EFI has a bug under HyperV. This will never work without a
specific hack in UEFI. I can dig in my archives to find a patch if you
are really interested in. AFAIR some memory in video driver has to be
marked not as boot services but differently and will stay permanently.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1593605

Title:
  windows2008r2 boot failed with uefi

Status in QEMU:
  Incomplete

Bug description:
  I want to run my win2008r2 with uefi. Hypervisor is ubuntu16.04 and my
  qemu command line show below:

  qemu-system-x86_64 -enable-kvm -name win2008r2 -S -machine pc-
  i440fx-2.5,accel=kvm,usb=off -cpu
  host,hv_time,hv_relaxed,hv_spinlocks=0x2000 -drive
  file=/usr/share/qemu/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on
  -drive
  file=/var/lib/libvirt/qemu/nvram/win2008r2_VARS.fd,if=pflash,format=raw,unit=1
  -m size=8388608k,slots=10,maxmem=1073741824k -realtime mlock=off -smp
  8,maxcpus=96,sockets=24,cores=4,threads=1 -numa
  node,nodeid=0,cpus=0-7,mem=8192 -uuid 030638c5-c6aa-
  4f06-82f8-dd2d04fd5705 -no-user-config -nodefaults -chardev
  socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-
  win2008r2/monitor.sock,server,nowait -mon
  chardev=charmonitor,id=monitor,mode=control -rtc
  base=localtime,clock=vm,driftfix=slew -no-hpet -no-shutdown -boot
  strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device
  usb-ehci,id=usb1,bus=pci.0,addr=0x4 -device nec-usb-
  xhci,id=usb2,bus=pci.0,addr=0x5 -device
  lsi,id=scsi0,bus=pci.0,addr=0x6 -device virtio-scsi-
  pci,id=scsi1,bus=pci.0,addr=0x7 -device virtio-serial-pci,id=virtio-
  serial0,bus=pci.0,addr=0x8 -drive
  file=/vms/images/win2008r2,format=qcow2,if=none,id=drive-
  ide0-0-0,cache=directsync -device ide-hd,bus=ide.0,unit=0,drive=drive-
  ide0-0-0,id=ide0-0-0,bootindex=1 -drive
  
file=/vms/isos/cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598.iso,format=raw,if=none,id
  =drive-ide0-1-1,readonly=on -device ide-cd,bus=ide.1,unit=1,drive
  =drive-ide0-1-1,id=ide0-1-1,bootindex=2 -chardev pty,id=charserial0
  -device isa-serial,chardev=charserial0,id=serial0 -chardev
  
socket,id=charchannel0,path=/var/lib/libvirt/qemu/win2008r2.agent,server,nowait
  -device virtserialport,bus=virtio-
  serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
  -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -device
  VGA,id=video0,vgamem_mb=16,bus=pci.0,addr=0x2 -device virtio-balloon-
  pci,id=balloon0,bus=pci.0,addr=0xa -msg timestamp=on

  
  OVMF.fd is download from http://sourceforge.net/projects/edk2/files/OVMF/ 
OVMF-X64-r15214.zip.

  When I boot my domain with windows2008 iso, the kvm was caught in
  endless interrupt. I enable trace on my host and I got this.


  1. echo 1 > /sys/kernel/debug/tracing/events/kvm/enable
  2. cat /sys/kernel/debug/tracing/trace_pipe 
  qemu-system-x86-1969  [006]   2093.019588: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.019590: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.021424: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.021429: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.021430: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.021683: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.021686: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022592: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80ef
   qemu-system-x86-1969  [006] d...  2093.022595: kvm_entry: vcpu 0
   qemu-system-x86-1969  [006]   2093.022746: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae8e info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.022749: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.023434: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.023444: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.023446: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.023610: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   qemu-system-x86-1969  [006] d...  2093.023612: kvm_entry: vcpu 0
   qemu-system-x86-1966  [017]   2093.025430: kvm_set_irq: gsi 8 level 1 
source 0
   qemu-system-x86-1966  [017]   2093.025435: kvm_pic_set_irq: chip 1 pin 0 
(edge|masked)
   qemu-system-x86-1966  [017]   2093.025436: kvm_ioapic_set_irq: pin 8 dst 
1 vec=209 (Fixed|logical|edge) (coalesced)
   qemu-system-x86-1969  [006]   2093.025599: kvm_exit: reason 
EXTERNAL_INTERRUPT rip 0xf8001080ae78 info 0 80fd
   

[Qemu-devel] [PATCH] build: Use $(CC) for compiling .S files

[Richard Henderson]

We fail to pass to AS all of the different flags that
may be required for a given set of CFLAGS.  Rather than
figuring out the host-specific mapping, it's better to
allow the compiler driver to do that.

This fixes e.g. ../configure --cpu=i686, but would also
be required for ppc and sparc.

Signed-off-by: Richard Henderson 
---
 rules.mak | 7 ++-
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/rules.mak b/rules.mak
index 72c5955..f16598b 100644
--- a/rules.mak
+++ b/rules.mak
@@ -68,11 +68,8 @@ LINK = $(call quiet-command, $(LINKPROG) $(QEMU_CFLAGS) 
$(CFLAGS) $(LDFLAGS) -o
$(call process-archive-undefs, $1) \
$(version-obj-y) $(call extract-libs,$1) $(LIBS),"  LINK  
$(TARGET_DIR)$@")
 
-%.asm: %.S
-   $(call quiet-command,$(CPP) $(QEMU_INCLUDES) $(QEMU_CFLAGS) 
$(QEMU_DGFLAGS) $(CFLAGS) -o $@ $<,"  CPP   $(TARGET_DIR)$@")
-
-%.o: %.asm
-   $(call quiet-command,$(AS) $(ASFLAGS) -o $@ $<,"  AS
$(TARGET_DIR)$@")
+%.o: %.S
+   $(call quiet-command,$(CC) $(QEMU_INCLUDES) $(QEMU_CFLAGS) 
$(QEMU_DGFLAGS) $(CFLAGS) -c -o $@ $<,"  AS$(TARGET_DIR)$@")
 
 %.o: %.cc
$(call quiet-command,$(CXX) $(QEMU_INCLUDES) $(QEMU_CXXFLAGS) 
$(QEMU_DGFLAGS) $(CFLAGS) $($@-cflags) -c -o $@ $<,"  CXX   $(TARGET_DIR)$@")
-- 
2.5.5

Re: [Qemu-devel] [RFC] target-arm: fix semihosting ram base issue

[Tsung-Han Lin]

2016-06-18 14:57 GMT+09:00 Liviu Ionescu :

>
> > On 18 Jun 2016, at 01:22, Tsung-Han Lin  wrote:
> >
> > ... It seems like to me that the issue is the default address assumed by
> qemu, which is 0x0.
> > (since Eclipse QEMU uses the same code, I believe they have the same
> problem.)
>
> it uses the same main code, but with many improvements.
>
> if I remember right, for semihosting there were several small problems
> requiring changes, but they were all fixed now. you can give it a try (
> http://gnuarmeclipse.github.io/qemu/options/).
>
> in addition to semihosting, which I use for running the CMSIS++ tests, GNU
> ARM Eclipse QEMU also implements graphical animated LEDs for a selection of
> boards, which might be very convenient for simple blinky tests.
>
>
> Hi,

Thanks again.

Actually I've tried Eclipse version, but I couldn't find the option that I
need,
which like I wrote in the previous replies is the ram address part.(not
just Cortex-M)
I need to change it to some of my customized created boards's defined
values every time I change to another one.

Also, since I need to work on CLI environment to do some semihosting tests,
I would really like to have this ram base issue solved in the mainline qemu
code.

Regards,



> regards,
>
> Liviu
>
>


-- 
Tsung-Han "*Johnny*" Lin

Page: http://tsunghanlin.github.com/
Email: tsunghan...@gmail.com

Re: [Qemu-devel] [RFC] target-arm: fix semihosting ram base issue

[Liviu Ionescu]

> On 18 Jun 2016, at 01:22, Tsung-Han Lin  wrote:
> 
> ... It seems like to me that the issue is the default address assumed by 
> qemu, which is 0x0.
> (since Eclipse QEMU uses the same code, I believe they have the same problem.)

it uses the same main code, but with many improvements. 

if I remember right, for semihosting there were several small problems 
requiring changes, but they were all fixed now. you can give it a try 
(http://gnuarmeclipse.github.io/qemu/options/).

in addition to semihosting, which I use for running the CMSIS++ tests, GNU ARM 
Eclipse QEMU also implements graphical animated LEDs for a selection of boards, 
which might be very convenient for simple blinky tests.


regards,

Liviu