Re: [Qemu-devel] [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge

[Vincent Bernat]

 ❦  8 janvier 2018 21:19 -0200, Eduardo Habkost  :

>> > GET_SUPPORTED_CPUID seems to still return PCID as supported
>> > without EPT, doesn't it?
>> 
>> Indeed it is!  It will also be useful for KPTI performance without
>> INVPCID, but it won't be useful without EPT.
>
> Well, I can live with "not useful without EPT", as long as it
> doesn't mean "broken without EPT".  It looks like we can safely
> enable it, as long as:
>
> 2) we confirm if all Intel Westmere/SandyBridge/IvyBridge CPUs
>have PCID;

I didn't find an authoritative information about that on Intel
website. Various sites indeed says the feature was introduced in
Westmere. And Greg KH mentions Westmere here too:
 https://mail-archive.com/linux-kernel@vger.kernel.org/msg1576774.html

> 1) QEMU documentation states that it requires Linux v3.6 or newer
>for KVM.

I have updated the patch and sent it in a new thread. It's now based on
x86-next.
-- 
Clothes make the man.  Naked people have little or no influence on society.
-- Mark Twain

[Qemu-devel] [PATCH x86-next v2] target-i386: add PCID flag to Westmere, Sandy Bridge and Ivy Bridge

[Vincent Bernat]

PCID has been introduced in Westmere and, since Linux 3.6
(ad756a1603c5), KVM exposes PCID flag if host has it. Update CPU model
for Westmere, Sandy Bridge and Ivy Bridge accordingly.

Ensure compat 2.11 keeps PCID disabled by default for those models and
document the new requirement for host kernel.

Signed-off-by: Vincent Bernat 
---
 include/hw/i386/pc.h | 14 +-
 qemu-doc.texi| 11 +++
 target/i386/cpu.c|  7 ---
 3 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index bb49165fe0a4..f4ccbfdc4ac2 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -327,6 +327,18 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 .driver   = "Skylake-Server" "-" TYPE_X86_CPU,\
 .property = "clflushopt",\
 .value= "off",\
+},{\
+.driver   = "Westmere-" TYPE_X86_CPU,\
+.property = "pcid",\
+.value= "off",\
+},{\
+.driver   = "SandyBridge-" TYPE_X86_CPU,\
+.property = "pcid",\
+.value= "off",\
+},{\
+.driver   = "IvyBridge-" TYPE_X86_CPU,\
+.property = "pcid",\
+.value= "off",\
 },
 
 #define PC_COMPAT_2_10 \
@@ -351,7 +363,7 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 .driver   = "mch",\
 .property = "extended-tseg-mbytes",\
 .value= stringify(0),\
-},\
+},
 
 #define PC_COMPAT_2_8 \
 HW_COMPAT_2_8 \
diff --git a/qemu-doc.texi b/qemu-doc.texi
index 8d0c809ad5cf..9e1a03181427 100644
--- a/qemu-doc.texi
+++ b/qemu-doc.texi
@@ -37,6 +37,7 @@
 * QEMU System emulator for non PC targets::
 * QEMU Guest Agent::
 * QEMU User space emulator::
+* System requirements::
 * Implementation notes::
 * Deprecated features::
 * License::
@@ -2565,6 +2566,16 @@ Act as if the host page size was 'pagesize' bytes
 Run the emulation in single step mode.
 @end table
 
+@node System requirements
+@chapter System requirements
+
+@section KVM kernel module
+
+On x86_64 hosts, the default set of CPU features enabled by the KVM
+accelerator require the host to be running Linux v3.6 or newer. If the
+minimum requirement is not met, the guest will not be runnable,
+depending on the selected CPU model. Older emulated machines, like
+``pc-q35-2.10'', may work with older kernels.
 
 @include qemu-tech.texi
 
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 65f785c7e739..873c0151ef57 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1081,7 +1081,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
 .features[FEAT_1_ECX] =
 CPUID_EXT_AES | CPUID_EXT_POPCNT | CPUID_EXT_SSE42 |
 CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
-CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3,
+CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 | CPUID_EXT_PCID,
 .features[FEAT_8000_0001_EDX] =
 CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
 .features[FEAT_8000_0001_ECX] =
@@ -1109,7 +1109,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT |
 CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
 CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
-CPUID_EXT_SSE3,
+CPUID_EXT_SSE3 | CPUID_EXT_PCID,
 .features[FEAT_8000_0001_EDX] =
 CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
 CPUID_EXT2_SYSCALL,
@@ -1140,7 +1140,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT |
 CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
 CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
-CPUID_EXT_SSE3 | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
+CPUID_EXT_SSE3 | CPUID_EXT_F16C | CPUID_EXT_RDRAND |
+CPUID_EXT_PCID,
 .features[FEAT_7_0_EBX] =
 CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_SMEP |
 CPUID_7_0_EBX_ERMS,
-- 
2.15.1

Re: [Qemu-devel] [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge

[Vincent Bernat]

 ❦  8 janvier 2018 20:56 -0200, Eduardo Habkost  :


> (BTW, is PCID useful for KPTI performance without INVPCID?)

It seems it is:

https://mail-archive.com/linux-kernel@vger.kernel.org/msg1576774.html
-- 
Don't use conditional branches as a substitute for a logical expression.
- The Elements of Programming Style (Kernighan & Plauger)

Re: [Qemu-devel] [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge

[Vincent Bernat]

 ❦  8 janvier 2018 17:37 -0500, Paolo Bonzini  :

>> One possible way to work around this problem is to declare that
>> QEMU 2.12 with KVM will require Linux v3.6 and newer (because we
>> need Linux kernel commit ad756a1603c5 "KVM: VMX: Implement
>> PCID/INVPCID for guests with EPT").
>
> Note that PCID is still not supported for guests without EPT, so
> this would break ept=0 with recent "-cpu" models.  I'm not sure of
> a way to fix it; probably it just has to be documented.

>From the above patch, it seems only INVPCID needs EPT. KVM exposes PCID
whenever it is present on the host.
-- 
When you are about to die, a wombat is better than no company at all.
-- Roger Zelazny, "Doorways in the Sand"

Re: [Qemu-devel] [Qemu-block] [PATCH 0/2] qemu-img: Let "info" warn and go ahead without -U

[Fam Zheng]

On Mon, 01/08 18:57, Kevin Wolf wrote:
> I'm not sure if going back to the old behaviour for a while now would be
> helpful, you'd just end up with an even more confusing set of qemu
> versions, for example:
> 
> <= 2.9  - works without a warning
> 2.10 and 2.11   - errors out
> 2.12- prints a warning, but works
> >= 2.13 - errors out again

What I had in mind is settle on warning for good. QEMU (including qemu-img) is a
low level tool that can be used in many ways that it isn't supposed to, this one
is not more harmful than others (e.g. "qemu-img snapshot ..." on iscsi:// qcow2
image) we allow siliently.

I know this is debatable but I think the #1 purpose of image locking is to
prevent data corruption; #2 IMO is to reduce confusion and misinformation.
While inconsistent output of "qemu-img info" is misinformation, it not working
as before is actually confusion. Though the current behavior is indeed ideal,
the proposed patch is a bit more pragmatical.

Fam

Re: [Qemu-devel] [PATCH] irq: fix memory leak

[Michael S. Tsirkin]

On Mon, Dec 25, 2017 at 10:47:04AM +0800, linzhecheng wrote:
> entry is moved from list but is not freed.
> 
> Signed-off-by: linzhecheng 


Makes sense.

Reviewed-by: Michael S. Tsirkin 

> diff --git a/target/i386/kvm.c b/target/i386/kvm.c
> index 351b64f77c..3c920db79a 100644
> --- a/target/i386/kvm.c
> +++ b/target/i386/kvm.c
> @@ -3494,6 +3494,7 @@ int kvm_arch_release_virq_post(int virq)
>  if (entry->virq == virq) {
>  trace_kvm_x86_remove_msi_route(virq);
>  QLIST_REMOVE(entry, list);
> +g_free(entry);
>  break;
>  }
>  }
> -- 
> 2.12.2.windows.2
> 

Re: [Qemu-devel] [PULL 00/25] pc, pci, virtio: features, fixes, cleanups

[Michael S. Tsirkin]

On Mon, Jan 08, 2018 at 09:14:41AM +, Peter Maydell wrote:
> On 21 December 2017 at 23:43, Michael S. Tsirkin  wrote:
> >> you also need to drop "hw/pci: remove obsolete PCIDevice->init()"
> >> (applied in your tree as 18951fce55d5aa58cd1629b4cb704ee51bab4420)
> >> else the not-yet-QOM'ified NVME won't work anymore.
> >
> > Done that too, thanks a lot
> 
> Hi. I'm afraid this pullreq (merge of 880b1ff) has new runtime
> errors from the clang sanitizer:
> 
> /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:201:27:
> runtime error: member access within misaligned address 0x55b4ffee8246
> for type 'struct ip_header', which requires 4 byte alignment
> 0x55b4ffee8246: note: pointer points here
>  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> ff ff 00 00 00 00 00 00  00 00
>  ^
> /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:201:27:
> runtime error: load of misaligned address 0x55b4ffee8246 for type
> 'uint8_t' (aka 'unsigned char'), which requires 4 byte alignment
> 0x55b4ffee8246: note: pointer points here
>  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> ff ff 00 00 00 00 00 00  00 00
>  ^
> /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:208:65:
> runtime error: member access within misaligned address 0x55b4ffee8246
> for type 'struct ip_header', which requires 4 byte alignment
> 0x55b4ffee8246: note: pointer points here
>  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> ff ff 00 00 00 00 00 00  00 00
>  ^
> /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:210:13:
> runtime error: member access within misaligned address 0x55b4ffee8246
> for type 'struct ip_header', which requires 4 byte alignment
> 0x55b4ffee8246: note: pointer points here
>  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> ff ff 00 00 00 00 00 00  00 00
>  ^
> /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:210:13:
> runtime error: load of misaligned address 0x55b4ffee8246 for type
> 'uint8_t' (aka 'unsigned char'), which requires 4 byte alignment
> 0x55b4ffee8246: note: pointer points here
>  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> ff ff 00 00 00 00 00 00  00 00
>  ^
> 
> Sorry for the late report, I didn't quite have time
> to process the pull before Christmas holidays.
> 
> thanks
> -- PMM

So it's an existing bug exposed by the test.
I've reverted the test for now but I didn't rebase
as there are downstream trees based on this pull req.

-- 
MST

Re: [Qemu-devel] [PULL 00/25] pc, pci, virtio: features, fixes, cleanups

[Michael S. Tsirkin]

On Tue, Jan 09, 2018 at 12:10:10PM +1100, David Gibson wrote:
> On Mon, Jan 08, 2018 at 08:10:23PM +0200, Michael S. Tsirkin wrote:
> > On Mon, Jan 08, 2018 at 09:14:41AM +, Peter Maydell wrote:
> > > On 21 December 2017 at 23:43, Michael S. Tsirkin  wrote:
> > > >> you also need to drop "hw/pci: remove obsolete PCIDevice->init()"
> > > >> (applied in your tree as 18951fce55d5aa58cd1629b4cb704ee51bab4420)
> > > >> else the not-yet-QOM'ified NVME won't work anymore.
> > > >
> > > > Done that too, thanks a lot
> > > 
> > > Hi. I'm afraid this pullreq (merge of 880b1ff) has new runtime
> > > errors from the clang sanitizer:
> > > 
> > > /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:201:27:
> > > runtime error: member access within misaligned address 0x55b4ffee8246
> > > for type 'struct ip_header', which requires 4 byte alignment
> > > 0x55b4ffee8246: note: pointer points here
> > >  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> > > ff ff 00 00 00 00 00 00  00 00
> > >  ^
> > > /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:201:27:
> > > runtime error: load of misaligned address 0x55b4ffee8246 for type
> > > 'uint8_t' (aka 'unsigned char'), which requires 4 byte alignment
> > > 0x55b4ffee8246: note: pointer points here
> > >  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> > > ff ff 00 00 00 00 00 00  00 00
> > >  ^
> > > /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:208:65:
> > > runtime error: member access within misaligned address 0x55b4ffee8246
> > > for type 'struct ip_header', which requires 4 byte alignment
> > > 0x55b4ffee8246: note: pointer points here
> > >  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> > > ff ff 00 00 00 00 00 00  00 00
> > >  ^
> > > /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:210:13:
> > > runtime error: member access within misaligned address 0x55b4ffee8246
> > > for type 'struct ip_header', which requires 4 byte alignment
> > > 0x55b4ffee8246: note: pointer points here
> > >  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> > > ff ff 00 00 00 00 00 00  00 00
> > >  ^
> > > /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:210:13:
> > > runtime error: load of misaligned address 0x55b4ffee8246 for type
> > > 'uint8_t' (aka 'unsigned char'), which requires 4 byte alignment
> > > 0x55b4ffee8246: note: pointer points here
> > >  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> > > ff ff 00 00 00 00 00 00  00 00
> > >  ^
> > > 
> > > Sorry for the late report, I didn't quite have time
> > > to process the pull before Christmas holidays.
> > > 
> > > thanks
> > > -- PMM
> > 
> > So I bisected and the reason is this commit:
> > 
> > commit 18b20bb43a2f37f0c8ae23a3e9b3d9a4a05b6bd4
> > Author: David Gibson 
> > Date:   Tue Dec 19 15:45:22 2017 +1100
> > 
> > tests/pxe-test: Add some extra tests
> > 
> > Previously virtio-net was only tested for ppc64 in "slow" mode.  That
> > doesn't make much sense since virtio-net is used much more often in
> > practice than the spapr-vlan device which was tested always.  So, move
> > virtio-net to always be tested on ppc64.
> > 
> > We had no tests at all for the q35 machine, which doesn't seem wise
> > given its increasing prominence.  Add a couple of tests for it,
> > including testing the newer e1000e adapter.
> > 
> > Signed-off-by: David Gibson 
> > Reviewed-by: Thomas Huth 
> > Reviewed-by: Michael S. Tsirkin 
> > Signed-off-by: Michael S. Tsirkin 
> > 
> > :04 04 5a982bfea24b9ac3c651b84425a39b3c85f4871e 
> > 771af3fdfb2778c6d6ed6b1098d1e79c181d6fb0 M  tests
> > 
> > Pls either fix or drop e1000e test
> 
> Feel free to drop this patch for now.  I'll debug and repost it when I
> have a chance.
> 
> -- 
> David Gibson  | I'll have my music baroque, and my code
> david AT gibson.dropbear.id.au| minimalist, thank you.  NOT _the_ 
> _other_
>   | _way_ _around_!
> http://www.ozlabs.org/~dgibson

It's just a test, it exposes the bug but does not introduce it so
I think it's ok to keep it. My point is e1000e appears to have some
issues.

-- 
MST

Re: [Qemu-devel] [qemu-web PATCH] add a blog post about "Spectre"

[Fam Zheng]

On Thu, 01/04 18:56, Paolo Bonzini wrote:
> +be required for non-x86 processors.  If so, they will also posted to the

Hi Paolo, they will also "be" posted?

Fam

[Qemu-devel] [RFC PATCH v2 9/9] hw/arm/xlnx-zynqmp: use Linux FDT names

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/xlnx-zynqmp.c | 14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
index 325642058b..fdcd6801b6 100644
--- a/hw/arm/xlnx-zynqmp.c
+++ b/hw/arm/xlnx-zynqmp.c
@@ -24,6 +24,7 @@
 #include "exec/address-spaces.h"
 #include "sysemu/kvm.h"
 #include "kvm_arm.h"
+#include "hw/sysbus-fdt.h"
 
 #define GIC_NUM_SPI_INTR 160
 
@@ -138,6 +139,7 @@ static void xlnx_zynqmp_init(Object *obj)
 XlnxZynqMPState *s = XLNX_ZYNQMP(obj);
 int i;
 int num_apus = MIN(smp_cpus, XLNX_ZYNQMP_NUM_APU_CPUS);
+const char *type_name;
 
 for (i = 0; i < num_apus; i++) {
 object_initialize(>apu_cpu[i], sizeof(s->apu_cpu[i]),
@@ -150,12 +152,14 @@ static void xlnx_zynqmp_init(Object *obj)
 qdev_set_parent_bus(DEVICE(>gic), sysbus_get_default());
 
 for (i = 0; i < XLNX_ZYNQMP_NUM_GEMS; i++) {
-object_initialize(>gem[i], sizeof(s->gem[i]), TYPE_CADENCE_GEM);
+type_name = type_resolve_fdt_alias("cdns,zynqmp-gem");
+object_initialize(>gem[i], sizeof(s->gem[i]), type_name);
 qdev_set_parent_bus(DEVICE(>gem[i]), sysbus_get_default());
 }
 
 for (i = 0; i < XLNX_ZYNQMP_NUM_UARTS; i++) {
-object_initialize(>uart[i], sizeof(s->uart[i]), TYPE_CADENCE_UART);
+type_name = type_resolve_fdt_alias("xlnx,zynqmp-uart");
+object_initialize(>uart[i], sizeof(s->uart[i]), type_name);
 qdev_set_parent_bus(DEVICE(>uart[i]), sysbus_get_default());
 }
 
@@ -175,13 +179,15 @@ static void xlnx_zynqmp_init(Object *obj)
 qdev_set_parent_bus(DEVICE(>spi[i]), sysbus_get_default());
 }
 
-object_initialize(>qspi, sizeof(s->qspi), TYPE_XLNX_ZYNQMP_QSPIPS);
+type_name = type_resolve_fdt_alias("xlnx.zynq-qspi");
+object_initialize(>qspi, sizeof(s->qspi), type_name);
 qdev_set_parent_bus(DEVICE(>qspi), sysbus_get_default());
 
 object_initialize(>dp, sizeof(s->dp), TYPE_XLNX_DP);
 qdev_set_parent_bus(DEVICE(>dp), sysbus_get_default());
 
-object_initialize(>dpdma, sizeof(s->dpdma), TYPE_XLNX_DPDMA);
+type_name = type_resolve_fdt_alias("xlnx,axi-dpdma-1.0");
+object_initialize(>dpdma, sizeof(s->dpdma), type_name);
 qdev_set_parent_bus(DEVICE(>dpdma), sysbus_get_default());
 }
 
-- 
2.15.1

[Qemu-devel] [RFC PATCH v2 8/9] hw/dma/xlnx_dpdma: add 'xlnx, axi-dpdma-1.0' FDT alias

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/dma/xlnx_dpdma.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/dma/xlnx_dpdma.c b/hw/dma/xlnx_dpdma.c
index 8ceb21ddb3..d1b508cfe3 100644
--- a/hw/dma/xlnx_dpdma.c
+++ b/hw/dma/xlnx_dpdma.c
@@ -24,6 +24,7 @@
 
 #include "qemu/osdep.h"
 #include "qemu/log.h"
+#include "hw/sysbus-fdt.h"
 #include "hw/dma/xlnx_dpdma.h"
 
 #ifndef DEBUG_DPDMA
@@ -607,6 +608,7 @@ static const TypeInfo xlnx_dpdma_info = {
 
 static void xlnx_dpdma_register_types(void)
 {
+type_register_fdt_alias(TYPE_XLNX_DPDMA, "xlnx,axi-dpdma-1.0"); /* ZynqMP 
*/
 type_register_static(_dpdma_info);
 }
 
-- 
2.15.1

[Qemu-devel] [RFC PATCH v2 6/9] hw/usb/hcd-ehci: add 'xlnx, ps7-usb' FDT aliases

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/usb/hcd-ehci-sysbus.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/hw/usb/hcd-ehci-sysbus.c b/hw/usb/hcd-ehci-sysbus.c
index 3b83beb140..0c1a995c2f 100644
--- a/hw/usb/hcd-ehci-sysbus.c
+++ b/hw/usb/hcd-ehci-sysbus.c
@@ -16,6 +16,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "hw/sysbus-fdt.h"
 #include "hw/usb/hcd-ehci.h"
 
 static const VMStateDescription vmstate_ehci_sysbus = {
@@ -244,6 +245,13 @@ static const TypeInfo ehci_fusbh200_type_info = {
 
 static void ehci_sysbus_register_types(void)
 {
+static const char *xlnx_ehci_fdt_aliases[] = {
+"xlnx.zynq-usb",/* Zynq */
+"xlnx.ps7-usb", /* Zynq-7xxx SoC */
+NULL
+};
+
+type_register_fdt_aliases("xlnx,ps7-usb", xlnx_ehci_fdt_aliases);
 type_register_static(_type_info);
 type_register_static(_xlnx_type_info);
 type_register_static(_exynos4210_type_info);
-- 
2.15.1

[Qemu-devel] [RFC PATCH v2 7/9] hw/ssi/xlnx-spips: add 'xlnx.zynq-qspi' FDT alias

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/ssi/xilinx_spips.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index d8187fadd1..9f7edc7a14 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -24,6 +24,7 @@
 
 #include "qemu/osdep.h"
 #include "hw/sysbus.h"
+#include "hw/sysbus-fdt.h"
 #include "sysemu/sysemu.h"
 #include "hw/ptimer.h"
 #include "qemu/log.h"
@@ -1443,6 +1444,7 @@ static const TypeInfo xlnx_zynqmp_qspips_info = {
 
 static void xilinx_spips_register_types(void)
 {
+type_register_fdt_alias(TYPE_XILINX_QSPIPS, "xlnx.zynq-qspi");
 type_register_static(_spips_info);
 type_register_static(_qspips_info);
 type_register_static(_zynqmp_qspips_info);
-- 
2.15.1

[Qemu-devel] [RFC PATCH v2 4/9] hw/timer/cadence_ttc: add FDT aliases

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/timer/cadence_ttc.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/hw/timer/cadence_ttc.c b/hw/timer/cadence_ttc.c
index 5e65fdb5a0..9aff19d3a5 100644
--- a/hw/timer/cadence_ttc.c
+++ b/hw/timer/cadence_ttc.c
@@ -18,6 +18,7 @@
 
 #include "qemu/osdep.h"
 #include "hw/sysbus.h"
+#include "hw/sysbus-fdt.h"
 #include "qemu/timer.h"
 
 #ifdef CADENCE_TTC_ERR_DEBUG
@@ -488,6 +489,13 @@ static const TypeInfo cadence_ttc_info = {
 
 static void cadence_ttc_register_types(void)
 {
+static const char *cadence_ttc_fdt_aliases[] = {
+"cdns.ttc", /* Zynq */
+"xlnx.ps7-ttc", /* Zynq-7xxx SoC */
+NULL
+};
+
+type_register_fdt_aliases(TYPE_CADENCE_TTC, cadence_ttc_fdt_aliases);
 type_register_static(_ttc_info);
 }
 
-- 
2.15.1

[Qemu-devel] [RFC PATCH v2 5/9] hw/dma/axidma: add 'xlnx, eth-dma' FDT alias

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/dma/xilinx_axidma.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/dma/xilinx_axidma.c b/hw/dma/xilinx_axidma.c
index 9b48103574..2359d5c114 100644
--- a/hw/dma/xilinx_axidma.c
+++ b/hw/dma/xilinx_axidma.c
@@ -24,6 +24,7 @@
 
 #include "qemu/osdep.h"
 #include "hw/sysbus.h"
+#include "hw/sysbus-fdt.h"
 #include "qapi/error.h"
 #include "qemu/timer.h"
 #include "hw/ptimer.h"
@@ -648,6 +649,7 @@ static const TypeInfo xilinx_axidma_control_stream_info = {
 
 static void xilinx_axidma_register_types(void)
 {
+type_register_fdt_alias(TYPE_XILINX_AXI_DMA, "xlnx,eth-dma");
 type_register_static(_info);
 type_register_static(_axidma_data_stream_info);
 type_register_static(_axidma_control_stream_info);
-- 
2.15.1

[Qemu-devel] [RFC PATCH v2 2/9] hw/char/cadence_uart: add FDT aliases

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/char/cadence_uart.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
index 6143494060..f164cee61d 100644
--- a/hw/char/cadence_uart.c
+++ b/hw/char/cadence_uart.c
@@ -23,6 +23,7 @@
 
 #include "qemu/osdep.h"
 #include "hw/sysbus.h"
+#include "hw/sysbus-fdt.h"
 #include "chardev/char-fe.h"
 #include "chardev/char-serial.h"
 #include "qemu/timer.h"
@@ -560,6 +561,17 @@ static const TypeInfo cadence_uart_info = {
 
 static void cadence_uart_register_types(void)
 {
+static const char *cadence_uart_fdt_aliases[] = {
+"cdns.uart",
+"cdns,uart-r1p8",
+"xlnx,xuartps", /* Zynq-7xxx SoC */
+"xlnx.ps7-uart",
+"cdns,uart-r1p12",
+"xlnx,zynqmp-uart", /* Zynq Ultrascale+ MPSoC */
+NULL
+};
+
+type_register_fdt_aliases(TYPE_CADENCE_UART, cadence_uart_fdt_aliases);
 type_register_static(_uart_info);
 }
 
-- 
2.15.1

[Qemu-devel] [RFC PATCH v2 0/9] resolv device by Flattened Device Tree alias name

[Philippe Mathieu-Daudé]

Hi,

This RFC series is intended to simplify Flattened Device Tree support,
in particular the 'compatible' FDT entry, when Linux names mismatches
QEMU ones, but this is the same device modelled.

So far this is only a 'proof of concept'.

To see how the qtests perform, I only modified the Xilinx ZynqMP machine.

This is only the 6th generic alias compatibility API in QEMU   ¯\_(ツ)_/¯

Since v2:

- Follow Eduardo advice:
"If aliases exist only for compatibility, they should be restricted to
the places where compatibility is really needed."

- Do not modify QOM/qobject, use a specific GHashTable for FDT alias resolv.

- The aliases aren't display in HMP / -device help

If a machine is expected to use FDT, it needs to explicitely resolv any
device name with the type_resolve_fdt_alias() function.

Regards,

Phil.

Philippe Mathieu-Daudé (9):
  hw/sysbus: add helpers to register FDT aliases
  hw/char/cadence_uart: add FDT aliases
  hw/net/cadence_gem: add FDT aliases
  hw/timer/cadence_ttc: add FDT aliases
  hw/dma/axidma: add 'xlnx,eth-dma' FDT alias
  hw/usb/hcd-ehci: add 'xlnx,ps7-usb' FDT aliases
  hw/ssi/xlnx-spips: add 'xlnx.zynq-qspi' FDT alias
  hw/dma/xlnx_dpdma: add 'xlnx,axi-dpdma-1.0' FDT alias
  hw/arm/xlnx-zynqmp: use Linux FDT names

 include/hw/sysbus-fdt.h  | 18 ++
 hw/arm/xlnx-zynqmp.c | 14 ++
 hw/char/cadence_uart.c   | 12 
 hw/core/sysbus-fdt.c | 30 ++
 hw/dma/xilinx_axidma.c   |  2 ++
 hw/dma/xlnx_dpdma.c  |  2 ++
 hw/net/cadence_gem.c | 10 ++
 hw/ssi/xilinx_spips.c|  2 ++
 hw/timer/cadence_ttc.c   |  8 
 hw/usb/hcd-ehci-sysbus.c |  8 
 hw/core/Makefile.objs|  1 +
 11 files changed, 103 insertions(+), 4 deletions(-)
 create mode 100644 include/hw/sysbus-fdt.h
 create mode 100644 hw/core/sysbus-fdt.c

-- 
2.15.1

[Qemu-devel] [RFC PATCH v2 3/9] hw/net/cadence_gem: add FDT aliases

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/net/cadence_gem.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index 3943187572..34ff738bf7 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -25,6 +25,7 @@
 #include "qemu/osdep.h"
 #include  /* For crc32 */
 
+#include "hw/sysbus-fdt.h"
 #include "hw/net/cadence_gem.h"
 #include "qapi/error.h"
 #include "qemu/log.h"
@@ -1552,6 +1553,15 @@ static const TypeInfo gem_info = {
 
 static void gem_register_types(void)
 {
+static const char *gem_fdt_aliases[] = {
+"cdns,gem",
+"cdns,zynq-gem",/* Zynq-7xxx SoC */
+"xlnx.ps7-ethernet",
+"cdns,zynqmp-gem",  /* Zynq Ultrascale+ MPSoC */
+NULL
+};
+
+type_register_fdt_aliases(TYPE_CADENCE_GEM, gem_fdt_aliases);
 type_register_static(_info);
 }
 
-- 
2.15.1

[Qemu-devel] [RFC PATCH v2 1/9] hw/sysbus: add helpers to register FDT aliases

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/sysbus-fdt.h | 18 ++
 hw/core/sysbus-fdt.c| 30 ++
 hw/core/Makefile.objs   |  1 +
 3 files changed, 49 insertions(+)
 create mode 100644 include/hw/sysbus-fdt.h
 create mode 100644 hw/core/sysbus-fdt.c

diff --git a/include/hw/sysbus-fdt.h b/include/hw/sysbus-fdt.h
new file mode 100644
index 00..21f42dbbad
--- /dev/null
+++ b/include/hw/sysbus-fdt.h
@@ -0,0 +1,18 @@
+/*
+ * Flattened Device Tree alias helpers
+ *
+ * Copyright (C) 2018 Philippe Mathieu-Daudé 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version.  See the COPYING file in the
+ * top-level directory.
+ */
+#ifndef HW_SYSBUS_FDT_H
+#define HW_SYSBUS_FDT_H
+
+void type_register_fdt_alias(const char *name, const char *alias);
+void type_register_fdt_aliases(const char *name, const char **aliases);
+
+const char *type_resolve_fdt_alias(const char *alias);
+
+#endif /* HW_SYSBUS_FDT_H */
diff --git a/hw/core/sysbus-fdt.c b/hw/core/sysbus-fdt.c
new file mode 100644
index 00..0d817ba230
--- /dev/null
+++ b/hw/core/sysbus-fdt.c
@@ -0,0 +1,30 @@
+#include "qemu/osdep.h"
+#include "hw/sysbus-fdt.h"
+
+static GHashTable *fdt_aliases(void)
+{
+static GHashTable *fdt_aliases_singleton;
+
+if (!fdt_aliases_singleton) {
+fdt_aliases_singleton = g_hash_table_new(g_str_hash, g_str_equal);
+}
+return fdt_aliases_singleton;
+}
+
+void type_register_fdt_alias(const char *name, const char *alias)
+{
+g_hash_table_insert(fdt_aliases(), (gpointer)name, (gpointer)name);
+g_hash_table_insert(fdt_aliases(), (gpointer)alias, (gpointer)name);
+}
+
+void type_register_fdt_aliases(const char *name, const char **aliases)
+{
+for (; *aliases; aliases++) {
+type_register_fdt_alias(name, *aliases);
+}
+}
+
+const char *type_resolve_fdt_alias(const char *alias)
+{
+return g_hash_table_lookup(fdt_aliases(), alias);
+}
diff --git a/hw/core/Makefile.objs b/hw/core/Makefile.objs
index f8d7a4aaed..f56f0755a5 100644
--- a/hw/core/Makefile.objs
+++ b/hw/core/Makefile.objs
@@ -11,6 +11,7 @@ common-obj-$(CONFIG_EMPTY_SLOT) += empty_slot.o
 common-obj-$(CONFIG_XILINX_AXI) += stream.o
 common-obj-$(CONFIG_PTIMER) += ptimer.o
 common-obj-$(CONFIG_SOFTMMU) += sysbus.o
+common-obj-$(CONFIG_SOFTMMU) += sysbus-fdt.o
 common-obj-$(CONFIG_SOFTMMU) += machine.o
 common-obj-$(CONFIG_SOFTMMU) += loader.o
 common-obj-$(CONFIG_FITLOADER) += loader-fit.o
-- 
2.15.1

Re: [Qemu-devel] [PULL 00/25] pc, pci, virtio: features, fixes, cleanups

[David Gibson]

On Mon, Jan 08, 2018 at 08:10:23PM +0200, Michael S. Tsirkin wrote:
> On Mon, Jan 08, 2018 at 09:14:41AM +, Peter Maydell wrote:
> > On 21 December 2017 at 23:43, Michael S. Tsirkin  wrote:
> > >> you also need to drop "hw/pci: remove obsolete PCIDevice->init()"
> > >> (applied in your tree as 18951fce55d5aa58cd1629b4cb704ee51bab4420)
> > >> else the not-yet-QOM'ified NVME won't work anymore.
> > >
> > > Done that too, thanks a lot
> > 
> > Hi. I'm afraid this pullreq (merge of 880b1ff) has new runtime
> > errors from the clang sanitizer:
> > 
> > /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:201:27:
> > runtime error: member access within misaligned address 0x55b4ffee8246
> > for type 'struct ip_header', which requires 4 byte alignment
> > 0x55b4ffee8246: note: pointer points here
> >  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> > ff ff 00 00 00 00 00 00  00 00
> >  ^
> > /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:201:27:
> > runtime error: load of misaligned address 0x55b4ffee8246 for type
> > 'uint8_t' (aka 'unsigned char'), which requires 4 byte alignment
> > 0x55b4ffee8246: note: pointer points here
> >  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> > ff ff 00 00 00 00 00 00  00 00
> >  ^
> > /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:208:65:
> > runtime error: member access within misaligned address 0x55b4ffee8246
> > for type 'struct ip_header', which requires 4 byte alignment
> > 0x55b4ffee8246: note: pointer points here
> >  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> > ff ff 00 00 00 00 00 00  00 00
> >  ^
> > /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:210:13:
> > runtime error: member access within misaligned address 0x55b4ffee8246
> > for type 'struct ip_header', which requires 4 byte alignment
> > 0x55b4ffee8246: note: pointer points here
> >  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> > ff ff 00 00 00 00 00 00  00 00
> >  ^
> > /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:210:13:
> > runtime error: load of misaligned address 0x55b4ffee8246 for type
> > 'uint8_t' (aka 'unsigned char'), which requires 4 byte alignment
> > 0x55b4ffee8246: note: pointer points here
> >  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> > ff ff 00 00 00 00 00 00  00 00
> >  ^
> > 
> > Sorry for the late report, I didn't quite have time
> > to process the pull before Christmas holidays.
> > 
> > thanks
> > -- PMM
> 
> So I bisected and the reason is this commit:
> 
> commit 18b20bb43a2f37f0c8ae23a3e9b3d9a4a05b6bd4
> Author: David Gibson 
> Date:   Tue Dec 19 15:45:22 2017 +1100
> 
> tests/pxe-test: Add some extra tests
> 
> Previously virtio-net was only tested for ppc64 in "slow" mode.  That
> doesn't make much sense since virtio-net is used much more often in
> practice than the spapr-vlan device which was tested always.  So, move
> virtio-net to always be tested on ppc64.
> 
> We had no tests at all for the q35 machine, which doesn't seem wise
> given its increasing prominence.  Add a couple of tests for it,
> including testing the newer e1000e adapter.
> 
> Signed-off-by: David Gibson 
> Reviewed-by: Thomas Huth 
> Reviewed-by: Michael S. Tsirkin 
> Signed-off-by: Michael S. Tsirkin 
> 
> :04 04 5a982bfea24b9ac3c651b84425a39b3c85f4871e 
> 771af3fdfb2778c6d6ed6b1098d1e79c181d6fb0 M  tests
> 
> Pls either fix or drop e1000e test

Feel free to drop this patch for now.  I'll debug and repost it when I
have a chance.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] What's needed to pass pciid cpu flag to guest?

[Manu]

> Am 08.01.2018 um 19:58 schrieb Stefan Priebe - Profihost AG 
> :
> 
> Hello,
> 
> for meltdown mitigation and performance it's important to have the pcid
> flag passed down to the guest (f.e.
> https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU).
> 
> My host shows the flag:
> # grep ' pcid ' /proc/cpuinfo  | wc -l
> 56
> 
> But the guest does not:
> # grep pcid /proc/cpuinfo
> #
> 
> Guest was started with:
> -cpu IvyBridge,+kvm_pv_unhalt,+kvm_pv_eoi,enforce,vendor=GenuineIntel

$ qemu -cpu help 
gives a overview.

+pcid

should do it.

> 
> Qemu is 2.9.1
> 
> Thanks!
> 
> Greets,
> Stefan
> 

Re: [Qemu-devel] [PATCH] hw/block: Fix pin-based interrupt behaviour of NVMe

[Hikaru Nishida]

Thank you for applying my patch.

> I had to resolve conflicts with the tracing patches and chose to keep
> the trace points from pci_irq_pulse() for pci_irq_assert(), but didn't
> add them to pci_irq_deassert(). Please check if this makes sense to you.

It makes sense for now.
I will send another patch shortly to improve some points of the
tracing functions.

Hikaru Nishida

2018-01-09 0:28 GMT+09:00 Kevin Wolf :
> Am 18.12.2017 um 06:00 hat Hikaru Nishida geschrieben:
>> Pin-based interrupt of NVMe controller did not work properly
>> because using an obsolated function pci_irq_pulse().
>> To fix this, change to use pci_irq_assert() / pci_irq_deassert()
>> instead of pci_irq_pulse().
>>
>> Signed-off-by: Hikaru Nishida 
>
> Thanks, applied to the block branch.
>
> I had to resolve conflicts with the tracing patches and chose to keep
> the trace points from pci_irq_pulse() for pci_irq_assert(), but didn't
> add them to pci_irq_deassert(). Please check if this makes sense to you.
> Here is the commit after my conflict resolution:
>
> http://repo.or.cz/qemu/kevin.git/commitdiff/44c55a9159f2048a26c07e50dbc21c934917b82c
>
> Kevin

Re: [Qemu-devel] [PATCH v6 04/29] hw/arm: Replace fprintf(stderr, "*\n" with error_report()

[Alistair Francis]

On Tue, Jan 2, 2018 at 4:59 AM, Markus Armbruster  wrote:
> Alistair Francis  writes:
>
>> On Fri, Dec 22, 2017 at 12:30 PM, Markus Armbruster  
>> wrote:
>>> Alistair Francis  writes:
>>>
 On Fri, Dec 22, 2017 at 9:17 AM, Thomas Huth  wrote:
> On 22.12.2017 16:37, Markus Armbruster wrote:
>> Second thoughts...
>>
>> Alistair Francis  writes:
> [...]
>>>  #include "qemu/osdep.h"
>>> +#include "qemu/error-report.h"
>>>  #include "qapi/error.h"
>>>  #include "qemu-common.h"
>>>  #include "cpu.h"
>>> @@ -1311,8 +1312,8 @@ static void omap_prcm_apll_update(struct 
>>> omap_prcm_s *s)
>>>  /* TODO: update clocks */
>>>
>>>  if (mode[0] == 1 || mode[0] == 2 || mode[1] == 1 || mode[1] == 2)
>>> -fprintf(stderr, "%s: bad EN_54M_PLL or bad EN_96M_PLL\n",
>>> -__func__);
>>> +error_report("%s: bad EN_54M_PLL or bad EN_96M_PLL",
>>> + __func__);
>>>  }
>>
>> This one's different: we neither exit() nor return a "failed" status to
>> the caller.
>>
>> We get here when the guest writes something funny to a certain
>> memory-mapped I/O register.  In other words, it's guest misbehavior, not
>> a user error.  I doubt it should be reported with error_report().
>> Peter, do we have a canonical way to report or log  guest misbehavior?
>
> qemu_log_mask(LOG_GUEST_ERROR, ...) ?

 That seems like the best option to me.
>>>
>>> Suggest:
>>>
>>> 1. Keep converting fatal errors (the ones that exit())
>>>
>>> 2. Keep converting recoverable errors (the ones that return failure)
>>>
>>> 3. You can leave the prints that are neither alone.  You can also
>>>convert to logging or tracing, as appropriate, but that requires
>>>understanding the code.
>>>
>>> Makes sense?
>>
>> Does this apply to new patches after this series or to this series as
>> well? The series is mostly just mechanical find/replace. I really
>> don't want to have to dig through every patch to figure out what to
>> change/not change.
>
> I understand your reluctance to sort patch hunks into buckets 1., 2. and
> 3. manually: there's an awful lot of hunks to sort.
>
> We know we have many fprintf() that should be error_report(),
> error_setg(), logging or tracing.
>
> We know we have error_report() that should be error_setg().
>
> Converting fprintf() to error_report() where we should really use
> something else makes the situation worse, I'm afraid.
>
> Since we need to sort, and sorting manually isn't practical, we need to
> automate.
>
> The patterns to recognize are 1. fprintf() followed by exit() and
> 2. fprintf() followed by return failure.
>
> Recognizing the patterns when there's stuff between fprintf() and exit()
> / return may exceed sed's power.  Feels like a Coccinelle job to me.
> Let's focus on the common case where exit() / return follows fprintf()
> immediately.
>
> Let's start with the easiest case: exit().  I figure that's still in
> reach of your find + sed tooling.
>
> Recognizing "return failure" is slightly harder, because error values
> aren't always obvious.  Common ones are return NULL, return -1, return
> -EFOO.
>
> I hope that peeling off truly simple cases like this will reduce the
> remaining hunks sufficiently to permit manual review.  If it doesn't, we
> should still get a major part of your work without making the situation
> worse.

Ok. So it is becoming apparent that this series is not going to be
accepted. I might just drop it and try and re-group with Coccinelle at
some point in the future.

If there is a subset of this series that is fine to go in I'm happy to
rebase and keep going, but at the moment it looks like starting again
is gong to be the least painful effort.

Alistair

>

Re: [Qemu-devel] [PATCH v3 33/42] hw/arm/bcm2835_peripherals: implement SDHCI Spec v3

[Andrew Baumann via Qemu-devel]

> From: Philippe Mathieu-Daudé [mailto:philippe.mathieu.da...@gmail.com]
> Sent: Friday, 29 December 2017 09:49
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
> 
> Note, the bcm2835 seems to have 1KB minimum blocksize, however the
> current
> model is implemented with 512B.
> 
> Can someone with access to the datasheets verify?

The public BCM2835 peripherals datasheet says:
  "The EMMC module restricts the maximum block size to the size of the internal 
data FIFO
  which is 1k bytes."
... so I think your patch is correct.

Andrew

Re: [Qemu-devel] [PATCH] linux-user: MIPS set cpu to r6 CPU if binary is R6

[Laurent Vivier]

Peter, Riku,

what do you think of the idea of using the ELF header to select the CPU
to emulate?

Thanks,
Laurent

Le 19/12/2017 à 12:50, YunQiang Su a écrit :
> MIPS r6 is not just simple super set for pre-R6,
> it also drops some instruction and even changes encoding for some.
> But r6 binary has the same header for binfmt_misc.
> 
> So here we need to detect the version of binaries and set
> cpu_model for it.
> ---
>  include/elf.h|  4 
>  linux-user/elfload.c | 36 
>  linux-user/main.c| 15 +++
>  linux-user/qemu.h|  1 +
>  4 files changed, 56 insertions(+)
> 
> diff --git a/include/elf.h b/include/elf.h
> index e8a515ce3d..f2104809b1 100644
> --- a/include/elf.h
> +++ b/include/elf.h
> @@ -40,6 +40,10 @@ typedef int64_t  Elf64_Sxword;
>  #define EF_MIPS_ARCH_5   0x4000  /* -mips5 code.  */
>  #define EF_MIPS_ARCH_32  0x5000  /* MIPS32 code.  */
>  #define EF_MIPS_ARCH_64  0x6000  /* MIPS64 code.  */
> +#define EF_MIPS_ARCH_32R2   0x7000  /* MIPS32r2 code.  */
> +#define EF_MIPS_ARCH_64R2   0x8000  /* MIPS64r2 code.  */
> +#define EF_MIPS_ARCH_32R6   0x9000  /* MIPS32r6 code.  */
> +#define EF_MIPS_ARCH_64R6   0xa000  /* MIPS64r6 code.  */
>  
>  /* The ABI of a file. */
>  #define EF_MIPS_ABI_O32  0x1000  /* O32 ABI.  */
> diff --git a/linux-user/elfload.c b/linux-user/elfload.c
> index 20f3d8c2c3..f9b8e028ca 100644
> --- a/linux-user/elfload.c
> +++ b/linux-user/elfload.c
> @@ -2224,6 +2224,42 @@ static void load_elf_interp(const char *filename, 
> struct image_info *info,
>  exit(-1);
>  }
>  
> +uint32_t get_elf_eflags(const char *filename)
> +{
> +int fd, retval;
> +char bprm_buf[BPRM_BUF_SIZE];
> +
> +fd = open(path(filename), O_RDONLY);
> +if (fd < 0) {
> +return 0;
> +}
> +retval = read(fd, bprm_buf, BPRM_BUF_SIZE);
> +close(fd);
> +if (retval < 0) {
> +return 0;
> +}
> +if (retval < BPRM_BUF_SIZE) {
> +memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval);
> +}
> +
> +if (bprm_buf[0] != 0x7f
> + || bprm_buf[1] != 'E'
> + || bprm_buf[2] != 'L'
> + || bprm_buf[3] != 'F') {
> +return 0;
> +}
> +
> +struct elfhdr *ehdr = (struct elfhdr *)bprm_buf;
> +if (!elf_check_ident(ehdr)) {
> +return 0;
> +}
> +bswap_ehdr(ehdr);
> +if (!elf_check_ehdr(ehdr)) {
> +return 0;
> +}
> +return ehdr->e_flags;
> +}
> +
>  static int symfind(const void *s0, const void *s1)
>  {
>  target_ulong addr = *(target_ulong *)s0;
> diff --git a/linux-user/main.c b/linux-user/main.c
> index 7c0bffeff6..b4626e5aa0 100644
> --- a/linux-user/main.c
> +++ b/linux-user/main.c
> @@ -4287,6 +4287,21 @@ int main(int argc, char **argv, char **envp)
>  }
>  trace_init_file(trace_file);
>  
> +#if defined(TARGET_MIPS)
> +if (cpu_model == NULL) {
> +uint32_t eflags = get_elf_eflags(filename);
> +#if defined(TARGET_ABI_MIPSN32) || defined(TARGET_ABI_MIPSN64)
> +if ((eflags & EF_MIPS_ARCH_64R6) != 0) {
> +cpu_model = "I6400";
> +}
> +#else
> +if ((eflags & EF_MIPS_ARCH_32R6) != 0) {
> +cpu_model = "mips32r6-generic";
> +}
> +#endif
> +}
> +#endif
> +
>  /* Zero out regs */
>  memset(regs, 0, sizeof(struct target_pt_regs));
>  
> diff --git a/linux-user/qemu.h b/linux-user/qemu.h
> index 4edd7d0c08..cf09110bf9 100644
> --- a/linux-user/qemu.h
> +++ b/linux-user/qemu.h
> @@ -190,6 +190,7 @@ int loader_exec(int fdexec, const char *filename, char 
> **argv, char **envp,
>  
>  int load_elf_binary(struct linux_binprm *bprm, struct image_info *info);
>  int load_flt_binary(struct linux_binprm *bprm, struct image_info *info);
> +uint32_t get_elf_eflags(const char *filename);
>  
>  abi_long memcpy_to_target(abi_ulong dest, const void *src,
>unsigned long len);
> 

Re: [Qemu-devel] [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge

[Eduardo Habkost]

On Mon, Jan 08, 2018 at 06:09:30PM -0500, Paolo Bonzini wrote:
> 
> 
> - Original Message -
> > From: "Eduardo Habkost" 
> > To: "Paolo Bonzini" 
> > Cc: "Vincent Bernat" , "Richard Henderson" 
> > , qemu-devel@nongnu.org
> > Sent: Monday, January 8, 2018 11:56:25 PM
> > Subject: Re: [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy 
> > Bridge
> > 
> > On Mon, Jan 08, 2018 at 05:37:16PM -0500, Paolo Bonzini wrote:
> > > 
> > > 
> > > - Original Message -
> > > > From: "Eduardo Habkost" 
> > > > To: "Vincent Bernat" 
> > > > Cc: "Paolo Bonzini" , "Richard Henderson"
> > > > , qemu-devel@nongnu.org
> > > > Sent: Monday, January 8, 2018 10:16:23 PM
> > > > Subject: Re: [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy
> > > > Bridge
> > > > 
> > > > On Mon, Jan 08, 2018 at 09:50:52PM +0100, Vincent Bernat wrote:
> > > > > PCID has been introduced in Sandy Bridge and, currently, KVM doesn't
> > > > > object exposing it to VM as long as it is present on the host. Update
> > > > > CPU model for both Sandy Bridge and Ivy Bridge accordingly.
> > > > > 
> > > > > Signed-off-by: Vincent Bernat 
> > > > 
> > > > Thanks for your patch.
> > > > 
> > > > We need two things, though:
> > > > 
> > > > First, confirming that all hosts where the SandyBridge and
> > > > IvyBridge CPU models are runnable will support exposing PCID to
> > > > guests (otherwise updating QEMU can make a runnable VM
> > > > configuration suddenly stop being runnable).  This can happen if
> > > > the host kernel is too old.
> > > 
> > > I've been reading it's also Westmere.  I'll check more carefully tomorrow.
> > > The difference between consumer and server SKUs is important too.
> > > 
> > > > One possible way to work around this problem is to declare that
> > > > QEMU 2.12 with KVM will require Linux v3.6 and newer (because we
> > > > need Linux kernel commit ad756a1603c5 "KVM: VMX: Implement
> > > > PCID/INVPCID for guests with EPT").
> > > 
> > > Note that PCID is still not supported for guests without EPT, so
> > > this would break ept=0 with recent "-cpu" models.  I'm not sure of
> > > a way to fix it; probably it just has to be documented.
> > 
> > GET_SUPPORTED_CPUID seems to still return PCID as supported
> > without EPT, doesn't it?
> 
> Indeed it is!  It will also be useful for KPTI performance without
> INVPCID, but it won't be useful without EPT.

Well, I can live with "not useful without EPT", as long as it
doesn't mean "broken without EPT".  It looks like we can safely
enable it, as long as:

2) we confirm if all Intel Westmere/SandyBridge/IvyBridge CPUs
   have PCID;
1) QEMU documentation states that it requires Linux v3.6 or newer
   for KVM.

-- 
Eduardo

[Qemu-devel] [PATCH 6/6] target/m68k: add HMP command "info tlb"

[Laurent Vivier]

Dump MMU state and address mappings.

Signed-off-by: Laurent Vivier 
---
CC: Dr. David Alan Gilbert 

 hmp-commands-info.hx  |   2 +-
 target/m68k/cpu.h |   1 +
 target/m68k/helper.c  | 216 ++
 target/m68k/monitor.c |  13 +++
 4 files changed, 231 insertions(+), 1 deletion(-)

diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
index 54c3e5eac6..ad590a4ffb 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
@@ -216,7 +216,7 @@ Show PCI information.
 ETEXI
 
 #if defined(TARGET_I386) || defined(TARGET_SH4) || defined(TARGET_SPARC) || \
-defined(TARGET_PPC) || defined(TARGET_XTENSA)
+defined(TARGET_PPC) || defined(TARGET_XTENSA) || defined(TARGET_M68K)
 {
 .name   = "tlb",
 .args_type  = "",
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 2f5a716139..e9c6e19af4 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -558,4 +558,5 @@ static inline void cpu_get_tb_cpu_state(CPUM68KState *env, 
target_ulong *pc,
 | ((env->macsr >> 4) & 0xf);/* Bits 0-3 */
 }
 
+void dump_mmu(FILE *f, fprintf_function cpu_fprintf, CPUM68KState *env);
 #endif
diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index ef9ef6f55c..7ea30e9a3e 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -375,6 +375,222 @@ int m68k_cpu_handle_mmu_fault(CPUState *cs, vaddr 
address, int size, int rw,
 
 /* MMU: 68040 only */
 
+static void print_address_zone(FILE *f, fprintf_function cpu_fprintf,
+   uint32_t logical, uint32_t physical,
+   uint32_t size, int attr)
+{
+cpu_fprintf(f, "%08x - %08x -> %08x - %08x %c ",
+logical, logical + size - 1,
+physical, physical + size - 1,
+attr & 4 ? 'W' : '-');
+size >>= 10;
+if (size < 1024) {
+cpu_fprintf(f, "(%d KiB)\n", size);
+} else {
+size >>= 10;
+if (size < 1024) {
+cpu_fprintf(f, "(%d MiB)\n", size);
+} else {
+size >>= 10;
+cpu_fprintf(f, "(%d GiB)\n", size);
+}
+}
+}
+
+static void dump_address_map(FILE *f, fprintf_function cpu_fprintf,
+ CPUM68KState *env, uint32_t root_pointer)
+{
+int i, j, k;
+int tic_size, tic_shift;
+uint32_t tib_mask;
+uint32_t tia, tib, tic;
+uint32_t logical = 0x, physical = 0x;
+uint32_t first_logical = 0x, first_physical = 0x;
+uint32_t last_logical, last_physical;
+int32_t size;
+int last_attr = -1, attr = -1;
+M68kCPU *cpu = m68k_env_get_cpu(env);
+CPUState *cs = CPU(cpu);
+
+if (env->mmu.tcr & M68K_TCR_PAGE_8K) {
+/* 8k page */
+tic_size = 32;
+tic_shift = 13;
+tib_mask = 0xff80;
+} else {
+/* 4k page */
+tic_size = 64;
+tic_shift = 12;
+tib_mask = 0xff00;
+}
+for (i = 0; i < 128; i++) {
+tia = ldl_phys(cs->as, M68K_POINTER_BASE(root_pointer) + i * 4);
+if (!M68K_UDT_VALID(tia)) {
+continue;
+}
+for (j = 0; j < 128; j++) {
+tib = ldl_phys(cs->as, M68K_POINTER_BASE(tia) + j * 4);
+if (!M68K_UDT_VALID(tia)) {
+continue;
+}
+for (k = 0; k < tic_size; k++) {
+tic = ldl_phys(cs->as, (tib & tib_mask) + k * 4);
+if (!M68K_PDT_VALID(tia)) {
+continue;
+}
+if (M68K_PDT_INDIRECT(tic)) {
+tic = ldl_phys(cs->as, M68K_INDIRECT_POINTER(tic));
+}
+
+last_logical = logical;
+logical = (i << 25) | (j << 18) | (k << tic_shift);
+
+last_physical = physical;
+physical = tic & ~((1 << tic_shift) - 1);
+
+last_attr = attr;
+attr = tic & ((1 << tic_shift) - 1);
+
+if ((logical != (last_logical + (1 << tic_shift))) ||
+(physical != (last_physical + (1 << tic_shift))) ||
+(attr & 4) != (last_attr & 4)) {
+
+if (first_logical != 0x) {
+size = last_logical + (1 << tic_shift) -
+   first_logical;
+print_address_zone(f, cpu_fprintf, first_logical,
+   first_physical, size, last_attr);
+}
+first_logical = logical;
+first_physical = physical;
+}
+}
+}
+}
+if (first_logical != logical || (attr & 4) != (last_attr & 4)) {
+size = logical + (1 << tic_shift) - first_logical;
+print_address_zone(f, cpu_fprintf, first_logical, first_physical, size,
+   last_attr);
+}
+}
+

[Qemu-devel] [PATCH 1/6] accel/tcg: add size paremeter in tlb_fill()

[Laurent Vivier]

The MC68040 MMU provides the size of the access that
triggers the page fault.

This size is set in the Special Status Word which
is written in the stack frame of the access fault
exception.

So we need the size in m68k_cpu_unassigned_access() and
m68k_cpu_handle_mmu_fault().

To be able to do that, this patch modifies the prototype of
handle_mmu_fault handler, tlb_fill() and probe_write().
do_unassigned_access() already includes a size parameter.

This patch also updates handle_mmu_fault handlers and
tlb_fill() of all targets (only parameter, no code change).

Signed-off-by: Laurent Vivier 
---
CC: Richard Henderson 
CC: Paolo Bonzini 
CC: Peter Maydell 
CC: Edgar E. Iglesias 
CC: Eduardo Habkost 
CC: Michael Walle 
CC: Aurelien Jarno 
CC: Anthony Green 
CC: Chris Wulff 
CC: Stafford Horne 
CC: Alexander Graf 
CC: Artyom Tarasenko 
CC: Bastian Koppelmann 
CC: Guan Xuetao 
CC: Max Filippov 
CC: qemu-...@nongnu.org
CC: qemu-...@nongnu.org
CC: qemu-s3...@nongnu.org

 accel/tcg/cputlb.c| 13 -
 accel/tcg/softmmu_template.h  | 14 --
 accel/tcg/user-exec.c |  2 +-
 include/exec/exec-all.h   |  6 +++---
 include/qom/cpu.h |  2 +-
 target/alpha/cpu.h|  2 +-
 target/alpha/helper.c |  4 ++--
 target/alpha/mem_helper.c |  6 +++---
 target/arm/cpu.c  |  4 ++--
 target/arm/op_helper.c|  4 ++--
 target/cris/cpu.h |  2 +-
 target/cris/helper.c  |  4 ++--
 target/cris/op_helper.c   |  6 +++---
 target/hppa/cpu.h |  3 ++-
 target/hppa/helper.c  |  2 +-
 target/hppa/op_helper.c   |  2 +-
 target/i386/cpu.h |  2 +-
 target/i386/excp_helper.c |  4 ++--
 target/i386/mem_helper.c  |  6 +++---
 target/lm32/cpu.h |  2 +-
 target/lm32/helper.c  |  2 +-
 target/lm32/op_helper.c   |  6 +++---
 target/m68k/cpu.h |  2 +-
 target/m68k/helper.c  |  4 ++--
 target/m68k/op_helper.c   |  6 +++---
 target/microblaze/cpu.h   |  2 +-
 target/microblaze/helper.c|  4 ++--
 target/microblaze/op_helper.c |  6 +++---
 target/mips/helper.c  |  2 +-
 target/mips/internal.h|  2 +-
 target/mips/op_helper.c   | 10 +-
 target/moxie/cpu.h|  2 +-
 target/moxie/helper.c | 10 +-
 target/nios2/cpu.h|  2 +-
 target/nios2/helper.c |  6 --
 target/nios2/mmu.c|  6 +++---
 target/openrisc/cpu.h |  2 +-
 target/openrisc/mmu.c |  8 
 target/openrisc/mmu_helper.c  |  6 +++---
 target/ppc/cpu.h  |  2 +-
 target/ppc/mmu_helper.c   |  4 ++--
 target/ppc/user_only_helper.c |  2 +-
 target/s390x/excp_helper.c|  4 ++--
 target/s390x/internal.h   |  2 +-
 target/s390x/mem_helper.c |  8 
 target/sh4/cpu.h  |  2 +-
 target/sh4/helper.c   |  4 ++--
 target/sh4/op_helper.c|  6 +++---
 target/sparc/cpu.h|  2 +-
 target/sparc/ldst_helper.c|  6 +++---
 target/sparc/mmu_helper.c |  6 +++---
 target/tilegx/cpu.c   |  4 ++--
 target/tricore/op_helper.c|  4 ++--
 target/unicore32/cpu.h|  2 +-
 target/unicore32/helper.c |  2 +-
 target/unicore32/op_helper.c  |  6 +++---
 target/unicore32/softmmu.c|  2 +-
 target/xtensa/op_helper.c |  4 ++--
 58 files changed, 129 insertions(+), 121 deletions(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 8fd84209df..0ab9942a5f 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -880,7 +880,7 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, 
target_ulong addr)
 if (unlikely(env->tlb_table[mmu_idx][index].addr_code !=
  (addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK {
 if (!VICTIM_TLB_HIT(addr_read, addr)) {
-tlb_fill(ENV_GET_CPU(env), addr, MMU_INST_FETCH, mmu_idx, 0);
+tlb_fill(ENV_GET_CPU(env), addr, 1, MMU_INST_FETCH, mmu_idx, 0);
 }
 }
 iotlbentry = >iotlb[mmu_idx][index];
@@ -928,7 +928,7 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, 
target_ulong addr)
  * Otherwise the function will return, and there will be a valid
  * entry in the TLB for this access.
  */
-void probe_write(CPUArchState *env, target_ulong addr, int mmu_idx,
+void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
  uintptr_t retaddr)
 {
 int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
@@ -938,7 +938,8 @@ void probe_write(CPUArchState *env, target_ulong addr, int 
mmu_idx,
 != (tlb_addr & (TARGET_PAGE_MASK | 

[Qemu-devel] [PATCH 5/6] target/m68k: add pflush/ptest

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
---
 target/m68k/cpu.h   |  3 +++
 target/m68k/helper.c| 72 +
 target/m68k/helper.h|  2 ++
 target/m68k/monitor.c   |  1 +
 target/m68k/op_helper.c |  1 +
 target/m68k/translate.c | 33 +++
 6 files changed, 112 insertions(+)

diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 4877be93ec..2f5a716139 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -130,6 +130,7 @@ typedef struct CPUM68KState {
 uint32_t urp;
 uint32_t srp;
 uint32_t ttr[4];
+uint32_t mmusr;
 } mmu;
 
 /* Control registers.  */
@@ -512,6 +513,8 @@ enum {
 ACCESS_SUPER = 0x01,
 /* 1 bit to indicate direction */
 ACCESS_STORE = 0x02,
+/* PTEST instruction */
+ACCESS_PTEST = 0x04,
 /* Type of instruction that generated the access */
 ACCESS_CODE  = 0x10, /* Code fetch access*/
 ACCESS_INT   = 0x20, /* Integer load/store access*/
diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index 090f50fa05..ef9ef6f55c 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -222,6 +222,9 @@ void HELPER(m68k_movec_to)(CPUM68KState *env, uint32_t reg, 
uint32_t val)
 case M68K_CR_TC:
 env->mmu.tcr = val;
 return;
+case M68K_CR_MMUSR:
+env->mmu.mmusr = val;
+return;
 case M68K_CR_SRP:
 env->mmu.srp = val;
 return;
@@ -273,6 +276,8 @@ uint32_t HELPER(m68k_movec_from)(CPUM68KState *env, 
uint32_t reg)
 /* MC680[34]0 */
 case M68K_CR_TC:
 return env->mmu.tcr;
+case M68K_CR_MMUSR:
+return env->mmu.mmusr;
 case M68K_CR_SRP:
 return env->mmu.srp;
 case M68K_CR_USP:
@@ -432,6 +437,10 @@ static int get_physical_address(CPUM68KState *env, hwaddr 
*physical,
 for (i = 0; i < M68K_MAX_TTR; i++) {
 if (check_TTR(env->mmu.TTR(access_type, i),
   prot, address, access_type)) {
+if (access_type & ACCESS_PTEST) {
+/* Transparent Translation Register bit */
+env->mmu.mmusr = M68K_MMU_T_040 | M68K_MMU_R_040;
+}
 *physical = address;
 *page_size = TARGET_PAGE_SIZE;
 return 0;
@@ -460,6 +469,9 @@ static int get_physical_address(CPUM68KState *env, hwaddr 
*physical,
 stl_phys(cs->as, entry, next | M68K_DESC_USED);
 }
 if (next & M68K_DESC_WRITEPROT) {
+if (access_type & ACCESS_PTEST) {
+env->mmu.mmusr |= M68K_MMU_WP_040;
+}
 *prot &= ~PAGE_WRITE;
 if (access_type & ACCESS_STORE) {
 return -1;
@@ -477,6 +489,9 @@ static int get_physical_address(CPUM68KState *env, hwaddr 
*physical,
 stl_phys(cs->as, entry, next | M68K_DESC_USED);
 }
 if (next & M68K_DESC_WRITEPROT) {
+if (access_type & ACCESS_PTEST) {
+env->mmu.mmusr |= M68K_MMU_WP_040;
+}
 *prot &= ~PAGE_WRITE;
 if (access_type & ACCESS_STORE) {
 return -1;
@@ -524,6 +539,12 @@ static int get_physical_address(CPUM68KState *env, hwaddr 
*physical,
 *physical = (next & ~0x0fff) + page_offset;
 }
 
+if (access_type & ACCESS_PTEST) {
+env->mmu.mmusr |= next & M68K_MMU_SR_MASK_040;
+env->mmu.mmusr |= *physical & 0xf000;
+env->mmu.mmusr |= M68K_MMU_R_040;
+}
+
 if (next & M68K_DESC_WRITEPROT) {
 *prot &= ~PAGE_WRITE;
 if (access_type & ACCESS_STORE) {
@@ -1148,6 +1169,57 @@ uint32_t HELPER(moves_load)(CPUM68KState *env, uint32_t 
addr, uint32_t size)
 return val;
 }
 
+void HELPER(ptest)(CPUM68KState *env, uint32_t addr, uint32_t is_read)
+{
+M68kCPU *cpu = m68k_env_get_cpu(env);
+CPUState *cs = CPU(cpu);
+hwaddr physical;
+int access_type;
+int prot;
+int ret;
+target_ulong page_size;
+
+access_type = ACCESS_PTEST;
+if (env->dfc & 4) {
+access_type |= ACCESS_SUPER;
+}
+if ((env->dfc & 3) == 2) {
+access_type |= ACCESS_CODE;
+}
+if (!is_read) {
+access_type |= ACCESS_STORE;
+}
+
+env->mmu.mmusr = 0;
+env->mmu.ssw = 0;
+ret = get_physical_address(env, , , addr,
+   access_type, _size);
+if (ret == 0) {
+tlb_set_page(cs, addr & TARGET_PAGE_MASK,
+ physical & TARGET_PAGE_MASK,
+ prot, access_type & ACCESS_SUPER ?
+ MMU_KERNEL_IDX : MMU_USER_IDX, page_size);
+}
+}
+
+void HELPER(pflush)(CPUM68KState *env, uint32_t addr, uint32_t opmode)
+{
+M68kCPU *cpu = m68k_env_get_cpu(env);
+
+switch (opmode) {
+case 0: /* Flush page entry if not global */
+case 1: /* Flush page entry */
+tlb_flush_page(CPU(cpu), addr);
+break;
+case 2: /* Flush all except global entries */
+tlb_flush(CPU(cpu));
+break;
+case 3: /* 

[Qemu-devel] [PATCH 4/6] target/m68k: add moves

[Laurent Vivier]

and introduce SFC and DFC control registers.

Signed-off-by: Laurent Vivier 
---
 target/m68k/cpu.h   |  2 ++
 target/m68k/helper.c| 82 +
 target/m68k/helper.h|  2 ++
 target/m68k/monitor.c   |  2 ++
 target/m68k/op_helper.c |  4 +--
 target/m68k/qregs.def   |  2 ++
 target/m68k/translate.c | 74 
 7 files changed, 166 insertions(+), 2 deletions(-)

diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 60e669c3b4..4877be93ec 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -137,6 +137,8 @@ typedef struct CPUM68KState {
 uint32_t mbar;
 uint32_t rambar0;
 uint32_t cacr;
+uint32_t sfc;
+uint32_t dfc;
 
 int pending_vector;
 int pending_level;
diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index c5b436d382..090f50fa05 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -21,6 +21,7 @@
 #include "qemu/osdep.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/cpu_ldst.h"
 #include "exec/gdbstub.h"
 
 #include "exec/helper-proto.h"
@@ -203,6 +204,12 @@ void HELPER(m68k_movec_to)(CPUM68KState *env, uint32_t 
reg, uint32_t val)
 
 switch (reg) {
 /* MC680[1234]0 */
+case M68K_CR_SFC:
+env->sfc = val & 7;
+return;
+case M68K_CR_DFC:
+env->dfc = val & 7;
+return;
 case M68K_CR_VBR:
 env->vbr = val;
 return;
@@ -254,6 +261,10 @@ uint32_t HELPER(m68k_movec_from)(CPUM68KState *env, 
uint32_t reg)
 
 switch (reg) {
 /* MC680[1234]0 */
+case M68K_CR_SFC:
+return env->sfc;
+case M68K_CR_DFC:
+return env->dfc;
 case M68K_CR_VBR:
 return env->vbr;
 /* MC680[234]0 */
@@ -1066,6 +1077,77 @@ void HELPER(set_mac_extu)(CPUM68KState *env, uint32_t 
val, uint32_t acc)
 }
 
 #if defined(CONFIG_SOFTMMU)
+void HELPER(moves_store)(CPUM68KState *env, uint32_t val,
+ uint32_t addr, uint32_t size)
+{
+if (env->dfc & 4) { /* kernel */
+switch (size) {
+case OS_BYTE:
+cpu_stb_kernel_ra(env, addr, val, GETPC());
+break;
+case OS_WORD:
+cpu_stw_kernel_ra(env, addr, val, GETPC());
+break;
+case OS_LONG:
+cpu_stl_kernel_ra(env, addr, val, GETPC());
+break;
+default:
+g_assert_not_reached();
+}
+} else { /* user */
+switch (size) {
+case OS_BYTE:
+cpu_stb_user_ra(env, addr, val, GETPC());
+break;
+case OS_WORD:
+cpu_stw_user_ra(env, addr, val, GETPC());
+break;
+case OS_LONG:
+cpu_stl_user_ra(env, addr, val, GETPC());
+break;
+default:
+g_assert_not_reached();
+}
+}
+}
+
+uint32_t HELPER(moves_load)(CPUM68KState *env, uint32_t addr, uint32_t size)
+{
+uint32_t val;
+
+if (env->sfc & 4) { /* kernel */
+switch (size) {
+case OS_BYTE:
+val = cpu_ldub_kernel_ra(env, addr, GETPC());
+break;
+case OS_WORD:
+val = cpu_lduw_kernel_ra(env, addr, GETPC());
+break;
+case OS_LONG:
+val = cpu_ldl_kernel_ra(env, addr, GETPC());
+break;
+default:
+g_assert_not_reached();
+}
+} else { /* user */
+switch (size) {
+case OS_BYTE:
+val = cpu_ldub_user_ra(env, addr, GETPC());
+break;
+case OS_WORD:
+val = cpu_lduw_user_ra(env, addr, GETPC());
+break;
+case OS_LONG:
+val = cpu_ldl_user_ra(env, addr, GETPC());
+break;
+default:
+g_assert_not_reached();
+}
+}
+
+return val;
+}
+
 void HELPER(reset)(CPUM68KState *env)
 {
 /* FIXME: reset all except CPU */
diff --git a/target/m68k/helper.h b/target/m68k/helper.h
index 57f210aa14..620c6d5686 100644
--- a/target/m68k/helper.h
+++ b/target/m68k/helper.h
@@ -101,5 +101,7 @@ DEF_HELPER_3(chk, void, env, s32, s32)
 DEF_HELPER_4(chk2, void, env, s32, s32, s32)
 
 #if defined(CONFIG_SOFTMMU)
+DEF_HELPER_FLAGS_4(moves_store, TCG_CALL_NO_WG, void, env, i32, i32, i32)
+DEF_HELPER_FLAGS_3(moves_load, TCG_CALL_NO_WG, i32, env, i32, i32)
 DEF_HELPER_FLAGS_1(reset, TCG_CALL_NO_RWG, void, env)
 #endif
diff --git a/target/m68k/monitor.c b/target/m68k/monitor.c
index a20af6b09c..c31feb4b02 100644
--- a/target/m68k/monitor.c
+++ b/target/m68k/monitor.c
@@ -31,6 +31,8 @@ static const MonitorDef monitor_defs[] = {
 { "ssp", offsetof(CPUM68KState, sp[0]) },
 { "usp", offsetof(CPUM68KState, sp[1]) },
 { "isp", offsetof(CPUM68KState, sp[2]) },
+{ "sfc", offsetof(CPUM68KState, sfc) },
+{ "dfc", offsetof(CPUM68KState, dfc) },
 { "urp", offsetof(CPUM68KState, mmu.urp) },
 { "srp", offsetof(CPUM68KState, mmu.srp) },
 { "dttr0", 

[Qemu-devel] [PATCH 2/6] target/m68k: add MC68040 MMU

[Laurent Vivier]

Only add MC68040 MMU page table processing and related
registers (Special Status Word, Translation Control Register,
User Root Pointer and Supervisor Root Pointer).

Transparent Translation Registers, DFC/SFC and pflush/ptest
will be added later.

Signed-off-by: Laurent Vivier 
---
 target/m68k/cpu.c   |   4 +-
 target/m68k/cpu.h   | 103 +++
 target/m68k/helper.c| 220 ++--
 target/m68k/monitor.c   |   2 +
 target/m68k/op_helper.c |  95 -
 target/m68k/translate.c |   2 +
 6 files changed, 416 insertions(+), 10 deletions(-)

diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index 03126ba543..98919b358b 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -269,9 +269,9 @@ static void m68k_cpu_class_init(ObjectClass *c, void *data)
 cc->set_pc = m68k_cpu_set_pc;
 cc->gdb_read_register = m68k_cpu_gdb_read_register;
 cc->gdb_write_register = m68k_cpu_gdb_write_register;
-#ifdef CONFIG_USER_ONLY
 cc->handle_mmu_fault = m68k_cpu_handle_mmu_fault;
-#else
+#if defined(CONFIG_SOFTMMU)
+cc->do_unassigned_access = m68k_cpu_unassigned_access;
 cc->get_phys_page_debug = m68k_cpu_get_phys_page_debug;
 #endif
 cc->disas_set_info = m68k_cpu_disas_set_info;
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index c60564a047..c3c4493bd0 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -116,6 +116,11 @@ typedef struct CPUM68KState {
 /* MMU status.  */
 struct {
 uint32_t ar;
+uint32_t ssw;
+/* 68040 */
+uint16_t tcr;
+uint32_t urp;
+uint32_t srp;
 } mmu;
 
 /* Control registers.  */
@@ -226,6 +231,90 @@ typedef enum {
 #define M68K_USP1
 #define M68K_ISP2
 
+/* bits for 68040 special status word */
+#define M68K_CP_040  0x8000
+#define M68K_CU_040  0x4000
+#define M68K_CT_040  0x2000
+#define M68K_CM_040  0x1000
+#define M68K_MA_040  0x0800
+#define M68K_ATC_040 0x0400
+#define M68K_LK_040  0x0200
+#define M68K_RW_040  0x0100
+#define M68K_SIZ_040 0x0060
+#define M68K_TT_040  0x0018
+#define M68K_TM_040  0x0007
+
+#define M68K_TM_040_DATA  0x0001
+#define M68K_TM_040_CODE  0x0002
+#define M68K_TM_040_SUPER 0x0004
+
+/* bits for 68040 write back status word */
+#define M68K_WBV_040   0x80
+#define M68K_WBSIZ_040 0x60
+#define M68K_WBBYT_040 0x20
+#define M68K_WBWRD_040 0x40
+#define M68K_WBLNG_040 0x00
+#define M68K_WBTT_040  0x18
+#define M68K_WBTM_040  0x07
+
+/* bus access size codes */
+#define M68K_BA_SIZE_MASK0x60
+#define M68K_BA_SIZE_BYTE0x20
+#define M68K_BA_SIZE_WORD0x40
+#define M68K_BA_SIZE_LONG0x00
+#define M68K_BA_SIZE_LINE0x60
+
+/* bus access transfer type codes */
+#define M68K_BA_TT_MOVE160x08
+
+/* bits for 68040 MMU status register (mmusr) */
+#define M68K_MMU_B_040   0x0800
+#define M68K_MMU_G_040   0x0400
+#define M68K_MMU_U1_040  0x0200
+#define M68K_MMU_U0_040  0x0100
+#define M68K_MMU_S_040   0x0080
+#define M68K_MMU_CM_040  0x0060
+#define M68K_MMU_M_040   0x0010
+#define M68K_MMU_WP_040  0x0004
+#define M68K_MMU_T_040   0x0002
+#define M68K_MMU_R_040   0x0001
+
+#define M68K_MMU_SR_MASK_040 (M68K_MMU_G_040 | M68K_MMU_U1_040 | \
+  M68K_MMU_U0_040 | M68K_MMU_S_040 | \
+  M68K_MMU_CM_040 | M68K_MMU_M_040 | \
+  M68K_MMU_WP_040)
+
+/* bits for 68040 MMU Translation Control Register */
+#define M68K_TCR_ENABLED 0x8000
+#define M68K_TCR_PAGE_8K 0x4000
+
+/* bits for 68040 MMU Table Descriptor / Page Descriptor / TTR */
+#define M68K_DESC_WRITEPROT 0x0004
+#define M68K_DESC_USED  0x0008
+#define M68K_DESC_MODIFIED  0x0010
+#define M68K_DESC_CACHEMODE 0x0060
+#define M68K_DESC_CM_WRTHRU 0x
+#define M68K_DESC_CM_COPYBK 0x0020
+#define M68K_DESC_CM_SERIAL 0x0040
+#define M68K_DESC_CM_NCACHE 0x0060
+#define M68K_DESC_SUPERONLY 0x0080
+#define M68K_DESC_USERATTR  0x0300
+#define M68K_DESC_USERATTR_SHIFT 8
+#define M68K_DESC_GLOBAL0x0400
+#define M68K_DESC_URESERVED 0x0800
+
+#define M68K_POINTER_BASE(entry)(entry & ~0x1ff)
+#define M68K_ROOT_INDEX(addr)   ((address >> 23) & 0x1fc)
+#define M68K_POINTER_INDEX(addr)((address >> 16) & 0x1fc)
+#define M68K_4K_PAGE_BASE(entry)(next & ~0xff)
+#define M68K_4K_PAGE_INDEX(addr)((address >> 10) & 0xfc)
+#define M68K_8K_PAGE_BASE(entry)(next & ~0x7f)
+#define M68K_8K_PAGE_INDEX(addr)((address >> 11) & 0x7c)
+#define M68K_UDT_VALID(entry)   (entry & 2)
+#define M68K_PDT_VALID(entry)   (entry & 3)
+#define M68K_PDT_INDIRECT(entry)((entry & 3) == 2)
+#define M68K_INDIRECT_POINTER(addr) (addr & ~3)
+
 /* m68k Control Registers */
 
 /* ColdFire */
@@ -398,6 +487,16 @@ void register_m68k_insns (CPUM68KState *env);
 #define TARGET_PAGE_BITS 10
 #endif
 
+enum {
+/* 1 bit to define user level / supervisor access */
+ACCESS_SUPER = 0x01,

[Qemu-devel] [PATCH 0/6] target/m68k: supervisor mode (part 2)

[Laurent Vivier]

This series introduces the MC68040 MMU.

But first of all, we need to modify the prototype
of tlb_fill() and handle_mmu_fault handler to pass
the size of the access. MC68040 stores this value
in the exception stack frame.

Following patches add:
- MMU page table and fault handlers,
- Transparent Translation Registers
- instruction "moves" to move data
  between user and kernel space
- instructions pflush/ptest, to flush TLB and
  convert virtual address to physical address
- "info tlb" HMP command

I have tested it doesn't break QEMU linux-user mode
emulation and coldfire softmmu machine.

With the help of these patches I'm able to start
a debian etch-m68k, but the following patches
are still missing in master:
- m68k softfloat series
- Quadra 800 machine emulation series
  (VIA emulation, Nubus emulation,
   ESCC control/data address bit selector,
   video card emulation, ESP Pseudo-DMA,
   SWIM floppy controller, Apple Sound Chip
   emulation, and some big-endian fixes for
   dp8393x)

Laurent Vivier (6):
  accel/tcg: add size paremeter in tlb_fill()
  target/m68k: add MC68040 MMU
  target/m68k: add Transparent Translation
  target/m68k: add moves
  target/m68k: add pflush/ptest
  target/m68k: add HMP command "info tlb"

 accel/tcg/cputlb.c|  13 +-
 accel/tcg/softmmu_template.h  |  14 +-
 accel/tcg/user-exec.c |   2 +-
 hmp-commands-info.hx  |   2 +-
 include/exec/exec-all.h   |   6 +-
 include/qom/cpu.h |   2 +-
 target/alpha/cpu.h|   2 +-
 target/alpha/helper.c |   4 +-
 target/alpha/mem_helper.c |   6 +-
 target/arm/cpu.c  |   4 +-
 target/arm/op_helper.c|   4 +-
 target/cris/cpu.h |   2 +-
 target/cris/helper.c  |   4 +-
 target/cris/op_helper.c   |   6 +-
 target/hppa/cpu.h |   3 +-
 target/hppa/helper.c  |   2 +-
 target/hppa/op_helper.c   |   2 +-
 target/i386/cpu.h |   2 +-
 target/i386/excp_helper.c |   4 +-
 target/i386/mem_helper.c  |   6 +-
 target/lm32/cpu.h |   2 +-
 target/lm32/helper.c  |   2 +-
 target/lm32/op_helper.c   |   6 +-
 target/m68k/cpu.c |   4 +-
 target/m68k/cpu.h | 129 +++-
 target/m68k/helper.c  | 673 +-
 target/m68k/helper.h  |   4 +
 target/m68k/monitor.c |  22 ++
 target/m68k/op_helper.c   | 102 ++-
 target/m68k/qregs.def |   2 +
 target/m68k/translate.c   | 112 +++
 target/microblaze/cpu.h   |   2 +-
 target/microblaze/helper.c|   4 +-
 target/microblaze/op_helper.c |   6 +-
 target/mips/helper.c  |   2 +-
 target/mips/internal.h|   2 +-
 target/mips/op_helper.c   |  10 +-
 target/moxie/cpu.h|   2 +-
 target/moxie/helper.c |  10 +-
 target/nios2/cpu.h|   2 +-
 target/nios2/helper.c |   6 +-
 target/nios2/mmu.c|   6 +-
 target/openrisc/cpu.h |   2 +-
 target/openrisc/mmu.c |   8 +-
 target/openrisc/mmu_helper.c  |   6 +-
 target/ppc/cpu.h  |   2 +-
 target/ppc/mmu_helper.c   |   4 +-
 target/ppc/user_only_helper.c |   2 +-
 target/s390x/excp_helper.c|   4 +-
 target/s390x/internal.h   |   2 +-
 target/s390x/mem_helper.c |   8 +-
 target/sh4/cpu.h  |   2 +-
 target/sh4/helper.c   |   4 +-
 target/sh4/op_helper.c|   6 +-
 target/sparc/cpu.h|   2 +-
 target/sparc/ldst_helper.c|   6 +-
 target/sparc/mmu_helper.c |   6 +-
 target/tilegx/cpu.c   |   4 +-
 target/tricore/op_helper.c|   4 +-
 target/unicore32/cpu.h|   2 +-
 target/unicore32/helper.c |   2 +-
 target/unicore32/op_helper.c  |   6 +-
 target/unicore32/softmmu.c|   2 +-
 target/xtensa/op_helper.c |   4 +-
 64 files changed, 1156 insertions(+), 132 deletions(-)

-- 
2.14.3

[Qemu-devel] [PATCH 3/6] target/m68k: add Transparent Translation

[Laurent Vivier]

Add ittr0, ittr1, dttr0, dttr1 and manage Transparent Translations

Signed-off-by: Laurent Vivier 
---
 target/m68k/cpu.h   | 18 +++
 target/m68k/helper.c| 79 +
 target/m68k/monitor.c   |  4 +++
 target/m68k/translate.c |  3 ++
 4 files changed, 104 insertions(+)

diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index c3c4493bd0..60e669c3b4 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -76,6 +76,14 @@
 #define EXCP_RTE0x100
 #define EXCP_HALT_INSN  0x101
 
+#define M68K_DTTR0   0
+#define M68K_DTTR1   1
+#define M68K_ITTR0   2
+#define M68K_ITTR1   3
+
+#define M68K_MAX_TTR 2
+#define TTR(type, index) ttr[((type & ACCESS_CODE) == ACCESS_CODE) * 2 + index]
+
 #define NB_MMU_MODES 2
 #define TARGET_INSN_START_EXTRA_WORDS 1
 
@@ -121,6 +129,7 @@ typedef struct CPUM68KState {
 uint16_t tcr;
 uint32_t urp;
 uint32_t srp;
+uint32_t ttr[4];
 } mmu;
 
 /* Control registers.  */
@@ -315,6 +324,15 @@ typedef enum {
 #define M68K_PDT_INDIRECT(entry)((entry & 3) == 2)
 #define M68K_INDIRECT_POINTER(addr) (addr & ~3)
 
+/* bits for 68040 MMU Transparent Translation Registers */
+#define M68K_TTR_ADDR_BASE 0xff00
+#define M68K_TTR_ADDR_MASK 0x00ff
+#define M68K_TTR_ADDR_MASK_SHIFT8
+#define M68K_TTR_ENABLED   0x8000
+#define M68K_TTR_SFIELD0x6000
+#define M68K_TTR_SFIELD_USER   0x
+#define M68K_TTR_SFIELD_SUPER  0x2000
+
 /* m68k Control Registers */
 
 /* ColdFire */
diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index c25c99c0fb..c5b436d382 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -230,6 +230,19 @@ void HELPER(m68k_movec_to)(CPUM68KState *env, uint32_t 
reg, uint32_t val)
 case M68K_CR_ISP:
 env->sp[M68K_ISP] = val;
 return;
+/* MC68040/MC68LC040 */
+case M68K_CR_ITT0:
+env->mmu.ttr[M68K_ITTR0] = val;
+return;
+case M68K_CR_ITT1:
+ env->mmu.ttr[M68K_ITTR1] = val;
+return;
+case M68K_CR_DTT0:
+env->mmu.ttr[M68K_DTTR0] = val;
+return;
+case M68K_CR_DTT1:
+env->mmu.ttr[M68K_DTTR1] = val;
+return;
 }
 cpu_abort(CPU(cpu), "Unimplemented control register write 0x%x = 0x%x\n",
   reg, val);
@@ -260,6 +273,14 @@ uint32_t HELPER(m68k_movec_from)(CPUM68KState *env, 
uint32_t reg)
 /* MC68040/MC68LC040 */
 case M68K_CR_URP:
 return env->mmu.urp;
+case M68K_CR_ITT0:
+return env->mmu.ttr[M68K_ITTR0];
+case M68K_CR_ITT1:
+return env->mmu.ttr[M68K_ITTR1];
+case M68K_CR_DTT0:
+return env->mmu.ttr[M68K_DTTR0];
+case M68K_CR_DTT1:
+return env->mmu.ttr[M68K_DTTR1];
 }
 cpu_abort(CPU(cpu), "Unimplemented control register read 0x%x\n",
   reg);
@@ -338,6 +359,53 @@ int m68k_cpu_handle_mmu_fault(CPUState *cs, vaddr address, 
int size, int rw,
 
 /* MMU: 68040 only */
 
+static int check_TTR(uint32_t ttr, int *prot, target_ulong addr,
+ int access_type)
+{
+uint32_t base, mask;
+
+/* check if transparent translation is enabled */
+if ((ttr & M68K_TTR_ENABLED) == 0) {
+return 0;
+}
+
+/* check mode access */
+switch (ttr & M68K_TTR_SFIELD) {
+case M68K_TTR_SFIELD_USER:
+/* match only if user */
+if ((access_type & ACCESS_SUPER) != 0) {
+return 0;
+}
+break;
+case M68K_TTR_SFIELD_SUPER:
+/* match only if supervisor */
+if ((access_type & ACCESS_SUPER) == 0) {
+return 0;
+}
+break;
+default:
+/* all other values disable mode matching (FC2) */
+break;
+}
+
+/* check address matching */
+
+base = ttr & M68K_TTR_ADDR_BASE;
+mask = (ttr & M68K_TTR_ADDR_MASK) ^ M68K_TTR_ADDR_MASK;
+mask <<= M68K_TTR_ADDR_MASK_SHIFT;
+
+if ((addr & mask) != (base & mask)) {
+return 0;
+}
+
+*prot = PAGE_READ | PAGE_EXEC;
+if ((ttr & M68K_DESC_WRITEPROT) == 0) {
+*prot |= PAGE_WRITE;
+}
+
+return 1;
+}
+
 static int get_physical_address(CPUM68KState *env, hwaddr *physical,
 int *prot, target_ulong address,
 int access_type, target_ulong *page_size)
@@ -347,6 +415,17 @@ static int get_physical_address(CPUM68KState *env, hwaddr 
*physical,
 uint32_t page_offset;
 uint32_t entry;
 uint32_t next;
+int i;
+
+/* Transparent Translation (physical = logical) */
+for (i = 0; i < M68K_MAX_TTR; i++) {
+if (check_TTR(env->mmu.TTR(access_type, i),
+  prot, address, access_type)) {
+*physical = address;
+*page_size = TARGET_PAGE_SIZE;
+return 0;
+}
+}
 
 /* Page Table Root Pointer */
 *prot = PAGE_READ | PAGE_WRITE;
diff --git a/target/m68k/monitor.c 

Re: [Qemu-devel] [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge

[Paolo Bonzini]

- Original Message -
> From: "Eduardo Habkost" 
> To: "Paolo Bonzini" 
> Cc: "Vincent Bernat" , "Richard Henderson" 
> , qemu-devel@nongnu.org
> Sent: Monday, January 8, 2018 11:56:25 PM
> Subject: Re: [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge
> 
> On Mon, Jan 08, 2018 at 05:37:16PM -0500, Paolo Bonzini wrote:
> > 
> > 
> > - Original Message -
> > > From: "Eduardo Habkost" 
> > > To: "Vincent Bernat" 
> > > Cc: "Paolo Bonzini" , "Richard Henderson"
> > > , qemu-devel@nongnu.org
> > > Sent: Monday, January 8, 2018 10:16:23 PM
> > > Subject: Re: [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy
> > > Bridge
> > > 
> > > On Mon, Jan 08, 2018 at 09:50:52PM +0100, Vincent Bernat wrote:
> > > > PCID has been introduced in Sandy Bridge and, currently, KVM doesn't
> > > > object exposing it to VM as long as it is present on the host. Update
> > > > CPU model for both Sandy Bridge and Ivy Bridge accordingly.
> > > > 
> > > > Signed-off-by: Vincent Bernat 
> > > 
> > > Thanks for your patch.
> > > 
> > > We need two things, though:
> > > 
> > > First, confirming that all hosts where the SandyBridge and
> > > IvyBridge CPU models are runnable will support exposing PCID to
> > > guests (otherwise updating QEMU can make a runnable VM
> > > configuration suddenly stop being runnable).  This can happen if
> > > the host kernel is too old.
> > 
> > I've been reading it's also Westmere.  I'll check more carefully tomorrow.
> > The difference between consumer and server SKUs is important too.
> > 
> > > One possible way to work around this problem is to declare that
> > > QEMU 2.12 with KVM will require Linux v3.6 and newer (because we
> > > need Linux kernel commit ad756a1603c5 "KVM: VMX: Implement
> > > PCID/INVPCID for guests with EPT").
> > 
> > Note that PCID is still not supported for guests without EPT, so
> > this would break ept=0 with recent "-cpu" models.  I'm not sure of
> > a way to fix it; probably it just has to be documented.
> 
> GET_SUPPORTED_CPUID seems to still return PCID as supported
> without EPT, doesn't it?

Indeed it is!  It will also be useful for KPTI performance without
INVPCID, but it won't be useful without EPT.

Paolo

> (BTW, is PCID useful for KPTI performance without INVPCID?)

Re: [Qemu-devel] [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge

[Eduardo Habkost]

On Mon, Jan 08, 2018 at 05:37:16PM -0500, Paolo Bonzini wrote:
> 
> 
> - Original Message -
> > From: "Eduardo Habkost" 
> > To: "Vincent Bernat" 
> > Cc: "Paolo Bonzini" , "Richard Henderson" 
> > , qemu-devel@nongnu.org
> > Sent: Monday, January 8, 2018 10:16:23 PM
> > Subject: Re: [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy 
> > Bridge
> > 
> > On Mon, Jan 08, 2018 at 09:50:52PM +0100, Vincent Bernat wrote:
> > > PCID has been introduced in Sandy Bridge and, currently, KVM doesn't
> > > object exposing it to VM as long as it is present on the host. Update
> > > CPU model for both Sandy Bridge and Ivy Bridge accordingly.
> > > 
> > > Signed-off-by: Vincent Bernat 
> > 
> > Thanks for your patch.
> > 
> > We need two things, though:
> > 
> > First, confirming that all hosts where the SandyBridge and
> > IvyBridge CPU models are runnable will support exposing PCID to
> > guests (otherwise updating QEMU can make a runnable VM
> > configuration suddenly stop being runnable).  This can happen if
> > the host kernel is too old.
> 
> I've been reading it's also Westmere.  I'll check more carefully tomorrow.
> The difference between consumer and server SKUs is important too.
> 
> > One possible way to work around this problem is to declare that
> > QEMU 2.12 with KVM will require Linux v3.6 and newer (because we
> > need Linux kernel commit ad756a1603c5 "KVM: VMX: Implement
> > PCID/INVPCID for guests with EPT").
> 
> Note that PCID is still not supported for guests without EPT, so
> this would break ept=0 with recent "-cpu" models.  I'm not sure of
> a way to fix it; probably it just has to be documented.

GET_SUPPORTED_CPUID seems to still return PCID as supported
without EPT, doesn't it?

(BTW, is PCID useful for KPTI performance without INVPCID?)

-- 
Eduardo

Re: [Qemu-devel] [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge

[Paolo Bonzini]

- Original Message -
> From: "Eduardo Habkost" 
> To: "Vincent Bernat" 
> Cc: "Paolo Bonzini" , "Richard Henderson" 
> , qemu-devel@nongnu.org
> Sent: Monday, January 8, 2018 10:16:23 PM
> Subject: Re: [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge
> 
> On Mon, Jan 08, 2018 at 09:50:52PM +0100, Vincent Bernat wrote:
> > PCID has been introduced in Sandy Bridge and, currently, KVM doesn't
> > object exposing it to VM as long as it is present on the host. Update
> > CPU model for both Sandy Bridge and Ivy Bridge accordingly.
> > 
> > Signed-off-by: Vincent Bernat 
> 
> Thanks for your patch.
> 
> We need two things, though:
> 
> First, confirming that all hosts where the SandyBridge and
> IvyBridge CPU models are runnable will support exposing PCID to
> guests (otherwise updating QEMU can make a runnable VM
> configuration suddenly stop being runnable).  This can happen if
> the host kernel is too old.

I've been reading it's also Westmere.  I'll check more carefully tomorrow.
The difference between consumer and server SKUs is important too.

> One possible way to work around this problem is to declare that
> QEMU 2.12 with KVM will require Linux v3.6 and newer (because we
> need Linux kernel commit ad756a1603c5 "KVM: VMX: Implement
> PCID/INVPCID for guests with EPT").

Note that PCID is still not supported for guests without EPT, so
this would break ept=0 with recent "-cpu" models.  I'm not sure of
a way to fix it; probably it just has to be documented.

Paolo

Re: [Qemu-devel] [PATCH v5 04/31] sdhci: add clock capabilities (Spec v1)

[Philippe Mathieu-Daudé]

On 01/08/2018 07:22 PM, Alistair Francis wrote:
> On Mon, Jan 8, 2018 at 7:42 AM, Philippe Mathieu-Daudé  
> wrote:
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  include/hw/sd/sdhci.h |  2 ++
>>  hw/sd/sdhci.c | 52 
>> +++
>>  2 files changed, 34 insertions(+), 20 deletions(-)
>>
>> diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h
>> index 2703da1d5a..c1602becd2 100644
>> --- a/include/hw/sd/sdhci.h
>> +++ b/include/hw/sd/sdhci.h
>> @@ -103,6 +103,8 @@ typedef struct SDHCIState {
>>  bool pending_insert_quirk; /* Quirk for Raspberry Pi card insert int */
>>  uint8_t spec_version;
>>  struct {
>> +uint8_t timeout_clk_freq, base_clk_freq_mhz;
>> +bool timeout_clk_in_mhz;
>>  uint16_t max_blk_len;
>>  bool suspend;
>>  bool high_speed;
>> diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
>> index c78643fe54..05681c86d6 100644
>> --- a/hw/sd/sdhci.c
>> +++ b/hw/sd/sdhci.c
>> @@ -46,36 +46,31 @@
>>  #define SDHC_CAPAB_64BITBUS   0ul/* 64-bit System Bus Support */
>>  #define SDHC_CAPAB_ADMA1  1ul/* ADMA1 support */
>>  #define SDHC_CAPAB_ADMA2  1ul/* ADMA2 support */
>> -/* Maximum clock frequency for SDclock in MHz
>> - * value in range 10-63 MHz, 0 - not defined */
>> -#define SDHC_CAPAB_BASECLKFREQ52ul
>> -#define SDHC_CAPAB_TOUNIT 1ul  /* Timeout clock unit 0 - kHz, 1 - 
>> MHz */
>> -/* Timeout clock frequency 1-63, 0 - not defined */
>> -#define SDHC_CAPAB_TOCLKFREQ  52ul
>>
>>  /* Now check all parameters and calculate CAPABILITIES REGISTER value */
>> -#if SDHC_CAPAB_64BITBUS > 1 || SDHC_CAPAB_ADMA2 > 1 || SDHC_CAPAB_ADMA1 > 1 
>> || \
>> -SDHC_CAPAB_TOUNIT > 1
>> +#if SDHC_CAPAB_64BITBUS > 1 || SDHC_CAPAB_ADMA2 > 1 || SDHC_CAPAB_ADMA1 > 1
>>  #error Capabilities features can have value 0 or 1 only!
>>  #endif
>>
>> -#if (SDHC_CAPAB_BASECLKFREQ > 0 && SDHC_CAPAB_BASECLKFREQ < 10) || \
>> -SDHC_CAPAB_BASECLKFREQ > 63
>> -#error SDclock frequency can have value in range 0, 10-63 only!
>> -#endif
>> -
>> -#if SDHC_CAPAB_TOCLKFREQ > 63
>> -#error Timeout clock frequency can have value in range 0-63 only!
>> -#endif
>> -
>>  #define SDHC_CAPAB_REG_DEFAULT \
>> ((SDHC_CAPAB_64BITBUS << 28) | (SDHC_CAPAB_ADMA1 << 20) |   \
>> -(SDHC_CAPAB_ADMA2 << 19) | \
>> -(SDHC_CAPAB_BASECLKFREQ << 8) | (SDHC_CAPAB_TOUNIT << 7) | \
>> -(SDHC_CAPAB_TOCLKFREQ))
>> +(SDHC_CAPAB_ADMA2 << 19))
>>
>>  #define MASKED_WRITE(reg, mask, val)  (reg = (reg & (mask)) | (val))
>>
>> +static void sdhci_check_capab_freq_range(SDHCIState *s, const char *desc,
>> + uint8_t freq, Error **errp)
>> +{
>> +switch (freq) {
>> +case 0:
>> +case 10 ... 63:
>> +break;
> 
> You are missing a default here.

Thanks, peer review is useful :)

I didn't try qtest expected failures yet, I'll see if it's doable.

> 
> Alistair
> 
>> +error_setg(errp, "SD %s clock frequency can have value"
>> +   "in range 0-63 only", desc);
>> +return;
>> +}
>> +}
>> +
>>  static void sdhci_init_capareg(SDHCIState *s, Error **errp)
>>  {
>>  uint64_t capareg = 0;
>> @@ -83,6 +78,16 @@ static void sdhci_init_capareg(SDHCIState *s, Error 
>> **errp)
>>
>>  switch (s->spec_version) {
>>  case 1:
>> +sdhci_check_capab_freq_range(s, "Timeout", s->cap.timeout_clk_freq,
>> + errp);
>> +capareg = FIELD_DP64(capareg, SDHC_CAPAB, TOCLKFREQ,
>> + s->cap.timeout_clk_freq);
>> +sdhci_check_capab_freq_range(s, "Base", s->cap.base_clk_freq_mhz, 
>> errp);
>> +capareg = FIELD_DP64(capareg, SDHC_CAPAB, BASECLKFREQ,
>> + s->cap.base_clk_freq_mhz);
>> +capareg = FIELD_DP64(capareg, SDHC_CAPAB, TOUNIT,
>> + s->cap.timeout_clk_in_mhz);
>> +
>>  val = ctz32(s->cap.max_blk_len >> 9);
>>  if (val >= 0b11) {
>>  error_setg(errp, "block size can be 512, 1024 or 2048 only");
>> @@ -1304,6 +1309,13 @@ const VMStateDescription sdhci_vmstate = {
>>  static Property sdhci_properties[] = {
>>  DEFINE_PROP_UINT8("sd-spec-version", SDHCIState, spec_version, 2),
>>
>> +/* Timeout clock frequency 1-63, 0 - not defined */
>> +DEFINE_PROP_UINT8("timeout-freq", SDHCIState, cap.timeout_clk_freq, 0),
>> +/* Timeout clock unit 0 - kHz, 1 - MHz */
>> +DEFINE_PROP_BOOL("freq-in-mhz", SDHCIState, cap.timeout_clk_in_mhz, 
>> true),
>> +/* Maximum base clock frequency for SD clock in MHz (range 10-63 MHz, 
>> 0) */
>> +DEFINE_PROP_UINT8("max-frequency", SDHCIState, cap.base_clk_freq_mhz, 
>> 0),
>> +
>>  /* Maximum host controller R/W buffers size
>>   * Possible values: 512, 1024, 2048 bytes 

Re: [Qemu-devel] [Qemu-arm] [PATCH v5 02/31] sdhci: add basic Spec v1 capabilities

[Philippe Mathieu-Daudé]

On 01/08/2018 07:00 PM, Alistair Francis wrote:
> On Mon, Jan 8, 2018 at 7:42 AM, Philippe Mathieu-Daudé  
> wrote:
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  hw/sd/sdhci-internal.h | 22 ++-
>>  include/hw/sd/sdhci.h  |  6 ++
>>  hw/sd/sdhci.c  | 58 
>> --
>>  3 files changed, 69 insertions(+), 17 deletions(-)
>>
>> diff --git a/hw/sd/sdhci-internal.h b/hw/sd/sdhci-internal.h
>> index cf4a055159..6944fcaf00 100644
>> --- a/hw/sd/sdhci-internal.h
>> +++ b/hw/sd/sdhci-internal.h
>> @@ -86,6 +86,9 @@ FIELD(SDHC_PRNSTS, WRITE_PROTECT,  19, 1);
>>
>>  /* R/W Host control Register 0x0 */
>>  #define SDHC_HOSTCTL   0x28
>> +FIELD(SDHC_HOSTCTL, LED_CTRL,  0, 1);
>> +FIELD(SDHC_HOSTCTL, DATATRANSFERWIDTH, 1, 1); /* SD mode only */
>> +FIELD(SDHC_HOSTCTL, HIGH_SPEED,2, 1);
>>  #define SDHC_CTRL_DMA_CHECK_MASK   0x18
>>  #define SDHC_CTRL_SDMA 0x00
>>  #define SDHC_CTRL_ADMA1_32 0x08
>> @@ -96,6 +99,7 @@ FIELD(SDHC_PRNSTS, WRITE_PROTECT,  19, 1);
>>  /* R/W Power Control Register 0x0 */
>>  #define SDHC_PWRCON0x29
>>  #define SDHC_POWER_ON  (1 << 0)
>> +FIELD(SDHC_PWRCON, BUS_VOLTAGE,1, 3);
>>
>>  /* R/W Block Gap Control Register 0x0 */
>>  #define SDHC_BLKGAP0x2A
>> @@ -118,6 +122,7 @@ FIELD(SDHC_PRNSTS, WRITE_PROTECT,  19, 1);
>>
>>  /* R/W Timeout Control Register 0x0 */
>>  #define SDHC_TIMEOUTCON0x2E
>> +FIELD(SDHC_TIMEOUTCON, COUNTER,0, 4);
>>
>>  /* R/W Software Reset Register 0x0 */
>>  #define SDHC_SWRST 0x2F
>> @@ -174,17 +179,32 @@ FIELD(SDHC_PRNSTS, WRITE_PROTECT,  19, 1);
>>
>>  /* ROC Auto CMD12 error status register 0x0 */
>>  #define SDHC_ACMD12ERRSTS  0x3C
>> +FIELD(SDHC_ACMD12ERRSTS, TIMEOUT_ERR,  1, 1);
>> +FIELD(SDHC_ACMD12ERRSTS, CRC_ERR,  2, 1);
>> +FIELD(SDHC_ACMD12ERRSTS, INDEX_ERR,4, 1);
>>
>>  /* HWInit Capabilities Register 0x05E80080 */
>>  #define SDHC_CAPAB 0x40
>> -#define SDHC_CAN_DO_DMA0x0040
>>  #define SDHC_CAN_DO_ADMA2  0x0008
>>  #define SDHC_CAN_DO_ADMA1  0x0010
>>  #define SDHC_64_BIT_BUS_SUPPORT(1 << 28)
>>  #define SDHC_CAPAB_BLOCKSIZE(x)(((x) >> 16) & 0x3)
>> +FIELD(SDHC_CAPAB, TOCLKFREQ,   0, 6);
>> +FIELD(SDHC_CAPAB, TOUNIT,  7, 1);
>> +FIELD(SDHC_CAPAB, BASECLKFREQ, 8, 8);
>> +FIELD(SDHC_CAPAB, MAXBLOCKLENGTH, 16, 2);
>> +FIELD(SDHC_CAPAB, HIGHSPEED,  21, 1);
>> +FIELD(SDHC_CAPAB, SDMA,   22, 1);
>> +FIELD(SDHC_CAPAB, SUSPRESUME, 23, 1);
>> +FIELD(SDHC_CAPAB, V33,24, 1);
>> +FIELD(SDHC_CAPAB, V30,25, 1);
>> +FIELD(SDHC_CAPAB, V18,26, 1);
>>
>>  /* HWInit Maximum Current Capabilities Register 0x0 */
>>  #define SDHC_MAXCURR   0x48
>> +FIELD(SDHC_MAXCURR, V33_VDD1,  0, 8);
>> +FIELD(SDHC_MAXCURR, V30_VDD1,  8, 8);
>> +FIELD(SDHC_MAXCURR, V18_VDD1, 16, 8);
>>
>>  /* W Force Event Auto CMD12 Error Interrupt Register 0x */
>>  #define SDHC_FEAER 0x50
>> diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h
>> index ddd5040410..266030dc8d 100644
>> --- a/include/hw/sd/sdhci.h
>> +++ b/include/hw/sd/sdhci.h
>> @@ -102,6 +102,12 @@ typedef struct SDHCIState {
>>  /* Configurable properties */
>>  bool pending_insert_quirk; /* Quirk for Raspberry Pi card insert int */
>>  uint8_t spec_version;
>> +struct {
>> +bool suspend;
>> +bool high_speed;
>> +bool sdma;
>> +bool v33, v30, v18;
>> +} cap;
>>  } SDHCIState;
>>
>>  #define TYPE_PCI_SDHCI "sdhci-pci"
>> diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
>> index cd4a8efdd7..e7dbab2fdc 100644
>> --- a/hw/sd/sdhci.c
>> +++ b/hw/sd/sdhci.c
>> @@ -44,12 +44,6 @@
>>   * 0 - not supported, 1 - supported, other - prohibited.
>>   */
>>  #define SDHC_CAPAB_64BITBUS   0ul/* 64-bit System Bus Support */
>> -#define SDHC_CAPAB_18V1ul/* Voltage support 1.8v */
>> -#define SDHC_CAPAB_30V0ul/* Voltage support 3.0v */
>> -#define SDHC_CAPAB_33V1ul/* Voltage support 3.3v */
>> -#define SDHC_CAPAB_SUSPRESUME 0ul/* Suspend/resume support */
>> -#define SDHC_CAPAB_SDMA   1ul/* SDMA support */
>> -#define SDHC_CAPAB_HIGHSPEED  1ul/* High speed support */
>>  #define SDHC_CAPAB_ADMA1  1ul/* ADMA1 support */
>>  #define SDHC_CAPAB_ADMA2  1ul/* ADMA2 support */
>>  /* Maximum host controller R/W buffers size
>> @@ -63,9 +57,7 @@
>>  #define SDHC_CAPAB_TOCLKFREQ  52ul
>>
>>  /* Now check all parameters and calculate CAPABILITIES REGISTER value */
>> -#if SDHC_CAPAB_64BITBUS > 1 || 

Re: [Qemu-devel] [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge

[Eduardo Habkost]

On Mon, Jan 08, 2018 at 11:22:36PM +0100, Vincent Bernat wrote:
>  ❦  8 janvier 2018 20:14 -0200, Eduardo Habkost  :
> 
> >> What are the consequences of running a too old kernel? Would KVM just
> >> hide PCID flag?
> >
> > On an old kernel, the SandyBridge and IvyBridge CPU models will
> > be unexpectedly become not runnable.
> 
> But, isn't it the same for more recent models that already have PCID
> enabled?

Yes, the more recent models are already not runnable on those
hosts.  The key here is "unexpectedly": management software can
assume that the CPU model won't become unrunnable when it was
runnable in the past, and logic that decides if/where a VM can be
started (or migrated to) might break.

-- 
Eduardo

Re: [Qemu-devel] [PATCH v5 04/31] sdhci: add clock capabilities (Spec v1)

[Alistair Francis]

On Mon, Jan 8, 2018 at 7:42 AM, Philippe Mathieu-Daudé  wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/sd/sdhci.h |  2 ++
>  hw/sd/sdhci.c | 52 
> +++
>  2 files changed, 34 insertions(+), 20 deletions(-)
>
> diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h
> index 2703da1d5a..c1602becd2 100644
> --- a/include/hw/sd/sdhci.h
> +++ b/include/hw/sd/sdhci.h
> @@ -103,6 +103,8 @@ typedef struct SDHCIState {
>  bool pending_insert_quirk; /* Quirk for Raspberry Pi card insert int */
>  uint8_t spec_version;
>  struct {
> +uint8_t timeout_clk_freq, base_clk_freq_mhz;
> +bool timeout_clk_in_mhz;
>  uint16_t max_blk_len;
>  bool suspend;
>  bool high_speed;
> diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
> index c78643fe54..05681c86d6 100644
> --- a/hw/sd/sdhci.c
> +++ b/hw/sd/sdhci.c
> @@ -46,36 +46,31 @@
>  #define SDHC_CAPAB_64BITBUS   0ul/* 64-bit System Bus Support */
>  #define SDHC_CAPAB_ADMA1  1ul/* ADMA1 support */
>  #define SDHC_CAPAB_ADMA2  1ul/* ADMA2 support */
> -/* Maximum clock frequency for SDclock in MHz
> - * value in range 10-63 MHz, 0 - not defined */
> -#define SDHC_CAPAB_BASECLKFREQ52ul
> -#define SDHC_CAPAB_TOUNIT 1ul  /* Timeout clock unit 0 - kHz, 1 - 
> MHz */
> -/* Timeout clock frequency 1-63, 0 - not defined */
> -#define SDHC_CAPAB_TOCLKFREQ  52ul
>
>  /* Now check all parameters and calculate CAPABILITIES REGISTER value */
> -#if SDHC_CAPAB_64BITBUS > 1 || SDHC_CAPAB_ADMA2 > 1 || SDHC_CAPAB_ADMA1 > 1 
> || \
> -SDHC_CAPAB_TOUNIT > 1
> +#if SDHC_CAPAB_64BITBUS > 1 || SDHC_CAPAB_ADMA2 > 1 || SDHC_CAPAB_ADMA1 > 1
>  #error Capabilities features can have value 0 or 1 only!
>  #endif
>
> -#if (SDHC_CAPAB_BASECLKFREQ > 0 && SDHC_CAPAB_BASECLKFREQ < 10) || \
> -SDHC_CAPAB_BASECLKFREQ > 63
> -#error SDclock frequency can have value in range 0, 10-63 only!
> -#endif
> -
> -#if SDHC_CAPAB_TOCLKFREQ > 63
> -#error Timeout clock frequency can have value in range 0-63 only!
> -#endif
> -
>  #define SDHC_CAPAB_REG_DEFAULT \
> ((SDHC_CAPAB_64BITBUS << 28) | (SDHC_CAPAB_ADMA1 << 20) |   \
> -(SDHC_CAPAB_ADMA2 << 19) | \
> -(SDHC_CAPAB_BASECLKFREQ << 8) | (SDHC_CAPAB_TOUNIT << 7) | \
> -(SDHC_CAPAB_TOCLKFREQ))
> +(SDHC_CAPAB_ADMA2 << 19))
>
>  #define MASKED_WRITE(reg, mask, val)  (reg = (reg & (mask)) | (val))
>
> +static void sdhci_check_capab_freq_range(SDHCIState *s, const char *desc,
> + uint8_t freq, Error **errp)
> +{
> +switch (freq) {
> +case 0:
> +case 10 ... 63:
> +break;

You are missing a default here.

Alistair

> +error_setg(errp, "SD %s clock frequency can have value"
> +   "in range 0-63 only", desc);
> +return;
> +}
> +}
> +
>  static void sdhci_init_capareg(SDHCIState *s, Error **errp)
>  {
>  uint64_t capareg = 0;
> @@ -83,6 +78,16 @@ static void sdhci_init_capareg(SDHCIState *s, Error **errp)
>
>  switch (s->spec_version) {
>  case 1:
> +sdhci_check_capab_freq_range(s, "Timeout", s->cap.timeout_clk_freq,
> + errp);
> +capareg = FIELD_DP64(capareg, SDHC_CAPAB, TOCLKFREQ,
> + s->cap.timeout_clk_freq);
> +sdhci_check_capab_freq_range(s, "Base", s->cap.base_clk_freq_mhz, 
> errp);
> +capareg = FIELD_DP64(capareg, SDHC_CAPAB, BASECLKFREQ,
> + s->cap.base_clk_freq_mhz);
> +capareg = FIELD_DP64(capareg, SDHC_CAPAB, TOUNIT,
> + s->cap.timeout_clk_in_mhz);
> +
>  val = ctz32(s->cap.max_blk_len >> 9);
>  if (val >= 0b11) {
>  error_setg(errp, "block size can be 512, 1024 or 2048 only");
> @@ -1304,6 +1309,13 @@ const VMStateDescription sdhci_vmstate = {
>  static Property sdhci_properties[] = {
>  DEFINE_PROP_UINT8("sd-spec-version", SDHCIState, spec_version, 2),
>
> +/* Timeout clock frequency 1-63, 0 - not defined */
> +DEFINE_PROP_UINT8("timeout-freq", SDHCIState, cap.timeout_clk_freq, 0),
> +/* Timeout clock unit 0 - kHz, 1 - MHz */
> +DEFINE_PROP_BOOL("freq-in-mhz", SDHCIState, cap.timeout_clk_in_mhz, 
> true),
> +/* Maximum base clock frequency for SD clock in MHz (range 10-63 MHz, 0) 
> */
> +DEFINE_PROP_UINT8("max-frequency", SDHCIState, cap.base_clk_freq_mhz, 0),
> +
>  /* Maximum host controller R/W buffers size
>   * Possible values: 512, 1024, 2048 bytes */
>  DEFINE_PROP_UINT16("max-block-length", SDHCIState, cap.max_blk_len, 512),
> --
> 2.15.1
>
>

Re: [Qemu-devel] [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge

[Vincent Bernat]

 ❦  8 janvier 2018 20:14 -0200, Eduardo Habkost  :

>> What are the consequences of running a too old kernel? Would KVM just
>> hide PCID flag?
>
> On an old kernel, the SandyBridge and IvyBridge CPU models will
> be unexpectedly become not runnable.

But, isn't it the same for more recent models that already have PCID
enabled?
-- 
Extreme fear can neither fight nor fly.
-- William Shakespeare, "The Rape of Lucrece"

Re: [Qemu-devel] [PATCH v5 03/31] sdhci: add max-block-length capability (Spec v1)

[Alistair Francis]

On Mon, Jan 8, 2018 at 7:42 AM, Philippe Mathieu-Daudé  wrote:
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/sd/sdhci-internal.h |  1 -
>  include/hw/sd/sdhci.h  |  1 +
>  hw/sd/sdhci.c  | 38 +-
>  3 files changed, 14 insertions(+), 26 deletions(-)
>
> diff --git a/hw/sd/sdhci-internal.h b/hw/sd/sdhci-internal.h
> index 6944fcaf00..0561e6eaf7 100644
> --- a/hw/sd/sdhci-internal.h
> +++ b/hw/sd/sdhci-internal.h
> @@ -188,7 +188,6 @@ FIELD(SDHC_ACMD12ERRSTS, INDEX_ERR,4, 1);
>  #define SDHC_CAN_DO_ADMA2  0x0008
>  #define SDHC_CAN_DO_ADMA1  0x0010
>  #define SDHC_64_BIT_BUS_SUPPORT(1 << 28)
> -#define SDHC_CAPAB_BLOCKSIZE(x)(((x) >> 16) & 0x3)
>  FIELD(SDHC_CAPAB, TOCLKFREQ,   0, 6);
>  FIELD(SDHC_CAPAB, TOUNIT,  7, 1);
>  FIELD(SDHC_CAPAB, BASECLKFREQ, 8, 8);
> diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h
> index 266030dc8d..2703da1d5a 100644
> --- a/include/hw/sd/sdhci.h
> +++ b/include/hw/sd/sdhci.h
> @@ -103,6 +103,7 @@ typedef struct SDHCIState {
>  bool pending_insert_quirk; /* Quirk for Raspberry Pi card insert int */
>  uint8_t spec_version;
>  struct {
> +uint16_t max_blk_len;
>  bool suspend;
>  bool high_speed;
>  bool sdma;
> diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
> index e7dbab2fdc..c78643fe54 100644
> --- a/hw/sd/sdhci.c
> +++ b/hw/sd/sdhci.c
> @@ -46,9 +46,6 @@
>  #define SDHC_CAPAB_64BITBUS   0ul/* 64-bit System Bus Support */
>  #define SDHC_CAPAB_ADMA1  1ul/* ADMA1 support */
>  #define SDHC_CAPAB_ADMA2  1ul/* ADMA2 support */
> -/* Maximum host controller R/W buffers size
> - * Possible values: 512, 1024, 2048 bytes */
> -#define SDHC_CAPAB_MAXBLOCKLENGTH 512ul
>  /* Maximum clock frequency for SDclock in MHz
>   * value in range 10-63 MHz, 0 - not defined */
>  #define SDHC_CAPAB_BASECLKFREQ52ul
> @@ -62,16 +59,6 @@
>  #error Capabilities features can have value 0 or 1 only!
>  #endif
>
> -#if SDHC_CAPAB_MAXBLOCKLENGTH == 512
> -#define MAX_BLOCK_LENGTH 0ul
> -#elif SDHC_CAPAB_MAXBLOCKLENGTH == 1024
> -#define MAX_BLOCK_LENGTH 1ul
> -#elif SDHC_CAPAB_MAXBLOCKLENGTH == 2048
> -#define MAX_BLOCK_LENGTH 2ul
> -#else
> -#error Max host controller block size can have value 512, 1024 or 2048 only!
> -#endif
> -
>  #if (SDHC_CAPAB_BASECLKFREQ > 0 && SDHC_CAPAB_BASECLKFREQ < 10) || \
>  SDHC_CAPAB_BASECLKFREQ > 63
>  #error SDclock frequency can have value in range 0, 10-63 only!
> @@ -83,7 +70,7 @@
>
>  #define SDHC_CAPAB_REG_DEFAULT \
> ((SDHC_CAPAB_64BITBUS << 28) | (SDHC_CAPAB_ADMA1 << 20) |   \
> -(SDHC_CAPAB_ADMA2 << 19) | (MAX_BLOCK_LENGTH << 16) |  \
> +(SDHC_CAPAB_ADMA2 << 19) | \
>  (SDHC_CAPAB_BASECLKFREQ << 8) | (SDHC_CAPAB_TOUNIT << 7) | \
>  (SDHC_CAPAB_TOCLKFREQ))
>
> @@ -92,9 +79,17 @@
>  static void sdhci_init_capareg(SDHCIState *s, Error **errp)
>  {
>  uint64_t capareg = 0;
> +uint32_t val;
>
>  switch (s->spec_version) {
>  case 1:
> +val = ctz32(s->cap.max_blk_len >> 9);
> +if (val >= 0b11) {
> +error_setg(errp, "block size can be 512, 1024 or 2048 only");
> +return;
> +}
> +capareg = FIELD_DP64(capareg, SDHC_CAPAB, MAXBLOCKLENGTH, val);
> +
>  capareg = FIELD_DP64(capareg, SDHC_CAPAB, HIGHSPEED, 
> s->cap.high_speed);
>  capareg = FIELD_DP64(capareg, SDHC_CAPAB, SDMA, s->cap.sdma);
>  capareg = FIELD_DP64(capareg, SDHC_CAPAB, SUSPRESUME, 
> s->cap.suspend);
> @@ -1175,17 +1170,7 @@ static const MemoryRegionOps sdhci_mmio_ops = {
>
>  static inline unsigned int sdhci_get_fifolen(SDHCIState *s)
>  {
> -switch (SDHC_CAPAB_BLOCKSIZE(s->capareg)) {
> -case 0:
> -return 512;
> -case 1:
> -return 1024;
> -case 2:
> -return 2048;
> -default:
> -hw_error("SDHC: unsupported value for maximum block size\n");
> -return 0;
> -}
> +return 1 << (9 + FIELD_EX32(s->capareg, SDHC_CAPAB, MAXBLOCKLENGTH));
>  }
>
>  static void sdhci_init_readonly_registers(SDHCIState *s, Error **errp)
> @@ -1319,6 +1304,9 @@ const VMStateDescription sdhci_vmstate = {
>  static Property sdhci_properties[] = {
>  DEFINE_PROP_UINT8("sd-spec-version", SDHCIState, spec_version, 2),
>
> +/* Maximum host controller R/W buffers size
> + * Possible values: 512, 1024, 2048 bytes */
> +DEFINE_PROP_UINT16("max-block-length", SDHCIState, cap.max_blk_len, 512),
>  /* DMA */
>  DEFINE_PROP_BOOL("sdma", SDHCIState, cap.sdma, true),
>  /* Suspend/resume support */
> --
> 2.15.1
>
>

Re: [Qemu-devel] [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge

[Eduardo Habkost]

On Mon, Jan 08, 2018 at 10:51:48PM +0100, Vincent Bernat wrote:
>  ❦  8 janvier 2018 19:16 -0200, Eduardo Habkost  :
> 
> > One possible way to work around this problem is to declare that
> > QEMU 2.12 with KVM will require Linux v3.6 and newer (because we
> > need Linux kernel commit ad756a1603c5 "KVM: VMX: Implement
> > PCID/INVPCID for guests with EPT").  I have proposed something
> > similar to allow us to enable kvm_pv_eoi by default, some time
> > ago:
> > https://www.mail-archive.com/qemu-devel@nongnu.org/msg486559.html
> > ("qemu-doc: Document minimum kernel version for KVM in x86_64").
> 
> I don't see a way to probe KVM to know what's supported, so yes.

We do have a way to probe KVM: GET_SUPPORTED_CPUID.  The problem
here is breaking libvirt and management software expectations.

libvirt assumes "stable runnability": a CPU model that is
runnable on a host using QEMU/machine-type version will stay
runnable on the same host after a QEMU or machine-type upgrade.


> Should
> I add a paragraph similar to yours or would your patch be merged soon?

My patch was dropped because we decided to wait a bit before
enabling kvm_pv_eoi by default.  My paragraph could be improved
by a description of what could happen if an older kernel version
is used (see below).


> What are the consequences of running a too old kernel? Would KVM just
> hide PCID flag?

On an old kernel, the SandyBridge and IvyBridge CPU models will
be unexpectedly become not runnable.


> 
> > Second, we need compatibility entries setting pcid=off on
> > PC_COMPAT_2_10 so we don't break compatibility on older
> > machine-types.

(Oops, I should have said PC_COMPAT_2_11 here)

> 
> diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
> index 6f77eb066587..da5bd8304eb0 100644
> --- a/include/hw/i386/pc.h
> +++ b/include/hw/i386/pc.h
> @@ -327,6 +327,14 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t 
> *);
>  .driver   = TYPE_X86_CPU,\
>  .property = "x-hv-max-vps",\
>  .value= "0x40",\
> +},{\
> +.driver   = "SandyBridge-" TYPE_X86_CPU,\
> +.property = "pcid",\
> +.value= "off",\
> +},{\
> +.driver   = "IvyBridge-" TYPE_X86_CPU,\
> +.property = "pcid",\
> +.value= "off",\
>  },{\
>  .driver   = "i440FX-pcihost",\
>  .property = "x-pci-hole64-fix",\

This is correct, but it should be done on PC_COMPAT_2_11 instead
(sorry for my confusion above).

If you don't find PC_COMPAT_2_11 on master, please look for the
"pc: add 2.12 machine types" patch.  I thought it was already
merged on master.  I just queued it on my x86-next tree[1].


[1] https://github.com/ehabkost/qemu x86-next

> 
> I'll resend a proper patch once the first point is cleared.

Thanks!

-- 
Eduardo

Re: [Qemu-devel] [PULL 00/17] M68k for 2.12 patches

[Peter Maydell]

On 4 January 2018 at 16:42, Laurent Vivier  wrote:
> The following changes since commit 281f327487c9c9b1599f93c589a408bbf4a651b8:
>
>   Merge remote-tracking branch 
> 'remotes/vivier/tags/m68k-for-2.12-pull-request' into staging (2017-12-22 
> 00:11:36 +)
>
> are available in the Git repository at:
>
>   git://github.com/vivier/qemu-m68k.git tags/m68k-for-2.12-pull-request
>
> for you to fetch changes up to cc5230267678c26b7f96157086f45fd8a347eb21:
>
>   target/m68k: fix m68k_cpu_dump_state() (2018-01-04 17:24:35 +0100)
>
> 
>
> 
>
> Laurent Vivier (17):
>   target-m68k: sync CC_OP before gen_jmp_tb()
>   target/m68k: fix gen_get_ccr()
>   linux-user, m68k: correctly manage SR in context
>   target/m68k: use insn_pc to generate instruction fault address
>   target/m68k: add CPU_LOG_INT trace
>   target/m68k: manage 680x0 stack frames
>   target/m68k: add chk and chk2
>   target/m68k: add move16
>   target/m68k: softmmu cleanup
>   target/m68k: add cpush/cinv
>   target/m68k: add reset
>   target/m68k: implement fsave/frestore
>   target/m68k: move CCR/SR functions
>   target/m68k: add 680x0 "move to SR" instruction
>   target/m68k: add andi/ori/eori to SR/CCR
>   target/m68k: add the Interrupt Stack Pointer
>   target/m68k: fix m68k_cpu_dump_state()
>

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH 2/2] find_ram_offset: Align ram_addr_t allocation on long boundaries

[Juan Quintela]

"Dr. David Alan Gilbert (git)"  wrote:
> From: "Dr. David Alan Gilbert" 
>
> The dirty bitmaps are built from 'long'sand there is fast-path code
> for synchronising the case where the RAMBlock is aligned to the start
> of a long boundary.  Align the allocation to this boundary
> to cause the fast path to be used.
>
> Offsets before change:
> 11398@1515169675.018566:find_ram_offset size: 0x1e @ 0x800
> 11398@1515169675.020064:find_ram_offset size: 0x2 @ 0x81e
> 11398@1515169675.020244:find_ram_offset size: 0x2 @ 0x820
> 11398@1515169675.024343:find_ram_offset size: 0x100 @ 0x822
> 11398@1515169675.025154:find_ram_offset size: 0x1 @ 0x922
> 11398@1515169675.027682:find_ram_offset size: 0x4 @ 0x923
> 11398@1515169675.032921:find_ram_offset size: 0x20 @ 0x927
> 11398@1515169675.033307:find_ram_offset size: 0x1000 @ 0x947
> 11398@1515169675.033601:find_ram_offset size: 0x1000 @ 0x9471000
>
> after change:
> 10923@1515169108.818245:find_ram_offset size: 0x1e @ 0x800
> 10923@1515169108.819410:find_ram_offset size: 0x2 @ 0x820
> 10923@1515169108.819587:find_ram_offset size: 0x2 @ 0x824
> 10923@1515169108.823708:find_ram_offset size: 0x100 @ 0x828
> 10923@1515169108.824503:find_ram_offset size: 0x1 @ 0x928
> 10923@1515169108.827093:find_ram_offset size: 0x4 @ 0x92c
> 10923@1515169108.833045:find_ram_offset size: 0x20 @ 0x930
> 10923@1515169108.833504:find_ram_offset size: 0x1000 @ 0x950
> 10923@1515169108.833787:find_ram_offset size: 0x1000 @ 0x954
>
> Suggested-by: Paolo Bonzini 
> Signed-off-by: Dr. David Alan Gilbert 

Reviewed-by: Juan Quintela 

Re: [Qemu-devel] [PATCH 1/2] find_ram_offset: Add comments and tracing

[Juan Quintela]

"Dr. David Alan Gilbert (git)"  wrote:
> From: "Dr. David Alan Gilbert" 
>
> Add some comments so I can understand the various nested loops.
> Add some tracing so I can see what they're doing.
>
> Signed-off-by: Dr. David Alan Gilbert 


Reviewed-by: Juan Quintela 

Re: [Qemu-devel] how to pass pcid to guest?

[Eric Blake]

On 01/08/2018 02:03 PM, Stefan Priebe - Profihost AG wrote:
> Hello,
> 
> for meltdown mitigation and performance it's important to have the pcid
> flag passed down to the guest (f.e.
> https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU).

Indeed; you are still waiting on the qemu patch mentioned here:
https://www.qemu.org/2018/01/04/spectre/

which is still undergoing the review process, but should be up (in the
form of 2.11.1) "in the next few days".

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v5 02/31] sdhci: add basic Spec v1 capabilities

[Alistair Francis]

On Mon, Jan 8, 2018 at 7:42 AM, Philippe Mathieu-Daudé  wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/sd/sdhci-internal.h | 22 ++-
>  include/hw/sd/sdhci.h  |  6 ++
>  hw/sd/sdhci.c  | 58 
> --
>  3 files changed, 69 insertions(+), 17 deletions(-)
>
> diff --git a/hw/sd/sdhci-internal.h b/hw/sd/sdhci-internal.h
> index cf4a055159..6944fcaf00 100644
> --- a/hw/sd/sdhci-internal.h
> +++ b/hw/sd/sdhci-internal.h
> @@ -86,6 +86,9 @@ FIELD(SDHC_PRNSTS, WRITE_PROTECT,  19, 1);
>
>  /* R/W Host control Register 0x0 */
>  #define SDHC_HOSTCTL   0x28
> +FIELD(SDHC_HOSTCTL, LED_CTRL,  0, 1);
> +FIELD(SDHC_HOSTCTL, DATATRANSFERWIDTH, 1, 1); /* SD mode only */
> +FIELD(SDHC_HOSTCTL, HIGH_SPEED,2, 1);
>  #define SDHC_CTRL_DMA_CHECK_MASK   0x18
>  #define SDHC_CTRL_SDMA 0x00
>  #define SDHC_CTRL_ADMA1_32 0x08
> @@ -96,6 +99,7 @@ FIELD(SDHC_PRNSTS, WRITE_PROTECT,  19, 1);
>  /* R/W Power Control Register 0x0 */
>  #define SDHC_PWRCON0x29
>  #define SDHC_POWER_ON  (1 << 0)
> +FIELD(SDHC_PWRCON, BUS_VOLTAGE,1, 3);
>
>  /* R/W Block Gap Control Register 0x0 */
>  #define SDHC_BLKGAP0x2A
> @@ -118,6 +122,7 @@ FIELD(SDHC_PRNSTS, WRITE_PROTECT,  19, 1);
>
>  /* R/W Timeout Control Register 0x0 */
>  #define SDHC_TIMEOUTCON0x2E
> +FIELD(SDHC_TIMEOUTCON, COUNTER,0, 4);
>
>  /* R/W Software Reset Register 0x0 */
>  #define SDHC_SWRST 0x2F
> @@ -174,17 +179,32 @@ FIELD(SDHC_PRNSTS, WRITE_PROTECT,  19, 1);
>
>  /* ROC Auto CMD12 error status register 0x0 */
>  #define SDHC_ACMD12ERRSTS  0x3C
> +FIELD(SDHC_ACMD12ERRSTS, TIMEOUT_ERR,  1, 1);
> +FIELD(SDHC_ACMD12ERRSTS, CRC_ERR,  2, 1);
> +FIELD(SDHC_ACMD12ERRSTS, INDEX_ERR,4, 1);
>
>  /* HWInit Capabilities Register 0x05E80080 */
>  #define SDHC_CAPAB 0x40
> -#define SDHC_CAN_DO_DMA0x0040
>  #define SDHC_CAN_DO_ADMA2  0x0008
>  #define SDHC_CAN_DO_ADMA1  0x0010
>  #define SDHC_64_BIT_BUS_SUPPORT(1 << 28)
>  #define SDHC_CAPAB_BLOCKSIZE(x)(((x) >> 16) & 0x3)
> +FIELD(SDHC_CAPAB, TOCLKFREQ,   0, 6);
> +FIELD(SDHC_CAPAB, TOUNIT,  7, 1);
> +FIELD(SDHC_CAPAB, BASECLKFREQ, 8, 8);
> +FIELD(SDHC_CAPAB, MAXBLOCKLENGTH, 16, 2);
> +FIELD(SDHC_CAPAB, HIGHSPEED,  21, 1);
> +FIELD(SDHC_CAPAB, SDMA,   22, 1);
> +FIELD(SDHC_CAPAB, SUSPRESUME, 23, 1);
> +FIELD(SDHC_CAPAB, V33,24, 1);
> +FIELD(SDHC_CAPAB, V30,25, 1);
> +FIELD(SDHC_CAPAB, V18,26, 1);
>
>  /* HWInit Maximum Current Capabilities Register 0x0 */
>  #define SDHC_MAXCURR   0x48
> +FIELD(SDHC_MAXCURR, V33_VDD1,  0, 8);
> +FIELD(SDHC_MAXCURR, V30_VDD1,  8, 8);
> +FIELD(SDHC_MAXCURR, V18_VDD1, 16, 8);
>
>  /* W Force Event Auto CMD12 Error Interrupt Register 0x */
>  #define SDHC_FEAER 0x50
> diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h
> index ddd5040410..266030dc8d 100644
> --- a/include/hw/sd/sdhci.h
> +++ b/include/hw/sd/sdhci.h
> @@ -102,6 +102,12 @@ typedef struct SDHCIState {
>  /* Configurable properties */
>  bool pending_insert_quirk; /* Quirk for Raspberry Pi card insert int */
>  uint8_t spec_version;
> +struct {
> +bool suspend;
> +bool high_speed;
> +bool sdma;
> +bool v33, v30, v18;
> +} cap;
>  } SDHCIState;
>
>  #define TYPE_PCI_SDHCI "sdhci-pci"
> diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
> index cd4a8efdd7..e7dbab2fdc 100644
> --- a/hw/sd/sdhci.c
> +++ b/hw/sd/sdhci.c
> @@ -44,12 +44,6 @@
>   * 0 - not supported, 1 - supported, other - prohibited.
>   */
>  #define SDHC_CAPAB_64BITBUS   0ul/* 64-bit System Bus Support */
> -#define SDHC_CAPAB_18V1ul/* Voltage support 1.8v */
> -#define SDHC_CAPAB_30V0ul/* Voltage support 3.0v */
> -#define SDHC_CAPAB_33V1ul/* Voltage support 3.3v */
> -#define SDHC_CAPAB_SUSPRESUME 0ul/* Suspend/resume support */
> -#define SDHC_CAPAB_SDMA   1ul/* SDMA support */
> -#define SDHC_CAPAB_HIGHSPEED  1ul/* High speed support */
>  #define SDHC_CAPAB_ADMA1  1ul/* ADMA1 support */
>  #define SDHC_CAPAB_ADMA2  1ul/* ADMA2 support */
>  /* Maximum host controller R/W buffers size
> @@ -63,9 +57,7 @@
>  #define SDHC_CAPAB_TOCLKFREQ  52ul
>
>  /* Now check all parameters and calculate CAPABILITIES REGISTER value */
> -#if SDHC_CAPAB_64BITBUS > 1 || SDHC_CAPAB_18V > 1 || SDHC_CAPAB_30V > 1 ||   
>   \
> -SDHC_CAPAB_33V > 1 || SDHC_CAPAB_SUSPRESUME > 1 || SDHC_CAPAB_SDMA > 1 
> ||  \
> -

Re: [Qemu-devel] [PATCH v5 17/31] sdhci: rename the hostctl1 register

[Alistair Francis]

On Mon, Jan 8, 2018 at 7:42 AM, Philippe Mathieu-Daudé  wrote:
> As per the Spec v3.00
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  include/hw/sd/sdhci.h |  2 +-
>  hw/sd/sdhci.c | 14 +++---
>  2 files changed, 8 insertions(+), 8 deletions(-)
>
> diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h
> index c0098fc920..ecd192ee47 100644
> --- a/include/hw/sd/sdhci.h
> +++ b/include/hw/sd/sdhci.h
> @@ -65,7 +65,7 @@ typedef struct SDHCIState {
>  /* Buffer Data Port Register - virtual access point to R and W buffers */
>  uint32_t prnsts;   /* Present State Register */
>  /* 0x28 */
> -uint8_t  hostctl;  /* Host Control Register */
> +uint8_t  hostctl1; /* Host Control Register */
>  uint8_t  pwrcon;   /* Power control Register */
>  uint8_t  blkgap;   /* Block Gap Control Register */
>  uint8_t  wakcon;   /* WakeUp Control Register */
> diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
> index 3f5e0760f6..d7e247cb48 100644
> --- a/hw/sd/sdhci.c
> +++ b/hw/sd/sdhci.c
> @@ -600,7 +600,7 @@ static void get_adma_description(SDHCIState *s, ADMADescr 
> *dscr)
>  uint32_t adma1 = 0;
>  uint64_t adma2 = 0;
>  hwaddr entry_addr = (hwaddr)s->admasysaddr;
> -switch (SDHC_DMA_TYPE(s->hostctl)) {
> +switch (SDHC_DMA_TYPE(s->hostctl1)) {
>  case SDHC_CTRL_ADMA2_32:
>  dma_memory_read(>dma_as, entry_addr, (uint8_t *),
>  sizeof(adma2));
> @@ -789,7 +789,7 @@ static void sdhci_data_transfer(void *opaque)
>  SDHCIState *s = (SDHCIState *)opaque;
>
>  if (s->trnmod & SDHC_TRNS_DMA) {
> -switch (SDHC_DMA_TYPE(s->hostctl)) {
> +switch (SDHC_DMA_TYPE(s->hostctl1)) {
>  case SDHC_CTRL_SDMA:
>  if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
>  sdhci_sdma_transfer_single_block(s);
> @@ -898,7 +898,7 @@ static uint64_t sdhci_read(void *opaque, hwaddr offset, 
> unsigned size)
>  ret = s->prnsts;
>  break;
>  case SDHC_HOSTCTL:
> -ret = s->hostctl | (s->pwrcon << 8) | (s->blkgap << 16) |
> +ret = s->hostctl1 | (s->pwrcon << 8) | (s->blkgap << 16) |
>(s->wakcon << 24);
>  break;
>  case SDHC_CLKCON:
> @@ -1016,7 +1016,7 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, 
> unsigned size)
>  MASKED_WRITE(s->sdmasysad, mask, value);
>  /* Writing to last byte of sdmasysad might trigger transfer */
>  if (!(mask & 0xFF00) && TRANSFERRING_DATA(s->prnsts) && 
> s->blkcnt &&
> -s->blksize && SDHC_DMA_TYPE(s->hostctl) == SDHC_CTRL_SDMA) {
> +s->blksize && SDHC_DMA_TYPE(s->hostctl1) == SDHC_CTRL_SDMA) {
>  if (s->trnmod & SDHC_TRNS_MULTI) {
>  sdhci_sdma_transfer_multi_blocks(s);
>  } else {
> @@ -1068,14 +1068,14 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t 
> val, unsigned size)
>  if (!(mask & 0xFF)) {
>  sdhci_blkgap_write(s, value >> 16);
>  }
> -MASKED_WRITE(s->hostctl, mask, value);
> +MASKED_WRITE(s->hostctl1, mask, value);
>  MASKED_WRITE(s->pwrcon, mask >> 8, value >> 8);
>  MASKED_WRITE(s->wakcon, mask >> 24, value >> 24);
>  if (!(s->prnsts & SDHC_CARD_PRESENT) || ((s->pwrcon >> 1) & 0x7) < 5 
> ||
>  !(s->capareg & (1 << (31 - ((s->pwrcon >> 1) & 0x7) {
>  s->pwrcon &= ~SDHC_POWER_ON;
>  }
> -qemu_set_irq(s->access_led, s->hostctl & 1);
> +qemu_set_irq(s->access_led, s->hostctl1 & 1);
>  break;
>  case SDHC_CLKCON:
>  if (!(mask & 0xFF00)) {
> @@ -1284,7 +1284,7 @@ const VMStateDescription sdhci_vmstate = {
>  VMSTATE_UINT16(cmdreg, SDHCIState),
>  VMSTATE_UINT32_ARRAY(rspreg, SDHCIState, 4),
>  VMSTATE_UINT32(prnsts, SDHCIState),
> -VMSTATE_UINT8(hostctl, SDHCIState),
> +VMSTATE_UINT8(hostctl1, SDHCIState),
>  VMSTATE_UINT8(pwrcon, SDHCIState),
>  VMSTATE_UINT8(blkgap, SDHCIState),
>  VMSTATE_UINT8(wakcon, SDHCIState),
> --
> 2.15.1
>
>

Re: [Qemu-devel] [PATCH v5 08/31] hw/sd: clean/reorder the Makefile adding few comments

[Alistair Francis]

On Mon, Jan 8, 2018 at 7:42 AM, Philippe Mathieu-Daudé  wrote:
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/sd/Makefile.objs | 9 +++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/hw/sd/Makefile.objs b/hw/sd/Makefile.objs
> index c2b7664264..0fe2501017 100644
> --- a/hw/sd/Makefile.objs
> +++ b/hw/sd/Makefile.objs
> @@ -1,9 +1,14 @@
> +# SD/MMC subsystem core
> +common-obj-$(CONFIG_SD) += core.o
> +
> +# SD/MMC host adapters
>  common-obj-$(CONFIG_PL181) += pl181.o
>  common-obj-$(CONFIG_SSI_SD) += ssi-sd.o
> -common-obj-$(CONFIG_SD) += sd.o core.o
>  common-obj-$(CONFIG_SDHCI) += sdhci.o
> -
>  obj-$(CONFIG_MILKYMIST) += milkymist-memcard.o
>  obj-$(CONFIG_OMAP) += omap_mmc.o
>  obj-$(CONFIG_PXA2XX) += pxa2xx_mmci.o
>  obj-$(CONFIG_RASPI) += bcm2835_sdhost.o
> +
> +# emulated SD/MMC devices
> +common-obj-$(CONFIG_SD) += sd.o
> --
> 2.15.1
>
>

Re: [Qemu-devel] [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge

[Vincent Bernat]

 ❦  8 janvier 2018 19:16 -0200, Eduardo Habkost  :

> One possible way to work around this problem is to declare that
> QEMU 2.12 with KVM will require Linux v3.6 and newer (because we
> need Linux kernel commit ad756a1603c5 "KVM: VMX: Implement
> PCID/INVPCID for guests with EPT").  I have proposed something
> similar to allow us to enable kvm_pv_eoi by default, some time
> ago:
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg486559.html
> ("qemu-doc: Document minimum kernel version for KVM in x86_64").

I don't see a way to probe KVM to know what's supported, so yes. Should
I add a paragraph similar to yours or would your patch be merged soon?
What are the consequences of running a too old kernel? Would KVM just
hide PCID flag?

> Second, we need compatibility entries setting pcid=off on
> PC_COMPAT_2_10 so we don't break compatibility on older
> machine-types.

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 6f77eb066587..da5bd8304eb0 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -327,6 +327,14 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 .driver   = TYPE_X86_CPU,\
 .property = "x-hv-max-vps",\
 .value= "0x40",\
+},{\
+.driver   = "SandyBridge-" TYPE_X86_CPU,\
+.property = "pcid",\
+.value= "off",\
+},{\
+.driver   = "IvyBridge-" TYPE_X86_CPU,\
+.property = "pcid",\
+.value= "off",\
 },{\
 .driver   = "i440FX-pcihost",\
 .property = "x-pci-hole64-fix",\

I'll resend a proper patch once the first point is cleared.
-- 
Make sure input cannot violate the limits of the program.
- The Elements of Programming Style (Kernighan & Plauger)

Re: [Qemu-devel] [PATCH v2 12/25] sdcard: use a 16-bit integer for the 16-bit RCA register

[Alistair Francis]

On Wed, Jan 3, 2018 at 1:24 PM, Philippe Mathieu-Daudé  wrote:
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/sd/sd.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/sd/sd.c b/hw/sd/sd.c
> index e0550cd174..e6a6e0b2ad 100644
> --- a/hw/sd/sd.c
> +++ b/hw/sd/sd.c
> @@ -854,7 +854,7 @@ static void sd_lock_command(SDState *sd)
>
>  static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req)
>  {
> -uint32_t rca = 0x;
> +uint16_t rca = 0x;
>  uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : 
> req.arg;
>
>  if (req.cmd != 55 || sd->expecting_acmd) {
> --
> 2.15.1
>
>

[Qemu-devel] [PATCH] fw_cfg: fix memory corruption when all fw_cfg slots are used

[Marcel Apfelbaum]

When all the fw_cfg slots are used, a write is made outside the
bounds of the fw_cfg files array as part of the sort algorithm.

Fix it by avoiding an unnecessary array element move.
Fix also an assert while at it.

Signed-off-by: Marcel Apfelbaum 
---
 hw/nvram/fw_cfg.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 753ac0e4ea..4313484b21 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -784,7 +784,7 @@ void fw_cfg_add_file_callback(FWCfgState *s,  const char 
*filename,
  * index and "i - 1" is the one being copied from, thus the
  * unusual start and end in the for statement.
  */
-for (i = count + 1; i > index; i--) {
+for (i = count; i > index; i--) {
 s->files->f[i] = s->files->f[i - 1];
 s->files->f[i].select = cpu_to_be16(FW_CFG_FILE_FIRST + i);
 s->entries[0][FW_CFG_FILE_FIRST + i] =
@@ -833,7 +833,6 @@ void *fw_cfg_modify_file(FWCfgState *s, const char 
*filename,
 assert(s->files);
 
 index = be32_to_cpu(s->files->count);
-assert(index < fw_cfg_file_slots(s));
 
 for (i = 0; i < index; i++) {
 if (strcmp(filename, s->files->f[i].name) == 0) {
@@ -843,6 +842,9 @@ void *fw_cfg_modify_file(FWCfgState *s, const char 
*filename,
 return ptr;
 }
 }
+
+assert(index < fw_cfg_file_slots(s));
+
 /* add new one */
 fw_cfg_add_file_callback(s, filename, NULL, NULL, NULL, data, len, true);
 return NULL;
-- 
2.13.5

Re: [Qemu-devel] [PATCH v2 04/25] sdcard: define SDCARD_CMD_MAX instead of using the magic '64'

[Alistair Francis]

On Wed, Jan 3, 2018 at 1:24 PM, Philippe Mathieu-Daudé  wrote:
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/sd/sd.c | 23 +--
>  1 file changed, 17 insertions(+), 6 deletions(-)
>
> diff --git a/hw/sd/sd.c b/hw/sd/sd.c
> index f0eaac4d42..489d13681d 100644
> --- a/hw/sd/sd.c
> +++ b/hw/sd/sd.c
> @@ -56,6 +56,8 @@ do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while 
> (0)
>  #define OCR_POWER_UP0x8000
>  #define OCR_POWER_DELAY_NS  50 /* 0.5ms */
>
> +#define SDCARD_CMD_MAX 64
> +
>  typedef enum {
>  sd_r0 = 0,/* no response */
>  sd_r1,/* normal response command */
> @@ -176,18 +178,21 @@ static void sd_set_mode(SDState *sd)
>  }
>  }
>
> -static const sd_cmd_type_t sd_cmd_type[64] = {
> +static const sd_cmd_type_t sd_cmd_type[SDCARD_CMD_MAX] = {
>  sd_bc,   sd_none, sd_bcr,  sd_bcr,  sd_none, sd_none, sd_none, sd_ac,
>  sd_bcr,  sd_ac,   sd_ac,   sd_adtc, sd_ac,   sd_ac,   sd_none, sd_ac,
> +/* 16 */
>  sd_ac,   sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
>  sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac,   sd_ac,   sd_adtc, sd_none,
> +/* 32 */
>  sd_ac,   sd_ac,   sd_none, sd_none, sd_none, sd_none, sd_ac,   sd_none,
>  sd_none, sd_none, sd_bc,   sd_none, sd_none, sd_none, sd_none, sd_none,
> +/* 48 */
>  sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
>  sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
>  };
>
> -static const int sd_cmd_class[64] = {
> +static const int sd_cmd_class[SDCARD_CMD_MAX] = {
>  0,  0,  0,  0,  0,  9, 10,  0,  0,  0,  0,  1,  0,  0,  0,  0,
>  2,  2,  2,  2,  3,  3,  3,  3,  4,  4,  4,  4,  6,  6,  6,  6,
>  5,  5, 10, 10, 10, 10,  5,  9,  9,  9,  7,  7,  7,  7,  7,  7,
> @@ -787,8 +792,8 @@ static sd_rsp_type_t sd_normal_command(SDState *sd,
>  /* Not interpreting this as an app command */
>  sd->card_status &= ~APP_CMD;
>
> -if (sd_cmd_type[req.cmd & 0x3F] == sd_ac
> -|| sd_cmd_type[req.cmd & 0x3F] == sd_adtc) {
> +if (sd_cmd_type[req.cmd] == sd_ac
> +|| sd_cmd_type[req.cmd] == sd_adtc) {
>  rca = req.arg >> 16;
>  }
>
> @@ -1495,8 +1500,8 @@ static int cmd_valid_while_locked(SDState *sd, 
> SDRequest *req)
>  if (req->cmd == 16 || req->cmd == 55) {
>  return 1;
>  }
> -return sd_cmd_class[req->cmd & 0x3F] == 0
> -|| sd_cmd_class[req->cmd & 0x3F] == 7;
> +return sd_cmd_class[req->cmd] == 0
> +|| sd_cmd_class[req->cmd] == 7;
>  }
>
>  int sd_do_command(SDState *sd, SDRequest *req,
> @@ -1515,6 +1520,12 @@ int sd_do_command(SDState *sd, SDRequest *req,
>  goto send_response;
>  }
>
> +if (req->cmd >= SDCARD_CMD_MAX) {
> +qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n",
> +  req->cmd);
> +req->cmd &= 0x3f;
> +}
> +
>  if (sd->card_status & CARD_IS_LOCKED) {
>  if (!cmd_valid_while_locked(sd, req)) {
>  sd->card_status |= ILLEGAL_COMMAND;
> --
> 2.15.1
>
>

Re: [Qemu-devel] [PATCH v2 09/25] sdcard: use G_BYTE from cutils

[Alistair Francis]

On Wed, Jan 3, 2018 at 1:24 PM, Philippe Mathieu-Daudé  wrote:
> code is now easier to read.
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/sd/sd.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/sd/sd.c b/hw/sd/sd.c
> index 1f209b8199..d4aa7b4a92 100644
> --- a/hw/sd/sd.c
> +++ b/hw/sd/sd.c
> @@ -38,6 +38,7 @@
>  #include "hw/sd/sdcard_legacy.h"
>  #include "qapi/error.h"
>  #include "qemu/bitmap.h"
> +#include "qemu/cutils.h"
>  #include "hw/qdev-properties.h"
>  #include "qemu/error-report.h"
>  #include "qemu/timer.h"
> @@ -369,7 +370,7 @@ static void sd_reset_csd(SDState *sd, uint64_t size)
>  uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
>  uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
>
> -if (size <= 0x4000) {  /* Standard Capacity SD */
> +if (size <= 1 * G_BYTE /* FIXME 2GB? */) { /* Standard Capacity SD */
>  sd->csd[0] = 0x00; /* CSD structure */
>  sd->csd[1] = 0x26; /* Data read access-time-1 */
>  sd->csd[2] = 0x00; /* Data read access-time-2 */
> --
> 2.15.1
>
>

Re: [Qemu-devel] [PATCH v2 01/25] sdcard: reorder SDState struct members

[Alistair Francis]

On Wed, Jan 3, 2018 at 1:24 PM, Philippe Mathieu-Daudé  wrote:
> place card registers first, this will ease further code movements.
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/sd/sd.c | 9 ++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/hw/sd/sd.c b/hw/sd/sd.c
> index 7755bedfa0..180c43e218 100644
> --- a/hw/sd/sd.c
> +++ b/hw/sd/sd.c
> @@ -89,16 +89,15 @@ enum SDCardStates {
>  struct SDState {
>  DeviceState parent_obj;
>
> -uint32_t mode;/* current card mode, one of SDCardModes */
> -int32_t state;/* current card state, one of SDCardStates */
> +/* SD Memory Card Registers */
>  uint32_t ocr;
> -QEMUTimer *ocr_power_timer;
>  uint8_t scr[8];
>  uint8_t cid[16];
>  uint8_t csd[16];
>  uint16_t rca;
>  uint32_t card_status;
>  uint8_t sd_status[64];
> +
>  uint32_t vhs;
>  bool wp_switch;
>  unsigned long *wp_groups;
> @@ -113,6 +112,9 @@ struct SDState {
>  uint8_t function_group[6];
>
>  bool spi;
> +
> +uint32_t mode;/* current card mode, one of SDCardModes */
> +int32_t state;/* current card state, one of SDCardStates */
>  uint8_t current_cmd;
>  /* True if we will handle the next command as an ACMD. Note that this 
> does
>   * *not* track the APP_CMD status bit!
> @@ -125,6 +127,7 @@ struct SDState {
>  qemu_irq readonly_cb;
>  qemu_irq inserted_cb;
>  BlockBackend *blk;
> +QEMUTimer *ocr_power_timer;
>
>  bool enable;
>  };
> --
> 2.15.1
>
>

Re: [Qemu-devel] [PATCH v5 01/31] sdhci: add a spec_version property

[Alistair Francis]

On Mon, Jan 8, 2018 at 7:42 AM, Philippe Mathieu-Daudé  wrote:
> default to Spec v2.00
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/sd/sdhci-internal.h |  4 ++--
>  include/hw/sd/sdhci.h  |  3 +++
>  hw/sd/sdhci.c  | 19 +--
>  3 files changed, 22 insertions(+), 4 deletions(-)
>
> diff --git a/hw/sd/sdhci-internal.h b/hw/sd/sdhci-internal.h
> index b7475a1b7b..cf4a055159 100644
> --- a/hw/sd/sdhci-internal.h
> +++ b/hw/sd/sdhci-internal.h
> @@ -212,9 +212,9 @@ FIELD(SDHC_PRNSTS, WRITE_PROTECT,  19, 1);
>  /* Slot interrupt status */
>  #define SDHC_SLOT_INT_STATUS0xFC
>
> -/* HWInit Host Controller Version Register 0x0401 */
> +/* HWInit Host Controller Version Register */
>  #define SDHC_HCVER  0xFE
> -#define SD_HOST_SPECv2_VERS 0x2401
> +#define SDHC_HCVER_VENDOR   0x24
>
>  #define SDHC_REGISTERS_MAP_SIZE 0x100
>  #define SDHC_INSERTION_DELAY(NANOSECONDS_PER_SECOND)
> diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h
> index 2aea20f1d8..ddd5040410 100644
> --- a/include/hw/sd/sdhci.h
> +++ b/include/hw/sd/sdhci.h
> @@ -91,6 +91,8 @@ typedef struct SDHCIState {
>  uint64_t capareg;  /* Capabilities Register */
>  /* 0x48 */
>  uint64_t maxcurr;  /* Maximum Current Capabilities Register */
> +/* 0xfe */
> +uint16_t version;  /* Host Controller Version Register */
>
>  uint8_t  *fifo_buffer; /* SD host i/o FIFO buffer */
>  uint32_t buf_maxsz;
> @@ -99,6 +101,7 @@ typedef struct SDHCIState {
>  bool pending_insert_state;
>  /* Configurable properties */
>  bool pending_insert_quirk; /* Quirk for Raspberry Pi card insert int */
> +uint8_t spec_version;
>  } SDHCIState;
>
>  #define TYPE_PCI_SDHCI "sdhci-pci"
> diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
> index b080950f80..cd4a8efdd7 100644
> --- a/hw/sd/sdhci.c
> +++ b/hw/sd/sdhci.c
> @@ -169,7 +169,8 @@ static void sdhci_reset(SDHCIState *s)
>
>  timer_del(s->insert_timer);
>  timer_del(s->transfer_timer);
> -/* Set all registers to 0. Capabilities registers are not cleared
> +
> +/* Set all registers to 0. Capabilities/Version registers are not cleared
>   * and assumed to always preserve their value, given to them during
>   * initialization */
>  memset(>sdmasysad, 0, (uintptr_t)>capareg - 
> (uintptr_t)>sdmasysad);
> @@ -923,7 +924,7 @@ static uint64_t sdhci_read(void *opaque, hwaddr offset, 
> unsigned size)
>  ret = (uint32_t)(s->admasysaddr >> 32);
>  break;
>  case SDHC_SLOT_INT_STATUS:
> -ret = (SD_HOST_SPECv2_VERS << 16) | sdhci_slotint(s);
> +ret = (s->version << 16) | sdhci_slotint(s);
>  break;
>  default:
>  qemu_log_mask(LOG_UNIMP, "SDHC rd_%ub @0x%02" HWADDR_PRIx " "
> @@ -1178,6 +1179,15 @@ static inline unsigned int 
> sdhci_get_fifolen(SDHCIState *s)
>  }
>  }
>
> +static void sdhci_init_readonly_registers(SDHCIState *s, Error **errp)
> +{
> +if (s->spec_version != 2) {
> +error_setg(errp, "Only Spec v2 is supported");
> +return;
> +}
> +s->version = (SDHC_HCVER_VENDOR << 8) | (s->spec_version - 1);
> +}
> +
>  static void sdhci_initfn(SDHCIState *s)
>  {
>  qbus_create_inplace(>sdbus, sizeof(s->sdbus),
> @@ -1190,6 +1200,10 @@ static void sdhci_initfn(SDHCIState *s)
>
>  static void sdhci_common_realize(SDHCIState *s, Error **errp)
>  {
> +sdhci_init_readonly_registers(s, errp);
> +if (errp && *errp) {
> +return;
> +}
>  s->buf_maxsz = sdhci_get_fifolen(s);
>  s->fifo_buffer = g_malloc0(s->buf_maxsz);
>
> @@ -1290,6 +1304,7 @@ const VMStateDescription sdhci_vmstate = {
>  /* Capabilities registers provide information on supported features of this
>   * specific host controller implementation */
>  static Property sdhci_properties[] = {
> +DEFINE_PROP_UINT8("sd-spec-version", SDHCIState, spec_version, 2),
>  DEFINE_PROP_UINT64("capareg", SDHCIState, capareg,
>  SDHC_CAPAB_REG_DEFAULT),
>  DEFINE_PROP_UINT64("maxcurr", SDHCIState, maxcurr, 0),
> --
> 2.15.1
>
>

Re: [Qemu-devel] [PATCH 5/6] hw/sd/ssi-sd: expose a SDBus and connect the SDCard to it

[Alistair Francis]

On Wed, Jan 3, 2018 at 8:23 AM, Philippe Mathieu-Daudé  wrote:
> using the sdbus_*() API.
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/sd/ssi-sd.c | 27 +++
>  1 file changed, 19 insertions(+), 8 deletions(-)
>
> diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c
> index 24001dc3e6..c8b27add84 100644
> --- a/hw/sd/ssi-sd.c
> +++ b/hw/sd/ssi-sd.c
> @@ -47,7 +47,7 @@ typedef struct {
>  int32_t arglen;
>  int32_t response_pos;
>  int32_t stopping;
> -SDState *sd;
> +SDBus sdbus;
>  } ssi_sd_state;
>
>  /* State word bits.  */
> @@ -97,7 +97,7 @@ static uint32_t ssi_sd_transfer(SSISlave *dev, uint32_t val)
>  request.arg = (s->cmdarg[0] << 24) | (s->cmdarg[1] << 16)
> | (s->cmdarg[2] << 8) | s->cmdarg[3];
>  DPRINTF("CMD%d arg 0x%08x\n", s->cmd, request.arg);
> -s->arglen = sd_do_command(s->sd, , longresp);
> +s->arglen = sdbus_do_command(>sdbus, , longresp);
>  if (s->arglen <= 0) {
>  s->arglen = 1;
>  s->response[0] = 4;
> @@ -174,7 +174,7 @@ static uint32_t ssi_sd_transfer(SSISlave *dev, uint32_t 
> val)
>  DPRINTF("Response 0x%02x\n", s->response[s->response_pos]);
>  return s->response[s->response_pos++];
>  }
> -if (sd_data_ready(s->sd)) {
> +if (sdbus_data_ready(>sdbus)) {
>  DPRINTF("Data read\n");
>  s->mode = SSI_SD_DATA_START;
>  } else {
> @@ -187,8 +187,8 @@ static uint32_t ssi_sd_transfer(SSISlave *dev, uint32_t 
> val)
>  s->mode = SSI_SD_DATA_READ;
>  return 0xfe;
>  case SSI_SD_DATA_READ:
> -val = sd_read_data(s->sd);
> -if (!sd_data_ready(s->sd)) {
> +val = sdbus_read_data(>sdbus);
> +if (!sdbus_data_ready(>sdbus)) {
>  DPRINTF("Data read end\n");
>  s->mode = SSI_SD_CMD;
>  }
> @@ -239,14 +239,25 @@ static const VMStateDescription vmstate_ssi_sd = {
>  static void ssi_sd_realize(SSISlave *d, Error **errp)
>  {
>  ssi_sd_state *s = FROM_SSI_SLAVE(ssi_sd_state, d);
> +DeviceState *carddev;
>  DriveInfo *dinfo;
> +Error *err = NULL;
>
>  s->mode = SSI_SD_CMD;
> +qbus_create_inplace(>sdbus, sizeof(s->sdbus), TYPE_SD_BUS,
> +DEVICE(d), "sd-bus");
> +
> +/* Create and plug in the sd card */
>  /* FIXME use a qdev drive property instead of drive_get_next() */
>  dinfo = drive_get_next(IF_SD);
> -s->sd = sd_init(dinfo ? blk_by_legacy_dinfo(dinfo) : NULL, true);
> -if (s->sd == NULL) {
> -error_setg(errp, "Device initialization failed.");
> +carddev = qdev_create(>sdbus.qbus, TYPE_SD_CARD);
> +if (dinfo) {
> +qdev_prop_set_drive(carddev, "drive", blk_by_legacy_dinfo(dinfo), 
> );
> +}
> +object_property_set_bool(OBJECT(carddev), true, "spi", );
> +object_property_set_bool(OBJECT(carddev), true, "realized", );
> +if (err) {
> +error_setg(errp, "failed to init SD card: %s", 
> error_get_pretty(err));
>  return;
>  }
>  }
> --
> 2.15.1
>
>

Re: [Qemu-devel] [PULL 0/2] Dump patches

[Peter Maydell]

On 2 January 2018 at 14:06, Marc-André Lureau
 wrote:
> The following changes since commit 281f327487c9c9b1599f93c589a408bbf4a651b8:
>
>   Merge remote-tracking branch 
> 'remotes/vivier/tags/m68k-for-2.12-pull-request' into staging (2017-12-22 
> 00:11:36 +)
>
> are available in the Git repository at:
>
>   https://github.com/elmarco/qemu.git tags/dump-pull-request
>
> for you to fetch changes up to c3b1642b9b6b3ba4314d6be3be509d396372cfd5:
>
>   dump-guest-memory.py: fix "You can't do that without a process to debug" 
> (2018-01-02 14:49:54 +0100)
>
> 
>
> 
>
> Marc-André Lureau (2):
>   dump: fix note_name_equal()
>   dump-guest-memory.py: fix "You can't do that without a process to
> debug"
>
>  scripts/dump-guest-memory.py | 3 +--
>  dump.c   | 7 +--
>  hw/misc/vmcoreinfo.c | 3 +++
>  3 files changed, 5 insertions(+), 8 deletions(-)

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH 4/6] hw/sd/pl181: expose a SDBus and connect the SDCard to it

[Alistair Francis]

On Wed, Jan 3, 2018 at 8:23 AM, Philippe Mathieu-Daudé  wrote:
> using the sdbus_*() API.
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/sd/pl181.c | 27 ---
>  1 file changed, 20 insertions(+), 7 deletions(-)
>
> diff --git a/hw/sd/pl181.c b/hw/sd/pl181.c
> index 55c8098ecd..ce696c5d7d 100644
> --- a/hw/sd/pl181.c
> +++ b/hw/sd/pl181.c
> @@ -33,6 +33,7 @@ typedef struct PL181State {
>  SysBusDevice parent_obj;
>
>  MemoryRegion iomem;
> +SDBus sdbus;
>  SDState *card;
>  uint32_t clock;
>  uint32_t power;
> @@ -179,7 +180,7 @@ static void pl181_send_command(PL181State *s)
>  request.cmd = s->cmd & PL181_CMD_INDEX;
>  request.arg = s->cmdarg;
>  DPRINTF("Command %d %08x\n", request.cmd, request.arg);
> -rlen = sd_do_command(s->card, , response);
> +rlen = sdbus_do_command(>sdbus, , response);
>  if (rlen < 0)
>  goto error;
>  if (s->cmd & PL181_CMD_RESPONSE) {
> @@ -223,12 +224,12 @@ static void pl181_fifo_run(PL181State *s)
>  int is_read;
>
>  is_read = (s->datactrl & PL181_DATA_DIRECTION) != 0;
> -if (s->datacnt != 0 && (!is_read || sd_data_ready(s->card))
> +if (s->datacnt != 0 && (!is_read || sdbus_data_ready(>sdbus))
>  && !s->linux_hack) {
>  if (is_read) {
>  n = 0;
>  while (s->datacnt && s->fifo_len < PL181_FIFO_LEN) {
> -value |= (uint32_t)sd_read_data(s->card) << (n * 8);
> +value |= (uint32_t)sdbus_read_data(>sdbus) << (n * 8);
>  s->datacnt--;
>  n++;
>  if (n == 4) {
> @@ -249,7 +250,7 @@ static void pl181_fifo_run(PL181State *s)
>  }
>  n--;
>  s->datacnt--;
> -sd_write_data(s->card, value & 0xff);
> +sdbus_write_data(>sdbus, value & 0xff);
>  value >>= 8;
>  }
>  }
> @@ -498,14 +499,26 @@ static void pl181_init(Object *obj)
>  static void pl181_realize(DeviceState *dev, Error **errp)
>  {
>  PL181State *s = PL181(dev);
> +DeviceState *carddev;
>  DriveInfo *dinfo;
> +Error *err = NULL;
>
> +qbus_create_inplace(>sdbus, sizeof(s->sdbus), TYPE_SD_BUS,
> +dev, "sd-bus");
> +
> +/* Create and plug in the sd card */
>  /* FIXME use a qdev drive property instead of drive_get_next() */
>  dinfo = drive_get_next(IF_SD);
> -s->card = sd_init(dinfo ? blk_by_legacy_dinfo(dinfo) : NULL, false);
> -if (s->card == NULL) {
> -error_setg(errp, "sd_init failed");
> +carddev = qdev_create(>sdbus.qbus, TYPE_SD_CARD);
> +if (dinfo) {
> +qdev_prop_set_drive(carddev, "drive", blk_by_legacy_dinfo(dinfo), 
> );
> +}
> +object_property_set_bool(OBJECT(carddev), true, "realized", );
> +if (err) {
> +error_setg(errp, "failed to init SD card: %s", 
> error_get_pretty(err));
> +return;
>  }
> +s->card = SD_CARD(carddev);
>  }
>
>  static void pl181_class_init(ObjectClass *klass, void *data)
> --
> 2.15.1
>
>

Re: [Qemu-devel] [PATCH 3/6] hw/sd/milkymist-memcard: expose a SDBus and connect the SDCard to it

[Alistair Francis]

On Wed, Jan 3, 2018 at 8:23 AM, Philippe Mathieu-Daudé  wrote:
> using the sdbus_*() API.
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/sd/milkymist-memcard.c | 34 +-
>  1 file changed, 21 insertions(+), 13 deletions(-)
>
> diff --git a/hw/sd/milkymist-memcard.c b/hw/sd/milkymist-memcard.c
> index 5df3a0f815..9f4c7dad63 100644
> --- a/hw/sd/milkymist-memcard.c
> +++ b/hw/sd/milkymist-memcard.c
> @@ -68,7 +68,7 @@ struct MilkymistMemcardState {
>  SysBusDevice parent_obj;
>
>  MemoryRegion regs_region;
> -SDState *card;
> +SDBus sdbus;
>
>  int command_write_ptr;
>  int response_read_ptr;
> @@ -104,7 +104,7 @@ static void memcard_sd_command(MilkymistMemcardState *s)
>  req.crc = s->command[5];
>
>  s->response[0] = req.cmd;
> -s->response_len = sd_do_command(s->card, , s->response+1);
> +s->response_len = sdbus_do_command(>sdbus, , s->response + 1);
>  s->response_read_ptr = 0;
>
>  if (s->response_len == 16) {
> @@ -149,10 +149,10 @@ static uint64_t memcard_read(void *opaque, hwaddr addr,
>  r = 0x;
>  } else {
>  r = 0;
> -r |= sd_read_data(s->card) << 24;
> -r |= sd_read_data(s->card) << 16;
> -r |= sd_read_data(s->card) << 8;
> -r |= sd_read_data(s->card);
> +r |= sdbus_read_data(>sdbus) << 24;
> +r |= sdbus_read_data(>sdbus) << 16;
> +r |= sdbus_read_data(>sdbus) << 8;
> +r |= sdbus_read_data(>sdbus);
>  }
>  break;
>  case R_CLK2XDIV:
> @@ -206,10 +206,10 @@ static void memcard_write(void *opaque, hwaddr addr, 
> uint64_t value,
>  if (!s->enabled) {
>  break;
>  }
> -sd_write_data(s->card, (value >> 24) & 0xff);
> -sd_write_data(s->card, (value >> 16) & 0xff);
> -sd_write_data(s->card, (value >> 8) & 0xff);
> -sd_write_data(s->card, value & 0xff);
> +sdbus_write_data(>sdbus, (value >> 24) & 0xff);
> +sdbus_write_data(>sdbus, (value >> 16) & 0xff);
> +sdbus_write_data(>sdbus, (value >> 8) & 0xff);
> +sdbus_write_data(>sdbus, value & 0xff);
>  break;
>  case R_ENABLE:
>  s->regs[addr] = value;
> @@ -266,15 +266,23 @@ static int milkymist_memcard_init(SysBusDevice *dev)
>  static void milkymist_memcard_realize(DeviceState *dev, Error **errp)
>  {
>  MilkymistMemcardState *s = MILKYMIST_MEMCARD(dev);
> +DeviceState *carddev;
>  BlockBackend *blk;
>  DriveInfo *dinfo;
> +Error *err = NULL;
>
> +qbus_create_inplace(>sdbus, sizeof(s->sdbus), TYPE_SD_BUS,
> +dev, "sd-bus");
> +
> +/* Create and plug in the sd card */
>  /* FIXME use a qdev drive property instead of drive_get_next() */
>  dinfo = drive_get_next(IF_SD);
>  blk = dinfo ? blk_by_legacy_dinfo(dinfo) : NULL;
> -s->card = sd_init(blk, false);
> -if (s->card == NULL) {
> -error_setg(errp, "failed to init SD card");
> +carddev = qdev_create(>sdbus.qbus, TYPE_SD_CARD);
> +qdev_prop_set_drive(carddev, "drive", blk, );
> +object_property_set_bool(OBJECT(carddev), true, "realized", );
> +if (err) {
> +error_setg(errp, "failed to init SD card: %s", 
> error_get_pretty(err));
>  return;
>  }
>  s->enabled = blk && blk_is_inserted(blk);
> --
> 2.15.1
>
>

Re: [Qemu-devel] [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge

[Eduardo Habkost]

On Mon, Jan 08, 2018 at 09:50:52PM +0100, Vincent Bernat wrote:
> PCID has been introduced in Sandy Bridge and, currently, KVM doesn't
> object exposing it to VM as long as it is present on the host. Update
> CPU model for both Sandy Bridge and Ivy Bridge accordingly.
> 
> Signed-off-by: Vincent Bernat 

Thanks for your patch.

We need two things, though:

First, confirming that all hosts where the SandyBridge and
IvyBridge CPU models are runnable will support exposing PCID to
guests (otherwise updating QEMU can make a runnable VM
configuration suddenly stop being runnable).  This can happen if
the host kernel is too old.

One possible way to work around this problem is to declare that
QEMU 2.12 with KVM will require Linux v3.6 and newer (because we
need Linux kernel commit ad756a1603c5 "KVM: VMX: Implement
PCID/INVPCID for guests with EPT").  I have proposed something
similar to allow us to enable kvm_pv_eoi by default, some time
ago:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg486559.html
("qemu-doc: Document minimum kernel version for KVM in x86_64").

Second, we need compatibility entries setting pcid=off on
PC_COMPAT_2_10 so we don't break compatibility on older
machine-types.


> ---
>  target/i386/cpu.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 3818d7283158..bb2b4bd1b4fe 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -1109,7 +1109,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
>  CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT |
>  CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
>  CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
> -CPUID_EXT_SSE3,
> +CPUID_EXT_SSE3 | CPUID_EXT_PCID,
>  .features[FEAT_8000_0001_EDX] =
>  CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
>  CPUID_EXT2_SYSCALL,
> @@ -1140,7 +1140,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
>  CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT |
>  CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
>  CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
> -CPUID_EXT_SSE3 | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
> +CPUID_EXT_SSE3 | CPUID_EXT_F16C | CPUID_EXT_RDRAND |
> +CPUID_EXT_PCID,
>  .features[FEAT_7_0_EBX] =
>  CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_SMEP |
>  CPUID_7_0_EBX_ERMS,
> -- 
> 2.15.1
> 

-- 
Eduardo

Re: [Qemu-devel] [PULL v2 0/8] tcg queued patches

[Peter Maydell]

On 29 December 2017 at 20:56, Richard Henderson
 wrote:
> Ho hum.  While rebasing I accidentally used a constrained build
> tree that didn't build sh4-linux-user, and an extra reference to
> the removed TCGV_IS_UNUSED had crept in in the meantime.
>
> I have pushed a revised tag with the same name.
>
>
> r~
>
>
> The following changes since commit 281f327487c9c9b1599f93c589a408bbf4a651b8:
>
>   Merge remote-tracking branch 
> 'remotes/vivier/tags/m68k-for-2.12-pull-request' into staging (2017-12-22 
> 00:11:36 +)
>
> are available in the Git repository at:
>
>   git://github.com/rth7680/qemu.git tags/pull-tcg-20171229
>
> for you to fetch changes up to 4fad446bc955fcaa08a21388cf82268824bea10e:
>
>   tcg: add cs_base and flags to -d exec output (2017-12-29 12:43:40 -0800)
>

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH] configure: Fix incorrect string comparison operator

[Peter Maydell]

On 8 January 2018 at 17:16, Philippe Mathieu-Daudé  wrote:
> On 01/08/2018 02:10 PM, Peter Maydell wrote:
>> In commit c97d6d2cdf97ed we accidentally added code to configure
>> that uses '==' for string equality testing. This is a bashism --
>> the portable way to write this is '='.
>>
>> This fixes the "Unexpected operator error" complaint produced
>> if the system /bin/sh is dash.
>
> Thanks :)
>
>>
>> Fixes: c97d6d2cdf97ed
>> Reported-by: Philippe Mathieu-Daudé 
>> Signed-off-by: Peter Maydell 
>
> Reviewed-by: Philippe Mathieu-Daudé 
> Tested-by: Philippe Mathieu-Daudé 

Applied to master, thanks.

-- PMM

Re: [Qemu-devel] [PATCH] MAINTAINERS: update Dmitry Fleytman email

[Philippe Mathieu-Daudé]

On 01/08/2018 04:21 PM, Dmitry Fleytman wrote:
> Thanks Philippe,
> 
> My patch is hanging on the list for some time already: 
> http://lists.nongnu.org/archive/html/qemu-trivial/2017-12/msg00189.html

Oops Ok I didn't notice it.

[Qemu-devel] [PATCH] target-i386: add pcid to both Sandy Bridge and Ivy Bridge

[Vincent Bernat]

PCID has been introduced in Sandy Bridge and, currently, KVM doesn't
object exposing it to VM as long as it is present on the host. Update
CPU model for both Sandy Bridge and Ivy Bridge accordingly.

Signed-off-by: Vincent Bernat 
---
 target/i386/cpu.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 3818d7283158..bb2b4bd1b4fe 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1109,7 +1109,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT |
 CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
 CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
-CPUID_EXT_SSE3,
+CPUID_EXT_SSE3 | CPUID_EXT_PCID,
 .features[FEAT_8000_0001_EDX] =
 CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
 CPUID_EXT2_SYSCALL,
@@ -1140,7 +1140,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT |
 CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
 CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
-CPUID_EXT_SSE3 | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
+CPUID_EXT_SSE3 | CPUID_EXT_F16C | CPUID_EXT_RDRAND |
+CPUID_EXT_PCID,
 .features[FEAT_7_0_EBX] =
 CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_SMEP |
 CPUID_7_0_EBX_ERMS,
-- 
2.15.1

Re: [Qemu-devel] [SPARC] question on LEON IRQMP interrupt controller.

[Jean-Christophe DUBOIS]

Le 08/01/2018 à 20:56, Mark Cave-Ayland a écrit :
Thanks for the patch! I'm afraid I don't really have any experience 
with LEON as my focus is sun4m/sun4u, however I'm happy to take 
patches Acked/Reviewed by Fabien as the current LEON maintainer


I am waiting for Fabien feedback after my experiment with tsim.


if they don't cause any regressions in my own tests.


Of course.

JC




ATB,

Mark. 

Re: [Qemu-devel] [PATCH v2] linux-user/mmap.c: Avoid choosing NULL as start address

[Richard Henderson]

On 01/06/2018 05:01 PM, Maximilian Riemensberger wrote:
> mmap() is required by the linux kernel ABI and POSIX to return a
> non-NULL address when the implementation chooses a start address for the
> mapping.
> 
> The current implementation of mmap_find_vma_reserved() can return NULL
> as start address of a mapping which leads to subsequent crashes inside
> the guests glibc, e.g. output of qemu-arm-static --strace executing a
> test binary stx_test:
> 
> 1879 
> mmap2(NULL,8388608,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|0x2,-1,0)
>  = 0x
> 1879 write(2,0xf6fd39d0,79) stx_test: allocatestack.c:514: 
> allocate_stack: Assertion `mem != NULL' failed.
> 
> This patch fixes mmap_find_vma_reserved() by skipping NULL as start
> address while searching for a suitable mapping start address.
> 
> CC: Riku Voipio 
> CC: Laurent Vivier 
> CC: Peter Maydell 
> Signed-off-by: Maximilian Riemensberger 
> ---
> Changes since v1:
> - Applied feedback from Laurent Vivier

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v1 04/19] include/fpu/softfloat: implement float16_set_sign helper

[Richard Henderson]

On 01/08/2018 04:58 AM, Alex Bennée wrote:
> 
> Alex Bennée  writes:
> 
>> Richard Henderson  writes:
>>
>>> On 12/11/2017 04:56 AM, Alex Bennée wrote:
 +static inline float16 float16_set_sign(float16 a, int sign)
 +{
 +return make_float16((float16_val(a) & 0x7fff) | (sign << 15));
 +}
 +
>>>
>>> 1) Do we use this anywhere?
>>
>> Yes in the target specific helpers
>>
>>>
>>> 2) While this is probably in line with the other implementations,
>>> but going to a more qemu-ish style this should use deposit32.
>>
>> OK, will do.
>>
> 
> It turns out doing this unleashes a weird circular dependency at we need
> qemu/bitops.h but that brings in host-utils.h and bswap.h which tries
> to include softfloat.h again.

Bah.

Just ignore this request for now then.

For future cleanup, I'm sure that bswap.h includes softfloat.h for the
float32/float64 typedefs.  We should move those out somewhere else -- probably
qemu/typedefs.h.  Which probably drops the number of objects that depend on
softfloat.h by a factor of 100.


r~

Re: [Qemu-devel] [PATCH 01/12] slirp: remove QEMU_PACKED from structures with don't require it

[Thomas Huth]

On 08.01.2018 18:28, Philippe Mathieu-Daudé wrote:
> theses structures are not serialized and often store host pointers.

Patch looks fine at a quick glance... did you check that migration still
works (while there is network traffic going on in the guest)?

 Thomas

Re: [Qemu-devel] [PATCH 04/12] slirp: add in6_multicast() and use it instead of IN6_IS_ADDR_MULTICAST()

[Thomas Huth]

On 08.01.2018 18:28, Philippe Mathieu-Daudé wrote:
> Host: Mac OS 10.12.5
> Compiler: Apple LLVM version 8.1.0 (clang-802.0.42)
> 
>   slirp/ip6_icmp.c:79:32: warning: taking address of packed member 'ip_src' 
> of class or
> structure 'ip6' may result in an unaligned pointer value
> [-Waddress-of-packed-member]
>   if (IN6_IS_ADDR_MULTICAST(>ip_src) ||
>  ^~
>   /usr/include/netinet6/in6.h:299:36: note: expanded from macro 
> 'IN6_IS_ADDR_MULTICAST'
>   #define IN6_IS_ADDR_MULTICAST(a)((a)->s6_addr[0] == 0xff)
> ^
> 
> Reported-by: John Arbuckle 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  slirp/ip6.h   |  5 +
>  slirp/ip6_icmp.c  | 10 +-
>  slirp/ndp_table.c |  4 ++--
>  3 files changed, 12 insertions(+), 7 deletions(-)
> 
> diff --git a/slirp/ip6.h b/slirp/ip6.h
> index b1bea43b3c..6c5d4eeaa3 100644
> --- a/slirp/ip6.h
> +++ b/slirp/ip6.h
> @@ -93,6 +93,11 @@ static inline bool in6_equal_mach(const struct in6_addr *a,
>  #define in6_zero(a)\
>  (in6_equal(a, &(struct in6_addr)ZERO_ADDR))

I think you should put a comment here to say why we need our own
function and can not use the IN6_IS_ADDR_MULTICAST macro instead -
otherwise people might be confused when looking at this code in a year
or two. (and now I've also understood why you're poisining the macros in
the next patch ... a comment in the code there would certainly not hurt
either).

> +static inline bool in6_multicast(const struct in6_addr *a)
> +{
> +return a->s6_addr[0] == 0xff;
> +}
> +
>  /* Compute emulated host MAC address from its ipv6 address */
>  static inline void in6_compute_ethaddr(struct in6_addr ip,
> uint8_t eth[ETH_ALEN])

 Thomas

[Qemu-devel] how to pass pcid to guest?

[Stefan Priebe - Profihost AG]

Hello,

for meltdown mitigation and performance it's important to have the pcid
flag passed down to the guest (f.e.
https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU).

My host shows the flag:
# grep ' pcid ' /proc/cpuinfo  | wc -l
56

But the guest does not:
# grep pcid /proc/cpuinfo
#

Guest was started with:
-cpu IvyBridge,+kvm_pv_unhalt,+kvm_pv_eoi,enforce,vendor=GenuineIntel

Qemu is 2.9.1

Thanks!

Greets,
Stefan

[Qemu-devel] What's needed to pass pciid cpu flag to guest?

[Stefan Priebe - Profihost AG]

Hello,

for meltdown mitigation and performance it's important to have the pcid
flag passed down to the guest (f.e.
https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU).

My host shows the flag:
# grep ' pcid ' /proc/cpuinfo  | wc -l
56

But the guest does not:
# grep pcid /proc/cpuinfo
#

Guest was started with:
-cpu IvyBridge,+kvm_pv_unhalt,+kvm_pv_eoi,enforce,vendor=GenuineIntel

Qemu is 2.9.1

Thanks!

Greets,
Stefan

Re: [Qemu-devel] [PATCH v1 1/1] block: Add numeric errno field to BLOCK_IO_ERROR events

[Jack Schwartz]

Hi Kevin.

On 2017-12-22 05:52, Kevin Wolf wrote:

Am 22.12.2017 um 01:11 hat Jack Schwartz geschrieben:

BLOCK_IO_ERROR events currently contain a "reason" string which is
strerror(errno) of the error.  This enhancement provides those events with
the numeric errno value as well, since it is easier to parse for error type
than a string.

Signed-off-by: Jack Schwartz
Reviewed-by: Konrad Rzeszutek Wilk
Reviewed-by: Karl Heubaum

Apart from the technical details that Eric mentioed, I wonder what is
your use case for this?
We have thousands of servers in our cloud, and would like to closely 
monitor for different kinds of disk errors without parsing the 
non-machine-readable error string.

Exposing errors in a machine readable form was discussed earlier,

OK, found it.  April of 2010.

Upshot of discussion: exposing naked errnos are platform dependent.

  and
the result was that nobody had an actual use for error codes other than
presenting the right error message to the user - which the error string
already achieves.
Given the platform independence requirement, exposing errors to clients 
is not that simple given that different OSs use different errno values.  
Other options/considerations than exposing naked errno values:


- Having a platform-independent enumeration of errors, as Eric 
suggested.  This would have to explicitly set an enumerated value for 
each individual errno we are interested in.  It would be returned in a 
field that ~parallels the "reason" string.  This should be OK since for 
BLOCK_IO_ERROR events we could limit values to just storage device 
errors plus a default "other"; otherwise this could be hard to maintain.


- The strerror strings cannot be used because they can change with 
locale. (This also assumes the strings are identical for given errnos 
cross-platform, and that there are no typos - which are not 
automatically checked-for.)


    Thanks,
    Jack

P.S.  Please excuse the delayed reply due to vacation / company shutdown.

The only exception so far was ENOSPC, which some management tools like
oVirt respond to by increasing the volume size, so this was mapped into
a bool.

Kevin

Re: [Qemu-devel] [SPARC] question on LEON IRQMP interrupt controller.

[Mark Cave-Ayland]

On 02/01/18 11:13, Jean-Christophe DUBOIS wrote:


Hi Mark, Artyom,

I am wondering if the IRQMP code in hw/intc/grlib_irqmp.c is correct 
when it comes to acknowledging interrupts.


With the actual code an interrupt can be lowered/acked only by an "ack" 
from the processor which means that the trap handler related to this 
external interrupt needs to be run for the ack to happen.


In particular this means that the interrupt cannot be acked only by 
software. Even if the software clears the "pending" interrupts (by 
writing to the CLEAR_OFFSET register before the interrupt handler is 
run) this does not clear the interrupt to the processor (which is kept 
asserted until the handler is run and the interrupt acked by the 
processor). Do you know if this is indeed the intended behavior (I 
understand that for most operating system the interrupt handler will be 
run at last and this does not make a difference)?


I would expect that clearing interrupt through software (by writing to 
the CLEAR_OFFSET register) would have the same effect as the processor 
acknowledgment (and could avoid to run the interrupt handler if things 
have already been taken care of by software).


Unfortunately the documentation I got (on the web) on the IRQMP is not 
very clear on the topic.


Anyway you can find below the patch I'd like to provide for IRQMP.

Thanks


Thanks for the patch! I'm afraid I don't really have any experience with 
LEON as my focus is sun4m/sun4u, however I'm happy to take patches 
Acked/Reviewed by Fabien as the current LEON maintainer if they don't 
cause any regressions in my own tests.



ATB,

Mark.

Re: [Qemu-devel] [PATCH 00/12] add HOST_SUPPORTS_UNALIGNED_ACCESS, reduce slirp warnings

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180108172904.8772-1-f4...@amsat.org
Subject: [Qemu-devel] [PATCH 00/12] add HOST_SUPPORTS_UNALIGNED_ACCESS, reduce 
slirp warnings

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
5d996c6ff9 slirp: use HOST_SUPPORTS_UNALIGNED_ACCESS
14a3d450b8 configure: add HOST_SUPPORTS_UNALIGNED_ACCESS
73c11da125 configure: disable unaligned access warning on x86 arch
4e5e318d16 slirp: add in6_dhcp_multicast()
4cd7293d19 slirp: removed unused code
2e3244129b slirp: remove unnecessary
1803914958 slirp: remove unused header
381b027933 slirp: poison IN6_*_ADDR_*() macros to avoid them
5f7bee9c84 slirp: add in6_multicast() and use it instead of 
IN6_IS_ADDR_MULTICAST()
733c0d2f92 slirp: avoid IN6_IS_ADDR_UNSPECIFIED(), rather use in6_zero()
accd0acef0 slirp: struct icmp/ethhdr ARE packed
2360510b2b slirp: remove QEMU_PACKED from structures with don't require it

=== OUTPUT BEGIN ===
Checking PATCH 1/12: slirp: remove QEMU_PACKED from structures with don't 
require it...
Checking PATCH 2/12: slirp: struct icmp/ethhdr ARE packed...
Checking PATCH 3/12: slirp: avoid IN6_IS_ADDR_UNSPECIFIED(), rather use 
in6_zero()...
Checking PATCH 4/12: slirp: add in6_multicast() and use it instead of 
IN6_IS_ADDR_MULTICAST()...
Checking PATCH 5/12: slirp: poison IN6_*_ADDR_*() macros to avoid them...
WARNING: architecture specific defines should be avoided
#20: FILE: slirp/ip6.h:11:
+#ifdef __GNUC__

total: 0 errors, 1 warnings, 25 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 6/12: slirp: remove unused header...
Checking PATCH 7/12: slirp: remove unnecessary...
Checking PATCH 8/12: slirp: removed unused code...
Checking PATCH 9/12: slirp: add in6_dhcp_multicast()...
Checking PATCH 10/12: configure: disable unaligned access warning on x86 arch...
Checking PATCH 11/12: configure: add HOST_SUPPORTS_UNALIGNED_ACCESS...
Checking PATCH 12/12: slirp: use HOST_SUPPORTS_UNALIGNED_ACCESS...
ERROR: return is not a function, parentheses are not required
#59: FILE: slirp/ip6.h:98:
+return (aa[prefix_len / 8] >> (8 - (prefix_len % 8)))

ERROR: return is not a function, parentheses are not required
#90: FILE: slirp/ip6.h:139:
+return (aa[prefix_len / 8] & ((1U << (8 - (prefix_len % 8))) - 1))

total: 2 errors, 0 warnings, 92 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

[Qemu-devel] [PULL] qemu-sparc updates

[Mark Cave-Ayland]

Hi Peter,

Here is the first set of SPARC updates for 2.12. Please pull.


ATB,

Mark. 


The following changes since commit 4124ea4f5bd367ca6412fb2dfe7ac4d80e1504d9:

  Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20171229' into 
staging (2018-01-08 16:17:04 +)

are available in the git repository at:

  https://github.com/mcayland/qemu.git tags/qemu-sparc-signed

for you to fetch changes up to 6a52624720e5abc6a1f067a7e7b8239b428e0c95:

  sun4u_iommu: add trace event for IOMMU translations (2018-01-08 19:07:55 
+)


qemu-sparc update


Jean-Christophe Dubois (1):
  target/sparc: remove MemoryRegionSection check code from 
sparc_cpu_get_phys_page_debug()

Mark Cave-Ayland (24):
  apb: move QOM macros and typedefs from apb.c to apb.h
  sun4u: ebus QOMify tidy-up
  sun4u: move ISABus inside of EBusState
  sun4u: remove pci_ebus_init() function
  sun4u: move initialisation of all ISABus devices into ebus_realize()
  apb: APB QOMify tidy-up
  apb: return APBState from pci_apb_init() rather than PCIBus
  apb: use gpios to wire up the apb device to the SPARC CPU IRQs
  apb: move the two secondary PCI bridges objects into APBState
  apb: remove pci_apb_init() and instantiate APB device using qdev
  apb: split pci_pbm_map_irq() into separate functions for bus A and bus B
  apb: remove busA property from PBMPCIBridge state
  ebus: wire up OBIO interrupts to APB pbm via qdev GPIOs
  apb: replace OBIO interrupt numbers in pci_pbmA_map_irq() with constants
  sparc64: introduce trace-events for hw/sparc64
  sun4u: switch from EBUS_DPRINTF() macro to trace-events
  sun4m: move sun4m_iommu.c from hw/dma to hw/sparc
  sun4m: move IOMMU declarations from sun4m.h to sun4m_iommu.h
  sun4m: remove include/hw/sparc/sun4m.h and all references to it
  apb: QOMify IOMMU
  sun4u: split IOMMU device out from apb.c to sun4u_iommu.c
  sun4u_iommu: update to reflect IOMMU is no longer part of the APB device
  sun4u_iommu: convert from IOMMU_DPRINTF to trace-events
  sun4u_iommu: add trace event for IOMMU translations

 Makefile.objs   |   1 +
 hw/dma/Makefile.objs|   1 -
 hw/dma/sparc32_dma.c|   2 +-
 hw/dma/trace-events |  10 -
 hw/intc/slavio_intctl.c |   1 -
 hw/net/lance.c  |   2 +-
 hw/pci-host/apb.c   | 545 
 hw/sparc/Makefile.objs  |   2 +-
 hw/sparc/sun4m.c|   2 +-
 hw/{dma => sparc}/sun4m_iommu.c |  13 +-
 hw/sparc/trace-events   |  10 +
 hw/sparc64/Makefile.objs|   1 +
 hw/sparc64/sparc64.c|   2 +
 hw/sparc64/sun4u.c  | 193 --
 hw/sparc64/sun4u_iommu.c| 342 +
 hw/sparc64/trace-events |   9 +
 hw/timer/slavio_timer.c |   1 -
 include/hw/pci-host/apb.h   |  54 +++-
 include/hw/sparc/sparc64.h  |   2 +
 include/hw/sparc/sun4m.h|  35 ---
 include/hw/sparc/sun4m_iommu.h  |  51 
 include/hw/sparc/sun4u_iommu.h  |  50 
 target/sparc/mmu_helper.c   |   6 -
 23 files changed, 744 insertions(+), 591 deletions(-)
 rename hw/{dma => sparc}/sun4m_iommu.c (98%)
 create mode 100644 hw/sparc64/sun4u_iommu.c
 create mode 100644 hw/sparc64/trace-events
 delete mode 100644 include/hw/sparc/sun4m.h
 create mode 100644 include/hw/sparc/sun4m_iommu.h
 create mode 100644 include/hw/sparc/sun4u_iommu.h

Re: [Qemu-devel] [PATCH] MAINTAINERS: update Dmitry Fleytman email

[Dmitry Fleytman]

Thanks Philippe,

My patch is hanging on the list for some time already: 
http://lists.nongnu.org/archive/html/qemu-trivial/2017-12/msg00189.html

~Dmitry.

> On 8 Jan 2018, at 20:34, Philippe Mathieu-Daudé  wrote:
> 
> gently asked by his automatic reply :)
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
> MAINTAINERS | 8 
> 1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 73a735..8050499ec5 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1157,7 +1157,7 @@ F: hw/scsi/mfi.h
> F: tests/megasas-test.c
> 
> Network packet abstractions
> -M: Dmitry Fleytman 
> +M: Dmitry Fleytman 
> S: Maintained
> F: include/net/eth.h
> F: net/eth.c
> @@ -1165,7 +1165,7 @@ F: hw/net/net_rx_pkt*
> F: hw/net/net_tx_pkt*
> 
> Vmware
> -M: Dmitry Fleytman 
> +M: Dmitry Fleytman 
> S: Maintained
> F: hw/net/vmxnet*
> F: hw/scsi/vmw_pvscsi*
> @@ -1186,12 +1186,12 @@ F: hw/mem/nvdimm.c
> F: include/hw/mem/nvdimm.h
> 
> e1000x
> -M: Dmitry Fleytman 
> +M: Dmitry Fleytman 
> S: Maintained
> F: hw/net/e1000x*
> 
> e1000e
> -M: Dmitry Fleytman 
> +M: Dmitry Fleytman 
> S: Maintained
> F: hw/net/e1000e*
> 
> -- 
> 2.15.1
> 

[Qemu-devel] [Bug 1310714] Re: User mode networking SLIRP rapid memory leak

[Thomas Huth]

** Changed in: qemu
   Status: Incomplete => Triaged

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1310714

Title:
  User mode networking SLIRP rapid memory leak

Status in QEMU:
  Triaged

Bug description:
  QEMU compiled from git HEAD at
  2d03b49c3f225994c4b0b46146437d8c887d6774 and reproducible at tag
  v2.0.0. I first noticed this bug using Ubuntu Trusty's QEMU 2.0.0~rc1.
  I used to run QEMU 1.7 without this problem.

  This is the command I ran:

  qemu-system-x86_64 -enable-kvm -smp 2 -m 1G -usbdevice tablet -net
  nic,model=e1000 -net user -vnc localhost:99 -drive
  if=ide,file=test.img,cache=none -net nic -net user,tftp=/tmp/tftpdata
  -no-reboot

  The guest is Windows 7 64-bit. The VM starts off normally, but after a
  couple of minutes, the memory usage starts to swell. If let running,
  it eventually consumes all host memory and grinds the host to a halt
  due to heavy swapping.

  When running under gdb, I set a breakpoint on mmap, and this is the
  stack trace I obtained.

  Breakpoint 1, mmap64 () at ../sysdeps/unix/syscall-template.S:81
  81in ../sysdeps/unix/syscall-template.S
  (gdb) where
  #0  mmap64 () at ../sysdeps/unix/syscall-template.S:81
  #1  0x70e65091 in new_heap (size=135168, size@entry=1728, 
  top_pad=) at arena.c:554
  #2  0x70e687b2 in sysmalloc (av=0x7fffd020, nb=1664)
  at malloc.c:2386
  #3  _int_malloc (av=0x7fffd020, bytes=1650) at malloc.c:3740
  #4  0x70e69f50 in __GI___libc_malloc (bytes=1650) at malloc.c:2855
  #5  0x557a091a in m_get (slirp=0x561fe960)
  at /src/qemu/slirp/mbuf.c:73
  #6  0x557a3151 in slirp_input (slirp=0x561fe960, 
  pkt=0x77e94b20 "RU\n", pkt_len=)
  at /src/qemu/slirp/slirp.c:747
  #7  0x55758b24 in net_slirp_receive (nc=, 
  buf=, size=54) at /src/qemu/net/slirp.c:113
  #8  0x557567d1 in qemu_deliver_packet (sender=, 
  flags=, data=, size=, 
  opaque=) at /src/qemu/net/net.c:471
  #9  0x557588d3 in qemu_net_queue_deliver (size=54, 
  data=0x77e94b20 "RU\n", flags=0, sender=0x561fe5e0, 
  queue=0x561fe1d0) at /src/qemu/net/queue.c:157
  #10 qemu_net_queue_send (queue=0x561fe1d0, sender=0x561fe5e0, 
flags=0, 
  data=0x77e94b20 "RU\n", size=54, sent_cb=)
  at /src/qemu/net/queue.c:192
  ---Type  to continue, or q  to quit---
  #11 0x5575536b in net_hub_receive (len=54, buf=0x77e94b20 "RU\n", 
  source_port=0x561fe310, hub=) at /src/qemu/net/hub.c:55
  #12 net_hub_port_receive (nc=0x561fe310, buf=0x77e94b20 "RU\n", 
len=54)
  at /src/qemu/net/hub.c:114
  #13 0x557567d1 in qemu_deliver_packet (sender=, 
  flags=, data=, size=, 
  opaque=) at /src/qemu/net/net.c:471
  #14 0x557588d3 in qemu_net_queue_deliver (size=54, 
  data=0x77e94b20 "RU\n", flags=0, sender=0x56531920, 
  queue=0x561fe090) at /src/qemu/net/queue.c:157
  #15 qemu_net_queue_send (queue=0x561fe090, sender=0x56531920, 
flags=0, 
  data=0x77e94b20 "RU\n", size=54, sent_cb=)
  at /src/qemu/net/queue.c:192
  #16 0x556db95d in xmit_seg (s=0x77e72010)
  at /src/qemu/hw/net/e1000.c:628
  #17 0x556dbd38 in process_tx_desc (dp=0x7fffdf7fda30, 
s=0x77e72010)
  at /src/qemu/hw/net/e1000.c:723
  #18 start_xmit (s=0x77e72010) at /src/qemu/hw/net/e1000.c:778
  #19 set_tctl (s=0x77e72010, index=, val=)
  at /src/qemu/hw/net/e1000.c:1142
  #20 0x55840fb0 in access_with_adjusted_size (addr=14360, 
  value=0x7fffdf7fdb10, size=4, access_size_min=, 
  access_size_max=, 
  ---Type  to continue, or q  to quit---
  access=0x55841160 , mr=0x77e747c0)
  at /src/qemu/memory.c:478
  #21 0x558462fe in memory_region_dispatch_write (size=4, data=454, 
  addr=14360, mr=0x77e747c0) at /src/qemu/memory.c:990
  #22 io_mem_write (mr=0x77e747c0, addr=14360, val=, size=4)
  at /src/qemu/memory.c:1744
  #23 0x557e8717 in address_space_rw (
  as=0x56159c80 , addr=4273485848, 
  buf=0x77fed028 "\306\001", len=4, is_write=true)
  at /src/qemu/exec.c:2034
  #24 0x5583ff65 in kvm_cpu_exec (cpu=)
  at /src/qemu/kvm-all.c:1704
  #25 0x557ddb6c in qemu_kvm_cpu_thread_fn (arg=0x5651b730)
  at /src/qemu/cpus.c:873
  #26 0x711b6182 in start_thread (arg=0x7fffdf7fe700)
  at pthread_create.c:312
  #27 0x70ee1b2d in clone ()
  at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

  Let me know if you have any questions. Thanks.

  liulk

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1310714/+subscriptions

Re: [Qemu-devel] [PATCH] Remove MemoryRegionSection check code from sparc_cpu_get_phys_page_debug()

[Mark Cave-Ayland]

On 06/12/17 20:24, Jean-Christophe DUBOIS wrote:


Le 04/12/2017 à 21:45, Mark Cave-Ayland a écrit :

On 27/11/17 20:19, Jean-Christophe DUBOIS wrote:


Hello Mark,

Did you get any second opinion on this?

Also do you need me to resend the patch with the SPARC keyword in the 
patch subject line?


Hi Jean-Christophe,

Apologies for the delay as I've been fairly busy with my day job. I 
believe Artyom is away at the moment which is why I haven't written a 
reply, but AFAICT there are 2 options:


1) Remove the MemoryRegion check (as per your patch)

2) Change dump_mmu() to call cpu_sparc_get_phys_page() directly

I'm mildly leaning towards 1) since there doesn't seem to be 
equivalent code in other architectures, however the tree is currently 
in freeze for the upcoming 2.11 release so that's where most people's 
free time is currently being spent.


Once I can confirm the correct approach, I'm keen to get this into the 
2.12 tree early so there is plenty of time to spot any regressions 
during the next development cycle.



OK, thanks for the feedback.


I've had no further negative feedback on this patch, so I've applied it 
to my qemu-sparc branch.



ATB,

Mark.

Re: [Qemu-devel] [PATCH 08/12] slirp: removed unused code

[Thomas Huth]

On 08.01.2018 18:29, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  slirp/ip.h | 13 -
>  1 file changed, 13 deletions(-)
> 
> diff --git a/slirp/ip.h b/slirp/ip.h
> index e29ccd3c9f..71c3642cfe 100644
> --- a/slirp/ip.h
> +++ b/slirp/ip.h
> @@ -233,17 +233,4 @@ struct   ipasfrag {
>  #define ipf_next ipf_link.next
>  #define ipf_prev ipf_link.prev
>  
> -/*
> - * Structure stored in mbuf in inpcb.ip_options
> - * and passed to ip_output when ip options are in use.
> - * The actual length of the options (including ipopt_dst)
> - * is in m_len.
> - */
> -#define MAX_IPOPTLEN 40
> -
> -struct ipoption {
> - struct  in_addr ipopt_dst;  /* first-hop dst if source routed */
> - int8_t  ipopt_list[MAX_IPOPTLEN];   /* options proper */
> -} QEMU_PACKED;
> -
>  #endif
> 

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH 07/12] slirp: remove unnecessary

[Thomas Huth]

The subject is missing a word or two.

 Thomas

[Qemu-devel] [Bug 1721220] Re: qemu crashes with assertion error `!mr->container' failed

[Murilo Opsfelder Araújo]

As per previous comments, this bug was fixed by commit
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=d659d94013390238961fac741572306c95496bf5
(released in QEMU v2.11.0):

commit d659d94013390238961fac741572306c95496bf5
Author: Aleksandr Bezzubikov 
Date:   Mon Sep 25 02:21:58 2017 +0300

hw/pci-bridge/pcie_pci_bridge: properly handle MSI unavailability
case

** Changed in: qemu
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1721220

Title:
  qemu crashes with assertion error `!mr->container' failed

Status in QEMU:
  Fix Released

Bug description:
  Re-production steps:
  git clone today's qemu git tree (4th Oct 2017)
  ./configure --target-list=ppc64-softmmu && make -j 8

  Run the device-crash-test from scripts folder, seeing the following
  error

  INFO: running test case: machine=bamboo 
binary=ppc64-softmmu/qemu-system-ppc64 device=pcie-pci-bridge accel=kvm
  WARNING: qemu received signal -6: ppc64-softmmu/qemu-system-ppc64 -chardev 
socket,id=mon,path=/var/tmp/qemu-30972-monitor.sock -mon 
chardev=mon,mode=control -display none -vga none -S -machine bamboo,accel=kvm 
-device pcie-pci-bridge
  CRITICAL: failed: machine=bamboo binary=ppc64-softmmu/qemu-system-ppc64 
device=pcie-pci-bridge accel=kvm
  CRITICAL: cmdline: ppc64-softmmu/qemu-system-ppc64 -S -machine 
bamboo,accel=kvm -device pcie-pci-bridge
  CRITICAL: log: qemu-system-ppc64: /home/nasastry/qemu/memory.c:1699: 
memory_region_finalize: Assertion `!mr->container' failed.
  CRITICAL: log: warning: KVM does not support watchdog
  CRITICAL: exit code: -6

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1721220/+subscriptions

Re: [Qemu-devel] [PATCH 06/12] slirp: remove unused header

[Thomas Huth]

On 08.01.2018 18:28, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  slirp/slirp.h | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/slirp/slirp.h b/slirp/slirp.h
> index 9a7287e7cc..447dc045a8 100644
> --- a/slirp/slirp.h
> +++ b/slirp/slirp.h
> @@ -1,7 +1,6 @@
>  #ifndef SLIRP_H
>  #define SLIRP_H
>  
> -#include "qemu/host-utils.h"

This had been added by commit 87776ab72b02e3c99a042ab7a0a378bc457cc069
which stated "There are some inclusions of qemu/host-utils.h in headers,
but they are all necessary." ... I wonder why it is not necessary
anymore today...?

Anyway, seems like it compiles now fine without this:

Tested-by: Thomas Huth 

Re: [Qemu-devel] Getting rid of phys_mem_set_alloc

[Marcel Apfelbaum]

On 08/01/2018 18:05, Cornelia Huck wrote:

On Sun,  7 Jan 2018 14:32:21 +0200
Marcel Apfelbaum  wrote:

Looking at the churn below...



Hi Cornelia,
Thanks for looking at the patch.


diff --git a/exec.c b/exec.c
index 4722e521d4..247f8bd0c0 100644
--- a/exec.c
+++ b/exec.c
@@ -1278,7 +1278,7 @@ static int subpage_register (subpage_t *mmio, uint32_t 
start, uint32_t end,
   uint16_t section);
  static subpage_t *subpage_init(FlatView *fv, hwaddr base);
  
-static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =

+static void *(*phys_mem_alloc)(size_t size, uint64_t *align, bool shared) =
 qemu_anon_ram_alloc;
  
  /*

@@ -1286,7 +1286,7 @@ static void *(*phys_mem_alloc)(size_t size, uint64_t 
*align) =
   * Accelerators with unusual needs may need this.  Hopefully, we can
   * get rid of it eventually.
   */
-void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
+void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align, bool shared))
  {
  phys_mem_alloc = alloc;
  }



diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index bbf12a1723..85002ac49a 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -248,7 +248,7 @@ int kvm_on_sigbus(int code, void *addr);
  
  /* interface with exec.c */
  
-void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align));

+void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align, bool shared));
  
  /* internal API */
  



diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
index 9b8b59f2a2..6c0fc2f89c 100644
--- a/target/s390x/kvm.c
+++ b/target/s390x/kvm.c
@@ -144,7 +144,7 @@ static int cap_gs;
  
  static int active_cmma;
  
-static void *legacy_s390_alloc(size_t size, uint64_t *align);

+static void *legacy_s390_alloc(size_t size, uint64_t *align, bool shared);
  
  static int kvm_s390_query_mem_limit(uint64_t *memory_limit)

  {
@@ -743,7 +743,7 @@ int kvm_s390_mem_op(S390CPU *cpu, vaddr addr, uint8_t ar, 
void *hostbuf,
   * to grow. We also have to use MAP parameters that avoid
   * read-only mapping of guest pages.
   */
-static void *legacy_s390_alloc(size_t size, uint64_t *align)
+static void *legacy_s390_alloc(size_t size, uint64_t *align, bool shared)
  {
  void *mem;
  


...I'm wondering whether we have any chance to get rid of this in the
future?



As far as I know, we don't usually stop supporting very ancient archs/systems;
if there is at least a system needing the support (e.g. s390x/kvm), it will
probably remain in the code. But is s390's maintainers decision, of course.

Thanks,
Marcel


s390x/kvm is the only user:

 if (!kvm_check_extension(s, KVM_CAP_S390_GMAP)
 || !kvm_check_extension(s, KVM_CAP_S390_COW)) {
 phys_mem_set_alloc(legacy_s390_alloc);
 }

In practice, this means depending on ESOP in the host. Are there still
any machines/hypervisors without ESOP that we can reasonably expect
people to run kvm on?

Re: [Qemu-devel] [PATCH 7/7] i386/pc: use the QEMU_ALIGNED() macro

[Marcel Apfelbaum]

On 08/01/2018 20:02, Philippe Mathieu-Daudé wrote:

Signed-off-by: Philippe Mathieu-Daudé 
---
  hw/i386/pc.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 3fcf318a95..85d9454c71 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -93,12 +93,12 @@ struct e820_entry {
  uint64_t address;
  uint64_t length;
  uint32_t type;
-} QEMU_PACKED __attribute((__aligned__(4)));
+} QEMU_PACKED QEMU_ALIGNED(4);
  
  struct e820_table {

  uint32_t count;
  struct e820_entry entry[E820_NR_ENTRIES];
-} QEMU_PACKED __attribute((__aligned__(4)));
+} QEMU_PACKED QEMU_ALIGNED(4);
  
  static struct e820_table e820_reserve;

  static struct e820_entry *e820_table;



Reviewed-by: Marcel Apfelbaum 

Thanks,
Marcel

Re: [Qemu-devel] [PATCH v5 7/7] vhost: Merge and delete unused callbacks

[Dr. David Alan Gilbert]

* Igor Mammedov (imamm...@redhat.com) wrote:
> On Mon, 18 Dec 2017 20:13:40 +
> "Dr. David Alan Gilbert (git)"  wrote:
> 
> > From: "Dr. David Alan Gilbert" 
> > 
> > Now that the olf vhost_set_memory code is gone, the _nop and _add
> > callbacks are identical and can be merged.  The _del callback is
> > no longer needed.
> > 
> > Signed-off-by: Dr. David Alan Gilbert 
> With style nit fixed
> 
> Reviewed-by: Igor Mammedov 
> 
> > ---
> >  hw/virtio/vhost.c | 31 ---
> >  1 file changed, 4 insertions(+), 27 deletions(-)
> > 
> > diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> > index 358ceb3033..4eaa4f889f 100644
> > --- a/hw/virtio/vhost.c
> > +++ b/hw/virtio/vhost.c
> > @@ -555,7 +555,8 @@ static void vhost_region_add_section(struct vhost_dev 
> > *dev,
> >  }
> >  }
> >  
> > -static void vhost_region_add(MemoryListener *listener,
> > +/* Used for both add and nop callbacks */
> > +static void vhost_region_addnop(MemoryListener *listener,
> >   MemoryRegionSection *section)
> argument alignment should on '('

Fixed, thanks.

Dave

> >  {
> >  struct vhost_dev *dev = container_of(listener, struct vhost_dev,
> > @@ -567,29 +568,6 @@ static void vhost_region_add(MemoryListener *listener,
> >  vhost_region_add_section(dev, section);
> >  }
> >  
> > -/* Called on regions that have not changed */
> > -static void vhost_region_nop(MemoryListener *listener,
> > - MemoryRegionSection *section)
> > -{
> > -struct vhost_dev *dev = container_of(listener, struct vhost_dev,
> > - memory_listener);
> > -
> > -if (!vhost_section(section)) {
> > -return;
> > -}
> > -
> > -vhost_region_add_section(dev, section);
> > -}
> > -
> > -static void vhost_region_del(MemoryListener *listener,
> > - MemoryRegionSection *section)
> > -{
> > -if (!vhost_section(section)) {
> > -return;
> > -}
> > -
> > -}
> > -
> >  static void vhost_iommu_unmap_notify(IOMMUNotifier *n, IOMMUTLBEntry 
> > *iotlb)
> >  {
> >  struct vhost_iommu *iommu = container_of(n, struct vhost_iommu, n);
> > @@ -1158,9 +1136,8 @@ int vhost_dev_init(struct vhost_dev *hdev, void 
> > *opaque,
> >  hdev->memory_listener = (MemoryListener) {
> >  .begin = vhost_begin,
> >  .commit = vhost_commit,
> > -.region_add = vhost_region_add,
> > -.region_del = vhost_region_del,
> > -.region_nop = vhost_region_nop,
> > +.region_add = vhost_region_addnop,
> > +.region_nop = vhost_region_addnop,
> >  .log_start = vhost_log_start,
> >  .log_stop = vhost_log_stop,
> >  .log_sync = vhost_log_sync,
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[Qemu-devel] [PATCH] MAINTAINERS: update Dmitry Fleytman email

[Philippe Mathieu-Daudé]

gently asked by his automatic reply :)

Signed-off-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 73a735..8050499ec5 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1157,7 +1157,7 @@ F: hw/scsi/mfi.h
 F: tests/megasas-test.c
 
 Network packet abstractions
-M: Dmitry Fleytman 
+M: Dmitry Fleytman 
 S: Maintained
 F: include/net/eth.h
 F: net/eth.c
@@ -1165,7 +1165,7 @@ F: hw/net/net_rx_pkt*
 F: hw/net/net_tx_pkt*
 
 Vmware
-M: Dmitry Fleytman 
+M: Dmitry Fleytman 
 S: Maintained
 F: hw/net/vmxnet*
 F: hw/scsi/vmw_pvscsi*
@@ -1186,12 +1186,12 @@ F: hw/mem/nvdimm.c
 F: include/hw/mem/nvdimm.h
 
 e1000x
-M: Dmitry Fleytman 
+M: Dmitry Fleytman 
 S: Maintained
 F: hw/net/e1000x*
 
 e1000e
-M: Dmitry Fleytman 
+M: Dmitry Fleytman 
 S: Maintained
 F: hw/net/e1000e*
 
-- 
2.15.1

Re: [Qemu-devel] [RFC PATCH 6/7] net/eepro100: reduce alignment to DWORD (32bit)

[Philippe Mathieu-Daudé]

On 01/08/2018 03:10 PM, Paolo Bonzini wrote:
> On 08/01/2018 19:02, Philippe Mathieu-Daudé wrote:
>>  /* Data in mem is always in the byte order of the controller (le).
>>   * It must be dword aligned to allow direct access to 32 bit values. */
>> -uint8_t mem[PCI_MEM_SIZE] QEMU_ALIGNED(8);
>> +uint8_t mem[PCI_MEM_SIZE] QEMU_ALIGNED(4);
> 
> It's actually not needed at all, since accesses go through ld*_le_p and
> st*_le_p (commit 4d9be25, "hw/net/eepro100.c: Don't use cpu_to_*w() and
> *_to_cpup()", 2016-06-16).

Cool, I'll update this.

Thank you,

Phil.



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 10/12] configure: disable unaligned access warning on x86 arch

[Philippe Mathieu-Daudé]

On 01/08/2018 02:32 PM, Peter Maydell wrote:
> On 8 January 2018 at 17:29, Philippe Mathieu-Daudé  wrote:
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  configure | 17 +
>>  1 file changed, 17 insertions(+)
> 
> This doesn't seem like the right approach to me. We
> want this sort of thing to be a warning/error on x86,
> because that's the host that everybody actually uses
> to develop with. If they only show up on non-x86
> hosts then the result will be a lot more bounced
> pull requests because of only-non-x86 warnings.

Ok, good point.

Thanks,

Phil.



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH 6/7] net/eepro100: reduce alignment to DWORD (32bit)

[Paolo Bonzini]

On 08/01/2018 19:02, Philippe Mathieu-Daudé wrote:
>  /* Data in mem is always in the byte order of the controller (le).
>   * It must be dword aligned to allow direct access to 32 bit values. */
> -uint8_t mem[PCI_MEM_SIZE] QEMU_ALIGNED(8);
> +uint8_t mem[PCI_MEM_SIZE] QEMU_ALIGNED(4);

It's actually not needed at all, since accesses go through ld*_le_p and
st*_le_p (commit 4d9be25, "hw/net/eepro100.c: Don't use cpu_to_*w() and
*_to_cpup()", 2016-06-16).

Paolo

Re: [Qemu-devel] [PULL 00/25] pc, pci, virtio: features, fixes, cleanups

[Michael S. Tsirkin]

On Mon, Jan 08, 2018 at 09:14:41AM +, Peter Maydell wrote:
> On 21 December 2017 at 23:43, Michael S. Tsirkin  wrote:
> >> you also need to drop "hw/pci: remove obsolete PCIDevice->init()"
> >> (applied in your tree as 18951fce55d5aa58cd1629b4cb704ee51bab4420)
> >> else the not-yet-QOM'ified NVME won't work anymore.
> >
> > Done that too, thanks a lot
> 
> Hi. I'm afraid this pullreq (merge of 880b1ff) has new runtime
> errors from the clang sanitizer:
> 
> /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:201:27:
> runtime error: member access within misaligned address 0x55b4ffee8246
> for type 'struct ip_header', which requires 4 byte alignment
> 0x55b4ffee8246: note: pointer points here
>  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> ff ff 00 00 00 00 00 00  00 00
>  ^
> /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:201:27:
> runtime error: load of misaligned address 0x55b4ffee8246 for type
> 'uint8_t' (aka 'unsigned char'), which requires 4 byte alignment
> 0x55b4ffee8246: note: pointer points here
>  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> ff ff 00 00 00 00 00 00  00 00
>  ^
> /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:208:65:
> runtime error: member access within misaligned address 0x55b4ffee8246
> for type 'struct ip_header', which requires 4 byte alignment
> 0x55b4ffee8246: note: pointer points here
>  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> ff ff 00 00 00 00 00 00  00 00
>  ^
> /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:210:13:
> runtime error: member access within misaligned address 0x55b4ffee8246
> for type 'struct ip_header', which requires 4 byte alignment
> 0x55b4ffee8246: note: pointer points here
>  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> ff ff 00 00 00 00 00 00  00 00
>  ^
> /home/petmay01/linaro/qemu-for-merges/hw/net/net_tx_pkt.c:210:13:
> runtime error: load of misaligned address 0x55b4ffee8246 for type
> 'uint8_t' (aka 'unsigned char'), which requires 4 byte alignment
> 0x55b4ffee8246: note: pointer points here
>  01 00 00 00 45 00  01 a9 01 00 00 00 40 11  78 45 00 00 00 00 ff ff
> ff ff 00 00 00 00 00 00  00 00
>  ^
> 
> Sorry for the late report, I didn't quite have time
> to process the pull before Christmas holidays.
> 
> thanks
> -- PMM

So I bisected and the reason is this commit:

commit 18b20bb43a2f37f0c8ae23a3e9b3d9a4a05b6bd4
Author: David Gibson 
Date:   Tue Dec 19 15:45:22 2017 +1100

tests/pxe-test: Add some extra tests

Previously virtio-net was only tested for ppc64 in "slow" mode.  That
doesn't make much sense since virtio-net is used much more often in
practice than the spapr-vlan device which was tested always.  So, move
virtio-net to always be tested on ppc64.

We had no tests at all for the q35 machine, which doesn't seem wise
given its increasing prominence.  Add a couple of tests for it,
including testing the newer e1000e adapter.

Signed-off-by: David Gibson 
Reviewed-by: Thomas Huth 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 

:04 04 5a982bfea24b9ac3c651b84425a39b3c85f4871e 
771af3fdfb2778c6d6ed6b1098d1e79c181d6fb0 M  tests

Pls either fix or drop e1000e test


-- 
MST

[Qemu-devel] [PATCH 7/7] i386/pc: use the QEMU_ALIGNED() macro

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/i386/pc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 3fcf318a95..85d9454c71 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -93,12 +93,12 @@ struct e820_entry {
 uint64_t address;
 uint64_t length;
 uint32_t type;
-} QEMU_PACKED __attribute((__aligned__(4)));
+} QEMU_PACKED QEMU_ALIGNED(4);
 
 struct e820_table {
 uint32_t count;
 struct e820_entry entry[E820_NR_ENTRIES];
-} QEMU_PACKED __attribute((__aligned__(4)));
+} QEMU_PACKED QEMU_ALIGNED(4);
 
 static struct e820_table e820_reserve;
 static struct e820_entry *e820_table;
-- 
2.15.1

[Qemu-devel] [PATCH v2] cocoa.m: Fix scroll wheel support

[John Arbuckle]

When using a mouse's scroll wheel in a guest with
the cocoa front-end, the mouse pointer moves up
and down instead of scrolling the window. This
patch fixes this problem.

Signed-off-by: John Arbuckle 
---
 ui/cocoa.m | 27 +++
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/ui/cocoa.m b/ui/cocoa.m
index 330ccebf90..6be9848391 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -786,11 +786,24 @@ - (void) handleEvent:(NSEvent *)event
 mouse_event = true;
 break;
 case NSEventTypeScrollWheel:
-if (isMouseGrabbed) {
-buttons |= ([event deltaY] < 0) ?
-MOUSE_EVENT_WHEELUP : MOUSE_EVENT_WHEELDN;
-}
-mouse_event = true;
+/*
+ * Send wheel events to the guest regardless of window focus.
+ * This is in-line with standard Mac OS X UI behaviour.
+ */
+
+/* Determine if this is a scroll up or scroll down event */
+buttons = ([event scrollingDeltaY] > 0) ?
+INPUT_BUTTON_WHEEL_UP : INPUT_BUTTON_WHEEL_DOWN;
+qemu_input_queue_btn(dcl->con, buttons, true);
+qemu_input_event_sync();
+qemu_input_queue_btn(dcl->con, buttons, false);
+qemu_input_event_sync();
+
+/*
+ * Since deltaY also reports scroll wheel events we prevent mouse
+ * movement code from executing.
+ */
+mouse_event = false;
 break;
 default:
 [NSApp sendEvent:event];
@@ -809,9 +822,7 @@ - (void) handleEvent:(NSEvent *)event
 static uint32_t bmap[INPUT_BUTTON__MAX] = {
 [INPUT_BUTTON_LEFT]   = MOUSE_EVENT_LBUTTON,
 [INPUT_BUTTON_MIDDLE] = MOUSE_EVENT_MBUTTON,
-[INPUT_BUTTON_RIGHT]  = MOUSE_EVENT_RBUTTON,
-[INPUT_BUTTON_WHEEL_UP]   = MOUSE_EVENT_WHEELUP,
-[INPUT_BUTTON_WHEEL_DOWN] = MOUSE_EVENT_WHEELDN,
+[INPUT_BUTTON_RIGHT]  = MOUSE_EVENT_RBUTTON
 };
 qemu_input_update_buttons(dcl->con, bmap, last_buttons, buttons);
 last_buttons = buttons;
-- 
2.14.3 (Apple Git-98)

[Qemu-devel] [RFC PATCH 6/7] net/eepro100: reduce alignment to DWORD (32bit)

[Philippe Mathieu-Daudé]

as suggested in the comment.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/net/eepro100.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
index 61d767524f..abb44710d9 100644
--- a/hw/net/eepro100.c
+++ b/hw/net/eepro100.c
@@ -266,7 +266,7 @@ typedef struct {
 
 /* Data in mem is always in the byte order of the controller (le).
  * It must be dword aligned to allow direct access to 32 bit values. */
-uint8_t mem[PCI_MEM_SIZE] QEMU_ALIGNED(8);
+uint8_t mem[PCI_MEM_SIZE] QEMU_ALIGNED(4);
 
 /* Configuration bytes. */
 uint8_t configuration[22];
-- 
2.15.1

Re: [Qemu-devel] [PATCH v5 4/7] vhost: Merge sections added to temporary list

[Dr. David Alan Gilbert]

* Igor Mammedov (imamm...@redhat.com) wrote:
> On Mon, 18 Dec 2017 20:13:37 +
> "Dr. David Alan Gilbert (git)"  wrote:
> 
> > From: "Dr. David Alan Gilbert" 
> > 
> > As sections are reported by the listener to the _nop and _add
> > methods, add them to the temporary section list but now merge them
> > with the previous section if the new one abuts and the backend allows.
> > 
> > Signed-off-by: Dr. David Alan Gilbert 
> beside small nit patch looks good to me, so with it fixed
> 
> Reviewed-by: Igor Mammedov 
> 
> > ---
> >  hw/virtio/trace-events |  2 ++
> >  hw/virtio/vhost.c  | 70 
> > +++---
> >  2 files changed, 63 insertions(+), 9 deletions(-)
> > 
> > diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events
> > index 4a493bcd46..0e63c8739d 100644
> > --- a/hw/virtio/trace-events
> > +++ b/hw/virtio/trace-events
> > @@ -1,6 +1,8 @@
> >  # See docs/devel/tracing.txt for syntax documentation.
> >  
> >  # hw/virtio/vhost.c
> > +vhost_region_add_section(const char *name, uint64_t gpa, uint64_t size, 
> > uint64_t host) "%s: 0x%"PRIx64"+0x%"PRIx64" @ 0x%"PRIx64
> > +vhost_region_add_section_abut(const char *name, uint64_t new_size) "%s: 
> > 0x%"PRIx64
> >  vhost_section(const char *name, int r) "%s:%d"
> >  
> >  # hw/virtio/virtio.c
> > diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> > index 18611f0d40..57d15acd2b 100644
> > --- a/hw/virtio/vhost.c
> > +++ b/hw/virtio/vhost.c
> > @@ -709,14 +709,65 @@ out:
> >  return;
> >  }
> >  
> > -static void vhost_add_section(struct vhost_dev *dev,
> > -  MemoryRegionSection *section)
> > +/* Adds the section data to the tmp_section structure.
> > + * It relies on the listener calling us in memory address order
> > + * and for each region (via the _add and _nop methods) to
> > + * join neighbours.
> > + */
> > +static void vhost_region_add_section(struct vhost_dev *dev,
> > + MemoryRegionSection *section)
> wrong alignment, should be on '('

Fixed, thanks.

Dave

> >  {
> > -++dev->n_tmp_sections;
> > -dev->tmp_sections = g_renew(MemoryRegionSection, dev->tmp_sections,
> > -dev->n_tmp_sections);
> > -dev->tmp_sections[dev->n_tmp_sections - 1] = *section;
> > -memory_region_ref(section->mr);
> > +bool need_add = true;
> > +uint64_t mrs_size = int128_get64(section->size);
> > +uint64_t mrs_gpa = section->offset_within_address_space;
> > +uintptr_t mrs_host = (uintptr_t)memory_region_get_ram_ptr(section->mr) 
> > +
> > + section->offset_within_region;
> > +
> > +trace_vhost_region_add_section(section->mr->name, mrs_gpa, mrs_size,
> > +   mrs_host);
> > +
> > +if (dev->n_tmp_sections) {
> > +/* Since we already have at least one section, lets see if
> > + * this extends it; since we're scanning in order, we only
> > + * have to look at the last one, and the FlatView that calls
> > + * us shouldn't have overlaps.
> > + */
> > +MemoryRegionSection *prev_sec = dev->tmp_sections +
> > +   (dev->n_tmp_sections - 1);
> > +uint64_t prev_gpa_start = prev_sec->offset_within_address_space;
> > +uint64_t prev_size = int128_get64(prev_sec->size);
> > +uint64_t prev_gpa_end   = range_get_last(prev_gpa_start, 
> > prev_size);
> > +uint64_t prev_host_start =
> > +(uintptr_t)memory_region_get_ram_ptr(prev_sec->mr) 
> > +
> > +prev_sec->offset_within_region;
> > +uint64_t prev_host_end   = range_get_last(prev_host_start, 
> > prev_size);
> > +
> > +if (prev_gpa_end + 1 == mrs_gpa &&
> > +prev_host_end + 1 == mrs_host &&
> > +section->mr == prev_sec->mr &&
> > +(!dev->vhost_ops->vhost_backend_can_merge ||
> > +dev->vhost_ops->vhost_backend_can_merge(dev,
> > +mrs_host, mrs_size,
> > +prev_host_start, prev_size))) {
> > +/* The two sections abut */
> > +need_add = false;
> > +prev_sec->size = int128_add(prev_sec->size, section->size);
> > +trace_vhost_region_add_section_abut(section->mr->name,
> > +mrs_size + prev_size);
> > +}
> > +}
> > +
> > +if (need_add) {
> > +++dev->n_tmp_sections;
> > +dev->tmp_sections = g_renew(MemoryRegionSection, dev->tmp_sections,
> > +dev->n_tmp_sections);
> > +dev->tmp_sections[dev->n_tmp_sections - 1] = *section;
> > +/* The flatview isn't stable and we don't use it, making it NULL
> > + * means we can memcmp the list.
> > + */
> > +

[Qemu-devel] [PATCH 4/7] net/rocker: move struct rocker_desc to C file

[Philippe Mathieu-Daudé]

this is the only user.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/net/rocker/rocker_hw.h   | 13 -
 hw/net/rocker/rocker_desc.c | 13 +
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/hw/net/rocker/rocker_hw.h b/hw/net/rocker/rocker_hw.h
index 8b4ce250d5..daaaf4080f 100644
--- a/hw/net/rocker/rocker_hw.h
+++ b/hw/net/rocker/rocker_hw.h
@@ -119,19 +119,6 @@ enum {
  */
 #define ROCKER_RING_INDEX(reg) ((reg >> 5) & 0x7F)
 
-/*
- * Rocker DMA Descriptor
- */
-
-typedef struct rocker_desc {
-__le64 buf_addr;
-uint64_t cookie;
-__le16 buf_size;
-__le16 tlv_size;
-__le16 rsvd[5];   /* pad to 32 bytes */
-__le16 comp_err;
-} QEMU_PACKED QEMU_ALIGNED(8) RockerDesc;
-
 /*
  * Rocker TLV type fields
  */
diff --git a/hw/net/rocker/rocker_desc.c b/hw/net/rocker/rocker_desc.c
index b009da4f89..2f2de837f8 100644
--- a/hw/net/rocker/rocker_desc.c
+++ b/hw/net/rocker/rocker_desc.c
@@ -23,6 +23,19 @@
 #include "rocker_hw.h"
 #include "rocker_desc.h"
 
+/*
+ * Rocker DMA Descriptor
+ */
+
+typedef struct rocker_desc {
+__le64 buf_addr;
+uint64_t cookie;
+__le16 buf_size;
+__le16 tlv_size;
+__le16 rsvd[5];   /* pad to 32 bytes */
+__le16 comp_err;
+} QEMU_PACKED QEMU_ALIGNED(8) RockerDesc;
+
 struct desc_ring {
 hwaddr base_addr;
 uint32_t size;
-- 
2.15.1

[Qemu-devel] [PATCH 5/7] net/eepro100: use QEMU_ALIGNED() macro

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/net/eepro100.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
index a07a63247e..61d767524f 100644
--- a/hw/net/eepro100.c
+++ b/hw/net/eepro100.c
@@ -266,7 +266,7 @@ typedef struct {
 
 /* Data in mem is always in the byte order of the controller (le).
  * It must be dword aligned to allow direct access to 32 bit values. */
-uint8_t mem[PCI_MEM_SIZE] __attribute__((aligned(8)));
+uint8_t mem[PCI_MEM_SIZE] QEMU_ALIGNED(8);
 
 /* Configuration bytes. */
 uint8_t configuration[22];
-- 
2.15.1

[Qemu-devel] [PATCH 3/7] net/rocker: use QEMU_PACKED and QEMU_ALIGNED() macros

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/net/rocker/rocker_hw.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/net/rocker/rocker_hw.h b/hw/net/rocker/rocker_hw.h
index 1786323fa4..8b4ce250d5 100644
--- a/hw/net/rocker/rocker_hw.h
+++ b/hw/net/rocker/rocker_hw.h
@@ -130,7 +130,7 @@ typedef struct rocker_desc {
 __le16 tlv_size;
 __le16 rsvd[5];   /* pad to 32 bytes */
 __le16 comp_err;
-} __attribute__((packed, aligned(8))) RockerDesc;
+} QEMU_PACKED QEMU_ALIGNED(8) RockerDesc;
 
 /*
  * Rocker TLV type fields
@@ -140,7 +140,7 @@ typedef struct rocker_tlv {
 __le32 type;
 __le16 len;
 __le16 rsvd;
-} __attribute__((packed, aligned(8))) RockerTlv;
+} QEMU_PACKED QEMU_ALIGNED(8) RockerTlv;
 
 /* cmd msg */
 enum {
-- 
2.15.1

[Qemu-devel] [PATCH 2/7] net/eth: use the QEMU_PACKED macro

[Philippe Mathieu-Daudé]

---
 include/net/eth.h | 26 +-
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/include/net/eth.h b/include/net/eth.h
index 09054a506d..87c6499f18 100644
--- a/include/net/eth.h
+++ b/include/net/eth.h
@@ -36,12 +36,12 @@ struct eth_header {
 uint8_t  h_dest[ETH_ALEN];   /* destination eth addr */
 uint8_t  h_source[ETH_ALEN]; /* source ether addr*/
 uint16_t h_proto;/* packet type ID field */
-};
+} QEMU_PACKED;
 
 struct vlan_header {
 uint16_t  h_tci; /* priority and VLAN ID  */
 uint16_t  h_proto;   /* encapsulated protocol */
-};
+} QEMU_PACKED;
 
 struct ip_header {
 uint8_t  ip_ver_len; /* version and header length */
@@ -53,9 +53,9 @@ struct ip_header {
 uint8_t  ip_p;   /* protocol */
 uint16_t ip_sum; /* checksum */
 uint32_t ip_src, ip_dst; /* source and destination address */
-};
+} QEMU_PACKED;
 
-typedef struct tcp_header {
+typedef struct QEMU_PACKED tcp_header {
 uint16_t th_sport;  /* source port */
 uint16_t th_dport;  /* destination port */
 uint32_t th_seq;/* sequence number */
@@ -77,14 +77,14 @@ typedef struct tcp_header {
 #define TCP_HEADER_DATA_OFFSET(tcp) \
 (((be16_to_cpu((tcp)->th_offset_flags) >> 12) & 0xf) << 2)
 
-typedef struct udp_header {
+typedef struct QEMU_PACKED udp_header {
 uint16_t uh_sport; /* source port */
 uint16_t uh_dport; /* destination port */
 uint16_t uh_ulen;  /* udp length */
 uint16_t uh_sum;   /* udp checksum */
 } udp_header;
 
-typedef struct ip_pseudo_header {
+typedef struct QEMU_PACKED ip_pseudo_header {
 uint32_t ip_src;
 uint32_t ip_dst;
 uint8_t  zeros;
@@ -116,9 +116,9 @@ struct ip6_header {
 } ip6_ctlun;
 struct in6_address ip6_src;/* source address */
 struct in6_address ip6_dst;/* destination address */
-};
+} QEMU_PACKED;
 
-typedef struct ip6_pseudo_header {
+typedef struct QEMU_PACKED ip6_pseudo_header {
 struct in6_address ip6_src;
 struct in6_address ip6_dst;
 uint32_t   len;
@@ -129,7 +129,7 @@ typedef struct ip6_pseudo_header {
 struct ip6_ext_hdr {
 uint8_tip6r_nxt;   /* next header */
 uint8_tip6r_len;   /* length in units of 8 octets */
-};
+} QEMU_PACKED;
 
 struct ip6_ext_hdr_routing {
 uint8_t nxt;
@@ -137,21 +137,21 @@ struct ip6_ext_hdr_routing {
 uint8_t rtype;
 uint8_t segleft;
 uint8_t rsvd[4];
-};
+} QEMU_PACKED;
 
 struct ip6_option_hdr {
 #define IP6_OPT_PAD1   (0x00)
 #define IP6_OPT_HOME   (0xC9)
 uint8_t type;
 uint8_t len;
-};
+} QEMU_PACKED;
 
 struct udp_hdr {
   uint16_t uh_sport;   /* source port */
   uint16_t uh_dport;   /* destination port */
   uint16_t uh_ulen;/* udp length */
   uint16_t uh_sum; /* udp checksum */
-};
+} QEMU_PACKED;
 
 struct tcp_hdr {
 u_short th_sport;   /* source port */
@@ -180,7 +180,7 @@ struct tcp_hdr {
 u_short th_win;  /* window */
 u_short th_sum;  /* checksum */
 u_short th_urp;  /* urgent pointer */
-};
+} QEMU_PACKED;
 
 #define ip6_nxt  ip6_ctlun.ip6_un1.ip6_un1_nxt
 #define ip6_ecn_acc  ip6_ctlun.ip6_un3.ip6_un3_ecn
-- 
2.15.1