[Qemu-devel] [PATCH] qemu-pr-helper: Actually allow users to specify pidfile

[Michal Privoznik]

Due to wrong specification of arguments to getopt_long() any
attempt to set pidfile resulted in:

1) the default to be leaked
2) the @pidfile variable to be set to NULL (because optarg is
NULL without this patch).

Signed-off-by: Michal Privoznik 
---
 scsi/qemu-pr-helper.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/scsi/qemu-pr-helper.c b/scsi/qemu-pr-helper.c
index 3facbba170..21e1b8ea60 100644
--- a/scsi/qemu-pr-helper.c
+++ b/scsi/qemu-pr-helper.c
@@ -903,12 +903,12 @@ static int drop_privileges(void)
 
 int main(int argc, char **argv)
 {
-const char *sopt = "hVk:fdT:u:g:vq";
+const char *sopt = "hVk:f:dT:u:g:vq";
 struct option lopt[] = {
 { "help", no_argument, NULL, 'h' },
 { "version", no_argument, NULL, 'V' },
 { "socket", required_argument, NULL, 'k' },
-{ "pidfile", no_argument, NULL, 'f' },
+{ "pidfile", required_argument, NULL, 'f' },
 { "daemon", no_argument, NULL, 'd' },
 { "trace", required_argument, NULL, 'T' },
 { "user", required_argument, NULL, 'u' },
@@ -952,7 +952,8 @@ int main(int argc, char **argv)
 }
 break;
 case 'f':
-pidfile = optarg;
+g_free(pidfile);
+pidfile = g_strdup(optarg);
 break;
 #ifdef CONFIG_LIBCAP
 case 'u': {
-- 
2.16.1

[Qemu-devel] [PATCH] ccid-card: include libcacard.h only

[Michal Privoznik]

When trying to build with latest libcacard-2.5.1, I hit the
following error:

In file included from hw/usb/ccid-card-passthru.c:12:0:
/usr/include/cacard/vscard_common.h:26:2: error: #warning "Only  
can be included directly" [-Werror=cpp]
 #warning "Only  can be included directly"

Signed-off-by: Michal Privoznik 
---
 hw/usb/ccid-card-emulated.c | 5 +
 hw/usb/ccid-card-passthru.c | 2 +-
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/hw/usb/ccid-card-emulated.c b/hw/usb/ccid-card-emulated.c
index ea42e4681d..7b538ae6da 100644
--- a/hw/usb/ccid-card-emulated.c
+++ b/hw/usb/ccid-card-emulated.c
@@ -27,10 +27,7 @@
  */
 
 #include "qemu/osdep.h"
-#include 
-#include 
-#include 
-#include 
+#include 
 
 #include "qemu/thread.h"
 #include "qemu/main-loop.h"
diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c
index b7dd3602dc..982d575edd 100644
--- a/hw/usb/ccid-card-passthru.c
+++ b/hw/usb/ccid-card-passthru.c
@@ -9,7 +9,7 @@
  */
 
 #include "qemu/osdep.h"
-#include 
+#include 
 #include "chardev/char-fe.h"
 #include "qemu/error-report.h"
 #include "qemu/sockets.h"
-- 
2.16.1

Re: [Qemu-devel] [PATCH v3] RISC-V: Fix riscv_isa_string memory size bug

[Richard Henderson]

On 03/21/2018 02:06 AM, Michael Clark wrote:
> Okay, so this would move byte swapping into TCG generic code instead of the 
> TCG
> backend, unless the backend explicitly supports load/store with byte swap? 

Yes.


r~

Re: [Qemu-devel] [PATCH v2 0/7] ramfb: simple boot framebuffer, no legacy vga

[Ard Biesheuvel]

Hi all,

On 23 March 2018 at 13:27, Laszlo Ersek  wrote:
> Adding Ard and Marc, and keeping the context undisturbed for his sake.
> Comments at the bottom.
>
> On 03/23/18 13:25, Gerd Hoffmann wrote:
>>   Hi,
>>
>> Ok folks, here is a experimental patch series for a legacy free boot
>> framebuffer.  If you want play with it I recommend getting the bits from
>>
>>   https://www.kraxel.org/cgit/qemu/log/?h=sirius/ramfb
>>
>> because they come with an updated seabios and a new vgabios rom and an
>> experimental OVMF build.
>>
>> Functional overview
>> ---
>>
>> The boot framebuffer is expected to be configured by the firmware, so it
>> uses fw_cfg as interface.  Initialization goes as follows:
>>
>>   (1) Check whenever etc/ramfb is present.
>>   (2) Allocate framebuffer from RAM.
>>   (3) Fill struct RAMFBCfg, write it to etc/ramfb.
>>
>> Done.  You can write stuff to the framebuffer now, and it should appear
>> automagically on the screen.
>>
>> Note that this isn't very efficient because it does a full display
>> update on each refresh.  No dirty tracking.  Dirty tracking would have
>> to be active for the whole ram slot, so that wouldn't be very efficient
>> either.  So it is *really* intended to be only active for a short time
>> at boot, before the guest loaded the drivers for the real display
>> hardware.
>>
>> Firmware support -- seabios
>> ---
>>
>> seavgabios is able to emulate vga text mode on top of a framebuffer, for
>> coreboot native graphics initialialization.  Which works fine for
>> everything which writes text using the vgabios interface (basically
>> everyhing which works with sgabios).
>>
>> So I hacked that up to work with ramfb.  Right now it's proof-of-concept
>> code with too much cut+paste, so it will clearly need a bunch of
>> cleanups if this approach turns out to be workable.  Look here:
>>
>>   https://www.kraxe.org/cgit/seabios/log/?h=ramfb
>>
>> Firmware support -- edk2
>> 
>>
>> There is a EFI driver too.  Likewise a hackish proof-of-concept thing,
>> clearly not in a mergeable state, but good enough for playing.  Note
>> that the build disables QemuVideoDxe and VirtoGpu drivers, so ramfb is
>> the only supported display.  Code is here:
>>
>>   https://github.com/kraxel/edk2/commits/ramfb
>>
>> Firmware blob is in pc-bios/OVMF-ramfb.fd, to be used with -bios.
>>
>> So, how to play?
>> 
>>
>> There is ramfb-testdev.  Standalone device, for testing purposes.  Also
>> can listen on vga ports and logs any access, so we can see the bad boys.
>> Use "qemu -vga none -device ramfb-testdev".  Add "vgalog=on" to watch
>> guests accessing vga registers.
>>
>> There is virtio-ramfb.  Simliar to virtio-vga, but using ramfb instead of
>> adding vga compatibility.  Shows how you can wire up ramfb support to
>> some display device.  Unlike virtio-vga it should work fine on arm.  Use
>> "qemu -vga none -device virtio-ramfb" for this one.
>>
>> Tried to add qxl-ramfb, for windows guest tests, but that doesn't work
>> yet.  Don't use, unless you want help debugging ;)
>>
>> There is virtio-pci-ramfb, which provides boot display support to vgpu
>> devices.
>>
>> In general using UEFI works better than BIOS, because guests don't
>> expect legacy vga being present then.
>>
>> What works?
>> ---
>>
>> Both windows and linux UEFI guests handle the ramfb GOP just fine.
>>
>> BIOS boot loaders for linux all use vgabios calls for text mode, so they
>> show up just fine.  Also ipxe, seabios itself of course.  So you can
>> boot up your linux guest.  vesafb works too.
>>
>> What doesn't work?
>> --
>>
>> vgacon (direct vga hardware access).  Linux boots just fine
>> nevertheless, the only effect is that you don't see any boot messages
>> until the drm driver loads.
>>
>> Windows in BIOS mode.  Boot logo shows up just fine.  But at some point
>> windows does lots of vga register accesses (even though it sets the
>> video mode via vesa bios interface) and appears to be unhappy that
>> things don't work as expected because there is no vga hardware
>> emulation.
>>
>> Known issues
>> 
>>
>> Handover from ramfb-backed efifb to the native linux driver is tricky.
>> Usually efifb gets kicked out when the native driver loads because of
>> overlapping ressources.  With efifb being in RAM instead of using a GPU
>> PCI bar this doesn't happen though, so you'll end up with two
>> framebuffer devices.
>>

This exact issue occurs on actual hardware as well:

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755304

so if anyone has a clue how to address it, I'm all ears.


>> In case vgaarb classifies the GPU as primary display device fbcon will
>> switch all VTs over to the framebuffer device of the real GPU, so there
>> isn't a noticable difference.  Otherwise you'll end up with a
>> non-visible fbcon, because it continues to run on ramfb whereas qemu
>> switched over 

Re: [Qemu-devel] [PATCH for 2.13 v2 00/20] linux-user: move arch specific parts to arch directories

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180323225739.17329-1-laur...@vivier.eu
Subject: [Qemu-devel] [PATCH for 2.13 v2 00/20] linux-user: move arch specific 
parts to arch directories

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]patchew/20180323143202.28879-1-lviv...@redhat.com -> 
patchew/20180323143202.28879-1-lviv...@redhat.com
Switched to a new branch 'test'
bb1319bea2 linux-user: define TARGET_ARCH_HAS_SETUP_FRAME
ff0583233e linux-user: move ppc/ppc64 signal.c parts to ppc directory
4a8c3d4710 linux-user: move mips/mips64 signal.c parts to mips directory
0ff2f04a27 linux-user: move sparc/sparc64 signal.c parts to sparc directory
fab8e89a70 linux-user: move i386/x86_64 signal.c parts to i386 directory
8cc1e91532 linux-user: move xtensa signal.c parts to xtensa directory
5b115cad37 linux-user: move hppa signal.c parts to hppa directory
36f5b41ffe linux-user: move riscv signal.c parts to riscv directory
6a80a43af1 linux-user: move tilegx signal.c parts to tilegx directory
181024100a linux-user: move alpha signal.c parts to alpha directory
39e9c6232d linux-user: move m68k signal.c parts to m68k directory
a391cbe695 linux-user: move s390x signal.c parts to s390x directory
dcf5c95a12 linux-user: move openrisc signal.c parts to openrisc directory
a5f2b7f1a8 linux-user: move nios2 signal.c parts to nios2 directory
2425d319f0 linux-user: move cris signal.c parts to cris directory
ef64e581c1 linux-user: move microblaze signal.c parts to microblaze directory
d8d4bb7833 linux-user: move sh4 signal.c parts to sh4 directory
95d132be33 linux-user: move arm signal.c parts to arm directory
1eb8c39442 linux-user: move aarch64 signal.c parts to aarch64 directory
c45a643767 linux-user: create a dummy per arch signal.c

=== OUTPUT BEGIN ===
Checking PATCH 1/20: linux-user: create a dummy per arch signal.c...
Checking PATCH 2/20: linux-user: move aarch64 signal.c parts to aarch64 
directory...
Checking PATCH 3/20: linux-user: move arm signal.c parts to arm directory...
ERROR: code indent should never use tabs
#56: FILE: linux-user/arm/signal.c:54:
+target_sigset_t  tuc_sigmask;^I/* mask last for extensibility */$

ERROR: code indent should never use tabs
#64: FILE: linux-user/arm/signal.c:62:
+target_sigset_t  tuc_sigmask;^I/* mask last for extensibility */$

ERROR: open brace '{' following struct go on the same line
#104: FILE: linux-user/arm/signal.c:102:
+struct sigframe_v1
+{

ERROR: spaces required around that '-' (ctx:VxV)
#106: FILE: linux-user/arm/signal.c:104:
+abi_ulong extramask[TARGET_NSIG_WORDS-1];
  ^

ERROR: open brace '{' following struct go on the same line
#111: FILE: linux-user/arm/signal.c:109:
+struct sigframe_v2
+{

ERROR: open brace '{' following struct go on the same line
#117: FILE: linux-user/arm/signal.c:115:
+struct rt_sigframe_v1
+{

ERROR: open brace '{' following struct go on the same line
#126: FILE: linux-user/arm/signal.c:124:
+struct rt_sigframe_v2
+{

WARNING: line over 80 characters
#137: FILE: linux-user/arm/signal.c:135:
+#define SWI_SYS_SIGRETURN  (0xef00|(TARGET_NR_sigreturn + 
ARM_SYSCALL_BASE))

ERROR: code indent should never use tabs
#137: FILE: linux-user/arm/signal.c:135:
+#define SWI_SYS_SIGRETURN^I(0xef00|(TARGET_NR_sigreturn + 
ARM_SYSCALL_BASE))$

ERROR: spaces required around that '|' (ctx:VxV)
#137: FILE: linux-user/arm/signal.c:135:
+#define SWI_SYS_SIGRETURN  (0xef00|(TARGET_NR_sigreturn + 
ARM_SYSCALL_BASE))
   ^

WARNING: line over 80 characters
#138: FILE: linux-user/arm/signal.c:136:
+#define SWI_SYS_RT_SIGRETURN   (0xef00|(TARGET_NR_rt_sigreturn + 
ARM_SYSCALL_BASE))

ERROR: code indent should never use tabs
#138: FILE: linux-user/arm/signal.c:136:
+#define SWI_SYS_RT_SIGRETURN^I(0xef00|(TARGET_NR_rt_sigreturn + 
ARM_SYSCALL_BASE))$

ERROR: spaces required around that '|' (ctx:VxV)
#138: FILE: linux-user/arm/signal.c:136:
+#define SWI_SYS_RT_SIGRETURN   (0xef00|(TARGET_NR_rt_sigreturn + 
ARM_SYSCALL_BASE))
   ^

ERROR: code indent should never use tabs
#144: FILE: linux-user/arm/signal.c:142:
+#define SWI_THUMB_SIGRETURN^I(0xdf00 << 16 | 0x2700 | (TARGET_NR_sigreturn))$

WARNING: line over 80 characters

Re: [Qemu-devel] [PATCH] monitor: fix expected qmp_capabilities error description regression

[Peter Xu]

On Fri, Mar 23, 2018 at 04:56:34PM -0500, Eric Blake wrote:

[...]

> > > 
> > 
> > Works for me (fwiw, I'll probably need the replace "hack" again,
> > because in the RFC series I am about to send, the code is factored out
> > / generalized in qmp-dispatch), but that works in the meantime, please
> > send a patch.
> 
> There have been quite a few patch ideas across multiple threads related to
> OOB fallout.  Hopefully I can keep straight which patches are intended for
> 2.12 (anything that fixes a bug, like this one, is a good candidate,

I'll mark patches with "for-2.12" if there are.

> and it
> would be nice if we can undo the temporary reversion of exposing OOB if we
> can solve all the issues that iotests exposed).

IMHO it'll still be risky considering what has already reported.

Here's my plan, hopefully to make everyone happy - we keep OOB turned
off for 2.12 and even later.  In 2.13, I'll post some new patches to
add a new monitor parameter to allow user to enable OOB explicitly,
otherwise we never enable it.  After all, for now the only real user
should be postcopy. Then we don't need to struggle around all these
mess.  What do you think?

-- 
Peter Xu

Re: [Qemu-devel] [PATCH for 2.13 v2 14/20] linux-user: move hppa signal.c parts to hppa directory

[Philippe Mathieu-Daudé]

On 03/23/2018 07:57 PM, Laurent Vivier wrote:
> No code change, only move code from signal.c to
> hppa/signal.c, except adding includes and
> exporting setup_rt_frame().
> 
> Signed-off-by: Laurent Vivier 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  linux-user/hppa/signal.c| 192 
> 
>  linux-user/hppa/target_signal.h |   3 +
>  linux-user/signal.c | 189 ---
>  3 files changed, 195 insertions(+), 189 deletions(-)
> 
> diff --git a/linux-user/hppa/signal.c b/linux-user/hppa/signal.c
> index 02ca338b6c..585af3a37f 100644
> --- a/linux-user/hppa/signal.c
> +++ b/linux-user/hppa/signal.c
> @@ -16,3 +16,195 @@
>   *  You should have received a copy of the GNU General Public License
>   *  along with this program; if not, see .
>   */
> +#include "qemu/osdep.h"
> +#include "qemu.h"
> +#include "target_signal.h"
> +#include "signal-common.h"
> +#include "linux-user/trace.h"
> +
> +struct target_sigcontext {
> +abi_ulong sc_flags;
> +abi_ulong sc_gr[32];
> +uint64_t sc_fr[32];
> +abi_ulong sc_iasq[2];
> +abi_ulong sc_iaoq[2];
> +abi_ulong sc_sar;
> +};
> +
> +struct target_ucontext {
> +abi_uint tuc_flags;
> +abi_ulong tuc_link;
> +target_stack_t tuc_stack;
> +abi_uint pad[1];
> +struct target_sigcontext tuc_mcontext;
> +target_sigset_t tuc_sigmask;
> +};
> +
> +struct target_rt_sigframe {
> +abi_uint tramp[9];
> +target_siginfo_t info;
> +struct target_ucontext uc;
> +/* hidden location of upper halves of pa2.0 64-bit gregs */
> +};
> +
> +static void setup_sigcontext(struct target_sigcontext *sc, CPUArchState *env)
> +{
> +int flags = 0;
> +int i;
> +
> +/* ??? if on_sig_stack, flags |= 1 (PARISC_SC_FLAG_ONSTACK).  */
> +
> +if (env->iaoq_f < TARGET_PAGE_SIZE) {
> +/* In the gateway page, executing a syscall.  */
> +flags |= 2; /* PARISC_SC_FLAG_IN_SYSCALL */
> +__put_user(env->gr[31], >sc_iaoq[0]);
> +__put_user(env->gr[31] + 4, >sc_iaoq[1]);
> +} else {
> +__put_user(env->iaoq_f, >sc_iaoq[0]);
> +__put_user(env->iaoq_b, >sc_iaoq[1]);
> +}
> +__put_user(0, >sc_iasq[0]);
> +__put_user(0, >sc_iasq[1]);
> +__put_user(flags, >sc_flags);
> +
> +__put_user(cpu_hppa_get_psw(env), >sc_gr[0]);
> +for (i = 1; i < 32; ++i) {
> +__put_user(env->gr[i], >sc_gr[i]);
> +}
> +
> +__put_user((uint64_t)env->fr0_shadow << 32, >sc_fr[0]);
> +for (i = 1; i < 32; ++i) {
> +__put_user(env->fr[i], >sc_fr[i]);
> +}
> +
> +__put_user(env->cr[CR_SAR], >sc_sar);
> +}
> +
> +static void restore_sigcontext(CPUArchState *env, struct target_sigcontext 
> *sc)
> +{
> +target_ulong psw;
> +int i;
> +
> +__get_user(psw, >sc_gr[0]);
> +cpu_hppa_put_psw(env, psw);
> +
> +for (i = 1; i < 32; ++i) {
> +__get_user(env->gr[i], >sc_gr[i]);
> +}
> +for (i = 0; i < 32; ++i) {
> +__get_user(env->fr[i], >sc_fr[i]);
> +}
> +cpu_hppa_loaded_fr0(env);
> +
> +__get_user(env->iaoq_f, >sc_iaoq[0]);
> +__get_user(env->iaoq_b, >sc_iaoq[1]);
> +__get_user(env->cr[CR_SAR], >sc_sar);
> +}
> +
> +/* No, this doesn't look right, but it's copied straight from the kernel.  */
> +#define PARISC_RT_SIGFRAME_SIZE32 \
> +((sizeof(struct target_rt_sigframe) + 48 + 64) & -64)
> +
> +void setup_rt_frame(int sig, struct target_sigaction *ka,
> +target_siginfo_t *info,
> +target_sigset_t *set, CPUArchState *env)
> +{
> +abi_ulong frame_addr, sp, haddr;
> +struct target_rt_sigframe *frame;
> +int i;
> +
> +sp = env->gr[30];
> +if (ka->sa_flags & TARGET_SA_ONSTACK) {
> +if (sas_ss_flags(sp) == 0) {
> +sp = (target_sigaltstack_used.ss_sp + 0x7f) & ~0x3f;
> +}
> +}
> +frame_addr = QEMU_ALIGN_UP(sp, 64);
> +sp = frame_addr + PARISC_RT_SIGFRAME_SIZE32;
> +
> +trace_user_setup_rt_frame(env, frame_addr);
> +
> +if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {
> +goto give_sigsegv;
> +}
> +
> +tswap_siginfo(>info, info);
> +frame->uc.tuc_flags = 0;
> +frame->uc.tuc_link = 0;
> +
> +__put_user(target_sigaltstack_used.ss_sp, >uc.tuc_stack.ss_sp);
> +__put_user(sas_ss_flags(get_sp_from_cpustate(env)),
> +   >uc.tuc_stack.ss_flags);
> +__put_user(target_sigaltstack_used.ss_size,
> +   >uc.tuc_stack.ss_size);
> +
> +for (i = 0; i < TARGET_NSIG_WORDS; i++) {
> +__put_user(set->sig[i], >uc.tuc_sigmask.sig[i]);
> +}
> +
> +setup_sigcontext(>uc.tuc_mcontext, env);
> +
> +__put_user(0x3419, frame->tramp + 0); /* ldi 0,%r25 */
> +__put_user(0x3414015a, frame->tramp + 1); /* ldi __NR_rt_sigreturn,%r20 
> */
> +__put_user(0xe4008200, frame->tramp + 2); /* be,l 

Re: [Qemu-devel] [PATCH for 2.13 v2 13/20] linux-user: move riscv signal.c parts to riscv directory

[Philippe Mathieu-Daudé]

On 03/23/2018 07:57 PM, Laurent Vivier wrote:
> No code change, only move code from signal.c to
> riscv/signal.c, except adding includes and
> exporting setup_rt_frame().
> 
> Signed-off-by: Laurent Vivier 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  linux-user/riscv/signal.c| 200 
> +++
>  linux-user/riscv/target_signal.h |   3 +
>  linux-user/signal.c  | 197 --
>  3 files changed, 203 insertions(+), 197 deletions(-)
> 
> diff --git a/linux-user/riscv/signal.c b/linux-user/riscv/signal.c
> index 02ca338b6c..718f3a5679 100644
> --- a/linux-user/riscv/signal.c
> +++ b/linux-user/riscv/signal.c
> @@ -16,3 +16,203 @@
>   *  You should have received a copy of the GNU General Public License
>   *  along with this program; if not, see .
>   */
> +#include "qemu/osdep.h"
> +#include "qemu.h"
> +#include "target_signal.h"
> +#include "signal-common.h"
> +#include "linux-user/trace.h"
> +
> +/* Signal handler invocation must be transparent for the code being
> +   interrupted. Complete CPU (hart) state is saved on entry and restored
> +   before returning from the handler. Process sigmask is also saved to block
> +   signals while the handler is running. The handler gets its own stack,
> +   which also doubles as storage for the CPU state and sigmask.
> +
> +   The code below is qemu re-implementation of arch/riscv/kernel/signal.c */
> +
> +struct target_sigcontext {
> +abi_long pc;
> +abi_long gpr[31]; /* x0 is not present, so all offsets must be -1 */
> +uint64_t fpr[32];
> +uint32_t fcsr;
> +}; /* cf. riscv-linux:arch/riscv/include/uapi/asm/ptrace.h */
> +
> +struct target_ucontext {
> +unsigned long uc_flags;
> +struct target_ucontext *uc_link;
> +target_stack_t uc_stack;
> +struct target_sigcontext uc_mcontext;
> +target_sigset_t uc_sigmask;
> +};
> +
> +struct target_rt_sigframe {
> +uint32_t tramp[2]; /* not in kernel, which uses VDSO instead */
> +struct target_siginfo info;
> +struct target_ucontext uc;
> +};
> +
> +static abi_ulong get_sigframe(struct target_sigaction *ka,
> +  CPURISCVState *regs, size_t framesize)
> +{
> +abi_ulong sp = regs->gpr[xSP];
> +int onsigstack = on_sig_stack(sp);
> +
> +/* redzone */
> +/* This is the X/Open sanctioned signal stack switching.  */
> +if ((ka->sa_flags & TARGET_SA_ONSTACK) != 0 && !onsigstack) {
> +sp = target_sigaltstack_used.ss_sp + target_sigaltstack_used.ss_size;
> +}
> +
> +sp -= framesize;
> +sp &= ~3UL; /* align sp on 4-byte boundary */
> +
> +/* If we are on the alternate signal stack and would overflow it, don't.
> +   Return an always-bogus address instead so we will die with SIGSEGV. */
> +if (onsigstack && !likely(on_sig_stack(sp))) {
> +return -1L;
> +}
> +
> +return sp;
> +}
> +
> +static void setup_sigcontext(struct target_sigcontext *sc, CPURISCVState 
> *env)
> +{
> +int i;
> +
> +__put_user(env->pc, >pc);
> +
> +for (i = 1; i < 32; i++) {
> +__put_user(env->gpr[i], >gpr[i - 1]);
> +}
> +for (i = 0; i < 32; i++) {
> +__put_user(env->fpr[i], >fpr[i]);
> +}
> +
> +uint32_t fcsr = csr_read_helper(env, CSR_FCSR); /*riscv_get_fcsr(env);*/
> +__put_user(fcsr, >fcsr);
> +}
> +
> +static void setup_ucontext(struct target_ucontext *uc,
> +   CPURISCVState *env, target_sigset_t *set)
> +{
> +abi_ulong ss_sp = (target_ulong)target_sigaltstack_used.ss_sp;
> +abi_ulong ss_flags = sas_ss_flags(env->gpr[xSP]);
> +abi_ulong ss_size = target_sigaltstack_used.ss_size;
> +
> +__put_user(0,&(uc->uc_flags));
> +__put_user(0,&(uc->uc_link));
> +
> +__put_user(ss_sp,&(uc->uc_stack.ss_sp));
> +__put_user(ss_flags, &(uc->uc_stack.ss_flags));
> +__put_user(ss_size,  &(uc->uc_stack.ss_size));
> +
> +int i;
> +for (i = 0; i < TARGET_NSIG_WORDS; i++) {
> +__put_user(set->sig[i], &(uc->uc_sigmask.sig[i]));
> +}
> +
> +setup_sigcontext(>uc_mcontext, env);
> +}
> +
> +static inline void install_sigtramp(uint32_t *tramp)
> +{
> +__put_user(0x08b00893, tramp + 0);  /* li a7, 139 = __NR_rt_sigreturn */
> +__put_user(0x0073, tramp + 1);  /* ecall */
> +}
> +
> +void setup_rt_frame(int sig, struct target_sigaction *ka,
> +target_siginfo_t *info,
> +target_sigset_t *set, CPURISCVState *env)
> +{
> +abi_ulong frame_addr;
> +struct target_rt_sigframe *frame;
> +
> +frame_addr = get_sigframe(ka, env, sizeof(*frame));
> +trace_user_setup_rt_frame(env, frame_addr);
> +
> +if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {
> +goto badframe;
> +}
> +
> +setup_ucontext(>uc, env, set);
> +tswap_siginfo(>info, info);
> +

Re: [Qemu-devel] [PATCH for-2.12 1/4] Revert "monitor: enable IO thread for (qmp & !mux) typed"

[Peter Xu]

On Fri, Mar 23, 2018 at 10:49:31AM -0500, Eric Blake wrote:
> On 03/23/2018 09:08 AM, Peter Xu wrote:
> > This reverts commit 3fd2457d18edf5736f713dfe1ada9c87a9badab1.
> > 
> > Signed-off-by: Peter Xu 
> 
> Not fatal to taking this patch as-is, but it's always nice to include a
> rationale when reverting, something along the lines of:
> 
> It turns out that enabling OOB caused several iotests to break; disabling
> OOB is the fastest and safest approach for reducing the risk of a broken
> release, while working on the fixes for the problems uncovered.
> 
> (Probably similar comments will be needed on the remaining patches...)

Yes.  I saw the pull, thanks for adding those info into commit messages.

-- 
Peter Xu

Re: [Qemu-devel] [PATCH for 2.13 v2 11/20] linux-user: move alpha signal.c parts to alpha directory

[Philippe Mathieu-Daudé]

On 03/23/2018 07:57 PM, Laurent Vivier wrote:
> No code change, only move code from signal.c to
> alpha/signal.c, except adding includes and
> exporting setup_frame() and setup_rt_frame().
> 
> Signed-off-by: Laurent Vivier 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  linux-user/alpha/signal.c| 262 
> +++
>  linux-user/alpha/target_signal.h |   5 +
>  linux-user/signal.c  | 259 --
>  3 files changed, 267 insertions(+), 259 deletions(-)
> 
> diff --git a/linux-user/alpha/signal.c b/linux-user/alpha/signal.c
> index 02ca338b6c..74ecdc6683 100644
> --- a/linux-user/alpha/signal.c
> +++ b/linux-user/alpha/signal.c
> @@ -16,3 +16,265 @@
>   *  You should have received a copy of the GNU General Public License
>   *  along with this program; if not, see .
>   */
> +#include "qemu/osdep.h"
> +#include "qemu.h"
> +#include "target_signal.h"
> +#include "signal-common.h"
> +#include "linux-user/trace.h"
> +
> +struct target_sigcontext {
> +abi_long sc_onstack;
> +abi_long sc_mask;
> +abi_long sc_pc;
> +abi_long sc_ps;
> +abi_long sc_regs[32];
> +abi_long sc_ownedfp;
> +abi_long sc_fpregs[32];
> +abi_ulong sc_fpcr;
> +abi_ulong sc_fp_control;
> +abi_ulong sc_reserved1;
> +abi_ulong sc_reserved2;
> +abi_ulong sc_ssize;
> +abi_ulong sc_sbase;
> +abi_ulong sc_traparg_a0;
> +abi_ulong sc_traparg_a1;
> +abi_ulong sc_traparg_a2;
> +abi_ulong sc_fp_trap_pc;
> +abi_ulong sc_fp_trigger_sum;
> +abi_ulong sc_fp_trigger_inst;
> +};
> +
> +struct target_ucontext {
> +abi_ulong tuc_flags;
> +abi_ulong tuc_link;
> +abi_ulong tuc_osf_sigmask;
> +target_stack_t tuc_stack;
> +struct target_sigcontext tuc_mcontext;
> +target_sigset_t tuc_sigmask;
> +};
> +
> +struct target_sigframe {
> +struct target_sigcontext sc;
> +unsigned int retcode[3];
> +};
> +
> +struct target_rt_sigframe {
> +target_siginfo_t info;
> +struct target_ucontext uc;
> +unsigned int retcode[3];
> +};
> +
> +#define INSN_MOV_R30_R160x47fe0410
> +#define INSN_LDI_R0 0x201f
> +#define INSN_CALLSYS0x0083
> +
> +static void setup_sigcontext(struct target_sigcontext *sc, CPUAlphaState 
> *env,
> + abi_ulong frame_addr, target_sigset_t *set)
> +{
> +int i;
> +
> +__put_user(on_sig_stack(frame_addr), >sc_onstack);
> +__put_user(set->sig[0], >sc_mask);
> +__put_user(env->pc, >sc_pc);
> +__put_user(8, >sc_ps);
> +
> +for (i = 0; i < 31; ++i) {
> +__put_user(env->ir[i], >sc_regs[i]);
> +}
> +__put_user(0, >sc_regs[31]);
> +
> +for (i = 0; i < 31; ++i) {
> +__put_user(env->fir[i], >sc_fpregs[i]);
> +}
> +__put_user(0, >sc_fpregs[31]);
> +__put_user(cpu_alpha_load_fpcr(env), >sc_fpcr);
> +
> +__put_user(0, >sc_traparg_a0); /* FIXME */
> +__put_user(0, >sc_traparg_a1); /* FIXME */
> +__put_user(0, >sc_traparg_a2); /* FIXME */
> +}
> +
> +static void restore_sigcontext(CPUAlphaState *env,
> +   struct target_sigcontext *sc)
> +{
> +uint64_t fpcr;
> +int i;
> +
> +__get_user(env->pc, >sc_pc);
> +
> +for (i = 0; i < 31; ++i) {
> +__get_user(env->ir[i], >sc_regs[i]);
> +}
> +for (i = 0; i < 31; ++i) {
> +__get_user(env->fir[i], >sc_fpregs[i]);
> +}
> +
> +__get_user(fpcr, >sc_fpcr);
> +cpu_alpha_store_fpcr(env, fpcr);
> +}
> +
> +static inline abi_ulong get_sigframe(struct target_sigaction *sa,
> + CPUAlphaState *env,
> + unsigned long framesize)
> +{
> +abi_ulong sp = env->ir[IR_SP];
> +
> +/* This is the X/Open sanctioned signal stack switching.  */
> +if ((sa->sa_flags & TARGET_SA_ONSTACK) != 0 && !sas_ss_flags(sp)) {
> +sp = target_sigaltstack_used.ss_sp + target_sigaltstack_used.ss_size;
> +}
> +return (sp - framesize) & -32;
> +}
> +
> +void setup_frame(int sig, struct target_sigaction *ka,
> + target_sigset_t *set, CPUAlphaState *env)
> +{
> +abi_ulong frame_addr, r26;
> +struct target_sigframe *frame;
> +int err = 0;
> +
> +frame_addr = get_sigframe(ka, env, sizeof(*frame));
> +trace_user_setup_frame(env, frame_addr);
> +if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {
> +goto give_sigsegv;
> +}
> +
> +setup_sigcontext(>sc, env, frame_addr, set);
> +
> +if (ka->sa_restorer) {
> +r26 = ka->sa_restorer;
> +} else {
> +__put_user(INSN_MOV_R30_R16, >retcode[0]);
> +__put_user(INSN_LDI_R0 + TARGET_NR_sigreturn,
> +   >retcode[1]);
> +__put_user(INSN_CALLSYS, >retcode[2]);
> +/* imb() */
> +r26 = frame_addr;
> +}
> +
> +

Re: [Qemu-devel] [PATCH for 2.13 v2 18/20] linux-user: move mips/mips64 signal.c parts to mips directory

[Philippe Mathieu-Daudé]

On 03/23/2018 07:57 PM, Laurent Vivier wrote:
> No code change, only move code from signal.c to
> mips/signal.c, except adding includes and
> exporting setup_frame() and setup_rt_frame().
> 
> mips64/signal.c includes mips/signal.c
> 
> Signed-off-by: Laurent Vivier 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  linux-user/mips/signal.c  | 382 
> ++
>  linux-user/mips/target_signal.h   |   9 +-
>  linux-user/mips64/signal.c|   2 +
>  linux-user/mips64/target_signal.h |   4 +-
>  linux-user/signal.c   | 381 +
>  5 files changed, 396 insertions(+), 382 deletions(-)
> 
> diff --git a/linux-user/mips/signal.c b/linux-user/mips/signal.c
> index 02ca338b6c..a44e5b59e9 100644
> --- a/linux-user/mips/signal.c
> +++ b/linux-user/mips/signal.c
> @@ -16,3 +16,385 @@
>   *  You should have received a copy of the GNU General Public License
>   *  along with this program; if not, see .
>   */
> +#include "qemu/osdep.h"
> +#include "qemu.h"
> +#include "target_signal.h"
> +#include "signal-common.h"
> +#include "linux-user/trace.h"
> +
> +# if defined(TARGET_ABI_MIPSO32)
> +struct target_sigcontext {
> +uint32_t   sc_regmask; /* Unused */
> +uint32_t   sc_status;
> +uint64_t   sc_pc;
> +uint64_t   sc_regs[32];
> +uint64_t   sc_fpregs[32];
> +uint32_t   sc_ownedfp; /* Unused */
> +uint32_t   sc_fpc_csr;
> +uint32_t   sc_fpc_eir; /* Unused */
> +uint32_t   sc_used_math;
> +uint32_t   sc_dsp; /* dsp status, was sc_ssflags */
> +uint32_t   pad0;
> +uint64_t   sc_mdhi;
> +uint64_t   sc_mdlo;
> +target_ulong   sc_hi1; /* Was sc_cause */
> +target_ulong   sc_lo1; /* Was sc_badvaddr */
> +target_ulong   sc_hi2; /* Was sc_sigset[4] */
> +target_ulong   sc_lo2;
> +target_ulong   sc_hi3;
> +target_ulong   sc_lo3;
> +};
> +# else /* N32 || N64 */
> +struct target_sigcontext {
> +uint64_t sc_regs[32];
> +uint64_t sc_fpregs[32];
> +uint64_t sc_mdhi;
> +uint64_t sc_hi1;
> +uint64_t sc_hi2;
> +uint64_t sc_hi3;
> +uint64_t sc_mdlo;
> +uint64_t sc_lo1;
> +uint64_t sc_lo2;
> +uint64_t sc_lo3;
> +uint64_t sc_pc;
> +uint32_t sc_fpc_csr;
> +uint32_t sc_used_math;
> +uint32_t sc_dsp;
> +uint32_t sc_reserved;
> +};
> +# endif /* O32 */
> +
> +struct sigframe {
> +uint32_t sf_ass[4];  /* argument save space for o32 
> */
> +uint32_t sf_code[2]; /* signal trampoline */
> +struct target_sigcontext sf_sc;
> +target_sigset_t sf_mask;
> +};
> +
> +struct target_ucontext {
> +target_ulong tuc_flags;
> +target_ulong tuc_link;
> +target_stack_t tuc_stack;
> +target_ulong pad0;
> +struct target_sigcontext tuc_mcontext;
> +target_sigset_t tuc_sigmask;
> +};
> +
> +struct target_rt_sigframe {
> +uint32_t rs_ass[4];   /* argument save space for o32 */
> +uint32_t rs_code[2];  /* signal trampoline */
> +struct target_siginfo rs_info;
> +struct target_ucontext rs_uc;
> +};
> +
> +/* Install trampoline to jump back from signal handler */
> +static inline int install_sigtramp(unsigned int *tramp,   unsigned int 
> syscall)
> +{
> +int err = 0;
> +
> +/*
> + * Set up the return code ...
> + *
> + * li  v0, __NR__foo_sigreturn
> + * syscall
> + */
> +
> +__put_user(0x2402 + syscall, tramp + 0);
> +__put_user(0x000c  , tramp + 1);
> +return err;
> +}
> +
> +static inline void setup_sigcontext(CPUMIPSState *regs,
> +struct target_sigcontext *sc)
> +{
> +int i;
> +
> +__put_user(exception_resume_pc(regs), >sc_pc);
> +regs->hflags &= ~MIPS_HFLAG_BMASK;
> +
> +__put_user(0, >sc_regs[0]);
> +for (i = 1; i < 32; ++i) {
> +__put_user(regs->active_tc.gpr[i], >sc_regs[i]);
> +}
> +
> +__put_user(regs->active_tc.HI[0], >sc_mdhi);
> +__put_user(regs->active_tc.LO[0], >sc_mdlo);
> +
> +/* Rather than checking for dsp existence, always copy.  The storage
> +   would just be garbage otherwise.  */
> +__put_user(regs->active_tc.HI[1], >sc_hi1);
> +__put_user(regs->active_tc.HI[2], >sc_hi2);
> +__put_user(regs->active_tc.HI[3], >sc_hi3);
> +__put_user(regs->active_tc.LO[1], >sc_lo1);
> +__put_user(regs->active_tc.LO[2], >sc_lo2);
> +__put_user(regs->active_tc.LO[3], >sc_lo3);
> +{
> +uint32_t dsp = cpu_rddsp(0x3ff, regs);
> +__put_user(dsp, >sc_dsp);
> +}
> +
> +__put_user(1, >sc_used_math);
> +
> +for (i = 0; i < 32; ++i) {
> +__put_user(regs->active_fpu.fpr[i].d, >sc_fpregs[i]);
> +}
> +}
> +
> +static inline void
> +restore_sigcontext(CPUMIPSState *regs, struct target_sigcontext *sc)
> +{
> +  

Re: [Qemu-devel] [PATCH for-2.12 0/4] Turn OOB off for 2.12-rc1, revert OOB tests

[Peter Xu]

On Fri, Mar 23, 2018 at 01:36:28PM -0500, Eric Blake wrote:
> On 03/23/2018 01:30 PM, Christian Borntraeger wrote:
> 
> > > Even that didn't work - 'make check' fails with either 1/4 or 4/4 applied 
> > > in isolation, so I'm squashing them into a single patch.
> > 
> > Yes, "qmp: introduce QMPCapability" added an assert, that was fixed by a 
> > later on patch. So
> > the original series was not bisectable. Anyway with Peters 4 patches all 
> > applied things are fine
> > for me.
> 
> Weird, since I seem to recall running 'make check' on every patch in order
> in that series without seeing failures, prior to preparing the pull request
> (where I fell short was running iotests, which is what sparked this whole
> revert thread).  Anyways, even if my memory is faulty and the original
> series has a broken bisection window, it's now water under the bridge; the
> focus at this point is improving the known bugs to see if we can re-enable
> OOB prior to -rc2.

I think each of the commit in original series should pass "make check"
before.  But for this revert series, it can't.  I'll take this into
consideration next time even reverting patches.

Regarding to the revert ordering itself: IMHO as long as we do the
first patch last (put "Revert monitor: enable IO thread for (qmp &
!mux) typed" at the end), we should be able to pass "make check" too.
So the correct order should be:

patch 2-4 (in any order, since each of them is only a test case)
patch 1

And, since at it, I just noticed that we could even keep one of the
test ("tests: qmp-test: verify command batching"), but anyway it won't
hurt if we revert that too now.

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 5/5] Remove unnecessary variables for function return value

[David Gibson]

On Fri, Mar 23, 2018 at 03:32:02PM +0100, Laurent Vivier wrote:
> Re-run Coccinelle script scripts/coccinelle/return_directly.cocci
> 
> Signed-off-by: Laurent Vivier 

ppc part
Acked-by: David Gibson 

> ---
>  accel/tcg/translate-all.c  |  5 +-
>  block/quorum.c |  6 +--
>  hw/arm/exynos4210.c|  6 +--
>  hw/block/vhost-user-blk.c  |  5 +-
>  hw/hppa/dino.c |  5 +-
>  hw/misc/mos6522.c  |  8 +---
>  hw/net/ftgmac100.c |  5 +-
>  hw/ppc/pnv_lpc.c   | 16 ++-
>  io/net-listener.c  |  6 +--
>  target/i386/hax-darwin.c   | 10 ++--
>  target/mips/dsp_helper.c   | 15 ++
>  target/xtensa/core-dc232b/xtensa-modules.c | 56 
> ++
>  target/xtensa/core-dc233c/xtensa-modules.c | 56 
> ++
>  target/xtensa/core-de212/xtensa-modules.c  | 48 +--
>  target/xtensa/core-fsf/xtensa-modules.c| 32 -
>  .../xtensa/core-sample_controller/xtensa-modules.c | 24 +++---
>  target/xtensa/translate.c  |  7 +--
>  tests/m48t59-test.c|  6 +--
>  tests/test-thread-pool.c   |  6 +--
>  util/uri.c |  5 +-
>  20 files changed, 79 insertions(+), 248 deletions(-)
> 
> diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
> index 5ad1b919bc..55d822d410 100644
> --- a/accel/tcg/translate-all.c
> +++ b/accel/tcg/translate-all.c
> @@ -644,11 +644,8 @@ static inline void *alloc_code_gen_buffer(void)
>  static inline void *alloc_code_gen_buffer(void)
>  {
>  size_t size = tcg_ctx->code_gen_buffer_size;
> -void *buf;
> -
> -buf = VirtualAlloc(NULL, size, MEM_RESERVE | MEM_COMMIT,
> +return VirtualAlloc(NULL, size, MEM_RESERVE | MEM_COMMIT,
>  PAGE_EXECUTE_READWRITE);
> -return buf;
>  }
>  #else
>  static inline void *alloc_code_gen_buffer(void)
> diff --git a/block/quorum.c b/block/quorum.c
> index 14333c18aa..304442ef65 100644
> --- a/block/quorum.c
> +++ b/block/quorum.c
> @@ -608,7 +608,7 @@ static void read_quorum_children_entry(void *opaque)
>  static int read_quorum_children(QuorumAIOCB *acb)
>  {
>  BDRVQuorumState *s = acb->bs->opaque;
> -int i, ret;
> +int i;
>  
>  acb->children_read = s->num_children;
>  for (i = 0; i < s->num_children; i++) {
> @@ -643,9 +643,7 @@ static int read_quorum_children(QuorumAIOCB *acb)
>  qemu_coroutine_yield();
>  }
>  
> -ret = acb->vote_ret;
> -
> -return ret;
> +return acb->vote_ret;
>  }
>  
>  static int read_fifo_child(QuorumAIOCB *acb)
> diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
> index 06f9d1ffa4..b7463a71ec 100644
> --- a/hw/arm/exynos4210.c
> +++ b/hw/arm/exynos4210.c
> @@ -156,12 +156,8 @@ void exynos4210_write_secondary(ARMCPU *cpu,
>  
>  static uint64_t exynos4210_calc_affinity(int cpu)
>  {
> -uint64_t mp_affinity;
> -
>  /* Exynos4210 has 0x9 as cluster ID */
> -mp_affinity = (0x9 << ARM_AFF1_SHIFT) | cpu;
> -
> -return mp_affinity;
> +return (0x9 << ARM_AFF1_SHIFT) | cpu;
>  }
>  
>  Exynos4210State *exynos4210_init(MemoryRegion *system_mem)
> diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
> index f840f07dfe..3f41ca9e26 100644
> --- a/hw/block/vhost-user-blk.c
> +++ b/hw/block/vhost-user-blk.c
> @@ -196,7 +196,6 @@ static uint64_t vhost_user_blk_get_features(VirtIODevice 
> *vdev,
>  Error **errp)
>  {
>  VHostUserBlk *s = VHOST_USER_BLK(vdev);
> -uint64_t get_features;
>  
>  /* Turn on pre-defined features */
>  virtio_add_feature(, VIRTIO_BLK_F_SEG_MAX);
> @@ -215,9 +214,7 @@ static uint64_t vhost_user_blk_get_features(VirtIODevice 
> *vdev,
>  virtio_add_feature(, VIRTIO_BLK_F_MQ);
>  }
>  
> -get_features = vhost_get_features(>dev, user_feature_bits, features);
> -
> -return get_features;
> +return vhost_get_features(>dev, user_feature_bits, features);
>  }
>  
>  static void vhost_user_blk_handle_output(VirtIODevice *vdev, VirtQueue *vq)
> diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
> index 15aefde09c..c5dcf3104d 100644
> --- a/hw/hppa/dino.c
> +++ b/hw/hppa/dino.c
> @@ -403,13 +403,10 @@ static void dino_set_irq(void *opaque, int irq, int 
> level)
>  static int dino_pci_map_irq(PCIDevice *d, int irq_num)
>  {
>  int slot = d->devfn >> 3;
> -int local_irq;
>  
>  assert(irq_num >= 0 && irq_num <= 3);
>  
> -local_irq = slot & 0x03;
> -
> -return local_irq;
> +return slot & 0x03;
>  }
>  
>  static void dino_set_timer_irq(void 

[Qemu-devel] [PATCH for 2.13 v2 03/20] linux-user: move arm signal.c parts to arm directory

[Laurent Vivier]

No code change, only move code from signal.c to
arm/signal.c, except adding includes and
exporting setup_frame() and setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/arm/signal.c| 754 +
 linux-user/arm/target_signal.h |   6 +-
 linux-user/signal.c| 751 
 3 files changed, 759 insertions(+), 752 deletions(-)

diff --git a/linux-user/arm/signal.c b/linux-user/arm/signal.c
index 02ca338b6c..975f80fdd2 100644
--- a/linux-user/arm/signal.c
+++ b/linux-user/arm/signal.c
@@ -16,3 +16,757 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+struct target_sigcontext {
+abi_ulong trap_no;
+abi_ulong error_code;
+abi_ulong oldmask;
+abi_ulong arm_r0;
+abi_ulong arm_r1;
+abi_ulong arm_r2;
+abi_ulong arm_r3;
+abi_ulong arm_r4;
+abi_ulong arm_r5;
+abi_ulong arm_r6;
+abi_ulong arm_r7;
+abi_ulong arm_r8;
+abi_ulong arm_r9;
+abi_ulong arm_r10;
+abi_ulong arm_fp;
+abi_ulong arm_ip;
+abi_ulong arm_sp;
+abi_ulong arm_lr;
+abi_ulong arm_pc;
+abi_ulong arm_cpsr;
+abi_ulong fault_address;
+};
+
+struct target_ucontext_v1 {
+abi_ulong tuc_flags;
+abi_ulong tuc_link;
+target_stack_t tuc_stack;
+struct target_sigcontext tuc_mcontext;
+target_sigset_t  tuc_sigmask;  /* mask last for extensibility */
+};
+
+struct target_ucontext_v2 {
+abi_ulong tuc_flags;
+abi_ulong tuc_link;
+target_stack_t tuc_stack;
+struct target_sigcontext tuc_mcontext;
+target_sigset_t  tuc_sigmask;  /* mask last for extensibility */
+char __unused[128 - sizeof(target_sigset_t)];
+abi_ulong tuc_regspace[128] __attribute__((__aligned__(8)));
+};
+
+struct target_user_vfp {
+uint64_t fpregs[32];
+abi_ulong fpscr;
+};
+
+struct target_user_vfp_exc {
+abi_ulong fpexc;
+abi_ulong fpinst;
+abi_ulong fpinst2;
+};
+
+struct target_vfp_sigframe {
+abi_ulong magic;
+abi_ulong size;
+struct target_user_vfp ufp;
+struct target_user_vfp_exc ufp_exc;
+} __attribute__((__aligned__(8)));
+
+struct target_iwmmxt_sigframe {
+abi_ulong magic;
+abi_ulong size;
+uint64_t regs[16];
+/* Note that not all the coprocessor control registers are stored here */
+uint32_t wcssf;
+uint32_t wcasf;
+uint32_t wcgr0;
+uint32_t wcgr1;
+uint32_t wcgr2;
+uint32_t wcgr3;
+} __attribute__((__aligned__(8)));
+
+#define TARGET_VFP_MAGIC 0x56465001
+#define TARGET_IWMMXT_MAGIC 0x12ef842a
+
+struct sigframe_v1
+{
+struct target_sigcontext sc;
+abi_ulong extramask[TARGET_NSIG_WORDS-1];
+abi_ulong retcode;
+};
+
+struct sigframe_v2
+{
+struct target_ucontext_v2 uc;
+abi_ulong retcode;
+};
+
+struct rt_sigframe_v1
+{
+abi_ulong pinfo;
+abi_ulong puc;
+struct target_siginfo info;
+struct target_ucontext_v1 uc;
+abi_ulong retcode;
+};
+
+struct rt_sigframe_v2
+{
+struct target_siginfo info;
+struct target_ucontext_v2 uc;
+abi_ulong retcode;
+};
+
+#define TARGET_CONFIG_CPU_32 1
+
+/*
+ * For ARM syscalls, we encode the syscall number into the instruction.
+ */
+#define SWI_SYS_SIGRETURN  (0xef00|(TARGET_NR_sigreturn + 
ARM_SYSCALL_BASE))
+#define SWI_SYS_RT_SIGRETURN   (0xef00|(TARGET_NR_rt_sigreturn + 
ARM_SYSCALL_BASE))
+
+/*
+ * For Thumb syscalls, we pass the syscall number via r7.  We therefore
+ * need two 16-bit instructions.
+ */
+#define SWI_THUMB_SIGRETURN(0xdf00 << 16 | 0x2700 | (TARGET_NR_sigreturn))
+#define SWI_THUMB_RT_SIGRETURN (0xdf00 << 16 | 0x2700 | 
(TARGET_NR_rt_sigreturn))
+
+static const abi_ulong retcodes[4] = {
+   SWI_SYS_SIGRETURN,  SWI_THUMB_SIGRETURN,
+   SWI_SYS_RT_SIGRETURN,   SWI_THUMB_RT_SIGRETURN
+};
+
+
+static inline int valid_user_regs(CPUARMState *regs)
+{
+return 1;
+}
+
+static void
+setup_sigcontext(struct target_sigcontext *sc, /*struct _fpstate *fpstate,*/
+ CPUARMState *env, abi_ulong mask)
+{
+__put_user(env->regs[0], >arm_r0);
+__put_user(env->regs[1], >arm_r1);
+__put_user(env->regs[2], >arm_r2);
+__put_user(env->regs[3], >arm_r3);
+__put_user(env->regs[4], >arm_r4);
+__put_user(env->regs[5], >arm_r5);
+__put_user(env->regs[6], >arm_r6);
+__put_user(env->regs[7], >arm_r7);
+__put_user(env->regs[8], >arm_r8);
+__put_user(env->regs[9], >arm_r9);
+__put_user(env->regs[10], >arm_r10);
+__put_user(env->regs[11], >arm_fp);
+__put_user(env->regs[12], >arm_ip);
+__put_user(env->regs[13], >arm_sp);
+__put_user(env->regs[14], >arm_lr);
+__put_user(env->regs[15], >arm_pc);
+#ifdef TARGET_CONFIG_CPU_32
+__put_user(cpsr_read(env), 

[Qemu-devel] [PATCH for 2.13 v2 18/20] linux-user: move mips/mips64 signal.c parts to mips directory

[Laurent Vivier]

No code change, only move code from signal.c to
mips/signal.c, except adding includes and
exporting setup_frame() and setup_rt_frame().

mips64/signal.c includes mips/signal.c

Signed-off-by: Laurent Vivier 
---
 linux-user/mips/signal.c  | 382 ++
 linux-user/mips/target_signal.h   |   9 +-
 linux-user/mips64/signal.c|   2 +
 linux-user/mips64/target_signal.h |   4 +-
 linux-user/signal.c   | 381 +
 5 files changed, 396 insertions(+), 382 deletions(-)

diff --git a/linux-user/mips/signal.c b/linux-user/mips/signal.c
index 02ca338b6c..a44e5b59e9 100644
--- a/linux-user/mips/signal.c
+++ b/linux-user/mips/signal.c
@@ -16,3 +16,385 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+# if defined(TARGET_ABI_MIPSO32)
+struct target_sigcontext {
+uint32_t   sc_regmask; /* Unused */
+uint32_t   sc_status;
+uint64_t   sc_pc;
+uint64_t   sc_regs[32];
+uint64_t   sc_fpregs[32];
+uint32_t   sc_ownedfp; /* Unused */
+uint32_t   sc_fpc_csr;
+uint32_t   sc_fpc_eir; /* Unused */
+uint32_t   sc_used_math;
+uint32_t   sc_dsp; /* dsp status, was sc_ssflags */
+uint32_t   pad0;
+uint64_t   sc_mdhi;
+uint64_t   sc_mdlo;
+target_ulong   sc_hi1; /* Was sc_cause */
+target_ulong   sc_lo1; /* Was sc_badvaddr */
+target_ulong   sc_hi2; /* Was sc_sigset[4] */
+target_ulong   sc_lo2;
+target_ulong   sc_hi3;
+target_ulong   sc_lo3;
+};
+# else /* N32 || N64 */
+struct target_sigcontext {
+uint64_t sc_regs[32];
+uint64_t sc_fpregs[32];
+uint64_t sc_mdhi;
+uint64_t sc_hi1;
+uint64_t sc_hi2;
+uint64_t sc_hi3;
+uint64_t sc_mdlo;
+uint64_t sc_lo1;
+uint64_t sc_lo2;
+uint64_t sc_lo3;
+uint64_t sc_pc;
+uint32_t sc_fpc_csr;
+uint32_t sc_used_math;
+uint32_t sc_dsp;
+uint32_t sc_reserved;
+};
+# endif /* O32 */
+
+struct sigframe {
+uint32_t sf_ass[4];/* argument save space for o32 
*/
+uint32_t sf_code[2];   /* signal trampoline */
+struct target_sigcontext sf_sc;
+target_sigset_t sf_mask;
+};
+
+struct target_ucontext {
+target_ulong tuc_flags;
+target_ulong tuc_link;
+target_stack_t tuc_stack;
+target_ulong pad0;
+struct target_sigcontext tuc_mcontext;
+target_sigset_t tuc_sigmask;
+};
+
+struct target_rt_sigframe {
+uint32_t rs_ass[4];   /* argument save space for o32 */
+uint32_t rs_code[2];  /* signal trampoline */
+struct target_siginfo rs_info;
+struct target_ucontext rs_uc;
+};
+
+/* Install trampoline to jump back from signal handler */
+static inline int install_sigtramp(unsigned int *tramp,   unsigned int syscall)
+{
+int err = 0;
+
+/*
+ * Set up the return code ...
+ *
+ * li  v0, __NR__foo_sigreturn
+ * syscall
+ */
+
+__put_user(0x2402 + syscall, tramp + 0);
+__put_user(0x000c  , tramp + 1);
+return err;
+}
+
+static inline void setup_sigcontext(CPUMIPSState *regs,
+struct target_sigcontext *sc)
+{
+int i;
+
+__put_user(exception_resume_pc(regs), >sc_pc);
+regs->hflags &= ~MIPS_HFLAG_BMASK;
+
+__put_user(0, >sc_regs[0]);
+for (i = 1; i < 32; ++i) {
+__put_user(regs->active_tc.gpr[i], >sc_regs[i]);
+}
+
+__put_user(regs->active_tc.HI[0], >sc_mdhi);
+__put_user(regs->active_tc.LO[0], >sc_mdlo);
+
+/* Rather than checking for dsp existence, always copy.  The storage
+   would just be garbage otherwise.  */
+__put_user(regs->active_tc.HI[1], >sc_hi1);
+__put_user(regs->active_tc.HI[2], >sc_hi2);
+__put_user(regs->active_tc.HI[3], >sc_hi3);
+__put_user(regs->active_tc.LO[1], >sc_lo1);
+__put_user(regs->active_tc.LO[2], >sc_lo2);
+__put_user(regs->active_tc.LO[3], >sc_lo3);
+{
+uint32_t dsp = cpu_rddsp(0x3ff, regs);
+__put_user(dsp, >sc_dsp);
+}
+
+__put_user(1, >sc_used_math);
+
+for (i = 0; i < 32; ++i) {
+__put_user(regs->active_fpu.fpr[i].d, >sc_fpregs[i]);
+}
+}
+
+static inline void
+restore_sigcontext(CPUMIPSState *regs, struct target_sigcontext *sc)
+{
+int i;
+
+__get_user(regs->CP0_EPC, >sc_pc);
+
+__get_user(regs->active_tc.HI[0], >sc_mdhi);
+__get_user(regs->active_tc.LO[0], >sc_mdlo);
+
+for (i = 1; i < 32; ++i) {
+__get_user(regs->active_tc.gpr[i], >sc_regs[i]);
+}
+
+__get_user(regs->active_tc.HI[1], >sc_hi1);
+__get_user(regs->active_tc.HI[2], >sc_hi2);
+__get_user(regs->active_tc.HI[3], >sc_hi3);
+

[Qemu-devel] [PATCH for 2.13 v2 13/20] linux-user: move riscv signal.c parts to riscv directory

[Laurent Vivier]

No code change, only move code from signal.c to
riscv/signal.c, except adding includes and
exporting setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/riscv/signal.c| 200 +++
 linux-user/riscv/target_signal.h |   3 +
 linux-user/signal.c  | 197 --
 3 files changed, 203 insertions(+), 197 deletions(-)

diff --git a/linux-user/riscv/signal.c b/linux-user/riscv/signal.c
index 02ca338b6c..718f3a5679 100644
--- a/linux-user/riscv/signal.c
+++ b/linux-user/riscv/signal.c
@@ -16,3 +16,203 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+/* Signal handler invocation must be transparent for the code being
+   interrupted. Complete CPU (hart) state is saved on entry and restored
+   before returning from the handler. Process sigmask is also saved to block
+   signals while the handler is running. The handler gets its own stack,
+   which also doubles as storage for the CPU state and sigmask.
+
+   The code below is qemu re-implementation of arch/riscv/kernel/signal.c */
+
+struct target_sigcontext {
+abi_long pc;
+abi_long gpr[31]; /* x0 is not present, so all offsets must be -1 */
+uint64_t fpr[32];
+uint32_t fcsr;
+}; /* cf. riscv-linux:arch/riscv/include/uapi/asm/ptrace.h */
+
+struct target_ucontext {
+unsigned long uc_flags;
+struct target_ucontext *uc_link;
+target_stack_t uc_stack;
+struct target_sigcontext uc_mcontext;
+target_sigset_t uc_sigmask;
+};
+
+struct target_rt_sigframe {
+uint32_t tramp[2]; /* not in kernel, which uses VDSO instead */
+struct target_siginfo info;
+struct target_ucontext uc;
+};
+
+static abi_ulong get_sigframe(struct target_sigaction *ka,
+  CPURISCVState *regs, size_t framesize)
+{
+abi_ulong sp = regs->gpr[xSP];
+int onsigstack = on_sig_stack(sp);
+
+/* redzone */
+/* This is the X/Open sanctioned signal stack switching.  */
+if ((ka->sa_flags & TARGET_SA_ONSTACK) != 0 && !onsigstack) {
+sp = target_sigaltstack_used.ss_sp + target_sigaltstack_used.ss_size;
+}
+
+sp -= framesize;
+sp &= ~3UL; /* align sp on 4-byte boundary */
+
+/* If we are on the alternate signal stack and would overflow it, don't.
+   Return an always-bogus address instead so we will die with SIGSEGV. */
+if (onsigstack && !likely(on_sig_stack(sp))) {
+return -1L;
+}
+
+return sp;
+}
+
+static void setup_sigcontext(struct target_sigcontext *sc, CPURISCVState *env)
+{
+int i;
+
+__put_user(env->pc, >pc);
+
+for (i = 1; i < 32; i++) {
+__put_user(env->gpr[i], >gpr[i - 1]);
+}
+for (i = 0; i < 32; i++) {
+__put_user(env->fpr[i], >fpr[i]);
+}
+
+uint32_t fcsr = csr_read_helper(env, CSR_FCSR); /*riscv_get_fcsr(env);*/
+__put_user(fcsr, >fcsr);
+}
+
+static void setup_ucontext(struct target_ucontext *uc,
+   CPURISCVState *env, target_sigset_t *set)
+{
+abi_ulong ss_sp = (target_ulong)target_sigaltstack_used.ss_sp;
+abi_ulong ss_flags = sas_ss_flags(env->gpr[xSP]);
+abi_ulong ss_size = target_sigaltstack_used.ss_size;
+
+__put_user(0,&(uc->uc_flags));
+__put_user(0,&(uc->uc_link));
+
+__put_user(ss_sp,&(uc->uc_stack.ss_sp));
+__put_user(ss_flags, &(uc->uc_stack.ss_flags));
+__put_user(ss_size,  &(uc->uc_stack.ss_size));
+
+int i;
+for (i = 0; i < TARGET_NSIG_WORDS; i++) {
+__put_user(set->sig[i], &(uc->uc_sigmask.sig[i]));
+}
+
+setup_sigcontext(>uc_mcontext, env);
+}
+
+static inline void install_sigtramp(uint32_t *tramp)
+{
+__put_user(0x08b00893, tramp + 0);  /* li a7, 139 = __NR_rt_sigreturn */
+__put_user(0x0073, tramp + 1);  /* ecall */
+}
+
+void setup_rt_frame(int sig, struct target_sigaction *ka,
+target_siginfo_t *info,
+target_sigset_t *set, CPURISCVState *env)
+{
+abi_ulong frame_addr;
+struct target_rt_sigframe *frame;
+
+frame_addr = get_sigframe(ka, env, sizeof(*frame));
+trace_user_setup_rt_frame(env, frame_addr);
+
+if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {
+goto badframe;
+}
+
+setup_ucontext(>uc, env, set);
+tswap_siginfo(>info, info);
+install_sigtramp(frame->tramp);
+
+env->pc = ka->_sa_handler;
+env->gpr[xSP] = frame_addr;
+env->gpr[xA0] = sig;
+env->gpr[xA1] = frame_addr + offsetof(struct target_rt_sigframe, info);
+env->gpr[xA2] = frame_addr + offsetof(struct target_rt_sigframe, uc);
+env->gpr[xRA] = frame_addr + offsetof(struct target_rt_sigframe, tramp);
+
+return;
+
+badframe:
+unlock_user_struct(frame, 

[Qemu-devel] [PATCH for 2.13 v2 19/20] linux-user: move ppc/ppc64 signal.c parts to ppc directory

[Laurent Vivier]

No code change, only move code from signal.c to
ppc/signal.c, except adding includes and
exporting setup_frame() and setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/ppc/signal.c| 671 +
 linux-user/ppc/target_signal.h |   8 +-
 linux-user/signal.c| 670 
 3 files changed, 678 insertions(+), 671 deletions(-)

diff --git a/linux-user/ppc/signal.c b/linux-user/ppc/signal.c
index 02ca338b6c..15148d54a9 100644
--- a/linux-user/ppc/signal.c
+++ b/linux-user/ppc/signal.c
@@ -16,3 +16,674 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+/* Size of dummy stack frame allocated when calling signal handler.
+   See arch/powerpc/include/asm/ptrace.h.  */
+#if defined(TARGET_PPC64)
+#define SIGNAL_FRAMESIZE 128
+#else
+#define SIGNAL_FRAMESIZE 64
+#endif
+
+/* See arch/powerpc/include/asm/ucontext.h.  Only used for 32-bit PPC;
+   on 64-bit PPC, sigcontext and mcontext are one and the same.  */
+struct target_mcontext {
+target_ulong mc_gregs[48];
+/* Includes fpscr.  */
+uint64_t mc_fregs[33];
+#if defined(TARGET_PPC64)
+/* Pointer to the vector regs */
+target_ulong v_regs;
+#else
+target_ulong mc_pad[2];
+#endif
+/* We need to handle Altivec and SPE at the same time, which no
+   kernel needs to do.  Fortunately, the kernel defines this bit to
+   be Altivec-register-large all the time, rather than trying to
+   twiddle it based on the specific platform.  */
+union {
+/* SPE vector registers.  One extra for SPEFSCR.  */
+uint32_t spe[33];
+/* Altivec vector registers.  The packing of VSCR and VRSAVE
+   varies depending on whether we're PPC64 or not: PPC64 splits
+   them apart; PPC32 stuffs them together.
+   We also need to account for the VSX registers on PPC64
+*/
+#if defined(TARGET_PPC64)
+#define QEMU_NVRREG (34 + 16)
+/* On ppc64, this mcontext structure is naturally *unaligned*,
+ * or rather it is aligned on a 8 bytes boundary but not on
+ * a 16 bytes one. This pad fixes it up. This is also why the
+ * vector regs are referenced by the v_regs pointer above so
+ * any amount of padding can be added here
+ */
+target_ulong pad;
+#else
+/* On ppc32, we are already aligned to 16 bytes */
+#define QEMU_NVRREG 33
+#endif
+/* We cannot use ppc_avr_t here as we do *not* want the implied
+ * 16-bytes alignment that would result from it. This would have
+ * the effect of making the whole struct target_mcontext aligned
+ * which breaks the layout of struct target_ucontext on ppc64.
+ */
+uint64_t altivec[QEMU_NVRREG][2];
+#undef QEMU_NVRREG
+} mc_vregs;
+};
+
+/* See arch/powerpc/include/asm/sigcontext.h.  */
+struct target_sigcontext {
+target_ulong _unused[4];
+int32_t signal;
+#if defined(TARGET_PPC64)
+int32_t pad0;
+#endif
+target_ulong handler;
+target_ulong oldmask;
+target_ulong regs;  /* struct pt_regs __user * */
+#if defined(TARGET_PPC64)
+struct target_mcontext mcontext;
+#endif
+};
+
+/* Indices for target_mcontext.mc_gregs, below.
+   See arch/powerpc/include/asm/ptrace.h for details.  */
+enum {
+TARGET_PT_R0 = 0,
+TARGET_PT_R1 = 1,
+TARGET_PT_R2 = 2,
+TARGET_PT_R3 = 3,
+TARGET_PT_R4 = 4,
+TARGET_PT_R5 = 5,
+TARGET_PT_R6 = 6,
+TARGET_PT_R7 = 7,
+TARGET_PT_R8 = 8,
+TARGET_PT_R9 = 9,
+TARGET_PT_R10 = 10,
+TARGET_PT_R11 = 11,
+TARGET_PT_R12 = 12,
+TARGET_PT_R13 = 13,
+TARGET_PT_R14 = 14,
+TARGET_PT_R15 = 15,
+TARGET_PT_R16 = 16,
+TARGET_PT_R17 = 17,
+TARGET_PT_R18 = 18,
+TARGET_PT_R19 = 19,
+TARGET_PT_R20 = 20,
+TARGET_PT_R21 = 21,
+TARGET_PT_R22 = 22,
+TARGET_PT_R23 = 23,
+TARGET_PT_R24 = 24,
+TARGET_PT_R25 = 25,
+TARGET_PT_R26 = 26,
+TARGET_PT_R27 = 27,
+TARGET_PT_R28 = 28,
+TARGET_PT_R29 = 29,
+TARGET_PT_R30 = 30,
+TARGET_PT_R31 = 31,
+TARGET_PT_NIP = 32,
+TARGET_PT_MSR = 33,
+TARGET_PT_ORIG_R3 = 34,
+TARGET_PT_CTR = 35,
+TARGET_PT_LNK = 36,
+TARGET_PT_XER = 37,
+TARGET_PT_CCR = 38,
+/* Yes, there are two registers with #39.  One is 64-bit only.  */
+TARGET_PT_MQ = 39,
+TARGET_PT_SOFTE = 39,
+TARGET_PT_TRAP = 40,
+TARGET_PT_DAR = 41,
+TARGET_PT_DSISR = 42,
+TARGET_PT_RESULT = 43,
+TARGET_PT_REGS_COUNT = 44
+};
+
+
+struct target_ucontext {
+target_ulong tuc_flags;
+target_ulong tuc_link;/* ucontext_t __user * */
+struct target_sigaltstack tuc_stack;
+#if !defined(TARGET_PPC64)
+int32_t 

[Qemu-devel] [PATCH for 2.13 v2 20/20] linux-user: define TARGET_ARCH_HAS_SETUP_FRAME

[Laurent Vivier]

Instead of calling setup_frame() conditionally to a list of known targets,
define TARGET_ARCH_HAS_SETUP_FRAME if the target provides the function
and call it only if the macro is defined.

Signed-off-by: Laurent Vivier 
---
 linux-user/aarch64/target_signal.h|  1 +
 linux-user/alpha/target_signal.h  |  1 +
 linux-user/arm/target_signal.h|  1 +
 linux-user/cris/target_signal.h   |  1 +
 linux-user/i386/target_signal.h   |  1 +
 linux-user/m68k/target_signal.h   |  1 +
 linux-user/microblaze/target_signal.h |  1 +
 linux-user/mips/target_signal.h   |  1 +
 linux-user/ppc/target_signal.h|  1 +
 linux-user/s390x/target_signal.h  |  1 +
 linux-user/sh4/target_signal.h|  1 +
 linux-user/signal.c   | 15 ++-
 linux-user/sparc/target_signal.h  |  1 +
 linux-user/sparc64/target_signal.h|  1 +
 14 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/linux-user/aarch64/target_signal.h 
b/linux-user/aarch64/target_signal.h
index af1f1320e2..df8e70fa35 100644
--- a/linux-user/aarch64/target_signal.h
+++ b/linux-user/aarch64/target_signal.h
@@ -26,6 +26,7 @@ static inline abi_ulong get_sp_from_cpustate(CPUARMState 
*state)
return state->xregs[31];
 }
 
+#define TARGET_ARCH_HAS_SETUP_FRAME
 void setup_frame(int sig, struct target_sigaction *ka,
  target_sigset_t *set, CPUARMState *env);
 void setup_rt_frame(int sig, struct target_sigaction *ka,
diff --git a/linux-user/alpha/target_signal.h b/linux-user/alpha/target_signal.h
index 42343a1ae6..9cf57b5e51 100644
--- a/linux-user/alpha/target_signal.h
+++ b/linux-user/alpha/target_signal.h
@@ -55,6 +55,7 @@ static inline abi_ulong get_sp_from_cpustate(CPUAlphaState 
*state)
 #define TARGET_GEN_SUBRNG6 -24
 #define TARGET_GEN_SUBRNG7 -25
 
+#define TARGET_ARCH_HAS_SETUP_FRAME
 void setup_frame(int sig, struct target_sigaction *ka,
  target_sigset_t *set, CPUAlphaState *env);
 void setup_rt_frame(int sig, struct target_sigaction *ka,
diff --git a/linux-user/arm/target_signal.h b/linux-user/arm/target_signal.h
index 4b542c324f..067c261b91 100644
--- a/linux-user/arm/target_signal.h
+++ b/linux-user/arm/target_signal.h
@@ -26,6 +26,7 @@ static inline abi_ulong get_sp_from_cpustate(CPUARMState 
*state)
return state->regs[13];
 }
 
+#define TARGET_ARCH_HAS_SETUP_FRAME
 void setup_frame(int usig, struct target_sigaction *ka,
  target_sigset_t *set, CPUARMState *regs);
 void setup_rt_frame(int usig, struct target_sigaction *ka,
diff --git a/linux-user/cris/target_signal.h b/linux-user/cris/target_signal.h
index 19c0d7b539..511af489f2 100644
--- a/linux-user/cris/target_signal.h
+++ b/linux-user/cris/target_signal.h
@@ -26,6 +26,7 @@ static inline abi_ulong get_sp_from_cpustate(CPUCRISState 
*state)
 return state->regs[14];
 }
 
+#define TARGET_ARCH_HAS_SETUP_FRAME
 void setup_frame(int sig, struct target_sigaction *ka,
  target_sigset_t *set, CPUCRISState *env);
 void setup_rt_frame(int sig, struct target_sigaction *ka,
diff --git a/linux-user/i386/target_signal.h b/linux-user/i386/target_signal.h
index ec5a3e3373..860a411f1d 100644
--- a/linux-user/i386/target_signal.h
+++ b/linux-user/i386/target_signal.h
@@ -26,6 +26,7 @@ static inline abi_ulong get_sp_from_cpustate(CPUX86State 
*state)
 return state->regs[R_ESP];
 }
 
+#define TARGET_ARCH_HAS_SETUP_FRAME
 void setup_frame(int sig, struct target_sigaction *ka,
  target_sigset_t *set, CPUX86State *env);
 void setup_rt_frame(int sig, struct target_sigaction *ka,
diff --git a/linux-user/m68k/target_signal.h b/linux-user/m68k/target_signal.h
index 29e0c01191..97e6cb44ea 100644
--- a/linux-user/m68k/target_signal.h
+++ b/linux-user/m68k/target_signal.h
@@ -26,6 +26,7 @@ static inline abi_ulong get_sp_from_cpustate(CPUM68KState 
*state)
 return state->aregs[7];
 }
 
+#define TARGET_ARCH_HAS_SETUP_FRAME
 void setup_frame(int sig, struct target_sigaction *ka,
  target_sigset_t *set, CPUM68KState *env);
 void setup_rt_frame(int sig, struct target_sigaction *ka,
diff --git a/linux-user/microblaze/target_signal.h 
b/linux-user/microblaze/target_signal.h
index 7b25a34256..892b41521f 100644
--- a/linux-user/microblaze/target_signal.h
+++ b/linux-user/microblaze/target_signal.h
@@ -26,6 +26,7 @@ static inline abi_ulong get_sp_from_cpustate(CPUMBState 
*state)
 return state->regs[14];
 }
 
+#define TARGET_ARCH_HAS_SETUP_FRAME
 void setup_frame(int sig, struct target_sigaction *ka,
  target_sigset_t *set, CPUMBState *env);
 void setup_rt_frame(int sig, struct target_sigaction *ka,
diff --git a/linux-user/mips/target_signal.h b/linux-user/mips/target_signal.h
index 22ab3e4a94..cd4c82fe5b 100644
--- a/linux-user/mips/target_signal.h
+++ b/linux-user/mips/target_signal.h
@@ -28,6 +28,7 @@ static inline abi_ulong get_sp_from_cpustate(CPUMIPSState 
*state)
 
 # if defined(TARGET_ABI_MIPSO32)
 /* 

[Qemu-devel] [PATCH for 2.13 v2 16/20] linux-user: move i386/x86_64 signal.c parts to i386 directory

[Laurent Vivier]

No code change, only move code from signal.c to
i386/signal.c, except adding includes and
exporting setup_frame() and setup_rt_frame().

x86_64/signal.c includes i386/signal.c

Signed-off-by: Laurent Vivier 
---
 linux-user/i386/signal.c  | 584 ++
 linux-user/i386/target_signal.h   |   5 +
 linux-user/signal.c   | 582 +
 linux-user/x86_64/signal.c|   2 +
 linux-user/x86_64/target_signal.h |   3 +
 5 files changed, 595 insertions(+), 581 deletions(-)

diff --git a/linux-user/i386/signal.c b/linux-user/i386/signal.c
index 02ca338b6c..1e17ed38be 100644
--- a/linux-user/i386/signal.c
+++ b/linux-user/i386/signal.c
@@ -16,3 +16,587 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+/* from the Linux kernel - /arch/x86/include/uapi/asm/sigcontext.h */
+
+struct target_fpreg {
+uint16_t significand[4];
+uint16_t exponent;
+};
+
+struct target_fpxreg {
+uint16_t significand[4];
+uint16_t exponent;
+uint16_t padding[3];
+};
+
+struct target_xmmreg {
+uint32_t element[4];
+};
+
+struct target_fpstate_32 {
+/* Regular FPU environment */
+uint32_t cw;
+uint32_t sw;
+uint32_t tag;
+uint32_t ipoff;
+uint32_t cssel;
+uint32_t dataoff;
+uint32_t datasel;
+struct target_fpreg st[8];
+uint16_t  status;
+uint16_t  magic;  /* 0x = regular FPU data only */
+
+/* FXSR FPU environment */
+uint32_t _fxsr_env[6];   /* FXSR FPU env is ignored */
+uint32_t mxcsr;
+uint32_t reserved;
+struct target_fpxreg fxsr_st[8]; /* FXSR FPU reg data is ignored */
+struct target_xmmreg xmm[8];
+uint32_t padding[56];
+};
+
+struct target_fpstate_64 {
+/* FXSAVE format */
+uint16_t cw;
+uint16_t sw;
+uint16_t twd;
+uint16_t fop;
+uint64_t rip;
+uint64_t rdp;
+uint32_t mxcsr;
+uint32_t mxcsr_mask;
+uint32_t st_space[32];
+uint32_t xmm_space[64];
+uint32_t reserved[24];
+};
+
+#ifndef TARGET_X86_64
+# define target_fpstate target_fpstate_32
+#else
+# define target_fpstate target_fpstate_64
+#endif
+
+struct target_sigcontext_32 {
+uint16_t gs, __gsh;
+uint16_t fs, __fsh;
+uint16_t es, __esh;
+uint16_t ds, __dsh;
+uint32_t edi;
+uint32_t esi;
+uint32_t ebp;
+uint32_t esp;
+uint32_t ebx;
+uint32_t edx;
+uint32_t ecx;
+uint32_t eax;
+uint32_t trapno;
+uint32_t err;
+uint32_t eip;
+uint16_t cs, __csh;
+uint32_t eflags;
+uint32_t esp_at_signal;
+uint16_t ss, __ssh;
+uint32_t fpstate; /* pointer */
+uint32_t oldmask;
+uint32_t cr2;
+};
+
+struct target_sigcontext_64 {
+uint64_t r8;
+uint64_t r9;
+uint64_t r10;
+uint64_t r11;
+uint64_t r12;
+uint64_t r13;
+uint64_t r14;
+uint64_t r15;
+
+uint64_t rdi;
+uint64_t rsi;
+uint64_t rbp;
+uint64_t rbx;
+uint64_t rdx;
+uint64_t rax;
+uint64_t rcx;
+uint64_t rsp;
+uint64_t rip;
+
+uint64_t eflags;
+
+uint16_t cs;
+uint16_t gs;
+uint16_t fs;
+uint16_t ss;
+
+uint64_t err;
+uint64_t trapno;
+uint64_t oldmask;
+uint64_t cr2;
+
+uint64_t fpstate; /* pointer */
+uint64_t padding[8];
+};
+
+#ifndef TARGET_X86_64
+# define target_sigcontext target_sigcontext_32
+#else
+# define target_sigcontext target_sigcontext_64
+#endif
+
+/* see Linux/include/uapi/asm-generic/ucontext.h */
+struct target_ucontext {
+abi_ulong tuc_flags;
+abi_ulong tuc_link;
+target_stack_ttuc_stack;
+struct target_sigcontext tuc_mcontext;
+target_sigset_t   tuc_sigmask;  /* mask last for extensibility */
+};
+
+#ifndef TARGET_X86_64
+struct sigframe {
+abi_ulong pretcode;
+int sig;
+struct target_sigcontext sc;
+struct target_fpstate fpstate;
+abi_ulong extramask[TARGET_NSIG_WORDS-1];
+char retcode[8];
+};
+
+struct rt_sigframe {
+abi_ulong pretcode;
+int sig;
+abi_ulong pinfo;
+abi_ulong puc;
+struct target_siginfo info;
+struct target_ucontext uc;
+struct target_fpstate fpstate;
+char retcode[8];
+};
+
+#else
+
+struct rt_sigframe {
+abi_ulong pretcode;
+struct target_ucontext uc;
+struct target_siginfo info;
+struct target_fpstate fpstate;
+};
+
+#endif
+
+/*
+ * Set up a signal frame.
+ */
+
+/* XXX: save x87 state */
+static void setup_sigcontext(struct target_sigcontext *sc,
+struct target_fpstate *fpstate, CPUX86State *env, abi_ulong mask,
+abi_ulong fpstate_addr)
+{
+CPUState *cs = CPU(x86_env_get_cpu(env));
+#ifndef TARGET_X86_64
+uint16_t magic;
+
+/* already locked in setup_frame() */
+

[Qemu-devel] [PATCH for 2.13 v2 08/20] linux-user: move openrisc signal.c parts to openrisc directory

[Laurent Vivier]

No code change, only move code from signal.c to
openrisc/signal.c, except adding includes and
exporting setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/openrisc/signal.c| 213 
 linux-user/openrisc/target_signal.h |   4 +-
 linux-user/signal.c | 211 ---
 3 files changed, 216 insertions(+), 212 deletions(-)

diff --git a/linux-user/openrisc/signal.c b/linux-user/openrisc/signal.c
index 02ca338b6c..0276808b59 100644
--- a/linux-user/openrisc/signal.c
+++ b/linux-user/openrisc/signal.c
@@ -16,3 +16,216 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+struct target_sigcontext {
+struct target_pt_regs regs;
+abi_ulong oldmask;
+abi_ulong usp;
+};
+
+struct target_ucontext {
+abi_ulong tuc_flags;
+abi_ulong tuc_link;
+target_stack_t tuc_stack;
+struct target_sigcontext tuc_mcontext;
+target_sigset_t tuc_sigmask;   /* mask last for extensibility */
+};
+
+struct target_rt_sigframe {
+abi_ulong pinfo;
+uint64_t puc;
+struct target_siginfo info;
+struct target_sigcontext sc;
+struct target_ucontext uc;
+unsigned char retcode[16];  /* trampoline code */
+};
+
+/* This is the asm-generic/ucontext.h version */
+#if 0
+static int restore_sigcontext(CPUOpenRISCState *regs,
+  struct target_sigcontext *sc)
+{
+unsigned int err = 0;
+unsigned long old_usp;
+
+/* Alwys make any pending restarted system call return -EINTR */
+current_thread_info()->restart_block.fn = do_no_restart_syscall;
+
+/* restore the regs from >regs (same as sc, since regs is first)
+ * (sc is already checked for VERIFY_READ since the sigframe was
+ *  checked in sys_sigreturn previously)
+ */
+
+if (copy_from_user(regs, , sizeof(struct target_pt_regs))) {
+goto badframe;
+}
+
+/* make sure the U-flag is set so user-mode cannot fool us */
+
+regs->sr &= ~SR_SM;
+
+/* restore the old USP as it was before we stacked the sc etc.
+ * (we cannot just pop the sigcontext since we aligned the sp and
+ *  stuff after pushing it)
+ */
+
+__get_user(old_usp, >usp);
+phx_signal("old_usp 0x%lx", old_usp);
+
+__PHX__ REALLY   /* ??? */
+wrusp(old_usp);
+regs->gpr[1] = old_usp;
+
+/* TODO: the other ports use regs->orig_XX to disable syscall checks
+ * after this completes, but we don't use that mechanism. maybe we can
+ * use it now ?
+ */
+
+return err;
+
+badframe:
+return 1;
+}
+#endif
+
+/* Set up a signal frame.  */
+
+static void setup_sigcontext(struct target_sigcontext *sc,
+ CPUOpenRISCState *regs,
+ unsigned long mask)
+{
+unsigned long usp = cpu_get_gpr(regs, 1);
+
+/* copy the regs. they are first in sc so we can use sc directly */
+
+/*copy_to_user(, regs, sizeof(struct target_pt_regs));*/
+
+/* Set the frametype to CRIS_FRAME_NORMAL for the execution of
+   the signal handler. The frametype will be restored to its previous
+   value in restore_sigcontext. */
+/*regs->frametype = CRIS_FRAME_NORMAL;*/
+
+/* then some other stuff */
+__put_user(mask, >oldmask);
+__put_user(usp, >usp);
+}
+
+static inline unsigned long align_sigframe(unsigned long sp)
+{
+return sp & ~3UL;
+}
+
+static inline abi_ulong get_sigframe(struct target_sigaction *ka,
+ CPUOpenRISCState *regs,
+ size_t frame_size)
+{
+unsigned long sp = cpu_get_gpr(regs, 1);
+int onsigstack = on_sig_stack(sp);
+
+/* redzone */
+/* This is the X/Open sanctioned signal stack switching.  */
+if ((ka->sa_flags & TARGET_SA_ONSTACK) != 0 && !onsigstack) {
+sp = target_sigaltstack_used.ss_sp + target_sigaltstack_used.ss_size;
+}
+
+sp = align_sigframe(sp - frame_size);
+
+/*
+ * If we are on the alternate signal stack and would overflow it, don't.
+ * Return an always-bogus address instead so we will die with SIGSEGV.
+ */
+
+if (onsigstack && !likely(on_sig_stack(sp))) {
+return -1L;
+}
+
+return sp;
+}
+
+void setup_rt_frame(int sig, struct target_sigaction *ka,
+target_siginfo_t *info,
+target_sigset_t *set, CPUOpenRISCState *env)
+{
+int err = 0;
+abi_ulong frame_addr;
+unsigned long return_ip;
+struct target_rt_sigframe *frame;
+abi_ulong info_addr, uc_addr;
+
+frame_addr = get_sigframe(ka, env, sizeof(*frame));
+trace_user_setup_rt_frame(env, frame_addr);
+if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {
+  

[Qemu-devel] [PATCH for 2.13 v2 17/20] linux-user: move sparc/sparc64 signal.c parts to sparc directory

[Laurent Vivier]

No code change, only move code from signal.c to
sparc/signal.c, except adding includes and
exporting setup_frame() and setup_rt_frame().

sparc64/signal.c includes sparc/signal.c

Signed-off-by: Laurent Vivier 
---
 linux-user/signal.c| 604 +---
 linux-user/sparc/signal.c  | 606 +
 linux-user/sparc/target_signal.h   |   6 +-
 linux-user/sparc64/signal.c|   2 +
 linux-user/sparc64/target_signal.h |   6 +-
 5 files changed, 619 insertions(+), 605 deletions(-)

diff --git a/linux-user/signal.c b/linux-user/signal.c
index 1891553823..2bcb32a7ce 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -803,609 +803,7 @@ int do_sigaction(int sig, const struct target_sigaction 
*act,
 return ret;
 }
 
-#if defined(TARGET_SPARC)
-
-#define __SUNOS_MAXWIN   31
-
-/* This is what SunOS does, so shall I. */
-struct target_sigcontext {
-abi_ulong sigc_onstack;  /* state to restore */
-
-abi_ulong sigc_mask; /* sigmask to restore */
-abi_ulong sigc_sp;   /* stack pointer */
-abi_ulong sigc_pc;   /* program counter */
-abi_ulong sigc_npc;  /* next program counter */
-abi_ulong sigc_psr;  /* for condition codes etc */
-abi_ulong sigc_g1;   /* User uses these two registers */
-abi_ulong sigc_o0;   /* within the trampoline code. */
-
-/* Now comes information regarding the users window set
- * at the time of the signal.
- */
-abi_ulong sigc_oswins;   /* outstanding windows */
-
-/* stack ptrs for each regwin buf */
-char *sigc_spbuf[__SUNOS_MAXWIN];
-
-/* Windows to restore after signal */
-struct {
-abi_ulong locals[8];
-abi_ulong ins[8];
-} sigc_wbuf[__SUNOS_MAXWIN];
-};
-/* A Sparc stack frame */
-struct sparc_stackf {
-abi_ulong locals[8];
-abi_ulong ins[8];
-/* It's simpler to treat fp and callers_pc as elements of ins[]
- * since we never need to access them ourselves.
- */
-char *structptr;
-abi_ulong xargs[6];
-abi_ulong xxargs[1];
-};
-
-typedef struct {
-struct {
-abi_ulong psr;
-abi_ulong pc;
-abi_ulong npc;
-abi_ulong y;
-abi_ulong u_regs[16]; /* globals and ins */
-}   si_regs;
-int si_mask;
-} __siginfo_t;
-
-typedef struct {
-abi_ulong  si_float_regs[32];
-unsigned   long si_fsr;
-unsigned   long si_fpqdepth;
-struct {
-unsigned long *insn_addr;
-unsigned long insn;
-} si_fpqueue [16];
-} qemu_siginfo_fpu_t;
-
-
-struct target_signal_frame {
-struct sparc_stackf ss;
-__siginfo_t info;
-abi_ulong   fpu_save;
-abi_ulong   insns[2] __attribute__ ((aligned (8)));
-abi_ulong   extramask[TARGET_NSIG_WORDS - 1];
-abi_ulong   extra_size; /* Should be 0 */
-qemu_siginfo_fpu_t fpu_state;
-};
-struct target_rt_signal_frame {
-struct sparc_stackf ss;
-siginfo_t   info;
-abi_ulong   regs[20];
-sigset_tmask;
-abi_ulong   fpu_save;
-unsigned intinsns[2];
-stack_t stack;
-unsigned intextra_size; /* Should be 0 */
-qemu_siginfo_fpu_t  fpu_state;
-};
-
-#define UREG_O016
-#define UREG_O622
-#define UREG_I00
-#define UREG_I11
-#define UREG_I22
-#define UREG_I33
-#define UREG_I44
-#define UREG_I55
-#define UREG_I66
-#define UREG_I77
-#define UREG_L0   8
-#define UREG_FPUREG_I6
-#define UREG_SPUREG_O6
-
-static inline abi_ulong get_sigframe(struct target_sigaction *sa, 
- CPUSPARCState *env,
- unsigned long framesize)
-{
-abi_ulong sp;
-
-sp = env->regwptr[UREG_FP];
-
-/* This is the X/Open sanctioned signal stack switching.  */
-if (sa->sa_flags & TARGET_SA_ONSTACK) {
-if (!on_sig_stack(sp)
-&& !((target_sigaltstack_used.ss_sp + 
target_sigaltstack_used.ss_size) & 7)) {
-sp = target_sigaltstack_used.ss_sp + 
target_sigaltstack_used.ss_size;
-}
-}
-return sp - framesize;
-}
-
-static int
-setup___siginfo(__siginfo_t *si, CPUSPARCState *env, abi_ulong mask)
-{
-int err = 0, i;
-
-__put_user(env->psr, >si_regs.psr);
-__put_user(env->pc, >si_regs.pc);
-__put_user(env->npc, >si_regs.npc);
-__put_user(env->y, >si_regs.y);
-for (i=0; i < 8; i++) {
-__put_user(env->gregs[i], >si_regs.u_regs[i]);
-}
-for (i=0; i < 8; i++) {
-__put_user(env->regwptr[UREG_I0 + i], >si_regs.u_regs[i+8]);
-}
-__put_user(mask, >si_mask);
-return err;
-}
-
-#if 0
-static int
-setup_sigcontext(struct target_sigcontext *sc, /*struct _fpstate *fpstate,*/
-

[Qemu-devel] [PATCH for 2.13 v2 15/20] linux-user: move xtensa signal.c parts to xtensa directory

[Laurent Vivier]

No code change, only move code from signal.c to
xtensa/signal.c, except adding includes and
exporting setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/signal.c   | 253 -
 linux-user/xtensa/signal.c| 257 ++
 linux-user/xtensa/target_signal.h |   3 +
 3 files changed, 260 insertions(+), 253 deletions(-)

diff --git a/linux-user/signal.c b/linux-user/signal.c
index fc81ec87b6..f039157970 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -3032,259 +3032,6 @@ sigsegv:
 return -TARGET_QEMU_ESIGRETURN;
 }
 
-#elif defined(TARGET_XTENSA)
-
-struct target_sigcontext {
-abi_ulong sc_pc;
-abi_ulong sc_ps;
-abi_ulong sc_lbeg;
-abi_ulong sc_lend;
-abi_ulong sc_lcount;
-abi_ulong sc_sar;
-abi_ulong sc_acclo;
-abi_ulong sc_acchi;
-abi_ulong sc_a[16];
-abi_ulong sc_xtregs;
-};
-
-struct target_ucontext {
-abi_ulong tuc_flags;
-abi_ulong tuc_link;
-target_stack_t tuc_stack;
-struct target_sigcontext tuc_mcontext;
-target_sigset_t tuc_sigmask;
-};
-
-struct target_rt_sigframe {
-target_siginfo_t info;
-struct target_ucontext uc;
-/* TODO: xtregs */
-uint8_t retcode[6];
-abi_ulong window[4];
-};
-
-static abi_ulong get_sigframe(struct target_sigaction *sa,
-  CPUXtensaState *env,
-  unsigned long framesize)
-{
-abi_ulong sp = env->regs[1];
-
-/* This is the X/Open sanctioned signal stack switching.  */
-if ((sa->sa_flags & TARGET_SA_ONSTACK) != 0 && !sas_ss_flags(sp)) {
-sp = target_sigaltstack_used.ss_sp + target_sigaltstack_used.ss_size;
-}
-return (sp - framesize) & -16;
-}
-
-static int flush_window_regs(CPUXtensaState *env)
-{
-const uint32_t nareg_mask = env->config->nareg - 1;
-uint32_t wb = env->sregs[WINDOW_BASE];
-uint32_t ws = (xtensa_replicate_windowstart(env) >> (wb + 1)) &
-((1 << env->config->nareg / 4) - 1);
-uint32_t d = ctz32(ws) + 1;
-uint32_t sp;
-abi_long ret = 0;
-
-wb += d;
-ws >>= d;
-
-xtensa_sync_phys_from_window(env);
-sp = env->phys_regs[(wb * 4 + 1) & nareg_mask];
-
-while (ws && ret == 0) {
-int d;
-int i;
-int idx;
-
-if (ws & 0x1) {
-ws >>= 1;
-d = 1;
-} else if (ws & 0x2) {
-ws >>= 2;
-d = 2;
-for (i = 0; i < 4; ++i) {
-idx = (wb * 4 + 4 + i) & nareg_mask;
-ret |= put_user_ual(env->phys_regs[idx], sp + (i - 12) * 4);
-}
-} else if (ws & 0x4) {
-ws >>= 3;
-d = 3;
-for (i = 0; i < 8; ++i) {
-idx = (wb * 4 + 4 + i) & nareg_mask;
-ret |= put_user_ual(env->phys_regs[idx], sp + (i - 16) * 4);
-}
-} else {
-g_assert_not_reached();
-}
-sp = env->phys_regs[((wb + d) * 4 + 1) & nareg_mask];
-for (i = 0; i < 4; ++i) {
-idx = (wb * 4 + i) & nareg_mask;
-ret |= put_user_ual(env->phys_regs[idx], sp + (i - 4) * 4);
-}
-wb += d;
-}
-return ret == 0;
-}
-
-static int setup_sigcontext(struct target_rt_sigframe *frame,
-CPUXtensaState *env)
-{
-struct target_sigcontext *sc = >uc.tuc_mcontext;
-int i;
-
-__put_user(env->pc, >sc_pc);
-__put_user(env->sregs[PS], >sc_ps);
-__put_user(env->sregs[LBEG], >sc_lbeg);
-__put_user(env->sregs[LEND], >sc_lend);
-__put_user(env->sregs[LCOUNT], >sc_lcount);
-if (!flush_window_regs(env)) {
-return 0;
-}
-for (i = 0; i < 16; ++i) {
-__put_user(env->regs[i], sc->sc_a + i);
-}
-__put_user(0, >sc_xtregs);
-/* TODO: xtregs */
-return 1;
-}
-
-static void setup_rt_frame(int sig, struct target_sigaction *ka,
-   target_siginfo_t *info,
-   target_sigset_t *set, CPUXtensaState *env)
-{
-abi_ulong frame_addr;
-struct target_rt_sigframe *frame;
-uint32_t ra;
-int i;
-
-frame_addr = get_sigframe(ka, env, sizeof(*frame));
-trace_user_setup_rt_frame(env, frame_addr);
-
-if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {
-goto give_sigsegv;
-}
-
-if (ka->sa_flags & SA_SIGINFO) {
-tswap_siginfo(>info, info);
-}
-
-__put_user(0, >uc.tuc_flags);
-__put_user(0, >uc.tuc_link);
-__put_user(target_sigaltstack_used.ss_sp,
-   >uc.tuc_stack.ss_sp);
-__put_user(sas_ss_flags(env->regs[1]),
-   >uc.tuc_stack.ss_flags);
-__put_user(target_sigaltstack_used.ss_size,
-   >uc.tuc_stack.ss_size);
-if (!setup_sigcontext(frame, env)) {
-unlock_user_struct(frame, frame_addr, 0);
-goto give_sigsegv;
-}
-for (i = 0; i < TARGET_NSIG_WORDS; ++i) {
-   

[Qemu-devel] [PATCH for 2.13 v2 11/20] linux-user: move alpha signal.c parts to alpha directory

[Laurent Vivier]

No code change, only move code from signal.c to
alpha/signal.c, except adding includes and
exporting setup_frame() and setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/alpha/signal.c| 262 +++
 linux-user/alpha/target_signal.h |   5 +
 linux-user/signal.c  | 259 --
 3 files changed, 267 insertions(+), 259 deletions(-)

diff --git a/linux-user/alpha/signal.c b/linux-user/alpha/signal.c
index 02ca338b6c..74ecdc6683 100644
--- a/linux-user/alpha/signal.c
+++ b/linux-user/alpha/signal.c
@@ -16,3 +16,265 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+struct target_sigcontext {
+abi_long sc_onstack;
+abi_long sc_mask;
+abi_long sc_pc;
+abi_long sc_ps;
+abi_long sc_regs[32];
+abi_long sc_ownedfp;
+abi_long sc_fpregs[32];
+abi_ulong sc_fpcr;
+abi_ulong sc_fp_control;
+abi_ulong sc_reserved1;
+abi_ulong sc_reserved2;
+abi_ulong sc_ssize;
+abi_ulong sc_sbase;
+abi_ulong sc_traparg_a0;
+abi_ulong sc_traparg_a1;
+abi_ulong sc_traparg_a2;
+abi_ulong sc_fp_trap_pc;
+abi_ulong sc_fp_trigger_sum;
+abi_ulong sc_fp_trigger_inst;
+};
+
+struct target_ucontext {
+abi_ulong tuc_flags;
+abi_ulong tuc_link;
+abi_ulong tuc_osf_sigmask;
+target_stack_t tuc_stack;
+struct target_sigcontext tuc_mcontext;
+target_sigset_t tuc_sigmask;
+};
+
+struct target_sigframe {
+struct target_sigcontext sc;
+unsigned int retcode[3];
+};
+
+struct target_rt_sigframe {
+target_siginfo_t info;
+struct target_ucontext uc;
+unsigned int retcode[3];
+};
+
+#define INSN_MOV_R30_R160x47fe0410
+#define INSN_LDI_R0 0x201f
+#define INSN_CALLSYS0x0083
+
+static void setup_sigcontext(struct target_sigcontext *sc, CPUAlphaState *env,
+ abi_ulong frame_addr, target_sigset_t *set)
+{
+int i;
+
+__put_user(on_sig_stack(frame_addr), >sc_onstack);
+__put_user(set->sig[0], >sc_mask);
+__put_user(env->pc, >sc_pc);
+__put_user(8, >sc_ps);
+
+for (i = 0; i < 31; ++i) {
+__put_user(env->ir[i], >sc_regs[i]);
+}
+__put_user(0, >sc_regs[31]);
+
+for (i = 0; i < 31; ++i) {
+__put_user(env->fir[i], >sc_fpregs[i]);
+}
+__put_user(0, >sc_fpregs[31]);
+__put_user(cpu_alpha_load_fpcr(env), >sc_fpcr);
+
+__put_user(0, >sc_traparg_a0); /* FIXME */
+__put_user(0, >sc_traparg_a1); /* FIXME */
+__put_user(0, >sc_traparg_a2); /* FIXME */
+}
+
+static void restore_sigcontext(CPUAlphaState *env,
+   struct target_sigcontext *sc)
+{
+uint64_t fpcr;
+int i;
+
+__get_user(env->pc, >sc_pc);
+
+for (i = 0; i < 31; ++i) {
+__get_user(env->ir[i], >sc_regs[i]);
+}
+for (i = 0; i < 31; ++i) {
+__get_user(env->fir[i], >sc_fpregs[i]);
+}
+
+__get_user(fpcr, >sc_fpcr);
+cpu_alpha_store_fpcr(env, fpcr);
+}
+
+static inline abi_ulong get_sigframe(struct target_sigaction *sa,
+ CPUAlphaState *env,
+ unsigned long framesize)
+{
+abi_ulong sp = env->ir[IR_SP];
+
+/* This is the X/Open sanctioned signal stack switching.  */
+if ((sa->sa_flags & TARGET_SA_ONSTACK) != 0 && !sas_ss_flags(sp)) {
+sp = target_sigaltstack_used.ss_sp + target_sigaltstack_used.ss_size;
+}
+return (sp - framesize) & -32;
+}
+
+void setup_frame(int sig, struct target_sigaction *ka,
+ target_sigset_t *set, CPUAlphaState *env)
+{
+abi_ulong frame_addr, r26;
+struct target_sigframe *frame;
+int err = 0;
+
+frame_addr = get_sigframe(ka, env, sizeof(*frame));
+trace_user_setup_frame(env, frame_addr);
+if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {
+goto give_sigsegv;
+}
+
+setup_sigcontext(>sc, env, frame_addr, set);
+
+if (ka->sa_restorer) {
+r26 = ka->sa_restorer;
+} else {
+__put_user(INSN_MOV_R30_R16, >retcode[0]);
+__put_user(INSN_LDI_R0 + TARGET_NR_sigreturn,
+   >retcode[1]);
+__put_user(INSN_CALLSYS, >retcode[2]);
+/* imb() */
+r26 = frame_addr;
+}
+
+unlock_user_struct(frame, frame_addr, 1);
+
+if (err) {
+give_sigsegv:
+force_sigsegv(sig);
+return;
+}
+
+env->ir[IR_RA] = r26;
+env->ir[IR_PV] = env->pc = ka->_sa_handler;
+env->ir[IR_A0] = sig;
+env->ir[IR_A1] = 0;
+env->ir[IR_A2] = frame_addr + offsetof(struct target_sigframe, sc);
+env->ir[IR_SP] = frame_addr;
+}
+
+void setup_rt_frame(int sig, struct target_sigaction *ka,
+   

[Qemu-devel] [PATCH for 2.13 v2 10/20] linux-user: move m68k signal.c parts to m68k directory

[Laurent Vivier]

No code change, only move code from signal.c to
m68k/signal.c, except adding includes and
exporting setup_frame() and setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/m68k/signal.c| 410 
 linux-user/m68k/target_signal.h |   6 +-
 linux-user/signal.c | 407 ---
 3 files changed, 415 insertions(+), 408 deletions(-)

diff --git a/linux-user/m68k/signal.c b/linux-user/m68k/signal.c
index 02ca338b6c..fc72468a81 100644
--- a/linux-user/m68k/signal.c
+++ b/linux-user/m68k/signal.c
@@ -16,3 +16,413 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+struct target_sigcontext {
+abi_ulong  sc_mask;
+abi_ulong  sc_usp;
+abi_ulong  sc_d0;
+abi_ulong  sc_d1;
+abi_ulong  sc_a0;
+abi_ulong  sc_a1;
+unsigned short sc_sr;
+abi_ulong  sc_pc;
+};
+
+struct target_sigframe
+{
+abi_ulong pretcode;
+int sig;
+int code;
+abi_ulong psc;
+char retcode[8];
+abi_ulong extramask[TARGET_NSIG_WORDS-1];
+struct target_sigcontext sc;
+};
+
+typedef int target_greg_t;
+#define TARGET_NGREG 18
+typedef target_greg_t target_gregset_t[TARGET_NGREG];
+
+typedef struct target_fpregset {
+int f_fpcntl[3];
+int f_fpregs[8*3];
+} target_fpregset_t;
+
+struct target_mcontext {
+int version;
+target_gregset_t gregs;
+target_fpregset_t fpregs;
+};
+
+#define TARGET_MCONTEXT_VERSION 2
+
+struct target_ucontext {
+abi_ulong tuc_flags;
+abi_ulong tuc_link;
+target_stack_t tuc_stack;
+struct target_mcontext tuc_mcontext;
+abi_long tuc_filler[80];
+target_sigset_t tuc_sigmask;
+};
+
+struct target_rt_sigframe
+{
+abi_ulong pretcode;
+int sig;
+abi_ulong pinfo;
+abi_ulong puc;
+char retcode[8];
+struct target_siginfo info;
+struct target_ucontext uc;
+};
+
+static void setup_sigcontext(struct target_sigcontext *sc, CPUM68KState *env,
+ abi_ulong mask)
+{
+uint32_t sr = (env->sr & 0xff00) | cpu_m68k_get_ccr(env);
+__put_user(mask, >sc_mask);
+__put_user(env->aregs[7], >sc_usp);
+__put_user(env->dregs[0], >sc_d0);
+__put_user(env->dregs[1], >sc_d1);
+__put_user(env->aregs[0], >sc_a0);
+__put_user(env->aregs[1], >sc_a1);
+__put_user(sr, >sc_sr);
+__put_user(env->pc, >sc_pc);
+}
+
+static void
+restore_sigcontext(CPUM68KState *env, struct target_sigcontext *sc)
+{
+int temp;
+
+__get_user(env->aregs[7], >sc_usp);
+__get_user(env->dregs[0], >sc_d0);
+__get_user(env->dregs[1], >sc_d1);
+__get_user(env->aregs[0], >sc_a0);
+__get_user(env->aregs[1], >sc_a1);
+__get_user(env->pc, >sc_pc);
+__get_user(temp, >sc_sr);
+cpu_m68k_set_ccr(env, temp);
+}
+
+/*
+ * Determine which stack to use..
+ */
+static inline abi_ulong
+get_sigframe(struct target_sigaction *ka, CPUM68KState *regs,
+ size_t frame_size)
+{
+unsigned long sp;
+
+sp = regs->aregs[7];
+
+/* This is the X/Open sanctioned signal stack switching.  */
+if ((ka->sa_flags & TARGET_SA_ONSTACK) && (sas_ss_flags (sp) == 0)) {
+sp = target_sigaltstack_used.ss_sp + target_sigaltstack_used.ss_size;
+}
+
+return ((sp - frame_size) & -8UL);
+}
+
+void setup_frame(int sig, struct target_sigaction *ka,
+ target_sigset_t *set, CPUM68KState *env)
+{
+struct target_sigframe *frame;
+abi_ulong frame_addr;
+abi_ulong retcode_addr;
+abi_ulong sc_addr;
+int i;
+
+frame_addr = get_sigframe(ka, env, sizeof *frame);
+trace_user_setup_frame(env, frame_addr);
+if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {
+goto give_sigsegv;
+}
+
+__put_user(sig, >sig);
+
+sc_addr = frame_addr + offsetof(struct target_sigframe, sc);
+__put_user(sc_addr, >psc);
+
+setup_sigcontext(>sc, env, set->sig[0]);
+
+for(i = 1; i < TARGET_NSIG_WORDS; i++) {
+__put_user(set->sig[i], >extramask[i - 1]);
+}
+
+/* Set up to return from userspace.  */
+
+retcode_addr = frame_addr + offsetof(struct target_sigframe, retcode);
+__put_user(retcode_addr, >pretcode);
+
+/* moveq #,d0; trap #0 */
+
+__put_user(0x70004e40 + (TARGET_NR_sigreturn << 16),
+   (uint32_t *)(frame->retcode));
+
+/* Set up to return from userspace */
+
+env->aregs[7] = frame_addr;
+env->pc = ka->_sa_handler;
+
+unlock_user_struct(frame, frame_addr, 1);
+return;
+
+give_sigsegv:
+force_sigsegv(sig);
+}
+
+static inline void target_rt_save_fpu_state(struct target_ucontext *uc,
+   CPUM68KState *env)
+{
+int i;
+target_fpregset_t *fpregs = >tuc_mcontext.fpregs;

[Qemu-devel] [PATCH for 2.13 v2 09/20] linux-user: move s390x signal.c parts to s390x directory

[Laurent Vivier]

No code change, only move code from signal.c to
s390x/signal.c, except adding includes and
exporting setup_frame() and setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/s390x/signal.c| 309 +++
 linux-user/s390x/target_signal.h |   6 +-
 linux-user/signal.c  | 306 --
 3 files changed, 314 insertions(+), 307 deletions(-)

diff --git a/linux-user/s390x/signal.c b/linux-user/s390x/signal.c
index 02ca338b6c..a204a85e4a 100644
--- a/linux-user/s390x/signal.c
+++ b/linux-user/s390x/signal.c
@@ -16,3 +16,312 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+#define __NUM_GPRS 16
+#define __NUM_FPRS 16
+#define __NUM_ACRS 16
+
+#define S390_SYSCALL_SIZE   2
+#define __SIGNAL_FRAMESIZE  160 /* FIXME: 31-bit mode -> 96 */
+
+#define _SIGCONTEXT_NSIG64
+#define _SIGCONTEXT_NSIG_BPW64 /* FIXME: 31-bit mode -> 32 */
+#define _SIGCONTEXT_NSIG_WORDS  (_SIGCONTEXT_NSIG / _SIGCONTEXT_NSIG_BPW)
+#define _SIGMASK_COPY_SIZE(sizeof(unsigned long)*_SIGCONTEXT_NSIG_WORDS)
+#define PSW_ADDR_AMODE0xUL /* 0x8000UL for 
31-bit */
+#define S390_SYSCALL_OPCODE ((uint16_t)0x0a00)
+
+typedef struct {
+target_psw_t psw;
+target_ulong gprs[__NUM_GPRS];
+unsigned int acrs[__NUM_ACRS];
+} target_s390_regs_common;
+
+typedef struct {
+unsigned int fpc;
+double   fprs[__NUM_FPRS];
+} target_s390_fp_regs;
+
+typedef struct {
+target_s390_regs_common regs;
+target_s390_fp_regs fpregs;
+} target_sigregs;
+
+struct target_sigcontext {
+target_ulong   oldmask[_SIGCONTEXT_NSIG_WORDS];
+target_sigregs *sregs;
+};
+
+typedef struct {
+uint8_t callee_used_stack[__SIGNAL_FRAMESIZE];
+struct target_sigcontext sc;
+target_sigregs sregs;
+int signo;
+uint8_t retcode[S390_SYSCALL_SIZE];
+} sigframe;
+
+struct target_ucontext {
+target_ulong tuc_flags;
+struct target_ucontext *tuc_link;
+target_stack_t tuc_stack;
+target_sigregs tuc_mcontext;
+target_sigset_t tuc_sigmask;   /* mask last for extensibility */
+};
+
+typedef struct {
+uint8_t callee_used_stack[__SIGNAL_FRAMESIZE];
+uint8_t retcode[S390_SYSCALL_SIZE];
+struct target_siginfo info;
+struct target_ucontext uc;
+} rt_sigframe;
+
+static inline abi_ulong
+get_sigframe(struct target_sigaction *ka, CPUS390XState *env, size_t 
frame_size)
+{
+abi_ulong sp;
+
+/* Default to using normal stack */
+sp = env->regs[15];
+
+/* This is the X/Open sanctioned signal stack switching.  */
+if (ka->sa_flags & TARGET_SA_ONSTACK) {
+if (!sas_ss_flags(sp)) {
+sp = target_sigaltstack_used.ss_sp +
+ target_sigaltstack_used.ss_size;
+}
+}
+
+/* This is the legacy signal stack switching. */
+else if (/* FIXME !user_mode(regs) */ 0 &&
+ !(ka->sa_flags & TARGET_SA_RESTORER) &&
+ ka->sa_restorer) {
+sp = (abi_ulong) ka->sa_restorer;
+}
+
+return (sp - frame_size) & -8ul;
+}
+
+static void save_sigregs(CPUS390XState *env, target_sigregs *sregs)
+{
+int i;
+//save_access_regs(current->thread.acrs); FIXME
+
+/* Copy a 'clean' PSW mask to the user to avoid leaking
+   information about whether PER is currently on.  */
+__put_user(env->psw.mask, >regs.psw.mask);
+__put_user(env->psw.addr, >regs.psw.addr);
+for (i = 0; i < 16; i++) {
+__put_user(env->regs[i], >regs.gprs[i]);
+}
+for (i = 0; i < 16; i++) {
+__put_user(env->aregs[i], >regs.acrs[i]);
+}
+/*
+ * We have to store the fp registers to current->thread.fp_regs
+ * to merge them with the emulated registers.
+ */
+//save_fp_regs(>thread.fp_regs); FIXME
+for (i = 0; i < 16; i++) {
+__put_user(get_freg(env, i)->ll, >fpregs.fprs[i]);
+}
+}
+
+void setup_frame(int sig, struct target_sigaction *ka,
+ target_sigset_t *set, CPUS390XState *env)
+{
+sigframe *frame;
+abi_ulong frame_addr;
+
+frame_addr = get_sigframe(ka, env, sizeof(*frame));
+trace_user_setup_frame(env, frame_addr);
+if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {
+goto give_sigsegv;
+}
+
+__put_user(set->sig[0], >sc.oldmask[0]);
+
+save_sigregs(env, >sregs);
+
+__put_user((abi_ulong)(unsigned long)>sregs,
+   (abi_ulong *)>sc.sregs);
+
+/* Set up to return from userspace.  If provided, use a stub
+   already in userspace.  */
+if (ka->sa_flags & TARGET_SA_RESTORER) {
+env->regs[14] = (unsigned long)
+ka->sa_restorer | PSW_ADDR_AMODE;
+} else {
+env->regs[14] = (frame_addr + 

[Qemu-devel] [PATCH for 2.13 v2 01/20] linux-user: create a dummy per arch signal.c

[Laurent Vivier]

Create a signal-common.h for future use by
these new files and use it in the existing
signal.c

Signed-off-by: Laurent Vivier 
---
 linux-user/Makefile.objs   |  2 +-
 linux-user/aarch64/signal.c| 18 +++
 linux-user/alpha/signal.c  | 18 +++
 linux-user/arm/signal.c| 18 +++
 linux-user/cris/signal.c   | 18 +++
 linux-user/hppa/signal.c   | 18 +++
 linux-user/i386/signal.c   | 18 +++
 linux-user/m68k/signal.c   | 18 +++
 linux-user/microblaze/signal.c | 18 +++
 linux-user/mips/signal.c   | 18 +++
 linux-user/mips64/signal.c | 18 +++
 linux-user/nios2/signal.c  | 18 +++
 linux-user/openrisc/signal.c   | 18 +++
 linux-user/ppc/signal.c| 18 +++
 linux-user/riscv/signal.c  | 18 +++
 linux-user/s390x/signal.c  | 18 +++
 linux-user/sh4/signal.c| 18 +++
 linux-user/signal-common.h | 50 ++
 linux-user/signal.c| 41 ++
 linux-user/sparc/signal.c  | 18 +++
 linux-user/sparc64/signal.c| 18 +++
 linux-user/tilegx/signal.c | 18 +++
 linux-user/x86_64/signal.c | 18 +++
 linux-user/xtensa/signal.c | 18 +++
 24 files changed, 440 insertions(+), 31 deletions(-)
 create mode 100644 linux-user/aarch64/signal.c
 create mode 100644 linux-user/alpha/signal.c
 create mode 100644 linux-user/arm/signal.c
 create mode 100644 linux-user/cris/signal.c
 create mode 100644 linux-user/hppa/signal.c
 create mode 100644 linux-user/i386/signal.c
 create mode 100644 linux-user/m68k/signal.c
 create mode 100644 linux-user/microblaze/signal.c
 create mode 100644 linux-user/mips/signal.c
 create mode 100644 linux-user/mips64/signal.c
 create mode 100644 linux-user/nios2/signal.c
 create mode 100644 linux-user/openrisc/signal.c
 create mode 100644 linux-user/ppc/signal.c
 create mode 100644 linux-user/riscv/signal.c
 create mode 100644 linux-user/s390x/signal.c
 create mode 100644 linux-user/sh4/signal.c
 create mode 100644 linux-user/signal-common.h
 create mode 100644 linux-user/sparc/signal.c
 create mode 100644 linux-user/sparc64/signal.c
 create mode 100644 linux-user/tilegx/signal.c
 create mode 100644 linux-user/x86_64/signal.c
 create mode 100644 linux-user/xtensa/signal.c

diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index 8c93058100..811a7f5ce5 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -1,6 +1,6 @@
 obj-y = main.o syscall.o strace.o mmap.o signal.o \
elfload.o linuxload.o uaccess.o uname.o \
-   safe-syscall.o
+   safe-syscall.o $(TARGET_ABI_DIR)/signal.o
 
 obj-$(TARGET_HAS_BFLT) += flatload.o
 obj-$(TARGET_I386) += vm86.o
diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c
new file mode 100644
index 00..02ca338b6c
--- /dev/null
+++ b/linux-user/aarch64/signal.c
@@ -0,0 +1,18 @@
+/*
+ *  Emulation of Linux signals
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
diff --git a/linux-user/alpha/signal.c b/linux-user/alpha/signal.c
new file mode 100644
index 00..02ca338b6c
--- /dev/null
+++ b/linux-user/alpha/signal.c
@@ -0,0 +1,18 @@
+/*
+ *  Emulation of Linux signals
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
diff --git a/linux-user/arm/signal.c b/linux-user/arm/signal.c
new file mode 100644
index 00..02ca338b6c
--- /dev/null
+++ b/linux-user/arm/signal.c
@@ -0,0 

[Qemu-devel] [PATCH for 2.13 v2 07/20] linux-user: move nios2 signal.c parts to nios2 directory

[Laurent Vivier]

No code change, only move code from signal.c to
nios2/signal.c, except adding includes and
exporting setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/nios2/signal.c| 236 +++
 linux-user/nios2/target_signal.h |   4 +
 linux-user/signal.c  | 234 --
 3 files changed, 240 insertions(+), 234 deletions(-)

diff --git a/linux-user/nios2/signal.c b/linux-user/nios2/signal.c
index 02ca338b6c..816eed90f1 100644
--- a/linux-user/nios2/signal.c
+++ b/linux-user/nios2/signal.c
@@ -16,3 +16,239 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+#define MCONTEXT_VERSION 2
+
+struct target_sigcontext {
+int version;
+unsigned long gregs[32];
+};
+
+struct target_ucontext {
+abi_ulong tuc_flags;
+abi_ulong tuc_link;
+target_stack_t tuc_stack;
+struct target_sigcontext tuc_mcontext;
+target_sigset_t tuc_sigmask;   /* mask last for extensibility */
+};
+
+struct target_rt_sigframe {
+struct target_siginfo info;
+struct target_ucontext uc;
+};
+
+static unsigned long sigsp(unsigned long sp, struct target_sigaction *ka)
+{
+if (unlikely((ka->sa_flags & SA_ONSTACK)) && !sas_ss_flags(sp)) {
+#ifdef CONFIG_STACK_GROWSUP
+return target_sigaltstack_used.ss_sp;
+#else
+return target_sigaltstack_used.ss_sp + target_sigaltstack_used.ss_size;
+#endif
+}
+return sp;
+}
+
+static int rt_setup_ucontext(struct target_ucontext *uc, CPUNios2State *env)
+{
+unsigned long *gregs = uc->tuc_mcontext.gregs;
+
+__put_user(MCONTEXT_VERSION, >tuc_mcontext.version);
+__put_user(env->regs[1], [0]);
+__put_user(env->regs[2], [1]);
+__put_user(env->regs[3], [2]);
+__put_user(env->regs[4], [3]);
+__put_user(env->regs[5], [4]);
+__put_user(env->regs[6], [5]);
+__put_user(env->regs[7], [6]);
+__put_user(env->regs[8], [7]);
+__put_user(env->regs[9], [8]);
+__put_user(env->regs[10], [9]);
+__put_user(env->regs[11], [10]);
+__put_user(env->regs[12], [11]);
+__put_user(env->regs[13], [12]);
+__put_user(env->regs[14], [13]);
+__put_user(env->regs[15], [14]);
+__put_user(env->regs[16], [15]);
+__put_user(env->regs[17], [16]);
+__put_user(env->regs[18], [17]);
+__put_user(env->regs[19], [18]);
+__put_user(env->regs[20], [19]);
+__put_user(env->regs[21], [20]);
+__put_user(env->regs[22], [21]);
+__put_user(env->regs[23], [22]);
+__put_user(env->regs[R_RA], [23]);
+__put_user(env->regs[R_FP], [24]);
+__put_user(env->regs[R_GP], [25]);
+__put_user(env->regs[R_EA], [27]);
+__put_user(env->regs[R_SP], [28]);
+
+return 0;
+}
+
+static int rt_restore_ucontext(CPUNios2State *env, struct target_ucontext *uc,
+   int *pr2)
+{
+int temp;
+abi_ulong off, frame_addr = env->regs[R_SP];
+unsigned long *gregs = uc->tuc_mcontext.gregs;
+int err;
+
+/* Always make any pending restarted system calls return -EINTR */
+/* current->restart_block.fn = do_no_restart_syscall; */
+
+__get_user(temp, >tuc_mcontext.version);
+if (temp != MCONTEXT_VERSION) {
+return 1;
+}
+
+/* restore passed registers */
+__get_user(env->regs[1], [0]);
+__get_user(env->regs[2], [1]);
+__get_user(env->regs[3], [2]);
+__get_user(env->regs[4], [3]);
+__get_user(env->regs[5], [4]);
+__get_user(env->regs[6], [5]);
+__get_user(env->regs[7], [6]);
+__get_user(env->regs[8], [7]);
+__get_user(env->regs[9], [8]);
+__get_user(env->regs[10], [9]);
+__get_user(env->regs[11], [10]);
+__get_user(env->regs[12], [11]);
+__get_user(env->regs[13], [12]);
+__get_user(env->regs[14], [13]);
+__get_user(env->regs[15], [14]);
+__get_user(env->regs[16], [15]);
+__get_user(env->regs[17], [16]);
+__get_user(env->regs[18], [17]);
+__get_user(env->regs[19], [18]);
+__get_user(env->regs[20], [19]);
+__get_user(env->regs[21], [20]);
+__get_user(env->regs[22], [21]);
+__get_user(env->regs[23], [22]);
+/* gregs[23] is handled below */
+/* Verify, should this be settable */
+__get_user(env->regs[R_FP], [24]);
+/* Verify, should this be settable */
+__get_user(env->regs[R_GP], [25]);
+/* Not really necessary no user settable bits */
+__get_user(temp, [26]);
+__get_user(env->regs[R_EA], [27]);
+
+__get_user(env->regs[R_RA], [23]);
+__get_user(env->regs[R_SP], [28]);
+
+off = offsetof(struct target_rt_sigframe, uc.tuc_stack);
+err = do_sigaltstack(frame_addr + off, 0, get_sp_from_cpustate(env));
+if (err == -EFAULT) {
+return 1;
+}
+
+*pr2 = env->regs[2];
+return 0;

[Qemu-devel] [PATCH for 2.13 v2 02/20] linux-user: move aarch64 signal.c parts to aarch64 directory

[Laurent Vivier]

No code change, only move code from signal.c to
aarch64/signal.c, except adding includes and
exporting setup_frame() and setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/aarch64/signal.c| 561 +
 linux-user/aarch64/target_signal.h |   5 +
 linux-user/signal.c| 560 +---
 3 files changed, 567 insertions(+), 559 deletions(-)

diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c
index 02ca338b6c..c472f86bcb 100644
--- a/linux-user/aarch64/signal.c
+++ b/linux-user/aarch64/signal.c
@@ -16,3 +16,564 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+struct target_sigcontext {
+uint64_t fault_address;
+/* AArch64 registers */
+uint64_t regs[31];
+uint64_t sp;
+uint64_t pc;
+uint64_t pstate;
+/* 4K reserved for FP/SIMD state and future expansion */
+char __reserved[4096] __attribute__((__aligned__(16)));
+};
+
+struct target_ucontext {
+abi_ulong tuc_flags;
+abi_ulong tuc_link;
+target_stack_t tuc_stack;
+target_sigset_t tuc_sigmask;
+/* glibc uses a 1024-bit sigset_t */
+char __unused[1024 / 8 - sizeof(target_sigset_t)];
+/* last for future expansion */
+struct target_sigcontext tuc_mcontext;
+};
+
+/*
+ * Header to be used at the beginning of structures extending the user
+ * context. Such structures must be placed after the rt_sigframe on the stack
+ * and be 16-byte aligned. The last structure must be a dummy one with the
+ * magic and size set to 0.
+ */
+struct target_aarch64_ctx {
+uint32_t magic;
+uint32_t size;
+};
+
+#define TARGET_FPSIMD_MAGIC 0x46508001
+
+struct target_fpsimd_context {
+struct target_aarch64_ctx head;
+uint32_t fpsr;
+uint32_t fpcr;
+uint64_t vregs[32 * 2]; /* really uint128_t vregs[32] */
+};
+
+#define TARGET_EXTRA_MAGIC  0x45585401
+
+struct target_extra_context {
+struct target_aarch64_ctx head;
+uint64_t datap; /* 16-byte aligned pointer to extra space cast to __u64 */
+uint32_t size; /* size in bytes of the extra space */
+uint32_t reserved[3];
+};
+
+#define TARGET_SVE_MAGIC0x53564501
+
+struct target_sve_context {
+struct target_aarch64_ctx head;
+uint16_t vl;
+uint16_t reserved[3];
+/* The actual SVE data immediately follows.  It is layed out
+ * according to TARGET_SVE_SIG_{Z,P}REG_OFFSET, based off of
+ * the original struct pointer.
+ */
+};
+
+#define TARGET_SVE_VQ_BYTES  16
+
+#define TARGET_SVE_SIG_ZREG_SIZE(VQ)  ((VQ) * TARGET_SVE_VQ_BYTES)
+#define TARGET_SVE_SIG_PREG_SIZE(VQ)  ((VQ) * (TARGET_SVE_VQ_BYTES / 8))
+
+#define TARGET_SVE_SIG_REGS_OFFSET \
+QEMU_ALIGN_UP(sizeof(struct target_sve_context), TARGET_SVE_VQ_BYTES)
+#define TARGET_SVE_SIG_ZREG_OFFSET(VQ, N) \
+(TARGET_SVE_SIG_REGS_OFFSET + TARGET_SVE_SIG_ZREG_SIZE(VQ) * (N))
+#define TARGET_SVE_SIG_PREG_OFFSET(VQ, N) \
+(TARGET_SVE_SIG_ZREG_OFFSET(VQ, 32) + TARGET_SVE_SIG_PREG_SIZE(VQ) * (N))
+#define TARGET_SVE_SIG_FFR_OFFSET(VQ) \
+(TARGET_SVE_SIG_PREG_OFFSET(VQ, 16))
+#define TARGET_SVE_SIG_CONTEXT_SIZE(VQ) \
+(TARGET_SVE_SIG_PREG_OFFSET(VQ, 17))
+
+struct target_rt_sigframe {
+struct target_siginfo info;
+struct target_ucontext uc;
+};
+
+struct target_rt_frame_record {
+uint64_t fp;
+uint64_t lr;
+uint32_t tramp[2];
+};
+
+static void target_setup_general_frame(struct target_rt_sigframe *sf,
+   CPUARMState *env, target_sigset_t *set)
+{
+int i;
+
+__put_user(0, >uc.tuc_flags);
+__put_user(0, >uc.tuc_link);
+
+__put_user(target_sigaltstack_used.ss_sp, >uc.tuc_stack.ss_sp);
+__put_user(sas_ss_flags(env->xregs[31]), >uc.tuc_stack.ss_flags);
+__put_user(target_sigaltstack_used.ss_size, >uc.tuc_stack.ss_size);
+
+for (i = 0; i < 31; i++) {
+__put_user(env->xregs[i], >uc.tuc_mcontext.regs[i]);
+}
+__put_user(env->xregs[31], >uc.tuc_mcontext.sp);
+__put_user(env->pc, >uc.tuc_mcontext.pc);
+__put_user(pstate_read(env), >uc.tuc_mcontext.pstate);
+
+__put_user(env->exception.vaddress, >uc.tuc_mcontext.fault_address);
+
+for (i = 0; i < TARGET_NSIG_WORDS; i++) {
+__put_user(set->sig[i], >uc.tuc_sigmask.sig[i]);
+}
+}
+
+static void target_setup_fpsimd_record(struct target_fpsimd_context *fpsimd,
+   CPUARMState *env)
+{
+int i;
+
+__put_user(TARGET_FPSIMD_MAGIC, >head.magic);
+__put_user(sizeof(struct target_fpsimd_context), >head.size);
+__put_user(vfp_get_fpsr(env), >fpsr);
+__put_user(vfp_get_fpcr(env), >fpcr);
+
+for (i = 0; i < 32; i++) {
+uint64_t *q = aa64_vfp_qreg(env, i);
+#ifdef 

[Qemu-devel] [PATCH for 2.13 v2 12/20] linux-user: move tilegx signal.c parts to tilegx directory

[Laurent Vivier]

No code change, only move code from signal.c to
tilegx/signal.c, except adding includes and
exporting setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/signal.c   | 165 -
 linux-user/tilegx/signal.c| 168 ++
 linux-user/tilegx/target_signal.h |   4 +-
 3 files changed, 171 insertions(+), 166 deletions(-)

diff --git a/linux-user/signal.c b/linux-user/signal.c
index dab405fb43..5f05683b30 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -3032,171 +3032,6 @@ sigsegv:
 return -TARGET_QEMU_ESIGRETURN;
 }
 
-#elif defined(TARGET_TILEGX)
-
-struct target_sigcontext {
-union {
-/* General-purpose registers.  */
-abi_ulong gregs[56];
-struct {
-abi_ulong __gregs[53];
-abi_ulong tp;/* Aliases gregs[TREG_TP].  */
-abi_ulong sp;/* Aliases gregs[TREG_SP].  */
-abi_ulong lr;/* Aliases gregs[TREG_LR].  */
-};
-};
-abi_ulong pc;/* Program counter.  */
-abi_ulong ics;   /* In Interrupt Critical Section?  */
-abi_ulong faultnum;  /* Fault number.  */
-abi_ulong pad[5];
-};
-
-struct target_ucontext {
-abi_ulong tuc_flags;
-abi_ulong tuc_link;
-target_stack_t tuc_stack;
-struct target_sigcontext tuc_mcontext;
-target_sigset_t tuc_sigmask;   /* mask last for extensibility */
-};
-
-struct target_rt_sigframe {
-unsigned char save_area[16]; /* caller save area */
-struct target_siginfo info;
-struct target_ucontext uc;
-abi_ulong retcode[2];
-};
-
-#define INSN_MOVELI_R10_139  0x00045fe551483000ULL /* { moveli r10, 139 } */
-#define INSN_SWINT1  0x286b180051485000ULL /* { swint1 } */
-
-
-static void setup_sigcontext(struct target_sigcontext *sc,
- CPUArchState *env, int signo)
-{
-int i;
-
-for (i = 0; i < TILEGX_R_COUNT; ++i) {
-__put_user(env->regs[i], >gregs[i]);
-}
-
-__put_user(env->pc, >pc);
-__put_user(0, >ics);
-__put_user(signo, >faultnum);
-}
-
-static void restore_sigcontext(CPUTLGState *env, struct target_sigcontext *sc)
-{
-int i;
-
-for (i = 0; i < TILEGX_R_COUNT; ++i) {
-__get_user(env->regs[i], >gregs[i]);
-}
-
-__get_user(env->pc, >pc);
-}
-
-static abi_ulong get_sigframe(struct target_sigaction *ka, CPUArchState *env,
-  size_t frame_size)
-{
-unsigned long sp = env->regs[TILEGX_R_SP];
-
-if (on_sig_stack(sp) && !likely(on_sig_stack(sp - frame_size))) {
-return -1UL;
-}
-
-if ((ka->sa_flags & SA_ONSTACK) && !sas_ss_flags(sp)) {
-sp = target_sigaltstack_used.ss_sp + target_sigaltstack_used.ss_size;
-}
-
-sp -= frame_size;
-sp &= -16UL;
-return sp;
-}
-
-static void setup_rt_frame(int sig, struct target_sigaction *ka,
-   target_siginfo_t *info,
-   target_sigset_t *set, CPUArchState *env)
-{
-abi_ulong frame_addr;
-struct target_rt_sigframe *frame;
-unsigned long restorer;
-
-frame_addr = get_sigframe(ka, env, sizeof(*frame));
-trace_user_setup_rt_frame(env, frame_addr);
-if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {
-goto give_sigsegv;
-}
-
-/* Always write at least the signal number for the stack backtracer. */
-if (ka->sa_flags & TARGET_SA_SIGINFO) {
-/* At sigreturn time, restore the callee-save registers too. */
-tswap_siginfo(>info, info);
-/* regs->flags |= PT_FLAGS_RESTORE_REGS; FIXME: we can skip it? */
-} else {
-__put_user(info->si_signo, >info.si_signo);
-}
-
-/* Create the ucontext.  */
-__put_user(0, >uc.tuc_flags);
-__put_user(0, >uc.tuc_link);
-__put_user(target_sigaltstack_used.ss_sp, >uc.tuc_stack.ss_sp);
-__put_user(sas_ss_flags(env->regs[TILEGX_R_SP]),
-   >uc.tuc_stack.ss_flags);
-__put_user(target_sigaltstack_used.ss_size, >uc.tuc_stack.ss_size);
-setup_sigcontext(>uc.tuc_mcontext, env, info->si_signo);
-
-if (ka->sa_flags & TARGET_SA_RESTORER) {
-restorer = (unsigned long) ka->sa_restorer;
-} else {
-__put_user(INSN_MOVELI_R10_139, >retcode[0]);
-__put_user(INSN_SWINT1, >retcode[1]);
-restorer = frame_addr + offsetof(struct target_rt_sigframe, retcode);
-}
-env->pc = (unsigned long) ka->_sa_handler;
-env->regs[TILEGX_R_SP] = (unsigned long) frame;
-env->regs[TILEGX_R_LR] = restorer;
-env->regs[0] = (unsigned long) sig;
-env->regs[1] = (unsigned long) >info;
-env->regs[2] = (unsigned long) >uc;
-/* regs->flags |= PT_FLAGS_CALLER_SAVES; FIXME: we can skip it? */
-
-unlock_user_struct(frame, frame_addr, 1);
-return;
-
-give_sigsegv:
-force_sigsegv(sig);
-}
-
-long do_rt_sigreturn(CPUTLGState *env)
-{
-abi_ulong frame_addr = 

[Qemu-devel] [PATCH for 2.13 v2 05/20] linux-user: move microblaze signal.c parts to microblaze directory

[Laurent Vivier]

No code change, only move code from signal.c to
microblaze/signal.c, except adding includes and
exporting setup_frame() and setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/microblaze/signal.c| 230 ++
 linux-user/microblaze/target_signal.h |   6 +-
 linux-user/signal.c   | 227 -
 3 files changed, 235 insertions(+), 228 deletions(-)

diff --git a/linux-user/microblaze/signal.c b/linux-user/microblaze/signal.c
index 02ca338b6c..5572baa7dc 100644
--- a/linux-user/microblaze/signal.c
+++ b/linux-user/microblaze/signal.c
@@ -16,3 +16,233 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+struct target_sigcontext {
+struct target_pt_regs regs;  /* needs to be first */
+uint32_t oldmask;
+};
+
+struct target_stack_t {
+abi_ulong ss_sp;
+int ss_flags;
+unsigned int ss_size;
+};
+
+struct target_ucontext {
+abi_ulong tuc_flags;
+abi_ulong tuc_link;
+struct target_stack_t tuc_stack;
+struct target_sigcontext tuc_mcontext;
+uint32_t tuc_extramask[TARGET_NSIG_WORDS - 1];
+};
+
+/* Signal frames. */
+struct target_signal_frame {
+struct target_ucontext uc;
+uint32_t extramask[TARGET_NSIG_WORDS - 1];
+uint32_t tramp[2];
+};
+
+struct rt_signal_frame {
+siginfo_t info;
+ucontext_t uc;
+uint32_t tramp[2];
+};
+
+static void setup_sigcontext(struct target_sigcontext *sc, CPUMBState *env)
+{
+__put_user(env->regs[0], >regs.r0);
+__put_user(env->regs[1], >regs.r1);
+__put_user(env->regs[2], >regs.r2);
+__put_user(env->regs[3], >regs.r3);
+__put_user(env->regs[4], >regs.r4);
+__put_user(env->regs[5], >regs.r5);
+__put_user(env->regs[6], >regs.r6);
+__put_user(env->regs[7], >regs.r7);
+__put_user(env->regs[8], >regs.r8);
+__put_user(env->regs[9], >regs.r9);
+__put_user(env->regs[10], >regs.r10);
+__put_user(env->regs[11], >regs.r11);
+__put_user(env->regs[12], >regs.r12);
+__put_user(env->regs[13], >regs.r13);
+__put_user(env->regs[14], >regs.r14);
+__put_user(env->regs[15], >regs.r15);
+__put_user(env->regs[16], >regs.r16);
+__put_user(env->regs[17], >regs.r17);
+__put_user(env->regs[18], >regs.r18);
+__put_user(env->regs[19], >regs.r19);
+__put_user(env->regs[20], >regs.r20);
+__put_user(env->regs[21], >regs.r21);
+__put_user(env->regs[22], >regs.r22);
+__put_user(env->regs[23], >regs.r23);
+__put_user(env->regs[24], >regs.r24);
+__put_user(env->regs[25], >regs.r25);
+__put_user(env->regs[26], >regs.r26);
+__put_user(env->regs[27], >regs.r27);
+__put_user(env->regs[28], >regs.r28);
+__put_user(env->regs[29], >regs.r29);
+__put_user(env->regs[30], >regs.r30);
+__put_user(env->regs[31], >regs.r31);
+__put_user(env->sregs[SR_PC], >regs.pc);
+}
+
+static void restore_sigcontext(struct target_sigcontext *sc, CPUMBState *env)
+{
+__get_user(env->regs[0], >regs.r0);
+__get_user(env->regs[1], >regs.r1);
+__get_user(env->regs[2], >regs.r2);
+__get_user(env->regs[3], >regs.r3);
+__get_user(env->regs[4], >regs.r4);
+__get_user(env->regs[5], >regs.r5);
+__get_user(env->regs[6], >regs.r6);
+__get_user(env->regs[7], >regs.r7);
+__get_user(env->regs[8], >regs.r8);
+__get_user(env->regs[9], >regs.r9);
+__get_user(env->regs[10], >regs.r10);
+__get_user(env->regs[11], >regs.r11);
+__get_user(env->regs[12], >regs.r12);
+__get_user(env->regs[13], >regs.r13);
+__get_user(env->regs[14], >regs.r14);
+__get_user(env->regs[15], >regs.r15);
+__get_user(env->regs[16], >regs.r16);
+__get_user(env->regs[17], >regs.r17);
+__get_user(env->regs[18], >regs.r18);
+__get_user(env->regs[19], >regs.r19);
+__get_user(env->regs[20], >regs.r20);
+__get_user(env->regs[21], >regs.r21);
+__get_user(env->regs[22], >regs.r22);
+__get_user(env->regs[23], >regs.r23);
+__get_user(env->regs[24], >regs.r24);
+__get_user(env->regs[25], >regs.r25);
+__get_user(env->regs[26], >regs.r26);
+__get_user(env->regs[27], >regs.r27);
+__get_user(env->regs[28], >regs.r28);
+__get_user(env->regs[29], >regs.r29);
+__get_user(env->regs[30], >regs.r30);
+__get_user(env->regs[31], >regs.r31);
+__get_user(env->sregs[SR_PC], >regs.pc);
+}
+
+static abi_ulong get_sigframe(struct target_sigaction *ka,
+  CPUMBState *env, int frame_size)
+{
+abi_ulong sp = env->regs[1];
+
+if ((ka->sa_flags & TARGET_SA_ONSTACK) != 0 && !on_sig_stack(sp)) {
+sp = target_sigaltstack_used.ss_sp + target_sigaltstack_used.ss_size;
+}
+
+return ((sp - frame_size) & -8UL);
+}
+
+void 

[Qemu-devel] [PATCH for 2.13 v2 06/20] linux-user: move cris signal.c parts to cris directory

[Laurent Vivier]

No code change, only move code from signal.c to
cris/signal.c, except adding includes and
exporting setup_frame() and setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/cris/signal.c| 171 
 linux-user/cris/target_signal.h |   6 +-
 linux-user/signal.c | 168 ---
 3 files changed, 176 insertions(+), 169 deletions(-)

diff --git a/linux-user/cris/signal.c b/linux-user/cris/signal.c
index 02ca338b6c..322d9db1a7 100644
--- a/linux-user/cris/signal.c
+++ b/linux-user/cris/signal.c
@@ -16,3 +16,174 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+struct target_sigcontext {
+struct target_pt_regs regs;  /* needs to be first */
+uint32_t oldmask;
+uint32_t usp;/* usp before stacking this gunk on it */
+};
+
+/* Signal frames. */
+struct target_signal_frame {
+struct target_sigcontext sc;
+uint32_t extramask[TARGET_NSIG_WORDS - 1];
+uint16_t retcode[4];  /* Trampoline code. */
+};
+
+struct rt_signal_frame {
+siginfo_t *pinfo;
+void *puc;
+siginfo_t info;
+ucontext_t uc;
+uint16_t retcode[4];  /* Trampoline code. */
+};
+
+static void setup_sigcontext(struct target_sigcontext *sc, CPUCRISState *env)
+{
+__put_user(env->regs[0], >regs.r0);
+__put_user(env->regs[1], >regs.r1);
+__put_user(env->regs[2], >regs.r2);
+__put_user(env->regs[3], >regs.r3);
+__put_user(env->regs[4], >regs.r4);
+__put_user(env->regs[5], >regs.r5);
+__put_user(env->regs[6], >regs.r6);
+__put_user(env->regs[7], >regs.r7);
+__put_user(env->regs[8], >regs.r8);
+__put_user(env->regs[9], >regs.r9);
+__put_user(env->regs[10], >regs.r10);
+__put_user(env->regs[11], >regs.r11);
+__put_user(env->regs[12], >regs.r12);
+__put_user(env->regs[13], >regs.r13);
+__put_user(env->regs[14], >usp);
+__put_user(env->regs[15], >regs.acr);
+__put_user(env->pregs[PR_MOF], >regs.mof);
+__put_user(env->pregs[PR_SRP], >regs.srp);
+__put_user(env->pc, >regs.erp);
+}
+
+static void restore_sigcontext(struct target_sigcontext *sc, CPUCRISState *env)
+{
+__get_user(env->regs[0], >regs.r0);
+__get_user(env->regs[1], >regs.r1);
+__get_user(env->regs[2], >regs.r2);
+__get_user(env->regs[3], >regs.r3);
+__get_user(env->regs[4], >regs.r4);
+__get_user(env->regs[5], >regs.r5);
+__get_user(env->regs[6], >regs.r6);
+__get_user(env->regs[7], >regs.r7);
+__get_user(env->regs[8], >regs.r8);
+__get_user(env->regs[9], >regs.r9);
+__get_user(env->regs[10], >regs.r10);
+__get_user(env->regs[11], >regs.r11);
+__get_user(env->regs[12], >regs.r12);
+__get_user(env->regs[13], >regs.r13);
+__get_user(env->regs[14], >usp);
+__get_user(env->regs[15], >regs.acr);
+__get_user(env->pregs[PR_MOF], >regs.mof);
+__get_user(env->pregs[PR_SRP], >regs.srp);
+__get_user(env->pc, >regs.erp);
+}
+
+static abi_ulong get_sigframe(CPUCRISState *env, int framesize)
+{
+abi_ulong sp;
+/* Align the stack downwards to 4.  */
+sp = (env->regs[R_SP] & ~3);
+return sp - framesize;
+}
+
+void setup_frame(int sig, struct target_sigaction *ka,
+ target_sigset_t *set, CPUCRISState *env)
+{
+struct target_signal_frame *frame;
+abi_ulong frame_addr;
+int i;
+
+frame_addr = get_sigframe(env, sizeof *frame);
+trace_user_setup_frame(env, frame_addr);
+if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0))
+goto badframe;
+
+/*
+ * The CRIS signal return trampoline. A real linux/CRIS kernel doesn't
+ * use this trampoline anymore but it sets it up for GDB.
+ * In QEMU, using the trampoline simplifies things a bit so we use it.
+ *
+ * This is movu.w __NR_sigreturn, r9; break 13;
+ */
+__put_user(0x9c5f, frame->retcode+0);
+__put_user(TARGET_NR_sigreturn,
+   frame->retcode + 1);
+__put_user(0xe93d, frame->retcode + 2);
+
+/* Save the mask.  */
+__put_user(set->sig[0], >sc.oldmask);
+
+for(i = 1; i < TARGET_NSIG_WORDS; i++) {
+__put_user(set->sig[i], >extramask[i - 1]);
+}
+
+setup_sigcontext(>sc, env);
+
+/* Move the stack and setup the arguments for the handler.  */
+env->regs[R_SP] = frame_addr;
+env->regs[10] = sig;
+env->pc = (unsigned long) ka->_sa_handler;
+/* Link SRP so the guest returns through the trampoline.  */
+env->pregs[PR_SRP] = frame_addr + offsetof(typeof(*frame), retcode);
+
+unlock_user_struct(frame, frame_addr, 1);
+return;
+badframe:
+force_sigsegv(sig);
+}
+
+void setup_rt_frame(int sig, struct target_sigaction *ka,
+target_siginfo_t 

[Qemu-devel] [PATCH for 2.13 v2 14/20] linux-user: move hppa signal.c parts to hppa directory

[Laurent Vivier]

No code change, only move code from signal.c to
hppa/signal.c, except adding includes and
exporting setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/hppa/signal.c| 192 
 linux-user/hppa/target_signal.h |   3 +
 linux-user/signal.c | 189 ---
 3 files changed, 195 insertions(+), 189 deletions(-)

diff --git a/linux-user/hppa/signal.c b/linux-user/hppa/signal.c
index 02ca338b6c..585af3a37f 100644
--- a/linux-user/hppa/signal.c
+++ b/linux-user/hppa/signal.c
@@ -16,3 +16,195 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+struct target_sigcontext {
+abi_ulong sc_flags;
+abi_ulong sc_gr[32];
+uint64_t sc_fr[32];
+abi_ulong sc_iasq[2];
+abi_ulong sc_iaoq[2];
+abi_ulong sc_sar;
+};
+
+struct target_ucontext {
+abi_uint tuc_flags;
+abi_ulong tuc_link;
+target_stack_t tuc_stack;
+abi_uint pad[1];
+struct target_sigcontext tuc_mcontext;
+target_sigset_t tuc_sigmask;
+};
+
+struct target_rt_sigframe {
+abi_uint tramp[9];
+target_siginfo_t info;
+struct target_ucontext uc;
+/* hidden location of upper halves of pa2.0 64-bit gregs */
+};
+
+static void setup_sigcontext(struct target_sigcontext *sc, CPUArchState *env)
+{
+int flags = 0;
+int i;
+
+/* ??? if on_sig_stack, flags |= 1 (PARISC_SC_FLAG_ONSTACK).  */
+
+if (env->iaoq_f < TARGET_PAGE_SIZE) {
+/* In the gateway page, executing a syscall.  */
+flags |= 2; /* PARISC_SC_FLAG_IN_SYSCALL */
+__put_user(env->gr[31], >sc_iaoq[0]);
+__put_user(env->gr[31] + 4, >sc_iaoq[1]);
+} else {
+__put_user(env->iaoq_f, >sc_iaoq[0]);
+__put_user(env->iaoq_b, >sc_iaoq[1]);
+}
+__put_user(0, >sc_iasq[0]);
+__put_user(0, >sc_iasq[1]);
+__put_user(flags, >sc_flags);
+
+__put_user(cpu_hppa_get_psw(env), >sc_gr[0]);
+for (i = 1; i < 32; ++i) {
+__put_user(env->gr[i], >sc_gr[i]);
+}
+
+__put_user((uint64_t)env->fr0_shadow << 32, >sc_fr[0]);
+for (i = 1; i < 32; ++i) {
+__put_user(env->fr[i], >sc_fr[i]);
+}
+
+__put_user(env->cr[CR_SAR], >sc_sar);
+}
+
+static void restore_sigcontext(CPUArchState *env, struct target_sigcontext *sc)
+{
+target_ulong psw;
+int i;
+
+__get_user(psw, >sc_gr[0]);
+cpu_hppa_put_psw(env, psw);
+
+for (i = 1; i < 32; ++i) {
+__get_user(env->gr[i], >sc_gr[i]);
+}
+for (i = 0; i < 32; ++i) {
+__get_user(env->fr[i], >sc_fr[i]);
+}
+cpu_hppa_loaded_fr0(env);
+
+__get_user(env->iaoq_f, >sc_iaoq[0]);
+__get_user(env->iaoq_b, >sc_iaoq[1]);
+__get_user(env->cr[CR_SAR], >sc_sar);
+}
+
+/* No, this doesn't look right, but it's copied straight from the kernel.  */
+#define PARISC_RT_SIGFRAME_SIZE32 \
+((sizeof(struct target_rt_sigframe) + 48 + 64) & -64)
+
+void setup_rt_frame(int sig, struct target_sigaction *ka,
+target_siginfo_t *info,
+target_sigset_t *set, CPUArchState *env)
+{
+abi_ulong frame_addr, sp, haddr;
+struct target_rt_sigframe *frame;
+int i;
+
+sp = env->gr[30];
+if (ka->sa_flags & TARGET_SA_ONSTACK) {
+if (sas_ss_flags(sp) == 0) {
+sp = (target_sigaltstack_used.ss_sp + 0x7f) & ~0x3f;
+}
+}
+frame_addr = QEMU_ALIGN_UP(sp, 64);
+sp = frame_addr + PARISC_RT_SIGFRAME_SIZE32;
+
+trace_user_setup_rt_frame(env, frame_addr);
+
+if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {
+goto give_sigsegv;
+}
+
+tswap_siginfo(>info, info);
+frame->uc.tuc_flags = 0;
+frame->uc.tuc_link = 0;
+
+__put_user(target_sigaltstack_used.ss_sp, >uc.tuc_stack.ss_sp);
+__put_user(sas_ss_flags(get_sp_from_cpustate(env)),
+   >uc.tuc_stack.ss_flags);
+__put_user(target_sigaltstack_used.ss_size,
+   >uc.tuc_stack.ss_size);
+
+for (i = 0; i < TARGET_NSIG_WORDS; i++) {
+__put_user(set->sig[i], >uc.tuc_sigmask.sig[i]);
+}
+
+setup_sigcontext(>uc.tuc_mcontext, env);
+
+__put_user(0x3419, frame->tramp + 0); /* ldi 0,%r25 */
+__put_user(0x3414015a, frame->tramp + 1); /* ldi __NR_rt_sigreturn,%r20 */
+__put_user(0xe4008200, frame->tramp + 2); /* be,l 0x100(%sr2,%r0) */
+__put_user(0x08000240, frame->tramp + 3); /* nop */
+
+unlock_user_struct(frame, frame_addr, 1);
+
+env->gr[2] = h2g(frame->tramp);
+env->gr[30] = sp;
+env->gr[26] = sig;
+env->gr[25] = h2g(>info);
+env->gr[24] = h2g(>uc);
+
+haddr = ka->_sa_handler;
+if (haddr & 2) {
+/* Function descriptor.  */
+target_ulong *fdesc, dest;
+
+haddr &= -4;
+ 

[Qemu-devel] [PATCH for 2.13 v2 04/20] linux-user: move sh4 signal.c parts to sh4 directory

[Laurent Vivier]

No code change, only move code from signal.c to
sh4/signal.c, except adding includes and
exporting setup_frame() and setup_rt_frame().

Signed-off-by: Laurent Vivier 
---
 linux-user/sh4/signal.c| 332 +
 linux-user/sh4/target_signal.h |   5 +
 linux-user/signal.c| 328 
 3 files changed, 337 insertions(+), 328 deletions(-)

diff --git a/linux-user/sh4/signal.c b/linux-user/sh4/signal.c
index 02ca338b6c..3a978a2a77 100644
--- a/linux-user/sh4/signal.c
+++ b/linux-user/sh4/signal.c
@@ -16,3 +16,335 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+/*
+ * code and data structures from linux kernel:
+ * include/asm-sh/sigcontext.h
+ * arch/sh/kernel/signal.c
+ */
+
+struct target_sigcontext {
+target_ulong  oldmask;
+
+/* CPU registers */
+target_ulong  sc_gregs[16];
+target_ulong  sc_pc;
+target_ulong  sc_pr;
+target_ulong  sc_sr;
+target_ulong  sc_gbr;
+target_ulong  sc_mach;
+target_ulong  sc_macl;
+
+/* FPU registers */
+target_ulong  sc_fpregs[16];
+target_ulong  sc_xfpregs[16];
+unsigned int sc_fpscr;
+unsigned int sc_fpul;
+unsigned int sc_ownedfp;
+};
+
+struct target_sigframe
+{
+struct target_sigcontext sc;
+target_ulong extramask[TARGET_NSIG_WORDS-1];
+uint16_t retcode[3];
+};
+
+
+struct target_ucontext {
+target_ulong tuc_flags;
+struct target_ucontext *tuc_link;
+target_stack_t tuc_stack;
+struct target_sigcontext tuc_mcontext;
+target_sigset_t tuc_sigmask;   /* mask last for extensibility */
+};
+
+struct target_rt_sigframe
+{
+struct target_siginfo info;
+struct target_ucontext uc;
+uint16_t retcode[3];
+};
+
+
+#define MOVW(n)  (0x9300|((n)-2)) /* Move mem word at PC+n to R3 */
+#define TRAP_NOARG 0xc310 /* Syscall w/no args (NR in R3) SH3/4 */
+
+static abi_ulong get_sigframe(struct target_sigaction *ka,
+  unsigned long sp, size_t frame_size)
+{
+if ((ka->sa_flags & TARGET_SA_ONSTACK) && (sas_ss_flags(sp) == 0)) {
+sp = target_sigaltstack_used.ss_sp + target_sigaltstack_used.ss_size;
+}
+
+return (sp - frame_size) & -8ul;
+}
+
+/* Notice when we're in the middle of a gUSA region and reset.
+   Note that this will only occur for !parallel_cpus, as we will
+   translate such sequences differently in a parallel context.  */
+static void unwind_gusa(CPUSH4State *regs)
+{
+/* If the stack pointer is sufficiently negative, and we haven't
+   completed the sequence, then reset to the entry to the region.  */
+/* ??? The SH4 kernel checks for and address above 0xC000.
+   However, the page mappings in qemu linux-user aren't as restricted
+   and we wind up with the normal stack mapped above 0xF000.
+   That said, there is no reason why the kernel should be allowing
+   a gUSA region that spans 1GB.  Use a tighter check here, for what
+   can actually be enabled by the immediate move.  */
+if (regs->gregs[15] >= -128u && regs->pc < regs->gregs[0]) {
+/* Reset the PC to before the gUSA region, as computed from
+   R0 = region end, SP = -(region size), plus one more for the
+   insn that actually initializes SP to the region size.  */
+regs->pc = regs->gregs[0] + regs->gregs[15] - 2;
+
+/* Reset the SP to the saved version in R1.  */
+regs->gregs[15] = regs->gregs[1];
+}
+}
+
+static void setup_sigcontext(struct target_sigcontext *sc,
+ CPUSH4State *regs, unsigned long mask)
+{
+int i;
+
+#define COPY(x) __put_user(regs->x, >sc_##x)
+COPY(gregs[0]); COPY(gregs[1]);
+COPY(gregs[2]); COPY(gregs[3]);
+COPY(gregs[4]); COPY(gregs[5]);
+COPY(gregs[6]); COPY(gregs[7]);
+COPY(gregs[8]); COPY(gregs[9]);
+COPY(gregs[10]); COPY(gregs[11]);
+COPY(gregs[12]); COPY(gregs[13]);
+COPY(gregs[14]); COPY(gregs[15]);
+COPY(gbr); COPY(mach);
+COPY(macl); COPY(pr);
+COPY(sr); COPY(pc);
+#undef COPY
+
+for (i=0; i<16; i++) {
+__put_user(regs->fregs[i], >sc_fpregs[i]);
+}
+__put_user(regs->fpscr, >sc_fpscr);
+__put_user(regs->fpul, >sc_fpul);
+
+/* non-iBCS2 extensions.. */
+__put_user(mask, >oldmask);
+}
+
+static void restore_sigcontext(CPUSH4State *regs, struct target_sigcontext *sc)
+{
+int i;
+
+#define COPY(x) __get_user(regs->x, >sc_##x)
+COPY(gregs[0]); COPY(gregs[1]);
+COPY(gregs[2]); COPY(gregs[3]);
+COPY(gregs[4]); COPY(gregs[5]);
+COPY(gregs[6]); COPY(gregs[7]);
+COPY(gregs[8]); COPY(gregs[9]);
+COPY(gregs[10]); COPY(gregs[11]);
+COPY(gregs[12]); 

[Qemu-devel] [PATCH for 2.13 v2 00/20] linux-user: move arch specific parts to arch directories

[Laurent Vivier]

Some files like signal.c are really hard to read
because all architectures are mixed in the same
file.

This series moves from signal.c these parts to
the architecture dedicated directories in linux-user.
Moreover, this allows to compare easier functions
between architectures (it helps to debug problems).
Adding new functions for a new architecture will
be facilitated too.

checkpatch.pl is not happy... but I only want to
move code from a file to another. I don't want
to change the content of the parts I move.

v2:
  - only move parts from signal.c
  - link them instead of including them
  - one patch by architecture
  - add a first patch to prepare the change.

The first patch adds signal-common.h to define
what is needed by the signal.c of the architectures.
It adds a "do-nothing" signal.c in each arch
directory and the rule needed to build them
in Makefile.objs.

Then the process is simple...

for each architecture:
  - copy the arch specific code from signal.c
to /signal.c
  - add includes (including signal-common.h)
  - export setup_rt_frame() and setup_frame()
(remove static in /signal.c,
 add the declaration in /target_signal.h)

When the arch has 32bit and 64bit architectures,
it's a little bit more complicated:
  - ppc/ppc64: nothing special to do, all is in ppc/,
there is no ppc64 directory,
  - arm/aarch64: one file for arm, one file for aarch64
  - i386/x86_64, sparc/sparc64, mips/mips64:
update each target_signal.h,
include the 32bit signal.c file into the 64bit signal.c file
to avoid to duplicate code (and add a guard to not include
the 32bit target_signal.h)

Laurent Vivier (20):
  linux-user: create a dummy per arch signal.c
  linux-user: move aarch64 signal.c parts to aarch64 directory
  linux-user: move arm signal.c parts to arm directory
  linux-user: move sh4 signal.c parts to sh4 directory
  linux-user: move microblaze signal.c parts to microblaze directory
  linux-user: move cris signal.c parts to cris directory
  linux-user: move nios2 signal.c parts to nios2 directory
  linux-user: move openrisc signal.c parts to openrisc directory
  linux-user: move s390x signal.c parts to s390x directory
  linux-user: move m68k signal.c parts to m68k directory
  linux-user: move alpha signal.c parts to alpha directory
  linux-user: move tilegx signal.c parts to tilegx directory
  linux-user: move riscv signal.c parts to riscv directory
  linux-user: move hppa signal.c parts to hppa directory
  linux-user: move xtensa signal.c parts to xtensa directory
  linux-user: move i386/x86_64 signal.c parts to i386 directory
  linux-user: move sparc/sparc64 signal.c parts to sparc directory
  linux-user: move mips/mips64 signal.c parts to mips directory
  linux-user: move ppc/ppc64 signal.c parts to ppc directory
  linux-user: define TARGET_ARCH_HAS_SETUP_FRAME

 linux-user/Makefile.objs  |2 +-
 linux-user/aarch64/signal.c   |  579 +++
 linux-user/aarch64/target_signal.h|6 +
 linux-user/alpha/signal.c |  280 ++
 linux-user/alpha/target_signal.h  |6 +
 linux-user/arm/signal.c   |  772 
 linux-user/arm/target_signal.h|7 +-
 linux-user/cris/signal.c  |  189 +
 linux-user/cris/target_signal.h   |7 +-
 linux-user/hppa/signal.c  |  210 ++
 linux-user/hppa/target_signal.h   |3 +
 linux-user/i386/signal.c  |  602 +++
 linux-user/i386/target_signal.h   |6 +
 linux-user/m68k/signal.c  |  428 +++
 linux-user/m68k/target_signal.h   |7 +-
 linux-user/microblaze/signal.c|  248 ++
 linux-user/microblaze/target_signal.h |7 +-
 linux-user/mips/signal.c  |  400 ++
 linux-user/mips/target_signal.h   |   10 +-
 linux-user/mips64/signal.c|   20 +
 linux-user/mips64/target_signal.h |4 +-
 linux-user/nios2/signal.c |  254 ++
 linux-user/nios2/target_signal.h  |4 +
 linux-user/openrisc/signal.c  |  231 ++
 linux-user/openrisc/target_signal.h   |4 +-
 linux-user/ppc/signal.c   |  689 
 linux-user/ppc/target_signal.h|9 +-
 linux-user/riscv/signal.c |  218 ++
 linux-user/riscv/target_signal.h  |3 +
 linux-user/s390x/signal.c |  327 ++
 linux-user/s390x/target_signal.h  |7 +-
 linux-user/sh4/signal.c   |  350 ++
 linux-user/sh4/target_signal.h|6 +
 linux-user/signal-common.h|   50 +
 linux-user/signal.c   | 6654 +
 linux-user/sparc/signal.c |  624 
 linux-user/sparc/target_signal.h  |7 +-
 linux-user/sparc64/signal.c   |   20 +
 linux-user/sparc64/target_signal.h|7 +-
 linux-user/tilegx/signal.c|  186 +
 linux-user/tilegx/target_signal.h |4 +-
 linux-user/x86_64/signal.c|   20 +
 linux-user/x86_64/target_signal.h |3 +
 

Re: [Qemu-devel] [PULL 00/10] target-arm queue

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180323184958.14252-1-peter.mayd...@linaro.org
Subject: [Qemu-devel] [PULL 00/10] target-arm queue

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
e4250a6575 target/arm: Always set FAR to a known unknown value for debug 
exceptions
5f8ad1e5dc target/arm: Set FSR for BKPT, BRK when raising exception
1f8698e782 target/arm: Factor out code to calculate FSR for debug exceptions
01c3c783a2 target/arm: Honour MDCR_EL2.TDE when routing exceptions due to 
BKPT/BRK
6fdd8ed47e mach-virt: Set VM's SMBIOS system version to mc->name
4c27421e3d i.MX: Support serial RS-232 break properly
541bf9ad10 hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15
4ba4d6edd9 hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses
c5d1bc28c0 sdhci: fix incorrect use of Error *
c8c419d13c arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT

=== OUTPUT BEGIN ===
Checking PATCH 1/10: arm/translate-a64: treat DISAS_UPDATE as variant of 
DISAS_EXIT...
Checking PATCH 2/10: sdhci: fix incorrect use of Error *...
Checking PATCH 3/10: hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR 
accesses...
Checking PATCH 4/10: hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15...
Checking PATCH 5/10: i.MX: Support serial RS-232 break properly...
ERROR: spaces required around that '<<' (ctx:VxV)
#56: FILE: include/hw/char/imx_serial.h:29:
+#define URXD_FRMERR (1<<12)   /* Character has frame error */
   ^

total: 1 errors, 0 warnings, 24 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 6/10: mach-virt: Set VM's SMBIOS system version to mc->name...
Checking PATCH 7/10: target/arm: Honour MDCR_EL2.TDE when routing exceptions 
due to BKPT/BRK...
Checking PATCH 8/10: target/arm: Factor out code to calculate FSR for debug 
exceptions...
Checking PATCH 9/10: target/arm: Set FSR for BKPT, BRK when raising exception...
Checking PATCH 10/10: target/arm: Always set FAR to a known unknown value for 
debug exceptions...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [PATCH v2 0/5] coccinelle: re-run scripts from scripts/coccinelle

[Laurent Vivier]

On 23/03/2018 18:47, Eric Blake wrote:
> On 03/23/2018 09:31 AM, Laurent Vivier wrote:
>> I've re-run some scripts from the coccinelle directory,
>> and they have found some problems.
>>
>> This series fixes them.
>>
>> v2: only change PATCH 4/4
>>    - keep comments
>>    - fix indentation
>>    I didn't remove changes in autogenerated files as it
>>    seems they are generated only once.
>>
>> Daniel P. Berrangé (1):
>>    make: improve check for stale generated files in source dir
> 
> Is the inclusion of this patch compared to v1 intentional?

Oh, no, sorry... I've put this in my branch to test it and forgot to
remove it...

Thanks,
Laurent

Re: [Qemu-devel] raw iotest regressions in 2.12.0-rc0

[Eric Blake]

On 03/22/2018 08:54 AM, Peter Xu wrote:

On Wed, Mar 21, 2018 at 05:58:48PM -0400, John Snow wrote:

./check -v -raw
Failures: 109 132 136 148 152 183





./check -v raw
Failures: 055
Failed 5 of 5 tests




Maybe these are known, but I wanted to consolidate them for rc0 for
something easy to search for. There are others for qcow2 which I'll post
in a bit...!


I think patches have been floating on list for the failures in 51, 185, 
and 186 under qcow2, which were failing independently of the OOB changes.





Thanks,
--js


CCing Max, Fam.

Now I think I know how to solve some of the tests already (109, 132,
148, 152, 183). While I am still working (or, not yet started to work)
on some others (055, 136, 205).

205 is interesting - it won't fail every time, but randomly:





While I haven't started to look at 055, which is:




I'll continue and update tomorrow.  So if anyone has any idea on
solving any of the problem, please feel free to shoot.



Let me know how I can help, as well.

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH] monitor: fix expected qmp_capabilities error description regression

[Eric Blake]

On 03/23/2018 10:50 AM, Marc-André Lureau wrote:


If we are going to remove below chunk, how about do it in prettier
way instead of hacking around the error again?  Like:

diff --git a/monitor.c b/monitor.c
index 77f4c41cfa..849fa23bf9 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1203,8 +1203,14 @@ static bool qmp_cmd_oob_check(Monitor *mon, QDict *req, 
Error **errp)

  cmd = qmp_find_command(mon->qmp.commands, command);
  if (!cmd) {
-error_set(errp, ERROR_CLASS_COMMAND_NOT_FOUND,
-  "The command %s has not been found", command);
+if (mon->qmp.commands == _cap_negotiation_commands) {
+error_set(errp, ERROR_CLASS_COMMAND_NOT_FOUND,
+  "Expecting capabilities negotiation "
+  "with 'qmp_capabilities'");
+} else {
+error_set(errp, ERROR_CLASS_COMMAND_NOT_FOUND,
+  "The command %s has not been found", command);
+}
  return false;
  }

What do you think?


Yes, that looks nicer.





Works for me (fwiw, I'll probably need the replace "hack" again,
because in the RFC series I am about to send, the code is factored out
/ generalized in qmp-dispatch), but that works in the meantime, please
send a patch.


There have been quite a few patch ideas across multiple threads related 
to OOB fallout.  Hopefully I can keep straight which patches are 
intended for 2.12 (anything that fixes a bug, like this one, is a good 
candidate, and it would be nice if we can undo the temporary reversion 
of exposing OOB if we can solve all the issues that iotests exposed).


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH for-2.12 v2 06/12] qemu-iotests: Test invalid resize on luks

[Eric Blake]

On 03/21/2018 12:37 PM, Kevin Wolf wrote:

This tests that the .bdrv_truncate implementation for luks doesn't crash
for invalid image sizes.

Signed-off-by: Kevin Wolf 
---
  tests/qemu-iotests/210 | 37 +
  tests/qemu-iotests/210.out | 16 
  2 files changed, 53 insertions(+)



Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH for-2.12 0/2] i386/hyperv: fully control Hyper-V features in CPUID

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180323125808.4479-1-rka...@virtuozzo.com
Subject: [Qemu-devel] [PATCH for-2.12 0/2] i386/hyperv: fully control Hyper-V 
features in CPUID

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
2efbb18fe2 i386/hyperv: error out if features requested but unsupported
31e7467f4e i386/hyperv: add hv-frequencies cpu property

=== OUTPUT BEGIN ===
Checking PATCH 1/2: i386/hyperv: add hv-frequencies cpu property...
Checking PATCH 2/2: i386/hyperv: error out if features requested but 
unsupported...
ERROR: suspect code indent for conditional statements (4, 7)
#39: FILE: target/i386/kvm.c:670:
+if (cpu->hyperv_reset) {
+   if (!has_msr_hv_reset) {

total: 1 errors, 0 warnings, 38 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [PATCH for-2.12 v2 03/12] qemu-iotests: Test vdi image creation with QMP

[Eric Blake]

On 03/21/2018 12:37 PM, Kevin Wolf wrote:

Signed-off-by: Kevin Wolf 
---
  tests/qemu-iotests/211 | 246 +
  tests/qemu-iotests/211.out |  97 ++
  tests/qemu-iotests/group   |   1 +
  3 files changed, 344 insertions(+)
  create mode 100755 tests/qemu-iotests/211
  create mode 100644 tests/qemu-iotests/211.out



Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

[Qemu-devel] [PATCH v2] target-arm: Check undefined opcodes for SWP in A32 decoder

[Onur Sahin]

Thanks for the feedback Peter. Removing the redundant check on bit
23 and adding checks for the "should be" bits as well (bits [11:8]).

The following patch should make sure we are not treating
architecturally Undefined instructions as a SWP, by verifying
the opcodes as per section A8.8.229 of ARMv7-A specification.

Best,
Onur

Signed-off-by: Onur Sahin 
---
 target/arm/translate.c | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index ba6ab7d..1fb0b8f 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -9227,11 +9227,14 @@ static void disas_arm_insn(DisasContext *s, unsigned 
int insn)
 }
 }
 tcg_temp_free_i32(addr);
-} else {
+} else if ((insn & 0x00300f00) == 0) {
+/* 0b_0001_0x00____1001_
+*  - SWP, SWPB
+*/
+
 TCGv taddr;
 TCGMemOp opc = s->be_data;
 
-/* SWP instruction */
 rm = (insn) & 0xf;
 
 if (insn & (1 << 22)) {
@@ -9249,6 +9252,8 @@ static void disas_arm_insn(DisasContext *s, unsigned int 
insn)
 get_mem_index(s), opc);
 tcg_temp_free(taddr);
 store_reg(s, rd, tmp);
+} else {
+goto illegal_op;
 }
 }
 } else {
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v4 5/9] qapi: introduce new cmd option "allowed-in-preconfig"

[Eduardo Habkost]

On Mon, Mar 12, 2018 at 02:11:11PM +0100, Igor Mammedov wrote:
> New option will be used to allow commands, which are prepared/need
> to run run in preconfig state. Other commands that should be able
> to run in preconfig state, should be ammeded to not expect machine
> in initialized state or deal with it.
> 
> For compatibility reasons, commands, that don't use new flag
> 'allowed-in-preconfig' explicitly, are not permited to run in
> preconfig state but allowed in all other states like they used
> to be.
> 
> Within this patch allow following commands in preconfig state:
>qmp_capabilities
>query-qmp-schema
>query-commands
>query-status
>cont
> to allow qmp connection, basic introspection and moving to the next
> state.
> 
> PS:
> set-numa-node and query-hotpluggable-cpus will be enabled later in
> a separate patch.
> 
> Signed-off-by: Igor Mammedov 

I didn't review the code yet, but:

Shouldn't this be applied before patch 3/9, for bisectability?
Otherwise it will be very easy to crash QEMU after applying patch
3/9.

-- 
Eduardo

Re: [Qemu-devel] [PATCH v4 4/9] hmp: disable monitor in preconfig state

[Eduardo Habkost]

On Mon, Mar 12, 2018 at 02:11:10PM +0100, Igor Mammedov wrote:
> Ban it for now, if someone would need it to work early,
> one would have to implement checks if HMP command is valid
> at preconfig state.
> 
> Signed-off-by: Igor Mammedov 
> ---
> v4:
>   * v3 was only printing error but not preventing command execution,
> Fix it by returning after printing error message.
> ("Dr. David Alan Gilbert" )
> ---
>  monitor.c | 5 +
>  1 file changed, 5 insertions(+)
> 
> diff --git a/monitor.c b/monitor.c
> index a4417f2..ea0ca57 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -3104,6 +3104,11 @@ static void handle_hmp_command(Monitor *mon, const 
> char *cmdline)
>  
>  trace_handle_hmp_command(mon, cmdline);
>  
> +if (runstate_check(RUN_STATE_PRECONFIG)) {
> +monitor_printf(mon, "HMP not available in preconfig state\n");
> +return;

Not even the "cont" command?  It would be useful for testing
-preconfig.

-- 
Eduardo

Re: [Qemu-devel] [PATCH v4 3/9] cli: add -preconfig option

[Eduardo Habkost]

On Mon, Mar 12, 2018 at 02:11:09PM +0100, Igor Mammedov wrote:
> This option allows pausing QEMU in the new RUN_STATE_PRECONFIG state,
> allowing the configuration of QEMU from QMP before the machine jumps
> into board initialization code of machine_run_board_init()
> 
> Intent is to allow management to query machine state and additionally
> configure it using previous query results within one QEMU instance
> (i.e. eliminate need to start QEMU twice, 1st to query board specific
> parameters and 2nd for actual VM start using query results for
> additional parameters).
> 
> New option complements -S option and could be used with or without
> it. Difference is that -S pauses QEMU when machine is completely
> build with all devices wired up and ready run (QEMU need only to
> unpause CPUs to let guest execute its code).
> And "preconfig" option pauses QEMU early before board specific init
> callback (machine_run_board_init) is executed and will allow to
> configure machine parameters which will be used by board init code.
> 
> When early introspection/configuration is done, command 'cont' should
> be used to exit RUN_STATE_PRECONFIG and transition to the next
> requested state (i.e. if -S is used then QEMU will pause the second
> time when board/device initialization is completed or start guest
> execution if -S isn't provided on CLI)
> 
> PS:
> Initially 'preconfig' is planned to be used for configuring numa
> topology depending on board specified possible cpus layout.
> 
> Signed-off-by: Igor Mammedov 
> ---
> v4:
>   * Explain more on behaviour in commit message and use suggested
> wording in message and patch (Eric Blake )
> ---
>  include/sysemu/sysemu.h |  1 +
>  qapi/run-state.json |  5 -
>  qemu-options.hx | 13 +
>  qmp.c   |  5 +
>  vl.c| 35 ++-
>  5 files changed, 57 insertions(+), 2 deletions(-)
> 
> diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
> index 356bfdc..996bc38 100644
> --- a/include/sysemu/sysemu.h
> +++ b/include/sysemu/sysemu.h
> @@ -66,6 +66,7 @@ typedef enum WakeupReason {
>  QEMU_WAKEUP_REASON_OTHER,
>  } WakeupReason;
>  
> +void qemu_exit_preconfig_request(void);
>  void qemu_system_reset_request(ShutdownCause reason);
>  void qemu_system_suspend_request(void);
>  void qemu_register_suspend_notifier(Notifier *notifier);
> diff --git a/qapi/run-state.json b/qapi/run-state.json
> index 1c9fff3..ce846a5 100644
> --- a/qapi/run-state.json
> +++ b/qapi/run-state.json
> @@ -49,12 +49,15 @@
>  # @colo: guest is paused to save/restore VM state under colo checkpoint,
>  #VM can not get into this state unless colo capability is enabled
>  #for migration. (since 2.8)
> +# @preconfig: QEMU is paused before board specific init callback is executed.
> +# The state is reachable only if -preconfig CLI option is used.
> +# (Since 2.12)
>  ##
>  { 'enum': 'RunState',
>'data': [ 'debug', 'inmigrate', 'internal-error', 'io-error', 'paused',
>  'postmigrate', 'prelaunch', 'finish-migrate', 'restore-vm',
>  'running', 'save-vm', 'shutdown', 'suspended', 'watchdog',
> -'guest-panicked', 'colo' ] }
> +'guest-panicked', 'colo', 'preconfig' ] }
>  
>  ##
>  # @StatusInfo:
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 6585058..7c8aaa5 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -3302,6 +3302,19 @@ STEXI
>  Run the emulation in single step mode.
>  ETEXI
>  
> +DEF("preconfig", 0, QEMU_OPTION_preconfig, \
> +"-preconfig  pause QEMU before machine is initialized\n",
> +QEMU_ARCH_ALL)
> +STEXI
> +@item -preconfig
> +@findex -preconfig
> +Pause QEMU for interactive configuration before the machine is created,
> +which allows querying and configuring properties that will affect
> +machine initialization. Use the QMP command 'cont' to exit the preconfig
> +state and move to the next state (ie. run guest if -S isn't used or
> +pause the second time is -S is used).
> +ETEXI
> +
>  DEF("S", 0, QEMU_OPTION_S, \
>  "-S  freeze CPU at startup (use 'c' to start execution)\n",
>  QEMU_ARCH_ALL)
> diff --git a/qmp.c b/qmp.c
> index 8c7d1cc..b38090d 100644
> --- a/qmp.c
> +++ b/qmp.c
> @@ -166,6 +166,11 @@ void qmp_cont(Error **errp)
>  BlockBackend *blk;
>  Error *local_err = NULL;
>  
> +if (runstate_check(RUN_STATE_PRECONFIG)) {
> +qemu_exit_preconfig_request();
> +return;
> +}
> +
>  /* if there is a dump in background, we should wait until the dump
>   * finished */
>  if (dump_in_progress()) {
> diff --git a/vl.c b/vl.c
> index 3ef04ce..69b1997 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -593,7 +593,7 @@ static int default_driver_check(void *opaque, QemuOpts 
> *opts, Error **errp)
>  /***/
>  /* QEMU state */
>  
> 

[Qemu-devel] [Bug 1663287] Re: Illegal delay slot code causes abort on mips64

[philmd]

** Tags added: mips

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1663287

Title:
  Illegal delay slot code causes abort on mips64

Status in QEMU:
  New

Bug description:
  During some randomised testing of an experimental MIPS implementation
  I found an instruction sequence that also causes aborts on mainline
  qemu's MIPS support.  The problem is triggered by an MSA branch
  instruction appearing in a delay slot when emulating a processor
  without MSA support.

  For example, with the current repository HEAD
  (f073cd3a2bf1054135271b837c58a7da650dd84b) configured for
  mips64-softmmu, if I run the attached binary using

  mips64-softmmu/qemu-system-mips64 -bios ../abort2.bin -machine
  mipssim -nographic

  it will report

  unknown branch 0x13000
  Aborted (core dumped)

  The binary contains the following two instructions:

  0028 jr at
  47081e61 bz.b   w8,0xbfc0798c

  The jr sets up a jump, and hflags is set accordingly in
  gen_compute_branch (in target/mips/translate.c).  When processing the
  bz.b, check_insn generates an exception because the instruction isn't
  support, but gen_msa_branch skips the usual delay slot check for the
  same reason, and sets more bits in hflags, leading to an abort in
  gen_branch because the hflags are now invalid.

  I suspect the best fix is to remove the instruction set condition from
  the delay slot check in gen_msa_branch.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1663287/+subscriptions

Re: [Qemu-devel] [PATCH v4 5/9] qapi: introduce new cmd option "allowed-in-preconfig"

[Eric Blake]

On 03/12/2018 08:11 AM, Igor Mammedov wrote:

New option will be used to allow commands, which are prepared/need
to run run in preconfig state. Other commands that should be able


s/run run in/run, during/


to run in preconfig state, should be ammeded to not expect machine


s/ammeded/amended/


in initialized state or deal with it.

For compatibility reasons, commands, that don't use new flag


s/commands,/commands/


'allowed-in-preconfig' explicitly, are not permited to run in


s/explicitly,/explicitly/
s/permited/permitted/


preconfig state but allowed in all other states like they used
to be.

Within this patch allow following commands in preconfig state:
qmp_capabilities
query-qmp-schema
query-commands
query-status
cont
to allow qmp connection, basic introspection and moving to the next
state.


Looks like a reasonable list.  Maybe also query-command-line-options 
should be here?




PS:
set-numa-node and query-hotpluggable-cpus will be enabled later in
a separate patch.

Signed-off-by: Igor Mammedov 
---
v4:
   * replaces complex "universal" approach
  "[PATCH v3 5/9] QAPI: allow to specify valid runstates  per command"
 with a simpler new command flag "allowed-in-preconfig".
 (Eric Blake )


Thanks; it looks a lot more maintainable now.  However, you need to 
rebase, now that 'allow-oob' has already landed.



+++ b/qapi/introspect.json
@@ -259,12 +259,16 @@
  #
  # @ret-type: the name of the command's result type.
  #
+# @allowed-in-preconfig: command could be executed  in preconfig runstate,


s/could/can/
double space before in


+#default: 'false' (Since 2.12)


/me must resist the urge to call out softfreeze ;)

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

[Qemu-devel] [Bug 1754372] Re: Set MIPS MSA in ELF Auxiliary Vectors

[philmd]

** Tags added: mips

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1754372

Title:
  Set MIPS MSA in ELF Auxiliary Vectors

Status in QEMU:
  In Progress

Bug description:
  The MIPS MSA feature is currently not set in the ELF auxiliary vector.

  That is, querying the AT_HWCAP key of the ELF auxiliary vectors for a
  MIPS CPU that has the MSA feature should return a value that has the
  second bit [0] set.

  From [0], `HWCAP_MIPS_MSA` is defined to `1 << 1`.

  [0]:
  
https://github.com/torvalds/linux/blob/master/arch/mips/include/uapi/asm/hwcap.h

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1754372/+subscriptions

Re: [Qemu-devel] [PATCH v4 2/9] numa: split out NumaOptions parsing into parse_NumaOptions()

[Eduardo Habkost]

On Fri, Mar 23, 2018 at 03:49:38PM -0500, Eric Blake wrote:
> On 03/23/2018 03:42 PM, Eduardo Habkost wrote:
> > On Mon, Mar 12, 2018 at 02:11:08PM +0100, Igor Mammedov wrote:
> > > it will allow to reuse parse_NumaOptions() for parsing
> > > configuration commands received via QMP interface
> > > 
> > > Signed-off-by: Igor Mammedov 
> > > ---
> 
> > >   end:
> > > +if (err) {
> > > +error_propagate(errp, err);
> > > +}
> > 
> > "if (err)" is not necessary here.  See
> > scripts/coccinelle/error_propagate_null.cocci.
> > 
> 
> > > +parse_NumaOptions(ms, object, );
> > > +
> > > +end:
> > >   qapi_free_NumaOptions(object);
> > >   if (err) {
> > >   error_report_err(err);
> > 
> > We can fix this one too while at it.
> 
> Hmm - this is the same script mentioned here:
> https://lists.gnu.org/archive/html/qemu-devel/2018-03/msg06293.html
> 
> Except that patch didn't pick up this file.  Why is Coccinelle not seeing
> this?

I don't know.  I've seen Coccinelle being confused by some of our
preprocessor magic before, and in those cases it simply skipped
some files.

-- 
Eduardo

Re: [Qemu-devel] [PATCH v4 3/9] cli: add -preconfig option

[Eduardo Habkost]

On Mon, Mar 12, 2018 at 02:11:09PM +0100, Igor Mammedov wrote:
> This option allows pausing QEMU in the new RUN_STATE_PRECONFIG state,
> allowing the configuration of QEMU from QMP before the machine jumps
> into board initialization code of machine_run_board_init()
> 
> Intent is to allow management to query machine state and additionally
> configure it using previous query results within one QEMU instance
> (i.e. eliminate need to start QEMU twice, 1st to query board specific
> parameters and 2nd for actual VM start using query results for
> additional parameters).
> 
> New option complements -S option and could be used with or without
> it. Difference is that -S pauses QEMU when machine is completely
> build with all devices wired up and ready run (QEMU need only to
> unpause CPUs to let guest execute its code).
> And "preconfig" option pauses QEMU early before board specific init
> callback (machine_run_board_init) is executed and will allow to
> configure machine parameters which will be used by board init code.
> 
> When early introspection/configuration is done, command 'cont' should
> be used to exit RUN_STATE_PRECONFIG and transition to the next
> requested state (i.e. if -S is used then QEMU will pause the second
> time when board/device initialization is completed or start guest
> execution if -S isn't provided on CLI)
> 
> PS:
> Initially 'preconfig' is planned to be used for configuring numa
> topology depending on board specified possible cpus layout.
> 
> Signed-off-by: Igor Mammedov 

TL;DR: I was against this approach of adding a new "preconfig"
state and thought "-S" ought to be enough, but I'm now convinced
this is the best option we have.


Long version:

So, I was skeptical of this approach initially, because I thought
"machine->init() was run" and "machine->init() was not run yet"
is supposed to be internal QEMU state that no external component
should care about at all, because the vCPUs are not running yet.

In other words, if vCPUS were not started yet, we should be able
to reconfigure anything, and "-S" ought to be enough to what we
want.

...in theory.  In practice this is messy:

Currently initialization works this way:

  void vm_start()  /* this is delayed if -S is used */
  {
  resume_all_vcpus();
  }

  void qmp_cont()  /* "cont" command */
  {
  /* ... */
  vm_start();
  }
  
  void main()
  {
  /* ... */
  machine_run_board_init()
  if (autostart) {  /* -S option sets autotstart = 0 */
  vm_start();
  }
  main_loop();  /* QMP becomes available here */
  }

Then we would have to either do this:

  void vm_start()
  {
  machine_run_board_init()  /* < HERE */
  resume_all_vcpus();
  }

  void main()
  {
  /* ... */
  /* machine_run_board_init() moved from here */
  if (autostart) {
  vm_start();
  }
  main_loop();
  }

...and fix every single QMP command to not break if
machine_run_board_init() wasn't called yet.

I don't think that's feasible.


Or we could do this:

  void vm_start()
  {
  configure_numa()  /* < HERE */
  resume_all_vcpus();
  }

  void main()
  {
  /* ... */
  machine_run_board_init();
  if (autostart) {
  vm_start();
  }
  main_loop();
  }

...and slowly move code from machine_run_board_init() to
vm_start() (like configure_numa() above).

That's how I expected us to implement the NUMA QMP configuration
stuff.

But, really, the data and ordering dependencies we have in
machine initialization is insane, and simply moving
configure_numa() after machine_run_board_init() would require
moving almost all of machine_run_board_init() inside vm_start().

In practice this would be more complex than moving
machine_run_board_init() completely inside vm_start().  I don't
think that's feasible.

So I'm OK with your approach.

Now I will review the actual code in a separate e-mail.  :)

-- 
Eduardo

Re: [Qemu-devel] [PATCH v4 3/9] cli: add -preconfig option

[Eric Blake]

On 03/12/2018 08:11 AM, Igor Mammedov wrote:

I know you wrote this before softfreeze, but I'm only just now getting a 
chance to review. ...[1]



This option allows pausing QEMU in the new RUN_STATE_PRECONFIG state,
allowing the configuration of QEMU from QMP before the machine jumps
into board initialization code of machine_run_board_init()

Intent is to allow management to query machine state and additionally


s/Intent/The intent/


configure it using previous query results within one QEMU instance
(i.e. eliminate need to start QEMU twice, 1st to query board specific


s/need/the need/


parameters and 2nd for actual VM start using query results for
additional parameters).

New option complements -S option and could be used with or without


s/New/The new/



it. Difference is that -S pauses QEMU when machine is completely


s/Difference/The difference/
s/when/when the/


build with all devices wired up and ready run (QEMU need only to


s/build/built/
s/ready/ready to/


unpause CPUs to let guest execute its code).
And "preconfig" option pauses QEMU early before board specific init


s/. And/; while the/


callback (machine_run_board_init) is executed and will allow to
configure machine parameters which will be used by board init code.


s/allow to configure/allow the configuration of/



When early introspection/configuration is done, command 'cont' should
be used to exit RUN_STATE_PRECONFIG and transition to the next
requested state (i.e. if -S is used then QEMU will pause the second
time when board/device initialization is completed or start guest
execution if -S isn't provided on CLI)

PS:
Initially 'preconfig' is planned to be used for configuring numa
topology depending on board specified possible cpus layout.

Signed-off-by: Igor Mammedov 
---
v4:
   * Explain more on behaviour in commit message and use suggested
 wording in message and patch (Eric Blake )


Well, I'm still coming up with wording tweaks, but it is getting better ;)


---
  include/sysemu/sysemu.h |  1 +
  qapi/run-state.json |  5 -
  qemu-options.hx | 13 +
  qmp.c   |  5 +
  vl.c| 35 ++-
  5 files changed, 57 insertions(+), 2 deletions(-)




+++ b/qapi/run-state.json
@@ -49,12 +49,15 @@
  # @colo: guest is paused to save/restore VM state under colo checkpoint,
  #VM can not get into this state unless colo capability is enabled
  #for migration. (since 2.8)
+# @preconfig: QEMU is paused before board specific init callback is executed.
+# The state is reachable only if -preconfig CLI option is used.
+# (Since 2.12)


[1]... So are you still trying to cram this in 2.12 as a bugfix? It 
feels enough like a feature that at this point, you'll want to change 
that to 2.13 on your v5 spin.  (Probably a similar comment throughout 
the series, so I'll only mention it this once).


s/if -preconfig/if the --preconfig/

spelling --preconfig with two dashes may make sense; we have a 
bite-sized task that mentions that common options like -object/--object 
should prefer the two-dash form, at which point consistency where all 
our other options use the two-dash form may be worth doing.  But even if 
you stick with the one-dash form, inserting 'the' sounds better to a 
native speaker.



  ##
  { 'enum': 'RunState',
'data': [ 'debug', 'inmigrate', 'internal-error', 'io-error', 'paused',
  'postmigrate', 'prelaunch', 'finish-migrate', 'restore-vm',
  'running', 'save-vm', 'shutdown', 'suspended', 'watchdog',
-'guest-panicked', 'colo' ] }
+'guest-panicked', 'colo', 'preconfig' ] }
  
  ##

  # @StatusInfo:
diff --git a/qemu-options.hx b/qemu-options.hx
index 6585058..7c8aaa5 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3302,6 +3302,19 @@ STEXI
  Run the emulation in single step mode.
  ETEXI
  
+DEF("preconfig", 0, QEMU_OPTION_preconfig, \

+"-preconfig  pause QEMU before machine is initialized\n",


More places for two-dash spelling consideration.


+QEMU_ARCH_ALL)
+STEXI
+@item -preconfig
+@findex -preconfig
+Pause QEMU for interactive configuration before the machine is created,
+which allows querying and configuring properties that will affect
+machine initialization. Use the QMP command 'cont' to exit the preconfig
+state and move to the next state (ie. run guest if -S isn't used or
+pause the second time is -S is used).


s/is -S/if -S/

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH 2/4] error: Remove NULL checks on error_propagate() calls

[Eric Blake]

On 03/22/2018 11:12 AM, Laurent Vivier wrote:

Re-run Coccinelle patch
scripts/coccinelle/error_propagate_null.cocci

Signed-off-by: Laurent Vivier 
---
  io/channel-websock.c | 4 +---
  1 file changed, 1 insertion(+), 3 deletions(-)



Misses an offender in numa.c, why?

https://lists.gnu.org/archive/html/qemu-devel/2018-03/msg06382.html

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH v4 2/9] numa: split out NumaOptions parsing into parse_NumaOptions()

[Eric Blake]

On 03/23/2018 03:42 PM, Eduardo Habkost wrote:

On Mon, Mar 12, 2018 at 02:11:08PM +0100, Igor Mammedov wrote:

it will allow to reuse parse_NumaOptions() for parsing
configuration commands received via QMP interface

Signed-off-by: Igor Mammedov 
---



  end:
+if (err) {
+error_propagate(errp, err);
+}


"if (err)" is not necessary here.  See
scripts/coccinelle/error_propagate_null.cocci.




+parse_NumaOptions(ms, object, );
+
+end:
  qapi_free_NumaOptions(object);
  if (err) {
  error_report_err(err);


We can fix this one too while at it.


Hmm - this is the same script mentioned here:
https://lists.gnu.org/archive/html/qemu-devel/2018-03/msg06293.html

Except that patch didn't pick up this file.  Why is Coccinelle not 
seeing this?


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

[Qemu-devel] [PATCH for-2.12] tests: Silence false positive warning on generated test name

[Eric Blake]

Running 'make check' on rawhide with gcc 8.0.1 fails:

tests/test-visitor-serialization.c: In function 'main':
tests/test-visitor-serialization.c:1127:34: error: '/primitives/' directive 
writing 12 bytes into a region of size between 1 and 128 
[-Werror=format-overflow=]

The warning is a false positive (we have two buffers of size 128,
so yes, if we FULLY used the first buffer, then sprint'ing it into
the second will overflow the second).  But in practice, our first
buffer will not be longer than "/visitor/serialization/String",
so sizing it smaller is enough to let gcc see that we don't
overflow the second.

Signed-off-by: Eric Blake 
---

Makes sense for me to take this through my QAPI tree, if it gets a review.

 tests/test-visitor-serialization.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/test-visitor-serialization.c 
b/tests/test-visitor-serialization.c
index 438c18a0d64..d18d90db2c7 100644
--- a/tests/test-visitor-serialization.c
+++ b/tests/test-visitor-serialization.c
@@ -1115,7 +1115,7 @@ static const SerializeOps visitors[] = {

 static void add_visitor_type(const SerializeOps *ops)
 {
-char testname_prefix[128];
+char testname_prefix[32];
 char testname[128];
 TestArgs *args;
 int i = 0;
-- 
2.14.3

Re: [Qemu-devel] [PATCH v4 2/9] numa: split out NumaOptions parsing into parse_NumaOptions()

[Eduardo Habkost]

On Mon, Mar 12, 2018 at 02:11:08PM +0100, Igor Mammedov wrote:
> it will allow to reuse parse_NumaOptions() for parsing
> configuration commands received via QMP interface
> 
> Signed-off-by: Igor Mammedov 
> ---
>  include/sysemu/numa.h |  1 +
>  numa.c| 48 +---
>  2 files changed, 30 insertions(+), 19 deletions(-)
> 
> diff --git a/include/sysemu/numa.h b/include/sysemu/numa.h
> index 21713b7..7a0ae75 100644
> --- a/include/sysemu/numa.h
> +++ b/include/sysemu/numa.h
> @@ -22,6 +22,7 @@ struct NumaNodeMem {
>  };
>  
>  extern NodeInfo numa_info[MAX_NODES];
> +int parse_numa(void *opaque, QemuOpts *opts, Error **errp);
>  void parse_numa_opts(MachineState *ms);
>  void numa_complete_configuration(MachineState *ms);
>  void query_numa_node_mem(NumaNodeMem node_mem[]);
> diff --git a/numa.c b/numa.c
> index 126c649..2b1d292 100644
> --- a/numa.c
> +++ b/numa.c
> @@ -169,28 +169,11 @@ static void parse_numa_distance(NumaDistOptions *dist, 
> Error **errp)
>  have_numa_distance = true;
>  }
>  
> -static int parse_numa(void *opaque, QemuOpts *opts, Error **errp)
> +static
> +void parse_NumaOptions(MachineState *ms, NumaOptions *object, Error **errp)

I wonder if we should rename the parse_numa_{node,distance}()
functions to configure_numa_{node,distance}(), and this one
configure_numa().  These functions don't parse anything, anymore.


>  {
> -NumaOptions *object = NULL;
> -MachineState *ms = opaque;
>  Error *err = NULL;
>  
> -{
> -Visitor *v = opts_visitor_new(opts);
> -visit_type_NumaOptions(v, NULL, , );
> -visit_free(v);
> -}
> -
> -if (err) {
> -goto end;
> -}
> -
> -/* Fix up legacy suffix-less format */
> -if ((object->type == NUMA_OPTIONS_TYPE_NODE) && object->u.node.has_mem) {
> -const char *mem_str = qemu_opt_get(opts, "mem");
> -qemu_strtosz_MiB(mem_str, NULL, >u.node.mem);
> -}
> -
>  switch (object->type) {
>  case NUMA_OPTIONS_TYPE_NODE:
>  parse_numa_node(ms, >u.node, );
> @@ -224,6 +207,33 @@ static int parse_numa(void *opaque, QemuOpts *opts, 
> Error **errp)
>  }
>  
>  end:
> +if (err) {
> +error_propagate(errp, err);
> +}

"if (err)" is not necessary here.  See
scripts/coccinelle/error_propagate_null.cocci.


> +}
> +
> +int parse_numa(void *opaque, QemuOpts *opts, Error **errp)
> +{
> +NumaOptions *object = NULL;
> +MachineState *ms = MACHINE(opaque);
> +Error *err = NULL;
> +Visitor *v = opts_visitor_new(opts);
> +
> +visit_type_NumaOptions(v, NULL, , );
> +visit_free(v);
> +if (err) {
> +goto end;
> +}
> +
> +/* Fix up legacy suffix-less format */
> +if ((object->type == NUMA_OPTIONS_TYPE_NODE) && object->u.node.has_mem) {
> +const char *mem_str = qemu_opt_get(opts, "mem");
> +qemu_strtosz_MiB(mem_str, NULL, >u.node.mem);
> +}
> +
> +parse_NumaOptions(ms, object, );
> +
> +end:
>  qapi_free_NumaOptions(object);
>  if (err) {
>  error_report_err(err);

We can fix this one too while at it.

The rest of the patch looks good.

-- 
Eduardo

Re: [Qemu-devel] [PATCH v4 1/9] numa: postpone options post-processing till machine_run_board_init()

[Eduardo Habkost]

On Mon, Mar 12, 2018 at 02:11:07PM +0100, Igor Mammedov wrote:
> in preparation for numa options to being handled via QMP before
> machine_run_board_init(), move final numa configuration checks
> and processing to machine_run_board_init() so it could take into
> account both CLI (via parse_numa_opts()) and QMP input
> 
> Signed-off-by: Igor Mammedov 
> ---
> v2:
>   - remove duplicate qemu_opts_foreach() in numa_complete_configuration()
> that was causing non explicitly IDed node "-numa node" parsed twice.

So, this moves initialization from parse_numa_opts() to
machine_run_board_init().

Let's see what can happen between those two functions:

Current code on main():

parse_numa_opts(current_machine);

machine_run_board_init(current_machine);

Wonderful.  :)

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

[Qemu-devel] [PULL 5/5] migration: Fix block migration flag case

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

Fix the case where when a migration with a bad protocol is tried,
we leave the block migration capability set.

(This is a cut down version of my 'migration: Fix block failure cases'
where it's other case was fixed by Peter's dd0ee30caeebbd )

Signed-off-by: Dr. David Alan Gilbert 
Message-Id: <20180316202114.32345-1-dgilb...@redhat.com>
Reviewed-by: Peter Xu 
Signed-off-by: Dr. David Alan Gilbert 
---
 migration/migration.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/migration/migration.c b/migration/migration.c
index fc629e5965..52a5092add 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -1428,6 +1428,7 @@ void qmp_migrate(const char *uri, bool has_blk, bool blk,
"a valid migration protocol");
 migrate_set_state(>state, MIGRATION_STATUS_SETUP,
   MIGRATION_STATUS_FAILED);
+block_cleanup_parameters(s);
 return;
 }
 
-- 
2.14.3

[Qemu-devel] [PULL 4/5] migration/block: compare only read blocks against the rate limiter

[Dr. David Alan Gilbert (git)]

From: Peter Lieven 

only read_done blocks are in the queued to be flushed to the migration
stream. submitted blocks are still in flight.

Signed-off-by: Peter Lieven 
Message-Id: <1520507908-16743-6-git-send-email...@kamp.de>
Reviewed-by: Juan Quintela 
Signed-off-by: Dr. David Alan Gilbert 
---
 migration/block.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/migration/block.c b/migration/block.c
index 03bbba61cb..4c04d937b1 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -773,8 +773,7 @@ static int block_save_iterate(QEMUFile *f, void *opaque)
 
 /* control the rate of transfer */
 blk_mig_lock();
-while ((block_mig_state.submitted +
-block_mig_state.read_done) * BLOCK_SIZE <
+while (block_mig_state.read_done * BLOCK_SIZE <
qemu_file_get_rate_limit(f) &&
block_mig_state.submitted < MAX_PARALLEL_IO &&
(block_mig_state.submitted + block_mig_state.read_done) <
-- 
2.14.3

Re: [Qemu-devel] [Qemu-block] [RFC PATCH 0/5] atapi: change unlimited recursion to while loop

[John Snow]

On 03/23/2018 04:17 PM, Paolo Bonzini wrote:
> On 23/03/2018 21:08, John Snow wrote:
>>
>>
>> On 02/23/2018 10:26 AM, Paolo Bonzini wrote:
>>> Real hardware doesn't have an unlimited stack, so the unlimited
>>> recursion in the ATAPI code smells a bit.  In fact, the call to
>>> ide_transfer_start easily becomes a tail call with a small change
>>> to the code (patch 4).  The remaining four patches move code around
>>> so as to the turn the call back to ide_atapi_cmd_reply_end into
>>> another tail call, and then convert the (double) tail recursion into
>>> a while loop.
>>>
>>> I'm not sure how this can be tested, apart from adding a READ CD
>>> test to ahci-test (which I don't really have time for now, hence
>>> the RFC tag).  The existing AHCI tests still pass, so patches 1-3
>>> aren't complete crap.
>>>
>>> Paolo
>>>
>>> Paolo Bonzini (5):
>>>   ide: push call to end_transfer_func out of start_transfer callback
>>>   ide: push end_transfer callback to ide_transfer_halt
>>>   ide: make ide_transfer_stop idempotent
>>>   atapi: call ide_set_irq before ide_transfer_start
>>>   ide: introduce ide_transfer_start_norecurse
>>>
>>>  hw/ide/ahci.c | 12 +++-
>>>  hw/ide/atapi.c| 37 -
>>>  hw/ide/core.c | 37 +++--
>>>  include/hw/ide/internal.h |  3 +++
>>>  4 files changed, 53 insertions(+), 36 deletions(-)
>>>
>>
>> LGTM; only comments wound up being naming.
> 
> The "PIO setup" FIS though should be sent at the *beginning* of data
> transfer according to the spec.  And if that is fixed a bunch of things
> are simpler (no end_transfer callback!).  I'll test and send next week.
> 
> Paolo
> 

My naive understanding is that it gets sent at the beginning to inform
the transfer -- but I'm not sure what the values of the frame should
actually be since it specifies it should also set what the value of the
registers ought to be after the transfer -- and I don't know how to
interpret that.

Is that an "expected value" or does that mean that the device (like the
SATA device) is expected to buffer up the transfer first, then send the
PIO Setup FIS frame and thus it already knows if it succeeded or failed
in buffering the data?

It's not tremendously clear to me -- but as long as at the end of the
transfer AHCI's mirror for the ATA registers match our core register
values, then it's probably fine...?

[Qemu-devel] [PULL 1/5] migration: convert socket server to QIONetListener

[Dr. David Alan Gilbert (git)]

From: "Daniel P. Berrange" 

Instead of creating a QIOChannelSocket directly for the migration
server socket, use a QIONetListener. This provides the ability
to listen on multiple sockets at the same time, so enables
full support for IPv4/IPv6 dual stack.

For example,   '$QEMU -incoming tcp::9000' now correctly listens
on both 0.0.0.0 and :: at the same time, instead of only on 0.0.0.0.

Signed-off-by: Daniel P. Berrange 
Message-Id: <20180312141714.7223-1-berra...@redhat.com>
Reviewed-by: Dr. David Alan Gilbert 
Signed-off-by: Dr. David Alan Gilbert 
---
 migration/socket.c | 48 
 1 file changed, 16 insertions(+), 32 deletions(-)

diff --git a/migration/socket.c b/migration/socket.c
index 8a93fb1af5..122d8ccfbe 100644
--- a/migration/socket.c
+++ b/migration/socket.c
@@ -24,6 +24,7 @@
 #include "migration.h"
 #include "qemu-file.h"
 #include "io/channel-socket.h"
+#include "io/net-listener.h"
 #include "trace.h"
 
 
@@ -129,34 +130,20 @@ void unix_start_outgoing_migration(MigrationState *s,
 }
 
 
-static gboolean socket_accept_incoming_migration(QIOChannel *ioc,
- GIOCondition condition,
- gpointer opaque)
+static void socket_accept_incoming_migration(QIONetListener *listener,
+ QIOChannelSocket *cioc,
+ gpointer opaque)
 {
-QIOChannelSocket *sioc;
-Error *err = NULL;
-
-sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc),
- );
-if (!sioc) {
-error_report("could not accept migration connection (%s)",
- error_get_pretty(err));
-goto out;
-}
-
 trace_migration_socket_incoming_accepted();
 
-qio_channel_set_name(QIO_CHANNEL(sioc), "migration-socket-incoming");
-migration_channel_process_incoming(QIO_CHANNEL(sioc));
-object_unref(OBJECT(sioc));
+qio_channel_set_name(QIO_CHANNEL(cioc), "migration-socket-incoming");
+migration_channel_process_incoming(QIO_CHANNEL(cioc));
 
-out:
 if (migration_has_all_channels()) {
 /* Close listening socket as its no longer needed */
-qio_channel_close(ioc, NULL);
-return G_SOURCE_REMOVE;
-} else {
-return G_SOURCE_CONTINUE;
+qio_net_listener_disconnect(listener);
+
+object_unref(OBJECT(listener));
 }
 }
 
@@ -164,21 +151,18 @@ out:
 static void socket_start_incoming_migration(SocketAddress *saddr,
 Error **errp)
 {
-QIOChannelSocket *listen_ioc = qio_channel_socket_new();
+QIONetListener *listener = qio_net_listener_new();
 
-qio_channel_set_name(QIO_CHANNEL(listen_ioc),
- "migration-socket-listener");
+qio_net_listener_set_name(listener, "migration-socket-listener");
 
-if (qio_channel_socket_listen_sync(listen_ioc, saddr, errp) < 0) {
-object_unref(OBJECT(listen_ioc));
+if (qio_net_listener_open_sync(listener, saddr, errp) < 0) {
+object_unref(OBJECT(listener));
 return;
 }
 
-qio_channel_add_watch(QIO_CHANNEL(listen_ioc),
-  G_IO_IN,
-  socket_accept_incoming_migration,
-  listen_ioc,
-  (GDestroyNotify)object_unref);
+qio_net_listener_set_client_func(listener,
+ socket_accept_incoming_migration,
+ NULL, NULL);
 }
 
 void tcp_start_incoming_migration(const char *host_port, Error **errp)
-- 
2.14.3

[Qemu-devel] [PULL 3/5] migration/block: limit the number of parallel I/O requests

[Dr. David Alan Gilbert (git)]

From: Peter Lieven 

the current implementation submits up to 512 I/O requests in parallel
which is much to high especially for a background task.
This patch adds a maximum limit of 16 I/O requests that can
be submitted in parallel to avoid monopolizing the I/O device.

Signed-off-by: Peter Lieven 
Message-Id: <1520507908-16743-5-git-send-email...@kamp.de>
Reviewed-by: Juan Quintela 
Signed-off-by: Dr. David Alan Gilbert 
---
 migration/block.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/migration/block.c b/migration/block.c
index 5c03632257..03bbba61cb 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -37,6 +37,7 @@
 #define MAX_IS_ALLOCATED_SEARCH (65536 * BDRV_SECTOR_SIZE)
 
 #define MAX_IO_BUFFERS 512
+#define MAX_PARALLEL_IO 16
 
 //#define DEBUG_BLK_MIGRATION
 
@@ -775,6 +776,7 @@ static int block_save_iterate(QEMUFile *f, void *opaque)
 while ((block_mig_state.submitted +
 block_mig_state.read_done) * BLOCK_SIZE <
qemu_file_get_rate_limit(f) &&
+   block_mig_state.submitted < MAX_PARALLEL_IO &&
(block_mig_state.submitted + block_mig_state.read_done) <
MAX_IO_BUFFERS) {
 blk_mig_unlock();
-- 
2.14.3

[Qemu-devel] [PULL 2/5] migration: Fix rate limiting issue on RDMA migration

[Dr. David Alan Gilbert (git)]

From: Lidong Chen 

RDMA migration implement save_page function for QEMUFile, but
ram_control_save_page do not increase bytes_xfer. So when doing
RDMA migration, it will use whole bandwidth.

Signed-off-by: Lidong Chen 
Message-Id: <1520692378-1835-1-git-send-email-lidongc...@tencent.com>
Reviewed-by: Juan Quintela 
Signed-off-by: Dr. David Alan Gilbert 
---
 migration/qemu-file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration/qemu-file.c b/migration/qemu-file.c
index e85f501f86..bb63c779cc 100644
--- a/migration/qemu-file.c
+++ b/migration/qemu-file.c
@@ -253,7 +253,7 @@ size_t ram_control_save_page(QEMUFile *f, ram_addr_t 
block_offset,
 if (f->hooks && f->hooks->save_page) {
 int ret = f->hooks->save_page(f, f->opaque, block_offset,
   offset, size, bytes_sent);
-
+f->bytes_xfer += size;
 if (ret != RAM_SAVE_CONTROL_DELAYED) {
 if (bytes_sent && *bytes_sent > 0) {
 qemu_update_position(f, *bytes_sent);
-- 
2.14.3

[Qemu-devel] [PULL 0/5] migration queue

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" <dgilb...@redhat.com>

The following changes since commit 4c2c1015905fa1d616750dfe024b4c0b35875950:

  Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20180323' into 
staging (2018-03-23 10:20:54 +)

are available in the Git repository at:

  git://github.com/dagrh/qemu.git tags/pull-migration-20180323a

for you to fetch changes up to 09576e74dbe697c5f0a7bc2ad7b59601457a2ff4:

  migration: Fix block migration flag case (2018-03-23 18:24:11 +)


Migration fixes for 2.12

All small fixes.  Dan's is a missing piece
of a cleanup that finally completes something,
and between Paolo, Dan and myself we recon it's
still on the edge of being a bug fix.


Daniel P. Berrangé (1):
  migration: convert socket server to QIONetListener

Dr. David Alan Gilbert (1):
  migration: Fix block migration flag case

Lidong Chen (1):
  migration: Fix rate limiting issue on RDMA migration

Peter Lieven (2):
  migration/block: limit the number of parallel I/O requests
  migration/block: compare only read blocks against the rate limiter

 migration/block.c |  5 +++--
 migration/migration.c |  1 +
 migration/qemu-file.c |  2 +-
 migration/socket.c| 48 
 4 files changed, 21 insertions(+), 35 deletions(-)

Re: [Qemu-devel] [PATCH] i386/kvm: add support for KVM_CAP_X86_DISABLE_EXITS

[Eduardo Habkost]

On Fri, Mar 16, 2018 at 07:36:42AM -0700, Wanpeng Li wrote:
> From: Wanpeng Li 
> 
> This patch adds support for KVM_CAP_X86_DISABLE_EXITS. Provides userspace 
> with 
> per-VM capability(KVM_CAP_X86_DISABLE_EXITS) to not intercept MWAIT/HLT/PAUSE 
> in order that to improve latency in some workloads.
> 
> Cc: Paolo Bonzini 
> Cc: Radim Krčmář 
> Cc: Eduardo Habkost 
> Signed-off-by: Wanpeng Li 


Thanks.

Patch looks good (except for comment below), but I would like to
see QEMU documentation mentioning what exactly are the practical
consequences of setting "+kvm-hint-dedicated" (especially what
could happen if people enable the flag without properly
configuring vCPU pinning).


[...]
> +if (env->features[FEAT_KVM_HINTS] & KVM_HINTS_DEDICATED) {
> +int disable_exits = kvm_check_extension(cs->kvm_state, 
> KVM_CAP_X86_DISABLE_EXITS);
> +if (disable_exits) {
> +disable_exits &= (KVM_X86_DISABLE_EXITS_MWAIT |
> +  KVM_X86_DISABLE_EXITS_HLT |
> +  KVM_X86_DISABLE_EXITS_PAUSE);
> +}

Documentation/virtual/kvm/api.txt says that KVM_FEATURE_PV_UNHALT
shouldn't be enabled if disabling HLT exits.  This needs to be
handled by QEMU.

Probably the simplest solution is to not allow kvm-hint-dedicated
to be enabled if kvm-pv-unhalt is.  This should be mentioned in
QEMU documentation, also, especially considering that we might
enable kvm-pv-unhalt by default in future QEMU versions.


> +if (kvm_vm_enable_cap(cs->kvm_state, KVM_CAP_X86_DISABLE_EXITS, 0, 
> disable_exits)) {
> +error_report("kvm: DISABLE EXITS not supported");
> +}
> +}
> +
>  qemu_add_vm_change_state_handler(cpu_update_state, env);
>  
>  c = cpuid_find_entry(_data.cpuid, 1, 0);
> -- 
> 2.7.4
> 
> 

-- 
Eduardo

Re: [Qemu-devel] [Qemu-block] [RFC PATCH 0/5] atapi: change unlimited recursion to while loop

[Paolo Bonzini]

On 23/03/2018 21:08, John Snow wrote:
> 
> 
> On 02/23/2018 10:26 AM, Paolo Bonzini wrote:
>> Real hardware doesn't have an unlimited stack, so the unlimited
>> recursion in the ATAPI code smells a bit.  In fact, the call to
>> ide_transfer_start easily becomes a tail call with a small change
>> to the code (patch 4).  The remaining four patches move code around
>> so as to the turn the call back to ide_atapi_cmd_reply_end into
>> another tail call, and then convert the (double) tail recursion into
>> a while loop.
>>
>> I'm not sure how this can be tested, apart from adding a READ CD
>> test to ahci-test (which I don't really have time for now, hence
>> the RFC tag).  The existing AHCI tests still pass, so patches 1-3
>> aren't complete crap.
>>
>> Paolo
>>
>> Paolo Bonzini (5):
>>   ide: push call to end_transfer_func out of start_transfer callback
>>   ide: push end_transfer callback to ide_transfer_halt
>>   ide: make ide_transfer_stop idempotent
>>   atapi: call ide_set_irq before ide_transfer_start
>>   ide: introduce ide_transfer_start_norecurse
>>
>>  hw/ide/ahci.c | 12 +++-
>>  hw/ide/atapi.c| 37 -
>>  hw/ide/core.c | 37 +++--
>>  include/hw/ide/internal.h |  3 +++
>>  4 files changed, 53 insertions(+), 36 deletions(-)
>>
> 
> LGTM; only comments wound up being naming.

The "PIO setup" FIS though should be sent at the *beginning* of data
transfer according to the spec.  And if that is fixed a bunch of things
are simpler (no end_transfer callback!).  I'll test and send next week.

Paolo

Re: [Qemu-devel] [PATCH v5.2 for 2.13 3/4] docs: tpm: add VM save/restore example and troubleshooting guide

[Dr. David Alan Gilbert]

* Stefan Berger (stef...@linux.vnet.ibm.com) wrote:
> On 03/21/2018 02:42 PM, Dr. David Alan Gilbert wrote:
> > * Stefan Berger (stef...@linux.vnet.ibm.com) wrote:
> > > Extend the docs related to TPM with specs related to VM save and
> > > restore and a troubleshooting guide for TPM migration.
> > > 
> > > Signed-off-by: Stefan Berger 
> > This seems ok, so:
> > 
> > Reviewed-by: Dr. David Alan Gilbert 
> > 
> > but comments below:
> > 
> > > ---
> > >   docs/specs/tpm.txt | 106 
> > > +
> > >   1 file changed, 106 insertions(+)
> > > 
> > > diff --git a/docs/specs/tpm.txt b/docs/specs/tpm.txt
> > > index d1d7157..c230c4c 100644
> > > --- a/docs/specs/tpm.txt
> > > +++ b/docs/specs/tpm.txt
> > > @@ -200,3 +200,109 @@ crw---. 1 root root 10, 224 Jul 11 10:11 
> > > /dev/tpm0
> > >   PCR-00: 35 4E 3B CE 23 9F 38 59 ...
> > >   ...
> > >   PCR-23: 00 00 00 00 00 00 00 00 ...
> > > +
> > > +
> > > +=== Migration with the TPM emulator ===
> > > +
> > > +The TPM emulator supports the following types of virtual machine 
> > > migration:
> > > +
> > > +- VM save / restore (migration into a file)
> > > +- Network migration
> > > +- Snapshotting (migration into storage like QoW2 or QED)
> > > +
> > > +The following command sequences can be used to test VM save / restore.
> > > +
> > > +
> > > +In a 1st terminal start an instance of a swtpm using the following 
> > > command:
> > > +
> > > +mkdir /tmp/mytpm1
> > > +swtpm socket --tpmstate dir=/tmp/mytpm1 \
> > > +  --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
> > > +  --log level=20 --tpm2
> > > +
> > > +In a 2nd terminal start the VM:
> > > +
> > > +qemu-system-x86_64 -display sdl -enable-kvm \
> > > +  -m 1024 -boot d -bios bios-256k.bin -boot menu=on \
> > > +  -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
> > > +  -tpmdev emulator,id=tpm0,chardev=chrtpm \
> > > +  -device tpm-tis,tpmdev=tpm0 \
> > > +  -monitor stdio \
> > > +  test.img
> > > +
> > > +Verify that the attached TPM is working as expected using applications 
> > > inside
> > > +the VM.
> > > +
> > > +To store the state of the VM use the following command in the QEMU 
> > > monitor in
> > > +the 2nd terminal:
> > > +
> > > +(qemu) migrate "exec:cat > testvm.bin"
> > > +(qemu) quit
> > > +
> > > +At this point a file called 'testvm.bin' should exists and the swtpm and 
> > > QEMU
> > > +processes should have ended.
> > > +
> > > +To test 'VM restore' you have to start the swtpm with the same parameters
> > > +as before. If previously a TPM 2 [--tpm2] was saved, --tpm2 must now be
> > > +passed again on the command line.
> > > +
> > > +In the 1st terminal restart the swtpm with the same command line as 
> > > before:
> > > +
> > > +swtpm socket --tpmstate dir=/tmp/mytpm1 \
> > > +  --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
> > > +  --log level=20 --tpm2
> > > +
> > > +In the 2nd terminal restore the state of the VM using the additonal
> > > +'-incoming' option.
> > > +
> > > +qemu-system-x86_64 -display sdl -enable-kvm \
> > > +  -m 1024 -boot d -bios bios-256k.bin -boot menu=on \
> > > +  -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
> > > +  -tpmdev emulator,id=tpm0,chardev=chrtpm \
> > > +  -device tpm-tis,tpmdev=tpm0 \
> > > +  -incoming "exec:cat < testvm.bin" \
> > > +  test.img
> > > +
> > > +
> > > +Troubleshooting migration:
> > > +
> > > +There are several reasons why migration may fail. In case of problems,
> > > +please ensure that the command lines adhere to the following rules and,
> > > +if possible, that identical versions of QEMU and swtpm are used at all
> > > +times.
> > > +
> > > +VM save and restore:
> > > + - QEMU command line parameters should be identical apart from the
> > > +   '-incoming' option on VM restore
> > > + - swtpm command line parameters should be identical
> > > +
> > > +VM migration to 'localhost':
> > > + - QEMU command line parameters should be identical apart from the
> > > +   '-incoming' option on the destination side
> > > + - swtpm command line parameters should point to two different
> > > +   directories on the source and destination swtpm (--tpmstate dir=...)
> > > +   (especially if different versions of libtpms were to be used on the
> > > +   same machine).
> > > +
> > > +VM migration across the network:
> > > + - QEMU command line parameters should be identical apart from the
> > > +   '-incoming' option on the destination side
> > > + - swtpm command line parameters should be identical
> > > +
> > > +VM Snapshotting:
> > > + - QEMU command line parameters should be identical
> > Well, they don't actually need to be identical; they just need to be
> > identically configured as far as the state goes.  For example all the
> > paths to storage can be completely different on the two QEMUs.
> 
> There is some leeway here in the parameters. For troubleshooting purposes it
> may be the easiest to keep parameters the same 

Re: [Qemu-devel] [RFC PATCH 0/5] atapi: change unlimited recursion to while loop

[John Snow]

On 02/23/2018 10:26 AM, Paolo Bonzini wrote:
> Real hardware doesn't have an unlimited stack, so the unlimited
> recursion in the ATAPI code smells a bit.  In fact, the call to
> ide_transfer_start easily becomes a tail call with a small change
> to the code (patch 4).  The remaining four patches move code around
> so as to the turn the call back to ide_atapi_cmd_reply_end into
> another tail call, and then convert the (double) tail recursion into
> a while loop.
> 
> I'm not sure how this can be tested, apart from adding a READ CD
> test to ahci-test (which I don't really have time for now, hence
> the RFC tag).  The existing AHCI tests still pass, so patches 1-3
> aren't complete crap.
> 
> Paolo
> 
> Paolo Bonzini (5):
>   ide: push call to end_transfer_func out of start_transfer callback
>   ide: push end_transfer callback to ide_transfer_halt
>   ide: make ide_transfer_stop idempotent
>   atapi: call ide_set_irq before ide_transfer_start
>   ide: introduce ide_transfer_start_norecurse
> 
>  hw/ide/ahci.c | 12 +++-
>  hw/ide/atapi.c| 37 -
>  hw/ide/core.c | 37 +++--
>  include/hw/ide/internal.h |  3 +++
>  4 files changed, 53 insertions(+), 36 deletions(-)
> 

LGTM; only comments wound up being naming.

--js

Re: [Qemu-devel] [PATCH v3] RISC-V: Fix riscv_isa_string memory size bug

[Palmer Dabbelt]

On Thu, 22 Mar 2018 15:17:16 PDT (-0700), d...@redhat.com wrote:

"Richard W.M. Jones"  writes:

DJ, am I remembering correctly that you tried the test case on the
HiFive evaluation board and it didn't demonstrate the bug?


I tested it on the vc707 board, without seeing the bug.


FWIW, the cores in the bitstream for the vc707 are almost identical to the
FU540-C000.


I can test other test cases if needed, I've got the board running Fedora
at the moment.


Thanks!

Re: [Qemu-devel] [PATCH for-2.12 2/2] i386/hyperv: error out if features requested but unsupported

[Eduardo Habkost]

On Fri, Mar 23, 2018 at 03:58:08PM +0300, Roman Kagan wrote:
> In order to guarantee compatibility on migration, QEMU should have
> complete control over the features it announces to the guest via CPUID.
> 
> However, for a number of Hyper-V-related cpu properties, if the
> corresponding feature is not supported by the underlying KVM, the
> propery is silently ignored and the feature is not announced to the
> guest.
> 
> Refuse to start with an error instead.
> 
> Cc: qemu-sta...@nongnu.org
> Signed-off-by: Roman Kagan 

I wonder if we should make these just warnings on -stable, and
make them fatal errors only on 2.12.  I wouldn't want to make
existing running VMs not runnable on a stable update.


> ---
>  target/i386/kvm.c | 25 +
>  1 file changed, 21 insertions(+), 4 deletions(-)
> 
> diff --git a/target/i386/kvm.c b/target/i386/kvm.c
> index fb20ff18c2..c9c359241c 100644
> --- a/target/i386/kvm.c
> +++ b/target/i386/kvm.c
> @@ -658,17 +658,34 @@ static int hyperv_handle_properties(CPUState *cs)
>  env->features[FEAT_HYPERV_EAX] |= HV_ACCESS_FREQUENCY_MSRS;
>  env->features[FEAT_HYPERV_EDX] |= HV_FREQUENCY_MSRS_AVAILABLE;
>  }
> -if (cpu->hyperv_crash && has_msr_hv_crash) {
> +if (cpu->hyperv_crash) {
> +if (!has_msr_hv_crash) {
> +fprintf(stderr,
> +"Hyper-V crash MSRs are not supported by kernel\n");

I would mention the corresponding "hv-..." -cpu option
explicitly, for clarity.

> +return -ENOSYS;
> +}
>  env->features[FEAT_HYPERV_EDX] |= HV_GUEST_CRASH_MSR_AVAILABLE;
>  }
>  env->features[FEAT_HYPERV_EDX] |= HV_CPU_DYNAMIC_PARTITIONING_AVAILABLE;
> -if (cpu->hyperv_reset && has_msr_hv_reset) {
> +if (cpu->hyperv_reset) {
> +   if (!has_msr_hv_reset) {
> +fprintf(stderr, "Hyper-V reset MSR is not supported by 
> kernel\n");
> +return -ENOSYS;
> +}
>  env->features[FEAT_HYPERV_EAX] |= HV_RESET_AVAILABLE;
>  }
> -if (cpu->hyperv_vpindex && has_msr_hv_vpindex) {
> +if (cpu->hyperv_vpindex) {
> +if (!has_msr_hv_vpindex) {
> +fprintf(stderr, "Hyper-V VP_INDEX is not supported by kernel\n");
> +return -ENOSYS;
> +}
>  env->features[FEAT_HYPERV_EAX] |= HV_VP_INDEX_AVAILABLE;
>  }
> -if (cpu->hyperv_runtime && has_msr_hv_runtime) {
> +if (cpu->hyperv_runtime) {
> +if (!has_msr_hv_runtime) {
> +fprintf(stderr, "Hyper-V VP_INDEX is not supported by kernel\n");
> +return -ENOSYS;
> +}
>  env->features[FEAT_HYPERV_EAX] |= HV_VP_RUNTIME_AVAILABLE;
>  }
>  if (cpu->hyperv_synic) {
> -- 
> 2.14.3
> 

-- 
Eduardo

Re: [Qemu-devel] [PATCH v3 2/2] i386/kvm: lower requirements for Hyper-V frequency MSRs exposure

[Eduardo Habkost]

On Fri, Mar 23, 2018 at 12:45:30PM +0300, Roman Kagan wrote:
> On Thu, Mar 22, 2018 at 03:38:13PM -0300, Eduardo Habkost wrote:
> > On Thu, Mar 22, 2018 at 04:58:03PM +0300, Roman Kagan wrote:
> > > On Thu, Mar 22, 2018 at 10:22:18AM -0300, Eduardo Habkost wrote:
> > > > On Thu, Mar 22, 2018 at 04:00:14PM +0300, Roman Kagan wrote:
> > > > > On Wed, Mar 21, 2018 at 05:19:24PM -0300, Eduardo Habkost wrote:
> > > > > > On Wed, Mar 21, 2018 at 07:57:29PM +0300, Roman Kagan wrote:
> > > > > > > On Wed, Mar 21, 2018 at 02:18:54PM +0100, Vitaly Kuznetsov wrote:
> > > > > > > > Roman Kagan  writes:
> > > > > > > > 
> > > > > > > > > On Tue, Mar 20, 2018 at 06:35:00PM +0100, Vitaly Kuznetsov 
> > > > > > > > > wrote:
> > > > > > > > >> Requiring tsc_is_stable_and_known() is too restrictive: even 
> > > > > > > > >> without INVTCS
> > > > > > > > >> nested Hyper-V-on-KVM enables TSC pages for its guests e.g. 
> > > > > > > > >> when
> > > > > > > > >> Reenlightenment MSRs are present. Presence of frequency MSRs 
> > > > > > > > >> doesn't mean
> > > > > > > > >> these frequencies are stable, it just means they're 
> > > > > > > > >> available for reading.
> > > > > > > > >> 
> > > > > > > > >> Signed-off-by: Vitaly Kuznetsov 
> > > > > > > > >> ---
> > > > > > > > >>  target/i386/kvm.c | 2 +-
> > > > > > > > >>  1 file changed, 1 insertion(+), 1 deletion(-)
> > > > > > > > >> 
> > > > > > > > >> diff --git a/target/i386/kvm.c b/target/i386/kvm.c
> > > > > > > > >> index 7d9f9ca0b1..74fc3d3b2c 100644
> > > > > > > > >> --- a/target/i386/kvm.c
> > > > > > > > >> +++ b/target/i386/kvm.c
> > > > > > > > >> @@ -651,7 +651,7 @@ static int 
> > > > > > > > >> hyperv_handle_properties(CPUState *cs)
> > > > > > > > >>  env->features[FEAT_HYPERV_EAX] |= 
> > > > > > > > >> HV_TIME_REF_COUNT_AVAILABLE;
> > > > > > > > >>  env->features[FEAT_HYPERV_EAX] |= 
> > > > > > > > >> HV_REFERENCE_TSC_AVAILABLE;
> > > > > > > > >>  
> > > > > > > > >> -if (has_msr_hv_frequencies && 
> > > > > > > > >> tsc_is_stable_and_known(env)) {
> > > > > > > > >> +if (has_msr_hv_frequencies && env->tsc_khz) {
> > > > > > > > >>  env->features[FEAT_HYPERV_EAX] |= 
> > > > > > > > >> HV_ACCESS_FREQUENCY_MSRS;
> > > > > > > > >>  env->features[FEAT_HYPERV_EDX] |= 
> > > > > > > > >> HV_FREQUENCY_MSRS_AVAILABLE;
> > > > > > > > >>  }
> > > > > > > > >
> > > > > > > > > I suggest that we add a corresponding cpu property here, too. 
> > > > > > > > >  The guest
> > > > > > > > > may legitimately rely on these msrs when it sees the support 
> > > > > > > > > in CPUID,
> > > > > > > > > and migrating from a kernel with the feature supported 
> > > > > > > > > (4.14+) to an
> > > > > > > > > older one will make it crash.
> > > > > > > > >
> > > > > > > > 
> > > > > > > > This can be arranged, but what happens to people who use these 
> > > > > > > > features
> > > > > > > > today? Assuming they also passed 'invtsc' they have stable TSC 
> > > > > > > > page
> > > > > > > > clocksource already (when Hyper-V role is enabled) but when we 
> > > > > > > > start
> > > > > > > > requesting a new 'hv_frequency' cpu property they'll suddenly 
> > > > > > > > lose what
> > > > > > > > they have...
> > > > > > > 
> > > > > > > I see two cases here:
> > > > > > > 
> > > > > > > 1) people start a new VM, and discover that their old 
> > > > > > > configuration is
> > > > > > >not enough for this feature to work.
> > > > > > > 
> > > > > > >They need to reconfigure and restart the VM.  This costs them 
> > > > > > > some
> > > > > > >time investigating and restarting, but not data.
> > > > > > 
> > > > > > If we keep machine-type compatibility, people will need to do
> > > > > > that only if they change the machine-type (or use the "pc" or
> > > > > > "q35" aliases).  If they copy the old configuration, it will keep
> > > > > > working.
> > > > > 
> > > > > The problem is that the feature is not fixed by the machine-type, due 
> > > > > to
> > > > > the forgotten property: it only depends on the KVM version.  So, once
> > > > > (if) we add the property and make the feature deterministic, we'll 
> > > > > lose
> > > > > compatibility one way or another.
> > > > > 
> > > > > Or are you suggesting that for pre-2.12 machine types we leave the
> > > > > property at "decided by your KVM" state?
> > > > 
> > > > Yes, that's what I mean.  This looks like the only way to avoid
> > > > losing features by just cold-rebooting an existing VM.
> > > > 
> > > > The scenario I'm thinking is this:
> > > > 
> > > > 1) pc-2.11 VM started on host running QEMU 2.11
> > > > 2) VM migrated to a host containing this patch
> > > > 3) 1 year later, the VM is shut down and booted again.
> > > > 4) Things stop working inside the VM because hv-frequency is
> > > >unexpectedly gone.
> > > > 
> > > > Machine-type compatibility code would avoid (4).
> > > 
> > > Right, but (4) 

Re: [Qemu-devel] [PATCH for-2.12 1/2] i386/hyperv: add hv-frequencies cpu property

[Eduardo Habkost]

On Fri, Mar 23, 2018 at 03:58:07PM +0300, Roman Kagan wrote:
> In order to guarantee compatibility on migration, QEMU should have
> complete control over the features it announces to the guest via CPUID.
> 
> However, the declared availability of Hyper-V frequency MSRs
> (HV_X64_MSR_TSC_FREQUENCY and HV_X64_MSR_APIC_FREQUENCY) depends solely
> on the support for them in the underlying KVM.

So this problem was introduced fairly recently (in v2.11).  This
makes the decision to break compatibility of (some[1]) existing
configurations that didn't specify "hv-frequency" a bit easier.

> Introduce "hv-frequencies" cpu property (off by default) which gives
> QEMU full control over whether these MSRs are announced.
> 

So, as we have two possible results when running QEMU-2.11, we
need to make a guess and choose which half of our users will be
affected:

a) People running "-machine pc-2.11 -cpu ...,+hv-time" on Linux 4.14+
   (including commit 72c139bacfa3), that have hv-frequencies
   enabled automatically.
b) People running "-machine pc-2.11 -cpu ...,+hv-time" on Linux
   4.13 and older (without commit 72c139bacfa3), that have
   hv-frequencies disabled.

If we set hv-frequencies=off by default on pc-2.11 (this patch),
we will inconvenience group (a).  The consequence for them is
having hv-frequencies disabled suddenly on CPUID after updating
QEMU.  The MSRs will still be available to the guest, however (so
the guest won't crash), and they can add hv-frequencies=on to
their configuration manually.

If we set hv-frequencies=on by default on pc-2.11, we will
inconvenience group (b).  The consequence for them is having the
VM not being runnable anymore until they change the machine-type
or add hv-frequencies=off to their configuration.

So it looks like this patch is the safest solution, but I will
get back to the "[PATCH v3 2/2] i386/kvm: lower requirements for
Hyper-V frequency MSRs exposure" thread to be sure we are not
missing anything.


> While at this, drop the redundant check of the cpu tsc frequency, and
> decouple this feature from hv-time.
> 
> Cc: qemu-sta...@nongnu.org
> Signed-off-by: Roman Kagan 
> ---
> Note: this patch introduces a new cpu property, which is not what we
> normally do in stable branches.  However, this appears to be the minimal
> effort/churn approach to reduce the number of published QEMU releases
> where the behavior of the feature is unpredictable, with potentially
> fatal consequences for the guest.
> 
>  target/i386/cpu.h |  1 +
>  target/i386/cpu.c |  1 +
>  target/i386/kvm.c | 12 
>  3 files changed, 10 insertions(+), 4 deletions(-)
> 
> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
> index 78db1b833a..1b219fafc4 100644
> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -1296,6 +1296,7 @@ struct X86CPU {
>  bool hyperv_runtime;
>  bool hyperv_synic;
>  bool hyperv_stimer;
> +bool hyperv_frequencies;
>  bool check_cpuid;
>  bool enforce_cpuid;
>  bool expose_kvm;
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 555ae79d29..1a6b082b6f 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -4761,6 +4761,7 @@ static Property x86_cpu_properties[] = {
>  DEFINE_PROP_BOOL("hv-runtime", X86CPU, hyperv_runtime, false),
>  DEFINE_PROP_BOOL("hv-synic", X86CPU, hyperv_synic, false),
>  DEFINE_PROP_BOOL("hv-stimer", X86CPU, hyperv_stimer, false),
> +DEFINE_PROP_BOOL("hv-frequencies", X86CPU, hyperv_frequencies, false),
>  DEFINE_PROP_BOOL("check", X86CPU, check_cpuid, true),
>  DEFINE_PROP_BOOL("enforce", X86CPU, enforce_cpuid, false),
>  DEFINE_PROP_BOOL("kvm", X86CPU, expose_kvm, true),
> diff --git a/target/i386/kvm.c b/target/i386/kvm.c
> index d23fff12f5..fb20ff18c2 100644
> --- a/target/i386/kvm.c
> +++ b/target/i386/kvm.c
> @@ -648,11 +648,15 @@ static int hyperv_handle_properties(CPUState *cs)
>  env->features[FEAT_HYPERV_EAX] |= HV_HYPERCALL_AVAILABLE;
>  env->features[FEAT_HYPERV_EAX] |= HV_TIME_REF_COUNT_AVAILABLE;
>  env->features[FEAT_HYPERV_EAX] |= HV_REFERENCE_TSC_AVAILABLE;
> -
> -if (has_msr_hv_frequencies && tsc_is_stable_and_known(env)) {
> -env->features[FEAT_HYPERV_EAX] |= HV_ACCESS_FREQUENCY_MSRS;
> -env->features[FEAT_HYPERV_EDX] |= HV_FREQUENCY_MSRS_AVAILABLE;
> +}
> +if (cpu->hyperv_frequencies) {
> +if (!has_msr_hv_frequencies) {
> +fprintf(stderr,
> +"Hyper-V frequency MSRs are not supported by kernel\n");
> +return -ENOSYS;
>  }
> +env->features[FEAT_HYPERV_EAX] |= HV_ACCESS_FREQUENCY_MSRS;
> +env->features[FEAT_HYPERV_EDX] |= HV_FREQUENCY_MSRS_AVAILABLE;
>  }
>  if (cpu->hyperv_crash && has_msr_hv_crash) {
>  env->features[FEAT_HYPERV_EDX] |= HV_GUEST_CRASH_MSR_AVAILABLE;
> -- 
> 2.14.3
> 

-- 
Eduardo

[Qemu-devel] [Bug 1673976] Re: linux-user clone() can't handle glibc posix_spawn() (causes locale-gen to assert)

[Peter Maydell]

> Actually, you only need the parent to get the status from the child,
which can be passed in other way than through common memory.

Certainly, it *can* be, but the glibc code we're trying to run in the
guest here doesn't do it in some other way, it uses common memory.
Having QEMU effectively pause the parent process until the child has
done its execve is certainly possible along the lines you suggest. But
that is only half the requirement -- the parent also has to be able to
see in its memory space the updates to the status variable that the
child has made.

If you're willing to change the guest code the problem is easy (for
instance you could just go back to the old glibc approach). But we need
to run the code as it stands.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1673976

Title:
  linux-user clone() can't handle glibc posix_spawn() (causes locale-gen
  to assert)

Status in QEMU:
  New

Bug description:
  I'm running a command (locale-gen) inside of an armv7h chroot mounted
  on my x86_64 desktop by putting qemu-arm-static into /usr/bin/ of the
  chroot file system and I get a core dump.

  locale-gen
  Generating locales...
    en_US.UTF-8...localedef: ../sysdeps/unix/sysv/linux/spawni.c:360: 
__spawnix: Assertion `ec >= 0' failed.
  qemu: uncaught target signal 6 (Aborted) - core dumped
  /usr/bin/locale-gen: line 41:34 Aborted (core dumped) 
localedef -i $input -c -f $charset -A /usr/share/locale/locale.alias $locale

  I've done this same thing successfully for years, but this breakage
  has appeared some time in the last 3 or so months. Possibly with the
  update to qemu version 2.8.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1673976/+subscriptions

Re: [Qemu-devel] [Qemu-ppc] [PATCH v2 3/5] error: Remove NULL checks on error_propagate() calls

[Thomas Huth]

On 23.03.2018 15:32, Laurent Vivier wrote:
> Re-run Coccinelle patch
> scripts/coccinelle/error_propagate_null.cocci
> 
> Signed-off-by: Laurent Vivier 
> ---
>  io/channel-websock.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/io/channel-websock.c b/io/channel-websock.c
> index ec48a305f0..e6608b969d 100644
> --- a/io/channel-websock.c
> +++ b/io/channel-websock.c
> @@ -586,9 +586,7 @@ static gboolean 
> qio_channel_websock_handshake_io(QIOChannel *ioc,
>  return TRUE;
>  }
>  
> -if (err) {
> -error_propagate(>io_err, err);
> -}
> +error_propagate(>io_err, err);
>  
>  trace_qio_channel_websock_handshake_reply(ioc);
>  qio_channel_add_watch(

Reviewed-by: Thomas Huth 

[Qemu-devel] [Bug 1673976] Re: linux-user clone() can't handle glibc posix_spawn() (causes locale-gen to assert)

[Éric Hoffman]

Hello

Sorry for the delay...

Actually, you only need the parent to get the status from the child,
which can be passed in other way than through common memory.

The idea is to use pipefd to actually wait for the child to either
terminate or successfully call execve.  As follow:


When the TARGET_NR_clone syscall is trapped, you do:
- Call do_fork(), as currently done
- In do_fork(), at the beginning, if CLONE_VFORK flag is set, keep track of it 
(i.e. do not clear the flag, just clear the CLONE_VM, as currently done, to do 
a normal fork, i.e. the child have it's own copy of the memory segments).
- Just before the call to fork(), create a pipefd.
- The parent branch and then (if CLONE_VFORK is set) close the write end of the 
pipe (it's own copy), and start looping (could be indefinitely, but preferably 
some sort of timeout logic could be set) on the read fd, waiting continuously 
for status updates from the child.
- The child branch close the read-end of the pipe (it's own forked copy), set 
the write-end fd flag FD_CLOEXEC (with fnctl()), and put the write fd into it's 
QEMU state variables (parent vfork fd).
- The child then move on.

When the TARGET_NR_execve syscall is trapped (this is in child context), you do:
- Do everything as currently done, up to just before the safe_execve() call.
- Just before the call to safe_execve(), check if the QEMU state variable 
(parent vfork fd) is defined.  If so, tell the the parent (through the pipe), 
that we are good so far, and about to call execve().  Note that the parent just 
update the child status, but keep looping endlessly.
- Call the execve().
- If the above call return, an error occurred.  If this occur, check if the 
QEMU state variable (parent vfork fd) is defined.  If so, tell whatever error 
status you got to the parent (through the pipe).  The parent update it's child 
status, but again, continue to loop endlessly.
- Continue normally.

That's pretty much the bulk of the work done!  What will happen:
- Either the child will eventually call execve, which will succeed, at which 
point the write end of the pipe will be closed (because we set the pipe to 
close on execve, with the FD_CLOEXEC flag).
- The child could be playing on us, and try to re-call execve() multiple times 
(possibly with different arguments, executables path, etc.), but every time, 
the parent will just receive status update through the pipe.  And eventually, 
the above case will occur (success), and pipe will be closed.
- The child call _exit(), which will close the pipe again.
- The child get some horrible signal, get killed, or whatever else...  Pipe 
still get closed.

The parent, on it's side, just update the status endlessly, UNTIL the
other end of the pipe get closed.  At this point, the read() of the pipe
will get a 'broken pipe' error.  This signal the parent to move on, and
return whatever status the child last provided.

Note that this status could initially be set to an error state (in case
the child die or call _exit() before calling execve()).

The only thing that could make the parent hang is if the child hang (and
never call execve() or _exit() or die...).  But the beauty is that this
is perfectly fine, because that is exactly the required behavior when
CLONE_VFORK flag is set (parent wait for the child).


This is a lot of description, but should be relatively easy and straightforward 
to implement.  Could this work?

There are a few examples similar to this on the Web, using pipefd, fork
and execve, for different applications.  Here, we just pass the status.

Regards,
Eric

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1673976

Title:
  linux-user clone() can't handle glibc posix_spawn() (causes locale-gen
  to assert)

Status in QEMU:
  New

Bug description:
  I'm running a command (locale-gen) inside of an armv7h chroot mounted
  on my x86_64 desktop by putting qemu-arm-static into /usr/bin/ of the
  chroot file system and I get a core dump.

  locale-gen
  Generating locales...
    en_US.UTF-8...localedef: ../sysdeps/unix/sysv/linux/spawni.c:360: 
__spawnix: Assertion `ec >= 0' failed.
  qemu: uncaught target signal 6 (Aborted) - core dumped
  /usr/bin/locale-gen: line 41:34 Aborted (core dumped) 
localedef -i $input -c -f $charset -A /usr/share/locale/locale.alias $locale

  I've done this same thing successfully for years, but this breakage
  has appeared some time in the last 3 or so months. Possibly with the
  update to qemu version 2.8.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1673976/+subscriptions

[Qemu-devel] [PULL 10/10] target/arm: Always set FAR to a known unknown value for debug exceptions

[Peter Maydell]

For debug exceptions due to breakpoints or the BKPT instruction which
are taken to AArch32, the Fault Address Register is architecturally
UNKNOWN.  We were using that as license to simply not set
env->exception.vaddress, but this isn't correct, because it will
expose to the guest whatever old value was in that field when
arm_cpu_do_interrupt_aarch32() writes it to the guest IFSR.  That old
value might be a FAR for a previous guest EL2 or secure exception, in
which case we shouldn't show it to an EL1 or non-secure exception
handler. It might also be a non-deterministic value, which is bad
for record-and-replay.

Clear env->exception.vaddress before taking breakpoint debug
exceptions, to avoid this minor information leak.

Signed-off-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180320134114.30418-5-peter.mayd...@linaro.org
---
 target/arm/op_helper.c | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 8e1e521193..a266cc0116 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -490,6 +490,11 @@ void HELPER(exception_bkpt_insn)(CPUARMState *env, 
uint32_t syndrome)
 {
 /* FSR will only be used if the debug target EL is AArch32. */
 env->exception.fsr = arm_debug_exception_fsr(env);
+/* FAR is UNKNOWN: clear vaddress to avoid potentially exposing
+ * values to the guest that it shouldn't be able to see at its
+ * exception/security level.
+ */
+env->exception.vaddress = 0;
 raise_exception(env, EXCP_BKPT, syndrome, arm_debug_target_el(env));
 }
 
@@ -1353,7 +1358,11 @@ void arm_debug_excp_handler(CPUState *cs)
 }
 
 env->exception.fsr = arm_debug_exception_fsr(env);
-/* FAR is UNKNOWN, so doesn't need setting */
+/* FAR is UNKNOWN: clear vaddress to avoid potentially exposing
+ * values to the guest that it shouldn't be able to see at its
+ * exception/security level.
+ */
+env->exception.vaddress = 0;
 raise_exception(env, EXCP_PREFETCH_ABORT,
 syn_breakpoint(same_el),
 arm_debug_target_el(env));
-- 
2.16.2

[Qemu-devel] [PULL 08/10] target/arm: Factor out code to calculate FSR for debug exceptions

[Peter Maydell]

When a debug exception is taken to AArch32, it appears as a Prefetch
Abort, and the Instruction Fault Status Register (IFSR) must be set.
The IFSR has two possible formats, depending on whether LPAE is in
use. Factor out the code in arm_debug_excp_handler() which picks
an FSR value into its own utility function, update it to use
arm_fi_to_lfsc() and arm_fi_to_sfsc() rather than hard-coded constants,
and use the correct condition to select long or short format.

In particular this fixes a bug where we could select the short
format because we're at EL0 and the EL1 translation regime is
not using LPAE, but then route the debug exception to EL2 because
of MDCR_EL2.TDE and hand EL2 the wrong format FSR.

Signed-off-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180320134114.30418-3-peter.mayd...@linaro.org
---
 target/arm/internals.h | 25 +
 target/arm/op_helper.c | 12 ++--
 2 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index 47cc224a46..8ce944b7a0 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -763,4 +763,29 @@ static inline bool regime_is_secure(CPUARMState *env, 
ARMMMUIdx mmu_idx)
 }
 }
 
+/* Return the FSR value for a debug exception (watchpoint, hardware
+ * breakpoint or BKPT insn) targeting the specified exception level.
+ */
+static inline uint32_t arm_debug_exception_fsr(CPUARMState *env)
+{
+ARMMMUFaultInfo fi = { .type = ARMFault_Debug };
+int target_el = arm_debug_target_el(env);
+bool using_lpae = false;
+
+if (target_el == 2 || arm_el_is_aa64(env, target_el)) {
+using_lpae = true;
+} else {
+if (arm_feature(env, ARM_FEATURE_LPAE) &&
+(env->cp15.tcr_el[target_el].raw_tcr & TTBCR_EAE)) {
+using_lpae = true;
+}
+}
+
+if (using_lpae) {
+return arm_fi_to_lfsc();
+} else {
+return arm_fi_to_sfsc();
+}
+}
+
 #endif
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 4b123d2bd6..75efff9edf 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -1330,11 +1330,7 @@ void arm_debug_excp_handler(CPUState *cs)
 
 cs->watchpoint_hit = NULL;
 
-if (extended_addresses_enabled(env)) {
-env->exception.fsr = (1 << 9) | 0x22;
-} else {
-env->exception.fsr = 0x2;
-}
+env->exception.fsr = arm_debug_exception_fsr(env);
 env->exception.vaddress = wp_hit->hitaddr;
 raise_exception(env, EXCP_DATA_ABORT,
 syn_watchpoint(same_el, 0, wnr),
@@ -1354,11 +1350,7 @@ void arm_debug_excp_handler(CPUState *cs)
 return;
 }
 
-if (extended_addresses_enabled(env)) {
-env->exception.fsr = (1 << 9) | 0x22;
-} else {
-env->exception.fsr = 0x2;
-}
+env->exception.fsr = arm_debug_exception_fsr(env);
 /* FAR is UNKNOWN, so doesn't need setting */
 raise_exception(env, EXCP_PREFETCH_ABORT,
 syn_breakpoint(same_el),
-- 
2.16.2

[Qemu-devel] [PULL 07/10] target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK

[Peter Maydell]

The MDCR_EL2.TDE bit allows the exception level targeted by debug
exceptions to be set to EL2 for code executing at EL0.  We handle
this in the arm_debug_target_el() function, but this is only used for
hardware breakpoint and watchpoint exceptions, not for the exception
generated when the guest executes an AArch32 BKPT or AArch64 BRK
instruction.  We don't have enough information for a translate-time
equivalent of arm_debug_target_el(), so instead make BKPT and BRK
call a special purpose helper which can do the routing, rather than
the generic exception_with_syndrome helper.

Signed-off-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180320134114.30418-2-peter.mayd...@linaro.org
---
 target/arm/helper.h|  1 +
 target/arm/op_helper.c |  8 
 target/arm/translate-a64.c | 15 +--
 target/arm/translate.c | 19 ++-
 4 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 0d2094f2be..34e8cc8904 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -47,6 +47,7 @@ DEF_HELPER_FLAGS_3(sel_flags, TCG_CALL_NO_RWG_SE,
i32, i32, i32, i32)
 DEF_HELPER_2(exception_internal, void, env, i32)
 DEF_HELPER_4(exception_with_syndrome, void, env, i32, i32, i32)
+DEF_HELPER_2(exception_bkpt_insn, void, env, i32)
 DEF_HELPER_1(setend, void, env)
 DEF_HELPER_2(wfi, void, env, i32)
 DEF_HELPER_1(wfe, void, env)
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 7a88fd2c92..4b123d2bd6 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -483,6 +483,14 @@ void HELPER(exception_with_syndrome)(CPUARMState *env, 
uint32_t excp,
 raise_exception(env, excp, syndrome, target_el);
 }
 
+/* Raise an EXCP_BKPT with the specified syndrome register value,
+ * targeting the correct exception level for debug exceptions.
+ */
+void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome)
+{
+raise_exception(env, EXCP_BKPT, syndrome, arm_debug_target_el(env));
+}
+
 uint32_t HELPER(cpsr_read)(CPUARMState *env)
 {
 return cpsr_read(env) & ~(CPSR_EXEC | CPSR_RESERVED);
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 327513ef40..c91329249d 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -321,6 +321,18 @@ static void gen_exception_insn(DisasContext *s, int 
offset, int excp,
 s->base.is_jmp = DISAS_NORETURN;
 }
 
+static void gen_exception_bkpt_insn(DisasContext *s, int offset,
+uint32_t syndrome)
+{
+TCGv_i32 tcg_syn;
+
+gen_a64_set_pc_im(s->pc - offset);
+tcg_syn = tcg_const_i32(syndrome);
+gen_helper_exception_bkpt_insn(cpu_env, tcg_syn);
+tcg_temp_free_i32(tcg_syn);
+s->base.is_jmp = DISAS_NORETURN;
+}
+
 static void gen_ss_advance(DisasContext *s)
 {
 /* If the singlestep state is Active-not-pending, advance to
@@ -1839,8 +1851,7 @@ static void disas_exc(DisasContext *s, uint32_t insn)
 break;
 }
 /* BRK */
-gen_exception_insn(s, 4, EXCP_BKPT, syn_aa64_bkpt(imm16),
-   default_exception_el(s));
+gen_exception_bkpt_insn(s, 4, syn_aa64_bkpt(imm16));
 break;
 case 2:
 if (op2_ll != 0) {
diff --git a/target/arm/translate.c b/target/arm/translate.c
index ba6ab7d287..fc03b5b8c8 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -1248,6 +1248,18 @@ static void gen_exception_insn(DisasContext *s, int 
offset, int excp,
 s->base.is_jmp = DISAS_NORETURN;
 }
 
+static void gen_exception_bkpt_insn(DisasContext *s, int offset, uint32_t syn)
+{
+TCGv_i32 tcg_syn;
+
+gen_set_condexec(s);
+gen_set_pc_im(s, s->pc - offset);
+tcg_syn = tcg_const_i32(syn);
+gen_helper_exception_bkpt_insn(cpu_env, tcg_syn);
+tcg_temp_free_i32(tcg_syn);
+s->base.is_jmp = DISAS_NORETURN;
+}
+
 /* Force a TB lookup after an instruction that changes the CPU state.  */
 static inline void gen_lookup_tb(DisasContext *s)
 {
@@ -8774,9 +8786,7 @@ static void disas_arm_insn(DisasContext *s, unsigned int 
insn)
 case 1:
 /* bkpt */
 ARCH(5);
-gen_exception_insn(s, 4, EXCP_BKPT,
-   syn_aa32_bkpt(imm16, false),
-   default_exception_el(s));
+gen_exception_bkpt_insn(s, 4, syn_aa32_bkpt(imm16, false));
 break;
 case 2:
 /* Hypervisor call (v7) */
@@ -11983,8 +11993,7 @@ static void disas_thumb_insn(DisasContext *s, uint32_t 
insn)
 {
 int imm8 = extract32(insn, 0, 8);
 ARCH(5);
-gen_exception_insn(s, 2, EXCP_BKPT, syn_aa32_bkpt(imm8, true),
-   default_exception_el(s));
+gen_exception_bkpt_insn(s, 2, syn_aa32_bkpt(imm8, true));

[Qemu-devel] [PULL 09/10] target/arm: Set FSR for BKPT, BRK when raising exception

[Peter Maydell]

Now that we have a helper function specifically for the BRK and
BKPT instructions, we can set the exception.fsr there rather
than in arm_cpu_do_interrupt_aarch32(). This allows us to
use our new arm_debug_exception_fsr() helper.

In particular this fixes a bug where we were hardcoding the
short-form IFSR value, which is wrong if the target exception
level has LPAE enabled.

Fixes: https://bugs.launchpad.net/qemu/+bug/1756927
Signed-off-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180320134114.30418-4-peter.mayd...@linaro.org
---
 target/arm/helper.c| 1 -
 target/arm/op_helper.c | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 09893e3f72..dcb8476d9e 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -7910,7 +7910,6 @@ static void arm_cpu_do_interrupt_aarch32(CPUState *cs)
 offset = 0;
 break;
 case EXCP_BKPT:
-env->exception.fsr = 2;
 /* Fall through to prefetch abort.  */
 case EXCP_PREFETCH_ABORT:
 A32_BANKED_CURRENT_REG_SET(env, ifsr, env->exception.fsr);
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 75efff9edf..8e1e521193 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -488,6 +488,8 @@ void HELPER(exception_with_syndrome)(CPUARMState *env, 
uint32_t excp,
  */
 void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome)
 {
+/* FSR will only be used if the debug target EL is AArch32. */
+env->exception.fsr = arm_debug_exception_fsr(env);
 raise_exception(env, EXCP_BKPT, syndrome, arm_debug_target_el(env));
 }
 
-- 
2.16.2

[Qemu-devel] [PULL 03/10] hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses

[Peter Maydell]

If the GIC has the security extension support enabled, then a
non-secure access to ICC_PMR must take account of the non-secure
view of interrupt priorities, where real priorities 0x00..0x7f
are secure-only and not visible to the non-secure guest, and
priorities 0x80..0xff are shown to the guest as if they were
0x00..0xff. We had the logic here wrong:
 * on reads, the priority is in the secure range if bit 7
   is clear, not if it is set
 * on writes, we want to set bit 7, not mask everything else

Our ICC_RPR read code had the same error as ICC_PMR.

(Compare the GICv3 spec pseudocode functions ICC_RPR_EL1
and ICC_PMR_EL1.)

Fixes: https://bugs.launchpad.net/qemu/+bug/1748434
Signed-off-by: Peter Maydell 
Reviewed-by: Andrew Jones 
Message-id: 20180315133441.24149-1-peter.mayd...@linaro.org
---
 hw/intc/arm_gicv3_cpuif.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index 5cbafaf497..26f5eeda94 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -836,7 +836,7 @@ static uint64_t icc_pmr_read(CPUARMState *env, const 
ARMCPRegInfo *ri)
 /* NS access and Group 0 is inaccessible to NS: return the
  * NS view of the current priority
  */
-if (value & 0x80) {
+if ((value & 0x80) == 0) {
 /* Secure priorities not visible to NS */
 value = 0;
 } else if (value != 0xff) {
@@ -871,7 +871,7 @@ static void icc_pmr_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 /* Current PMR in the secure range, don't allow NS to change it */
 return;
 }
-value = (value >> 1) & 0x80;
+value = (value >> 1) | 0x80;
 }
 cs->icc_pmr_el1 = value;
 gicv3_cpuif_update(cs);
@@ -1609,7 +1609,7 @@ static uint64_t icc_rpr_read(CPUARMState *env, const 
ARMCPRegInfo *ri)
 if (arm_feature(env, ARM_FEATURE_EL3) &&
 !arm_is_secure(env) && (env->cp15.scr_el3 & SCR_FIQ)) {
 /* NS GIC access and Group 0 is inaccessible to NS */
-if (prio & 0x80) {
+if ((prio & 0x80) == 0) {
 /* NS mustn't see priorities in the Secure half of the range */
 prio = 0;
 } else if (prio != 0xff) {
-- 
2.16.2

[Qemu-devel] [PULL 01/10] arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT

[Peter Maydell]

From: Victor Kamensky 

In OE project 4.15 linux kernel boot hang was observed under
single cpu aarch64 qemu. Kernel code was in a loop waiting for
vtimer arrival, spinning in TC generated blocks, while interrupt
was pending unprocessed. This happened because when qemu tried to
handle vtimer interrupt target had interrupts disabled, as
result flag indicating TCG exit, cpu->icount_decr.u16.high,
was cleared but arm_cpu_exec_interrupt function did not call
arm_cpu_do_interrupt to process interrupt. Later when target
reenabled interrupts, it happened without exit into main loop, so
following code that waited for result of interrupt execution
run in infinite loop.

To solve the problem instructions that operate on CPU sys state
(i.e enable/disable interrupt), and marked as DISAS_UPDATE,
should be considered as DISAS_EXIT variant, and should be
forced to exit back to main loop so qemu will have a chance
processing pending CPU state updates, including pending
interrupts.

This change brings consistency with how DISAS_UPDATE is treated
in aarch32 case.

CC: Peter Maydell 
CC: Alex Bennée 
CC: qemu-sta...@nongnu.org
Suggested-by: Peter Maydell 
Signed-off-by: Victor Kamensky 
Reviewed-by: Richard Henderson 
Message-id: 1521526368-1996-1-git-send-email-kamen...@cisco.com
Signed-off-by: Peter Maydell 
---
 target/arm/translate-a64.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 31ff0479e6..327513ef40 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -13378,12 +13378,12 @@ static void aarch64_tr_tb_stop(DisasContextBase 
*dcbase, CPUState *cpu)
 case DISAS_UPDATE:
 gen_a64_set_pc_im(dc->pc);
 /* fall through */
-case DISAS_JUMP:
-tcg_gen_lookup_and_goto_ptr();
-break;
 case DISAS_EXIT:
 tcg_gen_exit_tb(0);
 break;
+case DISAS_JUMP:
+tcg_gen_lookup_and_goto_ptr();
+break;
 case DISAS_NORETURN:
 case DISAS_SWI:
 break;
-- 
2.16.2

[Qemu-devel] [PULL 05/10] i.MX: Support serial RS-232 break properly

[Peter Maydell]

From: Trent Piepho 

Linux does not detect a break from this IMX serial driver as a magic
sysrq.  Nor does it note a break in the port error counts.

The former is because the Linux driver uses the BRCD bit in the USR2
register to trigger the RS-232 break handler in the kernel, which is
where sysrq hooks in.  The emulated UART was not setting this status
bit.

The latter is because the Linux driver expects, in addition to the BRK
bit, that the ERR bit is set when a break is read in the FIFO.  A break
should also count as a frame error, so add that bit too.

Cc: Andrey Smirnov 
Signed-off-by: Trent Piepho 
Message-id: 20180320013657.25038-1-tpie...@impinj.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 include/hw/char/imx_serial.h | 1 +
 hw/char/imx_serial.c | 5 -
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/include/hw/char/imx_serial.h b/include/hw/char/imx_serial.h
index 5b99cee7cf..ee80da12e6 100644
--- a/include/hw/char/imx_serial.h
+++ b/include/hw/char/imx_serial.h
@@ -26,6 +26,7 @@
 
 #define URXD_CHARRDY(1<<15)   /* character read is valid */
 #define URXD_ERR(1<<14)   /* Character has error */
+#define URXD_FRMERR (1<<12)   /* Character has frame error */
 #define URXD_BRK(1<<11)   /* Break received */
 
 #define USR1_PARTYER(1<<15)   /* Parity Error */
diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
index 1e5540472b..0747db9f2b 100644
--- a/hw/char/imx_serial.c
+++ b/hw/char/imx_serial.c
@@ -308,6 +308,9 @@ static void imx_put_data(void *opaque, uint32_t value)
 s->usr2 |= USR2_RDR;
 s->uts1 &= ~UTS1_RXEMPTY;
 s->readbuff = value;
+if (value & URXD_BRK) {
+s->usr2 |= USR2_BRCD;
+}
 imx_update(s);
 }
 
@@ -319,7 +322,7 @@ static void imx_receive(void *opaque, const uint8_t *buf, 
int size)
 static void imx_event(void *opaque, int event)
 {
 if (event == CHR_EVENT_BREAK) {
-imx_put_data(opaque, URXD_BRK);
+imx_put_data(opaque, URXD_BRK | URXD_FRMERR | URXD_ERR);
 }
 }
 
-- 
2.16.2

[Qemu-devel] [PULL 06/10] mach-virt: Set VM's SMBIOS system version to mc->name

[Peter Maydell]

From: Wei Huang 

Instead of using "1.0" as the system version of SMBIOS, we should use
mc->name for mach-virt machine type to be consistent other architectures.
With this patch, "dmidecode -t 1" (e.g., "-M virt-2.12,accel=kvm") will
show:

Handle 0x0100, DMI type 1, 27 bytes
System Information
Manufacturer: QEMU
Product Name: KVM Virtual Machine
Version: virt-2.12
Serial Number: Not Specified
...

instead of:

Handle 0x0100, DMI type 1, 27 bytes
System Information
Manufacturer: QEMU
Product Name: KVM Virtual Machine
Version: 1.0
Serial Number: Not Specified
...

For backward compatibility, we allow older machine types to keep "1.0"
as the default system version.

Signed-off-by: Wei Huang 
Reviewed-by: Andrew Jones 
Message-id: 20180322212318.7182-1-...@redhat.com
Signed-off-by: Peter Maydell 
---
 include/hw/arm/virt.h | 1 +
 hw/arm/virt.c | 8 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index 33b0ff3892..ba0c1a4faa 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -85,6 +85,7 @@ typedef struct {
 bool no_its;
 bool no_pmu;
 bool claim_edge_triggered_timers;
+bool smbios_old_sys_ver;
 } VirtMachineClass;
 
 typedef struct {
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 2c07245047..94dcb125d3 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1132,6 +1132,8 @@ static void *machvirt_dtb(const struct arm_boot_info 
*binfo, int *fdt_size)
 
 static void virt_build_smbios(VirtMachineState *vms)
 {
+MachineClass *mc = MACHINE_GET_CLASS(vms);
+VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(vms);
 uint8_t *smbios_tables, *smbios_anchor;
 size_t smbios_tables_len, smbios_anchor_len;
 const char *product = "QEMU Virtual Machine";
@@ -1145,7 +1147,8 @@ static void virt_build_smbios(VirtMachineState *vms)
 }
 
 smbios_set_defaults("QEMU", product,
-"1.0", false, true, SMBIOS_ENTRY_POINT_30);
+vmc->smbios_old_sys_ver ? "1.0" : mc->name, false,
+true, SMBIOS_ENTRY_POINT_30);
 
 smbios_get_tables(NULL, 0, _tables, _tables_len,
   _anchor, _anchor_len);
@@ -1646,8 +1649,11 @@ static void virt_2_11_instance_init(Object *obj)
 
 static void virt_machine_2_11_options(MachineClass *mc)
 {
+VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc));
+
 virt_machine_2_12_options(mc);
 SET_MACHINE_COMPAT(mc, VIRT_COMPAT_2_11);
+vmc->smbios_old_sys_ver = true;
 }
 DEFINE_VIRT_MACHINE(2, 11)
 
-- 
2.16.2

[Qemu-devel] [PULL 00/10] target-arm queue

[Peter Maydell]

Ten arm-related bug fixes for 2.12...

thanks
-- PMM

The following changes since commit 4c2c1015905fa1d616750dfe024b4c0b35875950:

  Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20180323' into 
staging (2018-03-23 10:20:54 +)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20180323

for you to fetch changes up to 548f514cf89dd9ab39c0cb4c063097bccf141fdd:

  target/arm: Always set FAR to a known unknown value for debug exceptions 
(2018-03-23 18:26:46 +)


target-arm queue:
 * arm/translate-a64: don't lose interrupts after unmasking via write to DAIF
 * sdhci: fix incorrect use of Error *
 * hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses
 * hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15
 * i.MX: Support serial RS-232 break properly
 * mach-virt: Set VM's SMBIOS system version to mc->name
 * target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK
 * target/arm: Factor out code to calculate FSR for debug exceptions
 * target/arm: Set FSR for BKPT, BRK when raising exception
 * target/arm: Always set FAR to a known unknown value for debug exceptions


Paolo Bonzini (1):
  sdhci: fix incorrect use of Error *

Peter Maydell (6):
  hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses
  hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15
  target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK
  target/arm: Factor out code to calculate FSR for debug exceptions
  target/arm: Set FSR for BKPT, BRK when raising exception
  target/arm: Always set FAR to a known unknown value for debug exceptions

Trent Piepho (1):
  i.MX: Support serial RS-232 break properly

Victor Kamensky (1):
  arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT

Wei Huang (1):
  mach-virt: Set VM's SMBIOS system version to mc->name

 include/hw/arm/virt.h|  1 +
 include/hw/char/imx_serial.h |  1 +
 target/arm/helper.h  |  1 +
 target/arm/internals.h   | 25 +
 hw/arm/bcm2836.c |  2 +-
 hw/arm/raspi.c   |  2 +-
 hw/arm/virt.c|  8 +++-
 hw/char/imx_serial.c |  5 -
 hw/intc/arm_gicv3_cpuif.c|  6 +++---
 hw/sd/sdhci.c|  4 ++--
 target/arm/helper.c  |  1 -
 target/arm/op_helper.c   | 33 ++---
 target/arm/translate-a64.c   | 21 -
 target/arm/translate.c   | 19 ++-
 14 files changed, 98 insertions(+), 31 deletions(-)

[Qemu-devel] [PULL 04/10] hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15

[Peter Maydell]

The BCM2836 uses a Cortex-A7, not a Cortex-A15. Update the device to
use the correct CPU.
https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf

When the BCM2836 was introduced (bad5623690b) the Cortex-A7 was not
available, so the very similar Cortex-A15 was used. Since dcf578ed8ce
we can model the correct core.

Signed-off-by: Peter Maydell 
Reviewed-by: Alistair Francis 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180319110215.16755-1-peter.mayd...@linaro.org
---
 hw/arm/bcm2836.c | 2 +-
 hw/arm/raspi.c   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
index 3e7e8ca791..3c4b44a53e 100644
--- a/hw/arm/bcm2836.c
+++ b/hw/arm/bcm2836.c
@@ -32,7 +32,7 @@ struct BCM283XInfo {
 static const BCM283XInfo bcm283x_socs[] = {
 {
 .name = TYPE_BCM2836,
-.cpu_type = ARM_CPU_TYPE_NAME("cortex-a15"),
+.cpu_type = ARM_CPU_TYPE_NAME("cortex-a7"),
 .clusterid = 0xf,
 },
 #ifdef TARGET_AARCH64
diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index 06f1e08ca9..955a7c4e80 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -226,7 +226,7 @@ static void raspi2_machine_init(MachineClass *mc)
 mc->no_parallel = 1;
 mc->no_floppy = 1;
 mc->no_cdrom = 1;
-mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a15");
+mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a7");
 mc->max_cpus = BCM283X_NCPUS;
 mc->min_cpus = BCM283X_NCPUS;
 mc->default_cpus = BCM283X_NCPUS;
-- 
2.16.2

[Qemu-devel] [PULL 02/10] sdhci: fix incorrect use of Error *

[Peter Maydell]

From: Paolo Bonzini 

Detected by Coverity (CID 1386072, 1386073, 1386076, 1386077).  local_err
was unused, and this made the static analyzer unhappy.

Signed-off-by: Paolo Bonzini 
Message-id: 20180320151355.25854-1-pbonz...@redhat.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 hw/sd/sdhci.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 1b828b104d..63c44a4ee8 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -1474,7 +1474,7 @@ static void sdhci_pci_realize(PCIDevice *dev, Error 
**errp)
 Error *local_err = NULL;
 
 sdhci_initfn(s);
-sdhci_common_realize(s, errp);
+sdhci_common_realize(s, _err);
 if (local_err) {
 error_propagate(errp, local_err);
 return;
@@ -1556,7 +1556,7 @@ static void sdhci_sysbus_realize(DeviceState *dev, Error 
** errp)
 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 Error *local_err = NULL;
 
-sdhci_common_realize(s, errp);
+sdhci_common_realize(s, _err);
 if (local_err) {
 error_propagate(errp, local_err);
 return;
-- 
2.16.2

Re: [Qemu-devel] [PULL 11/26] pci-bridge/i82801b11: clear bridge registers on platform reset

[Laszlo Ersek]

Michael, Peter,

On 02/08/18 20:09, Michael S. Tsirkin wrote:
> From: Laszlo Ersek 
> 
> The "i82801b11-bridge" device model is a descendant of "base-pci-bridge"
> (TYPE_PCI_BRIDGE). However, unlike other similar devices, such as
> 
> - pci-bridge,
> - pcie-pci-bridge,
> - PCIE Root Port,
> - xio3130 switch upstream and downstream ports,
> - dec-21154-p2p-bridge,
> - pbm-bridge,
> - xilinx-pcie-root,
> 
> "i82801b11-bridge" does not clear the bridge specific registers at
> platform reset.
> 
> This is a problem because devices on "i82801b11-bridge" continue to
> respond to config space cycles after platform reset, when addressed with
> the bus number that was previously programmed into the secondary bus
> number register of "i82801b11-bridge". This error breaks OVMF's search for
> extra (PXB) root buses, for example.
> 
> The device class reset method for "i82801b11-bridge" is currently NULL;
> set it directly to pci_bridge_reset(), like the last three bridge models
> in the above listing do.
> 
> Cc: "Michael S. Tsirkin" 
> Cc: Marcel Apfelbaum 
> Cc: qemu-sta...@nongnu.org
> Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1541839
> Signed-off-by: Laszlo Ersek 
> Reviewed-by: Marcel Apfelbaum 
> Reviewed-by: Michael S. Tsirkin 
> Signed-off-by: Michael S. Tsirkin 
> ---
>  hw/pci-bridge/i82801b11.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/pci-bridge/i82801b11.c b/hw/pci-bridge/i82801b11.c
> index cb522bf..ebf7f5f 100644
> --- a/hw/pci-bridge/i82801b11.c
> +++ b/hw/pci-bridge/i82801b11.c
> @@ -98,6 +98,7 @@ static void i82801b11_bridge_class_init(ObjectClass *klass, 
> void *data)
>  k->realize = i82801b11_bridge_realize;
>  k->config_write = pci_bridge_write_config;
>  dc->vmsd = _bridge_dev_vmstate;
> +dc->reset = pci_bridge_reset;
>  set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
>  }
>  
> 

this patch didn't get included in the 2.11.1 round-up:

http://mid.mail-archive.com/20180206191515.25830-1-mdroth@linux.vnet.ibm.com

(The patch was posted, CC stable, between Mike's round-up set and the
actual 2.11.1 release.)

Can we please make sure that the commit doesn't miss the 2.11.2 bus?
2.12 is still a month out, and without this patch, rebooting an UEFI
guest OS (with OVMF) hangs, on certain VM configs (see the commit message).

(Apologies if there is a "queue" or "next" branch for stable releases --
in that case I should have probably checked that branch before sending
this email.)

The commit hash on the master branch is
ed247f40db84c8bd4bb7d10948702cd47cc4d5ae; it's part of v2.12.0-rc0.

Thanks!
Laszlo

Re: [Qemu-devel] [PATCH for-2.12 0/4] Turn OOB off for 2.12-rc1, revert OOB tests

[Eric Blake]

On 03/23/2018 01:30 PM, Christian Borntraeger wrote:


Even that didn't work - 'make check' fails with either 1/4 or 4/4 applied in 
isolation, so I'm squashing them into a single patch.


Yes, "qmp: introduce QMPCapability" added an assert, that was fixed by a later 
on patch. So
the original series was not bisectable. Anyway with Peters 4 patches all 
applied things are fine
for me.


Weird, since I seem to recall running 'make check' on every patch in 
order in that series without seeing failures, prior to preparing the 
pull request (where I fell short was running iotests, which is what 
sparked this whole revert thread).  Anyways, even if my memory is faulty 
and the original series has a broken bisection window, it's now water 
under the bridge; the focus at this point is improving the known bugs to 
see if we can re-enable OOB prior to -rc2.


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH for-2.12 0/4] Turn OOB off for 2.12-rc1, revert OOB tests

[Christian Borntraeger]

On 03/23/2018 06:17 PM, Eric Blake wrote:
> On 03/23/2018 10:53 AM, Eric Blake wrote:
> 
>> Actually, we should revert things in reverse order of the original commits, 
>> so that we aren't introducing yet more temporary breakage.
>>
>> Since you reverted:
>>
>> $ git describe 3fd2457 d003f7a 91ad450 0213031 --match=v\*
>> v2.11.0-2595-g3fd2457d18e
>> v2.11.0-2598-gd003f7a8f9c
>> v2.11.0-2597-g91ad45061af
>> v2.11.0-2585-g02130314d8c
>>
>> where the higher the middle number represents the further distance from 2.11 
>> (aka newer patch), this series should be applied in the order:
>>
>> 2/4 (revert the newest patch first)
>> 3/4
>> 1/4
>> 4/4
> 
> Even that didn't work - 'make check' fails with either 1/4 or 4/4 applied in 
> isolation, so I'm squashing them into a single patch.

Yes, "qmp: introduce QMPCapability" added an assert, that was fixed by a later 
on patch. So
the original series was not bisectable. Anyway with Peters 4 patches all 
applied things are fine
for me.

Re: [Qemu-devel] [PATCH v2 0/7] ramfb: simple boot framebuffer, no legacy vga

[Laszlo Ersek]

On 03/23/18 18:07, Gerd Hoffmann wrote:
> On Fri, Mar 23, 2018 at 04:12:21PM +0100, Laszlo Ersek wrote:
>> On 03/23/18 15:51, Gerd Hoffmann wrote:
>>>   Hi,
>>>
 I believe the only point of this device model (and the associated guest
 fw driver) is Windows-on-KVM/aarch64.
>>>
>>> The other one is vgpu boot display.
>>
>> Interesting. I know nearly nothing about vgpu, but I hoped it'd come
>> with its own UEFI GOP driver in the ROM BAR; similarly to assigned
>> physical GPUs.
> 
> Well.  They don't ...
> 
> And even for assigned GPUs it is a PITA.  For example the intel rom
> appears to have the pci slot hardcoded.  You have to place the GPU in
> 00:02.0 (which it has on bare metal), otherwise the rom doesn't work.
> I would be *very* surprised if the rom is able to handle vgpu devices
> correctly.  Beside that it isn't easy to get the rom in the first place,
> at least for intel, as it isn't stored in the rom bar but in the
> firmware flash.

Sure, IGD assignment is a different animal; I thought vgpu would follow
the discrete PCI card assignment case.

Anyway, I just wanted to educate myself on this; thanks!
Laszlo

Re: [Qemu-devel] [PATCH for-2.12 0/4] Fix crashes with CAN bus and ISA DMA devices

[John Snow]

On 03/16/2018 06:15 AM, Paolo Bonzini wrote:
> On 16/03/2018 10:51, Thomas Huth wrote:
>> The new CAN bus devices and some older ISA devices that use DMA can be
>> used to crash QEMU. These patches introduce some proper checks so that
>> the users get a proper error message instead.
>>
>> Alexey Kardashevskiy (1):
>>   fdc: Exit if ISA controller does not support DMA
>>
>> Thomas Huth (3):
>>   hw/net/can: Fix segfaults when using the devices without bus
>>   hw/audio: Fix crashes when devices are used on ISA bus without DMA
>>   scripts/device-crash-test: Remove fixed isapc-with-iommu entry
>>
>>  hw/audio/cs4231a.c| 8 +++-
>>  hw/audio/gus.c| 7 ++-
>>  hw/audio/sb16.c   | 9 +++--
>>  hw/block/fdc.c| 5 -
>>  hw/net/can/can_sja1000.c  | 4 
>>  scripts/device-crash-test | 8 
>>  6 files changed, 28 insertions(+), 13 deletions(-)
>>
> 
> Queued, thanks.
> 
> Paolo
> 

Did you not actually send a PR for this?

Re: [Qemu-devel] [PATCH v2 0/5] coccinelle: re-run scripts from scripts/coccinelle

[Eric Blake]

On 03/23/2018 09:31 AM, Laurent Vivier wrote:

I've re-run some scripts from the coccinelle directory,
and they have found some problems.

This series fixes them.

v2: only change PATCH 4/4
   - keep comments
   - fix indentation
   I didn't remove changes in autogenerated files as it
   seems they are generated only once.

Daniel P. Berrangé (1):
   make: improve check for stale generated files in source dir


Is the inclusion of this patch compared to v1 intentional?

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH 0/4] coccinelle: re-run scripts from scripts/coccinelle

[Eric Blake]

On 03/23/2018 07:37 AM, Michael Tokarev wrote:

22.03.2018 19:12, Laurent Vivier wrote:

I've re-run some scripts from the coccinelle directory,
and they have found some problems.

This series fixes them.

Laurent Vivier (4):
   error: Strip trailing '\n' from error string arguments (again again)
   error: Remove NULL checks on error_propagate() calls
   qdict: remove useless cast
   Remove unnecessary variables for function return value


I've applied patches 1-3, but the 4th patch is a bit.. interesting.
As has already been said, it touches auto-generated files, which is
sort of fine, but it _also_ removes comments, which - I think - is
quite a bit wrong.


1-3 are also candidates for going through my qapi tree (I will probably 
do another pull request Monday or Tuesday), if that beats your trivial 
tree.  But if not, for 1-3, you can add:

Acked-by: Eric Blake 



I can apply just selected hunks, but.. hmm..


v2 of patch 4 is better, and the trivial tree may indeed be a better 
place for patch 4 since it doesn't really touch anything qapi-related.


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH v4 1/3] update-linux-headers.sh: add unistd.h and kvm on MIPS

[Dr. David Alan Gilbert]

* Michael S. Tsirkin (m...@redhat.com) wrote:
> Rework the update script slightly, add the unistd.h header and its
> dependencies on all architectures.
> 
> This also removes the IA64 and MIPS from a KVM blacklist:
> Linux dropped IA64, and there was never a reason to
> exclude MIPS from kvm specifically - it was
> excluded due to dependency of its unistd.h on sgidefs.h,
> which we also import.
> 
> Signed-off-by: Michael S. Tsirkin 
> ---
>  scripts/update-linux-headers.sh | 22 +++---
>  1 file changed, 15 insertions(+), 7 deletions(-)
> 
> diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh
> index d18e2f1..2a4dac8a 100755
> --- a/scripts/update-linux-headers.sh
> +++ b/scripts/update-linux-headers.sh
> @@ -80,11 +80,6 @@ for arch in $ARCHLIST; do
>  continue
>  fi
>  
> -# Blacklist architectures which have KVM headers but are actually dead
> -if [ "$arch" = "ia64" -o "$arch" = "mips" ]; then
> -continue
> -fi
> -
>  if [ "$arch" = x86 ]; then
>  arch_var=SRCARCH
>  else
> @@ -95,9 +90,18 @@ for arch in $ARCHLIST; do
>  
>  rm -rf "$output/linux-headers/asm-$arch"
>  mkdir -p "$output/linux-headers/asm-$arch"
> -for header in kvm.h kvm_para.h unistd.h; do
> +for header in unistd.h bitsperlong.h; do
> +cp "$tmpdir/include/asm/$header" "$output/linux-headers/asm-$arch"
> +done
> +
> +for header in kvm.h kvm_para.h; do
>  cp "$tmpdir/include/asm/$header" "$output/linux-headers/asm-$arch"
>  done
> +
> +if [ $arch = mips ]; then
> +cp "$tmpdir/include/asm/sgidefs.h" "$output/linux-headers/asm-mips/"
> +fi
> +
>  if [ $arch = powerpc ]; then
>  cp "$tmpdir/include/asm/epapr_hcalls.h" 
> "$output/linux-headers/asm-powerpc/"
>  fi
> @@ -120,6 +124,10 @@ EOF
>  cp "$tmpdir/include/asm/unistd_x32.h" 
> "$output/linux-headers/asm-x86/"
>  cp "$tmpdir/include/asm/unistd_64.h" "$output/linux-headers/asm-x86/"
>  fi
> +if [ $arch = s390 ]; then
> +cp "$tmpdir/include/asm/unistd_32.h" "$output/linux-headers/asm-arm/"
> +cp "$tmpdir/include/asm/unistd_64.h" "$output/linux-headers/asm-arm/"

That doesn't look right - I'm guessing that should be copying into
asm-s390 ?

Dave

> +fi
>  done
>  
>  rm -rf "$output/linux-headers/linux"
> @@ -130,7 +138,7 @@ for header in kvm.h kvm_para.h vfio.h vfio_ccw.h vhost.h \
>  done
>  rm -rf "$output/linux-headers/asm-generic"
>  mkdir -p "$output/linux-headers/asm-generic"
> -for header in kvm_para.h; do
> +for header in kvm_para.h bitsperlong.h unistd.h; do
>  cp "$tmpdir/include/asm-generic/$header" 
> "$output/linux-headers/asm-generic"
>  done
>  if [ -L "$linux/source" ]; then
> -- 
> MST
> 
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[Qemu-devel] [PULL 4/4] qapi: Force UTF8 encoding when parsing qapi files

[Eric Blake]

Commit d4e5ec877 already fixed things to work around Python 3's
lame bug of having LC_ALL=C not be 8-bit clean, when parsing the
main QMP qapi files; but failed to do likewise in the tests
directory.  As a result, running 'LC_ALL=C make check' fails on
escape-too-big and unicode-str when using python 3 with a nasty
stack trace instead of the intended graceful error message that
QAPI doesn't yet support 8-bit data (the two tests contain
Unicode é, when parsed in UTF-8; they represent something
different when parsed in a proper single-byte C locale, but that
doesn't matter to the error message printed out, provided that
brain-dead Python hasn't first choked on the input instead of
being 8-bit clean).

Ideally, we'd teach the qapi generator scripts to automatically
slurp things in using UTF-8 regardless of locale, and to honor
content that is not limited to 7 bit data rather than gracefully
erroring out; but until then, since our graceful error depends
on python parsing 8-bit data (even if nothing we generate uses
8-bit data), our quick fix is to use the right locale when
running these tests.

Reported-by: Peter Maydell 
Signed-off-by: Eric Blake 
Message-Id: <20180319205040.1113423-1-ebl...@redhat.com>
Reviewed-by: Daniel P. Berrangé 
---
 tests/Makefile.include | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 0b277036df1..eb218a9539d 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -669,13 +669,13 @@ tests/test-qapi-events.c tests/test-qapi-events.h \
 tests/test-qapi-introspect.c tests/test-qapi-introspect.h: \
 tests/test-qapi-gen-timestamp ;
 tests/test-qapi-gen-timestamp: 
$(SRC_PATH)/tests/qapi-schema/qapi-schema-test.json $(qapi-py)
-   $(call quiet-command,$(PYTHON) $(SRC_PATH)/scripts/qapi-gen.py \
+   $(call quiet-command,$(PYTHON_UTF8) $(SRC_PATH)/scripts/qapi-gen.py \
-o tests -p "test-" $<, \
"GEN","$(@:%-timestamp=%)")
@>$@

 tests/qapi-schema/doc-good.test.texi: 
$(SRC_PATH)/tests/qapi-schema/doc-good.json $(qapi-py)
-   $(call quiet-command,$(PYTHON) $(SRC_PATH)/scripts/qapi-gen.py \
+   $(call quiet-command,$(PYTHON_UTF8) $(SRC_PATH)/scripts/qapi-gen.py \
-o tests/qapi-schema -p "doc-good-" $<, \
"GEN","$@")
@mv tests/qapi-schema/doc-good-qapi-doc.texi $@
@@ -927,7 +927,7 @@ check-tests/qemu-iotests-quick.sh: 
tests/qemu-iotests-quick.sh qemu-img$(EXESUF)
 .PHONY: $(patsubst %, check-%, $(check-qapi-schema-y))
 $(patsubst %, check-%, $(check-qapi-schema-y)): check-%.json: 
$(SRC_PATH)/%.json
$(call quiet-command, PYTHONPATH=$(SRC_PATH)/scripts \
-   $(PYTHON) $(SRC_PATH)/tests/qapi-schema/test-qapi.py \
+   $(PYTHON_UTF8) $(SRC_PATH)/tests/qapi-schema/test-qapi.py \
$^ >$*.test.out 2>$*.test.err; \
echo $$? >$*.test.exit, \
"TEST","$*.out")
-- 
2.14.3

[Qemu-devel] [PULL 3/4] Revert "monitor: enable IO thread for (qmp & !mux) typed"

[Eric Blake]

From: Peter Xu 

This reverts commit 3fd2457d18edf5736f713dfe1ada9c87a9badab1.

Enabling OOB caused several iotests failures; due to the imminent
2.12 release, the safest action is to disable OOB for now.  If
other patches fix the issues that iotests exposed, it may be turned
back on in time for the release, otherwise it will be 2.13 material;
either way, the framework changes not reverted now do not hurt if
they remain as part of the 2.12 release.

Additionally, revert the tests in the patch 02130314d8 ("qmp: introduce
QMPCapability", 2018-03-19), as both parts must be reverted at once
to keep 'make check' passing.

Signed-off-by: Peter Xu 
Message-Id: <20180323140821.28957-2-pet...@redhat.com>
Tested-by: Christian Borntraeger 
[eblake: reorder/squash commits, enhance commit message]
Signed-off-by: Eric Blake 
---
 monitor.c|  5 +
 tests/qmp-test.c | 10 +-
 2 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/monitor.c b/monitor.c
index 6ccd2fc0895..77f4c41cfa6 100644
--- a/monitor.c
+++ b/monitor.c
@@ -36,7 +36,6 @@
 #include "net/slirp.h"
 #include "chardev/char-fe.h"
 #include "chardev/char-io.h"
-#include "chardev/char-mux.h"
 #include "ui/qemu-spice.h"
 #include "sysemu/numa.h"
 #include "monitor/monitor.h"
@@ -4537,10 +4536,8 @@ static void monitor_qmp_setup_handlers_bh(void *opaque)
 void monitor_init(Chardev *chr, int flags)
 {
 Monitor *mon = g_malloc(sizeof(*mon));
-/* Enable IOThread for QMPs that are not using MUX chardev backends. */
-bool use_io_thr = (!CHARDEV_IS_MUX(chr)) && (flags & MONITOR_USE_CONTROL);

-monitor_data_init(mon, false, use_io_thr);
+monitor_data_init(mon, false, false);

 qemu_chr_fe_init(>chr, chr, _abort);
 mon->flags = flags;
diff --git a/tests/qmp-test.c b/tests/qmp-test.c
index d1fa1cb2177..558e83540cc 100644
--- a/tests/qmp-test.c
+++ b/tests/qmp-test.c
@@ -80,8 +80,6 @@ static void test_qmp_protocol(void)
 QDict *resp, *q, *ret;
 QList *capabilities;
 QTestState *qts;
-const QListEntry *entry;
-QString *qstr;

 qts = qtest_init_without_qmp_handshake(common_args);

@@ -91,13 +89,7 @@ static void test_qmp_protocol(void)
 g_assert(q);
 test_version(qdict_get(q, "version"));
 capabilities = qdict_get_qlist(q, "capabilities");
-g_assert(capabilities);
-entry = qlist_first(capabilities);
-g_assert(entry);
-qstr = qobject_to(QString, entry->value);
-g_assert(qstr);
-g_assert_cmpstr(qstring_get_str(qstr), ==, "oob");
-QDECREF(resp);
+g_assert(capabilities && qlist_empty(capabilities));

 /* Test valid command before handshake */
 resp = qtest_qmp(qts, "{ 'execute': 'query-version' }");
-- 
2.14.3

[Qemu-devel] [PULL 2/4] Revert "tests: qmp-test: verify command batching"

[Eric Blake]

From: Peter Xu 

This reverts commit 91ad45061af0fe44ac5dadb5bedaf4d7a08077c8.

Enabling OOB caused several iotests failures; due to the imminent
2.12 release, the safest action is to disable OOB, but first we
have to revert tests that rely on OOB.

Signed-off-by: Peter Xu 
Message-Id: <20180323140821.28957-4-pet...@redhat.com>
Tested-by: Christian Borntraeger 
[eblake: reorder commits, enhance commit message]
Signed-off-by: Eric Blake 
---
 tests/qmp-test.c | 22 --
 1 file changed, 22 deletions(-)

diff --git a/tests/qmp-test.c b/tests/qmp-test.c
index 2e4b599a4c8..d1fa1cb2177 100644
--- a/tests/qmp-test.c
+++ b/tests/qmp-test.c
@@ -82,7 +82,6 @@ static void test_qmp_protocol(void)
 QTestState *qts;
 const QListEntry *entry;
 QString *qstr;
-int i;

 qts = qtest_init_without_qmp_handshake(common_args);

@@ -140,27 +139,6 @@ static void test_qmp_protocol(void)
 g_assert_cmpint(qdict_get_int(resp, "id"), ==, 2);
 QDECREF(resp);

-/*
- * Test command batching.  In current test OOB is not enabled, we
- * should be able to run as many commands in batch as we like.
- * Using 16 (>8, which is OOB queue length) to make sure OOB won't
- * break existing clients.  Note: this test does not control the
- * scheduling of QEMU's QMP command processing threads so it may
- * not really trigger batching inside QEMU.  This is just a
- * best-effort test.
- */
-for (i = 0; i < 16; i++) {
-qtest_async_qmp(qts, "{ 'execute': 'query-version' }");
-}
-/* Verify the replies to make sure no command is dropped. */
-for (i = 0; i < 16; i++) {
-resp = qtest_qmp_receive(qts);
-/* It should never be dropped.  Each of them should be a reply. */
-g_assert(qdict_haskey(resp, "return"));
-g_assert(!qdict_haskey(resp, "event"));
-QDECREF(resp);
-}
-
 qtest_quit(qts);
 }

-- 
2.14.3

[Qemu-devel] [PULL 0/4] QAPI patches for 2018-03-23, for 2.12-rc1

[Eric Blake]

The following changes since commit 4c2c1015905fa1d616750dfe024b4c0b35875950:

  Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20180323' into 
staging (2018-03-23 10:20:54 +)

are available in the Git repository at:

  git://repo.or.cz/qemu/ericb.git tags/pull-qapi-2018-03-23

for you to fetch changes up to 39615354fc07af34e04ab5efb5b6d478b0d24e32:

  qapi: Force UTF8 encoding when parsing qapi files (2018-03-23 12:29:07 -0500)

There may be another rc1 pull request on Monday, but let's get
these in sooner rather than later to minimize the window where
iotests are broken during bisects.


qapi patches for 2018-03-12, 2.12-rc1

- Peter Xu: 0/4 Turn OOB off for 2.12-rc1, revert OOB tests
- Eric Blake: qapi: Force UTF8 encoding when parsing qapi files


Eric Blake (1):
  qapi: Force UTF8 encoding when parsing qapi files

Peter Xu (3):
  Revert "tests: qmp-test: add oob test"
  Revert "tests: qmp-test: verify command batching"
  Revert "monitor: enable IO thread for (qmp & !mux) typed"

 monitor.c  |  5 +--
 tests/qmp-test.c   | 97 +-
 tests/Makefile.include |  6 ++--
 3 files changed, 5 insertions(+), 103 deletions(-)

-- 
2.14.3

[Qemu-devel] [PULL 1/4] Revert "tests: qmp-test: add oob test"

[Eric Blake]

From: Peter Xu 

This reverts commit d003f7a8f9cafe50119975844fa01afc2baf41fb.

Enabling OOB caused several iotests failures; due to the imminent
2.12 release, the safest action is to disable OOB, but first we
have to revert tests that rely on OOB.

Signed-off-by: Peter Xu 
Message-Id: <20180323140821.28957-3-pet...@redhat.com>
Tested-by: Christian Borntraeger 
[eblake: reorder commits, enhance commit message]
Signed-off-by: Eric Blake 
---
 tests/qmp-test.c | 65 
 1 file changed, 65 deletions(-)

diff --git a/tests/qmp-test.c b/tests/qmp-test.c
index 07c0b87e27a..2e4b599a4c8 100644
--- a/tests/qmp-test.c
+++ b/tests/qmp-test.c
@@ -164,70 +164,6 @@ static void test_qmp_protocol(void)
 qtest_quit(qts);
 }

-/* Tests for Out-Of-Band support. */
-static void test_qmp_oob(void)
-{
-QDict *resp;
-int acks = 0;
-const char *cmd_id;
-
-global_qtest = qtest_init_without_qmp_handshake(common_args);
-
-/* Ignore the greeting message. */
-resp = qmp_receive();
-g_assert(qdict_get_qdict(resp, "QMP"));
-QDECREF(resp);
-
-/* Try a fake capability, it should fail. */
-resp = qmp("{ 'execute': 'qmp_capabilities', "
-   "  'arguments': { 'enable': [ 'cap-does-not-exist' ] } }");
-g_assert(qdict_haskey(resp, "error"));
-QDECREF(resp);
-
-/* Now, enable OOB in current QMP session, it should succeed. */
-resp = qmp("{ 'execute': 'qmp_capabilities', "
-   "  'arguments': { 'enable': [ 'oob' ] } }");
-g_assert(qdict_haskey(resp, "return"));
-QDECREF(resp);
-
-/*
- * Try any command that does not support OOB but with OOB flag. We
- * should get failure.
- */
-resp = qmp("{ 'execute': 'query-cpus',"
-   "  'control': { 'run-oob': true } }");
-g_assert(qdict_haskey(resp, "error"));
-QDECREF(resp);
-
-/*
- * First send the "x-oob-test" command with lock=true and
- * oob=false, it should hang the dispatcher and main thread;
- * later, we send another lock=false with oob=true to continue
- * that thread processing.  Finally we should receive replies from
- * both commands.
- */
-qmp_async("{ 'execute': 'x-oob-test',"
-  "  'arguments': { 'lock': true }, "
-  "  'id': 'lock-cmd'}");
-qmp_async("{ 'execute': 'x-oob-test', "
-  "  'arguments': { 'lock': false }, "
-  "  'control': { 'run-oob': true }, "
-  "  'id': 'unlock-cmd' }");
-
-/* Ignore all events.  Wait for 2 acks */
-while (acks < 2) {
-resp = qmp_receive();
-cmd_id = qdict_get_str(resp, "id");
-if (!g_strcmp0(cmd_id, "lock-cmd") ||
-!g_strcmp0(cmd_id, "unlock-cmd")) {
-acks++;
-}
-QDECREF(resp);
-}
-
-qtest_end();
-}
-
 static int query_error_class(const char *cmd)
 {
 static struct {
@@ -412,7 +348,6 @@ int main(int argc, char *argv[])
 g_test_init(, , NULL);

 qtest_add_func("qmp/protocol", test_qmp_protocol);
-qtest_add_func("qmp/oob", test_qmp_oob);
 qmp_schema_init();
 add_query_tests();

-- 
2.14.3

Re: [Qemu-devel] [PATCH] target/xtensa: fix timers test

[Philippe Mathieu-Daudé]

Hi Max,

On 03/23/2018 10:17 AM, Max Filippov wrote:
> Change frequency of the core used in tests so that clock cycle takes
> exactly 64ns. Change icount power used in tests to 6, so that each
> instruction takes exactly 1 clock cycle. With these changes the
> assumptions of the xtensa timers test are correct and the test must
> always pass.
> 
> Longer story:
>   http://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg04326.html

Would be great to have it in this commit message.

> 
> Cc: Pavel Dovgaluk 
> Signed-off-by: Max Filippov 
> ---
>  target/xtensa/core-dc232b.c | 2 +-
>  tests/tcg/xtensa/Makefile   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/target/xtensa/core-dc232b.c b/target/xtensa/core-dc232b.c
> index aa07018af4e7..8846336f5cfa 100644
> --- a/target/xtensa/core-dc232b.c
> +++ b/target/xtensa/core-dc232b.c
> @@ -47,7 +47,7 @@ static XtensaConfig dc232b __attribute__((unused)) = {
>  }
>  },
>  .isa_internal = _modules,
> -.clock_freq_khz = 1,
> +.clock_freq_khz = 15625,

What about using self-explicit:

   .clock_freq_khz = (NANOSECONDS_PER_SECOND / 64) / 1000;

>  DEFAULT_SECTIONS
>  };
>  
> diff --git a/tests/tcg/xtensa/Makefile b/tests/tcg/xtensa/Makefile
> index 2882c431e4a9..091518c05583 100644
> --- a/tests/tcg/xtensa/Makefile
> +++ b/tests/tcg/xtensa/Makefile
> @@ -5,7 +5,7 @@ CROSS=xtensa-$(CORE)-elf-
>  
>  ifndef XT
>  SIM = ../../../xtensa-softmmu/qemu-system-xtensa
> -SIMFLAGS = -M sim -cpu $(CORE) -nographic -semihosting -icount 7 $(EXTFLAGS) 
> -kernel
> +SIMFLAGS = -M sim -cpu $(CORE) -nographic -semihosting -icount 6 $(EXTFLAGS) 
> -kernel
>  SIMDEBUG = -s -S
>  else
>  SIM = xt-run
> 

Regards,

Phil.

Re: [Qemu-devel] [PATCH for-2.12 0/4] Turn OOB off for 2.12-rc1, revert OOB tests

[Eric Blake]

On 03/23/2018 10:53 AM, Eric Blake wrote:

Actually, we should revert things in reverse order of the original 
commits, so that we aren't introducing yet more temporary breakage.


Since you reverted:

$ git describe 3fd2457 d003f7a 91ad450 0213031 --match=v\*
v2.11.0-2595-g3fd2457d18e
v2.11.0-2598-gd003f7a8f9c
v2.11.0-2597-g91ad45061af
v2.11.0-2585-g02130314d8c

where the higher the middle number represents the further distance from 
2.11 (aka newer patch), this series should be applied in the order:


2/4 (revert the newest patch first)
3/4
1/4
4/4


Even that didn't work - 'make check' fails with either 1/4 or 4/4 
applied in isolation, so I'm squashing them into a single patch.


The failure was either:

  GTESTER check-qtest-x86_64
**
ERROR:tests/qmp-test.c:96:test_qmp_protocol: assertion failed: (entry)
GTester: last random seed: R02Sa02aeb0d46d3092524914cd9be2b57f7
make: *** [/home/eblake/qemu/tests/Makefile.include:880: 
check-qtest-x86_64] Error 1



or:

  GTESTER check-qtest-x86_64
**
ERROR:tests/qmp-test.c:92:test_qmp_protocol: assertion failed: 
(capabilities && qlist_empty(capabilities))

GTester: last random seed: R02S621a9dbfcf7bed132c614953e93ecb37
make: *** [/home/eblake/qemu/tests/Makefile.include:880: 
check-qtest-x86_64] Error 1



--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org