Re: [Qemu-devel] [PATCH v7 00/20] add byte-based block_status driver callbacks

[no-reply]

Hi,

This series failed build test on s390x host. Please find the details below.

Type: series
Message-id: 20180105225753.30509-1-ebl...@redhat.com
Subject: [Qemu-devel] [PATCH v7 00/20] add byte-based block_status driver 
callbacks

=== TEST SCRIPT BEGIN ===
#!/bin/bash
# Testing script will be invoked under the git checkout with
# HEAD pointing to a commit that has the patches applied on top of "base"
# branch
set -e
echo "=== ENV ==="
env
echo "=== PACKAGES ==="
rpm -qa
echo "=== TEST BEGIN ==="
CC=$HOME/bin/cc
INSTALL=$PWD/install
BUILD=$PWD/build
echo -n "Using CC: "
realpath $CC
mkdir -p $BUILD $INSTALL
SRC=$PWD
cd $BUILD
$SRC/configure --cc=$CC --prefix=$INSTALL
make -j4
# XXX: we need reliable clean up
# make check -j4 V=1
make install
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
585e5b35cc block: Drop unused .bdrv_co_get_block_status()
c5ccc86da3 vvfat: Switch to .bdrv_co_block_status()
e3c98d2e60 vpc: Switch to .bdrv_co_block_status()
3eefdb6d61 vmdk: Switch to .bdrv_co_block_status()
cd52e7a4f3 vdi: Switch to .bdrv_co_block_status()
a17638db38 vdi: Avoid bitrot of debugging code
23f83984c5 sheepdog: Switch to .bdrv_co_block_status()
4411fddff1 raw: Switch to .bdrv_co_block_status()
0223444c76 qed: Switch to .bdrv_co_block_status()
39d8ceef87 qcow2: Switch to .bdrv_co_block_status()
58872d167c qcow: Switch to .bdrv_co_block_status()
cbfa34d79a parallels: Switch to .bdrv_co_block_status()
a334cc5164 null: Switch to .bdrv_co_block_status()
20cc681f63 iscsi: Switch to .bdrv_co_block_status()
2ec228ec62 iscsi: Switch iscsi_allocmap_update() to byte-based
536ee7f45a iscsi: Switch cluster_sectors to byte-based
6cc4d83f3c gluster: Switch to .bdrv_co_block_status()
98fbcc7fd8 file-posix: Switch to .bdrv_co_block_status()
5b4a250849 block: Switch passthrough drivers to .bdrv_co_block_status()
b928d30bef block: Add .bdrv_co_block_status() callback

=== OUTPUT BEGIN ===
=== ENV ===
LANG=en_US.UTF-8
XDG_SESSION_ID=7
USER=fam
PWD=/var/tmp/patchew-tester-tmp-zu_flv2_/src
HOME=/home/fam
SHELL=/bin/sh
SHLVL=2
PATCHEW=/home/fam/patchew/patchew-cli -s http://patchew.org --nodebug
LOGNAME=fam
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1012/bus
XDG_RUNTIME_DIR=/run/user/1012
PATH=/usr/bin:/bin
_=/usr/bin/env
=== PACKAGES ===
gpg-pubkey-873529b8-54e386ff
glibc-debuginfo-common-2.24-10.fc25.s390x
fedora-release-26-1.noarch
dejavu-sans-mono-fonts-2.35-4.fc26.noarch
xemacs-filesystem-21.5.34-22.20170124hgf412e9f093d4.fc26.noarch
bash-4.4.12-7.fc26.s390x
freetype-2.7.1-9.fc26.s390x
libSM-1.2.2-5.fc26.s390x
libmpc-1.0.2-6.fc26.s390x
libaio-0.3.110-7.fc26.s390x
libverto-0.2.6-7.fc26.s390x
perl-Scalar-List-Utils-1.48-1.fc26.s390x
iptables-libs-1.6.1-2.fc26.s390x
perl-threads-shared-1.57-1.fc26.s390x
p11-kit-trust-0.23.9-2.fc26.s390x
tcl-8.6.6-2.fc26.s390x
libxshmfence-1.2-4.fc26.s390x
expect-5.45-23.fc26.s390x
perl-Thread-Queue-3.12-1.fc26.noarch
perl-encoding-2.19-6.fc26.s390x
keyutils-1.5.10-1.fc26.s390x
gmp-devel-6.1.2-4.fc26.s390x
enchant-1.6.0-16.fc26.s390x
net-snmp-libs-5.7.3-17.fc26.s390x
python-gobject-base-3.24.1-1.fc26.s390x
python3-distro-1.0.3-1.fc26.noarch
python3-enchant-1.6.10-1.fc26.noarch
python-lockfile-0.11.0-6.fc26.noarch
python2-pyparsing-2.1.10-3.fc26.noarch
python2-lxml-4.1.1-1.fc26.s390x
librados2-10.2.7-2.fc26.s390x
trousers-lib-0.3.13-7.fc26.s390x
libpaper-1.1.24-14.fc26.s390x
libdatrie-0.2.9-4.fc26.s390x
libsoup-2.58.2-1.fc26.s390x
passwd-0.79-9.fc26.s390x
bind99-libs-9.9.10-3.P3.fc26.s390x
python3-rpm-4.13.0.2-1.fc26.s390x
mock-core-configs-27.4-1.fc26.noarch
systemd-233-7.fc26.s390x
virglrenderer-0.6.0-1.20170210git76b3da97b.fc26.s390x
s390utils-ziomon-1.36.1-3.fc26.s390x
s390utils-osasnmpd-1.36.1-3.fc26.s390x
libXrandr-1.5.1-2.fc26.s390x
libglvnd-glx-1.0.0-1.fc26.s390x
texlive-ifxetex-svn19685.0.5-33.fc26.2.noarch
texlive-psnfss-svn33946.9.2a-33.fc26.2.noarch
texlive-dvipdfmx-def-svn40328-33.fc26.2.noarch
texlive-natbib-svn20668.8.31b-33.fc26.2.noarch
texlive-xdvi-bin-svn40750-33.20160520.fc26.2.s390x
texlive-cm-svn32865.0-33.fc26.2.noarch
texlive-beton-svn15878.0-33.fc26.2.noarch
texlive-fpl-svn15878.1.002-33.fc26.2.noarch
texlive-mflogo-svn38628-33.fc26.2.noarch
texlive-texlive-docindex-svn41430-33.fc26.2.noarch
texlive-luaotfload-bin-svn34647.0-33.20160520.fc26.2.noarch
texlive-koma-script-svn41508-33.fc26.2.noarch
texlive-pst-tree-svn24142.1.12-33.fc26.2.noarch
texlive-breqn-svn38099.0.98d-33.fc26.2.noarch
texlive-xetex-svn41438-33.fc26.2.noarch
gstreamer1-plugins-bad-free-1.12.3-1.fc26.s390x
xorg-x11-font-utils-7.5-33.fc26.s390x
ghostscript-fonts-5.50-36.fc26.noarch
libXext-devel-1.3.3-5.fc26.s390x
libusbx-devel-1.0.21-2.fc26.s390x
libglvnd-devel-1.0.0-1.fc26.s390x
emacs-25.3-3.fc26.s390x
alsa-lib-devel-1.1.4.1-1.fc26.s390x
kbd-2.0.4-2.fc26.s390x
dconf-0.26.0-2.fc26.s390x
ccache-3.3.4-1.fc26.s390x
glibc-static-2.25-12.fc26.s390x
mc-4.8.19-5.fc26.s390x
doxygen-1.8.13-9.fc26.s390x
dpkg-1.18.24-1.fc26.s390x

[Qemu-devel] Building QEMU natively from ARM CPU statically

[shiftag]

Hi,

I'm trying to build QEMU statically from ARM CPU (without cross-compiling). But 
at "configure" step I have the following issue :

ERROR: User requested feature sdl
 configure was not able to find it.
 Install SDL devel
However, from config.log, it seems that issue is not related to SDL.

- long paste -

# QEMU configure log Sun Jan 7 10:05:50 +04 2018
# Configured with: './configure' '--prefix=/usr' '--libdir=/usr/lib' 
'--sysconfdir=/etc' '--localstatedir=/var' '--docdir=/usr/doc/qemu-2.11.0' 
'--cc=gcc' '--host-cc=gcc' '--cpu=arm' '--enable-gtk' '--enable-system' 
'--enable-kvm' '--disable-debug-info' '--enable-virtfs' '--enable-sdl' 
'--enable-jemalloc' '--disable-docs' '--static' '--disable-vnc' 
'--target-list=mips-linux-user'
#
gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -c -o 
config-temp/qemu-conf.o config-temp/qemu-conf.c
gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -c -o 
config-temp/qemu-conf.o config-temp/qemu-conf.c
gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -o 
config-temp/qemu-conf.exe config-temp/qemu-conf.c -static
gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Werror 
-Wstring-plus-int -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -static
gcc: error: unrecognized command line option ‘-Wstring-plus-int’
gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Werror 
-Winitializer-overrides -o config-temp/qemu-conf.exe config-temp/qemu-conf.c 
-static
gcc: error: unrecognized command line option ‘-Winitializer-overrides’
gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Werror 
-Wexpansion-to-defined -o config-temp/qemu-conf.exe config-temp/qemu-conf.c 
-static
gcc: error: unrecognized command line option ‘-Wexpansion-to-defined’
gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Werror 
-Wendif-labels -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -static
gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wendif-labels 
-Werror -Wshift-negative-value -o config-temp/qemu-conf.exe 
config-temp/qemu-conf.c -static
gcc: error: unrecognized command line option ‘-Wshift-negative-value’
gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wendif-labels 
-Werror -Wmissing-include-dirs -o config-temp/qemu-conf.exe 
config-temp/qemu-conf.c -static
gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wendif-labels 
-Wno-missing-include-dirs -Werror -Wempty-body -o config-temp/qemu-conf.exe 
config-temp/qemu-conf.c -static
gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wendif-labels 
-Wno-missing-include-dirs -Wempty-body -Werror -Wnested-externs -o 
config-temp/qemu-conf.exe config-temp/qemu-conf.c -static
gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wendif-labels 
-Wno-missing-include-dirs -Wempty-body -Wnested-externs -Werror 
-Wformat-security -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -static
gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wendif-labels 
-Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security 
-Werror -Wformat-y2k -o config-temp/qemu-conf.exe config-temp/qemu-conf.c 
-static
gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes 

[Qemu-devel] [Bug 1689367] Re: In qemu chroot, repeating "qemu: Unsupported syscall: 384" messages. sys_getrandom ?

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1689367

Title:
  In qemu chroot, repeating "qemu: Unsupported syscall: 384" messages.
  sys_getrandom ?

Status in QEMU:
  Expired

Bug description:
  On exec of an armv7 qemu chroot on my local x86_64 desktop, launched
  via

  /usr/sbin/qemu-binfmt-conf.sh

  from

  qemu-linux-user-2.9.0-374.1.x86_64

  on the host, inside the chroot any compile activity is laced with
  repetitions of

  qemu: Unsupported syscall: 384

  messages.

  This wasn't always the case -- but, TBH, it's been ~ 6 months since I
  used this env, and there have been scads of usual pkg updates in the
  interim.  These messages appear to be non-fatal, with no particular
  effect at all; at least not so far ...

  From a chat in #IRC,

[10:05] davidgiluk clever/pgnd: I see it as getrandom
[10:05] davidgiluk pgnd: 
https://fedora.juszkiewicz.com.pl/syscalls.html   sort it on the ARM table and 
you can easily see it
[10:05] clever arch/arm/tools/syscall.tbl:384  common  getrandom
   sys_getrandom
[10:06] davidgiluk pgnd: my *guess* is that something is calling 
getrandom, getting told it's not implemented and then falling back to using 
/dev/urandom
[10:10] pgnd davidgiluk: If that *is* the case, is it to be considered 
a problem, or just informational?
[10:12] davidgiluk pgnd: As long as it's falling back probably 
informational; but someone should probably go and wire up sys_getrandom at some 
point

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1689367/+subscriptions

Re: [Qemu-devel] [PULL 00/12] 9p patches for 2.12 20170106

[no-reply]

Hi,

This series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20180106010739.18201-1-gr...@kaod.org
Subject: [Qemu-devel] [PULL 00/12] 9p patches for 2.12 20170106

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-quick@centos6
time make docker-test-build@min-glib
time make docker-test-mingw@fedora
# iotests is broken now, skip
# time make docker-test-block@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   patchew/20180106010739.18201-1-gr...@kaod.org -> 
patchew/20180106010739.18201-1-gr...@kaod.org
Switched to a new branch 'test'
4045afcea5 fsdev: improve error handling of backend init
634c204415 fsdev: improve error handling of backend opts parsing
8d5b78f4af tests: virtio-9p: set DRIVER_OK before using the device
c9caf6411e tests: virtio-9p: fix ISR dependence
5be00f1db0 9pfs: make pdu_marshal() and pdu_unmarshal() static functions
e76a0f8787 9pfs: fix error path in pdu_submit()
57a07868f5 9pfs: fix type in *_parse_opts declarations
1ee67f3fc6 9pfs: handle: fix type definition
ffbe6afd99 9pfs: fix some type definitions
480a72a085 fsdev: fix some type definitions
25ecd5a320 9pfs: fix XattrOperations typedef
3dbc42adc4 virtio-9p: move unrealize/realize after virtio_9p_transport 
definition

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-5kay7lc0/src/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
  BUILD   centos6
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-5kay7lc0/src'
  GEN 
/var/tmp/patchew-tester-tmp-5kay7lc0/src/docker-src.2018-01-05-20.21.24.6131/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-5kay7lc0/src/docker-src.2018-01-05-20.21.24.6131/qemu.tar.vroot'...
done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-5kay7lc0/src/docker-src.2018-01-05-20.21.24.6131/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-5kay7lc0/src/docker-src.2018-01-05-20.21.24.6131/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'10739aa26051a5d49d88132604539d3ed085e72e'
  COPYRUNNER
RUN test-quick in qemu:centos6 
Packages installed:
SDL-devel-1.2.14-7.el6_7.1.x86_64
bison-2.4.1-5.el6.x86_64
bzip2-devel-1.0.5-7.el6_0.x86_64
ccache-3.1.6-2.el6.x86_64
csnappy-devel-0-6.20150729gitd7bc683.el6.x86_64
flex-2.5.35-9.el6.x86_64
gcc-4.4.7-18.el6.x86_64
gettext-0.17-18.el6.x86_64
git-1.7.1-9.el6_9.x86_64
glib2-devel-2.28.8-9.el6.x86_64
libepoxy-devel-1.2-3.el6.x86_64
libfdt-devel-1.4.0-1.el6.x86_64
librdmacm-devel-1.0.21-0.el6.x86_64
lzo-devel-2.03-3.1.el6_5.1.x86_64
make-3.81-23.el6.x86_64
mesa-libEGL-devel-11.0.7-4.el6.x86_64
mesa-libgbm-devel-11.0.7-4.el6.x86_64
package g++ is not installed
pixman-devel-0.32.8-1.el6.x86_64
spice-glib-devel-0.26-8.el6.x86_64
spice-server-devel-0.12.4-16.el6.x86_64
tar-1.23-15.el6_8.x86_64
vte-devel-0.25.1-9.el6.x86_64
xen-devel-4.6.6-2.el6.x86_64
zlib-devel-1.2.3-29.el6.x86_64

Environment variables:
PACKAGES=bison bzip2-devel ccache csnappy-devel flex g++
 gcc gettext git glib2-devel libepoxy-devel libfdt-devel
 librdmacm-devel lzo-devel make mesa-libEGL-devel 
mesa-libgbm-devel pixman-devel SDL-devel spice-glib-devel 
spice-server-devel tar vte-devel xen-devel zlib-devel
HOSTNAME=ef29c352c307
MAKEFLAGS= -j8
J=8
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
PATH=/usr/lib/ccache:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
TARGET_LIST=
SHLVL=1
HOME=/root
TEST_DIR=/tmp/qemu-test
FEATURES= dtc
DEBUG=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/tmp/qemu-test/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/install
BIOS directory/tmp/qemu-test/install/share/qemu
firmware path /tmp/qemu-test/install/share/qemu-firmware
binary directory  /tmp/qemu-test/install/bin
library directory /tmp/qemu-test/install/lib
module directory  /tmp/qemu-test/install/lib/qemu
libexec directory /tmp/qemu-test/install/libexec
include directory /tmp/qemu-test/install/include
config directory  /tmp/qemu-test/install/etc
local state directory   /tmp/qemu-test/install/var
Manual directory  

[Qemu-devel] [PATCH v2] linux-user/mmap.c: Avoid choosing NULL as start address

[Maximilian Riemensberger]

mmap() is required by the linux kernel ABI and POSIX to return a
non-NULL address when the implementation chooses a start address for the
mapping.

The current implementation of mmap_find_vma_reserved() can return NULL
as start address of a mapping which leads to subsequent crashes inside
the guests glibc, e.g. output of qemu-arm-static --strace executing a
test binary stx_test:

1879 
mmap2(NULL,8388608,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|0x2,-1,0) 
= 0x
1879 write(2,0xf6fd39d0,79) stx_test: allocatestack.c:514: allocate_stack: 
Assertion `mem != NULL' failed.

This patch fixes mmap_find_vma_reserved() by skipping NULL as start
address while searching for a suitable mapping start address.

CC: Riku Voipio 
CC: Laurent Vivier 
CC: Peter Maydell 
Signed-off-by: Maximilian Riemensberger 
---
Changes since v1:
- Applied feedback from Laurent Vivier

 linux-user/mmap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 4888f53..0fbfd6d 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -234,7 +234,7 @@ static abi_ulong mmap_find_vma_reserved(abi_ulong start, 
abi_ulong size)
 if (prot) {
 end_addr = addr;
 }
-if (addr + size == end_addr) {
+if (addr && addr + size == end_addr) {
 break;
 }
 addr -= qemu_host_page_size;
-- 
2.7.4

Re: [Qemu-devel] [PATCH] scripts/make-release: More .git removal

[Cole Robinson]

On 12/19/2017 08:13 AM, Markus Armbruster wrote:
> Cole Robinson  writes:
> 
>> As was last done in 379e21c25, we want to remove .git files for
>> submodules here, which we aren't presently doing for capstone and
>> keycodemapdb.
>>
>> Rather than a whitelist use 'find' to future proof this
>>
>> Signed-off-by: Cole Robinson 
>> ---
>>  scripts/make-release | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/scripts/make-release b/scripts/make-release
>> index 3917df7142..7c7bec577f 100755
>> --- a/scripts/make-release
>> +++ b/scripts/make-release
>> @@ -19,7 +19,7 @@ pushd ${destination}
>>  git checkout "v${version}"
>>  git submodule update --init
>>  (cd roms/seabios && git describe --tags --long --dirty > .version)
>> -rm -rf .git roms/*/.git dtc/.git pixman/.git
>> +find . -depth -name .git -exec rm -rf '{}' \;
>>  # FIXME: The following line is a workaround for avoiding filename collisions
>>  # when unpacking u-boot sources on case-insensitive filesystems. Once we
>>  # update to something with u-boot commit 610eec7f0 we can drop this line.
> 
> Less scary: run tar with --exclude=.git.
> 

Good idea, I sent a v2 using that instead

Thanks,
Cole

[Qemu-devel] [PATCH v2] scripts/make-release: Don't archive .git files

[Cole Robinson]

As was last done in 379e21c25, we don't want .git files for
submodules here, which we aren't presently doing for capstone and
keycodemapdb.

Rather than delete the offending files before archiving, ask tar
to --exclude=.git

Signed-off-by: Cole Robinson 
---
v2:
Use armbru's --exclude suggestion, requires tweaking
existing tar options a bit.

 scripts/make-release | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/scripts/make-release b/scripts/make-release
index 3917df7142..7cbce29475 100755
--- a/scripts/make-release
+++ b/scripts/make-release
@@ -19,11 +19,10 @@ pushd ${destination}
 git checkout "v${version}"
 git submodule update --init
 (cd roms/seabios && git describe --tags --long --dirty > .version)
-rm -rf .git roms/*/.git dtc/.git pixman/.git
 # FIXME: The following line is a workaround for avoiding filename collisions
 # when unpacking u-boot sources on case-insensitive filesystems. Once we
 # update to something with u-boot commit 610eec7f0 we can drop this line.
 tar cfj roms/u-boot.tar.bz2 -C roms u-boot && rm -rf roms/u-boot
 popd
-tar cfj ${destination}.tar.bz2 ${destination}
+tar --exclude=.git -cjf ${destination}.tar.bz2 ${destination}
 rm -rf ${destination}
-- 
2.14.3

Re: [Qemu-devel] [PATCH] linux-user/mmap.c: Avoid choosing NULL as start address

[Maximilian Riemensberger]

On 06.01.18 21:51, Laurent Vivier wrote:
> Le 06/01/2018 à 18:00, Maximilian Riemensberger a écrit :
>> mmap() is required by the linux kernel ABI and POSIX to return a
>> non-NULL address when the implementation chooses a start address for the
>> mapping.
>>
>> The current implementation of mmap_find_vma_reserved() can return NULL
>> as start address of a mapping which leads to subsequent crashes inside
>> the guests glibc, e.g. output of qemu-arm-static --strace executing a
>> test binary stx_test:
>>
>> 1879 
>> mmap2(NULL,8388608,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|0x2,-1,0)
>>  = 0x
>> 1879 write(2,0xf6fd39d0,79) stx_test: allocatestack.c:514: 
>> allocate_stack: Assertion `mem != NULL' failed.
>>
>> This patch fixes mmap_find_vma_reserved() by skipping NULL as start
>> address while searching for a suitable mapping start address.
>>
>> CC: Riku Voipio 
>> CC: Laurent Vivier 
>> CC: Peter Maydell 
>> Signed-off-by: Maximilian Riemensberger 
>> ---
>>  linux-user/mmap.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
>> index 4888f53..20cc5a7 100644
>> --- a/linux-user/mmap.c
>> +++ b/linux-user/mmap.c
>> @@ -221,7 +221,7 @@ static abi_ulong mmap_find_vma_reserved(abi_ulong start, 
>> abi_ulong size)
>>  addr = end_addr - qemu_host_page_size;
>>  
>>  while (1) {
>> -if (addr > end_addr) {
>> +if (!addr || addr > end_addr) {
>>  if (looped) {
>>  return (abi_ulong)-1;
>>  }
> 
> I think this is correct, but it would be clearer to not exit the loop if
> addr is NULL, something like:
> 
> @@ -234,7 +234,7 @@ static abi_ulong mmap_find_vma_reserved(abi_ulong
> start, abi_ulong size)
>  if (prot) {
>  end_addr = addr;
>  }
> -if (addr + size == end_addr) {
> +if (addr && addr + size == end_addr) {
>  break;
>  }
>  addr -= qemu_host_page_size;
> 
> The result is the same because with the "addr -= qemu_host_page_size"
> addr becomes greater than end_addr on the next loop.

Sure. This patch also fixes the problem for me.  Should I respin
or do you send this patch directly?

Thanks.
Max

> 
> Thanks,
> Laurent
> 

-- 
--
Cadami UG (haftungsbeschränkt)
Waagstraße 10, 85386 Eching (near Munich), Germany
Office:c/o Wayra, Kaufingerstraße 15, 80331 Munich, Germany

Contact:   +49-176-63360306, riemensber...@cadami.net, www.cadami.net

Geschäftsführer: Andreas Dotzler, Michael Heindlmaier,
 Thomas Kühn, Maximilian Riemensberger
Sitz der Gesellschaft:   Eching, HRB 219979 Amtsgericht München
USt-IdNr.:   DE301293803
--

Re: [Qemu-devel] [PATCH 0/7] CAN bus support for QEMU (SJA1000 PCI so far)

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: cover.1515260163.git.p...@cmp.felk.cvut.cz
Subject: [Qemu-devel] [PATCH 0/7] CAN bus support for QEMU (SJA1000 PCI so far)

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
f6555aed49 QEMU CAN bus emulation documentation
b43b31c8f5 CAN bus MIOe-3680 PCI (dual SJA1000 channel) emulation added.
49228bb881 CAN bus PCM-3680I PCI (dual SJA1000 channel) emulation added.
94bf8a7051 CAN bus Kvaser PCI CAN-S (single SJA1000 channel) emulation added.
137eb4460e CAN bus SJA1000 chip register level emulation for QEMU
7b408f317f CAN bus support to connect bust to Linux host SocketCAN interface.
a56657c636 CAN bus simple messages transport implementation for QEMU

=== OUTPUT BEGIN ===
Checking PATCH 1/7: CAN bus simple messages transport implementation for QEMU...
WARNING: line over 80 characters
#199: FILE: hw/can/can_core.c:125:
+error_report("CAN bus connect to host device not supported on this 
system");

WARNING: line over 80 characters
#329: FILE: include/can/can_emu.h:78:
+#define QEMU_CAN_INV_FILTER 0x2000U /* to be set in qemu_can_filter.can_id 
*/

WARNING: line over 80 characters
#365: FILE: include/can/can_emu.h:114:
+extern int (*can_bus_connect_to_host_variant)(CanBusState *bus, const char 
*name);

total: 0 errors, 3 warnings, 328 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 2/7: CAN bus support to connect bust to Linux host SocketCAN 
interface
WARNING: line over 80 characters
#228: FILE: hw/can/can_socketcan.c:194:
+CanBusSocketcanConnectState *can_bus_socketcan_connect_new(const char 
*host_dev_name)

WARNING: line over 80 characters
#298: FILE: hw/can/can_socketcan.c:264:
+int can_bus_connect_to_host_socketcan(CanBusState *bus, const char 
*host_dev_name)

total: 0 errors, 2 warnings, 303 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 3/7: CAN bus SJA1000 chip register level emulation for QEMU...
WARNING: line over 80 characters
#383: FILE: hw/can/can_sja1000.c:337:
+buff[2] = extract32(frame->can_id, 0, 3) << 5; /* 
ID.02~ID.00,x,x,x,x,x */

WARNING: line over 80 characters
#398: FILE: hw/can/can_sja1000.c:352:
+if ((frame->can_id & QEMU_CAN_EFF_FLAG) || /* EFF, not support for 
BasicMode. */

WARNING: line over 80 characters
#399: FILE: hw/can/can_sja1000.c:353:
+   (frame->can_id & QEMU_CAN_ERR_FLAG)) {  /* or Error frame, NOT support 
now. */

WARNING: line over 80 characters
#486: FILE: hw/can/can_sja1000.c:440:
+s->status_pel |= (3 << 2); /* Set transmission complete 
status, */

WARNING: line over 80 characters
#595: FILE: hw/can/can_sja1000.c:549:
+s->status_bas |= (3 << 2); /* Set transmission complete 
status, */

WARNING: line over 80 characters
#615: FILE: hw/can/can_sja1000.c:569:
+fprintf(stderr, " %02X", s->rx_buff[(s->rxbuf_start + 
i) %

WARNING: line over 80 characters
#847: FILE: hw/can/can_sja1000.c:801:
+s->status_pel |= (1 << 4); /* the CAN controller is receiving a 
message */

WARNING: line over 80 characters
#897: FILE: hw/can/can_sja1000.c:851:
+s->status_bas |= (1 << 4); /* the CAN controller is receiving a 
message */

ERROR: do not use C99 // comments
#1087: FILE: hw/can/can_sja1000.h:39:
+//#define DEBUG_CAN

WARNING: line over 80 characters
#1108: FILE: hw/can/can_sja1000.h:60:
+uint8_t interrupt_en;  /* PeliCAN, addr 4, Interrupt Enable 
register */

WARNING: line over 80 characters
#1109: FILE: hw/can/can_sja1000.h:61:
+uint8_t rxmsg_cnt; /* PeliCAN, addr 29, RX message counter. 
DS-p49 */

WARNING: line over 80 characters
#1110: FILE: hw/can/can_sja1000.h:62:
+uint8_t rxbuf_start;   /* PeliCAN, addr 30, RX buffer start 
address, DS-p49 */

WARNING: line over 80 characters
#: FILE: hw/can/can_sja1000.h:63:
+uint8_t clock; /* PeliCAN, addr 31, Clock Divider 
register, DS-p55 */

WARNING: line over 80 characters
#1125: FILE: hw/can/can_sja1000.h:77:
+uint8_t code;  /* BasicCAN, addr 4, Acceptance code 
register */

WARNING: line over 80 characters
#1126: FILE: 

[Qemu-devel] [PATCH 7/7] QEMU CAN bus emulation documentation

[pisa]

From: Pavel Pisa 

Signed-off-by: Pavel Pisa 
---
 docs/can.txt | 78 
 1 file changed, 78 insertions(+)
 create mode 100644 docs/can.txt

diff --git a/docs/can.txt b/docs/can.txt
new file mode 100644
index 00..ac3170e947
--- /dev/null
+++ b/docs/can.txt
@@ -0,0 +1,78 @@
+QEMU CAN bus emulation support
+==
+
+The CAN bus emulation provides mechanism to connect multiple
+emulated CAN controller chips together by one or multiple CAN busses
+(the controller device "canbus"  parameter). The individual busses
+can be connected to host system CAN API (at this time only Linux
+SocketCAN is supported).
+
+The concept of busses is generic and different CAN controllers
+can be implemented for it but at this time only SJA1000 chip
+controller is implemented.
+
+The PCI addon card hardware has been selected as the first CAN
+interface to implement because such device can be easily connected
+to systems with different CPU architectures (x86, PowerPC, ARM, etc.).
+
+The project has been initially started in frame of RTEMS GSoC 2013
+slot by Jin Yang under our mentoring  The initial idea was to provide generic
+CAN subsystem for RTEMS. But lack of common environment for code and RTEMS
+testing lead to goal change to provide environment which provides complete
+emulated environment for testing and RTEMS GSoC slot has been donated
+to work on CAN hardware emulation on QEMU.
+
+Examples how to use CAN emulation
+=
+
+When QEMU with CAN PCI support is compiled then one of the next
+CAN boards can be selected
+
+ (1) CAN bus Kvaser PCI CAN-S (single SJA1000 channel) boad. QEMU startup 
options
+-device kvaser_pci,canbus=canbus0
+Add "host" parameter to connect device to host system CAN bus
+-device kvaser_pci,canbus=canbus0,host=can0
+
+ (2) CAN bus PCM-3680I PCI (dual SJA1000 channel) emulation
+-device pcm3680_pci,canbus=canbus0,host=can0
+
+ (3) CAN bus MIOe-3680 PCI (dual SJA1000 channel) emulation
+-device mioe3680_pci,canbus=canbus0,host=can0
+
+
+The ''kvaser_pci'' board/device model is compatible with and has been tested 
with
+''kvaser_pci'' driver included in mainline Linux kernel.
+The tested setup was Linux 4.9 kernel on the host and guest side.
+
+Next parameters has been used for qemu-system-x86_64
+
+qemu-system-x86_64 -enable-kvm -kernel /boot/vmlinuz-4.9.0-4-amd64 \
+  -initrd ramdisk.cpio \
+  -virtfs local,path=shareddir,security_model=none,mount_tag=shareddir \
+  -vga cirrus \
+  -device kvaser_pci,canbus=canbus0,host=can0 \
+  -nographic -append "console=ttyS0"
+
+The list of parameters for qemu-system-arm
+
+qemu-system-arm -cpu arm1176 -m 256 -M versatilepb \
+  -kernel kernel-qemu-arm1176-versatilepb \
+  -hda rpi-wheezy-overlay \
+  -append "console=ttyAMA0 root=/dev/sda2 ro init=/sbin/init-overlay" \
+  -nographic \
+  -virtfs local,path=shareddir,security_model=none,mount_tag=shareddir \
+  -device kvaser_pci,canbus=canbus0,host=can0 \
+
+Links to other resources
+
+
+ (1) Repository with development branch can-pci at Czech Technical University
+ https://gitlab.fel.cvut.cz/canbus/qemu-canbus
+ (2) GitHub repository with can-pci and our other changes included
+ https://gitlab.fel.cvut.cz/canbus/qemu-canbus
+ (3) RTEMS page describing project
+ https://devel.rtems.org/wiki/Developer/Simulators/QEMU/CANEmulation
+ (4) RTLWS 2015 article about the projevt and its use with CANopen emulation
+ http://rtime.felk.cvut.cz/publications/public/rtlws2015-qemu-can.pdf
+ Slides
+ 
http://rtime.felk.cvut.cz/publications/public/rtlws2015-qemu-can-slides.pdf
-- 
2.11.0

[Qemu-devel] [PATCH 6/7] CAN bus MIOe-3680 PCI (dual SJA1000 channel) emulation added.

[pisa]

From: Deniz Eren 

Signed-off-by: Pavel Pisa 
---
 hw/can/Makefile.objs  |   1 +
 hw/can/can_mioe3680_pci.c | 335 ++
 2 files changed, 336 insertions(+)
 create mode 100644 hw/can/can_mioe3680_pci.c

diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
index 6a328f0c3a..8fcc455800 100644
--- a/hw/can/Makefile.objs
+++ b/hw/can/Makefile.objs
@@ -10,4 +10,5 @@ endif
 common-obj-$(CONFIG_CAN_SJA1000) += can_sja1000.o
 common-obj-$(CONFIG_CAN_PCI) += can_kvaser_pci.o
 common-obj-$(CONFIG_CAN_PCI) += can_pcm3680_pci.o
+common-obj-$(CONFIG_CAN_PCI) += can_mioe3680_pci.o
 endif
diff --git a/hw/can/can_mioe3680_pci.c b/hw/can/can_mioe3680_pci.c
new file mode 100644
index 00..799e74a7ac
--- /dev/null
+++ b/hw/can/can_mioe3680_pci.c
@@ -0,0 +1,335 @@
+/*
+ * MIOe-3680 PCI CAN device (SJA1000 based) emulation
+ *
+ * Copyright (c) 2016 Deniz Eren (deniz.e...@icloud.com)
+ *
+ * Based on Kvaser PCI CAN device (SJA1000 based) emulation implemented by
+ * Jin Yang and Pavel Pisa
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/event_notifier.h"
+#include "qemu/thread.h"
+#include "qemu/sockets.h"
+#include "qemu/error-report.h"
+#include "chardev/char.h"
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "can/can_emu.h"
+
+#include "can_sja1000.h"
+
+#define TYPE_CAN_PCI_DEV "mioe3680_pci"
+
+#define MIOe3680_PCI_DEV(obj) \
+OBJECT_CHECK(Mioe3680PCIState, (obj), TYPE_CAN_PCI_DEV)
+
+#ifndef MIOe3680_PCI_VENDOR_ID1
+#define MIOe3680_PCI_VENDOR_ID1 0x13fe/* the PCI device and vendor IDs 
*/
+#endif
+
+#ifndef MIOe3680_PCI_DEVICE_ID1
+#define MIOe3680_PCI_DEVICE_ID1 0xc302
+#endif
+
+#define MIOe3680_PCI_SJA_RANGE 0x800
+
+#define MIOe3680_PCI_BYTES_PER_SJA 0x80
+
+typedef struct Mioe3680PCIState {
+/*< private >*/
+PCIDevice   dev;
+/*< public >*/
+MemoryRegionsja_io[2];
+
+CanSJA1000State sja_state[2];
+qemu_irqirq;
+
+char*model; /* The model that support, only SJA1000 now. */
+char*canbus[2];
+char*host[2];
+} Mioe3680PCIState;
+
+static void mioe3680_pci_irq_raise(void *opaque)
+{
+Mioe3680PCIState *d = (Mioe3680PCIState *)opaque;
+
+qemu_irq_raise(d->irq);
+}
+
+static void mioe3680_pci_irq_lower(void *opaque)
+{
+Mioe3680PCIState *d = (Mioe3680PCIState *)opaque;
+
+qemu_irq_lower(d->irq);
+}
+
+static void
+mioe3680_pci_reset(void *opaque)
+{
+Mioe3680PCIState *d = (Mioe3680PCIState *)opaque;
+CanSJA1000State *s1 = >sja_state[0];
+CanSJA1000State *s2 = >sja_state[1];
+
+can_sja_hardware_reset(s1);
+can_sja_hardware_reset(s2);
+}
+
+static uint64_t mioe3680_pci_sja1_io_read(void *opaque, hwaddr addr,
+  unsigned size)
+{
+Mioe3680PCIState *d = opaque;
+CanSJA1000State *s = >sja_state[0];
+
+if (addr >= MIOe3680_PCI_BYTES_PER_SJA) {
+return 0;
+}
+
+return can_sja_mem_read(s, addr >> 2, size);
+}
+
+static void mioe3680_pci_sja1_io_write(void *opaque, hwaddr addr, uint64_t 
data,
+ unsigned size)
+{
+Mioe3680PCIState *d = opaque;
+CanSJA1000State *s = >sja_state[0];
+
+if (addr >= MIOe3680_PCI_BYTES_PER_SJA) {
+return;
+}
+
+can_sja_mem_write(s, addr >> 2, data, size);
+}
+
+static uint64_t mioe3680_pci_sja2_io_read(void *opaque, hwaddr addr,
+  unsigned size)
+{
+Mioe3680PCIState *d = opaque;
+CanSJA1000State *s = >sja_state[1];
+
+if (addr >= MIOe3680_PCI_BYTES_PER_SJA) {
+return 0;
+}
+
+return can_sja_mem_read(s, addr >> 2, size);
+}
+
+static void mioe3680_pci_sja2_io_write(void *opaque, hwaddr addr, uint64_t 
data,
+ unsigned size)
+{
+Mioe3680PCIState *d = opaque;
+

Re: [Qemu-devel] [PATCH] linux-user/mmap.c: Avoid choosing NULL as start address

[Laurent Vivier]

Le 06/01/2018 à 18:00, Maximilian Riemensberger a écrit :
> mmap() is required by the linux kernel ABI and POSIX to return a
> non-NULL address when the implementation chooses a start address for the
> mapping.
> 
> The current implementation of mmap_find_vma_reserved() can return NULL
> as start address of a mapping which leads to subsequent crashes inside
> the guests glibc, e.g. output of qemu-arm-static --strace executing a
> test binary stx_test:
> 
> 1879 
> mmap2(NULL,8388608,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|0x2,-1,0)
>  = 0x
> 1879 write(2,0xf6fd39d0,79) stx_test: allocatestack.c:514: 
> allocate_stack: Assertion `mem != NULL' failed.
> 
> This patch fixes mmap_find_vma_reserved() by skipping NULL as start
> address while searching for a suitable mapping start address.
> 
> CC: Riku Voipio 
> CC: Laurent Vivier 
> CC: Peter Maydell 
> Signed-off-by: Maximilian Riemensberger 
> ---
>  linux-user/mmap.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> index 4888f53..20cc5a7 100644
> --- a/linux-user/mmap.c
> +++ b/linux-user/mmap.c
> @@ -221,7 +221,7 @@ static abi_ulong mmap_find_vma_reserved(abi_ulong start, 
> abi_ulong size)
>  addr = end_addr - qemu_host_page_size;
>  
>  while (1) {
> -if (addr > end_addr) {
> +if (!addr || addr > end_addr) {
>  if (looped) {
>  return (abi_ulong)-1;
>  }

I think this is correct, but it would be clearer to not exit the loop if
addr is NULL, something like:

@@ -234,7 +234,7 @@ static abi_ulong mmap_find_vma_reserved(abi_ulong
start, abi_ulong size)
 if (prot) {
 end_addr = addr;
 }
-if (addr + size == end_addr) {
+if (addr && addr + size == end_addr) {
 break;
 }
 addr -= qemu_host_page_size;

The result is the same because with the "addr -= qemu_host_page_size"
addr becomes greater than end_addr on the next loop.

Thanks,
Laurent

[Qemu-devel] [PATCH 3/7] CAN bus SJA1000 chip register level emulation for QEMU

[pisa]

From: Pavel Pisa 

The core SJA1000 support is independent of following
patches which map SJA1000 chip to PCI boards.

The work is based on Jin Yang GSoC 2013 work funded
by Google and mentored in frame of RTEMS project GSoC
slot donated to QEMU.

Rewritten for QEMU-2.0+ versions and architecture cleanup
by Pavel Pisa (Czech Technical University in Prague).

Signed-off-by: Pavel Pisa 
---
 default-configs/pci.mak |   1 +
 hw/can/Makefile.objs|   1 +
 hw/can/can_sja1000.c| 996 
 hw/can/can_sja1000.h| 176 +
 4 files changed, 1174 insertions(+)
 create mode 100644 hw/can/can_sja1000.c
 create mode 100644 hw/can/can_sja1000.h

diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index bbe11887a1..979b649fe5 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -32,6 +32,7 @@ CONFIG_SERIAL=y
 CONFIG_SERIAL_ISA=y
 CONFIG_SERIAL_PCI=y
 CONFIG_CAN_CORE=y
+CONFIG_CAN_SJA1000=y
 CONFIG_IPACK=y
 CONFIG_WDT_IB6300ESB=y
 CONFIG_PCI_TESTDEV=y
diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
index f999085f7a..3c4bf3bfc1 100644
--- a/hw/can/Makefile.objs
+++ b/hw/can/Makefile.objs
@@ -7,4 +7,5 @@ common-obj-y += can_socketcan.o
 else
 common-obj-y += can_host_stub.o
 endif
+common-obj-$(CONFIG_CAN_SJA1000) += can_sja1000.o
 endif
diff --git a/hw/can/can_sja1000.c b/hw/can/can_sja1000.c
new file mode 100644
index 00..17e5b46f07
--- /dev/null
+++ b/hw/can/can_sja1000.c
@@ -0,0 +1,996 @@
+/*
+ * CAN device - SJA1000 chip emulation for QEMU
+ *
+ * Copyright (c) 2013-2014 Jin Yang
+ * Copyright (c) 2014-2017 Pavel Pisa
+ *
+ * Initial development supported by Google GSoC 2013 from RTEMS project slot
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "chardev/char.h"
+#include "hw/hw.h"
+#include "can/can_emu.h"
+
+#include "can_sja1000.h"
+
+#ifndef DEBUG_FILTER
+#define DEBUG_FILTER 0
+#endif /*DEBUG_FILTER*/
+
+static void can_sja_software_reset(CanSJA1000State *s)
+{
+s->mode&= ~0x31;
+s->mode|= 0x01;
+s->status_pel  &= ~0x37;
+s->status_pel  |= 0x34;
+
+s->rxbuf_start = 0x00;
+s->rxmsg_cnt   = 0x00;
+s->rx_cnt  = 0x00;
+}
+
+void can_sja_hardware_reset(CanSJA1000State *s)
+{
+/* Reset by hardware, p10 */
+s->mode= 0x01;
+s->status_pel  = 0x3c;
+s->interrupt_pel = 0x00;
+s->clock   = 0x00;
+s->rxbuf_start = 0x00;
+s->rxmsg_cnt   = 0x00;
+s->rx_cnt  = 0x00;
+
+s->control = 0x01;
+s->status_bas  = 0x0c;
+s->interrupt_bas = 0x00;
+
+s->irq_lower(s->irq_opaque);
+}
+
+static
+void can_sja_single_filter(struct qemu_can_filter *filter,
+const uint8_t *acr,  const uint8_t *amr, int extended)
+{
+if (extended) {
+filter->can_id = (uint32_t)acr[0] << 21;
+filter->can_id |= (uint32_t)acr[1] << 13;
+filter->can_id |= (uint32_t)acr[2] << 5;
+filter->can_id |= (uint32_t)acr[3] >> 3;
+if (acr[3] & 4) {
+filter->can_id |= QEMU_CAN_RTR_FLAG;
+}
+
+filter->can_mask = (uint32_t)amr[0] << 21;
+filter->can_mask |= (uint32_t)amr[1] << 13;
+filter->can_mask |= (uint32_t)amr[2] << 5;
+filter->can_mask |= (uint32_t)amr[3] >> 3;
+filter->can_mask = ~filter->can_mask & QEMU_CAN_EFF_MASK;
+if (!(amr[3] & 4)) {
+filter->can_mask |= QEMU_CAN_RTR_FLAG;
+}
+} else {
+filter->can_id = (uint32_t)acr[0] << 3;
+filter->can_id |= (uint32_t)acr[1] >> 5;
+if (acr[1] & 0x10) {
+filter->can_id |= QEMU_CAN_RTR_FLAG;
+}
+
+filter->can_mask = (uint32_t)amr[0] << 3;
+filter->can_mask |= (uint32_t)amr[1] << 5;
+filter->can_mask = ~filter->can_mask & QEMU_CAN_SFF_MASK;
+if (!(amr[1] & 4)) {
+

[Qemu-devel] [PATCH 5/7] CAN bus PCM-3680I PCI (dual SJA1000 channel) emulation added.

[pisa]

From: Deniz Eren 

Signed-off-by: Pavel Pisa 
---
 hw/can/Makefile.objs |   1 +
 hw/can/can_pcm3680_pci.c | 335 +++
 2 files changed, 336 insertions(+)
 create mode 100644 hw/can/can_pcm3680_pci.c

diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
index c9d07b9b16..6a328f0c3a 100644
--- a/hw/can/Makefile.objs
+++ b/hw/can/Makefile.objs
@@ -9,4 +9,5 @@ common-obj-y += can_host_stub.o
 endif
 common-obj-$(CONFIG_CAN_SJA1000) += can_sja1000.o
 common-obj-$(CONFIG_CAN_PCI) += can_kvaser_pci.o
+common-obj-$(CONFIG_CAN_PCI) += can_pcm3680_pci.o
 endif
diff --git a/hw/can/can_pcm3680_pci.c b/hw/can/can_pcm3680_pci.c
new file mode 100644
index 00..692aab6ab8
--- /dev/null
+++ b/hw/can/can_pcm3680_pci.c
@@ -0,0 +1,335 @@
+/*
+ * PCM-3680i PCI CAN device (SJA1000 based) emulation
+ *
+ * Copyright (c) 2016 Deniz Eren (deniz.e...@icloud.com)
+ *
+ * Based on Kvaser PCI CAN device (SJA1000 based) emulation implemented by
+ * Jin Yang and Pavel Pisa
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/event_notifier.h"
+#include "qemu/thread.h"
+#include "qemu/sockets.h"
+#include "qemu/error-report.h"
+#include "chardev/char.h"
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "can/can_emu.h"
+
+#include "can_sja1000.h"
+
+#define TYPE_CAN_PCI_DEV "pcm3680_pci"
+
+#define PCM3680i_PCI_DEV(obj) \
+OBJECT_CHECK(Pcm3680iPCIState, (obj), TYPE_CAN_PCI_DEV)
+
+#ifndef PCM3680i_PCI_VENDOR_ID1
+#define PCM3680i_PCI_VENDOR_ID1 0x13fe/* the PCI device and vendor IDs 
*/
+#endif
+
+#ifndef PCM3680i_PCI_DEVICE_ID1
+#define PCM3680i_PCI_DEVICE_ID1 0xc002
+#endif
+
+#define PCM3680i_PCI_SJA_RANGE 0x200
+
+#define PCM3680i_PCI_BYTES_PER_SJA 0x20
+
+typedef struct Pcm3680iPCIState {
+/*< private >*/
+PCIDevice   dev;
+/*< public >*/
+MemoryRegionsja_io[2];
+
+CanSJA1000State sja_state[2];
+qemu_irqirq;
+
+char*model; /* The model that support, only SJA1000 now. */
+char*canbus[2];
+char*host[2];
+} Pcm3680iPCIState;
+
+static void pcm3680i_pci_irq_raise(void *opaque)
+{
+Pcm3680iPCIState *d = (Pcm3680iPCIState *)opaque;
+
+qemu_irq_raise(d->irq);
+}
+
+static void pcm3680i_pci_irq_lower(void *opaque)
+{
+Pcm3680iPCIState *d = (Pcm3680iPCIState *)opaque;
+
+qemu_irq_lower(d->irq);
+}
+
+static void
+pcm3680i_pci_reset(void *opaque)
+{
+Pcm3680iPCIState *d = (Pcm3680iPCIState *)opaque;
+CanSJA1000State *s1 = >sja_state[0];
+CanSJA1000State *s2 = >sja_state[1];
+
+can_sja_hardware_reset(s1);
+can_sja_hardware_reset(s2);
+}
+
+static uint64_t pcm3680i_pci_sja1_io_read(void *opaque, hwaddr addr,
+  unsigned size)
+{
+Pcm3680iPCIState *d = opaque;
+CanSJA1000State *s = >sja_state[0];
+
+if (addr >= PCM3680i_PCI_BYTES_PER_SJA) {
+return 0;
+}
+
+return can_sja_mem_read(s, addr, size);
+}
+
+static void pcm3680i_pci_sja1_io_write(void *opaque, hwaddr addr,
+   uint64_t data, unsigned size)
+{
+Pcm3680iPCIState *d = opaque;
+CanSJA1000State *s = >sja_state[0];
+
+if (addr >= PCM3680i_PCI_BYTES_PER_SJA) {
+return;
+}
+
+can_sja_mem_write(s, addr, data, size);
+}
+
+static uint64_t pcm3680i_pci_sja2_io_read(void *opaque, hwaddr addr,
+  unsigned size)
+{
+Pcm3680iPCIState *d = opaque;
+CanSJA1000State *s = >sja_state[1];
+
+if (addr >= PCM3680i_PCI_BYTES_PER_SJA) {
+return 0;
+}
+
+return can_sja_mem_read(s, addr, size);
+}
+
+static void pcm3680i_pci_sja2_io_write(void *opaque, hwaddr addr, uint64_t 
data,
+ unsigned size)
+{
+Pcm3680iPCIState *d = opaque;
+CanSJA1000State *s = 

[Qemu-devel] [PATCH 2/7] CAN bus support to connect bust to Linux host SocketCAN interface.

[pisa]

From: Pavel Pisa 

Connection to the real host CAN bus network through
SocketCAN network interface is available only for Linux
host system. Mechanism is generic, support for another
CAN API and operating systems can be implemented in future.

Signed-off-by: Pavel Pisa 
---
 hw/can/Makefile.objs   |   4 +
 hw/can/can_socketcan.c | 294 +
 2 files changed, 298 insertions(+)
 create mode 100644 hw/can/can_socketcan.c

diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
index 1028d7c455..f999085f7a 100644
--- a/hw/can/Makefile.objs
+++ b/hw/can/Makefile.objs
@@ -2,5 +2,9 @@
 
 ifeq ($(CONFIG_CAN_CORE),y)
 common-obj-y += can_core.o
+ifeq ($(CONFIG_LINUX),y)
+common-obj-y += can_socketcan.o
+else
 common-obj-y += can_host_stub.o
 endif
+endif
diff --git a/hw/can/can_socketcan.c b/hw/can/can_socketcan.c
new file mode 100644
index 00..130c80ba27
--- /dev/null
+++ b/hw/can/can_socketcan.c
@@ -0,0 +1,294 @@
+/*
+ * CAN socketcan support to connect to the Linux host SocketCAN interfaces
+ *
+ * Copyright (c) 2013-2014 Jin Yang
+ * Copyright (c) 2014-2018 Pavel Pisa
+ *
+ * Initial development supported by Google GSoC 2013 from RTEMS project slot
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "chardev/char.h"
+#include "qemu/sockets.h"
+#include "qemu/error-report.h"
+#include "hw/hw.h"
+#include "can/can_emu.h"
+
+#include 
+#include 
+#include 
+#include 
+
+#ifndef DEBUG_CAN
+#define DEBUG_CAN 0
+#endif /*DEBUG_CAN*/
+
+#define CAN_READ_BUF_LEN  5
+typedef struct {
+CanBusClientState  bus_client;
+qemu_can_filter*rfilter;
+intrfilter_num;
+can_err_mask_t err_mask;
+
+qemu_can_frame buf[CAN_READ_BUF_LEN];
+intbufcnt;
+intbufptr;
+
+intfd;
+} CanBusSocketcanConnectState;
+
+static void can_display_msg(struct qemu_can_frame *msg)
+{
+int i;
+
+/* Check that QEMU and Linux kernel flags encoding matches */
+assert(QEMU_CAN_EFF_FLAG == CAN_EFF_FLAG);
+assert(QEMU_CAN_RTR_FLAG == CAN_RTR_FLAG);
+assert(QEMU_CAN_ERR_FLAG == CAN_ERR_FLAG);
+
+assert(QEMU_CAN_INV_FILTER == CAN_INV_FILTER);
+
+fprintf(stderr, "%03X [%01d]:", (msg->can_id & 0x1fff), msg->can_dlc);
+for (i = 0; i < msg->can_dlc; i++) {
+fprintf(stderr, "  %02X", msg->data[i]);
+}
+fprintf(stderr, "\n");
+}
+
+static void can_bus_socketcan_read(void *opaque)
+{
+CanBusSocketcanConnectState *c;
+c = (CanBusSocketcanConnectState *)opaque;
+
+
+
+/* CAN_READ_BUF_LEN for multiple messages syscall is possible for future */
+c->bufcnt = read(c->fd, c->buf, sizeof(qemu_can_frame));
+if (c->bufcnt < 0) {
+perror("CAN bus host read");
+return;
+}
+
+can_bus_client_send(>bus_client, c->buf, 1);
+
+if (DEBUG_CAN) {
+can_display_msg(c->buf); /* Just display the first one. */
+}
+}
+
+static int can_bus_socketcan_can_receive(CanBusClientState *client)
+{
+CanBusSocketcanConnectState *c;
+c = container_of(client, CanBusSocketcanConnectState, bus_client);
+
+if (c->fd < 0) {
+return -1;
+}
+
+return 1;
+}
+
+static ssize_t can_bus_socketcan_receive(CanBusClientState *client,
+const qemu_can_frame *frames, size_t frames_cnt)
+{
+CanBusSocketcanConnectState *c;
+c = container_of(client, CanBusSocketcanConnectState, bus_client);
+size_t len = sizeof(qemu_can_frame);
+int res;
+
+if (c->fd < 0) {
+return -1;
+}
+
+res = write(c->fd, frames, len);
+
+if (!res) {
+fprintf(stderr, "CAN bus write to host device zero length\n");
+return -1;
+}
+
+/* send frame */
+if (res != len) {
+perror("CAN bus write to host device error");
+return -1;
+}
+
+return 

[Qemu-devel] [PATCH 4/7] CAN bus Kvaser PCI CAN-S (single SJA1000 channel) emulation added.

[pisa]

From: Pavel Pisa 

Signed-off-by: Pavel Pisa 
---
 default-configs/pci.mak |   1 +
 hw/can/Makefile.objs|   1 +
 hw/can/can_kvaser_pci.c | 375 
 3 files changed, 377 insertions(+)
 create mode 100644 hw/can/can_kvaser_pci.c

diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index 979b649fe5..72c0802ced 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -33,6 +33,7 @@ CONFIG_SERIAL_ISA=y
 CONFIG_SERIAL_PCI=y
 CONFIG_CAN_CORE=y
 CONFIG_CAN_SJA1000=y
+CONFIG_CAN_PCI=y
 CONFIG_IPACK=y
 CONFIG_WDT_IB6300ESB=y
 CONFIG_PCI_TESTDEV=y
diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
index 3c4bf3bfc1..c9d07b9b16 100644
--- a/hw/can/Makefile.objs
+++ b/hw/can/Makefile.objs
@@ -8,4 +8,5 @@ else
 common-obj-y += can_host_stub.o
 endif
 common-obj-$(CONFIG_CAN_SJA1000) += can_sja1000.o
+common-obj-$(CONFIG_CAN_PCI) += can_kvaser_pci.o
 endif
diff --git a/hw/can/can_kvaser_pci.c b/hw/can/can_kvaser_pci.c
new file mode 100644
index 00..d85d38b74b
--- /dev/null
+++ b/hw/can/can_kvaser_pci.c
@@ -0,0 +1,375 @@
+/*
+ * Kvaser PCI CAN device (SJA1000 based) emulation
+ *
+ * Copyright (c) 2013-2014 Jin Yang
+ * Copyright (c) 2014 Pavel Pisa
+ *
+ * Partially based on educational PCIexpress APOHW hardware
+ * emulator used fro class A0B36APO at CTU FEE course by
+ *Rostislav Lisovy and Pavel Pisa
+ *
+ * Initial development supported by Google GSoC 2013 from RTEMS project slot
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/event_notifier.h"
+#include "qemu/thread.h"
+#include "qemu/sockets.h"
+#include "qemu/error-report.h"
+#include "chardev/char.h"
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "can/can_emu.h"
+
+#include "can_sja1000.h"
+
+#define TYPE_CAN_PCI_DEV "kvaser_pci"
+
+#define KVASER_PCI_DEV(obj) \
+OBJECT_CHECK(KvaserPCIState, (obj), TYPE_CAN_PCI_DEV)
+
+#ifndef KVASER_PCI_VENDOR_ID1
+#define KVASER_PCI_VENDOR_ID1 0x10e8/* the PCI device and vendor IDs */
+#endif
+
+#ifndef KVASER_PCI_DEVICE_ID1
+#define KVASER_PCI_DEVICE_ID1 0x8406
+#endif
+
+#define KVASER_PCI_S5920_RANGE0x80
+#define KVASER_PCI_SJA_RANGE  0x80
+#define KVASER_PCI_XILINX_RANGE   0x8
+
+#define KVASER_PCI_BYTES_PER_SJA  0x20
+
+#define S5920_OMB 0x0C
+#define S5920_IMB 0x1C
+#define S5920_MBEF0x34
+#define S5920_INTCSR  0x38
+#define S5920_RCR 0x3C
+#define S5920_PTCR0x60
+
+#define S5920_INTCSR_ADDON_INTENABLE_M0x2000
+#define S5920_INTCSR_INTERRUPT_ASSERTED_M 0x80
+
+#define KVASER_PCI_XILINX_VERINT  7   /* Lower nibble simulate interrupts,
+ high nibble version number. */
+
+#define KVASER_PCI_XILINX_VERSION_NUMBER 13
+
+typedef struct KvaserPCIState {
+/*< private >*/
+PCIDevice   dev;
+/*< public >*/
+MemoryRegions5920_io;
+MemoryRegionsja_io;
+MemoryRegionxilinx_io;
+
+CanSJA1000State sja_state;
+qemu_irqirq;
+
+uint32_ts5920_intcsr;
+uint32_ts5920_irqstate;
+
+char*model; /* The model that support, only SJA1000 now. */
+char*canbus;
+char*host;
+} KvaserPCIState;
+
+static void kvaser_pci_irq_raise(void *opaque)
+{
+KvaserPCIState *d = (KvaserPCIState *)opaque;
+d->s5920_irqstate = 1;
+
+if (d->s5920_intcsr & S5920_INTCSR_ADDON_INTENABLE_M) {
+qemu_irq_raise(d->irq);
+}
+}
+
+static void kvaser_pci_irq_lower(void *opaque)
+{
+KvaserPCIState *d = (KvaserPCIState *)opaque;
+d->s5920_irqstate = 0;
+qemu_irq_lower(d->irq);
+}
+
+static void
+kvaser_pci_reset(void *opaque)
+{
+KvaserPCIState *d = (KvaserPCIState *)opaque;
+CanSJA1000State *s = >sja_state;
+
+

[Qemu-devel] [PATCH 1/7] CAN bus simple messages transport implementation for QEMU

[pisa]

From: Pavel Pisa 

The CanBusState state structure is created for each
emulated CAN channel. Individual clients/emulated
CAN interfaces or host interface connection registers
to the bus by CanBusClientState structure.

The CAN core is prepared to support connection to the
real host CAN bus network. The commit with such support
for Linux SocketCAN follows.

Implementation is as simple as possible, no migration,
messages prioritization and queuing considered for now.
But it is intended to be extended when need arises.

Development repository and more documentation at

https://gitlab.fel.cvut.cz/canbus/qemu-canbus

The work is based on Jin Yang GSoC 2013 work funded
by Google and mentored in frame of RTEMS project GSoC
slot donated to QEMU.

Rewritten for QEMU-2.0+ versions and architecture cleanup
by Pavel Pisa (Czech Technical University in Prague).

Signed-off-by: Pavel Pisa 
---
 default-configs/pci.mak |   1 +
 hw/Makefile.objs|   1 +
 hw/can/Makefile.objs|   6 ++
 hw/can/can_core.c   | 129 +++
 hw/can/can_host_stub.c  |  36 
 include/can/can_emu.h   | 143 
 6 files changed, 316 insertions(+)
 create mode 100644 hw/can/Makefile.objs
 create mode 100644 hw/can/can_core.c
 create mode 100644 hw/can/can_host_stub.c
 create mode 100644 include/can/can_emu.h

diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index e514bdef42..bbe11887a1 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -31,6 +31,7 @@ CONFIG_ESP_PCI=y
 CONFIG_SERIAL=y
 CONFIG_SERIAL_ISA=y
 CONFIG_SERIAL_PCI=y
+CONFIG_CAN_CORE=y
 CONFIG_IPACK=y
 CONFIG_WDT_IB6300ESB=y
 CONFIG_PCI_TESTDEV=y
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index cf4cb2010b..9d84b8faaa 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -6,6 +6,7 @@ devices-dirs-$(CONFIG_SOFTMMU) += block/
 devices-dirs-$(CONFIG_SOFTMMU) += bt/
 devices-dirs-$(CONFIG_SOFTMMU) += char/
 devices-dirs-$(CONFIG_SOFTMMU) += cpu/
+devices-dirs-$(CONFIG_SOFTMMU) += can/
 devices-dirs-$(CONFIG_SOFTMMU) += display/
 devices-dirs-$(CONFIG_SOFTMMU) += dma/
 devices-dirs-$(CONFIG_SOFTMMU) += gpio/
diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
new file mode 100644
index 00..1028d7c455
--- /dev/null
+++ b/hw/can/Makefile.objs
@@ -0,0 +1,6 @@
+# CAN bus interfaces emulation and infrastructure
+
+ifeq ($(CONFIG_CAN_CORE),y)
+common-obj-y += can_core.o
+common-obj-y += can_host_stub.o
+endif
diff --git a/hw/can/can_core.c b/hw/can/can_core.c
new file mode 100644
index 00..49ba3c6ef2
--- /dev/null
+++ b/hw/can/can_core.c
@@ -0,0 +1,129 @@
+/*
+ * CAN common CAN bus emulation support
+ *
+ * Copyright (c) 2013-2014 Jin Yang
+ * Copyright (c) 2014-2018 Pavel Pisa
+ *
+ * Initial development supported by Google GSoC 2013 from RTEMS project slot
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "chardev/char.h"
+#include "qemu/sockets.h"
+#include "qemu/error-report.h"
+#include "hw/hw.h"
+#include "can/can_emu.h"
+
+#ifndef DEBUG_CAN
+#define DEBUG_CAN 0
+#endif /*DEBUG_CAN*/
+
+static QTAILQ_HEAD(, CanBusState) can_buses =
+QTAILQ_HEAD_INITIALIZER(can_buses);
+
+CanBusState *can_bus_find_by_name(const char *name, bool create_missing)
+{
+CanBusState *bus;
+
+if (name == NULL) {
+name = "canbus0";
+}
+
+QTAILQ_FOREACH(bus, _buses, next) {
+if (!strcmp(bus->name, name)) {
+return bus;
+}
+}
+
+if (!create_missing) {
+return 0;
+}
+
+bus = g_malloc0(sizeof(*bus));
+if (bus == NULL) {
+return NULL;
+}
+
+QTAILQ_INIT(>clients);
+
+bus->name = g_strdup(name);
+
+QTAILQ_INSERT_TAIL(_buses, bus, next);
+return bus;
+}
+
+int can_bus_insert_client(CanBusState *bus, CanBusClientState *client)
+{
+client->bus = 

[Qemu-devel] [PATCH 0/7] CAN bus support for QEMU (SJA1000 PCI so far)

[pisa]

From: Pavel Pisa 

Basic emulation of CAN bus controller and interconnection for QEMU.

Patches version 3:
Support to connect to host SocketCAN interface has been
separated from the core bus implementation. Only simple
statically initialize pointer to the connection function
is used, no QOM concept for now.
SJA1000 message filters redone and code unified where
possible.
Basic documentation added.
QEMU_ALIGNED used in definition of CAN frame structure,
structure and defines still separated from Linux/SocketCAN
API defined ones to allow to keep QEMU message format
independed from host system one. Check for correspondence
to socketcan one added.

Patches version 2:
The bus emulation and the SJA1000 chip emulation introduced
by individual patches as suggested by Frederic Konrad.
Simple example board to test SJA1000 as single memory-mapped BAR
has been omitted in a new series because emulation of real
existing boards can provide same functions now.
Conditionalized debug printfs changed to be exposed to compiler
syntax check as suggested in review.

The work has been started by Jin Yang in the frame of GSoC 2013 slot
contributed by RTEMS project which has been looking for environment
to allow develop and test CAN drivers for multiple CPU architectures.

I have menthored the project and then done substantial code cleanup
and update to QOM. Deniz Eren then used emulation for SJA1000 base card
driver development for other operating system and contributed
PCM-3680I and MIOe-3680 support.

Some page about the project

  https://gitlab.fel.cvut.cz/canbus/qemu-canbus/wikis/home

FEE CTU GitLab repository with can-pci branch for 2.3, 2.4, 2.7, 2.8, 2.10 and 
2.11
version if QEMU is available there

  https://gitlab.fel.cvut.cz/canbus/qemu-canbus/tree/can-pci

mirror at GitHub

  https://github.com/CTU-IIG/qemu

There are many areas for improvement and extension of the code still
(for example freeze and migration is not implemented. CAN controllers
use proper QOM model but bus/interconnection emulation uses simple broadcast
connection which is required for CAN, but it is not based on QEMU bus model).
I have tried to look into QEMU VLANs implementation but it
does not map straightforward to CAN and I would need some help/opinion
from more advanced developers to decide what is their right
mapping to CAN.

CAN-FD support would be interesting requires other developers/
companies contributions or setup of some project to allow invite
some students and colleagues from my university into project.

But I believe that (even in its actual state) provided solution
is great help for embedded systems developers when they can connect
SocketCAN from one or more embedded systems running in virtual
environment together or with Linux host SocketCAN virtual
or real bus interfaces.

We have even tested our generic CANopen device configured
for CANopen 401 profile for generic I/O running in the virtual
system which can control GPIO inputs/outputs through virtual
industrial I/O card.

Generally QEMU can be interesting setup which allows
to test complete industrial and automotive applications
in virtual environment even before real hardware is availabe.

Deniz Eren (2):
  CAN bus PCM-3680I PCI (dual SJA1000 channel) emulation added.
  CAN bus MIOe-3680 PCI (dual SJA1000 channel) emulation added.

Pavel Pisa (5):
  CAN bus simple messages transport implementation for QEMU
  CAN bus support to connect bust to Linux host SocketCAN interface.
  CAN bus SJA1000 chip register level emulation for QEMU
  CAN bus Kvaser PCI CAN-S (single SJA1000 channel) emulation added.
  QEMU CAN bus emulation documentation

 default-configs/pci.mak   |   3 +
 docs/can.txt  |  78 
 hw/Makefile.objs  |   1 +
 hw/can/Makefile.objs  |  14 +
 hw/can/can_core.c | 129 ++
 hw/can/can_host_stub.c|  36 ++
 hw/can/can_kvaser_pci.c   | 375 +
 hw/can/can_mioe3680_pci.c | 335 
 hw/can/can_pcm3680_pci.c  | 335 
 hw/can/can_sja1000.c  | 996 ++
 hw/can/can_sja1000.h  | 176 
 hw/can/can_socketcan.c| 294 ++
 include/can/can_emu.h | 143 +++
 13 files changed, 2915 insertions(+)
 create mode 100644 docs/can.txt
 create mode 100644 hw/can/Makefile.objs
 create mode 100644 hw/can/can_core.c
 create mode 100644 hw/can/can_host_stub.c
 create mode 100644 hw/can/can_kvaser_pci.c
 create mode 100644 hw/can/can_mioe3680_pci.c
 create mode 100644 hw/can/can_pcm3680_pci.c
 create mode 100644 hw/can/can_sja1000.c
 create mode 100644 hw/can/can_sja1000.h
 create mode 100644 hw/can/can_socketcan.c
 create mode 100644 include/can/can_emu.h

-- 
2.11.0

Re: [Qemu-devel] [PATCH] linux-user/mmap.c: Avoid choosing NULL as start address

[Maximilian Riemensberger]

On 06.01.18 18:00, Maximilian Riemensberger wrote:
> mmap() is required by the linux kernel ABI and POSIX to return a
> non-NULL address when the implementation chooses a start address for the
> mapping.
> 
> The current implementation of mmap_find_vma_reserved() can return NULL
> as start address of a mapping which leads to subsequent crashes inside
> the guests glibc, e.g. output of qemu-arm-static --strace executing a
> test binary stx_test:
> 
> 1879 
> mmap2(NULL,8388608,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|0x2,-1,0)
>  = 0x
> 1879 write(2,0xf6fd39d0,79) stx_test: allocatestack.c:514: 
> allocate_stack: Assertion `mem != NULL' failed.
> 
> This patch fixes mmap_find_vma_reserved() by skipping NULL as start
> address while searching for a suitable mapping start address.

I should have added:

Fixes: 59e9d91c7ae1b655997aec61c08eec1685414117 ("linux-user: resolve 
reserved_va vma downwards")

Cheers,
Max

> 
> CC: Riku Voipio 
> CC: Laurent Vivier 
> CC: Peter Maydell 
> Signed-off-by: Maximilian Riemensberger 
> ---
>  linux-user/mmap.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> index 4888f53..20cc5a7 100644
> --- a/linux-user/mmap.c
> +++ b/linux-user/mmap.c
> @@ -221,7 +221,7 @@ static abi_ulong mmap_find_vma_reserved(abi_ulong start, 
> abi_ulong size)
>  addr = end_addr - qemu_host_page_size;
>  
>  while (1) {
> -if (addr > end_addr) {
> +if (!addr || addr > end_addr) {
>  if (looped) {
>  return (abi_ulong)-1;
>  }
> 

-- 
--
Cadami UG (haftungsbeschränkt)
Waagstraße 10, 85386 Eching (near Munich), Germany
Office:c/o Wayra, Kaufingerstraße 15, 80331 Munich, Germany

Contact:   +49-176-63360306, riemensber...@cadami.net, www.cadami.net

Geschäftsführer: Andreas Dotzler, Michael Heindlmaier,
 Thomas Kühn, Maximilian Riemensberger
Sitz der Gesellschaft:   Eching, HRB 219979 Amtsgericht München
USt-IdNr.:   DE301293803
--

Re: [Qemu-devel] linux-user/mmap: Should not return NULL on guest call mmap(NULL, ...), causes crash inside glibc

[Maximilian Riemensberger]

On 05.01.18 22:13, Maximilian Riemensberger wrote:
> On 05.01.18 19:38, Peter Maydell wrote:
>> On 5 January 2018 at 18:13, Maximilian Riemensberger
>>  wrote:
>>> Hi,
>>>
>>> yesterday I hit the following problem when running an arm linux executable 
>>> on
>>> qemu-2.10 (qemu-arm-static through binfmt_misc)
>>>
>>> 1879 
>>> mmap2(NULL,8388608,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|0x2,-1,0)
>>>  = 0x
>>> 1879 write(2,0xf6fd39d0,79) stx_test: allocatestack.c:514: allocate_stack: 
>>> Assertion `mem != NULL' failed.
>>>
>>> The issue comes up when the executable creates and joins lots of
>>> threads in a loop (it's a unit test).  Eventually, glibc allocatestack
>>> hits the mmap(NULL, ...) == NULL.  Judging from the posix and linux
>>> manuals mmap(NULL, ...) never returns NULL.  Either it fails with MAP_FAILED
>>> or it succeeds and returns non-NULL address.
>>
>> Given the heavy use of threading, can you retest with QEMU 2.11,
>> please? We fixed a couple of threading issues in linux-user there.
> 
> Same error with fresh qemu-2.11 build.

I just sent out a online patch that fixes the issue for me.

Cheers
Max

[Qemu-devel] [PATCH] linux-user/mmap.c: Avoid choosing NULL as start address

[Maximilian Riemensberger]

mmap() is required by the linux kernel ABI and POSIX to return a
non-NULL address when the implementation chooses a start address for the
mapping.

The current implementation of mmap_find_vma_reserved() can return NULL
as start address of a mapping which leads to subsequent crashes inside
the guests glibc, e.g. output of qemu-arm-static --strace executing a
test binary stx_test:

1879 
mmap2(NULL,8388608,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|0x2,-1,0) 
= 0x
1879 write(2,0xf6fd39d0,79) stx_test: allocatestack.c:514: allocate_stack: 
Assertion `mem != NULL' failed.

This patch fixes mmap_find_vma_reserved() by skipping NULL as start
address while searching for a suitable mapping start address.

CC: Riku Voipio 
CC: Laurent Vivier 
CC: Peter Maydell 
Signed-off-by: Maximilian Riemensberger 
---
 linux-user/mmap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 4888f53..20cc5a7 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -221,7 +221,7 @@ static abi_ulong mmap_find_vma_reserved(abi_ulong start, 
abi_ulong size)
 addr = end_addr - qemu_host_page_size;
 
 while (1) {
-if (addr > end_addr) {
+if (!addr || addr > end_addr) {
 if (looped) {
 return (abi_ulong)-1;
 }
-- 
2.7.4

[Qemu-devel] [PATCH v4 13/16] piix4: add a speaker as specified in datasheet

[Hervé Poussineau]

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/isa/piix4.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 0d68fcb193..b313e4fe73 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -30,6 +30,7 @@
 #include "hw/isa/isa.h"
 #include "hw/char/isa.h"
 #include "hw/sysbus.h"
+#include "hw/audio/pcspk.h"
 #include "hw/timer/i8254.h"
 #include "hw/timer/mc146818rtc.h"
 #include "qapi/error.h"
@@ -148,6 +149,7 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 DeviceState *dev = DEVICE(pci_dev);
 PIIX4State *s = DO_UPCAST(PIIX4State, dev, pci_dev);
 ISABus *isa_bus;
+ISADevice *pit;
 qemu_irq *i8259_out_irq;
 int i;
 Error *err = NULL;
@@ -174,7 +176,10 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 isa_bus_irqs(isa_bus, s->isa);
 
 /* initialize pit */
-i8254_pit_init(isa_bus, 0x40, 0, NULL);
+pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
+
+/* speaker */
+pcspk_init(isa_bus, pit);
 
 /* DMA */
 DMA_init(isa_bus, 0);
-- 
2.11.0

[Qemu-devel] [PATCH v4 15/16] piix4: rename PIIX4 object to piix4-isa

[Hervé Poussineau]

Other piix4 parts are already named piix4-ide and piix4-usb-uhci.

Reviewed-by: Philippe Mathieu-Daudé 
Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/isa/piix4.c   | 1 -
 hw/mips/mips_malta.c | 2 +-
 include/hw/isa/isa.h | 3 +++
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 159a27d2d9..1447d41934 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -52,7 +52,6 @@ typedef struct PIIX4State {
 uint8_t rcr;
 } PIIX4State;
 
-#define TYPE_PIIX4_PCI_DEVICE "PIIX4"
 #define PIIX4_PCI_DEVICE(obj) \
 OBJECT_CHECK(PIIX4State, (obj), TYPE_PIIX4_PCI_DEVICE)
 
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 3d304a6e0a..93ec013ea2 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1178,7 +1178,7 @@ void mips_malta_init(MachineState *machine)
 ide_drive_get(hd, ARRAY_SIZE(hd));
 
 pci = pci_create_multifunction(pci_bus, PCI_DEVFN(10, 0),
-   true, "PIIX4");
+   true, TYPE_PIIX4_PCI_DEVICE);
 dev = DEVICE(pci);
 
 /* Floppy */
diff --git a/include/hw/isa/isa.h b/include/hw/isa/isa.h
index 95593408ef..1f47692447 100644
--- a/include/hw/isa/isa.h
+++ b/include/hw/isa/isa.h
@@ -153,4 +153,7 @@ static inline ISABus *isa_bus_from_device(ISADevice *d)
 
 /* i8257.c */
 void DMA_init(ISABus *bus, int high_page_enable);
+
+#define TYPE_PIIX4_PCI_DEVICE "piix4-isa"
+
 #endif
-- 
2.11.0

[Qemu-devel] [PATCH v4 11/16] piix4: add a floppy controller, 1 parallel port and 2 serial ports

[Hervé Poussineau]

Remove their instanciation from malta board, to not have them twice.
Automatically create serial/parallel ports in PIIX4 if not provided.

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/isa/piix4.c   | 67 
 hw/mips/mips_malta.c | 41 +---
 2 files changed, 89 insertions(+), 19 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 1aab78cdd2..7a13e83270 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -28,8 +28,10 @@
 #include "hw/i386/pc.h"
 #include "hw/pci/pci.h"
 #include "hw/isa/isa.h"
+#include "hw/char/isa.h"
 #include "hw/sysbus.h"
 #include "hw/timer/i8254.h"
+#include "qapi/error.h"
 
 PCIDevice *piix4_dev;
 
@@ -38,6 +40,10 @@ typedef struct PIIX4State {
 qemu_irq cpu_intr;
 qemu_irq *isa;
 
+FDCtrlISABus floppy;
+ISASerialState serial[2];
+ISAParallelState parallel;
+
 /* Reset Control Register */
 MemoryRegion rcr_mem;
 uint8_t rcr;
@@ -141,6 +147,8 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 PIIX4State *s = DO_UPCAST(PIIX4State, dev, pci_dev);
 ISABus *isa_bus;
 qemu_irq *i8259_out_irq;
+int i;
+Error *err = NULL;
 
 isa_bus = isa_bus_new(dev, pci_address_space(pci_dev),
   pci_address_space_io(pci_dev), errp);
@@ -172,10 +180,68 @@ static void piix4_realize(PCIDevice *pci_dev, Error 
**errp)
 /* Super I/O */
 isa_create_simple(isa_bus, "i8042");
 
+/* floppy */
+qdev_set_parent_bus(DEVICE(>floppy), BUS(isa_bus));
+object_property_set_bool(OBJECT(>floppy), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
+/* serial ports */
+for (i = 0; i < 2; i++) {
+qdev_set_parent_bus(DEVICE(>serial[i]), BUS(isa_bus));
+if (!qemu_chr_fe_backend_connected(>serial[i].state.chr)) {
+char prop[] = "serial?";
+char label[] = "piix4.serial?";
+prop[6] = i + '0';
+label[12] = i + '0';
+qdev_prop_set_chr(dev, prop, qemu_chr_new(label, "null"));
+}
+object_property_set_bool(OBJECT(>serial[i]), true, "realized", 
);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+}
+
+/* parallel port */
+qdev_set_parent_bus(DEVICE(>parallel), BUS(isa_bus));
+if (!qemu_chr_fe_backend_connected(>parallel.state.chr)) {
+qdev_prop_set_chr(dev, "parallel",
+  qemu_chr_new("pii4x.parallel", "null"));
+}
+object_property_set_bool(OBJECT(>parallel), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
 piix4_dev = pci_dev;
 qemu_register_reset(piix4_reset, s);
 }
 
+static void piix4_init(Object *obj)
+{
+PIIX4State *s = PIIX4_PCI_DEVICE(obj);
+int i;
+
+object_initialize(>floppy, sizeof(s->floppy), TYPE_ISA_FDC);
+for (i = 0; i < 2; i++) {
+object_initialize(>serial[i], sizeof(s->serial[i]), 
TYPE_ISA_SERIAL);
+}
+object_initialize(>parallel, sizeof(s->parallel), TYPE_ISA_PARALLEL);
+
+object_property_add_alias(obj, "floppy", OBJECT(>floppy), "driveA",
+  _abort);
+object_property_add_alias(obj, "serial0", OBJECT(>serial[0]), "chardev",
+  _abort);
+object_property_add_alias(obj, "serial1", OBJECT(>serial[1]), "chardev",
+  _abort);
+object_property_add_alias(obj, "parallel", OBJECT(>parallel), "chardev",
+  _abort);
+}
+
 static void piix4_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -199,6 +265,7 @@ static const TypeInfo piix4_info = {
 .name  = TYPE_PIIX4_PCI_DEVICE,
 .parent= TYPE_PCI_DEVICE,
 .instance_size = sizeof(PIIX4State),
+.instance_init = piix4_init,
 .class_init= piix4_class_init,
 .interfaces = (InterfaceInfo[]) {
 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 7498fad006..30fb30fc0e 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1003,7 +1003,7 @@ void mips_malta_init(MachineState *machine)
 int i;
 DriveInfo *dinfo;
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
-DriveInfo *fd[MAX_FD];
+DriveInfo *fd;
 int fl_idx = 0;
 int fl_sectors = bios_size >> 16;
 int be;
@@ -1018,15 +1018,6 @@ void mips_malta_init(MachineState *machine)
 
 qdev_init_nofail(dev);
 
-/* Make sure the first 3 serial ports are associated with a device. */
-for(i = 0; i < 3; i++) {
-if (!serial_hds[i]) {
-char label[32];
-snprintf(label, sizeof(label), "serial%d", i);
-serial_hds[i] = qemu_chr_new(label, "null");
-

Re: [Qemu-devel] [SPARC] question on LEON IRQMP interrupt controller.

[Jean-Christophe DUBOIS]

Hi,

So after trying my code on tsim, I can confirm that the software is 
indeed able to clear/ack the interrupt without requiring the ack from 
the processor.


Things are a bit strange with tsim as the simulator doesn't seem to 
respect time delay when the processor is in sleep/idle mode and jump 
straight to the next timer expiration/interrupt (incrementing the 
required clock cycles in the process) ...


And as the evaluation version of tsim stops the program after 2^32 clock 
cycles the program could not run more than 86 seconds (with the LEON 
clock @ 50 MHz).


But still the interrupts are acknowledged by software only without 
requiring the trap handler to run or the processor to ack the interrupt 
on a hardware way.


So I believe that my proposed modification is correct.

On a related note, tsim is using different interrupts (than Qemu) for 
timer and all. So what is the reference LEON3 platform that Qemu is 
emulating with leon3_generic?


JC

Le 03/01/2018 à 10:23, j...@tribudubois.net a écrit :

Le 2018-01-02 19:58, Fabien Chouteau a écrit :

Hello Jean-Christophe,

I'm the original author of this patch and I add in copy my colleague
Frederic.

On 02/01/2018 12:13, Jean-Christophe DUBOIS wrote:

I am wondering if the IRQMP code in hw/intc/grlib_irqmp.c is correct
when it comes to acknowledging interrupts.

With the actual code an interrupt can be lowered/acked only by an
"ack" from the processor which means that the trap handler related to
this external interrupt needs to be run for the ack to happen.

In particular this means that the interrupt cannot be acked only by
software. Even if the software clears the "pending" interrupts (by
writing to the CLEAR_OFFSET register before the interrupt handler is
run) this does not clear the interrupt to the processor (which is kept
asserted until the handler is run and the interrupt acked by the
processor). Do you know if this is indeed the intended behavior (I
understand that for most operating system the interrupt handler will
be run at last and this does not make a difference)?

I would expect that clearing interrupt through software (by writing to
the CLEAR_OFFSET register) would have the same effect as the processor
acknowledgment (and could avoid to run the interrupt handler if things
have already been taken care of by software).

Unfortunately the documentation I got (on the web) on the IRQMP is not
very clear on the topic.



I don't remember all the details of this CPU on top of my head, I worked
on this years ago.

If you have access to a real board the best would be to compare the
behavior of the CPU on it.


Unfortunately I don't have a real board (yet).


There's also a cycle accurate simulator of
Leon3, you can download an evaluation version here:
http://www.gaisler.com/index.php/downloads/simulators


OK, I will try the tsim simulator from Gaisler as a reference.




Anyway you can find below the patch I'd like to provide for IRQMP.



Can you explain the reason for this change? Why can't you use the
current interrupt handling?


I am working on a cooperative multitasking kernel (with no 
preemption). So the kernel is not handling interrupt related traps 
(actually the kernel is not handling the interrupt controller). All 
interrupts are masked at all time for all application or kernel so no 
interrupt trap handler is ever going to trigger (except for IRQ 15 
which is not maskable).


When the tasks have nothing to do the kernel goes to sleep using ASR19 
on LEON. So the system is awaken by next interrupt and the kernel will 
schedule the task handling the interrupt controller.


On LEON, I can go to sleep until the first interrupt. Once the first 
interrupt has been raised the LEON will never be able to get to 
sleep/idle again through ASR19 (it exists immediately) even if the 
interrupt controller handling task clears the interrupt (writing to 
CLEAR_OFFSET register). And this is because, in the actual Qemu 
implementation, the interrupt can only be acknowledged in the 
interrupt controller by the CPU through the triggering of the related 
trap handler.


So I am wondering if this is indeed the expected behavior in real 
hardware/life (interrupts can only be acked by processor and not by 
software).


Note: On a related subject I am wondering if the system (put in 
idle/sleep through ASR19) would woke up on interrupt if the interrupts 
are all masked through PSR (PIL) (it does wake up in Qemu for now). I 
will also test this on tsim before trying it on real hardware someday.




Regards,

[Qemu-devel] [PATCH v4 14/16] piix4: convert reset function to QOM

[Hervé Poussineau]

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/isa/piix4.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index b313e4fe73..159a27d2d9 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -56,10 +56,10 @@ typedef struct PIIX4State {
 #define PIIX4_PCI_DEVICE(obj) \
 OBJECT_CHECK(PIIX4State, (obj), TYPE_PIIX4_PCI_DEVICE)
 
-static void piix4_reset(void *opaque)
+static void piix4_reset(DeviceState *dev)
 {
-PIIX4State *d = opaque;
-uint8_t *pci_conf = d->dev.config;
+PIIX4State *s = PIIX4_PCI_DEVICE(dev);
+uint8_t *pci_conf = s->dev.config;
 
 pci_conf[0x04] = 0x07; // master, memory and I/O
 pci_conf[0x05] = 0x00;
@@ -234,7 +234,6 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 isa_init_irq(ISA_DEVICE(>rtc), >rtc.irq, RTC_ISA_IRQ);
 
 piix4_dev = pci_dev;
-qemu_register_reset(piix4_reset, s);
 }
 
 static void piix4_init(Object *obj)
@@ -268,6 +267,7 @@ static void piix4_class_init(ObjectClass *klass, void *data)
 k->vendor_id = PCI_VENDOR_ID_INTEL;
 k->device_id = PCI_DEVICE_ID_INTEL_82371AB_0;
 k->class_id = PCI_CLASS_BRIDGE_ISA;
+dc->reset = piix4_reset;
 dc->desc = "ISA bridge";
 dc->vmsd = _piix4;
 /*
-- 
2.11.0

[Qemu-devel] [PATCH v4 12/16] piix4: add a mc146818rtc controller as specified in datasheet

[Hervé Poussineau]

Remove mc146818rtc instanciated in malta board, to not have it twice.

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/isa/piix4.c   | 12 
 hw/mips/mips_malta.c |  5 -
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 7a13e83270..0d68fcb193 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -31,6 +31,7 @@
 #include "hw/char/isa.h"
 #include "hw/sysbus.h"
 #include "hw/timer/i8254.h"
+#include "hw/timer/mc146818rtc.h"
 #include "qapi/error.h"
 
 PCIDevice *piix4_dev;
@@ -43,6 +44,7 @@ typedef struct PIIX4State {
 FDCtrlISABus floppy;
 ISASerialState serial[2];
 ISAParallelState parallel;
+RTCState rtc;
 
 /* Reset Control Register */
 MemoryRegion rcr_mem;
@@ -217,6 +219,15 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 return;
 }
 
+/* timer */
+qdev_set_parent_bus(DEVICE(>rtc), BUS(isa_bus));
+object_property_set_bool(OBJECT(>rtc), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+isa_init_irq(ISA_DEVICE(>rtc), >rtc.irq, RTC_ISA_IRQ);
+
 piix4_dev = pci_dev;
 qemu_register_reset(piix4_reset, s);
 }
@@ -231,6 +242,7 @@ static void piix4_init(Object *obj)
 object_initialize(>serial[i], sizeof(s->serial[i]), 
TYPE_ISA_SERIAL);
 }
 object_initialize(>parallel, sizeof(s->parallel), TYPE_ISA_PARALLEL);
+object_initialize(>rtc, sizeof(s->rtc), TYPE_MC146818_RTC);
 
 object_property_add_alias(obj, "floppy", OBJECT(>floppy), "driveA",
   _abort);
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 30fb30fc0e..3d304a6e0a 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -995,7 +995,6 @@ void mips_malta_init(MachineState *machine)
 uint8_t *smbus_eeprom_buf = g_malloc0(smbus_eeprom_size);
 int64_t kernel_entry, bootloader_run_addr;
 PCIBus *pci_bus;
-ISABus *isa_bus;
 qemu_irq cbus_irq, i8259_irq;
 PCIDevice *pci;
 int piix4_devfn;
@@ -1197,7 +1196,6 @@ void mips_malta_init(MachineState *machine)
 qdev_prop_set_chr(dev, "parallel", parallel_hds[0]);
 
 qdev_init_nofail(dev);
-isa_bus = ISA_BUS(qdev_get_child_bus(dev, "isa.0"));
 piix4_devfn = pci->devfn;
 
 /* Interrupt controller */
@@ -1213,9 +1211,6 @@ void mips_malta_init(MachineState *machine)
 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
 g_free(smbus_eeprom_buf);
 
-/* Super I/O */
-mc146818_rtc_init(isa_bus, 2000, NULL);
-
 /* Network card */
 network_init(pci_bus);
 
-- 
2.11.0

[Qemu-devel] [PATCH v4 09/16] piix4: add a i8254 pit controller as specified in datasheet

[Hervé Poussineau]

Remove i8254 instanciated in malta board, to not have it twice.

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/isa/piix4.c   | 4 
 hw/mips/mips_malta.c | 3 ---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 38757d3ea2..3f59750e5a 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -29,6 +29,7 @@
 #include "hw/pci/pci.h"
 #include "hw/isa/isa.h"
 #include "hw/sysbus.h"
+#include "hw/timer/i8254.h"
 
 PCIDevice *piix4_dev;
 
@@ -162,6 +163,9 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 /* initialize ISA irqs */
 isa_bus_irqs(isa_bus, s->isa);
 
+/* initialize pit */
+i8254_pit_init(isa_bus, 0x40, 0, NULL);
+
 /* DMA */
 DMA_init(isa_bus, 0);
 
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 647688c58a..afe13c684f 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -99,8 +99,6 @@ typedef struct {
 qemu_irq i8259[16];
 } MaltaState;
 
-static ISADevice *pit;
-
 static struct _loaderparams {
 int ram_size, ram_low_size;
 const char *kernel_filename;
@@ -1204,7 +1202,6 @@ void mips_malta_init(MachineState *machine)
   isa_get_irq(NULL, 9), NULL, 0, NULL);
 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
 g_free(smbus_eeprom_buf);
-pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
 
 /* Super I/O */
 isa_create_simple(isa_bus, "i8042");
-- 
2.11.0

[Qemu-devel] [PATCH v4 16/16] piix4: we can now instanciate a PIIX4 with -device

[Hervé Poussineau]

Note that the PIC master can't be connected to CPU using the command line, but
it's not necessary to have a working ISA bus (for I/O, memory and DMA).

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/isa/piix4.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 1447d41934..f8e43636ab 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -269,12 +269,6 @@ static void piix4_class_init(ObjectClass *klass, void 
*data)
 dc->reset = piix4_reset;
 dc->desc = "ISA bridge";
 dc->vmsd = _piix4;
-/*
- * Reason: part of PIIX4 southbridge, needs to be wired up,
- * e.g. by mips_malta_init()
- */
-dc->user_creatable = false;
-dc->hotpluggable = false;
 }
 
 static const TypeInfo piix4_info = {
-- 
2.11.0

[Qemu-devel] [PATCH v4 10/16] piix4: add a i8042 keyboard/mouse controller as specified in datasheet

[Hervé Poussineau]

Remove i8042 instanciated in malta board, to not have it twice.

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/isa/piix4.c   | 3 +++
 hw/mips/mips_malta.c | 2 --
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 3f59750e5a..1aab78cdd2 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -169,6 +169,9 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 /* DMA */
 DMA_init(isa_bus, 0);
 
+/* Super I/O */
+isa_create_simple(isa_bus, "i8042");
+
 piix4_dev = pci_dev;
 qemu_register_reset(piix4_reset, s);
 }
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index afe13c684f..7498fad006 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1204,8 +1204,6 @@ void mips_malta_init(MachineState *machine)
 g_free(smbus_eeprom_buf);
 
 /* Super I/O */
-isa_create_simple(isa_bus, "i8042");
-
 mc146818_rtc_init(isa_bus, 2000, NULL);
 serial_hds_isa_init(isa_bus, 0, 2);
 parallel_hds_isa_init(isa_bus, 1);
-- 
2.11.0

[Qemu-devel] [PATCH v4 05/16] piix4: rename some variables in realize function

[Hervé Poussineau]

PIIX4 structure is now 's'
PCI device is now 'pci_dev'
DeviceState is now 'dev'

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/isa/piix4.c | 13 +++--
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 6b8bc3faf0..7b231b704b 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -87,16 +87,17 @@ static const VMStateDescription vmstate_piix4 = {
 }
 };
 
-static void piix4_realize(PCIDevice *dev, Error **errp)
+static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 {
-PIIX4State *d = PIIX4_PCI_DEVICE(dev);
+DeviceState *dev = DEVICE(pci_dev);
+PIIX4State *s = DO_UPCAST(PIIX4State, dev, pci_dev);
 
-if (!isa_bus_new(DEVICE(d), pci_address_space(dev),
- pci_address_space_io(dev), errp)) {
+if (!isa_bus_new(dev, pci_address_space(pci_dev),
+ pci_address_space_io(pci_dev), errp)) {
 return;
 }
-piix4_dev = >dev;
-qemu_register_reset(piix4_reset, d);
+piix4_dev = pci_dev;
+qemu_register_reset(piix4_reset, s);
 }
 
 int piix4_init(PCIBus *bus, ISABus **isa_bus, int devfn)
-- 
2.11.0

[Qemu-devel] [PATCH v4 07/16] piix4: add a i8259 interrupt controller as specified in datasheet

[Hervé Poussineau]

Add ISA irqs as piix4 gpio in, and CPU interrupt request as piix4 gpio out.
Remove i8259 instanciated in malta board, to not have it twice.

We can also remove the now unused piix4_init() function.

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/isa/piix4.c   | 40 +---
 hw/mips/mips_malta.c | 28 
 include/hw/i386/pc.h |  1 -
 3 files changed, 41 insertions(+), 28 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index ce15370d4d..d21a448db1 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -34,6 +34,8 @@ PCIDevice *piix4_dev;
 
 typedef struct PIIX4State {
 PCIDevice dev;
+qemu_irq cpu_intr;
+qemu_irq *isa;
 
 /* Reset Control Register */
 MemoryRegion rcr_mem;
@@ -92,6 +94,18 @@ static const VMStateDescription vmstate_piix4 = {
 }
 };
 
+static void piix4_request_i8259_irq(void *opaque, int irq, int level)
+{
+PIIX4State *s = opaque;
+qemu_set_irq(s->cpu_intr, level);
+}
+
+static void piix4_set_i8259_irq(void *opaque, int irq, int level)
+{
+PIIX4State *s = opaque;
+qemu_set_irq(s->isa[irq], level);
+}
+
 static void piix4_rcr_write(void *opaque, hwaddr addr, uint64_t val,
 unsigned int len)
 {
@@ -124,28 +138,32 @@ static void piix4_realize(PCIDevice *pci_dev, Error 
**errp)
 {
 DeviceState *dev = DEVICE(pci_dev);
 PIIX4State *s = DO_UPCAST(PIIX4State, dev, pci_dev);
+ISABus *isa_bus;
+qemu_irq *i8259_out_irq;
 
-if (!isa_bus_new(dev, pci_address_space(pci_dev),
- pci_address_space_io(pci_dev), errp)) {
+isa_bus = isa_bus_new(dev, pci_address_space(pci_dev),
+  pci_address_space_io(pci_dev), errp);
+if (!isa_bus) {
 return;
 }
 
+qdev_init_gpio_in_named(dev, piix4_set_i8259_irq, "isa", ISA_NUM_IRQS);
+qdev_init_gpio_out_named(dev, >cpu_intr, "intr", 1);
+
 memory_region_init_io(>rcr_mem, OBJECT(dev), _rcr_ops, s,
   "reset-control", 1);
 memory_region_add_subregion_overlap(pci_address_space_io(pci_dev), 0xcf9,
 >rcr_mem, 1);
 
-piix4_dev = pci_dev;
-qemu_register_reset(piix4_reset, s);
-}
+/* initialize i8259 pic */
+i8259_out_irq = qemu_allocate_irqs(piix4_request_i8259_irq, s, 1);
+s->isa = i8259_init(isa_bus, *i8259_out_irq);
 
-int piix4_init(PCIBus *bus, ISABus **isa_bus, int devfn)
-{
-PCIDevice *d;
+/* initialize ISA irqs */
+isa_bus_irqs(isa_bus, s->isa);
 
-d = pci_create_simple_multifunction(bus, devfn, true, "PIIX4");
-*isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(d), "isa.0"));
-return d->devfn;
+piix4_dev = pci_dev;
+qemu_register_reset(piix4_reset, s);
 }
 
 static void piix4_class_init(ObjectClass *klass, void *data)
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 37f19428d6..043fe40bce 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -96,7 +96,7 @@ typedef struct {
 SysBusDevice parent_obj;
 
 MIPSCPSState *cps;
-qemu_irq *i8259;
+qemu_irq i8259[16];
 } MaltaState;
 
 static ISADevice *pit;
@@ -998,8 +998,8 @@ void mips_malta_init(MachineState *machine)
 int64_t kernel_entry, bootloader_run_addr;
 PCIBus *pci_bus;
 ISABus *isa_bus;
-qemu_irq *isa_irq;
 qemu_irq cbus_irq, i8259_irq;
+PCIDevice *pci;
 int piix4_devfn;
 I2CBus *smbus;
 int i;
@@ -1180,28 +1180,24 @@ void mips_malta_init(MachineState *machine)
 /* Board ID = 0x420 (Malta Board with CoreLV) */
 stl_p(memory_region_get_ram_ptr(bios_copy) + 0x10, 0x0420);
 
-/*
- * We have a circular dependency problem: pci_bus depends on isa_irq,
- * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
- * on piix4, and piix4 depends on pci_bus.  To stop the cycle we have
- * qemu_irq_proxy() adds an extra bit of indirection, allowing us
- * to resolve the isa_irq -> i8259 dependency after i8259 is initialized.
- */
-isa_irq = qemu_irq_proxy(>i8259, 16);
-
 /* Northbridge */
-pci_bus = gt64120_register(isa_irq);
+pci_bus = gt64120_register(s->i8259);
 
 /* Southbridge */
 ide_drive_get(hd, ARRAY_SIZE(hd));
 
-piix4_devfn = piix4_init(pci_bus, _bus, 80);
+pci = pci_create_simple_multifunction(pci_bus, PCI_DEVFN(10, 0),
+  true, "PIIX4");
+dev = DEVICE(pci);
+isa_bus = ISA_BUS(qdev_get_child_bus(dev, "isa.0"));
+piix4_devfn = pci->devfn;
 
 /* Interrupt controller */
-/* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
-s->i8259 = i8259_init(isa_bus, i8259_irq);
+qdev_connect_gpio_out_named(dev, "intr", 0, i8259_irq);
+for (i = 0; i < 16; i++) {
+s->i8259[i] = qdev_get_gpio_in_named(dev, "isa", i);
+}
 
-

[Qemu-devel] [PATCH v4 02/16] serial/parallel: move object structures to header file

[Hervé Poussineau]

We are now able to embed serial/parallel ports in another object.

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/char/parallel.c   | 31 +-
 hw/char/serial-isa.c | 13 +
 hw/ppc/pnv.c |  2 +-
 include/hw/char/isa.h| 50 
 include/hw/char/serial.h |  1 -
 5 files changed, 53 insertions(+), 44 deletions(-)
 create mode 100644 include/hw/char/isa.h

diff --git a/hw/char/parallel.c b/hw/char/parallel.c
index f79dc76543..6b36d425ff 100644
--- a/hw/char/parallel.c
+++ b/hw/char/parallel.c
@@ -28,6 +28,7 @@
 #include "chardev/char-parallel.h"
 #include "chardev/char-fe.h"
 #include "hw/isa/isa.h"
+#include "hw/char/isa.h"
 #include "hw/i386/pc.h"
 #include "sysemu/sysemu.h"
 
@@ -67,36 +68,6 @@
 
 #define PARA_CTR_SIGNAL 
(PARA_CTR_SELECT|PARA_CTR_INIT|PARA_CTR_AUTOLF|PARA_CTR_STROBE)
 
-typedef struct ParallelState {
-MemoryRegion iomem;
-uint8_t dataw;
-uint8_t datar;
-uint8_t status;
-uint8_t control;
-qemu_irq irq;
-int irq_pending;
-CharBackend chr;
-int hw_driver;
-int epp_timeout;
-uint32_t last_read_offset; /* For debugging */
-/* Memory-mapped interface */
-int it_shift;
-PortioList portio_list;
-} ParallelState;
-
-#define TYPE_ISA_PARALLEL "isa-parallel"
-#define ISA_PARALLEL(obj) \
-OBJECT_CHECK(ISAParallelState, (obj), TYPE_ISA_PARALLEL)
-
-typedef struct ISAParallelState {
-ISADevice parent_obj;
-
-uint32_t index;
-uint32_t iobase;
-uint32_t isairq;
-ParallelState state;
-} ISAParallelState;
-
 static void parallel_update_irq(ParallelState *s)
 {
 if (s->irq_pending)
diff --git a/hw/char/serial-isa.c b/hw/char/serial-isa.c
index d7c5cc11fe..2c6cf81790 100644
--- a/hw/char/serial-isa.c
+++ b/hw/char/serial-isa.c
@@ -26,18 +26,7 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "hw/char/serial.h"
-#include "hw/isa/isa.h"
-
-#define ISA_SERIAL(obj) OBJECT_CHECK(ISASerialState, (obj), TYPE_ISA_SERIAL)
-
-typedef struct ISASerialState {
-ISADevice parent_obj;
-
-uint32_t index;
-uint32_t iobase;
-uint32_t isairq;
-SerialState state;
-} ISASerialState;
+#include "hw/char/isa.h"
 
 static const int isa_serial_io[MAX_SERIAL_PORTS] = {
 0x3f8, 0x2f8, 0x3e8, 0x2e8
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 94ffc8e137..bf518d92a2 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -41,7 +41,7 @@
 #include "hw/ppc/pnv_xscom.h"
 
 #include "hw/isa/isa.h"
-#include "hw/char/serial.h"
+#include "hw/char/isa.h"
 #include "hw/timer/mc146818rtc.h"
 
 #include 
diff --git a/include/hw/char/isa.h b/include/hw/char/isa.h
new file mode 100644
index 00..39f7be41c5
--- /dev/null
+++ b/include/hw/char/isa.h
@@ -0,0 +1,50 @@
+#ifndef HW_CHAR_ISA_H
+#define HW_CHAR_ISA_H
+
+#include "qemu-common.h"
+#include "hw/char/serial.h"
+#include "hw/isa/isa.h"
+
+typedef struct ParallelState {
+MemoryRegion iomem;
+uint8_t dataw;
+uint8_t datar;
+uint8_t status;
+uint8_t control;
+qemu_irq irq;
+int irq_pending;
+CharBackend chr;
+int hw_driver;
+int epp_timeout;
+uint32_t last_read_offset; /* For debugging */
+/* Memory-mapped interface */
+int it_shift;
+PortioList portio_list;
+} ParallelState;
+
+typedef struct ISAParallelState {
+ISADevice parent_obj;
+
+uint32_t index;
+uint32_t iobase;
+uint32_t isairq;
+ParallelState state;
+} ISAParallelState;
+
+#define TYPE_ISA_PARALLEL "isa-parallel"
+#define ISA_PARALLEL(obj) \
+OBJECT_CHECK(ISAParallelState, (obj), TYPE_ISA_PARALLEL)
+
+typedef struct ISASerialState {
+ISADevice parent_obj;
+
+uint32_t index;
+uint32_t iobase;
+uint32_t isairq;
+SerialState state;
+} ISASerialState;
+
+#define TYPE_ISA_SERIAL "isa-serial"
+#define ISA_SERIAL(obj) OBJECT_CHECK(ISASerialState, (obj), TYPE_ISA_SERIAL)
+
+#endif
diff --git a/include/hw/char/serial.h b/include/hw/char/serial.h
index c4daf11a14..ec7da3d7f6 100644
--- a/include/hw/char/serial.h
+++ b/include/hw/char/serial.h
@@ -95,7 +95,6 @@ SerialState *serial_mm_init(MemoryRegion *address_space,
 Chardev *chr, enum device_endian end);
 
 /* serial-isa.c */
-#define TYPE_ISA_SERIAL "isa-serial"
 void serial_hds_isa_init(ISABus *bus, int from, int to);
 
 #endif
-- 
2.11.0

[Qemu-devel] [PATCH v4 04/16] mc146818rtc: always register rtc to rtc list

[Hervé Poussineau]

We are not required anymore to use rtc_init() function.

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/timer/mc146818rtc.c | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/hw/timer/mc146818rtc.c b/hw/timer/mc146818rtc.c
index 3e8c0b7d33..0d0cae3031 100644
--- a/hw/timer/mc146818rtc.c
+++ b/hw/timer/mc146818rtc.c
@@ -967,17 +967,16 @@ static void rtc_realizefn(DeviceState *dev, Error **errp)
   OBJECT(s), "date", NULL);
 
 qdev_init_gpio_out(dev, >irq, 1);
+QLIST_INSERT_HEAD(_devices, s, link);
 }
 
 ISADevice *mc146818_rtc_init(ISABus *bus, int base_year, qemu_irq 
intercept_irq)
 {
 DeviceState *dev;
 ISADevice *isadev;
-RTCState *s;
 
 isadev = isa_create(bus, TYPE_MC146818_RTC);
 dev = DEVICE(isadev);
-s = MC146818_RTC(isadev);
 qdev_prop_set_int32(dev, "base_year", base_year);
 qdev_init_nofail(dev);
 if (intercept_irq) {
@@ -985,7 +984,6 @@ ISADevice *mc146818_rtc_init(ISABus *bus, int base_year, 
qemu_irq intercept_irq)
 } else {
 isa_connect_gpio_out(isadev, 0, RTC_ISA_IRQ);
 }
-QLIST_INSERT_HEAD(_devices, s, link);
 
 return isadev;
 }
@@ -1016,8 +1014,6 @@ static void rtc_class_initfn(ObjectClass *klass, void 
*data)
 dc->reset = rtc_resetdev;
 dc->vmsd = _rtc;
 dc->props = mc146818rtc_properties;
-/* Reason: needs to be wired up by rtc_init() */
-dc->user_creatable = false;
 }
 
 static void rtc_finalize(Object *obj)
-- 
2.11.0

[Qemu-devel] [PATCH v4 01/16] fdc: move object structures to header file

[Hervé Poussineau]

We are now able to embed floppy controllers in another object.

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/block/fdc.c | 102 
 include/hw/block/fdc.h | 103 +
 2 files changed, 103 insertions(+), 102 deletions(-)

diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index 7b7dd41296..c81e0313c8 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -60,15 +60,8 @@
 #define TYPE_FLOPPY_BUS "floppy-bus"
 #define FLOPPY_BUS(obj) OBJECT_CHECK(FloppyBus, (obj), TYPE_FLOPPY_BUS)
 
-typedef struct FDCtrl FDCtrl;
-typedef struct FDrive FDrive;
 static FDrive *get_drv(FDCtrl *fdctrl, int unit);
 
-typedef struct FloppyBus {
-BusState bus;
-FDCtrl *fdc;
-} FloppyBus;
-
 static const TypeInfo floppy_bus_info = {
 .name = TYPE_FLOPPY_BUS,
 .parent = TYPE_BUS,
@@ -178,36 +171,6 @@ static FDriveSize drive_size(FloppyDriveType drive)
 #define FD_SECTOR_SC   2   /* Sector size code */
 #define FD_RESET_SENSEI_COUNT  4   /* Number of sense interrupts on RESET */
 
-/* Floppy disk drive emulation */
-typedef enum FDiskFlags {
-FDISK_DBL_SIDES  = 0x01,
-} FDiskFlags;
-
-struct FDrive {
-FDCtrl *fdctrl;
-BlockBackend *blk;
-BlockConf *conf;
-/* Drive status */
-FloppyDriveType drive;/* CMOS drive type*/
-uint8_t perpendicular;/* 2.88 MB access mode*/
-/* Position */
-uint8_t head;
-uint8_t track;
-uint8_t sect;
-/* Media */
-FloppyDriveType disk; /* Current disk type  */
-FDiskFlags flags;
-uint8_t last_sect;/* Nb sector per track*/
-uint8_t max_track;/* Nb of tracks   */
-uint16_t bps; /* Bytes per sector   */
-uint8_t ro;   /* Is read-only   */
-uint8_t media_changed;/* Is media changed   */
-uint8_t media_rate;   /* Data rate of medium*/
-
-bool media_validated; /* Have we validated the media? */
-};
-
-
 static FloppyDriveType get_fallback_drive_type(FDrive *drv);
 
 /* Hack: FD_SEEK is expected to work on empty drives. However, QEMU
@@ -819,60 +782,6 @@ enum {
 #define FD_MULTI_TRACK(state) ((state) & FD_STATE_MULTI)
 #define FD_FORMAT_CMD(state) ((state) & FD_STATE_FORMAT)
 
-struct FDCtrl {
-MemoryRegion iomem;
-qemu_irq irq;
-/* Controller state */
-QEMUTimer *result_timer;
-int dma_chann;
-uint8_t phase;
-IsaDma *dma;
-/* Controller's identification */
-uint8_t version;
-/* HW */
-uint8_t sra;
-uint8_t srb;
-uint8_t dor;
-uint8_t dor_vmstate; /* only used as temp during vmstate */
-uint8_t tdr;
-uint8_t dsr;
-uint8_t msr;
-uint8_t cur_drv;
-uint8_t status0;
-uint8_t status1;
-uint8_t status2;
-/* Command FIFO */
-uint8_t *fifo;
-int32_t fifo_size;
-uint32_t data_pos;
-uint32_t data_len;
-uint8_t data_state;
-uint8_t data_dir;
-uint8_t eot; /* last wanted sector */
-/* States kept only to be returned back */
-/* precompensation */
-uint8_t precomp_trk;
-uint8_t config;
-uint8_t lock;
-/* Power down config (also with status regB access mode */
-uint8_t pwrd;
-/* Floppy drives */
-FloppyBus bus;
-uint8_t num_floppies;
-FDrive drives[MAX_FD];
-struct {
-BlockBackend *blk;
-FloppyDriveType type;
-} qdev_for_drives[MAX_FD];
-int reset_sensei;
-uint32_t check_media_rate;
-FloppyDriveType fallback; /* type=auto failure fallback */
-/* Timers state */
-uint8_t timer0;
-uint8_t timer1;
-PortioList portio_list;
-};
-
 static FloppyDriveType get_fallback_drive_type(FDrive *drv)
 {
 return drv->fdctrl->fallback;
@@ -891,17 +800,6 @@ typedef struct FDCtrlSysBus {
 
 #define ISA_FDC(obj) OBJECT_CHECK(FDCtrlISABus, (obj), TYPE_ISA_FDC)
 
-typedef struct FDCtrlISABus {
-ISADevice parent_obj;
-
-uint32_t iobase;
-uint32_t irq;
-uint32_t dma;
-struct FDCtrl state;
-int32_t bootindexA;
-int32_t bootindexB;
-} FDCtrlISABus;
-
 static uint32_t fdctrl_read (void *opaque, uint32_t reg)
 {
 FDCtrl *fdctrl = opaque;
diff --git a/include/hw/block/fdc.h b/include/hw/block/fdc.h
index 1749dabf25..d076b2fc1a 100644
--- a/include/hw/block/fdc.h
+++ b/include/hw/block/fdc.h
@@ -2,12 +2,115 @@
 #define HW_FDC_H
 
 #include "qemu-common.h"
+#include "hw/block/block.h"
+#include "hw/isa/isa.h"
 
 /* fdc.c */
 #define MAX_FD 2
 
+typedef struct FDCtrl FDCtrl;
+
+/* Floppy disk drive emulation */
+typedef enum FDiskFlags {
+FDISK_DBL_SIDES  = 0x01,
+} FDiskFlags;
+
+typedef struct FDrive {
+FDCtrl *fdctrl;
+BlockBackend *blk;
+BlockConf *conf;
+/* Drive status */
+FloppyDriveType drive;/* CMOS drive type*/
+uint8_t perpendicular;/* 2.88 MB access 

[Qemu-devel] [PATCH v4 06/16] piix4: add Reset Control Register

[Hervé Poussineau]

The RCR I/O port (0xcf9) is used to generate a hard reset or a soft reset.

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/isa/piix4.c | 39 +++
 1 file changed, 39 insertions(+)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 7b231b704b..ce15370d4d 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -2,6 +2,7 @@
  * QEMU PIIX4 PCI Bridge Emulation
  *
  * Copyright (c) 2006 Fabrice Bellard
+ * Copyright (c) 2018 Hervé Poussineau
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to 
deal
@@ -33,6 +34,10 @@ PCIDevice *piix4_dev;
 
 typedef struct PIIX4State {
 PCIDevice dev;
+
+/* Reset Control Register */
+MemoryRegion rcr_mem;
+uint8_t rcr;
 } PIIX4State;
 
 #define TYPE_PIIX4_PCI_DEVICE "PIIX4"
@@ -87,6 +92,34 @@ static const VMStateDescription vmstate_piix4 = {
 }
 };
 
+static void piix4_rcr_write(void *opaque, hwaddr addr, uint64_t val,
+unsigned int len)
+{
+PIIX4State *s = opaque;
+
+if (val & 4) {
+qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
+return;
+}
+s->rcr = val & 2; /* keep System Reset type only */
+}
+
+static uint64_t piix4_rcr_read(void *opaque, hwaddr addr, unsigned int len)
+{
+PIIX4State *s = opaque;
+return s->rcr;
+}
+
+static const MemoryRegionOps piix4_rcr_ops = {
+.read = piix4_rcr_read,
+.write = piix4_rcr_write,
+.endianness = DEVICE_LITTLE_ENDIAN,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 1,
+},
+};
+
 static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 {
 DeviceState *dev = DEVICE(pci_dev);
@@ -96,6 +129,12 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
  pci_address_space_io(pci_dev), errp)) {
 return;
 }
+
+memory_region_init_io(>rcr_mem, OBJECT(dev), _rcr_ops, s,
+  "reset-control", 1);
+memory_region_add_subregion_overlap(pci_address_space_io(pci_dev), 0xcf9,
+>rcr_mem, 1);
+
 piix4_dev = pci_dev;
 qemu_register_reset(piix4_reset, s);
 }
-- 
2.11.0

[Qemu-devel] [PATCH v4 03/16] mc146818rtc: move structure to header file

[Hervé Poussineau]

We are now able to embed a timer in another object.

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/timer/mc146818rtc.c | 30 --
 include/hw/timer/mc146818rtc.h | 29 +
 2 files changed, 29 insertions(+), 30 deletions(-)

diff --git a/hw/timer/mc146818rtc.c b/hw/timer/mc146818rtc.c
index 35a05a64cc..3e8c0b7d33 100644
--- a/hw/timer/mc146818rtc.c
+++ b/hw/timer/mc146818rtc.c
@@ -62,36 +62,6 @@
 #define RTC_CLOCK_RATE32768
 #define UIP_HOLD_LENGTH   (8 * NANOSECONDS_PER_SECOND / 32768)
 
-#define MC146818_RTC(obj) OBJECT_CHECK(RTCState, (obj), TYPE_MC146818_RTC)
-
-typedef struct RTCState {
-ISADevice parent_obj;
-
-MemoryRegion io;
-uint8_t cmos_data[128];
-uint8_t cmos_index;
-int32_t base_year;
-uint64_t base_rtc;
-uint64_t last_update;
-int64_t offset;
-qemu_irq irq;
-int it_shift;
-/* periodic timer */
-QEMUTimer *periodic_timer;
-int64_t next_periodic_time;
-/* update-ended timer */
-QEMUTimer *update_timer;
-uint64_t next_alarm_time;
-uint16_t irq_reinject_on_ack_count;
-uint32_t irq_coalesced;
-uint32_t period;
-QEMUTimer *coalesced_timer;
-Notifier clock_reset_notifier;
-LostTickPolicy lost_tick_policy;
-Notifier suspend_notifier;
-QLIST_ENTRY(RTCState) link;
-} RTCState;
-
 static void rtc_set_time(RTCState *s);
 static void rtc_update_time(RTCState *s);
 static void rtc_set_cmos(RTCState *s, const struct tm *tm);
diff --git a/include/hw/timer/mc146818rtc.h b/include/hw/timer/mc146818rtc.h
index fe6ed63f71..7385622604 100644
--- a/include/hw/timer/mc146818rtc.h
+++ b/include/hw/timer/mc146818rtc.h
@@ -5,6 +5,35 @@
 #include "hw/timer/mc146818rtc_regs.h"
 
 #define TYPE_MC146818_RTC "mc146818rtc"
+#define MC146818_RTC(obj) OBJECT_CHECK(RTCState, (obj), TYPE_MC146818_RTC)
+
+typedef struct RTCState {
+ISADevice parent_obj;
+
+MemoryRegion io;
+uint8_t cmos_data[128];
+uint8_t cmos_index;
+int32_t base_year;
+uint64_t base_rtc;
+uint64_t last_update;
+int64_t offset;
+qemu_irq irq;
+int it_shift;
+/* periodic timer */
+QEMUTimer *periodic_timer;
+int64_t next_periodic_time;
+/* update-ended timer */
+QEMUTimer *update_timer;
+uint64_t next_alarm_time;
+uint16_t irq_reinject_on_ack_count;
+uint32_t irq_coalesced;
+uint32_t period;
+QEMUTimer *coalesced_timer;
+Notifier clock_reset_notifier;
+LostTickPolicy lost_tick_policy;
+Notifier suspend_notifier;
+QLIST_ENTRY(RTCState) link;
+} RTCState;
 
 ISADevice *mc146818_rtc_init(ISABus *bus, int base_year,
  qemu_irq intercept_irq);
-- 
2.11.0

[Qemu-devel] [PATCH v4 08/16] piix4: add a i8257 dma controller as specified in datasheet

[Hervé Poussineau]

Remove i8257 instanciated in malta board, to not have it twice.

Acked-by: Michael S. Tsirkin 
Acked-by: Paolo Bonzini 
Signed-off-by: Hervé Poussineau 
---
 hw/isa/piix4.c   | 3 +++
 hw/mips/mips_malta.c | 1 -
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index d21a448db1..38757d3ea2 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -162,6 +162,9 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 /* initialize ISA irqs */
 isa_bus_irqs(isa_bus, s->isa);
 
+/* DMA */
+DMA_init(isa_bus, 0);
+
 piix4_dev = pci_dev;
 qemu_register_reset(piix4_reset, s);
 }
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 043fe40bce..647688c58a 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1205,7 +1205,6 @@ void mips_malta_init(MachineState *machine)
 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
 g_free(smbus_eeprom_buf);
 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
-DMA_init(isa_bus, 0);
 
 /* Super I/O */
 isa_create_simple(isa_bus, "i8042");
-- 
2.11.0

[Qemu-devel] [PATCH v4 00/16] piix4: cleanup and improvements

[Hervé Poussineau]

Hi,

This patchset is a cleanup of the PIIX4 PCI-ISA bridge. Lots of devices
are moved from MIPS Malta board (which has a PIIX4) to PIIX4, where devices
belong. This lets us reuse PIIX4 in other machines, while not loosing any
functionality.

Last patch allows adding a new PIIX4 device directly from command line.
Note that this will work only as long no other ISA bus already exist on the
machine.

Hervé

Changes v3 -> v4:
- don't use DeviceClass->init function (patch 4, Marcel Apfelbaum)
- renamed pci to pci_dev (patch 5, Marcel Apfelbaum)
- add impl.{min,max}_access_size (patch 6, Michael S. Tsirkin)
- added Acked-by tags

Changes v2 -> v3:
- rebased on master and fixed conflicts
- added patch 14 (convert reset function to QOM)
- use TYPE_PIIX4_PCI_DEVICE in Malta board (patch 15, Philippe Mathieu-Daudé)

Changes v1 -> v2:
- fixed compilation on CentOS 6 (patch 1)
- automatically create serial/parallel chardevs if not provided (patch 11)

Hervé Poussineau (16):
  fdc: move object structures to header file
  serial/parallel: move object structures to header file
  mc146818rtc: move structure to header file
  mc146818rtc: always register rtc to rtc list
  piix4: rename some variables in realize function
  piix4: add Reset Control Register
  piix4: add a i8259 interrupt controller as specified in datasheet
  piix4: add a i8257 dma controller as specified in datasheet
  piix4: add a i8254 pit controller as specified in datasheet
  piix4: add a i8042 keyboard/mouse controller as specified in datasheet
  piix4: add a floppy controller, 1 parallel port and 2 serial ports
  piix4: add a mc146818rtc controller as specified in datasheet
  piix4: add a speaker as specified in datasheet
  piix4: convert reset function to QOM
  piix4: rename PIIX4 object to piix4-isa
  piix4: we can now instanciate a PIIX4 with -device

 hw/block/fdc.c | 102 --
 hw/char/parallel.c |  31 +--
 hw/char/serial-isa.c   |  13 +--
 hw/isa/piix4.c | 187 -
 hw/mips/mips_malta.c   |  74 +++-
 hw/ppc/pnv.c   |   2 +-
 hw/timer/mc146818rtc.c |  36 +---
 include/hw/block/fdc.h | 103 +++
 include/hw/char/isa.h  |  50 +++
 include/hw/char/serial.h   |   1 -
 include/hw/i386/pc.h   |   1 -
 include/hw/isa/isa.h   |   3 +
 include/hw/timer/mc146818rtc.h |  29 +++
 13 files changed, 386 insertions(+), 246 deletions(-)
 create mode 100644 include/hw/char/isa.h

-- 
2.11.0