Re: [Qemu-devel] [PATCH v3 2/3] qemu.py: Add QEMUMachine.exitcode() method

[Markus Armbruster]

Eduardo Habkost  writes:

> On Mon, May 29, 2017 at 06:53:47PM +0200, Markus Armbruster wrote:
>> Eduardo Habkost  writes:
>> 
>> > Allow the exit code of QEMU to be queried by scripts.
>> >
>> > Signed-off-by: Eduardo Habkost 
>> > ---
>> >  scripts/qemu.py | 4 
>> >  1 file changed, 4 insertions(+)
>> >
>> > diff --git a/scripts/qemu.py b/scripts/qemu.py
>> > index 16934f1e02..ebe1c4b919 100644
>> > --- a/scripts/qemu.py
>> > +++ b/scripts/qemu.py
>> > @@ -88,6 +88,10 @@ class QEMUMachine(object):
>> >  def is_running(self):
>> >  return self._popen and (self._popen.returncode is None)
>> >  
>> > +def exitcode(self):
>> > +if self._popen:
>> > +return self._popen.returncode
>> > +
>> 
>> Falling off the function's end returns None.  Do we really want to rely
>> on that?
>> 
>> For what it's worth, I checked the Python Language Reference, found it
>> less than clear, so I tried it out, too.
>
> I agree that the intent may not be clear when looking at the
> code.  I can squash this in:
>
> diff --git a/scripts/qemu.py b/scripts/qemu.py
> index ebe1c4b919..bf00eddab8 100644
> --- a/scripts/qemu.py
> +++ b/scripts/qemu.py
> @@ -89,8 +89,9 @@ class QEMUMachine(object):
>  return self._popen and (self._popen.returncode is None)
>  
>  def exitcode(self):
> -if self._popen:
> -return self._popen.returncode
> +if not self._popen:
> +return None
> +return self._popen.returncode
>  
>  def get_pid(self):
>  if not self.is_running():

Works for me.  The equivalent

return self._popen and self._popen.returncode

would also work.  Nicely terse.

Re: [Qemu-devel] [PATCH v2] blockdev: Print a warning for legacy drive options that belong to -device

[Markus Armbruster]

Thomas Huth  writes:

> We likely do not want to carry these legacy -drive options along forever.
> Let's emit a deprecation warning for the -drive options that have a
> replacement with the -device option, so that the (hopefully few) remaining
> users are aware of this and can adapt their scripts / behaviour accordingly.
>
> Signed-off-by: Thomas Huth 
> ---
>  v2:
>  - Check for !qtest_enabled() since tests/hd-geo-test still uses these
>  - Added "addr" to the list, too
>  - Also mark the options as deprecated in the documentation
>
>  blockdev.c  | 14 ++
>  qemu-options.hx |  5 -
>  2 files changed, 18 insertions(+), 1 deletion(-)
>
> diff --git a/blockdev.c b/blockdev.c
> index 0b38c3d..aef38f0 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -50,6 +50,7 @@
>  #include "qmp-commands.h"
>  #include "block/trace.h"
>  #include "sysemu/arch_init.h"
> +#include "sysemu/qtest.h"
>  #include "qemu/cutils.h"
>  #include "qemu/help_option.h"
>  #include "qemu/throttle-options.h"
> @@ -797,6 +798,9 @@ DriveInfo *drive_new(QemuOpts *all_opts, 
> BlockInterfaceType block_default_type)
>  const char *filename;
>  Error *local_err = NULL;
>  int i;
> +const char *deprecated[] = {
> +"serial", "trans", "secs", "heads", "cyls", "addr"
> +};

I know I worked on turning (some of?) these into qdev properties, but
I've since forgotten the details, so let me review their current state
real quick:

* "serial": Silently ignored unless the device model chooses to pick it
  up.  Device models with a serial number should pick it up as a
  compatibility fallback for their qdev property, with blkconf_serial().
  Goes back to 2010-2011:

  a8686a9 virtio-blk: Turn drive serial into a qdev property
  c3a90cb usb-storage: Turn drive serial into a qdev property usb-storage.serial
  a0fef65 scsi: Turn drive serial into a qdev property scsi-disk.serial
  6ced55a ide: Turn drive serial into a qdev property ide-drive.serial

* "trans", "secs", "heads", "cyls": Similar, with blkconf_geometry().
  Goes back to 2012.

  6e6f61a ide: qdev property for BIOS CHS translation
  ba80196 ide: qdev properties for disk geometry
  e63e7fd virtio-blk: qdev properties for disk geometry
  d252df4 scsi-hd: qdev properties for disk geometry

* "addr": Only accepted with if=virtio.  drive_new() desugars it into
  the qdev property.

Okay.

>  
>  /* Change legacy command line options into QMP ones */
>  static const struct {
> @@ -880,6 +884,16 @@ DriveInfo *drive_new(QemuOpts *all_opts, 
> BlockInterfaceType block_default_type)
   if (qemu_opt_get(legacy_opts, "boot") != NULL) {
   fprintf(stderr, "qemu-kvm: boot=on|off is deprecated and will be "
   "ignored. Future versions will reject this parameter. Please 
"
>  "update your scripts.\n");

Unrelated to this patch: this is ugly.  It's also almost three years
old.  Can we bury the corpse already?

>  }
>  
> +/* Other deprecated options */
> +if (!qtest_enabled()) {
> +for (i = 0; i < ARRAY_SIZE(deprecated); i++) {
> +if (qemu_opt_get(legacy_opts, deprecated[i]) != NULL) {
> +error_report("'%s' is deprecated, please use the 
> corresponding "
> + "option of '-device' instead", deprecated[i]);
> +}
> +}
> +}
> +
>  /* Media type */
>  value = qemu_opt_get(legacy_opts, "media");
>  if (value) {
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 9d7964d..2f66f1a 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -615,6 +615,8 @@ of available connectors of a given interface type.
>  This option defines the type of the media: disk or cdrom.
>  @item cyls=@var{c},heads=@var{h},secs=@var{s}[,trans=@var{t}]
>  These options have the same definition as they have in @option{-hdachs}.
> +These parameters are deprecated, use the corresponding parameters
> +of @code{-device} instead.
>  @item snapshot=@var{snapshot}
>  @var{snapshot} is "on" or "off" and controls snapshot mode for the given 
> drive
>  (see @option{-snapshot}).
> @@ -631,7 +633,8 @@ an untrusted format header.
>  @item serial=@var{serial}
>  This option specifies the serial number to assign to the device.
>  @item addr=@var{addr}
> -Specify the controller's PCI address (if=virtio only).
> +Specify the controller's PCI address (if=virtio only). This parameter is
> +deprecated, use the corresponding parameter of @code{-device} instead.
>  @item werror=@var{action},rerror=@var{action}
>  Specify which @var{action} to take on write and read errors. Valid actions 
> are:
>  "ignore" (ignore the error and try to continue), "stop" (pause QEMU),

Reviewed-by: Markus Armbruster 

Re: [Qemu-devel] [PATCH 0/3] arm/virt: refine virt.c code and implement hot_add_cpu interface

[Li Zhang]

> 在 2017年5月29日，下午6:43，Igor Mammedov  写道：
> 
> On Sat, 27 May 2017 10:32:33 +0800
> Li Zhang  wrote:
> 
>>> On Fri, May 26, 2017 at 7:21 PM, Igor Mammedov  wrote:
>>> On Fri, 26 May 2017 17:21:05 +0800
>>> Li Zhang  wrote:
>>> 
 From: Li Zhang 
 
 virt machine doesn't support hot_add_cpu interface. This patchset is to 
 implement
 hot_add_cpu interface. A CPU can be added by QMP command with QEMU monitor.
 
 Here is command to add a CPU with QMP command.
 
 * qemu-system-aarch64 -machine virt -cpu cortex-a15 -smp 1,maxcpus=4 \
-monitor telnet:127.0.0.1:,server,nowait -nographic
 * connect monitor:  telnet 127.0.0.1 
 * execute qmp command:  cpu-add 1  
>>> cpu-add command shouldn't be used for new cpu hotplug,
>>> pls use generic device_add for that.  
>> 
>> Ok,  I will drop this command and look at device_add.
>> 
>>> 
>>> The last time I looked at it, virt machine needed quite a bit of
>>> re-factoring of the way it creates/wires up CPUs.  
>> 
>> Yes, I am looking into it and see if I can do something:)
>> 
>>> 
>>> Pls see usage of following callbacks for example on how to implement
>>> device_add based cpu hotplug:
>>> 
>>>  get_hotplug_handler
>>>  pc_cpu_pre_plug
>>>  pc_cpu_plug
>>>  pc_possible_cpu_arch_ids
>>> 
>>> and pc_cpus_init() for initial cpu creation with above callbacks in use
>>> 
>> Thanks, I will see it. :)
>> 
 
 Currently, when KVM is enabled and add a CPU with QMP command, QEMU
 reports error "kvm_init_vcpu failed: Device or resourc busy". KVM can't
 create a new CPU when vgic has been initialized and irqchip_in_kernel in
 function kvm_arch_vcpu_create. It needs to change KVM code in the future.  
>>> if KVM isn't capable do it yet, then qemu should refuse cpu hotplug if 
>>> running
>>> with KVM accelarator and allow it only in TCG mode.  
>> 
>> OK, I will add an assertion to allow hotplug only in TCG mode.
> instead of assert which will crash guest on hotplug,
> just disable hotplug gracefully (for example set error in pre_plug handler)

OK, got it.

> 
>> 
>>> 
 
 Li Zhang (3):
  arm/virt: Refine fdt_add_cpu_nodes code
  arm/virt: Refine code of machvirt_init
  arm/virt: Implement hot_add_cpu interface
 
 hw/arm/virt.c | 344 
 ++
 1 file changed, 202 insertions(+), 142 deletions(-)
 
>>> 
>> 
>> 
>> 
> 

Re: [Qemu-devel] [PATCH 03/17] tests: remove alt num-int cases

[Fam Zheng]

I noticed you were wondering what happend to this message in the patchew thread:

http://patchew.org/QEMU/20170509173559.31598-1-marcandre.lur...@redhat.com/

Markus, apparently this is because of the unusual "In-Reply-To" header of your
message, which confuses patchew:

In-Reply-To: <20170509173559.31598-4-marcandre.lur...@redhat.com>
(=?utf-8?Q?=22Marc-Andr=C3=A9?=
Lureau"'s message of "Tue, 9 May 2017 20:35:45 +0300")

Is this an extension of your email client, or a standard?

In https://tools.ietf.org/html/rfc2822#section-3.6.4:
>The "References:" and "In-Reply-To:" field each contain one or more
>unique message identifiers, optionally separated by CFWS.
> 
>The message identifier (msg-id) is similar in syntax to an angle-addr
>construct without the internal CFWS.
> 
> message-id  =   "Message-ID:" msg-id CRLF
> 
> in-reply-to =   "In-Reply-To:" 1*msg-id CRLF
> 
> references  =   "References:" 1*msg-id CRLF

I can imagine if consider CFWS, patchew should probably just work (I can fix
that), but it's still good to understand this.

Fam

Re: [Qemu-devel] [PATCHv4 0/5] Clean up compatibility mode handling

[Greg Kurz]

On Fri, 26 May 2017 15:23:14 +1000
David Gibson  wrote:

[...]
> 
> 
> Changes since v3:
>   * Backwards compatible -cpu handling now removes compat= option from
> options passed on to the cpu, so it doesn't trigger further warnings

This seems to also have another interesting effect.

getset_compat_deprecated() could be called either during CPU realization from:

object_property_parse()
{
Visitor *v = string_input_visitor_new(string);
object_property_set(obj, v, name, errp);
...
}

or during a QOM set operation from:

void object_property_set_qobject(Object *obj, QObject *value,
 const char *name, Error **errp)
{
Visitor *v;

v = qobject_input_visitor_new(value);
object_property_set(obj, v, name, errp);
...
}

or similarly during a QOM get operation with a QObject output visitor.

The realization path no longer exists with patch 2, so you don't need
to implement a null string input visitor anymore.

This means that patch 1 is no longer needed if I get things right but
you probably want Markus to second that.

>   * Add a migration fix make cpu_synchronize_state() safe in post_load
> handlers, which in turn fixes a bug in 5/5.
>   * A number of bugfixes and other tweaks suggested by feedback on v2.
> 
> Changes since RFCv2:
>   * Many patches dropped, since they're already merged
>   * Rebased, fixed conflicts
>   * Restored support for backwards migration (wasn't as complicated as
> I thought)
>   * Updated final patch's description to more accurately reflect the
> logic
> 
> Changes since RFCv1:
>   * Change CAS logic to prefer compatibility modes over raw mode
>   * Simplified by giving up on half-hearted attempts to maintain
> backwards migration
>   * Folded migration stream changes into a single patch
>   * Removed some preliminary patches which are already merged
> 
> David Gibson (4):
>   migration: Mark CPU states dirty before incoming migration/loadvm
>   pseries: Move CPU compatibility property to machine
>   pseries: Reset CPU compatibility mode
>   ppc: Rework CPU compatibility testing across migration
> 
> Greg Kurz (1):
>   qapi: add explicit null to string input and output visitors
> 
>  cpus.c   |   9 
>  hw/ppc/spapr.c   |   8 +++-
>  hw/ppc/spapr_cpu_core.c  |  62 +-
>  hw/ppc/spapr_hcall.c |   8 ++--
>  include/hw/ppc/spapr.h   |  12 +++--
>  include/sysemu/cpus.h|   1 +
>  include/sysemu/hax.h |   1 +
>  include/sysemu/hw_accel.h|  10 +
>  include/sysemu/kvm.h |   1 +
>  kvm-all.c|  10 +
>  migration/savevm.c   |   2 +
>  qapi/string-input-visitor.c  |  11 +
>  qapi/string-output-visitor.c |  14 ++
>  target/i386/hax-all.c|  10 +
>  target/ppc/compat.c  | 102 
> +++
>  target/ppc/cpu.h |   5 ++-
>  target/ppc/machine.c |  72 --
>  target/ppc/translate_init.c  |  86 +++-
>  18 files changed, 340 insertions(+), 84 deletions(-)
> 



pgpkbr716pKfB.pgp
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 14/14] char: move char devices to chardev/

[Philippe Mathieu-Daudé]

On 05/29/2017 05:45 AM, Marc-André Lureau wrote:

Suggested by Paolo Bonizini during series review.


Bonzini ;) "serie" singular


Signed-off-by: Marc-André Lureau 


Reviewed-by: Philippe Mathieu-Daudé 


---
 {backends => chardev}/baum.c |  0
 {backends => chardev}/msmouse.c  |  0
 spice-qemu-char.c => chardev/spice.c |  2 +-
 {backends => chardev}/testdev.c  |  0
 {backends => chardev}/wctablet.c |  0
 MAINTAINERS  |  4 +---
 Makefile.objs|  4 ++--
 backends/Makefile.objs   |  4 
 backends/trace-events| 10 --
 chardev/Makefile.objs|  6 ++
 chardev/trace-events | 18 ++
 trace-events |  7 ---
 12 files changed, 28 insertions(+), 27 deletions(-)
 rename {backends => chardev}/baum.c (100%)
 rename {backends => chardev}/msmouse.c (100%)
 rename spice-qemu-char.c => chardev/spice.c (99%)
 rename {backends => chardev}/testdev.c (100%)
 rename {backends => chardev}/wctablet.c (100%)
 create mode 100644 chardev/trace-events

diff --git a/backends/baum.c b/chardev/baum.c
similarity index 100%
rename from backends/baum.c
rename to chardev/baum.c
diff --git a/backends/msmouse.c b/chardev/msmouse.c
similarity index 100%
rename from backends/msmouse.c
rename to chardev/msmouse.c
diff --git a/spice-qemu-char.c b/chardev/spice.c
similarity index 99%
rename from spice-qemu-char.c
rename to chardev/spice.c
index 1c6c2e3969..a312078812 100644
--- a/spice-qemu-char.c
+++ b/chardev/spice.c
@@ -1,5 +1,5 @@
 #include "qemu/osdep.h"
-#include "trace-root.h"
+#include "trace.h"
 #include "ui/qemu-spice.h"
 #include "chardev/char.h"
 #include "qemu/error-report.h"
diff --git a/backends/testdev.c b/chardev/testdev.c
similarity index 100%
rename from backends/testdev.c
rename to chardev/testdev.c
diff --git a/backends/wctablet.c b/chardev/wctablet.c
similarity index 100%
rename from backends/wctablet.c
rename to chardev/wctablet.c
diff --git a/MAINTAINERS b/MAINTAINERS
index 59e03436ad..7ee69d0e42 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1231,13 +1231,11 @@ M: Marc-André Lureau 
 S: Maintained
 F: chardev/
 F: include/chardev/
-F: backends/msmouse.c
-F: backends/testdev.c

 Character Devices (Braille)
 M: Samuel Thibault 
 S: Maintained
-F: backends/baum.c
+F: chardev/baum.c

 Command line option argument parsing
 M: Markus Armbruster 
diff --git a/Makefile.objs b/Makefile.objs
index 2100845ce2..0575802440 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -50,8 +50,6 @@ common-obj-$(CONFIG_LINUX) += fsdev/

 common-obj-y += migration/

-common-obj-$(CONFIG_SPICE) += spice-qemu-char.o
-
 common-obj-y += audio/
 common-obj-y += hw/
 common-obj-y += accel.o
@@ -70,6 +68,7 @@ common-obj-y += tpm.o
 common-obj-$(CONFIG_SLIRP) += slirp/

 common-obj-y += backends/
+common-obj-y += chardev/

 common-obj-$(CONFIG_SECCOMP) += qemu-seccomp.o

@@ -121,6 +120,7 @@ trace-events-subdirs += io
 trace-events-subdirs += migration
 trace-events-subdirs += block
 trace-events-subdirs += backends
+trace-events-subdirs += chardev
 trace-events-subdirs += hw/block
 trace-events-subdirs += hw/block/dataplane
 trace-events-subdirs += hw/char
diff --git a/backends/Makefile.objs b/backends/Makefile.objs
index 0e0f1567b2..0400799efd 100644
--- a/backends/Makefile.objs
+++ b/backends/Makefile.objs
@@ -1,10 +1,6 @@
 common-obj-y += rng.o rng-egd.o
 common-obj-$(CONFIG_POSIX) += rng-random.o

-common-obj-y += msmouse.o wctablet.o testdev.o
-common-obj-$(CONFIG_BRLAPI) += baum.o
-baum.o-cflags := $(SDL_CFLAGS)
-
 common-obj-$(CONFIG_TPM) += tpm.o

 common-obj-y += hostmem.o hostmem-ram.o
diff --git a/backends/trace-events b/backends/trace-events
index 8c3289a3f9..e69de29bb2 100644
--- a/backends/trace-events
+++ b/backends/trace-events
@@ -1,10 +0,0 @@
-# See docs/tracing.txt for syntax documentation.
-
-# backends/wctablet.c
-wct_init(void) ""
-wct_cmd_re(void) ""
-wct_cmd_st(void) ""
-wct_cmd_sp(void) ""
-wct_cmd_ts(int input) "0x%02x"
-wct_cmd_other(const char *cmd) "%s"
-wct_speed(int speed) "%d"
diff --git a/chardev/Makefile.objs b/chardev/Makefile.objs
index e0b37dbfd8..52a8127606 100644
--- a/chardev/Makefile.objs
+++ b/chardev/Makefile.objs
@@ -16,3 +16,9 @@ chardev-obj-y += char-stdio.o
 chardev-obj-y += char-udp.o
 chardev-obj-$(CONFIG_WIN32) += char-win.o
 chardev-obj-$(CONFIG_WIN32) += char-win-stdio.o
+
+common-obj-y += msmouse.o wctablet.o testdev.o
+common-obj-$(CONFIG_BRLAPI) += baum.o
+baum.o-cflags := $(SDL_CFLAGS)
+
+common-obj-$(CONFIG_SPICE) += spice.o
diff --git a/chardev/trace-events b/chardev/trace-events
new file mode 100644
index 00..822dde668b
--- /dev/null
+++ b/chardev/trace-events
@@ -0,0 +1,18 @@
+# See docs/tracing.txt for syntax documentation.
+
+# chardev/wctablet.c
+wct_init(void) ""
+wct_cmd_re(void) ""

Re: [Qemu-devel] [PATCH v2 11/14] char: move CharBackend handling in char-fe unit

[Philippe Mathieu-Daudé]

Hi Marc-André,

Reviewed-by: Philippe Mathieu-Daudé 

On 05/29/2017 05:45 AM, Marc-André Lureau wrote:

Move all the fronted struct and methods to a seperate unit. This avoids


"frontend, separate"


accidentally mixing backend and frontend calls, and helps with readibilty.


"readability"

Indeed this patch makes it much cleaner.


Make qemu_chr_replay() a macro shared by both char and char-fe.

Export qemu_chr_write(), and use a macro for qemu_chr_write_all()


This change seems related to the previous commit, is it possible to move 
it there?



(nb: yes, CharBackend is for char frontend :)

Signed-off-by: Marc-André Lureau 
---
 include/chardev/char-fe.h | 249 ++
 include/chardev/char-mux.h|   1 +
 include/chardev/char.h| 242 +-
 include/hw/char/bcm2835_aux.h |   2 +-
 include/hw/char/cadence_uart.h|   2 +-
 include/hw/char/digic-uart.h  |   2 +-
 include/hw/char/imx_serial.h  |   2 +-
 include/hw/char/serial.h  |   2 +-
 include/hw/char/stm32f2xx_usart.h |   2 +-
 backends/rng-egd.c|   2 +-
 chardev/char-fe.c | 358 ++
 chardev/char.c| 343 +---
 gdbstub.c |   1 +
 hw/arm/omap2.c|   2 +-
 hw/arm/pxa2xx.c   |   2 +-
 hw/arm/strongarm.c|   1 +
 hw/char/cadence_uart.c|   1 +
 hw/char/debugcon.c|   2 +-
 hw/char/digic-uart.c  |   2 +-
 hw/char/escc.c|   1 +
 hw/char/etraxfs_ser.c |   2 +-
 hw/char/exynos4210_uart.c |   1 +
 hw/char/grlib_apbuart.c   |   2 +-
 hw/char/ipoctal232.c  |   2 +-
 hw/char/lm32_juart.c  |   2 +-
 hw/char/lm32_uart.c   |   2 +-
 hw/char/mcf_uart.c|   2 +-
 hw/char/milkymist-uart.c  |   2 +-
 hw/char/parallel.c|   1 +
 hw/char/pl011.c   |   2 +-
 hw/char/sclpconsole-lm.c  |   2 +-
 hw/char/sclpconsole.c |   2 +-
 hw/char/sh_serial.c   |   2 +-
 hw/char/spapr_vty.c   |   2 +-
 hw/char/terminal3270.c|   2 +-
 hw/char/virtio-console.c  |   2 +-
 hw/char/xen_console.c |   2 +-
 hw/char/xilinx_uartlite.c |   2 +-
 hw/core/qdev-properties-system.c  |   2 +-
 hw/ipmi/ipmi_bmc_extern.c |   2 +-
 hw/misc/ivshmem.c |   2 +-
 hw/usb/ccid-card-passthru.c   |   2 +-
 hw/usb/dev-serial.c   |   1 +
 hw/usb/redirect.c |   2 +-
 hw/virtio/vhost-user.c|   2 +-
 monitor.c |   2 +-
 net/colo-compare.c|   2 +-
 net/filter-mirror.c   |   2 +-
 net/slirp.c   |   2 +-
 net/vhost-user.c  |   2 +-
 qtest.c   |   2 +-
 slirp/slirp.c |   2 +-
 tests/test-char.c |   2 +-
 tests/vhost-user-test.c   |   2 +-
 ui/console.c  |   2 +-
 chardev/Makefile.objs |   1 +
 56 files changed, 664 insertions(+), 623 deletions(-)
 create mode 100644 include/chardev/char-fe.h
 create mode 100644 chardev/char-fe.c

diff --git a/include/chardev/char-fe.h b/include/chardev/char-fe.h
new file mode 100644
index 00..bd82093218
--- /dev/null
+++ b/include/chardev/char-fe.h
@@ -0,0 +1,249 @@
+#ifndef QEMU_CHAR_FE_H
+#define QEMU_CHAR_FE_H
+
+#include "chardev/char.h"
+
+typedef void IOEventHandler(void *opaque, int event);
+
+/* This is the backend as seen by frontend, the actual backend is
+ * Chardev */
+struct CharBackend {
+Chardev *chr;
+IOEventHandler *chr_event;
+IOCanReadHandler *chr_can_read;
+IOReadHandler *chr_read;
+void *opaque;
+int tag;
+int fe_open;
+};
+
+/**
+ * @qemu_chr_fe_init:
+ *
+ * Initializes a front end for the given CharBackend and
+ * Chardev. Call qemu_chr_fe_deinit() to remove the association and
+ * release the driver.
+ *
+ * Returns: false on error.
+ */
+bool qemu_chr_fe_init(CharBackend *b, Chardev *s, Error **errp);
+
+/**
+ * @qemu_chr_fe_deinit:
+ *
+ * Dissociate the CharBackend from the Chardev.
+ *
+ * Safe to call without associated Chardev.
+ */
+void qemu_chr_fe_deinit(CharBackend *b);
+
+/**
+ * @qemu_chr_fe_get_driver:
+ *
+ * Returns the driver associated with a CharBackend or NULL if no
+ * associated Chardev.
+ */
+Chardev *qemu_chr_fe_get_driver(CharBackend *be);
+
+/**
+ * @qemu_chr_fe_set_handlers:
+ * @b: a CharBackend
+ * @fd_can_read: callback to get the amount of data the frontend may
+ *   receive
+ * @fd_read: callback to receive data from char
+ * @fd_event: event callback
+ * @opaque: an opaque pointer for the callbacks
+ * @context: a main loop context or NULL for the default
+ * 

Re: [Qemu-devel] [Qemu-ppc] [PULL 11/18] pseries: Split CAS PVR negotiation out into a separate function

[Greg Kurz]

On Thu, 25 May 2017 13:51:25 +1000
David Gibson  wrote:

> Guests of the qemu machine type go through a feature negotiation process
> known as "client architecture support" (CAS) during early boot.  This does
> a number of things, one of which is finding a CPU compatibility mode which
> can be supported by both guest and host.
> 
> In fact the CPU negotiation is probably the single most complex part of the
> CAS process, so this splits it out into a helper function.  We've recently
> made some mistakes in maintaining backward compatibility for old machine
> types here.  Splitting this out will also make it easier to fix this.
> 
> This also adds a possibly useful error message if the negotiation fails
> (i.e. if there isn't a CPU mode that's suitable for both guest and host).
> 
> Signed-off-by: David Gibson 
> Reviewed-by: Laurent Vivier 
> Reviewed-by: Greg Kurz 
> ---

Any reason for not seing these patches as well in this pull request ?

pseries: Restore PVR negotiation logic for  pre-2.9 machine types
pseries: Improve tracing of CPU  compatibility negotiation

>  hw/ppc/spapr_hcall.c | 49 -
>  1 file changed, 32 insertions(+), 17 deletions(-)
> 
> diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
> index 2daace4..77d2d66 100644
> --- a/hw/ppc/spapr_hcall.c
> +++ b/hw/ppc/spapr_hcall.c
> @@ -1044,19 +1044,13 @@ static target_ulong h_signal_sys_reset(PowerPCCPU 
> *cpu,
>  }
>  }
>  
> -static target_ulong h_client_architecture_support(PowerPCCPU *cpu,
> -  sPAPRMachineState *spapr,
> -  target_ulong opcode,
> -  target_ulong *args)
> +static uint32_t cas_check_pvr(PowerPCCPU *cpu, target_ulong *addr,
> +  Error **errp)
>  {
> -target_ulong list = ppc64_phys_to_real(args[0]);
> -target_ulong ov_table;
>  bool explicit_match = false; /* Matched the CPU's real PVR */
>  uint32_t max_compat = cpu->max_compat;
>  uint32_t best_compat = 0;
>  int i;
> -sPAPROptionVector *ov1_guest, *ov5_guest, *ov5_cas_old, *ov5_updates;
> -bool guest_radix;
>  
>  /*
>   * We scan the supplied table of PVRs looking for two things
> @@ -1066,9 +1060,9 @@ static target_ulong 
> h_client_architecture_support(PowerPCCPU *cpu,
>  for (i = 0; i < 512; ++i) {
>  uint32_t pvr, pvr_mask;
>  
> -pvr_mask = ldl_be_phys(_space_memory, list);
> -pvr = ldl_be_phys(_space_memory, list + 4);
> -list += 8;
> +pvr_mask = ldl_be_phys(_space_memory, *addr);
> +pvr = ldl_be_phys(_space_memory, *addr + 4);
> +*addr += 8;
>  
>  if (~pvr_mask & pvr) {
>  break; /* Terminator record */
> @@ -1087,17 +1081,38 @@ static target_ulong 
> h_client_architecture_support(PowerPCCPU *cpu,
>  /* We couldn't find a suitable compatibility mode, and either
>   * the guest doesn't support "raw" mode for this CPU, or raw
>   * mode is disabled because a maximum compat mode is set */
> -return H_HARDWARE;
> +error_setg(errp, "Couldn't negotiate a suitable PVR during CAS");
> +return 0;
>  }
>  
>  /* Parsing finished */
>  trace_spapr_cas_pvr(cpu->compat_pvr, explicit_match, best_compat);
>  
> -/* Update CPUs */
> -if (cpu->compat_pvr != best_compat) {
> -Error *local_err = NULL;
> +return best_compat;
> +}
>  
> -ppc_set_compat_all(best_compat, _err);
> +static target_ulong h_client_architecture_support(PowerPCCPU *cpu,
> +  sPAPRMachineState *spapr,
> +  target_ulong opcode,
> +  target_ulong *args)
> +{
> +/* Working address in data buffer */
> +target_ulong addr = ppc64_phys_to_real(args[0]);
> +target_ulong ov_table;
> +uint32_t cas_pvr;
> +sPAPROptionVector *ov1_guest, *ov5_guest, *ov5_cas_old, *ov5_updates;
> +bool guest_radix;
> +Error *local_err = NULL;
> +
> +cas_pvr = cas_check_pvr(cpu, , _err);
> +if (local_err) {
> +error_report_err(local_err);
> +return H_HARDWARE;
> +}
> +
> +/* Update CPUs */
> +if (cpu->compat_pvr != cas_pvr) {
> +ppc_set_compat_all(cas_pvr, _err);
>  if (local_err) {
>  error_report_err(local_err);
>  return H_HARDWARE;
> @@ -1105,7 +1120,7 @@ static target_ulong 
> h_client_architecture_support(PowerPCCPU *cpu,
>  }
>  
>  /* For the future use: here @ov_table points to the first option vector 
> */
> -ov_table = list;
> +ov_table = addr;
>  
>  ov1_guest = spapr_ovec_parse_vector(ov_table, 1);
>  ov5_guest = 

Re: [Qemu-devel] [PATCH v2 10/14] char: generalize qemu_chr_write_all()

[Philippe Mathieu-Daudé]

Hi Marc-André,

On 05/29/2017 05:45 AM, Marc-André Lureau wrote:

qemu_chr_fe_write() is similar to qemu_chr_write_all(): the later write
all with a chardev backend.

Make qemu_chr_write() and qemu_chr_fe_write_buffer() take an 'all'
argument. If false, handle 'partial' write the way qemu_chr_fe_write()
use to, and call qemu_chr_write() from qemu_chr_fe_write().

Signed-off-by: Marc-André Lureau 
---
 chardev/char.c | 70 +++---
 1 file changed, 28 insertions(+), 42 deletions(-)

diff --git a/chardev/char.c b/chardev/char.c
index a747e0279a..9a7c70c7aa 100644
--- a/chardev/char.c
+++ b/chardev/char.c
@@ -96,7 +96,8 @@ static void qemu_chr_fe_write_log(Chardev *s,
 }

 static int qemu_chr_fe_write_buffer(Chardev *s,
-const uint8_t *buf, int len, int *offset)
+const uint8_t *buf, int len,
+int *offset, bool write_all)
 {
 ChardevClass *cc = CHARDEV_GET_CLASS(s);
 int res = 0;
@@ -106,7 +107,7 @@ static int qemu_chr_fe_write_buffer(Chardev *s,
 while (*offset < len) {
 retry:
 res = cc->chr_write(s, buf + *offset, len - *offset);
-if (res < 0 && errno == EAGAIN) {
+if (res < 0 && errno == EAGAIN && write_all) {
 g_usleep(100);
 goto retry;
 }
@@ -116,6 +117,9 @@ static int qemu_chr_fe_write_buffer(Chardev *s,
 }

 *offset += res;
+if (!write_all) {
+break;
+}
 }
 if (*offset > 0) {
 qemu_chr_fe_write_log(s, buf, *offset);
@@ -130,54 +134,20 @@ static bool qemu_chr_replay(Chardev *chr)
 return qemu_chr_has_feature(chr, QEMU_CHAR_FEATURE_REPLAY);
 }

-int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len)
+static int qemu_chr_write(Chardev *s, const uint8_t *buf, int len,
+  bool write_all)
 {
-Chardev *s = be->chr;
-ChardevClass *cc;
-int ret;
-
-if (!s) {
-return 0;
-}
-
-if (qemu_chr_replay(s) && replay_mode == REPLAY_MODE_PLAY) {
-int offset;
-replay_char_write_event_load(, );
-assert(offset <= len);
-qemu_chr_fe_write_buffer(s, buf, offset, );
-return ret;
-}
-
-cc = CHARDEV_GET_CLASS(s);
-qemu_mutex_lock(>chr_write_lock);
-ret = cc->chr_write(s, buf, len);
-
-if (ret > 0) {
-qemu_chr_fe_write_log(s, buf, ret);
-}
-
-qemu_mutex_unlock(>chr_write_lock);
-
-if (qemu_chr_replay(s) && replay_mode == REPLAY_MODE_RECORD) {
-replay_char_write_event_save(ret, ret < 0 ? 0 : ret);
-}
-
-return ret;
-}
-
-int qemu_chr_write_all(Chardev *s, const uint8_t *buf, int len)
-{
-int offset;
+int offset = 0;
 int res;

 if (qemu_chr_replay(s) && replay_mode == REPLAY_MODE_PLAY) {
 replay_char_write_event_load(, );
 assert(offset <= len);
-qemu_chr_fe_write_buffer(s, buf, offset, );
+qemu_chr_fe_write_buffer(s, buf, offset, , true);
 return res;
 }

-res = qemu_chr_fe_write_buffer(s, buf, len, );
+res = qemu_chr_fe_write_buffer(s, buf, len, , write_all);

 if (qemu_chr_replay(s) && replay_mode == REPLAY_MODE_RECORD) {
 replay_char_write_event_save(res, offset);
@@ -189,6 +159,22 @@ int qemu_chr_write_all(Chardev *s, const uint8_t *buf, int 
len)
 return offset;
 }

+int qemu_chr_write_all(Chardev *s, const uint8_t *buf, int len)
+{
+return qemu_chr_write(s, buf, len, true);
+}
+
+int qemu_chr_fe_write(CharBackend *be, const uint8_t *buf, int len)
+{
+Chardev *s = be->chr;
+
+if (!s) {
+return 0;
+}
+
+return qemu_chr_write(s, buf, len, false);
+}
+
 int qemu_chr_fe_write_all(CharBackend *be, const uint8_t *buf, int len)
 {
 Chardev *s = be->chr;
@@ -197,7 +183,7 @@ int qemu_chr_fe_write_all(CharBackend *be, const uint8_t 
*buf, int len)
 return 0;
 }

-return qemu_chr_write_all(s, buf, len);
+return qemu_chr_write(s, buf, len, true);


I think calling qemu_chr_write_all() is more readable.

Either ways:
Reviewed-by: Philippe Mathieu-Daudé 


 }

 int qemu_chr_fe_read_all(CharBackend *be, uint8_t *buf, int len)

Re: [Qemu-devel] [PATCH v2 08/14] chardev: serial & parallel declaration to own headers

[Philippe Mathieu-Daudé]

On 05/29/2017 05:45 AM, Marc-André Lureau wrote:

Signed-off-by: Marc-André Lureau 


Reviewed-by: Philippe Mathieu-Daudé 


---
 include/chardev/char-parallel.h | 20 +++-
 include/chardev/char-serial.h   | 22 ++
 include/chardev/char.h  | 36 
 backends/wctablet.c |  2 +-
 hw/arm/strongarm.c  |  2 +-
 hw/bt/hci-csr.c |  2 +-
 hw/char/cadence_uart.c  |  2 +-
 hw/char/escc.c  |  2 +-
 hw/char/exynos4210_uart.c   |  2 +-
 hw/char/parallel.c  |  2 +-
 hw/char/serial.c|  2 +-
 hw/usb/dev-serial.c |  2 +-
 12 files changed, 50 insertions(+), 46 deletions(-)

diff --git a/include/chardev/char-parallel.h b/include/chardev/char-parallel.h
index 26742f9d5c..3284a1b96b 100644
--- a/include/chardev/char-parallel.h
+++ b/include/chardev/char-parallel.h
@@ -24,9 +24,27 @@
 #ifndef CHAR_PARALLEL_H
 #define CHAR_PARALLEL_H

-#if defined(__linux__) || defined(__FreeBSD__) || \
+#include "chardev/char.h"
+
+#if defined(__linux__) || defined(__FreeBSD__) ||   \
 defined(__FreeBSD_kernel__) || defined(__DragonFly__)
 #define HAVE_CHARDEV_PARPORT 1
 #endif

+#define CHR_IOCTL_PP_READ_DATA3
+#define CHR_IOCTL_PP_WRITE_DATA   4
+#define CHR_IOCTL_PP_READ_CONTROL 5
+#define CHR_IOCTL_PP_WRITE_CONTROL6
+#define CHR_IOCTL_PP_READ_STATUS  7
+#define CHR_IOCTL_PP_EPP_READ_ADDR8
+#define CHR_IOCTL_PP_EPP_READ 9
+#define CHR_IOCTL_PP_EPP_WRITE_ADDR  10
+#define CHR_IOCTL_PP_EPP_WRITE   11
+#define CHR_IOCTL_PP_DATA_DIR12
+
+struct ParallelIOArg {
+void *buffer;
+int count;
+};
+
 #endif /* CHAR_PARALLEL_H */
diff --git a/include/chardev/char-serial.h b/include/chardev/char-serial.h
index 64a27f63b1..cb2e59e82a 100644
--- a/include/chardev/char-serial.h
+++ b/include/chardev/char-serial.h
@@ -24,6 +24,8 @@
 #ifndef CHAR_SERIAL_H
 #define CHAR_SERIAL_H

+#include "chardev/char.h"
+
 #ifdef _WIN32
 #define HAVE_CHARDEV_SERIAL 1
 #elif defined(__linux__) || defined(__sun__) || defined(__FreeBSD__)\
@@ -32,4 +34,24 @@
 #define HAVE_CHARDEV_SERIAL 1
 #endif

+#define CHR_IOCTL_SERIAL_SET_PARAMS   1
+typedef struct {
+int speed;
+int parity;
+int data_bits;
+int stop_bits;
+} QEMUSerialSetParams;
+
+#define CHR_IOCTL_SERIAL_SET_BREAK2
+
+#define CHR_IOCTL_SERIAL_SET_TIOCM   13
+#define CHR_IOCTL_SERIAL_GET_TIOCM   14
+
+#define CHR_TIOCM_CTS   0x020
+#define CHR_TIOCM_CAR   0x040
+#define CHR_TIOCM_DSR   0x100
+#define CHR_TIOCM_RI0x080
+#define CHR_TIOCM_DTR   0x002
+#define CHR_TIOCM_RTS   0x004
+
 #endif
diff --git a/include/chardev/char.h b/include/chardev/char.h
index fffc0f40d4..95273e10ae 100644
--- a/include/chardev/char.h
+++ b/include/chardev/char.h
@@ -27,42 +27,6 @@ typedef enum {

 #define CHR_READ_BUF_LEN 4096

-#define CHR_IOCTL_SERIAL_SET_PARAMS   1
-typedef struct {
-int speed;
-int parity;
-int data_bits;
-int stop_bits;
-} QEMUSerialSetParams;
-
-#define CHR_IOCTL_SERIAL_SET_BREAK2
-
-#define CHR_IOCTL_PP_READ_DATA3
-#define CHR_IOCTL_PP_WRITE_DATA   4
-#define CHR_IOCTL_PP_READ_CONTROL 5
-#define CHR_IOCTL_PP_WRITE_CONTROL6
-#define CHR_IOCTL_PP_READ_STATUS  7
-#define CHR_IOCTL_PP_EPP_READ_ADDR8
-#define CHR_IOCTL_PP_EPP_READ 9
-#define CHR_IOCTL_PP_EPP_WRITE_ADDR  10
-#define CHR_IOCTL_PP_EPP_WRITE   11
-#define CHR_IOCTL_PP_DATA_DIR12
-
-struct ParallelIOArg {
-void *buffer;
-int count;
-};
-
-#define CHR_IOCTL_SERIAL_SET_TIOCM   13
-#define CHR_IOCTL_SERIAL_GET_TIOCM   14
-
-#define CHR_TIOCM_CTS  0x020
-#define CHR_TIOCM_CAR  0x040
-#define CHR_TIOCM_DSR  0x100
-#define CHR_TIOCM_RI   0x080
-#define CHR_TIOCM_DTR  0x002
-#define CHR_TIOCM_RTS  0x004
-
 typedef void IOEventHandler(void *opaque, int event);

 typedef enum {
diff --git a/backends/wctablet.c b/backends/wctablet.c
index 07a4cde956..6c13c2c58a 100644
--- a/backends/wctablet.c
+++ b/backends/wctablet.c
@@ -32,7 +32,7 @@

 #include "qemu/osdep.h"
 #include "qemu-common.h"
-#include "chardev/char.h"
+#include "chardev/char-serial.h"
 #include "ui/console.h"
 #include "ui/input.h"
 #include "trace.h"
diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
index 66cad198d4..967caea749 100644
--- a/hw/arm/strongarm.c
+++ b/hw/arm/strongarm.c
@@ -34,7 +34,7 @@
 #include "strongarm.h"
 #include "qemu/error-report.h"
 #include "hw/arm/arm.h"
-#include "chardev/char.h"
+#include "chardev/char-serial.h"
 #include "sysemu/sysemu.h"
 #include "hw/ssi/ssi.h"
 #include "qemu/cutils.h"
diff --git a/hw/bt/hci-csr.c b/hw/bt/hci-csr.c
index cc2087392e..0f2021086d 100644
--- a/hw/bt/hci-csr.c
+++ b/hw/bt/hci-csr.c
@@ -20,7 +20,7 @@

 #include "qemu/osdep.h"
 #include "qemu-common.h"
-#include "chardev/char.h"
+#include "chardev/char-serial.h"
 #include "qemu/timer.h"
 

Re: [Qemu-devel] [PATCH v2 07/14] chardev: move headers to include/chardev

[Philippe Mathieu-Daudé]

On 05/29/2017 05:45 AM, Marc-André Lureau wrote:

So they are all in one place. The following patch will move serial &
parallel declarations to the respective headers.

Signed-off-by: Marc-André Lureau 


Reviewed-by: Philippe Mathieu-Daudé 


---
 {chardev => include/chardev}/char-fd.h|  2 +-
 {chardev => include/chardev}/char-io.h|  2 +-
 {chardev => include/chardev}/char-mux.h   |  2 +-
 {chardev => include/chardev}/char-parallel.h  |  0
 {chardev => include/chardev}/char-serial.h|  0
 {chardev => include/chardev}/char-win-stdio.h |  0
 {chardev => include/chardev}/char-win.h   |  2 +-
 include/{sysemu => chardev}/char.h|  0
 include/hw/char/bcm2835_aux.h |  2 +-
 include/hw/char/cadence_uart.h|  2 +-
 include/hw/char/digic-uart.h  |  2 +-
 include/hw/char/imx_serial.h  |  2 +-
 include/hw/char/serial.h  |  4 ++--
 include/hw/char/stm32f2xx_usart.h |  2 +-
 backends/baum.c   |  2 +-
 backends/msmouse.c|  2 +-
 backends/rng-egd.c|  2 +-
 backends/testdev.c|  2 +-
 backends/wctablet.c   |  2 +-
 chardev/char-console.c|  2 +-
 chardev/char-fd.c |  6 +++---
 chardev/char-file.c   |  6 +++---
 chardev/char-io.c |  2 +-
 chardev/char-mux.c|  4 ++--
 chardev/char-null.c   |  2 +-
 chardev/char-parallel.c   |  6 +++---
 chardev/char-pipe.c   |  6 +++---
 chardev/char-pty.c|  4 ++--
 chardev/char-ringbuf.c|  2 +-
 chardev/char-serial.c |  6 +++---
 chardev/char-socket.c |  4 ++--
 chardev/char-stdio.c  |  8 
 chardev/char-udp.c|  4 ++--
 chardev/char-win-stdio.c  |  4 ++--
 chardev/char-win.c|  2 +-
 chardev/char.c| 10 +-
 gdbstub.c |  2 +-
 hmp.c |  2 +-
 hw/arm/fsl-imx25.c|  2 +-
 hw/arm/fsl-imx31.c|  2 +-
 hw/arm/fsl-imx6.c |  2 +-
 hw/arm/omap2.c|  2 +-
 hw/arm/pxa2xx.c   |  2 +-
 hw/arm/strongarm.c|  2 +-
 hw/bt/hci-csr.c   |  2 +-
 hw/char/cadence_uart.c|  2 +-
 hw/char/debugcon.c|  2 +-
 hw/char/digic-uart.c  |  2 +-
 hw/char/escc.c|  2 +-
 hw/char/etraxfs_ser.c |  2 +-
 hw/char/exynos4210_uart.c |  2 +-
 hw/char/grlib_apbuart.c   |  2 +-
 hw/char/ipoctal232.c  |  2 +-
 hw/char/lm32_juart.c  |  2 +-
 hw/char/lm32_uart.c   |  2 +-
 hw/char/mcf_uart.c|  2 +-
 hw/char/milkymist-uart.c  |  2 +-
 hw/char/omap_uart.c   |  2 +-
 hw/char/parallel.c|  2 +-
 hw/char/pl011.c   |  2 +-
 hw/char/sclpconsole-lm.c  |  2 +-
 hw/char/sclpconsole.c |  2 +-
 hw/char/serial.c  |  2 +-
 hw/char/sh_serial.c   |  2 +-
 hw/char/spapr_vty.c   |  2 +-
 hw/char/terminal3270.c|  2 +-
 hw/char/virtio-console.c  |  2 +-
 hw/char/xen_console.c |  2 +-
 hw/char/xilinx_uartlite.c |  2 +-
 hw/core/qdev-properties-system.c  |  2 +-
 hw/core/qdev-properties.c |  2 +-
 hw/ipmi/ipmi_bmc_extern.c |  2 +-
 hw/isa/pc87312.c  |  2 +-
 hw/mips/boston.c  |  2 +-
 hw/misc/ivshmem.c |  2 +-
 hw/usb/ccid-card-passthru.c   |  2 +-
 hw/usb/dev-serial.c   |  2 +-
 hw/usb/redirect.c |  2 +-
 hw/virtio/vhost-user.c|  2 +-
 hw/xen/xen-common.c   |  2 +-
 hw/xtensa/xtfpga.c|  2 +-
 monitor.c |  2 +-
 net/colo-compare.c|  2 +-
 net/filter-mirror.c   |  2 +-
 net/slirp.c   |  

Re: [Qemu-devel] Throttling groups vs filter nodes

[Manos Pitsidianakis]

On Mon, May 29, 2017 at 05:05:17PM +0200, Alberto Garcia wrote:

On Sat 27 May 2017 09:56:03 AM CEST, Stefan Hajnoczi wrote:

A quirk in the current implementation is that the throttling limits
for the group are overwritten by each -drive throttling.group=group0.
Limits for all but the last -drive in a group are ignored.

  - bps or iops != 0   -> set the I/O limits of a throttling group. The
  selected device is moved to that group if it
  wasn't there yet.

  - bps and iops == 0  -> remove a device from a throttling group
  without touching that group's I/O limits.


These are very unintuitive. However, even without considering backwards 
compatibility, I think that using -object notation (eg "object-add 
throttle-group,id=foo,iops=...) is intuitive in the case of groups, but 
not when you need individual limits for each device as the syntax would 
be too verbose.  Of course the old interface covers that.  

In any case, is having multiple interfaces a problem or not? And, is 
using QOM straightforward implementation-wise?

Re: [Qemu-devel] [PATCH v2 06/14] Remove/replace sysemu/char.h inclusion

[Philippe Mathieu-Daudé]

On 05/29/2017 05:45 AM, Marc-André Lureau wrote:

Those are apparently unnecessary includes.

Signed-off-by: Marc-André Lureau 


Reviewed-by: Philippe Mathieu-Daudé 


---
 hw/arm/bcm2835_peripherals.c | 1 -
 hw/char/imx_serial.c | 1 -
 hw/display/xenfb.c   | 1 -
 hw/i386/xen/xen-hvm.c| 1 -
 hw/mips/mips_fulong2e.c  | 1 -
 hw/mips/mips_malta.c | 1 -
 hw/net/xgmac.c   | 1 -
 hw/ppc/spapr_events.c| 1 -
 hw/ppc/spapr_rtas.c  | 1 -
 hw/sparc/leon3.c | 1 -
 hw/usb/ccid-card-emulated.c  | 2 +-
 hw/xen/xen_backend.c | 1 -
 util/event_notifier-posix.c  | 1 -
 13 files changed, 1 insertion(+), 13 deletions(-)

diff --git a/hw/arm/bcm2835_peripherals.c b/hw/arm/bcm2835_peripherals.c
index 369ef1e3bd..502f04c02a 100644
--- a/hw/arm/bcm2835_peripherals.c
+++ b/hw/arm/bcm2835_peripherals.c
@@ -13,7 +13,6 @@
 #include "hw/arm/bcm2835_peripherals.h"
 #include "hw/misc/bcm2835_mbox_defs.h"
 #include "hw/arm/raspi_platform.h"
-#include "sysemu/char.h"
 #include "sysemu/sysemu.h"

 /* Peripheral base address on the VC (GPU) system bus */
diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
index 52e67f8dc9..af250305be 100644
--- a/hw/char/imx_serial.c
+++ b/hw/char/imx_serial.c
@@ -21,7 +21,6 @@
 #include "qemu/osdep.h"
 #include "hw/char/imx_serial.h"
 #include "sysemu/sysemu.h"
-#include "sysemu/char.h"
 #include "qemu/log.h"

 #ifndef DEBUG_IMX_UART
diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c
index 7a8727aa21..e76c0d805c 100644
--- a/hw/display/xenfb.c
+++ b/hw/display/xenfb.c
@@ -28,7 +28,6 @@

 #include "hw/hw.h"
 #include "ui/console.h"
-#include "sysemu/char.h"
 #include "hw/xen/xen_backend.h"

 #include 
diff --git a/hw/i386/xen/xen-hvm.c b/hw/i386/xen/xen-hvm.c
index b1c05ffb86..321cf36b67 100644
--- a/hw/i386/xen/xen-hvm.c
+++ b/hw/i386/xen/xen-hvm.c
@@ -18,7 +18,6 @@
 #include "hw/xen/xen_backend.h"
 #include "qmp-commands.h"

-#include "sysemu/char.h"
 #include "qemu/error-report.h"
 #include "qemu/range.h"
 #include "sysemu/xen-mapcache.h"
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index e636c3abaa..dbe2805acb 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -32,7 +32,6 @@
 #include "hw/mips/mips.h"
 #include "hw/mips/cpudevs.h"
 #include "hw/pci/pci.h"
-#include "sysemu/char.h"
 #include "sysemu/sysemu.h"
 #include "audio/audio.h"
 #include "qemu/log.h"
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 5dd177e961..6fcdd9c6c1 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -37,7 +37,6 @@
 #include "hw/mips/mips.h"
 #include "hw/mips/cpudevs.h"
 #include "hw/pci/pci.h"
-#include "sysemu/char.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/arch_init.h"
 #include "qemu/log.h"
diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c
index 46b1aa17fa..0843bf185c 100644
--- a/hw/net/xgmac.c
+++ b/hw/net/xgmac.c
@@ -26,7 +26,6 @@

 #include "qemu/osdep.h"
 #include "hw/sysbus.h"
-#include "sysemu/char.h"
 #include "qemu/log.h"
 #include "net/net.h"
 #include "net/checksum.h"
diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index f0b28d8112..8a5f1d321a 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -28,7 +28,6 @@
 #include "qapi/error.h"
 #include "cpu.h"
 #include "sysemu/sysemu.h"
-#include "sysemu/char.h"
 #include "hw/qdev.h"
 #include "sysemu/device_tree.h"

diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 619f32c054..dd1633a104 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -29,7 +29,6 @@
 #include "qemu/log.h"
 #include "qemu/error-report.h"
 #include "sysemu/sysemu.h"
-#include "sysemu/char.h"
 #include "hw/qdev.h"
 #include "sysemu/device_tree.h"
 #include "sysemu/cpus.h"
diff --git a/hw/sparc/leon3.c b/hw/sparc/leon3.c
index 6e16478413..f415997649 100644
--- a/hw/sparc/leon3.c
+++ b/hw/sparc/leon3.c
@@ -28,7 +28,6 @@
 #include "hw/hw.h"
 #include "qemu/timer.h"
 #include "hw/ptimer.h"
-#include "sysemu/char.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/qtest.h"
 #include "hw/boards.h"
diff --git a/hw/usb/ccid-card-emulated.c b/hw/usb/ccid-card-emulated.c
index 99627860a3..e646eb243b 100644
--- a/hw/usb/ccid-card-emulated.c
+++ b/hw/usb/ccid-card-emulated.c
@@ -33,7 +33,7 @@
 #include 

 #include "qemu/thread.h"
-#include "sysemu/char.h"
+#include "qemu/main-loop.h"
 #include "ccid.h"

 #define DPRINTF(card, lvl, fmt, ...) \
diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
index 3570f37e56..c46cbb0759 100644
--- a/hw/xen/xen_backend.c
+++ b/hw/xen/xen_backend.c
@@ -28,7 +28,6 @@
 #include "hw/hw.h"
 #include "hw/sysbus.h"
 #include "hw/boards.h"
-#include "sysemu/char.h"
 #include "qemu/log.h"
 #include "qapi/error.h"
 #include "hw/xen/xen_backend.h"
diff --git a/util/event_notifier-posix.c b/util/event_notifier-posix.c
index acdbe3b483..73c4046b58 100644
--- a/util/event_notifier-posix.c
+++ b/util/event_notifier-posix.c
@@ -14,7 +14,6 @@
 

Re: [Qemu-devel] [PATCH] simpletrace: Improve the error message if event is not declared

[Philippe Mathieu-Daudé]

On 05/29/2017 01:30 PM, Jose Ricardo Ziviani wrote:

Today, if we use a trace-event file which does not declare an event
existing in the log file we'll get the following error:

$ scripts/simpletrace.py trace-events trace-68508
Traceback (most recent call last):
  File "scripts/simpletrace.py", line 242, in 
run(Formatter())
  File "scripts/simpletrace.py", line 217, in run
process(events, sys.argv[2], analyzer, read_header=read_header)
  File "scripts/simpletrace.py", line 192, in process
for rec in read_trace_records(edict, log):
  File "scripts/simpletrace.py", line 107, in read_trace_records
rec = read_record(edict, idtoname, fobj)
  File "scripts/simpletrace.py", line 71, in read_record
return get_record(edict, idtoname, rechdr, fobj)
  File "scripts/simpletrace.py", line 45, in get_record
event = edict[name]
KeyError: 'qemu_mutex_locked'

This patch improves this error by adding a hint instead of just that
KeyError log:

$ scripts/simpletrace.py trace-events trace-68508
'qemu_mutex_locked' event is logged but is not declared in the trace
events file, try using trace-events-all instead.

Signed-off-by: Jose Ricardo Ziviani 


Reviewed-by: Philippe Mathieu-Daudé 


---
 scripts/simpletrace.py | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/scripts/simpletrace.py b/scripts/simpletrace.py
index d60b3a0..f1be6e4 100755
--- a/scripts/simpletrace.py
+++ b/scripts/simpletrace.py
@@ -42,7 +42,15 @@ def get_record(edict, idtoname, rechdr, fobj):
 event_id = rechdr[0]
 name = idtoname[event_id]
 rec = (name, rechdr[1], rechdr[3])
-event = edict[name]
+try:
+event = edict[name]
+except KeyError, e:
+import sys
+sys.stderr.write('%s event is logged but is not declared ' \
+ 'in the trace events file, try using ' \
+ 'trace-events-all instead.\n' % str(e))
+sys.exit(1)
+
 for type, name in event.args:
 if is_string(type):
 l = fobj.read(4)

Re: [Qemu-devel] [PATCH v2 01/29] target/s390x: remove dead code in translate.c

[Philippe Mathieu-Daudé]

On 05/29/2017 04:24 PM, Aurelien Jarno wrote:

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 


Reviewed-by: Philippe Mathieu-Daudé 


---
 target/s390x/translate.c | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 97ca639a34..f7598184a6 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -5467,10 +5467,7 @@ void gen_intermediate_code(CPUS390XState *env, struct 
TranslationBlock *tb)
 gen_io_start();
 }

-status = NO_EXIT;
-if (status == NO_EXIT) {
-status = translate_one(env, );
-}
+status = translate_one(env, );

 /* If we reach a page boundary, are single stepping,
or exhaust instruction count, stop generation.  */

Re: [Qemu-devel] [PATCHv4 2/5] migration: Mark CPU states dirty before incoming migration/loadvm

[Greg Kurz]

On Fri, 26 May 2017 15:23:16 +1000
David Gibson  wrote:

> As a rule, CPU internal state should never be updated when
> !cpu->kvm_vcpu_dirty (or the HAX equivalent).  If that is done, then
> subsequent calls to cpu_synchronize_state() - usually safe and idempotent -
> will clobber state.
> 
> However, we routinely do this during a loadvm or incoming migration.
> Usually this is called shortly after a reset, which will clear all the cpu
> dirty flags with cpu_synchronize_all_post_reset().  Nothing is expected
> to set the dirty flags again before the cpu state is loaded from the
> incoming stream.
> 
> This means that it isn't safe to call cpu_synchronize_state() from a
> post_load handler, which is non-obvious and potentially inconvenient.
> 
> We could cpu_synchronize_all_state() before the loadvm, but that would be
> overkill since a) we expect the state to already be synchronized from the
> reset and b) we expect to completely rewrite the state with a call to
> cpu_synchronize_all_post_init() at the end of qemu_loadvm_state().
> 
> To clear this up, this patch introduces cpu_synchronize_pre_loadvm() and
> associated helpers, which simply marks the cpu state as dirty without
> actually changing anything.  i.e. it says we want to discard any existing
> KVM (or HAX) state and replace it with what we're going to load.
> 

This makes sense and looks nicer than adding a post-load specific path to
ppc_set_compat() indeed.

Just one remark below.

> Cc: Juan Quintela 
> Cc: Dave Gilbert 
> Signed-off-by: David Gibson 
> ---
>  cpus.c|  9 +
>  include/sysemu/cpus.h |  1 +
>  include/sysemu/hax.h  |  1 +
>  include/sysemu/hw_accel.h | 10 ++
>  include/sysemu/kvm.h  |  1 +
>  kvm-all.c | 10 ++
>  migration/savevm.c|  2 ++
>  target/i386/hax-all.c | 10 ++
>  8 files changed, 44 insertions(+)
> 
> diff --git a/cpus.c b/cpus.c
> index 516e5cb..6398439 100644
> --- a/cpus.c
> +++ b/cpus.c
> @@ -921,6 +921,15 @@ void cpu_synchronize_all_post_init(void)
>  }
>  }
>  
> +void cpu_synchronize_all_pre_loadvm(void)
> +{
> +CPUState *cpu;
> +
> +CPU_FOREACH(cpu) {
> +cpu_synchronize_pre_loadvm(cpu);
> +}
> +}
> +
>  static int do_vm_stop(RunState state)
>  {
>  int ret = 0;
> diff --git a/include/sysemu/cpus.h b/include/sysemu/cpus.h
> index a8053f1..731756d 100644
> --- a/include/sysemu/cpus.h
> +++ b/include/sysemu/cpus.h
> @@ -27,6 +27,7 @@ void qemu_timer_notify_cb(void *opaque, QEMUClockType type);
>  void cpu_synchronize_all_states(void);
>  void cpu_synchronize_all_post_reset(void);
>  void cpu_synchronize_all_post_init(void);
> +void cpu_synchronize_all_pre_loadvm(void);
>  
>  void qtest_clock_warp(int64_t dest);
>  
> diff --git a/include/sysemu/hax.h b/include/sysemu/hax.h
> index d9f0239..232a68a 100644
> --- a/include/sysemu/hax.h
> +++ b/include/sysemu/hax.h
> @@ -33,6 +33,7 @@ int hax_populate_ram(uint64_t va, uint32_t size);
>  void hax_cpu_synchronize_state(CPUState *cpu);
>  void hax_cpu_synchronize_post_reset(CPUState *cpu);
>  void hax_cpu_synchronize_post_init(CPUState *cpu);
> +void hax_cpu_synchronize_pre_loadvm(CPUState *cpu);
>  
>  #ifdef CONFIG_HAX
>  
> diff --git a/include/sysemu/hw_accel.h b/include/sysemu/hw_accel.h
> index c9b3105..469ffda 100644
> --- a/include/sysemu/hw_accel.h
> +++ b/include/sysemu/hw_accel.h
> @@ -45,4 +45,14 @@ static inline void cpu_synchronize_post_init(CPUState *cpu)
>  }
>  }
>  
> +static inline void cpu_synchronize_pre_loadvm(CPUState *cpu)
> +{
> +if (kvm_enabled()) {
> +kvm_cpu_synchronize_pre_loadvm(cpu);
> +}
> +if (hax_enabled()) {
> +hax_cpu_synchronize_pre_loadvm(cpu);
> +}
> +}
> +
>  #endif /* QEMU_HW_ACCEL_H */
> diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
> index 5cc83f2..a45c145 100644
> --- a/include/sysemu/kvm.h
> +++ b/include/sysemu/kvm.h
> @@ -459,6 +459,7 @@ int kvm_physical_memory_addr_from_host(KVMState *s, void 
> *ram_addr,
>  void kvm_cpu_synchronize_state(CPUState *cpu);
>  void kvm_cpu_synchronize_post_reset(CPUState *cpu);
>  void kvm_cpu_synchronize_post_init(CPUState *cpu);
> +void kvm_cpu_synchronize_pre_loadvm(CPUState *cpu);
>  
>  void kvm_init_cpu_signals(CPUState *cpu);
>  
> diff --git a/kvm-all.c b/kvm-all.c
> index 90b8573..a8485bd 100644
> --- a/kvm-all.c
> +++ b/kvm-all.c
> @@ -1896,6 +1896,16 @@ void kvm_cpu_synchronize_post_init(CPUState *cpu)
>  run_on_cpu(cpu, do_kvm_cpu_synchronize_post_init, RUN_ON_CPU_NULL);
>  }
>  
> +static void do_kvm_cpu_synchronize_pre_loadvm(CPUState *cpu, run_on_cpu_data 
> arg)
> +{
> +cpu->kvm_vcpu_dirty = true;
> +}
> +
> +void kvm_cpu_synchronize_pre_loadvm(CPUState *cpu)
> +{
> +run_on_cpu(cpu, do_kvm_cpu_synchronize_pre_loadvm, RUN_ON_CPU_NULL);

Do we really need to run_on_cpu() since we only set the dirty flag 

[Qemu-devel] [PULL 4/5] target/sh4: ignore interrupts in a delay slot

[Aurelien Jarno]

Delay slots are indivisible, therefore avoid scheduling an interrupt in
the delay slot. However exceptions are possible.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/sh4/helper.c | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/target/sh4/helper.c b/target/sh4/helper.c
index d420931530..19d4ec5fb5 100644
--- a/target/sh4/helper.c
+++ b/target/sh4/helper.c
@@ -871,8 +871,16 @@ int cpu_sh4_is_cached(CPUSH4State * env, target_ulong addr)
 bool superh_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
 {
 if (interrupt_request & CPU_INTERRUPT_HARD) {
-superh_cpu_do_interrupt(cs);
-return true;
+SuperHCPU *cpu = SUPERH_CPU(cs);
+CPUSH4State *env = >env;
+
+/* Delay slots are indivisible, ignore interrupts */
+if (env->flags & DELAY_SLOT_MASK) {
+return false;
+} else {
+superh_cpu_do_interrupt(cs);
+return true;
+}
 }
 return false;
 }
-- 
2.11.0

[Qemu-devel] [PULL 3/5] target/sh4: introduce DELAY_SLOT_MASK

[Aurelien Jarno]

This will make easier the introduction of a new flag in the next
patches.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/sh4/cpu.h   |  3 ++-
 target/sh4/helper.c|  4 ++--
 target/sh4/translate.c | 17 -
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/target/sh4/cpu.h b/target/sh4/cpu.h
index 6c07c6b24b..7969c9af98 100644
--- a/target/sh4/cpu.h
+++ b/target/sh4/cpu.h
@@ -91,6 +91,7 @@
 #define FPSCR_RM_NEAREST   (0 << 0)
 #define FPSCR_RM_ZERO  (1 << 0)
 
+#define DELAY_SLOT_MASK0x3
 #define DELAY_SLOT (1 << 0)
 #define DELAY_SLOT_CONDITIONAL (1 << 1)
 
@@ -380,7 +381,7 @@ static inline void cpu_get_tb_cpu_state(CPUSH4State *env, 
target_ulong *pc,
 {
 *pc = env->pc;
 *cs_base = 0;
-*flags = (env->flags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)) /* Bits 0-1 
*/
+*flags = (env->flags & DELAY_SLOT_MASK)/* Bits  0- 1 */
 | (env->fpscr & (FPSCR_FR | FPSCR_SZ | FPSCR_PR))  /* Bits 19-21 */
 | (env->sr & ((1u << SR_MD) | (1u << SR_RB)))  /* Bits 29-30 */
 | (env->sr & (1u << SR_FD))/* Bit 15 */
diff --git a/target/sh4/helper.c b/target/sh4/helper.c
index 5296e7cf4e..d420931530 100644
--- a/target/sh4/helper.c
+++ b/target/sh4/helper.c
@@ -172,11 +172,11 @@ void superh_cpu_do_interrupt(CPUState *cs)
 env->sgr = env->gregs[15];
 env->sr |= (1u << SR_BL) | (1u << SR_MD) | (1u << SR_RB);
 
-if (env->flags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)) {
+if (env->flags & DELAY_SLOT_MASK) {
 /* Branch instruction should be executed again before delay slot. */
env->spc -= 2;
/* Clear flags for exception/interrupt routine. */
-env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
+env->flags &= ~DELAY_SLOT_MASK;
 }
 
 if (do_exp) {
diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index 0bc2f9ff19..aba316f593 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -217,8 +217,7 @@ static inline void gen_save_cpu_state(DisasContext *ctx, 
bool save_pc)
 if (ctx->delayed_pc != (uint32_t) -1) {
 tcg_gen_movi_i32(cpu_delayed_pc, ctx->delayed_pc);
 }
-if ((ctx->tbflags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL))
-!= ctx->envflags) {
+if ((ctx->tbflags & DELAY_SLOT_MASK) != ctx->envflags) {
 tcg_gen_movi_i32(cpu_flags, ctx->envflags);
 }
 }
@@ -329,7 +328,7 @@ static inline void gen_store_fpr64 (TCGv_i64 t, int reg)
 #define DREG(x) FREG(x) /* Assumes lsb of (x) is always 0 */
 
 #define CHECK_NOT_DELAY_SLOT \
-if (ctx->envflags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)) { \
+if (ctx->envflags & DELAY_SLOT_MASK) {   \
 gen_save_cpu_state(ctx, true);   \
 gen_helper_raise_slot_illegal_instruction(cpu_env);  \
 ctx->bstate = BS_EXCP;   \
@@ -339,7 +338,7 @@ static inline void gen_store_fpr64 (TCGv_i64 t, int reg)
 #define CHECK_PRIVILEGED \
 if (IS_USER(ctx)) {  \
 gen_save_cpu_state(ctx, true);   \
-if (ctx->envflags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)) { \
+if (ctx->envflags & DELAY_SLOT_MASK) {   \
 gen_helper_raise_slot_illegal_instruction(cpu_env);  \
 } else { \
 gen_helper_raise_illegal_instruction(cpu_env);   \
@@ -351,7 +350,7 @@ static inline void gen_store_fpr64 (TCGv_i64 t, int reg)
 #define CHECK_FPU_ENABLED\
 if (ctx->tbflags & (1u << SR_FD)) {  \
 gen_save_cpu_state(ctx, true);   \
-if (ctx->envflags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)) { \
+if (ctx->envflags & DELAY_SLOT_MASK) {   \
 gen_helper_raise_slot_fpu_disable(cpu_env);  \
 } else { \
 gen_helper_raise_fpu_disable(cpu_env);   \
@@ -1784,7 +1783,7 @@ static void _decode_opc(DisasContext * ctx)
 fflush(stderr);
 #endif
 gen_save_cpu_state(ctx, true);
-if (ctx->envflags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)) {
+if (ctx->envflags & DELAY_SLOT_MASK) {
 gen_helper_raise_slot_illegal_instruction(cpu_env);
 } else {
 gen_helper_raise_illegal_instruction(cpu_env);
@@ -1798,9 +1797,9 @@ static void decode_opc(DisasContext * ctx)
 
 _decode_opc(ctx);
 
-if (old_flags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)) {
+if (old_flags & DELAY_SLOT_MASK) {
 /* go 

[Qemu-devel] [PATCH v2 13/29] target/s390x: implement MOVE ZONES

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 13 +
 target/s390x/translate.c   |  8 
 4 files changed, 24 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index e3a438b845..214a5e9e1c 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -16,6 +16,7 @@ DEF_HELPER_4(clst, i64, env, i64, i64, i64)
 DEF_HELPER_FLAGS_4(mvn, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(mvo, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(mvpg, TCG_CALL_NO_WG, i32, env, i64, i64, i64)
+DEF_HELPER_FLAGS_4(mvz, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_4(mvst, i64, env, i64, i64, i64)
 DEF_HELPER_4(ex, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(stam, TCG_CALL_NO_WG, void, env, i32, i64, i32)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 47542eeaf3..b40611b75f 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -588,6 +588,8 @@
 /* Really format SS_b, but we pack both lengths into one argument
for the helper call, so we might as well leave one 8-bit field.  */
 C(0xf100, MVO, SS_a,  Z,   la1, a2, 0, 0, mvo, 0)
+/* MOVE ZONES */
+C(0xd300, MVZ, SS_a,  Z,   la1, a2, 0, 0, mvz, 0)
 
 /* MULTIPLY */
 C(0x1c00, MR,  RR_a,  Z,   r1p1_32s, r2_32s, new, r1_D32, mul, 0)
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index f748750a55..484dfcd9d6 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -287,6 +287,19 @@ void HELPER(mvo)(CPUS390XState *env, uint32_t l, uint64_t 
dest, uint64_t src)
 }
 }
 
+/* move zones  */
+void HELPER(mvz)(CPUS390XState *env, uint32_t l, uint64_t dest, uint64_t src)
+{
+uintptr_t ra = GETPC();
+int i;
+
+for (i = 0; i <= l; i++) {
+uint8_t b = cpu_ldub_data_ra(env, dest + i, ra) & 0x0f;
+b |= cpu_ldub_data_ra(env, src + i, ra) & 0xf0;
+cpu_stb_data_ra(env, dest + i, b, ra);
+}
+}
+
 /* compare unsigned byte arrays */
 static uint32_t do_helper_clc(CPUS390XState *env, uint32_t l, uint64_t s1,
   uint64_t s2, uintptr_t ra)
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index b1877cf27b..95ca53c1ef 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -3021,6 +3021,14 @@ static ExitStatus op_mvst(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_mvz(DisasContext *s, DisasOps *o)
+{
+TCGv_i32 l = tcg_const_i32(get_field(s->fields, l1));
+gen_helper_mvz(cpu_env, l, o->addr1, o->in2);
+tcg_temp_free_i32(l);
+return NO_EXIT;
+}
+
 static ExitStatus op_mul(DisasContext *s, DisasOps *o)
 {
 tcg_gen_mul_i64(o->out, o->in1, o->in2);
-- 
2.11.0

[Qemu-devel] [PULL 2/5] target/sh4: fix reset when using a kernel and an initrd

[Aurelien Jarno]

When a masked exception happens, the SH4 CPU generates a non-masked
reset exception, which then jumps to the reset vector at address
0xA000. While this is emulated correctly in QEMU, this does not
work when using a kernel and initrd as this address then contain an
illegal instruction (and there is no guarantee the kernel and initrd
haven't been overwritten).

Therefore call qemu_system_reset_request to reload the kernel and initrd
and load the program counter to the kernel entry point.

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/sh4/helper.c | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/target/sh4/helper.c b/target/sh4/helper.c
index 4c024f9529..5296e7cf4e 100644
--- a/target/sh4/helper.c
+++ b/target/sh4/helper.c
@@ -21,6 +21,7 @@
 #include "cpu.h"
 #include "exec/exec-all.h"
 #include "exec/log.h"
+#include "sysemu/sysemu.h"
 
 #if !defined(CONFIG_USER_ONLY)
 #include "hw/sh4/sh_intc.h"
@@ -92,7 +93,14 @@ void superh_cpu_do_interrupt(CPUState *cs)
 
 if (env->sr & (1u << SR_BL)) {
 if (do_exp && cs->exception_index != 0x1e0) {
-cs->exception_index = 0x000; /* masked exception -> reset */
+/* In theory a masked exception generates a reset exception,
+   which in turn jumps to the reset vector. However this only
+   works when using a bootloader. When using a kernel and an
+   initrd, they need to be reloaded and the program counter
+   should be loaded with the kernel entry point.
+   qemu_system_reset_request takes care of that.  */
+qemu_system_reset_request();
+return;
 }
 if (do_irq && !env->in_sleep) {
 return; /* masked */
-- 
2.11.0

[Qemu-devel] [PATCH v2 24/29] target/s390x: implement PACK UNICODE

[Aurelien Jarno]

Use a common helper with PACK ASCII as the differences are limited to
the stride of the source operand.

Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 30 +-
 target/s390x/translate.c   | 16 
 4 files changed, 40 insertions(+), 9 deletions(-)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 9d6b59d3cc..6e167d9643 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -84,6 +84,7 @@ DEF_HELPER_FLAGS_3(sqxb, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_1(cvd, TCG_CALL_NO_RWG_SE, i64, s32)
 DEF_HELPER_FLAGS_4(pack, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(pka, TCG_CALL_NO_WG, void, env, i64, i64, i32)
+DEF_HELPER_FLAGS_4(pku, TCG_CALL_NO_WG, void, env, i64, i64, i32)
 DEF_HELPER_FLAGS_4(unpk, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(tr, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_4(tre, i64, env, i64, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 41431affe6..16f788c86a 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -669,6 +669,8 @@
 C(0xf200, PACK,SS_a,  Z,   la1, a2, 0, 0, pack, 0)
 /* PACK ASCII */
 C(0xe900, PKA, SS_f,  E2,  la1, a2, 0, 0, pka, 0)
+/* PACK UNICODE */
+C(0xe100, PKU, SS_f,  E2,  la1, a2, 0, 0, pku, 0)
 
 /* PREFETCH */
 /* Implemented as nops of course.  */
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 01d6734860..4044dc4eb0 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -914,10 +914,9 @@ void HELPER(pack)(CPUS390XState *env, uint32_t len, 
uint64_t dest, uint64_t src)
 }
 }
 
-void HELPER(pka)(CPUS390XState *env, uint64_t dest, uint64_t src,
- uint32_t srclen)
+static inline void do_pkau(CPUS390XState *env, uint64_t dest, uint64_t src,
+   uint32_t srclen, int ssize, uintptr_t ra)
 {
-uintptr_t ra = GETPC();
 int i;
 /* The destination operand is always 16 bytes long.  */
 const int destlen = 16;
@@ -932,16 +931,16 @@ void HELPER(pka)(CPUS390XState *env, uint64_t dest, 
uint64_t src,
 /* Start with a positive sign */
 if (i == 0) {
 b = 0xc;
-} else if (srclen > 1) {
+} else if (srclen > ssize) {
 b = cpu_ldub_data_ra(env, src, ra) & 0x0f;
-src--;
-srclen--;
+src -= ssize;
+srclen -= ssize;
 }
 
-if (srclen > 1) {
+if (srclen > ssize) {
 b |= cpu_ldub_data_ra(env, src, ra) << 4;
-src--;
-srclen--;
+src -= ssize;
+srclen -= ssize;
 }
 
 cpu_stb_data_ra(env, dest, b, ra);
@@ -949,6 +948,19 @@ void HELPER(pka)(CPUS390XState *env, uint64_t dest, 
uint64_t src,
 }
 }
 
+
+void HELPER(pka)(CPUS390XState *env, uint64_t dest, uint64_t src,
+ uint32_t srclen)
+{
+do_pkau(env, dest, src, srclen, 1, GETPC());
+}
+
+void HELPER(pku)(CPUS390XState *env, uint64_t dest, uint64_t src,
+ uint32_t srclen)
+{
+do_pkau(env, dest, src, srclen, 2, GETPC());
+}
+
 void HELPER(unpk)(CPUS390XState *env, uint32_t len, uint64_t dest,
   uint64_t src)
 {
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 5093995f9a..d8b0515f17 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -3317,6 +3317,22 @@ static ExitStatus op_pka(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_pku(DisasContext *s, DisasOps *o)
+{
+int l2 = get_field(s->fields, l2) + 1;
+TCGv_i32 l;
+
+/* The length must be even and should not exceed 64 bytes.  */
+if ((l2 & 1) || (l2 > 64)) {
+gen_program_exception(s, PGM_SPECIFICATION);
+return EXIT_NORETURN;
+}
+l = tcg_const_i32(l2);
+gen_helper_pku(cpu_env, o->addr1, o->in2, l);
+tcg_temp_free_i32(l);
+return NO_EXIT;
+}
+
 static ExitStatus op_popcnt(DisasContext *s, DisasOps *o)
 {
 gen_helper_popcnt(o->out, o->in2);
-- 
2.11.0

[Qemu-devel] [PATCH v2 25/29] target/s390x: implement UNPACK ASCII

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 51 ++
 target/s390x/translate.c   | 17 
 4 files changed, 71 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 6e167d9643..97f03e7b79 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -86,6 +86,7 @@ DEF_HELPER_FLAGS_4(pack, TCG_CALL_NO_WG, void, env, i32, i64, 
i64)
 DEF_HELPER_FLAGS_4(pka, TCG_CALL_NO_WG, void, env, i64, i64, i32)
 DEF_HELPER_FLAGS_4(pku, TCG_CALL_NO_WG, void, env, i64, i64, i32)
 DEF_HELPER_FLAGS_4(unpk, TCG_CALL_NO_WG, void, env, i32, i64, i64)
+DEF_HELPER_FLAGS_4(unpka, TCG_CALL_NO_WG, i32, env, i64, i32, i64)
 DEF_HELPER_FLAGS_4(tr, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_4(tre, i64, env, i64, i64, i64)
 DEF_HELPER_4(trt, i32, env, i32, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 16f788c86a..33434a31d0 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -875,6 +875,8 @@
 /* Really format SS_b, but we pack both lengths into one argument
for the helper call, so we might as well leave one 8-bit field.  */
 C(0xf300, UNPK,SS_a,  Z,   la1, a2, 0, 0, unpk, 0)
+/* UNPACK ASCII */
+C(0xea00, UNPKA,   SS_a,  E2,  la1, a2, 0, 0, unpka, 0)
 
 #ifndef CONFIG_USER_ONLY
 /* COMPARE AND SWAP AND PURGE */
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 4044dc4eb0..261c23733d 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1008,6 +1008,57 @@ void HELPER(unpk)(CPUS390XState *env, uint32_t len, 
uint64_t dest,
 }
 }
 
+uint32_t HELPER(unpka)(CPUS390XState *env, uint64_t dest, uint32_t destlen,
+   uint64_t src)
+{
+uintptr_t ra = GETPC();
+int i;
+uint32_t cc;
+uint8_t b;
+/* The source operand is always 16 bytes long.  */
+const int srclen = 16;
+
+/* The operands are processed from right to left.  */
+src += srclen - 1;
+dest += destlen - 1;
+
+/* Check for the sign.  */
+b = cpu_ldub_data_ra(env, src, ra);
+src--;
+switch (b & 0xf) {
+case 0xa:
+case 0xc:
+case 0xe ... 0xf:
+cc = 0;  /* plus */
+break;
+case 0xb:
+case 0xd:
+cc = 1;  /* minus */
+break;
+default:
+case 0x0 ... 0x9:
+cc = 3;  /* invalid */
+break;
+}
+
+/* Now pad every nibble with 0x30, advancing one nibble at a time. */
+for (i = 0; i < destlen; i++) {
+if (i == 31) {
+/* If length is 32 bytes, the leftmost byte is 0. */
+b = 0;
+} else if (i % 2) {
+b = cpu_ldub_data_ra(env, src, ra);
+src--;
+} else {
+b >>= 4;
+}
+cpu_stb_data_ra(env, dest, 0x30 + (b & 0xf), ra);
+dest--;
+}
+
+return cc;
+}
+
 static uint32_t do_helper_tr(CPUS390XState *env, uint32_t len, uint64_t array,
  uint64_t trans, uintptr_t ra)
 {
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index d8b0515f17..2ff666573e 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4357,6 +4357,23 @@ static ExitStatus op_unpk(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_unpka(DisasContext *s, DisasOps *o)
+{
+int l1 = get_field(s->fields, l1) + 1;
+TCGv_i32 l;
+
+/* The length must not exceed 32 bytes.  */
+if (l1 > 32) {
+gen_program_exception(s, PGM_SPECIFICATION);
+return EXIT_NORETURN;
+}
+l = tcg_const_i32(l1);
+gen_helper_unpka(cc_op, cpu_env, o->addr1, l, o->in2);
+tcg_temp_free_i32(l);
+set_cc_static(s);
+return NO_EXIT;
+}
+
 static ExitStatus op_xc(DisasContext *s, DisasOps *o)
 {
 int d1 = get_field(s->fields, d1);
-- 
2.11.0

[Qemu-devel] [PATCH v2 29/29] target/s390x: update maximum TCG model to z800

[Aurelien Jarno]

At the same time fix the TCG version of get_max_cpu_model to return the
maximum model like on KVM. Remove the long-displacement facility from
the additional features as it is included in the z800.

Signed-off-by: Aurelien Jarno 
---
 target/s390x/cpu_models.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index e5e005a430..5f2c195d53 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -668,7 +668,6 @@ static void add_qemu_cpu_model_features(S390FeatBitmap fbm)
 static const int feats[] = {
 S390_FEAT_STFLE,
 S390_FEAT_EXTENDED_IMMEDIATE,
-S390_FEAT_LONG_DISPLACEMENT,
 S390_FEAT_LONG_DISPLACEMENT_FAST,
 S390_FEAT_STORE_CLOCK_FAST,
 S390_FEAT_GENERAL_INSTRUCTIONS_EXT,
@@ -694,9 +693,9 @@ static S390CPUModel *get_max_cpu_model(Error **errp)
 if (kvm_enabled()) {
 kvm_s390_get_host_cpu_model(_model, errp);
 } else {
-/* TCG emulates a z900 (with some optional additional features) */
-max_model.def = _cpu_defs[0];
-bitmap_copy(max_model.features, max_model.def->default_feat,
+/* TCG emulates a z800 (with some optional additional features) */
+max_model.def = s390_find_cpu_def(0x2066, 7, 3, NULL);
+bitmap_copy(max_model.features, max_model.def->full_feat,
 S390_FEAT_MAX);
 add_qemu_cpu_model_features(max_model.features);
 }
@@ -954,8 +953,9 @@ static void s390_qemu_cpu_model_initfn(Object *obj)
 S390CPU *cpu = S390_CPU(obj);
 
 cpu->model = g_malloc0(sizeof(*cpu->model));
-/* TCG emulates a z900 (with some optional additional features) */
-memcpy(_qemu_cpu_defs, _cpu_defs[0], sizeof(s390_qemu_cpu_defs));
+/* TCG emulates a z800 (with some optional additional features) */
+memcpy(_qemu_cpu_defs, s390_find_cpu_def(0x2066, 7, 3, NULL),
+   sizeof(s390_qemu_cpu_defs));
 add_qemu_cpu_model_features(s390_qemu_cpu_defs.full_feat);
 cpu->model->def = _qemu_cpu_defs;
 bitmap_copy(cpu->model->features, cpu->model->def->default_feat,
-- 
2.11.0

[Qemu-devel] [PULL 5/5] target/sh4: fix RTE instruction delay slot

[Aurelien Jarno]

The ReTurn from Exception (RTE) instruction loads the system register
(SR) with the saved system register (SSR). It has a delay slot, and
behaves specially according to the SH4 manual:

  The SR value accessed by the instruction in the RTE delay slot is the
  value restored from SSR by the RTE instruction. The SR and MD values
  defined prior to RTE execution are used to fetch the instruction in
  the RTE delay slot.

The instruction in the delay slot being often a NOP, it doesn't cause
any issue most of the time except in some rare cases where the NOP is
being splitted in a different TB (for example when the TCG op buffer
is full). In that case the NOP is fetched with the user permissions
and causes an instruction TLB protection violation exception.

This patches fixes that by introducing a new delay slot flag for the
RTE instruction. Given it's a privileged instruction, the RTE delay
slot instruction is always fetched in privileged mode. It is therefore
enough to to check for this flag in cpu_mmu_index.

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/sh4/cpu.h   | 13 ++---
 target/sh4/translate.c |  8 ++--
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/target/sh4/cpu.h b/target/sh4/cpu.h
index 7969c9af98..ffb91687b8 100644
--- a/target/sh4/cpu.h
+++ b/target/sh4/cpu.h
@@ -91,9 +91,10 @@
 #define FPSCR_RM_NEAREST   (0 << 0)
 #define FPSCR_RM_ZERO  (1 << 0)
 
-#define DELAY_SLOT_MASK0x3
+#define DELAY_SLOT_MASK0x7
 #define DELAY_SLOT (1 << 0)
 #define DELAY_SLOT_CONDITIONAL (1 << 1)
+#define DELAY_SLOT_RTE (1 << 2)
 
 typedef struct tlb_t {
 uint32_t vpn;  /* virtual page number */
@@ -264,7 +265,13 @@ void cpu_load_tlb(CPUSH4State * env);
 #define MMU_USER_IDX 1
 static inline int cpu_mmu_index (CPUSH4State *env, bool ifetch)
 {
-return (env->sr & (1u << SR_MD)) == 0 ? 1 : 0;
+/* The instruction in a RTE delay slot is fetched in privileged
+   mode, but executed in user mode.  */
+if (ifetch && (env->flags & DELAY_SLOT_RTE)) {
+return 0;
+} else {
+return (env->sr & (1u << SR_MD)) == 0 ? 1 : 0;
+}
 }
 
 #include "exec/cpu-all.h"
@@ -381,7 +388,7 @@ static inline void cpu_get_tb_cpu_state(CPUSH4State *env, 
target_ulong *pc,
 {
 *pc = env->pc;
 *cs_base = 0;
-*flags = (env->flags & DELAY_SLOT_MASK)/* Bits  0- 1 */
+*flags = (env->flags & DELAY_SLOT_MASK)/* Bits  0- 2 */
 | (env->fpscr & (FPSCR_FR | FPSCR_SZ | FPSCR_PR))  /* Bits 19-21 */
 | (env->sr & ((1u << SR_MD) | (1u << SR_RB)))  /* Bits 29-30 */
 | (env->sr & (1u << SR_FD))/* Bit 15 */
diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index aba316f593..8bc132b27b 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -185,6 +185,9 @@ void superh_cpu_dump_state(CPUState *cs, FILE *f,
 } else if (env->flags & DELAY_SLOT_CONDITIONAL) {
cpu_fprintf(f, "in conditional delay slot (delayed_pc=0x%08x)\n",
env->delayed_pc);
+} else if (env->flags & DELAY_SLOT_RTE) {
+cpu_fprintf(f, "in rte delay slot (delayed_pc=0x%08x)\n",
+env->delayed_pc);
 }
 }
 
@@ -427,8 +430,9 @@ static void _decode_opc(DisasContext * ctx)
CHECK_NOT_DELAY_SLOT
 gen_write_sr(cpu_ssr);
tcg_gen_mov_i32(cpu_delayed_pc, cpu_spc);
-ctx->envflags |= DELAY_SLOT;
+ctx->envflags |= DELAY_SLOT_RTE;
ctx->delayed_pc = (uint32_t) - 1;
+ctx->bstate = BS_STOP;
return;
 case 0x0058:   /* sets */
 tcg_gen_ori_i32(cpu_sr, cpu_sr, (1u << SR_S));
@@ -1804,7 +1808,7 @@ static void decode_opc(DisasContext * ctx)
 ctx->bstate = BS_BRANCH;
 if (old_flags & DELAY_SLOT_CONDITIONAL) {
gen_delayed_conditional_jump(ctx);
-} else if (old_flags & DELAY_SLOT) {
+} else {
 gen_jump(ctx);
}
 
-- 
2.11.0

[Qemu-devel] [PATCH v2 11/29] target/s390x: implement MOVE NUMERICS

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 13 +
 target/s390x/translate.c   |  8 
 4 files changed, 24 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 26a7abe4b4..a377997df5 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -13,6 +13,7 @@ DEF_HELPER_FLAGS_3(divs64, TCG_CALL_NO_WG, s64, env, s64, s64)
 DEF_HELPER_FLAGS_4(divu64, TCG_CALL_NO_WG, i64, env, i64, i64, i64)
 DEF_HELPER_4(srst, i64, env, i64, i64, i64)
 DEF_HELPER_4(clst, i64, env, i64, i64, i64)
+DEF_HELPER_FLAGS_4(mvn, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(mvpg, TCG_CALL_NO_WG, i32, env, i64, i64, i64)
 DEF_HELPER_4(mvst, i64, env, i64, i64, i64)
 DEF_HELPER_4(ex, void, env, i32, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index c8f77611ab..6af717648c 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -578,6 +578,8 @@
 C(0x0e00, MVCL,RR_a,  Z,   0, 0, 0, 0, mvcl, 0)
 /* MOVE LONG EXTENDED */
 C(0xa800, MVCLE,   RS_a,  Z,   0, a2, 0, 0, mvcle, 0)
+/* MOVE NUMERICS */
+C(0xd100, MVN, SS_a,  Z,   la1, a2, 0, 0, mvn, 0)
 /* MOVE PAGE */
 C(0xb254, MVPG,RRE,   Z,   r1_o, r2_o, 0, 0, mvpg, 0)
 /* MOVE STRING */
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index eacd2bc794..4fb6ff29c3 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -243,6 +243,19 @@ void HELPER(mvcin)(CPUS390XState *env, uint32_t l, 
uint64_t dest, uint64_t src)
 }
 }
 
+/* move numerics  */
+void HELPER(mvn)(CPUS390XState *env, uint32_t l, uint64_t dest, uint64_t src)
+{
+uintptr_t ra = GETPC();
+int i;
+
+for (i = 0; i <= l; i++) {
+uint8_t v = cpu_ldub_data_ra(env, dest + i, ra) & 0xf0;
+v |= cpu_ldub_data_ra(env, src + i, ra) & 0x0f;
+cpu_stb_data_ra(env, dest + i, v, ra);
+}
+}
+
 /* compare unsigned byte arrays */
 static uint32_t do_helper_clc(CPUS390XState *env, uint32_t l, uint64_t s1,
   uint64_t s2, uintptr_t ra)
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 61373df29e..4e7211203a 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -2990,6 +2990,14 @@ static ExitStatus op_mvcs(DisasContext *s, DisasOps *o)
 }
 #endif
 
+static ExitStatus op_mvn(DisasContext *s, DisasOps *o)
+{
+TCGv_i32 l = tcg_const_i32(get_field(s->fields, l1));
+gen_helper_mvn(cpu_env, l, o->addr1, o->in2);
+tcg_temp_free_i32(l);
+return NO_EXIT;
+}
+
 static ExitStatus op_mvpg(DisasContext *s, DisasOps *o)
 {
 gen_helper_mvpg(cc_op, cpu_env, regs[0], o->in1, o->in2);
-- 
2.11.0

[Qemu-devel] [PATCH v2 12/29] target/s390x: implement MOVE WITH OFFSET

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  4 
 target/s390x/mem_helper.c  | 31 +++
 target/s390x/translate.c   |  8 
 4 files changed, 44 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index a377997df5..e3a438b845 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -14,6 +14,7 @@ DEF_HELPER_FLAGS_4(divu64, TCG_CALL_NO_WG, i64, env, i64, 
i64, i64)
 DEF_HELPER_4(srst, i64, env, i64, i64, i64)
 DEF_HELPER_4(clst, i64, env, i64, i64, i64)
 DEF_HELPER_FLAGS_4(mvn, TCG_CALL_NO_WG, void, env, i32, i64, i64)
+DEF_HELPER_FLAGS_4(mvo, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(mvpg, TCG_CALL_NO_WG, i32, env, i64, i64, i64)
 DEF_HELPER_4(mvst, i64, env, i64, i64, i64)
 DEF_HELPER_4(ex, void, env, i32, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 6af717648c..47542eeaf3 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -584,6 +584,10 @@
 C(0xb254, MVPG,RRE,   Z,   r1_o, r2_o, 0, 0, mvpg, 0)
 /* MOVE STRING */
 C(0xb255, MVST,RRE,   Z,   r1_o, r2_o, 0, 0, mvst, 0)
+/* MOVE WITH OFFSET */
+/* Really format SS_b, but we pack both lengths into one argument
+   for the helper call, so we might as well leave one 8-bit field.  */
+C(0xf100, MVO, SS_a,  Z,   la1, a2, 0, 0, mvo, 0)
 
 /* MULTIPLY */
 C(0x1c00, MR,  RR_a,  Z,   r1p1_32s, r2_32s, new, r1_D32, mul, 0)
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 4fb6ff29c3..f748750a55 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -256,6 +256,37 @@ void HELPER(mvn)(CPUS390XState *env, uint32_t l, uint64_t 
dest, uint64_t src)
 }
 }
 
+/* move with offset  */
+void HELPER(mvo)(CPUS390XState *env, uint32_t l, uint64_t dest, uint64_t src)
+{
+uintptr_t ra = GETPC();
+int len_dest = l >> 4;
+int len_src = l & 0xf;
+uint8_t byte_dest, byte_src;
+int i;
+
+src += len_src;
+dest += len_dest;
+
+/* Handle rightmost byte */
+byte_src = cpu_ldub_data_ra(env, src, ra);
+byte_dest = cpu_ldub_data_ra(env, dest, ra);
+byte_dest = (byte_dest & 0x0f) | (byte_src << 4);
+cpu_stb_data_ra(env, dest, byte_dest, ra);
+
+/* Process remaining bytes from right to left */
+for (i = 1; i <= len_dest; i++) {
+byte_dest = byte_src >> 4;
+if (len_src - i >= 0) {
+byte_src = cpu_ldub_data_ra(env, src - i, ra);
+} else {
+byte_src = 0;
+}
+byte_dest |= byte_src << 4;
+cpu_stb_data_ra(env, dest - i, byte_dest, ra);
+}
+}
+
 /* compare unsigned byte arrays */
 static uint32_t do_helper_clc(CPUS390XState *env, uint32_t l, uint64_t s1,
   uint64_t s2, uintptr_t ra)
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 4e7211203a..b1877cf27b 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -2998,6 +2998,14 @@ static ExitStatus op_mvn(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_mvo(DisasContext *s, DisasOps *o)
+{
+TCGv_i32 l = tcg_const_i32(get_field(s->fields, l1));
+gen_helper_mvo(cpu_env, l, o->addr1, o->in2);
+tcg_temp_free_i32(l);
+return NO_EXIT;
+}
+
 static ExitStatus op_mvpg(DisasContext *s, DisasOps *o)
 {
 gen_helper_mvpg(cc_op, cpu_env, regs[0], o->in1, o->in2);
-- 
2.11.0

[Qemu-devel] [PULL 1/5] target/sh4: log unauthorized accesses using qemu_log_mask

[Aurelien Jarno]

qemu_log_mask() is preferred over fprintf() for logging errors.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/sh4/helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/sh4/helper.c b/target/sh4/helper.c
index 8f8ce81401..4c024f9529 100644
--- a/target/sh4/helper.c
+++ b/target/sh4/helper.c
@@ -420,7 +420,7 @@ static int get_physical_address(CPUSH4State * env, 
target_ulong * physical,
 if (!(env->sr & (1u << SR_MD))
&& (address < 0xe000 || address >= 0xe400)) {
/* Unauthorized access in user mode (only store queues are 
available) */
-   fprintf(stderr, "Unauthorized access\n");
+qemu_log_mask(LOG_GUEST_ERROR, "Unauthorized access\n");
if (rw == 0)
return MMU_DADDR_ERROR_READ;
else if (rw == 1)
-- 
2.11.0

[Qemu-devel] [PATCH v2 27/29] target/s390x: implement TEST DECIMAL

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  3 +++
 target/s390x/mem_helper.c  | 23 +++
 target/s390x/translate.c   |  9 +
 4 files changed, 36 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index b2e269b6a5..c14268494e 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -88,6 +88,7 @@ DEF_HELPER_FLAGS_4(pku, TCG_CALL_NO_WG, void, env, i64, i64, 
i32)
 DEF_HELPER_FLAGS_4(unpk, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(unpka, TCG_CALL_NO_WG, i32, env, i64, i32, i64)
 DEF_HELPER_FLAGS_4(unpku, TCG_CALL_NO_WG, i32, env, i64, i32, i64)
+DEF_HELPER_FLAGS_3(tp, TCG_CALL_NO_WG, i32, env, i64, i32)
 DEF_HELPER_FLAGS_4(tr, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_4(tre, i64, env, i64, i64, i64)
 DEF_HELPER_4(trt, i32, env, i32, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 683f91bf7f..7f554ab133 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -856,6 +856,9 @@
 C(0xed11, TCDB,RXE,   Z,   f1_o, a2, 0, 0, tcdb, 0)
 C(0xed12, TCXB,RXE,   Z,   x1_o, a2, 0, 0, tcxb, 0)
 
+/* TEST DECIMAL */
+C(0xebc0, TP,  RSL,   E2,  la1, 0, 0, 0, tp, 0)
+
 /* TEST UNDER MASK */
 C(0x9100, TM,  SI,Z,   m1_8u, i2_8u, 0, 0, 0, tm32)
 C(0xeb51, TMY, SIY,   LD,  m1_8u, i2_8u, 0, 0, 0, tm32)
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 8063f42eb3..73a64bdda3 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1088,6 +1088,29 @@ uint32_t HELPER(unpku)(CPUS390XState *env, uint64_t 
dest, uint32_t destlen,
 return do_unpkau(env, dest, destlen, 2, src, GETPC());
 }
 
+uint32_t HELPER(tp)(CPUS390XState *env, uint64_t dest, uint32_t destlen)
+{
+uintptr_t ra = GETPC();
+uint32_t cc = 0;
+int i;
+
+for (i = 0; i < destlen; i++) {
+uint8_t b = cpu_ldub_data_ra(env, dest + i, ra);
+/* digit */
+cc |= (b & 0xf0) > 0x90 ? 2 : 0;
+
+if (i == (destlen - 1)) {
+/* sign */
+cc |= (b & 0xf) < 0xa ? 1 : 0;
+} else {
+/* digit */
+cc |= (b & 0xf) > 0x9 ? 2 : 0;
+}
+}
+
+return cc;
+}
+
 static uint32_t do_helper_tr(CPUS390XState *env, uint32_t len, uint64_t array,
  uint64_t trans, uintptr_t ra)
 {
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 747d4ebc10..a7c564fa93 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4313,6 +4313,15 @@ static ExitStatus op_tprot(DisasContext *s, DisasOps *o)
 
 #endif
 
+static ExitStatus op_tp(DisasContext *s, DisasOps *o)
+{
+TCGv_i32 l1 = tcg_const_i32(get_field(s->fields, l1) + 1);
+gen_helper_tp(cc_op, cpu_env, o->addr1, l1);
+tcg_temp_free_i32(l1);
+set_cc_static(s);
+return NO_EXIT;
+}
+
 static ExitStatus op_tr(DisasContext *s, DisasOps *o)
 {
 TCGv_i32 l = tcg_const_i32(get_field(s->fields, l1));
-- 
2.11.0

[Qemu-devel] [PATCH v2 21/29] target/s390x: implement COMPARE LOGICAL LONG UNICODE

[Aurelien Jarno]

For that we need to make program_interrupt available to qemu-user.
Fortunately there is almost nothing to change as both kvm_enabled and
CONFIG_KVM evaluate to false in that case.

Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 76 ++
 target/s390x/misc_helper.c |  4 +--
 target/s390x/translate.c   | 22 ++
 5 files changed, 90 insertions(+), 15 deletions(-)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index e717e2284f..3580c6e13d 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -24,6 +24,7 @@ DEF_HELPER_FLAGS_4(stam, TCG_CALL_NO_WG, void, env, i32, i64, 
i32)
 DEF_HELPER_FLAGS_4(lam, TCG_CALL_NO_WG, void, env, i32, i64, i32)
 DEF_HELPER_4(mvcle, i32, env, i32, i64, i32)
 DEF_HELPER_4(clcle, i32, env, i32, i64, i32)
+DEF_HELPER_4(clclu, i32, env, i32, i64, i32)
 DEF_HELPER_3(cegb, i64, env, s64, i32)
 DEF_HELPER_3(cdgb, i64, env, s64, i32)
 DEF_HELPER_3(cxgb, i64, env, s64, i32)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 1aa2b8b657..c781a97a3a 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -220,6 +220,8 @@
 C(0x0f00, CLCL,RR_a,  Z,   0, 0, 0, 0, clcl, 0)
 /* COMPARE LOGICAL LONG EXTENDED */
 C(0xa900, CLCLE,   RS_a,  Z,   0, a2, 0, 0, clcle, 0)
+/* COMPARE LOGICAL LONG UNICODE */
+C(0xeb8f, CLCLU,   RSY_a, E2,  0, a2, 0, 0, clclu, 0)
 /* COMPARE LOGICAL CHARACTERS UNDER MASK */
 C(0xbd00, CLM, RS_b,  Z,   r1_o, a2, 0, 0, clm, 0)
 C(0xeb21, CLMY,RSY_b, LD,  r1_o, a2, 0, 0, clm, 0)
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index e41d21fb55..4857f7214e 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -67,6 +67,32 @@ static inline uint32_t adj_len_to_page(uint32_t len, 
uint64_t addr)
 return len;
 }
 
+/* Trigger a SPECIFICATION exception if an address or a length is not
+   naturally aligned.  */
+static inline void check_alignment(CPUS390XState *env, uint64_t v,
+   int wordsize, uintptr_t ra)
+{
+if (v % wordsize) {
+CPUState *cs = CPU(s390_env_get_cpu(env));
+cpu_restore_state(cs, ra);
+program_interrupt(env, PGM_SPECIFICATION, 6);
+}
+}
+
+/* Load a value from memory according to its size.  */
+static inline uint64_t cpu_ldusize_data_ra(CPUS390XState *env, uint64_t addr,
+   int wordsize, uintptr_t ra)
+{
+switch (wordsize) {
+case 1:
+return cpu_ldub_data_ra(env, addr, ra);
+case 2:
+return cpu_lduw_data_ra(env, addr, ra);
+default:
+abort();
+}
+}
+
 static void fast_memset(CPUS390XState *env, uint64_t dest, uint8_t byte,
 uint32_t l, uintptr_t ra)
 {
@@ -655,12 +681,14 @@ uint32_t HELPER(mvcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
 static inline uint32_t do_clcl(CPUS390XState *env,
uint64_t *src1, uint64_t *src1len,
uint64_t *src3, uint64_t *src3len,
-   uint8_t pad, uint64_t limit,
-   uintptr_t ra)
+   uint16_t pad, uint64_t limit,
+   int wordsize, uintptr_t ra)
 {
 uint64_t len = MAX(*src1len, *src3len);
 uint32_t cc = 0;
 
+check_alignment(env, *src1len | *src3len, wordsize, ra);
+
 if (!len) {
 return cc;
 }
@@ -672,15 +700,15 @@ static inline uint32_t do_clcl(CPUS390XState *env,
 cc = 3;
 }
 
-for (; len; len--) {
-uint8_t v1 = pad;
-uint8_t v3 = pad;
+for (; len; len -= wordsize) {
+uint16_t v1 = pad;
+uint16_t v3 = pad;
 
 if (*src1len) {
-v1 = cpu_ldub_data_ra(env, *src1, ra);
+v1 = cpu_ldusize_data_ra(env, *src1, wordsize, ra);
 }
 if (*src3len) {
-v3 = cpu_ldub_data_ra(env, *src3, ra);
+v3 = cpu_ldusize_data_ra(env, *src3, wordsize, ra);
 }
 
 if (v1 != v3) {
@@ -689,12 +717,12 @@ static inline uint32_t do_clcl(CPUS390XState *env,
 }
 
 if (*src1len) {
-*src1 += 1;
-*src1len -= 1;
+*src1 += wordsize;
+*src1len -= wordsize;
 }
 if (*src3len) {
-*src3 += 1;
-*src3len -= 1;
+*src3 += wordsize;
+*src3len -= wordsize;
 }
 }
 
@@ -713,7 +741,7 @@ uint32_t HELPER(clcl)(CPUS390XState *env, uint32_t r1, 
uint32_t r2)
 uint8_t pad = env->regs[r2 + 1] >> 24;
 uint32_t cc;
 
-cc = do_clcl(env, , , , , pad, -1, ra);
+cc = do_clcl(env, , , , , pad, -1, 1, ra);
 
 env->regs[r1 + 1] = deposit64(env->regs[r1 + 1], 0, 24, src1len);
 env->regs[r2 + 1] = deposit64(env->regs[r2 + 1], 0, 24, 

[Qemu-devel] [PATCH v2 26/29] target/s390x: implement UNPACK UNICODE

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 49 --
 target/s390x/translate.c   | 18 +
 4 files changed, 60 insertions(+), 10 deletions(-)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 97f03e7b79..b2e269b6a5 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -87,6 +87,7 @@ DEF_HELPER_FLAGS_4(pka, TCG_CALL_NO_WG, void, env, i64, i64, 
i32)
 DEF_HELPER_FLAGS_4(pku, TCG_CALL_NO_WG, void, env, i64, i64, i32)
 DEF_HELPER_FLAGS_4(unpk, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(unpka, TCG_CALL_NO_WG, i32, env, i64, i32, i64)
+DEF_HELPER_FLAGS_4(unpku, TCG_CALL_NO_WG, i32, env, i64, i32, i64)
 DEF_HELPER_FLAGS_4(tr, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_4(tre, i64, env, i64, i64, i64)
 DEF_HELPER_4(trt, i32, env, i32, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 33434a31d0..683f91bf7f 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -877,6 +877,8 @@
 C(0xf300, UNPK,SS_a,  Z,   la1, a2, 0, 0, unpk, 0)
 /* UNPACK ASCII */
 C(0xea00, UNPKA,   SS_a,  E2,  la1, a2, 0, 0, unpka, 0)
+/* UNPACK UNICODE */
+C(0xe200, UNPKU,   SS_a,  E2,  la1, a2, 0, 0, unpku, 0)
 
 #ifndef CONFIG_USER_ONLY
 /* COMPARE AND SWAP AND PURGE */
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 261c23733d..8063f42eb3 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -93,6 +93,23 @@ static inline uint64_t cpu_ldusize_data_ra(CPUS390XState 
*env, uint64_t addr,
 }
 }
 
+/* Store a to memory according to its size.  */
+static inline void cpu_stsize_data_ra(CPUS390XState *env, uint64_t addr,
+  uint64_t value, int wordsize,
+  uintptr_t ra)
+{
+switch (wordsize) {
+case 1:
+cpu_stb_data_ra(env, addr, value, ra);
+break;
+case 2:
+cpu_stw_data_ra(env, addr, value, ra);
+break;
+default:
+abort();
+}
+}
+
 static void fast_memset(CPUS390XState *env, uint64_t dest, uint8_t byte,
 uint32_t l, uintptr_t ra)
 {
@@ -1008,10 +1025,10 @@ void HELPER(unpk)(CPUS390XState *env, uint32_t len, 
uint64_t dest,
 }
 }
 
-uint32_t HELPER(unpka)(CPUS390XState *env, uint64_t dest, uint32_t destlen,
-   uint64_t src)
+static inline uint32_t do_unpkau(CPUS390XState *env, uint64_t dest,
+ uint32_t destlen, int dsize, uint64_t src,
+ uintptr_t ra)
 {
-uintptr_t ra = GETPC();
 int i;
 uint32_t cc;
 uint8_t b;
@@ -1020,7 +1037,7 @@ uint32_t HELPER(unpka)(CPUS390XState *env, uint64_t dest, 
uint32_t destlen,
 
 /* The operands are processed from right to left.  */
 src += srclen - 1;
-dest += destlen - 1;
+dest += destlen - dsize;
 
 /* Check for the sign.  */
 b = cpu_ldub_data_ra(env, src, ra);
@@ -1042,23 +1059,35 @@ uint32_t HELPER(unpka)(CPUS390XState *env, uint64_t 
dest, uint32_t destlen,
 }
 
 /* Now pad every nibble with 0x30, advancing one nibble at a time. */
-for (i = 0; i < destlen; i++) {
-if (i == 31) {
-/* If length is 32 bytes, the leftmost byte is 0. */
+for (i = 0; i < destlen; i += dsize) {
+if (i == (31 * dsize)) {
+/* If length is 32/64 bytes, the leftmost byte is 0. */
 b = 0;
-} else if (i % 2) {
+} else if (i % (2 * dsize)) {
 b = cpu_ldub_data_ra(env, src, ra);
 src--;
 } else {
 b >>= 4;
 }
-cpu_stb_data_ra(env, dest, 0x30 + (b & 0xf), ra);
-dest--;
+cpu_stsize_data_ra(env, dest, 0x30 + (b & 0xf), dsize, ra);
+dest -= dsize;
 }
 
 return cc;
 }
 
+uint32_t HELPER(unpka)(CPUS390XState *env, uint64_t dest, uint32_t destlen,
+   uint64_t src)
+{
+return do_unpkau(env, dest, destlen, 1, src, GETPC());
+}
+
+uint32_t HELPER(unpku)(CPUS390XState *env, uint64_t dest, uint32_t destlen,
+   uint64_t src)
+{
+return do_unpkau(env, dest, destlen, 2, src, GETPC());
+}
+
 static uint32_t do_helper_tr(CPUS390XState *env, uint32_t len, uint64_t array,
  uint64_t trans, uintptr_t ra)
 {
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 2ff666573e..747d4ebc10 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4374,6 +4374,24 @@ static ExitStatus op_unpka(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_unpku(DisasContext *s, DisasOps *o)
+{
+int l1 = get_field(s->fields, l1) + 1;
+TCGv_i32 l;
+
+/* The length must be even and should not 

[Qemu-devel] [PATCH v2 02/29] target/s390x: remove some Linux assumptions from IPTE

[Aurelien Jarno]

Signed-off-by: Aurelien Jarno 
---
 target/s390x/cpu.h|  2 ++
 target/s390x/mem_helper.c | 17 ++---
 target/s390x/mmu_helper.c |  4 +---
 3 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 79235cfa45..d89ad83e71 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -1033,6 +1033,8 @@ struct sysib_322 {
 #define _SEGMENT_ENTRY_RO   0x200 /* page protection bit  
*/
 #define _SEGMENT_ENTRY_INV  0x20  /* invalid segment table entry  
*/
 
+#define _VADDR_PX   0xff000   /* page index bits  
*/
+
 #define _PAGE_RO0x200/* HW read-only bit  */
 #define _PAGE_INVALID   0x400/* HW invalid bit*/
 #define _PAGE_RES0  0x800/* bit must be zero  */
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index e35571e342..0ebd65d9ab 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1073,19 +1073,22 @@ uint32_t HELPER(mvcp)(CPUS390XState *env, uint64_t l, 
uint64_t a1, uint64_t a2)
 }
 
 /* invalidate pte */
-void HELPER(ipte)(CPUS390XState *env, uint64_t pte_addr, uint64_t vaddr)
+void HELPER(ipte)(CPUS390XState *env, uint64_t pto, uint64_t vaddr)
 {
 CPUState *cs = CPU(s390_env_get_cpu(env));
 uint64_t page = vaddr & TARGET_PAGE_MASK;
-uint64_t pte = 0;
+uint64_t pte_addr, pte;
 
 /* XXX broadcast to other CPUs */
 
-/* XXX Linux is nice enough to give us the exact pte address.
-   According to spec we'd have to find it out ourselves */
-/* XXX Linux is fine with overwriting the pte, the spec requires
-   us to only set the invalid bit */
-stq_phys(cs->as, pte_addr, pte | _PAGE_INVALID);
+/* Compute the page table entry address */
+pte_addr = (pto & _SEGMENT_ENTRY_ORIGIN);
+pte_addr += (vaddr & _VADDR_PX) >> 9;
+
+/* Mark the page table entry as invalid */
+pte = ldq_phys(cs->as, pte_addr);
+pte |= _PAGE_INVALID;
+stq_phys(cs->as, pte_addr, pte);
 
 /* XXX we exploit the fact that Linux passes the exact virtual
address here - it's not obliged to! */
diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
index 31eb9efa9b..fb712c8d66 100644
--- a/target/s390x/mmu_helper.c
+++ b/target/s390x/mmu_helper.c
@@ -143,8 +143,6 @@ static int mmu_translate_pte(CPUS390XState *env, 
target_ulong vaddr,
 return 0;
 }
 
-#define VADDR_PX0xff000 /* Page index bits */
-
 /* Decode segment table entry */
 static int mmu_translate_segment(CPUS390XState *env, target_ulong vaddr,
  uint64_t asc, uint64_t st_entry,
@@ -167,7 +165,7 @@ static int mmu_translate_segment(CPUS390XState *env, 
target_ulong vaddr,
 
 /* Look up 4KB page entry */
 origin = st_entry & _SEGMENT_ENTRY_ORIGIN;
-offs  = (vaddr & VADDR_PX) >> 9;
+offs  = (vaddr & _VADDR_PX) >> 9;
 pt_entry = ldq_phys(cs->as, origin + offs);
 PTE_DPRINTF("%s: 0x%" PRIx64 " + 0x%" PRIx64 " => 0x%016" PRIx64 "\n",
 __func__, origin, offs, pt_entry);
-- 
2.11.0

[Qemu-devel] [PATCH v2 04/29] target/s390x: implement TEST AND SET

[Aurelien Jarno]

Signed-off-by: Aurelien Jarno 
---
 target/s390x/insn-data.def |  3 +++
 target/s390x/translate.c   | 10 ++
 2 files changed, 13 insertions(+)

diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index f818437069..0f70acea5c 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -810,6 +810,9 @@
 /* SUPERVISOR CALL */
 C(0x0a00, SVC, I, Z,   0, 0, 0, 0, svc, 0)
 
+/* TEST AND SET */
+C(0x9300, TS,  S, Z,   0, a2, 0, 0, ts, 0)
+
 /* TEST DATA CLASS */
 C(0xed10, TCEB,RXE,   Z,   e1, a2, 0, 0, tceb, 0)
 C(0xed11, TCDB,RXE,   Z,   f1_o, a2, 0, 0, tcdb, 0)
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index f160b62c19..0cfa8cc05e 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4129,6 +4129,16 @@ static ExitStatus op_trt(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_ts(DisasContext *s, DisasOps *o)
+{
+TCGv_i32 t1 = tcg_const_i32(0xff);
+tcg_gen_atomic_xchg_i32(t1, o->in2, t1, get_mem_index(s), MO_UB);
+tcg_gen_extract_i32(cc_op, t1, 7, 1);
+tcg_temp_free_i32(t1);
+set_cc_static(s);
+return NO_EXIT;
+}
+
 static ExitStatus op_unpk(DisasContext *s, DisasOps *o)
 {
 TCGv_i32 l = tcg_const_i32(get_field(s->fields, l1));
-- 
2.11.0

[Qemu-devel] [PATCH v2 28/29] target/s390x: implement TRANSLATE ONE/TWO TO ONE/TWO

[Aurelien Jarno]

Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  9 +
 target/s390x/mem_helper.c  | 46 ++
 target/s390x/translate.c   | 13 +
 4 files changed, 69 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index c14268494e..38b3ab8196 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -92,6 +92,7 @@ DEF_HELPER_FLAGS_3(tp, TCG_CALL_NO_WG, i32, env, i64, i32)
 DEF_HELPER_FLAGS_4(tr, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_4(tre, i64, env, i64, i64, i64)
 DEF_HELPER_4(trt, i32, env, i32, i64, i64)
+DEF_HELPER_4(trXX, i32, env, i32, i32, i32)
 DEF_HELPER_4(cksm, i64, env, i64, i64, i64)
 DEF_HELPER_FLAGS_5(calc_cc, TCG_CALL_NO_RWG_SE, i32, env, i32, i64, i64, i64)
 DEF_HELPER_FLAGS_2(sfpc, TCG_CALL_NO_RWG, void, env, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 7f554ab133..73dd05daf0 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -874,6 +874,15 @@
 /* TRANSLATE EXTENDED */
 C(0xb2a5, TRE, RRE,   Z,   0, r2, r1_P, 0, tre, 0)
 
+/* TRANSLATE ONE TO ONE */
+C(0xb993, TROO,RRF_c, E2,  0, 0, 0, 0, trXX, 0)
+/* TRANSLATE ONE TO TWO */
+C(0xb992, TROT,RRF_c, E2,  0, 0, 0, 0, trXX, 0)
+/* TRANSLATE TWO TO ONE */
+C(0xb991, TRTO,RRF_c, E2,  0, 0, 0, 0, trXX, 0)
+/* TRANSLATE TWO TO TWO */
+C(0xb990, TRTT,RRF_c, E2,  0, 0, 0, 0, trXX, 0)
+
 /* UNPACK */
 /* Really format SS_b, but we pack both lengths into one argument
for the helper call, so we might as well leave one 8-bit field.  */
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 73a64bdda3..e7338679e9 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1196,6 +1196,52 @@ uint32_t HELPER(trt)(CPUS390XState *env, uint32_t len, 
uint64_t array,
 return do_helper_trt(env, len, array, trans, GETPC());
 }
 
+/* Translate one/two to one/two */
+uint32_t HELPER(trXX)(CPUS390XState *env, uint32_t r1, uint32_t r2,
+  uint32_t sizes)
+{
+uintptr_t ra = GETPC();
+int dsize = (sizes & 1) ? 1 : 2;
+int ssize = (sizes & 2) ? 1 : 2;
+uint16_t tst = env->regs[0] & ((1 << (8 * dsize)) - 1);
+uint64_t tbl = get_address(env, 1) & ~7;
+uint64_t dst = get_address(env, r1);
+uint64_t len = get_length(env, r1 + 1);
+uint64_t src = get_address(env, r2);
+uint32_t cc = 3;
+int i;
+
+check_alignment(env, len, ssize, ra);
+
+/* Lest we fail to service interrupts in a timely manner, */
+/* limit the amount of work we're willing to do.   */
+for (i = 0; i < 0x2000; i++) {
+uint16_t sval = cpu_ldusize_data_ra(env, src, ssize, ra);
+uint64_t tble = tbl + (sval * dsize);
+uint16_t dval = cpu_ldusize_data_ra(env, tble, dsize, ra);
+if (dval == tst) {
+cc = 1;
+break;
+}
+cpu_stsize_data_ra(env, dst, dval, dsize, ra);
+
+len -= ssize;
+src += ssize;
+dst += dsize;
+
+if (len == 0) {
+cc = 0;
+break;
+}
+}
+
+set_address(env, r1, dst);
+set_length(env, r1 + 1, len);
+set_address(env, r2, src);
+
+return cc;
+}
+
 void HELPER(cdsg)(CPUS390XState *env, uint64_t addr,
   uint32_t r1, uint32_t r3)
 {
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index a7c564fa93..fb6c57fbec 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4348,6 +4348,19 @@ static ExitStatus op_trt(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_trXX(DisasContext *s, DisasOps *o)
+{
+TCGv_i32 r1 = tcg_const_i32(get_field(s->fields, r1));
+TCGv_i32 r2 = tcg_const_i32(get_field(s->fields, r2));
+TCGv_i32 sizes = tcg_const_i32(s->insn->opc & 3);
+gen_helper_trXX(cc_op, cpu_env, r1, r2, sizes);
+tcg_temp_free_i32(r1);
+tcg_temp_free_i32(r2);
+tcg_temp_free_i32(sizes);
+set_cc_static(s);
+return NO_EXIT;
+}
+
 static ExitStatus op_ts(DisasContext *s, DisasOps *o)
 {
 TCGv_i32 t1 = tcg_const_i32(0xff);
-- 
2.11.0

[Qemu-devel] [PATCH v2 22/29] target/s390x: implement MOVE LONG UNICODE

[Aurelien Jarno]

Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 47 --
 target/s390x/translate.c   | 21 +
 4 files changed, 65 insertions(+), 6 deletions(-)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 3580c6e13d..bc6e97de1f 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -23,6 +23,7 @@ DEF_HELPER_4(ex, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(stam, TCG_CALL_NO_WG, void, env, i32, i64, i32)
 DEF_HELPER_FLAGS_4(lam, TCG_CALL_NO_WG, void, env, i32, i64, i32)
 DEF_HELPER_4(mvcle, i32, env, i32, i64, i32)
+DEF_HELPER_4(mvclu, i32, env, i32, i64, i32)
 DEF_HELPER_4(clcle, i32, env, i32, i64, i32)
 DEF_HELPER_4(clclu, i32, env, i32, i64, i32)
 DEF_HELPER_3(cegb, i64, env, s64, i32)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index c781a97a3a..e3b7b78834 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -582,6 +582,8 @@
 C(0x0e00, MVCL,RR_a,  Z,   0, 0, 0, 0, mvcl, 0)
 /* MOVE LONG EXTENDED */
 C(0xa800, MVCLE,   RS_a,  Z,   0, a2, 0, 0, mvcle, 0)
+/* MOVE LONG UNICODE */
+C(0xeb8e, MVCLU,   RSY_a, E2,  0, a2, 0, 0, mvclu, 0)
 /* MOVE NUMERICS */
 C(0xd100, MVN, SS_a,  Z,   la1, a2, 0, 0, mvn, 0)
 /* MOVE PAGE */
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 4857f7214e..3d97d250d7 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -606,7 +606,7 @@ void HELPER(stam)(CPUS390XState *env, uint32_t r1, uint64_t 
a2, uint32_t r3)
 static inline uint32_t do_mvcl(CPUS390XState *env,
uint64_t *dest, uint64_t *destlen,
uint64_t *src, uint64_t *srclen,
-   uint8_t pad, uintptr_t ra)
+   uint16_t pad, int wordsize, uintptr_t ra)
 {
 uint64_t len = MIN(*srclen, *destlen);
 uint32_t cc;
@@ -627,9 +627,22 @@ static inline uint32_t do_mvcl(CPUS390XState *env,
 *destlen -= len;
 
 /* Pad the remaining area */
-fast_memset(env, *dest, pad, *destlen, ra);
-*dest += *destlen;
-*destlen = 0;
+if (wordsize == 1) {
+fast_memset(env, *dest, pad, *destlen, ra);
+*dest += *destlen;
+*destlen = 0;
+} else {
+/* If remaining length is odd, pad with odd byte first.  */
+if (*destlen & 1) {
+cpu_stb_data_ra(env, *dest, pad & 0xff, ra);
+*dest += 1;
+*destlen -= 1;
+}
+/* The remaining length is even, pad using words.  */
+for (; *destlen; *dest += 2, *destlen -= 2) {
+cpu_stw_data_ra(env, *dest, pad, ra);
+}
+}
 
 return cc;
 }
@@ -645,7 +658,7 @@ uint32_t HELPER(mvcl)(CPUS390XState *env, uint32_t r1, 
uint32_t r2)
 uint8_t pad = env->regs[r2 + 1] >> 24;
 uint32_t cc;
 
-cc = do_mvcl(env, , , , , pad, ra);
+cc = do_mvcl(env, , , , , pad, 1, ra);
 
 env->regs[r1 + 1] = deposit64(env->regs[r1 + 1], 0, 24, destlen);
 env->regs[r2 + 1] = deposit64(env->regs[r2 + 1], 0, 24, srclen);
@@ -667,7 +680,29 @@ uint32_t HELPER(mvcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
 uint8_t pad = a2;
 uint32_t cc;
 
-cc = do_mvcl(env, , , , , pad, ra);
+cc = do_mvcl(env, , , , , pad, 1, ra);
+
+set_length(env, r1 + 1, destlen);
+set_length(env, r3 + 1, srclen);
+set_address(env, r1, dest);
+set_address(env, r3, src);
+
+return cc;
+}
+
+/* move long unicode */
+uint32_t HELPER(mvclu)(CPUS390XState *env, uint32_t r1, uint64_t a2,
+   uint32_t r3)
+{
+uintptr_t ra = GETPC();
+uint64_t destlen = get_length(env, r1 + 1);
+uint64_t dest = get_address(env, r1);
+uint64_t srclen = get_length(env, r3 + 1);
+uint64_t src = get_address(env, r3);
+uint16_t pad = a2;
+uint32_t cc;
+
+cc = do_mvcl(env, , , , , pad, 2, ra);
 
 set_length(env, r1 + 1, destlen);
 set_length(env, r3 + 1, srclen);
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 892949a05f..b160a0cad7 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -3043,6 +3043,27 @@ static ExitStatus op_mvcle(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_mvclu(DisasContext *s, DisasOps *o)
+{
+int r1 = get_field(s->fields, r1);
+int r3 = get_field(s->fields, r3);
+TCGv_i32 t1, t3;
+
+/* r1 and r3 must be even.  */
+if (r1 & 1 || r3 & 1) {
+gen_program_exception(s, PGM_SPECIFICATION);
+return EXIT_NORETURN;
+}
+
+t1 = tcg_const_i32(r1);
+t3 = tcg_const_i32(r3);
+gen_helper_mvclu(cc_op, cpu_env, t1, o->in2, t3);
+tcg_temp_free_i32(t1);
+tcg_temp_free_i32(t3);
+set_cc_static(s);
+return NO_EXIT;
+}
+
 #ifndef CONFIG_USER_ONLY
 static ExitStatus op_mvcp(DisasContext 

[Qemu-devel] [PATCH v2 03/29] target/s390x: implement local-TLB-clearing in IPTE

[Aurelien Jarno]

And at the same time make IPTE SMP aware.

Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h |  2 +-
 target/s390x/mem_helper.c | 19 ---
 target/s390x/translate.c  |  6 +-
 3 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index cc451c70a6..3f5a05d43b 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -111,7 +111,7 @@ DEF_HELPER_4(mvcs, i32, env, i64, i64, i64)
 DEF_HELPER_4(mvcp, i32, env, i64, i64, i64)
 DEF_HELPER_4(sigp, i32, env, i64, i32, i64)
 DEF_HELPER_FLAGS_2(sacf, TCG_CALL_NO_WG, void, env, i64)
-DEF_HELPER_FLAGS_3(ipte, TCG_CALL_NO_RWG, void, env, i64, i64)
+DEF_HELPER_FLAGS_4(ipte, TCG_CALL_NO_RWG, void, env, i64, i64, i32)
 DEF_HELPER_FLAGS_1(ptlb, TCG_CALL_NO_RWG, void, env)
 DEF_HELPER_FLAGS_1(purge, TCG_CALL_NO_RWG, void, env)
 DEF_HELPER_2(lra, i64, env, i64)
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 0ebd65d9ab..9fbe7c9ef9 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1073,14 +1073,13 @@ uint32_t HELPER(mvcp)(CPUS390XState *env, uint64_t l, 
uint64_t a1, uint64_t a2)
 }
 
 /* invalidate pte */
-void HELPER(ipte)(CPUS390XState *env, uint64_t pto, uint64_t vaddr)
+void HELPER(ipte)(CPUS390XState *env, uint64_t pto, uint64_t vaddr,
+  uint32_t m4)
 {
 CPUState *cs = CPU(s390_env_get_cpu(env));
 uint64_t page = vaddr & TARGET_PAGE_MASK;
 uint64_t pte_addr, pte;
 
-/* XXX broadcast to other CPUs */
-
 /* Compute the page table entry address */
 pte_addr = (pto & _SEGMENT_ENTRY_ORIGIN);
 pte_addr += (vaddr & _VADDR_PX) >> 9;
@@ -1092,13 +1091,19 @@ void HELPER(ipte)(CPUS390XState *env, uint64_t pto, 
uint64_t vaddr)
 
 /* XXX we exploit the fact that Linux passes the exact virtual
address here - it's not obliged to! */
-tlb_flush_page(cs, page);
+/* XXX: the LC bit should be considered as 0 if the local-TLB-clearing
+   facility is not installed.  */
+if (m4 & 1) {
+tlb_flush_page(cs, page);
+} else {
+tlb_flush_page_all_cpus_synced(cs, page);
+}
 
 /* XXX 31-bit hack */
-if (page & 0x8000) {
-tlb_flush_page(cs, page & ~0x8000);
+if (m4 & 1) {
+tlb_flush_page(cs, page ^ 0x8000);
 } else {
-tlb_flush_page(cs, page | 0x8000);
+tlb_flush_page_all_cpus_synced(cs, page ^ 0x8000);
 }
 }
 
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index f7598184a6..f160b62c19 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -2352,8 +2352,12 @@ static ExitStatus op_ipm(DisasContext *s, DisasOps *o)
 #ifndef CONFIG_USER_ONLY
 static ExitStatus op_ipte(DisasContext *s, DisasOps *o)
 {
+TCGv_i32 m4;
+
 check_privileged(s);
-gen_helper_ipte(cpu_env, o->in1, o->in2);
+m4 = tcg_const_i32(get_field(s->fields, m4));
+gen_helper_ipte(cpu_env, o->in1, o->in2, m4);
+tcg_temp_free_i32(m4);
 return NO_EXIT;
 }
 
-- 
2.11.0

[Qemu-devel] [PATCH v2 23/29] target/s390x: implement PACK ASCII

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 35 +++
 target/s390x/translate.c   | 16 
 4 files changed, 54 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index bc6e97de1f..9d6b59d3cc 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -83,6 +83,7 @@ DEF_HELPER_FLAGS_2(sqdb, TCG_CALL_NO_WG, i64, env, i64)
 DEF_HELPER_FLAGS_3(sqxb, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_1(cvd, TCG_CALL_NO_RWG_SE, i64, s32)
 DEF_HELPER_FLAGS_4(pack, TCG_CALL_NO_WG, void, env, i32, i64, i64)
+DEF_HELPER_FLAGS_4(pka, TCG_CALL_NO_WG, void, env, i64, i64, i32)
 DEF_HELPER_FLAGS_4(unpk, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(tr, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_4(tre, i64, env, i64, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index e3b7b78834..41431affe6 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -667,6 +667,8 @@
 /* Really format SS_b, but we pack both lengths into one argument
for the helper call, so we might as well leave one 8-bit field.  */
 C(0xf200, PACK,SS_a,  Z,   la1, a2, 0, 0, pack, 0)
+/* PACK ASCII */
+C(0xe900, PKA, SS_f,  E2,  la1, a2, 0, 0, pka, 0)
 
 /* PREFETCH */
 /* Implemented as nops of course.  */
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 3d97d250d7..01d6734860 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -914,6 +914,41 @@ void HELPER(pack)(CPUS390XState *env, uint32_t len, 
uint64_t dest, uint64_t src)
 }
 }
 
+void HELPER(pka)(CPUS390XState *env, uint64_t dest, uint64_t src,
+ uint32_t srclen)
+{
+uintptr_t ra = GETPC();
+int i;
+/* The destination operand is always 16 bytes long.  */
+const int destlen = 16;
+
+/* The operands are processed from right to left.  */
+src += srclen - 1;
+dest += destlen - 1;
+
+for (i = 0; i < destlen; i++) {
+uint8_t b = 0;
+
+/* Start with a positive sign */
+if (i == 0) {
+b = 0xc;
+} else if (srclen > 1) {
+b = cpu_ldub_data_ra(env, src, ra) & 0x0f;
+src--;
+srclen--;
+}
+
+if (srclen > 1) {
+b |= cpu_ldub_data_ra(env, src, ra) << 4;
+src--;
+srclen--;
+}
+
+cpu_stb_data_ra(env, dest, b, ra);
+dest--;
+}
+}
+
 void HELPER(unpk)(CPUS390XState *env, uint32_t len, uint64_t dest,
   uint64_t src)
 {
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index b160a0cad7..5093995f9a 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -3301,6 +3301,22 @@ static ExitStatus op_pack(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_pka(DisasContext *s, DisasOps *o)
+{
+int l2 = get_field(s->fields, l2) + 1;
+TCGv_i32 l;
+
+/* The length must not exceed 32 bytes.  */
+if (l2 > 32) {
+gen_program_exception(s, PGM_SPECIFICATION);
+return EXIT_NORETURN;
+}
+l = tcg_const_i32(l2);
+gen_helper_pka(cpu_env, o->addr1, o->in2, l);
+tcg_temp_free_i32(l);
+return NO_EXIT;
+}
+
 static ExitStatus op_popcnt(DisasContext *s, DisasOps *o)
 {
 gen_helper_popcnt(o->out, o->in2);
-- 
2.11.0

[Qemu-devel] [PATCH v2 08/29] target/s390x: implement STORE PAIR TO QUADWORD

[Aurelien Jarno]

Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 12 
 target/s390x/translate.c   |  6 ++
 4 files changed, 21 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index ca78d1b162..596fec28ca 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -88,6 +88,7 @@ DEF_HELPER_FLAGS_1(popcnt, TCG_CALL_NO_RWG_SE, i64, i64)
 DEF_HELPER_FLAGS_1(stfl, TCG_CALL_NO_RWG, void, env)
 DEF_HELPER_2(stfle, i32, env, i64)
 DEF_HELPER_FLAGS_2(lpq, TCG_CALL_NO_WG, i64, env, i64)
+DEF_HELPER_FLAGS_4(stpq, TCG_CALL_NO_WG, void, env, i64, i64, i64)
 
 #ifndef CONFIG_USER_ONLY
 DEF_HELPER_3(servc, i32, env, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 53c86d5832..5314162b3d 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -770,6 +770,8 @@
 /* STORE ACCESS MULTIPLE */
 C(0x9b00, STAM,RS_a,  Z,   0, a2, 0, 0, stam, 0)
 C(0xeb9b, STAMY,   RSY_a, LD,  0, a2, 0, 0, stam, 0)
+/* STORE PAIR TO QUADWORD */
+C(0xe38e, STPQ,RXY_a, Z,   0, a2, r1_P, 0, stpq, 0)
 
 /* SUBTRACT */
 C(0x1b00, SR,  RR_a,  Z,   r1, r2, new, r1_32, sub, subs32)
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 4cbd273e4a..0c34c78b93 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1250,6 +1250,18 @@ uint64_t HELPER(lpq)(CPUS390XState *env, uint64_t addr)
 return int128_gethi(v);
 }
 
+/* store pair to quadword */
+void HELPER(stpq)(CPUS390XState *env, uint64_t addr,
+  uint64_t low, uint64_t high)
+{
+uintptr_t ra = GETPC();
+int mem_idx = cpu_mmu_index(env, false);
+TCGMemOpIdx oi = make_memop_idx(MO_TEQ, mem_idx);
+
+Int128 v = int128_make128(low, high);
+helper_atomic_sto_be_mmu(env, addr, v, oi, ra);
+}
+
 /* Execute instruction.  This instruction executes an insn modified with
the contents of r1.  It does not change the executed instruction in memory;
it does not change the program counter.
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index ec61590e50..6635877bbd 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4019,6 +4019,12 @@ static ExitStatus op_stmh(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_stpq(DisasContext *s, DisasOps *o)
+{
+gen_helper_stpq(cpu_env, o->in2, o->out2, o->out);
+return NO_EXIT;
+}
+
 static ExitStatus op_srst(DisasContext *s, DisasOps *o)
 {
 gen_helper_srst(o->in1, cpu_env, regs[0], o->in1, o->in2);
-- 
2.11.0

[Qemu-devel] [PATCH v2 18/29] target/s390x: implement COMPARE LOGICAL LONG

[Aurelien Jarno]

As CLCL and CLCLE mostly differ by their operands, use a common do_clcl
helper. Another difference is that CLCL is not interruptible.

Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 84 +-
 target/s390x/translate.c   | 21 
 4 files changed, 84 insertions(+), 24 deletions(-)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 214a5e9e1c..e717e2284f 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -6,6 +6,7 @@ DEF_HELPER_FLAGS_4(mvc, TCG_CALL_NO_WG, void, env, i32, i64, 
i64)
 DEF_HELPER_FLAGS_4(mvcin, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(clc, TCG_CALL_NO_WG, i32, env, i32, i64, i64)
 DEF_HELPER_3(mvcl, i32, env, i32, i32)
+DEF_HELPER_3(clcl, i32, env, i32, i32)
 DEF_HELPER_FLAGS_4(clm, TCG_CALL_NO_WG, i32, env, i32, i32, i64)
 DEF_HELPER_FLAGS_3(divs32, TCG_CALL_NO_WG, s64, env, s64, s64)
 DEF_HELPER_FLAGS_3(divu32, TCG_CALL_NO_WG, i64, env, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index b40611b75f..1aa2b8b657 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -216,6 +216,8 @@
 C(0xc60e, CLGFRL,  RIL_b, GIE, r1_o, mri2_32u, 0, 0, 0, cmpu64)
 C(0xc607, CLHRL,   RIL_b, GIE, r1_o, mri2_16u, 0, 0, 0, cmpu32)
 C(0xc606, CLGHRL,  RIL_b, GIE, r1_o, mri2_16u, 0, 0, 0, cmpu64)
+/* COMPARE LOGICAL LONG */
+C(0x0f00, CLCL,RR_a,  Z,   0, 0, 0, 0, clcl, 0)
 /* COMPARE LOGICAL LONG EXTENDED */
 C(0xa900, CLCLE,   RS_a,  Z,   0, a2, 0, 0, clcle, 0)
 /* COMPARE LOGICAL CHARACTERS UNDER MASK */
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index b3a2ce2252..edda090116 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -661,17 +661,14 @@ uint32_t HELPER(mvcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
 return cc;
 }
 
-/* compare logical long extended memcompare insn with padding */
-uint32_t HELPER(clcle)(CPUS390XState *env, uint32_t r1, uint64_t a2,
-   uint32_t r3)
-{
-uintptr_t ra = GETPC();
-uint64_t src1len = get_length(env, r1 + 1);
-uint64_t src1 = get_address(env, r1);
-uint64_t src3len = get_length(env, r3 + 1);
-uint64_t src3 = get_address(env, r3);
-uint8_t pad = a2 & 0xff;
-uint64_t len = MAX(src1len, src3len);
+/* compare logical long helper */
+static inline uint32_t do_clcl(CPUS390XState *env,
+   uint64_t *src1, uint64_t *src1len,
+   uint64_t *src3, uint64_t *src3len,
+   uint8_t pad, uint64_t limit,
+   uintptr_t ra)
+{
+uint64_t len = MAX(*src1len, *src3len);
 uint32_t cc = 0;
 
 if (!len) {
@@ -679,9 +676,9 @@ uint32_t HELPER(clcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
 }
 
 /* Lest we fail to service interrupts in a timely manner, limit the
-   amount of work we're willing to do.  For now, let's cap at 8k.  */
-if (len > 0x2000) {
-len = 0x2000;
+   amount of work we're willing to do.  */
+if (len > limit) {
+len = limit;
 cc = 3;
 }
 
@@ -689,11 +686,11 @@ uint32_t HELPER(clcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
 uint8_t v1 = pad;
 uint8_t v3 = pad;
 
-if (src1len) {
-v1 = cpu_ldub_data_ra(env, src1, ra);
+if (*src1len) {
+v1 = cpu_ldub_data_ra(env, *src1, ra);
 }
-if (src3len) {
-v3 = cpu_ldub_data_ra(env, src3, ra);
+if (*src3len) {
+v3 = cpu_ldub_data_ra(env, *src3, ra);
 }
 
 if (v1 != v3) {
@@ -701,16 +698,55 @@ uint32_t HELPER(clcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
 break;
 }
 
-if (src1len) {
-src1++;
-src1len--;
+if (*src1len) {
+*src1 += 1;
+*src1len -= 1;
 }
-if (src3len) {
-src3++;
-src3len--;
+if (*src3len) {
+*src3 += 1;
+*src3len -= 1;
 }
 }
 
+return cc;
+}
+
+
+/* compare logical long */
+uint32_t HELPER(clcl)(CPUS390XState *env, uint32_t r1, uint32_t r2)
+{
+uintptr_t ra = GETPC();
+uint64_t src1len = extract64(env->regs[r1 + 1], 0, 24);
+uint64_t src1 = get_address(env, r1);
+uint64_t src3len = extract64(env->regs[r2 + 1], 0, 24);
+uint64_t src3 = get_address(env, r2);
+uint8_t pad = env->regs[r2 + 1] >> 24;
+uint32_t cc;
+
+cc = do_clcl(env, , , , , pad, -1, ra);
+
+env->regs[r1 + 1] = deposit64(env->regs[r1 + 1], 0, 24, src1len);
+env->regs[r2 + 1] = deposit64(env->regs[r2 + 1], 0, 24, src3len);
+set_address(env, r1, src1);
+set_address(env, r2, src3);
+
+return cc;
+}
+
+/* compare logical long extended memcompare insn with padding 

[Qemu-devel] [PATCH v2 14/29] target/s390x: improve 24-bit and 31-bit addresses read

[Aurelien Jarno]

Improve fix_address to also handle the 24-bit mode. Rename fix_address
to wrap_address to better explain what is changed.

Replace the calls to get_address with x2 = 0 and b2 = 0 by
call to wrap_address, leading to the removal of this function. Rename
get_address_31fix into get_address.

Signed-off-by: Aurelien Jarno 
---
 target/s390x/mem_helper.c | 71 +--
 1 file changed, 31 insertions(+), 40 deletions(-)

diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 484dfcd9d6..bbece93c9d 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -365,30 +365,23 @@ uint32_t HELPER(clm)(CPUS390XState *env, uint32_t r1, 
uint32_t mask,
 return cc;
 }
 
-static inline uint64_t fix_address(CPUS390XState *env, uint64_t a)
+static inline uint64_t wrap_address(CPUS390XState *env, uint64_t a)
 {
-/* 31-Bit mode */
 if (!(env->psw.mask & PSW_MASK_64)) {
-a &= 0x7fff;
+if (!(env->psw.mask & PSW_MASK_32)) {
+/* 24-Bit mode */
+a &= 0x00ff;
+} else {
+/* 31-Bit mode */
+a &= 0x7fff;
+}
 }
 return a;
 }
 
-static inline uint64_t get_address(CPUS390XState *env, int x2, int b2, int d2)
-{
-uint64_t r = d2;
-if (x2) {
-r += env->regs[x2];
-}
-if (b2) {
-r += env->regs[b2];
-}
-return fix_address(env, r);
-}
-
-static inline uint64_t get_address_31fix(CPUS390XState *env, int reg)
+static inline uint64_t get_address(CPUS390XState *env, int reg)
 {
-return fix_address(env, env->regs[reg]);
+return wrap_address(env, env->regs[reg]);
 }
 
 /* search string (c is byte to search, r2 is string, r1 end of string) */
@@ -399,8 +392,8 @@ uint64_t HELPER(srst)(CPUS390XState *env, uint64_t r0, 
uint64_t end,
 uint32_t len;
 uint8_t v, c = r0;
 
-str = fix_address(env, str);
-end = fix_address(env, end);
+str = wrap_address(env, str);
+end = wrap_address(env, end);
 
 /* Assume for now that R2 is unmodified.  */
 env->retxl = str;
@@ -434,8 +427,8 @@ uint64_t HELPER(clst)(CPUS390XState *env, uint64_t c, 
uint64_t s1, uint64_t s2)
 uint32_t len;
 
 c = c & 0xff;
-s1 = fix_address(env, s1);
-s2 = fix_address(env, s2);
+s1 = wrap_address(env, s1);
+s2 = wrap_address(env, s2);
 
 /* Lest we fail to service interrupts in a timely manner, limit the
amount of work we're willing to do.  For now, let's cap at 8k.  */
@@ -481,8 +474,8 @@ uint64_t HELPER(mvst)(CPUS390XState *env, uint64_t c, 
uint64_t d, uint64_t s)
 uint32_t len;
 
 c = c & 0xff;
-d = fix_address(env, d);
-s = fix_address(env, s);
+d = wrap_address(env, d);
+s = wrap_address(env, s);
 
 /* Lest we fail to service interrupts in a timely manner, limit the
amount of work we're willing to do.  For now, let's cap at 8k.  */
@@ -540,9 +533,9 @@ uint32_t HELPER(mvcl)(CPUS390XState *env, uint32_t r1, 
uint32_t r2)
 {
 uintptr_t ra = GETPC();
 uint64_t destlen = env->regs[r1 + 1] & 0xff;
-uint64_t dest = get_address_31fix(env, r1);
+uint64_t dest = get_address(env, r1);
 uint64_t srclen = env->regs[r2 + 1] & 0xff;
-uint64_t src = get_address_31fix(env, r2);
+uint64_t src = get_address(env, r2);
 uint8_t pad = env->regs[r2 + 1] >> 24;
 uint8_t v;
 uint32_t cc;
@@ -583,9 +576,9 @@ uint32_t HELPER(mvcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
 {
 uintptr_t ra = GETPC();
 uint64_t destlen = env->regs[r1 + 1];
-uint64_t dest = env->regs[r1];
+uint64_t dest = get_address(env, r1);
 uint64_t srclen = env->regs[r3 + 1];
-uint64_t src = env->regs[r3];
+uint64_t src = get_address(env, r3);
 uint8_t pad = a2 & 0xff;
 uint8_t v;
 uint32_t cc;
@@ -593,8 +586,6 @@ uint32_t HELPER(mvcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
 if (!(env->psw.mask & PSW_MASK_64)) {
 destlen = (uint32_t)destlen;
 srclen = (uint32_t)srclen;
-dest &= 0x7fff;
-src &= 0x7fff;
 }
 
 if (destlen == srclen) {
@@ -634,9 +625,9 @@ uint32_t HELPER(clcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
 {
 uintptr_t ra = GETPC();
 uint64_t destlen = env->regs[r1 + 1];
-uint64_t dest = get_address_31fix(env, r1);
+uint64_t dest = get_address(env, r1);
 uint64_t srclen = env->regs[r3 + 1];
-uint64_t src = get_address_31fix(env, r3);
+uint64_t src = get_address(env, r3);
 uint8_t pad = a2 & 0xff;
 uint32_t cc = 0;
 
@@ -1020,7 +1011,7 @@ uint32_t HELPER(testblock)(CPUS390XState *env, uint64_t 
real_addr)
 uint64_t abs_addr;
 int i;
 
-real_addr = fix_address(env, real_addr);
+real_addr = wrap_address(env, real_addr);
 abs_addr = mmu_real2abs(env, real_addr) & TARGET_PAGE_MASK;
 if (!address_space_access_valid(_space_memory, abs_addr,
 

[Qemu-devel] [PATCH v2 16/29] target/s390x: improve 24-bit and 31-bit lengths read/write

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/s390x/mem_helper.c | 47 +--
 1 file changed, 33 insertions(+), 14 deletions(-)

diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index e494b7dfd4..911c3d7f8e 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -407,6 +407,31 @@ static inline void set_address(CPUS390XState *env, int 
reg, uint64_t address)
 }
 }
 
+static inline uint64_t wrap_length(CPUS390XState *env, uint64_t length)
+{
+if (!(env->psw.mask & PSW_MASK_64)) {
+/* 24-Bit and 31-Bit mode */
+length &= 0x7fff;
+}
+return length;
+}
+
+static inline uint64_t get_length(CPUS390XState *env, int reg)
+{
+return wrap_length(env, env->regs[reg]);
+}
+
+static inline void set_length(CPUS390XState *env, int reg, uint64_t length)
+{
+if (env->psw.mask & PSW_MASK_64) {
+/* 64-Bit mode */
+env->regs[reg] = length;
+} else {
+/* 24-Bit and 31-Bit mode */
+env->regs[reg] = deposit64(env->regs[reg], 0, 32, length);
+}
+}
+
 /* search string (c is byte to search, r2 is string, r1 end of string) */
 uint64_t HELPER(srst)(CPUS390XState *env, uint64_t r0, uint64_t end,
   uint64_t str)
@@ -598,19 +623,14 @@ uint32_t HELPER(mvcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
uint32_t r3)
 {
 uintptr_t ra = GETPC();
-uint64_t destlen = env->regs[r1 + 1];
+uint64_t destlen = get_length(env, r1 + 1);
 uint64_t dest = get_address(env, r1);
-uint64_t srclen = env->regs[r3 + 1];
+uint64_t srclen = get_length(env, r3 + 1);
 uint64_t src = get_address(env, r3);
 uint8_t pad = a2 & 0xff;
 uint8_t v;
 uint32_t cc;
 
-if (!(env->psw.mask & PSW_MASK_64)) {
-destlen = (uint32_t)destlen;
-srclen = (uint32_t)srclen;
-}
-
 if (destlen == srclen) {
 cc = 0;
 } else if (destlen < srclen) {
@@ -632,10 +652,9 @@ uint32_t HELPER(mvcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
 cpu_stb_data_ra(env, dest, pad, ra);
 }
 
-env->regs[r1 + 1] = destlen;
+set_length(env, r1 + 1 , destlen);
 /* can't use srclen here, we trunc'ed it */
-/* FIXME: 31-bit mode! */
-env->regs[r3 + 1] -= src - env->regs[r3];
+set_length(env, r3 + 1, env->regs[r3 + 1] - src - env->regs[r3]);
 set_address(env, r1, dest);
 set_address(env, r3, src);
 
@@ -647,9 +666,9 @@ uint32_t HELPER(clcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
uint32_t r3)
 {
 uintptr_t ra = GETPC();
-uint64_t destlen = env->regs[r1 + 1];
+uint64_t destlen = get_length(env, r1 + 1);
 uint64_t dest = get_address(env, r1);
-uint64_t srclen = env->regs[r3 + 1];
+uint64_t srclen = get_length(env, r3 + 1);
 uint64_t src = get_address(env, r3);
 uint8_t pad = a2 & 0xff;
 uint32_t cc = 0;
@@ -671,9 +690,9 @@ uint32_t HELPER(clcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
 }
 }
 
-env->regs[r1 + 1] = destlen;
+set_length(env, r1 + 1, destlen);
 /* can't use srclen here, we trunc'ed it */
-env->regs[r3 + 1] -= src - env->regs[r3];
+set_length(env, r3 + 1, env->regs[r3 + 1] - src - env->regs[r3]);
 set_address(env, r1, dest);
 set_address(env, r3, src);
 
-- 
2.11.0

[Qemu-devel] [PATCH v2 06/29] target/s390x: implement PACK

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  5 +
 target/s390x/mem_helper.c  | 37 +
 target/s390x/translate.c   |  8 
 4 files changed, 51 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 3f5a05d43b..c6fbc3b949 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -75,6 +75,7 @@ DEF_HELPER_FLAGS_2(sqeb, TCG_CALL_NO_WG, i64, env, i64)
 DEF_HELPER_FLAGS_2(sqdb, TCG_CALL_NO_WG, i64, env, i64)
 DEF_HELPER_FLAGS_3(sqxb, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_1(cvd, TCG_CALL_NO_RWG_SE, i64, s32)
+DEF_HELPER_FLAGS_4(pack, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(unpk, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(tr, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_4(tre, i64, env, i64, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 170b50ef2e..f92bfde4f8 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -639,6 +639,11 @@
 C(0x9600, OI,  SI,Z,   m1_8u, i2_8u, new, m1_8, or, nz64)
 C(0xeb56, OIY, SIY,   LD,  m1_8u, i2_8u, new, m1_8, or, nz64)
 
+/* PACK */
+/* Really format SS_b, but we pack both lengths into one argument
+   for the helper call, so we might as well leave one 8-bit field.  */
+C(0xf200, PACK,SS_a,  Z,   la1, a2, 0, 0, pack, 0)
+
 /* PREFETCH */
 /* Implemented as nops of course.  */
 C(0xe336, PFD, RXY_b, GIE, 0, 0, 0, 0, 0, 0)
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 9fbe7c9ef9..a60893a5ec 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -644,6 +644,43 @@ uint64_t HELPER(cksm)(CPUS390XState *env, uint64_t r1,
 return len;
 }
 
+void HELPER(pack)(CPUS390XState *env, uint32_t len, uint64_t dest, uint64_t 
src)
+{
+uintptr_t ra = GETPC();
+int len_dest = len >> 4;
+int len_src = len & 0xf;
+uint8_t b;
+
+dest += len_dest;
+src += len_src;
+
+/* last byte is special, it only flips the nibbles */
+b = cpu_ldub_data_ra(env, src, ra);
+cpu_stb_data_ra(env, dest, (b << 4) | (b >> 4), ra);
+src--;
+len_src--;
+
+/* now pack every value */
+while (len_dest >= 0) {
+b = 0;
+
+if (len_src > 0) {
+b = cpu_ldub_data_ra(env, src, ra) & 0x0f;
+src--;
+len_src--;
+}
+if (len_src > 0) {
+b |= cpu_ldub_data_ra(env, src, ra) << 4;
+src--;
+len_src--;
+}
+
+len_dest--;
+dest--;
+cpu_stb_data_ra(env, dest, b, ra);
+}
+}
+
 void HELPER(unpk)(CPUS390XState *env, uint32_t len, uint64_t dest,
   uint64_t src)
 {
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 7f265aeb40..00b91c4f3a 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -3139,6 +3139,14 @@ static ExitStatus op_ori(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_pack(DisasContext *s, DisasOps *o)
+{
+TCGv_i32 l = tcg_const_i32(get_field(s->fields, l1));
+gen_helper_pack(cpu_env, l, o->addr1, o->in2);
+tcg_temp_free_i32(l);
+return NO_EXIT;
+}
+
 static ExitStatus op_popcnt(DisasContext *s, DisasOps *o)
 {
 gen_helper_popcnt(o->out, o->in2);
-- 
2.11.0

[Qemu-devel] [PATCH v2 20/29] target/s390x: improve MOVE LONG and MOVE LONG EXTENDED

[Aurelien Jarno]

As MVCL and MVCLE only differ by their operands, use a common
do_mvcl helper. Optimize it calling fast_memmove and fast_memset.
Correctly write back addresses. Check that r1 and r2/r3 registers
are even.

Signed-off-by: Aurelien Jarno 
---
 target/s390x/mem_helper.c | 90 +--
 target/s390x/translate.c  | 40 +++--
 2 files changed, 70 insertions(+), 60 deletions(-)

diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 805794d82f..e41d21fb55 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -576,49 +576,60 @@ void HELPER(stam)(CPUS390XState *env, uint32_t r1, 
uint64_t a2, uint32_t r3)
 }
 }
 
-/* move long */
-uint32_t HELPER(mvcl)(CPUS390XState *env, uint32_t r1, uint32_t r2)
+/* move long helper */
+static inline uint32_t do_mvcl(CPUS390XState *env,
+   uint64_t *dest, uint64_t *destlen,
+   uint64_t *src, uint64_t *srclen,
+   uint8_t pad, uintptr_t ra)
 {
-uintptr_t ra = GETPC();
-uint64_t destlen = env->regs[r1 + 1] & 0xff;
-uint64_t dest = get_address(env, r1);
-uint64_t srclen = env->regs[r2 + 1] & 0xff;
-uint64_t src = get_address(env, r2);
-uint8_t pad = env->regs[r2 + 1] >> 24;
-uint8_t v;
+uint64_t len = MIN(*srclen, *destlen);
 uint32_t cc;
 
-if (destlen == srclen) {
+if (*destlen == *srclen) {
 cc = 0;
-} else if (destlen < srclen) {
+} else if (*destlen < *srclen) {
 cc = 1;
 } else {
 cc = 2;
 }
 
-if (srclen > destlen) {
-srclen = destlen;
-}
+/* Copy the src array */
+fast_memmove(env, *dest, *src, len, ra);
+*src += len;
+*srclen -= len;
+*dest += len;
+*destlen -= len;
 
-for (; destlen && srclen; src++, dest++, destlen--, srclen--) {
-v = cpu_ldub_data_ra(env, src, ra);
-cpu_stb_data_ra(env, dest, v, ra);
-}
+/* Pad the remaining area */
+fast_memset(env, *dest, pad, *destlen, ra);
+*dest += *destlen;
+*destlen = 0;
 
-for (; destlen; dest++, destlen--) {
-cpu_stb_data_ra(env, dest, pad, ra);
-}
+return cc;
+}
 
-env->regs[r1 + 1] = destlen;
-/* can't use srclen here, we trunc'ed it */
-env->regs[r2 + 1] -= src - env->regs[r2];
+/* move long */
+uint32_t HELPER(mvcl)(CPUS390XState *env, uint32_t r1, uint32_t r2)
+{
+uintptr_t ra = GETPC();
+uint64_t destlen = env->regs[r1 + 1] & 0xff;
+uint64_t dest = get_address(env, r1);
+uint64_t srclen = env->regs[r2 + 1] & 0xff;
+uint64_t src = get_address(env, r2);
+uint8_t pad = env->regs[r2 + 1] >> 24;
+uint32_t cc;
+
+cc = do_mvcl(env, , , , , pad, ra);
+
+env->regs[r1 + 1] = deposit64(env->regs[r1 + 1], 0, 24, destlen);
+env->regs[r2 + 1] = deposit64(env->regs[r2 + 1], 0, 24, srclen);
 set_address(env, r1, dest);
 set_address(env, r2, src);
 
 return cc;
 }
 
-/* move long extended another memcopy insn with more bells and whistles */
+/* move long extended */
 uint32_t HELPER(mvcle)(CPUS390XState *env, uint32_t r1, uint64_t a2,
uint32_t r3)
 {
@@ -627,34 +638,13 @@ uint32_t HELPER(mvcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
 uint64_t dest = get_address(env, r1);
 uint64_t srclen = get_length(env, r3 + 1);
 uint64_t src = get_address(env, r3);
-uint8_t pad = a2 & 0xff;
-uint8_t v;
+uint8_t pad = a2;
 uint32_t cc;
 
-if (destlen == srclen) {
-cc = 0;
-} else if (destlen < srclen) {
-cc = 1;
-} else {
-cc = 2;
-}
-
-if (srclen > destlen) {
-srclen = destlen;
-}
-
-for (; destlen && srclen; src++, dest++, destlen--, srclen--) {
-v = cpu_ldub_data_ra(env, src, ra);
-cpu_stb_data_ra(env, dest, v, ra);
-}
-
-for (; destlen; dest++, destlen--) {
-cpu_stb_data_ra(env, dest, pad, ra);
-}
+cc = do_mvcl(env, , , , , pad, ra);
 
-set_length(env, r1 + 1 , destlen);
-/* can't use srclen here, we trunc'ed it */
-set_length(env, r3 + 1, env->regs[r3 + 1] - src - env->regs[r3]);
+set_length(env, r1 + 1, destlen);
+set_length(env, r3 + 1, srclen);
 set_address(env, r1, dest);
 set_address(env, r3, src);
 
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 999d716f61..729d25d8f8 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -2981,22 +2981,42 @@ static ExitStatus op_mvcin(DisasContext *s, DisasOps *o)
 
 static ExitStatus op_mvcl(DisasContext *s, DisasOps *o)
 {
-TCGv_i32 r1 = tcg_const_i32(get_field(s->fields, r1));
-TCGv_i32 r2 = tcg_const_i32(get_field(s->fields, r2));
-gen_helper_mvcl(cc_op, cpu_env, r1, r2);
-tcg_temp_free_i32(r1);
-tcg_temp_free_i32(r2);
+int r1 = get_field(s->fields, r1);
+int r2 = get_field(s->fields, r2);
+

[Qemu-devel] [PATCH v2 15/29] target/s390x: improve 24-bit and 31-bit addresses write

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/s390x/mem_helper.c | 37 ++---
 1 file changed, 30 insertions(+), 7 deletions(-)

diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index bbece93c9d..e494b7dfd4 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -384,6 +384,29 @@ static inline uint64_t get_address(CPUS390XState *env, int 
reg)
 return wrap_address(env, env->regs[reg]);
 }
 
+static inline void set_address(CPUS390XState *env, int reg, uint64_t address)
+{
+if (env->psw.mask & PSW_MASK_64) {
+/* 64-Bit mode */
+env->regs[reg] = address;
+} else {
+if (!(env->psw.mask & PSW_MASK_32)) {
+/* 24-Bit mode. According to the PoO it is implementation
+dependent if bits 32-39 remain unchanged or are set to
+zeros.  Choose the former so that the function can also be
+used for TRT.  */
+env->regs[reg] = deposit64(env->regs[reg], 0, 24, address);
+} else {
+/* 31-Bit mode. According to the PoO it is implementation
+dependent if bit 32 remains unchanged or is set to zero.
+Choose the latter so that the function can also be used for
+TRT.  */
+address &= 0x7fff;
+env->regs[reg] = deposit64(env->regs[reg], 0, 32, address);
+}
+}
+}
+
 /* search string (c is byte to search, r2 is string, r1 end of string) */
 uint64_t HELPER(srst)(CPUS390XState *env, uint64_t r0, uint64_t end,
   uint64_t str)
@@ -564,8 +587,8 @@ uint32_t HELPER(mvcl)(CPUS390XState *env, uint32_t r1, 
uint32_t r2)
 env->regs[r1 + 1] = destlen;
 /* can't use srclen here, we trunc'ed it */
 env->regs[r2 + 1] -= src - env->regs[r2];
-env->regs[r1] = dest;
-env->regs[r2] = src;
+set_address(env, r1, dest);
+set_address(env, r2, src);
 
 return cc;
 }
@@ -613,8 +636,8 @@ uint32_t HELPER(mvcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
 /* can't use srclen here, we trunc'ed it */
 /* FIXME: 31-bit mode! */
 env->regs[r3 + 1] -= src - env->regs[r3];
-env->regs[r1] = dest;
-env->regs[r3] = src;
+set_address(env, r1, dest);
+set_address(env, r3, src);
 
 return cc;
 }
@@ -651,8 +674,8 @@ uint32_t HELPER(clcle)(CPUS390XState *env, uint32_t r1, 
uint64_t a2,
 env->regs[r1 + 1] = destlen;
 /* can't use srclen here, we trunc'ed it */
 env->regs[r3 + 1] -= src - env->regs[r3];
-env->regs[r1] = dest;
-env->regs[r3] = src;
+set_address(env, r1, dest);
+set_address(env, r3, src);
 
 return cc;
 }
@@ -858,7 +881,7 @@ static uint32_t do_helper_trt(CPUS390XState *env, uint32_t 
len, uint64_t array,
 uint8_t sbyte = cpu_ldub_data_ra(env, trans + byte, ra);
 
 if (sbyte != 0) {
-env->regs[1] = array + i;
+set_address(env, 1, array + i);
 env->regs[2] = deposit64(env->regs[2], 0, 8, sbyte);
 return (i == len) ? 2 : 1;
 }
-- 
2.11.0

[Qemu-devel] [PATCH v2 00/29] target/s390x: fix, improve and implement some more instructions

[Aurelien Jarno]

This patchset tries to improve the s390x emulation by fixing and
improving some instructions. It implement some more instructions, from
the zArchitecture base and from the Extended-Translation Facility 2. The
last patch updates the maximum TCG CPU to z800, as the ETF2 and
Long-Displacement Facility are now both fully implemented.

This patch series is based on the s390x unwind and execute patches
from Richard Henderson and the qemu cpu_models patch from Thomas Huth.
It includes feedback from both.

v1 -> v2:
 - add a patch to improve IPTE
 - implement local-TLB-clearing in IPTE
 - use tcg_gen_atomic_xchg_i32 in TEST AND SET
 - use gen_op_movi_cc in TEST ADDRESSING MODE
 - use helper_atomic_ldo_be_mmu in LOAD PAIR FROM QUADWORD
 - use helper_atomic_sto_be_mmu in STORE PAIR TO QUADWORD
 - add a patch to implement COMPARE AND SIGNAL
 - rename dest and src into src1 and src3 and check that r1 & r3 are even
   in COMPARE LOGICAL LONG EXTENDED
 - check that r1 & r2 are even in COMPARE LOGICAL LONG
 - check that r1 & r3 are even in COMPARE LOGICAL LONG UNICODE
 - move the adj_len_to_page patch before MVCL/MVCLE changes and simplify
   the expression a bit
 - fix indentation in MOVE LONG UNICODE
 - rebase the cpu model upgrade to z800 onto the qemu cpu_models patch
   from Thomas Huth and use s390_find_cpu_def to get the z800 model.

Aurelien Jarno (29):
  target/s390x: remove dead code in translate.c
  target/s390x: remove some Linux assumptions from IPTE
  target/s390x: implement local-TLB-clearing in IPTE
  target/s390x: implement TEST AND SET
  target/s390x: implement TEST ADDRESSING MODE
  target/s390x: implement PACK
  target/s390x: implement LOAD PAIR FROM QUADWORD
  target/s390x: implement STORE PAIR TO QUADWORD
  target/s390x: implement COMPARE AND SIGNAL
  target/s390x: implement MOVE INVERSE
  target/s390x: implement MOVE NUMERICS
  target/s390x: implement MOVE WITH OFFSET
  target/s390x: implement MOVE ZONES
  target/s390x: improve 24-bit and 31-bit addresses read
  target/s390x: improve 24-bit and 31-bit addresses write
  target/s390x: improve 24-bit and 31-bit lengths read/write
  target/s390x: fix COMPARE LOGICAL LONG EXTENDED
  target/s390x: implement COMPARE LOGICAL LONG
  target/s390x: fix adj_len_to_page
  target/s390x: improve MOVE LONG and MOVE LONG EXTENDED
  target/s390x: implement COMPARE LOGICAL LONG UNICODE
  target/s390x: implement MOVE LONG UNICODE
  target/s390x: implement PACK ASCII
  target/s390x: implement PACK UNICODE
  target/s390x: implement UNPACK ASCII
  target/s390x: implement UNPACK UNICODE
  target/s390x: implement TEST DECIMAL
  target/s390x: implement TRANSLATE ONE/TWO TO ONE/TWO
  target/s390x: update maximum TCG model to z800

 target/s390x/cpu.h |   2 +
 target/s390x/cpu_models.c  |  12 +-
 target/s390x/fpu_helper.c  |  27 ++
 target/s390x/helper.h  |  21 +-
 target/s390x/insn-data.def |  57 
 target/s390x/mem_helper.c  | 747 +
 target/s390x/misc_helper.c |   4 +-
 target/s390x/mmu_helper.c  |   4 +-
 target/s390x/translate.c   | 318 +--
 9 files changed, 1036 insertions(+), 156 deletions(-)

-- 
2.11.0

[Qemu-devel] [PATCH v2 09/29] target/s390x: implement COMPARE AND SIGNAL

[Aurelien Jarno]

These functions differ from COMPARE by generating an exception for a
QNaN input. Use the non quiet version of floatXX_compare.

Signed-off-by: Aurelien Jarno 
---
 target/s390x/fpu_helper.c  | 27 +++
 target/s390x/helper.h  |  3 +++
 target/s390x/insn-data.def |  6 ++
 target/s390x/translate.c   | 21 +
 4 files changed, 57 insertions(+)

diff --git a/target/s390x/fpu_helper.c b/target/s390x/fpu_helper.c
index e604e9f7be..26f124fe96 100644
--- a/target/s390x/fpu_helper.c
+++ b/target/s390x/fpu_helper.c
@@ -585,6 +585,33 @@ uint64_t HELPER(fixb)(CPUS390XState *env, uint64_t ah, 
uint64_t al, uint32_t m3)
 return RET128(ret);
 }
 
+/* 32-bit FP compare and signal */
+uint32_t HELPER(keb)(CPUS390XState *env, uint64_t f1, uint64_t f2)
+{
+int cmp = float32_compare(f1, f2, >fpu_status);
+handle_exceptions(env, GETPC());
+return float_comp_to_cc(env, cmp);
+}
+
+/* 64-bit FP compare and signal */
+uint32_t HELPER(kdb)(CPUS390XState *env, uint64_t f1, uint64_t f2)
+{
+int cmp = float64_compare(f1, f2, >fpu_status);
+handle_exceptions(env, GETPC());
+return float_comp_to_cc(env, cmp);
+}
+
+/* 128-bit FP compare and signal */
+uint32_t HELPER(kxb)(CPUS390XState *env, uint64_t ah, uint64_t al,
+ uint64_t bh, uint64_t bl)
+{
+int cmp = float128_compare(make_float128(ah, al),
+   make_float128(bh, bl),
+   >fpu_status);
+handle_exceptions(env, GETPC());
+return float_comp_to_cc(env, cmp);
+}
+
 /* 32-bit FP multiply and add */
 uint64_t HELPER(maeb)(CPUS390XState *env, uint64_t f1,
   uint64_t f2, uint64_t f3)
diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 596fec28ca..65a39163c2 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -89,6 +89,9 @@ DEF_HELPER_FLAGS_1(stfl, TCG_CALL_NO_RWG, void, env)
 DEF_HELPER_2(stfle, i32, env, i64)
 DEF_HELPER_FLAGS_2(lpq, TCG_CALL_NO_WG, i64, env, i64)
 DEF_HELPER_FLAGS_4(stpq, TCG_CALL_NO_WG, void, env, i64, i64, i64)
+DEF_HELPER_FLAGS_3(keb, TCG_CALL_NO_WG_SE, i32, env, i64, i64)
+DEF_HELPER_FLAGS_3(kdb, TCG_CALL_NO_WG_SE, i32, env, i64, i64)
+DEF_HELPER_FLAGS_5(kxb, TCG_CALL_NO_WG_SE, i32, env, i64, i64, i64, i64)
 
 #ifndef CONFIG_USER_ONLY
 DEF_HELPER_3(servc, i32, env, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 5314162b3d..01278949fc 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -154,6 +154,12 @@
 C(0xb349, CXBR,RRE,   Z,   x1_o, x2_o, 0, 0, cxb, 0)
 C(0xed09, CEB, RXE,   Z,   e1, m2_32u, 0, 0, ceb, 0)
 C(0xed19, CDB, RXE,   Z,   f1_o, m2_64, 0, 0, cdb, 0)
+/* COMPARE AND SIGNAL */
+C(0xb308, KEBR,RRE,   Z,   e1, e2, 0, 0, keb, 0)
+C(0xb318, KDBR,RRE,   Z,   f1_o, f2_o, 0, 0, kdb, 0)
+C(0xb348, KXBR,RRE,   Z,   x1_o, x2_o, 0, 0, kxb, 0)
+C(0xed08, KEB, RXE,   Z,   e1, m2_32u, 0, 0, keb, 0)
+C(0xed18, KDB, RXE,   Z,   f1_o, m2_64, 0, 0, kdb, 0)
 /* COMPARE IMMEDIATE */
 C(0xc20d, CFI, RIL_a, EI,  r1, i2, 0, 0, 0, cmps32)
 C(0xc20c, CGFI,RIL_a, EI,  r1, i2, 0, 0, 0, cmps64)
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 6635877bbd..30d0575c03 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -2369,6 +2369,27 @@ static ExitStatus op_iske(DisasContext *s, DisasOps *o)
 }
 #endif
 
+static ExitStatus op_keb(DisasContext *s, DisasOps *o)
+{
+gen_helper_keb(cc_op, cpu_env, o->in1, o->in2);
+set_cc_static(s);
+return NO_EXIT;
+}
+
+static ExitStatus op_kdb(DisasContext *s, DisasOps *o)
+{
+gen_helper_kdb(cc_op, cpu_env, o->in1, o->in2);
+set_cc_static(s);
+return NO_EXIT;
+}
+
+static ExitStatus op_kxb(DisasContext *s, DisasOps *o)
+{
+gen_helper_kxb(cc_op, cpu_env, o->out, o->out2, o->in1, o->in2);
+set_cc_static(s);
+return NO_EXIT;
+}
+
 static ExitStatus op_laa(DisasContext *s, DisasOps *o)
 {
 /* The real output is indeed the original value in memory;
-- 
2.11.0

[Qemu-devel] [PATCH v2 10/29] target/s390x: implement MOVE INVERSE

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 12 
 target/s390x/translate.c   |  8 
 4 files changed, 23 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 65a39163c2..26a7abe4b4 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -3,6 +3,7 @@ DEF_HELPER_FLAGS_4(nc, TCG_CALL_NO_WG, i32, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(oc, TCG_CALL_NO_WG, i32, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(xc, TCG_CALL_NO_WG, i32, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(mvc, TCG_CALL_NO_WG, void, env, i32, i64, i64)
+DEF_HELPER_FLAGS_4(mvcin, TCG_CALL_NO_WG, void, env, i32, i64, i64)
 DEF_HELPER_FLAGS_4(clc, TCG_CALL_NO_WG, i32, env, i32, i64, i64)
 DEF_HELPER_3(mvcl, i32, env, i32, i32)
 DEF_HELPER_FLAGS_4(clm, TCG_CALL_NO_WG, i32, env, i32, i32, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 01278949fc..c8f77611ab 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -572,6 +572,8 @@
 C(0xe548, MVGHI,   SIL,   GIE, la1, i2, 0, m1_64, mov2, 0)
 C(0x9200, MVI, SI,Z,   la1, i2, 0, m1_8, mov2, 0)
 C(0xeb52, MVIY,SIY,   LD,  la1, i2, 0, m1_8, mov2, 0)
+/* MOVE INVERSE */
+C(0xe800, MVCIN,   SS_a,  Z,   la1, a2, 0, 0, mvcin, 0)
 /* MOVE LONG */
 C(0x0e00, MVCL,RR_a,  Z,   0, 0, 0, 0, mvcl, 0)
 /* MOVE LONG EXTENDED */
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 0c34c78b93..eacd2bc794 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -231,6 +231,18 @@ void HELPER(mvc)(CPUS390XState *env, uint32_t l, uint64_t 
dest, uint64_t src)
 do_helper_mvc(env, l, dest, src, GETPC());
 }
 
+/* move inverse  */
+void HELPER(mvcin)(CPUS390XState *env, uint32_t l, uint64_t dest, uint64_t src)
+{
+uintptr_t ra = GETPC();
+int i;
+
+for (i = 0; i <= l; i++) {
+uint8_t v = cpu_ldub_data_ra(env, src - i, ra);
+cpu_stb_data_ra(env, dest + i, v, ra);
+}
+}
+
 /* compare unsigned byte arrays */
 static uint32_t do_helper_clc(CPUS390XState *env, uint32_t l, uint64_t s1,
   uint64_t s2, uintptr_t ra)
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 30d0575c03..61373df29e 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -2940,6 +2940,14 @@ static ExitStatus op_mvc(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_mvcin(DisasContext *s, DisasOps *o)
+{
+TCGv_i32 l = tcg_const_i32(get_field(s->fields, l1));
+gen_helper_mvcin(cpu_env, l, o->addr1, o->in2);
+tcg_temp_free_i32(l);
+return NO_EXIT;
+}
+
 static ExitStatus op_mvcl(DisasContext *s, DisasOps *o)
 {
 TCGv_i32 r1 = tcg_const_i32(get_field(s->fields, r1));
-- 
2.11.0

[Qemu-devel] [PATCH v2 05/29] target/s390x: implement TEST ADDRESSING MODE

[Aurelien Jarno]

Signed-off-by: Aurelien Jarno 
---
 target/s390x/insn-data.def |  3 +++
 target/s390x/translate.c   | 10 ++
 2 files changed, 13 insertions(+)

diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 0f70acea5c..170b50ef2e 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -810,6 +810,9 @@
 /* SUPERVISOR CALL */
 C(0x0a00, SVC, I, Z,   0, 0, 0, 0, svc, 0)
 
+/* TEST ADDRESSING MODE */
+C(0x010b, TAM, E, Z,   0, 0, 0, 0, tam, 0)
+
 /* TEST AND SET */
 C(0x9300, TS,  S, Z,   0, a2, 0, 0, ts, 0)
 
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 0cfa8cc05e..7f265aeb40 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4063,6 +4063,16 @@ static ExitStatus op_svc(DisasContext *s, DisasOps *o)
 return EXIT_NORETURN;
 }
 
+static ExitStatus op_tam(DisasContext *s, DisasOps *o)
+{
+int cc = 0;
+
+cc |= (s->tb->flags & FLAG_MASK_64) ? 2 : 0;
+cc |= (s->tb->flags & FLAG_MASK_32) ? 1 : 0;
+gen_op_movi_cc(s, cc);
+return NO_EXIT;
+}
+
 static ExitStatus op_tceb(DisasContext *s, DisasOps *o)
 {
 gen_helper_tceb(cc_op, cpu_env, o->in1, o->in2);
-- 
2.11.0

[Qemu-devel] [PATCH v2 19/29] target/s390x: fix adj_len_to_page

[Aurelien Jarno]

adj_len_to_page doesn't return the correct result when the address
is already page aligned and the length is bigger than a page. Fix that.

Signed-off-by: Aurelien Jarno 
---
 target/s390x/mem_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index edda090116..805794d82f 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -61,7 +61,7 @@ static inline uint32_t adj_len_to_page(uint32_t len, uint64_t 
addr)
 {
 #ifndef CONFIG_USER_ONLY
 if ((addr & ~TARGET_PAGE_MASK) + len - 1 >= TARGET_PAGE_SIZE) {
-return -addr & ~TARGET_PAGE_MASK;
+return -(addr | TARGET_PAGE_MASK);
 }
 #endif
 return len;
-- 
2.11.0

[Qemu-devel] [PATCH v2 07/29] target/s390x: implement LOAD PAIR FROM QUADWORD

[Aurelien Jarno]

Signed-off-by: Aurelien Jarno 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 13 +
 target/s390x/translate.c   |  7 +++
 4 files changed, 23 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index c6fbc3b949..ca78d1b162 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -87,6 +87,7 @@ DEF_HELPER_FLAGS_2(sfas, TCG_CALL_NO_WG, void, env, i64)
 DEF_HELPER_FLAGS_1(popcnt, TCG_CALL_NO_RWG_SE, i64, i64)
 DEF_HELPER_FLAGS_1(stfl, TCG_CALL_NO_RWG, void, env)
 DEF_HELPER_2(stfle, i32, env, i64)
+DEF_HELPER_FLAGS_2(lpq, TCG_CALL_NO_WG, i64, env, i64)
 
 #ifndef CONFIG_USER_ONLY
 DEF_HELPER_3(servc, i32, env, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index f92bfde4f8..53c86d5832 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -507,6 +507,8 @@
 /* LOAD PAIR DISJOINT */
 D(0xc804, LPD, SSF,   ILA, 0, 0, new_P, r3_P32, lpd, 0, MO_TEUL)
 D(0xc805, LPDG,SSF,   ILA, 0, 0, new_P, r3_P64, lpd, 0, MO_TEQ)
+/* LOAD PAIR FROM QUADWORD */
+C(0xe38f, LPQ, RXY_a, Z,   0, a2, r1_P, 0, lpq, 0)
 /* LOAD POSITIVE */
 C(0x1000, LPR, RR_a,  Z,   0, r2_32s, new, r1_32, abs, abs32)
 C(0xb900, LPGR,RRE,   Z,   0, r2, r1, 0, abs, abs64)
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index a60893a5ec..4cbd273e4a 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1237,6 +1237,19 @@ uint64_t HELPER(lra)(CPUS390XState *env, uint64_t addr)
 }
 #endif
 
+/* load pair from quadword */
+uint64_t HELPER(lpq)(CPUS390XState *env, uint64_t addr)
+{
+uintptr_t ra = GETPC();
+int mem_idx = cpu_mmu_index(env, false);
+TCGMemOpIdx oi = make_memop_idx(MO_TEQ, mem_idx);
+
+Int128 v = helper_atomic_ldo_be_mmu(env, addr, oi, ra);
+
+env->retxl = int128_getlo(v);
+return int128_gethi(v);
+}
+
 /* Execute instruction.  This instruction executes an insn modified with
the contents of r1.  It does not change the executed instruction in memory;
it does not change the program counter.
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 00b91c4f3a..ec61590e50 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -2830,6 +2830,13 @@ static ExitStatus op_lpd(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_lpq(DisasContext *s, DisasOps *o)
+{
+gen_helper_lpq(o->out, cpu_env, o->in2);
+return_low128(o->out2);
+return NO_EXIT;
+}
+
 #ifndef CONFIG_USER_ONLY
 static ExitStatus op_lura(DisasContext *s, DisasOps *o)
 {
-- 
2.11.0

[Qemu-devel] [PATCH v2 01/29] target/s390x: remove dead code in translate.c

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target/s390x/translate.c | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 97ca639a34..f7598184a6 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -5467,10 +5467,7 @@ void gen_intermediate_code(CPUS390XState *env, struct 
TranslationBlock *tb)
 gen_io_start();
 }
 
-status = NO_EXIT;
-if (status == NO_EXIT) {
-status = translate_one(env, );
-}
+status = translate_one(env, );
 
 /* If we reach a page boundary, are single stepping,
or exhaust instruction count, stop generation.  */
-- 
2.11.0

[Qemu-devel] [RFC] Making 'block-stream', and 'block-commit' accept node-name

[Kashyap Chamarthy]

Observe the following ('qmp-shell', for brevity) invocation of the four
major types (stream, commit, mirror, backup) of live block operations:

(QEMU) block-stream device=node-D base=a.qcow2 job-id=job-block-stream
(QEMU) block-commit device=node-D base=a.qcow2 top=b.qcow2 
job-id=job-block-commit
(QEMU) drive-mirror device=node-D target=e.qcow2 sync=full 
job-id=job-drive-mirror
(QEMU) drive-backup device=node-D sync=full target=e.qcow2 
job-id=job-drive-backup
(QEMU) blockdev-backup device=node-B target=node-E sync=full 
job-id=job-blockdev-backup
(QEMU) blockdev-mirror device=node-D target=node-E sync=full 
job-id=job-blockdev-mirror

While we have `blockdev-{mirror, backup}` as 'node-name'-alternatives
for `drive-{mirror, backup}`, as the eagle-eyed will, the `block-stream`
and `block-commit` commands still operate on file names for parameters
'base' and 'top'. 

When I brought it up on #qemu, OFTC, where Max gave some context, and
even said: "We just shouldn't use filenames there ['commit', 'stream'],
simple as that".

Does upstream have a plan here for 2.10 / 3.0?  Will there be new
`blockdev-stream`, and `blockdev-commit`, or will `block-{stream,
commit}` will be adjusted to take 'node-name'?

* * *

Then I _vaguely_ remembered reading a thread on the upstream list about
creating a new 'blockdev-stream' (but I didn't find anything about
'blockdev-commit'), even if a bit confusing.  Sure enough, when I went
digging the archives, I found, where Alberto extended the 'device'
parameter to take 'node-name', and there was an ensuing discussion about
a new 'blockdev-stream':

https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03236.html
-- [PATCH v11 00/19] Support streaming to an intermediate layer

And this patch had the said discussion:

https://lists.gnu.org/archive/html/qemu-block/2016-10/msg00117.html

tl;dr seemed to be: "add a new `blockdev-stream` [and
`blockdev-commit`?] because it is easy to introspect, and is a 'saner'
interface".

To recap from that thread, Kevin wrote[1]:

"Oh, we still have those filename-based parameters? :-/

"Should we introduce a new, clean blockdev-stream command that fixes
this and matches the common name pattern? Of course, block-stream
vs.  blockdev-stream could be a bit confusing, too..."

And, Eric seemed agreeable to a new command[2], saying, "a new command
is easy to introspect".

Markus chimed in[3] with some background context, and a design
discussion aobut whether it makes sense to extend existing commands vs.
adding new, giving pros / cons of both.

Finally, Kevin concluded[4]:

"It has never been a sane interface in the first place (identifying
a backing file node by its filename).

"We ended up having two versions of all block job commands anyway
(one that creates an image file, and later one that just takes a
node-name of an existing node), except for image streaming so far.
So it would be consistent (and enable consistent naming for the
preferred commands) to have it here, too."

[1] https://lists.gnu.org/archive/html/qemu-block/2016-10/msg00319.html
[2] https://lists.gnu.org/archive/html/qemu-block/2016-10/msg00328.html 
[3] https://lists.gnu.org/archive/html/qemu-block/2016-10/msg00333.html
[4] https://lists.gnu.org/archive/html/qemu-block/2016-10/msg00354.html

-- 
/kashyap

Re: [Qemu-devel] [PATCH 09/25] block/dirty-bitmap: add readonly field to BdrvDirtyBitmap

[Max Reitz]

On 2017-05-03 14:25, Vladimir Sementsov-Ogievskiy wrote:
> It will be needed in following commits for persistent bitmaps.
> If bitmap is loaded from read-only storage (and we can't mark it
> "in use" in this storage) corresponding BdrvDirtyBitmap should be
> read-only.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
>  block/dirty-bitmap.c | 16 
>  include/block/dirty-bitmap.h |  3 +++
>  2 files changed, 19 insertions(+)

Revisiting this again after the whole series: So you never really make
sure that the read-only bitmaps are not written to (except for these
assertions). The idea is that you only set it for read-only BDS and
read-only BDS are never written to. But that assumption is not true,
generally, and can be broken e.g. using a commit job:

$ ./qemu-img create -f qcow2 backing.qcow2 64M
Formatting 'backing.qcow2', fmt=qcow2 size=67108864 encryption=off
cluster_size=65536 lazy_refcounts=off refcount_bits=16
$ ./qemu-img create -f qcow2 -b backing.qcow2 top.qcow2
Formatting 'top.qcow2', fmt=qcow2 size=67108864
backing_file=backing.qcow2 encryption=off cluster_size=65536
lazy_refcounts=off refcount_bits=16
$ x86_64-softmmu/qemu-system-x86_64 -qmp stdio
{"QMP": {"version": {"qemu": {"micro": 50, "minor": 9, "major": 2},
"package": " (v2.9.0-632-g4a52d43-dirty)"}, "capabilities": []}}
{'execute': 'qmp_capabilities'}
{"return": {}}
{'execute': 'blockdev-add',
 'arguments': {'node-name': 'backing-node', 'driver': 'qcow2',
   'file': {'driver': 'file', 'filename': 'backing.qcow2'}}}
{"return": {}}
{'execute': 'block-dirty-bitmap-add',
 'arguments': {'node': 'backing-node', 'name': 'foo',
   'persistent': true, 'autoload': true}}
{"return": {}}
{'execute': 'blockdev-del', 'arguments': {'node-name': 'backing-node'}}
{"return": {}}
{'execute': 'blockdev-add',
 'arguments': {'node-name': 'top-node', 'driver': 'qcow2',
   'file': {'driver': 'file', 'filename': 'top.qcow2'}}}
{"return": {}}
{'execute': 'human-monitor-command',
 'arguments': {'command-line': 'qemu-io top-node "write 0 64k"'}}
wrote 65536/65536 bytes at offset 0
64 KiB, 1 ops; 0.0079 sec (7.852 MiB/sec and 125.6281 ops/sec)
{"return": ""}
{'execute': 'block-commit',
 'arguments': {'device': 'top-node', 'job-id': 'commit-job'}}
{"return": {}}
qemu-system-x86_64: block/dirty-bitmap.c:571: bdrv_set_dirty: Assertion
`!bdrv_dirty_bitmap_readonly(bitmap)' failed.
[1]10872 abort (core dumped)  x86_64-softmmu/qemu-system-x86_64 -qmp
stdio

So there needs to be something else than just assertions to make sure
that read-only bitmaps are never written to.

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 25/25] block: release persistent bitmaps on inactivate

[Max Reitz]

On 2017-05-03 14:25, Vladimir Sementsov-Ogievskiy wrote:
> We should release them here to reload on invalidate cache.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
>  block.c  |  4 
>  block/dirty-bitmap.c | 29 +++--
>  include/block/dirty-bitmap.h |  1 +
>  3 files changed, 28 insertions(+), 6 deletions(-)
> 
> diff --git a/block.c b/block.c
> index 795d36bb64..14896c65fa 100644
> --- a/block.c
> +++ b/block.c
> @@ -4001,6 +4001,10 @@ static int bdrv_inactivate_recurse(BlockDriverState 
> *bs,
>  if (setting_flag) {
>  bs->open_flags |= BDRV_O_INACTIVE;
>  }
> +
> +/* At this point persistent bitmaps should be stored by format driver */

s/by format driver/by the format driver/

> +bdrv_release_persistent_dirty_bitmaps(bs);

Also, as far as I can see, this doesn't store the bitmaps but just
releases them (without storing them). I'm not sure whether that is
right, but it definitely contradicts the comment above.

Max

> +
>  return 0;
>  }
> 



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 24/25] qmp: block-dirty-bitmap-remove: remove persistent

[Max Reitz]

On 2017-05-03 14:25, Vladimir Sementsov-Ogievskiy wrote:
> Remove persistent bitmap from the storage on block-dirty-bitmap-remove.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> Reviewed-by: Max Reitz 
> Reviewed-by: John Snow 
> ---
>  blockdev.c   | 10 ++
>  qapi/block-core.json |  3 ++-
>  2 files changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/blockdev.c b/blockdev.c
> index c49d414891..0ad1a658b9 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -2802,6 +2802,7 @@ void qmp_block_dirty_bitmap_remove(const char *node, 
> const char *name,
>  AioContext *aio_context;
>  BlockDriverState *bs;
>  BdrvDirtyBitmap *bitmap;
> +Error *local_err = NULL;
>  
>  bitmap = block_dirty_bitmap_lookup(node, name, , _context, errp);
>  if (!bitmap || !bs) {
> @@ -2814,6 +2815,15 @@ void qmp_block_dirty_bitmap_remove(const char *node, 
> const char *name,
> name);
>  goto out;
>  }
> +
> +if (bdrv_dirty_bitmap_get_persistance(bitmap)) {
> +bdrv_remove_persistent_dirty_bitmap(bs, name, _err);
> +if (local_err != NULL) {
> +error_propagate(errp, local_err);
> +goto out;
> +}
> +}
> +
>  bdrv_dirty_bitmap_make_anon(bitmap);
>  bdrv_release_dirty_bitmap(bs, bitmap);
>  
> diff --git a/qapi/block-core.json b/qapi/block-core.json
> index e9523b4b8c..933b1a5fe5 100644
> --- a/qapi/block-core.json
> +++ b/qapi/block-core.json
> @@ -1600,7 +1600,8 @@
>  # @block-dirty-bitmap-remove:
>  #
>  # Stop write tracking and remove the dirty bitmap that was created
> -# with block-dirty-bitmap-add.
> +# with block-dirty-bitmap-add. If bitmap is persistent, remove it from it's

s/If bitmap/If the bitmap/, s/it's/its/

Max

> +# storage too.
>  #
>  # Returns: nothing on success
>  #  If @node is not a valid block device or node, DeviceNotFound
> 




signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 2/2] hw/arm/virt: fdt: generate distance-map when needed

[Andrew Jones]

This is based on patch Shannon Zhao originally posted.

Cc: Shannon Zhao 
Signed-off-by: Andrew Jones 
---
 hw/arm/virt.c | 21 +
 1 file changed, 21 insertions(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index c7c8159dfd59..4db2d4207cf2 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -219,6 +219,27 @@ static void create_fdt(VirtMachineState *vms)
 "clk24mhz");
 qemu_fdt_setprop_cell(fdt, "/apb-pclk", "phandle", vms->clock_phandle);
 
+if (have_numa_distance) {
+int size = nb_numa_nodes * nb_numa_nodes * 3 * sizeof(uint32_t);
+uint32_t *matrix = g_malloc0(size);
+int idx, i, j;
+
+for (i = 0; i < nb_numa_nodes; i++) {
+for (j = 0; j < nb_numa_nodes; j++) {
+idx = (i * nb_numa_nodes + j) * 3;
+matrix[idx + 0] = cpu_to_be32(i);
+matrix[idx + 1] = cpu_to_be32(j);
+matrix[idx + 2] = cpu_to_be32(numa_info[i].distance[j]);
+}
+}
+
+qemu_fdt_add_subnode(fdt, "/distance-map");
+qemu_fdt_setprop_string(fdt, "/distance-map", "compatible",
+"numa-distance-map-v1");
+qemu_fdt_setprop(fdt, "/distance-map", "distance-matrix",
+ matrix, size);
+g_free(matrix);
+}
 }
 
 static void fdt_add_psci_node(const VirtMachineState *vms)
-- 
2.9.4

[Qemu-devel] [PATCH 0/2] hw/arm/virt: numa: provide distance info when needed

[Andrew Jones]

Andrew Jones (2):
  hw/arm/virt-acpi-build: build SLIT when needed
  hw/arm/virt: fdt: generate distance-map when needed

 hw/arm/virt-acpi-build.c |  4 
 hw/arm/virt.c| 21 +
 2 files changed, 25 insertions(+)

-- 
2.9.4

[Qemu-devel] [PATCH 1/2] hw/arm/virt-acpi-build: build SLIT when needed

[Andrew Jones]

Cc: Shannon Zhao 
Signed-off-by: Andrew Jones 
---
 hw/arm/virt-acpi-build.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index e5852067f5bd..2079828c22a4 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -776,6 +776,10 @@ void virt_acpi_build(VirtMachineState *vms, 
AcpiBuildTables *tables)
 if (nb_numa_nodes > 0) {
 acpi_add_table(table_offsets, tables_blob);
 build_srat(tables_blob, tables->linker, vms);
+if (have_numa_distance) {
+acpi_add_table(table_offsets, tables_blob);
+build_slit(tables_blob, tables->linker);
+}
 }
 
 if (its_class_name() && !vmc->no_its) {
-- 
2.9.4

Re: [Qemu-devel] [PATCH 21/25] iotests: test qcow2 persistent dirty bitmap

[Max Reitz]

On 2017-05-03 14:25, Vladimir Sementsov-Ogievskiy wrote:
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
>  tests/qemu-iotests/165 | 105 
> +
>  tests/qemu-iotests/165.out |   5 +++
>  tests/qemu-iotests/group   |   1 +
>  3 files changed, 111 insertions(+)
>  create mode 100755 tests/qemu-iotests/165
>  create mode 100644 tests/qemu-iotests/165.out

Reviewed-by: Max Reitz 



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 15/25] qcow2: add persistent dirty bitmaps support

[Max Reitz]

On 2017-05-03 14:25, Vladimir Sementsov-Ogievskiy wrote:
> Store persistent dirty bitmaps in qcow2 image.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
>  block/qcow2-bitmap.c | 475 
> +++
>  block/qcow2.c|   9 +
>  block/qcow2.h|   1 +
>  3 files changed, 485 insertions(+)

Reviewed-by: Max Reitz 



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v3 2/3] qemu.py: Add QEMUMachine.exitcode() method

[Eduardo Habkost]

On Mon, May 29, 2017 at 06:53:47PM +0200, Markus Armbruster wrote:
> Eduardo Habkost  writes:
> 
> > Allow the exit code of QEMU to be queried by scripts.
> >
> > Signed-off-by: Eduardo Habkost 
> > ---
> >  scripts/qemu.py | 4 
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/scripts/qemu.py b/scripts/qemu.py
> > index 16934f1e02..ebe1c4b919 100644
> > --- a/scripts/qemu.py
> > +++ b/scripts/qemu.py
> > @@ -88,6 +88,10 @@ class QEMUMachine(object):
> >  def is_running(self):
> >  return self._popen and (self._popen.returncode is None)
> >  
> > +def exitcode(self):
> > +if self._popen:
> > +return self._popen.returncode
> > +
> 
> Falling off the function's end returns None.  Do we really want to rely
> on that?
> 
> For what it's worth, I checked the Python Language Reference, found it
> less than clear, so I tried it out, too.

I agree that the intent may not be clear when looking at the
code.  I can squash this in:

diff --git a/scripts/qemu.py b/scripts/qemu.py
index ebe1c4b919..bf00eddab8 100644
--- a/scripts/qemu.py
+++ b/scripts/qemu.py
@@ -89,8 +89,9 @@ class QEMUMachine(object):
 return self._popen and (self._popen.returncode is None)
 
 def exitcode(self):
-if self._popen:
-return self._popen.returncode
+if not self._popen:
+return None
+return self._popen.returncode
 
 def get_pid(self):
 if not self.is_running():

-- 
Eduardo

Re: [Qemu-devel] [PATCH v3 2/3] qemu.py: Add QEMUMachine.exitcode() method

[Markus Armbruster]

Eduardo Habkost  writes:

> Allow the exit code of QEMU to be queried by scripts.
>
> Signed-off-by: Eduardo Habkost 
> ---
>  scripts/qemu.py | 4 
>  1 file changed, 4 insertions(+)
>
> diff --git a/scripts/qemu.py b/scripts/qemu.py
> index 16934f1e02..ebe1c4b919 100644
> --- a/scripts/qemu.py
> +++ b/scripts/qemu.py
> @@ -88,6 +88,10 @@ class QEMUMachine(object):
>  def is_running(self):
>  return self._popen and (self._popen.returncode is None)
>  
> +def exitcode(self):
> +if self._popen:
> +return self._popen.returncode
> +

Falling off the function's end returns None.  Do we really want to rely
on that?

For what it's worth, I checked the Python Language Reference, found it
less than clear, so I tried it out, too.

>  def get_pid(self):
>  if not self.is_running():
>  return None

Re: [Qemu-devel] [PATCH 0/7] KVM: MMU: fast write protect

[Paolo Bonzini]

On 23/05/2017 04:23, Xiao Guangrong wrote:
> 
> Ping...
> 
> Sorry to disturb, just make this patchset not be missed. :)

It won't. :)  I'm going to look at it and the dirty page ring buffer
this week.

Paolo

Re: [Qemu-devel] [PATCH 13/25] block: introduce persistent dirty bitmaps

[Max Reitz]

On 2017-05-03 14:25, Vladimir Sementsov-Ogievskiy wrote:
> New field BdrvDirtyBitmap.persistent means, that bitmap should be saved
> by format driver in .bdrv_close and .bdrv_inactivate. No format driver
> supports it for now.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
>  block/dirty-bitmap.c | 26 ++
>  block/qcow2-bitmap.c |  1 +
>  include/block/dirty-bitmap.h |  5 +
>  3 files changed, 32 insertions(+)

Reviewed-by: Max Reitz 



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v3 1/3] qemu.py: Don't set _popen=None on error/shutdown

[Markus Armbruster]

Eduardo Habkost  writes:

> Keep the Popen object around to we can query its exit code later.
>
> To keep the existing 'self._popen is None' checks working, add a
> is_running() method, that will check if the process is still running.
>
> Signed-off-by: Eduardo Habkost 

Reviewed-by: Markus Armbruster 

Re: [Qemu-devel] [PATCH 12/25] block: bdrv_close: release bitmaps after drv->bdrv_close

[Max Reitz]

On 2017-05-03 14:25, Vladimir Sementsov-Ogievskiy wrote:
> Release bitmaps after 'if (bs->drv) { ... }' block. This will allow
> format driver to save persistent bitmaps, which will appear in following
> commits.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
>  block.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)

Reviewed-by: Max Reitz 



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] simpletrace: Improve the error message if event is not declared

[Jose Ricardo Ziviani]

Today, if we use a trace-event file which does not declare an event
existing in the log file we'll get the following error:

$ scripts/simpletrace.py trace-events trace-68508
Traceback (most recent call last):
  File "scripts/simpletrace.py", line 242, in 
run(Formatter())
  File "scripts/simpletrace.py", line 217, in run
process(events, sys.argv[2], analyzer, read_header=read_header)
  File "scripts/simpletrace.py", line 192, in process
for rec in read_trace_records(edict, log):
  File "scripts/simpletrace.py", line 107, in read_trace_records
rec = read_record(edict, idtoname, fobj)
  File "scripts/simpletrace.py", line 71, in read_record
return get_record(edict, idtoname, rechdr, fobj)
  File "scripts/simpletrace.py", line 45, in get_record
event = edict[name]
KeyError: 'qemu_mutex_locked'

This patch improves this error by adding a hint instead of just that
KeyError log:

$ scripts/simpletrace.py trace-events trace-68508
'qemu_mutex_locked' event is logged but is not declared in the trace
events file, try using trace-events-all instead.

Signed-off-by: Jose Ricardo Ziviani 
---
 scripts/simpletrace.py | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/scripts/simpletrace.py b/scripts/simpletrace.py
index d60b3a0..f1be6e4 100755
--- a/scripts/simpletrace.py
+++ b/scripts/simpletrace.py
@@ -42,7 +42,15 @@ def get_record(edict, idtoname, rechdr, fobj):
 event_id = rechdr[0]
 name = idtoname[event_id]
 rec = (name, rechdr[1], rechdr[3])
-event = edict[name]
+try:
+event = edict[name]
+except KeyError, e:
+import sys
+sys.stderr.write('%s event is logged but is not declared ' \
+ 'in the trace events file, try using ' \
+ 'trace-events-all instead.\n' % str(e))
+sys.exit(1)
+
 for type, name in event.args:
 if is_string(type):
 l = fobj.read(4)
-- 
2.7.4

Re: [Qemu-devel] [PATCH 10/25] qcow2: autoloading dirty bitmaps

[Max Reitz]

On 2017-05-03 14:25, Vladimir Sementsov-Ogievskiy wrote:
> Auto loading bitmaps are bitmaps in Qcow2, with the AUTO flag set. They
> are loaded when the image is opened and become BdrvDirtyBitmaps for the
> corresponding drive.
> 
> Extra data in bitmaps is not supported for now.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
>  block/qcow2-bitmap.c | 387 
> +++
>  block/qcow2.c|  17 ++-
>  block/qcow2.h|   2 +
>  3 files changed, 404 insertions(+), 2 deletions(-)
> 
> diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
> index b8e472b3e8..a2522d7ccf 100644
> --- a/block/qcow2-bitmap.c
> +++ b/block/qcow2-bitmap.c

[...]

> @@ -437,3 +602,225 @@ out:

[...]

> +/* for g_slist_foreach for GSList of BdrvDirtyBitmap* elements */
> +static void set_readonly_helper(gpointer bitmap, gpointer unused)
> +{
> +bdrv_dirty_bitmap_set_readonly(bitmap);
> +}
> +
> +/* qcow2_load_autoloading_dirty_bitmaps()
> + * Return value is a hint for caller: true means that Qcow2 header was 
> updated.

"...that the Qcow2 header..."

> + * (false doesn't mean that header should be updated by caller, it just means

"...that the header...", "...by the caller, ..."

> + * that updating was not needed or image can not be written).

"...or the image cannot be written [to]"

> + * On fail the function returns false.

"On failure..."

With these fixed:

Reviewed-by: Max Reitz 



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2] blockdev: Print a warning for legacy drive options that belong to -device

[Thomas Huth]

On 12.05.2017 12:33, Thomas Huth wrote:
> We likely do not want to carry these legacy -drive options along forever.
> Let's emit a deprecation warning for the -drive options that have a
> replacement with the -device option, so that the (hopefully few) remaining
> users are aware of this and can adapt their scripts / behaviour accordingly.
> 
> Signed-off-by: Thomas Huth 
> ---
>  v2:
>  - Check for !qtest_enabled() since tests/hd-geo-test still uses these
>  - Added "addr" to the list, too
>  - Also mark the options as deprecated in the documentation
> 
>  blockdev.c  | 14 ++
>  qemu-options.hx |  5 -
>  2 files changed, 18 insertions(+), 1 deletion(-)
> 
> diff --git a/blockdev.c b/blockdev.c
> index 0b38c3d..aef38f0 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -50,6 +50,7 @@
>  #include "qmp-commands.h"
>  #include "block/trace.h"
>  #include "sysemu/arch_init.h"
> +#include "sysemu/qtest.h"
>  #include "qemu/cutils.h"
>  #include "qemu/help_option.h"
>  #include "qemu/throttle-options.h"
> @@ -797,6 +798,9 @@ DriveInfo *drive_new(QemuOpts *all_opts, 
> BlockInterfaceType block_default_type)
>  const char *filename;
>  Error *local_err = NULL;
>  int i;
> +const char *deprecated[] = {
> +"serial", "trans", "secs", "heads", "cyls", "addr"
> +};
>  
>  /* Change legacy command line options into QMP ones */
>  static const struct {
> @@ -880,6 +884,16 @@ DriveInfo *drive_new(QemuOpts *all_opts, 
> BlockInterfaceType block_default_type)
>  "update your scripts.\n");
>  }
>  
> +/* Other deprecated options */
> +if (!qtest_enabled()) {
> +for (i = 0; i < ARRAY_SIZE(deprecated); i++) {
> +if (qemu_opt_get(legacy_opts, deprecated[i]) != NULL) {
> +error_report("'%s' is deprecated, please use the 
> corresponding "
> + "option of '-device' instead", deprecated[i]);
> +}
> +}
> +}
> +
>  /* Media type */
>  value = qemu_opt_get(legacy_opts, "media");
>  if (value) {
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 9d7964d..2f66f1a 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -615,6 +615,8 @@ of available connectors of a given interface type.
>  This option defines the type of the media: disk or cdrom.
>  @item cyls=@var{c},heads=@var{h},secs=@var{s}[,trans=@var{t}]
>  These options have the same definition as they have in @option{-hdachs}.
> +These parameters are deprecated, use the corresponding parameters
> +of @code{-device} instead.
>  @item snapshot=@var{snapshot}
>  @var{snapshot} is "on" or "off" and controls snapshot mode for the given 
> drive
>  (see @option{-snapshot}).
> @@ -631,7 +633,8 @@ an untrusted format header.
>  @item serial=@var{serial}
>  This option specifies the serial number to assign to the device.
>  @item addr=@var{addr}
> -Specify the controller's PCI address (if=virtio only).
> +Specify the controller's PCI address (if=virtio only). This parameter is
> +deprecated, use the corresponding parameter of @code{-device} instead.
>  @item werror=@var{action},rerror=@var{action}
>  Specify which @var{action} to take on write and read errors. Valid actions 
> are:
>  "ignore" (ignore the error and try to continue), "stop" (pause QEMU),
> 

Ping ... any comments on this version of my patch?

 Thomas

Re: [Qemu-devel] [PATCH v3 1/4] ACPI: Add APEI GHES Table Generation support

[Laszlo Ersek]

Hi,

did you remove me from the To: / Cc: list intentionally, or was that an
oversight? I caught your message in my list folders only by luck.

Some followup below:

On 05/29/17 17:27, gengdongjiu wrote:

>> (46) What is "physical_addr" good for? Below I can only see an 
>> assignment to it, in ghes_update_guest(). Where is the field read?

> this "physical_addr" address is the physical error address in the
> CPER. such as the physical address that happen hwpoison, this address
> is delivered by the KVM and QEMU transfer this address to physical.
I understand that in the ghes_update_guest() function, you accept a
parameter called "physical_address", and you pass it on to
ghes_generate_cper_record(). That makes sense, yes.

However, you also assign the same value to "ges.physical_addr". And that
structure field is never read. So my point is that the
"GhesErrorState.physical_addr" field is superfluous and should be removed.

I checked the other three patches in the series and they don't seem to
read that structure member either. Correct me if I'm wrong.

>> (55) What happens if you run out of the preallocated memory?

> if it run out of the preallocated memory. it will overwrite other 
> error source. every block's size is fixed. so it does not easy
> dynamically extend the size if it is overflow. Anyway I will add a
> error report if it happens overwrite.
I understand (and agree) that dynamic allocation is not possible here.

But that doesn't justify overwriting the error status data block that
belongs to a different data source. (Worse, if this happens with the
last error status data block, for error source 10, you could overwrite
memory that belongs to the OS.)

If an error status data block becomes full, then we should either wrap
back to the start of the same data block, or else stop forwarding errors
for that error source.

Does the ACPI spec say anything about this? I.e., about the case when
the system runs out of the memory that was reserved for recording
hardware errors?

 +
 +mem_err = (struct cper_sec_mem_err *) (gdata + 1);
 +
 +/* In order to simplify simulation, hardcode the CPER section to 
 memory
 + * section.
 + */
 +mem_err->validation_bits |= CPER_MEM_VALID_ERROR_TYPE;
 +mem_err->error_type = 3;
>>
>> (58) Is this supposed to stand for "Multi-bit ECC" (from "N.2.5 Memory 
>> Error Section" in UEFI 2.6)? Should we have a macro for that?

> Yes, it is. What do you mean a macro?

A #define for the integer value 3.

> For all the errors that happen in the guest OS, in order to simulate
> easy, I abstract all the error section to memory section, even though
> the error section is processor or other section.
Why is that a valid thing to do? (I'm not doubting it is valid, I'm just
asking.) Will that not confuse the ACPI subsystem of the guest OS?

> I do not know whether do you have some suggestion for that.
Well I would have thought (without any expertise on the subject) that
hardware errors from the host side should be mapped to the guest more or
less "type correct". IOW, it looks strange that, say, a CPU error is
reported as a memory error. But this is just an uneducated guess.

 +mem_err->validation_bits |= CPER_MEM_VALID_CARD | 
 CPER_MEM_VALID_MODULE |
 +CPER_MEM_VALID_BANK | CPER_MEM_VALID_ROW |
 +CPER_MEM_VALID_COLUMN | CPER_MEM_VALID_BIT_POSITION;
 +mem_err->card = 1;
 +mem_err->module = 2;
 +mem_err->bank = 3;
 +mem_err->row = 1;
 +mem_err->column = 2;
 +mem_err->bit_pos = 5;
>>
>> (60) I have no idea where these values come from.

> For all the errors that happen in the guest OS, in order to simulate
> easy, I abstract all the error section to memory section, and hard
> code the memory section error value as above.
Sure, but why is that safe? Will the guest OS not want to do something
about these error details? If we are feeding the guest OS invalid error
details, will that not lead to confusion?

>> (64) What does "reqr" stand for?
> It stand for the request size.
Can you please call it "req_size" or something similar? The English
expression

  request size

contains only one "r" letter, so it's hard to understand where the
second "r" in "reqr" comes from.

Thanks,
Laszlo

Re: [Qemu-devel] [PATCH v3 1/2] iotests: Use absolute paths for executables

[Max Reitz]

On 2017-05-29 17:55, Eric Blake wrote:
> On 05/29/2017 10:46 AM, Max Reitz wrote:
> 
>>> If you switch all of these to $(realpath -- "$(type -p "$QEMU_...")"),
>>> you can add:
>>
>> I'd love to, but this is what type -p outputs for me:
>>
>> $ type -p qemu-img
>> qemu-img is /usr/bin/qemu-img
> 
> Huh? That's plain 'type' output.  Are you sure you're testing 'type -p'?
> 
> $ PATH=$PATH# to forcefully clear bash's cache
> $ type qemu-img
> qemu-img is /usr/bin/qemu-img
> $ type -p qemu-img
> /usr/bin/qemu-img
> $ qemu-img --help >/dev/null   # to repopulate qemu-img into the cache
> $ type qemu-img
> qemu-img is hashed (/usr/bin/qemu-img)
> $ type -p qemu-img
> /usr/bin/qemu-img
> 
>>
>> So I would need to parse the result (and it depends on the locale). If
>> that is indeed so, I'd rather stay with which, to be honest...
> 
> Plain 'type' does have to be parsed, but 'type -p' is required to be
> machine-usable.

Oops. I tested it (both with -p and without) on zsh, then on bash, and I
forgot the -p on bash. Well, I'm going to trust you, then. O:-)

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v3 1/2] iotests: Use absolute paths for executables

[Eric Blake]

On 05/29/2017 10:46 AM, Max Reitz wrote:

>> If you switch all of these to $(realpath -- "$(type -p "$QEMU_...")"),
>> you can add:
> 
> I'd love to, but this is what type -p outputs for me:
> 
> $ type -p qemu-img
> qemu-img is /usr/bin/qemu-img

Huh? That's plain 'type' output.  Are you sure you're testing 'type -p'?

$ PATH=$PATH# to forcefully clear bash's cache
$ type qemu-img
qemu-img is /usr/bin/qemu-img
$ type -p qemu-img
/usr/bin/qemu-img
$ qemu-img --help >/dev/null   # to repopulate qemu-img into the cache
$ type qemu-img
qemu-img is hashed (/usr/bin/qemu-img)
$ type -p qemu-img
/usr/bin/qemu-img

> 
> So I would need to parse the result (and it depends on the locale). If
> that is indeed so, I'd rather stay with which, to be honest...

Plain 'type' does have to be parsed, but 'type -p' is required to be
machine-usable.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] Throttling groups vs filter nodes

[Kevin Wolf]

Am 27.05.2017 um 09:56 hat Stefan Hajnoczi geschrieben:
> Throttling groups allow multiple drives to share the same throttling
> state (i.e. budget) between them.  Manos is working on moving the
> throttling code into a block filter driver so it is no longer
> hardcoded into the I/O code path.
> 
> Throttling groups are not defined explicitly using -object syntax.
> Instead they are brought into existence by referring to them by name:
> -drive throttling.group=group0.

We could still add -object for throttling groups if that allows us to
use a cleaner syntax.

> A quirk in the current implementation is that the throttling limits
> for the group are overwritten by each -drive throttling.group=group0.
> Limits for all but the last -drive in a group are ignored.
> 
> There is no way to associate with an existing throttling group while
> keeping current limits in place.  The caller must pass in desired
> limits with at least the last -drive (and with every hotplugged
> drive).
> 
> The new throttling filter node could do things differently:
> If *no* limits were specified (i.e. iops, bps, etc) then keep existing
> limits for the group in place.
> 
> These semantics are more convenient - especially for hotplugging
> drives after the guest has launched.
> 
> Manos: I suggest implementing this new behavior when you write the
> throttling filter driver.  The code needs to check that all throttle
> cfg fields are 0.  There are no backwards compatibility concerns since
> the throttle filter is new and existing users don't rely on it.

If we implement things this way, we shouldn't test that all fields are
0, but that the limits are simply not given. In QAPI, I think we get
something like this then:

{ 'struct': 'BlockdevOptionsThrottle',
  'data': { 'image': 'BlockdevRef',
'*limits': 'ThrottleLimits',
'*group': 'str' } }

Callers must either pass 'limits' or 'group', but formally they are both
optional. The first time that a group is referenced, giving limits as
well is mandatory, afterwards it is forbidden.

If we use a separate QOM object with -object, it always becomes either
limits or groups, i.e. we could use a QAPI union here.


Another interesting question is how the limits are updated after
creating the first throttle node of the group. With -object, I guess
this would simply become qom-set commands.

Without it, we would probably want to use bdrv_reopen() - with some
strange effects like bdrv_reopen() of one throttle node affecting other
throttle nodes, even though their bs->options/explicit_options don't
represent this. Another bdrv_reopen() on a second throttling node, even
if it just wants to update some unrelated option, say 'read-only', could
end up switching throttling back to old configuration values as they are
recorded in that other node's bs->options. Requiring that limits can
only be changed via the node that initially created the group isn't a
solution either because it could have been closed while the throttle
group is still in use by different images.

After writing this, my gut feeling is that -object might well be worth
it.

Kevin

Re: [Qemu-devel] [PATCH 09/25] block/dirty-bitmap: add readonly field to BdrvDirtyBitmap

[Max Reitz]

On 2017-05-03 14:25, Vladimir Sementsov-Ogievskiy wrote:
> It will be needed in following commits for persistent bitmaps.
> If bitmap is loaded from read-only storage (and we can't mark it
> "in use" in this storage) corresponding BdrvDirtyBitmap should be
> read-only.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
>  block/dirty-bitmap.c | 16 
>  include/block/dirty-bitmap.h |  3 +++
>  2 files changed, 19 insertions(+)

Reviewed-by: Max Reitz 



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v3 1/2] iotests: Use absolute paths for executables

[Max Reitz]

On 2017-05-29 17:42, Eric Blake wrote:
> On 05/29/2017 10:23 AM, Max Reitz wrote:
>> A user may specify a relative path for accessing qemu, qemu-img, etc.
>> through environment variables ($QEMU_PROG and friends) or a symlink.
>>
>> If a test decides to change its working directory, relative paths will
>> cease to work, however. Work around this by making all of the paths to
>> programs that should undergo testing absolute. Besides "realpath", we
>> also have to use "which" to support programs in $PATH.
> 
> 'type -p' is more portable than 'which' - especially since our scripts
> are bash scripts, and type is a bash builtin while which is not.
> 
>>
>> As a side effect, this fixes specifying these programs as symlinks for
>> out-of-tree builds: Before, you would have to create two symlinks, one
>> in the build and one in the source tree (the first one for common.config
>> to find, the second one for the iotest to use). Now it is sufficient to
>> create one in the build tree because common.config will resolve it.
>>
>> Reported-by: Kevin Wolf 
>> Signed-off-by: Max Reitz 
>> ---
>>  tests/qemu-iotests/common.config | 6 ++
>>  1 file changed, 6 insertions(+)
>>
>> diff --git a/tests/qemu-iotests/common.config 
>> b/tests/qemu-iotests/common.config
>> index d1b45f5..08aac56 100644
>> --- a/tests/qemu-iotests/common.config
>> +++ b/tests/qemu-iotests/common.config
>> @@ -103,6 +103,12 @@ if [ -z "$QEMU_VXHS_PROG" ]; then
>>  export QEMU_VXHS_PROG="`set_prog_path qnio_server`"
>>  fi
>>  
>> +export QEMU_PROG=$(realpath "$(which "$QEMU_PROG")")
>> +export QEMU_IMG_PROG=$(realpath "$(which "$QEMU_IMG_PROG")")
>> +export QEMU_IO_PROG=$(realpath "$(which "$QEMU_IO_PROG")")
>> +export QEMU_NBD_PROG=$(realpath "$(which "$QEMU_NBD_PROG")")
>> +export QEMU_VXHS_PROG=$(realpath "$(which "$QEMU_VXHS_PROG")")
> 
> If you switch all of these to $(realpath -- "$(type -p "$QEMU_...")"),
> you can add:

I'd love to, but this is what type -p outputs for me:

$ type -p qemu-img
qemu-img is /usr/bin/qemu-img

So I would need to parse the result (and it depends on the locale). If
that is indeed so, I'd rather stay with which, to be honest...

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v3 1/2] iotests: Use absolute paths for executables

[Eric Blake]

On 05/29/2017 10:23 AM, Max Reitz wrote:
> A user may specify a relative path for accessing qemu, qemu-img, etc.
> through environment variables ($QEMU_PROG and friends) or a symlink.
> 
> If a test decides to change its working directory, relative paths will
> cease to work, however. Work around this by making all of the paths to
> programs that should undergo testing absolute. Besides "realpath", we
> also have to use "which" to support programs in $PATH.

'type -p' is more portable than 'which' - especially since our scripts
are bash scripts, and type is a bash builtin while which is not.

> 
> As a side effect, this fixes specifying these programs as symlinks for
> out-of-tree builds: Before, you would have to create two symlinks, one
> in the build and one in the source tree (the first one for common.config
> to find, the second one for the iotest to use). Now it is sufficient to
> create one in the build tree because common.config will resolve it.
> 
> Reported-by: Kevin Wolf 
> Signed-off-by: Max Reitz 
> ---
>  tests/qemu-iotests/common.config | 6 ++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/tests/qemu-iotests/common.config 
> b/tests/qemu-iotests/common.config
> index d1b45f5..08aac56 100644
> --- a/tests/qemu-iotests/common.config
> +++ b/tests/qemu-iotests/common.config
> @@ -103,6 +103,12 @@ if [ -z "$QEMU_VXHS_PROG" ]; then
>  export QEMU_VXHS_PROG="`set_prog_path qnio_server`"
>  fi
>  
> +export QEMU_PROG=$(realpath "$(which "$QEMU_PROG")")
> +export QEMU_IMG_PROG=$(realpath "$(which "$QEMU_IMG_PROG")")
> +export QEMU_IO_PROG=$(realpath "$(which "$QEMU_IO_PROG")")
> +export QEMU_NBD_PROG=$(realpath "$(which "$QEMU_NBD_PROG")")
> +export QEMU_VXHS_PROG=$(realpath "$(which "$QEMU_VXHS_PROG")")

If you switch all of these to $(realpath -- "$(type -p "$QEMU_...")"),
you can add:

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 08/25] qcow2: add bitmaps extension

[Max Reitz]

On 2017-05-03 14:25, Vladimir Sementsov-Ogievskiy wrote:
> Add bitmap extension as specified in docs/specs/qcow2.txt.
> For now, just mirror extension header into Qcow2 state and check
> constraints. Also, calculate refcounts for qcow2 bitmaps, to not break
> qemu-img check.
> 
> For now, disable image resize if it has bitmaps. It will be fixed later.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> Reviewed-by: Max Reitz 
> Reviewed-by: John Snow 
> ---
>  block/Makefile.objs|   2 +-
>  block/qcow2-bitmap.c   | 439 
> +
>  block/qcow2-refcount.c |   6 +
>  block/qcow2.c  | 124 +-
>  block/qcow2.h  |  27 +++
>  5 files changed, 592 insertions(+), 6 deletions(-)
>  create mode 100644 block/qcow2-bitmap.c

[...]

> diff --git a/block/qcow2.c b/block/qcow2.c
> index 6a92d2ef3f..6028e9a149 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c

[...]

> @@ -2542,6 +2649,13 @@ static int qcow2_truncate(BlockDriverState *bs, 
> int64_t offset)
>  return -ENOTSUP;
>  }
>  
> +/* cannot proceed if image has bitmaps */
> +if (s->nb_bitmaps) {
> +/* TODO: resize bitmaps in the image */
> +error_report("Can't resize an image which has bitmaps");

Minor note: This needs to be error_setg(errp, ...); now...

> +return -ENOTSUP;
> +}
> +
>  /* shrinking is currently not supported */
>  if (offset < bs->total_sectors * 512) {
>  error_report("qcow2 doesn't support shrinking images yet");

...as does this (which blocks the patch from being applicable).

(But please keep my R-b.)

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v3 1/4] ACPI: Add APEI GHES Table Generation support

[gengdongjiu]

Dear Laszlo,
  Thank your very much for your review and detailed comment. and very sorry for 
the late response due to recently debug the wholes RAS solution. 

On 2017/5/22 22:23, Laszlo Ersek wrote:
> Keeping some context:
> 
> On 05/12/17 23:00, Laszlo Ersek wrote:
>> On 04/30/17 07:35, Dongjiu Geng wrote:
>>> This implements APEI GHES Table by passing the error cper info to 
>>> the guest via a fw_cfg_blob. After a CPER info is added, an SEA/SEI 
>>> exception will be injected into the guest OS.
>>>
>>> Below is the table layout, the max number of error soure is 11, 
>>> which is classified by notification type.
>>>
>>> etc/acpi/tables etc/hardware_errors
>>>  ==
>>>  +---+
>>> +--+ | address   | +-> +--+
>>> |HEST  + | registers | |   | Error Status |
>>> + ++ | +-+ |   | Data Block 1 |
>>> | | GHES1  | --> | |address1 | +   | ++
>>> | | GHES2  | --> | |address2 | --+ | |  CPER  |
>>> | | GHES3  | --> | |address3 | + | | |  CPER  |
>>> | |    | --> | | ... | | | | |  CPER  |
>>> | | GHES10 | --> | |address10| -+  | | | |  CPER  |
>>> +-++ +-+-+  |  | | +-++
>>> |  | |
>>> |  | +---> +--+
>>> |  |   | Error Status |
>>> |  |   | Data Block 2 |
>>> |  |   | ++
>>> |  |   | |  CPER  |
>>> |  |   | |  CPER  |
>>> |  |   +-++
>>> |  |
>>> |  +-> +--+
>>> |  | Error Status |
>>> |  | Data Block 3 |
>>> |  | ++
>>> |  | |  CPER  |
>>> |  +-++
>>> |...
>>> +> +--+
>>>| Error Status |
>>>| Data Block 10|
>>>| ++
>>>| |  CPER  |
>>>| |  CPER  |
>>>| |  CPER  |
>>>+-++
>>>
>>> Signed-off-by: Dongjiu Geng 
>>> ---
>>>  default-configs/arm-softmmu.mak |   1 +
>>>  hw/acpi/Makefile.objs   |   1 +
>>>  hw/acpi/aml-build.c |   2 +
>>>  hw/acpi/hest_ghes.c | 203 +++
>>>  hw/arm/virt-acpi-build.c|   6 ++
>>>  include/hw/acpi/acpi-defs.h | 227 
>>> 
>>>  include/hw/acpi/aml-build.h |   1 +
>>>  include/hw/acpi/hest_ghes.h |  43 
>>>  8 files changed, 484 insertions(+)
>>>  create mode 100644 hw/acpi/hest_ghes.c  create mode 100644 
>>> include/hw/acpi/hest_ghes.h
> 
>> Next file:
>>
>>> diff --git a/include/hw/acpi/hest_ghes.h 
>>> b/include/hw/acpi/hest_ghes.h new file mode 100644 index 
>>> 000..0cadc2b
>>> --- /dev/null
>>> +++ b/include/hw/acpi/hest_ghes.h
>>> @@ -0,0 +1,43 @@
>>> +#ifndef ACPI_GHES_H
>>> +#define ACPI_GHES_H
>>> +
>>> +#include "hw/acpi/bios-linker-loader.h"
>>> +
>>> +#define GHES_ERRORS_FW_CFG_FILE  "etc/hardware_errors"
>>> +#define GHES_DATA_ADDR_FW_CFG_FILE  "etc/hardware_errors_addr"
>>> +
>>> +#define GAS_ADDRESS_OFFSET  4
>>> +#define ERROR_STATUS_ADDRESS_OFFSET 20
>>> +#define NOTIFICATION_STRUCTURE  32
>>> +
>>> +#define BFAPEI_OK   0
>>> +#define BFAPEI_FAIL 1
>>> +
>>> +/* The max number of error source, the error sources
>>> + * are classified by notification type, below is the definition
>>> + * 0 - Polled
>>> + * 1 - External Interrupt
>>> + * 2 - Local Interrupt
>>> + * 3 - SCI
>>> + * 4 - NMI
>>> + * 5 - CMCI
>>> + * 6 - MCE
>>> + * 7 - GPIO-Signal
>>> + * 8 - ARMv8 SEA
>>> + * 9 - ARMv8 SEI
>>> + * 10 - External Interrupt - GSIV
>>> + */
>>> +#define MAX_ERROR_SOURCE_COUNT_V6   11
>>
>> I'll have to review this header file more thoroughly, once I see the 
>> code that references these macros. For now, I have one comment:
>>
>> (42) I think the notification type list should be removed from this 
>> location. Also, 

[Qemu-devel] [PATCH v3 2/2] iotests: Add test for colon handling

[Max Reitz]

Reviewed-by: Eric Blake 
Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/126 | 105 +
 tests/qemu-iotests/126.out |  23 ++
 tests/qemu-iotests/group   |   1 +
 3 files changed, 129 insertions(+)
 create mode 100755 tests/qemu-iotests/126
 create mode 100644 tests/qemu-iotests/126.out

diff --git a/tests/qemu-iotests/126 b/tests/qemu-iotests/126
new file mode 100755
index 000..a2d4d6c
--- /dev/null
+++ b/tests/qemu-iotests/126
@@ -0,0 +1,105 @@
+#!/bin/bash
+#
+# Tests handling of colons in filenames (which may be confused with protocol
+# prefixes)
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=mre...@redhat.com
+
+seq="$(basename $0)"
+echo "QA output created by $seq"
+
+here="$PWD"
+status=1   # failure is the default!
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+# Needs backing file support
+_supported_fmt qcow qcow2 qed vmdk
+# This is the default protocol (and we want to test the difference between
+# colons which separate a protocol prefix from the rest and colons which are
+# just part of the filename, so we cannot test protocols which require a 
prefix)
+_supported_proto file
+_supported_os Linux
+
+echo
+echo '=== Testing plain files ==='
+echo
+
+# A colon after a slash is not a protocol prefix separator
+TEST_IMG="$TEST_DIR/a:b.$IMGFMT" _make_test_img 64M
+_rm_test_img "$TEST_DIR/a:b.$IMGFMT"
+
+# But if you want to be really sure, you can do this
+TEST_IMG="file:$TEST_DIR/a:b.$IMGFMT" _make_test_img 64M
+_rm_test_img "$TEST_DIR/a:b.$IMGFMT"
+
+
+echo
+echo '=== Testing relative backing filename resolution ==='
+echo
+
+BASE_IMG="$TEST_DIR/image:base.$IMGFMT"
+TOP_IMG="$TEST_DIR/image:top.$IMGFMT"
+
+TEST_IMG=$BASE_IMG _make_test_img 64M
+TEST_IMG=$TOP_IMG _make_test_img -b ./image:base.$IMGFMT
+
+# The default cluster size depends on the image format
+TEST_IMG=$TOP_IMG _img_info | grep -v 'cluster_size'
+
+_rm_test_img "$BASE_IMG"
+_rm_test_img "$TOP_IMG"
+
+
+# Do another test where we access both top and base without any slash in them
+echo
+pushd "$TEST_DIR" >/dev/null
+
+BASE_IMG="base.$IMGFMT"
+TOP_IMG="file:image:top.$IMGFMT"
+
+TEST_IMG=$BASE_IMG _make_test_img 64M
+TEST_IMG=$TOP_IMG _make_test_img -b "$BASE_IMG"
+
+TEST_IMG=$TOP_IMG _img_info | grep -v 'cluster_size'
+
+_rm_test_img "$BASE_IMG"
+_rm_test_img "image:top.$IMGFMT"
+
+popd >/dev/null
+
+# Note that we could also do the same test with 
BASE_IMG=file:image:base.$IMGFMT
+# -- but behavior for that case is a bit strange. Protocol-prefixed paths are
+# in a sense always absolute paths, so such paths will never be combined with
+# the path of the overlay. But since "image:base.$IMGFMT" is actually a
+# relative path, it will always be evaluated relative to qemu's CWD (but not
+# relative to the overlay!). While this is more or less intended, it is still
+# pretty strange and thus not something that is tested here.
+# (The root of the issue is the use of a relative path with a protocol prefix.
+#  This may always give you weird results because in one sense, qemu considers
+#  such paths absolute, whereas in another, they are still relative.)
+
+
+# success, all done
+echo '*** done'
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/126.out b/tests/qemu-iotests/126.out
new file mode 100644
index 000..50d7308
--- /dev/null
+++ b/tests/qemu-iotests/126.out
@@ -0,0 +1,23 @@
+QA output created by 126
+
+=== Testing plain files ===
+
+Formatting 'TEST_DIR/a:b.IMGFMT', fmt=IMGFMT size=67108864
+Formatting 'TEST_DIR/a:b.IMGFMT', fmt=IMGFMT size=67108864
+
+=== Testing relative backing filename resolution ===
+
+Formatting 'TEST_DIR/image:base.IMGFMT', fmt=IMGFMT size=67108864
+Formatting 'TEST_DIR/image:top.IMGFMT', fmt=IMGFMT size=67108864 
backing_file=./image:base.IMGFMT
+image: TEST_DIR/image:top.IMGFMT
+file format: IMGFMT
+virtual size: 64M (67108864 bytes)
+backing file: ./image:base.IMGFMT (actual path: TEST_DIR/./image:base.IMGFMT)
+
+Formatting 'base.IMGFMT', fmt=IMGFMT size=67108864
+Formatting 'file:image:top.IMGFMT', fmt=IMGFMT size=67108864 
backing_file=base.IMGFMT
+image: ./image:top.IMGFMT
+file format: IMGFMT
+virtual size: 64M (67108864 bytes)
+backing file: base.IMGFMT (actual path: ./base.IMGFMT)
+*** done
diff 

[Qemu-devel] [PATCH v3 0/2] iotests: Add test for colon handling

[Max Reitz]

This is a v3 for "block: Fix backing paths for filenames with colons".
Kevin reported that the test added there does not work if the test
programs are specified with relative paths (because the new test changes
its working directory), so we/I dropped the test from the queue and here
it is again.

The test itself is unchanged (except for the comment fixed as requested
by Eric), there is just a new patch here to make it work even if you
specify the test programs with relative paths. Bonus: It makes symlinked
programs work with out-of-tree builds.


git-backport-diff against v2:

Key:
[] : patches are identical
[] : number of functional differences between upstream/downstream patch
[down] : patch is downstream-only
The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively

001/2:[down] 'iotests: Use absolute paths for executables'
002/2:[0006] [FC] 'iotests: Add test for colon handling'


Max Reitz (2):
  iotests: Use absolute paths for executables
  iotests: Add test for colon handling

 tests/qemu-iotests/126   | 105 +++
 tests/qemu-iotests/126.out   |  23 +
 tests/qemu-iotests/common.config |   6 +++
 tests/qemu-iotests/group |   1 +
 4 files changed, 135 insertions(+)
 create mode 100755 tests/qemu-iotests/126
 create mode 100644 tests/qemu-iotests/126.out

-- 
2.9.4

[Qemu-devel] [PATCH v3 1/2] iotests: Use absolute paths for executables

[Max Reitz]

A user may specify a relative path for accessing qemu, qemu-img, etc.
through environment variables ($QEMU_PROG and friends) or a symlink.

If a test decides to change its working directory, relative paths will
cease to work, however. Work around this by making all of the paths to
programs that should undergo testing absolute. Besides "realpath", we
also have to use "which" to support programs in $PATH.

As a side effect, this fixes specifying these programs as symlinks for
out-of-tree builds: Before, you would have to create two symlinks, one
in the build and one in the source tree (the first one for common.config
to find, the second one for the iotest to use). Now it is sufficient to
create one in the build tree because common.config will resolve it.

Reported-by: Kevin Wolf 
Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/common.config | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/tests/qemu-iotests/common.config b/tests/qemu-iotests/common.config
index d1b45f5..08aac56 100644
--- a/tests/qemu-iotests/common.config
+++ b/tests/qemu-iotests/common.config
@@ -103,6 +103,12 @@ if [ -z "$QEMU_VXHS_PROG" ]; then
 export QEMU_VXHS_PROG="`set_prog_path qnio_server`"
 fi
 
+export QEMU_PROG=$(realpath "$(which "$QEMU_PROG")")
+export QEMU_IMG_PROG=$(realpath "$(which "$QEMU_IMG_PROG")")
+export QEMU_IO_PROG=$(realpath "$(which "$QEMU_IO_PROG")")
+export QEMU_NBD_PROG=$(realpath "$(which "$QEMU_NBD_PROG")")
+export QEMU_VXHS_PROG=$(realpath "$(which "$QEMU_VXHS_PROG")")
+
 _qemu_wrapper()
 {
 (
-- 
2.9.4

[Qemu-devel] [PATCH] tests: Add unit tests for the VM Generation ID feature

[Ben Warren via Qemu-devel]

From: Ben Warren 

The following tests are implemented:
* test that a GUID passed in by command line is propagated to the guest.
  Read the GUID from guest memory
* test that the "auto" argument to the GUID generates a valid GUID, as
  seen by the guest.
* test that a GUID passed in can be queried from the monitor

  This patch is loosely based on a previous patch from:
  Gal Hammer   and Igor Mammedov 

Signed-off-by: Ben Warren 
Reviewed-by: Igor Mammedov 
---

Unchanged from v8, simply rebased to current top-of-tree

 tests/Makefile.include |   2 +
 tests/vmgenid-test.c   | 200 +
 2 files changed, 202 insertions(+)
 create mode 100644 tests/vmgenid-test.c

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 75893838e5..79bf960336 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -250,6 +250,7 @@ check-qtest-i386-y += tests/usb-hcd-xhci-test$(EXESUF)
 gcov-files-i386-y += hw/usb/hcd-xhci.c
 check-qtest-i386-y += tests/pc-cpu-test$(EXESUF)
 check-qtest-i386-y += tests/q35-test$(EXESUF)
+check-qtest-i386-y += tests/vmgenid-test$(EXESUF)
 gcov-files-i386-y += hw/pci-host/q35.c
 check-qtest-i386-$(CONFIG_VHOST_NET_TEST_i386) += 
tests/vhost-user-test$(EXESUF)
 ifeq ($(CONFIG_VHOST_NET_TEST_i386),)
@@ -758,6 +759,7 @@ tests/test-uuid$(EXESUF): tests/test-uuid.o 
$(test-util-obj-y)
 tests/test-arm-mptimer$(EXESUF): tests/test-arm-mptimer.o
 tests/test-qapi-util$(EXESUF): tests/test-qapi-util.o $(test-util-obj-y)
 tests/numa-test$(EXESUF): tests/numa-test.o
+tests/vmgenid-test$(EXESUF): tests/vmgenid-test.o tests/acpi-utils.o
 
 tests/migration/stress$(EXESUF): tests/migration/stress.o
$(call quiet-command, $(LINKPROG) -static -O3 $(PTHREAD_LIB) -o $@ $< 
,"LINK","$(TARGET_DIR)$@")
diff --git a/tests/vmgenid-test.c b/tests/vmgenid-test.c
new file mode 100644
index 00..123beaea13
--- /dev/null
+++ b/tests/vmgenid-test.c
@@ -0,0 +1,200 @@
+/*
+ * QTest testcase for VM Generation ID
+ *
+ * Copyright (c) 2016 Red Hat, Inc.
+ * Copyright (c) 2017 Skyport Systems
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include 
+#include 
+#include 
+#include "qemu/osdep.h"
+#include "qemu/bitmap.h"
+#include "qemu/uuid.h"
+#include "hw/acpi/acpi-defs.h"
+#include "acpi-utils.h"
+#include "libqtest.h"
+
+#define VGID_GUID "324e6eaf-d1d1-4bf6-bf41-b9bb6c91fb87"
+#define VMGENID_GUID_OFFSET 40   /* allow space for
+  * OVMF SDT Header Probe Supressor
+  */
+#define RSDP_ADDR_INVALID 0x10 /* RSDP must be below this address */
+#define RSDP_SLEEP_US 10   /* Sleep for 100ms between tries */
+#define RSDP_TRIES_MAX100  /* Max total time is 10 seconds */
+
+typedef struct {
+AcpiTableHeader header;
+gchar name_op;
+gchar vgia[4];
+gchar val_op;
+uint32_t vgia_val;
+} QEMU_PACKED VgidTable;
+
+static uint32_t acpi_find_vgia(void)
+{
+uint32_t off;
+AcpiRsdpDescriptor rsdp_table;
+uint32_t rsdt;
+AcpiRsdtDescriptorRev1 rsdt_table;
+int tables_nr;
+uint32_t *tables;
+AcpiTableHeader ssdt_table;
+VgidTable vgid_table;
+int i;
+
+/* Tables may take a short time to be set up by the guest */
+for (i = 0; i < RSDP_TRIES_MAX; i++) {
+off = acpi_find_rsdp_address();
+if (off < RSDP_ADDR_INVALID) {
+break;
+}
+g_usleep(RSDP_SLEEP_US);
+}
+g_assert_cmphex(off, <, RSDP_ADDR_INVALID);
+
+acpi_parse_rsdp_table(off, _table);
+
+rsdt = rsdp_table.rsdt_physical_address;
+/* read the header */
+ACPI_READ_TABLE_HEADER(_table, rsdt);
+ACPI_ASSERT_CMP(rsdt_table.signature, "RSDT");
+
+/* compute the table entries in rsdt */
+tables_nr = (rsdt_table.length - sizeof(AcpiRsdtDescriptorRev1)) /
+sizeof(uint32_t);
+g_assert_cmpint(tables_nr, >, 0);
+
+/* get the addresses of the tables pointed by rsdt */
+tables = g_new0(uint32_t, tables_nr);
+ACPI_READ_ARRAY_PTR(tables, tables_nr, rsdt);
+
+for (i = 0; i < tables_nr; i++) {
+ACPI_READ_TABLE_HEADER(_table, tables[i]);
+if (!strncmp((char *)ssdt_table.oem_table_id, "VMGENID", 7)) {
+/* the first entry in the table should be VGIA
+ * That's all we need
+ */
+ACPI_READ_FIELD(vgid_table.name_op, tables[i]);
+g_assert(vgid_table.name_op == 0x08);  /* name */
+ACPI_READ_ARRAY(vgid_table.vgia, tables[i]);
+g_assert(memcmp(vgid_table.vgia, "VGIA", 4) == 0);
+ACPI_READ_FIELD(vgid_table.val_op, tables[i]);
+g_assert(vgid_table.val_op == 0x0C);  /* dword */
+ACPI_READ_FIELD(vgid_table.vgia_val, tables[i]);
+/* The 

[Qemu-devel] [PULL 14/15] block: Fix backing paths for filenames with colons

[Kevin Wolf]

From: Max Reitz 

path_combine() naturally tries to preserve a protocol prefix. However,
it recognizes such a prefix by scanning for the first colon; which is
different from what path_has_protocol() does: There only is a protocol
prefix if there is a colon before the first slash.

A protocol prefix that is not recognized by path_has_protocol() is none,
and should thus not be taken as one.

Case in point, before this patch:
$ ./qemu-img create -f qcow2 -b backing.qcow2 ./top:image.qcow2
qemu-img: ./top:image.qcow2: Could not open './top:backing.qcow2':
No such file or directory

Afterwards:
$ ./qemu-img create -f qcow2 -b backing.qcow2 ./top:image.qcow2
qemu-img: ./top:image.qcow2: Could not open './backing.qcow2':
No such file or directory

Reported-by: yangyang 
Signed-off-by: Max Reitz 
Reviewed-by: Eric Blake 
Message-id: 20170522195217.12991-2-mre...@redhat.com
Signed-off-by: Max Reitz 
---
 block.c | 15 ++-
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/block.c b/block.c
index 50ba264..b72b872 100644
--- a/block.c
+++ b/block.c
@@ -163,11 +163,16 @@ void path_combine(char *dest, int dest_size,
 if (path_is_absolute(filename)) {
 pstrcpy(dest, dest_size, filename);
 } else {
-p = strchr(base_path, ':');
-if (p)
-p++;
-else
-p = base_path;
+const char *protocol_stripped = NULL;
+
+if (path_has_protocol(base_path)) {
+protocol_stripped = strchr(base_path, ':');
+if (protocol_stripped) {
+protocol_stripped++;
+}
+}
+p = protocol_stripped ?: base_path;
+
 p1 = strrchr(base_path, '/');
 #ifdef _WIN32
 {
-- 
1.8.3.1

[Qemu-devel] [PULL 15/15] block/file-*: *_parse_filename() and colons

[Kevin Wolf]

From: Max Reitz 

The file drivers' *_parse_filename() implementations just strip the
optional protocol prefix off the filename. However, for e.g.
"file:foo:bar", this would lead to "foo:bar" being stored as the BDS's
filename which looks like it should be managed using the "foo" protocol.
This is especially troublesome if you then try to resolve a backing
filename based on "foo:bar".

This issue can only occur if the stripped part is a relative filename
("file:/foo:bar" will be shortened to "/foo:bar" and having a slash
before the first colon means that "/foo" is not recognized as a protocol
part). Therefore, we can easily fix it by prepending "./" to such
filenames.

Before this patch:
$ ./qemu-img create -f qcow2 backing.qcow2 64M
Formatting 'backing.qcow2', fmt=qcow2 size=67108864 encryption=off
cluster_size=65536 lazy_refcounts=off refcount_bits=16
$ ./qemu-img create -f qcow2 -b backing.qcow2 file:top:image.qcow2
Formatting 'file:top:image.qcow2', fmt=qcow2 size=67108864
backing_file=backing.qcow2 encryption=off cluster_size=65536
lazy_refcounts=off refcount_bits=16
$ ./qemu-io file:top:image.qcow2
can't open device file:top:image.qcow2: Could not open backing file:
Unknown protocol 'top'

After this patch:
$ ./qemu-io file:top:image.qcow2
[no error]

Signed-off-by: Max Reitz 
Message-id: 20170522195217.12991-3-mre...@redhat.com
Reviewed-by: Eric Blake 
Signed-off-by: Max Reitz 
---
 block.c   | 35 +++
 block/file-posix.c| 17 +++--
 block/file-win32.c| 12 ++--
 include/block/block_int.h |  3 +++
 4 files changed, 43 insertions(+), 24 deletions(-)

diff --git a/block.c b/block.c
index b72b872..fa1d06d 100644
--- a/block.c
+++ b/block.c
@@ -197,6 +197,41 @@ void path_combine(char *dest, int dest_size,
 }
 }
 
+/*
+ * Helper function for bdrv_parse_filename() implementations to remove optional
+ * protocol prefixes (especially "file:") from a filename and for putting the
+ * stripped filename into the options QDict if there is such a prefix.
+ */
+void bdrv_parse_filename_strip_prefix(const char *filename, const char *prefix,
+  QDict *options)
+{
+if (strstart(filename, prefix, )) {
+/* Stripping the explicit protocol prefix may result in a protocol
+ * prefix being (wrongly) detected (if the filename contains a colon) 
*/
+if (path_has_protocol(filename)) {
+QString *fat_filename;
+
+/* This means there is some colon before the first slash; 
therefore,
+ * this cannot be an absolute path */
+assert(!path_is_absolute(filename));
+
+/* And we can thus fix the protocol detection issue by prefixing it
+ * by "./" */
+fat_filename = qstring_from_str("./");
+qstring_append(fat_filename, filename);
+
+assert(!path_has_protocol(qstring_get_str(fat_filename)));
+
+qdict_put(options, "filename", fat_filename);
+} else {
+/* If no protocol prefix was detected, we can use the shortened
+ * filename as-is */
+qdict_put_str(options, "filename", filename);
+}
+}
+}
+
+
 /* Returns whether the image file is opened as read-only. Note that this can
  * return false and writing to the image file is still not possible because the
  * image is inactivated. */
diff --git a/block/file-posix.c b/block/file-posix.c
index 4354d49..de2d3a2 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -381,12 +381,7 @@ static void raw_parse_flags(int bdrv_flags, int 
*open_flags)
 static void raw_parse_filename(const char *filename, QDict *options,
Error **errp)
 {
-/* The filename does not have to be prefixed by the protocol name, since
- * "file" is the default protocol; therefore, the return value of this
- * function call can be ignored. */
-strstart(filename, "file:", );
-
-qdict_put_str(options, "filename", filename);
+bdrv_parse_filename_strip_prefix(filename, "file:", options);
 }
 
 static QemuOptsList raw_runtime_opts = {
@@ -2395,10 +2390,7 @@ static int check_hdev_writable(BDRVRawState *s)
 static void hdev_parse_filename(const char *filename, QDict *options,
 Error **errp)
 {
-/* The prefix is optional, just as for "file". */
-strstart(filename, "host_device:", );
-
-qdict_put_str(options, "filename", filename);
+bdrv_parse_filename_strip_prefix(filename, "host_device:", options);
 }
 
 static bool hdev_is_sg(BlockDriverState *bs)
@@ -2697,10 +2689,7 @@ static BlockDriver bdrv_host_device = {
 static void cdrom_parse_filename(const char *filename, QDict *options,
  Error **errp)
 {
-/* The prefix is optional, just as for "file". */
-strstart(filename, 

[Qemu-devel] [PULL 12/15] qemu-img: Fix leakage of options on error

[Kevin Wolf]

From: Fam Zheng 

Reported by Coverity.

Signed-off-by: Fam Zheng 
Message-id: 20170515141014.25793-1-f...@redhat.com
Reviewed-by: Eric Blake 
Signed-off-by: Max Reitz 
---
 qemu-img.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/qemu-img.c b/qemu-img.c
index 0bf941b..5aef8ef 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -295,6 +295,7 @@ static BlockBackend *img_open_opts(const char *optstr,
 if (qdict_haskey(options, BDRV_OPT_FORCE_SHARE)
 && !qdict_get_bool(options, BDRV_OPT_FORCE_SHARE)) {
 error_report("--force-share/-U conflicts with image options");
+QDECREF(options);
 return NULL;
 }
 qdict_put(options, BDRV_OPT_FORCE_SHARE, qbool_from_bool(true));
-- 
1.8.3.1

[Qemu-devel] [PULL 06/15] qcow2: remove extra local_error variable

[Kevin Wolf]

From: Alberto Garcia 

Commit d7086422b1c1e75e320519cfe26176db6ec97a37 added a local_err
variable global to the qcow2_amend_options() function, so there's no
need to have this other one.

Signed-off-by: Alberto Garcia 
Message-id: 20170511150337.21470-1-be...@igalia.com
Reviewed-by: Eric Blake 
Signed-off-by: Max Reitz 
---
 block/qcow2.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/block/qcow2.c b/block/qcow2.c
index a8d61f0..b3ba5da 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -3222,7 +3222,6 @@ static int qcow2_amend_options(BlockDriverState *bs, 
QemuOpts *opts,
 
 if (s->refcount_bits != refcount_bits) {
 int refcount_order = ctz32(refcount_bits);
-Error *local_error = NULL;
 
 if (new_version < 3 && refcount_bits != 16) {
 error_report("Different refcount widths than 16 bits require "
@@ -3234,9 +3233,9 @@ static int qcow2_amend_options(BlockDriverState *bs, 
QemuOpts *opts,
 helper_cb_info.current_operation = QCOW2_CHANGING_REFCOUNT_ORDER;
 ret = qcow2_change_refcount_order(bs, refcount_order,
   _amend_helper_cb,
-  _cb_info, _error);
+  _cb_info, _err);
 if (ret < 0) {
-error_report_err(local_error);
+error_report_err(local_err);
 return ret;
 }
 }
-- 
1.8.3.1

[Qemu-devel] [PULL 11/15] qemu-img: copy *key-secret opts when opening newly created files

[Kevin Wolf]

From: "Daniel P. Berrange" 

The qemu-img dd/convert commands will create an image file and
then try to open it. Historically it has been possible to open
new files without passing any options. With encrypted files
though, the *key-secret options are mandatory, so we need to
provide those options when opening the newly created file.

Signed-off-by: Daniel P. Berrange 
Message-id: 20170515164712.6643-5-berra...@redhat.com
Reviewed-by: Max Reitz 
Signed-off-by: Max Reitz 
---
 qemu-img.c | 42 +-
 1 file changed, 37 insertions(+), 5 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index e0e3d31..0bf941b 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -314,14 +314,17 @@ static BlockBackend *img_open_opts(const char *optstr,
 }
 
 static BlockBackend *img_open_file(const char *filename,
+   QDict *options,
const char *fmt, int flags,
bool writethrough, bool quiet,
bool force_share)
 {
 BlockBackend *blk;
 Error *local_err = NULL;
-QDict *options = qdict_new();
 
+if (!options) {
+options = qdict_new();
+}
 if (fmt) {
 qdict_put_str(options, "driver", fmt);
 }
@@ -344,6 +347,35 @@ static BlockBackend *img_open_file(const char *filename,
 }
 
 
+static int img_add_key_secrets(void *opaque,
+   const char *name, const char *value,
+   Error **errp)
+{
+QDict *options = opaque;
+
+if (g_str_has_suffix(name, "key-secret")) {
+qdict_put(options, name, qstring_from_str(value));
+}
+
+return 0;
+}
+
+static BlockBackend *img_open_new_file(const char *filename,
+   QemuOpts *create_opts,
+   const char *fmt, int flags,
+   bool writethrough, bool quiet,
+   bool force_share)
+{
+QDict *options = NULL;
+
+options = qdict_new();
+qemu_opt_foreach(create_opts, img_add_key_secrets, options, _abort);
+
+return img_open_file(filename, options, fmt, flags, writethrough, quiet,
+ force_share);
+}
+
+
 static BlockBackend *img_open(bool image_opts,
   const char *filename,
   const char *fmt, int flags, bool writethrough,
@@ -364,7 +396,7 @@ static BlockBackend *img_open(bool image_opts,
 blk = img_open_opts(filename, opts, flags, writethrough, quiet,
 force_share);
 } else {
-blk = img_open_file(filename, fmt, flags, writethrough, quiet,
+blk = img_open_file(filename, NULL, fmt, flags, writethrough, quiet,
 force_share);
 }
 return blk;
@@ -2286,8 +2318,8 @@ static int img_convert(int argc, char **argv)
  * That has to wait for bdrv_create to be improved
  * to allow filenames in option syntax
  */
-s.target = img_open_file(out_filename, out_fmt, flags,
- writethrough, quiet, false);
+s.target = img_open_new_file(out_filename, opts, out_fmt,
+ flags, writethrough, quiet, false);
 }
 if (!s.target) {
 ret = -1;
@@ -4351,7 +4383,7 @@ static int img_dd(int argc, char **argv)
  * with the bdrv_create() call above which does not
  * support image-opts style.
  */
-blk2 = img_open_file(out.filename, out_fmt, BDRV_O_RDWR,
+blk2 = img_open_file(out.filename, NULL, out_fmt, BDRV_O_RDWR,
  false, false, false);
 
 if (!blk2) {
-- 
1.8.3.1

[Qemu-devel] [PULL 07/15] qemu-img: Fix documentation of convert

[Kevin Wolf]

From: Fam Zheng 

It got lost in commit a8d16f9ca "qemu-img: Update documentation for -U".

Reported-by: Max Reitz 
Signed-off-by: Fam Zheng 
Message-id: 20170515103551.31313-1-f...@redhat.com
Reviewed-by: Eric Blake 
Signed-off-by: Max Reitz 
---
 qemu-img-cmds.hx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
index e5bc28f..31141f9 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -40,9 +40,9 @@ STEXI
 ETEXI
 
 DEF("convert", img_convert,
-"convert [--object objectdef] [--image-opts] [-U] [-c] [-p] [-q] [-n] [-f 
fmt] [-t cache] [-T src_cache] [-O output_fmt] [-o options] [-s 
snapshot_id_or_name] [-l snapshot_param] [-S sparse_size] [-m num_coroutines] 
[-W] filename [filename2 [...]] output_filename")
+"convert [--object objectdef] [--image-opts] [-U] [-c] [-p] [-q] [-n] [-f 
fmt] [-t cache] [-T src_cache] [-O output_fmt] [-B backing_file] [-o options] 
[-s snapshot_id_or_name] [-l snapshot_param] [-S sparse_size] [-m 
num_coroutines] [-W] filename [filename2 [...]] output_filename")
 STEXI
-@item convert [--object @var{objectdef}] [--image-opts] [-U] [-c] [-p] [-q] 
[-n] [-f @var{fmt}] [-t @var{cache}] [-T @var{src_cache}] [-O @var{output_fmt}] 
[-o @var{options}] [-s @var{snapshot_id_or_name}] [-l @var{snapshot_param}] [-S 
@var{sparse_size}] [-m @var{num_coroutines}] [-W] @var{filename} 
[@var{filename2} [...]] @var{output_filename}
+@item convert [--object @var{objectdef}] [--image-opts] [-U] [-c] [-p] [-q] 
[-n] [-f @var{fmt}] [-t @var{cache}] [-T @var{src_cache}] [-O @var{output_fmt}] 
[-B @var{backing_file}] [-o @var{options}] [-s @var{snapshot_id_or_name}] [-l 
@var{snapshot_param}] [-S @var{sparse_size}] [-m @var{num_coroutines}] [-W] 
@var{filename} [@var{filename2} [...]] @var{output_filename}
 ETEXI
 
 DEF("dd", img_dd,
-- 
1.8.3.1

[Qemu-devel] [PULL 13/15] block: Tweak error message related to qemu-img amend

[Kevin Wolf]

From: Eric Blake 

When converting a 1.1 image down to 0.10, qemu-iotests 060 forces
a contrived failure where allocating a cluster used to replace a
zero cluster reads unaligned data.  Since it is a zero cluster
rather than a data cluster being converted, changing the error
message to match our earlier change in 'qcow2: Make distinction
between zero cluster types obvious' is worthwhile.

Suggested-by: Max Reitz 
Signed-off-by: Eric Blake 
Message-id: 20170508171302.17805-1-ebl...@redhat.com
[mreitz: Commit message fixes]
Signed-off-by: Max Reitz 
---
 block/qcow2-cluster.c  | 3 ++-
 tests/qemu-iotests/060.out | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 347d94b..d779ea1 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -1797,7 +1797,8 @@ static int expand_zero_clusters_in_l1(BlockDriverState 
*bs, uint64_t *l1_table,
 }
 
 if (offset_into_cluster(s, offset)) {
-qcow2_signal_corruption(bs, true, -1, -1, "Data cluster offset 
"
+qcow2_signal_corruption(bs, true, -1, -1,
+"Cluster allocation offset "
 "%#" PRIx64 " unaligned (L2 offset: %#"
 PRIx64 ", L2 index: %#x)", offset,
 l2_offset, j);
diff --git a/tests/qemu-iotests/060.out b/tests/qemu-iotests/060.out
index 9e8f5b9..3bc1461 100644
--- a/tests/qemu-iotests/060.out
+++ b/tests/qemu-iotests/060.out
@@ -143,7 +143,7 @@ read failed: Input/output error
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
 wrote 65536/65536 bytes at offset 0
 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-qcow2: Marking image as corrupt: Data cluster offset 0x52a00 unaligned (L2 
offset: 0x4, L2 index: 0); further corruption events will be suppressed
+qcow2: Marking image as corrupt: Cluster allocation offset 0x52a00 unaligned 
(L2 offset: 0x4, L2 index: 0); further corruption events will be suppressed
 qemu-img: Error while amending options: Input/output error
 
 === Testing unaligned reftable entry ===
-- 
1.8.3.1

[Qemu-devel] [PULL 10/15] qemu-img: introduce --target-image-opts for 'convert' command

[Kevin Wolf]

From: "Daniel P. Berrange" 

The '--image-opts' flag indicates whether the source filename
includes options. The target filename has to remain in the
plain filename format though, since it needs to be passed to
bdrv_create().  When using --skip-create though, it would be
possible to use image-opts syntax. This adds --target-image-opts
to indicate that the target filename includes options. Currently
this mandates use of the --skip-create flag too.

Signed-off-by: Daniel P. Berrange 
Message-id: 20170515164712.6643-4-berra...@redhat.com
Reviewed-by: Max Reitz 
Reviewed-by: Eric Blake 
Signed-off-by: Max Reitz 
---
 qemu-img-cmds.hx |  4 +--
 qemu-img.c   | 84 ++--
 qemu-img.texi| 12 ++--
 3 files changed, 69 insertions(+), 31 deletions(-)

diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
index 31141f9..a39fcdb 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -40,9 +40,9 @@ STEXI
 ETEXI
 
 DEF("convert", img_convert,
-"convert [--object objectdef] [--image-opts] [-U] [-c] [-p] [-q] [-n] [-f 
fmt] [-t cache] [-T src_cache] [-O output_fmt] [-B backing_file] [-o options] 
[-s snapshot_id_or_name] [-l snapshot_param] [-S sparse_size] [-m 
num_coroutines] [-W] filename [filename2 [...]] output_filename")
+"convert [--object objectdef] [--image-opts] [--target-image-opts] [-U] 
[-c] [-p] [-q] [-n] [-f fmt] [-t cache] [-T src_cache] [-O output_fmt] [-B 
backing_file] [-o options] [-s snapshot_id_or_name] [-l snapshot_param] [-S 
sparse_size] [-m num_coroutines] [-W] filename [filename2 [...]] 
output_filename")
 STEXI
-@item convert [--object @var{objectdef}] [--image-opts] [-U] [-c] [-p] [-q] 
[-n] [-f @var{fmt}] [-t @var{cache}] [-T @var{src_cache}] [-O @var{output_fmt}] 
[-B @var{backing_file}] [-o @var{options}] [-s @var{snapshot_id_or_name}] [-l 
@var{snapshot_param}] [-S @var{sparse_size}] [-m @var{num_coroutines}] [-W] 
@var{filename} [@var{filename2} [...]] @var{output_filename}
+@item convert [--object @var{objectdef}] [--image-opts] [--target-image-opts] 
[-U] [-c] [-p] [-q] [-n] [-f @var{fmt}] [-t @var{cache}] [-T @var{src_cache}] 
[-O @var{output_fmt}] [-B @var{backing_file}] [-o @var{options}] [-s 
@var{snapshot_id_or_name}] [-l @var{snapshot_param}] [-S @var{sparse_size}] [-m 
@var{num_coroutines}] [-W] @var{filename} [@var{filename2} [...]] 
@var{output_filename}
 ETEXI
 
 DEF("dd", img_dd,
diff --git a/qemu-img.c b/qemu-img.c
index 4dc1d56..e0e3d31 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -60,6 +60,7 @@ enum {
 OPTION_PATTERN = 260,
 OPTION_FLUSH_INTERVAL = 261,
 OPTION_NO_DRAIN = 262,
+OPTION_TARGET_IMAGE_OPTS = 263,
 };
 
 typedef enum OutputFormat {
@@ -1913,10 +1914,10 @@ static int convert_do_copy(ImgConvertState *s)
 static int img_convert(int argc, char **argv)
 {
 int c, bs_i, flags, src_flags = 0;
-const char *fmt = NULL, *out_fmt = "raw", *cache = "unsafe",
+const char *fmt = NULL, *out_fmt = NULL, *cache = "unsafe",
*src_cache = BDRV_DEFAULT_CACHE, *out_baseimg = NULL,
*out_filename, *out_baseimg_param, *snapshot_name = NULL;
-BlockDriver *drv, *proto_drv;
+BlockDriver *drv = NULL, *proto_drv = NULL;
 BlockDriverInfo bdi;
 BlockDriverState *out_bs;
 QemuOpts *opts = NULL, *sn_opts = NULL;
@@ -1924,7 +1925,7 @@ static int img_convert(int argc, char **argv)
 char *options = NULL;
 Error *local_err = NULL;
 bool writethrough, src_writethrough, quiet = false, image_opts = false,
- skip_create = false, progress = false;
+ skip_create = false, progress = false, tgt_image_opts = false;
 int64_t ret = -EINVAL;
 bool force_share = false;
 
@@ -1942,6 +1943,7 @@ static int img_convert(int argc, char **argv)
 {"object", required_argument, 0, OPTION_OBJECT},
 {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
 {"force-share", no_argument, 0, 'U'},
+{"target-image-opts", no_argument, 0, OPTION_TARGET_IMAGE_OPTS},
 {0, 0, 0, 0}
 };
 c = getopt_long(argc, argv, ":hf:O:B:ce6o:s:l:S:pt:T:qnm:WU",
@@ -2062,9 +2064,16 @@ static int img_convert(int argc, char **argv)
 case OPTION_IMAGE_OPTS:
 image_opts = true;
 break;
+case OPTION_TARGET_IMAGE_OPTS:
+tgt_image_opts = true;
+break;
 }
 }
 
+if (!out_fmt && !tgt_image_opts) {
+out_fmt = "raw";
+}
+
 if (qemu_opts_foreach(_object_opts,
   user_creatable_add_opts_foreach,
   NULL, NULL)) {
@@ -2076,12 +2085,22 @@ static int img_convert(int argc, char **argv)
 goto fail_getopt;
 }
 
+if (tgt_image_opts && !skip_create) {
+error_report("--target-image-opts requires use of -n flag");
+goto fail_getopt;
+}
+
 s.src_num 

[Qemu-devel] [PULL 04/15] nvme: Add support for Controller Memory Buffers

[Kevin Wolf]

From: Stephen Bates 

Implement NVMe Controller Memory Buffers (CMBs) which were added in
version 1.2 of the NVMe Specification. This patch adds an optional
argument (cmb_size_mb) which indicates the size of the CMB (in
MB). Currently only the Submission Queue Support (SQS) is enabled
which aligns with the current Linux driver for NVMe.

Signed-off-by: Stephen Bates 
Acked-by: Keith Busch 
Signed-off-by: Kevin Wolf 
---
 hw/block/nvme.c | 75 ++---
 hw/block/nvme.h | 73 +++
 2 files changed, 144 insertions(+), 4 deletions(-)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 7428db9..381dc7c 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -9,7 +9,7 @@
  */
 
 /**
- * Reference Specs: http://www.nvmexpress.org, 1.1, 1.0e
+ * Reference Specs: http://www.nvmexpress.org, 1.2, 1.1, 1.0e
  *
  *  http://www.nvmexpress.org/resources/
  */
@@ -17,7 +17,11 @@
 /**
  * Usage: add options:
  *  -drive file=,if=none,id=
- *  -device nvme,drive=,serial=,id=
+ *  -device nvme,drive=,serial=,id=, \
+ *  cmb_size_mb=
+ *
+ * Note cmb_size_mb denotes size of CMB in MB. CMB is assumed to be at
+ * offset 0 in BAR2 and supports SQS only for now.
  */
 
 #include "qemu/osdep.h"
@@ -34,6 +38,16 @@
 
 static void nvme_process_sq(void *opaque);
 
+static void nvme_addr_read(NvmeCtrl *n, hwaddr addr, void *buf, int size)
+{
+if (n->cmbsz && addr >= n->ctrl_mem.addr &&
+addr < (n->ctrl_mem.addr + int128_get64(n->ctrl_mem.size))) {
+memcpy(buf, (void *)>cmbuf[addr - n->ctrl_mem.addr], size);
+} else {
+pci_dma_read(>parent_obj, addr, buf, size);
+}
+}
+
 static int nvme_check_sqid(NvmeCtrl *n, uint16_t sqid)
 {
 return sqid < n->num_queues && n->sq[sqid] != NULL ? 0 : -1;
@@ -637,7 +651,7 @@ static void nvme_process_sq(void *opaque)
 
 while (!(nvme_sq_empty(sq) || QTAILQ_EMPTY(>req_list))) {
 addr = sq->dma_addr + sq->head * n->sqe_size;
-pci_dma_read(>parent_obj, addr, (void *), sizeof(cmd));
+nvme_addr_read(n, addr, (void *), sizeof(cmd));
 nvme_inc_sq_head(sq);
 
 req = QTAILQ_FIRST(>req_list);
@@ -852,6 +866,32 @@ static const MemoryRegionOps nvme_mmio_ops = {
 },
 };
 
+static void nvme_cmb_write(void *opaque, hwaddr addr, uint64_t data,
+unsigned size)
+{
+NvmeCtrl *n = (NvmeCtrl *)opaque;
+memcpy(>cmbuf[addr], , size);
+}
+
+static uint64_t nvme_cmb_read(void *opaque, hwaddr addr, unsigned size)
+{
+uint64_t val;
+NvmeCtrl *n = (NvmeCtrl *)opaque;
+
+memcpy(, >cmbuf[addr], size);
+return val;
+}
+
+static const MemoryRegionOps nvme_cmb_ops = {
+.read = nvme_cmb_read,
+.write = nvme_cmb_write,
+.endianness = DEVICE_LITTLE_ENDIAN,
+.impl = {
+.min_access_size = 2,
+.max_access_size = 8,
+},
+};
+
 static int nvme_init(PCIDevice *pci_dev)
 {
 NvmeCtrl *n = NVME(pci_dev);
@@ -936,9 +976,31 @@ static int nvme_init(PCIDevice *pci_dev)
 NVME_CAP_SET_CSS(n->bar.cap, 1);
 NVME_CAP_SET_MPSMAX(n->bar.cap, 4);
 
-n->bar.vs = 0x00010100;
+n->bar.vs = 0x00010200;
 n->bar.intmc = n->bar.intms = 0;
 
+if (n->cmb_size_mb) {
+
+NVME_CMBLOC_SET_BIR(n->bar.cmbloc, 2);
+NVME_CMBLOC_SET_OFST(n->bar.cmbloc, 0);
+
+NVME_CMBSZ_SET_SQS(n->bar.cmbsz, 1);
+NVME_CMBSZ_SET_CQS(n->bar.cmbsz, 0);
+NVME_CMBSZ_SET_LISTS(n->bar.cmbsz, 0);
+NVME_CMBSZ_SET_RDS(n->bar.cmbsz, 0);
+NVME_CMBSZ_SET_WDS(n->bar.cmbsz, 0);
+NVME_CMBSZ_SET_SZU(n->bar.cmbsz, 2); /* MBs */
+NVME_CMBSZ_SET_SZ(n->bar.cmbsz, n->cmb_size_mb);
+
+n->cmbuf = g_malloc0(NVME_CMBSZ_GETSIZE(n->bar.cmbsz));
+memory_region_init_io(>ctrl_mem, OBJECT(n), _cmb_ops, n,
+  "nvme-cmb", NVME_CMBSZ_GETSIZE(n->bar.cmbsz));
+pci_register_bar(>parent_obj, NVME_CMBLOC_BIR(n->bar.cmbloc),
+PCI_BASE_ADDRESS_SPACE_MEMORY | PCI_BASE_ADDRESS_MEM_TYPE_64 |
+PCI_BASE_ADDRESS_MEM_PREFETCH, >ctrl_mem);
+
+}
+
 for (i = 0; i < n->num_namespaces; i++) {
 NvmeNamespace *ns = >namespaces[i];
 NvmeIdNs *id_ns = >id_ns;
@@ -964,12 +1026,17 @@ static void nvme_exit(PCIDevice *pci_dev)
 g_free(n->namespaces);
 g_free(n->cq);
 g_free(n->sq);
+if (n->cmbsz) {
+memory_region_unref(>ctrl_mem);
+}
+
 msix_uninit_exclusive_bar(pci_dev);
 }
 
 static Property nvme_props[] = {
 DEFINE_BLOCK_PROPERTIES(NvmeCtrl, conf),
 DEFINE_PROP_STRING("serial", NvmeCtrl, serial),
+DEFINE_PROP_UINT32("cmb_size_mb", NvmeCtrl, cmb_size_mb, 0),
 DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/hw/block/nvme.h b/hw/block/nvme.h
index a0d1564..b4961d2 100644
--- a/hw/block/nvme.h
+++ 

[Qemu-devel] [PULL 09/15] qemu-img: fix --image-opts usage with dd command

[Kevin Wolf]

From: "Daniel P. Berrange" 

The --image-opts flag can only be used to affect the parsing
of the source image. The target image has to be specified in
the traditional style regardless, since it needs to be passed
to the bdrv_create() API which does not support the new style
opts.

Reviewed-by: Fam Zheng 
Reviewed-by: Max Reitz 
Signed-off-by: Daniel P. Berrange 
Message-id: 20170515164712.6643-3-berra...@redhat.com
Signed-off-by: Max Reitz 
---
 qemu-img.c | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 181f499..4dc1d56 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -4316,8 +4316,13 @@ static int img_dd(int argc, char **argv)
 goto out;
 }
 
-blk2 = img_open(image_opts, out.filename, out_fmt, BDRV_O_RDWR,
-false, false, false);
+/* TODO, we can't honour --image-opts for the target,
+ * since it needs to be given in a format compatible
+ * with the bdrv_create() call above which does not
+ * support image-opts style.
+ */
+blk2 = img_open_file(out.filename, out_fmt, BDRV_O_RDWR,
+ false, false, false);
 
 if (!blk2) {
 ret = -1;
-- 
1.8.3.1

[Qemu-devel] [PULL 03/15] iotests: 147: Don't test inet6 if not available

[Kevin Wolf]

From: Fam Zheng 

This is the case in our docker tests, as we use --net=none there. Skip
this method.

Signed-off-by: Fam Zheng 
Signed-off-by: Kevin Wolf 
---
 tests/qemu-iotests/147 | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/tests/qemu-iotests/147 b/tests/qemu-iotests/147
index 32afea6..db34838 100755
--- a/tests/qemu-iotests/147
+++ b/tests/qemu-iotests/147
@@ -147,6 +147,13 @@ class BuiltinNBD(NBDBlockdevAddBase):
 self._server_down()
 
 def test_inet6(self):
+try:
+socket.getaddrinfo("::0", "0", socket.AF_INET6,
+   socket.SOCK_STREAM, socket.IPPROTO_TCP,
+   socket.AI_ADDRCONFIG | socket.AI_CANONNAME)
+except socket.gaierror:
+# IPv6 not available, skip
+return
 address = { 'type': 'inet',
 'data': {
 'host': '::1',
-- 
1.8.3.1

[Qemu-devel] [PULL 08/15] qemu-img: add support for --object with 'dd' command

[Kevin Wolf]

From: "Daniel P. Berrange" 

The qemu-img dd command added --image-opts support, but missed
the corresponding --object support. This prevented passing
secrets (eg auth passwords) needed by certain disk images.

Reviewed-by: Fam Zheng 
Reviewed-by: Max Reitz 
Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrange 
Message-id: 20170515164712.6643-2-berra...@redhat.com
Signed-off-by: Max Reitz 
---
 qemu-img.c | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/qemu-img.c b/qemu-img.c
index b506839..181f499 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -4158,6 +4158,7 @@ static int img_dd(int argc, char **argv)
 };
 const struct option long_options[] = {
 { "help", no_argument, 0, 'h'},
+{ "object", required_argument, 0, OPTION_OBJECT},
 { "image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
 { "force-share", no_argument, 0, 'U'},
 { 0, 0, 0, 0 }
@@ -4186,6 +4187,15 @@ static int img_dd(int argc, char **argv)
 case 'U':
 force_share = true;
 break;
+case OPTION_OBJECT: {
+QemuOpts *opts;
+opts = qemu_opts_parse_noisily(_object_opts,
+   optarg, true);
+if (!opts) {
+ret = -1;
+goto out;
+}
+}   break;
 case OPTION_IMAGE_OPTS:
 image_opts = true;
 break;
@@ -4230,6 +4240,14 @@ static int img_dd(int argc, char **argv)
 ret = -1;
 goto out;
 }
+
+if (qemu_opts_foreach(_object_opts,
+  user_creatable_add_opts_foreach,
+  NULL, NULL)) {
+ret = -1;
+goto out;
+}
+
 blk1 = img_open(image_opts, in.filename, fmt, 0, false, false,
 force_share);
 
-- 
1.8.3.1

[Qemu-devel] [PULL 05/15] mirror: Drop permissions on s->target on completion

[Kevin Wolf]

This fixes an assertion failure that was triggered by qemu-iotests 129
on some CI host, while the same test case didn't seem to fail on other
hosts.

Essentially the problem is that the blk_unref(s->target) in
mirror_exit() doesn't necessarily mean that the BlockBackend goes away
immediately. It is possible that the job completion was triggered nested
in mirror_drain(), which looks like this:

BlockBackend *target = s->target;
blk_ref(target);
blk_drain(target);
blk_unref(target);

In this case, the write permissions for s->target are retained until
after blk_drain(), which makes removing mirror_top_bs fail for the
active commit case (can't have a writable backing file in the chain
without the filter driver).

Explicitly dropping the permissions first means that the additional
reference doesn't hurt and the job can complete successfully even if
called from the nested blk_drain().

Cc: qemu-sta...@nongnu.org
Signed-off-by: Kevin Wolf 
Acked-by: Paolo Bonzini 
Reviewed-by: Max Reitz 
---
 block/mirror.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/block/mirror.c b/block/mirror.c
index e86f8f8..e778ee0 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -514,7 +514,12 @@ static void mirror_exit(BlockJob *job, void *opaque)
 
 /* Remove target parent that still uses BLK_PERM_WRITE/RESIZE before
  * inserting target_bs at s->to_replace, where we might not be able to get
- * these permissions. */
+ * these permissions.
+ *
+ * Note that blk_unref() alone doesn't necessarily drop permissions because
+ * we might be running nested inside mirror_drain(), which takes an extra
+ * reference, so use an explicit blk_set_perm() first. */
+blk_set_perm(s->target, 0, BLK_PERM_ALL, _abort);
 blk_unref(s->target);
 s->target = NULL;
 
-- 
1.8.3.1

[Qemu-devel] [PULL 01/15] stream: fix crash in stream_start() when block_job_create() fails

[Kevin Wolf]

From: Alberto Garcia 

The code that tries to reopen a BlockDriverState in stream_start()
when the creation of a new block job fails crashes because it attempts
to dereference a pointer that is known to be NULL.

This is a regression introduced in a170a91fd3eab6155da39e740381867e,
likely because the code was copied from stream_complete().

Cc: qemu-sta...@nongnu.org
Reported-by: Kashyap Chamarthy 
Signed-off-by: Alberto Garcia 
Tested-by: Kashyap Chamarthy 
Signed-off-by: Kevin Wolf 
---
 block/stream.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/stream.c b/block/stream.c
index 0113710..52d329f 100644
--- a/block/stream.c
+++ b/block/stream.c
@@ -280,6 +280,6 @@ void stream_start(const char *job_id, BlockDriverState *bs,
 
 fail:
 if (orig_bs_flags != bdrv_get_flags(bs)) {
-bdrv_reopen(bs, s->bs_flags, NULL);
+bdrv_reopen(bs, orig_bs_flags, NULL);
 }
 }
-- 
1.8.3.1

[Qemu-devel] [PULL 00/15] Block layer patches

[Kevin Wolf]

The following changes since commit 9964e96dccf7f7c936ee854a795415d19b60:

  Merge remote-tracking branch 'jasowang/tags/net-pull-request' into staging 
(2017-05-23 15:01:31 +0100)

are available in the git repository at:


  git://repo.or.cz/qemu/kevin.git tags/for-upstream

for you to fetch changes up to 42a48128417b3bfade93d1a4721348cc480e9e50:

  Merge remote-tracking branch 'mreitz/tags/pull-block-2017-05-29-v3' into 
queue-block (2017-05-29 16:34:27 +0200)



Block layer patches


Alberto Garcia (2):
  stream: fix crash in stream_start() when block_job_create() fails
  qcow2: remove extra local_error variable

Daniel P. Berrange (4):
  qemu-img: add support for --object with 'dd' command
  qemu-img: fix --image-opts usage with dd command
  qemu-img: introduce --target-image-opts for 'convert' command
  qemu-img: copy *key-secret opts when opening newly created files

Eric Blake (1):
  block: Tweak error message related to qemu-img amend

Fam Zheng (3):
  iotests: 147: Don't test inet6 if not available
  qemu-img: Fix documentation of convert
  qemu-img: Fix leakage of options on error

Kevin Wolf (3):
  qemu-iotests: Test streaming with missing job ID
  mirror: Drop permissions on s->target on completion
  Merge remote-tracking branch 'mreitz/tags/pull-block-2017-05-29-v3' into 
queue-block

Max Reitz (2):
  block: Fix backing paths for filenames with colons
  block/file-*: *_parse_filename() and colons

Stephen Bates (1):
  nvme: Add support for Controller Memory Buffers

 block.c|  50 +--
 block/file-posix.c |  17 +-
 block/file-win32.c |  12 +---
 block/mirror.c |   7 ++-
 block/qcow2-cluster.c  |   3 +-
 block/qcow2.c  |   5 +-
 block/stream.c |   2 +-
 hw/block/nvme.c|  75 +--
 hw/block/nvme.h|  73 ++
 include/block/block_int.h  |   3 +
 qemu-img-cmds.hx   |   4 +-
 qemu-img.c | 148 +++--
 qemu-img.texi  |  12 +++-
 tests/qemu-iotests/030 |   4 ++
 tests/qemu-iotests/030.out |   4 +-
 tests/qemu-iotests/060.out |   2 +-
 tests/qemu-iotests/147 |   7 +++
 17 files changed, 351 insertions(+), 77 deletions(-)

[Qemu-devel] [PULL 02/15] qemu-iotests: Test streaming with missing job ID

[Kevin Wolf]

This adds a small test for the image streaming error path for failing
block_job_create(), which would have found the null pointer dereference
in commit a170a91f.

Signed-off-by: Kevin Wolf 
Reviewed-by: Alberto Garcia 
Reviewed-by: Kashyap Chamarthy 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Jeff Cody 
---
 tests/qemu-iotests/030 | 4 
 tests/qemu-iotests/030.out | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/qemu-iotests/030 b/tests/qemu-iotests/030
index e00c11b..feee861 100755
--- a/tests/qemu-iotests/030
+++ b/tests/qemu-iotests/030
@@ -147,6 +147,10 @@ class TestSingleDrive(iotests.QMPTestCase):
 result = self.vm.qmp('block-stream', device='nonexistent')
 self.assert_qmp(result, 'error/class', 'GenericError')
 
+def test_job_id_missing(self):
+result = self.vm.qmp('block-stream', device='mid')
+self.assert_qmp(result, 'error/class', 'GenericError')
+
 
 class TestParallelOps(iotests.QMPTestCase):
 num_ops = 4 # Number of parallel block-stream operations
diff --git a/tests/qemu-iotests/030.out b/tests/qemu-iotests/030.out
index 84bfd63..391c857 100644
--- a/tests/qemu-iotests/030.out
+++ b/tests/qemu-iotests/030.out
@@ -1,5 +1,5 @@
-..
+...
 --
-Ran 22 tests
+Ran 23 tests
 
 OK
-- 
1.8.3.1

Re: [Qemu-devel] Throttling groups vs filter nodes

[Alberto Garcia]

On Sat 27 May 2017 09:56:03 AM CEST, Stefan Hajnoczi wrote:
> A quirk in the current implementation is that the throttling limits
> for the group are overwritten by each -drive throttling.group=group0.
> Limits for all but the last -drive in a group are ignored.
>
> There is no way to associate with an existing throttling group while
> keeping current limits in place.  The caller must pass in desired
> limits with at least the last -drive (and with every hotplugged
> drive).

I actually just realized that passing throttling.group=group0 but no
actual limits is allowed but does nothing.

> The new throttling filter node could do things differently: If *no*
> limits were specified (i.e. iops, bps, etc) then keep existing limits
> for the group in place.

Yes, that sounds good to me. The problem here is block_set_io_throttle
(the QMP command), becuase the bps / iops parameters are mandatory, and
setting them to 0 disables the I/O limits for that device.

We can of course make them optional and if all limits are unset then we
can add a device to a throttling group. I'm not sure if that would make
the command a bit too complicated, as there are already different ways
to use it:

   - bps or iops != 0   -> set the I/O limits of a throttling group. The
   selected device is moved to that group if it
   wasn't there yet.

   - bps and iops == 0  -> remove a device from a throttling group
   without touching that group's I/O limits.

and a new one would be:

   - bps and iops unset -> add a device to a throttling group, without
   touching that group's I/O limits.

Berto

Re: [Qemu-devel] [PATCH v1] target/s390x: addressing exceptions are suppressing

[Thomas Huth]

On 29.05.2017 14:12, David Hildenbrand wrote:
> We have to make the address in the old PSW point at the next
> instruction, as addressing exceptions are suppressing and not
> nullifying.

According to "Figure 6-1. Interruption Action" in the PoP, they could
also be terminating ... but anyway, not nullifying, so the PSW should be
increased afterwards. So:

Reviewed-by: Thomas Huth 


> I assume that there are a lot of other broken cases (as most instructions
> we care about are suppressing) - all trigger_pgm_exception() specifying
> and explicit number or ILEN_LATER look suspicious, however this is another
> story that might require bigger changes (and I have to understand when
> the address might already have been incremented first).
> 
> This is needed to make an upcoming kvm-unit-test work.
> 
> Signed-off-by: David Hildenbrand 
> ---
>  target/s390x/helper.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/s390x/helper.c b/target/s390x/helper.c
> index 9978490..c09e391 100644
> --- a/target/s390x/helper.c
> +++ b/target/s390x/helper.c
> @@ -204,7 +204,7 @@ int s390_cpu_handle_mmu_fault(CPUState *cs, vaddr 
> orig_vaddr,
>  if (raddr > ram_size) {
>  DPRINTF("%s: raddr %" PRIx64 " > ram_size %" PRIx64 "\n", __func__,
>  (uint64_t)raddr, (uint64_t)ram_size);
> -trigger_pgm_exception(env, PGM_ADDRESSING, ILEN_LATER);
> +trigger_pgm_exception(env, PGM_ADDRESSING, ILEN_LATER_INC);
>  return 1;
>  }
>  
> 

Re: [Qemu-devel] [Qemu-block] [PATCH 09/18] throttle-groups: protect throttled requests with a CoMutex

[Alberto Garcia]

On Thu 25 May 2017 06:32:16 PM CEST, Paolo Bonzini wrote:
> Another possibility is to use tg->lock, which we're holding anyway in
> both schedule_next_request and throttle_group_co_io_limits_intercept.
> This would require open-coding the CoQueue however, so I've chosen this
> alternative.
>
> Reviewed-by: Stefan Hajnoczi 
> Signed-off-by: Paolo Bonzini 

Reviewed-by: Alberto Garcia 

Berto