Re: [Qemu-devel] [PULL 0/8] Ui 20180308 patches

[Gerd Hoffmann]

  Hi,

> Maybe I should move the code to a separate source file so it can be
> built with different compiler flags, without needing #pragma?  I don't
> feel like building all gtk code with -Wno-deprecated-declarations ...

Hmm, that idea doesn't fly, seems per-object cflags don't work for
object files which get linked into a module.

Other ideas anyone?

cheers,
  Gerd

Re: [Qemu-devel] [Qemu-ppc] [PATCH] hw/ppc/spapr: Allow "spapr-vlan" as NIC model name beside "ibmveth"

[Greg Kurz]

On Fri,  9 Mar 2018 08:01:38 +0100
Thomas Huth  wrote:

> With the new "--nic" command line parameter option, the "old" way of
> specifying a NIC model via the nd_table[] is becoming more prominent
> again. But for the pseries "spapr-vlan" device, there is a confusing
> discrepancy between the model name that is used for "--device" (i.e.
> "spapr-vlan") and the model name that has to be used for "--net nic"
> or the new "--nic" parameter (i.e. "ibmveth"). Since "spapr-vlan" is
> the "real" name of the device, let's allow "spapr-vlan" to be used
> as model name for the nd_table[] entries, too.
> 
> Signed-off-by: Thomas Huth 
> ---

Reviewed-by: Greg Kurz 

>  hw/ppc/spapr.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 7e1c858..dfa9e43 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -2607,10 +2607,11 @@ static void spapr_machine_init(MachineState *machine)
>  NICInfo *nd = _table[i];
>  
>  if (!nd->model) {
> -nd->model = g_strdup("ibmveth");
> +nd->model = g_strdup("spapr-vlan");
>  }
>  
> -if (strcmp(nd->model, "ibmveth") == 0) {
> +if (g_str_equal(nd->model, "spapr-vlan") ||
> +g_str_equal(nd->model, "ibmveth")) {
>  spapr_vlan_create(spapr->vio_bus, nd);
>  } else {
>  pci_nic_init_nofail(_table[i], phb->bus, nd->model, NULL);

Re: [Qemu-devel] [PATCH 3/3] q35: change default NIC to e1000e

[Jason Wang]

On 2018年03月09日 01:28, Paolo Bonzini wrote:

The e1000 NIC is getting old and is not a very good default for a
PCIe machine type.  Change it to e1000e, which should be supported
by a good number of guests.

In particular, drivers for 82574 were added first to Linux 2.6.27 (2008)
and Windows 2008 R2.  This does mean that Windows 2008 will not work
anymore with Q35 machine types and a default "-net nic -net xxx" network
configuration; it did work before because it does have an AHCI driver.
However, Windows 2008 has been declared out of main stream support
in 2015.  It will get out of extended support in 2020.  Windows 2008
R2 has the same end of support dates and, since the two are basically
Vista vs. Windows 7, R2 probably is more popular.

Cc: Jason Wang 
Cc: Thomas Huth 
Signed-off-by: Paolo Bonzini 
---
  hw/i386/pc.c | 7 ---
  hw/i386/pc_piix.c| 6 +-
  hw/i386/pc_q35.c | 8 +++-
  include/hw/i386/pc.h | 3 ++-
  4 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 35fcb6efdf..dc1f535697 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1619,18 +1619,19 @@ void pc_basic_device_init(ISABus *isa_bus, qemu_irq 
*gsi,
  }
  }
  
-void pc_nic_init(ISABus *isa_bus, PCIBus *pci_bus)

+void pc_nic_init(PCMachineClass *pcmc, ISABus *isa_bus, PCIBus *pci_bus)
  {
  int i;
  
  rom_set_order_override(FW_CFG_ORDER_OVERRIDE_NIC);

  for (i = 0; i < nb_nics; i++) {
  NICInfo *nd = _table[i];
+const char *model = nd->model ? nd->model : pcmc->default_nic_model;
  
-if (!pci_bus || (nd->model && strcmp(nd->model, "ne2k_isa") == 0)) {

+if (g_str_equal(model, "ne2k_isa")) {
  pc_init_ne2k_isa(isa_bus, nd);
  } else {
-pci_nic_init_nofail(nd, pci_bus, "e1000", NULL);
+pci_nic_init_nofail(nd, pci_bus, model, NULL);
  }
  }
  rom_reset_order_override();
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 8658bcba63..0f1966d547 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -240,7 +240,7 @@ static void pc_init1(MachineState *machine,
  pc_basic_device_init(isa_bus, pcms->gsi, _state, true,
   (pcms->vmport != ON_OFF_AUTO_ON), pcms->pit, 0x4);
  
-pc_nic_init(isa_bus, pci_bus);

+pc_nic_init(pcmc, isa_bus, pci_bus);
  
  ide_drive_get(hd, ARRAY_SIZE(hd));

  if (pcmc->pci_enabled) {
@@ -417,6 +417,9 @@ static void pc_xen_hvm_init(MachineState *machine)
  
  static void pc_i440fx_machine_options(MachineClass *m)

  {
+PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
+pcmc->default_nic_model = "e1000";
+
  m->family = "pc_piix";
  m->desc = "Standard PC (i440FX + PIIX, 1996)";
  m->default_machine_opts = "firmware=bios-256k.bin";
@@ -1114,6 +1117,7 @@ static void isapc_machine_options(MachineClass *m)
  pcmc->gigabyte_align = false;
  pcmc->smbios_legacy_mode = true;
  pcmc->has_reserved_memory = false;
+pcmc->default_nic_model = "ne2k_isa";
  m->default_cpu_type = X86_CPU_TYPE_NAME("486");
  }
  
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c

index 0c0bc48137..9ae916327e 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -272,7 +272,7 @@ static void pc_q35_init(MachineState *machine)
  
  /* the rest devices to which pci devfn is automatically assigned */

  pc_vga_init(isa_bus, host_bus);
-pc_nic_init(isa_bus, host_bus);
+pc_nic_init(pcmc, isa_bus, host_bus);
  
  if (pcms->acpi_nvdimm_state.is_enabled) {

  nvdimm_init_acpi_state(>acpi_nvdimm_state, system_io,
@@ -294,6 +294,9 @@ static void pc_q35_init(MachineState *machine)
  
  static void pc_q35_machine_options(MachineClass *m)

  {
+PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
+pcmc->default_nic_model = "e1000e";
+
  m->family = "pc_q35";
  m->desc = "Standard PC (Q35 + ICH9, 2009)";
  m->units_per_default_bus = 1;
@@ -316,7 +319,10 @@ DEFINE_Q35_MACHINE(v2_12, "pc-q35-2.12", NULL,
  
  static void pc_q35_2_11_machine_options(MachineClass *m)

  {
+PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
+
  pc_q35_2_12_machine_options(m);
+pcmc->default_nic_model = "e1000";
  m->alias = NULL;
  SET_MACHINE_COMPAT(m, PC_COMPAT_2_11);
  }
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index bb49165fe0..e81654eb7f 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -114,6 +114,7 @@ struct PCMachineClass {
  /* Device configuration: */
  bool pci_enabled;
  bool kvmclock_enabled;
+const char *default_nic_model;
  
  /* Compat options: */
  
@@ -248,7 +249,7 @@ void pc_init_ne2k_isa(ISABus *bus, NICInfo *nd);

  void pc_cmos_init(PCMachineState *pcms,
BusState *ide0, BusState *ide1,
ISADevice *s);
-void pc_nic_init(ISABus *isa_bus, PCIBus *pci_bus);
+void pc_nic_init(PCMachineClass *pcmc, ISABus 

Re: [Qemu-devel] [PATCH 2/3] net: allow using any PCI NICs in -net or -nic

[Jason Wang]

On 2018年03月09日 01:28, Paolo Bonzini wrote:

Remove the hard-coded list of PCI NIC names; instead, fill an array
using all PCI devices listed under DEVICE_CATEGORY_NETWORK. Keep
the old shortcut "virtio" for virtio-net-pci.

Suggested-by: Thomas Huth 
Cc: Jason Wang 
Signed-off-by: Paolo Bonzini 
---
  hw/pci/pci.c | 61 ++--
  1 file changed, 30 insertions(+), 31 deletions(-)

diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 2174c254eb..67a3f72bd6 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -1815,49 +1815,48 @@ PciInfoList *qmp_query_pci(Error **errp)
  return head;
  }
  
-static const char * const pci_nic_models[] = {

-"ne2k_pci",
-"i82551",
-"i82557b",
-"i82559er",
-"rtl8139",
-"e1000",
-"pcnet",
-"virtio",
-"sungem",
-NULL
-};
-
-static const char * const pci_nic_names[] = {
-"ne2k_pci",
-"i82551",
-"i82557b",
-"i82559er",
-"rtl8139",
-"e1000",
-"pcnet",
-"virtio-net-pci",
-"sungem",
-NULL
-};
-
  /* Initialize a PCI NIC.  */
  PCIDevice *pci_nic_init_nofail(NICInfo *nd, PCIBus *rootbus,
 const char *default_model,
 const char *default_devaddr)
  {
  const char *devaddr = nd->devaddr ? nd->devaddr : default_devaddr;
+GSList *list;
+GPtrArray *pci_nic_models;
  PCIBus *bus;
  PCIDevice *pci_dev;
  DeviceState *dev;
  int devfn;
  int i;
  
-if (qemu_show_nic_models(nd->model, pci_nic_models)) {

+if (nd->model && !strcmp(nd->model, "virtio")) {
+g_free(nd->model);
+nd->model = g_strdup("virtio-net-pci");
+}
+
+list = object_class_get_list_sorted(TYPE_PCI_DEVICE, false);
+pci_nic_models = g_ptr_array_new();
+while (list) {
+DeviceClass *dc = OBJECT_CLASS_CHECK(DeviceClass, list->data,
+ TYPE_DEVICE);
+GSList *next;
+if (test_bit(DEVICE_CATEGORY_NETWORK, dc->categories) &&
+dc->user_creatable) {
+const char *name = object_class_get_name(list->data);
+g_ptr_array_add(pci_nic_models, (gpointer)name);
+}
+next = list->next;
+g_slist_free_1(list);
+list = next;
+}
+g_ptr_array_add(pci_nic_models, NULL);
+
+if (qemu_show_nic_models(nd->model, (const char **)pci_nic_models->pdata)) 
{
  exit(0);
  }
  
-i = qemu_find_nic_model(nd, pci_nic_models, default_model);

+i = qemu_find_nic_model(nd, (const char **)pci_nic_models->pdata,
+default_model);
  if (i < 0) {
  exit(1);
  }
@@ -1865,15 +1864,15 @@ PCIDevice *pci_nic_init_nofail(NICInfo *nd, PCIBus 
*rootbus,
  bus = pci_get_bus_devfn(, rootbus, devaddr);
  if (!bus) {
  error_report("Invalid PCI device address %s for device %s",
- devaddr, pci_nic_names[i]);
+ devaddr, nd->model);
  exit(1);
  }
  
-pci_dev = pci_create(bus, devfn, pci_nic_names[i]);

+pci_dev = pci_create(bus, devfn, nd->model);
  dev = _dev->qdev;
  qdev_set_nic_properties(dev, nd);
  qdev_init_nofail(dev);
-
+g_ptr_array_free(pci_nic_models, true);
  return pci_dev;
  }
  


Reviewed-by: Jason Wang 

Re: [Qemu-devel] [PATCH v3 07/12] vfio/pci: register sva notifier

[Peter Xu]

On Thu, Mar 08, 2018 at 11:22:26AM +, Liu, Yi L wrote:
> > From: Peter Xu [mailto:pet...@redhat.com]
> > Sent: Tuesday, March 6, 2018 8:10 PM
> > To: Liu, Yi L 
> > Cc: Liu, Yi L ; qemu-devel@nongnu.org; 
> > m...@redhat.com;
> > da...@gibson.dropbear.id.au; pbonz...@redhat.com; 
> > alex.william...@redhat.com;
> > eric.auger@gmail.com; Tian, Kevin ;
> > jasow...@redhat.com
> > Subject: Re: [PATCH v3 07/12] vfio/pci: register sva notifier
> > 
> > On Tue, Mar 06, 2018 at 08:00:41AM +, Liu, Yi L wrote:
> > > > From: Peter Xu [mailto:pet...@redhat.com]
> > > > Sent: Tuesday, March 6, 2018 2:45 PM
> > > > Subject: Re: [PATCH v3 07/12] vfio/pci: register sva notifier
> > > >
> > > > On Thu, Mar 01, 2018 at 06:33:30PM +0800, Liu, Yi L wrote:
> > > > > This patch shows how sva notifier is registered. And provided an
> > > > > example by registering notify func for tlb flush propagation.
> > > > >
> > > > > Signed-off-by: Liu, Yi L 
> > > > > ---
> > > > >  hw/vfio/pci.c | 55
> > > > > +--
> > > > >  1 file changed, 53 insertions(+), 2 deletions(-)
> > > > >
> > > > > diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c index a60a4d7..b7297cc
> > > > > 100644
> > > > > --- a/hw/vfio/pci.c
> > > > > +++ b/hw/vfio/pci.c
> > > > > @@ -2775,6 +2775,26 @@ static void
> > > > > vfio_unregister_req_notifier(VFIOPCIDevice
> > > > *vdev)
> > > > >  vdev->req_enabled = false;
> > > > >  }
> > > > >
> > > > > +static VFIOContainer *vfio_get_container_from_busdev(PCIBus *bus,
> > > > > + int32_t devfn) {
> > > > > +VFIOGroup *group;
> > > > > +VFIOPCIDevice *vdev_iter;
> > > > > +VFIODevice *vbasedev_iter;
> > > > > +PCIDevice *pdev_iter;
> > > > > +
> > > > > +QLIST_FOREACH(group, _group_list, next) {
> > > > > +QLIST_FOREACH(vbasedev_iter, >device_list, next) {
> > > > > +vdev_iter = container_of(vbasedev_iter, VFIOPCIDevice, 
> > > > > vbasedev);
> > > > > +pdev_iter = _iter->pdev;
> > > > > +if (pci_get_bus(pdev_iter) == bus && pdev_iter->devfn == 
> > > > > devfn) {
> > > > > +return group->container;
> > > > > +}
> > > > > +}
> > > > > +}
> > > > > +return NULL;
> > > > > +}
> > > > > +
> > > > >  static void vfio_pci_device_sva_bind_pasid_table(PCIBus *bus,
> > > > >   int32_t devfn, uint64_t pasidt_addr, uint32_t
> > > > > size) { @@ -2783,11 +2803,42 @@ static void
> > > > > vfio_pci_device_sva_bind_pasid_table(PCIBus *bus,
> > > > >  So far, Intel VT-d and AMD IOMMU requires it. */  }
> > > > >
> > > > > +static void vfio_iommu_sva_tlb_invalidate_notify(IOMMUSVANotifier *n,
> > > > > +
> > > > > +IOMMUSVAEventData
> > > > > +*event_data) {
> > > > > +/*  Sample code, would be detailed in coming virt-SVA patchset.
> > > > > +VFIOGuestIOMMUSVAContext *gsva_ctx;
> > > > > +IOMMUSVAContext *sva_ctx;
> > > > > +VFIOContainer *container;
> > > > > +
> > > > > +gsva_ctx = container_of(n, VFIOGuestIOMMUSVAContext, n);
> > > > > +container = gsva_ctx->container;
> > > > > +
> > > > > +TODO: forward to host through VFIO IOCTL
> > > >
> > > > IMHO if the series is not ready for merging, we can still mark it as
> > > > RFC and declare that so people won't need to go into details of the 
> > > > patches.
> > >
> > > Thanks for the suggestion. Actually, I was hesitating it. As you may
> > > know, this is actually 3rd version of this effort. But yes, I would 
> > > follow your
> > suggestion in coming versions.
> > 
> > Yeah, it's a long way even since the first version of the work.
> > However IMHO it's not about which version are you working with, it's about 
> > whether
> > you think it's a complete work and ready to be merged.
> > IMHO if you are very sure it's not good for merging, we should better 
> > provide the
> > RFC tag, or mention that in the cover letter.  So firstly the maintainer 
> > won't
> > accidentaly merge your series; meanwhile reviewers will know the state of 
> > series so
> > they can decide on which aspect they'll focus on during the review.
> 
> thanks for the guiding~
> 
> > >
> > > > > +*/
> > > > > +}
> > > > > +
> > > > >  static void vfio_pci_device_sva_register_notifier(PCIBus *bus,
> > > > >int32_t devfn, IOMMUSVAContext *sva_ctx)  {
> > > > > -/* Register notifier for TLB invalidation propagation
> > > > > -   */
> > > > > +VFIOContainer *container =
> > > > > + vfio_get_container_from_busdev(bus,
> > > > > + devfn);
> > > > > +
> > > > > +if (container != NULL) {
> > > > > +VFIOGuestIOMMUSVAContext *gsva_ctx;
> > > > > +gsva_ctx = g_malloc0(sizeof(*gsva_ctx));
> > > > > +gsva_ctx->sva_ctx = sva_ctx;
> > > > > +gsva_ctx->container = container;
> > > > > +

[Qemu-devel] [PATCH] hw/ppc/spapr: Allow "spapr-vlan" as NIC model name beside "ibmveth"

[Thomas Huth]

With the new "--nic" command line parameter option, the "old" way of
specifying a NIC model via the nd_table[] is becoming more prominent
again. But for the pseries "spapr-vlan" device, there is a confusing
discrepancy between the model name that is used for "--device" (i.e.
"spapr-vlan") and the model name that has to be used for "--net nic"
or the new "--nic" parameter (i.e. "ibmveth"). Since "spapr-vlan" is
the "real" name of the device, let's allow "spapr-vlan" to be used
as model name for the nd_table[] entries, too.

Signed-off-by: Thomas Huth 
---
 hw/ppc/spapr.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 7e1c858..dfa9e43 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2607,10 +2607,11 @@ static void spapr_machine_init(MachineState *machine)
 NICInfo *nd = _table[i];
 
 if (!nd->model) {
-nd->model = g_strdup("ibmveth");
+nd->model = g_strdup("spapr-vlan");
 }
 
-if (strcmp(nd->model, "ibmveth") == 0) {
+if (g_str_equal(nd->model, "spapr-vlan") ||
+g_str_equal(nd->model, "ibmveth")) {
 spapr_vlan_create(spapr->vio_bus, nd);
 } else {
 pci_nic_init_nofail(_table[i], phb->bus, nd->model, NULL);
-- 
1.8.3.1

Re: [Qemu-devel] [PULL 0/8] Ui 20180308 patches

[Gerd Hoffmann]

  Hi,

> Hi. This gives me a new warning on FreeBSD:
> 
>   CC  ui/gtk.o
> /root/qemu/ui/gtk.c:2141:13: warning: 'gtk_widget_set_double_buffered'
> is deprecated [-Wdeprecated-declarations]
> gtk_widget_set_double_buffered(vc->gfx.drawing_area, FALSE);
> ^
> /usr/local/include/gtk-3.0/gtk/gtkwidget.h:876:23: note:
> 'gtk_widget_set_double_buffered' has been explicitly marked deprecated
> here
> void  gtk_widget_set_double_buffered(GtkWidget*widget,

Known issue.  The gtk-egl.c code needs this even though it is
deprecated.  We have a diagnostic pragma in place for gcc, seems that
doesn't work on freebsd because it builds with clang not gcc.

Hmm, quick googling shows clang seems to support this too.
https://clang.llvm.org/docs/UsersManual.html#pragma-gcc-diagnostic

/me looks puzzled.  Test for CONFIG_PRAGMA_DIAGNOSTIC_AVAILABLE not
working properly on freebsd?

Seems clang doesn't support a pragma used in qemu, config.log says:

error: unknown warning group '-Wunused-but-set-variable'.

Maybe I should move the code to a separate source file so it can be
built with different compiler flags, without needing #pragma?  I don't
feel like building all gtk code with -Wno-deprecated-declarations ...

cheers,
  Gerd

Re: [Qemu-devel] [PATCH v8 8/9] vfio/display: adding region support

[Kirti Wankhede]

Reviewed By: Kirti Wankhede 

Thanks,
Kirti

On 3/6/2018 5:04 PM, Gerd Hoffmann wrote:
> Wire up region-based display.
> 
> Signed-off-by: Gerd Hoffmann 
> ---
>  hw/vfio/pci.h |   1 +
>  include/hw/vfio/vfio-common.h |   8 +++
>  hw/vfio/display.c | 117 
> +-
>  3 files changed, 124 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
> index a846cf6237..629c875701 100644
> --- a/hw/vfio/pci.h
> +++ b/hw/vfio/pci.h
> @@ -148,6 +148,7 @@ typedef struct VFIOPCIDevice {
>  bool no_kvm_msi;
>  bool no_kvm_msix;
>  bool no_geforce_quirks;
> +VFIODisplay *dpy;
>  } VFIOPCIDevice;
>  
>  uint32_t vfio_pci_read_config(PCIDevice *pdev, uint32_t addr, int len);
> diff --git a/include/hw/vfio/vfio-common.h b/include/hw/vfio/vfio-common.h
> index f3a2ac9fee..fc8ae14fb7 100644
> --- a/include/hw/vfio/vfio-common.h
> +++ b/include/hw/vfio/vfio-common.h
> @@ -142,6 +142,14 @@ typedef struct VFIOGroup {
>  QLIST_ENTRY(VFIOGroup) container_next;
>  } VFIOGroup;
>  
> +typedef struct VFIODisplay {
> +QemuConsole *con;
> +struct {
> +VFIORegion buffer;
> +DisplaySurface *surface;
> +} region;
> +} VFIODisplay;
> +
>  void vfio_put_base_device(VFIODevice *vbasedev);
>  void vfio_disable_irqindex(VFIODevice *vbasedev, int index);
>  void vfio_unmask_single_irqindex(VFIODevice *vbasedev, int index);
> diff --git a/hw/vfio/display.c b/hw/vfio/display.c
> index 3e997f8a44..0add223039 100644
> --- a/hw/vfio/display.c
> +++ b/hw/vfio/display.c
> @@ -19,6 +19,113 @@
>  #include "qapi/error.h"
>  #include "pci.h"
>  
> +/* -- */
> +
> +static void vfio_display_region_update(void *opaque)
> +{
> +VFIOPCIDevice *vdev = opaque;
> +VFIODisplay *dpy = vdev->dpy;
> +struct vfio_device_gfx_plane_info plane = {
> +.argsz = sizeof(plane),
> +.flags = VFIO_GFX_PLANE_TYPE_REGION
> +};
> +pixman_format_code_t format;
> +int ret;
> +
> +ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_QUERY_GFX_PLANE, );
> +if (ret < 0) {
> +error_report("ioctl VFIO_DEVICE_QUERY_GFX_PLANE: %s",
> + strerror(errno));
> +return;
> +}
> +if (!plane.drm_format || !plane.size) {
> +return;
> +}
> +format = qemu_drm_format_to_pixman(plane.drm_format);
> +if (!format) {
> +return;
> +}
> +
> +if (dpy->region.buffer.size &&
> +dpy->region.buffer.nr != plane.region_index) {
> +/* region changed */
> +vfio_region_exit(>region.buffer);
> +vfio_region_finalize(>region.buffer);
> +dpy->region.surface = NULL;
> +}
> +
> +if (dpy->region.surface &&
> +(surface_width(dpy->region.surface) != plane.width ||
> + surface_height(dpy->region.surface) != plane.height ||
> + surface_format(dpy->region.surface) != format)) {
> +/* size changed */
> +dpy->region.surface = NULL;
> +}
> +
> +if (!dpy->region.buffer.size) {
> +/* mmap region */
> +ret = vfio_region_setup(OBJECT(vdev), >vbasedev,
> +>region.buffer,
> +plane.region_index,
> +"display");
> +if (ret != 0) {
> +error_report("%s: vfio_region_setup(%d): %s",
> + __func__, plane.region_index, strerror(-ret));
> +goto err;
> +}
> +ret = vfio_region_mmap(>region.buffer);
> +if (ret != 0) {
> +error_report("%s: vfio_region_mmap(%d): %s", __func__,
> + plane.region_index, strerror(-ret));
> +goto err;
> +}
> +assert(dpy->region.buffer.mmaps[0].mmap != NULL);
> +}
> +
> +if (dpy->region.surface == NULL) {
> +/* create surface */
> +dpy->region.surface = qemu_create_displaysurface_from
> +(plane.width, plane.height, format,
> + plane.stride, dpy->region.buffer.mmaps[0].mmap);
> +dpy_gfx_replace_surface(dpy->con, dpy->region.surface);
> +}
> +
> +/* full screen update */
> +dpy_gfx_update(dpy->con, 0, 0,
> +   surface_width(dpy->region.surface),
> +   surface_height(dpy->region.surface));
> +return;
> +
> +err:
> +vfio_region_exit(>region.buffer);
> +vfio_region_finalize(>region.buffer);
> +}
> +
> +static const GraphicHwOps vfio_display_region_ops = {
> +.gfx_update = vfio_display_region_update,
> +};
> +
> +static int vfio_display_region_init(VFIOPCIDevice *vdev, Error **errp)
> +{
> +vdev->dpy = g_new0(VFIODisplay, 1);
> +vdev->dpy->con = graphic_console_init(DEVICE(vdev), 0,
> +  _display_region_ops,
> +  vdev);
> +

Re: [Qemu-devel] [PATCH v8 7/9] vfio/display: core & wireup

[Kirti Wankhede]

Reviewed By: Kirti Wankhede 

Thanks,
Kirti

On 3/6/2018 5:04 PM, Gerd Hoffmann wrote:
> Infrastructure for display support.  Must be enabled
> using 'display' property.
> 
> Signed-off-by: Gerd Hoffmann 
> ---
>  hw/vfio/pci.h |  4 
>  hw/vfio/display.c | 56 
> +++
>  hw/vfio/pci.c | 10 +
>  hw/vfio/Makefile.objs |  2 +-
>  4 files changed, 71 insertions(+), 1 deletion(-)
>  create mode 100644 hw/vfio/display.c
> 
> diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
> index f4aa13e021..a846cf6237 100644
> --- a/hw/vfio/pci.h
> +++ b/hw/vfio/pci.h
> @@ -133,6 +133,7 @@ typedef struct VFIOPCIDevice {
>  #define VFIO_FEATURE_ENABLE_IGD_OPREGION_BIT 2
>  #define VFIO_FEATURE_ENABLE_IGD_OPREGION \
>  (1 << VFIO_FEATURE_ENABLE_IGD_OPREGION_BIT)
> +OnOffAuto display;
>  int32_t bootindex;
>  uint32_t igd_gms;
>  OffAutoPCIBAR msix_relo;
> @@ -174,4 +175,7 @@ int vfio_pci_igd_opregion_init(VFIOPCIDevice *vdev,
> struct vfio_region_info *info,
> Error **errp);
>  
> +int vfio_display_probe(VFIOPCIDevice *vdev, Error **errp);
> +void vfio_display_finalize(VFIOPCIDevice *vdev);
> +
>  #endif /* HW_VFIO_VFIO_PCI_H */
> diff --git a/hw/vfio/display.c b/hw/vfio/display.c
> new file mode 100644
> index 00..3e997f8a44
> --- /dev/null
> +++ b/hw/vfio/display.c
> @@ -0,0 +1,56 @@
> +/*
> + * display support for mdev based vgpu devices
> + *
> + * Copyright Red Hat, Inc. 2017
> + *
> + * Authors:
> + *Gerd Hoffmann
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2.  See
> + * the COPYING file in the top-level directory.
> + */
> +
> +#include "qemu/osdep.h"
> +#include 
> +#include 
> +
> +#include "sysemu/sysemu.h"
> +#include "ui/console.h"
> +#include "qapi/error.h"
> +#include "pci.h"
> +
> +int vfio_display_probe(VFIOPCIDevice *vdev, Error **errp)
> +{
> +struct vfio_device_gfx_plane_info probe;
> +int ret;
> +
> +memset(, 0, sizeof(probe));
> +probe.argsz = sizeof(probe);
> +probe.flags = VFIO_GFX_PLANE_TYPE_PROBE | VFIO_GFX_PLANE_TYPE_DMABUF;
> +ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_QUERY_GFX_PLANE, );
> +if (ret == 0) {
> +error_setg(errp, "vfio-display: dmabuf support not implemented yet");
> +return -1;
> +}
> +
> +memset(, 0, sizeof(probe));
> +probe.argsz = sizeof(probe);
> +probe.flags = VFIO_GFX_PLANE_TYPE_PROBE | VFIO_GFX_PLANE_TYPE_REGION;
> +ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_QUERY_GFX_PLANE, );
> +if (ret == 0) {
> +error_setg(errp, "vfio-display: region support not implemented yet");
> +return -1;
> +}
> +
> +if (vdev->display == ON_OFF_AUTO_AUTO) {
> +/* not an error in automatic mode */
> +return 0;
> +}
> +
> +error_setg(errp, "vfio: device doesn't support any (known) display 
> method");
> +return -1;
> +}
> +
> +void vfio_display_finalize(VFIOPCIDevice *vdev)
> +{
> +}
> diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> index 033cc8dea1..20f93bef74 100644
> --- a/hw/vfio/pci.c
> +++ b/hw/vfio/pci.c
> @@ -3015,6 +3015,13 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
>  }
>  }
>  
> +if (vdev->display != ON_OFF_AUTO_OFF) {
> +ret = vfio_display_probe(vdev, errp);
> +if (ret) {
> +goto out_teardown;
> +}
> +}
> +
>  vfio_register_err_notifier(vdev);
>  vfio_register_req_notifier(vdev);
>  vfio_setup_resetfn_quirk(vdev);
> @@ -3035,6 +3042,7 @@ static void vfio_instance_finalize(Object *obj)
>  VFIOPCIDevice *vdev = DO_UPCAST(VFIOPCIDevice, pdev, pci_dev);
>  VFIOGroup *group = vdev->vbasedev.group;
>  
> +vfio_display_finalize(vdev);
>  vfio_bars_finalize(vdev);
>  g_free(vdev->emulated_config_bits);
>  g_free(vdev->rom);
> @@ -3123,6 +3131,8 @@ static void vfio_instance_init(Object *obj)
>  static Property vfio_pci_dev_properties[] = {
>  DEFINE_PROP_PCI_HOST_DEVADDR("host", VFIOPCIDevice, host),
>  DEFINE_PROP_STRING("sysfsdev", VFIOPCIDevice, vbasedev.sysfsdev),
> +DEFINE_PROP_ON_OFF_AUTO("display", VFIOPCIDevice,
> +display, ON_OFF_AUTO_AUTO),
>  DEFINE_PROP_UINT32("x-intx-mmap-timeout-ms", VFIOPCIDevice,
> intx.mmap_timeout, 1100),
>  DEFINE_PROP_BIT("x-vga", VFIOPCIDevice, features,
> diff --git a/hw/vfio/Makefile.objs b/hw/vfio/Makefile.objs
> index c3ab9097f1..a2e7a0a7cf 100644
> --- a/hw/vfio/Makefile.objs
> +++ b/hw/vfio/Makefile.objs
> @@ -1,6 +1,6 @@
>  ifeq ($(CONFIG_LINUX), y)
>  obj-$(CONFIG_SOFTMMU) += common.o
> -obj-$(CONFIG_PCI) += pci.o pci-quirks.o
> +obj-$(CONFIG_PCI) += pci.o pci-quirks.o display.o
>  obj-$(CONFIG_VFIO_CCW) += ccw.o
>  obj-$(CONFIG_SOFTMMU) += platform.o
>  obj-$(CONFIG_VFIO_XGMAC) += calxeda-xgmac.o
> 

Re: [Qemu-devel] [PATCH v8 6/9] vfio/common: cleanup in vfio_region_finalize

[Kirti Wankhede]

Looks good.

Reviewed by: Kirti Wankhede 

Thanks,
Kirti

On 3/6/2018 5:04 PM, Gerd Hoffmann wrote:
> Signed-off-by: Gerd Hoffmann 
> ---
>  hw/vfio/common.c | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
> index f895e3c335..6a8203a532 100644
> --- a/hw/vfio/common.c
> +++ b/hw/vfio/common.c
> @@ -858,6 +858,13 @@ void vfio_region_finalize(VFIORegion *region)
>  g_free(region->mmaps);
>  
>  trace_vfio_region_finalize(region->vbasedev->name, region->nr);
> +
> +region->mem = NULL;
> +region->mmaps = NULL;
> +region->nr_mmaps = 0;
> +region->size = 0;
> +region->flags = 0;
> +region->nr = 0;
>  }
>  
>  void vfio_region_mmaps_set_enabled(VFIORegion *region, bool enabled)
> 

[Qemu-devel] [PATCH] qemu-doc: Rework the network options chapter to make "-net" less prominent

[Thomas Huth]

"-net" is clearly a legacy option. Yet we still use it in almost all
examples in the qemu documentation, and many other spots in the network
chapter. We should make it less prominent that users are not lured into
using it so often anymore. So instead of starting the network chapter with
"-net nic" and documenting "-net " below "-netdev "
everywhere, all the "-net" related documentation is now moved to the end
of the chapter. The new "--nic" option is moved to the beginning of the
chapter instead, with a new example that should demonstrate how "--nic"
can be used to shortcut "--device" with "--netdev".
And the examples in this chapter are changed to use the "--device" and
"--netdev" options or "--nic" instead of "-net nic -net ".

Signed-off-by: Thomas Huth 
---
 qemu-options.hx | 210 
 1 file changed, 105 insertions(+), 105 deletions(-)

diff --git a/qemu-options.hx b/qemu-options.hx
index 6585058..8ee87ad 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2045,41 +2045,40 @@ DEF("net", HAS_ARG, QEMU_OPTION_net,
 "old way to initialize a host network interface\n"
 "(use the -netdev option if possible instead)\n", 
QEMU_ARCH_ALL)
 STEXI
-@item -net 
nic[,vlan=@var{n}][,netdev=@var{nd}][,macaddr=@var{mac}][,model=@var{type}] 
[,name=@var{name}][,addr=@var{addr}][,vectors=@var{v}]
-@findex -net
-Configure or create an on-board (or machine default) Network Interface Card
-(NIC) and connect it either to VLAN @var{n} (@var{n} = 0 is the default), or
-to the netdev @var{nd}. The NIC is an e1000 by default on the PC
-target. Optionally, the MAC address can be changed to @var{mac}, the
-device address set to @var{addr} (PCI cards only),
-and a @var{name} can be assigned for use in monitor commands.
-Optionally, for PCI cards, you can specify the number @var{v} of MSI-X vectors
-that the card should have; this option currently only affects virtio cards; set
-@var{v} = 0 to disable MSI-X. If no @option{-net} option is specified, a single
-NIC is created.  QEMU can emulate several different models of network card.
-Valid values for @var{type} are
-@code{virtio}, @code{i82551}, @code{i82557b}, @code{i82559er},
-@code{ne2k_pci}, @code{ne2k_isa}, @code{pcnet}, @code{rtl8139},
-@code{e1000}, @code{smc91c111}, @code{lance} and @code{mcf_fec}.
-Not all devices are supported on all targets.  Use @code{-net nic,model=help}
-for a list of available devices for your target.
-
-@item -netdev user,id=@var{id}[,@var{option}][,@var{option}][,...]
-@findex -netdev
-@item -net user[,@var{option}][,@var{option}][,...]
-Use the user mode network stack which requires no administrator
+@item --nic 
[tap|bridge|user|l2tpv3|vde|netmap|vhost-user|socket][,...][,mac=macaddr][,model=mn]
+
+This option is a shortcut for configuring both, the on-board (default) guest
+NIC hardware and the host network backend in one go. The host backend options
+are the same as with the corresponding @option{--netdev} options below.
+The guest NIC model can be set with @option{model=@var{modelname}}.
+Use @option{model=help} to list the available device types.
+The hardware MAC address can be set with @option{mac=@var{macaddr}}.
+
+The following two example do exactly the same, to show how @option{--nic} can
+be used to shorten the command line length (note that the e1000 is the default
+on i386, so the @option{model=e1000} parameter could even be omitted here, 
too):
+@example
+qemu-system-i386 --netdev user,id=n1,ipv6=off 
--device=e1000,netdev=n1,mac=52:54:98:76:54:32
+qemu-system-i386 --nic user,ipv6=off,model=e1000,mac=52:54:98:76:54:32
+@end example
+
+@item --nic none
+Indicate that no network devices should be configured. It is used to override
+the default configuration (default NIC with @option{--net user} backend) which
+is activated if no other networking options are provided.
+
+@item --netdev user,id=@var{id}[,@var{option}][,@var{option}][,...]
+@findex --netdev
+Configure user mode host network backend which requires no administrator
 privilege to run. Valid options are:
 
 @table @option
-@item vlan=@var{n}
-Connect user mode stack to VLAN @var{n} (@var{n} = 0 is the default).
-
 @item id=@var{id}
-@itemx name=@var{name}
 Assign symbolic name for use in monitor commands.
 
-@option{ipv4} and @option{ipv6} specify that either IPv4 or IPv6 must
-be enabled.  If neither is specified both protocols are enabled.
+@item ipv4=on|off and ipv6=on|off
+Specify that either IPv4 or IPv6 must be enabled. If neither is specified
+both protocols are enabled.
 
 @item net=@var{addr}[/@var{mask}]
 Set IP network address the guest will see. Optionally specify the netmask,
@@ -2131,7 +2130,7 @@ can not be resolved.
 
 Example:
 @example
-qemu -net user,dnssearch=mgmt.example.org,dnssearch=example.org [...]
+qemu-system-i386 --nic user,dnssearch=mgmt.example.org,dnssearch=example.org
 @end example
 
 @item tftp=@var{dir}
@@ -2147,7 +2146,8 @@ a 

Re: [Qemu-devel] [PATCH v8 3/9] ui/pixman: add qemu_drm_format_to_pixman()

[Kirti Wankhede]

Looks good.

Reviewed by: Kirti Wankhede 

Thanks,
Kirti

On 3/6/2018 5:04 PM, Gerd Hoffmann wrote:
> Map drm fourcc codes to pixman formats.
> 
> Signed-off-by: Gerd Hoffmann 
> ---
>  include/ui/qemu-pixman.h |  5 +
>  ui/qemu-pixman.c | 22 ++
>  2 files changed, 27 insertions(+)
> 
> diff --git a/include/ui/qemu-pixman.h b/include/ui/qemu-pixman.h
> index 4a67e01232..b7c82d17fc 100644
> --- a/include/ui/qemu-pixman.h
> +++ b/include/ui/qemu-pixman.h
> @@ -33,6 +33,8 @@
>  # define PIXMAN_BE_r8g8b8a8   PIXMAN_r8g8b8a8
>  # define PIXMAN_BE_x8b8g8r8   PIXMAN_x8b8g8r8
>  # define PIXMAN_BE_a8b8g8r8   PIXMAN_a8b8g8r8
> +# define PIXMAN_LE_r8g8b8 PIXMAN_b8g8r8
> +# define PIXMAN_LE_a8r8g8b8   PIXMAN_b8g8r8a8
>  # define PIXMAN_LE_x8r8g8b8   PIXMAN_b8g8r8x8
>  #else
>  # define PIXMAN_BE_r8g8b8 PIXMAN_b8g8r8
> @@ -44,6 +46,8 @@
>  # define PIXMAN_BE_r8g8b8a8   PIXMAN_a8b8g8r8
>  # define PIXMAN_BE_x8b8g8r8   PIXMAN_r8g8b8x8
>  # define PIXMAN_BE_a8b8g8r8   PIXMAN_r8g8b8a8
> +# define PIXMAN_LE_r8g8b8 PIXMAN_r8g8b8
> +# define PIXMAN_LE_a8r8g8b8   PIXMAN_a8r8g8b8
>  # define PIXMAN_LE_x8r8g8b8   PIXMAN_x8r8g8b8
>  #endif
>  
> @@ -51,6 +55,7 @@
>  
>  PixelFormat qemu_pixelformat_from_pixman(pixman_format_code_t format);
>  pixman_format_code_t qemu_default_pixman_format(int bpp, bool native_endian);
> +pixman_format_code_t qemu_drm_format_to_pixman(uint32_t drm_format);
>  int qemu_pixman_get_type(int rshift, int gshift, int bshift);
>  pixman_format_code_t qemu_pixman_get_format(PixelFormat *pf);
>  bool qemu_pixman_check_format(DisplayChangeListener *dcl,
> diff --git a/ui/qemu-pixman.c b/ui/qemu-pixman.c
> index 6e591ab821..3e52abd92d 100644
> --- a/ui/qemu-pixman.c
> +++ b/ui/qemu-pixman.c
> @@ -6,6 +6,7 @@
>  #include "qemu/osdep.h"
>  #include "qemu-common.h"
>  #include "ui/console.h"
> +#include "standard-headers/drm/drm_fourcc.h"
>  
>  PixelFormat qemu_pixelformat_from_pixman(pixman_format_code_t format)
>  {
> @@ -88,6 +89,27 @@ pixman_format_code_t qemu_default_pixman_format(int bpp, 
> bool native_endian)
>  return 0;
>  }
>  
> +/* Note: drm is little endian, pixman is native endian */
> +pixman_format_code_t qemu_drm_format_to_pixman(uint32_t drm_format)
> +{
> +static const struct {
> +uint32_t drm_format;
> +pixman_format_code_t pixman;
> +} map[] = {
> +{ DRM_FORMAT_RGB888,   PIXMAN_LE_r8g8b8   },
> +{ DRM_FORMAT_ARGB, PIXMAN_LE_a8r8g8b8 },
> +{ DRM_FORMAT_XRGB, PIXMAN_LE_x8r8g8b8 }
> +};
> +int i;
> +
> +for (i = 0; i < ARRAY_SIZE(map); i++) {
> +if (drm_format == map[i].drm_format) {
> +return map[i].pixman;
> +}
> +}
> +return 0;
> +}
> +
>  int qemu_pixman_get_type(int rshift, int gshift, int bshift)
>  {
>  int type = PIXMAN_TYPE_OTHER;
> 

Re: [Qemu-devel] [PATCH v8 16/23] RISC-V Spike Machines

[Michael Clark]

On Sat, Mar 3, 2018 at 2:51 AM, Michael Clark  wrote:

> RISC-V machines compatble with Spike aka riscv-isa-sim, the RISC-V
> Instruction Set Simulator. The following machines are implemented:
>
> - 'spike_v1.9.1'; HTIF console, config-string, Privileged ISA Version 1.9.1
> - 'spike_v1.10'; HTIF console, device-tree, Privileged ISA Version 1.10
>
> Acked-by: Richard Henderson 
> Signed-off-by: Sagar Karandikar 
> Signed-off-by: Michael Clark 
> ---
>  hw/riscv/spike.c | 376 ++
> +
>  include/hw/riscv/spike.h |  53 +++
>  2 files changed, 429 insertions(+)
>  create mode 100644 hw/riscv/spike.c
>  create mode 100644 include/hw/riscv/spike.h
>
> diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
> new file mode 100644
> index 000..2d1f114
> --- /dev/null
> +++ b/hw/riscv/spike.c
> @@ -0,0 +1,376 @@
> +/*
> + * QEMU RISC-V Spike Board
> + *
> + * Copyright (c) 2016-2017 Sagar Karandikar, sag...@eecs.berkeley.edu
> + * Copyright (c) 2017-2018 SiFive, Inc.
> + *
> + * This provides a RISC-V Board with the following devices:
> + *
> + * 0) HTIF Console and Poweroff
> + * 1) CLINT (Timer and IPI)
> + * 2) PLIC (Platform Level Interrupt Controller)
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2 or later, as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
> for
> + * more details.
> + *
> + * You should have received a copy of the GNU General Public License
> along with
> + * this program.  If not, see .
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu/log.h"
> +#include "qemu/error-report.h"
> +#include "qapi/error.h"
> +#include "hw/hw.h"
> +#include "hw/boards.h"
> +#include "hw/loader.h"
> +#include "hw/sysbus.h"
> +#include "target/riscv/cpu.h"
> +#include "hw/riscv/riscv_htif.h"
> +#include "hw/riscv/riscv_hart.h"
> +#include "hw/riscv/sifive_clint.h"
> +#include "hw/riscv/spike.h"
> +#include "chardev/char.h"
> +#include "sysemu/arch_init.h"
> +#include "sysemu/device_tree.h"
> +#include "exec/address-spaces.h"
> +#include "elf.h"
> +
> +static const struct MemmapEntry {
> +hwaddr base;
> +hwaddr size;
> +} spike_memmap[] = {
> +[SPIKE_MROM] = { 0x1000, 0x2000 },
> +[SPIKE_CLINT] ={  0x200,0x1 },
> +[SPIKE_DRAM] = { 0x8000,0x0 },
> +};
> +
> +static void copy_le32_to_phys(hwaddr pa, uint32_t *rom, size_t len)
> +{
> +int i;
> +for (i = 0; i < (len >> 2); i++) {
> +stl_phys(_space_memory, pa + (i << 2), rom[i]);
> +}
> +}


We may very well have an endianness bug here. I wasn't sure if we had to
use stl_le_phys or whether stl_phys know the difference between the host
and guest endianness and does the right thing.

We use copy_le32_to_phys to copy in the reset vector which is an array of
32-bit words containing RISC-V machine code. Consider it a placeholder for
correct code.

There has been no testing on big-endian hosts as I don't have access to
any. I guess I could simulate an environment with qemu and nest qemu-riscv
inside of qemu-ppc-be

+static uint64_t identity_translate(void *opaque, uint64_t addr)
> +{
> +return addr;
> +}
> +
> +static uint64_t load_kernel(const char *kernel_filename)
> +{
> +uint64_t kernel_entry, kernel_high;
> +
> +if (load_elf_ram_sym(kernel_filename, identity_translate, NULL,
> +_entry, NULL, _high, 0, ELF_MACHINE, 1, 0,
> +NULL, true, htif_symbol_callback) < 0) {
> +error_report("qemu: could not load kernel '%s'", kernel_filename);
> +exit(1);
> +}
> +return kernel_entry;
> +}
> +
> +static void create_fdt(SpikeState *s, const struct MemmapEntry *memmap,
> +uint64_t mem_size, const char *cmdline)
> +{
> +void *fdt;
> +int cpu;
> +uint32_t *cells;
> +char *nodename;
> +
> +fdt = s->fdt = create_device_tree(>fdt_size);
> +if (!fdt) {
> +error_report("create_device_tree() failed");
> +exit(1);
> +}
> +
> +qemu_fdt_setprop_string(fdt, "/", "model", "ucbbar,spike-bare,qemu");
> +qemu_fdt_setprop_string(fdt, "/", "compatible",
> "ucbbar,spike-bare-dev");
> +qemu_fdt_setprop_cell(fdt, "/", "#size-cells", 0x2);
> +qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 0x2);
> +
> +qemu_fdt_add_subnode(fdt, "/htif");
> +qemu_fdt_setprop_string(fdt, "/htif", "compatible", "ucb,htif0");
> +
> +qemu_fdt_add_subnode(fdt, "/soc");
> +qemu_fdt_setprop(fdt, "/soc", "ranges", NULL, 0);
> +qemu_fdt_setprop_string(fdt, "/soc", "compatible",
> 

[Qemu-devel] Apparently fpu/softfloat.c:1374 is reachable

[Michael Clark]

I need to dig into this. I'll need to take the assertions out, or run with
tracing to see which fcvt test is triggering this unreachable piece of
code. FYI. I can look into it.

$ sh run-riscv-tests.sh
rv64ua-v-amoadd_d
rv64ua-v-amoadd_w
rv64ua-v-amoand_d
rv64ua-v-amoand_w
rv64ua-v-amomax_d
rv64ua-v-amomax_w
rv64ua-v-amomaxu_d
rv64ua-v-amomaxu_w
rv64ua-v-amomin_d
rv64ua-v-amomin_w
rv64ua-v-amominu_d
rv64ua-v-amominu_w
rv64ua-v-amoor_d
rv64ua-v-amoor_w
rv64ua-v-amoswap_d
rv64ua-v-amoswap_w
rv64ua-v-amoxor_d
rv64ua-v-amoxor_w
rv64ua-v-lrsc
rv64uc-v-rvc
rv64ud-v-fadd
rv64ud-v-fclass
rv64ud-v-fcmp
rv64ud-v-fcvt
rv64ud-v-fcvt_w
**
ERROR:/Users/mclark/src/sifive/riscv-qemu/fpu/softfloat.c:1374:round_to_int_and_pack:
code should not be reached
qemu-images/run-tests.sh: line 6: 58437 Abort trap: 6   ${QEMU}
-nographic -machine spike_v1.10 -kernel $i
rv64ud-v-fdiv
rv64ud-v-fmadd
rv64ud-v-fmin
rv64ud-v-ldst
rv64ud-v-move
rv64ud-v-recoding
rv64ud-v-structural
rv64uf-v-fadd
rv64uf-v-fclass
rv64uf-v-fcmp
rv64uf-v-fcvt
rv64uf-v-fcvt_w
**
ERROR:/Users/mclark/src/sifive/riscv-qemu/fpu/softfloat.c:1374:round_to_int_and_pack:
code should not be reached
qemu-images/run-tests.sh: line 6: 58461 Abort trap: 6   ${QEMU}
-nographic -machine spike_v1.10 -kernel $i
rv64uf-v-fdiv
rv64uf-v-fmadd
rv64uf-v-fmin
rv64uf-v-ldst
rv64uf-v-move
rv64uf-v-recoding
rv64ui-v-add
rv64ui-v-addi
rv64ui-v-addiw
rv64ui-v-addw
rv64ui-v-and
rv64ui-v-andi
rv64ui-v-auipc
rv64ui-v-beq
rv64ui-v-bge
rv64ui-v-bgeu
rv64ui-v-blt
rv64ui-v-bltu
rv64ui-v-bne
rv64ui-v-fence_i
rv64ui-v-jal
rv64ui-v-jalr
rv64ui-v-lb
rv64ui-v-lbu
rv64ui-v-ld
rv64ui-v-lh
rv64ui-v-lhu
rv64ui-v-lui
rv64ui-v-lw
rv64ui-v-lwu
rv64ui-v-or
rv64ui-v-ori
rv64ui-v-sb
rv64ui-v-sd
rv64ui-v-sh
rv64ui-v-simple
rv64ui-v-sll
rv64ui-v-slli
rv64ui-v-slliw
rv64ui-v-sllw
rv64ui-v-slt
rv64ui-v-slti
rv64ui-v-sltiu
rv64ui-v-sltu
rv64ui-v-sra
rv64ui-v-srai
rv64ui-v-sraiw
rv64ui-v-sraw
rv64ui-v-srl
rv64ui-v-srli
rv64ui-v-srliw
rv64ui-v-srlw
rv64ui-v-sub
rv64ui-v-subw
rv64ui-v-sw
rv64ui-v-xor
rv64ui-v-xori
rv64um-v-div
rv64um-v-divu
rv64um-v-divuw
rv64um-v-divw
rv64um-v-mul
rv64um-v-mulh
rv64um-v-mulhsu
rv64um-v-mulhu
rv64um-v-mulw
rv64um-v-rem
rv64um-v-remu
rv64um-v-remuw
rv64um-v-remw

[Qemu-devel] [PATCH v2 23/23] RISC-V: Convert cpu definition towards future model

[Michael Clark]

- Model borrowed from target/sh4/cpu.c
- Rewrote riscv_cpu_list to use object_class_get_list
- Dropped 'struct RISCVCPUInfo' and used TypeInfo array
- Replaced riscv_cpu_register_types with DEFINE_TYPES
- Marked base class as abstract

Cc: Igor Mammedov 
Cc: Palmer Dabbelt 
Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by Michael Clark 
---
 target/riscv/cpu.c | 123 ++---
 1 file changed, 69 insertions(+), 54 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index d2ae56a..1f25968 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -115,6 +115,8 @@ static void riscv_any_cpu_init(Object *obj)
 set_resetvec(env, DEFAULT_RSTVEC);
 }
 
+#if defined(TARGET_RISCV32)
+
 static void rv32gcsu_priv1_09_1_cpu_init(Object *obj)
 {
 CPURISCVState *env = _CPU(obj)->env;
@@ -141,6 +143,8 @@ static void rv32imacu_nommu_cpu_init(Object *obj)
 set_resetvec(env, DEFAULT_RSTVEC);
 }
 
+#elif defined(TARGET_RISCV64)
+
 static void rv64gcsu_priv1_09_1_cpu_init(Object *obj)
 {
 CPURISCVState *env = _CPU(obj)->env;
@@ -167,20 +171,7 @@ static void rv64imacu_nommu_cpu_init(Object *obj)
 set_resetvec(env, DEFAULT_RSTVEC);
 }
 
-static const RISCVCPUInfo riscv_cpus[] = {
-{ 96, TYPE_RISCV_CPU_ANY,  riscv_any_cpu_init },
-{ 32, TYPE_RISCV_CPU_RV32GCSU_V1_09_1, rv32gcsu_priv1_09_1_cpu_init },
-{ 32, TYPE_RISCV_CPU_RV32GCSU_V1_10_0, rv32gcsu_priv1_10_0_cpu_init },
-{ 32, TYPE_RISCV_CPU_RV32IMACU_NOMMU,  rv32imacu_nommu_cpu_init },
-{ 32, TYPE_RISCV_CPU_SIFIVE_E31,   rv32imacu_nommu_cpu_init },
-{ 32, TYPE_RISCV_CPU_SIFIVE_U34,   rv32gcsu_priv1_10_0_cpu_init },
-{ 64, TYPE_RISCV_CPU_RV64GCSU_V1_09_1, rv64gcsu_priv1_09_1_cpu_init },
-{ 64, TYPE_RISCV_CPU_RV64GCSU_V1_10_0, rv64gcsu_priv1_10_0_cpu_init },
-{ 64, TYPE_RISCV_CPU_RV64IMACU_NOMMU,  rv64imacu_nommu_cpu_init },
-{ 64, TYPE_RISCV_CPU_SIFIVE_E51,   rv64imacu_nommu_cpu_init },
-{ 64, TYPE_RISCV_CPU_SIFIVE_U54,   rv64gcsu_priv1_10_0_cpu_init },
-{ 0, NULL, NULL }
-};
+#endif
 
 static ObjectClass *riscv_cpu_class_by_name(const char *cpu_model)
 {
@@ -366,28 +357,6 @@ static void riscv_cpu_class_init(ObjectClass *c, void 
*data)
 cc->vmsd = _riscv_cpu;
 }
 
-static void cpu_register(const RISCVCPUInfo *info)
-{
-TypeInfo type_info = {
-.name = info->name,
-.parent = TYPE_RISCV_CPU,
-.instance_size = sizeof(RISCVCPU),
-.instance_init = info->initfn,
-};
-
-type_register(_info);
-}
-
-static const TypeInfo riscv_cpu_type_info = {
-.name = TYPE_RISCV_CPU,
-.parent = TYPE_CPU,
-.instance_size = sizeof(RISCVCPU),
-.instance_init = riscv_cpu_init,
-.abstract = false,
-.class_size = sizeof(RISCVCPUClass),
-.class_init = riscv_cpu_class_init,
-};
-
 char *riscv_isa_string(RISCVCPU *cpu)
 {
 int i;
@@ -403,30 +372,76 @@ char *riscv_isa_string(RISCVCPU *cpu)
 return isa_string;
 }
 
-void riscv_cpu_list(FILE *f, fprintf_function cpu_fprintf)
+typedef struct RISCVCPUListState {
+fprintf_function cpu_fprintf;
+FILE *file;
+} RISCVCPUListState;
+
+static gint riscv_cpu_list_compare(gconstpointer a, gconstpointer b)
 {
-const RISCVCPUInfo *info = riscv_cpus;
+ObjectClass *class_a = (ObjectClass *)a;
+ObjectClass *class_b = (ObjectClass *)b;
+const char *name_a, *name_b;
 
-while (info->name) {
-if (info->bit_widths & TARGET_LONG_BITS) {
-(*cpu_fprintf)(f, "%s\n", info->name);
-}
-info++;
-}
+name_a = object_class_get_name(class_a);
+name_b = object_class_get_name(class_b);
+return strcmp(name_a, name_b);
 }
 
-static void riscv_cpu_register_types(void)
+static void riscv_cpu_list_entry(gpointer data, gpointer user_data)
 {
-const RISCVCPUInfo *info = riscv_cpus;
+RISCVCPUListState *s = user_data;
+const char *typename = object_class_get_name(OBJECT_CLASS(data));
+int len = strlen(typename) - strlen(RISCV_CPU_TYPE_SUFFIX);
 
-type_register_static(_cpu_type_info);
+(*s->cpu_fprintf)(s->file, "%.*s\n", len, typename);
+}
 
-while (info->name) {
-if (info->bit_widths & TARGET_LONG_BITS) {
-cpu_register(info);
-}
-info++;
-}
+void riscv_cpu_list(FILE *f, fprintf_function cpu_fprintf)
+{
+RISCVCPUListState s = {
+.cpu_fprintf = cpu_fprintf,
+.file = f,
+};
+GSList *list;
+
+list = object_class_get_list(TYPE_RISCV_CPU, false);
+list = g_slist_sort(list, riscv_cpu_list_compare);
+g_slist_foreach(list, riscv_cpu_list_entry, );
+g_slist_free(list);
 }
 
-type_init(riscv_cpu_register_types)
+#define DEFINE_CPU(type_name, initfn)  \
+{  \
+.name = type_name, \
+.parent = 

[Qemu-devel] [PATCH v2 21/23] RISC-V: No traps on writes to misa, minstret, mcycle

[Michael Clark]

These fields are marked WARL in the specification so illegal
writes are silently dropped.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 target/riscv/op_helper.c | 26 +-
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index aa101cc..f8595a6 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -200,17 +200,19 @@ void csr_write_helper(CPURISCVState *env, target_ulong 
val_to_write,
 break;
 }
 case CSR_MINSTRET:
-qemu_log_mask(LOG_UNIMP, "CSR_MINSTRET: write not implemented");
-goto do_illegal;
+/* minstret is WARL so unsupported writes are ignored */
+break;
 case CSR_MCYCLE:
-qemu_log_mask(LOG_UNIMP, "CSR_MCYCLE: write not implemented");
-goto do_illegal;
+/* mcycle is WARL so unsupported writes are ignored */
+break;
+#if defined(TARGET_RISCV32)
 case CSR_MINSTRETH:
-qemu_log_mask(LOG_UNIMP, "CSR_MINSTRETH: write not implemented");
-goto do_illegal;
+/* minstreth is WARL so unsupported writes are ignored */
+break;
 case CSR_MCYCLEH:
-qemu_log_mask(LOG_UNIMP, "CSR_MCYCLEH: write not implemented");
-goto do_illegal;
+/* mcycleh is WARL so unsupported writes are ignored */
+break;
+#endif
 case CSR_MUCOUNTEREN:
 env->mucounteren = val_to_write;
 break;
@@ -300,10 +302,9 @@ void csr_write_helper(CPURISCVState *env, target_ulong 
val_to_write,
 case CSR_MBADADDR:
 env->mbadaddr = val_to_write;
 break;
-case CSR_MISA: {
-qemu_log_mask(LOG_UNIMP, "CSR_MISA: misa writes not supported");
-goto do_illegal;
-}
+case CSR_MISA:
+/* misa is WARL so unsupported writes are ignored */
+break;
 case CSR_PMPCFG0:
 case CSR_PMPCFG1:
 case CSR_PMPCFG2:
@@ -328,7 +329,6 @@ void csr_write_helper(CPURISCVState *env, target_ulong 
val_to_write,
 case CSR_PMPADDR15:
pmpaddr_csr_write(env, csrno - CSR_PMPADDR0, val_to_write);
break;
-do_illegal:
 #endif
 default:
 do_raise_exception_err(env, RISCV_EXCP_ILLEGAL_INST, GETPC());
-- 
2.7.0

[Qemu-devel] [PATCH v2 15/23] RISC-V: Use memory_region_is_ram in pte update

[Michael Clark]

After reading cpu_physical_memory_write and friends, it seems
that memory_region_is_ram is a more appropriate interface,
and matches the intent of the code that is calling it.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 target/riscv/helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/helper.c b/target/riscv/helper.c
index 162d5ec..fc550d3 100644
--- a/target/riscv/helper.c
+++ b/target/riscv/helper.c
@@ -235,7 +235,7 @@ restart:
 rcu_read_lock();
 mr = address_space_translate(cs->as, pte_addr,
 , , false);
-if (memory_access_is_direct(mr, true)) {
+if (memory_region_is_ram(mr)) {
 target_ulong *pte_pa =
 qemu_map_ram_ptr(mr->ram_block, addr1);
 #if TCG_OVERSIZED_GUEST
-- 
2.7.0

[Qemu-devel] [PATCH v2 22/23] RISC-V: Remove support for adhoc X_COP interrupt

[Michael Clark]

This is essentially dead-code elimination. Support for more
local interrupts will be added in a future revision, as they
will be defined in a future version of the Privileged ISA
specification.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 target/riscv/cpu_bits.h  | 1 -
 target/riscv/op_helper.c | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 12b4757..133e070 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -346,7 +346,6 @@
 #define IRQ_S_EXT   9
 #define IRQ_H_EXT   10 /* until: priv-1.9.1 */
 #define IRQ_M_EXT   11 /* until: priv-1.9.1 */
-#define IRQ_X_COP   12 /* non-standard */
 
 /* Default addresses */
 #define DEFAULT_RSTVEC 0x1000
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index f8595a6..f543e61 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -90,7 +90,7 @@ void csr_write_helper(CPURISCVState *env, target_ulong 
val_to_write,
 target_ulong csrno)
 {
 #ifndef CONFIG_USER_ONLY
-uint64_t delegable_ints = MIP_SSIP | MIP_STIP | MIP_SEIP | (1 << 
IRQ_X_COP);
+uint64_t delegable_ints = MIP_SSIP | MIP_STIP | MIP_SEIP;
 uint64_t all_ints = delegable_ints | MIP_MSIP | MIP_MTIP;
 #endif
 
-- 
2.7.0

[Qemu-devel] [PATCH v2 20/23] RISC-V: vectored traps are optional

[Michael Clark]

Vectored traps for asynchrounous interrupts are optional.
The mtvec/stvec mode field is WARL and hence does not trap
if an illegal value is written. Illegal values are ignored.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 target/riscv/op_helper.c | 14 ++
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index f79716a..aa101cc 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -262,11 +262,10 @@ void csr_write_helper(CPURISCVState *env, target_ulong 
val_to_write,
 env->sepc = val_to_write;
 break;
 case CSR_STVEC:
-if (val_to_write & 1) {
-qemu_log_mask(LOG_UNIMP, "CSR_STVEC: vectored traps not 
supported");
-goto do_illegal;
+/* we do not support vectored traps for asynchrounous interrupts */ 
+if ((val_to_write & 3) == 0) {
+env->stvec = val_to_write >> 2 << 2;
 }
-env->stvec = val_to_write >> 2 << 2;
 break;
 case CSR_SCOUNTEREN:
 env->scounteren = val_to_write;
@@ -284,11 +283,10 @@ void csr_write_helper(CPURISCVState *env, target_ulong 
val_to_write,
 env->mepc = val_to_write;
 break;
 case CSR_MTVEC:
-if (val_to_write & 1) {
-qemu_log_mask(LOG_UNIMP, "CSR_MTVEC: vectored traps not 
supported");
-goto do_illegal;
+/* we do not support vectored traps for asynchrounous interrupts */ 
+if ((val_to_write & 3) == 0) {
+env->mtvec = val_to_write >> 2 << 2;
 }
-env->mtvec = val_to_write >> 2 << 2;
 break;
 case CSR_MCOUNTEREN:
 env->mcounteren = val_to_write;
-- 
2.7.0

[Qemu-devel] [PATCH v2 17/23] RISC-V: Hardwire satp to 0 for no-mmu case

[Michael Clark]

satp is WARL so it should not trap on illegal writes, rather
it can be hardwired to zero and silently ignore illegal writes.

It seems the RISC-V WARL behaviour is preferred to having to
trap overhead versus simply reading back the value and checking
if the write took (saves hundreds of cycles and more complex
trap handling code).

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 target/riscv/op_helper.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index e34715d..dd3e417 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -242,7 +242,7 @@ void csr_write_helper(CPURISCVState *env, target_ulong 
val_to_write,
 }
 case CSR_SATP: /* CSR_SPTBR */ {
 if (!riscv_feature(env, RISCV_FEATURE_MMU)) {
-goto do_illegal;
+break;
 }
 if (env->priv_ver <= PRIV_VERSION_1_09_1 && (val_to_write ^ 
env->sptbr))
 {
@@ -452,7 +452,10 @@ target_ulong csr_read_helper(CPURISCVState *env, 
target_ulong csrno)
 return env->scounteren;
 case CSR_SCAUSE:
 return env->scause;
-case CSR_SPTBR:
+case CSR_SATP: /* CSR_SPTBR */
+if (!riscv_feature(env, RISCV_FEATURE_MMU)) {
+return 0;
+}
 if (env->priv_ver >= PRIV_VERSION_1_10_0) {
 return env->satp;
 } else {
-- 
2.7.0

[Qemu-devel] [PATCH v2 19/23] RISC-V: riscv-qemu port supports sv39 and sv48

[Michael Clark]

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 target/riscv/cpu.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 7c4482b..f47fc9c 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -24,8 +24,8 @@
 #define TARGET_PAGE_BITS 12 /* 4 KiB Pages */
 #if defined(TARGET_RISCV64)
 #define TARGET_LONG_BITS 64
-#define TARGET_PHYS_ADDR_SPACE_BITS 50
-#define TARGET_VIRT_ADDR_SPACE_BITS 39
+#define TARGET_PHYS_ADDR_SPACE_BITS 52
+#define TARGET_VIRT_ADDR_SPACE_BITS 48
 #elif defined(TARGET_RISCV32)
 #define TARGET_LONG_BITS 32
 #define TARGET_PHYS_ADDR_SPACE_BITS 34
-- 
2.7.0

[Qemu-devel] [PATCH v2 14/23] RISC-V: Make virt header comment title consistent

[Michael Clark]

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 include/hw/riscv/virt.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/hw/riscv/virt.h b/include/hw/riscv/virt.h
index 3a4f23e..91163d6 100644
--- a/include/hw/riscv/virt.h
+++ b/include/hw/riscv/virt.h
@@ -1,5 +1,5 @@
 /*
- * SiFive VirtIO Board
+ * QEMU RISC-V VirtIO machine interface
  *
  * Copyright (c) 2017 SiFive, Inc.
  *
-- 
2.7.0

[Qemu-devel] [PATCH v2 18/23] RISC-V: Remove braces from satp case statement

[Michael Clark]

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
Reviewed-by: Philippe Mathieu-Daudé 
---
 target/riscv/op_helper.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index dd3e417..f79716a 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -240,7 +240,7 @@ void csr_write_helper(CPURISCVState *env, target_ulong 
val_to_write,
 csr_write_helper(env, next_mie, CSR_MIE);
 break;
 }
-case CSR_SATP: /* CSR_SPTBR */ {
+case CSR_SATP: /* CSR_SPTBR */
 if (!riscv_feature(env, RISCV_FEATURE_MMU)) {
 break;
 }
@@ -258,7 +258,6 @@ void csr_write_helper(CPURISCVState *env, target_ulong 
val_to_write,
 env->satp = val_to_write;
 }
 break;
-}
 case CSR_SEPC:
 env->sepc = val_to_write;
 break;
-- 
2.7.0

[Qemu-devel] [PATCH v2 11/23] RISC-V: Improve page table walker spec compliance

[Michael Clark]

- Inline PTE_TABLE check for better readability
- Improve readibility of User page U mode and SUM test
- Disallow non U mode from fetching from User pages
- Add reserved PTE flag check: W or W|X
- Add misaligned PPN check
- Change access checks from ternary operator to if statements
- Improves page walker comments
- No measurable performance impact on dd test

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 target/riscv/cpu_bits.h |  2 --
 target/riscv/helper.c   | 59 ++---
 2 files changed, 41 insertions(+), 20 deletions(-)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 64aa097..12b4757 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -407,5 +407,3 @@
 #define PTE_SOFT  0x300 /* Reserved for Software */
 
 #define PTE_PPN_SHIFT 10
-
-#define PTE_TABLE(PTE) (((PTE) & (PTE_V | PTE_R | PTE_W | PTE_X)) == PTE_V)
diff --git a/target/riscv/helper.c b/target/riscv/helper.c
index 228933c..162d5ec 100644
--- a/target/riscv/helper.c
+++ b/target/riscv/helper.c
@@ -185,16 +185,36 @@ restart:
 #endif
 target_ulong ppn = pte >> PTE_PPN_SHIFT;
 
-if (PTE_TABLE(pte)) { /* next level of page table */
+if (!(pte & PTE_V)) {
+/* Invalid PTE */
+return TRANSLATE_FAIL;
+} else if (!(pte & (PTE_R | PTE_W | PTE_X))) {
+/* Inner PTE, continue walking */
 base = ppn << PGSHIFT;
-} else if ((pte & PTE_U) ? (mode == PRV_S) && !sum : !(mode == PRV_S)) 
{
-break;
-} else if (!(pte & PTE_V) || (!(pte & PTE_R) && (pte & PTE_W))) {
-break;
-} else if (access_type == MMU_INST_FETCH ? !(pte & PTE_X) :
-  access_type == MMU_DATA_LOAD ?  !(pte & PTE_R) &&
-  !(mxr && (pte & PTE_X)) : !((pte & PTE_R) && (pte & PTE_W))) 
{
-break;
+} else if ((pte & (PTE_R | PTE_W | PTE_X)) == PTE_W) {
+/* Reserved leaf PTE flags: PTE_W */
+return TRANSLATE_FAIL;
+} else if ((pte & (PTE_R | PTE_W | PTE_X)) == (PTE_W | PTE_X)) {
+/* Reserved leaf PTE flags: PTE_W + PTE_X */
+return TRANSLATE_FAIL;
+} else if ((pte & PTE_U) && ((mode != PRV_U) &&
+   (!sum || access_type == MMU_INST_FETCH))) {
+/* User PTE flags when not U mode and mstatus.SUM is not set,
+   or the access type is an instruction fetch */
+return TRANSLATE_FAIL;
+} else if (ppn & ((1ULL << ptshift) - 1)) {
+/* Misasligned PPN */
+return TRANSLATE_FAIL;
+} else if (access_type == MMU_DATA_LOAD && !((pte & PTE_R) ||
+   (mode != PRV_U && (pte & PTE_X) && mxr))) {
+/* Read access check failed */
+return TRANSLATE_FAIL;
+} else if (access_type == MMU_DATA_STORE && !(pte & PTE_W)) {
+/* Write access check failed */
+return TRANSLATE_FAIL;
+} else if (access_type == MMU_INST_FETCH && !(pte & PTE_X)) {
+/* Fetch access check failed */
+return TRANSLATE_FAIL;
 } else {
 /* if necessary, set accessed and dirty bits. */
 target_ulong updated_pte = pte | PTE_A |
@@ -202,11 +222,14 @@ restart:
 
 /* Page table updates need to be atomic with MTTCG enabled */
 if (updated_pte != pte) {
-/* if accessed or dirty bits need updating, and the PTE is
- * in RAM, then we do so atomically with a compare and swap.
- * if the PTE is in IO space, then it can't be updated.
- * if the PTE changed, then we must re-walk the page table
-   as the PTE is no longer valid */
+/*
+ * - if accessed or dirty bits need updating, and the PTE is
+ *   in RAM, then we do so atomically with a compare and swap.
+ * - if the PTE is in IO space or ROM, then it can't be updated
+ *   and we return TRANSLATE_FAIL.
+ * - if the PTE changed by the time we went to update it, then
+ *   it is no longer valid and we must re-walk the page table.
+ */
 MemoryRegion *mr;
 hwaddr l = sizeof(target_ulong), addr1;
 rcu_read_lock();
@@ -243,15 +266,15 @@ restart:
 target_ulong vpn = addr >> PGSHIFT;
 *physical = (ppn | (vpn & ((1L << ptshift) - 1))) << PGSHIFT;
 
-if ((pte & PTE_R)) {
+/* set permissions on the TLB entry */
+if ((pte & PTE_R) || (mode != PRV_U && (pte & PTE_X) && mxr)) {
 *prot |= PAGE_READ;
 }
 if ((pte & PTE_X)) {
 *prot |= PAGE_EXEC;
 

[Qemu-devel] [PATCH v2 08/23] RISC-V: Make sure rom has space for fdt

[Michael Clark]

Remove a potential buffer overflow (not seen in practice).
Perhaps cpu_physical_memory_write already has bound checks.
This change however makes space for the maximum device tree
size and adds an explicit bounds check and error message.
It doesn't trigger, but it may help in the future if the
device-tree size is exceeded. e.g. large bootargs.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 hw/riscv/sifive_u.c | 20 
 hw/riscv/spike.c| 16 +++-
 hw/riscv/virt.c | 13 +
 3 files changed, 32 insertions(+), 17 deletions(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 083043a..57b4f4f 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -52,7 +52,7 @@ static const struct MemmapEntry {
 hwaddr size;
 } sifive_u_memmap[] = {
 [SIFIVE_U_DEBUG] ={0x0,  0x100 },
-[SIFIVE_U_MROM] = { 0x1000, 0x2000 },
+[SIFIVE_U_MROM] = { 0x1000,0x11000 },
 [SIFIVE_U_CLINT] ={  0x200,0x1 },
 [SIFIVE_U_PLIC] = {  0xc00,  0x400 },
 [SIFIVE_U_UART0] ={ 0x10013000, 0x1000 },
@@ -221,7 +221,7 @@ static void riscv_sifive_u_init(MachineState *machine)
 const struct MemmapEntry *memmap = sifive_u_memmap;
 
 SiFiveUState *s = g_new0(SiFiveUState, 1);
-MemoryRegion *sys_memory = get_system_memory();
+MemoryRegion *system_memory = get_system_memory();
 MemoryRegion *main_mem = g_new(MemoryRegion, 1);
 MemoryRegion *mask_rom = g_new(MemoryRegion, 1);
 
@@ -239,7 +239,7 @@ static void riscv_sifive_u_init(MachineState *machine)
 /* register RAM */
 memory_region_init_ram(main_mem, NULL, "riscv.sifive.u.ram",
machine->ram_size, _fatal);
-memory_region_add_subregion(sys_memory, memmap[SIFIVE_U_DRAM].base,
+memory_region_add_subregion(system_memory, memmap[SIFIVE_U_DRAM].base,
 main_mem);
 
 /* create device tree */
@@ -247,9 +247,9 @@ static void riscv_sifive_u_init(MachineState *machine)
 
 /* boot rom */
 memory_region_init_ram(mask_rom, NULL, "riscv.sifive.u.mrom",
-   memmap[SIFIVE_U_MROM].base, _fatal);
-memory_region_set_readonly(mask_rom, true);
-memory_region_add_subregion(sys_memory, 0x0, mask_rom);
+   memmap[SIFIVE_U_MROM].size, _fatal);
+memory_region_add_subregion(system_memory, memmap[SIFIVE_U_MROM].base,
+mask_rom);
 
 if (machine->kernel_filename) {
 load_kernel(machine->kernel_filename);
@@ -276,6 +276,10 @@ static void riscv_sifive_u_init(MachineState *machine)
 copy_le32_to_phys(memmap[SIFIVE_U_MROM].base, reset_vec, 
sizeof(reset_vec));
 
 /* copy in the device tree */
+if (s->fdt_size >= memmap[SIFIVE_U_MROM].size - sizeof(reset_vec)) {
+error_report("qemu: not enough space to store device-tree");
+exit(1);
+}
 qemu_fdt_dumpdtb(s->fdt, s->fdt_size);
 cpu_physical_memory_write(memmap[SIFIVE_U_MROM].base +
 sizeof(reset_vec), s->fdt, s->fdt_size);
@@ -293,9 +297,9 @@ static void riscv_sifive_u_init(MachineState *machine)
 SIFIVE_U_PLIC_CONTEXT_BASE,
 SIFIVE_U_PLIC_CONTEXT_STRIDE,
 memmap[SIFIVE_U_PLIC].size);
-sifive_uart_create(sys_memory, memmap[SIFIVE_U_UART0].base,
+sifive_uart_create(system_memory, memmap[SIFIVE_U_UART0].base,
 serial_hds[0], SIFIVE_PLIC(s->plic)->irqs[SIFIVE_U_UART0_IRQ]);
-/* sifive_uart_create(sys_memory, memmap[SIFIVE_U_UART1].base,
+/* sifive_uart_create(system_memory, memmap[SIFIVE_U_UART1].base,
 serial_hds[1], SIFIVE_PLIC(s->plic)->irqs[SIFIVE_U_UART1_IRQ]); */
 sifive_clint_create(memmap[SIFIVE_U_CLINT].base,
 memmap[SIFIVE_U_CLINT].size, smp_cpus,
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index 64e585e..c7d937b 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -46,7 +46,7 @@ static const struct MemmapEntry {
 hwaddr base;
 hwaddr size;
 } spike_memmap[] = {
-[SPIKE_MROM] = { 0x1000, 0x2000 },
+[SPIKE_MROM] = { 0x1000,0x11000 },
 [SPIKE_CLINT] ={  0x200,0x1 },
 [SPIKE_DRAM] = { 0x8000,0x0 },
 };
@@ -197,8 +197,9 @@ static void spike_v1_10_0_board_init(MachineState *machine)
 
 /* boot rom */
 memory_region_init_ram(mask_rom, NULL, "riscv.spike.mrom",
-   s->fdt_size + 0x2000, _fatal);
-memory_region_add_subregion(system_memory, 0x0, mask_rom);
+   memmap[SPIKE_MROM].size, _fatal);
+memory_region_add_subregion(system_memory, memmap[SPIKE_MROM].base,
+mask_rom);
 
 if (machine->kernel_filename) {
 load_kernel(machine->kernel_filename);
@@ -225,6 +226,10 @@ static void 

[Qemu-devel] [PATCH v2 16/23] RISC-V: Remove EM_RISCV ELF_MACHINE indirection

[Michael Clark]

Pointless indirection. Other ports use EM_ constants directly.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 hw/riscv/sifive_e.c | 2 +-
 hw/riscv/sifive_u.c | 2 +-
 hw/riscv/spike.c| 2 +-
 hw/riscv/virt.c | 2 +-
 target/riscv/cpu.h  | 1 -
 5 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index 4872b68..39e4cb4 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -88,7 +88,7 @@ static uint64_t load_kernel(const char *kernel_filename)
 
 if (load_elf(kernel_filename, NULL, NULL,
  _entry, NULL, _high,
- 0, ELF_MACHINE, 1, 0) < 0) {
+ 0, EM_RISCV, 1, 0) < 0) {
 error_report("qemu: could not load kernel '%s'", kernel_filename);
 exit(1);
 }
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 57b4f4f..0e633a0 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -74,7 +74,7 @@ static uint64_t load_kernel(const char *kernel_filename)
 
 if (load_elf(kernel_filename, NULL, NULL,
  _entry, NULL, _high,
- 0, ELF_MACHINE, 1, 0) < 0) {
+ 0, EM_RISCV, 1, 0) < 0) {
 error_report("qemu: could not load kernel '%s'", kernel_filename);
 exit(1);
 }
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index c7d937b..70e697c 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -64,7 +64,7 @@ static uint64_t load_kernel(const char *kernel_filename)
 uint64_t kernel_entry, kernel_high;
 
 if (load_elf_ram_sym(kernel_filename, NULL, NULL,
-_entry, NULL, _high, 0, ELF_MACHINE, 1, 0,
+_entry, NULL, _high, 0, EM_RISCV, 1, 0,
 NULL, true, htif_symbol_callback) < 0) {
 error_report("qemu: could not load kernel '%s'", kernel_filename);
 exit(1);
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index d680cbd..e3f8bb7 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -68,7 +68,7 @@ static uint64_t load_kernel(const char *kernel_filename)
 
 if (load_elf(kernel_filename, NULL, NULL,
  _entry, NULL, _high,
- 0, ELF_MACHINE, 1, 0) < 0) {
+ 0, EM_RISCV, 1, 0) < 0) {
 error_report("qemu: could not load kernel '%s'", kernel_filename);
 exit(1);
 }
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 3a0ca2f..7c4482b 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -34,7 +34,6 @@
 
 #define TCG_GUEST_DEFAULT_MO 0
 
-#define ELF_MACHINE EM_RISCV
 #define CPUArchState struct CPURISCVState
 
 #include "qemu-common.h"
-- 
2.7.0

[Qemu-devel] [PATCH v2 13/23] RISC-V: Make some header guards more specific

[Michael Clark]

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 include/hw/riscv/spike.h | 4 ++--
 include/hw/riscv/virt.h  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/hw/riscv/spike.h b/include/hw/riscv/spike.h
index 8410430..641b70d 100644
--- a/include/hw/riscv/spike.h
+++ b/include/hw/riscv/spike.h
@@ -16,8 +16,8 @@
  * this program.  If not, see .
  */
 
-#ifndef HW_SPIKE_H
-#define HW_SPIKE_H
+#ifndef HW_RISCV_SPIKE_H
+#define HW_RISCV_SPIKE_H
 
 typedef struct {
 /*< private >*/
diff --git a/include/hw/riscv/virt.h b/include/hw/riscv/virt.h
index b91a412..3a4f23e 100644
--- a/include/hw/riscv/virt.h
+++ b/include/hw/riscv/virt.h
@@ -16,8 +16,8 @@
  * this program.  If not, see .
  */
 
-#ifndef HW_VIRT_H
-#define HW_VIRT_H
+#ifndef HW_RISCV_VIRT_H
+#define HW_RISCV_VIRT_H
 
 typedef struct {
 /*< private >*/
-- 
2.7.0

[Qemu-devel] [PATCH v2 04/23] RISC-V: Use ROM base address and size from memmap

[Michael Clark]

Another case of replaceing hard coded constants, this time
referring to the definition in the virt machine's memmap.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 hw/riscv/virt.c | 4 ++--
 include/hw/riscv/virt.h | 2 --
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 0055439..0d101fc 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -338,11 +338,11 @@ static void riscv_virt_board_init(MachineState *machine)
 };
 
 /* copy in the reset vector */
-copy_le32_to_phys(ROM_BASE, reset_vec, sizeof(reset_vec));
+copy_le32_to_phys(memmap[VIRT_MROM].base, reset_vec, sizeof(reset_vec));
 
 /* copy in the device tree */
 qemu_fdt_dumpdtb(s->fdt, s->fdt_size);
-cpu_physical_memory_write(ROM_BASE + sizeof(reset_vec),
+cpu_physical_memory_write(memmap[VIRT_MROM].base + sizeof(reset_vec),
 s->fdt, s->fdt_size);
 
 /* create PLIC hart topology configuration string */
diff --git a/include/hw/riscv/virt.h b/include/hw/riscv/virt.h
index 2fbe808..655e85d 100644
--- a/include/hw/riscv/virt.h
+++ b/include/hw/riscv/virt.h
@@ -23,8 +23,6 @@
 #define VIRT(obj) \
 OBJECT_CHECK(RISCVVirtState, (obj), TYPE_RISCV_VIRT_BOARD)
 
-enum { ROM_BASE = 0x1000 };
-
 typedef struct {
 /*< private >*/
 SysBusDevice parent_obj;
-- 
2.7.0

[Qemu-devel] [PATCH v2 07/23] RISC-V: Remove unused class definitions

[Michael Clark]

Removes a whole lot of unnecessary boilerplate code. Machines
don't need to be objects. The expansion of the SOC object model
for the RISC-V machines will happen in the future as SiFive
plans to add their FE310 and FU540 SOCs to QEMU. However, it
seems that this present boilerplate is complete unnecessary.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/riscv/sifive_e.c | 25 -
 hw/riscv/sifive_u.c | 25 -
 hw/riscv/spike.c| 20 
 hw/riscv/virt.c | 25 -
 include/hw/riscv/sifive_e.h |  5 -
 include/hw/riscv/sifive_u.h |  5 -
 include/hw/riscv/spike.h|  7 ---
 include/hw/riscv/virt.h |  5 -
 8 files changed, 4 insertions(+), 113 deletions(-)

diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index 09c9d49..4872b68 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -194,24 +194,6 @@ static void riscv_sifive_e_init(MachineState *machine)
 }
 }
 
-static int riscv_sifive_e_sysbus_device_init(SysBusDevice *sysbusdev)
-{
-return 0;
-}
-
-static void riscv_sifive_e_class_init(ObjectClass *klass, void *data)
-{
-SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-k->init = riscv_sifive_e_sysbus_device_init;
-}
-
-static const TypeInfo riscv_sifive_e_device = {
-.name  = TYPE_SIFIVE_E,
-.parent= TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(SiFiveEState),
-.class_init= riscv_sifive_e_class_init,
-};
-
 static void riscv_sifive_e_machine_init(MachineClass *mc)
 {
 mc->desc = "RISC-V Board compatible with SiFive E SDK";
@@ -220,10 +202,3 @@ static void riscv_sifive_e_machine_init(MachineClass *mc)
 }
 
 DEFINE_MACHINE("sifive_e", riscv_sifive_e_machine_init)
-
-static void riscv_sifive_e_register_types(void)
-{
-type_register_static(_sifive_e_device);
-}
-
-type_init(riscv_sifive_e_register_types);
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 25df16c..083043a 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -302,31 +302,6 @@ static void riscv_sifive_u_init(MachineState *machine)
 SIFIVE_SIP_BASE, SIFIVE_TIMECMP_BASE, SIFIVE_TIME_BASE);
 }
 
-static int riscv_sifive_u_sysbus_device_init(SysBusDevice *sysbusdev)
-{
-return 0;
-}
-
-static void riscv_sifive_u_class_init(ObjectClass *klass, void *data)
-{
-SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-k->init = riscv_sifive_u_sysbus_device_init;
-}
-
-static const TypeInfo riscv_sifive_u_device = {
-.name  = TYPE_SIFIVE_U,
-.parent= TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(SiFiveUState),
-.class_init= riscv_sifive_u_class_init,
-};
-
-static void riscv_sifive_u_register_types(void)
-{
-type_register_static(_sifive_u_device);
-}
-
-type_init(riscv_sifive_u_register_types);
-
 static void riscv_sifive_u_machine_init(MachineClass *mc)
 {
 mc->desc = "RISC-V Board compatible with SiFive U SDK";
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index 74edf33..64e585e 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -336,18 +336,6 @@ static void spike_v1_09_1_board_init(MachineState *machine)
 smp_cpus, SIFIVE_SIP_BASE, SIFIVE_TIMECMP_BASE, SIFIVE_TIME_BASE);
 }
 
-static const TypeInfo spike_v_1_09_1_device = {
-.name  = TYPE_RISCV_SPIKE_V1_09_1_BOARD,
-.parent= TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(SpikeState),
-};
-
-static const TypeInfo spike_v_1_10_0_device = {
-.name  = TYPE_RISCV_SPIKE_V1_10_0_BOARD,
-.parent= TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(SpikeState),
-};
-
 static void spike_v1_09_1_machine_init(MachineClass *mc)
 {
 mc->desc = "RISC-V Spike Board (Privileged ISA v1.9.1)";
@@ -365,11 +353,3 @@ static void spike_v1_10_0_machine_init(MachineClass *mc)
 
 DEFINE_MACHINE("spike_v1.9.1", spike_v1_09_1_machine_init)
 DEFINE_MACHINE("spike_v1.10", spike_v1_10_0_machine_init)
-
-static void riscv_spike_board_register_types(void)
-{
-type_register_static(_v_1_09_1_device);
-type_register_static(_v_1_10_0_device);
-}
-
-type_init(riscv_spike_board_register_types);
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index f1e3641..5913100 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -380,24 +380,6 @@ static void riscv_virt_board_init(MachineState *machine)
 serial_hds[0], DEVICE_LITTLE_ENDIAN);
 }
 
-static int riscv_virt_board_sysbus_device_init(SysBusDevice *sysbusdev)
-{
-return 0;
-}
-
-static void riscv_virt_board_class_init(ObjectClass *klass, void *data)
-{
-SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
-k->init = riscv_virt_board_sysbus_device_init;
-}
-
-static const TypeInfo 

[Qemu-devel] [PATCH v2 10/23] RISC-V: Hold rcu_read_lock when accessing memory

[Michael Clark]

>From reading other code that accesses memory regions directly,
it appears that the rcu_read_lock needs to be held. Note: the
original code for accessing RAM directly was added because
there is no other way to use atomic_cmpxchg on guest physical
address space.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
CC: Stefan O'Rear 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 target/riscv/helper.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/target/riscv/helper.c b/target/riscv/helper.c
index 02cbcea..228933c 100644
--- a/target/riscv/helper.c
+++ b/target/riscv/helper.c
@@ -209,6 +209,7 @@ restart:
as the PTE is no longer valid */
 MemoryRegion *mr;
 hwaddr l = sizeof(target_ulong), addr1;
+rcu_read_lock();
 mr = address_space_translate(cs->as, pte_addr,
 , , false);
 if (memory_access_is_direct(mr, true)) {
@@ -222,16 +223,19 @@ restart:
 target_ulong old_pte =
 atomic_cmpxchg(pte_pa, pte, updated_pte);
 if (old_pte != pte) {
+rcu_read_unlock();
 goto restart;
 } else {
 pte = updated_pte;
 }
 #endif
 } else {
+rcu_read_unlock();
 /* misconfigured PTE in ROM (AD bits are not preset) or
  * PTE is in IO space and can't be updated atomically */
 return TRANSLATE_FAIL;
 }
+rcu_read_unlock();
 }
 
 /* for superpage mappings, make a fake leaf PTE for the TLB's
-- 
2.7.0

[Qemu-devel] [PATCH v2 12/23] RISC-V: Update E order and I extension order

[Michael Clark]

Section 22.8 Subset Naming Convention of the RISC-V ISA Specification
defines the canonical order for extensions in the ISA string. It is
silent on the position of the E extension however E is a substitute
for I so it must come early in the extension list order. A comment
is added to state E and I are mutually exclusive, as the E extension
will be added to the RISC-V port in the future.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 target/riscv/cpu.c | 2 +-
 target/riscv/cpu.h | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 4851890..d2ae56a 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -26,7 +26,7 @@
 
 /* RISC-V CPU definitions */
 
-static const char riscv_exts[26] = "IMAFDQECLBJTPVNSUHKORWXYZG";
+static const char riscv_exts[26] = "IEMAFDQCLBJTPVNSUHKORWXYZG";
 
 const char * const riscv_int_regnames[] = {
   "zero", "ra  ", "sp  ", "gp  ", "tp  ", "t0  ", "t1  ", "t2  ",
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index cff02a2..3a0ca2f 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -71,6 +71,7 @@
 #define RV(x) ((target_ulong)1 << (x - 'A'))
 
 #define RVI RV('I')
+#define RVE RV('E') /* E and I are mutually exclusive */
 #define RVM RV('M')
 #define RVA RV('A')
 #define RVF RV('F')
-- 
2.7.0

[Qemu-devel] [PATCH v2 03/23] RISC-V: Make virt board description match spike

[Michael Clark]

This makes 'qemu-system-riscv64 -machine help' output more tidy
and consistent.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 hw/riscv/virt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index a402856..0055439 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -404,7 +404,7 @@ static const TypeInfo riscv_virt_board_device = {
 
 static void riscv_virt_board_machine_init(MachineClass *mc)
 {
-mc->desc = "RISC-V VirtIO Board (Privileged spec v1.10)";
+mc->desc = "RISC-V VirtIO Board (Privileged ISA v1.10)";
 mc->init = riscv_virt_board_init;
 mc->max_cpus = 8; /* hardcoded limit in BBL */
 }
-- 
2.7.0

[Qemu-devel] [PATCH v2 09/23] RISC-V: Include intruction hex in disassembly

[Michael Clark]

This was added to help debug issues using -d in_asm. It is
useful to see the instruction bytes, as one can detect if
one is trying to execute ASCII or device-tree magic.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
Reviewed-by: Philippe Mathieu-Daudé 
---
 disas/riscv.c | 39 ---
 1 file changed, 20 insertions(+), 19 deletions(-)

diff --git a/disas/riscv.c b/disas/riscv.c
index 3c17501..4580308 100644
--- a/disas/riscv.c
+++ b/disas/riscv.c
@@ -2769,25 +2769,6 @@ static void format_inst(char *buf, size_t buflen, size_t 
tab, rv_decode *dec)
 char tmp[64];
 const char *fmt;
 
-if (dec->op == rv_op_illegal) {
-size_t len = inst_length(dec->inst);
-switch (len) {
-case 2:
-snprintf(buf, buflen, "(0x%04" PRIx64 ")", dec->inst);
-break;
-case 4:
-snprintf(buf, buflen, "(0x%08" PRIx64 ")", dec->inst);
-break;
-case 6:
-snprintf(buf, buflen, "(0x%012" PRIx64 ")", dec->inst);
-break;
-default:
-snprintf(buf, buflen, "(0x%016" PRIx64 ")", dec->inst);
-break;
-}
-return;
-}
-
 fmt = opcode_data[dec->op].format;
 while (*fmt) {
 switch (*fmt) {
@@ -3004,6 +2985,11 @@ disasm_inst(char *buf, size_t buflen, rv_isa isa, 
uint64_t pc, rv_inst inst)
 format_inst(buf, buflen, 16, );
 }
 
+#define INST_FMT_2 "%04" PRIx64 "  "
+#define INST_FMT_4 "%08" PRIx64 "  "
+#define INST_FMT_6 "%012" PRIx64 "  "
+#define INST_FMT_8 "%016" PRIx64 "  "
+
 static int
 print_insn_riscv(bfd_vma memaddr, struct disassemble_info *info, rv_isa isa)
 {
@@ -3031,6 +3017,21 @@ print_insn_riscv(bfd_vma memaddr, struct 
disassemble_info *info, rv_isa isa)
 }
 }
 
+switch (len) {
+case 2:
+(*info->fprintf_func)(info->stream, INST_FMT_2, inst);
+break;
+case 4:
+(*info->fprintf_func)(info->stream, INST_FMT_4, inst);
+break;
+case 6:
+(*info->fprintf_func)(info->stream, INST_FMT_6, inst);
+break;
+default:
+(*info->fprintf_func)(info->stream, INST_FMT_8, inst);
+break;
+}
+
 disasm_inst(buf, sizeof(buf), isa, memaddr, inst);
 (*info->fprintf_func)(info->stream, "%s", buf);
 
-- 
2.7.0

[Qemu-devel] [PATCH v2 05/23] RISC-V: Remove identity_translate from load_elf

[Michael Clark]

When load_elf is called with NULL as an argument to the
address translate callback, it does an identity translation.
This commit removes the redundant identity_translate callback.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/riscv/sifive_e.c | 7 +--
 hw/riscv/sifive_u.c | 7 +--
 hw/riscv/spike.c| 7 +--
 hw/riscv/virt.c | 7 +--
 4 files changed, 4 insertions(+), 24 deletions(-)

diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index 19eca36..09c9d49 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -82,16 +82,11 @@ static void copy_le32_to_phys(hwaddr pa, uint32_t *rom, 
size_t len)
 }
 }
 
-static uint64_t identity_translate(void *opaque, uint64_t addr)
-{
-return addr;
-}
-
 static uint64_t load_kernel(const char *kernel_filename)
 {
 uint64_t kernel_entry, kernel_high;
 
-if (load_elf(kernel_filename, identity_translate, NULL,
+if (load_elf(kernel_filename, NULL, NULL,
  _entry, NULL, _high,
  0, ELF_MACHINE, 1, 0) < 0) {
 error_report("qemu: could not load kernel '%s'", kernel_filename);
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index f3f7615..6116c38 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -68,16 +68,11 @@ static void copy_le32_to_phys(hwaddr pa, uint32_t *rom, 
size_t len)
 }
 }
 
-static uint64_t identity_translate(void *opaque, uint64_t addr)
-{
-return addr;
-}
-
 static uint64_t load_kernel(const char *kernel_filename)
 {
 uint64_t kernel_entry, kernel_high;
 
-if (load_elf(kernel_filename, identity_translate, NULL,
+if (load_elf(kernel_filename, NULL, NULL,
  _entry, NULL, _high,
  0, ELF_MACHINE, 1, 0) < 0) {
 error_report("qemu: could not load kernel '%s'", kernel_filename);
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index 4c233ec..7710333 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -59,16 +59,11 @@ static void copy_le32_to_phys(hwaddr pa, uint32_t *rom, 
size_t len)
 }
 }
 
-static uint64_t identity_translate(void *opaque, uint64_t addr)
-{
-return addr;
-}
-
 static uint64_t load_kernel(const char *kernel_filename)
 {
 uint64_t kernel_entry, kernel_high;
 
-if (load_elf_ram_sym(kernel_filename, identity_translate, NULL,
+if (load_elf_ram_sym(kernel_filename, NULL, NULL,
 _entry, NULL, _high, 0, ELF_MACHINE, 1, 0,
 NULL, true, htif_symbol_callback) < 0) {
 error_report("qemu: could not load kernel '%s'", kernel_filename);
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 0d101fc..f8c19b4 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -62,16 +62,11 @@ static void copy_le32_to_phys(hwaddr pa, uint32_t *rom, 
size_t len)
 }
 }
 
-static uint64_t identity_translate(void *opaque, uint64_t addr)
-{
-return addr;
-}
-
 static uint64_t load_kernel(const char *kernel_filename)
 {
 uint64_t kernel_entry, kernel_high;
 
-if (load_elf(kernel_filename, identity_translate, NULL,
+if (load_elf(kernel_filename, NULL, NULL,
  _entry, NULL, _high,
  0, ELF_MACHINE, 1, 0) < 0) {
 error_report("qemu: could not load kernel '%s'", kernel_filename);
-- 
2.7.0

[Qemu-devel] [PATCH v2 02/23] RISC-V: Replace hardcoded constants with enum values

[Michael Clark]

The RISC-V device-tree code has a number of hard-coded
constants and this change moves them into header enums.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/riscv/sifive_clint.c | 9 +++--
 hw/riscv/sifive_u.c | 6 --
 hw/riscv/spike.c| 6 --
 hw/riscv/virt.c | 6 --
 include/hw/riscv/sifive_clint.h | 4 
 include/hw/riscv/sifive_u.h | 4 
 include/hw/riscv/spike.h| 4 
 include/hw/riscv/virt.h | 4 
 8 files changed, 31 insertions(+), 12 deletions(-)

diff --git a/hw/riscv/sifive_clint.c b/hw/riscv/sifive_clint.c
index 4893453..7cc606e 100644
--- a/hw/riscv/sifive_clint.c
+++ b/hw/riscv/sifive_clint.c
@@ -26,13 +26,10 @@
 #include "hw/riscv/sifive_clint.h"
 #include "qemu/timer.h"
 
-/* See: riscv-pk/machine/sbi_entry.S and arch/riscv/kernel/time.c */
-#define TIMER_FREQ (10 * 1000 * 1000)
-
 static uint64_t cpu_riscv_read_rtc(void)
 {
-return muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), TIMER_FREQ,
-NANOSECONDS_PER_SECOND);
+return muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
+SIFIVE_CLINT_TIMEBASE_FREQ, NANOSECONDS_PER_SECOND);
 }
 
 /*
@@ -59,7 +56,7 @@ static void sifive_clint_write_timecmp(RISCVCPU *cpu, 
uint64_t value)
 diff = cpu->env.timecmp - rtc_r;
 /* back to ns (note args switched in muldiv64) */
 next = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
-muldiv64(diff, NANOSECONDS_PER_SECOND, TIMER_FREQ);
+muldiv64(diff, NANOSECONDS_PER_SECOND, SIFIVE_CLINT_TIMEBASE_FREQ);
 timer_mod(cpu->env.timer, next);
 }
 
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 1c2deef..f3f7615 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -122,7 +122,8 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 g_free(nodename);
 
 qemu_fdt_add_subnode(fdt, "/cpus");
-qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency", 1000);
+qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency",
+SIFIVE_CLINT_TIMEBASE_FREQ);
 qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0x0);
 qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 0x1);
 
@@ -131,7 +132,8 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 char *intc = g_strdup_printf("/cpus/cpu@%d/interrupt-controller", cpu);
 char *isa = riscv_isa_string(>soc.harts[cpu]);
 qemu_fdt_add_subnode(fdt, nodename);
-qemu_fdt_setprop_cell(fdt, nodename, "clock-frequency", 10);
+qemu_fdt_setprop_cell(fdt, nodename, "clock-frequency",
+  SIFIVE_U_CLOCK_FREQ);
 qemu_fdt_setprop_string(fdt, nodename, "mmu-type", "riscv,sv48");
 qemu_fdt_setprop_string(fdt, nodename, "riscv,isa", isa);
 qemu_fdt_setprop_string(fdt, nodename, "compatible", "riscv");
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index 2d1f114..4c233ec 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -115,7 +115,8 @@ static void create_fdt(SpikeState *s, const struct 
MemmapEntry *memmap,
 g_free(nodename);
 
 qemu_fdt_add_subnode(fdt, "/cpus");
-qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency", 1000);
+qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency",
+SIFIVE_CLINT_TIMEBASE_FREQ);
 qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0x0);
 qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 0x1);
 
@@ -124,7 +125,8 @@ static void create_fdt(SpikeState *s, const struct 
MemmapEntry *memmap,
 char *intc = g_strdup_printf("/cpus/cpu@%d/interrupt-controller", cpu);
 char *isa = riscv_isa_string(>soc.harts[cpu]);
 qemu_fdt_add_subnode(fdt, nodename);
-qemu_fdt_setprop_cell(fdt, nodename, "clock-frequency", 10);
+qemu_fdt_setprop_cell(fdt, nodename, "clock-frequency",
+  SPIKE_CLOCK_FREQ);
 qemu_fdt_setprop_string(fdt, nodename, "mmu-type", "riscv,sv48");
 qemu_fdt_setprop_string(fdt, nodename, "riscv,isa", isa);
 qemu_fdt_setprop_string(fdt, nodename, "compatible", "riscv");
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 37968d2..a402856 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -145,7 +145,8 @@ static void create_fdt(RISCVVirtState *s, const struct 
MemmapEntry *memmap,
 g_free(nodename);
 
 qemu_fdt_add_subnode(fdt, "/cpus");
-qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency", 1000);
+qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency",
+  SIFIVE_CLINT_TIMEBASE_FREQ);
 qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0x0);
 qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 0x1);
 
@@ 

[Qemu-devel] [PATCH v2 01/23] RISC-V: Make virt create_fdt interface consistent

[Michael Clark]

create_fdt sets the fdt variable on RISCVVirtState and this is
used to access the fdt. This reverts a change introduced in
https://github.com/riscv/riscv-qemu/pull/109 which introduced
a redundant return value, overlooking the RISCVVirtState
structure member that made create_fdt inconsistent with the
other RISC-V machines. The other alternative is to change
the other boards to return the fdt. Note: the RISCVVirtState
also contains fdt_size.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 hw/riscv/virt.c | 13 +
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index e2c214e..37968d2 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -108,7 +108,7 @@ static hwaddr load_initrd(const char *filename, uint64_t 
mem_size,
 return *start + size;
 }
 
-static void *create_fdt(RISCVVirtState *s, const struct MemmapEntry *memmap,
+static void create_fdt(RISCVVirtState *s, const struct MemmapEntry *memmap,
 uint64_t mem_size, const char *cmdline)
 {
 void *fdt;
@@ -264,8 +264,6 @@ static void *create_fdt(RISCVVirtState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_string(fdt, "/chosen", "stdout-path", nodename);
 qemu_fdt_setprop_string(fdt, "/chosen", "bootargs", cmdline);
 g_free(nodename);
-
-return fdt;
 }
 
 static void riscv_virt_board_init(MachineState *machine)
@@ -279,7 +277,6 @@ static void riscv_virt_board_init(MachineState *machine)
 char *plic_hart_config;
 size_t plic_hart_config_len;
 int i;
-void *fdt;
 
 /* Initialize SOC */
 object_initialize(>soc, sizeof(s->soc), TYPE_RISCV_HART_ARRAY);
@@ -299,7 +296,7 @@ static void riscv_virt_board_init(MachineState *machine)
 main_mem);
 
 /* create device tree */
-fdt = create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline);
+create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline);
 
 /* boot rom */
 memory_region_init_ram(boot_rom, NULL, "riscv_virt_board.bootrom",
@@ -314,9 +311,9 @@ static void riscv_virt_board_init(MachineState *machine)
 hwaddr end = load_initrd(machine->initrd_filename,
  machine->ram_size, kernel_entry,
  );
-qemu_fdt_setprop_cell(fdt, "/chosen",
-  "linux,initrd-start", start);
-qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end",
+qemu_fdt_setprop_cell(s->fdt, "/chosen", "linux,initrd-start",
+  start);
+qemu_fdt_setprop_cell(s->fdt, "/chosen", "linux,initrd-end",
   end);
 }
 }
-- 
2.7.0

[Qemu-devel] [PATCH v2 06/23] RISC-V: Mark ROM read-only after copying in code

[Michael Clark]

The sifive_u machine already marks its ROM readonly. This fixes
the remaining boards.

Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Signed-off-by: Michael Clark 
Signed-off-by: Palmer Dabbelt 
---
 hw/riscv/sifive_u.c  |  9 +
 hw/riscv/spike.c | 18 ++
 hw/riscv/virt.c  |  7 ---
 include/hw/riscv/spike.h |  8 
 4 files changed, 19 insertions(+), 23 deletions(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 6116c38..25df16c 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -223,7 +223,7 @@ static void riscv_sifive_u_init(MachineState *machine)
 SiFiveUState *s = g_new0(SiFiveUState, 1);
 MemoryRegion *sys_memory = get_system_memory();
 MemoryRegion *main_mem = g_new(MemoryRegion, 1);
-MemoryRegion *boot_rom = g_new(MemoryRegion, 1);
+MemoryRegion *mask_rom = g_new(MemoryRegion, 1);
 
 /* Initialize SOC */
 object_initialize(>soc, sizeof(s->soc), TYPE_RISCV_HART_ARRAY);
@@ -246,10 +246,10 @@ static void riscv_sifive_u_init(MachineState *machine)
 create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline);
 
 /* boot rom */
-memory_region_init_ram(boot_rom, NULL, "riscv.sifive.u.mrom",
+memory_region_init_ram(mask_rom, NULL, "riscv.sifive.u.mrom",
memmap[SIFIVE_U_MROM].base, _fatal);
-memory_region_set_readonly(boot_rom, true);
-memory_region_add_subregion(sys_memory, 0x0, boot_rom);
+memory_region_set_readonly(mask_rom, true);
+memory_region_add_subregion(sys_memory, 0x0, mask_rom);
 
 if (machine->kernel_filename) {
 load_kernel(machine->kernel_filename);
@@ -279,6 +279,7 @@ static void riscv_sifive_u_init(MachineState *machine)
 qemu_fdt_dumpdtb(s->fdt, s->fdt_size);
 cpu_physical_memory_write(memmap[SIFIVE_U_MROM].base +
 sizeof(reset_vec), s->fdt, s->fdt_size);
+memory_region_set_readonly(mask_rom, true);
 
 /* MMIO */
 s->plic = sifive_plic_create(memmap[SIFIVE_U_PLIC].base,
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index 7710333..74edf33 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -173,7 +173,7 @@ static void spike_v1_10_0_board_init(MachineState *machine)
 SpikeState *s = g_new0(SpikeState, 1);
 MemoryRegion *system_memory = get_system_memory();
 MemoryRegion *main_mem = g_new(MemoryRegion, 1);
-MemoryRegion *boot_rom = g_new(MemoryRegion, 1);
+MemoryRegion *mask_rom = g_new(MemoryRegion, 1);
 
 /* Initialize SOC */
 object_initialize(>soc, sizeof(s->soc), TYPE_RISCV_HART_ARRAY);
@@ -196,9 +196,9 @@ static void spike_v1_10_0_board_init(MachineState *machine)
 create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline);
 
 /* boot rom */
-memory_region_init_ram(boot_rom, NULL, "riscv.spike.bootrom",
+memory_region_init_ram(mask_rom, NULL, "riscv.spike.mrom",
s->fdt_size + 0x2000, _fatal);
-memory_region_add_subregion(system_memory, 0x0, boot_rom);
+memory_region_add_subregion(system_memory, 0x0, mask_rom);
 
 if (machine->kernel_filename) {
 load_kernel(machine->kernel_filename);
@@ -228,9 +228,10 @@ static void spike_v1_10_0_board_init(MachineState *machine)
 qemu_fdt_dumpdtb(s->fdt, s->fdt_size);
 cpu_physical_memory_write(memmap[SPIKE_MROM].base + sizeof(reset_vec),
 s->fdt, s->fdt_size);
+memory_region_set_readonly(mask_rom, true);
 
 /* initialize HTIF using symbols found in load_kernel */
-htif_mm_init(system_memory, boot_rom, >soc.harts[0].env, serial_hds[0]);
+htif_mm_init(system_memory, mask_rom, >soc.harts[0].env, serial_hds[0]);
 
 /* Core Local Interruptor (timer and IPI) */
 sifive_clint_create(memmap[SPIKE_CLINT].base, memmap[SPIKE_CLINT].size,
@@ -244,7 +245,7 @@ static void spike_v1_09_1_board_init(MachineState *machine)
 SpikeState *s = g_new0(SpikeState, 1);
 MemoryRegion *system_memory = get_system_memory();
 MemoryRegion *main_mem = g_new(MemoryRegion, 1);
-MemoryRegion *boot_rom = g_new(MemoryRegion, 1);
+MemoryRegion *mask_rom = g_new(MemoryRegion, 1);
 
 /* Initialize SOC */
 object_initialize(>soc, sizeof(s->soc), TYPE_RISCV_HART_ARRAY);
@@ -264,9 +265,9 @@ static void spike_v1_09_1_board_init(MachineState *machine)
 main_mem);
 
 /* boot rom */
-memory_region_init_ram(boot_rom, NULL, "riscv.spike.bootrom",
+memory_region_init_ram(mask_rom, NULL, "riscv.spike.mrom",
0x4, _fatal);
-memory_region_add_subregion(system_memory, 0x0, boot_rom);
+memory_region_add_subregion(system_memory, 0x0, mask_rom);
 
 if (machine->kernel_filename) {
 load_kernel(machine->kernel_filename);
@@ -325,9 +326,10 @@ static void spike_v1_09_1_board_init(MachineState *machine)
 /* copy in the config string */
 

[Qemu-devel] [PATCH v2 00/23] RISC-V Post-merge spec conformance and cleanup

[Michael Clark]

Apparently there is at least one logic bug in amongst this
set of 23 patches. I'll shout you a beer if you can find it.
I found one myself so there was probably at least two.

Hey, it boots SMP Linux here, but I think it needs more testing.

This is a series of spec conformance bug fixes and code cleanups.
We would like to get this series in after our core changes in v8.2.

* Implements WARL behavior for CSRs that don't support writes
* Improves specification conformance of the page table walker
  * Change access checks from ternary operator to if statements
  * Checks for misaligned PPNs
  * Disallow M-mode or S-mode from fetching from User pages
  * Adds reserved PTE flag check: W or W|X
  * Adds prot read if mode is not U and mstatus.mxr is set
  * Improves page walker comments and general readability 
* Several trivial code cleanups to hw/riscv
  * Replacing hard coded constants with reference to enums
or the machine memory maps.
* Adds bounds checks when writing device-tree to ROM
* Updates the cpu model to use a more modern interface

v2

- remove unused class boilerplate retains qom parent_obj
- convert cpu definition towards future model
- honor mstatus.mxr flag in page table walker

Michael Clark (23):
  RISC-V: Make virt create_fdt interface consistent
  RISC-V: Replace hardcoded constants with enum values
  RISC-V: Make virt board description match spike
  RISC-V: Use ROM base address and size from memmap
  RISC-V: Remove identity_translate from load_elf
  RISC-V: Mark ROM read-only after copying in code
  RISC-V: Remove unused class definitions
  RISC-V: Make sure rom has space for fdt
  RISC-V: Include intruction hex in disassembly
  RISC-V: Hold rcu_read_lock when accessing memory
  RISC-V: Improve page table walker spec compliance
  RISC-V: Update E order and I extension order
  RISC-V: Make some header guards more specific
  RISC-V: Make virt header comment title consistent
  RISC-V: Use memory_region_is_ram in pte update
  RISC-V: Remove EM_RISCV ELF_MACHINE indirection
  RISC-V: Hardwire satp to 0 for no-mmu case
  RISC-V: Remove braces from satp case statement
  RISC-V: riscv-qemu port supports sv39 and sv48
  RISC-V: vectored traps are optional
  RISC-V: No traps on writes to misa,minstret,mcycle
  RISC-V: Remove support for adhoc X_COP interrupt
  RISC-V: Convert cpu definition towards future model

 disas/riscv.c   |  39 +++--
 hw/riscv/sifive_clint.c |   9 +--
 hw/riscv/sifive_e.c |  34 +--
 hw/riscv/sifive_u.c |  65 +++--
 hw/riscv/spike.c|  65 -
 hw/riscv/virt.c |  77 +
 include/hw/riscv/sifive_clint.h |   4 ++
 include/hw/riscv/sifive_e.h |   5 --
 include/hw/riscv/sifive_u.h |   9 ++-
 include/hw/riscv/spike.h|  15 ++---
 include/hw/riscv/virt.h |  17 +++---
 target/riscv/cpu.c  | 125 ++--
 target/riscv/cpu.h  |   6 +-
 target/riscv/cpu_bits.h |   3 -
 target/riscv/helper.c   |  65 +++--
 target/riscv/op_helper.c|  52 -
 16 files changed, 263 insertions(+), 327 deletions(-)

-- 
2.7.0

Re: [Qemu-devel] [PATCH v1 11/22] RISC-V: Improve page table walker spec compliance

[Michael Clark]

On Wed, Mar 7, 2018 at 9:43 AM, Michael Clark  wrote:

> - Inline PTE_TABLE check for better readability
> - Improve readibility of User page U mode and SUM test
> - Disallow non U mode from fetching from User pages
> - Add reserved PTE flag check: W or W|X
> - Add misaligned PPN check
> - Change access checks from ternary operator to if statements
> - Improves page walker comments
> - No measurable performance impact on dd test
>
> Signed-off-by: Michael Clark 
> Signed-off-by: Palmer Dabbelt 
> ---
>  target/riscv/cpu_bits.h |  2 --
>  target/riscv/helper.c   | 57 ++
> ---
>  2 files changed, 40 insertions(+), 19 deletions(-)
>
> diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
> index 64aa097..12b4757 100644
> --- a/target/riscv/cpu_bits.h
> +++ b/target/riscv/cpu_bits.h
> @@ -407,5 +407,3 @@
>  #define PTE_SOFT  0x300 /* Reserved for Software */
>
>  #define PTE_PPN_SHIFT 10
> -
> -#define PTE_TABLE(PTE) (((PTE) & (PTE_V | PTE_R | PTE_W | PTE_X)) ==
> PTE_V)
> diff --git a/target/riscv/helper.c b/target/riscv/helper.c
> index 228933c..2165ecb 100644
> --- a/target/riscv/helper.c
> +++ b/target/riscv/helper.c
> @@ -185,16 +185,36 @@ restart:
>  #endif
>  target_ulong ppn = pte >> PTE_PPN_SHIFT;
>
> -if (PTE_TABLE(pte)) { /* next level of page table */
> +if (!(pte & PTE_V)) {
> +/* Invalid PTE */
> +return TRANSLATE_FAIL;
> +} else if (!(pte & (PTE_R | PTE_W | PTE_X))) {
> +/* Inner PTE, continue walking */
>  base = ppn << PGSHIFT;
> -} else if ((pte & PTE_U) ? (mode == PRV_S) && !sum : !(mode ==
> PRV_S)) {
> -break;
> -} else if (!(pte & PTE_V) || (!(pte & PTE_R) && (pte & PTE_W))) {
> -break;
> -} else if (access_type == MMU_INST_FETCH ? !(pte & PTE_X) :
> -  access_type == MMU_DATA_LOAD ?  !(pte & PTE_R) &&
> -  !(mxr && (pte & PTE_X)) : !((pte & PTE_R) && (pte &
> PTE_W))) {
> -break;
> +} else if ((pte & (PTE_R | PTE_W | PTE_X)) == PTE_W) {
> +/* Reserved leaf PTE flags: PTE_W */
> +return TRANSLATE_FAIL;
> +} else if ((pte & (PTE_R | PTE_W | PTE_X)) == (PTE_W | PTE_X)) {
> +/* Reserved leaf PTE flags: PTE_W + PTE_X */
> +return TRANSLATE_FAIL;
> +} else if ((pte & PTE_U) && ((mode != PRV_U) &&
> +   (!sum || access_type == MMU_INST_FETCH))) {
> +/* User PTE flags when not U mode and mstats.SUM is not set,
> +   or the access type is an instruction fetch */
> +return TRANSLATE_FAIL;
> +} else if (ppn & ((1ULL << ptshift) - 1)) {
> +/* Misasligned PPN */
> +return TRANSLATE_FAIL;
> +} else if (access_type == MMU_DATA_LOAD && !((pte & PTE_R) ||
> +   ((pte & PTE_X) && mxr))) {
>

This should only honor the mstatus.MXR flags if mode != PRV_U

+/* Read access check failed */
> +return TRANSLATE_FAIL;
> +} else if (access_type == MMU_DATA_STORE && !(pte & PTE_W)) {
> +/* Write access check failed */
> +return TRANSLATE_FAIL;
> +} else if (access_type == MMU_INST_FETCH && !(pte & PTE_X)) {
> +/* Fetch access check failed */
> +return TRANSLATE_FAIL;
>  } else {
>  /* if necessary, set accessed and dirty bits. */
>  target_ulong updated_pte = pte | PTE_A |
> @@ -202,11 +222,14 @@ restart:
>
>  /* Page table updates need to be atomic with MTTCG enabled */
>  if (updated_pte != pte) {
> -/* if accessed or dirty bits need updating, and the PTE is
> - * in RAM, then we do so atomically with a compare and
> swap.
> - * if the PTE is in IO space, then it can't be updated.
> - * if the PTE changed, then we must re-walk the page table
> -   as the PTE is no longer valid */
> +/*
> + * - if accessed or dirty bits need updating, and the PTE
> is
> + *   in RAM, then we do so atomically with a compare and
> swap.
> + * - if the PTE is in IO space or ROM, then it can't be
> updated
> + *   and we return TRANSLATE_FAIL.
> + * - if the PTE changed by the time we went to update it,
> then
> + *   it is no longer valid and we must re-walk the page
> table.
> + */
>  MemoryRegion *mr;
>  hwaddr l = sizeof(target_ulong), addr1;
>  rcu_read_lock();
> @@ -243,15 +266,15 @@ restart:
>  target_ulong vpn = addr >> PGSHIFT;
>  *physical = (ppn | (vpn & ((1L << ptshift) - 1))) << PGSHIFT;
>
> +/* set permissions on the TLB entry */
> 

[Qemu-devel] [Bug 1754542] Re: colo: secondary vm crash when execute x-colo-lost-heartbeat

[李穗恒]

** Description changed:

  I use Arch Linux x86_64
  both qemu 2.11.1 and Zhang 
Chen's(https://github.com/zhangckid/qemu/commits/colo-with-virtio-net-internal-jul10)
  Following document 'COLO-FT.txt',
  I test colo feature on my hosts
  
  I run this command
  Primary:
  sudo qemu-system-x86_64 -boot c   -enable-kvm -m 2048 -smp 2  -qmp stdio  
-name primary \
  -device piix3-usb-uhci \
  -device usb-tablet -netdev tap,id=hn0,vhost=off \
  -device virtio-net-pci,id=net-pci0,netdev=hn0 \
  -drive 
if=virtio,id=colo-disk0,driver=quorum,read-pattern=fifo,vote-threshold=1,children.0.file.filename=/var/lib/libvirt/images/1.raw,children.0.driver=raw
 -S
  
  Secondary:
  sudo qemu-system-x86_64 -boot c -enable-kvm -m 2048 -smp 2 -qmp stdio  -name 
secondary \
  -device piix3-usb-uhci \
  -device usb-tablet -netdev tap,id=hn0,vhost=off \
  -device virtio-net-pci,id=net-pci0,netdev=hn0 \
  -drive 
if=none,id=colo-disk0,file.filename=/var/lib/libvirt/images/2.raw,driver=raw,node-name=node0
 \
  -drive if=virtio,id=active-disk0,driver=replication,mode=secondary,\
  file.driver=qcow2,top-id=active-disk0,\
  file.file.filename=/mnt/ramfs/active_disk.img,\
  file.backing.driver=qcow2,\
  file.backing.file.filename=/mnt/ramfs/hidden_disk.img,\
  file.backing.backing=colo-disk0 \
  -incoming tcp:0:
  
  Secondary:
  {'execute':'qmp_capabilities'}
  { 'execute': 'nbd-server-start',
    'arguments': {'addr': {'type': 'inet', 'data': {'host': '192.168.0.33', 
'port': '8889'} } }
  }
  {'execute': 'nbd-server-add', 'arguments': {'device': 'colo-disk0', 
'writable': true } }
  
  Primary:
  {'execute':'qmp_capabilities'}
  { 'execute': 'human-monitor-command',
-   'arguments': {'command-line': 'drive_add -n buddy 
driver=replication,mode=primary,file.driver=nbd,file.host=192.168.0.33,file.port=8889,file.export=colo-disk0,node-name=nbd_client0'}}
+   'arguments': {'command-line': 'drive_add -n buddy 
driver=replication,mode=primary,file.driver=nbd,file.host=192.168.0.34,file.port=8889,file.export=colo-disk0,node-name=nbd_client0'}}
  { 'execute':'x-blockdev-change', 'arguments':{'parent': 'colo-disk0', 'node': 
'nbd_client0' } }
  { 'execute': 'migrate-set-capabilities',
    'arguments': {'capabilities': [ {'capability': 'x-colo', 'state': true 
} ] } }
- { 'execute': 'migrate', 'arguments': {'uri': 'tcp:192.168.0.33:' } }
+ { 'execute': 'migrate', 'arguments': {'uri': 'tcp:192.168.0.34:' } }
  { 'execute': 'migrate-set-parameters' , 'arguments':{ 'x-checkpoint-delay': 
2000 } }
  
  Above are all OK.Two VM syncing.
  
  Primary:
  { 'execute': 'x-blockdev-change', 'arguments': {'parent': 'colo-disk0', 
'child': 'children.1'}}
  { 'execute': 'human-monitor-command','arguments': {'command-line': 'drive_del 
blk-buddy0'}}
  
  Secondary:
  { 'execute': 'nbd-server-stop' }
  { 'execute': 'x-colo-lost-heartbeat' }
  
  But When I execute x-colo-lost-heartbeat.Primary run Secondary cash
  
   { 'execute': 'nbd-server-stop' }
  {"return": {}}
  qemu-system-x86_64: Disconnect client, due to: Unexpected end-of-file before 
all bytes were read
   { 'execute': 'x-colo-lost-heartbeat' }
  {"return": {}}
  qemu-system-x86_64: Can't receive COLO message: Input/output error
  **
  ERROR:/build/qemu/src/qemu-2.11.1/qom/object.c:907:object_unref: assertion 
failed (obj->ref > 0): (0 > 0)
  [1]2972 abort  sudo /usr/bin/qemu-system-x86_64 -boot c -enable-kvm 
-m 2048 -smp 2 -qmp stdi

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1754542

Title:
  colo: secondary vm crash when execute x-colo-lost-heartbeat

Status in QEMU:
  New

Bug description:
  I use Arch Linux x86_64
  both qemu 2.11.1 and Zhang 
Chen's(https://github.com/zhangckid/qemu/commits/colo-with-virtio-net-internal-jul10)
  Following document 'COLO-FT.txt',
  I test colo feature on my hosts

  I run this command
  Primary:
  sudo qemu-system-x86_64 -boot c   -enable-kvm -m 2048 -smp 2  -qmp stdio  
-name primary \
  -device piix3-usb-uhci \
  -device usb-tablet -netdev tap,id=hn0,vhost=off \
  -device virtio-net-pci,id=net-pci0,netdev=hn0 \
  -drive 
if=virtio,id=colo-disk0,driver=quorum,read-pattern=fifo,vote-threshold=1,children.0.file.filename=/var/lib/libvirt/images/1.raw,children.0.driver=raw
 -S

  Secondary:
  sudo qemu-system-x86_64 -boot c -enable-kvm -m 2048 -smp 2 -qmp stdio  -name 
secondary \
  -device piix3-usb-uhci \
  -device usb-tablet -netdev tap,id=hn0,vhost=off \
  -device virtio-net-pci,id=net-pci0,netdev=hn0 \
  -drive 
if=none,id=colo-disk0,file.filename=/var/lib/libvirt/images/2.raw,driver=raw,node-name=node0
 \
  -drive if=virtio,id=active-disk0,driver=replication,mode=secondary,\
  file.driver=qcow2,top-id=active-disk0,\
  file.file.filename=/mnt/ramfs/active_disk.img,\
  file.backing.driver=qcow2,\
  file.backing.file.filename=/mnt/ramfs/hidden_disk.img,\
  file.backing.backing=colo-disk0 \
  -incoming tcp:0:

  Secondary:
  

[Qemu-devel] [Bug 1754542] [NEW] colo: secondary vm crash when execute x-colo-lost-heartbeat

[李穗恒]

Public bug reported:

I use Arch Linux x86_64
both qemu 2.11.1 and Zhang 
Chen's(https://github.com/zhangckid/qemu/commits/colo-with-virtio-net-internal-jul10)
Following document 'COLO-FT.txt',
I test colo feature on my hosts

I run this command
Primary:
sudo qemu-system-x86_64 -boot c   -enable-kvm -m 2048 -smp 2  -qmp stdio  -name 
primary \
-device piix3-usb-uhci \
-device usb-tablet -netdev tap,id=hn0,vhost=off \
-device virtio-net-pci,id=net-pci0,netdev=hn0 \
-drive 
if=virtio,id=colo-disk0,driver=quorum,read-pattern=fifo,vote-threshold=1,children.0.file.filename=/var/lib/libvirt/images/1.raw,children.0.driver=raw
 -S

Secondary:
sudo qemu-system-x86_64 -boot c -enable-kvm -m 2048 -smp 2 -qmp stdio  -name 
secondary \
-device piix3-usb-uhci \
-device usb-tablet -netdev tap,id=hn0,vhost=off \
-device virtio-net-pci,id=net-pci0,netdev=hn0 \
-drive 
if=none,id=colo-disk0,file.filename=/var/lib/libvirt/images/2.raw,driver=raw,node-name=node0
 \
-drive if=virtio,id=active-disk0,driver=replication,mode=secondary,\
file.driver=qcow2,top-id=active-disk0,\
file.file.filename=/mnt/ramfs/active_disk.img,\
file.backing.driver=qcow2,\
file.backing.file.filename=/mnt/ramfs/hidden_disk.img,\
file.backing.backing=colo-disk0 \
-incoming tcp:0:

Secondary:
{'execute':'qmp_capabilities'}
{ 'execute': 'nbd-server-start',
  'arguments': {'addr': {'type': 'inet', 'data': {'host': '192.168.0.33', 
'port': '8889'} } }
}
{'execute': 'nbd-server-add', 'arguments': {'device': 'colo-disk0', 'writable': 
true } }

Primary:
{'execute':'qmp_capabilities'}
{ 'execute': 'human-monitor-command',
  'arguments': {'command-line': 'drive_add -n buddy 
driver=replication,mode=primary,file.driver=nbd,file.host=192.168.0.34,file.port=8889,file.export=colo-disk0,node-name=nbd_client0'}}
{ 'execute':'x-blockdev-change', 'arguments':{'parent': 'colo-disk0', 'node': 
'nbd_client0' } }
{ 'execute': 'migrate-set-capabilities',
  'arguments': {'capabilities': [ {'capability': 'x-colo', 'state': true } 
] } }
{ 'execute': 'migrate', 'arguments': {'uri': 'tcp:192.168.0.34:' } }
{ 'execute': 'migrate-set-parameters' , 'arguments':{ 'x-checkpoint-delay': 
2000 } }

Above are all OK.Two VM syncing.

Primary:
{ 'execute': 'x-blockdev-change', 'arguments': {'parent': 'colo-disk0', 
'child': 'children.1'}}
{ 'execute': 'human-monitor-command','arguments': {'command-line': 'drive_del 
blk-buddy0'}}

Secondary:
{ 'execute': 'nbd-server-stop' }
{ 'execute': 'x-colo-lost-heartbeat' }

But When I execute x-colo-lost-heartbeat.Primary run Secondary cash

 { 'execute': 'nbd-server-stop' }
{"return": {}}
qemu-system-x86_64: Disconnect client, due to: Unexpected end-of-file before 
all bytes were read
 { 'execute': 'x-colo-lost-heartbeat' }
{"return": {}}
qemu-system-x86_64: Can't receive COLO message: Input/output error
**
ERROR:/build/qemu/src/qemu-2.11.1/qom/object.c:907:object_unref: assertion 
failed (obj->ref > 0): (0 > 0)
[1]2972 abort  sudo /usr/bin/qemu-system-x86_64 -boot c -enable-kvm -m 
2048 -smp 2 -qmp stdi

** Affects: qemu
 Importance: Undecided
 Status: New


** Tags: colo

** Description changed:

  I use Arch Linux x86_64
- both qemu 2.11.1 Zhang 
Chen's(https://github.com/zhangckid/qemu/commits/colo-with-virtio-net-internal-jul10)
+ both qemu 2.11.1 and Zhang 
Chen's(https://github.com/zhangckid/qemu/commits/colo-with-virtio-net-internal-jul10)
  Following document 'COLO-FT.txt',
  I test colo feature on my hosts
  
  I run this command
  Primary:
  sudo qemu-system-x86_64 -boot c   -enable-kvm -m 2048 -smp 2  -qmp stdio  
-name primary \
  -device piix3-usb-uhci \
  -device usb-tablet -netdev tap,id=hn0,vhost=off \
  -device virtio-net-pci,id=net-pci0,netdev=hn0 \
  -drive 
if=virtio,id=colo-disk0,driver=quorum,read-pattern=fifo,vote-threshold=1,children.0.file.filename=/var/lib/libvirt/images/1.raw,children.0.driver=raw
 -S
  
  Secondary:
  sudo qemu-system-x86_64 -boot c -enable-kvm -m 2048 -smp 2 -qmp stdio  -name 
secondary \
  -device piix3-usb-uhci \
  -device usb-tablet -netdev tap,id=hn0,vhost=off \
  -device virtio-net-pci,id=net-pci0,netdev=hn0 \
  -drive 
if=none,id=colo-disk0,file.filename=/var/lib/libvirt/images/2.raw,driver=raw,node-name=node0
 \
  -drive if=virtio,id=active-disk0,driver=replication,mode=secondary,\
  file.driver=qcow2,top-id=active-disk0,\
  file.file.filename=/mnt/ramfs/active_disk.img,\
  file.backing.driver=qcow2,\
  file.backing.file.filename=/mnt/ramfs/hidden_disk.img,\
  file.backing.backing=colo-disk0 \
  -incoming tcp:0:
  
  Secondary:
  {'execute':'qmp_capabilities'}
  { 'execute': 'nbd-server-start',
-   'arguments': {'addr': {'type': 'inet', 'data': {'host': '192.168.0.33', 
'port': '8889'} } }
+   'arguments': {'addr': {'type': 'inet', 'data': {'host': '192.168.0.33', 
'port': '8889'} } }
  }
  {'execute': 'nbd-server-add', 'arguments': {'device': 'colo-disk0', 
'writable': true } }
  
  Primary:
  {'execute':'qmp_capabilities'}
  { 'execute': 

Re: [Qemu-devel] [PATCH v2] ppc440_pcix: Change some error_report to qemu_log_mask(LOG_UNIMP, ...)

[David Gibson]

On Fri, Mar 09, 2018 at 10:44:46AM +1100, David Gibson wrote:
> On Thu, Mar 08, 2018 at 12:08:08PM +0100, BALATON Zoltan wrote:
> > Using log unimp is more appropriate for these messages and this also
> > silences them by default so they won't clobber make check output when
> > tests are added for this board.
> > 
> > Signed-off-by: BALATON Zoltan 
> > Reviewed-by: Thomas Huth 
> 
> Applied, thanks.

Wait.. I've taken it out again.  Under some configurations (exercised
by Travis) qemu_log_mask() is undeclared here you're using it.  See
https://travis-ci.org/dgibson/qemu/jobs/351093986 for some more
information.

> 
> > ---
> > v2: Use defined format string for printing hwaddr instead of casting.
> > I guess this does not invalidate the R-b tag of v1 so I've added that too.
> > 
> >  hw/ppc/ppc440_pcix.c | 10 ++
> >  1 file changed, 6 insertions(+), 4 deletions(-)
> > 
> > diff --git a/hw/ppc/ppc440_pcix.c b/hw/ppc/ppc440_pcix.c
> > index ab2626a..1dc5d7f 100644
> > --- a/hw/ppc/ppc440_pcix.c
> > +++ b/hw/ppc/ppc440_pcix.c
> > @@ -286,8 +286,9 @@ static void ppc440_pcix_reg_write4(void *opaque, hwaddr 
> > addr,
> >  break;
> >  
> >  default:
> > -error_report("%s: unhandled PCI internal register 0x%lx", __func__,
> > - (unsigned long)addr);
> > +qemu_log_mask(LOG_UNIMP,
> > +  "%s: unhandled PCI internal register 
> > 0x%"HWADDR_PRIx"\n",
> > +  __func__, addr);
> >  break;
> >  }
> >  }
> > @@ -377,8 +378,9 @@ static uint64_t ppc440_pcix_reg_read4(void *opaque, 
> > hwaddr addr,
> >  break;
> >  
> >  default:
> > -error_report("%s: invalid PCI internal register 0x%lx", __func__,
> > - (unsigned long)addr);
> > +qemu_log_mask(LOG_UNIMP,
> > +  "%s: invalid PCI internal register 0x%" HWADDR_PRIx 
> > "\n",
> > +  __func__, addr);
> >  val = 0;
> >  }
> >  
> 



-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [edk2] [PATCH v2 0/8] RFC: ovmf: preliminary TPM2 support

[Shi, Steven]

Hi Marcandre,
Thanks for your command steps and I tried them, but my qemu failed to connect 
the socket tpmemu.sock. When I added the control channel to the TPM, the swtpm 
socket command stuck there and never exit. Not sure whether it was successful. 
Below are the command steps running output in my side

> Then you can run:
> mkdir tpmstatedir
> swtpm_setup.sh --tpm2 --tpm-state tpmstatedir
$ swtpm_setup.sh --tpm2 --tpm-state tpmstatedir
Starting vTPM manufacturing as jshi19:jshi19 @ 2018年03月09日 星期五 10时28分39秒
TPM is listening on TCP port 47364.
Successfully authored TPM state.
Ending vTPM manufacturing @ 2018年03月09日 星期五 10时28分39秒

> Run the emulator:
> swtpm socket --tpmstate dir=tpmstatedir --ctrl type=unixio,path=tpmemu.sock  
> --tpm2
$ swtpm socket --tpmstate dir=tpmstatedir --ctrl type=unixio,path=tpmemu.sock 
--tpm2
(the swtpm socket command stuck there and never exit)

> Run qemu (from git) with ovmf (with this series):
> qemu ... -chardev socket,id=chrtpm,path=tpmemu.sock -tpmdev
> emulator,id=tpm0,chardev=chrtpm  -device tpm-crb,tpmdev=tpm0
> -drive if=pflash,format=raw,file=OVMF_CODE.fd,readonly -drive
> if=pflash,format=raw,file=OVMF_VARS.fd ..
$ qemu-system-x86_64  -serial file:serial.log -m 5120 -hda fat:. -monitor stdio 
--enable-kvm -smp 4 -bios ../Ovmf3264/NOOPT_GCC5/FV/OVMF.fd -chardev 
socket,id=chrtpm,path=tpmemu.sock -tpmdev emulator,id=tpm0,chardev=chrtpm  
-device tpm-crb,tpmdev=tpm0
qemu-system-x86_64: -chardev socket,id=chrtpm,path=tpmemu.sock: Failed to 
connect socket tpmemu.sock: No such file or directory

I use the latest version qemu as below:
$ qemu-system-x86_64 --version
QEMU emulator version 2.11.50 (v2.10.0-4184-g930b01138b-dirty)
Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers

Thanks
Steven Shi

Re: [Qemu-devel] [PATCH v2 0/2] slirp: Add query-usernet QMP command

[Fam Zheng]

Gentle ping..

On Mon, 02/26 15:58, Fam Zheng wrote:
> v2: Fix compiler error. [patchew]
> 
> The command is a counterpart of HMP "info usernet" and is at least very useful
> for the VM tests. So add it.
> 
> Fam Zheng (2):
>   slirp: Add "query-usernet" QMP command
>   tests: Use query-usernet instead of 'info usernet'
> 
>  net/slirp.c|  26 +++
>  qapi/net.json  | 201 
> +
>  slirp/libslirp.h   |   1 +
>  slirp/misc.c   | 156 +
>  slirp/tcp.h|  15 
>  tests/vm/basevm.py |  14 ++--
>  6 files changed, 346 insertions(+), 67 deletions(-)
> 
> -- 
> 2.14.3
> 

Re: [Qemu-devel] [PATCH v4 2/5] qmp: distinguish PC-DIMM and NVDIMM in MemoryDeviceInfoList

[Haozhong Zhang]

On 03/08/18 11:22 -0600, Eric Blake wrote:
> On 03/07/2018 08:33 PM, Haozhong Zhang wrote:
> > It may need to treat PC-DIMM and NVDIMM differently, e.g., when
> > deciding the necessity of non-volatile flag bit in SRAT memory
> > affinity structures.
> > 
> > NVDIMMDeviceInfo, which inherits from PCDIMMDeviceInfo, is added to
> > union type MemoryDeviceInfo to record information of NVDIMM devices.
> > The NVDIMM-specific data is currently left empty and will be filled
> > when necessary in the future.
> > 
> > It also fixes "info memory-devices"/query-memory-devices which
> > currently show nvdimm devices as dimm devices since
> > object_dynamic_cast(obj, TYPE_PC_DIMM) happily cast nvdimm to
> > TYPE_PC_DIMM which it's been inherited from.
> > 
> > Signed-off-by: Haozhong Zhang 
> > ---
> 
> > +++ b/qapi/misc.json
> > @@ -2830,6 +2830,18 @@
> > }
> >   }
> > +##
> > +# @NVDIMMDeviceInfo:
> > +#
> > +# NVDIMMDevice state information
> > +#
> > +# Since: 2.12
> > +##
> > +{ 'struct': 'NVDIMMDeviceInfo',
> > +  'base': 'PCDIMMDeviceInfo',
> > +  'data': {}
> > +}
> > +
> 
> As long as you don't have any data members to add, you could omit this
> type...

Sure, I'll change in the next version.

Haozhong

> 
> >   ##
> >   # @MemoryDeviceInfo:
> >   #
> > @@ -2837,7 +2849,11 @@
> >   #
> >   # Since: 2.1
> >   ##
> > -{ 'union': 'MemoryDeviceInfo', 'data': {'dimm': 'PCDIMMDeviceInfo'} }
> > +{ 'union': 'MemoryDeviceInfo',
> > +  'data': { 'dimm': 'PCDIMMDeviceInfo',
> > +'nvdimm': 'NVDIMMDeviceInfo'
> > +  }
> 
> and just write this as
> 
>  'data': { 'dimm': 'PCDIMMDeviceInfo',
>'nvdimm': 'PCDIMMDeviceInfo' }
> 
> If, down the road, you want to add data members to one but not both of the
> branches, we can add a new (sub-)type at that time, and it won't break
> backwards compatibility.
> 
> -- 
> Eric Blake, Principal Software Engineer
> Red Hat, Inc.   +1-919-301-3266
> Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH v2 8/8] ovmf: add DxeTpm2MeasureBootLib

[Yao, Jiewen]

Besides the comment below, I should have used the example in OvmfPkg.

Please refer to 
https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c

The EfiBootManagerDispatchDeferredImages() API call is added just after 
gEfiDxeSmmReadyToLockProtocolGuid.

So I don’t see any problem in OVMF pkg.


Thank you
Yao Jiewen

> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Yao,
> Jiewen
> Sent: Friday, March 9, 2018 8:39 AM
> To: Laszlo Ersek ; marcandre.lur...@redhat.com;
> edk2-de...@lists.01.org
> Cc: javi...@redhat.com; pjo...@redhat.com; qemu-devel@nongnu.org
> Subject: Re: [edk2] [PATCH v2 8/8] ovmf: add DxeTpm2MeasureBootLib
> 
> Very good question.
> Comment below:
> 
> > -Original Message-
> > From: Laszlo Ersek [mailto:ler...@redhat.com]
> > Sent: Friday, March 9, 2018 3:54 AM
> > To: marcandre.lur...@redhat.com; edk2-de...@lists.01.org; Yao, Jiewen
> > 
> > Cc: pjo...@redhat.com; stef...@linux.vnet.ibm.com;
> > qemu-devel@nongnu.org; javi...@redhat.com
> > Subject: Re: [PATCH v2 8/8] ovmf: add DxeTpm2MeasureBootLib
> >
> > (Jiewen, below I have a question for you as well; please help with that.)
> >
> > On 03/07/18 16:57, marcandre.lur...@redhat.com wrote:
> > > From: Marc-André Lureau 
> > >
> > > The library registers a security management handler, to measure images
> > > that are not measure in PEI phase.
> > >
> > > This seems to work for example with the qemu PXE rom:
> > >
> > > Loading driver at 0x0003E6C2000 EntryPoint=0x0003E6C9076 8086100e.efi
> > >
> > > And the following binary_bios_measurements log entry seems to be
> > > added:
> > >
> > > PCR: 2type: EV_EFI_BOOT_SERVICES_DRIVER   size: 0x4e  digest:
> > 70a22475e9f18806d2ed9193b48d80d26779d9a4
> > >
> > > Cc: Laszlo Ersek 
> > > Cc: Stefan Berger 
> > > Contributed-under: TianoCore Contribution Agreement 1.0
> > > Signed-off-by: Marc-André Lureau 
> > > ---
> > >  OvmfPkg/OvmfPkgX64.dsc | 3 +++
> > >  1 file changed, 3 insertions(+)
> > >
> > > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> > > index 7753852144fb..9db1712e3623 100644
> > > --- a/OvmfPkg/OvmfPkgX64.dsc
> > > +++ b/OvmfPkg/OvmfPkgX64.dsc
> > > @@ -662,6 +662,9 @@ [Components]
> > >  
> > >  !if $(SECURE_BOOT_ENABLE) == TRUE
> > >
> >
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> > > +!endif
> > > +!if $(TPM2_ENABLE) == TRUE
> > > +
> >
> NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.i
> > nf
> > >  !endif
> > >}
> > >
> > >
> >
> > (1) Marc-André, please change the subject line to:
> >
> > OvmfPkg: plug DxeTpm2MeasureBootLib into SecurityStubDxe
> >
> >
> > (2) I have a question for Jiewen:
> >
> > DxeTpm2MeasureBootLib consumes the TCG2 protocol, but it does not depend
> > on it with a DEPEX. Instead, DxeTpm2MeasureBootHandler() tries to locate
> > the protocol on every invocation.
> [Jiewen] Yes.
> 
> > This means that SecurityStubDxe may produce the Security and Security2
> > Architectural Protocols before measurements into the TPM2 device are
> > possible.
> [Jiewen] Yes.
> 
> > Therefore, UEFI_DRIVER modules (which depend on all of the
> > Arch protocols) may be started before they can be measured into the TPM.
> >
> > Now, this is likely no problem for UEFI_DRIVER modules that are built
> > into the firmware volume(s), because those are measured by Tcg2Pei
> > anyway.
> [Jiewen] That is TRUE.
> 
> However, it would be a problem for UEFI_DRIVER modules / apps
> > that come from external media (disk, network, PCI oprom, etc).
> [Jiewen] By design, the 3rd part module should not be invoked before EndOfDxe.
> All Arch Protocol Ready is not strong enough. :-)
> Please refer to
> https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Universal/Sec
> urityStubDxe/Defer3rdPartyImageLoad.c
> 
> If a non-FV image is loaded before EndOfDxe, it will be queued into
> mDeferred3rdPartyImage.
> 
> We also added EfiBootManagerDispatchDeferredImages() API in
> https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Include/Librar
> y/UefiBootManagerLib.h and implemented in
> https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Library/UefiB
> ootManagerLib/BmMisc.c
> A platform must call EfiBootManagerDispatchDeferredImages(), if the platform
> supports PCI OROM.
> 
> You can find the sample code in
> https://github.com/tianocore/edk2-platforms/blob/devel-MinPlatform/Platform
> /Intel/MinPlatformPkg/Bds/Library/DxePlatformBootManagerLib/BdsPlatform.c
> 
> 
> 
> > However, such are loaded only in the BDS phase, and BDS is only entered
> > after all of the DXE drivers are dispatched from the firmware volumes.
> > In other words, the ordering between Tcg2Dxe and external UEFI_DRIVER /
> > UEFI_APPLICATION modules is ensured that Tcg2Dxe 

Re: [Qemu-devel] [PATCH] PPC e500: Fix gap between u-boot and kernel

[David Gibson]

On Thu, Mar 08, 2018 at 12:50:36PM +0100, David Engraf wrote:
> This patch moves the gap between u-boot and kernel at the correct location.
> 
> Signed-off-by: David Engraf 

Applied, thanks.

> ---
>  hw/ppc/e500.c | 9 -
>  1 file changed, 4 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
> index 43c15d18c4..bdef2bddc6 100644
> --- a/hw/ppc/e500.c
> +++ b/hw/ppc/e500.c
> @@ -1009,6 +1009,10 @@ void ppce500_init(MachineState *machine, PPCE500Params 
> *params)
>  }
>  
>  cur_base = loadaddr + payload_size;
> +if (cur_base < (32 * 1024 * 1024)) {
> +/* u-boot occupies memory up to 32MB, so load blobs above */
> +cur_base = (32 * 1024 * 1024);
> +}
>  
>  /* Load bare kernel only if no bios/u-boot has been provided */
>  if (machine->kernel_filename && !kernel_as_payload) {
> @@ -1025,11 +1029,6 @@ void ppce500_init(MachineState *machine, PPCE500Params 
> *params)
>  cur_base += kernel_size;
>  }
>  
> -if (cur_base < (32 * 1024 * 1024)) {
> -/* u-boot occupies memory up to 32MB, so load blobs above */
> -cur_base = (32 * 1024 * 1024);
> -}
> -
>  /* Load initrd. */
>  if (machine->initrd_filename) {
>  initrd_base = (cur_base + INITRD_LOAD_PAD) & ~INITRD_PAD_MASK;

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 04/19] uninorth: remove stray PCIBus realize from mac_newworld.c

[David Gibson]

On Tue, Mar 06, 2018 at 08:30:48PM +, Mark Cave-Ayland wrote:
> After QOMification this is clearly no longer needed (and possibly hasn't been
> for some time).
> 
> Signed-off-by: Mark Cave-Ayland 

Applied, thanks.

> ---
>  hw/ppc/mac_newworld.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
> index 1eba79d54b..3410bb13ad 100644
> --- a/hw/ppc/mac_newworld.c
> +++ b/hw/ppc/mac_newworld.c
> @@ -351,7 +351,6 @@ static void ppc_core99_init(MachineState *machine)
>  pci_bus = pci_pmac_init(pic, get_system_memory(), get_system_io());
>  machine_arch = ARCH_MAC99;
>  }
> -object_property_set_bool(OBJECT(pci_bus), true, "realized", 
> _abort);
>  
>  machine->usb |= defaults_enabled() && !machine->usb_disabled;
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 03/19] uninorth: QOMify PCI and AGP host bridges

[David Gibson]

On Tue, Mar 06, 2018 at 08:30:47PM +, Mark Cave-Ayland wrote:
> Signed-off-by: Mark Cave-Ayland 

Applied, thanks.

> ---
>  hw/pci-host/uninorth.c | 79 
> --
>  1 file changed, 32 insertions(+), 47 deletions(-)
> 
> diff --git a/hw/pci-host/uninorth.c b/hw/pci-host/uninorth.c
> index 710818e355..1d4d3f5705 100644
> --- a/hw/pci-host/uninorth.c
> +++ b/hw/pci-host/uninorth.c
> @@ -129,72 +129,61 @@ static const MemoryRegionOps unin_data_ops = {
>  .endianness = DEVICE_LITTLE_ENDIAN,
>  };
>  
> -static int pci_unin_main_init_device(SysBusDevice *dev)
> +static void pci_unin_main_init(Object *obj)
>  {
> -PCIHostState *h;
> +SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
> +PCIHostState *h = PCI_HOST_BRIDGE(obj);
>  
>  /* Use values found on a real PowerMac */
>  /* Uninorth main bus */
> -h = PCI_HOST_BRIDGE(dev);
> -
>  memory_region_init_io(>conf_mem, OBJECT(h), _host_conf_le_ops,
> -  dev, "pci-conf-idx", 0x1000);
> -memory_region_init_io(>data_mem, OBJECT(h), _data_ops, dev,
> +  obj, "pci-conf-idx", 0x1000);
> +memory_region_init_io(>data_mem, OBJECT(h), _data_ops, obj,
>"pci-conf-data", 0x1000);
> -sysbus_init_mmio(dev, >conf_mem);
> -sysbus_init_mmio(dev, >data_mem);
> -
> -return 0;
> +sysbus_init_mmio(sbd, >conf_mem);
> +sysbus_init_mmio(sbd, >data_mem);
>  }
>  
> -
> -static int pci_u3_agp_init_device(SysBusDevice *dev)
> +static void pci_u3_agp_init(Object *obj)
>  {
> -PCIHostState *h;
> +SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
> +PCIHostState *h = PCI_HOST_BRIDGE(obj);
>  
>  /* Uninorth U3 AGP bus */
> -h = PCI_HOST_BRIDGE(dev);
> -
>  memory_region_init_io(>conf_mem, OBJECT(h), _host_conf_le_ops,
> -  dev, "pci-conf-idx", 0x1000);
> -memory_region_init_io(>data_mem, OBJECT(h), _data_ops, dev,
> +  obj, "pci-conf-idx", 0x1000);
> +memory_region_init_io(>data_mem, OBJECT(h), _data_ops, obj,
>"pci-conf-data", 0x1000);
> -sysbus_init_mmio(dev, >conf_mem);
> -sysbus_init_mmio(dev, >data_mem);
> -
> -return 0;
> +sysbus_init_mmio(sbd, >conf_mem);
> +sysbus_init_mmio(sbd, >data_mem);
>  }
>  
> -static int pci_unin_agp_init_device(SysBusDevice *dev)
> +static void pci_unin_agp_init(Object *obj)
>  {
> -PCIHostState *h;
> +SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
> +PCIHostState *h = PCI_HOST_BRIDGE(obj);
>  
>  /* Uninorth AGP bus */
> -h = PCI_HOST_BRIDGE(dev);
> -
>  memory_region_init_io(>conf_mem, OBJECT(h), _host_conf_le_ops,
> -  dev, "pci-conf-idx", 0x1000);
> +  obj, "pci-conf-idx", 0x1000);
>  memory_region_init_io(>data_mem, OBJECT(h), _host_data_le_ops,
> -  dev, "pci-conf-data", 0x1000);
> -sysbus_init_mmio(dev, >conf_mem);
> -sysbus_init_mmio(dev, >data_mem);
> -return 0;
> +  obj, "pci-conf-data", 0x1000);
> +sysbus_init_mmio(sbd, >conf_mem);
> +sysbus_init_mmio(sbd, >data_mem);
>  }
>  
> -static int pci_unin_internal_init_device(SysBusDevice *dev)
> +static void pci_unin_internal_init(Object *obj)
>  {
> -PCIHostState *h;
> +SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
> +PCIHostState *h = PCI_HOST_BRIDGE(obj);
>  
>  /* Uninorth internal bus */
> -h = PCI_HOST_BRIDGE(dev);
> -
>  memory_region_init_io(>conf_mem, OBJECT(h), _host_conf_le_ops,
> -  dev, "pci-conf-idx", 0x1000);
> +  obj, "pci-conf-idx", 0x1000);
>  memory_region_init_io(>data_mem, OBJECT(h), _host_data_le_ops,
> -  dev, "pci-conf-data", 0x1000);
> -sysbus_init_mmio(dev, >conf_mem);
> -sysbus_init_mmio(dev, >data_mem);
> -return 0;
> +  obj, "pci-conf-data", 0x1000);
> +sysbus_init_mmio(sbd, >conf_mem);
> +sysbus_init_mmio(sbd, >data_mem);
>  }
>  
>  PCIBus *pci_pmac_init(qemu_irq *pic,
> @@ -461,10 +450,8 @@ static const TypeInfo unin_internal_pci_host_info = {
>  
>  static void pci_unin_main_class_init(ObjectClass *klass, void *data)
>  {
> -SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
>  DeviceClass *dc = DEVICE_CLASS(klass);
>  
> -sbc->init = pci_unin_main_init_device;
>  set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
>  }
>  
> @@ -472,15 +459,14 @@ static const TypeInfo pci_unin_main_info = {
>  .name  = TYPE_UNI_NORTH_PCI_HOST_BRIDGE,
>  .parent= TYPE_PCI_HOST_BRIDGE,
>  .instance_size = sizeof(UNINState),
> +.instance_init = pci_unin_main_init,
>  .class_init= pci_unin_main_class_init,
>  };
>  
>  static void pci_u3_agp_class_init(ObjectClass *klass, void *data)
>  {
> -SysBusDeviceClass *sbc = 

Re: [Qemu-devel] [PATCH v2 8/8] ovmf: add DxeTpm2MeasureBootLib

[Yao, Jiewen]

Very good question.
Comment below:

> -Original Message-
> From: Laszlo Ersek [mailto:ler...@redhat.com]
> Sent: Friday, March 9, 2018 3:54 AM
> To: marcandre.lur...@redhat.com; edk2-de...@lists.01.org; Yao, Jiewen
> 
> Cc: pjo...@redhat.com; stef...@linux.vnet.ibm.com;
> qemu-devel@nongnu.org; javi...@redhat.com
> Subject: Re: [PATCH v2 8/8] ovmf: add DxeTpm2MeasureBootLib
> 
> (Jiewen, below I have a question for you as well; please help with that.)
> 
> On 03/07/18 16:57, marcandre.lur...@redhat.com wrote:
> > From: Marc-André Lureau 
> >
> > The library registers a security management handler, to measure images
> > that are not measure in PEI phase.
> >
> > This seems to work for example with the qemu PXE rom:
> >
> > Loading driver at 0x0003E6C2000 EntryPoint=0x0003E6C9076 8086100e.efi
> >
> > And the following binary_bios_measurements log entry seems to be
> > added:
> >
> > PCR: 2  type: EV_EFI_BOOT_SERVICES_DRIVER   size: 0x4e  digest:
> 70a22475e9f18806d2ed9193b48d80d26779d9a4
> >
> > Cc: Laszlo Ersek 
> > Cc: Stefan Berger 
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Marc-André Lureau 
> > ---
> >  OvmfPkg/OvmfPkgX64.dsc | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> > index 7753852144fb..9db1712e3623 100644
> > --- a/OvmfPkg/OvmfPkgX64.dsc
> > +++ b/OvmfPkg/OvmfPkgX64.dsc
> > @@ -662,6 +662,9 @@ [Components]
> >  
> >  !if $(SECURE_BOOT_ENABLE) == TRUE
> >
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> > +!endif
> > +!if $(TPM2_ENABLE) == TRUE
> > +
> NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.i
> nf
> >  !endif
> >}
> >
> >
> 
> (1) Marc-André, please change the subject line to:
> 
> OvmfPkg: plug DxeTpm2MeasureBootLib into SecurityStubDxe
> 
> 
> (2) I have a question for Jiewen:
> 
> DxeTpm2MeasureBootLib consumes the TCG2 protocol, but it does not depend
> on it with a DEPEX. Instead, DxeTpm2MeasureBootHandler() tries to locate
> the protocol on every invocation.
[Jiewen] Yes.

> This means that SecurityStubDxe may produce the Security and Security2
> Architectural Protocols before measurements into the TPM2 device are
> possible.
[Jiewen] Yes.

> Therefore, UEFI_DRIVER modules (which depend on all of the
> Arch protocols) may be started before they can be measured into the TPM.
> 
> Now, this is likely no problem for UEFI_DRIVER modules that are built
> into the firmware volume(s), because those are measured by Tcg2Pei
> anyway.
[Jiewen] That is TRUE.

However, it would be a problem for UEFI_DRIVER modules / apps
> that come from external media (disk, network, PCI oprom, etc).
[Jiewen] By design, the 3rd part module should not be invoked before EndOfDxe.
All Arch Protocol Ready is not strong enough. :-)
Please refer to 
https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.c

If a non-FV image is loaded before EndOfDxe, it will be queued into 
mDeferred3rdPartyImage.

We also added EfiBootManagerDispatchDeferredImages() API in 
https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Include/Library/UefiBootManagerLib.h
 and implemented in 
https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
A platform must call EfiBootManagerDispatchDeferredImages(), if the platform 
supports PCI OROM.

You can find the sample code in 
https://github.com/tianocore/edk2-platforms/blob/devel-MinPlatform/Platform/Intel/MinPlatformPkg/Bds/Library/DxePlatformBootManagerLib/BdsPlatform.c



> However, such are loaded only in the BDS phase, and BDS is only entered
> after all of the DXE drivers are dispatched from the firmware volumes.
> In other words, the ordering between Tcg2Dxe and external UEFI_DRIVER /
> UEFI_APPLICATION modules is ensured that Tcg2Dxe will be dispatched in
> the DXE phase, while the latter will only be loaded in BDS.
> 
> Is this intentional? Is my understanding correct?

[Jiewen] Right. The only assumption is: Tcg2Dxe is included in the firmware 
volume and it is dispatched before EndOfDxe.



> 
> (3) If that's the case, then Marc-André, please add the following to the
> commit message:
> 
> 
> Hooking DxeTpm2MeasureBootLib into SecurityStubDxe ensures that the
> Security and Security2 Arch protocols will entail, by the time of
> entering the BDS phase, the measuring of UEFI binaries into the TPM.
> Thus, external UEFI_DRIVER and UEFI_APPLICATION modules (which are
> loaded in the BDS phase, from disk, network, PCI oprom, etc) will be
> measured.
> 
> Drivers dispatched in the DXE phase before Tcg2Dxe will not be measured
> individually; however such drivers come from the firmware volume(s), and
> those are measured in the PEI phase by Tcg2Pei.
> 
> 
> Thanks!

Re: [Qemu-devel] [PATCH v2] ppc440_pcix: Change some error_report to qemu_log_mask(LOG_UNIMP, ...)

[David Gibson]

On Thu, Mar 08, 2018 at 12:08:08PM +0100, BALATON Zoltan wrote:
> Using log unimp is more appropriate for these messages and this also
> silences them by default so they won't clobber make check output when
> tests are added for this board.
> 
> Signed-off-by: BALATON Zoltan 
> Reviewed-by: Thomas Huth 

Applied, thanks.

> ---
> v2: Use defined format string for printing hwaddr instead of casting.
> I guess this does not invalidate the R-b tag of v1 so I've added that too.
> 
>  hw/ppc/ppc440_pcix.c | 10 ++
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/ppc/ppc440_pcix.c b/hw/ppc/ppc440_pcix.c
> index ab2626a..1dc5d7f 100644
> --- a/hw/ppc/ppc440_pcix.c
> +++ b/hw/ppc/ppc440_pcix.c
> @@ -286,8 +286,9 @@ static void ppc440_pcix_reg_write4(void *opaque, hwaddr 
> addr,
>  break;
>  
>  default:
> -error_report("%s: unhandled PCI internal register 0x%lx", __func__,
> - (unsigned long)addr);
> +qemu_log_mask(LOG_UNIMP,
> +  "%s: unhandled PCI internal register 
> 0x%"HWADDR_PRIx"\n",
> +  __func__, addr);
>  break;
>  }
>  }
> @@ -377,8 +378,9 @@ static uint64_t ppc440_pcix_reg_read4(void *opaque, 
> hwaddr addr,
>  break;
>  
>  default:
> -error_report("%s: invalid PCI internal register 0x%lx", __func__,
> - (unsigned long)addr);
> +qemu_log_mask(LOG_UNIMP,
> +  "%s: invalid PCI internal register 0x%" HWADDR_PRIx 
> "\n",
> +  __func__, addr);
>  val = 0;
>  }
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v12 28/28] tests/qmp-test: blacklist sev specific qmp commands

[Daniel P. Berrange]

On Thu, Mar 08, 2018 at 06:45:04PM -0300, Eduardo Habkost wrote:
> On Thu, Mar 08, 2018 at 02:18:55PM -0600, Brijesh Singh wrote:
> > 
> > 
> > On 3/8/18 11:08 AM, Daniel P. Berrangé wrote:
> > > On Thu, Mar 08, 2018 at 06:49:01AM -0600, Brijesh Singh wrote:
> > >> Blacklist the following commands to fix the 'make check' failure.
> > >>
> > >> query-sev-launch-measure: it returns meaninful data only when we launch
> > >> SEV guest otherwise the command returns an error.
> > >>
> > >> query-sev: it return an error when SEV is not available on host (e.g non
> > >> X86 platform or KVM is disabled at the build time)
> > >>
> > >> query-sev-capabilities: it returns an error when SEV feature is not
> > >> available on host machine.
> > > We generally expect 'make check' to succeed on every single patch
> > > in a series, so that 'git bisect' doesn't break.
> > >
> > > So you should add each command to the blacklist in the same commit
> > > that introduced the failure in the first place.
> > 
> > 
> > Sure, I can quickly send the updated patch series to address your this
> > concern, but before spamming everyone's inbox I was wondering if I can
> > get some indication whether this series will make into 2.12 merge.
> > 
> > Paolo, Eduardo and Richard,
> > 
> > Most of the changes are in x86 directory hence any thought if you are
> > considering this series for 2.12 ? I have been testing the series with
> > and without SEV support and so far have not ran into any issue. if you
> > are not planning to pull this series in 2.12 then I will wait a bit
> > longer to get more feedback before sending the updates to address
> > Daniel's comment. thanks
> 
> Trying to merge it before 2.12 soft freeze (next Tuesday) still
> looks like a reasonable goal to me.  What do others think?

I've only really looked at the QAPI / QMP bits and they seem fine from
pov of libvirt's needs - just very minor comments. So not objection from
me on that area of the code.

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://entangle-photo.org   -o-http://search.cpan.org/~danberr/ :|

Re: [Qemu-devel] [PATCH 0/4] qapi: generate a literal qobject for introspection

[Eric Blake]

On 03/05/2018 11:29 AM, Marc-André Lureau wrote:

Hi,

This is a small series of a few preliminary patches taken off the
"[PATCH v4 00/51]" qapi-conditional series that were already reviewed
by Markus. They are improvements worthwhile for 2.12 inclusion.

Marc-André Lureau (4):
   qapi2texi: minor python code simplification
   qlit: use QType instead of int
   qlit: add qobject_from_qlit()
   qapi: generate a literal qobject for introspection


Thanks; I've queued this on my QAPI tree (with the python 3 fix), and 
will submit a pull request before soft freeze.


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object

[Eduardo Habkost]

On Thu, Mar 08, 2018 at 04:22:52PM -0600, Brijesh Singh wrote:
> 
> 
> On 3/8/18 10:49 AM, Daniel P. Berrangé wrote:
> > On Thu, Mar 08, 2018 at 06:48:41AM -0600, Brijesh Singh wrote:
> >> Add a new memory encryption object 'sev-guest'. The object will be used
> >> to create enrypted VMs on AMD EPYC CPU. The object provides the properties
> >> to pass guest owner's public Diffie-hellman key, guest policy and session
> >> information required to create the memory encryption context within the
> >> SEV firmware.
> >>
> >> e.g to launch SEV guest
> >>  # $QEMU \
> >> -object sev-guest,id=sev0 \
> >> -machine ,memory-encryption=sev0
> >>
> >> Cc: Paolo Bonzini 
> >> Cc: Richard Henderson 
> >> Cc: Eduardo Habkost 
> >> Signed-off-by: Brijesh Singh 
> >
> >> diff --git a/qemu-options.hx b/qemu-options.hx
> >> index 4c280142c52c..6113bce08a8c 100644
> >> --- a/qemu-options.hx
> >> +++ b/qemu-options.hx
> >> @@ -4353,6 +4353,50 @@ contents of @code{iv.b64} to the second secret
> >>   data=$SECRET,iv=$( >>  @end example
> >>  
> >> +@item -object 
> >> sev-guest,id=@var{id},cbitpos=@var{cbitpos},reduced-phys-bits=@var{val},[sev-device=@var{string},policy=@var{policy},handle=@var{handle},dh-cert-file=@var{file},session-file=@var{file}]
> >> +
> >> +Create a Secure Encrypted Virtualization (SEV) guest object, which can be 
> >> used
> >> +to provide the guest memory encryption support on AMD processors.
> >> +
> >> +When memory encryption is enabled, one of the physical address bit (aka 
> >> the
> >> +C-bit) is utilized to mark if a memory page is protected. The 
> >> @option{cbitpos}
> >> +is used to provide the C-bit position. The C-bit position is Host family 
> >> dependent
> >> +hence user must provide this value. On EPYC, the value should be 47.
> >> +
> >> +When memory encryption is enabled, we loose certain bits in physical 
> >> address space.
> >> +The @option{reduced-phys-bits} is used to provide the number of bits we 
> >> loose in
> >> +physical address space. Similar to C-bit, the value is Host family 
> >> dependent.
> >> +On EPYC, the value should be 5.
> > Is it valid to specify a different value for either of these properties ?
> > eg what happens if I pass cbitpos=45 instead of 47 on an EPYC host ?
> 
> On EPYC, passing anything other than 47 will trigger error during SEV
> guest initialization. The value of Cbit position is host dependent, the
> value is readonly and can be obtained through the host CPUID.  The
> cbitpos must be same between guest and host. Please note that the pte's
> in guest page table will need to use the cbitpos  information to mark
> the pages as encrypted. If cbit position given to the guest is different
> from the host then guest will fail to execute.
> 
> >
> > In particular I thinking about possible migration scenario, where EPYC
> > uses 47 by default but some $NEXT AMD CPU uses 48 by default. In that
> > case we might want to use '47' on both CPUs if we need ability to live
> > migrate between different host CPU generations. Would that be valid ?
> 
> We will not be able to migrate SEV guests if cbit position does not
> match between the source and destination hosts. Since during migration,
> the destination guest is launched with same QEMU cli as source hence
> cbitpos check in QEMU will catch it and fail the new launch. Optionally,
> user can call query-sev-capabilities on both source and destination to
> see if cbitpos is compatible before attempting to migrate the guest.
> 
> > On the flip side, if the value really it strictly tied to the host
> > CPU family and no deviation is permitted, could the kernel not just
> > pick the right value automatically avoiding the config option ?
> >
> 
> I think doing so will be an issue for the migration. Consider your above
> use case, a SEV guest is running on EPYC with cbitpos=47 and if we
> migrate to some $NEXT AMD CPU which uses need to use cbitpos=48 and we
> will fail to resume the guest on destination after migrating.

Exactly, in other words these two options are part of the guest
ABI, and QEMU promises to never make the guest ABI depend on the
host hardware unless you're using "-cpu host".

In theory we could make QEMU choose the right values
automatically if we document very clearly that the default
behavior is unsafe.  But I would rather not take that risk and
force management software to be aware of the gotchas involved in
using SEV + live-migration.

-- 
Eduardo

[Qemu-devel] [PATCH 23/25] hw/alpha/dp264: Add the ISA DMA controller

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 default-configs/alpha-softmmu.mak | 2 ++
 hw/alpha/dp264.c  | 4 
 2 files changed, 6 insertions(+)

diff --git a/default-configs/alpha-softmmu.mak 
b/default-configs/alpha-softmmu.mak
index e0d75e3058..3740adc5e9 100644
--- a/default-configs/alpha-softmmu.mak
+++ b/default-configs/alpha-softmmu.mak
@@ -4,7 +4,9 @@ include pci.mak
 include usb.mak
 CONFIG_SERIAL=y
 CONFIG_SERIAL_ISA=y
+CONFIG_I82374=y
 CONFIG_I8254=y
+CONFIG_I8257=y
 CONFIG_PCKBD=y
 CONFIG_VGA_CIRRUS=y
 CONFIG_IDE_CORE=y
diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
index e13cb576fd..ffad678ea7 100644
--- a/hw/alpha/dp264.c
+++ b/hw/alpha/dp264.c
@@ -21,6 +21,7 @@
 #include "hw/timer/i8254.h"
 #include "hw/input/i8042.h"
 #include "hw/char/serial.h"
+#include "hw/dma/i8257.h"
 #include "qemu/cutils.h"
 
 #define MAX_IDE_BUS 2
@@ -95,6 +96,9 @@ static void clipper_init(MachineState *machine)
 pci_nic_init_nofail(_table[i], pci_bus, "e1000", NULL);
 }
 
+/* 2 82C37 (dma) */
+isa_create_simple(isa_bus, "i82374");
+
 /* IDE disk setup.  */
 {
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
-- 
2.16.2

[Qemu-devel] [PATCH 21/25] MAINTAINERS: Split the Alpha TCG/machine section

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index facdab44e1..e806491d6c 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -127,7 +127,6 @@ Alpha
 M: Richard Henderson 
 S: Maintained
 F: target/alpha/
-F: hw/alpha/
 F: tests/tcg/alpha/
 F: disas/alpha.c
 
@@ -402,6 +401,11 @@ F: include/*/*win32*
 X: qga/*win32*
 F: qemu.nsi
 
+Alpha Machines
+M: Richard Henderson 
+S: Maintained
+F: hw/alpha/
+
 ARM Machines
 
 Allwinner-a10
-- 
2.16.2

[Qemu-devel] [PATCH 22/25] hw/isa/superio: Add the SMC FDC37C669 Super I/O

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
Richard: I added the smc37c669 device in the Alpha machine, since it is the
only user, as Michael previously suggested the non-PC devices should not be
in the "PC chipset" entry which is already big (that's why some devices got
moved from there to MIPS and PPC).

 include/hw/isa/superio.h   |   1 +
 hw/isa/smc37c669-superio.c | 115 +
 MAINTAINERS|   1 +
 hw/isa/Makefile.objs   |   2 +-
 4 files changed, 118 insertions(+), 1 deletion(-)
 create mode 100644 hw/isa/smc37c669-superio.c

diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
index b47aac3cf8..f9ba29aa30 100644
--- a/include/hw/isa/superio.h
+++ b/include/hw/isa/superio.h
@@ -55,5 +55,6 @@ typedef struct ISASuperIOClass {
 } ISASuperIOClass;
 
 #define TYPE_FDC37M81X_SUPERIO  "fdc37m81x-superio"
+#define TYPE_SMC37C669_SUPERIO  "smc37c669-superio"
 
 #endif /* HW_ISA_SUPERIO_H */
diff --git a/hw/isa/smc37c669-superio.c b/hw/isa/smc37c669-superio.c
new file mode 100644
index 00..aa233c6967
--- /dev/null
+++ b/hw/isa/smc37c669-superio.c
@@ -0,0 +1,115 @@
+/*
+ * SMC FDC37C669 Super I/O controller
+ *
+ * Copyright (c) 2018 Philippe Mathieu-Daudé
+ *
+ * This code is licensed under the GNU GPLv2 and later.
+ * See the COPYING file in the top-level directory.
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "hw/isa/superio.h"
+
+/* UARTs (compatible with NS16450 or PC16550) */
+
+static bool is_serial_enabled(ISASuperIODevice *sio, uint8_t index)
+{
+return index < 2;
+}
+
+static uint16_t get_serial_iobase(ISASuperIODevice *sio, uint8_t index)
+{
+return index ? 0x2f8 : 0x3f8;
+}
+
+static unsigned int get_serial_irq(ISASuperIODevice *sio, uint8_t index)
+{
+return index ? 3 : 4;
+}
+
+/* Parallel port */
+
+static bool is_parallel_enabled(ISASuperIODevice *sio, uint8_t index)
+{
+return index < 1;
+}
+
+static uint16_t get_parallel_iobase(ISASuperIODevice *sio, uint8_t index)
+{
+return 0x3bc;
+}
+
+static unsigned int get_parallel_irq(ISASuperIODevice *sio, uint8_t index)
+{
+return 7;
+}
+
+static unsigned int get_parallel_dma(ISASuperIODevice *sio, uint8_t index)
+{
+return 3;
+}
+
+/* Diskette controller (Software compatible with the Intel PC8477) */
+
+static bool is_fdc_enabled(ISASuperIODevice *sio, uint8_t index)
+{
+return index < 1;
+}
+
+static uint16_t get_fdc_iobase(ISASuperIODevice *sio, uint8_t index)
+{
+return 0x3f0;
+}
+
+static unsigned int get_fdc_irq(ISASuperIODevice *sio, uint8_t index)
+{
+return 6;
+}
+
+static unsigned int get_fdc_dma(ISASuperIODevice *sio, uint8_t index)
+{
+return 2;
+}
+
+static void smc37c669_class_init(ObjectClass *klass, void *data)
+{
+ISASuperIOClass *sc = ISA_SUPERIO_CLASS(klass);
+
+sc->parallel = (ISASuperIOFuncs){
+.count = 1,
+.is_enabled = is_parallel_enabled,
+.get_iobase = get_parallel_iobase,
+.get_irq= get_parallel_irq,
+.get_dma= get_parallel_dma,
+};
+sc->serial = (ISASuperIOFuncs){
+.count = 2,
+.is_enabled = is_serial_enabled,
+.get_iobase = get_serial_iobase,
+.get_irq= get_serial_irq,
+};
+sc->floppy = (ISASuperIOFuncs){
+.count = 1,
+.is_enabled = is_fdc_enabled,
+.get_iobase = get_fdc_iobase,
+.get_irq= get_fdc_irq,
+.get_dma= get_fdc_dma,
+};
+sc->ide.count = 0;
+}
+
+static const TypeInfo smc37c669_type_info = {
+.name  = TYPE_SMC37C669_SUPERIO,
+.parent= TYPE_ISA_SUPERIO,
+.instance_size = sizeof(ISASuperIODevice),
+.class_size= sizeof(ISASuperIOClass),
+.class_init= smc37c669_class_init,
+};
+
+static void smc37c669_register_types(void)
+{
+type_register_static(_type_info);
+}
+
+type_init(smc37c669_register_types)
diff --git a/MAINTAINERS b/MAINTAINERS
index e806491d6c..db20e52f5d 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -405,6 +405,7 @@ Alpha Machines
 M: Richard Henderson 
 S: Maintained
 F: hw/alpha/
+F: hw/isa/smc37c669-superio.c
 
 ARM Machines
 
diff --git a/hw/isa/Makefile.objs b/hw/isa/Makefile.objs
index cac655ba58..83e06f6c04 100644
--- a/hw/isa/Makefile.objs
+++ b/hw/isa/Makefile.objs
@@ -1,5 +1,5 @@
 common-obj-$(CONFIG_ISA_BUS) += isa-bus.o
-common-obj-$(CONFIG_ISA_BUS) += isa-superio.o
+common-obj-$(CONFIG_ISA_BUS) += isa-superio.o smc37c669-superio.o
 common-obj-$(CONFIG_APM) += apm.o
 common-obj-$(CONFIG_I82378) += i82378.o
 common-obj-$(CONFIG_PC87312) += pc87312.o
-- 
2.16.2

[Qemu-devel] [PATCH 15/25] hw/mips/malta: Code movement

[Philippe Mathieu-Daudé]

Move the SouthBridge peripherals first, and keep the Super I/O
peripherals last.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/mips/mips_malta.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index cd7bd0eef6..9e0724ca5a 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1062,10 +1062,6 @@ void mips_malta_init(MachineState *machine)
 memory_region_add_subregion(system_memory, 512 << 20, ram_low_postio);
 }
 
-/* generate SPD EEPROM data */
-generate_eeprom_spd(_eeprom_buf[0 * 256], ram_size);
-generate_eeprom_serial(_eeprom_buf[6 * 256]);
-
 #ifdef TARGET_WORDS_BIGENDIAN
 be = 1;
 #else
@@ -1208,15 +1204,19 @@ void mips_malta_init(MachineState *machine)
 pci_create_simple(pci_bus, piix4_devfn + 2, "piix4-usb-uhci");
 smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100,
   isa_get_irq(NULL, 9), NULL, 0, NULL);
-smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
-g_free(smbus_eeprom_buf);
 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
 i8257_dma_init(isa_bus, 0);
+mc146818_rtc_init(isa_bus, 2000, NULL);
+
+/* generate SPD EEPROM data */
+generate_eeprom_spd(_eeprom_buf[0 * 256], ram_size);
+generate_eeprom_serial(_eeprom_buf[6 * 256]);
+smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
+g_free(smbus_eeprom_buf);
 
 /* Super I/O */
 isa_create_simple(isa_bus, TYPE_I8042);
 
-mc146818_rtc_init(isa_bus, 2000, NULL);
 serial_hds_isa_init(isa_bus, 0, 2);
 parallel_hds_isa_init(isa_bus, 1);
 
-- 
2.16.2

[Qemu-devel] [PATCH 20/25] MAINTAINERS: Add entries for the VT82C686B Super I/O

[Philippe Mathieu-Daudé]

So far, it is only used by the MIPS Fulong 2E mini PC.

Signed-off-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 98a8918c20..facdab44e1 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -689,6 +689,8 @@ Fulong 2E
 M: Yongbok Kim 
 S: Odd Fixes
 F: hw/mips/mips_fulong2e.c
+F: hw/isa/vt82c686.c
+F: include/hw/isa/vt82c686.h
 
 Boston
 M: Paul Burton 
-- 
2.16.2

[Qemu-devel] [PATCH 12/25] hw/isa/superio: Factor out the floppy disc controller code from pc87312.c

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/isa/pc87312.h |  4 
 include/hw/isa/superio.h |  2 ++
 hw/isa/isa-superio.c | 36 
 hw/isa/pc87312.c | 46 +++---
 hw/isa/trace-events  |  2 +-
 5 files changed, 58 insertions(+), 32 deletions(-)

diff --git a/include/hw/isa/pc87312.h b/include/hw/isa/pc87312.h
index 1480615a2c..e16263d4b1 100644
--- a/include/hw/isa/pc87312.h
+++ b/include/hw/isa/pc87312.h
@@ -39,10 +39,6 @@ typedef struct PC87312State {
 uint16_t iobase;
 uint8_t config; /* initial configuration */
 
-struct {
-ISADevice *dev;
-} fdc;
-
 struct {
 ISADevice *dev;
 } ide;
diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
index 0b516721c3..e8007b9eee 100644
--- a/include/hw/isa/superio.h
+++ b/include/hw/isa/superio.h
@@ -29,6 +29,7 @@ typedef struct ISASuperIODevice {
 
 ISADevice *parallel[MAX_PARALLEL_PORTS];
 ISADevice *serial[MAX_SERIAL_PORTS];
+ISADevice *floppy;
 } ISASuperIODevice;
 
 typedef struct ISASuperIOFuncs {
@@ -47,6 +48,7 @@ typedef struct ISASuperIOClass {
 
 ISASuperIOFuncs parallel;
 ISASuperIOFuncs serial;
+ISASuperIOFuncs floppy;
 } ISASuperIOClass;
 
 #endif /* HW_ISA_SUPERIO_H */
diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
index 6962421aad..4b5e280b38 100644
--- a/hw/isa/isa-superio.c
+++ b/hw/isa/isa-superio.c
@@ -11,7 +11,10 @@
  */
 #include "qemu/osdep.h"
 #include "qemu/error-report.h"
+#include "qapi/error.h"
 #include "sysemu/sysemu.h"
+#include "sysemu/block-backend.h"
+#include "sysemu/blockdev.h"
 #include "chardev/char.h"
 #include "hw/isa/superio.h"
 #include "hw/char/serial.h"
@@ -25,6 +28,7 @@ static void isa_superio_realize(DeviceState *dev, Error 
**errp)
 ISADevice *isa;
 DeviceState *d;
 Chardev *chr;
+DriveInfo *drive;
 char *name;
 int i;
 
@@ -107,6 +111,38 @@ static void isa_superio_realize(DeviceState *dev, Error 
**errp)
 g_free(name);
 }
 }
+
+/* Floppy disc */
+if (!k->floppy.is_enabled || k->floppy.is_enabled(sio, 0)) {
+isa = isa_create(bus, "isa-fdc");
+d = DEVICE(isa);
+if (k->floppy.get_iobase) {
+qdev_prop_set_uint32(d, "iobase", k->floppy.get_iobase(sio, 0));
+}
+if (k->floppy.get_irq) {
+qdev_prop_set_uint32(d, "irq", k->floppy.get_irq(sio, 0));
+}
+/* FIXME use a qdev drive property instead of drive_get() */
+drive = drive_get(IF_FLOPPY, 0, 0);
+if (drive != NULL) {
+qdev_prop_set_drive(d, "driveA", blk_by_legacy_dinfo(drive),
+_fatal);
+}
+/* FIXME use a qdev drive property instead of drive_get() */
+drive = drive_get(IF_FLOPPY, 0, 1);
+if (drive != NULL) {
+qdev_prop_set_drive(d, "driveB", blk_by_legacy_dinfo(drive),
+_fatal);
+}
+qdev_init_nofail(d);
+sio->floppy = isa;
+trace_superio_create_floppy(0,
+k->floppy.get_iobase ?
+k->floppy.get_iobase(sio, 0) : -1,
+k->floppy.get_irq ?
+k->floppy.get_irq(sio, 0) : -1);
+}
+
 }
 
 static void isa_superio_class_init(ObjectClass *oc, void *data)
diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index c2837bca43..a1845a91c3 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -27,8 +27,6 @@
 #include "hw/isa/pc87312.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
-#include "sysemu/block-backend.h"
-#include "sysemu/blockdev.h"
 #include "trace.h"
 
 
@@ -129,16 +127,26 @@ static bool is_uart_enabled(ISASuperIODevice *sio, 
uint8_t i)
 
 /* Floppy controller */
 
-static inline bool is_fdc_enabled(PC87312State *s)
+static bool is_fdc_enabled(ISASuperIODevice *sio, uint8_t index)
 {
+PC87312State *s = PC87312(sio);
+assert(!index);
 return s->regs[REG_FER] & FER_FDC_EN;
 }
 
-static inline uint16_t get_fdc_iobase(PC87312State *s)
+static uint16_t get_fdc_iobase(ISASuperIODevice *sio, uint8_t index)
 {
+PC87312State *s = PC87312(sio);
+assert(!index);
 return (s->regs[REG_FER] & FER_FDC_ADDR) ? 0x370 : 0x3f0;
 }
 
+static unsigned int get_fdc_irq(ISASuperIODevice *sio, uint8_t index)
+{
+assert(!index);
+return 6;
+}
+
 
 /* IDE controller */
 
@@ -272,7 +280,6 @@ static void pc87312_realize(DeviceState *dev, Error **errp)
 DeviceState *d;
 ISADevice *isa;
 ISABus *bus;
-DriveInfo *drive;
 Error *local_err = NULL;
 
 s = PC87312(dev);
@@ -287,28 +294,6 @@ static void pc87312_realize(DeviceState *dev, Error **errp)
 return;
 }
 
-if (is_fdc_enabled(s)) {
-isa = isa_create(bus, "isa-fdc");
-d = DEVICE(isa);
-qdev_prop_set_uint32(d, 

[Qemu-devel] [PATCH 19/25] hw/isa/vt82c686: Add the TYPE_VT82C686B_SUPERIO

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/isa/vt82c686.h |  2 ++
 hw/isa/vt82c686.c | 20 
 hw/mips/mips_fulong2e.c   | 15 +++
 3 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/include/hw/isa/vt82c686.h b/include/hw/isa/vt82c686.h
index db97c8ed7a..c3c2b6e786 100644
--- a/include/hw/isa/vt82c686.h
+++ b/include/hw/isa/vt82c686.h
@@ -1,6 +1,8 @@
 #ifndef HW_VT82C686_H
 #define HW_VT82C686_H
 
+#define TYPE_VT82C686B_SUPERIO "vt82c686b-superio"
+
 /* vt82c686.c */
 ISABus *vt82c686b_isa_init(PCIBus * bus, int devfn);
 void vt82c686b_ac97_init(PCIBus *bus, int devfn);
diff --git a/hw/isa/vt82c686.c b/hw/isa/vt82c686.c
index 7eaf3c7e8f..cff1946232 100644
--- a/hw/isa/vt82c686.c
+++ b/hw/isa/vt82c686.c
@@ -17,6 +17,7 @@
 #include "hw/i2c/smbus.h"
 #include "hw/pci/pci.h"
 #include "hw/isa/isa.h"
+#include "hw/isa/superio.h"
 #include "hw/sysbus.h"
 #include "hw/mips/mips.h"
 #include "hw/isa/apm.h"
@@ -519,11 +520,30 @@ static const TypeInfo via_info = {
 },
 };
 
+static void vt82c686b_superio_class_init(ObjectClass *klass, void *data)
+{
+ISASuperIOClass *sc = ISA_SUPERIO_CLASS(klass);
+
+sc->serial.count = 2;
+sc->parallel.count = 1;
+sc->ide.count = 0;
+sc->floppy.count = 1;
+}
+
+static const TypeInfo via_superio_info = {
+.name  = TYPE_VT82C686B_SUPERIO,
+.parent= TYPE_ISA_SUPERIO,
+.instance_size = sizeof(ISASuperIODevice),
+.class_size= sizeof(ISASuperIOClass),
+.class_init= vt82c686b_superio_class_init,
+};
+
 static void vt82c686b_register_types(void)
 {
 type_register_static(_ac97_info);
 type_register_static(_mc97_info);
 type_register_static(_pm_info);
+type_register_static(_superio_info);
 type_register_static(_info);
 }
 
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index 9ebc225d3b..d608f17e1e 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -23,9 +23,7 @@
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
 #include "hw/dma/i8257.h"
-#include "hw/char/serial.h"
-#include "hw/char/parallel.h"
-#include "hw/block/fdc.h"
+#include "hw/isa/superio.h"
 #include "net/net.h"
 #include "hw/boards.h"
 #include "hw/i2c/smbus.h"
@@ -34,7 +32,6 @@
 #include "hw/mips/mips.h"
 #include "hw/mips/cpudevs.h"
 #include "hw/pci/pci.h"
-#include "sysemu/sysemu.h"
 #include "audio/audio.h"
 #include "qemu/log.h"
 #include "hw/loader.h"
@@ -44,8 +41,6 @@
 #include "hw/isa/vt82c686.h"
 #include "hw/timer/mc146818rtc.h"
 #include "hw/timer/i8254.h"
-#include "hw/input/i8042.h"
-#include "sysemu/blockdev.h"
 #include "exec/address-spaces.h"
 #include "sysemu/qtest.h"
 #include "qemu/error-report.h"
@@ -250,6 +245,8 @@ static void vt82c686b_southbridge_init(PCIBus *pci_bus, int 
slot, qemu_irq intc,
 /* init other devices */
 i8254_pit_init(isa_bus, 0x40, 0, NULL);
 i8257_dma_init(isa_bus, 0);
+/* Super I/O */
+isa_create_simple(isa_bus, TYPE_VT82C686B_SUPERIO);
 
 ide_drive_get(hd, ARRAY_SIZE(hd));
 vt82c686b_ide_init(pci_bus, hd, PCI_DEVFN(slot, 1));
@@ -262,12 +259,6 @@ static void vt82c686b_southbridge_init(PCIBus *pci_bus, 
int slot, qemu_irq intc,
 /* Audio support */
 vt82c686b_ac97_init(pci_bus, PCI_DEVFN(slot, 5));
 vt82c686b_mc97_init(pci_bus, PCI_DEVFN(slot, 6));
-
-/* Super I/O */
-isa_create_simple(isa_bus, TYPE_I8042);
-
-serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
-parallel_hds_isa_init(isa_bus, 1);
 }
 
 /* Network support */
-- 
2.16.2

Re: [Qemu-devel] [PATCH v12 26/28] qmp: add query-sev-capabilities command

[Brijesh Singh]

On 3/8/18 11:05 AM, Daniel P. Berrangé wrote:
> On Thu, Mar 08, 2018 at 06:48:59AM -0600, Brijesh Singh wrote:
>> The command can be used by libvirt to query the SEV capabilities.
>>
>> Cc: "Daniel P. Berrangé" 
>> Cc: "Dr. David Alan Gilbert" 
>> Cc: Markus Armbruster 
>> Signed-off-by: Brijesh Singh 
>> ---
>>  monitor.c |  7 +++
>>  qapi/misc.json| 42 ++
>>  target/i386/monitor.c |  6 ++
>>  3 files changed, 55 insertions(+)
>>
>> diff --git a/monitor.c b/monitor.c
>> index d53ecc5ddab3..29ce695a80d5 100644
>> --- a/monitor.c
>> +++ b/monitor.c
>> @@ -985,6 +985,7 @@ static void qmp_unregister_commands_hack(void)
>>  qmp_unregister_command(_commands, "rtc-reset-reinjection");
>>  qmp_unregister_command(_commands, "query-sev");
>>  qmp_unregister_command(_commands, "query-sev-launch-measure");
>> +qmp_unregister_command(_commands, "query-sev-capabilities");
>>  #endif
>>  #ifndef TARGET_S390X
>>  qmp_unregister_command(_commands, "dump-skeys");
>> @@ -4117,6 +4118,12 @@ SevLaunchMeasureInfo 
>> *qmp_query_sev_launch_measure(Error **errp)
>>  error_setg(errp, QERR_FEATURE_DISABLED, "query-sev-launch-measure");
>>  return NULL;
>>  }
>> +
>> +SevCapability *qmp_query_sev_capabilities(Error **errp)
>> +{
>> +error_setg(errp, QERR_FEATURE_DISABLED, "query-sev-capabilities");
>> +return NULL;
>> +}
>>  #endif
>>  
>>  #ifndef TARGET_S390X
>> diff --git a/qapi/misc.json b/qapi/misc.json
>> index a39c43aa64b1..37c89663d8f4 100644
>> --- a/qapi/misc.json
>> +++ b/qapi/misc.json
>> @@ -3306,3 +3306,45 @@
>>  #
>>  ##
>>  { 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo' }
>> +
>> +##
>> +# @SevCapability:
>> +#
>> +# The struct describes capability for a Secure Encrypted Virtualization
>> +# feature.
>> +#
>> +# @pdh:  Platform Diffie-Hellman key
>> +#
>> +# @cert-chain:  PDH certificate chain
> Are either of these base64 encoded ? If so nice to document that.

Yep, they are base64 encoded, I will update the doc.


>
>> +#
>> +# @cbitpos: C-bit location in page table entry
>> +#
>> +# @reduced-phys-bits: Number of physical Address bit reduction when SEV is
>> +# enabled
>> +#
>> +# Since: 2.12
>> +##
>> +{ 'struct': 'SevCapability',
>> +  'data': { 'pdh': 'str',
>> +'cert-chain': 'str',
>> +'cbitpos': 'int',
>> +'reduced-phys-bits': 'int'} }
> Regardless of answer to above Q, 
>
>   Reviewed-by: Daniel P. Berrangé 
>
>
> Regards,
> Daniel

[Qemu-devel] [PATCH 10/25] hw/isa/superio: Factor out the parallel code from pc87312.c

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/isa/pc87312.h |  4 ---
 include/hw/isa/superio.h |  6 +
 hw/isa/isa-superio.c | 65 
 hw/isa/pc87312.c | 38 +++-
 hw/isa/trace-events  |  4 ++-
 5 files changed, 89 insertions(+), 28 deletions(-)

diff --git a/include/hw/isa/pc87312.h b/include/hw/isa/pc87312.h
index f3761d6fe1..bcc4578479 100644
--- a/include/hw/isa/pc87312.h
+++ b/include/hw/isa/pc87312.h
@@ -39,10 +39,6 @@ typedef struct PC87312State {
 uint16_t iobase;
 uint8_t config; /* initial configuration */
 
-struct {
-ISADevice *dev;
-} parallel;
-
 struct {
 ISADevice *dev;
 } uart[2];
diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
index cff6ad6c08..e9879cfde1 100644
--- a/include/hw/isa/superio.h
+++ b/include/hw/isa/superio.h
@@ -23,7 +23,11 @@
 OBJECT_CLASS_CHECK(ISASuperIOClass, (klass), TYPE_ISA_SUPERIO)
 
 typedef struct ISASuperIODevice {
+/*< private >*/
 ISADevice parent_obj;
+/*< public >*/
+
+ISADevice *parallel[MAX_PARALLEL_PORTS];
 } ISASuperIODevice;
 
 typedef struct ISASuperIOFuncs {
@@ -39,6 +43,8 @@ typedef struct ISASuperIOClass {
 ISADeviceClass parent_class;
 /*< public >*/
 DeviceRealize parent_realize;
+
+ISASuperIOFuncs parallel;
 } ISASuperIOClass;
 
 #endif /* HW_ISA_SUPERIO_H */
diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
index 14ec16f831..eb263fcc3a 100644
--- a/hw/isa/isa-superio.c
+++ b/hw/isa/isa-superio.c
@@ -10,14 +10,79 @@
  * SPDX-License-Identifier: GPL-2.0-or-later
  */
 #include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "sysemu/sysemu.h"
+#include "chardev/char.h"
 #include "hw/isa/superio.h"
 #include "trace.h"
 
+static void isa_superio_realize(DeviceState *dev, Error **errp)
+{
+ISASuperIODevice *sio = ISA_SUPERIO(dev);
+ISASuperIOClass *k = ISA_SUPERIO_GET_CLASS(sio);
+ISABus *bus = isa_bus_from_device(ISA_DEVICE(dev));
+ISADevice *isa;
+DeviceState *d;
+Chardev *chr;
+char *name;
+int i;
+
+/* Parallel port */
+for (i = 0; i < k->parallel.count; i++) {
+if (i >= ARRAY_SIZE(sio->parallel)) {
+warn_report("superio: ignoring %td parallel controllers",
+k->parallel.count - ARRAY_SIZE(sio->parallel));
+break;
+}
+if (!k->parallel.is_enabled || k->parallel.is_enabled(sio, i)) {
+/* FIXME use a qdev chardev prop instead of parallel_hds[] */
+chr = parallel_hds[i];
+if (chr == NULL || chr->be) {
+name = g_strdup_printf("discarding-parallel%d", i);
+chr = qemu_chr_new(name, "null");
+} else {
+name = g_strdup_printf("parallel%d", i);
+}
+isa = isa_create(bus, "isa-parallel");
+d = DEVICE(isa);
+qdev_prop_set_uint32(d, "index", i);
+if (k->parallel.get_iobase) {
+qdev_prop_set_uint32(d, "iobase",
+ k->parallel.get_iobase(sio, i));
+}
+if (k->parallel.get_irq) {
+qdev_prop_set_uint32(d, "irq", k->parallel.get_irq(sio, i));
+}
+qdev_prop_set_chr(d, "chardev", chr);
+qdev_init_nofail(d);
+sio->parallel[i] = isa;
+trace_superio_create_parallel(i,
+  k->parallel.get_iobase ?
+  k->parallel.get_iobase(sio, i) : -1,
+  k->parallel.get_irq ?
+  k->parallel.get_irq(sio, i) : -1);
+object_property_add_child(OBJECT(dev), name,
+  OBJECT(sio->parallel[i]), NULL);
+g_free(name);
+}
+}
+}
+
+static void isa_superio_class_init(ObjectClass *oc, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(oc);
+
+dc->realize = isa_superio_realize;
+/* Reason: Uses parallel_hds[0] in realize(), so it can't be used twice */
+dc->user_creatable = false;
+}
+
 static const TypeInfo isa_superio_type_info = {
 .name = TYPE_ISA_SUPERIO,
 .parent = TYPE_ISA_DEVICE,
 .abstract = true,
 .class_size = sizeof(ISASuperIOClass),
+.class_init = isa_superio_class_init,
 };
 
 static void isa_superio_register_types(void)
diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index 6b8100ff56..1c15715c69 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -64,22 +64,25 @@
 
 /* Parallel port */
 
-static inline bool is_parallel_enabled(PC87312State *s)
+static bool is_parallel_enabled(ISASuperIODevice *sio, uint8_t index)
 {
-return s->regs[REG_FER] & FER_PARALLEL_EN;
+PC87312State *s = PC87312(sio);
+return index ? false : s->regs[REG_FER] & FER_PARALLEL_EN;
 }
 
 static const uint16_t 

[Qemu-devel] [PATCH 17/25] hw/mips/mips_fulong2e: Factor out vt82c686b_southbridge_init()

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/mips/mips_fulong2e.c | 83 -
 1 file changed, 41 insertions(+), 42 deletions(-)

diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index 9339e02120..ca1f76a724 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -78,8 +78,6 @@
 #define FULONG2E_ATI_SLOT6
 #define FULONG2E_RTL8139_SLOT7
 
-static ISADevice *pit;
-
 static struct _loaderparams {
 int ram_size;
 const char *kernel_filename;
@@ -232,11 +230,44 @@ static const uint8_t eeprom_spd[0x80] = {
 0x20,0x30,0x20
 };
 
-/* Audio support */
-static void audio_init (PCIBus *pci_bus)
+static void vt82c686b_southbridge_init(PCIBus *pci_bus, int slot, qemu_irq 
intc,
+   I2CBus **i2c_bus, ISABus **p_isa_bus)
 {
-vt82c686b_ac97_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 5));
-vt82c686b_mc97_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 6));
+qemu_irq *i8259;
+ISABus *isa_bus;
+DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+
+isa_bus = vt82c686b_init(pci_bus, PCI_DEVFN(slot, 0));
+if (!isa_bus) {
+fprintf(stderr, "vt82c686b_init error\n");
+exit(1);
+}
+*p_isa_bus = isa_bus;
+/* Interrupt controller */
+/* The 8259 -> IP5  */
+i8259 = i8259_init(isa_bus, intc);
+isa_bus_irqs(isa_bus, i8259);
+/* init other devices */
+i8254_pit_init(isa_bus, 0x40, 0, NULL);
+i8257_dma_init(isa_bus, 0);
+
+ide_drive_get(hd, ARRAY_SIZE(hd));
+vt82c686b_ide_init(pci_bus, hd, PCI_DEVFN(slot, 1));
+
+pci_create_simple(pci_bus, PCI_DEVFN(slot, 2), "vt82c686b-usb-uhci");
+pci_create_simple(pci_bus, PCI_DEVFN(slot, 3), "vt82c686b-usb-uhci");
+
+*i2c_bus = vt82c686b_pm_init(pci_bus, PCI_DEVFN(slot, 4), 0xeee1, NULL);
+
+/* Audio support */
+vt82c686b_ac97_init(pci_bus, PCI_DEVFN(slot, 5));
+vt82c686b_mc97_init(pci_bus, PCI_DEVFN(slot, 6));
+
+/* Super I/O */
+isa_create_simple(isa_bus, TYPE_I8042);
+
+serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
+parallel_hds_isa_init(isa_bus, 1);
 }
 
 /* Network support */
@@ -269,11 +300,9 @@ static void mips_fulong2e_init(MachineState *machine)
 MemoryRegion *bios = g_new(MemoryRegion, 1);
 long bios_size;
 int64_t kernel_entry;
-qemu_irq *i8259;
 PCIBus *pci_bus;
 ISABus *isa_bus;
 I2CBus *smbus;
-DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
 MIPSCPU *cpu;
 CPUMIPSState *env;
 
@@ -335,46 +364,16 @@ static void mips_fulong2e_init(MachineState *machine)
 /* North bridge, Bonito --> IP2 */
 pci_bus = bonito_init((qemu_irq *)&(env->irq[2]));
 
-/* South bridge */
-ide_drive_get(hd, ARRAY_SIZE(hd));
-
-isa_bus = vt82c686b_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 0));
-if (!isa_bus) {
-error_report("vt82c686b_init error");
-exit(1);
-}
-
-/* Interrupt controller */
-/* The 8259 -> IP5  */
-i8259 = i8259_init(isa_bus, env->irq[5]);
-isa_bus_irqs(isa_bus, i8259);
-
-vt82c686b_ide_init(pci_bus, hd, PCI_DEVFN(FULONG2E_VIA_SLOT, 1));
-pci_create_simple(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 2),
-  "vt82c686b-usb-uhci");
-pci_create_simple(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 3),
-  "vt82c686b-usb-uhci");
+/* South bridge -> IP5 */
+vt82c686b_southbridge_init(pci_bus, FULONG2E_VIA_SLOT, env->irq[5],
+   , _bus);
 
-smbus = vt82c686b_pm_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 4),
-  0xeee1, NULL);
 /* TODO: Populate SPD eeprom data.  */
 smbus_eeprom_init(smbus, 1, eeprom_spd, sizeof(eeprom_spd));
 
-/* init other devices */
-pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
-i8257_dma_init(isa_bus, 0);
-
-/* Super I/O */
-isa_create_simple(isa_bus, TYPE_I8042);
-
 mc146818_rtc_init(isa_bus, 2000, NULL);
 
-serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
-parallel_hds_isa_init(isa_bus, 1);
-
-/* Sound card */
-audio_init(pci_bus);
-/* Network card */
+/* Network card: RTL8139D */
 network_init(pci_bus);
 }
 
-- 
2.16.2

[Qemu-devel] [PATCH 24/25] hw/alpha/dp264: Use the TYPE_SMC37C669_SUPERIO

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 default-configs/alpha-softmmu.mak |  3 +++
 hw/alpha/dp264.c  | 10 --
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/default-configs/alpha-softmmu.mak 
b/default-configs/alpha-softmmu.mak
index 3740adc5e9..bbe361f01a 100644
--- a/default-configs/alpha-softmmu.mak
+++ b/default-configs/alpha-softmmu.mak
@@ -7,6 +7,9 @@ CONFIG_SERIAL_ISA=y
 CONFIG_I82374=y
 CONFIG_I8254=y
 CONFIG_I8257=y
+CONFIG_PARALLEL=y
+CONFIG_PARALLEL_ISA=y
+CONFIG_FDC=y
 CONFIG_PCKBD=y
 CONFIG_VGA_CIRRUS=y
 CONFIG_IDE_CORE=y
diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
index ffad678ea7..80b987f7fb 100644
--- a/hw/alpha/dp264.c
+++ b/hw/alpha/dp264.c
@@ -19,8 +19,7 @@
 #include "hw/timer/mc146818rtc.h"
 #include "hw/ide.h"
 #include "hw/timer/i8254.h"
-#include "hw/input/i8042.h"
-#include "hw/char/serial.h"
+#include "hw/isa/superio.h"
 #include "hw/dma/i8257.h"
 #include "qemu/cutils.h"
 
@@ -83,14 +82,10 @@ static void clipper_init(MachineState *machine)
 mc146818_rtc_init(isa_bus, 1900, rtc_irq);
 
 i8254_pit_init(isa_bus, 0x40, 0, NULL);
-isa_create_simple(isa_bus, TYPE_I8042);
 
 /* VGA setup.  Don't bother loading the bios.  */
 pci_vga_init(pci_bus);
 
-/* Serial code setup.  */
-serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
-
 /* Network setup.  e1000 is good enough, failing Tulip support.  */
 for (i = 0; i < nb_nics; i++) {
 pci_nic_init_nofail(_table[i], pci_bus, "e1000", NULL);
@@ -99,6 +94,9 @@ static void clipper_init(MachineState *machine)
 /* 2 82C37 (dma) */
 isa_create_simple(isa_bus, "i82374");
 
+/* Super I/O */
+isa_create_simple(isa_bus, TYPE_SMC37C669_SUPERIO);
+
 /* IDE disk setup.  */
 {
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
-- 
2.16.2

Re: [Qemu-devel] [RFC PATCH v2 18/22] hw/isa/vt82c686: Add the TYPE_VT82C686B_SUPERIO

[Philippe Mathieu-Daudé]

On 03/05/2018 10:19 PM, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/isa/vt82c686.h |  2 ++
>  hw/isa/vt82c686.c | 20 
>  hw/mips/mips_fulong2e.c   | 15 +++
>  3 files changed, 25 insertions(+), 12 deletions(-)
> 
> diff --git a/include/hw/isa/vt82c686.h b/include/hw/isa/vt82c686.h
> index db97c8ed7a..c3c2b6e786 100644
> --- a/include/hw/isa/vt82c686.h
> +++ b/include/hw/isa/vt82c686.h
> @@ -1,6 +1,8 @@
>  #ifndef HW_VT82C686_H
>  #define HW_VT82C686_H
>  
> +#define TYPE_VT82C686B_SUPERIO "vt82c686b-superio"
> +
>  /* vt82c686.c */
>  ISABus *vt82c686b_isa_init(PCIBus * bus, int devfn);
>  void vt82c686b_ac97_init(PCIBus *bus, int devfn);
> diff --git a/hw/isa/vt82c686.c b/hw/isa/vt82c686.c
> index 7eaf3c7e8f..cff1946232 100644
> --- a/hw/isa/vt82c686.c
> +++ b/hw/isa/vt82c686.c
> @@ -17,6 +17,7 @@
>  #include "hw/i2c/smbus.h"
>  #include "hw/pci/pci.h"
>  #include "hw/isa/isa.h"
> +#include "hw/isa/superio.h"
>  #include "hw/sysbus.h"
>  #include "hw/mips/mips.h"
>  #include "hw/isa/apm.h"
> @@ -519,11 +520,30 @@ static const TypeInfo via_info = {
>  },
>  };
>  
> +static void vt82c686b_superio_class_init(ObjectClass *klass, void *data)
> +{
> +ISASuperIOClass *sc = ISA_SUPERIO_CLASS(klass);
> +
> +sc->serial.count = 2;
> +sc->parallel.count = 1;
> +sc->ide.count = 0;
> +sc->floppy.count = 1;
> +}
> +
> +static const TypeInfo via_superio_info = {
> +.name  = TYPE_VT82C686B_SUPERIO,
> +.parent= TYPE_ISA_SUPERIO,
> +.instance_size = sizeof(ISASuperIODevice),
> +.class_size= sizeof(ISASuperIOClass),
> +.class_init= vt82c686b_superio_class_init,
> +};
> +
>  static void vt82c686b_register_types(void)
>  {
>  type_register_static(_ac97_info);
>  type_register_static(_mc97_info);
>  type_register_static(_pm_info);
> +type_register_static(_superio_info);
>  type_register_static(_info);
>  }
>  
> diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
> index 9ebc225d3b..d608f17e1e 100644
> --- a/hw/mips/mips_fulong2e.c
> +++ b/hw/mips/mips_fulong2e.c
> @@ -23,9 +23,7 @@
>  #include "hw/hw.h"
>  #include "hw/i386/pc.h"
>  #include "hw/dma/i8257.h"
> -#include "hw/char/serial.h"
> -#include "hw/char/parallel.h"
> -#include "hw/block/fdc.h"
> +#include "hw/isa/superio.h"
>  #include "net/net.h"
>  #include "hw/boards.h"
>  #include "hw/i2c/smbus.h"
> @@ -34,7 +32,6 @@
>  #include "hw/mips/mips.h"
>  #include "hw/mips/cpudevs.h"
>  #include "hw/pci/pci.h"
> -#include "sysemu/sysemu.h"
>  #include "audio/audio.h"
>  #include "qemu/log.h"
>  #include "hw/loader.h"
> @@ -44,8 +41,6 @@
>  #include "hw/isa/vt82c686.h"
>  #include "hw/timer/mc146818rtc.h"
>  #include "hw/timer/i8254.h"
> -#include "hw/input/i8042.h"
> -#include "sysemu/blockdev.h"
>  #include "exec/address-spaces.h"
>  #include "sysemu/qtest.h"
>  #include "qemu/error-report.h"
> @@ -250,6 +245,8 @@ static void vt82c686b_southbridge_init(PCIBus *pci_bus, 
> int slot, qemu_irq intc,
>  /* init other devices */
>  i8254_pit_init(isa_bus, 0x40, 0, NULL);
>  i8257_dma_init(isa_bus, 0);
> +/* Super I/O */
> +isa_create_simple(isa_bus, TYPE_VT82C686B_SUPERIO);
>  
>  ide_drive_get(hd, ARRAY_SIZE(hd));
>  vt82c686b_ide_init(pci_bus, hd, PCI_DEVFN(slot, 1));
> @@ -262,12 +259,6 @@ static void vt82c686b_southbridge_init(PCIBus *pci_bus, 
> int slot, qemu_irq intc,
>  /* Audio support */
>  vt82c686b_ac97_init(pci_bus, PCI_DEVFN(slot, 5));
>  vt82c686b_mc97_init(pci_bus, PCI_DEVFN(slot, 6));
> -
> -/* Super I/O */
> -isa_create_simple(isa_bus, TYPE_I8042);
> -
> -serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
> -parallel_hds_isa_init(isa_bus, 1);
>  }
>  
>  /* Network support */

I don't have Fuloong 2e image at hand, but the monitor "info qtree" diff
without/with TYPE_VT82C686B_SUPERIO is:

 bus: isa.0
   type ISA
+  dev: isa-fdc, id ""
+iobase = 1008 (0x3f0)
+irq = 6 (0x6)
+dma = 2 (0x2)
+driveA = ""
+driveB = ""
+check_media_rate = true
+fdtypeA = "auto"
+fdtypeB = "auto"
+fallback = "288"
+isa irq 6
+bus: floppy-bus.0
+  type floppy-bus
+  dev: floppy, id ""
+unit = 0 (0x0)
+drive = "floppy0"
+logical_block_size = 512 (0x200)
+physical_block_size = 512 (0x200)
+min_io_size = 0 (0x0)
+opt_io_size = 0 (0x0)
+discard_granularity = 4294967295 (0x)
+write-cache = "auto"
+share-rw = false
+drive-type = "288"
+  dev: isa-serial, id ""
+index = 1 (0x1)
+iobase = 760 (0x2f8)
+irq = 3 (0x3)
+chardev = 

[Qemu-devel] [PATCH 25/25] hw/i386/pc: Factor out the superio code

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/i386/pc.c | 72 ++--
 1 file changed, 41 insertions(+), 31 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index cdcdfafe8e..20fa62f5d6 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1519,6 +1519,44 @@ static const MemoryRegionOps ioportF0_io_ops = {
 },
 };
 
+static void pc_superio_init(ISABus *isa_bus, bool create_fdctrl, bool 
no_vmport)
+{
+int i;
+DriveInfo *fd[MAX_FD];
+qemu_irq *a20_line;
+ISADevice *i8042, *port92, *vmmouse;
+
+serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
+parallel_hds_isa_init(isa_bus, MAX_PARALLEL_PORTS);
+
+for (i = 0; i < MAX_FD; i++) {
+fd[i] = drive_get(IF_FLOPPY, 0, i);
+create_fdctrl |= !!fd[i];
+}
+if (create_fdctrl) {
+fdctrl_init_isa(isa_bus, fd);
+}
+
+i8042 = isa_create_simple(isa_bus, "i8042");
+if (!no_vmport) {
+vmport_init(isa_bus);
+vmmouse = isa_try_create(isa_bus, "vmmouse");
+} else {
+vmmouse = NULL;
+}
+if (vmmouse) {
+DeviceState *dev = DEVICE(vmmouse);
+qdev_prop_set_ptr(dev, "ps2_mouse", i8042);
+qdev_init_nofail(dev);
+}
+port92 = isa_create_simple(isa_bus, "port92");
+
+a20_line = qemu_allocate_irqs(handle_a20_line_change, first_cpu, 2);
+i8042_setup_a20_line(i8042, a20_line[0]);
+port92_init(port92, a20_line[1]);
+g_free(a20_line);
+}
+
 void pc_basic_device_init(ISABus *isa_bus, qemu_irq *gsi,
   ISADevice **rtc_state,
   bool create_fdctrl,
@@ -1527,13 +1565,11 @@ void pc_basic_device_init(ISABus *isa_bus, qemu_irq 
*gsi,
   uint32_t hpet_irqs)
 {
 int i;
-DriveInfo *fd[MAX_FD];
 DeviceState *hpet = NULL;
 int pit_isa_irq = 0;
 qemu_irq pit_alt_irq = NULL;
 qemu_irq rtc_irq = NULL;
-qemu_irq *a20_line;
-ISADevice *i8042, *port92, *vmmouse, *pit = NULL;
+ISADevice *pit = NULL;
 MemoryRegion *ioport80_io = g_new(MemoryRegion, 1);
 MemoryRegion *ioportF0_io = g_new(MemoryRegion, 1);
 
@@ -1590,36 +1626,10 @@ void pc_basic_device_init(ISABus *isa_bus, qemu_irq 
*gsi,
 pcspk_init(isa_bus, pit);
 }
 
-serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
-parallel_hds_isa_init(isa_bus, MAX_PARALLEL_PORTS);
-
-a20_line = qemu_allocate_irqs(handle_a20_line_change, first_cpu, 2);
-i8042 = isa_create_simple(isa_bus, "i8042");
-i8042_setup_a20_line(i8042, a20_line[0]);
-if (!no_vmport) {
-vmport_init(isa_bus);
-vmmouse = isa_try_create(isa_bus, "vmmouse");
-} else {
-vmmouse = NULL;
-}
-if (vmmouse) {
-DeviceState *dev = DEVICE(vmmouse);
-qdev_prop_set_ptr(dev, "ps2_mouse", i8042);
-qdev_init_nofail(dev);
-}
-port92 = isa_create_simple(isa_bus, "port92");
-port92_init(port92, a20_line[1]);
-g_free(a20_line);
-
 i8257_dma_init(isa_bus, 0);
 
-for(i = 0; i < MAX_FD; i++) {
-fd[i] = drive_get(IF_FLOPPY, 0, i);
-create_fdctrl |= !!fd[i];
-}
-if (create_fdctrl) {
-fdctrl_init_isa(isa_bus, fd);
-}
+/* Super I/O */
+pc_superio_init(isa_bus, create_fdctrl, no_vmport);
 }
 
 void pc_nic_init(ISABus *isa_bus, PCIBus *pci_bus)
-- 
2.16.2

[Qemu-devel] [PATCH 11/25] hw/isa/superio: Factor out the serial code from pc87312.c

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/isa/pc87312.h |  4 
 include/hw/isa/superio.h |  2 ++
 hw/isa/isa-superio.c | 41 +
 hw/isa/pc87312.c | 43 ---
 hw/isa/trace-events  |  2 +-
 5 files changed, 56 insertions(+), 36 deletions(-)

diff --git a/include/hw/isa/pc87312.h b/include/hw/isa/pc87312.h
index bcc4578479..1480615a2c 100644
--- a/include/hw/isa/pc87312.h
+++ b/include/hw/isa/pc87312.h
@@ -39,10 +39,6 @@ typedef struct PC87312State {
 uint16_t iobase;
 uint8_t config; /* initial configuration */
 
-struct {
-ISADevice *dev;
-} uart[2];
-
 struct {
 ISADevice *dev;
 } fdc;
diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
index e9879cfde1..0b516721c3 100644
--- a/include/hw/isa/superio.h
+++ b/include/hw/isa/superio.h
@@ -28,6 +28,7 @@ typedef struct ISASuperIODevice {
 /*< public >*/
 
 ISADevice *parallel[MAX_PARALLEL_PORTS];
+ISADevice *serial[MAX_SERIAL_PORTS];
 } ISASuperIODevice;
 
 typedef struct ISASuperIOFuncs {
@@ -45,6 +46,7 @@ typedef struct ISASuperIOClass {
 DeviceRealize parent_realize;
 
 ISASuperIOFuncs parallel;
+ISASuperIOFuncs serial;
 } ISASuperIOClass;
 
 #endif /* HW_ISA_SUPERIO_H */
diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
index eb263fcc3a..6962421aad 100644
--- a/hw/isa/isa-superio.c
+++ b/hw/isa/isa-superio.c
@@ -14,6 +14,7 @@
 #include "sysemu/sysemu.h"
 #include "chardev/char.h"
 #include "hw/isa/superio.h"
+#include "hw/char/serial.h"
 #include "trace.h"
 
 static void isa_superio_realize(DeviceState *dev, Error **errp)
@@ -66,6 +67,46 @@ static void isa_superio_realize(DeviceState *dev, Error 
**errp)
 g_free(name);
 }
 }
+
+/* Serial */
+for (i = 0; i < k->serial.count; i++) {
+if (i >= ARRAY_SIZE(sio->serial)) {
+warn_report("superio: ignoring %td serial controllers",
+k->serial.count - ARRAY_SIZE(sio->serial));
+break;
+}
+if (!k->serial.is_enabled || k->serial.is_enabled(sio, i)) {
+/* FIXME use a qdev chardev prop instead of serial_hds[] */
+chr = serial_hds[i];
+if (chr == NULL || chr->be) {
+name = g_strdup_printf("discarding-serial%d", i);
+chr = qemu_chr_new(name, "null");
+} else {
+name = g_strdup_printf("serial%d", i);
+}
+isa = isa_create(bus, TYPE_ISA_SERIAL);
+d = DEVICE(isa);
+qdev_prop_set_uint32(d, "index", i);
+if (k->serial.get_iobase) {
+qdev_prop_set_uint32(d, "iobase",
+ k->serial.get_iobase(sio, i));
+}
+if (k->serial.get_irq) {
+qdev_prop_set_uint32(d, "irq", k->serial.get_irq(sio, i));
+}
+qdev_prop_set_chr(d, "chardev", chr);
+qdev_init_nofail(d);
+sio->serial[i] = isa;
+trace_superio_create_serial(i,
+k->serial.get_iobase ?
+k->serial.get_iobase(sio, i) : -1,
+k->serial.get_irq ?
+k->serial.get_irq(sio, i) : -1);
+object_property_add_child(OBJECT(dev), name,
+  OBJECT(sio->serial[0]), NULL);
+g_free(name);
+}
+}
 }
 
 static void isa_superio_class_init(ObjectClass *oc, void *data)
diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index 1c15715c69..c2837bca43 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -29,8 +29,6 @@
 #include "qemu/error-report.h"
 #include "sysemu/block-backend.h"
 #include "sysemu/blockdev.h"
-#include "sysemu/sysemu.h"
-#include "chardev/char.h"
 #include "trace.h"
 
 
@@ -100,8 +98,9 @@ static const uint16_t uart_base[2][4] = {
 { 0x2e8, 0x238, 0x2e0, 0x228 }
 };
 
-static inline uint16_t get_uart_iobase(PC87312State *s, int i)
+static uint16_t get_uart_iobase(ISASuperIODevice *sio, uint8_t i)
 {
+PC87312State *s = PC87312(sio);
 int idx;
 idx = (s->regs[REG_FAR] >> (2 * i + 2)) & 0x3;
 if (idx == 0) {
@@ -113,15 +112,17 @@ static inline uint16_t get_uart_iobase(PC87312State *s, 
int i)
 }
 }
 
-static inline unsigned int get_uart_irq(PC87312State *s, int i)
+static unsigned int get_uart_irq(ISASuperIODevice *sio, uint8_t i)
 {
+PC87312State *s = PC87312(sio);
 int idx;
 idx = (s->regs[REG_FAR] >> (2 * i + 2)) & 0x3;
 return (idx & 1) ? 3 : 4;
 }
 
-static inline bool is_uart_enabled(PC87312State *s, int i)
+static bool is_uart_enabled(ISASuperIODevice *sio, uint8_t i)
 {
+PC87312State *s = PC87312(sio);
 return s->regs[REG_FER] & (FER_UART1_EN << i);
 }
 
@@ -271,11 +272,8 @@ static void 

[Qemu-devel] [PATCH 18/25] hw/isa/vt82c686: Rename vt82c686b_init() -> vt82c686b_isa_init()

[Philippe Mathieu-Daudé]

This function only initialize the ISA bus.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/isa/vt82c686.h | 2 +-
 hw/isa/vt82c686.c | 2 +-
 hw/mips/mips_fulong2e.c   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/hw/isa/vt82c686.h b/include/hw/isa/vt82c686.h
index 471b5e9e53..db97c8ed7a 100644
--- a/include/hw/isa/vt82c686.h
+++ b/include/hw/isa/vt82c686.h
@@ -2,7 +2,7 @@
 #define HW_VT82C686_H
 
 /* vt82c686.c */
-ISABus *vt82c686b_init(PCIBus * bus, int devfn);
+ISABus *vt82c686b_isa_init(PCIBus * bus, int devfn);
 void vt82c686b_ac97_init(PCIBus *bus, int devfn);
 void vt82c686b_mc97_init(PCIBus *bus, int devfn);
 I2CBus *vt82c686b_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
diff --git a/hw/isa/vt82c686.c b/hw/isa/vt82c686.c
index 070cc1889f..7eaf3c7e8f 100644
--- a/hw/isa/vt82c686.c
+++ b/hw/isa/vt82c686.c
@@ -478,7 +478,7 @@ static void vt82c686b_realize(PCIDevice *d, Error **errp)
 qemu_register_reset(vt82c686b_reset, d);
 }
 
-ISABus *vt82c686b_init(PCIBus *bus, int devfn)
+ISABus *vt82c686b_isa_init(PCIBus *bus, int devfn)
 {
 PCIDevice *d;
 
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index ca1f76a724..9ebc225d3b 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -237,7 +237,7 @@ static void vt82c686b_southbridge_init(PCIBus *pci_bus, int 
slot, qemu_irq intc,
 ISABus *isa_bus;
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
 
-isa_bus = vt82c686b_init(pci_bus, PCI_DEVFN(slot, 0));
+isa_bus = vt82c686b_isa_init(pci_bus, PCI_DEVFN(slot, 0));
 if (!isa_bus) {
 fprintf(stderr, "vt82c686b_init error\n");
 exit(1);
-- 
2.16.2

[Qemu-devel] [PATCH 14/25] hw/isa/superio: Factor out the IDE code from pc87312.c

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/isa/superio.h |  2 ++
 hw/isa/isa-superio.c | 22 ++
 hw/isa/pc87312.c | 36 
 hw/isa/trace-events  |  2 +-
 4 files changed, 45 insertions(+), 17 deletions(-)

diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
index 2fc33bf3d3..3dd5448f8c 100644
--- a/include/hw/isa/superio.h
+++ b/include/hw/isa/superio.h
@@ -31,6 +31,7 @@ typedef struct ISASuperIODevice {
 ISADevice *serial[MAX_SERIAL_PORTS];
 ISADevice *floppy;
 ISADevice *kbc;
+ISADevice *ide;
 } ISASuperIODevice;
 
 typedef struct ISASuperIOFuncs {
@@ -50,6 +51,7 @@ typedef struct ISASuperIOClass {
 ISASuperIOFuncs parallel;
 ISASuperIOFuncs serial;
 ISASuperIOFuncs floppy;
+ISASuperIOFuncs ide;
 } ISASuperIOClass;
 
 #endif /* HW_ISA_SUPERIO_H */
diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
index 041b47bdbf..f98711beff 100644
--- a/hw/isa/isa-superio.c
+++ b/hw/isa/isa-superio.c
@@ -146,6 +146,28 @@ static void isa_superio_realize(DeviceState *dev, Error 
**errp)
 
 /* Keyboard, mouse */
 sio->kbc = isa_create_simple(bus, TYPE_I8042);
+
+/* IDE */
+if (k->ide.count && (!k->ide.is_enabled || k->ide.is_enabled(sio, 0))) {
+isa = isa_create(bus, "isa-ide");
+d = DEVICE(isa);
+if (k->ide.get_iobase) {
+qdev_prop_set_uint32(d, "iobase", k->ide.get_iobase(sio, 0));
+}
+if (k->ide.get_iobase) {
+qdev_prop_set_uint32(d, "iobase2", k->ide.get_iobase(sio, 1));
+}
+if (k->ide.get_irq) {
+qdev_prop_set_uint32(d, "irq", k->ide.get_irq(sio, 0));
+}
+qdev_init_nofail(d);
+sio->ide = isa;
+trace_superio_create_ide(0,
+ k->ide.get_iobase ?
+ k->ide.get_iobase(sio, 0) : -1,
+ k->ide.get_irq ?
+ k->ide.get_irq(sio, 0) : -1);
+}
 }
 
 static void isa_superio_class_init(ObjectClass *oc, void *data)
diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index a1845a91c3..5cf64505fe 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -150,16 +150,28 @@ static unsigned int get_fdc_irq(ISASuperIODevice *sio, 
uint8_t index)
 
 /* IDE controller */
 
-static inline bool is_ide_enabled(PC87312State *s)
+static bool is_ide_enabled(ISASuperIODevice *sio, uint8_t index)
 {
+PC87312State *s = PC87312(sio);
+
 return s->regs[REG_FER] & FER_IDE_EN;
 }
 
-static inline uint16_t get_ide_iobase(PC87312State *s)
+static uint16_t get_ide_iobase(ISASuperIODevice *sio, uint8_t index)
 {
+PC87312State *s = PC87312(sio);
+
+if (index == 1) {
+return get_ide_iobase(sio, 0) + 0x206;
+}
 return (s->regs[REG_FER] & FER_IDE_ADDR) ? 0x170 : 0x1f0;
 }
 
+static unsigned int get_ide_irq(ISASuperIODevice *sio, uint8_t index)
+{
+assert(index == 0);
+return 14;
+}
 
 static void reconfigure_devices(PC87312State *s)
 {
@@ -277,14 +289,11 @@ static void pc87312_reset(DeviceState *d)
 static void pc87312_realize(DeviceState *dev, Error **errp)
 {
 PC87312State *s;
-DeviceState *d;
 ISADevice *isa;
-ISABus *bus;
 Error *local_err = NULL;
 
 s = PC87312(dev);
 isa = ISA_DEVICE(dev);
-bus = isa_bus_from_device(isa);
 isa_register_ioport(isa, >io, s->iobase);
 pc87312_hard_reset(s);
 
@@ -293,17 +302,6 @@ static void pc87312_realize(DeviceState *dev, Error **errp)
 error_propagate(errp, local_err);
 return;
 }
-
-if (is_ide_enabled(s)) {
-isa = isa_create(bus, "isa-ide");
-d = DEVICE(isa);
-qdev_prop_set_uint32(d, "iobase", get_ide_iobase(s));
-qdev_prop_set_uint32(d, "iobase2", get_ide_iobase(s) + 0x206);
-qdev_prop_set_uint32(d, "irq", 14);
-qdev_init_nofail(d);
-s->ide.dev = isa;
-trace_pc87312_info_ide(get_ide_iobase(s));
-}
 }
 
 static void pc87312_initfn(Object *obj)
@@ -361,6 +359,12 @@ static void pc87312_class_init(ObjectClass *klass, void 
*data)
 .get_iobase = get_fdc_iobase,
 .get_irq= get_fdc_irq,
 };
+sc->ide = (ISASuperIOFuncs){
+.count = 1,
+.is_enabled = is_ide_enabled,
+.get_iobase = get_ide_iobase,
+.get_irq= get_ide_irq,
+};
 }
 
 static const TypeInfo pc87312_type_info = {
diff --git a/hw/isa/trace-events b/hw/isa/trace-events
index 8d9900882f..80ac6175d6 100644
--- a/hw/isa/trace-events
+++ b/hw/isa/trace-events
@@ -4,8 +4,8 @@
 superio_create_parallel(int id, uint16_t base, unsigned int irq) "id=%d, base 
0x%03x, irq %u"
 superio_create_serial(int id, uint16_t base, unsigned int irq) "id=%d, base 
0x%03x, irq %u"
 superio_create_floppy(int id, uint16_t base, unsigned int irq) "id=%d, base 
0x%03x, irq %u"
+superio_create_ide(int id, uint16_t base, unsigned int irq) "id=%d, base 

[Qemu-devel] [PATCH 16/25] hw/isa/superio: Factor out the FDC37M817 Super I/O from mips_malta.c

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/isa/superio.h |  2 ++
 hw/isa/isa-superio.c | 19 +++
 hw/mips/mips_malta.c | 35 ++-
 3 files changed, 31 insertions(+), 25 deletions(-)

diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
index 3dd5448f8c..b47aac3cf8 100644
--- a/include/hw/isa/superio.h
+++ b/include/hw/isa/superio.h
@@ -54,4 +54,6 @@ typedef struct ISASuperIOClass {
 ISASuperIOFuncs ide;
 } ISASuperIOClass;
 
+#define TYPE_FDC37M81X_SUPERIO  "fdc37m81x-superio"
+
 #endif /* HW_ISA_SUPERIO_H */
diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
index f98711beff..b95608a003 100644
--- a/hw/isa/isa-superio.c
+++ b/hw/isa/isa-superio.c
@@ -187,9 +187,28 @@ static const TypeInfo isa_superio_type_info = {
 .class_init = isa_superio_class_init,
 };
 
+/* SMS FDC37M817 Super I/O */
+static void fdc37m81x_class_init(ObjectClass *klass, void *data)
+{
+ISASuperIOClass *sc = ISA_SUPERIO_CLASS(klass);
+
+sc->serial.count = 2; /* NS16C550A */
+sc->parallel.count = 1;
+sc->floppy.count = 1; /* SMSC 82077AA Compatible */
+sc->ide.count = 0;
+}
+
+static const TypeInfo fdc37m81x_type_info = {
+.name  = TYPE_FDC37M81X_SUPERIO,
+.parent= TYPE_ISA_SUPERIO,
+.instance_size = sizeof(ISASuperIODevice),
+.class_init= fdc37m81x_class_init,
+};
+
 static void isa_superio_register_types(void)
 {
 type_register_static(_superio_type_info);
+type_register_static(_type_info);
 }
 
 type_init(isa_superio_register_types)
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 9e0724ca5a..f6513a4fd5 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -27,14 +27,12 @@
 #include "cpu.h"
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
+#include "hw/isa/superio.h"
 #include "hw/dma/i8257.h"
 #include "hw/char/serial.h"
-#include "hw/char/parallel.h"
-#include "hw/block/fdc.h"
 #include "net/net.h"
 #include "hw/boards.h"
 #include "hw/i2c/smbus.h"
-#include "sysemu/block-backend.h"
 #include "hw/block/flash.h"
 #include "hw/mips/mips.h"
 #include "hw/mips/cpudevs.h"
@@ -47,7 +45,6 @@
 #include "hw/loader.h"
 #include "elf.h"
 #include "hw/timer/mc146818rtc.h"
-#include "hw/input/i8042.h"
 #include "hw/timer/i8254.h"
 #include "sysemu/blockdev.h"
 #include "exec/address-spaces.h"
@@ -1005,10 +1002,8 @@ void mips_malta_init(MachineState *machine)
 qemu_irq cbus_irq, i8259_irq;
 int piix4_devfn;
 I2CBus *smbus;
-int i;
 DriveInfo *dinfo;
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
-DriveInfo *fd[MAX_FD];
 int fl_idx = 0;
 int fl_sectors = bios_size >> 16;
 int be;
@@ -1023,15 +1018,6 @@ void mips_malta_init(MachineState *machine)
 
 qdev_init_nofail(dev);
 
-/* Make sure the first 3 serial ports are associated with a device. */
-for(i = 0; i < 3; i++) {
-if (!serial_hds[i]) {
-char label[32];
-snprintf(label, sizeof(label), "serial%d", i);
-serial_hds[i] = qemu_chr_new(label, "null");
-}
-}
-
 /* create CPU */
 mips_create_cpu(s, machine->cpu_type, _irq, _irq);
 
@@ -1067,7 +1053,14 @@ void mips_malta_init(MachineState *machine)
 #else
 be = 0;
 #endif
+
 /* FPGA */
+
+/* Make sure the second serial port is associated with a device. */
+if (!serial_hds[2]) {
+serial_hds[2] = qemu_chr_new("fpga-uart", "null");
+}
+
 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
 malta_fpga_init(system_memory, FPGA_ADDRESS, cbus_irq, serial_hds[2]);
 
@@ -1214,16 +1207,8 @@ void mips_malta_init(MachineState *machine)
 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
 g_free(smbus_eeprom_buf);
 
-/* Super I/O */
-isa_create_simple(isa_bus, TYPE_I8042);
-
-serial_hds_isa_init(isa_bus, 0, 2);
-parallel_hds_isa_init(isa_bus, 1);
-
-for(i = 0; i < MAX_FD; i++) {
-fd[i] = drive_get(IF_FLOPPY, 0, i);
-}
-fdctrl_init_isa(isa_bus, fd);
+/* Super I/O: SMS FDC37M817 */
+isa_create_simple(isa_bus, TYPE_FDC37M81X_SUPERIO);
 
 /* Network card */
 network_init(pci_bus);
-- 
2.16.2

[Qemu-devel] [PATCH 09/25] hw/isa/pc87312: Inherit from the abstract TYPE_ISA_SUPERIO

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/isa/pc87312.h |  6 --
 hw/isa/pc87312.c | 11 ++-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/include/hw/isa/pc87312.h b/include/hw/isa/pc87312.h
index b65b219a8a..f3761d6fe1 100644
--- a/include/hw/isa/pc87312.h
+++ b/include/hw/isa/pc87312.h
@@ -25,14 +25,16 @@
 #ifndef QEMU_PC87312_H
 #define QEMU_PC87312_H
 
-#include "hw/isa/isa.h"
+#include "hw/isa/superio.h"
 
 
 #define TYPE_PC87312_SUPERIO "pc87312"
 #define PC87312(obj) OBJECT_CHECK(PC87312State, (obj), TYPE_PC87312_SUPERIO)
 
 typedef struct PC87312State {
-ISADevice dev;
+/*< private >*/
+ISASuperIODevice parent_dev;
+/*< public >*/
 
 uint16_t iobase;
 uint8_t config; /* initial configuration */
diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index fda91fed21..6b8100ff56 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -270,6 +270,7 @@ static void pc87312_realize(DeviceState *dev, Error **errp)
 ISABus *bus;
 Chardev *chr;
 DriveInfo *drive;
+Error *local_err = NULL;
 char name[5];
 int i;
 
@@ -279,6 +280,12 @@ static void pc87312_realize(DeviceState *dev, Error **errp)
 isa_register_ioport(isa, >io, s->iobase);
 pc87312_hard_reset(s);
 
+ISA_SUPERIO_GET_CLASS(dev)->parent_realize(dev, _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+
 if (is_parallel_enabled(s)) {
 /* FIXME use a qdev chardev prop instead of parallel_hds[] */
 chr = parallel_hds[0];
@@ -381,7 +388,9 @@ static Property pc87312_properties[] = {
 static void pc87312_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
+ISASuperIOClass *sc = ISA_SUPERIO_CLASS(klass);
 
+sc->parent_realize = dc->realize;
 dc->realize = pc87312_realize;
 dc->reset = pc87312_reset;
 dc->vmsd = _pc87312;
@@ -392,7 +401,7 @@ static void pc87312_class_init(ObjectClass *klass, void 
*data)
 
 static const TypeInfo pc87312_type_info = {
 .name  = TYPE_PC87312_SUPERIO,
-.parent= TYPE_ISA_DEVICE,
+.parent= TYPE_ISA_SUPERIO,
 .instance_size = sizeof(PC87312State),
 .instance_init = pc87312_initfn,
 .class_init= pc87312_class_init,
-- 
2.16.2

[Qemu-devel] [PATCH 05/25] hw/isa/pc87312: Rename the device type as TYPE_PC87312_SUPERIO

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: David Gibson  (hw/ppc)
---
 include/hw/isa/pc87312.h | 4 ++--
 hw/isa/pc87312.c | 2 +-
 hw/ppc/prep.c| 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/hw/isa/pc87312.h b/include/hw/isa/pc87312.h
index bf74470d40..710eb1c807 100644
--- a/include/hw/isa/pc87312.h
+++ b/include/hw/isa/pc87312.h
@@ -28,8 +28,8 @@
 #include "hw/isa/isa.h"
 
 
-#define TYPE_PC87312 "pc87312"
-#define PC87312(obj) OBJECT_CHECK(PC87312State, (obj), TYPE_PC87312)
+#define TYPE_PC87312_SUPERIO "pc87312"
+#define PC87312(obj) OBJECT_CHECK(PC87312State, (obj), TYPE_PC87312_SUPERIO)
 
 typedef struct PC87312State {
 ISADevice dev;
diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index 48b29e3c3c..e9edbc6c50 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -391,7 +391,7 @@ static void pc87312_class_init(ObjectClass *klass, void 
*data)
 }
 
 static const TypeInfo pc87312_type_info = {
-.name  = TYPE_PC87312,
+.name  = TYPE_PC87312_SUPERIO,
 .parent= TYPE_ISA_DEVICE,
 .instance_size = sizeof(PC87312State),
 .instance_init = pc87312_initfn,
diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index ae724b0613..610ec7ec32 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -613,7 +613,7 @@ static void ppc_prep_init(MachineState *machine)
 isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(pci), "isa.0"));
 
 /* Super I/O (parallel + serial ports) */
-isa = isa_create(isa_bus, TYPE_PC87312);
+isa = isa_create(isa_bus, TYPE_PC87312_SUPERIO);
 dev = DEVICE(isa);
 qdev_prop_set_uint8(dev, "config", 13); /* fdc, ser0, ser1, par0 */
 qdev_init_nofail(dev);
-- 
2.16.2

[Qemu-devel] [PATCH 07/25] hw/isa/pc87312: Use 'unsigned int' for the irq value

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/isa/pc87312.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index 105c23e680..fda91fed21 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -76,9 +76,9 @@ static inline uint16_t get_parallel_iobase(PC87312State *s)
 return parallel_base[s->regs[REG_FAR] & FAR_PARALLEL_ADDR];
 }
 
-static const uint32_t parallel_irq[] = { 5, 7, 5, 0 };
+static const unsigned int parallel_irq[] = { 5, 7, 5, 0 };
 
-static inline uint32_t get_parallel_irq(PC87312State *s)
+static inline unsigned int get_parallel_irq(PC87312State *s)
 {
 int idx;
 idx = (s->regs[REG_FAR] & FAR_PARALLEL_ADDR);
@@ -110,7 +110,7 @@ static inline uint16_t get_uart_iobase(PC87312State *s, int 
i)
 }
 }
 
-static inline uint32_t get_uart_irq(PC87312State *s, int i)
+static inline unsigned int get_uart_irq(PC87312State *s, int i)
 {
 int idx;
 idx = (s->regs[REG_FAR] >> (2 * i + 2)) & 0x3;
-- 
2.16.2

[Qemu-devel] [PATCH 13/25] hw/isa/superio: Add a keyboard/mouse controller (8042)

[Philippe Mathieu-Daudé]

Since the PC87312 inherits this abstract model, we remove the I8042
instance in the PREP machine.

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: David Gibson 
---
 include/hw/isa/superio.h | 1 +
 hw/isa/isa-superio.c | 3 +++
 hw/ppc/prep.c| 1 -
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
index e8007b9eee..2fc33bf3d3 100644
--- a/include/hw/isa/superio.h
+++ b/include/hw/isa/superio.h
@@ -30,6 +30,7 @@ typedef struct ISASuperIODevice {
 ISADevice *parallel[MAX_PARALLEL_PORTS];
 ISADevice *serial[MAX_SERIAL_PORTS];
 ISADevice *floppy;
+ISADevice *kbc;
 } ISASuperIODevice;
 
 typedef struct ISASuperIOFuncs {
diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
index 4b5e280b38..041b47bdbf 100644
--- a/hw/isa/isa-superio.c
+++ b/hw/isa/isa-superio.c
@@ -17,6 +17,7 @@
 #include "sysemu/blockdev.h"
 #include "chardev/char.h"
 #include "hw/isa/superio.h"
+#include "hw/input/i8042.h"
 #include "hw/char/serial.h"
 #include "trace.h"
 
@@ -143,6 +144,8 @@ static void isa_superio_realize(DeviceState *dev, Error 
**errp)
 k->floppy.get_irq(sio, 0) : -1);
 }
 
+/* Keyboard, mouse */
+sio->kbc = isa_create_simple(bus, TYPE_I8042);
 }
 
 static void isa_superio_class_init(ObjectClass *oc, void *data)
diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 610ec7ec32..96d319b87c 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -642,7 +642,6 @@ static void ppc_prep_init(MachineState *machine)
  hd[2 * i],
 hd[2 * i + 1]);
 }
-isa_create_simple(isa_bus, TYPE_I8042);
 
 cpu = POWERPC_CPU(first_cpu);
 sysctrl->reset_irq = cpu->env.irq_inputs[PPC6xx_INPUT_HRESET];
-- 
2.16.2

[Qemu-devel] [PATCH 04/25] MAINTAINERS: Fix the PC87312 include path

[Philippe Mathieu-Daudé]

Missed while moving it in 0d09e41a51aa.

Signed-off-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 6622efc1da..212eaa836a 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -765,9 +765,10 @@ F: hw/ppc/prep_systemio.c
 F: hw/ppc/rs6000_mc.c
 F: hw/pci-host/prep.[hc]
 F: hw/isa/i82378.c
-F: hw/isa/pc87312.[hc]
+F: hw/isa/pc87312.c
 F: hw/dma/i82374.c
 F: hw/timer/m48t59-isa.c
+F: include/hw/isa/pc87312.h
 F: include/hw/timer/m48t59.h
 F: pc-bios/ppc_rom.bin
 
-- 
2.16.2

[Qemu-devel] [PATCH 06/25] hw/isa/pc87312: Use uint16_t for the ISA I/O base address

[Philippe Mathieu-Daudé]

This matches the isa_register_ioport() prototype.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/isa/pc87312.h |  2 +-
 hw/isa/pc87312.c | 14 +++---
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/include/hw/isa/pc87312.h b/include/hw/isa/pc87312.h
index 710eb1c807..b65b219a8a 100644
--- a/include/hw/isa/pc87312.h
+++ b/include/hw/isa/pc87312.h
@@ -34,7 +34,7 @@
 typedef struct PC87312State {
 ISADevice dev;
 
-uint32_t iobase;
+uint16_t iobase;
 uint8_t config; /* initial configuration */
 
 struct {
diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index e9edbc6c50..105c23e680 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -69,9 +69,9 @@ static inline bool is_parallel_enabled(PC87312State *s)
 return s->regs[REG_FER] & FER_PARALLEL_EN;
 }
 
-static const uint32_t parallel_base[] = { 0x378, 0x3bc, 0x278, 0x00 };
+static const uint16_t parallel_base[] = { 0x378, 0x3bc, 0x278, 0x00 };
 
-static inline uint32_t get_parallel_iobase(PC87312State *s)
+static inline uint16_t get_parallel_iobase(PC87312State *s)
 {
 return parallel_base[s->regs[REG_FAR] & FAR_PARALLEL_ADDR];
 }
@@ -92,12 +92,12 @@ static inline uint32_t get_parallel_irq(PC87312State *s)
 
 /* UARTs */
 
-static const uint32_t uart_base[2][4] = {
+static const uint16_t uart_base[2][4] = {
 { 0x3e8, 0x338, 0x2e8, 0x220 },
 { 0x2e8, 0x238, 0x2e0, 0x228 }
 };
 
-static inline uint32_t get_uart_iobase(PC87312State *s, int i)
+static inline uint16_t get_uart_iobase(PC87312State *s, int i)
 {
 int idx;
 idx = (s->regs[REG_FAR] >> (2 * i + 2)) & 0x3;
@@ -130,7 +130,7 @@ static inline bool is_fdc_enabled(PC87312State *s)
 return s->regs[REG_FER] & FER_FDC_EN;
 }
 
-static inline uint32_t get_fdc_iobase(PC87312State *s)
+static inline uint16_t get_fdc_iobase(PC87312State *s)
 {
 return (s->regs[REG_FER] & FER_FDC_ADDR) ? 0x370 : 0x3f0;
 }
@@ -143,7 +143,7 @@ static inline bool is_ide_enabled(PC87312State *s)
 return s->regs[REG_FER] & FER_IDE_EN;
 }
 
-static inline uint32_t get_ide_iobase(PC87312State *s)
+static inline uint16_t get_ide_iobase(PC87312State *s)
 {
 return (s->regs[REG_FER] & FER_IDE_ADDR) ? 0x170 : 0x1f0;
 }
@@ -373,7 +373,7 @@ static const VMStateDescription vmstate_pc87312 = {
 };
 
 static Property pc87312_properties[] = {
-DEFINE_PROP_UINT32("iobase", PC87312State, iobase, 0x398),
+DEFINE_PROP_UINT16("iobase", PC87312State, iobase, 0x398),
 DEFINE_PROP_UINT8("config", PC87312State, config, 1),
 DEFINE_PROP_END_OF_LIST()
 };
-- 
2.16.2

[Qemu-devel] [PATCH 02/25] hw/dma/i8257: Rename DMA_init() to i8257_dma_init()

[Philippe Mathieu-Daudé]

- Move the header from hw/isa/ to hw/dma/
- Remove the old i386/pc dependency
- use a bool type for the high_page_enable argument

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/{isa => dma}/i8257.h | 6 ++
 include/hw/isa/isa.h| 2 --
 hw/dma/i82374.c | 3 ++-
 hw/dma/i8257.c  | 4 ++--
 hw/i386/pc.c| 3 ++-
 hw/mips/mips_fulong2e.c | 3 ++-
 hw/mips/mips_jazz.c | 3 ++-
 hw/mips/mips_malta.c| 3 ++-
 hw/sparc/sun4m.c| 4 
 hw/sparc64/sun4u.c  | 4 
 MAINTAINERS | 2 +-
 11 files changed, 19 insertions(+), 18 deletions(-)
 rename include/hw/{isa => dma}/i8257.h (86%)

diff --git a/include/hw/isa/i8257.h b/include/hw/dma/i8257.h
similarity index 86%
rename from include/hw/isa/i8257.h
rename to include/hw/dma/i8257.h
index 88a2766a3f..2cab50bb6c 100644
--- a/include/hw/isa/i8257.h
+++ b/include/hw/dma/i8257.h
@@ -1,6 +1,10 @@
 #ifndef HW_I8257_H
 #define HW_I8257_H
 
+#include "hw/hw.h"
+#include "hw/isa/isa.h"
+#include "exec/ioport.h"
+
 #define TYPE_I8257 "i8257"
 
 typedef struct I8257Regs {
@@ -40,4 +44,6 @@ typedef struct I8257State {
 PortioList portio_pageh;
 } I8257State;
 
+void i8257_dma_init(ISABus *bus, bool high_page_enable);
+
 #endif
diff --git a/include/hw/isa/isa.h b/include/hw/isa/isa.h
index 95593408ef..b9dbab24b4 100644
--- a/include/hw/isa/isa.h
+++ b/include/hw/isa/isa.h
@@ -151,6 +151,4 @@ static inline ISABus *isa_bus_from_device(ISADevice *d)
 return ISA_BUS(qdev_get_parent_bus(DEVICE(d)));
 }
 
-/* i8257.c */
-void DMA_init(ISABus *bus, int high_page_enable);
 #endif
diff --git a/hw/dma/i82374.c b/hw/dma/i82374.c
index 6c0f975df0..83c87d92e0 100644
--- a/hw/dma/i82374.c
+++ b/hw/dma/i82374.c
@@ -24,6 +24,7 @@
 
 #include "qemu/osdep.h"
 #include "hw/isa/isa.h"
+#include "hw/dma/i8257.h"
 
 #define TYPE_I82374 "i82374"
 #define I82374(obj) OBJECT_CHECK(I82374State, (obj), TYPE_I82374)
@@ -123,7 +124,7 @@ static void i82374_realize(DeviceState *dev, Error **errp)
 portio_list_add(>port_list, isa_address_space_io(>parent_obj),
 s->iobase);
 
-DMA_init(isa_bus_from_device(ISA_DEVICE(dev)), 1);
+i8257_dma_init(isa_bus_from_device(ISA_DEVICE(dev)), true);
 memset(s->commands, 0, sizeof(s->commands));
 }
 
diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
index bd23e893bf..52675e97c9 100644
--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -24,7 +24,7 @@
 #include "qemu/osdep.h"
 #include "hw/hw.h"
 #include "hw/isa/isa.h"
-#include "hw/isa/i8257.h"
+#include "hw/dma/i8257.h"
 #include "qemu/main-loop.h"
 #include "trace.h"
 
@@ -622,7 +622,7 @@ static void i8257_register_types(void)
 
 type_init(i8257_register_types)
 
-void DMA_init(ISABus *bus, int high_page_enable)
+void i8257_dma_init(ISABus *bus, bool high_page_enable)
 {
 ISADevice *isa1, *isa2;
 DeviceState *d;
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 81364932d3..ec75b09a8f 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -41,6 +41,7 @@
 #include "elf.h"
 #include "multiboot.h"
 #include "hw/timer/mc146818rtc.h"
+#include "hw/dma/i8257.h"
 #include "hw/timer/i8254.h"
 #include "hw/audio/pcspk.h"
 #include "hw/pci/msi.h"
@@ -1609,7 +1610,7 @@ void pc_basic_device_init(ISABus *isa_bus, qemu_irq *gsi,
 port92_init(port92, a20_line[1]);
 g_free(a20_line);
 
-DMA_init(isa_bus, 0);
+i8257_dma_init(isa_bus, 0);
 
 for(i = 0; i < MAX_FD; i++) {
 fd[i] = drive_get(IF_FLOPPY, 0, i);
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index dc77b55755..0545fcd899 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -22,6 +22,7 @@
 #include "qapi/error.h"
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
+#include "hw/dma/i8257.h"
 #include "hw/char/serial.h"
 #include "hw/char/parallel.h"
 #include "hw/block/fdc.h"
@@ -360,7 +361,7 @@ static void mips_fulong2e_init(MachineState *machine)
 
 /* init other devices */
 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
-DMA_init(isa_bus, 0);
+i8257_dma_init(isa_bus, 0);
 
 /* Super I/O */
 isa_create_simple(isa_bus, "i8042");
diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index b24305b7b4..827ffdcd4a 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@@ -27,6 +27,7 @@
 #include "hw/mips/mips.h"
 #include "hw/mips/cpudevs.h"
 #include "hw/i386/pc.h"
+#include "hw/dma/i8257.h"
 #include "hw/char/serial.h"
 #include "hw/char/parallel.h"
 #include "hw/isa/isa.h"
@@ -220,7 +221,7 @@ static void mips_jazz_init(MachineState *machine,
 /* ISA devices */
 i8259 = i8259_init(isa_bus, env->irq[4]);
 isa_bus_irqs(isa_bus, i8259);
-DMA_init(isa_bus, 0);
+i8257_dma_init(isa_bus, 0);
 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
 pcspk_init(isa_bus, pit);
 
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index c74882c7e9..9cb86c432e 100644
--- a/hw/mips/mips_malta.c
+++ 

[Qemu-devel] [PATCH 08/25] hw/isa/superio: Add a Super I/O template based on the PC87312 device

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/isa/superio.h | 44 
 hw/isa/isa-superio.c | 28 
 MAINTAINERS  |  2 ++
 hw/isa/Makefile.objs |  1 +
 4 files changed, 75 insertions(+)
 create mode 100644 include/hw/isa/superio.h
 create mode 100644 hw/isa/isa-superio.c

diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
new file mode 100644
index 00..cff6ad6c08
--- /dev/null
+++ b/include/hw/isa/superio.h
@@ -0,0 +1,44 @@
+/*
+ * Generic ISA Super I/O
+ *
+ * Copyright (c) 2018 Philippe Mathieu-Daudé
+ *
+ * This code is licensed under the GNU GPLv2 and later.
+ * See the COPYING file in the top-level directory.
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#ifndef HW_ISA_SUPERIO_H
+#define HW_ISA_SUPERIO_H
+
+#include "qemu-common.h"
+#include "sysemu/sysemu.h"
+#include "hw/isa/isa.h"
+
+#define TYPE_ISA_SUPERIO "isa-superio"
+#define ISA_SUPERIO(obj) \
+OBJECT_CHECK(ISASuperIODevice, (obj), TYPE_ISA_SUPERIO)
+#define ISA_SUPERIO_GET_CLASS(obj) \
+OBJECT_GET_CLASS(ISASuperIOClass, (obj), TYPE_ISA_SUPERIO)
+#define ISA_SUPERIO_CLASS(klass) \
+OBJECT_CLASS_CHECK(ISASuperIOClass, (klass), TYPE_ISA_SUPERIO)
+
+typedef struct ISASuperIODevice {
+ISADevice parent_obj;
+} ISASuperIODevice;
+
+typedef struct ISASuperIOFuncs {
+size_t count;
+bool (*is_enabled)(ISASuperIODevice *sio, uint8_t index);
+uint16_t (*get_iobase)(ISASuperIODevice *sio, uint8_t index);
+unsigned int (*get_irq)(ISASuperIODevice *sio, uint8_t index);
+unsigned int (*get_dma)(ISASuperIODevice *sio, uint8_t index);
+} ISASuperIOFuncs;
+
+typedef struct ISASuperIOClass {
+/*< private >*/
+ISADeviceClass parent_class;
+/*< public >*/
+DeviceRealize parent_realize;
+} ISASuperIOClass;
+
+#endif /* HW_ISA_SUPERIO_H */
diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
new file mode 100644
index 00..14ec16f831
--- /dev/null
+++ b/hw/isa/isa-superio.c
@@ -0,0 +1,28 @@
+/*
+ * Generic ISA Super I/O
+ *
+ * Copyright (c) 2010-2012 Herve Poussineau
+ * Copyright (c) 2011-2012 Andreas Färber
+ * Copyright (c) 2018 Philippe Mathieu-Daudé
+ *
+ * This code is licensed under the GNU GPLv2 and later.
+ * See the COPYING file in the top-level directory.
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include "qemu/osdep.h"
+#include "hw/isa/superio.h"
+#include "trace.h"
+
+static const TypeInfo isa_superio_type_info = {
+.name = TYPE_ISA_SUPERIO,
+.parent = TYPE_ISA_DEVICE,
+.abstract = true,
+.class_size = sizeof(ISASuperIOClass),
+};
+
+static void isa_superio_register_types(void)
+{
+type_register_static(_superio_type_info);
+}
+
+type_init(isa_superio_register_types)
diff --git a/MAINTAINERS b/MAINTAINERS
index 212eaa836a..98a8918c20 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -922,6 +922,7 @@ F: hw/input/pckbd.c
 F: hw/intc/apic*
 F: hw/intc/ioapic*
 F: hw/intc/i8259*
+F: hw/isa/isa-superio.c
 F: hw/misc/debugexit.c
 F: hw/misc/pc-testdev.c
 F: hw/timer/hpet*
@@ -933,6 +934,7 @@ F: include/hw/char/parallel.h
 F: include/hw/dma/i8257.h
 F: include/hw/i2c/pm_smbus.h
 F: include/hw/input/i8042.h
+F: include/hw/isa/superio.h
 F: include/hw/timer/hpet.h
 F: include/hw/timer/i8254*
 F: include/hw/timer/mc146818rtc*
diff --git a/hw/isa/Makefile.objs b/hw/isa/Makefile.objs
index fb37c55cf2..cac655ba58 100644
--- a/hw/isa/Makefile.objs
+++ b/hw/isa/Makefile.objs
@@ -1,4 +1,5 @@
 common-obj-$(CONFIG_ISA_BUS) += isa-bus.o
+common-obj-$(CONFIG_ISA_BUS) += isa-superio.o
 common-obj-$(CONFIG_APM) += apm.o
 common-obj-$(CONFIG_I82378) += i82378.o
 common-obj-$(CONFIG_PC87312) += pc87312.o
-- 
2.16.2

[Qemu-devel] [PATCH 01/25] hw/isa: Move parallel_hds_isa_init() to hw/char/parallel-isa.c

[Philippe Mathieu-Daudé]

Again... (after 07dc788054d7 and 9157eee1b1c0).

We now extract the ISA bus specific helpers.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/char/parallel.h | 14 ++
 include/hw/i386/pc.h   |  8 
 hw/char/parallel-isa.c | 36 
 hw/char/parallel.c |  2 +-
 hw/i386/pc.c   |  1 +
 hw/isa/isa-bus.c   | 26 --
 hw/mips/mips_fulong2e.c|  1 +
 hw/mips/mips_jazz.c|  1 +
 hw/mips/mips_malta.c   |  1 +
 hw/sparc64/sun4u.c |  1 +
 MAINTAINERS|  3 ++-
 hw/char/Makefile.objs  |  1 +
 12 files changed, 59 insertions(+), 36 deletions(-)
 create mode 100644 include/hw/char/parallel.h
 create mode 100644 hw/char/parallel-isa.c

diff --git a/include/hw/char/parallel.h b/include/hw/char/parallel.h
new file mode 100644
index 00..d6dd62fb9f
--- /dev/null
+++ b/include/hw/char/parallel.h
@@ -0,0 +1,14 @@
+#ifndef HW_PARALLEL_H
+#define HW_PARALLEL_H
+
+#include "exec/memory.h"
+#include "hw/isa/isa.h"
+#include "chardev/char.h"
+
+void parallel_hds_isa_init(ISABus *bus, int n);
+
+bool parallel_mm_init(MemoryRegion *address_space,
+  hwaddr base, int it_shift, qemu_irq irq,
+  Chardev *chr);
+
+#endif
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index bb49165fe0..f1feb18c3c 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -151,14 +151,6 @@ struct PCMachineClass {
 #define PC_MACHINE_CLASS(klass) \
 OBJECT_CLASS_CHECK(PCMachineClass, (klass), TYPE_PC_MACHINE)
 
-/* parallel.c */
-
-void parallel_hds_isa_init(ISABus *bus, int n);
-
-bool parallel_mm_init(MemoryRegion *address_space,
-  hwaddr base, int it_shift, qemu_irq irq,
-  Chardev *chr);
-
 /* i8259.c */
 
 extern DeviceState *isa_pic;
diff --git a/hw/char/parallel-isa.c b/hw/char/parallel-isa.c
new file mode 100644
index 00..639e179585
--- /dev/null
+++ b/hw/char/parallel-isa.c
@@ -0,0 +1,36 @@
+/*
+ * QEMU Parallel PORT (ISA bus helpers)
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * SPDX-License-Identifier: MIT
+ */
+#include "qemu/osdep.h"
+#include "sysemu/sysemu.h"
+#include "hw/isa/isa.h"
+#include "hw/char/parallel.h"
+
+static void parallel_init(ISABus *bus, int index, Chardev *chr)
+{
+DeviceState *dev;
+ISADevice *isadev;
+
+isadev = isa_create(bus, "isa-parallel");
+dev = DEVICE(isadev);
+qdev_prop_set_uint32(dev, "index", index);
+qdev_prop_set_chr(dev, "chardev", chr);
+qdev_init_nofail(dev);
+}
+
+void parallel_hds_isa_init(ISABus *bus, int n)
+{
+int i;
+
+assert(n <= MAX_PARALLEL_PORTS);
+
+for (i = 0; i < n; i++) {
+if (parallel_hds[i]) {
+parallel_init(bus, i, parallel_hds[i]);
+}
+}
+}
diff --git a/hw/char/parallel.c b/hw/char/parallel.c
index f79dc76543..1542d62201 100644
--- a/hw/char/parallel.c
+++ b/hw/char/parallel.c
@@ -28,7 +28,7 @@
 #include "chardev/char-parallel.h"
 #include "chardev/char-fe.h"
 #include "hw/isa/isa.h"
-#include "hw/i386/pc.h"
+#include "hw/char/parallel.h"
 #include "sysemu/sysemu.h"
 
 //#define DEBUG_PARALLEL
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 35fcb6efdf..81364932d3 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -26,6 +26,7 @@
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
 #include "hw/char/serial.h"
+#include "hw/char/parallel.h"
 #include "hw/i386/apic.h"
 #include "hw/i386/topology.h"
 #include "sysemu/cpus.h"
diff --git a/hw/isa/isa-bus.c b/hw/isa/isa-bus.c
index 0f2e426d02..63fa77effc 100644
--- a/hw/isa/isa-bus.c
+++ b/hw/isa/isa-bus.c
@@ -24,7 +24,6 @@
 #include "hw/sysbus.h"
 #include "sysemu/sysemu.h"
 #include "hw/isa/isa.h"
-#include "hw/i386/pc.h"
 
 static ISABus *isabus;
 
@@ -288,28 +287,3 @@ MemoryRegion *isa_address_space_io(ISADevice *dev)
 }
 
 type_init(isabus_register_types)
-
-static void parallel_init(ISABus *bus, int index, Chardev *chr)
-{
-DeviceState *dev;
-ISADevice *isadev;
-
-isadev = isa_create(bus, "isa-parallel");
-dev = DEVICE(isadev);
-qdev_prop_set_uint32(dev, "index", index);
-qdev_prop_set_chr(dev, "chardev", chr);
-qdev_init_nofail(dev);
-}
-
-void parallel_hds_isa_init(ISABus *bus, int n)
-{
-int i;
-
-assert(n <= MAX_PARALLEL_PORTS);
-
-for (i = 0; i < n; i++) {
-if (parallel_hds[i]) {
-parallel_init(bus, i, parallel_hds[i]);
-}
-}
-}
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index f68c625666..dc77b55755 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -23,6 +23,7 @@
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
 #include "hw/char/serial.h"
+#include "hw/char/parallel.h"
 #include "hw/block/fdc.h"
 #include "net/net.h"
 #include "hw/boards.h"
diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index b09871a814..b24305b7b4 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c

[Qemu-devel] [PATCH 03/25] hw/input/i8042: Extract declarations from i386/pc.h into input/i8042.h

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: David Gibson  (hw/ppc)
---
 include/hw/i386/pc.h |  9 -
 include/hw/input/i8042.h | 24 
 hw/alpha/dp264.c |  3 ++-
 hw/i386/pc.c |  1 +
 hw/i386/vmmouse.c|  1 +
 hw/i386/vmport.c |  1 +
 hw/input/pckbd.c |  2 +-
 hw/mips/mips_fulong2e.c  |  3 ++-
 hw/mips/mips_jazz.c  |  1 +
 hw/mips/mips_malta.c |  3 ++-
 hw/mips/mips_r4k.c   |  3 ++-
 hw/ppc/prep.c|  5 +++--
 hw/sparc64/sun4u.c   |  1 +
 hw/unicore32/puv3.c  |  1 +
 MAINTAINERS  |  1 +
 15 files changed, 43 insertions(+), 16 deletions(-)
 create mode 100644 include/hw/input/i8042.h

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index f1feb18c3c..1638618dfc 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -188,15 +188,6 @@ void vmport_register(unsigned char command, VMPortReadFunc 
*func, void *opaque);
 void vmmouse_get_data(uint32_t *data);
 void vmmouse_set_data(const uint32_t *data);
 
-/* pckbd.c */
-#define I8042_A20_LINE "a20"
-
-void i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq,
-   MemoryRegion *region, ram_addr_t size,
-   hwaddr mask);
-void i8042_isa_mouse_fake_event(void *opaque);
-void i8042_setup_a20_line(ISADevice *dev, qemu_irq a20_out);
-
 /* pc.c */
 extern int fd_bootchk;
 
diff --git a/include/hw/input/i8042.h b/include/hw/input/i8042.h
new file mode 100644
index 00..f6ff146364
--- /dev/null
+++ b/include/hw/input/i8042.h
@@ -0,0 +1,24 @@
+/*
+ * QEMU PS/2 Controller
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * SPDX-License-Identifier: MIT
+ */
+#ifndef HW_INPUT_I8042_H
+#define HW_INPUT_I8042_H
+
+#include "hw/hw.h"
+#include "hw/isa/isa.h"
+
+#define TYPE_I8042 "i8042"
+
+#define I8042_A20_LINE "a20"
+
+void i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq,
+   MemoryRegion *region, ram_addr_t size,
+   hwaddr mask);
+void i8042_isa_mouse_fake_event(void *opaque);
+void i8042_setup_a20_line(ISADevice *dev, qemu_irq a20_out);
+
+#endif /* HW_INPUT_I8042_H */
diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
index 766373eec7..e13cb576fd 100644
--- a/hw/alpha/dp264.c
+++ b/hw/alpha/dp264.c
@@ -19,6 +19,7 @@
 #include "hw/timer/mc146818rtc.h"
 #include "hw/ide.h"
 #include "hw/timer/i8254.h"
+#include "hw/input/i8042.h"
 #include "hw/char/serial.h"
 #include "qemu/cutils.h"
 
@@ -81,7 +82,7 @@ static void clipper_init(MachineState *machine)
 mc146818_rtc_init(isa_bus, 1900, rtc_irq);
 
 i8254_pit_init(isa_bus, 0x40, 0, NULL);
-isa_create_simple(isa_bus, "i8042");
+isa_create_simple(isa_bus, TYPE_I8042);
 
 /* VGA setup.  Don't bother loading the bios.  */
 pci_vga_init(pci_bus);
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index ec75b09a8f..cdcdfafe8e 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -43,6 +43,7 @@
 #include "hw/timer/mc146818rtc.h"
 #include "hw/dma/i8257.h"
 #include "hw/timer/i8254.h"
+#include "hw/input/i8042.h"
 #include "hw/audio/pcspk.h"
 #include "hw/pci/msi.h"
 #include "hw/sysbus.h"
diff --git a/hw/i386/vmmouse.c b/hw/i386/vmmouse.c
index 65ef55329e..5d2d278be4 100644
--- a/hw/i386/vmmouse.c
+++ b/hw/i386/vmmouse.c
@@ -25,6 +25,7 @@
 #include "hw/hw.h"
 #include "ui/console.h"
 #include "hw/i386/pc.h"
+#include "hw/input/i8042.h"
 #include "hw/qdev.h"
 
 /* debug only vmmouse */
diff --git a/hw/i386/vmport.c b/hw/i386/vmport.c
index 116aa09819..3bf8cfe041 100644
--- a/hw/i386/vmport.c
+++ b/hw/i386/vmport.c
@@ -25,6 +25,7 @@
 #include "hw/hw.h"
 #include "hw/isa/isa.h"
 #include "hw/i386/pc.h"
+#include "hw/input/i8042.h"
 #include "sysemu/hw_accel.h"
 #include "hw/qdev.h"
 #include "qemu/log.h"
diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
index c479f827b6..f17f18e51b 100644
--- a/hw/input/pckbd.c
+++ b/hw/input/pckbd.c
@@ -26,6 +26,7 @@
 #include "hw/isa/isa.h"
 #include "hw/i386/pc.h"
 #include "hw/input/ps2.h"
+#include "hw/input/i8042.h"
 #include "sysemu/sysemu.h"
 
 /* debug PC keyboard */
@@ -480,7 +481,6 @@ void i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq,
 qemu_register_reset(kbd_reset, s);
 }
 
-#define TYPE_I8042 "i8042"
 #define I8042(obj) OBJECT_CHECK(ISAKBDState, (obj), TYPE_I8042)
 
 typedef struct ISAKBDState {
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index 0545fcd899..9339e02120 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -44,6 +44,7 @@
 #include "hw/isa/vt82c686.h"
 #include "hw/timer/mc146818rtc.h"
 #include "hw/timer/i8254.h"
+#include "hw/input/i8042.h"
 #include "sysemu/blockdev.h"
 #include "exec/address-spaces.h"
 #include "sysemu/qtest.h"
@@ -364,7 +365,7 @@ static void mips_fulong2e_init(MachineState *machine)
 i8257_dma_init(isa_bus, 0);
 
 /* Super I/O */
-isa_create_simple(isa_bus, "i8042");
+isa_create_simple(isa_bus, TYPE_I8042);
 
 

[Qemu-devel] [PATCH 00/25] remove i386/pc dependency: generic SuperIO

[Philippe Mathieu-Daudé]

Hi Paolo, Michael, Hervé and Yongbok.

This series could be the 'part 2' of my previous "remove i386/pc dependency
from non-PC world" I started around 2.9.

The goal is to unify the Super I/O device pattern.

In this rewrite I:
- extract the common SuperIO code from pc87312.c
- use it in few MIPS boards
- as example, easily add a new SuperIO chipset (SMC37C669) to the DP264 machine.

The SMC37C669 is very easily modeled and understandable in the "Add the SMC
FDC37C669 Super I/O" patch. Once used by the DP264 machine, the machine direcly
inherits of the parallel port and two floppy drives without any effort in the
machine code (therefore, easier to qtest and maintain).
The emphasis of the differences is show in the link [2].

Since RFC v2:
- fixed missing .class_size of abstract class in "Add a Super I/O template"
- fixed ptrdiff_t Werror=format string (patchew)
- fixed incorrect/missing MAINTAINERS entries
- only use "discarded-" in device name when no backend provided
- added R-b tags (David Gibson)

tested on:
- Q35
- alpha DP264 [1], [2]
- mips Malta
- mips Fuloong (only monitor, no image to test) [3]
- PReP (only monitor, no image to test)

Paolo: I tested the series and think it is ready to go and shouldn't break
upstream, but I'd like more testing for the Fuloong/PReP machines and
eventually an Ack-by from Michael S. Tsirkin since his area is well touched
by this series.

diff between master and this series here replied to previous thread there:
[1] http://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02510.html
[2] http://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02516.html
[3] http://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02515.html

Since RFC v1:
- complete rewrite, split out the PIIX devices for another series

More devices are being converted but I'm running out of time for the soft
freeze (mips_r4k, hppa_dino, and the PC ones).

Regards,

Phil.

$ git backport-diff -u rfc_v2
[] : patches are identical
[] : number of functional differences between upstream/downstream patch
[down] : patch is downstream-only
The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively

001/25:[] [--] 'hw/isa: Move parallel_hds_isa_init() to 
hw/char/parallel-isa.c'
002/25:[] [--] 'hw/dma/i8257: Rename DMA_init() to i8257_dma_init()'
003/25:[] [--] 'hw/input/i8042: Extract declarations from i386/pc.h into 
input/i8042.h'
004/25:[down] 'MAINTAINERS: Fix the PC87312 include path'
005/25:[] [--] 'hw/isa/pc87312: Rename the device type as 
TYPE_PC87312_SUPERIO'
006/25:[] [--] 'hw/isa/pc87312: Use uint16_t for the ISA I/O base address'
007/25:[] [--] 'hw/isa/pc87312: Use 'unsigned int' for the irq value'
008/25:[0003] [FC] 'hw/isa/superio: Add a Super I/O template based on the 
PC87312 device'
009/25:[] [--] 'hw/isa/pc87312: Inherit from the abstract TYPE_ISA_SUPERIO'
010/25:[0006] [FC] 'hw/isa/superio: Factor out the parallel code from pc87312.c'
011/25:[0006] [FC] 'hw/isa/superio: Factor out the serial code from pc87312.c'
012/25:[] [--] 'hw/isa/superio: Factor out the floppy disc controller code 
from pc87312.c'
013/25:[] [--] 'hw/isa/superio: Add a keyboard/mouse controller (8042)'
014/25:[] [--] 'hw/isa/superio: Factor out the IDE code from pc87312.c'
015/25:[] [--] 'hw/mips/malta: Code movement'
016/25:[0001] [FC] 'hw/isa/superio: Factor out the FDC37M817 Super I/O from 
mips_malta.c'
017/25:[] [--] 'hw/mips/mips_fulong2e: Factor out 
vt82c686b_southbridge_init()'
018/25:[] [--] 'hw/isa/vt82c686: Rename vt82c686b_init() -> 
vt82c686b_isa_init()'
019/25:[] [--] 'hw/isa/vt82c686: Add the TYPE_VT82C686B_SUPERIO'
020/25:[down] 'MAINTAINERS: Add entries for the VT82C686B Super I/O'
021/25:[down] 'MAINTAINERS: Split the Alpha TCG/machine section'
022/25:[0001] [FC] 'hw/isa/superio: Add the SMC FDC37C669 Super I/O'
023/25:[] [--] 'hw/alpha/dp264: Add the ISA DMA controller'
024/25:[] [--] 'hw/alpha/dp264: Use the TYPE_SMC37C669_SUPERIO'
025/25:[] [--] 'hw/i386/pc: Factor out the superio code'

Philippe Mathieu-Daudé (25):
  hw/isa: Move parallel_hds_isa_init() to hw/char/parallel-isa.c
  hw/dma/i8257: Rename DMA_init() to i8257_dma_init()
  hw/input/i8042: Extract declarations from i386/pc.h into input/i8042.h
  MAINTAINERS: Fix the PC87312 include path
  hw/isa/pc87312: Rename the device type as TYPE_PC87312_SUPERIO
  hw/isa/pc87312: Use uint16_t for the ISA I/O base address
  hw/isa/pc87312: Use 'unsigned int' for the irq value
  hw/isa/superio: Add a Super I/O template based on the PC87312 device
  hw/isa/pc87312: Inherit from the abstract TYPE_ISA_SUPERIO
  hw/isa/superio: Factor out the parallel code from pc87312.c
  hw/isa/superio: Factor out the serial code from pc87312.c
  hw/isa/superio: Factor out the floppy disc controller code from pc87312.c
  hw/isa/superio: Add a keyboard/mouse controller (8042)
  hw/isa/superio: Factor out the IDE code from pc87312.c
  hw/mips/malta: Code movement
  

Re: [Qemu-devel] [PATCH v6 00/11] xen: xen-domid-restrict improvements

[no-reply]

Hi,

This series failed build test on ppcle host. Please find the details below.

Message-id: 1520530757-4477-1-git-send-email-ian.jack...@eu.citrix.com
Subject: [Qemu-devel] [PATCH v6 00/11] xen: xen-domid-restrict improvements
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
# Testing script will be invoked under the git checkout with
# HEAD pointing to a commit that has the patches applied on top of "base"
# branch
set -e
echo "=== ENV ==="
env
echo "=== PACKAGES ==="
rpm -qa
echo "=== TEST BEGIN ==="
INSTALL=$PWD/install
BUILD=$PWD/build
mkdir -p $BUILD $INSTALL
SRC=$PWD
cd $BUILD
$SRC/configure --prefix=$INSTALL
make -j100
# XXX: we need reliable clean up
# make check -j100 V=1
make install
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Submodule 'capstone' (git://git.qemu.org/capstone.git) registered for path 
'capstone'
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Submodule 'roms/QemuMacDrivers' (git://git.qemu.org/QemuMacDrivers.git) 
registered for path 'roms/QemuMacDrivers'
Submodule 'roms/SLOF' (git://git.qemu-project.org/SLOF.git) registered for path 
'roms/SLOF'
Submodule 'roms/ipxe' (git://git.qemu-project.org/ipxe.git) registered for path 
'roms/ipxe'
Submodule 'roms/openbios' (git://git.qemu-project.org/openbios.git) registered 
for path 'roms/openbios'
Submodule 'roms/openhackware' (git://git.qemu-project.org/openhackware.git) 
registered for path 'roms/openhackware'
Submodule 'roms/qemu-palcode' (git://github.com/rth7680/qemu-palcode.git) 
registered for path 'roms/qemu-palcode'
Submodule 'roms/seabios' (git://git.qemu-project.org/seabios.git/) registered 
for path 'roms/seabios'
Submodule 'roms/seabios-hppa' (git://github.com/hdeller/seabios-hppa.git) 
registered for path 'roms/seabios-hppa'
Submodule 'roms/sgabios' (git://git.qemu-project.org/sgabios.git) registered 
for path 'roms/sgabios'
Submodule 'roms/skiboot' (git://git.qemu.org/skiboot.git) registered for path 
'roms/skiboot'
Submodule 'roms/u-boot' (git://git.qemu-project.org/u-boot.git) registered for 
path 'roms/u-boot'
Submodule 'roms/u-boot-sam460ex' (git://github.com/zbalaton/u-boot-sam460ex) 
registered for path 'roms/u-boot-sam460ex'
Submodule 'roms/vgabios' (git://git.qemu-project.org/vgabios.git/) registered 
for path 'roms/vgabios'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 'capstone'...
Submodule path 'capstone': checked out 
'22ead3e0bfdb87516656453336160e0a37b066bf'
Cloning into 'dtc'...
Submodule path 'dtc': checked out 'e54388015af1fb4bf04d0bca99caba1074d9cc42'
Cloning into 'roms/QemuMacDrivers'...
Submodule path 'roms/QemuMacDrivers': checked out 
'd4e7d7ac663fcb55f1b93575445fcbca372f17a7'
Cloning into 'roms/SLOF'...
Submodule path 'roms/SLOF': checked out 
'fa981320a1e0968d6fc1b8de319723ff8212b337'
Cloning into 'roms/ipxe'...
Submodule path 'roms/ipxe': checked out 
'0600d3ae94f93efd10fc6b3c7420a9557a3a1670'
Cloning into 'roms/openbios'...
Submodule path 'roms/openbios': checked out 
'54d959d97fb331708767b2fd4a878efd2bbc41bb'
Cloning into 'roms/openhackware'...
Submodule path 'roms/openhackware': checked out 
'c559da7c8eec5e45ef1f67978827af6f0b9546f5'
Cloning into 'roms/qemu-palcode'...
Submodule path 'roms/qemu-palcode': checked out 
'f3c7e44c70254975df2a00af39701eafbac4d471'
Cloning into 'roms/seabios'...
Submodule path 'roms/seabios': checked out 
'63451fca13c75870e1703eb3e20584d91179aebc'
Cloning into 'roms/seabios-hppa'...
Submodule path 'roms/seabios-hppa': checked out 
'649e6202b8d65d46c69f542b1380f840fbe8ab13'
Cloning into 'roms/sgabios'...
Submodule path 'roms/sgabios': checked out 
'cbaee52287e5f32373181cff50a00b6c4ac9015a'
Cloning into 'roms/skiboot'...
Submodule path 'roms/skiboot': checked out 
'e0ee24c27a172bcf482f6f2bc905e6211c134bcc'
Cloning into 'roms/u-boot'...
Submodule path 'roms/u-boot': checked out 
'd85ca029f257b53a96da6c2fb421e78a003a9943'
Cloning into 'roms/u-boot-sam460ex'...
Submodule path 'roms/u-boot-sam460ex': checked out 
'119aa277f74a4a2d3f7ab6c9471292308eba14e4'
Cloning into 'roms/vgabios'...
Submodule path 'roms/vgabios': checked out 
'19ea12c230ded95928ecaef0db47a82231c2e485'
Cloning into 'ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
Switched to a new branch 'test'
3ca7aa0 scripts/get_maintainer.pl: Print proper error message for missing $file
cd8d608 xen: Expect xenstore write to fail when restricted
ba5 xen: Use newly added dmops for mapping VGA memory
e0d142e configure: do_compiler: Dump some extra info under bash
40aee2f os-posix: Provide new -runas : facility
e772cd9 xen: destroy_hvm_domain: Try xendevicemodel_shutdown
dcba1d7 xen: move xc_interface compatibility fallback further up the file
214d2ff xen: destroy_hvm_domain: Move reason into a variable
ba73bde xen: defer call to xen_restrict until just before os_setup_post
b1eed69 xen: restrict: use 

Re: [Qemu-devel] [PATCH v6 00/11] xen: xen-domid-restrict improvements

[Ian Jackson]

For reasons I still don't quite understand, this cover letter was not
sent to the whole CC list so I am doing that by hand now.

Ian Jackson writes ("[PATCH v6 00/11] xen: xen-domid-restrict improvements"):
> This series provides necessary support for running qemu as a Xen
> device model without power equivalent to root.  In particular, it
> makes -xen-domid-restrict effective.
> 
> I have taken into account all the comments from v5 (from October!) and
> there are also two new patches from Ross Lagerwall.
> 
>   m  a [PATCH 01/11] xen: link against xentoolcore
>  a [PATCH 02/11] xen: restrict: use xentoolcore_restrict_all
> r  [PATCH 03/11] xen: defer call to xen_restrict until just before
>  a [PATCH 04/11] xen: destroy_hvm_domain: Move reason into a variable
> ra [PATCH 05/11] xen: move xc_interface compatibility fallback further
>   * r  [PATCH 06/11] xen: destroy_hvm_domain: Try xendevicemodel_shutdown
>   * r  [PATCH 07/11] os-posix: Provide new -runas : facility
>   m[PATCH 08/11] configure: do_compiler: Dump some extra info under bash
>   +[PATCH 09/11] xen: Use newly added dmops for mapping VGA memory
>   +[PATCH 10/11] xen: Expect xenstore write to fail when restricted
>   +[PATCH 11/11] scripts/get_maintainer.pl: Print proper error message
> 
>  m = commit message (only) changed in v6 of the series
>  * = patch changed in v6 of the series
>  + = new patch
>  r = reviewed (by someone other than me)
>  a = acked
> 
> Thanks for your attention.
> 
> Regards,
> Ian.

Re: [Qemu-devel] [PATCH v6 00/11] xen: xen-domid-restrict improvements

[Ian Jackson]

no-re...@patchew.org writes ("Re: [Qemu-devel] [PATCH v6 00/11] xen: 
xen-domid-restrict improvements"):
> This series seems to have some coding style problems. See output below for
> more information:

Obviously I should have run checkpatch myself.  I will send a v6.1.

Ian.

Re: [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object

[Brijesh Singh]

On 3/8/18 10:49 AM, Daniel P. Berrangé wrote:
> On Thu, Mar 08, 2018 at 06:48:41AM -0600, Brijesh Singh wrote:
>> Add a new memory encryption object 'sev-guest'. The object will be used
>> to create enrypted VMs on AMD EPYC CPU. The object provides the properties
>> to pass guest owner's public Diffie-hellman key, guest policy and session
>> information required to create the memory encryption context within the
>> SEV firmware.
>>
>> e.g to launch SEV guest
>>  # $QEMU \
>> -object sev-guest,id=sev0 \
>> -machine ,memory-encryption=sev0
>>
>> Cc: Paolo Bonzini 
>> Cc: Richard Henderson 
>> Cc: Eduardo Habkost 
>> Signed-off-by: Brijesh Singh 
>
>> diff --git a/qemu-options.hx b/qemu-options.hx
>> index 4c280142c52c..6113bce08a8c 100644
>> --- a/qemu-options.hx
>> +++ b/qemu-options.hx
>> @@ -4353,6 +4353,50 @@ contents of @code{iv.b64} to the second secret
>>   data=$SECRET,iv=$(>  @end example
>>  
>> +@item -object 
>> sev-guest,id=@var{id},cbitpos=@var{cbitpos},reduced-phys-bits=@var{val},[sev-device=@var{string},policy=@var{policy},handle=@var{handle},dh-cert-file=@var{file},session-file=@var{file}]
>> +
>> +Create a Secure Encrypted Virtualization (SEV) guest object, which can be 
>> used
>> +to provide the guest memory encryption support on AMD processors.
>> +
>> +When memory encryption is enabled, one of the physical address bit (aka the
>> +C-bit) is utilized to mark if a memory page is protected. The 
>> @option{cbitpos}
>> +is used to provide the C-bit position. The C-bit position is Host family 
>> dependent
>> +hence user must provide this value. On EPYC, the value should be 47.
>> +
>> +When memory encryption is enabled, we loose certain bits in physical 
>> address space.
>> +The @option{reduced-phys-bits} is used to provide the number of bits we 
>> loose in
>> +physical address space. Similar to C-bit, the value is Host family 
>> dependent.
>> +On EPYC, the value should be 5.
> Is it valid to specify a different value for either of these properties ?
> eg what happens if I pass cbitpos=45 instead of 47 on an EPYC host ?

On EPYC, passing anything other than 47 will trigger error during SEV
guest initialization. The value of Cbit position is host dependent, the
value is readonly and can be obtained through the host CPUID.  The
cbitpos must be same between guest and host. Please note that the pte's
in guest page table will need to use the cbitpos  information to mark
the pages as encrypted. If cbit position given to the guest is different
from the host then guest will fail to execute.

>
> In particular I thinking about possible migration scenario, where EPYC
> uses 47 by default but some $NEXT AMD CPU uses 48 by default. In that
> case we might want to use '47' on both CPUs if we need ability to live
> migrate between different host CPU generations. Would that be valid ?

We will not be able to migrate SEV guests if cbit position does not
match between the source and destination hosts. Since during migration,
the destination guest is launched with same QEMU cli as source hence
cbitpos check in QEMU will catch it and fail the new launch. Optionally,
user can call query-sev-capabilities on both source and destination to
see if cbitpos is compatible before attempting to migrate the guest.

> On the flip side, if the value really it strictly tied to the host
> CPU family and no deviation is permitted, could the kernel not just
> pick the right value automatically avoiding the config option ?
>

I think doing so will be an issue for the migration. Consider your above
use case, a SEV guest is running on EPYC with cbitpos=47 and if we
migrate to some $NEXT AMD CPU which uses need to use cbitpos=48 and we
will fail to resume the guest on destination after migrating.

>
> Regards,
> Daniel

Re: [Qemu-devel] [RFC PATCH v2 21/22] hw/alpha/dp264: Use the TYPE_SMC37C669_SUPERIO

[Philippe Mathieu-Daudé]

On 03/08/2018 09:39 PM, Philippe Mathieu-Daudé wrote:
> On 03/05/2018 10:19 PM, Philippe Mathieu-Daudé wrote:
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  default-configs/alpha-softmmu.mak |  3 +++
>>  hw/alpha/dp264.c  | 10 --
>>  2 files changed, 7 insertions(+), 6 deletions(-)
>>
>> diff --git a/default-configs/alpha-softmmu.mak 
>> b/default-configs/alpha-softmmu.mak
>> index 3740adc5e9..bbe361f01a 100644
>> --- a/default-configs/alpha-softmmu.mak
>> +++ b/default-configs/alpha-softmmu.mak
>> @@ -7,6 +7,9 @@ CONFIG_SERIAL_ISA=y
>>  CONFIG_I82374=y
>>  CONFIG_I8254=y
>>  CONFIG_I8257=y
>> +CONFIG_PARALLEL=y
>> +CONFIG_PARALLEL_ISA=y
>> +CONFIG_FDC=y
>>  CONFIG_PCKBD=y
>>  CONFIG_VGA_CIRRUS=y
>>  CONFIG_IDE_CORE=y
>> diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
>> index ffad678ea7..80b987f7fb 100644
>> --- a/hw/alpha/dp264.c
>> +++ b/hw/alpha/dp264.c
>> @@ -19,8 +19,7 @@
>>  #include "hw/timer/mc146818rtc.h"
>>  #include "hw/ide.h"
>>  #include "hw/timer/i8254.h"
>> -#include "hw/input/i8042.h"
>> -#include "hw/char/serial.h"
>> +#include "hw/isa/superio.h"
>>  #include "hw/dma/i8257.h"
>>  #include "qemu/cutils.h"
>>  
>> @@ -83,14 +82,10 @@ static void clipper_init(MachineState *machine)
>>  mc146818_rtc_init(isa_bus, 1900, rtc_irq);
>>  
>>  i8254_pit_init(isa_bus, 0x40, 0, NULL);
>> -isa_create_simple(isa_bus, TYPE_I8042);
>>  
>>  /* VGA setup.  Don't bother loading the bios.  */
>>  pci_vga_init(pci_bus);
>>  
>> -/* Serial code setup.  */
>> -serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
>> -
>>  /* Network setup.  e1000 is good enough, failing Tulip support.  */
>>  for (i = 0; i < nb_nics; i++) {
>>  pci_nic_init_nofail(_table[i], pci_bus, "e1000", NULL);
>> @@ -99,6 +94,9 @@ static void clipper_init(MachineState *machine)
>>  /* 2 82C37 (dma) */
>>  isa_create_simple(isa_bus, "i82374");
>>  
>> +/* Super I/O */
>> +isa_create_simple(isa_bus, TYPE_SMC37C669_SUPERIO);
>> +
>>  /* IDE disk setup.  */
>>  {
>>  DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
>>
> 
> Booting linux with:
> 
> qemu-system-alpha -kernel vmlinux-smp -nographic -append 'console=srm
> printk.time=0'
> 
> diffing the console before/after (master/series):
> 
>   platform rtc-alpha: rtc core: registered rtc-alpha as rtc0
>   Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled
>   serial8250: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
> + serial8250: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
>   serio: i8042 KBD port at 0x60,0x64 irq 1
>   serio: i8042 AUX port at 0x60,0x64 irq 12
>   mousedev: PS/2 mouse device common for all mice
>   input: AT Translated Set 2 keyboard as
> /devices/platform/i8042/serio0/input/input0
> 
> The only diff is the 2nd uart discovered (ttyS1), since the SMC37C669
> provides 2 (everything else is exactly the same - except the RTC time).
> 
> So alpha-softmmu behaves correctly.

And the "info qtree" diff:

   dev: isabus-bridge, id ""
 bus: isa.0
   type ISA
+  dev: i8042, id ""
+gpio-out "a20" 1
+isa irqs 1,12
+  dev: isa-fdc, id ""
+iobase = 1008 (0x3f0)
+irq = 6 (0x6)
+dma = 2 (0x2)
+driveA = ""
+driveB = ""
+check_media_rate = true
+fdtypeA = "auto"
+fdtypeB = "auto"
+fallback = "288"
+isa irq 6
+bus: floppy-bus.0
+  type floppy-bus
+  dev: floppy, id ""
+unit = 0 (0x0)
+drive = "floppy0"
+logical_block_size = 512 (0x200)
+physical_block_size = 512 (0x200)
+min_io_size = 0 (0x0)
+opt_io_size = 0 (0x0)
+discard_granularity = 4294967295 (0x)
+write-cache = "auto"
+share-rw = false
+drive-type = "288"
+  dev: isa-serial, id ""
+index = 1 (0x1)
+iobase = 760 (0x2f8)
+irq = 3 (0x3)
+chardev = "discarding-serial1"
+wakeup = 0 (0x0)
+isa irq 3
   dev: isa-serial, id ""
 index = 0 (0x0)
 iobase = 1016 (0x3f8)
@@ -13,9 +47,25 @@
 chardev = "serial0"
 wakeup = 0 (0x0)
 isa irq 4
-  dev: i8042, id ""
-gpio-out "a20" 1
-isa irqs 1,12
+  dev: isa-parallel, id ""
+index = 0 (0x0)
+iobase = 956 (0x3bc)
+irq = 7 (0x7)
+chardev = "parallel0"
+isa irq 7
+  dev: smc37c669-superio, id ""
+  dev: i8257, id ""
+base = 192 (0xc0)
+page-base = 136 (0x88)
+pageh-base = 1160 (0x488)
+dshift = 1 (0x1)
+  dev: i8257, id ""
+base = 0 (0x0)
+page-base = 128 (0x80)
+pageh-base = 1152 (0x480)
+dshift = 0 (0x0)
+  dev: i82374, id ""
+iobase = 1024 (0x400)
   dev: isa-pit, id ""
 gpio-in "" 1
 gpio-out "" 1
 ...


and "info 

Re: [Qemu-devel] [PATCH v12 28/28] tests/qmp-test: blacklist sev specific qmp commands

[Eduardo Habkost]

On Thu, Mar 08, 2018 at 02:18:55PM -0600, Brijesh Singh wrote:
> 
> 
> On 3/8/18 11:08 AM, Daniel P. Berrangé wrote:
> > On Thu, Mar 08, 2018 at 06:49:01AM -0600, Brijesh Singh wrote:
> >> Blacklist the following commands to fix the 'make check' failure.
> >>
> >> query-sev-launch-measure: it returns meaninful data only when we launch
> >> SEV guest otherwise the command returns an error.
> >>
> >> query-sev: it return an error when SEV is not available on host (e.g non
> >> X86 platform or KVM is disabled at the build time)
> >>
> >> query-sev-capabilities: it returns an error when SEV feature is not
> >> available on host machine.
> > We generally expect 'make check' to succeed on every single patch
> > in a series, so that 'git bisect' doesn't break.
> >
> > So you should add each command to the blacklist in the same commit
> > that introduced the failure in the first place.
> 
> 
> Sure, I can quickly send the updated patch series to address your this
> concern, but before spamming everyone's inbox I was wondering if I can
> get some indication whether this series will make into 2.12 merge.
> 
> Paolo, Eduardo and Richard,
> 
> Most of the changes are in x86 directory hence any thought if you are
> considering this series for 2.12 ? I have been testing the series with
> and without SEV support and so far have not ran into any issue. if you
> are not planning to pull this series in 2.12 then I will wait a bit
> longer to get more feedback before sending the updates to address
> Daniel's comment. thanks

Trying to merge it before 2.12 soft freeze (next Tuesday) still
looks like a reasonable goal to me.  What do others think?

-- 
Eduardo

Re: [Qemu-devel] [RFC] Defining firmware (OVMF, et al) metadata format & file

[Laszlo Ersek]

On 03/08/18 16:47, Daniel P. Berrangé wrote:
> On Thu, Mar 08, 2018 at 12:10:30PM +0100, Laszlo Ersek wrote:

>> I suggest (or agree) that the property list be composed of free-form
>> name=value pairs (at least conceptually). I understand Gerd is proposing
>> a QAPI schema for this, so maybe do { property_name : "foo",
>> property_value : "bar" }, or similar. The registry of properties (names,
>> possible values, meanings) should be kept separate (although possibly
>> still under QEMU).
>>
>> For OVMF (x86), I guess the initial set of properties should come from
>> the "-D FOO[=BAR]" build flags that OVMF currently supports. (The list
>> might grow or change incompatibly over time, so this is just a raw
>> starter idea.)
> 
> I really don't want to see us using firmware implementation specific
> property names in these files. It means libvirt will require knowledge
> of what each different firmware's property names mean.
> 
> We need to have some core standardized set of property names that can
> be provided by any firmware implementation using the same terminology.
> 
> If we want to /also/ provide some extra firmeware-specific property
> names that would be ok for informative purposes, but when lbivirt is
> picking which firmware file to use, it would only ever look at the
> standardized property names/values.

This is a reasonable requirement from the libvirt side.

Unfortunately (or not), it requires someone (or a tight group of people)
to collect the features of all virtual firmwares in existence, and
extract a common set of properties that maps back to each firmware one
way or another. This is not unusual (basically this is how all standards
bodies work that intend to codify existing practice), it just needs a
bunch of work and coordination. We'll have to maintain a registry.

Personally I can't comment on anything else than OVMF and the ArmVirt
firmwares.

Thanks,
Laszlo

Re: [Qemu-devel] [RFC PATCH v2 15/22] hw/isa/superio: Factor out the FDC37M817 Super I/O from mips_malta.c

[Philippe Mathieu-Daudé]

On 03/05/2018 10:19 PM, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/isa/superio.h |  2 ++
>  hw/isa/isa-superio.c | 20 
>  hw/mips/mips_malta.c | 35 ++-
>  3 files changed, 32 insertions(+), 25 deletions(-)
> 
> diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
> index 3dd5448f8c..b47aac3cf8 100644
> --- a/include/hw/isa/superio.h
> +++ b/include/hw/isa/superio.h
> @@ -54,4 +54,6 @@ typedef struct ISASuperIOClass {
>  ISASuperIOFuncs ide;
>  } ISASuperIOClass;
>  
> +#define TYPE_FDC37M81X_SUPERIO  "fdc37m81x-superio"
> +
>  #endif /* HW_ISA_SUPERIO_H */
> diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
> index 88d254a602..f1f699fc2f 100644
> --- a/hw/isa/isa-superio.c
> +++ b/hw/isa/isa-superio.c
> @@ -182,9 +182,29 @@ static const TypeInfo isa_superio_type_info = {
>  .class_init = isa_superio_class_init,
>  };
>  
> +/* SMS FDC37M817 Super I/O */
> +static void fdc37m81x_class_init(ObjectClass *klass, void *data)
> +{
> +ISASuperIOClass *sc = ISA_SUPERIO_CLASS(klass);
> +
> +sc->serial.count = 2; /* NS16C550A */
> +sc->parallel.count = 1;
> +sc->floppy.count = 1; /* SMSC 82077AA Compatible */
> +sc->ide.count = 0;
> +}
> +
> +static const TypeInfo fdc37m81x_type_info = {
> +.name  = TYPE_FDC37M81X_SUPERIO,
> +.parent= TYPE_ISA_SUPERIO,
> +.instance_size = sizeof(ISASuperIODevice),
> +.class_size= sizeof(ISASuperIOClass),
> +.class_init= fdc37m81x_class_init,
> +};
> +
>  static void isa_superio_register_types(void)
>  {
>  type_register_static(_superio_type_info);
> +type_register_static(_type_info);
>  }
>  
>  type_init(isa_superio_register_types)
> diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
> index 9e0724ca5a..f6513a4fd5 100644
> --- a/hw/mips/mips_malta.c
> +++ b/hw/mips/mips_malta.c
> @@ -27,14 +27,12 @@
>  #include "cpu.h"
>  #include "hw/hw.h"
>  #include "hw/i386/pc.h"
> +#include "hw/isa/superio.h"
>  #include "hw/dma/i8257.h"
>  #include "hw/char/serial.h"
> -#include "hw/char/parallel.h"
> -#include "hw/block/fdc.h"
>  #include "net/net.h"
>  #include "hw/boards.h"
>  #include "hw/i2c/smbus.h"
> -#include "sysemu/block-backend.h"
>  #include "hw/block/flash.h"
>  #include "hw/mips/mips.h"
>  #include "hw/mips/cpudevs.h"
> @@ -47,7 +45,6 @@
>  #include "hw/loader.h"
>  #include "elf.h"
>  #include "hw/timer/mc146818rtc.h"
> -#include "hw/input/i8042.h"
>  #include "hw/timer/i8254.h"
>  #include "sysemu/blockdev.h"
>  #include "exec/address-spaces.h"
> @@ -1005,10 +1002,8 @@ void mips_malta_init(MachineState *machine)
>  qemu_irq cbus_irq, i8259_irq;
>  int piix4_devfn;
>  I2CBus *smbus;
> -int i;
>  DriveInfo *dinfo;
>  DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
> -DriveInfo *fd[MAX_FD];
>  int fl_idx = 0;
>  int fl_sectors = bios_size >> 16;
>  int be;
> @@ -1023,15 +1018,6 @@ void mips_malta_init(MachineState *machine)
>  
>  qdev_init_nofail(dev);
>  
> -/* Make sure the first 3 serial ports are associated with a device. */
> -for(i = 0; i < 3; i++) {
> -if (!serial_hds[i]) {
> -char label[32];
> -snprintf(label, sizeof(label), "serial%d", i);
> -serial_hds[i] = qemu_chr_new(label, "null");
> -}
> -}
> -
>  /* create CPU */
>  mips_create_cpu(s, machine->cpu_type, _irq, _irq);
>  
> @@ -1067,7 +1053,14 @@ void mips_malta_init(MachineState *machine)
>  #else
>  be = 0;
>  #endif
> +
>  /* FPGA */
> +
> +/* Make sure the second serial port is associated with a device. */
> +if (!serial_hds[2]) {
> +serial_hds[2] = qemu_chr_new("fpga-uart", "null");
> +}
> +
>  /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
>  malta_fpga_init(system_memory, FPGA_ADDRESS, cbus_irq, serial_hds[2]);
>  
> @@ -1214,16 +1207,8 @@ void mips_malta_init(MachineState *machine)
>  smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
>  g_free(smbus_eeprom_buf);
>  
> -/* Super I/O */
> -isa_create_simple(isa_bus, TYPE_I8042);
> -
> -serial_hds_isa_init(isa_bus, 0, 2);
> -parallel_hds_isa_init(isa_bus, 1);
> -
> -for(i = 0; i < MAX_FD; i++) {
> -fd[i] = drive_get(IF_FLOPPY, 0, i);
> -}
> -fdctrl_init_isa(isa_bus, fd);
> +/* Super I/O: SMS FDC37M817 */
> +isa_create_simple(isa_bus, TYPE_FDC37M81X_SUPERIO);
>  
>  /* Network card */
>  network_init(pci_bus);
> 

Booting Aurelien Malta Linux image with this series applied, the console
is identical (also 'info mtree' in monitor).

Re: [Qemu-devel] [RFC PATCH v2 21/22] hw/alpha/dp264: Use the TYPE_SMC37C669_SUPERIO

[Philippe Mathieu-Daudé]

On 03/05/2018 10:19 PM, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  default-configs/alpha-softmmu.mak |  3 +++
>  hw/alpha/dp264.c  | 10 --
>  2 files changed, 7 insertions(+), 6 deletions(-)
> 
> diff --git a/default-configs/alpha-softmmu.mak 
> b/default-configs/alpha-softmmu.mak
> index 3740adc5e9..bbe361f01a 100644
> --- a/default-configs/alpha-softmmu.mak
> +++ b/default-configs/alpha-softmmu.mak
> @@ -7,6 +7,9 @@ CONFIG_SERIAL_ISA=y
>  CONFIG_I82374=y
>  CONFIG_I8254=y
>  CONFIG_I8257=y
> +CONFIG_PARALLEL=y
> +CONFIG_PARALLEL_ISA=y
> +CONFIG_FDC=y
>  CONFIG_PCKBD=y
>  CONFIG_VGA_CIRRUS=y
>  CONFIG_IDE_CORE=y
> diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
> index ffad678ea7..80b987f7fb 100644
> --- a/hw/alpha/dp264.c
> +++ b/hw/alpha/dp264.c
> @@ -19,8 +19,7 @@
>  #include "hw/timer/mc146818rtc.h"
>  #include "hw/ide.h"
>  #include "hw/timer/i8254.h"
> -#include "hw/input/i8042.h"
> -#include "hw/char/serial.h"
> +#include "hw/isa/superio.h"
>  #include "hw/dma/i8257.h"
>  #include "qemu/cutils.h"
>  
> @@ -83,14 +82,10 @@ static void clipper_init(MachineState *machine)
>  mc146818_rtc_init(isa_bus, 1900, rtc_irq);
>  
>  i8254_pit_init(isa_bus, 0x40, 0, NULL);
> -isa_create_simple(isa_bus, TYPE_I8042);
>  
>  /* VGA setup.  Don't bother loading the bios.  */
>  pci_vga_init(pci_bus);
>  
> -/* Serial code setup.  */
> -serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
> -
>  /* Network setup.  e1000 is good enough, failing Tulip support.  */
>  for (i = 0; i < nb_nics; i++) {
>  pci_nic_init_nofail(_table[i], pci_bus, "e1000", NULL);
> @@ -99,6 +94,9 @@ static void clipper_init(MachineState *machine)
>  /* 2 82C37 (dma) */
>  isa_create_simple(isa_bus, "i82374");
>  
> +/* Super I/O */
> +isa_create_simple(isa_bus, TYPE_SMC37C669_SUPERIO);
> +
>  /* IDE disk setup.  */
>  {
>  DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
> 

Booting linux with:

qemu-system-alpha -kernel vmlinux-smp -nographic -append 'console=srm
printk.time=0'

diffing the console before/after (master/series):

  platform rtc-alpha: rtc core: registered rtc-alpha as rtc0
  Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled
  serial8250: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
+ serial8250: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
  serio: i8042 KBD port at 0x60,0x64 irq 1
  serio: i8042 AUX port at 0x60,0x64 irq 12
  mousedev: PS/2 mouse device common for all mice
  input: AT Translated Set 2 keyboard as
/devices/platform/i8042/serio0/input/input0

The only diff is the 2nd uart discovered (ttyS1), since the SMC37C669
provides 2 (everything else is exactly the same - except the RTC time).

So alpha-softmmu behaves correctly.

Re: [Qemu-devel] [RFC PATCH v2 09/22] hw/isa/superio: Factor out the parallel code from pc87312.c

[Philippe Mathieu-Daudé]

On 03/05/2018 10:19 PM, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/isa/pc87312.h |  4 ---
>  include/hw/isa/superio.h |  6 +
>  hw/isa/isa-superio.c | 63 
> 
>  hw/isa/pc87312.c | 38 -
>  hw/isa/trace-events  |  4 ++-
>  5 files changed, 87 insertions(+), 28 deletions(-)
> 
> diff --git a/include/hw/isa/pc87312.h b/include/hw/isa/pc87312.h
> index f3761d6fe1..bcc4578479 100644
> --- a/include/hw/isa/pc87312.h
> +++ b/include/hw/isa/pc87312.h
> @@ -39,10 +39,6 @@ typedef struct PC87312State {
>  uint16_t iobase;
>  uint8_t config; /* initial configuration */
>  
> -struct {
> -ISADevice *dev;
> -} parallel;
> -
>  struct {
>  ISADevice *dev;
>  } uart[2];
> diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
> index cff6ad6c08..e9879cfde1 100644
> --- a/include/hw/isa/superio.h
> +++ b/include/hw/isa/superio.h
> @@ -23,7 +23,11 @@
>  OBJECT_CLASS_CHECK(ISASuperIOClass, (klass), TYPE_ISA_SUPERIO)
>  
>  typedef struct ISASuperIODevice {
> +/*< private >*/
>  ISADevice parent_obj;
> +/*< public >*/
> +
> +ISADevice *parallel[MAX_PARALLEL_PORTS];
>  } ISASuperIODevice;
>  
>  typedef struct ISASuperIOFuncs {
> @@ -39,6 +43,8 @@ typedef struct ISASuperIOClass {
>  ISADeviceClass parent_class;
>  /*< public >*/
>  DeviceRealize parent_realize;
> +
> +ISASuperIOFuncs parallel;
>  } ISASuperIOClass;
>  
>  #endif /* HW_ISA_SUPERIO_H */
> diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
> index f8b9f0..4e0b1af633 100644
> --- a/hw/isa/isa-superio.c
> +++ b/hw/isa/isa-superio.c
> @@ -10,13 +10,76 @@
>   * SPDX-License-Identifier: GPL-2.0-or-later
>   */
>  #include "qemu/osdep.h"
> +#include "qemu/error-report.h"
> +#include "sysemu/sysemu.h"
> +#include "chardev/char.h"
>  #include "hw/isa/superio.h"
>  #include "trace.h"
>  
> +static void isa_superio_realize(DeviceState *dev, Error **errp)
> +{
> +ISASuperIODevice *sio = ISA_SUPERIO(dev);
> +ISASuperIOClass *k = ISA_SUPERIO_GET_CLASS(sio);
> +ISABus *bus = isa_bus_from_device(ISA_DEVICE(dev));
> +ISADevice *isa;
> +DeviceState *d;
> +Chardev *chr;
> +char *name;
> +int i;
> +
> +/* Parallel port */
> +for (i = 0; i < k->parallel.count; i++) {
> +if (i >= ARRAY_SIZE(sio->parallel)) {
> +warn_report("superio: ignoring %ld parallel controllers",
> +k->parallel.count - ARRAY_SIZE(sio->parallel));
> +break;
> +}
> +if (!k->parallel.is_enabled || k->parallel.is_enabled(sio, i)) {
> +name = g_strdup_printf("discarding-parallel%d", i);
> +/* FIXME use a qdev chardev prop instead of parallel_hds[] */
> +chr = parallel_hds[i];
> +if (chr == NULL || chr->be) {
> +chr = qemu_chr_new(name, "null");
> +}
> +isa = isa_create(bus, "isa-parallel");
> +d = DEVICE(isa);
> +qdev_prop_set_uint32(d, "index", i);
> +if (k->parallel.get_iobase) {
> +qdev_prop_set_uint32(d, "iobase",
> + k->parallel.get_iobase(sio, i));
> +}
> +if (k->parallel.get_irq) {
> +qdev_prop_set_uint32(d, "irq", k->parallel.get_irq(sio, i));
> +}
> +qdev_prop_set_chr(d, "chardev", chr);
> +qdev_init_nofail(d);
> +sio->parallel[i] = isa;
> +trace_superio_create_parallel(i,
> +  k->parallel.get_iobase ?
> +  k->parallel.get_iobase(sio, i) : 
> -1,
> +  k->parallel.get_irq ?
> +  k->parallel.get_irq(sio, i) : -1);
> +object_property_add_child(OBJECT(dev), name,
> +  OBJECT(sio->parallel[i]), NULL);
> +g_free(name);
> +}
> +}
> +}
> +
> +static void isa_superio_class_init(ObjectClass *oc, void *data)
> +{
> +DeviceClass *dc = DEVICE_CLASS(oc);
> +
> +dc->realize = isa_superio_realize;
> +/* Reason: Uses parallel_hds[0] in realize(), so it can't be used twice 
> */
> +dc->user_creatable = false;
> +}
> +
>  static const TypeInfo isa_superio_type_info = {
>  .name = TYPE_ISA_SUPERIO,
>  .parent = TYPE_ISA_DEVICE,
>  .abstract = true,

I missed here:

   .class_size = sizeof(ISASuperIOClass),

> +.class_init = isa_superio_class_init,
>  };
>  
>  static void isa_superio_register_types(void)
> diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
> index 6b8100ff56..1c15715c69 100644
> --- a/hw/isa/pc87312.c
> +++ b/hw/isa/pc87312.c
> @@ -64,22 +64,25 @@
>  
>  /* Parallel port */
>  
> -static inline bool 

Re: [Qemu-devel] [PATCH 03/11] xen: defer call to xen_restrict until just before os_setup_post

[Eduardo Habkost]

On Thu, Mar 08, 2018 at 05:39:09PM +, Ian Jackson wrote:
[...]
> diff --git a/vl.c b/vl.c
> index dae986b..e6e8e1e 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -4719,6 +4719,7 @@ int main(int argc, char **argv, char **envp)
>  vm_start();
>  }
>  
> +xen_setup_post();

I don't think we should have accelerator-specific code in main(),
if we already have accelerator classes that can abstract that
out.  I suggest adding a AccelClass;:setup_post() method that can
be called here.

-- 
Eduardo

Re: [Qemu-devel] [PATCH 2/2 v2] slirp: Add classless static routes support to DHCP server

[Eric Blake]

On 03/08/2018 02:07 PM, Benjamin Drung wrote:

Am Donnerstag, den 08.03.2018, 13:46 -0600 schrieb Eric Blake:

On 03/08/2018 12:57 PM, Benjamin Drung wrote:

This patch will allow the user to specify classless static routes
for
the replies from the built-in DHCP server.

Signed-off-by: Benjamin Drung 
---


For future patches, when sending a v2, it's best to document here
(after
the --- separator) what changed from v1.  It's also a good idea to
send
a fresh thread rather than tying your v2 in-reply-to your v1, so that
it
doesn't get buried in an old conversation.

More submission hints at https://wiki.qemu.org/Contribute/SubmitAPatch


Thanks. I will do that with the next iteration. Patch v2 addressed all
remarks from Samuel Thibault.


At this point, since Samuel is the net maintainer, I'll trust his 
judgment on what interface works best; my review is only trying to make 
sure we don't bake in a UI mistake at the last minute (although we can 
adjust things during soft freeze, if needed).




   '*dnssearch': ['String'],
   '*domainname': 'str',
+'*route': ['String'],


I know we've used ['String'] for previous members, but that's rather
heavyweight - it transmits over QMP as:

"dnssearch": [ { "str": "foo" }, { "str": "bar" } ]

Nicer is ['str'], which transmits as:

"route": [ "foo", "bar" ]

so the question boils down to whether cross-member consistency is
more
important than making your additions concise.


Agreed that ['str'] is nicer. I will update the patch.


The problem is that ['str'] might not work easily for the command line 
glue; I'm more familiar with how QMP exposes things than with the 
command line parsing, and Markus, who is trying to improve command line 
parsing to share more common infrastructure with QMP, might have better 
comments on the topic, except that he's on leave for a few weeks and 
won't respond until after 2.12 is frozen.  Using ['String'] for 
consistency is therefore okay, if you can't get ['str'] working quickly.




@@ -1904,7 +1904,7 @@ DEF("netdev", HAS_ARG, QEMU_OPTION_netdev,
   " [,ipv6[=on|off]][,ipv6-net=addr[/int]][,ipv6-
host=addr]\n"


Here's an example where we made the command line smart.  ipv6-net takes 
TWO pieces of information: addr/int; on the QMP side, we spelled it 
'*ipv6-prefix':'str' + 'ipv6-prefixlen':'int'.  So somewhere in the 
command line parsing code for --net (which I'm less familiar with), 
there is some glue code taking the compact representation and splitting 
it into the more verbose but more direct QMP representation - well, that 
is, if we are converting it into QMP form at all (part of the problem is 
that our command line and runtime control don't always share code, 
although we're trying to get better at that).



+" [,route=addr/mask[:gateway]][,tftp=dir][,bootfile=f]
[,hostfwd=rule][,guestfwd=rule]"


Urgh - your QMP interface HAS to be further parsed to get to the
useful
information.  While it's nice to have compact syntax on the command
line, it is really worth thinking about making information easier to
consume (that is, NO further parsing required once the information is
in
JSON format).  Would it be any better to send things over the wire
as:

"route": [ { "addr": "...", "mask": 24, "gateway": "..." } ]


That's looks good.


Okay, doing that would mean using something like:

{ 'struct': 'RouteEntry', 'data': { 'addr': 'str', '*mask': 'int', 
'*gateway': 'str' } }

...
'route': [ 'RouteEntry' ]

(but reuse, rather than inventing a new type, if one of the existing QMP 
types already resembles what I proposed for RouteEntry)


The command line can still use route=addr/mask:gateway syntax, parse it 
down into components, then compile the QMP array of already-parsed 
structs (rather than making QMP take a direct ['String'] that still 
needs further parsing).  It may take more glue code, but the idea is 
that all the glue code should live on the front end, so that the QMP 
backend should be easy to work with.





instead of cramming all the information into a single string?  But
based
on the way this also maps to the command line, you may not have a
choice
without a lot more code complexity.


Can you point me to an example where similar parsing is done?


Hopefully my hint about command-line ipv6-net gets you started (as I 
said, I'm less familiar with the specifics of net code, so much as 
taking the interface point of view here).



+@example
+qemu -net user,route=10.0.2.0/24,route=192.168.0.0/16 [...]
+@end example


Can we please spell that '--net', along the lines of
https://wiki.qemu.org/BiteSizedTasks#Consistent_option_usage_in_docum
entation


I can change it, but then the documentation is inconsistent. There
are 75 lines with '-net' in qemu-options.hx, but only two lines
with '--net'.


Yeah, there's that.  But hopefully someone will tackle the bite-sized 
task to get things consistent, and once they do, leaving fewer places 
that still need 

Re: [Qemu-devel] [PULL] RISC-V QEMU Port Submission v8.2

[Michael Clark]

On Fri, Mar 9, 2018 at 12:48 AM, Daniel P. Berrangé 
wrote:

> On Thu, Mar 08, 2018 at 11:18:30AM +, Michael Clark wrote:
> > On Fri, 9 Mar 2018 at 12:10 AM, Michael Clark  wrote:
> >
> > > On Thu, 8 Mar 2018 at 11:02 PM, Peter Maydell <
> peter.mayd...@linaro.org>
> > > wrote:
> > >
> > >> On 6 March 2018 at 19:46, Michael Clark  wrote:
> > >> > -BEGIN PGP SIGNED MESSAGE-
> > >> > Hash: SHA1
> > >> >
> > >> > The following changes since commit
> > >> f32408f3b472a088467474ab152be3b6285b2d7b:
> > >> >
> > >> >   misc: don't use hwaddr as a type in trace events (2018-03-06
> 14:24:30
> > >> +)
> > >> >
> > >> > are available in the git repository at:
> > >> >
> > >> >   https://github.com/riscv/riscv-qemu.git
> tags/riscv-qemu-upstream-v8.2
> > >> >
> > >> > for you to fetch changes up to 7051b081bf6796e5e84406f6223a7c
> 4900bf7298:
> > >> >
> > >> >   RISC-V - Remove support for adhoc non-standard X_COP
> local-interrupt
> > >> (2018-03-07 08:36:03 +1300)
> > >>
> > >>
> > >> Hi -- I would have applied this, but some of the commits
> > >> have no signed-off-by lines.
> > >>
> > >> This is important, and I've already asked for it once. We cannot
> > >> accept anything that doesn't have a clear record in the commit
> > >> message of everybody (person or company) who's contributed code
> > >> to it, indicating that they're happy for their copyrighted
> > >> contributions to be taken into QEMU under our license. Lists
> > >> of names without emails in the cover letter are not sufficient.
> > >>
> > >> In fact a lot of the last part of this patchset looks like
> > >> unreviewed changes/fixes that if we were going to have them we
> > >> should have squashed into the correct patches and resent the
> > >> series for review. Please don't do this. Code review is an
> > >> important part of how the QEMU project works.
> > >
> > >
> > > You must be looking at the wrong tag. There are multiple sign-offs in
> all
> > > 23 commits. The tag is riscv-qemu-upstream-v8.2. Sagar and Bastian
> > > contacted me out of band to add their sign-offs. Please look at the
> commits
> > > again and tell me which commit id doesn’t have a sign-off on that tag
> (23
> > > commits iirc)
> > >
> >
> > I can forward you the mail out-of-band. I had to contact contributors to
> > get them to agree to change the license from MIT to GPLv2, based on a
> > request from Red Hat.
> >
> > You are making this very hard. Do you work for Arm perchance? I really
> > wouldn’t be surprised if our port is being sandbagged by Arm. Apologies
> for
> > being so direct about this, but things like this happen...
> >
> > I have complied with practically every review request and the sign-offs
> are
> > there. It’s a bit ridiculous.
> >
> > It would be nice to find someone neutral, unrelated to Arm, to merge our
> PR
>
> Please stop with these ridiculous conspiracy theories right away. It is a
> totally inappropriate and baseless accusation to make.
>

My apologies. I do tend towards conspiratorial thinking, and this is
related to a pain and anxiety disorder combined with insomnia. It seems the
issue is completely my fault and i'll apologise again on this email. I will
refrain from making any non-technical comments after this. I'm not trying
to make an excuse. I do tend towards conspiratorial thinking.

I'm obviously having trouble moving from a Github PR / merge flow, to a
Linux git-send-email based flow.

The Linux git-send-email based flow has a steeper learning curve... and the
mistakes are completely mine...

Sorry. I sincerely hope its accepted.

Peter is not trying to punish you with extra rules. Over time QEMU has been
> raising the bar for *all* contributions with extra code style checks,
> automated testing, and review. Unfortunately this does mean that the larger
> the patch series / feature, the more work is required to get to a mergable
> state, especially if the contributors are not previously familiar with QEMU
> development.
>
> Regards,
> Daniel
> --
> |: https://berrange.com  -o-https://www.flickr.com/photos/
> dberrange :|
> |: https://libvirt.org -o-
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org-o-https://www.instagram.com/
> dberrange :|
>

Re: [Qemu-devel] [PATCH 2/2 v2] slirp: Add classless static routes support to DHCP server

[Benjamin Drung]

Am Donnerstag, den 08.03.2018, 13:46 -0600 schrieb Eric Blake:
> On 03/08/2018 12:57 PM, Benjamin Drung wrote:
> > This patch will allow the user to specify classless static routes
> > for
> > the replies from the built-in DHCP server.
> > 
> > Signed-off-by: Benjamin Drung 
> > ---
> 
> For future patches, when sending a v2, it's best to document here
> (after 
> the --- separator) what changed from v1.  It's also a good idea to
> send 
> a fresh thread rather than tying your v2 in-reply-to your v1, so that
> it 
> doesn't get buried in an old conversation.
> 
> More submission hints at https://wiki.qemu.org/Contribute/SubmitAPatch

Thanks. I will do that with the next iteration. Patch v2 addressed all
remarks from Samuel Thibault.

> > +++ b/qapi/net.json
> > @@ -163,6 +163,9 @@
> >   # @domainname: guest-visible domain name of the virtual
> > nameserver
> >   #  (since 2.12)
> >   #
> > +# @route: guest-visible static classless route of the virtual
> > nameserver
> > +# (since 2.12)
> > +#
> >   # @ipv6-prefix: IPv6 network prefix (default is fec0::) (since
> >   #   2.6). The network prefix is given in the usual
> >   #   hexadecimal IPv6 address notation.
> > @@ -201,6 +204,7 @@
> >   '*dns':   'str',
> >   '*dnssearch': ['String'],
> >   '*domainname': 'str',
> > +'*route': ['String'],
> 
> I know we've used ['String'] for previous members, but that's rather 
> heavyweight - it transmits over QMP as:
> 
> "dnssearch": [ { "str": "foo" }, { "str": "bar" } ]
> 
> Nicer is ['str'], which transmits as:
> 
> "route": [ "foo", "bar" ]
> 
> so the question boils down to whether cross-member consistency is
> more 
> important than making your additions concise.

Agreed that ['str'] is nicer. I will update the patch.

> > +++ b/qemu-options.hx
> > @@ -1904,7 +1904,7 @@ DEF("netdev", HAS_ARG, QEMU_OPTION_netdev,
> >   " [,ipv6[=on|off]][,ipv6-net=addr[/int]][,ipv6-
> > host=addr]\n"
> >   " [,restrict=on|off][,hostname=host][,dhcpstart=addr]
> > \n"
> >   " [,dns=addr][,ipv6-
> > dns=addr][,dnssearch=domain][,domainname=domain]\n"
> > -" [,tftp=dir][,bootfile=f][,hostfwd=rule][,guestfwd=ru
> > le]"
> > +" [,route=addr/mask[:gateway]][,tftp=dir][,bootfile=f]
> > [,hostfwd=rule][,guestfwd=rule]"
> 
> Urgh - your QMP interface HAS to be further parsed to get to the
> useful 
> information.  While it's nice to have compact syntax on the command 
> line, it is really worth thinking about making information easier to 
> consume (that is, NO further parsing required once the information is
> in 
> JSON format).  Would it be any better to send things over the wire
> as:
> 
> "route": [ { "addr": "...", "mask": 24, "gateway": "..." } ]

That's looks good.

> instead of cramming all the information into a single string?  But
> based 
> on the way this also maps to the command line, you may not have a
> choice 
> without a lot more code complexity.

Can you point me to an example where similar parsing is done?

> >   #ifndef _WIN32
> >"[,smb=dir[,smbserve
> > r=addr]]\n"
> >   #endif
> > @@ -2137,6 +2137,18 @@ qemu -net
> > user,dnssearch=mgmt.example.org,dnssearch=example.org [...]
> >   @item domainname=@var{domain}
> >   Specifies the client domain name reported by the built-in DHCP
> > server.
> >   
> > +@item route=@var{addr}/@var{mask}[:@var{gateway}]
> > +Provides an entry for the classless static routes list sent by the
> > built-in
> > +DHCP server. More than one route can be transmitted by specifying
> > +this option multiple times. If supported, this will cause the
> > guest to
> > +automatically set the given static routes instead of the given
> > default gateway.
> > +If @var{gateway} is not specified, the default gateway will be
> > used.
> > +
> > +Example:
> > +@example
> > +qemu -net user,route=10.0.2.0/24,route=192.168.0.0/16 [...]
> > +@end example
> 
> Can we please spell that '--net', along the lines of 
> https://wiki.qemu.org/BiteSizedTasks#Consistent_option_usage_in_docum
> entation

I can change it, but then the documentation is inconsistent. There
are 75 lines with '-net' in qemu-options.hx, but only two lines
with '--net'.

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin

Email: benjamin.dr...@profitbricks.com
URL: https://www.profitbricks.de

Sitz der Gesellschaft: Berlin
Registergericht: Amtsgericht Charlottenburg, HRB 125506 B
Geschäftsführer: Achim Weiss, Matthias Steinberg

[Qemu-devel] [PATCH v4 26/29] vhost: Huge page align and merge

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

Align RAMBlocks to page size alignment, and adjust the merging code
to deal with partial overlap due to that alignment.

This is needed for postcopy so that we can place/fetch whole hugepages
when under userfault.

Signed-off-by: Dr. David Alan Gilbert 
---
 hw/virtio/trace-events |  3 ++-
 hw/virtio/vhost.c  | 66 ++
 2 files changed, 58 insertions(+), 11 deletions(-)

diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events
index 857c495e65..1422ff03ab 100644
--- a/hw/virtio/trace-events
+++ b/hw/virtio/trace-events
@@ -3,7 +3,8 @@
 # hw/virtio/vhost.c
 vhost_commit(bool started, bool changed) "Started: %d Changed: %d"
 vhost_region_add_section(const char *name, uint64_t gpa, uint64_t size, 
uint64_t host) "%s: 0x%"PRIx64"+0x%"PRIx64" @ 0x%"PRIx64
-vhost_region_add_section_abut(const char *name, uint64_t new_size) "%s: 
0x%"PRIx64
+vhost_region_add_section_merge(const char *name, uint64_t new_size, uint64_t 
gpa, uint64_t owr) "%s: size: 0x%"PRIx64 " gpa: 0x%"PRIx64 " owr: 0x%"PRIx64
+vhost_region_add_section_aligned(const char *name, uint64_t gpa, uint64_t 
size, uint64_t host) "%s: 0x%"PRIx64"+0x%"PRIx64" @ 0x%"PRIx64
 vhost_section(const char *name, int r) "%s:%d"
 
 # hw/virtio/vhost-user.c
diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index d8d0ef92e1..250f886acb 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -522,10 +522,28 @@ static void vhost_region_add_section(struct vhost_dev 
*dev,
 uint64_t mrs_gpa = section->offset_within_address_space;
 uintptr_t mrs_host = (uintptr_t)memory_region_get_ram_ptr(section->mr) +
  section->offset_within_region;
+RAMBlock *mrs_rb = section->mr->ram_block;
+size_t mrs_page = qemu_ram_pagesize(mrs_rb);
 
 trace_vhost_region_add_section(section->mr->name, mrs_gpa, mrs_size,
mrs_host);
 
+/* Round the section to it's page size */
+/* First align the start down to a page boundary */
+uint64_t alignage = mrs_host & (mrs_page - 1);
+if (alignage) {
+mrs_host -= alignage;
+mrs_size += alignage;
+mrs_gpa  -= alignage;
+}
+/* Now align the size up to a page boundary */
+alignage = mrs_size & (mrs_page - 1);
+if (alignage) {
+mrs_size += mrs_page - alignage;
+}
+trace_vhost_region_add_section_aligned(section->mr->name, mrs_gpa, 
mrs_size,
+   mrs_host);
+
 if (dev->n_tmp_sections) {
 /* Since we already have at least one section, lets see if
  * this extends it; since we're scanning in order, we only
@@ -542,18 +560,46 @@ static void vhost_region_add_section(struct vhost_dev 
*dev,
 prev_sec->offset_within_region;
 uint64_t prev_host_end   = range_get_last(prev_host_start, prev_size);
 
-if (prev_gpa_end + 1 == mrs_gpa &&
-prev_host_end + 1 == mrs_host &&
-section->mr == prev_sec->mr &&
-(!dev->vhost_ops->vhost_backend_can_merge ||
-dev->vhost_ops->vhost_backend_can_merge(dev,
+if (mrs_gpa <= (prev_gpa_end + 1)) {
+/* OK, looks like overlapping/intersecting - it's possible that
+ * the rounding to page sizes has made them overlap, but they 
should
+ * match up in the same RAMBlock if they do.
+ */
+if (mrs_gpa < prev_gpa_start) {
+error_report("%s:Section rounded to %"PRIx64
+ " prior to previous %"PRIx64,
+ __func__, mrs_gpa, prev_gpa_start);
+/* A way to cleanly fail here would be better */
+return;
+}
+/* Offset from the start of the previous GPA to this GPA */
+size_t offset = mrs_gpa - prev_gpa_start;
+
+if (prev_host_start + offset == mrs_host &&
+section->mr == prev_sec->mr &&
+(!dev->vhost_ops->vhost_backend_can_merge ||
+ dev->vhost_ops->vhost_backend_can_merge(dev,
 mrs_host, mrs_size,
 prev_host_start, prev_size))) {
-/* The two sections abut */
-need_add = false;
-prev_sec->size = int128_add(prev_sec->size, section->size);
-trace_vhost_region_add_section_abut(section->mr->name,
-mrs_size + prev_size);
+uint64_t max_end = MAX(prev_host_end, mrs_host + mrs_size);
+need_add = false;
+prev_sec->offset_within_address_space =
+MIN(prev_gpa_start, mrs_gpa);
+prev_sec->offset_within_region =
+MIN(prev_host_start, mrs_host) -
+(uintptr_t)memory_region_get_ram_ptr(prev_sec->mr);
+prev_sec->size 

Re: [Qemu-devel] [PATCH v12 28/28] tests/qmp-test: blacklist sev specific qmp commands

[Brijesh Singh]

On 3/8/18 11:08 AM, Daniel P. Berrangé wrote:
> On Thu, Mar 08, 2018 at 06:49:01AM -0600, Brijesh Singh wrote:
>> Blacklist the following commands to fix the 'make check' failure.
>>
>> query-sev-launch-measure: it returns meaninful data only when we launch
>> SEV guest otherwise the command returns an error.
>>
>> query-sev: it return an error when SEV is not available on host (e.g non
>> X86 platform or KVM is disabled at the build time)
>>
>> query-sev-capabilities: it returns an error when SEV feature is not
>> available on host machine.
> We generally expect 'make check' to succeed on every single patch
> in a series, so that 'git bisect' doesn't break.
>
> So you should add each command to the blacklist in the same commit
> that introduced the failure in the first place.


Sure, I can quickly send the updated patch series to address your this
concern, but before spamming everyone's inbox I was wondering if I can
get some indication whether this series will make into 2.12 merge.

Paolo, Eduardo and Richard,

Most of the changes are in x86 directory hence any thought if you are
considering this series for 2.12 ? I have been testing the series with
and without SEV support and so far have not ran into any issue. if you
are not planning to pull this series in 2.12 then I will wait a bit
longer to get more feedback before sending the updates to address
Daniel's comment. thanks


 
>> Cc: "Daniel P. Berrangé" 
>> Cc: "Dr. David Alan Gilbert" 
>> Cc: Markus Armbruster 
>> Reviewed-by: "Dr. David Alan Gilbert" 
>> Signed-off-by: Brijesh Singh 
>> ---
>>  tests/qmp-test.c | 5 +
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/tests/qmp-test.c b/tests/qmp-test.c
>> index 22445d9ec258..7470c6b754bc 100644
>> --- a/tests/qmp-test.c
>> +++ b/tests/qmp-test.c
>> @@ -204,6 +204,11 @@ static bool query_is_blacklisted(const char *cmd)
>>  "query-gic-capabilities", /* arm */
>>  /* Success depends on target-specific build configuration: */
>>  "query-pci",  /* CONFIG_PCI */
>> +/* Success depends on launching SEV guest */
>> +"query-sev-launch-measure",
>> +/* Success depends on Host or Hypervisor SEV support */
>> +"query-sev",
>> +"query-sev-capabilities",
>>  NULL
>>  };
>>  int i;
>> -- 
>> 2.14.3
>>
> Regards,
> Daniel

Re: [Qemu-devel] [PATCH v2 0/2] block latency histogram

[Emilio G. Cota]

On Thu, Mar 08, 2018 at 22:07:35 +0300, Vladimir Sementsov-Ogievskiy wrote:
> 08.03.2018 21:56, Emilio G. Cota wrote:
> >  * Binning happens only at print time, so that we retain the flexibility to
> >  * choose the binning. This might not be ideal for workloads that do not 
> > care
> >  * much about precision and insert many samples all with different x values;
> >  * in that case, pre-binning (e.g. entering both 0.115 and 0.097 as 0.1)
> >  * should be considered.
(snip)
> In this case, I'll have to do same bin search (and store same interval
> settings) as I already do, on my part, to calculate a parameter for qdist
> interface. And I'll have store almost all same data on my part. So, it
> doesn't really help. And I need nothing of qdist benefits: I don't need (and
> don't want) dynamic allocation of bins on adding an element or any type of
> visualization.

I see. You require a couple of features that qdist doesn't yet support:

- Arbitrarily-sized, pre-defined bins.
- Support for querying the data programmatically instead of just
  printing it out.

We could circumvent the first missing feature with pre-binning,
but in that case we'd do a bsearch twice as you point out (BTW
your concern about memory allocation wouldn't apply though).

The second missing feature should be easy to add to qdist.

That said, given that you want this in for 2.12, I'd go with your
approach for now. In the future we should look into supporting
your use case in qdist, since it is likely that there will be
more users with a similar need.

Thanks,

Emilio

[Qemu-devel] [PATCH v4 25/29] vhost+postcopy: Wire up POSTCOPY_END notify

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

Wire up a call to VHOST_USER_POSTCOPY_END message to the vhost clients
right before we ask the listener thread to shutdown.

Signed-off-by: Dr. David Alan Gilbert 
---
 hw/virtio/trace-events   |  2 ++
 hw/virtio/vhost-user.c   | 34 ++
 migration/postcopy-ram.c |  7 +++
 migration/postcopy-ram.h |  1 +
 4 files changed, 44 insertions(+)

diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events
index fe5e0ff856..857c495e65 100644
--- a/hw/virtio/trace-events
+++ b/hw/virtio/trace-events
@@ -7,6 +7,8 @@ vhost_region_add_section_abut(const char *name, uint64_t 
new_size) "%s: 0x%"PRIx
 vhost_section(const char *name, int r) "%s:%d"
 
 # hw/virtio/vhost-user.c
+vhost_user_postcopy_end_entry(void) ""
+vhost_user_postcopy_end_exit(void) ""
 vhost_user_postcopy_fault_handler(const char *name, uint64_t fault_address, 
int nregions) "%s: @0x%"PRIx64" nregions:%d"
 vhost_user_postcopy_fault_handler_loop(int i, uint64_t client_base, uint64_t 
size) "%d: client 0x%"PRIx64" +0x%"PRIx64
 vhost_user_postcopy_fault_handler_found(int i, uint64_t region_offset, 
uint64_t rb_offset) "%d: region_offset: 0x%"PRIx64" rb_offset:0x%"PRIx64
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 45de6d8a53..eb7d753b1a 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -1114,6 +1114,37 @@ static int vhost_user_postcopy_listen(struct vhost_dev 
*dev, Error **errp)
 return 0;
 }
 
+/*
+ * Called at the end of postcopy
+ */
+static int vhost_user_postcopy_end(struct vhost_dev *dev, Error **errp)
+{
+VhostUserMsg msg = {
+.hdr.request = VHOST_USER_POSTCOPY_END,
+.hdr.flags = VHOST_USER_VERSION | VHOST_USER_NEED_REPLY_MASK,
+};
+int ret;
+struct vhost_user *u = dev->opaque;
+
+trace_vhost_user_postcopy_end_entry();
+if (vhost_user_write(dev, , NULL, 0) < 0) {
+error_setg(errp, "Failed to send postcopy_end to vhost");
+return -1;
+}
+
+ret = process_message_reply(dev, );
+if (ret) {
+error_setg(errp, "Failed to receive reply to postcopy_end");
+return ret;
+}
+postcopy_unregister_shared_ufd(>postcopy_fd);
+u->postcopy_fd.handler = NULL;
+
+trace_vhost_user_postcopy_end_exit();
+
+return 0;
+}
+
 static int vhost_user_postcopy_notifier(NotifierWithReturn *notifier,
 void *opaque)
 {
@@ -1139,6 +1170,9 @@ static int 
vhost_user_postcopy_notifier(NotifierWithReturn *notifier,
 case POSTCOPY_NOTIFY_INBOUND_LISTEN:
 return vhost_user_postcopy_listen(dev, pnd->errp);
 
+case POSTCOPY_NOTIFY_INBOUND_END:
+return vhost_user_postcopy_end(dev, pnd->errp);
+
 default:
 /* We ignore notifications we don't know */
 break;
diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
index 36db900e8f..1379923cfc 100644
--- a/migration/postcopy-ram.c
+++ b/migration/postcopy-ram.c
@@ -413,6 +413,13 @@ int postcopy_ram_incoming_cleanup(MigrationIncomingState 
*mis)
 trace_postcopy_ram_incoming_cleanup_entry();
 
 if (mis->have_fault_thread) {
+Error *local_err = NULL;
+
+if (postcopy_notify(POSTCOPY_NOTIFY_INBOUND_END, _err)) {
+error_report_err(local_err);
+return -1;
+}
+
 if (qemu_ram_foreach_block(cleanup_range, mis)) {
 return -1;
 }
diff --git a/migration/postcopy-ram.h b/migration/postcopy-ram.h
index fef7448e4b..1d11276c94 100644
--- a/migration/postcopy-ram.h
+++ b/migration/postcopy-ram.h
@@ -132,6 +132,7 @@ enum PostcopyNotifyReason {
 POSTCOPY_NOTIFY_PROBE = 0,
 POSTCOPY_NOTIFY_INBOUND_ADVISE,
 POSTCOPY_NOTIFY_INBOUND_LISTEN,
+POSTCOPY_NOTIFY_INBOUND_END,
 };
 
 struct PostcopyNotifyData {
-- 
2.14.3