[Qemu-devel] [Bug 1364501] Re: Gdb hangs when trying to single-step after an invalid instruction
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1364501 Title: Gdb hangs when trying to single-step after an invalid instruction Status in QEMU: Expired Bug description: When using Gdb to remote-debug a program and manually setting its PC to point to an address containing an invalid instruction and then doing a single step, Qemu will never return control to the remote Gdb. For instance, let's say address 0x114 contains an invalid instruction. On the remote Gdb, we'd do: (gdb) set $pc = 0x114 (gdb) stepi After doing that we won't get the (gdb) prompt unless we do a Ctrl-C. If we do so we'll be left at 0x114 instead of going towards the exception handler as we should. This happens with stepi, step and next. If instead of single-stepping we used continue, the program will proceed into the exception handler as it should. The reason this is happening is that when Qemu realizes it's about to translate an instruction it doesn't recognize it'll generate a call to helper_exception_with_syndrome(), which will register the exception and then call cpu_loop_exit(). At the same time, because we're doing a single-step, Qemu will also generate a call to helper_exception_internal() passing it an EXCP_DEBUG, which lets the system know it'll give control back to the remote debugger, and it also ends with a call to cpu_loop_exit(). However, because the syndrome exception calls cpu_loop_exit() first, the call to the internal exception won't be reached and Qemu will be stuck in a loop without returning control to the remote debugger. What makes this a bit tricky to fix is that we must call cpu_loop_exit() at the end of helper_exception_with_syndrome(), otherwise the target exception will go undetected and its handler won't be excecuted. Tested on latest head by emulating a Stellaris lm3s6965 board and running RTEMS 4.11: $ qemu-system-arm -nographic -s -S -M lm3s6965evb -kernel my_rtems_app Commit hash in qemu.git: 30eaca3acdf17d7bcbd1213eb149c02037edfb0b To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1364501/+subscriptions
[Qemu-devel] [PATCH] linux-user: xtensa: enable bFLT support
- request bflt support in configure; - implement custom linux-user/xtensa/target_flat.h that doesn't put envp on stack; - fix #include "target_flat.h" in flatload.c so that it first search for arch-customized version of the header. Signed-off-by: Max Filippov --- configure | 1 + linux-user/flatload.c | 2 +- linux-user/xtensa/target_flat.h | 10 ++ 3 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 linux-user/xtensa/target_flat.h diff --git a/configure b/configure index 18006f0865b7..2c6b850ac690 100755 --- a/configure +++ b/configure @@ -7178,6 +7178,7 @@ case "$target_name" in ;; xtensa|xtensaeb) TARGET_ARCH=xtensa +bflt="yes" mttcg="yes" target_compiler=$cross_cc_xtensa ;; diff --git a/linux-user/flatload.c b/linux-user/flatload.c index 10c529910fc8..2eefe55e5000 100644 --- a/linux-user/flatload.c +++ b/linux-user/flatload.c @@ -37,7 +37,7 @@ #include "qemu.h" #include "flat.h" -#include "target_flat.h" +#include //#define DEBUG diff --git a/linux-user/xtensa/target_flat.h b/linux-user/xtensa/target_flat.h new file mode 100644 index ..732adddb0d1e --- /dev/null +++ b/linux-user/xtensa/target_flat.h @@ -0,0 +1,10 @@ +/* If your arch needs to do custom stuff, create your own target_flat.h + * header file in linux-user// + */ +#define flat_argvp_envp_on_stack() 0 +#define flat_reloc_valid(reloc, size)((reloc) <= (size)) +#define flat_old_ram_flag(flag) (flag) +#define flat_get_relocate_addr(relval) (relval) +#define flat_get_addr_from_rp(rp, relval, flags, persistent) (rp) +#define flat_set_persistent(relval, persistent) (*persistent) +#define flat_put_addr_at_rp(rp, addr, relval) put_user_ual(addr, rp) -- 2.11.0
Re: [Qemu-devel] [PATCH v2 0/9] iotests: Make them work for both Python 2 and 3
On 10/19/18 3:15 PM, Max Reitz wrote: > This series prepares the iotests to work with both Python 2 and 3. In > some places, it adds version-specific code and decides what to do based > on the version (for instance, whether to import the StringIO or the > BytesIO class from 'io' for use with the test runner), but most of the > time, it just makes code work for both versions in general. > Tested on both Python 2 and 3. Tested-by: Cleber Rosa
Re: [Qemu-devel] [PATCH v2 9/9] iotests: Unify log outputs between Python 2 and 3
On 10/19/18 3:15 PM, Max Reitz wrote: > When dumping an object into the log, there are differences between > Python 2 and 3. First, unicode strings are prefixed by 'u' in Python 2 > (they are no longer in 3, because unicode strings are the default > there). Second, the order of keys in dicts may differ. Third, > especially long numbers are longs in Python 2 and thus get an 'L' > suffix, which does not happen in Python 3. > > We can get around all of these differences by dumping objects (lists and > dicts) in a language-independent format, namely JSON. The JSON > generator even allows emitting dicts with their keys sorted > alphabetically. > > This changes the output of all tests that use these logging functions > (dict keys are ordered now, strings in dicts are now enclosed in double > quotes instead of single quotes, the 'L' suffix of large integers is > dropped, and "true" and "false" are now in lower case). > The quote change necessitates a small change to a filter used in test > 207. > > Suggested-by: Eduardo Habkost > Signed-off-by: Max Reitz Reviewed-by: Cleber Rosa
Re: [Qemu-devel] [PATCH v2 8/9] iotests: Modify imports for Python 3
On 10/19/18 3:15 PM, Max Reitz wrote: > There are two imports that need to be modified when running the iotests > under Python 3: One is StringIO, which no longer exists; instead, the > StringIO class comes from the io module, so import it from there (and > use the BytesIO class for Python 2). The other is the ConfigParser, > which has just been renamed to configparser. > > Signed-off-by: Max Reitz Reviewed-by: Cleber Rosa
Re: [Qemu-devel] [PATCH v2 6/9] iotests: Explicitly inherit FDs in Python
On 10/19/18 3:15 PM, Max Reitz wrote: > Python 3.4 introduced the inheritable attribute for FDs. At the same > time, it changed the default so that all FDs are not inheritable by > default, that only inheritable FDs are inherited to subprocesses, and > only if close_fds is explicitly set to False. > > Adhere to this by setting close_fds to False when working with > subprocesses that may want to inherit FDs, and by trying to > set_inheritable() on FDs that we do want to bequeath to them. > > Signed-off-by: Max Reitz Reviewed-by: Cleber Rosa
Re: [Qemu-devel] [PATCH v2 7/9] iotests: 'new' module replacement in 169
On 10/19/18 3:15 PM, Max Reitz wrote: > iotest 169 uses the 'new' module to add methods to a class. This module > no longer exists in Python 3. Instead, we can use a lambda. Best of > all, this works in 2.7 just as well. > > Signed-off-by: Max Reitz > Reviewed-by: Eduardo Habkost Reviewed-by: Cleber Rosa
Re: [Qemu-devel] [PATCH v2 5/9] iotests: Different iterator behavior in Python 3
On 10/19/18 3:15 PM, Max Reitz wrote: > In Python 3, several functions now return iterators instead of lists. > This includes range(), items(), map(), and filter(). This means that if > we really want a list, we have to wrap those instances with list(). But > then again, the two instances where this is the case for map() and > filter(), there are shorter expressions which work without either > function. > > On the other hand, sometimes we do just want an iterator, in which case > we have sometimes used xrange() and iteritems() which no longer exist in > Python 3. Just change these calls to be range() and items(), works in > both Python 2 and 3, and is really what we want in 3 (which is what > matters). But because it is so simple to do (and to find and remove > once we completely switch to Python 3), make range() be an alias for > xrange() in the two affected tests (044 and 163). > > In one instance, we only wanted the first instance of the result of a > filter() call. Instead of using next(filter()) which would work only in > Python 3, or list(filter())[0] which would work everywhere but is a bit > weird, this instance is changed to use list comprehension with a next() > wrapped around, which works both in 2.7 and 3. > > Signed-off-by: Max Reitz Reviewed-by: Cleber Rosa
Re: [Qemu-devel] [PATCH v2 4/9] iotests: Use // for Python integer division
On 10/19/18 3:15 PM, Max Reitz wrote: > In Python 3, / is always a floating-point division. We usually do not > want this, and as Python 2.7 understands // as well, change all integer > divisions to use that. > > Signed-off-by: Max Reitz Reviewed-by: Cleber Rosa
Re: [Qemu-devel] [RFC PATCH v3 6/6] tests/acceptance: Add test_sh4_r2d in BootLinuxTracing
On 10/13/18 11:15 AM, Philippe Mathieu-Daudé wrote:
> Similar to the test_x86_64_pc test, this boots a Linux kernel on a
> R2D board (SH4 little-endian) and verify the usb is working by looking
> at the usb trace events. Thus this test requires the QEMU binary to be
> compiled with:
>
> $ configure ... --enable-trace-backends=log
>
> This test also requires the dpkg-deb tool (apt/dnf install dpkg) to
> extract the kernel from the Debian package.
>
> $ avocado --show=app,trace run -p arch=sh4
> tests/acceptance/boot_linux_console.py
> JOB ID : dc45be27f5d1edb8289a1ede139e107bbc55b045
> JOB LOG:
> /home/phil/avocado/job-results/job-2018-10-13T14.46-dc45be2/job.log
>(1/5)
> tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_x86_64_pc:
> CANCEL: Currently specific to the x86_64 target arch (0.00 s)
>(2/5)
> tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_mips_4kc_malta:
> CANCEL: Currently specific to the sh4 target arch (0.00 s)
>(3/5)
> tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_mipsel_5kc_malta:
> CANCEL: Currently specific to the sh4 target arch (0.00 s)
>(4/5)
> tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_sh4_r2d: SKIP:
> console not working on r2d machine
>(5/5)
> tests/acceptance/boot_linux_console.py:BootLinuxTracing.test_sh4_r2d: /
> trace: 22770@1539434809.450006:usb_ohci_init_time usb_bit_time=100
> usb_frame_time=83
> trace: 22770@1539434809.453017:usb_ohci_port_attach port #0
> trace: 22770@1539434809.454827:usb_ohci_reset sysbus-ohci
> trace: 22770@1539434809.454833:usb_ohci_stop sysbus-ohci: USB Suspended
> trace: 22770@1539434809.454835:usb_ohci_stop sysbus-ohci: USB Suspended
> trace: 22770@1539434809.454837:usb_ohci_port_detach port #0
> trace: 22770@1539434809.454839:usb_ohci_port_attach port #0
> trace: 22770@1539434811.588702:usb_ohci_reset sysbus-ohci
> trace: 22770@1539434811.588711:usb_ohci_stop sysbus-ohci: USB Suspended
> trace: 22770@1539434811.589062:usb_ohci_set_ctl sysbus-ohci: new state 0x80
> trace: 22770@1539434811.589067:usb_ohci_start sysbus-ohci: USB Operational
> trace: 22770@1539434811.589253:usb_ohci_hub_power_up powered up all ports
> PASS (2.43 s)
> RESULTS: PASS 1 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 |
> CANCEL 3
> JOB TIME : 2.67 s
>
And with similar changes, on this point of this series:
$ avocado run tests/acceptance/boot_linux_console.py
JOB ID : 857fef1b8c0ce59a79d452f27e996ed2743404b1
JOB LOG:
/home/cleber/avocado/job-results/job-2018-10-19T19.58-857fef1/job.log
(1/5)
tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_x86_64_pc:
PASS (2.04 s)
(2/5)
tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_mips_4kc_malta:
PASS (0.57 s)
(3/5)
tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_mipsel_5kc_malta:
PASS (0.59 s)
(4/5)
tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_sh4_r2d:
SKIP: console not working on r2d machine
(5/5)
tests/acceptance/boot_linux_console.py:BootLinuxTracing.test_sh4_r2d:
PASS (1.01 s)
RESULTS: PASS 4 | ERROR 0 | FAIL 0 | SKIP 1 | WARN 0 | INTERRUPT 0 |
CANCEL 0
JOB TIME : 4.57 s
- Cleber.
> Signed-off-by: Philippe Mathieu-Daudé
> ---
> tests/acceptance/boot_linux_console.py | 64 ++
> 1 file changed, 64 insertions(+)
>
> diff --git a/tests/acceptance/boot_linux_console.py
> b/tests/acceptance/boot_linux_console.py
> index 8f99cc0d7c..e11993bf98 100644
> --- a/tests/acceptance/boot_linux_console.py
> +++ b/tests/acceptance/boot_linux_console.py
> @@ -8,11 +8,22 @@
> # This work is licensed under the terms of the GNU GPL, version 2 or
> # later. See the COPYING file in the top-level directory.
>
> +import os
> import logging
> import subprocess
>
> from avocado import skip
> from avocado_qemu import Test
> +from avocado.utils.wait import wait_for
> +
> +
> +def read_stream_for_string(stream, expected_string, logger=None):
> +msg = stream.readline()
> +if len(msg) == 0:
> +return False
> +if logger:
> +logger.debug(msg.strip())
> +return expected_string in msg
>
>
> class BootLinuxConsole(Test):
> @@ -185,3 +196,56 @@ class BootLinuxConsole(Test):
> break
> if 'Kernel panic - not syncing' in msg:
> self.fail("Kernel panic reached")
> +
> +class BootLinuxTracing(Test):
> +"""
> +Boots a Linux kernel and checks that via the Tracing framework that
> +a specific trace events occured, demostrating the kernel is operational.
> +
> +:avocado: enable
> +"""
> +
> +timeout = 60
> +
> +def test_sh4_r2d(self):
> +"""
> +This test requires the dpkg-deb tool (apt/dnf install dpkg) to
> extract
> +the kernel from the Debian package.
> +This test also requires the QEMU binary to be compiled with:
> +
> + $ configure ...
Re: [Qemu-devel] [RFC v3 0/56] per-CPU locks
On Fri, Oct 19, 2018 at 15:29:32 -0400, Emilio G. Cota wrote: > On Fri, Oct 19, 2018 at 18:01:18 +0200, Paolo Bonzini wrote: > > > Given that we need a per-CPU lock anyway to remove the BQL from the > > > CPU loop, extending this lock to protect cpu->interrupt_request is > > > a simple solution that keeps the current logic and allows for > > > greater scalability. > > > > Sure, I was just curious what the problem was. KVM uses OR+kick with no > > problems. > > I never found exactly where things break. The hangs happen > pretty early when booting a large (-smp > 16) x86_64 Ubuntu guest. > Booting never completes (ssh unresponsive) if I don't have the > console output (I suspect the console output slows things down > enough to hide some races). I only see a few threads busy: > a couple of vCPU threads, and the I/O thread. > > I didn't have time to debug any further, so I moved on > to an alternative approach. > > So it is possible that it was my implementation, and not the approach, > what was at fault :-) I've just observed a similar hang after adding the "BQL pushdown" patches on top of this series. So it's likely that the hangs come from those patches, and not from the work on cpu->interrupt_request. I just confirmed with the prior series, and removing the pushdown patches fixes the hangs there as well. Thanks, Emilio
Re: [Qemu-devel] [PATCH v3 3/6] tests/acceptance: Add test_mips_4kc_malta in BootLinuxConsole
On 10/19/18 5:17 PM, Cleber Rosa wrote:
>
>
> On 10/19/18 2:41 PM, Philippe Mathieu-Daudé wrote:
>> On 19/10/2018 19:42, Cleber Rosa wrote:
>>>
>>>
>>> On 10/13/18 11:15 AM, Philippe Mathieu-Daudé wrote:
Similar to the test_x86_64_pc test, this boots a Linux kernel on a
Malta board (MIPS 4Kc big-endian) and verify the serial is working.
This test requires the dpkg-deb tool (apt/dnf install dpkg) to
extract the kernel from the Debian package.
>>>
>>> Debian packages are really "ar" archives, with a control.tar.gz and
>>> data.tar.gz in them. More on that later.
>>>
$ avocado --show=console run -p arch=mips
tests/acceptance/boot_linux_console.py
console: [0.00] Initializing cgroup subsys cpuset
console: [0.00] Initializing cgroup subsys cpu
console: [0.00] Linux version 2.6.32-5-4kc-malta (Debian
2.6.32-48) (b...@decadent.org.uk) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1
Sat Feb 16 12:43:42 UTC 2013
console: [0.00]
console: [0.00] LINUX started...
console: [0.00] bootconsole [early0] enabled
console: [0.00] CPU revision is: 00019300 (MIPS 24Kc)
console: [0.00] FPU revision is: 00739300
console: [0.00] Determined physical RAM map:
console: [0.00] memory: 1000 @ (reserved)
console: [0.00] memory: 000ef000 @ 1000 (ROM data)
console: [0.00] memory: 005b7000 @ 000f (reserved)
console: [0.00] memory: 03958000 @ 006a7000 (usable)
console: [0.00] Wasting 54496 bytes for tracking 1703 unused
pages
console: [0.00] Initrd not found or empty - disabling initrd
console: [0.00] Zone PFN ranges:
console: [0.00] DMA 0x -> 0x1000
console: [0.00] Normal 0x1000 -> 0x3fff
console: [0.00] Movable zone start PFN for each node
console: [0.00] early_node_map[1] active PFN ranges
console: [0.00] 0: 0x -> 0x3fff
console: [0.00] Built 1 zonelists in Zone order, mobility
grouping on. Total pages: 16255
console: [0.00] Kernel command line: console=ttyS0 printk.time=0
Signed-off-by: Philippe Mathieu-Daudé
---
tests/acceptance/boot_linux_console.py | 46 ++
1 file changed, 46 insertions(+)
diff --git a/tests/acceptance/boot_linux_console.py
b/tests/acceptance/boot_linux_console.py
index 3aa4dbe5f9..81c96fc338 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -9,6 +9,7 @@
# later. See the COPYING file in the top-level directory.
import logging
+import subprocess
>>>
>>> It's definitely your call, but I like to think that
>>> avocado.utils.process provides simpler and more capable functions:
>>>
>>> https://avocado-framework.readthedocs.io/en/65.0/api/utils/avocado.utils.html#avocado.utils.process.run
>>
>> OK
>>
>>>
from avocado_qemu import Test
@@ -47,3 +48,48 @@ class BootLinuxConsole(Test):
break
if 'Kernel panic - not syncing' in msg:
self.fail("Kernel panic reached")
+
+def test_mips_4kc_malta(self):
+"""
+This test requires the dpkg-deb tool (apt/dnf install dpkg) to
extract
+the kernel from the Debian package.
+
+The kernel can be rebuilt using this Debian kernel source [1] and
+following the instructions on [2].
+
+[1]
https://kernel-team.pages.debian.net/kernel-handbook/ch-common-tasks.html#s-common-official
+[2]
http://snapshot.debian.org/package/linux-2.6/2.6.32-48/#linux-source-2.6.32_2.6.32-48
+
+:avocado: tags=arch:mips
+"""
+if self.arch != 'mips': # FIXME use 'arch' tag in parent class?
+self.cancel('Currently specific to the %s target arch' %
self.arch)
+
>>>
>>> I missed how the arch tag in the parent class (common to all tests here)
>>> would be useful for this specific test.
>>
>> I probably forgot to remove it.
>>
>
> I think I now know what you meant. With the current approach we have:
>
> $ avocado run -p arch=x86_64 tests/acceptance/boot_linux_console.py
> JOB ID : 3209c26bceffc372f245b121d6ac77a7e36e7134
> JOB LOG:
> /home/cleber/avocado/job-results/job-2018-10-19T16.58-3209c26/job.log
> (1/2)
> tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_x86_64_pc:
> PASS (2.05 s)
> (2/2)
> tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_mips_4kc_malta:
> CANCEL: Currently specific to the x86_64 target arch (0.00 s)
> RESULTS: PASS 1 | ERROR 0 | FAIL 0 |
Re: [Qemu-devel] [PATCH v3 3/6] tests/acceptance: Add test_mips_4kc_malta in BootLinuxConsole
On 10/19/18 2:41 PM, Philippe Mathieu-Daudé wrote:
> On 19/10/2018 19:42, Cleber Rosa wrote:
>>
>>
>> On 10/13/18 11:15 AM, Philippe Mathieu-Daudé wrote:
>>> Similar to the test_x86_64_pc test, this boots a Linux kernel on a
>>> Malta board (MIPS 4Kc big-endian) and verify the serial is working.
>>>
>>> This test requires the dpkg-deb tool (apt/dnf install dpkg) to
>>> extract the kernel from the Debian package.
>>>
>>
>> Debian packages are really "ar" archives, with a control.tar.gz and
>> data.tar.gz in them. More on that later.
>>
>>> $ avocado --show=console run -p arch=mips
>>> tests/acceptance/boot_linux_console.py
>>> console: [0.00] Initializing cgroup subsys cpuset
>>> console: [0.00] Initializing cgroup subsys cpu
>>> console: [0.00] Linux version 2.6.32-5-4kc-malta (Debian
>>> 2.6.32-48) (b...@decadent.org.uk) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1
>>> Sat Feb 16 12:43:42 UTC 2013
>>> console: [0.00]
>>> console: [0.00] LINUX started...
>>> console: [0.00] bootconsole [early0] enabled
>>> console: [0.00] CPU revision is: 00019300 (MIPS 24Kc)
>>> console: [0.00] FPU revision is: 00739300
>>> console: [0.00] Determined physical RAM map:
>>> console: [0.00] memory: 1000 @ (reserved)
>>> console: [0.00] memory: 000ef000 @ 1000 (ROM data)
>>> console: [0.00] memory: 005b7000 @ 000f (reserved)
>>> console: [0.00] memory: 03958000 @ 006a7000 (usable)
>>> console: [0.00] Wasting 54496 bytes for tracking 1703 unused pages
>>> console: [0.00] Initrd not found or empty - disabling initrd
>>> console: [0.00] Zone PFN ranges:
>>> console: [0.00] DMA 0x -> 0x1000
>>> console: [0.00] Normal 0x1000 -> 0x3fff
>>> console: [0.00] Movable zone start PFN for each node
>>> console: [0.00] early_node_map[1] active PFN ranges
>>> console: [0.00] 0: 0x -> 0x3fff
>>> console: [0.00] Built 1 zonelists in Zone order, mobility
>>> grouping on. Total pages: 16255
>>> console: [0.00] Kernel command line: console=ttyS0 printk.time=0
>>>
>>> Signed-off-by: Philippe Mathieu-Daudé
>>> ---
>>> tests/acceptance/boot_linux_console.py | 46 ++
>>> 1 file changed, 46 insertions(+)
>>>
>>> diff --git a/tests/acceptance/boot_linux_console.py
>>> b/tests/acceptance/boot_linux_console.py
>>> index 3aa4dbe5f9..81c96fc338 100644
>>> --- a/tests/acceptance/boot_linux_console.py
>>> +++ b/tests/acceptance/boot_linux_console.py
>>> @@ -9,6 +9,7 @@
>>> # later. See the COPYING file in the top-level directory.
>>>
>>> import logging
>>> +import subprocess
>>
>> It's definitely your call, but I like to think that
>> avocado.utils.process provides simpler and more capable functions:
>>
>> https://avocado-framework.readthedocs.io/en/65.0/api/utils/avocado.utils.html#avocado.utils.process.run
>
> OK
>
>>
>>>
>>> from avocado_qemu import Test
>>>
>>> @@ -47,3 +48,48 @@ class BootLinuxConsole(Test):
>>> break
>>> if 'Kernel panic - not syncing' in msg:
>>> self.fail("Kernel panic reached")
>>> +
>>> +def test_mips_4kc_malta(self):
>>> +"""
>>> +This test requires the dpkg-deb tool (apt/dnf install dpkg) to
>>> extract
>>> +the kernel from the Debian package.
>>> +
>>> +The kernel can be rebuilt using this Debian kernel source [1] and
>>> +following the instructions on [2].
>>> +
>>> +[1]
>>> https://kernel-team.pages.debian.net/kernel-handbook/ch-common-tasks.html#s-common-official
>>> +[2]
>>> http://snapshot.debian.org/package/linux-2.6/2.6.32-48/#linux-source-2.6.32_2.6.32-48
>>> +
>>> +:avocado: tags=arch:mips
>>> +"""
>>> +if self.arch != 'mips': # FIXME use 'arch' tag in parent class?
>>> +self.cancel('Currently specific to the %s target arch' %
>>> self.arch)
>>> +
>>
>> I missed how the arch tag in the parent class (common to all tests here)
>> would be useful for this specific test.
>
> I probably forgot to remove it.
>
I think I now know what you meant. With the current approach we have:
$ avocado run -p arch=x86_64 tests/acceptance/boot_linux_console.py
JOB ID : 3209c26bceffc372f245b121d6ac77a7e36e7134
JOB LOG:
/home/cleber/avocado/job-results/job-2018-10-19T16.58-3209c26/job.log
(1/2)
tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_x86_64_pc:
PASS (2.05 s)
(2/2)
tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_mips_4kc_malta:
CANCEL: Currently specific to the x86_64 target arch (0.00 s)
RESULTS: PASS 1 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 |
CANCEL 1
JOB TIME : 2.21 s
There's a bug in the CANCEL message, because the test is "mips" specific
and not specific to the arch parameter given.
[Qemu-devel] [PATCH v4 5/8] block: Fix potential Null pointer dereferences in vvfat.c
The calls to find_mapping_for_cluster() may return NULL but it
isn't always checked for before dereferencing the value returned.
Additionally, add some asserts to cover cases where NULL can't
be returned but which might not be obvious at first glance.
Signed-off-by: Liam Merwick
---
block/vvfat.c | 33 -
1 file changed, 28 insertions(+), 5 deletions(-)
diff --git a/block/vvfat.c b/block/vvfat.c
index fc41841a5c3c..19f6725054a0 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -100,6 +100,7 @@ static inline void array_free(array_t* array)
/* does not automatically grow */
static inline void* array_get(array_t* array,unsigned int index) {
assert(index < array->next);
+assert(array->pointer);
return array->pointer + index * array->item_size;
}
@@ -108,8 +109,7 @@ static inline int array_ensure_allocated(array_t* array,
int index)
if((index + 1) * array->item_size > array->size) {
int new_size = (index + 32) * array->item_size;
array->pointer = g_realloc(array->pointer, new_size);
-if (!array->pointer)
-return -1;
+assert(array->pointer);
memset(array->pointer + array->size, 0, new_size - array->size);
array->size = new_size;
array->next = index + 1;
@@ -2261,6 +2261,9 @@ static mapping_t* insert_mapping(BDRVVVFATState* s,
}
if (index >= s->mapping.next || mapping->begin > begin) {
mapping = array_insert(&(s->mapping), index, 1);
+if (mapping == NULL) {
+return NULL;
+}
mapping->path = NULL;
adjust_mapping_indices(s, index, +1);
}
@@ -2428,6 +2431,9 @@ static int commit_direntries(BDRVVVFATState* s,
direntry_t* direntry = array_get(&(s->directory), dir_index);
uint32_t first_cluster = dir_index == 0 ? 0 : begin_of_direntry(direntry);
mapping_t* mapping = find_mapping_for_cluster(s, first_cluster);
+if (mapping == NULL) {
+return -1;
+}
int factor = 0x10 * s->sectors_per_cluster;
int old_cluster_count, new_cluster_count;
@@ -2494,6 +2500,9 @@ DLOG(fprintf(stderr, "commit_direntries for %s,
parent_mapping_index %d\n", mapp
direntry = array_get(&(s->directory), first_dir_index + i);
if (is_directory(direntry) && !is_dot(direntry)) {
mapping = find_mapping_for_cluster(s, first_cluster);
+if (mapping == NULL) {
+return -1;
+}
assert(mapping->mode & MODE_DIRECTORY);
ret = commit_direntries(s, first_dir_index + i,
array_index(&(s->mapping), mapping));
@@ -2522,6 +2531,10 @@ static int commit_one_file(BDRVVVFATState* s,
assert(offset < size);
assert((offset % s->cluster_size) == 0);
+if (mapping == NULL) {
+return -1;
+}
+
for (i = s->cluster_size; i < offset; i += s->cluster_size)
c = modified_fat_get(s, c);
@@ -2668,8 +2681,12 @@ static int handle_renames_and_mkdirs(BDRVVVFATState* s)
if (commit->action == ACTION_RENAME) {
mapping_t* mapping = find_mapping_for_cluster(s,
commit->param.rename.cluster);
-char* old_path = mapping->path;
+char *old_path;
+if (mapping == NULL) {
+return -1;
+}
+old_path = mapping->path;
assert(commit->path);
mapping->path = commit->path;
if (rename(old_path, mapping->path))
@@ -2690,10 +2707,15 @@ static int handle_renames_and_mkdirs(BDRVVVFATState* s)
direntry_t* d = direntry + i;
if (is_file(d) || (is_directory(d) && !is_dot(d))) {
+int l;
+char *new_path;
mapping_t* m = find_mapping_for_cluster(s,
begin_of_direntry(d));
-int l = strlen(m->path);
-char* new_path = g_malloc(l + diff + 1);
+if (m == NULL) {
+return -1;
+}
+l = strlen(m->path);
+new_path = g_malloc(l + diff + 1);
assert(!strncmp(m->path, mapping->path, l2));
@@ -3193,6 +3215,7 @@ static int enable_write_target(BlockDriverState *bs,
Error **errp)
backing = bdrv_new_open_driver(_write_target, NULL,
BDRV_O_ALLOW_RDWR,
_abort);
+assert(backing);
*(void**) backing->opaque = s;
bdrv_set_backing_hd(s->bs, backing, _abort);
--
1.8.3.1
[Qemu-devel] [PATCH v4 8/8] kvm: Potential NULL pointer dereference in kvm_arch_init_vcpu()
In kvm_arch_init_vcpu() a call to cpuid_find_entry() can return
NULL so the pointer returned should be checked before dereferencing it.
Signed-off-by: Liam Merwick
---
target/i386/kvm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index dc4047b02fc5..eb19c87a9d25 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1177,7 +1177,9 @@ int kvm_arch_init_vcpu(CPUState *cs)
c->ecx = c->edx = 0;
c = cpuid_find_entry(_data.cpuid, kvm_base, 0);
-c->eax = MAX(c->eax, KVM_CPUID_SIGNATURE | 0x10);
+if (c) {
+c->eax = MAX(c->eax, KVM_CPUID_SIGNATURE | 0x10);
+ }
}
cpuid_data.cpuid.nent = cpuid_i;
--
1.8.3.1
[Qemu-devel] [PATCH v4 1/8] configure: Provide option to explicitly disable AVX2
The configure script detects if the compiler has AVX2 support and
automatically sets avx2_opt="yes" which in turn defines CONFIG_AVX2_OPT.
There is no way of explicitly overriding this setting so this commit adds
two command-line options: --enable-avx2 and --disable-avx2.
The default behaviour, when no option is specified, is to maintain the
current behaviour and enable AVX2 if the compiler supports it.
Signed-off-by: Liam Merwick
Reviewed-by: Darren Kenny
Reviewed-by: Mark Kanda
---
configure | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/configure b/configure
index 9138af37f8a0..3a3e5f7004ce 100755
--- a/configure
+++ b/configure
@@ -428,7 +428,7 @@ usb_redir=""
opengl=""
opengl_dmabuf="no"
cpuid_h="no"
-avx2_opt="no"
+avx2_opt=""
zlib="yes"
capstone=""
lzo=""
@@ -1332,6 +1332,10 @@ for opt do
;;
--disable-glusterfs) glusterfs="no"
;;
+ --disable-avx2) avx2_opt="no"
+ ;;
+ --enable-avx2) avx2_opt="yes"
+ ;;
--enable-glusterfs) glusterfs="yes"
;;
--disable-virtio-blk-data-plane|--enable-virtio-blk-data-plane)
@@ -1706,6 +1710,7 @@ disabled with --disable-FEATURE, default is enabled if
available:
libxml2 for Parallels image format
tcmalloctcmalloc support
jemallocjemalloc support
+ avx2AVX2 optimization support
replication replication support
vhost-vsock virtio sockets device support
opengl opengl support
@@ -5094,7 +5099,7 @@ fi
# There is no point enabling this if cpuid.h is not usable,
# since we won't be able to select the new routines.
-if test $cpuid_h = yes; then
+if test "$cpuid_h" = "yes" -a "$avx2_opt" != "no"; then
cat > $TMPC << EOF
#pragma GCC push_options
#pragma GCC target("avx2")
@@ -5108,6 +5113,8 @@ int main(int argc, char *argv[]) { return bar(argv[0]); }
EOF
if compile_object "" ; then
avx2_opt="yes"
+ else
+avx2_opt="no"
fi
fi
--
1.8.3.1
[Qemu-devel] [PATCH v4 7/8] qcow2: Read outside array bounds in qcow2_pre_write_overlap_check()
The commit for 0e4e4318eaa5 increments QCOW2_OL_MAX_BITNR but does not
add an array entry for QCOW2_OL_BITMAP_DIRECTORY_BITNR to metadata_ol_names[].
As a result, an array dereference of metadata_ol_names[8] in
qcow2_pre_write_overlap_check() could result in a read outside of the array
bounds.
Fixes: 0e4e4318eaa5 ('qcow2: add overlap check for bitmap directory')
Cc: Vladimir Sementsov-Ogievskiy
Signed-off-by: Liam Merwick
Reviewed-by: Eric Blake
Reviewed-by: Max Reitz
---
block/qcow2-refcount.c | 18 ++
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 3c539f02e5ec..46082aeac1d6 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -2719,15 +2719,17 @@ int qcow2_check_metadata_overlap(BlockDriverState *bs,
int ign, int64_t offset,
}
static const char *metadata_ol_names[] = {
-[QCOW2_OL_MAIN_HEADER_BITNR]= "qcow2_header",
-[QCOW2_OL_ACTIVE_L1_BITNR] = "active L1 table",
-[QCOW2_OL_ACTIVE_L2_BITNR] = "active L2 table",
-[QCOW2_OL_REFCOUNT_TABLE_BITNR] = "refcount table",
-[QCOW2_OL_REFCOUNT_BLOCK_BITNR] = "refcount block",
-[QCOW2_OL_SNAPSHOT_TABLE_BITNR] = "snapshot table",
-[QCOW2_OL_INACTIVE_L1_BITNR]= "inactive L1 table",
-[QCOW2_OL_INACTIVE_L2_BITNR]= "inactive L2 table",
+[QCOW2_OL_MAIN_HEADER_BITNR]= "qcow2_header",
+[QCOW2_OL_ACTIVE_L1_BITNR] = "active L1 table",
+[QCOW2_OL_ACTIVE_L2_BITNR] = "active L2 table",
+[QCOW2_OL_REFCOUNT_TABLE_BITNR] = "refcount table",
+[QCOW2_OL_REFCOUNT_BLOCK_BITNR] = "refcount block",
+[QCOW2_OL_SNAPSHOT_TABLE_BITNR] = "snapshot table",
+[QCOW2_OL_INACTIVE_L1_BITNR]= "inactive L1 table",
+[QCOW2_OL_INACTIVE_L2_BITNR]= "inactive L2 table",
+[QCOW2_OL_BITMAP_DIRECTORY_BITNR] = "bitmap directory",
};
+QEMU_BUILD_BUG_ON(QCOW2_OL_MAX_BITNR != ARRAY_SIZE(metadata_ol_names));
/*
* First performs a check for metadata overlaps (through
--
1.8.3.1
[Qemu-devel] [PATCH v4 4/8] qemu-img: assert block_job_get() does not return NULL in img_commit()
Although the function block_job_get() can return NULL, it would be a
serious bug if it did so (because the job yields before executing anything
(if it started successfully); but otherwise, commit_active_start() would
have returned an error). However, as a precaution, before dereferencing
the 'job' pointer in img_commit() assert it is not NULL.
Signed-off-by: Liam Merwick
---
qemu-img.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/qemu-img.c b/qemu-img.c
index b12f4cd19b0a..457aa152296b 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1029,6 +1029,7 @@ static int img_commit(int argc, char **argv)
}
job = block_job_get("commit");
+assert(job);
run_block_job(job, _err);
if (local_err) {
goto unref_backing;
--
1.8.3.1
[Qemu-devel] [PATCH v4 6/8] block: dump_qlist() may dereference a Null pointer
A NULL 'list' passed into function dump_qlist() isn't correctly
validated and can be passed to qlist_first() where it is dereferenced.
Given that dump_qlist() is static, and callers already do the right
thing, just add an assert to catch future potential bugs (plus the
added benefit of suppressing a warning from a static analysis tool
and removing this noise will help us better find real issues).
Signed-off-by: Liam Merwick
Reviewed-by: Eric Blake
---
block/qapi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/block/qapi.c b/block/qapi.c
index c66f949db839..e81be604217c 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -740,6 +740,8 @@ static void dump_qlist(fprintf_function func_fprintf, void
*f, int indentation,
const QListEntry *entry;
int i = 0;
+assert(list);
+
for (entry = qlist_first(list); entry; entry = qlist_next(entry), i++) {
QType type = qobject_type(entry->value);
bool composite = (type == QTYPE_QDICT || type == QTYPE_QLIST);
--
1.8.3.1
[Qemu-devel] [PATCH v4 2/8] job: Fix off-by-one assert checks for JobSTT and JobVerbTable
In the assert checking the array dereference of JobVerbTable[verb]
in job_apply_verb() the check of the index, verb, allows an overrun
because an index equal to the array size is permitted.
Similarly, in the assert check of JobSTT[s0][s1] with index s1
in job_state_transition(), an off-by-one overrun is not flagged
either.
This is not a run-time issue as there are no callers actually
passing in the max value.
Signed-off-by: Liam Merwick
Reviewed-by: Darren Kenny
Reviewed-by: Mark Kanda
Reviewed-by: Eric Blake
Reviewed-by: John Snow
---
job.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/job.c b/job.c
index c65e01bbfa34..da8e4b7bf2f3 100644
--- a/job.c
+++ b/job.c
@@ -159,7 +159,7 @@ bool job_is_internal(Job *job)
static void job_state_transition(Job *job, JobStatus s1)
{
JobStatus s0 = job->status;
-assert(s1 >= 0 && s1 <= JOB_STATUS__MAX);
+assert(s1 >= 0 && s1 < JOB_STATUS__MAX);
trace_job_state_transition(job, job->ret,
JobSTT[s0][s1] ? "allowed" : "disallowed",
JobStatus_str(s0), JobStatus_str(s1));
@@ -174,7 +174,7 @@ static void job_state_transition(Job *job, JobStatus s1)
int job_apply_verb(Job *job, JobVerb verb, Error **errp)
{
JobStatus s0 = job->status;
-assert(verb >= 0 && verb <= JOB_VERB__MAX);
+assert(verb >= 0 && verb < JOB_VERB__MAX);
trace_job_apply_verb(job, JobStatus_str(s0), JobVerb_str(verb),
JobVerbTable[verb][s0] ? "allowed" : "prohibited");
if (JobVerbTable[verb][s0]) {
--
1.8.3.1
[Qemu-devel] [PATCH v4 3/8] block: Null pointer dereference in blk_root_get_parent_desc()
The dev_id returned by the call to blk_get_attached_dev_id() in
blk_root_get_parent_desc() can be NULL (an internal call to
object_get_canonical_path may have returned NULL).
Instead of just checking this case before before dereferencing,
adjust blk_get_attached_dev_id() to return the empty string if no
object path can be found (similar to the case when blk->dev is NULL
and an empty string is returned).
Signed-off-by: Liam Merwick
---
block/block-backend.c | 6 +-
dtc | 2 +-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/block/block-backend.c b/block/block-backend.c
index dc0cd5772413..e628920f3cd8 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -909,6 +909,7 @@ void *blk_get_attached_dev(BlockBackend *blk)
char *blk_get_attached_dev_id(BlockBackend *blk)
{
DeviceState *dev;
+char *dev_id;
assert(!blk->legacy_dev);
dev = blk->dev;
@@ -918,7 +919,10 @@ char *blk_get_attached_dev_id(BlockBackend *blk)
} else if (dev->id) {
return g_strdup(dev->id);
}
-return object_get_canonical_path(OBJECT(dev));
+
+dev_id = object_get_canonical_path(OBJECT(dev));
+
+return dev_id ? dev_id : g_strdup("");
}
/*
diff --git a/dtc b/dtc
index 88f18909db73..e54388015af1 16
--- a/dtc
+++ b/dtc
@@ -1 +1 @@
-Subproject commit 88f18909db731a627456f26d779445f84e449536
+Subproject commit e54388015af1fb4bf04d0bca99caba1074d9cc42
--
1.8.3.1
[Qemu-devel] [PATCH v4 0/8] off-by-one and NULL pointer accesses detected by static analysis
Below are a number of fixes to some off-by-one, read outside array bounds, and NULL pointer accesses detected by an internal Oracle static analysis tool (Parfait). https://labs.oracle.com/pls/apex/f?p=labs:49:P49_PROJECT_ID:13 I have also included a patch to add a command-line option to configure to select if AVX2 is used or not (keeping the existing behaviour by default). My motivation was avoiding an issue with the static analysis tool but NetSpectre was announced as I was working on this and I felt it may have more general uses. v1 -> v2 Based on feedback from Eric Blake: patch2: reworded commit message to clarify issue patch6: Reverted common qlist routines and added assert to qlist_dump instead patch7: Fixed incorrect logic patch8: Added QEMU_BUILD_BUG_ON to catch future іnstance at compile-time v2 -> v3 Based on feedback from Eric Blake: patch6: removed double space from commit message patch8: removed unnecessary comment and updated QEMU_BUILD_BUG_ON to use ARRAY_SIZE Added Eric's R-b to patches 6,7,8 v3 -> v4 Based on feedback from Max Reitz: patch2: Added R-b from John Snow patch3: fixed blk_get_attached_dev_id() instead of checking return value patch4: switched to assert() patch5: numerous changes based on feedback from Max patch6: updated commit message patch7: (was patch8): Added Max's R-b patch8: (new): patch fixing NULL pointer dereference in kvm_arch_init_vcpu() I also dropped the 'io: potential unnecessary check in qio_channel_command_new_spawn()' patch from v3 - it was correct but of no benefit to staic analysis checking Liam Merwick (8): configure: Provide option to explicitly disable AVX2 job: Fix off-by-one assert checks for JobSTT and JobVerbTable block: Null pointer dereference in blk_root_get_parent_desc() qemu-img: assert block_job_get() does not return NULL in img_commit() block: Fix potential Null pointer dereferences in vvfat.c block: dump_qlist() may dereference a Null pointer qcow2: Read outside array bounds in qcow2_pre_write_overlap_check() kvm: Potential NULL pointer dereference in kvm_arch_init_vcpu() block/block-backend.c | 6 +- block/qapi.c | 2 ++ block/qcow2-refcount.c | 18 ++ block/vvfat.c | 33 - configure | 11 +-- dtc| 2 +- job.c | 4 ++-- qemu-img.c | 1 + target/i386/kvm.c | 4 +++- 9 files changed, 61 insertions(+), 20 deletions(-) -- 1.8.3.1
Re: [Qemu-devel] [PATCH v3 6/8] block: dump_qlist() may dereference a Null pointer
On 12/10/18 16:22, Max Reitz wrote:
On 31.08.18 20:16, Liam Merwick wrote:
A NULL 'list' passed into function dump_qlist() isn't correctly
validated and can be passed to qlist_first() where it is dereferenced.
Given that dump_qlist() is static, and callers already do the right
thing, just add an assert to catch future potential bugs.
Signed-off-by: Liam Merwick
Reviewed-by: Eric Blake
---
block/qapi.c | 2 ++
1 file changed, 2 insertions(+)
I don't disagree, but I don't see why the program just wouldn't crash if
someone passed a NULL pointer. And I don't quite see why anyone would
pass a NULL pointer.
Of course it's reasonable to just add an assert() to reinforce the
contract; but we have so many functions that just take a pointer that
they assume to be non-NULL and then immediately dereference it. Nearly
every blk_* function takes a BlockBackend that is always assumed to be
non-NULL, for instance, and I don't really want to put assert()s into
all of them. Or another example: dump_qobject() and dump_qdict() do
exactly the same -- if we added an assertion in dump_qlist(), we would
actually have to add the very same assertions there, too.
So I don't really object this patch (because it's not wrong), but I
don't think it's very useful.
I agree with all the above - however I kept the patch in the series
given it was helping reduce the static analysis noise (hopefully making
it easier to spot real issues)
Regards,
Liam
Max
diff --git a/block/qapi.c b/block/qapi.c
index c66f949db839..e81be604217c 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -740,6 +740,8 @@ static void dump_qlist(fprintf_function func_fprintf, void
*f, int indentation,
const QListEntry *entry;
int i = 0;
+assert(list);
+
for (entry = qlist_first(list); entry; entry = qlist_next(entry), i++) {
QType type = qobject_type(entry->value);
bool composite = (type == QTYPE_QDICT || type == QTYPE_QLIST);
Re: [Qemu-devel] [PATCH v3 4/8] qemu-img: potential Null pointer deref in img_commit()
On 12/10/18 15:51, Max Reitz wrote:
On 31.08.18 20:16, Liam Merwick wrote:
The function block_job_get() may return NULL so before dereferencing
the 'job' pointer in img_commit() it should be checked.
It may not because the job yields before executing anything (if it
started successfully; but otherwise, commit_active_start() would have
returned an error). Therefore, I think the better solution is to
assert(job) here.
Switched patch to use assert()
Regards,
Liam
(It would be a serious bug if block_job_get() returned NULL here, so
it's definitely not something we can be quiet about. But this patch
makes it so the user doesn't even notice.)
Max
Signed-off-by: Liam Merwick
Reviewed-by: Darren Kenny
Reviewed-by: Mark Kanda
---
qemu-img.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/qemu-img.c b/qemu-img.c
index b12f4cd19b0a..51fe09bd08ed 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1029,6 +1029,9 @@ static int img_commit(int argc, char **argv)
}
job = block_job_get("commit");
+if (job == NULL) {
+goto unref_backing;
+}
run_block_job(job, _err);
if (local_err) {
goto unref_backing;
Re: [Qemu-devel] [PATCH v3 5/8] block: Fix potential Null pointer dereferences in vvfat.c
On 12/10/18 16:14, Max Reitz wrote:
On 31.08.18 20:16, Liam Merwick wrote:
The calls to bdrv_new_open_driver(), find_mapping_for_cluster(),
and array_get_next() may return NULL but it isn't always checked for
before dereferencing the value returned.
Signed-off-by: Liam Merwick
Reviewed-by: Darren Kenny
Reviewed-by: Mark Kanda
---
block/vvfat.c | 56
1 file changed, 56 insertions(+)
diff --git a/block/vvfat.c b/block/vvfat.c
index fc41841a5c3c..0f1f10a2f94b 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -448,6 +448,9 @@ static direntry_t *create_long_filename(BDRVVVFATState *s,
const char *filename)
for(i=0;i
entry=array_get_next(&(s->directory));
+if (entry == NULL) {
+continue;
+}
This is a bug in array_ensure_allocated(). It uses g_realloc() with a
non-zero size, so that function will never return NULL. It will rather
abort().
Therefore, array_ensure_allocated() cannot fail. Consequentially,
array_get_next() cannot fail.
I've reverted this (and the rest of the 'As above' comments below)
entry->attributes=0xf;
entry->reserved[0]=0;
entry->begin=0;
@@ -665,6 +668,9 @@ static inline void fat_set(BDRVVVFATState* s,unsigned int
cluster,uint32_t value
} else {
int offset = (cluster*3/2);
unsigned char* p = array_get(&(s->fat), offset);
+if (p == NULL) {
+return;
+}
This is only reached if array_get_next() was called before. Therefore,
this cannot return NULL.
However, an assert(array->pointer); in array_get() can't hurt.
Done.
switch (cluster&1) {
case 0:
p[0] = value&0xff;
@@ -730,6 +736,9 @@ static inline direntry_t*
create_short_and_long_name(BDRVVVFATState* s,
if(is_dot) {
entry=array_get_next(&(s->directory));
+if (entry == NULL) {
+return NULL;
+}
As above.
memset(entry->name, 0x20, sizeof(entry->name));
memcpy(entry->name,filename,strlen(filename));
return entry;
@@ -844,6 +853,12 @@ static int read_directory(BDRVVVFATState* s, int
mapping_index)
/* create mapping for this file */
if(!is_dot && !is_dotdot && (S_ISDIR(st.st_mode) || st.st_size)) {
s->current_mapping = array_get_next(&(s->mapping));
+if (s->current_mapping == NULL) {
+fprintf(stderr, "Failed to create mapping for file\n");
+g_free(buffer);
+closedir(dir);
+return -2;
+}
As above.
s->current_mapping->begin=0;
s->current_mapping->end=st.st_size;
/*
@@ -941,6 +956,9 @@ static int init_directories(BDRVVVFATState* s,
/* add volume label */
{
direntry_t* entry=array_get_next(&(s->directory));
+if (entry == NULL) {
+return -1;
+}
As above.
entry->attributes=0x28; /* archive | volume label */
memcpy(entry->name, s->volume_label, sizeof(entry->name));
}
@@ -953,6 +971,9 @@ static int init_directories(BDRVVVFATState* s,
s->cluster_count=sector2cluster(s, s->sector_count);
mapping = array_get_next(&(s->mapping));
+if (mapping == NULL) {
+return -1;
+}
As above.
mapping->begin = 0;
mapping->dir_index = 0;
mapping->info.dir.parent_mapping_index = -1;
@@ -1630,6 +1651,9 @@ static void schedule_rename(BDRVVVFATState* s,
uint32_t cluster, char* new_path)
{
commit_t* commit = array_get_next(&(s->commits));
+if (commit == NULL) {
+return;
+}
As above.
commit->path = new_path;
commit->param.rename.cluster = cluster;
commit->action = ACTION_RENAME;
@@ -1639,6 +1663,9 @@ static void schedule_writeout(BDRVVVFATState* s,
int dir_index, uint32_t modified_offset)
{
commit_t* commit = array_get_next(&(s->commits));
+if (commit == NULL) {
+return;
+}
As above.
commit->path = NULL;
commit->param.writeout.dir_index = dir_index;
commit->param.writeout.modified_offset = modified_offset;
@@ -1649,6 +1676,9 @@ static void schedule_new_file(BDRVVVFATState* s,
char* path, uint32_t first_cluster)
{
commit_t* commit = array_get_next(&(s->commits));
+if (commit == NULL) {
+return;
+}
As above.
commit->path = path;
commit->param.new_file.first_cluster = first_cluster;
commit->action = ACTION_NEW_FILE;
@@ -1657,6 +1687,9 @@ static void schedule_new_file(BDRVVVFATState* s,
static void schedule_mkdir(BDRVVVFATState* s, uint32_t cluster, char* path)
{
commit_t* commit = array_get_next(&(s->commits));
+if (commit == NULL) {
+return;
+}
As above.
commit->path = path;
commit->param.mkdir.cluster = cluster;
commit->action =
Re: [Qemu-devel] [PATCH v3 3/8] block: Null pointer dereference in blk_root_get_parent_desc()
On 12/10/18 15:48, Max Reitz wrote:
Hi,
On 31.08.18 20:16, Liam Merwick wrote:
The dev_id returned by the call to blk_get_attached_dev_id() in
blk_root_get_parent_desc() can be NULL (an internal call to
object_get_canonical_path may have returned NULL) so it should
be checked before dereferencing.
Signed-off-by: Liam Merwick
Reviewed-by: Darren Kenny
Reviewed-by: Mark Kanda
---
block/block-backend.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/block-backend.c b/block/block-backend.c
index fa120630be83..210eee75006a 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -136,7 +136,7 @@ static char *blk_root_get_parent_desc(BdrvChild *child)
}
dev_id = blk_get_attached_dev_id(blk);
-if (*dev_id) {
+if (dev_id && *dev_id) {
return dev_id;
I rather think that blk_get_attached_dev_id() needs attention first. It
returns an explicitly empty string if blk->dev is NULL. If NULL was a
valid return value, it should just return NULL there.
Besides this caller, there are two callers that pass the dev_id to
qapi_event_send_device_tray_moved(). Now in practice that allows the
string to be NULL, but there is a comment in visit_type_str() that says
one should not pass NULL.
So it's either changing blk_get_attached_dev_id() to return NULL when
there is no valid ID (instead of the empty string, and then we could
save ourselves the check "*dev_id" here and elsewhere), but then we have
to fix all callers.
Or we make it return an empty string if object_get_canonical_path()
returned NULL.
I went with the latter and now (in upcoming v4) check the return value
from object_get_canonical_path() and return an empty string if it's NULL.
Regards,
Liam
Max
} else {
/* TODO Callback into the BB owner for something more detailed */
Re: [Qemu-devel] [PULL 00/45] Machine queue, 2018-10-18
On Fri, Oct 19, 2018 at 09:53:45PM +0200, Igor Mammedov wrote:
> On Fri, 19 Oct 2018 15:44:08 -0300
> Eduardo Habkost wrote:
>
> > On Fri, Oct 19, 2018 at 03:12:31PM +0100, Peter Maydell wrote:
> > > On 18 October 2018 at 21:03, Eduardo Habkost wrote:
> > > > The following changes since commit
> > > > 09558375a634e17cea6cfbfec883ac2376d2dc7f:
> > > >
> > > > Merge remote-tracking branch
> > > > 'remotes/pmaydell/tags/pull-target-arm-20181016-1' into staging
> > > > (2018-10-16 17:42:56 +0100)
> > > >
> > > > are available in the Git repository at:
> > > >
> > > > git://github.com/ehabkost/qemu.git tags/machine-next-pull-request
> > > >
> > > > for you to fetch changes up to 6d8e1bcc7dd5e819ce81e6a87fffe23e39c700cc:
> > > >
> > > > numa: Clean up error reporting in parse_numa() (2018-10-17 16:33:40
> > > > -0300)
> > > >
> > > >
> > > > Machine queue, 2018-10-18
> > > >
> > > > * sysbus init/realize cleanups
> > > > (Cédric Le Goater, Philippe Mathieu-Daudé)
> > > > * memory-device refactoring (David Hildenbrand)
> > > > * -smp: deprecate incorrect CPUs topology (Igor Mammedov)
> > > > * -numa parsing cleanups (Markus Armbruster)
> > > > * Fix hostmem-file memory leak (Zhang Yi)
> > > > * Typo fix (Li Qiang)
> > > >
> > > >
> > > >
> > >
> > > Hi. This had some problems in merge testing, I'm afraid:
> > >
> > > On aarch64 host, warnings running tests/cpu-plug-test for i386 and s390
> > > targets:
> > >
> > > TEST: tests/cpu-plug-test... (pid=12602)
> > > /i386/cpu-plug/pc-i440fx-3.0/cpu-add/1x3x2=12:
> > > qemu-system-i386: warning: Invalid CPU topology deprecated: sockets
> > > (1) * cores (3) * threads (2) != maxcpus (12)
> > [...]
> > >
> > > (plus similar ppc64, x86_64 targets)
> >
> > Ouch. Apologies.
> >
> > Can we please do something make sure "make check" will fail on
> > these cases? I'd like to be able to trust CI systems like
> > travis-ci.
> >
>
> we probably don't want make check fail on warning.
I disagree. If a warning is blocking a pull request from being
merged, it must make CI systems fail too. Otherwise we're
defeating the purpose of CI systems.
> Test was written with assumption that s/c/t tuples matches initially present
> CPUs, hence a warning.
> Would something like following fix the issue (local x86 build/test looks
> fixed with it)?
It works for me. I will queue it on machine-next, thanks!
>
> diff --git a/tests/cpu-plug-test.c b/tests/cpu-plug-test.c
> index 3e93c8e..f4a677d 100644
> --- a/tests/cpu-plug-test.c
> +++ b/tests/cpu-plug-test.c
> @@ -32,12 +32,12 @@ static void test_plug_with_cpu_add(gconstpointer data)
> unsigned int i;
>
> args = g_strdup_printf("-machine %s -cpu %s "
> - "-smp sockets=%u,cores=%u,threads=%u,maxcpus=%u",
> + "-smp
> 1,sockets=%u,cores=%u,threads=%u,maxcpus=%u",
> s->machine, s->cpu_model,
> s->sockets, s->cores, s->threads, s->maxcpus);
> qtest_start(args);
>
> -for (i = s->sockets * s->cores * s->threads; i < s->maxcpus; i++) {
> +for (i = 1; i < s->maxcpus; i++) {
> response = qmp("{ 'execute': 'cpu-add',"
> " 'arguments': { 'id': %d } }", i);
> g_assert(response);
> @@ -56,7 +56,7 @@ static void test_plug_without_cpu_add(gconstpointer data)
> QDict *response;
>
> args = g_strdup_printf("-machine %s -cpu %s "
> - "-smp sockets=%u,cores=%u,threads=%u,maxcpus=%u",
> + "-smp
> 1,sockets=%u,cores=%u,threads=%u,maxcpus=%u",
> s->machine, s->cpu_model,
> s->sockets, s->cores, s->threads, s->maxcpus);
> qtest_start(args);
> @@ -79,12 +79,12 @@ static void test_plug_with_device_add_x86(gconstpointer
> data)
> unsigned int s, c, t;
>
> args = g_strdup_printf("-machine %s -cpu %s "
> - "-smp sockets=%u,cores=%u,threads=%u,maxcpus=%u",
> + "-smp
> 1,sockets=%u,cores=%u,threads=%u,maxcpus=%u",
> td->machine, td->cpu_model,
> td->sockets, td->cores, td->threads, td->maxcpus);
> qtest_start(args);
>
> -for (s = td->sockets; s < td->maxcpus / td->cores / td->threads; s++) {
> +for (s = 1; s < td->sockets; s++) {
> for (c = 0; c < td->cores; c++) {
> for (t = 0; t < td->threads; t++) {
> char *id = g_strdup_printf("id-%i-%i-%i", s, c, t);
> @@ -113,7 +113,7 @@ static void
> test_plug_with_device_add_coreid(gconstpointer data)
> td->sockets, td->cores, td->threads, td->maxcpus);
> qtest_start(args);
>
> -for (c = td->cores; c < td->maxcpus / td->sockets / td->threads; c++) {
> +for
Re: [Qemu-devel] [PATCH v2 8/9] iotests: Modify imports for Python 3
On Fri, Oct 19, 2018 at 09:15:22PM +0200, Max Reitz wrote:
> There are two imports that need to be modified when running the iotests
> under Python 3: One is StringIO, which no longer exists; instead, the
> StringIO class comes from the io module, so import it from there (and
> use the BytesIO class for Python 2). The other is the ConfigParser,
> which has just been renamed to configparser.
>
> Signed-off-by: Max Reitz
> ---
> tests/qemu-iotests/iotests.py| 13 +
> tests/qemu-iotests/nbd-fault-injector.py | 7 +--
> 2 files changed, 14 insertions(+), 6 deletions(-)
>
> diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
> index 7ca94e9278..ed91095505 100644
> --- a/tests/qemu-iotests/iotests.py
> +++ b/tests/qemu-iotests/iotests.py
> @@ -29,6 +29,7 @@ import json
> import signal
> import logging
> import atexit
> +import io
>
> sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..',
> 'scripts'))
> import qtest
> @@ -681,15 +682,19 @@ def main(supported_fmts=[], supported_oses=['linux'],
> supported_cache_modes=[],
> verify_platform(supported_oses)
> verify_cache_mode(supported_cache_modes)
>
> -# We need to filter out the time taken from the output so that
> qemu-iotest
> -# can reliably diff the results against master output.
> -import StringIO
> if debug:
> output = sys.stdout
> verbosity = 2
> sys.argv.remove('-d')
> else:
> -output = StringIO.StringIO()
> +# We need to filter out the time taken from the output so that
> +# qemu-iotest can reliably diff the results against master output.
> +if sys.version_info.major >= 3:
> +output = io.StringIO()
> +else:
> +# StringIO() is for unicode strings, which is not what
Nit: I would change the comment to say "io.StringIO" instead of
"StringIO", to avoid confusion with StringIO.StringIO.
Not a big deal, so:
Reviewed-by: Eduardo Habkost
> +# 2.x's test runner emits.
> +output = io.BytesIO()
>
> logging.basicConfig(level=(logging.DEBUG if debug else logging.WARN))
>
> diff --git a/tests/qemu-iotests/nbd-fault-injector.py
> b/tests/qemu-iotests/nbd-fault-injector.py
> index d45e2e0a6a..6b2d659dee 100755
> --- a/tests/qemu-iotests/nbd-fault-injector.py
> +++ b/tests/qemu-iotests/nbd-fault-injector.py
> @@ -48,7 +48,10 @@ import sys
> import socket
> import struct
> import collections
> -import ConfigParser
> +if sys.version_info.major >= 3:
> +import configparser
> +else:
> +import ConfigParser as configparser
>
> FAKE_DISK_SIZE = 8 * 1024 * 1024 * 1024 # 8 GB
>
> @@ -225,7 +228,7 @@ def parse_config(config):
> return rules
>
> def load_rules(filename):
> -config = ConfigParser.RawConfigParser()
> +config = configparser.RawConfigParser()
> with open(filename, 'rt') as f:
> config.readfp(f, filename)
> return parse_config(config)
> --
> 2.17.1
>
--
Eduardo
Re: [Qemu-devel] [PATCH v2 6/9] iotests: Explicitly inherit FDs in Python
On Fri, Oct 19, 2018 at 09:15:20PM +0200, Max Reitz wrote:
> Python 3.4 introduced the inheritable attribute for FDs. At the same
> time, it changed the default so that all FDs are not inheritable by
> default, that only inheritable FDs are inherited to subprocesses, and
> only if close_fds is explicitly set to False.
>
> Adhere to this by setting close_fds to False when working with
> subprocesses that may want to inherit FDs, and by trying to
> set_inheritable() on FDs that we do want to bequeath to them.
>
> Signed-off-by: Max Reitz
> ---
> scripts/qemu.py| 34 +-
> tests/qemu-iotests/045 | 2 +-
> tests/qemu-iotests/147 | 2 +-
> 3 files changed, 31 insertions(+), 7 deletions(-)
>
> diff --git a/scripts/qemu.py b/scripts/qemu.py
> index f099ce7278..fb29b73c30 100644
> --- a/scripts/qemu.py
> +++ b/scripts/qemu.py
> @@ -142,11 +142,19 @@ class QEMUMachine(object):
> if opts:
> options.append(opts)
>
> +# This did not exist before 3.4, but since then it is
> +# mandatory for our purpose
> +if hasattr(os, 'set_inheritable'):
> +os.set_inheritable(fd, True)
> +
> self._args.append('-add-fd')
> self._args.append(','.join(options))
> return self
>
> -def send_fd_scm(self, fd_file_path):
> +# Exactly one of fd and file_path must be given.
> +# (If it is file_path, the helper will open that file and pass its
> +# own fd)
> +def send_fd_scm(self, fd=None, file_path=None):
> # In iotest.py, the qmp should always use unix socket.
> assert self._qmp.is_scm_available()
> if self._socket_scm_helper is None:
> @@ -154,12 +162,27 @@ class QEMUMachine(object):
> if not os.path.exists(self._socket_scm_helper):
> raise QEMUMachineError("%s does not exist" %
> self._socket_scm_helper)
> +
> +# This did not exist before 3.4, but since then it is
> +# mandatory for our purpose
> +if hasattr(os, 'set_inheritable'):
> +os.set_inheritable(self._qmp.get_sock_fd(), True)
> +if fd is not None:
I was going to suggest keeping the existing function parameter,
and using:
isinstance(fd_file_path, int)
But your solution makes callers more explicit. This seems to be
a good thing.
Reviewed-by: Eduardo Habkost
> +os.set_inheritable(fd, True)
> +
> fd_param = ["%s" % self._socket_scm_helper,
> -"%d" % self._qmp.get_sock_fd(),
> -"%s" % fd_file_path]
> +"%d" % self._qmp.get_sock_fd()]
> +
> +if file_path is not None:
> +assert fd is None
> +fd_param.append(file_path)
> +else:
> +assert fd is not None
> +fd_param.append(str(fd))
> +
> devnull = open(os.path.devnull, 'rb')
> proc = subprocess.Popen(fd_param, stdin=devnull,
> stdout=subprocess.PIPE,
> -stderr=subprocess.STDOUT)
> +stderr=subprocess.STDOUT, close_fds=False)
> output = proc.communicate()[0]
> if output:
> LOG.debug(output)
> @@ -280,7 +303,8 @@ class QEMUMachine(object):
> stdin=devnull,
> stdout=self._qemu_log_file,
> stderr=subprocess.STDOUT,
> - shell=False)
> + shell=False,
> + close_fds=False)
> self._post_launch()
>
> def wait(self):
> diff --git a/tests/qemu-iotests/045 b/tests/qemu-iotests/045
> index 6be8fc4912..55a5d31ca8 100755
> --- a/tests/qemu-iotests/045
> +++ b/tests/qemu-iotests/045
> @@ -140,7 +140,7 @@ class TestSCMFd(iotests.QMPTestCase):
> os.remove(image0)
>
> def _send_fd_by_SCM(self):
> -ret = self.vm.send_fd_scm(image0)
> +ret = self.vm.send_fd_scm(file_path=image0)
> self.assertEqual(ret, 0, 'Failed to send fd with UNIX SCM')
>
> def test_add_fd(self):
> diff --git a/tests/qemu-iotests/147 b/tests/qemu-iotests/147
> index d2081df84b..05b374b7d3 100755
> --- a/tests/qemu-iotests/147
> +++ b/tests/qemu-iotests/147
> @@ -229,7 +229,7 @@ class BuiltinNBD(NBDBlockdevAddBase):
> sockfd = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
> sockfd.connect(unix_socket)
>
> -result = self.vm.send_fd_scm(str(sockfd.fileno()))
> +result = self.vm.send_fd_scm(fd=sockfd.fileno())
> self.assertEqual(result, 0, 'Failed to send socket FD')
>
> result = self.vm.qmp('getfd', fdname='nbd-fifo')
> --
> 2.17.1
>
--
Eduardo
Re: [Qemu-devel] [PATCH v2 4/9] iotests: Use // for Python integer division
On Fri, Oct 19, 2018 at 09:15:18PM +0200, Max Reitz wrote: > In Python 3, / is always a floating-point division. We usually do not > want this, and as Python 2.7 understands // as well, change all integer > divisions to use that. > > Signed-off-by: Max Reitz Reviewed-by: Eduardo Habkost -- Eduardo
Re: [Qemu-devel] [PATCH v2 5/9] iotests: Different iterator behavior in Python 3
On Fri, Oct 19, 2018 at 09:15:19PM +0200, Max Reitz wrote:
> In Python 3, several functions now return iterators instead of lists.
> This includes range(), items(), map(), and filter(). This means that if
> we really want a list, we have to wrap those instances with list(). But
> then again, the two instances where this is the case for map() and
> filter(), there are shorter expressions which work without either
> function.
>
> On the other hand, sometimes we do just want an iterator, in which case
> we have sometimes used xrange() and iteritems() which no longer exist in
> Python 3. Just change these calls to be range() and items(), works in
> both Python 2 and 3, and is really what we want in 3 (which is what
> matters). But because it is so simple to do (and to find and remove
> once we completely switch to Python 3), make range() be an alias for
> xrange() in the two affected tests (044 and 163).
>
> In one instance, we only wanted the first instance of the result of a
> filter() call. Instead of using next(filter()) which would work only in
> Python 3, or list(filter())[0] which would work everywhere but is a bit
> weird, this instance is changed to use list comprehension with a next()
> wrapped around, which works both in 2.7 and 3.
Nit: the expression you put inside next(...) is not a list
comprehension; it's a generator expression. A list comprehension
expression would generate the full list in advance before you get
the first element.
It would be OK to rewrite the expression using an actual list
comprehension:
drive = [drive for drive in result if drive['device'] == 'drive0'][0]
But the solution you chose is OK, too.
Reviewed-by: Eduardo Habkost
>
> Signed-off-by: Max Reitz
> ---
> tests/qemu-iotests/044 | 16 ++--
> tests/qemu-iotests/056 | 2 +-
> tests/qemu-iotests/065 | 4 ++--
> tests/qemu-iotests/124 | 4 ++--
> tests/qemu-iotests/139 | 2 +-
> tests/qemu-iotests/163 | 11 +++
> 6 files changed, 23 insertions(+), 16 deletions(-)
>
> diff --git a/tests/qemu-iotests/044 b/tests/qemu-iotests/044
> index 7ef5e46fe9..9ec3dba734 100755
> --- a/tests/qemu-iotests/044
> +++ b/tests/qemu-iotests/044
> @@ -26,6 +26,10 @@ import iotests
> from iotests import qemu_img, qemu_img_verbose, qemu_io
> import struct
> import subprocess
> +import sys
> +
> +if sys.version_info.major == 2:
> +range = xrange
>
> test_img = os.path.join(iotests.test_dir, 'test.img')
>
> @@ -52,23 +56,23 @@ class TestRefcountTableGrowth(iotests.QMPTestCase):
> # Write a refcount table
> fd.seek(off_reftable)
>
> -for i in xrange(0, h.refcount_table_clusters):
> +for i in range(0, h.refcount_table_clusters):
> sector = b''.join(struct.pack('>Q',
> off_refblock + i * 64 * 512 + j * 512)
> -for j in xrange(0, 64))
> +for j in range(0, 64))
> fd.write(sector)
>
> # Write the refcount blocks
> assert(fd.tell() == off_refblock)
> sector = b''.join(struct.pack('>H', 1) for j in range(0, 64 *
> 256))
> -for block in xrange(0, h.refcount_table_clusters):
> +for block in range(0, h.refcount_table_clusters):
> fd.write(sector)
>
> # Write the L1 table
> assert(fd.tell() == off_l1)
> assert(off_l2 + 512 * h.l1_size == off_data)
> table = b''.join(struct.pack('>Q', (1 << 63) | off_l2 + 512 * j)
> -for j in xrange(0, h.l1_size))
> +for j in range(0, h.l1_size))
> fd.write(table)
>
> # Write the L2 tables
> @@ -79,14 +83,14 @@ class TestRefcountTableGrowth(iotests.QMPTestCase):
> off = off_data
> while remaining > 1024 * 512:
> pytable = list((1 << 63) | off + 512 * j
> -for j in xrange(0, 1024))
> +for j in range(0, 1024))
> table = struct.pack('>1024Q', *pytable)
> fd.write(table)
> remaining = remaining - 1024 * 512
> off = off + 1024 * 512
>
> table = b''.join(struct.pack('>Q', (1 << 63) | off + 512 * j)
> -for j in xrange(0, remaining // 512))
> +for j in range(0, remaining // 512))
> fd.write(table)
>
>
> diff --git a/tests/qemu-iotests/056 b/tests/qemu-iotests/056
> index 223292175a..3df323984d 100755
> --- a/tests/qemu-iotests/056
> +++ b/tests/qemu-iotests/056
> @@ -32,7 +32,7 @@ target_img = os.path.join(iotests.test_dir, 'target.img')
> def img_create(img, fmt=iotests.imgfmt, size='64M', **kwargs):
> fullname = os.path.join(iotests.test_dir, '%s.%s' % (img, fmt))
> optargs = []
> -for k,v in kwargs.iteritems():
> +for k,v in kwargs.items():
> optargs = optargs + ['-o', '%s=%s' % (k,v)]
> args =
Re: [Qemu-devel] [PULL 00/45] Machine queue, 2018-10-18
On Fri, 19 Oct 2018 15:44:08 -0300
Eduardo Habkost wrote:
> On Fri, Oct 19, 2018 at 03:12:31PM +0100, Peter Maydell wrote:
> > On 18 October 2018 at 21:03, Eduardo Habkost wrote:
> > > The following changes since commit
> > > 09558375a634e17cea6cfbfec883ac2376d2dc7f:
> > >
> > > Merge remote-tracking branch
> > > 'remotes/pmaydell/tags/pull-target-arm-20181016-1' into staging
> > > (2018-10-16 17:42:56 +0100)
> > >
> > > are available in the Git repository at:
> > >
> > > git://github.com/ehabkost/qemu.git tags/machine-next-pull-request
> > >
> > > for you to fetch changes up to 6d8e1bcc7dd5e819ce81e6a87fffe23e39c700cc:
> > >
> > > numa: Clean up error reporting in parse_numa() (2018-10-17 16:33:40
> > > -0300)
> > >
> > >
> > > Machine queue, 2018-10-18
> > >
> > > * sysbus init/realize cleanups
> > > (Cédric Le Goater, Philippe Mathieu-Daudé)
> > > * memory-device refactoring (David Hildenbrand)
> > > * -smp: deprecate incorrect CPUs topology (Igor Mammedov)
> > > * -numa parsing cleanups (Markus Armbruster)
> > > * Fix hostmem-file memory leak (Zhang Yi)
> > > * Typo fix (Li Qiang)
> > >
> > >
> > >
> >
> > Hi. This had some problems in merge testing, I'm afraid:
> >
> > On aarch64 host, warnings running tests/cpu-plug-test for i386 and s390
> > targets:
> >
> > TEST: tests/cpu-plug-test... (pid=12602)
> > /i386/cpu-plug/pc-i440fx-3.0/cpu-add/1x3x2=12:
> > qemu-system-i386: warning: Invalid CPU topology deprecated: sockets
> > (1) * cores (3) * threads (2) != maxcpus (12)
> [...]
> >
> > (plus similar ppc64, x86_64 targets)
>
> Ouch. Apologies.
>
> Can we please do something make sure "make check" will fail on
> these cases? I'd like to be able to trust CI systems like
> travis-ci.
>
we probably don't want make check fail on warning.
Test was written with assumption that s/c/t tuples matches initially present
CPUs, hence a warning.
Would something like following fix the issue (local x86 build/test looks fixed
with it)?
diff --git a/tests/cpu-plug-test.c b/tests/cpu-plug-test.c
index 3e93c8e..f4a677d 100644
--- a/tests/cpu-plug-test.c
+++ b/tests/cpu-plug-test.c
@@ -32,12 +32,12 @@ static void test_plug_with_cpu_add(gconstpointer data)
unsigned int i;
args = g_strdup_printf("-machine %s -cpu %s "
- "-smp sockets=%u,cores=%u,threads=%u,maxcpus=%u",
+ "-smp 1,sockets=%u,cores=%u,threads=%u,maxcpus=%u",
s->machine, s->cpu_model,
s->sockets, s->cores, s->threads, s->maxcpus);
qtest_start(args);
-for (i = s->sockets * s->cores * s->threads; i < s->maxcpus; i++) {
+for (i = 1; i < s->maxcpus; i++) {
response = qmp("{ 'execute': 'cpu-add',"
" 'arguments': { 'id': %d } }", i);
g_assert(response);
@@ -56,7 +56,7 @@ static void test_plug_without_cpu_add(gconstpointer data)
QDict *response;
args = g_strdup_printf("-machine %s -cpu %s "
- "-smp sockets=%u,cores=%u,threads=%u,maxcpus=%u",
+ "-smp 1,sockets=%u,cores=%u,threads=%u,maxcpus=%u",
s->machine, s->cpu_model,
s->sockets, s->cores, s->threads, s->maxcpus);
qtest_start(args);
@@ -79,12 +79,12 @@ static void test_plug_with_device_add_x86(gconstpointer
data)
unsigned int s, c, t;
args = g_strdup_printf("-machine %s -cpu %s "
- "-smp sockets=%u,cores=%u,threads=%u,maxcpus=%u",
+ "-smp 1,sockets=%u,cores=%u,threads=%u,maxcpus=%u",
td->machine, td->cpu_model,
td->sockets, td->cores, td->threads, td->maxcpus);
qtest_start(args);
-for (s = td->sockets; s < td->maxcpus / td->cores / td->threads; s++) {
+for (s = 1; s < td->sockets; s++) {
for (c = 0; c < td->cores; c++) {
for (t = 0; t < td->threads; t++) {
char *id = g_strdup_printf("id-%i-%i-%i", s, c, t);
@@ -113,7 +113,7 @@ static void test_plug_with_device_add_coreid(gconstpointer
data)
td->sockets, td->cores, td->threads, td->maxcpus);
qtest_start(args);
-for (c = td->cores; c < td->maxcpus / td->sockets / td->threads; c++) {
+for (c = 1; c < td->cores; c++) {
char *id = g_strdup_printf("id-%i", c);
qtest_qmp_device_add(td->device_model, id, "{'core-id':%u}", c);
g_free(id);
@@ -148,7 +148,7 @@ static void add_pc_test_case(const char *mname)
data->sockets = 1;
data->cores = 3;
data->threads = 2;
-data->maxcpus = data->sockets * data->cores * data->threads * 2;
+data->maxcpus = data->sockets * data->cores * data->threads;
if (g_str_has_suffix(mname, "-1.4") ||
(strcmp(mname,
Re: [Qemu-devel] [RFC v3 0/56] per-CPU locks
On Fri, Oct 19, 2018 at 18:01:18 +0200, Paolo Bonzini wrote: > On 19/10/2018 16:50, Emilio G. Cota wrote: > > On Fri, Oct 19, 2018 at 08:59:24 +0200, Paolo Bonzini wrote: > >> On 19/10/2018 03:05, Emilio G. Cota wrote: > >>> I'm calling this series a v3 because it supersedes the two series > >>> I previously sent about using atomics for interrupt_request: > >>> https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg02013.html > >>> The approach in that series cannot work reliably; using (locked) atomics > >>> to set interrupt_request but not using (locked) atomics to read it > >>> can lead to missed updates. > >> > >> The idea here was that changes to protected fields are all followed by > >> kick. That may not have been the case, granted, but I wonder if the > >> plan is unworkable. > > > > I suspect that the cpu->interrupt_request+kick mechanism is not the issue, > > otherwise master should not work--we do atomic_read(cpu->interrupt_request) > > and only if that read != 0 we take the BQL. > > > > My guess is that the problem is with other reads of cpu->interrupt_request, > > e.g. those in cpu_has_work. Currently those reads happen with the > > BQL held, and updates to cpu->interrupt_request take the BQL. If we drop > > the BQL from the setters to instead use locked atomics (like in the > > aforementioned series), those BQL-protected readers might miss updates. > > cpu_has_work is only needed to handle the processor's halted state (or > is it?). If it is, OR+kick should work. > > > Given that we need a per-CPU lock anyway to remove the BQL from the > > CPU loop, extending this lock to protect cpu->interrupt_request is > > a simple solution that keeps the current logic and allows for > > greater scalability. > > Sure, I was just curious what the problem was. KVM uses OR+kick with no > problems. I never found exactly where things break. The hangs happen pretty early when booting a large (-smp > 16) x86_64 Ubuntu guest. Booting never completes (ssh unresponsive) if I don't have the console output (I suspect the console output slows things down enough to hide some races). I only see a few threads busy: a couple of vCPU threads, and the I/O thread. I didn't have time to debug any further, so I moved on to an alternative approach. So it is possible that it was my implementation, and not the approach, what was at fault :-) Thanks, E.
[Qemu-devel] [PATCH v2 5/9] iotests: Different iterator behavior in Python 3
In Python 3, several functions now return iterators instead of lists.
This includes range(), items(), map(), and filter(). This means that if
we really want a list, we have to wrap those instances with list(). But
then again, the two instances where this is the case for map() and
filter(), there are shorter expressions which work without either
function.
On the other hand, sometimes we do just want an iterator, in which case
we have sometimes used xrange() and iteritems() which no longer exist in
Python 3. Just change these calls to be range() and items(), works in
both Python 2 and 3, and is really what we want in 3 (which is what
matters). But because it is so simple to do (and to find and remove
once we completely switch to Python 3), make range() be an alias for
xrange() in the two affected tests (044 and 163).
In one instance, we only wanted the first instance of the result of a
filter() call. Instead of using next(filter()) which would work only in
Python 3, or list(filter())[0] which would work everywhere but is a bit
weird, this instance is changed to use list comprehension with a next()
wrapped around, which works both in 2.7 and 3.
Signed-off-by: Max Reitz
---
tests/qemu-iotests/044 | 16 ++--
tests/qemu-iotests/056 | 2 +-
tests/qemu-iotests/065 | 4 ++--
tests/qemu-iotests/124 | 4 ++--
tests/qemu-iotests/139 | 2 +-
tests/qemu-iotests/163 | 11 +++
6 files changed, 23 insertions(+), 16 deletions(-)
diff --git a/tests/qemu-iotests/044 b/tests/qemu-iotests/044
index 7ef5e46fe9..9ec3dba734 100755
--- a/tests/qemu-iotests/044
+++ b/tests/qemu-iotests/044
@@ -26,6 +26,10 @@ import iotests
from iotests import qemu_img, qemu_img_verbose, qemu_io
import struct
import subprocess
+import sys
+
+if sys.version_info.major == 2:
+range = xrange
test_img = os.path.join(iotests.test_dir, 'test.img')
@@ -52,23 +56,23 @@ class TestRefcountTableGrowth(iotests.QMPTestCase):
# Write a refcount table
fd.seek(off_reftable)
-for i in xrange(0, h.refcount_table_clusters):
+for i in range(0, h.refcount_table_clusters):
sector = b''.join(struct.pack('>Q',
off_refblock + i * 64 * 512 + j * 512)
-for j in xrange(0, 64))
+for j in range(0, 64))
fd.write(sector)
# Write the refcount blocks
assert(fd.tell() == off_refblock)
sector = b''.join(struct.pack('>H', 1) for j in range(0, 64 * 256))
-for block in xrange(0, h.refcount_table_clusters):
+for block in range(0, h.refcount_table_clusters):
fd.write(sector)
# Write the L1 table
assert(fd.tell() == off_l1)
assert(off_l2 + 512 * h.l1_size == off_data)
table = b''.join(struct.pack('>Q', (1 << 63) | off_l2 + 512 * j)
-for j in xrange(0, h.l1_size))
+for j in range(0, h.l1_size))
fd.write(table)
# Write the L2 tables
@@ -79,14 +83,14 @@ class TestRefcountTableGrowth(iotests.QMPTestCase):
off = off_data
while remaining > 1024 * 512:
pytable = list((1 << 63) | off + 512 * j
-for j in xrange(0, 1024))
+for j in range(0, 1024))
table = struct.pack('>1024Q', *pytable)
fd.write(table)
remaining = remaining - 1024 * 512
off = off + 1024 * 512
table = b''.join(struct.pack('>Q', (1 << 63) | off + 512 * j)
-for j in xrange(0, remaining // 512))
+for j in range(0, remaining // 512))
fd.write(table)
diff --git a/tests/qemu-iotests/056 b/tests/qemu-iotests/056
index 223292175a..3df323984d 100755
--- a/tests/qemu-iotests/056
+++ b/tests/qemu-iotests/056
@@ -32,7 +32,7 @@ target_img = os.path.join(iotests.test_dir, 'target.img')
def img_create(img, fmt=iotests.imgfmt, size='64M', **kwargs):
fullname = os.path.join(iotests.test_dir, '%s.%s' % (img, fmt))
optargs = []
-for k,v in kwargs.iteritems():
+for k,v in kwargs.items():
optargs = optargs + ['-o', '%s=%s' % (k,v)]
args = ['create', '-f', fmt] + optargs + [fullname, size]
iotests.qemu_img(*args)
diff --git a/tests/qemu-iotests/065 b/tests/qemu-iotests/065
index 72aa9707c7..8bac383ea7 100755
--- a/tests/qemu-iotests/065
+++ b/tests/qemu-iotests/065
@@ -59,7 +59,7 @@ class TestQemuImgInfo(TestImageInfoSpecific):
:data.index('')]
for field in data:
self.assertTrue(re.match('^ {4}[^ ]', field) is not None)
-data = map(lambda line: line.strip(), data)
+data = [line.strip() for line in data]
self.assertEqual(data, self.human_compare)
class TestQMP(TestImageInfoSpecific):
@@ -80,7 +80,7 @@ class TestQMP(TestImageInfoSpecific):
def
[Qemu-devel] [PATCH v2 8/9] iotests: Modify imports for Python 3
There are two imports that need to be modified when running the iotests
under Python 3: One is StringIO, which no longer exists; instead, the
StringIO class comes from the io module, so import it from there (and
use the BytesIO class for Python 2). The other is the ConfigParser,
which has just been renamed to configparser.
Signed-off-by: Max Reitz
---
tests/qemu-iotests/iotests.py| 13 +
tests/qemu-iotests/nbd-fault-injector.py | 7 +--
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 7ca94e9278..ed91095505 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -29,6 +29,7 @@ import json
import signal
import logging
import atexit
+import io
sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..', 'scripts'))
import qtest
@@ -681,15 +682,19 @@ def main(supported_fmts=[], supported_oses=['linux'],
supported_cache_modes=[],
verify_platform(supported_oses)
verify_cache_mode(supported_cache_modes)
-# We need to filter out the time taken from the output so that qemu-iotest
-# can reliably diff the results against master output.
-import StringIO
if debug:
output = sys.stdout
verbosity = 2
sys.argv.remove('-d')
else:
-output = StringIO.StringIO()
+# We need to filter out the time taken from the output so that
+# qemu-iotest can reliably diff the results against master output.
+if sys.version_info.major >= 3:
+output = io.StringIO()
+else:
+# StringIO() is for unicode strings, which is not what
+# 2.x's test runner emits.
+output = io.BytesIO()
logging.basicConfig(level=(logging.DEBUG if debug else logging.WARN))
diff --git a/tests/qemu-iotests/nbd-fault-injector.py
b/tests/qemu-iotests/nbd-fault-injector.py
index d45e2e0a6a..6b2d659dee 100755
--- a/tests/qemu-iotests/nbd-fault-injector.py
+++ b/tests/qemu-iotests/nbd-fault-injector.py
@@ -48,7 +48,10 @@ import sys
import socket
import struct
import collections
-import ConfigParser
+if sys.version_info.major >= 3:
+import configparser
+else:
+import ConfigParser as configparser
FAKE_DISK_SIZE = 8 * 1024 * 1024 * 1024 # 8 GB
@@ -225,7 +228,7 @@ def parse_config(config):
return rules
def load_rules(filename):
-config = ConfigParser.RawConfigParser()
+config = configparser.RawConfigParser()
with open(filename, 'rt') as f:
config.readfp(f, filename)
return parse_config(config)
--
2.17.1
[Qemu-devel] [PATCH v2 4/9] iotests: Use // for Python integer division
In Python 3, / is always a floating-point division. We usually do not
want this, and as Python 2.7 understands // as well, change all integer
divisions to use that.
Signed-off-by: Max Reitz
---
tests/qemu-iotests/030| 2 +-
tests/qemu-iotests/040| 4 ++--
tests/qemu-iotests/041| 4 ++--
tests/qemu-iotests/044| 2 +-
tests/qemu-iotests/093| 18 +-
tests/qemu-iotests/136| 2 +-
tests/qemu-iotests/149| 6 +++---
tests/qemu-iotests/151| 12 ++--
tests/qemu-iotests/163| 2 +-
tests/qemu-iotests/iotests.py | 2 +-
tests/qemu-iotests/qed.py | 6 +++---
11 files changed, 30 insertions(+), 30 deletions(-)
diff --git a/tests/qemu-iotests/030 b/tests/qemu-iotests/030
index 1dbc2ddc49..276e06b5ba 100755
--- a/tests/qemu-iotests/030
+++ b/tests/qemu-iotests/030
@@ -521,7 +521,7 @@ new_state = "2"
state = "2"
event = "%s"
new_state = "1"
-''' % (event, errno, self.STREAM_BUFFER_SIZE / 512, event, event))
+''' % (event, errno, self.STREAM_BUFFER_SIZE // 512, event, event))
file.close()
class TestEIO(TestErrors):
diff --git a/tests/qemu-iotests/040 b/tests/qemu-iotests/040
index 1cb1ceeb33..b81133a474 100755
--- a/tests/qemu-iotests/040
+++ b/tests/qemu-iotests/040
@@ -195,7 +195,7 @@ class TestSingleDrive(ImageCommitTestCase):
self.assert_no_active_block_jobs()
result = self.vm.qmp('block-commit', device='drive0', top=mid_img,
- base=backing_img, speed=(self.image_len / 4))
+ base=backing_img, speed=(self.image_len // 4))
self.assert_qmp(result, 'return', {})
result = self.vm.qmp('device_del', id='scsi0')
self.assert_qmp(result, 'return', {})
@@ -225,7 +225,7 @@ class TestSingleDrive(ImageCommitTestCase):
self.assert_no_active_block_jobs()
result = self.vm.qmp('block-commit', device='drive0', top=mid_img,
- base=backing_img, speed=(self.image_len / 4))
+ base=backing_img, speed=(self.image_len // 4))
self.assert_qmp(result, 'return', {})
result = self.vm.qmp('query-block')
diff --git a/tests/qemu-iotests/041 b/tests/qemu-iotests/041
index 9336ab6ff5..3615011d98 100755
--- a/tests/qemu-iotests/041
+++ b/tests/qemu-iotests/041
@@ -404,7 +404,7 @@ new_state = "2"
state = "2"
event = "%s"
new_state = "1"
-''' % (event, errno, self.MIRROR_GRANULARITY / 512, event, event))
+''' % (event, errno, self.MIRROR_GRANULARITY // 512, event, event))
file.close()
def setUp(self):
@@ -569,7 +569,7 @@ new_state = "2"
state = "2"
event = "%s"
new_state = "1"
-''' % (event, errno, self.MIRROR_GRANULARITY / 512, event, event))
+''' % (event, errno, self.MIRROR_GRANULARITY // 512, event, event))
file.close()
def setUp(self):
diff --git a/tests/qemu-iotests/044 b/tests/qemu-iotests/044
index 69e736f687..7ef5e46fe9 100755
--- a/tests/qemu-iotests/044
+++ b/tests/qemu-iotests/044
@@ -86,7 +86,7 @@ class TestRefcountTableGrowth(iotests.QMPTestCase):
off = off + 1024 * 512
table = b''.join(struct.pack('>Q', (1 << 63) | off + 512 * j)
-for j in xrange(0, remaining / 512))
+for j in xrange(0, remaining // 512))
fd.write(table)
diff --git a/tests/qemu-iotests/093 b/tests/qemu-iotests/093
index 9d1971a56c..d88fbc182e 100755
--- a/tests/qemu-iotests/093
+++ b/tests/qemu-iotests/093
@@ -69,18 +69,18 @@ class ThrottleTestCase(iotests.QMPTestCase):
# in. The throttled requests won't be executed until we
# advance the virtual clock.
rq_size = 512
-rd_nr = max(params['bps'] / rq_size / 2,
-params['bps_rd'] / rq_size,
-params['iops'] / 2,
+rd_nr = max(params['bps'] // rq_size // 2,
+params['bps_rd'] // rq_size,
+params['iops'] // 2,
params['iops_rd'])
rd_nr *= seconds * 2
-rd_nr /= ndrives
-wr_nr = max(params['bps'] / rq_size / 2,
-params['bps_wr'] / rq_size,
-params['iops'] / 2,
+rd_nr //= ndrives
+wr_nr = max(params['bps'] // rq_size // 2,
+params['bps_wr'] // rq_size,
+params['iops'] // 2,
params['iops_wr'])
wr_nr *= seconds * 2
-wr_nr /= ndrives
+wr_nr //= ndrives
# Send I/O requests to all drives
for i in range(rd_nr):
@@ -196,7 +196,7 @@ class ThrottleTestCase(iotests.QMPTestCase):
self.configure_throttle(ndrives, settings)
# Wait for the bucket to empty so we can do bursts
-wait_ns = nsec_per_sec * burst_length * burst_rate / rate
+wait_ns = nsec_per_sec * burst_length * burst_rate // rate
self.vm.qtest("clock_step %d" %
[Qemu-devel] [PATCH v2 0/9] iotests: Make them work for both Python 2 and 3
This series prepares the iotests to work with both Python 2 and 3. In some places, it adds version-specific code and decides what to do based on the version (for instance, whether to import the StringIO or the BytesIO class from 'io' for use with the test runner), but most of the time, it just makes code work for both versions in general. And when we make the switch to make Python 3 mandatory, we can simply drop the Python 2 branches. v2: - Patch 3: Commit message fix [Philippe] - Patch 4: Really convert all places that use / [Cleber] - Patch 5: - Use list comprehension expressions where that makes sense [Eduardo] - Make 'range' an alias for 'xrange' in 044 and 163 [Cleber] - Patch 6: - %s/3\.2/3.4/g [Cleber] - Use hasattr() instead of catching AttributeError [Cleber] - Call set_inheritable in send_fd_scm() for both the QMP socket FD and the FD to be passed (if any) [Eduardo] - Patch 7: Kept as-is, because it's just the minimal amount of change - Patch 8: Use io.BytesIO in Python 2 [Cleber] - Patch 9: Use json.dumps(..., sort_keys=True) instead of homegrown stringification function [Eduardo] (Also kept the order, because one vote against, one vote for, so I go for what's simplest for me. O:-)) git-backport-diff against v1: Key: [] : patches are identical [] : number of functional differences between upstream/downstream patch [down] : patch is downstream-only The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively 001/9:[] [--] 'iotests: Make nbd-fault-injector flush' 002/9:[] [--] 'iotests: Flush in iotests.py's QemuIoInteractive' 003/9:[] [--] 'iotests: Use Python byte strings where appropriate' 004/9:[0014] [FC] 'iotests: Use // for Python integer division' 005/9:[0013] [FC] 'iotests: Different iterator behavior in Python 3' 006/9:[0049] [FC] 'iotests: Explicitly inherit FDs in Python' 007/9:[] [--] 'iotests: 'new' module replacement in 169' 008/9:[0017] [FC] 'iotests: Modify imports for Python 3' 009/9:[1644] [FC] 'iotests: Unify log outputs between Python 2 and 3' Max Reitz (9): iotests: Make nbd-fault-injector flush iotests: Flush in iotests.py's QemuIoInteractive iotests: Use Python byte strings where appropriate iotests: Use // for Python integer division iotests: Different iterator behavior in Python 3 iotests: Explicitly inherit FDs in Python iotests: 'new' module replacement in 169 iotests: Modify imports for Python 3 iotests: Unify log outputs between Python 2 and 3 scripts/qemu.py | 34 +- scripts/qtest.py | 2 +- tests/qemu-iotests/030 | 2 +- tests/qemu-iotests/040 | 4 +- tests/qemu-iotests/041 | 4 +- tests/qemu-iotests/044 | 24 +- tests/qemu-iotests/045 | 2 +- tests/qemu-iotests/056 | 2 +- tests/qemu-iotests/065 | 4 +- tests/qemu-iotests/083.out | 9 + tests/qemu-iotests/093 | 18 +- tests/qemu-iotests/124 | 4 +- tests/qemu-iotests/136 | 2 +- tests/qemu-iotests/139 | 2 +- tests/qemu-iotests/147 | 2 +- tests/qemu-iotests/149 | 14 +- tests/qemu-iotests/151 | 12 +- tests/qemu-iotests/163 | 13 +- tests/qemu-iotests/169 | 3 +- tests/qemu-iotests/194.out | 22 +- tests/qemu-iotests/202.out | 12 +- tests/qemu-iotests/203.out | 14 +- tests/qemu-iotests/206.out | 218 +- tests/qemu-iotests/207 | 6 +- tests/qemu-iotests/207.out | 72 ++-- tests/qemu-iotests/208.out | 8 +- tests/qemu-iotests/210.out | 94 ++-- tests/qemu-iotests/211.out | 102 ++--- tests/qemu-iotests/212.out | 174 tests/qemu-iotests/213.out | 182 tests/qemu-iotests/216.out | 4 +- tests/qemu-iotests/218.out | 20 +- tests/qemu-iotests/219.out | 526 +++ tests/qemu-iotests/222.out | 24 +- tests/qemu-iotests/iotests.py| 37 +- tests/qemu-iotests/nbd-fault-injector.py | 12 +- tests/qemu-iotests/qcow2.py | 10 +- tests/qemu-iotests/qed.py| 6 +- 38 files changed, 879 insertions(+), 821 deletions(-) -- 2.17.1
[Qemu-devel] [PATCH v2 6/9] iotests: Explicitly inherit FDs in Python
Python 3.4 introduced the inheritable attribute for FDs. At the same
time, it changed the default so that all FDs are not inheritable by
default, that only inheritable FDs are inherited to subprocesses, and
only if close_fds is explicitly set to False.
Adhere to this by setting close_fds to False when working with
subprocesses that may want to inherit FDs, and by trying to
set_inheritable() on FDs that we do want to bequeath to them.
Signed-off-by: Max Reitz
---
scripts/qemu.py| 34 +-
tests/qemu-iotests/045 | 2 +-
tests/qemu-iotests/147 | 2 +-
3 files changed, 31 insertions(+), 7 deletions(-)
diff --git a/scripts/qemu.py b/scripts/qemu.py
index f099ce7278..fb29b73c30 100644
--- a/scripts/qemu.py
+++ b/scripts/qemu.py
@@ -142,11 +142,19 @@ class QEMUMachine(object):
if opts:
options.append(opts)
+# This did not exist before 3.4, but since then it is
+# mandatory for our purpose
+if hasattr(os, 'set_inheritable'):
+os.set_inheritable(fd, True)
+
self._args.append('-add-fd')
self._args.append(','.join(options))
return self
-def send_fd_scm(self, fd_file_path):
+# Exactly one of fd and file_path must be given.
+# (If it is file_path, the helper will open that file and pass its
+# own fd)
+def send_fd_scm(self, fd=None, file_path=None):
# In iotest.py, the qmp should always use unix socket.
assert self._qmp.is_scm_available()
if self._socket_scm_helper is None:
@@ -154,12 +162,27 @@ class QEMUMachine(object):
if not os.path.exists(self._socket_scm_helper):
raise QEMUMachineError("%s does not exist" %
self._socket_scm_helper)
+
+# This did not exist before 3.4, but since then it is
+# mandatory for our purpose
+if hasattr(os, 'set_inheritable'):
+os.set_inheritable(self._qmp.get_sock_fd(), True)
+if fd is not None:
+os.set_inheritable(fd, True)
+
fd_param = ["%s" % self._socket_scm_helper,
-"%d" % self._qmp.get_sock_fd(),
-"%s" % fd_file_path]
+"%d" % self._qmp.get_sock_fd()]
+
+if file_path is not None:
+assert fd is None
+fd_param.append(file_path)
+else:
+assert fd is not None
+fd_param.append(str(fd))
+
devnull = open(os.path.devnull, 'rb')
proc = subprocess.Popen(fd_param, stdin=devnull,
stdout=subprocess.PIPE,
-stderr=subprocess.STDOUT)
+stderr=subprocess.STDOUT, close_fds=False)
output = proc.communicate()[0]
if output:
LOG.debug(output)
@@ -280,7 +303,8 @@ class QEMUMachine(object):
stdin=devnull,
stdout=self._qemu_log_file,
stderr=subprocess.STDOUT,
- shell=False)
+ shell=False,
+ close_fds=False)
self._post_launch()
def wait(self):
diff --git a/tests/qemu-iotests/045 b/tests/qemu-iotests/045
index 6be8fc4912..55a5d31ca8 100755
--- a/tests/qemu-iotests/045
+++ b/tests/qemu-iotests/045
@@ -140,7 +140,7 @@ class TestSCMFd(iotests.QMPTestCase):
os.remove(image0)
def _send_fd_by_SCM(self):
-ret = self.vm.send_fd_scm(image0)
+ret = self.vm.send_fd_scm(file_path=image0)
self.assertEqual(ret, 0, 'Failed to send fd with UNIX SCM')
def test_add_fd(self):
diff --git a/tests/qemu-iotests/147 b/tests/qemu-iotests/147
index d2081df84b..05b374b7d3 100755
--- a/tests/qemu-iotests/147
+++ b/tests/qemu-iotests/147
@@ -229,7 +229,7 @@ class BuiltinNBD(NBDBlockdevAddBase):
sockfd = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
sockfd.connect(unix_socket)
-result = self.vm.send_fd_scm(str(sockfd.fileno()))
+result = self.vm.send_fd_scm(fd=sockfd.fileno())
self.assertEqual(result, 0, 'Failed to send socket FD')
result = self.vm.qmp('getfd', fdname='nbd-fifo')
--
2.17.1
[Qemu-devel] [PATCH v2 1/9] iotests: Make nbd-fault-injector flush
When closing a connection, make the nbd-fault-injector flush the socket.
Without this, the output is a bit unreliable with Python 3.
Signed-off-by: Max Reitz
Reviewed-by: Eduardo Habkost
Reviewed-by: Cleber Rosa
Reviewed-by: Eric Blake
---
tests/qemu-iotests/083.out | 9 +
tests/qemu-iotests/nbd-fault-injector.py | 1 +
2 files changed, 10 insertions(+)
diff --git a/tests/qemu-iotests/083.out b/tests/qemu-iotests/083.out
index be6079d27e..f9af8bb691 100644
--- a/tests/qemu-iotests/083.out
+++ b/tests/qemu-iotests/083.out
@@ -41,6 +41,7 @@ can't open device nbd+tcp://127.0.0.1:PORT/foo
=== Check disconnect after neg2 ===
+Unable to read from socket: Connection reset by peer
Connection closed
read failed: Input/output error
@@ -54,6 +55,7 @@ can't open device nbd+tcp://127.0.0.1:PORT/foo
=== Check disconnect before request ===
+Unable to read from socket: Connection reset by peer
Connection closed
read failed: Input/output error
@@ -116,6 +118,7 @@ can't open device nbd+tcp://127.0.0.1:PORT/
=== Check disconnect after neg-classic ===
+Unable to read from socket: Connection reset by peer
Connection closed
read failed: Input/output error
@@ -161,6 +164,8 @@ can't open device nbd+unix:///foo?socket=TEST_DIR/nbd.sock
=== Check disconnect after neg2 ===
+Unable to read from socket: Connection reset by peer
+Connection closed
read failed: Input/output error
=== Check disconnect 8 neg2 ===
@@ -173,6 +178,8 @@ can't open device nbd+unix:///foo?socket=TEST_DIR/nbd.sock
=== Check disconnect before request ===
+Unable to read from socket: Connection reset by peer
+Connection closed
read failed: Input/output error
=== Check disconnect after request ===
@@ -234,6 +241,8 @@ can't open device nbd+unix:///?socket=TEST_DIR/nbd.sock
=== Check disconnect after neg-classic ===
+Unable to read from socket: Connection reset by peer
+Connection closed
read failed: Input/output error
*** done
diff --git a/tests/qemu-iotests/nbd-fault-injector.py
b/tests/qemu-iotests/nbd-fault-injector.py
index f9193c0fae..439a090eb6 100755
--- a/tests/qemu-iotests/nbd-fault-injector.py
+++ b/tests/qemu-iotests/nbd-fault-injector.py
@@ -112,6 +112,7 @@ class FaultInjectionSocket(object):
if rule.match(event, io):
if rule.when == 0 or bufsize is None:
print('Closing connection on rule match %s' % rule.name)
+self.sock.flush()
sys.exit(0)
if rule.when != -1:
return rule.when
--
2.17.1
[Qemu-devel] [PATCH v2 9/9] iotests: Unify log outputs between Python 2 and 3
When dumping an object into the log, there are differences between
Python 2 and 3. First, unicode strings are prefixed by 'u' in Python 2
(they are no longer in 3, because unicode strings are the default
there). Second, the order of keys in dicts may differ. Third,
especially long numbers are longs in Python 2 and thus get an 'L'
suffix, which does not happen in Python 3.
We can get around all of these differences by dumping objects (lists and
dicts) in a language-independent format, namely JSON. The JSON
generator even allows emitting dicts with their keys sorted
alphabetically.
This changes the output of all tests that use these logging functions
(dict keys are ordered now, strings in dicts are now enclosed in double
quotes instead of single quotes, the 'L' suffix of large integers is
dropped, and "true" and "false" are now in lower case).
The quote change necessitates a small change to a filter used in test
207.
Suggested-by: Eduardo Habkost
Signed-off-by: Max Reitz
---
tests/qemu-iotests/194.out| 22 +-
tests/qemu-iotests/202.out| 12 +-
tests/qemu-iotests/203.out| 14 +-
tests/qemu-iotests/206.out| 218 +++---
tests/qemu-iotests/207| 2 +-
tests/qemu-iotests/207.out| 72 ++---
tests/qemu-iotests/208.out| 8 +-
tests/qemu-iotests/210.out| 94 +++---
tests/qemu-iotests/211.out| 102 +++
tests/qemu-iotests/212.out| 174 +--
tests/qemu-iotests/213.out| 182 ++--
tests/qemu-iotests/216.out| 4 +-
tests/qemu-iotests/218.out| 20 +-
tests/qemu-iotests/219.out| 526 +-
tests/qemu-iotests/222.out| 24 +-
tests/qemu-iotests/iotests.py | 10 +-
16 files changed, 744 insertions(+), 740 deletions(-)
diff --git a/tests/qemu-iotests/194.out b/tests/qemu-iotests/194.out
index 50ac50da5e..71857853fb 100644
--- a/tests/qemu-iotests/194.out
+++ b/tests/qemu-iotests/194.out
@@ -1,18 +1,18 @@
Launching VMs...
Launching NBD server on destination...
-{u'return': {}}
-{u'return': {}}
+{"return": {}}
+{"return": {}}
Starting `drive-mirror` on source...
-{u'return': {}}
+{"return": {}}
Waiting for `drive-mirror` to complete...
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data':
{u'device': u'mirror-job0', u'type': u'mirror', u'speed': 0, u'len':
1073741824, u'offset': 1073741824}, u'event': u'BLOCK_JOB_READY'}
+{"data": {"device": "mirror-job0", "len": 1073741824, "offset": 1073741824,
"speed": 0, "type": "mirror"}, "event": "BLOCK_JOB_READY", "timestamp":
{"microseconds": "USECS", "seconds": "SECS"}}
Starting migration...
-{u'return': {}}
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data':
{u'status': u'setup'}, u'event': u'MIGRATION'}
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data':
{u'status': u'active'}, u'event': u'MIGRATION'}
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data':
{u'status': u'completed'}, u'event': u'MIGRATION'}
+{"return": {}}
+{"data": {"status": "setup"}, "event": "MIGRATION", "timestamp":
{"microseconds": "USECS", "seconds": "SECS"}}
+{"data": {"status": "active"}, "event": "MIGRATION", "timestamp":
{"microseconds": "USECS", "seconds": "SECS"}}
+{"data": {"status": "completed"}, "event": "MIGRATION", "timestamp":
{"microseconds": "USECS", "seconds": "SECS"}}
Gracefully ending the `drive-mirror` job on source...
-{u'return': {}}
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data':
{u'device': u'mirror-job0', u'type': u'mirror', u'speed': 0, u'len':
1073741824, u'offset': 1073741824}, u'event': u'BLOCK_JOB_COMPLETED'}
+{"return": {}}
+{"data": {"device": "mirror-job0", "len": 1073741824, "offset": 1073741824,
"speed": 0, "type": "mirror"}, "event": "BLOCK_JOB_COMPLETED", "timestamp":
{"microseconds": "USECS", "seconds": "SECS"}}
Stopping the NBD server on destination...
-{u'return': {}}
+{"return": {}}
diff --git a/tests/qemu-iotests/202.out b/tests/qemu-iotests/202.out
index d5ea374e17..9a8619e796 100644
--- a/tests/qemu-iotests/202.out
+++ b/tests/qemu-iotests/202.out
@@ -1,11 +1,11 @@
Launching VM...
Adding IOThread...
-{u'return': {}}
+{"return": {}}
Adding blockdevs...
-{u'return': {}}
-{u'return': {}}
+{"return": {}}
+{"return": {}}
Setting iothread...
-{u'return': {}}
-{u'return': {}}
+{"return": {}}
+{"return": {}}
Creating external snapshots...
-{u'return': {}}
+{"return": {}}
diff --git a/tests/qemu-iotests/203.out b/tests/qemu-iotests/203.out
index 1a11f0975c..9d4abba8c5 100644
--- a/tests/qemu-iotests/203.out
+++ b/tests/qemu-iotests/203.out
@@ -1,11 +1,11 @@
Launching VM...
Setting IOThreads...
-{u'return': {}}
-{u'return': {}}
+{"return": {}}
+{"return": {}}
Enabling migration QMP events...
-{u'return': {}}
+{"return": {}}
Starting migration...
-{u'return': {}}
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data':
{u'status': u'setup'}, u'event': u'MIGRATION'}
-{u'timestamp': {u'seconds':
[Qemu-devel] [PATCH v2 2/9] iotests: Flush in iotests.py's QemuIoInteractive
After issuing a command, flush the pipe. This does not change anything in Python 2, but it makes a difference in Python 3. Signed-off-by: Max Reitz Reviewed-by: Eduardo Habkost Reviewed-by: Cleber Rosa --- tests/qemu-iotests/iotests.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py index 4e67fbbe96..10f2d17419 100644 --- a/tests/qemu-iotests/iotests.py +++ b/tests/qemu-iotests/iotests.py @@ -178,6 +178,7 @@ class QemuIoInteractive: cmd = cmd.strip() assert cmd != 'q' and cmd != 'quit' self._p.stdin.write(cmd + '\n') +self._p.stdin.flush() return self._read_output() -- 2.17.1
[Qemu-devel] [PATCH v2 3/9] iotests: Use Python byte strings where appropriate
Since byte strings are no longer the default in Python 3, we have to
explicitly use them where we need to, which is mostly when working with
structures. It also means that we need to open a file in binary mode
when we want to use structures.
On the other hand, we have to accomodate for the fact that some
functions (still) work with byte strings but we want to use unicode
strings (in Python 3 at least, and it does not matter in Python 2).
This includes base64 encoding, but it is most notable when working with
the subprocess module: Either we set universal_newlines to True so that
the default streams are opened in text mode (hence this parameter is
aliased as "text" as of 3.7), or, if that is not possible, we have to
decode the output to a normal string.
Signed-off-by: Max Reitz
Reviewed-by: Eduardo Habkost
---
scripts/qtest.py | 2 +-
tests/qemu-iotests/044 | 8
tests/qemu-iotests/149 | 8 +---
tests/qemu-iotests/207 | 4 ++--
tests/qemu-iotests/iotests.py| 11 +++
tests/qemu-iotests/nbd-fault-injector.py | 4 ++--
tests/qemu-iotests/qcow2.py | 10 +-
7 files changed, 26 insertions(+), 21 deletions(-)
diff --git a/scripts/qtest.py b/scripts/qtest.py
index df0daf26ca..adf1fe3f26 100644
--- a/scripts/qtest.py
+++ b/scripts/qtest.py
@@ -64,7 +64,7 @@ class QEMUQtestProtocol(object):
@param qtest_cmd: qtest command text to be sent
"""
-self._sock.sendall(qtest_cmd + "\n")
+self._sock.sendall((qtest_cmd + "\n").encode('utf-8'))
def close(self):
self._sock.close()
diff --git a/tests/qemu-iotests/044 b/tests/qemu-iotests/044
index 11ea0f4d35..69e736f687 100755
--- a/tests/qemu-iotests/044
+++ b/tests/qemu-iotests/044
@@ -53,21 +53,21 @@ class TestRefcountTableGrowth(iotests.QMPTestCase):
fd.seek(off_reftable)
for i in xrange(0, h.refcount_table_clusters):
-sector = ''.join(struct.pack('>Q',
+sector = b''.join(struct.pack('>Q',
off_refblock + i * 64 * 512 + j * 512)
for j in xrange(0, 64))
fd.write(sector)
# Write the refcount blocks
assert(fd.tell() == off_refblock)
-sector = ''.join(struct.pack('>H', 1) for j in xrange(0, 64 * 256))
+sector = b''.join(struct.pack('>H', 1) for j in range(0, 64 * 256))
for block in xrange(0, h.refcount_table_clusters):
fd.write(sector)
# Write the L1 table
assert(fd.tell() == off_l1)
assert(off_l2 + 512 * h.l1_size == off_data)
-table = ''.join(struct.pack('>Q', (1 << 63) | off_l2 + 512 * j)
+table = b''.join(struct.pack('>Q', (1 << 63) | off_l2 + 512 * j)
for j in xrange(0, h.l1_size))
fd.write(table)
@@ -85,7 +85,7 @@ class TestRefcountTableGrowth(iotests.QMPTestCase):
remaining = remaining - 1024 * 512
off = off + 1024 * 512
-table = ''.join(struct.pack('>Q', (1 << 63) | off + 512 * j)
+table = b''.join(struct.pack('>Q', (1 << 63) | off + 512 * j)
for j in xrange(0, remaining / 512))
fd.write(table)
diff --git a/tests/qemu-iotests/149 b/tests/qemu-iotests/149
index 9e0cad76f9..1225334cb8 100755
--- a/tests/qemu-iotests/149
+++ b/tests/qemu-iotests/149
@@ -79,7 +79,7 @@ class LUKSConfig(object):
def first_password_base64(self):
(pw, slot) = self.first_password()
-return base64.b64encode(pw)
+return base64.b64encode(pw.encode('ascii')).decode('ascii')
def active_slots(self):
slots = []
@@ -98,7 +98,8 @@ def verify_passwordless_sudo():
proc = subprocess.Popen(args,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
-stderr=subprocess.STDOUT)
+stderr=subprocess.STDOUT,
+universal_newlines=True)
msg = proc.communicate()[0]
@@ -116,7 +117,8 @@ def cryptsetup(args, password=None):
proc = subprocess.Popen(fullargs,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
-stderr=subprocess.STDOUT)
+stderr=subprocess.STDOUT,
+universal_newlines=True)
msg = proc.communicate(password)[0]
diff --git a/tests/qemu-iotests/207 b/tests/qemu-iotests/207
index 444ae233ae..2d86a3da37 100755
--- a/tests/qemu-iotests/207
+++ b/tests/qemu-iotests/207
@@ -109,7 +109,7 @@ with iotests.FilePath('t.img') as disk_path, \
md5_key = subprocess.check_output(
'ssh-keyscan -t rsa 127.0.0.1 2>/dev/null | grep -v "\\^#" | ' +
'cut -d" " -f3 | base64 -d | md5sum -b | cut -d"
[Qemu-devel] [PATCH v2 7/9] iotests: 'new' module replacement in 169
iotest 169 uses the 'new' module to add methods to a class. This module
no longer exists in Python 3. Instead, we can use a lambda. Best of
all, this works in 2.7 just as well.
Signed-off-by: Max Reitz
Reviewed-by: Eduardo Habkost
---
tests/qemu-iotests/169 | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tests/qemu-iotests/169 b/tests/qemu-iotests/169
index f243db9955..e5614b159d 100755
--- a/tests/qemu-iotests/169
+++ b/tests/qemu-iotests/169
@@ -23,7 +23,6 @@ import iotests
import time
import itertools
import operator
-import new
from iotests import qemu_img
@@ -144,7 +143,7 @@ class TestDirtyBitmapMigration(iotests.QMPTestCase):
def inject_test_case(klass, name, method, *args, **kwargs):
mc = operator.methodcaller(method, *args, **kwargs)
-setattr(klass, 'test_' + name, new.instancemethod(mc, None, klass))
+setattr(klass, 'test_' + name, lambda self: mc(self))
for cmb in list(itertools.product((True, False), repeat=4)):
name = ('_' if cmb[0] else '_not_') + 'persistent_'
--
2.17.1
Re: [Qemu-devel] [PATCH 16/28] target/riscv: Convert quadrant 1 of RVXC insns to decodetree
On Fri, 19 Oct 2018 08:28:38 PDT (-0700), kbast...@mail.uni-paderborn.de wrote:
On 10/13/18 8:53 PM, Richard Henderson wrote:
On 10/12/18 10:30 AM, Bastian Koppelmann wrote:
+static bool trans_c_addi(DisasContext *ctx, arg_c_addi *a, uint16_t insn)
+{
+if (a->imm == 0) {
+return true;
+}
return false, I think.
Those are HINTS, which means the instruction in valid, but does not
affect state, so true is correct. If I do return false, then Linux does
not boot anymore :)
Technically, "c.addi x0, 0" is an illegal instruction. It just so happens,
however, that the encoding that would arise from "c.addi x0, 0" is instead the
legal "c.nop" instruction, which happens to have exactly the same effect as a
"c.addi x0, 0". No idea why the spec is written this way.
So I guess you're both correct: "trans_c_addi" should treat this as invalid, as
it's not an addi. The processor's behavior will still be correct with this
implementation, though, so I don't see this as a distinction worth worrying
about.
+arg_jal arg = { .rd = 1, .imm = a->imm };
+return trans_jal(ctx, , insn);
+#else
+/* C.ADDIW */
+arg_addiw arg = { .rd = a->rd, .rs1 = a->rd, .imm = a->imm };
+return trans_addiw(ctx, , insn);
+#endif
+}
+
+static bool trans_c_li(DisasContext *ctx, arg_c_li *a, uint16_t insn)
+{
+if (a->rd == 0) {
+return true;
+}
return false.
Likewise.
In this case I believe "li x0, *" should be invalid. According to v2.2
C.LI loads the sign-extended 6-bit immediate, imm, into register rd. C.LI
is only valid when rd6 = x0.
C.LI expands into addi rd, x0, imm[5:0].
+static bool trans_c_addi16sp_lui(DisasContext *ctx, arg_c_addi16sp_lui *a,
+uint16_t insn)
+{
+if (a->rd == 2) {
+/* C.ADDI16SP */
+arg_addi arg = { .rd = 2, .rs1 = 2, .imm = a->imm_addi16sp };
+return trans_addi(ctx, , insn);
+} else if (a->imm_lui != 0) {
+if (a->rd == 0) {
+return true;
+}
I think it should be
} else if (a->imm_lui != 0 && a->rd != 0) {
Likewise.
Yes, c.lui is invalid with a non-zero immediate. Again, according to v2.2
C.LUI loads the non-zero 6-bit immediate field into bits 17–12 of the
destination register, clears the bottom 12 bits, and sign-extends bit 17
into all higher bits of the destination. C.LUI is only valid when rd6 =
{x0, x2}, and when the immediate is not equal to zero. C.LUI expands into
lui rd, nzuimm[17:12].
Re: [Qemu-devel] [PULL 00/45] Machine queue, 2018-10-18
On Fri, Oct 19, 2018 at 03:12:31PM +0100, Peter Maydell wrote: > On 18 October 2018 at 21:03, Eduardo Habkost wrote: > > The following changes since commit 09558375a634e17cea6cfbfec883ac2376d2dc7f: > > > > Merge remote-tracking branch > > 'remotes/pmaydell/tags/pull-target-arm-20181016-1' into staging (2018-10-16 > > 17:42:56 +0100) > > > > are available in the Git repository at: > > > > git://github.com/ehabkost/qemu.git tags/machine-next-pull-request > > > > for you to fetch changes up to 6d8e1bcc7dd5e819ce81e6a87fffe23e39c700cc: > > > > numa: Clean up error reporting in parse_numa() (2018-10-17 16:33:40 -0300) > > > > > > Machine queue, 2018-10-18 > > > > * sysbus init/realize cleanups > > (Cédric Le Goater, Philippe Mathieu-Daudé) > > * memory-device refactoring (David Hildenbrand) > > * -smp: deprecate incorrect CPUs topology (Igor Mammedov) > > * -numa parsing cleanups (Markus Armbruster) > > * Fix hostmem-file memory leak (Zhang Yi) > > * Typo fix (Li Qiang) > > > > > > > > Hi. This had some problems in merge testing, I'm afraid: > > On aarch64 host, warnings running tests/cpu-plug-test for i386 and s390 > targets: > > TEST: tests/cpu-plug-test... (pid=12602) > /i386/cpu-plug/pc-i440fx-3.0/cpu-add/1x3x2=12: > qemu-system-i386: warning: Invalid CPU topology deprecated: sockets > (1) * cores (3) * threads (2) != maxcpus (12) [...] > > (plus similar ppc64, x86_64 targets) Ouch. Apologies. Can we please do something make sure "make check" will fail on these cases? I'd like to be able to trust CI systems like travis-ci. -- Eduardo
Re: [Qemu-devel] [PATCH v3 3/6] tests/acceptance: Add test_mips_4kc_malta in BootLinuxConsole
On 19/10/2018 19:42, Cleber Rosa wrote:
>
>
> On 10/13/18 11:15 AM, Philippe Mathieu-Daudé wrote:
>> Similar to the test_x86_64_pc test, this boots a Linux kernel on a
>> Malta board (MIPS 4Kc big-endian) and verify the serial is working.
>>
>> This test requires the dpkg-deb tool (apt/dnf install dpkg) to
>> extract the kernel from the Debian package.
>>
>
> Debian packages are really "ar" archives, with a control.tar.gz and
> data.tar.gz in them. More on that later.
>
>> $ avocado --show=console run -p arch=mips
>> tests/acceptance/boot_linux_console.py
>> console: [0.00] Initializing cgroup subsys cpuset
>> console: [0.00] Initializing cgroup subsys cpu
>> console: [0.00] Linux version 2.6.32-5-4kc-malta (Debian
>> 2.6.32-48) (b...@decadent.org.uk) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1
>> Sat Feb 16 12:43:42 UTC 2013
>> console: [0.00]
>> console: [0.00] LINUX started...
>> console: [0.00] bootconsole [early0] enabled
>> console: [0.00] CPU revision is: 00019300 (MIPS 24Kc)
>> console: [0.00] FPU revision is: 00739300
>> console: [0.00] Determined physical RAM map:
>> console: [0.00] memory: 1000 @ (reserved)
>> console: [0.00] memory: 000ef000 @ 1000 (ROM data)
>> console: [0.00] memory: 005b7000 @ 000f (reserved)
>> console: [0.00] memory: 03958000 @ 006a7000 (usable)
>> console: [0.00] Wasting 54496 bytes for tracking 1703 unused pages
>> console: [0.00] Initrd not found or empty - disabling initrd
>> console: [0.00] Zone PFN ranges:
>> console: [0.00] DMA 0x -> 0x1000
>> console: [0.00] Normal 0x1000 -> 0x3fff
>> console: [0.00] Movable zone start PFN for each node
>> console: [0.00] early_node_map[1] active PFN ranges
>> console: [0.00] 0: 0x -> 0x3fff
>> console: [0.00] Built 1 zonelists in Zone order, mobility grouping
>> on. Total pages: 16255
>> console: [0.00] Kernel command line: console=ttyS0 printk.time=0
>>
>> Signed-off-by: Philippe Mathieu-Daudé
>> ---
>> tests/acceptance/boot_linux_console.py | 46 ++
>> 1 file changed, 46 insertions(+)
>>
>> diff --git a/tests/acceptance/boot_linux_console.py
>> b/tests/acceptance/boot_linux_console.py
>> index 3aa4dbe5f9..81c96fc338 100644
>> --- a/tests/acceptance/boot_linux_console.py
>> +++ b/tests/acceptance/boot_linux_console.py
>> @@ -9,6 +9,7 @@
>> # later. See the COPYING file in the top-level directory.
>>
>> import logging
>> +import subprocess
>
> It's definitely your call, but I like to think that
> avocado.utils.process provides simpler and more capable functions:
>
> https://avocado-framework.readthedocs.io/en/65.0/api/utils/avocado.utils.html#avocado.utils.process.run
OK
>
>>
>> from avocado_qemu import Test
>>
>> @@ -47,3 +48,48 @@ class BootLinuxConsole(Test):
>> break
>> if 'Kernel panic - not syncing' in msg:
>> self.fail("Kernel panic reached")
>> +
>> +def test_mips_4kc_malta(self):
>> +"""
>> +This test requires the dpkg-deb tool (apt/dnf install dpkg) to
>> extract
>> +the kernel from the Debian package.
>> +
>> +The kernel can be rebuilt using this Debian kernel source [1] and
>> +following the instructions on [2].
>> +
>> +[1]
>> https://kernel-team.pages.debian.net/kernel-handbook/ch-common-tasks.html#s-common-official
>> +[2]
>> http://snapshot.debian.org/package/linux-2.6/2.6.32-48/#linux-source-2.6.32_2.6.32-48
>> +
>> +:avocado: tags=arch:mips
>> +"""
>> +if self.arch != 'mips': # FIXME use 'arch' tag in parent class?
>> +self.cancel('Currently specific to the %s target arch' %
>> self.arch)
>> +
>
> I missed how the arch tag in the parent class (common to all tests here)
> would be useful for this specific test.
I probably forgot to remove it.
>
>> +deb_url =
>> ('http://snapshot.debian.org/archive/debian/20130217T032700Z/'
>> + 'pool/main/l/linux-2.6/'
>> + 'linux-image-2.6.32-5-4kc-malta_2.6.32-48_mips.deb')
>> +deb_hash = 'a8cfc28ad8f45f54811fc6cf74fc43ffcfe0ba04'
>> +deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
>> +subprocess.check_call(['dpkg-deb', '--extract', deb_path,
>> self.workdir]) # FIXME move to avocado ...
>
> This could become:
>
> # from avocado.utils.process import run
> run("ar p %s data.tar.gz | tar zxf - -C %s
> ./boot/vmlinux-2.6.32-5-4kc-malta" % (deb_path, self.workdir), shell=True)
OK!
>
>> +kernel_path = self.workdir + '/boot/vmlinux-2.6.32-5-4kc-malta'
>> # FIXME ... and use from assets?
>> +
>
> Putting produced/processed files back into the cache would be nice
> addition to the asset
Re: [Qemu-devel] qemu-trivial pull-request?
19.10.2018 16:17, Laurent Vivier wrote: > Hi Michael, > > some people asked me if there will be any qemu-trivial pull request in > the near future. > > So you plan to do one? > Do you need help? Hello! I haven't done anything qemu-related in about 3 months in a row. That's due to some.. personal issues, so to say - I don't have time for anything hobby-ish, even for work, need to sort out other things first somehow. So yes, I do need help with processing qemu-trivial queue, as nothing has been done in 3 whole months if not more. I can't do that in a near future. I do plan to return but not sure when. Things haven't happening in an expected way :) Thanks, /mjt
Re: [Qemu-devel] [PATCH 04/28] target/riscv: Convert RVXI arithmetic insns to decodetree
On Fri, 19 Oct 2018 04:00:33 PDT (-0700), kbast...@mail.uni-paderborn.de wrote:
Hi Richard,
On 10/12/18 8:46 PM, Richard Henderson wrote:
On 10/12/18 10:30 AM, Bastian Koppelmann wrote:
+static bool trans_andi(DisasContext *ctx, arg_andi *a, uint32_t insn)
+{
+gen_arith_imm(ctx, OPC_RISC_ANDI, a->rd, a->rs1, a->imm);
+return true;
+}
+static bool trans_slli(DisasContext *ctx, arg_slli *a, uint32_t insn)
+{
+if (a->rd != 0) {
+TCGv t = tcg_temp_new();
+gen_get_gpr(t, a->rs1);
+
+if (a->shamt >= TARGET_LONG_BITS) {
+gen_exception_illegal(ctx);
+return true;
+}
+tcg_gen_shli_tl(t, t, a->shamt);
+
+gen_set_gpr(a->rd, t);
+tcg_temp_free(t);
+} /* NOP otherwise */
+return true;
+}
Spacing. Any reason why trans_slli (and the other shifts) aren't using
gen_arith_imm as well?
Their opcode is not uniquely defined in instmap.h, just a generic
OPC_RISC_SHIFT_RIGHT_IW. I guess I can give the opcode as a magic value
for now.
Shifts are the only arithmetic operations that aren't uniquely defined by func3
(the opcode), but instead have another bit packed in where the immediate
usually lives to differentiate between arithmetic and logical shifts. This
pretty much always ends up as a bit of a special case in software decoders.
Re: [Qemu-devel] [PATCH v3 1/6] tests/acceptance: Rename the generic BootLinuxConsole test as test_x86_64_pc
On 10/13/18 11:15 AM, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé
> ---
> tests/acceptance/boot_linux_console.py | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/tests/acceptance/boot_linux_console.py
> b/tests/acceptance/boot_linux_console.py
> index ba3ac036da..3aa4dbe5f9 100644
> --- a/tests/acceptance/boot_linux_console.py
> +++ b/tests/acceptance/boot_linux_console.py
> @@ -15,7 +15,7 @@ from avocado_qemu import Test
>
> class BootLinuxConsole(Test):
> """
> -Boots a x86_64 Linux kernel and checks that the console is operational
> +Boots a Linux kernel and checks that the console is operational
> and the kernel command line is properly passed from QEMU to the kernel
>
> :avocado: enable
> @@ -23,7 +23,7 @@ class BootLinuxConsole(Test):
>
> timeout = 60
>
> -def test(self):
> +def test_x86_64_pc(self):
> if self.arch != 'x86_64':
> self.cancel('Currently specific to the x86_64 target arch')
> kernel_url = ('https://mirrors.kernel.org/fedora/releases/28/'
>
This looks right, but given "self.arch" is still not on master, so I'm
holding on to giving the reviewed-by/tested-by.
Question: do you believe a maintainer and/or developer would want to
test specific machine types?
Re: [Qemu-devel] [PATCH v4 03/11] rbd: Close image in qemu_rbd_open() error path
On 10/19/18 11:30 AM, Kevin Wolf wrote:
Commit e2b8247a322 introduced an error path in qemu_rbd_open() after
calling rbd_open(), but neglected to close the image again in this error
path. The error path should contain everything that the regular close
function qemu_rbd_close() contains.
This adds the missing rbd_close() call.
Signed-off-by: Kevin Wolf
---
block/rbd.c | 1 +
1 file changed, 1 insertion(+)
Reviewed-by: Eric Blake
diff --git a/block/rbd.c b/block/rbd.c
index 014c68d629..27c9a1e81c 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -787,6 +787,7 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict
*options, int flags,
"automatically marking the image read-only.");
r = bdrv_set_read_only(bs, true, _err);
if (r < 0) {
+rbd_close(s->image);
error_propagate(errp, local_err);
goto failed_open;
}
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
Re: [Qemu-devel] [PATCH] target/mips: Support Toshiba specific three-operand MADD and MADDU
> Perhaps a better alternative is to define the MMI registers as 128-bit, > similar to > > static TCGv_u128 mmi_gpr[32]; > > and then copy cpu_gpr to/from mmi_gpr as needed when running the MMIs? Fredrik, hi. I think this is fine. In any case, this could be changed, if we hit any obstacle related to this format later on during development. But you don't have to spend much time on this right now. The definition of MMI registers is more 'nice-to-have' than a 'must'. Regards, Aleksandar
Re: [Qemu-devel] [PULL v2 00/21] tcg patch queue
On 19 October 2018 at 07:06, Richard Henderson wrote: > Changes since v1: > * Added QEMU_ERROR to wrap __attribute__((error)) -- patch 12. > > > r~ > > > The following changes since commit 77f7c747193662edfadeeb3118d63eed0eac51a6: > > Merge remote-tracking branch > 'remotes/huth-gitlab/tags/pull-request-2018-10-17' into staging (2018-10-18 > 13:40:19 +0100) > > are available in the Git repository at: > > https://github.com/rth7680/qemu.git tags/pull-tcg-20181018 > > for you to fetch changes up to 403f290c0603f35f2d09c982bf5549b6d0803ec1: > > cputlb: read CPUTLBEntry.addr_write atomically (2018-10-18 19:46:53 -0700) > > > Queued tcg patches. > Applied, thanks. -- PMM
[Qemu-devel] [PATCH 0/2] linux-user: Don't call gdb_handlesig unnecessarily
This patchset fixes a minor bug in our handling of SIGTRAP in linux-user. The CPU main-loop routines for linux-user generally call gdb_handlesig() when they're about to queue a SIGTRAP signal. This is wrong, because queue_signal() will cause us to pend a signal, and process_pending_signals() will then call gdb_handlesig() itself. So the effect is that we notify gdb of the SIGTRAP, and then if gdb says "OK, continue with signal X" we will incorrectly notify gdb of the signal X as well. We don't do this double-notify for anything else, only SIGTRAP. This bug only manifests if the user responds to the reported SIGTRAP using "signal SIGFOO" rather than "continue"; since the latter is the overwhelmingly common thing to do after a breakpoint most people won't have hit this. Patch 1 fixes this bug for every target except nios2, by deleting the incorrect code. Patch 2 fixes nios2 separately, because it was doing some odd things with gdb_handlesig(). This also fixes in passing a Coverity issue. Tested with "make check-tcg", and with some by-hand stepping around with an attached gdb. NB that the nios2 patch is only compile tested as I don't have a nios2 linux-user environment and check-tcg doesn't cover it. thanks -- PMM Peter Maydell (2): linux-user: Don't call gdb_handlesig() before queue_signal() linux-user: Clean up nios2 main loop signal handling linux-user/aarch64/cpu_loop.c| 13 + linux-user/alpha/cpu_loop.c | 12 linux-user/arm/cpu_loop.c| 16 linux-user/cris/cpu_loop.c | 16 linux-user/hppa/cpu_loop.c | 11 --- linux-user/i386/cpu_loop.c | 16 linux-user/m68k/cpu_loop.c | 16 linux-user/microblaze/cpu_loop.c | 16 linux-user/mips/cpu_loop.c | 16 linux-user/nios2/cpu_loop.c | 14 +- linux-user/openrisc/cpu_loop.c | 11 --- linux-user/ppc/cpu_loop.c| 15 +-- linux-user/riscv/cpu_loop.c | 2 +- linux-user/s390x/cpu_loop.c | 9 +++-- linux-user/sh4/cpu_loop.c| 17 - linux-user/sparc/cpu_loop.c | 16 linux-user/xtensa/cpu_loop.c | 11 --- 17 files changed, 67 insertions(+), 160 deletions(-) -- 2.19.1
[Qemu-devel] [PATCH 2/2] linux-user: Clean up nios2 main loop signal handling
The nios2 main loop code's code does some odd
things with gdb_handlesig() that no other target
CPU does: it has some signals that are delivered
to gdb and only to gdb. Stop doing this, and instead
behave like all the other targets:
* a trap instruction becomes a SIGTRAP
* an unhandled exception type returned from cpu_exec()
causes us to abort(), not to try to hand gdb a SIGILL
This fixes in passing Coverity issue CID 1390853,
which was a complaint that the old code failed to
check the return value from gdb_handlesig().
Signed-off-by: Peter Maydell
---
Disclaimer: compile tested, and the change makes conceptual
sense, but I have no nios2 test environment.
---
linux-user/nios2/cpu_loop.c | 14 +-
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/linux-user/nios2/cpu_loop.c b/linux-user/nios2/cpu_loop.c
index dac7a061813..973dd54d791 100644
--- a/linux-user/nios2/cpu_loop.c
+++ b/linux-user/nios2/cpu_loop.c
@@ -68,7 +68,10 @@ void cpu_loop(CPUNios2State *env)
env->regs[R_EA] = env->regs[R_PC] + 4;
env->regs[R_PC] = cpu->exception_addr;
-gdbsig = TARGET_SIGTRAP;
+info.si_signo = TARGET_SIGTRAP;
+info.si_errno = 0;
+info.si_code = TARGET_TRAP_BRKPT;
+queue_signal(env, info.si_signo, QEMU_SI_FAULT, );
break;
}
case 0xaa:
@@ -106,14 +109,7 @@ kuser_fail:
default:
EXCP_DUMP(env, "\nqemu: unhandled CPU exception %#x - aborting\n",
trapnr);
-gdbsig = TARGET_SIGILL;
-break;
-}
-if (gdbsig) {
-gdb_handlesig(cs, gdbsig);
-if (gdbsig != TARGET_SIGTRAP) {
-exit(EXIT_FAILURE);
-}
+abort();
}
process_pending_signals(env);
--
2.19.1
Re: [Qemu-devel] [PULL 00/45] Machine queue, 2018-10-18
On Fri, Oct 19, 2018 at 7:00 PM Philippe Mathieu-Daudé
wrote:
> On 19/10/2018 16:12, Peter Maydell wrote:
...
> >>
> >>
> >
> > Hi. This had some problems in merge testing, I'm afraid:
> >
> > On aarch64 host, warnings running tests/cpu-plug-test for i386 and s390
> > targets:
> >
> > TEST: tests/cpu-plug-test... (pid=12602)
> > /i386/cpu-plug/pc-i440fx-3.0/cpu-add/1x3x2=12:
> > qemu-system-i386: warning: Invalid CPU topology deprecated: sockets
> > (1) * cores (3) * threads (2) != maxcpus (12)
> > OK
> > /i386/cpu-plug/pc-i440fx-3.0/device-add/1x3x2=12:
> > qemu-system-i386: warning: Invalid CPU topology deprecated: sockets
> > (1) * cores (3) * threads (2) != maxcpus (12)
> > OK
> > /i386/cpu-plug/pc-q35-3.0/cpu-add/1x3x2=12:
> > qemu-system-i386: warning: Invalid CPU topology deprecated: sockets
> > (1) * cores (3) * threads (2) != maxcpus (12)
> > OK
> > /i386/cpu-plug/pc-q35-3.0/device-add/1x3x2=12:
> > qemu-system-i386: warning: Invalid CPU topology deprecated: sockets
> > (1) * cores (3) * threads (2) != maxcpus (12)
> > OK
> > /arm/qom/n800: OK
> > PASS: tests/cpu-plug-test
> > [...]
> > TEST: tests/cpu-plug-test... (pid=15040)
> > /s390x/cpu-plug/s390-ccw-virtio-3.1/cpu-add/1x3x1=6:
> > qemu-system-s390x: warning: Invalid CPU topology deprecated: sockets
> > (1) * cores (3) * threads (1) != maxcpus (6)
> > OK
> > /s390x/cpu-plug/s390-ccw-virtio-3.1/device-add/1x3x1=6:
> > qemu-system-s390x: warning: Invalid CPU topology deprecated: sockets
> > (1) * cores (3) * threads (1) != maxcpus (6)
> > OK
> > /s390x/cpu-plug/s390-ccw-virtio-3.0/cpu-add/1x3x1=6:
> > qemu-system-s390x: warning: Invalid CPU topology deprecated: sockets
> > (1) * cores (3) * threads (1) != maxcpus (6)
> > OK
> > /s390x/cpu-plug/s390-ccw-virtio-3.0/device-add/1x3x1=6:
> > qemu-system-s390x: warning: Invalid CPU topology deprecated: sockets
> > (1) * cores (3) * threads (1) != maxcpus (6)
> > OK
> > PASS: tests/cpu-plug-test
> >
> > (plus similar ppc64, x86_64 targets)
> >
> > I see similar warnings on hosts SPARC, PPC64BE, S390, 32-bit Arm
> > and x86 FreeBSD.
> >
> > I also got a build failure on one of my configs, but I think that
> > is caused by some latent bug in our makefiles where we don't
> > correctly rebuild x86_64-softmmu/config-devices.mak when a
> > change is made to default-configs/i386-softmmu.mak -- doing a
> > hand rm of the config-devices.mak fixed it.
>
> bisected to:
>
> 23d0571a24559b867fa47410aa8ec0519b0a1edd is the first bad commit
> commit 23d0571a24559b867fa47410aa8ec0519b0a1edd
> Author: Igor Mammedov
> Date: Thu Sep 13 13:06:01 2018 +0200
>
> vl.c deprecate incorrect CPUs topology
>
> -smp [cpus],sockets/cores/threads[,maxcpus] should describe topology
> so that total number of logical CPUs [sockets * cores * threads]
> would be equal to [maxcpus], however historically we didn't have
> such check in QEMU and it is possible to start VM with an invalid
> topology.
> Deprecate invalid options combination so we can make sure that
> the topology VM started with is always correct in the future.
> Users with an invalid sockets/cores/threads/maxcpus values should
> fix their CLI to make sure that
>[sockets * cores * threads] == [maxcpus]
Per the commit message, I understand the tests need to be upgraded,
they only test it is <= maxcpus while now we want == maxcpus:
static void add_s390x_test_case(const char *mname)
{
...
data->sockets = 1;
data->cores = 3;
data->threads = 1;
data->maxcpus = data->sockets * data->cores * data->threads * 2;
Re: [Qemu-devel] [PATCH v7 0/7] target/mips: Limited support for the R5900
> From: Laurent Vivier > Sent: Friday, October 19, 2018 3:28 PM > Subject: Re: [Qemu-devel] [PATCH v7 0/7] target/mips: Limited support for the > R5900 > > Le 15/10/2018 à 14:16, Aleksandar Markovic a écrit : > >> From: Fredrik Noring > >> Sent: Saturday, October 13, 2018 1:09 PM > >> To: Aleksandar Markovic; Maciej W. Rozycki; Philippe Mathieu-Daudé > >> Cc: Richard Henderson; Aurelien Jarno; Petar Jovanovic; Peter Maydell; > >> Jürgen Urban; > > qemu-devel@nongnu.org > >> Subject: [PATCH v7 0/7] target/mips: Limited support for the R5900 > >> > >> The primary purpose of these changes is to support programs compiled > >> by GCC for the R5900 target and thereby run R5900 Linux distributions, > >> for example Gentoo. > >> > > > > Hello, Fredrik. > > > > Your series is getting better and better with each version, which is very > > good. For a change, > > I don't have any objection about the title. :) Patch 7 will be integrated > > shortly in the MIPS > > queue, you don't need to worry about it. With this series you are not only > > supporting your > > prime use case, but you are introducing a new instruction set to QEMU. Try > > to step back and get > > wider perspective. No matter how limited the support for the new ISA is, > > its introduction to > > QEMU must have following elements: > > > > (1) Definition of basic preprocessor constants for the new ISA. > > (2) All opcodes for the ISA. > > (3) Basic decoding engine for new instructions. > > > > Your patch 1 adresses 1). However, there are no patches for (2) and (3) in > > this series. Let > me walk though the details on how to implement (2) and > > (3). > > > > (2) All opcodes for the ISA. > > As Fredrik only wants to use R5900 gentoo userland binaries using qemu > linux-user mode, does he really need to implement all the opcodes of the > ISA? > It should be clear from my previous mail, but this is what I meant by (2) and (3): (2) A list of all R5900 instructions not covered by MIPS III/IV, in the form of '#defines' or enum elements, logically clustered. (3) A set of functions (in my estimation, around a dozen of them is needed), each containing a switch statement with cases for individual instructions, each case containing only "TODO" comment and raising EXCP_RI. Of course, all such function should be interconnected and integrated with the rest of MIPS code according to the R5900 doc. In my view, it is really a stretch that this is 'very time consuming'. True, it does require focus and meticulousness. My impression is that Fridrik understood my guidance correctly. Fridrik, please let me know if you need clarification of any kind. Sincerely, Aleksandar > Most of the architectures have started with only the userland > instruction set, and the privileged instruction set was added once this > part was validated (see the risu project > https://wiki.linaro.org/PeterMaydell/Risu). It was really helpful for me > to add the m680x0 processor emulation in QEMU by this way (I've added > FPU and MMU later) > > It can be a lot of work to add all the opcodes for the ISA, and be very > time consuming, and Fredrik has only test case for the opcode he has > implemented, the rest of the ISA will not be tested, or will need more > work from him. > > So perhaps a not fully implemented R5900 ISA (with big WARNINGs in the > code, and perhaps assert()?) would be better than nothing at all? > > Thanks, > Laurent > > >
Re: [Qemu-devel] [RFC v3 51/56] riscv: acquire the BQL in cpu_has_work
On Thu, 18 Oct 2018 18:06:20 PDT (-0700), c...@braap.org wrote:
Soon we will call cpu_has_work without the BQL.
Cc: Michael Clark
Cc: Palmer Dabbelt
Cc: Sagar Karandikar
Cc: Bastian Koppelmann
Signed-off-by: Emilio G. Cota
---
target/riscv/cpu.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index d630e8fd6c..b10995c807 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -18,6 +18,7 @@
*/
#include "qemu/osdep.h"
+#include "qemu/main-loop.h"
#include "qemu/log.h"
#include "cpu.h"
#include "exec/exec-all.h"
@@ -244,11 +245,14 @@ static void riscv_cpu_synchronize_from_tb(CPUState *cs,
TranslationBlock *tb)
env->pc = tb->pc;
}
-static bool riscv_cpu_has_work(CPUState *cs)
+static bool riscv_cpu_has_work_locked(CPUState *cs)
{
#ifndef CONFIG_USER_ONLY
RISCVCPU *cpu = RISCV_CPU(cs);
CPURISCVState *env = >env;
+
+g_assert(qemu_mutex_iothread_locked());
+
/*
* Definition of the WFI instruction requires it to ignore the privilege
* mode and delegation registers, but respect individual enables
@@ -259,6 +263,21 @@ static bool riscv_cpu_has_work(CPUState *cs)
#endif
}
+static bool riscv_cpu_has_work(CPUState *cs)
+{
+if (!qemu_mutex_iothread_locked()) {
+bool ret;
+
+cpu_mutex_unlock(cs);
+qemu_mutex_lock_iothread();
+cpu_mutex_lock(cs);
+ret = riscv_cpu_has_work_locked(cs);
+qemu_mutex_unlock_iothread();
+return ret;
+}
+return riscv_cpu_has_work_locked(cs);
+}
+
void restore_state_to_opc(CPURISCVState *env, TranslationBlock *tb,
target_ulong *data)
{
I'm afraid I don't understand the locking scheme, but as far as the RISC-V
stuff goes this looks fine.
Reviewed-by: Palmer Dabbelt
Thanks!
Re: [Qemu-devel] [RFC PATCH v3 2/6] tests/acceptance: Add a kludge to not use the default console
On 19/10/2018 19:37, Cleber Rosa wrote:
> On 10/13/18 11:15 AM, Philippe Mathieu-Daudé wrote:
>> The board already instantiate the proper devices, we don't want to
>> add extra devices but connect the chardev to one of the serial already
>> available.
>>
>> Signed-off-by: Philippe Mathieu-Daudé
>> ---
>> scripts/qemu.py | 6 --
>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/scripts/qemu.py b/scripts/qemu.py
>> index fca9b76990..7e779954e6 100644
>> --- a/scripts/qemu.py
>> +++ b/scripts/qemu.py
>> @@ -221,8 +221,10 @@ class QEMUMachine(object):
>> self._name +
>> "-console.sock")
>> chardev = ('socket,id=console,path=%s,server,nowait' %
>> self._console_address)
>> -device = '%s,chardev=console' % self._console_device_type
>> -args.extend(['-chardev', chardev, '-device', device])
>> +args.extend(['-chardev', chardev])
>> +if len(self._console_device_type):
>
> Considering `self._console_device_type` will come from `set_console()`,
> either explicitly as the "device_type" parameter, or from the list on
> CONSOLE_DEV_TYPES, wouldn't it make more sense to just drop the
> definitions for the machine types that don't need an explicit device?
>
> That way, self.set_console() could be called with no arguments (instead
> of the empty string). And this check would become:
>
> if self._console_device_type is not None:
Clever Cleber!
>
>> +device = '%s,chardev=console' % self._console_device_type
>> +args.extend(['-device', device])
>> return args
>>
>> def _pre_launch(self):
>>
>
>
[Qemu-devel] [PULL 14/45] target/arm: Implement HCR.DC
The HCR.DC virtualization configuration register bit has the
following effects:
* SCTLR.M behaves as if it is 0 for all purposes except
direct reads of the bit
* HCR.VM behaves as if it is 1 for all purposes except
direct reads of the bit
* the memory type produced by the first stage of the EL1
translation regime is Normal Non-Shareable,
Inner Write-Back Read-Allocate Write-Allocate,
Outer Write-Back Read-Allocate Write-Allocate.
Implement this behaviour.
Signed-off-by: Peter Maydell
Reviewed-by: Richard Henderson
Message-id: 20181012144235.19646-5-peter.mayd...@linaro.org
---
target/arm/helper.c | 23 +--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 849e505f265..24c976752c4 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -2303,13 +2303,15 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t
value,
* * The Non-secure TTBCR.EAE bit is set to 1
* * The implementation includes EL2, and the value of HCR.VM is 1
*
+ * (Note that HCR.DC makes HCR.VM behave as if it is 1.)
+ *
* ATS1Hx always uses the 64bit format (not supported yet).
*/
format64 = arm_s1_regime_using_lpae_format(env, mmu_idx);
if (arm_feature(env, ARM_FEATURE_EL2)) {
if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
-format64 |= env->cp15.hcr_el2 & HCR_VM;
+format64 |= env->cp15.hcr_el2 & (HCR_VM | HCR_DC);
} else {
format64 |= arm_current_el(env) == 2;
}
@@ -8718,7 +8720,8 @@ static inline bool
regime_translation_disabled(CPUARMState *env,
}
if (mmu_idx == ARMMMUIdx_S2NS) {
-return (env->cp15.hcr_el2 & HCR_VM) == 0;
+/* HCR.DC means HCR.VM behaves as 1 */
+return (env->cp15.hcr_el2 & (HCR_DC | HCR_VM)) == 0;
}
if (env->cp15.hcr_el2 & HCR_TGE) {
@@ -8728,6 +8731,12 @@ static inline bool
regime_translation_disabled(CPUARMState *env,
}
}
+if ((env->cp15.hcr_el2 & HCR_DC) &&
+(mmu_idx == ARMMMUIdx_S1NSE0 || mmu_idx == ARMMMUIdx_S1NSE1)) {
+/* HCR.DC means SCTLR_EL1.M behaves as 0 */
+return true;
+}
+
return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0;
}
@@ -10708,6 +10717,16 @@ static bool get_phys_addr(CPUARMState *env,
target_ulong address,
/* Combine the S1 and S2 cache attributes, if needed */
if (!ret && cacheattrs != NULL) {
+if (env->cp15.hcr_el2 & HCR_DC) {
+/*
+ * HCR.DC forces the first stage attributes to
+ * Normal Non-Shareable,
+ * Inner Write-Back Read-Allocate Write-Allocate,
+ * Outer Write-Back Read-Allocate Write-Allocate.
+ */
+cacheattrs->attrs = 0xff;
+cacheattrs->shareability = 0;
+}
*cacheattrs = combine_cacheattrs(*cacheattrs, cacheattrs2);
}
--
2.19.1
Re: [Qemu-devel] [PATCH v3 3/6] tests/acceptance: Add test_mips_4kc_malta in BootLinuxConsole
On 10/13/18 11:15 AM, Philippe Mathieu-Daudé wrote:
> Similar to the test_x86_64_pc test, this boots a Linux kernel on a
> Malta board (MIPS 4Kc big-endian) and verify the serial is working.
>
> This test requires the dpkg-deb tool (apt/dnf install dpkg) to
> extract the kernel from the Debian package.
>
Debian packages are really "ar" archives, with a control.tar.gz and
data.tar.gz in them. More on that later.
> $ avocado --show=console run -p arch=mips
> tests/acceptance/boot_linux_console.py
> console: [0.00] Initializing cgroup subsys cpuset
> console: [0.00] Initializing cgroup subsys cpu
> console: [0.00] Linux version 2.6.32-5-4kc-malta (Debian 2.6.32-48)
> (b...@decadent.org.uk) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 Sat Feb 16
> 12:43:42 UTC 2013
> console: [0.00]
> console: [0.00] LINUX started...
> console: [0.00] bootconsole [early0] enabled
> console: [0.00] CPU revision is: 00019300 (MIPS 24Kc)
> console: [0.00] FPU revision is: 00739300
> console: [0.00] Determined physical RAM map:
> console: [0.00] memory: 1000 @ (reserved)
> console: [0.00] memory: 000ef000 @ 1000 (ROM data)
> console: [0.00] memory: 005b7000 @ 000f (reserved)
> console: [0.00] memory: 03958000 @ 006a7000 (usable)
> console: [0.00] Wasting 54496 bytes for tracking 1703 unused pages
> console: [0.00] Initrd not found or empty - disabling initrd
> console: [0.00] Zone PFN ranges:
> console: [0.00] DMA 0x -> 0x1000
> console: [0.00] Normal 0x1000 -> 0x3fff
> console: [0.00] Movable zone start PFN for each node
> console: [0.00] early_node_map[1] active PFN ranges
> console: [0.00] 0: 0x -> 0x3fff
> console: [0.00] Built 1 zonelists in Zone order, mobility grouping
> on. Total pages: 16255
> console: [0.00] Kernel command line: console=ttyS0 printk.time=0
>
> Signed-off-by: Philippe Mathieu-Daudé
> ---
> tests/acceptance/boot_linux_console.py | 46 ++
> 1 file changed, 46 insertions(+)
>
> diff --git a/tests/acceptance/boot_linux_console.py
> b/tests/acceptance/boot_linux_console.py
> index 3aa4dbe5f9..81c96fc338 100644
> --- a/tests/acceptance/boot_linux_console.py
> +++ b/tests/acceptance/boot_linux_console.py
> @@ -9,6 +9,7 @@
> # later. See the COPYING file in the top-level directory.
>
> import logging
> +import subprocess
It's definitely your call, but I like to think that
avocado.utils.process provides simpler and more capable functions:
https://avocado-framework.readthedocs.io/en/65.0/api/utils/avocado.utils.html#avocado.utils.process.run
>
> from avocado_qemu import Test
>
> @@ -47,3 +48,48 @@ class BootLinuxConsole(Test):
> break
> if 'Kernel panic - not syncing' in msg:
> self.fail("Kernel panic reached")
> +
> +def test_mips_4kc_malta(self):
> +"""
> +This test requires the dpkg-deb tool (apt/dnf install dpkg) to
> extract
> +the kernel from the Debian package.
> +
> +The kernel can be rebuilt using this Debian kernel source [1] and
> +following the instructions on [2].
> +
> +[1]
> https://kernel-team.pages.debian.net/kernel-handbook/ch-common-tasks.html#s-common-official
> +[2]
> http://snapshot.debian.org/package/linux-2.6/2.6.32-48/#linux-source-2.6.32_2.6.32-48
> +
> +:avocado: tags=arch:mips
> +"""
> +if self.arch != 'mips': # FIXME use 'arch' tag in parent class?
> +self.cancel('Currently specific to the %s target arch' %
> self.arch)
> +
I missed how the arch tag in the parent class (common to all tests here)
would be useful for this specific test.
> +deb_url =
> ('http://snapshot.debian.org/archive/debian/20130217T032700Z/'
> + 'pool/main/l/linux-2.6/'
> + 'linux-image-2.6.32-5-4kc-malta_2.6.32-48_mips.deb')
> +deb_hash = 'a8cfc28ad8f45f54811fc6cf74fc43ffcfe0ba04'
> +deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
> +subprocess.check_call(['dpkg-deb', '--extract', deb_path,
> self.workdir]) # FIXME move to avocado ...
This could become:
# from avocado.utils.process import run
run("ar p %s data.tar.gz | tar zxf - -C %s
./boot/vmlinux-2.6.32-5-4kc-malta" % (deb_path, self.workdir), shell=True)
> +kernel_path = self.workdir + '/boot/vmlinux-2.6.32-5-4kc-malta'
> # FIXME ... and use from assets?
> +
Putting produced/processed files back into the cache would be nice
addition to the asset fetcher (or related tools). Not there yet, though.
> +self.vm.set_arch(self.arch)
> +self.vm.set_machine('malta')
> +self.vm.set_console("") # XXX this disable isa-serial to use -serial
> ...
See
[Qemu-devel] [PATCH 1/2] linux-user: Don't call gdb_handlesig() before queue_signal()
The CPU main-loop routines for linux-user generally
call gdb_handlesig() when they're about to queue a
SIGTRAP signal. This is wrong, because queue_signal()
will cause us to pend a signal, and process_pending_signals()
will then call gdb_handlesig() itself. So the effect is that
we notify gdb of the SIGTRAP, and then if gdb says "OK,
continue with signal X" we will incorrectly notify
gdb of the signal X as well. We don't do this double-notify
for anything else, only SIGTRAP.
Remove this unnecessary and incorrect code from all
the targets except for nios2 (whose main loop is
doing something different and broken, and will be handled
in a separate patch).
This bug only manifests if the user responds to the reported
SIGTRAP using "signal SIGFOO" rather than "continue"; since
the latter is the overwhelmingly common thing to do after a
breakpoint most people won't have hit this.
Signed-off-by: Peter Maydell
---
linux-user/aarch64/cpu_loop.c| 13 +
linux-user/alpha/cpu_loop.c | 12
linux-user/arm/cpu_loop.c| 16
linux-user/cris/cpu_loop.c | 16
linux-user/hppa/cpu_loop.c | 11 ---
linux-user/i386/cpu_loop.c | 16
linux-user/m68k/cpu_loop.c | 16
linux-user/microblaze/cpu_loop.c | 16
linux-user/mips/cpu_loop.c | 16
linux-user/openrisc/cpu_loop.c | 11 ---
linux-user/ppc/cpu_loop.c| 15 +--
linux-user/riscv/cpu_loop.c | 2 +-
linux-user/s390x/cpu_loop.c | 9 +++--
linux-user/sh4/cpu_loop.c| 17 -
linux-user/sparc/cpu_loop.c | 16
linux-user/xtensa/cpu_loop.c | 11 ---
16 files changed, 62 insertions(+), 151 deletions(-)
diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
index c97a6465464..65d815f0300 100644
--- a/linux-user/aarch64/cpu_loop.c
+++ b/linux-user/aarch64/cpu_loop.c
@@ -73,7 +73,7 @@
void cpu_loop(CPUARMState *env)
{
CPUState *cs = CPU(arm_env_get_cpu(env));
-int trapnr, sig;
+int trapnr;
abi_long ret;
target_siginfo_t info;
@@ -121,13 +121,10 @@ void cpu_loop(CPUARMState *env)
break;
case EXCP_DEBUG:
case EXCP_BKPT:
-sig = gdb_handlesig(cs, TARGET_SIGTRAP);
-if (sig) {
-info.si_signo = sig;
-info.si_errno = 0;
-info.si_code = TARGET_TRAP_BRKPT;
-queue_signal(env, info.si_signo, QEMU_SI_FAULT, );
-}
+info.si_signo = TARGET_SIGTRAP;
+info.si_errno = 0;
+info.si_code = TARGET_TRAP_BRKPT;
+queue_signal(env, info.si_signo, QEMU_SI_FAULT, );
break;
case EXCP_SEMIHOST:
env->xregs[0] = do_arm_semihosting(env);
diff --git a/linux-user/alpha/cpu_loop.c b/linux-user/alpha/cpu_loop.c
index c1a98c8cbfb..824b6d66588 100644
--- a/linux-user/alpha/cpu_loop.c
+++ b/linux-user/alpha/cpu_loop.c
@@ -179,14 +179,10 @@ void cpu_loop(CPUAlphaState *env)
}
break;
case EXCP_DEBUG:
-info.si_signo = gdb_handlesig(cs, TARGET_SIGTRAP);
-if (info.si_signo) {
-info.si_errno = 0;
-info.si_code = TARGET_TRAP_BRKPT;
-queue_signal(env, info.si_signo, QEMU_SI_FAULT, );
-} else {
-arch_interrupt = false;
-}
+info.si_signo = TARGET_SIGTRAP;
+info.si_errno = 0;
+info.si_code = TARGET_TRAP_BRKPT;
+queue_signal(env, info.si_signo, QEMU_SI_FAULT, );
break;
case EXCP_INTERRUPT:
/* Just indicate that signals should be handled asap. */
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
index 26928fbbb2c..ee68aa60bf3 100644
--- a/linux-user/arm/cpu_loop.c
+++ b/linux-user/arm/cpu_loop.c
@@ -397,18 +397,10 @@ void cpu_loop(CPUARMState *env)
break;
case EXCP_DEBUG:
excp_debug:
-{
-int sig;
-
-sig = gdb_handlesig(cs, TARGET_SIGTRAP);
-if (sig)
- {
-info.si_signo = sig;
-info.si_errno = 0;
-info.si_code = TARGET_TRAP_BRKPT;
-queue_signal(env, info.si_signo, QEMU_SI_FAULT, );
- }
-}
+info.si_signo = TARGET_SIGTRAP;
+info.si_errno = 0;
+info.si_code = TARGET_TRAP_BRKPT;
+queue_signal(env, info.si_signo, QEMU_SI_FAULT, );
break;
case EXCP_KERNEL_TRAP:
if (do_kernel_trap(env))
diff --git a/linux-user/cris/cpu_loop.c b/linux-user/cris/cpu_loop.c
index 37bdcfa8cc3..dacf604c7df 100644
--- a/linux-user/cris/cpu_loop.c
+++ b/linux-user/cris/cpu_loop.c
@@ -64,18 +64,10 @@
[Qemu-devel] [PULL 17/45] target/arm: Implement HCR.PTW
If the HCR_EL2 PTW virtualizaiton configuration register bit
is set, then this means that a stage 2 Permission fault must
be generated if a stage 1 translation table access is made
to an address that is mapped as Device memory in stage 2.
Implement this.
Signed-off-by: Peter Maydell
Reviewed-by: Richard Henderson
Message-id: 20181012144235.19646-8-peter.mayd...@linaro.org
---
target/arm/helper.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index af2f63c31b0..1928d3fadd9 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -9141,9 +9141,20 @@ static hwaddr S1_ptw_translate(CPUARMState *env,
ARMMMUIdx mmu_idx,
hwaddr s2pa;
int s2prot;
int ret;
+ARMCacheAttrs cacheattrs = {};
+ARMCacheAttrs *pcacheattrs = NULL;
+
+if (env->cp15.hcr_el2 & HCR_PTW) {
+/*
+ * PTW means we must fault if this S1 walk touches S2 Device
+ * memory; otherwise we don't care about the attributes and can
+ * save the S2 translation the effort of computing them.
+ */
+pcacheattrs =
+}
ret = get_phys_addr_lpae(env, addr, 0, ARMMMUIdx_S2NS, ,
- , , , fi, NULL);
+ , , , fi, pcacheattrs);
if (ret) {
assert(fi->type != ARMFault_None);
fi->s2addr = addr;
@@ -9151,6 +9162,14 @@ static hwaddr S1_ptw_translate(CPUARMState *env,
ARMMMUIdx mmu_idx,
fi->s1ptw = true;
return ~0;
}
+if (pcacheattrs && (pcacheattrs->attrs & 0xf0) == 0) {
+/* Access was to Device memory: generate Permission fault */
+fi->type = ARMFault_Permission;
+fi->s2addr = addr;
+fi->stage2 = true;
+fi->s1ptw = true;
+return ~0;
+}
addr = s2pa;
}
return addr;
--
2.19.1
Re: [Qemu-devel] [PATCH v5 10/14] target/mips: Add emulation of MXU instruction S8LDD
> From: Aleksandar Markovic
> Sent: Friday, October 19, 2018 6:33 PM
> Subject: [PATCH v5 10/14] target/mips: Add emulation of MXU instruction S8LDD
>
> From: Craig Janeczek
>
> Add support for emulating the S8LDD MXU instruction.
>
> Signed-off-by: Craig Janeczek
> Signed-off-by: Aleksandar Markovic
> ---
> target/mips/translate.c | 90
> +++--
> 1 file changed, 87 insertions(+), 3 deletions(-)
>
> diff --git a/target/mips/translate.c b/target/mips/translate.c
> index c2b3463..71a6533 100644
> --- a/target/mips/translate.c
> +++ b/target/mips/translate.c
> @@ -23410,6 +23410,92 @@ static void gen_mxu_s32m2i(DisasContext *ctx)
> tcg_temp_free(t0);
> }
>
> +/*
> + * S8LDD XRa, Rb, s8, optn3 - Load a byte from memory to XRF
> + */
> +static void gen_mxu_s8ldd(DisasContext *ctx)
> +{
> +TCGv t0, t1;
> +TCGLabel *l0;
> +uint32_t XRa, Rb, s8, optn3;
> +
> +t0 = tcg_temp_new();
> +t1 = tcg_temp_new();
> +
> +l0 = gen_new_label();
> +
> +XRa = extract32(ctx->opcode, 6, 4);
> +s8 = extract32(ctx->opcode, 10, 8);
> +optn3 = extract32(ctx->opcode, 18, 3);
> +Rb = extract32(ctx->opcode, 21, 5);
> +
> +gen_load_mxu_cr(t0);
> +tcg_gen_andi_tl(t0, t0, MXU_CR_MXU_EN);
> +tcg_gen_brcondi_tl(TCG_COND_NE, t0, MXU_CR_MXU_EN, l0);
> +
Is there any way to move MXU_CR_MXU_EN check to the one level higher function,
to avoid repetition?
I think all MXU instructions need this check, except S32I2M, S32M2I, and
non-MXU MUL.
Thanks,
Aleksandar
> +gen_load_gpr(t0, Rb);
> +tcg_gen_addi_tl(t0, t0, (int8_t)s8);
> +
> +switch (optn3) {
> +/* XRa[7:0] = tmp8 */
> +case MXU_OPTN3_PTN0:
> +tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, MO_UB);
> +gen_load_mxu_gpr(t0, XRa);
> +tcg_gen_deposit_tl(t0, t0, t1, 0, 8);
> +break;
> +/* XRa[15:8] = tmp8 */
> +case MXU_OPTN3_PTN1:
> +tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, MO_UB);
> +gen_load_mxu_gpr(t0, XRa);
> +tcg_gen_deposit_tl(t0, t0, t1, 8, 8);
> +break;
> +/* XRa[23:16] = tmp8 */
> +case MXU_OPTN3_PTN2:
> +tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, MO_UB);
> +gen_load_mxu_gpr(t0, XRa);
> +tcg_gen_deposit_tl(t0, t0, t1, 16, 8);
> +break;
> +/* XRa[31:24] = tmp8 */
> +case MXU_OPTN3_PTN3:
> +tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, MO_UB);
> +gen_load_mxu_gpr(t0, XRa);
> +tcg_gen_deposit_tl(t0, t0, t1, 24, 8);
> +break;
> +/* XRa = {8'b0, tmp8, 8'b0, tmp8} */
> +case MXU_OPTN3_PTN4:
> +tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, MO_UB);
> +tcg_gen_deposit_tl(t0, t1, t1, 16, 16);
> +break;
> +/* XRa = {tmp8, 8'b0, tmp8, 8'b0} */
> +case MXU_OPTN3_PTN5:
> +tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, MO_UB);
> +tcg_gen_shli_tl(t1, t1, 8);
> +tcg_gen_deposit_tl(t0, t1, t1, 16, 16);
> +break;
> +/* XRa = {{8{sign of tmp8}}, tmp8, {8{sign of tmp8}}, tmp8} */
> +case MXU_OPTN3_PTN6:
> +tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, MO_SB);
> +tcg_gen_mov_tl(t0, t1);
> +tcg_gen_andi_tl(t0, t0, 0xFF00);
> +tcg_gen_shli_tl(t1, t1, 16);
> +tcg_gen_or_tl(t0, t0, t1);
> +break;
> +/* XRa = {tmp8, tmp8, tmp8, tmp8} */
> +case MXU_OPTN3_PTN7:
> +tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, MO_UB);
> +tcg_gen_deposit_tl(t1, t1, t1, 8, 8);
> +tcg_gen_deposit_tl(t0, t1, t1, 16, 16);
> +break;
> +}
> +
> +gen_store_mxu_gpr(t0, XRa);
> +
> +gen_set_label(l0);
> +
> +tcg_temp_free(t0);
> +tcg_temp_free(t1);
> +}
> +
>
> /*
> * Decoding engine for MXU
> @@ -24469,9 +24555,7 @@ static void decode_opc_mxu(CPUMIPSState *env,
> DisasContext *ctx)
> generate_exception_end(ctx, EXCP_RI);
> break;
> case OPC_MXU_S8LDD:
> -/* TODO: Implement emulation of S8LDD instruction. */
> -MIPS_INVAL("OPC_MXU_S8LDD");
> -generate_exception_end(ctx, EXCP_RI);
> +gen_mxu_s8ldd(ctx);
> break;
> case OPC_MXU_S8STD:
> /* TODO: Implement emulation of S8STD instruction. */
> --
> 2.7.4
>
[Qemu-devel] [PULL 19/45] target/arm: Get IL bit correct for v7 syndrome values
For the v7 version of the Arm architecture, the IL bit in
syndrome register values where the field is not valid was
defined to be UNK/SBZP. In v8 this is RES1, which is what
QEMU currently implements. Handle the desired v7 behaviour
by squashing the IL bit for the affected cases:
* EC == EC_UNCATEGORIZED
* prefetch aborts
* data aborts where ISV is 0
(The fourth case listed in the v8 Arm ARM DDI 0487C.a in
section G7.2.70, "illegal state exception", can't happen
on a v7 CPU.)
This deals with a corner case noted in a comment.
Signed-off-by: Peter Maydell
Reviewed-by: Richard Henderson
Message-id: 20181012144235.19646-10-peter.mayd...@linaro.org
---
target/arm/internals.h | 7 ++-
target/arm/helper.c| 13 +
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index bf7bd1fbfe1..6b9387ba97e 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -286,11 +286,8 @@ static inline uint32_t syn_get_ec(uint32_t syn)
/* Utility functions for constructing various kinds of syndrome value.
* Note that in general we follow the AArch64 syndrome values; in a
* few cases the value in HSR for exceptions taken to AArch32 Hyp
- * mode differs slightly, so if we ever implemented Hyp mode then the
- * syndrome value would need some massaging on exception entry.
- * (One example of this is that AArch64 defaults to IL bit set for
- * exceptions which don't specifically indicate information about the
- * trapping instruction, whereas AArch32 defaults to IL bit clear.)
+ * mode differs slightly, and we fix this up when populating HSR in
+ * arm_cpu_do_interrupt_aarch32_hyp().
*/
static inline uint32_t syn_uncategorized(void)
{
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 26872edef75..5db76df758b 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8302,6 +8302,19 @@ static void arm_cpu_do_interrupt_aarch32_hyp(CPUState
*cs)
}
if (cs->exception_index != EXCP_IRQ && cs->exception_index != EXCP_FIQ) {
+if (!arm_feature(env, ARM_FEATURE_V8)) {
+/*
+ * QEMU syndrome values are v8-style. v7 has the IL bit
+ * UNK/SBZP for "field not valid" cases, where v8 uses RES1.
+ * If this is a v7 CPU, squash the IL bit in those cases.
+ */
+if (cs->exception_index == EXCP_PREFETCH_ABORT ||
+(cs->exception_index == EXCP_DATA_ABORT &&
+ !(env->exception.syndrome & ARM_EL_ISV)) ||
+syn_get_ec(env->exception.syndrome) == EC_UNCATEGORIZED) {
+env->exception.syndrome &= ~ARM_EL_IL;
+}
+}
env->cp15.esr_el[2] = env->exception.syndrome;
}
--
2.19.1
[Qemu-devel] [PULL 13/45] target/arm: Implement HCR.FB
The HCR.FB virtualization configuration register bit requests that
TLB maintenance, branch predictor invalidate-all and icache
invalidate-all operations performed in NS EL1 should be upgraded
from "local CPU only to "broadcast within Inner Shareable domain".
For QEMU we NOP the branch predictor and icache operations, so
we only need to upgrade the TLB invalidates:
AArch32 TLBIALL, TLBIMVA, TLBIASID, DTLBIALL, DTLBIMVA, DTLBIASID,
ITLBIALL, ITLBIMVA, ITLBIASID, TLBIMVAA, TLBIMVAL, TLBIMVAAL
AArch64 TLBI VMALLE1, TLBI VAE1, TLBI ASIDE1, TLBI VAAE1,
TLBI VALE1, TLBI VAALE1
Signed-off-by: Peter Maydell
Reviewed-by: Richard Henderson
Message-id: 20181012144235.19646-4-peter.mayd...@linaro.org
---
target/arm/helper.c | 191 +++-
1 file changed, 116 insertions(+), 75 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index ee265892176..849e505f265 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -554,42 +554,6 @@ static void contextidr_write(CPUARMState *env, const
ARMCPRegInfo *ri,
raw_write(env, ri, value);
}
-static void tlbiall_write(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t value)
-{
-/* Invalidate all (TLBIALL) */
-ARMCPU *cpu = arm_env_get_cpu(env);
-
-tlb_flush(CPU(cpu));
-}
-
-static void tlbimva_write(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t value)
-{
-/* Invalidate single TLB entry by MVA and ASID (TLBIMVA) */
-ARMCPU *cpu = arm_env_get_cpu(env);
-
-tlb_flush_page(CPU(cpu), value & TARGET_PAGE_MASK);
-}
-
-static void tlbiasid_write(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t value)
-{
-/* Invalidate by ASID (TLBIASID) */
-ARMCPU *cpu = arm_env_get_cpu(env);
-
-tlb_flush(CPU(cpu));
-}
-
-static void tlbimvaa_write(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t value)
-{
-/* Invalidate single entry by MVA, all ASIDs (TLBIMVAA) */
-ARMCPU *cpu = arm_env_get_cpu(env);
-
-tlb_flush_page(CPU(cpu), value & TARGET_PAGE_MASK);
-}
-
/* IS variants of TLB operations must affect all cores */
static void tlbiall_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
@@ -623,6 +587,73 @@ static void tlbimvaa_is_write(CPUARMState *env, const
ARMCPRegInfo *ri,
tlb_flush_page_all_cpus_synced(cs, value & TARGET_PAGE_MASK);
}
+/*
+ * Non-IS variants of TLB operations are upgraded to
+ * IS versions if we are at NS EL1 and HCR_EL2.FB is set to
+ * force broadcast of these operations.
+ */
+static bool tlb_force_broadcast(CPUARMState *env)
+{
+return (env->cp15.hcr_el2 & HCR_FB) &&
+arm_current_el(env) == 1 && arm_is_secure_below_el3(env);
+}
+
+static void tlbiall_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+/* Invalidate all (TLBIALL) */
+ARMCPU *cpu = arm_env_get_cpu(env);
+
+if (tlb_force_broadcast(env)) {
+tlbiall_is_write(env, NULL, value);
+return;
+}
+
+tlb_flush(CPU(cpu));
+}
+
+static void tlbimva_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+/* Invalidate single TLB entry by MVA and ASID (TLBIMVA) */
+ARMCPU *cpu = arm_env_get_cpu(env);
+
+if (tlb_force_broadcast(env)) {
+tlbimva_is_write(env, NULL, value);
+return;
+}
+
+tlb_flush_page(CPU(cpu), value & TARGET_PAGE_MASK);
+}
+
+static void tlbiasid_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+/* Invalidate by ASID (TLBIASID) */
+ARMCPU *cpu = arm_env_get_cpu(env);
+
+if (tlb_force_broadcast(env)) {
+tlbiasid_is_write(env, NULL, value);
+return;
+}
+
+tlb_flush(CPU(cpu));
+}
+
+static void tlbimvaa_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+/* Invalidate single entry by MVA, all ASIDs (TLBIMVAA) */
+ARMCPU *cpu = arm_env_get_cpu(env);
+
+if (tlb_force_broadcast(env)) {
+tlbimvaa_is_write(env, NULL, value);
+return;
+}
+
+tlb_flush_page(CPU(cpu), value & TARGET_PAGE_MASK);
+}
+
static void tlbiall_nsnh_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
@@ -3085,22 +3116,6 @@ static CPAccessResult aa64_cacheop_access(CPUARMState
*env,
* Page D4-1736 (DDI0487A.b)
*/
-static void tlbi_aa64_vmalle1_write(CPUARMState *env, const ARMCPRegInfo *ri,
-uint64_t value)
-{
-CPUState *cs = ENV_GET_CPU(env);
-
-if (arm_is_secure_below_el3(env)) {
-tlb_flush_by_mmuidx(cs,
-ARMMMUIdxBit_S1SE1 |
-ARMMMUIdxBit_S1SE0);
-} else {
-tlb_flush_by_mmuidx(cs,
-ARMMMUIdxBit_S12NSE1 |
-
[Qemu-devel] [PULL 26/45] target/arm: Mark some arrays const
From: Richard Henderson
Signed-off-by: Richard Henderson
Reviewed-by: Philippe Mathieu-Daudé
Message-id: 20181011205206.3552-6-richard.hender...@linaro.org
[PMM: drop change to now-deleted cpu_mode_names array]
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 7d7a48e5b93..869dadbe8db 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -72,7 +72,7 @@ static TCGv_i64 cpu_F0d, cpu_F1d;
#include "exec/gen-icount.h"
-static const char *regnames[] =
+static const char * const regnames[] =
{ "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
"r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" };
@@ -4907,7 +4907,7 @@ static struct {
int nregs;
int interleave;
int spacing;
-} neon_ls_element_type[11] = {
+} const neon_ls_element_type[11] = {
{4, 4, 1},
{4, 4, 2},
{4, 1, 1},
--
2.19.1
[Qemu-devel] [PULL 16/45] target/arm: Implement HCR.VI and VF
The HCR_EL2 VI and VF bits are supposed to track whether there is
a pending virtual IRQ or virtual FIQ. For QEMU we store the
pending VIRQ/VFIQ status in cs->interrupt_request, so this means:
* if the register is read we must get these bit values from
cs->interrupt_request
* if the register is written then we must write the bit
values back into cs->interrupt_request
Signed-off-by: Peter Maydell
Reviewed-by: Richard Henderson
Message-id: 20181012144235.19646-7-peter.mayd...@linaro.org
---
target/arm/helper.c | 47 +
1 file changed, 43 insertions(+), 4 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 0ecef3c1360..af2f63c31b0 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3931,6 +3931,7 @@ static const ARMCPRegInfo el3_no_el2_v8_cp_reginfo[] = {
static void hcr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
{
ARMCPU *cpu = arm_env_get_cpu(env);
+CPUState *cs = ENV_GET_CPU(env);
uint64_t valid_mask = HCR_MASK;
if (arm_feature(env, ARM_FEATURE_EL3)) {
@@ -3949,6 +3950,28 @@ static void hcr_write(CPUARMState *env, const
ARMCPRegInfo *ri, uint64_t value)
/* Clear RES0 bits. */
value &= valid_mask;
+/*
+ * VI and VF are kept in cs->interrupt_request. Modifying that
+ * requires that we have the iothread lock, which is done by
+ * marking the reginfo structs as ARM_CP_IO.
+ * Note that if a write to HCR pends a VIRQ or VFIQ it is never
+ * possible for it to be taken immediately, because VIRQ and
+ * VFIQ are masked unless running at EL0 or EL1, and HCR
+ * can only be written at EL2.
+ */
+g_assert(qemu_mutex_iothread_locked());
+if (value & HCR_VI) {
+cs->interrupt_request |= CPU_INTERRUPT_VIRQ;
+} else {
+cs->interrupt_request &= ~CPU_INTERRUPT_VIRQ;
+}
+if (value & HCR_VF) {
+cs->interrupt_request |= CPU_INTERRUPT_VFIQ;
+} else {
+cs->interrupt_request &= ~CPU_INTERRUPT_VFIQ;
+}
+value &= ~(HCR_VI | HCR_VF);
+
/* These bits change the MMU setup:
* HCR_VM enables stage 2 translation
* HCR_PTW forbids certain page-table setups
@@ -3976,16 +3999,32 @@ static void hcr_writelow(CPUARMState *env, const
ARMCPRegInfo *ri,
hcr_write(env, NULL, value);
}
+static uint64_t hcr_read(CPUARMState *env, const ARMCPRegInfo *ri)
+{
+/* The VI and VF bits live in cs->interrupt_request */
+uint64_t ret = env->cp15.hcr_el2 & ~(HCR_VI | HCR_VF);
+CPUState *cs = ENV_GET_CPU(env);
+
+if (cs->interrupt_request & CPU_INTERRUPT_VIRQ) {
+ret |= HCR_VI;
+}
+if (cs->interrupt_request & CPU_INTERRUPT_VFIQ) {
+ret |= HCR_VF;
+}
+return ret;
+}
+
static const ARMCPRegInfo el2_cp_reginfo[] = {
{ .name = "HCR_EL2", .state = ARM_CP_STATE_AA64,
+ .type = ARM_CP_IO,
.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 0,
.access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.hcr_el2),
- .writefn = hcr_write },
+ .writefn = hcr_write, .readfn = hcr_read },
{ .name = "HCR", .state = ARM_CP_STATE_AA32,
- .type = ARM_CP_ALIAS,
+ .type = ARM_CP_ALIAS | ARM_CP_IO,
.cp = 15, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 0,
.access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.hcr_el2),
- .writefn = hcr_writelow },
+ .writefn = hcr_writelow, .readfn = hcr_read },
{ .name = "ELR_EL2", .state = ARM_CP_STATE_AA64,
.type = ARM_CP_ALIAS,
.opc0 = 3, .opc1 = 4, .crn = 4, .crm = 0, .opc2 = 1,
@@ -4222,7 +4261,7 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
static const ARMCPRegInfo el2_v8_cp_reginfo[] = {
{ .name = "HCR2", .state = ARM_CP_STATE_AA32,
- .type = ARM_CP_ALIAS,
+ .type = ARM_CP_ALIAS | ARM_CP_IO,
.cp = 15, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 4,
.access = PL2_RW,
.fieldoffset = offsetofhigh32(CPUARMState, cp15.hcr_el2),
--
2.19.1
[Qemu-devel] [PULL 31/45] target/arm: Use gvec for NEON_2RM_VMN, NEON_2RM_VNEG
From: Richard Henderson
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-11-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate.c | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index fc0173076a4..d29328774b6 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -7501,6 +7501,14 @@ static int disas_neon_data_insn(DisasContext *s,
uint32_t insn)
tcg_temp_free_ptr(ptr1);
tcg_temp_free_ptr(ptr2);
break;
+
+case NEON_2RM_VMVN:
+tcg_gen_gvec_not(0, rd_ofs, rm_ofs, vec_size, vec_size);
+break;
+case NEON_2RM_VNEG:
+tcg_gen_gvec_neg(size, rd_ofs, rm_ofs, vec_size, vec_size);
+break;
+
default:
elementwise:
for (pass = 0; pass < (q ? 4 : 2); pass++) {
@@ -7541,9 +7549,6 @@ static int disas_neon_data_insn(DisasContext *s, uint32_t
insn)
case NEON_2RM_VCNT:
gen_helper_neon_cnt_u8(tmp, tmp);
break;
-case NEON_2RM_VMVN:
-tcg_gen_not_i32(tmp, tmp);
-break;
case NEON_2RM_VQABS:
switch (size) {
case 0:
@@ -7616,11 +7621,6 @@ static int disas_neon_data_insn(DisasContext *s,
uint32_t insn)
default: abort();
}
break;
-case NEON_2RM_VNEG:
-tmp2 = tcg_const_i32(0);
-gen_neon_rsb(size, tmp, tmp2);
-tcg_temp_free_i32(tmp2);
-break;
case NEON_2RM_VCGT0_F:
{
TCGv_ptr fpstatus = get_fpstatus_ptr(1);
--
2.19.1
Re: [Qemu-devel] [PULL 00/45] Machine queue, 2018-10-18
On 19/10/2018 16:12, Peter Maydell wrote: > On 18 October 2018 at 21:03, Eduardo Habkost wrote: >> The following changes since commit 09558375a634e17cea6cfbfec883ac2376d2dc7f: >> >> Merge remote-tracking branch >> 'remotes/pmaydell/tags/pull-target-arm-20181016-1' into staging (2018-10-16 >> 17:42:56 +0100) >> >> are available in the Git repository at: >> >> git://github.com/ehabkost/qemu.git tags/machine-next-pull-request >> >> for you to fetch changes up to 6d8e1bcc7dd5e819ce81e6a87fffe23e39c700cc: >> >> numa: Clean up error reporting in parse_numa() (2018-10-17 16:33:40 -0300) >> >> >> Machine queue, 2018-10-18 >> >> * sysbus init/realize cleanups >> (Cédric Le Goater, Philippe Mathieu-Daudé) >> * memory-device refactoring (David Hildenbrand) >> * -smp: deprecate incorrect CPUs topology (Igor Mammedov) >> * -numa parsing cleanups (Markus Armbruster) >> * Fix hostmem-file memory leak (Zhang Yi) >> * Typo fix (Li Qiang) >> >> >> > > Hi. This had some problems in merge testing, I'm afraid: > > On aarch64 host, warnings running tests/cpu-plug-test for i386 and s390 > targets: > > TEST: tests/cpu-plug-test... (pid=12602) > /i386/cpu-plug/pc-i440fx-3.0/cpu-add/1x3x2=12: > qemu-system-i386: warning: Invalid CPU topology deprecated: sockets > (1) * cores (3) * threads (2) != maxcpus (12) > OK > /i386/cpu-plug/pc-i440fx-3.0/device-add/1x3x2=12: > qemu-system-i386: warning: Invalid CPU topology deprecated: sockets > (1) * cores (3) * threads (2) != maxcpus (12) > OK > /i386/cpu-plug/pc-q35-3.0/cpu-add/1x3x2=12: > qemu-system-i386: warning: Invalid CPU topology deprecated: sockets > (1) * cores (3) * threads (2) != maxcpus (12) > OK > /i386/cpu-plug/pc-q35-3.0/device-add/1x3x2=12: > qemu-system-i386: warning: Invalid CPU topology deprecated: sockets > (1) * cores (3) * threads (2) != maxcpus (12) > OK > /arm/qom/n800: OK > PASS: tests/cpu-plug-test > [...] > TEST: tests/cpu-plug-test... (pid=15040) > /s390x/cpu-plug/s390-ccw-virtio-3.1/cpu-add/1x3x1=6: > qemu-system-s390x: warning: Invalid CPU topology deprecated: sockets > (1) * cores (3) * threads (1) != maxcpus (6) > OK > /s390x/cpu-plug/s390-ccw-virtio-3.1/device-add/1x3x1=6: > qemu-system-s390x: warning: Invalid CPU topology deprecated: sockets > (1) * cores (3) * threads (1) != maxcpus (6) > OK > /s390x/cpu-plug/s390-ccw-virtio-3.0/cpu-add/1x3x1=6: > qemu-system-s390x: warning: Invalid CPU topology deprecated: sockets > (1) * cores (3) * threads (1) != maxcpus (6) > OK > /s390x/cpu-plug/s390-ccw-virtio-3.0/device-add/1x3x1=6: > qemu-system-s390x: warning: Invalid CPU topology deprecated: sockets > (1) * cores (3) * threads (1) != maxcpus (6) > OK > PASS: tests/cpu-plug-test > > (plus similar ppc64, x86_64 targets) > > I see similar warnings on hosts SPARC, PPC64BE, S390, 32-bit Arm > and x86 FreeBSD. > > I also got a build failure on one of my configs, but I think that > is caused by some latent bug in our makefiles where we don't > correctly rebuild x86_64-softmmu/config-devices.mak when a > change is made to default-configs/i386-softmmu.mak -- doing a > hand rm of the config-devices.mak fixed it. bisected to: 23d0571a24559b867fa47410aa8ec0519b0a1edd is the first bad commit commit 23d0571a24559b867fa47410aa8ec0519b0a1edd Author: Igor Mammedov Date: Thu Sep 13 13:06:01 2018 +0200 vl.c deprecate incorrect CPUs topology -smp [cpus],sockets/cores/threads[,maxcpus] should describe topology so that total number of logical CPUs [sockets * cores * threads] would be equal to [maxcpus], however historically we didn't have such check in QEMU and it is possible to start VM with an invalid topology. Deprecate invalid options combination so we can make sure that the topology VM started with is always correct in the future. Users with an invalid sockets/cores/threads/maxcpus values should fix their CLI to make sure that [sockets * cores * threads] == [maxcpus] > > > thanks > -- PMM >
[Qemu-devel] [PULL 37/45] target/arm: Use gvec for NEON_3R_VTST_VCEQ, NEON_3R_VCGT, NEON_3R_VCGE
From: Richard Henderson
Move cmtst_op expanders from translate-a64.c.
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-17-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate.h | 2 +
target/arm/translate-a64.c | 38 --
target/arm/translate.c | 81 +++---
3 files changed, 60 insertions(+), 61 deletions(-)
diff --git a/target/arm/translate.h b/target/arm/translate.h
index 1b4703dc6e7..1550aa8bc7f 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -198,10 +198,12 @@ extern const GVecGen3 bit_op;
extern const GVecGen3 bif_op;
extern const GVecGen3 mla_op[4];
extern const GVecGen3 mls_op[4];
+extern const GVecGen3 cmtst_op[4];
extern const GVecGen2i ssra_op[4];
extern const GVecGen2i usra_op[4];
extern const GVecGen2i sri_op[4];
extern const GVecGen2i sli_op[4];
+void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b);
/*
* Forward to the isar_feature_* tests given a DisasContext pointer.
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index fd4d8072da2..a41f180a97d 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -8031,28 +8031,6 @@ static void
disas_simd_scalar_three_reg_diff(DisasContext *s, uint32_t insn)
}
}
-/* CMTST : test is "if (X & Y != 0)". */
-static void gen_cmtst_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
-{
-tcg_gen_and_i32(d, a, b);
-tcg_gen_setcondi_i32(TCG_COND_NE, d, d, 0);
-tcg_gen_neg_i32(d, d);
-}
-
-static void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
-{
-tcg_gen_and_i64(d, a, b);
-tcg_gen_setcondi_i64(TCG_COND_NE, d, d, 0);
-tcg_gen_neg_i64(d, d);
-}
-
-static void gen_cmtst_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
-{
-tcg_gen_and_vec(vece, d, a, b);
-tcg_gen_dupi_vec(vece, a, 0);
-tcg_gen_cmp_vec(TCG_COND_NE, vece, d, d, a);
-}
-
static void handle_3same_64(DisasContext *s, int opcode, bool u,
TCGv_i64 tcg_rd, TCGv_i64 tcg_rn, TCGv_i64 tcg_rm)
{
@@ -10413,22 +10391,6 @@ static void disas_simd_3same_float(DisasContext *s,
uint32_t insn)
/* Integer op subgroup of C3.6.16. */
static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
{
-static const GVecGen3 cmtst_op[4] = {
-{ .fni4 = gen_helper_neon_tst_u8,
- .fniv = gen_cmtst_vec,
- .vece = MO_8 },
-{ .fni4 = gen_helper_neon_tst_u16,
- .fniv = gen_cmtst_vec,
- .vece = MO_16 },
-{ .fni4 = gen_cmtst_i32,
- .fniv = gen_cmtst_vec,
- .vece = MO_32 },
-{ .fni8 = gen_cmtst_i64,
- .fniv = gen_cmtst_vec,
- .prefer_i64 = TCG_TARGET_REG_BITS == 64,
- .vece = MO_64 },
-};
-
int is_q = extract32(insn, 30, 1);
int u = extract32(insn, 29, 1);
int size = extract32(insn, 22, 2);
diff --git a/target/arm/translate.c b/target/arm/translate.c
index d4eb66fadd6..e6b06910369 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -6143,6 +6143,44 @@ const GVecGen3 mls_op[4] = {
.vece = MO_64 },
};
+/* CMTST : test is "if (X & Y != 0)". */
+static void gen_cmtst_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+tcg_gen_and_i32(d, a, b);
+tcg_gen_setcondi_i32(TCG_COND_NE, d, d, 0);
+tcg_gen_neg_i32(d, d);
+}
+
+void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
+{
+tcg_gen_and_i64(d, a, b);
+tcg_gen_setcondi_i64(TCG_COND_NE, d, d, 0);
+tcg_gen_neg_i64(d, d);
+}
+
+static void gen_cmtst_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
+{
+tcg_gen_and_vec(vece, d, a, b);
+tcg_gen_dupi_vec(vece, a, 0);
+tcg_gen_cmp_vec(TCG_COND_NE, vece, d, d, a);
+}
+
+const GVecGen3 cmtst_op[4] = {
+{ .fni4 = gen_helper_neon_tst_u8,
+ .fniv = gen_cmtst_vec,
+ .vece = MO_8 },
+{ .fni4 = gen_helper_neon_tst_u16,
+ .fniv = gen_cmtst_vec,
+ .vece = MO_16 },
+{ .fni4 = gen_cmtst_i32,
+ .fniv = gen_cmtst_vec,
+ .vece = MO_32 },
+{ .fni8 = gen_cmtst_i64,
+ .fniv = gen_cmtst_vec,
+ .prefer_i64 = TCG_TARGET_REG_BITS == 64,
+ .vece = MO_64 },
+};
+
/* Translate a NEON data processing instruction. Return nonzero if the
instruction is invalid.
We process data in a mixture of 32-bit and 64-bit chunks.
@@ -6349,6 +6387,26 @@ static int disas_neon_data_insn(DisasContext *s,
uint32_t insn)
tcg_gen_gvec_3(rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size,
u ? _op[size] : _op[size]);
return 0;
+
+case NEON_3R_VTST_VCEQ:
+if (u) { /* VCEQ */
+tcg_gen_gvec_cmp(TCG_COND_EQ, size, rd_ofs, rn_ofs, rm_ofs,
+ vec_size, vec_size);
+} else { /* VTST */
+tcg_gen_gvec_3(rd_ofs, rn_ofs, rm_ofs,
+ vec_size, vec_size, _op[size]);
+}
+
[Qemu-devel] [PULL 18/45] target/arm: New utility function to extract EC from syndrome
Create and use a utility function to extract the EC field
from a syndrome, rather than open-coding the shift.
Signed-off-by: Peter Maydell
Reviewed-by: Richard Henderson
Message-id: 20181012144235.19646-9-peter.mayd...@linaro.org
---
target/arm/internals.h | 5 +
target/arm/helper.c| 4 ++--
target/arm/kvm64.c | 2 +-
target/arm/op_helper.c | 2 +-
4 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 6b204fad51e..bf7bd1fbfe1 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -278,6 +278,11 @@ enum arm_exception_class {
#define ARM_EL_IL (1 << ARM_EL_IL_SHIFT)
#define ARM_EL_ISV (1 << ARM_EL_ISV_SHIFT)
+static inline uint32_t syn_get_ec(uint32_t syn)
+{
+return syn >> ARM_EL_EC_SHIFT;
+}
+
/* Utility functions for constructing various kinds of syndrome value.
* Note that in general we follow the AArch64 syndrome values; in a
* few cases the value in HSR for exceptions taken to AArch32 Hyp
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 1928d3fadd9..26872edef75 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8336,7 +8336,7 @@ static void arm_cpu_do_interrupt_aarch32(CPUState *cs)
uint32_t moe;
/* If this is a debug exception we must update the DBGDSCR.MOE bits */
-switch (env->exception.syndrome >> ARM_EL_EC_SHIFT) {
+switch (syn_get_ec(env->exception.syndrome)) {
case EC_BREAKPOINT:
case EC_BREAKPOINT_SAME_EL:
moe = 1;
@@ -8676,7 +8676,7 @@ void arm_cpu_do_interrupt(CPUState *cs)
if (qemu_loglevel_mask(CPU_LOG_INT)
&& !excp_is_internal(cs->exception_index)) {
qemu_log_mask(CPU_LOG_INT, "...with ESR 0x%x/0x%" PRIx32 "\n",
- env->exception.syndrome >> ARM_EL_EC_SHIFT,
+ syn_get_ec(env->exception.syndrome),
env->exception.syndrome);
}
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index 5411486491a..5de8ff0ac57 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -933,7 +933,7 @@ int kvm_arch_remove_sw_breakpoint(CPUState *cs, struct
kvm_sw_breakpoint *bp)
bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit)
{
-int hsr_ec = debug_exit->hsr >> ARM_EL_EC_SHIFT;
+int hsr_ec = syn_get_ec(debug_exit->hsr);
ARMCPU *cpu = ARM_CPU(cs);
CPUClass *cc = CPU_GET_CLASS(cs);
CPUARMState *env = >env;
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index d9155797126..90741f6331d 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -42,7 +42,7 @@ void raise_exception(CPUARMState *env, uint32_t excp,
* (see DDI0478C.a D1.10.4)
*/
target_el = 2;
-if (syndrome >> ARM_EL_EC_SHIFT == EC_ADVSIMDFPACCESSTRAP) {
+if (syn_get_ec(syndrome) == EC_ADVSIMDFPACCESSTRAP) {
syndrome = syn_uncategorized();
}
}
--
2.19.1
[Qemu-devel] [PULL 22/45] target/arm: Hoist address increment for vector memory ops
From: Richard Henderson
This can reduce the number of opcodes required for certain
complex forms of load-multiple (e.g. ld4.16b).
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-2-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate-a64.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 09c7c4af047..371909620bb 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -3012,7 +3012,7 @@ static void disas_ldst_multiple_struct(DisasContext *s,
uint32_t insn)
bool is_store = !extract32(insn, 22, 1);
bool is_postidx = extract32(insn, 23, 1);
bool is_q = extract32(insn, 30, 1);
-TCGv_i64 tcg_addr, tcg_rn;
+TCGv_i64 tcg_addr, tcg_rn, tcg_ebytes;
int ebytes = 1 << size;
int elements = (is_q ? 128 : 64) / (8 << size);
@@ -3077,6 +3077,7 @@ static void disas_ldst_multiple_struct(DisasContext *s,
uint32_t insn)
tcg_rn = cpu_reg_sp(s, rn);
tcg_addr = tcg_temp_new_i64();
tcg_gen_mov_i64(tcg_addr, tcg_rn);
+tcg_ebytes = tcg_const_i64(ebytes);
for (r = 0; r < rpt; r++) {
int e;
@@ -3101,7 +3102,7 @@ static void disas_ldst_multiple_struct(DisasContext *s,
uint32_t insn)
clear_vec_high(s, is_q, tt);
}
}
-tcg_gen_addi_i64(tcg_addr, tcg_addr, ebytes);
+tcg_gen_add_i64(tcg_addr, tcg_addr, tcg_ebytes);
tt = (tt + 1) % 32;
}
}
@@ -3115,6 +3116,7 @@ static void disas_ldst_multiple_struct(DisasContext *s,
uint32_t insn)
tcg_gen_add_i64(tcg_rn, tcg_rn, cpu_reg(s, rm));
}
}
+tcg_temp_free_i64(tcg_ebytes);
tcg_temp_free_i64(tcg_addr);
}
@@ -3157,7 +3159,7 @@ static void disas_ldst_single_struct(DisasContext *s,
uint32_t insn)
bool replicate = false;
int index = is_q << 3 | S << 2 | size;
int ebytes, xs;
-TCGv_i64 tcg_addr, tcg_rn;
+TCGv_i64 tcg_addr, tcg_rn, tcg_ebytes;
switch (scale) {
case 3:
@@ -3210,6 +3212,7 @@ static void disas_ldst_single_struct(DisasContext *s,
uint32_t insn)
tcg_rn = cpu_reg_sp(s, rn);
tcg_addr = tcg_temp_new_i64();
tcg_gen_mov_i64(tcg_addr, tcg_rn);
+tcg_ebytes = tcg_const_i64(ebytes);
for (xs = 0; xs < selem; xs++) {
if (replicate) {
@@ -3252,7 +3255,7 @@ static void disas_ldst_single_struct(DisasContext *s,
uint32_t insn)
do_vec_st(s, rt, index, tcg_addr, scale);
}
}
-tcg_gen_addi_i64(tcg_addr, tcg_addr, ebytes);
+tcg_gen_add_i64(tcg_addr, tcg_addr, tcg_ebytes);
rt = (rt + 1) % 32;
}
@@ -3264,6 +3267,7 @@ static void disas_ldst_single_struct(DisasContext *s,
uint32_t insn)
tcg_gen_add_i64(tcg_rn, tcg_rn, cpu_reg(s, rm));
}
}
+tcg_temp_free_i64(tcg_ebytes);
tcg_temp_free_i64(tcg_addr);
}
--
2.19.1
Re: [Qemu-devel] [RFC PATCH v3 2/6] tests/acceptance: Add a kludge to not use the default console
On 10/13/18 11:15 AM, Philippe Mathieu-Daudé wrote:
> The board already instantiate the proper devices, we don't want to
> add extra devices but connect the chardev to one of the serial already
> available.
>
> Signed-off-by: Philippe Mathieu-Daudé
> ---
> scripts/qemu.py | 6 --
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/scripts/qemu.py b/scripts/qemu.py
> index fca9b76990..7e779954e6 100644
> --- a/scripts/qemu.py
> +++ b/scripts/qemu.py
> @@ -221,8 +221,10 @@ class QEMUMachine(object):
> self._name +
> "-console.sock")
> chardev = ('socket,id=console,path=%s,server,nowait' %
> self._console_address)
> -device = '%s,chardev=console' % self._console_device_type
> -args.extend(['-chardev', chardev, '-device', device])
> +args.extend(['-chardev', chardev])
> +if len(self._console_device_type):
Considering `self._console_device_type` will come from `set_console()`,
either explicitly as the "device_type" parameter, or from the list on
CONSOLE_DEV_TYPES, wouldn't it make more sense to just drop the
definitions for the machine types that don't need an explicit device?
That way, self.set_console() could be called with no arguments (instead
of the empty string). And this check would become:
if self._console_device_type is not None:
> +device = '%s,chardev=console' % self._console_device_type
> +args.extend(['-device', device])
> return args
>
> def _pre_launch(self):
>
[Qemu-devel] [PULL 23/45] target/arm: Don't call tcg_clear_temp_count
From: Richard Henderson
This is done generically in translator_loop.
Reported-by: Laurent Desnogues
Signed-off-by: Richard Henderson
Reviewed-by: Philippe Mathieu-Daudé
Message-id: 20181011205206.3552-3-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate-a64.c | 1 -
target/arm/translate.c | 1 -
2 files changed, 2 deletions(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 371909620bb..c3a0e5accd8 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -13899,7 +13899,6 @@ static void
aarch64_tr_init_disas_context(DisasContextBase *dcbase,
static void aarch64_tr_tb_start(DisasContextBase *db, CPUState *cpu)
{
-tcg_clear_temp_count();
}
static void aarch64_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 1bf339a98b6..7d7a48e5b93 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -12701,7 +12701,6 @@ static void arm_tr_tb_start(DisasContextBase *dcbase,
CPUState *cpu)
tcg_gen_movi_i32(tmp, 0);
store_cpu_field(tmp, condexec_bits);
}
-tcg_clear_temp_count();
}
static void arm_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
--
2.19.1
[Qemu-devel] [PULL 10/45] target/arm: Convert v8.2-fp16 from feature bit to aa64pfr0 test
From: Richard Henderson
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
Message-id: 20181016223115.24100-9-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/cpu.h | 17 +++-
linux-user/elfload.c | 6 +-
target/arm/cpu64.c | 16 ---
target/arm/helper.c| 2 +-
target/arm/translate-a64.c | 40 +++---
target/arm/translate.c | 6 +++---
6 files changed, 50 insertions(+), 37 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 9750199ba27..895f9909d80 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1602,7 +1602,6 @@ enum arm_features {
ARM_FEATURE_PMU, /* has PMU support */
ARM_FEATURE_VBAR, /* has cp15 VBAR */
ARM_FEATURE_M_SECURITY, /* M profile Security Extension */
-ARM_FEATURE_V8_FP16, /* implements v8.2 half-precision float */
ARM_FEATURE_M_MAIN, /* M profile Main Extension */
};
@@ -3217,6 +3216,16 @@ static inline bool isar_feature_aa32_dp(const
ARMISARegisters *id)
return FIELD_EX32(id->id_isar6, ID_ISAR6, DP) != 0;
}
+static inline bool isar_feature_aa32_fp16_arith(const ARMISARegisters *id)
+{
+/*
+ * This is a placeholder for use by VCMA until the rest of
+ * the ARMv8.2-FP16 extension is implemented for aa32 mode.
+ * At which point we can properly set and check MVFR1.FPHP.
+ */
+return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, FP) == 1;
+}
+
/*
* 64-bit feature tests via id registers.
*/
@@ -3285,6 +3294,12 @@ static inline bool isar_feature_aa64_fcma(const
ARMISARegisters *id)
return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, FCMA) != 0;
}
+static inline bool isar_feature_aa64_fp16(const ARMISARegisters *id)
+{
+/* We always set the AdvSIMD and FP fields identically wrt FP16. */
+return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, FP) == 1;
+}
+
static inline bool isar_feature_aa64_sve(const ARMISARegisters *id)
{
return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, SVE) != 0;
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 64e41fb235c..45d6836bb96 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -573,8 +573,6 @@ static uint32_t get_elf_hwcap(void)
hwcaps |= ARM_HWCAP_A64_ASIMD;
/* probe for the extra features */
-#define GET_FEATURE(feat, hwcap) \
-do { if (arm_feature(>env, feat)) { hwcaps |= hwcap; } } while (0)
#define GET_FEATURE_ID(feat, hwcap) \
do { if (cpu_isar_feature(feat, cpu)) { hwcaps |= hwcap; } } while (0)
@@ -587,15 +585,13 @@ static uint32_t get_elf_hwcap(void)
GET_FEATURE_ID(aa64_sha3, ARM_HWCAP_A64_SHA3);
GET_FEATURE_ID(aa64_sm3, ARM_HWCAP_A64_SM3);
GET_FEATURE_ID(aa64_sm4, ARM_HWCAP_A64_SM4);
-GET_FEATURE(ARM_FEATURE_V8_FP16,
-ARM_HWCAP_A64_FPHP | ARM_HWCAP_A64_ASIMDHP);
+GET_FEATURE_ID(aa64_fp16, ARM_HWCAP_A64_FPHP | ARM_HWCAP_A64_ASIMDHP);
GET_FEATURE_ID(aa64_atomics, ARM_HWCAP_A64_ATOMICS);
GET_FEATURE_ID(aa64_rdm, ARM_HWCAP_A64_ASIMDRDM);
GET_FEATURE_ID(aa64_dp, ARM_HWCAP_A64_ASIMDDP);
GET_FEATURE_ID(aa64_fcma, ARM_HWCAP_A64_FCMA);
GET_FEATURE_ID(aa64_sve, ARM_HWCAP_A64_SVE);
-#undef GET_FEATURE
#undef GET_FEATURE_ID
return hwcaps;
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 0520a421964..873f059bf22 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -320,6 +320,8 @@ static void aarch64_max_initfn(Object *obj)
t = cpu->isar.id_aa64pfr0;
t = FIELD_DP64(t, ID_AA64PFR0, SVE, 1);
+t = FIELD_DP64(t, ID_AA64PFR0, FP, 1);
+t = FIELD_DP64(t, ID_AA64PFR0, ADVSIMD, 1);
cpu->isar.id_aa64pfr0 = t;
/* Replicate the same data to the 32-bit id registers. */
@@ -336,14 +338,14 @@ static void aarch64_max_initfn(Object *obj)
u = FIELD_DP32(u, ID_ISAR6, DP, 1);
cpu->isar.id_isar6 = u;
-#ifdef CONFIG_USER_ONLY
-/* We don't set these in system emulation mode for the moment,
- * since we don't correctly set the ID registers to advertise them,
- * and in some cases they're only available in AArch64 and not AArch32,
- * whereas the architecture requires them to be present in both if
- * present in either.
+/*
+ * FIXME: We do not yet support ARMv8.2-fp16 for AArch32 yet,
+ * so do not set MVFR1.FPHP. Strictly speaking this is not legal,
+ * but it is also not legal to enable SVE without support for FP16,
+ * and enabling SVE in system mode is more useful in the short term.
*/
-set_feature(>env, ARM_FEATURE_V8_FP16);
+
+#ifdef CONFIG_USER_ONLY
/* For usermode -cpu max we can use a larger and more efficient DCZ
* blocksize since we don't have to follow what the hardware does.
*/
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 0685c9bc934..9a0e92f286c 100644
Re: [Qemu-devel] [PATCH v5 05/14] target/mips: Add bit encoding for MXU add/subtract patterns 'aptn2'
> From: Aleksandar Markovic <> aleksandar.marko...@rt-rk.com> > Sent: Friday, October 19, 2018 6:33 PM > Subject: [PATCH v5 05/14] target/mips: > Add bit encoding for MXU > add/subtract > patterns 'aptn2' > > From: Craig Janeczek <> jancr...@amazon.com> > > Add bit encoding for MXU add/subtract patterns 'aptn2'. > 'eptn2' is very similar to 'aptn2', but we need a similar patch for 'eptn2' too. This is needed so that we are as close to the documentation as possible. 'aptn1' and 'strd2', in my opinion, do not need any preprocessor definition, since they can be only 0 and 1, and 0, 1, 2 respectively... What do you think, Craig? Thanks, Aleksandar > Signed-off-by: Craig Janeczek <> jancr...@amazon.com> > Signed-off-by: Aleksandar Markovic <> amarko...@wavecomp.com> > --- > target/mips/translate.c | 7 +++ > 1 file changed, 7 insertions(+) > > diff --git a/target/mips/translate.c b/> target/mips/translate.c > index 5f8dcc9..f465635 100644 > --- a/target/mips/translate.c > +++ b/target/mips/translate.c > @@ -23311,6 +23311,13 @@ static void > decode_opc_special(CPUMIPSState *env, > > DisasContext *ctx) > } > } > > +/* MXU add/subtract patterns 'aptn2' */ > +#define MXU_APTN2_AA0 > +#define MXU_APTN2_AS1 > +#define MXU_APTN2_SA2 > +#define MXU_APTN2_SS3 > + > + > /* > * > * Decode MXU pool00 > -- > 2.7.4 >
[Qemu-devel] [PULL 24/45] target/arm: Use tcg_gen_gvec_dup_i64 for LD[1-4]R
From: Richard Henderson
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-4-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate-a64.c | 28 +++-
1 file changed, 3 insertions(+), 25 deletions(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index c3a0e5accd8..39ac45c0080 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -3217,36 +3217,14 @@ static void disas_ldst_single_struct(DisasContext *s,
uint32_t insn)
for (xs = 0; xs < selem; xs++) {
if (replicate) {
/* Load and replicate to all elements */
-uint64_t mulconst;
TCGv_i64 tcg_tmp = tcg_temp_new_i64();
tcg_gen_qemu_ld_i64(tcg_tmp, tcg_addr,
get_mem_index(s), s->be_data + scale);
-switch (scale) {
-case 0:
-mulconst = 0x0101010101010101ULL;
-break;
-case 1:
-mulconst = 0x0001000100010001ULL;
-break;
-case 2:
-mulconst = 0x00010001ULL;
-break;
-case 3:
-mulconst = 0;
-break;
-default:
-g_assert_not_reached();
-}
-if (mulconst) {
-tcg_gen_muli_i64(tcg_tmp, tcg_tmp, mulconst);
-}
-write_vec_element(s, tcg_tmp, rt, 0, MO_64);
-if (is_q) {
-write_vec_element(s, tcg_tmp, rt, 1, MO_64);
-}
+tcg_gen_gvec_dup_i64(scale, vec_full_reg_offset(s, rt),
+ (is_q + 1) * 8, vec_full_reg_size(s),
+ tcg_tmp);
tcg_temp_free_i64(tcg_tmp);
-clear_vec_high(s, is_q, rt);
} else {
/* Load/store one element per register */
if (is_load) {
--
2.19.1
[Qemu-devel] [PULL 06/45] target/arm: Convert division from feature bits to isar0 tests
From: Richard Henderson
Both arm and thumb2 division are controlled by the same ISAR field,
which takes care of the arm implies thumb case. Having M imply
thumb2 division was wrong for cortex-m0, which is v6m and does not
have thumb2 at all, much less thumb2 division.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
Message-id: 20181016223115.24100-5-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/cpu.h | 12 ++--
linux-user/elfload.c | 4 ++--
target/arm/cpu.c | 10 +-
target/arm/translate.c | 4 ++--
4 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 1c0712fe840..f1c2ec64616 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1563,7 +1563,6 @@ enum arm_features {
ARM_FEATURE_VFP3,
ARM_FEATURE_VFP_FP16,
ARM_FEATURE_NEON,
-ARM_FEATURE_THUMB_DIV, /* divide supported in Thumb encoding */
ARM_FEATURE_M, /* Microcontroller profile. */
ARM_FEATURE_OMAPCP, /* OMAP specific CP15 ops handling. */
ARM_FEATURE_THUMB2EE,
@@ -1573,7 +1572,6 @@ enum arm_features {
ARM_FEATURE_V5,
ARM_FEATURE_STRONGARM,
ARM_FEATURE_VAPA, /* cp15 VA to PA lookups */
-ARM_FEATURE_ARM_DIV, /* divide supported in ARM encoding */
ARM_FEATURE_VFP4, /* VFPv4 (implies that NEON is v2) */
ARM_FEATURE_GENERIC_TIMER,
ARM_FEATURE_MVFR, /* Media and VFP Feature Registers 0 and 1 */
@@ -3152,6 +3150,16 @@ extern const uint64_t pred_esz_masks[4];
/*
* 32-bit feature tests via id registers.
*/
+static inline bool isar_feature_thumb_div(const ARMISARegisters *id)
+{
+return FIELD_EX32(id->id_isar0, ID_ISAR0, DIVIDE) != 0;
+}
+
+static inline bool isar_feature_arm_div(const ARMISARegisters *id)
+{
+return FIELD_EX32(id->id_isar0, ID_ISAR0, DIVIDE) > 1;
+}
+
static inline bool isar_feature_aa32_aes(const ARMISARegisters *id)
{
return FIELD_EX32(id->id_isar5, ID_ISAR5, AES) != 0;
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 97014959ff3..1e0f22d812b 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -471,8 +471,8 @@ static uint32_t get_elf_hwcap(void)
GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPv3);
GET_FEATURE(ARM_FEATURE_V6K, ARM_HWCAP_ARM_TLS);
GET_FEATURE(ARM_FEATURE_VFP4, ARM_HWCAP_ARM_VFPv4);
-GET_FEATURE(ARM_FEATURE_ARM_DIV, ARM_HWCAP_ARM_IDIVA);
-GET_FEATURE(ARM_FEATURE_THUMB_DIV, ARM_HWCAP_ARM_IDIVT);
+GET_FEATURE_ID(arm_div, ARM_HWCAP_ARM_IDIVA);
+GET_FEATURE_ID(thumb_div, ARM_HWCAP_ARM_IDIVT);
/* All QEMU's VFPv3 CPUs have 32 registers, see VFP_DREG in translate.c.
* Note that the ARM_HWCAP_ARM_VFPv3D16 bit is always the inverse of
* ARM_HWCAP_ARM_VFPD32 (and so always clear for QEMU); it is unrelated
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 6f27c33b555..9319f92f1f3 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -829,7 +829,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error
**errp)
* Presence of EL2 itself is ARM_FEATURE_EL2, and of the
* Security Extensions is ARM_FEATURE_EL3.
*/
-set_feature(env, ARM_FEATURE_ARM_DIV);
+assert(cpu_isar_feature(arm_div, cpu));
set_feature(env, ARM_FEATURE_LPAE);
set_feature(env, ARM_FEATURE_V7);
}
@@ -862,12 +862,6 @@ static void arm_cpu_realizefn(DeviceState *dev, Error
**errp)
if (arm_feature(env, ARM_FEATURE_V5)) {
set_feature(env, ARM_FEATURE_V4T);
}
-if (arm_feature(env, ARM_FEATURE_M)) {
-set_feature(env, ARM_FEATURE_THUMB_DIV);
-}
-if (arm_feature(env, ARM_FEATURE_ARM_DIV)) {
-set_feature(env, ARM_FEATURE_THUMB_DIV);
-}
if (arm_feature(env, ARM_FEATURE_VFP4)) {
set_feature(env, ARM_FEATURE_VFP3);
set_feature(env, ARM_FEATURE_VFP_FP16);
@@ -1388,8 +1382,6 @@ static void cortex_r5_initfn(Object *obj)
ARMCPU *cpu = ARM_CPU(obj);
set_feature(>env, ARM_FEATURE_V7);
-set_feature(>env, ARM_FEATURE_THUMB_DIV);
-set_feature(>env, ARM_FEATURE_ARM_DIV);
set_feature(>env, ARM_FEATURE_V7MP);
set_feature(>env, ARM_FEATURE_PMSA);
cpu->midr = 0x411fc153; /* r1p3 */
diff --git a/target/arm/translate.c b/target/arm/translate.c
index f6215951970..8b2be714390 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -9755,7 +9755,7 @@ static void disas_arm_insn(DisasContext *s, unsigned int
insn)
case 1:
case 3:
/* SDIV, UDIV */
-if (!arm_dc_feature(s, ARM_FEATURE_ARM_DIV)) {
+if (!dc_isar_feature(arm_div, s)) {
goto illegal_op;
}
if (((insn >> 5) & 7) || (rd != 15)) {
@@ -10963,7 +10963,7 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t
insn)
tmp2 =
[Qemu-devel] [PULL 15/45] target/arm: ISR_EL1 bits track virtual interrupts if IMO/FMO set
The A/I/F bits in ISR_EL1 should track the virtual interrupt
status, not the physical interrupt status, if the associated
HCR_EL2.AMO/IMO/FMO bit is set. Implement this, rather than
always showing the physical interrupt status.
We don't currently implement anything to do with external
aborts, so this applies only to the I and F bits (though it
ought to be possible for the outer guest to present a virtual
external abort to the inner guest, even if QEMU doesn't
emulate physical external aborts, so there is missing
functionality in this area).
Signed-off-by: Peter Maydell
Reviewed-by: Richard Henderson
Message-id: 20181012144235.19646-6-peter.mayd...@linaro.org
---
target/arm/helper.c | 22 ++
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 24c976752c4..0ecef3c1360 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1329,12 +1329,26 @@ static uint64_t isr_read(CPUARMState *env, const
ARMCPRegInfo *ri)
CPUState *cs = ENV_GET_CPU(env);
uint64_t ret = 0;
-if (cs->interrupt_request & CPU_INTERRUPT_HARD) {
-ret |= CPSR_I;
+if (arm_hcr_el2_imo(env)) {
+if (cs->interrupt_request & CPU_INTERRUPT_VIRQ) {
+ret |= CPSR_I;
+}
+} else {
+if (cs->interrupt_request & CPU_INTERRUPT_HARD) {
+ret |= CPSR_I;
+}
}
-if (cs->interrupt_request & CPU_INTERRUPT_FIQ) {
-ret |= CPSR_F;
+
+if (arm_hcr_el2_fmo(env)) {
+if (cs->interrupt_request & CPU_INTERRUPT_VFIQ) {
+ret |= CPSR_F;
+}
+} else {
+if (cs->interrupt_request & CPU_INTERRUPT_FIQ) {
+ret |= CPSR_F;
+}
}
+
/* External aborts are not possible in QEMU so A bit is always clear */
return ret;
}
--
2.19.1
[Qemu-devel] [PULL 25/45] target/arm: Promote consecutive memory ops for aa64
From: Richard Henderson
For a sequence of loads or stores from a single register,
little-endian operations can be promoted to an 8-byte op.
This can reduce the number of operations by a factor of 8.
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-5-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate-a64.c | 66 +++---
1 file changed, 40 insertions(+), 26 deletions(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 39ac45c0080..f1bd9d7633a 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1200,25 +1200,23 @@ static void write_vec_element_i32(DisasContext *s,
TCGv_i32 tcg_src,
/* Store from vector register to memory */
static void do_vec_st(DisasContext *s, int srcidx, int element,
- TCGv_i64 tcg_addr, int size)
+ TCGv_i64 tcg_addr, int size, TCGMemOp endian)
{
-TCGMemOp memop = s->be_data + size;
TCGv_i64 tcg_tmp = tcg_temp_new_i64();
read_vec_element(s, tcg_tmp, srcidx, element, size);
-tcg_gen_qemu_st_i64(tcg_tmp, tcg_addr, get_mem_index(s), memop);
+tcg_gen_qemu_st_i64(tcg_tmp, tcg_addr, get_mem_index(s), endian | size);
tcg_temp_free_i64(tcg_tmp);
}
/* Load from memory to vector register */
static void do_vec_ld(DisasContext *s, int destidx, int element,
- TCGv_i64 tcg_addr, int size)
+ TCGv_i64 tcg_addr, int size, TCGMemOp endian)
{
-TCGMemOp memop = s->be_data + size;
TCGv_i64 tcg_tmp = tcg_temp_new_i64();
-tcg_gen_qemu_ld_i64(tcg_tmp, tcg_addr, get_mem_index(s), memop);
+tcg_gen_qemu_ld_i64(tcg_tmp, tcg_addr, get_mem_index(s), endian | size);
write_vec_element(s, tcg_tmp, destidx, element, size);
tcg_temp_free_i64(tcg_tmp);
@@ -3013,9 +3011,10 @@ static void disas_ldst_multiple_struct(DisasContext *s,
uint32_t insn)
bool is_postidx = extract32(insn, 23, 1);
bool is_q = extract32(insn, 30, 1);
TCGv_i64 tcg_addr, tcg_rn, tcg_ebytes;
+TCGMemOp endian = s->be_data;
-int ebytes = 1 << size;
-int elements = (is_q ? 128 : 64) / (8 << size);
+int ebytes; /* bytes per element */
+int elements; /* elements per vector */
int rpt;/* num iterations */
int selem; /* structure elements */
int r;
@@ -3074,6 +3073,20 @@ static void disas_ldst_multiple_struct(DisasContext *s,
uint32_t insn)
gen_check_sp_alignment(s);
}
+/* For our purposes, bytes are always little-endian. */
+if (size == 0) {
+endian = MO_LE;
+}
+
+/* Consecutive little-endian elements from a single register
+ * can be promoted to a larger little-endian operation.
+ */
+if (selem == 1 && endian == MO_LE) {
+size = 3;
+}
+ebytes = 1 << size;
+elements = (is_q ? 16 : 8) / ebytes;
+
tcg_rn = cpu_reg_sp(s, rn);
tcg_addr = tcg_temp_new_i64();
tcg_gen_mov_i64(tcg_addr, tcg_rn);
@@ -3082,32 +3095,33 @@ static void disas_ldst_multiple_struct(DisasContext *s,
uint32_t insn)
for (r = 0; r < rpt; r++) {
int e;
for (e = 0; e < elements; e++) {
-int tt = (rt + r) % 32;
int xs;
for (xs = 0; xs < selem; xs++) {
+int tt = (rt + r + xs) % 32;
if (is_store) {
-do_vec_st(s, tt, e, tcg_addr, size);
+do_vec_st(s, tt, e, tcg_addr, size, endian);
} else {
-do_vec_ld(s, tt, e, tcg_addr, size);
-
-/* For non-quad operations, setting a slice of the low
- * 64 bits of the register clears the high 64 bits (in
- * the ARM ARM pseudocode this is implicit in the fact
- * that 'rval' is a 64 bit wide variable).
- * For quad operations, we might still need to zero the
- * high bits of SVE. We optimize by noticing that we only
- * need to do this the first time we touch a register.
- */
-if (e == 0 && (r == 0 || xs == selem - 1)) {
-clear_vec_high(s, is_q, tt);
-}
+do_vec_ld(s, tt, e, tcg_addr, size, endian);
}
tcg_gen_add_i64(tcg_addr, tcg_addr, tcg_ebytes);
-tt = (tt + 1) % 32;
}
}
}
+if (!is_store) {
+/* For non-quad operations, setting a slice of the low
+ * 64 bits of the register clears the high 64 bits (in
+ * the ARM ARM pseudocode this is implicit in the fact
+ * that 'rval' is a 64 bit wide variable).
+ * For quad operations, we might still need to zero the
+ * high bits of SVE.
+ */
+for (r = 0; r < rpt * selem; r++) {
+int tt = (rt + r) %
[Qemu-devel] [PULL 03/45] target/arm: Move some system registers into a substructure
From: Richard Henderson
Create struct ARMISARegisters, to be accessed during translation.
Signed-off-by: Richard Henderson
Message-id: 20181016223115.24100-2-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/cpu.h | 32
hw/intc/armv7m_nvic.c | 12 +--
target/arm/cpu.c | 178 +-
target/arm/cpu64.c| 70 -
target/arm/helper.c | 28 +++
5 files changed, 162 insertions(+), 158 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index a314e557ac0..e6ee509d0ba 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -795,13 +795,28 @@ struct ARMCPU {
* ARMv7AR ARM Architecture Reference Manual. A reset_ prefix
* is used for reset values of non-constant registers; no reset_
* prefix means a constant register.
+ * Some of these registers are split out into a substructure that
+ * is shared with the translators to control the ISA.
*/
+struct ARMISARegisters {
+uint32_t id_isar0;
+uint32_t id_isar1;
+uint32_t id_isar2;
+uint32_t id_isar3;
+uint32_t id_isar4;
+uint32_t id_isar5;
+uint32_t id_isar6;
+uint32_t mvfr0;
+uint32_t mvfr1;
+uint32_t mvfr2;
+uint64_t id_aa64isar0;
+uint64_t id_aa64isar1;
+uint64_t id_aa64pfr0;
+uint64_t id_aa64pfr1;
+} isar;
uint32_t midr;
uint32_t revidr;
uint32_t reset_fpsid;
-uint32_t mvfr0;
-uint32_t mvfr1;
-uint32_t mvfr2;
uint32_t ctr;
uint32_t reset_sctlr;
uint32_t id_pfr0;
@@ -815,21 +830,10 @@ struct ARMCPU {
uint32_t id_mmfr2;
uint32_t id_mmfr3;
uint32_t id_mmfr4;
-uint32_t id_isar0;
-uint32_t id_isar1;
-uint32_t id_isar2;
-uint32_t id_isar3;
-uint32_t id_isar4;
-uint32_t id_isar5;
-uint32_t id_isar6;
-uint64_t id_aa64pfr0;
-uint64_t id_aa64pfr1;
uint64_t id_aa64dfr0;
uint64_t id_aa64dfr1;
uint64_t id_aa64afr0;
uint64_t id_aa64afr1;
-uint64_t id_aa64isar0;
-uint64_t id_aa64isar1;
uint64_t id_aa64mmfr0;
uint64_t id_aa64mmfr1;
uint32_t dbgdidr;
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 0d816fdd2cc..0beefb05d44 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -1055,17 +1055,17 @@ static uint32_t nvic_readl(NVICState *s, uint32_t
offset, MemTxAttrs attrs)
case 0xd5c: /* MMFR3. */
return cpu->id_mmfr3;
case 0xd60: /* ISAR0. */
-return cpu->id_isar0;
+return cpu->isar.id_isar0;
case 0xd64: /* ISAR1. */
-return cpu->id_isar1;
+return cpu->isar.id_isar1;
case 0xd68: /* ISAR2. */
-return cpu->id_isar2;
+return cpu->isar.id_isar2;
case 0xd6c: /* ISAR3. */
-return cpu->id_isar3;
+return cpu->isar.id_isar3;
case 0xd70: /* ISAR4. */
-return cpu->id_isar4;
+return cpu->isar.id_isar4;
case 0xd74: /* ISAR5. */
-return cpu->id_isar5;
+return cpu->isar.id_isar5;
case 0xd78: /* CLIDR */
return cpu->clidr;
case 0xd7c: /* CTR */
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index cd48ad42d87..4f6756a4e2e 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -144,9 +144,9 @@ static void arm_cpu_reset(CPUState *s)
g_hash_table_foreach(cpu->cp_regs, cp_reg_check_reset, cpu);
env->vfp.xregs[ARM_VFP_FPSID] = cpu->reset_fpsid;
-env->vfp.xregs[ARM_VFP_MVFR0] = cpu->mvfr0;
-env->vfp.xregs[ARM_VFP_MVFR1] = cpu->mvfr1;
-env->vfp.xregs[ARM_VFP_MVFR2] = cpu->mvfr2;
+env->vfp.xregs[ARM_VFP_MVFR0] = cpu->isar.mvfr0;
+env->vfp.xregs[ARM_VFP_MVFR1] = cpu->isar.mvfr1;
+env->vfp.xregs[ARM_VFP_MVFR2] = cpu->isar.mvfr2;
cpu->power_state = cpu->start_powered_off ? PSCI_OFF : PSCI_ON;
s->halted = cpu->start_powered_off;
@@ -938,7 +938,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error
**errp)
* registers as well. These are id_pfr1[7:4] and id_aa64pfr0[15:12].
*/
cpu->id_pfr1 &= ~0xf0;
-cpu->id_aa64pfr0 &= ~0xf000;
+cpu->isar.id_aa64pfr0 &= ~0xf000;
}
if (!cpu->has_el2) {
@@ -955,7 +955,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error
**errp)
* registers if we don't have EL2. These are id_pfr1[15:12] and
* id_aa64pfr0_el1[11:8].
*/
-cpu->id_aa64pfr0 &= ~0xf00;
+cpu->isar.id_aa64pfr0 &= ~0xf00;
cpu->id_pfr1 &= ~0xf000;
}
@@ -1151,8 +1151,8 @@ static void arm1136_r2_initfn(Object *obj)
set_feature(>env, ARM_FEATURE_CACHE_BLOCK_OPS);
cpu->midr = 0x4107b362;
cpu->reset_fpsid = 0x410120b4;
-cpu->mvfr0 = 0x;
-cpu->mvfr1 = 0x;
+cpu->isar.mvfr0 = 0x;
+cpu->isar.mvfr1 = 0x;
cpu->ctr = 0x1dd20d2;
cpu->reset_sctlr = 0x00050078;
[Qemu-devel] [PULL 29/45] target/arm: Use gvec for NEON_3R_LOGIC insns
From: Richard Henderson
Move expanders for VBSL, VBIT, and VBIF from translate-a64.c.
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-9-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate.h | 6 ++
target/arm/translate-a64.c | 61 --
target/arm/translate.c | 162 +++--
3 files changed, 124 insertions(+), 105 deletions(-)
diff --git a/target/arm/translate.h b/target/arm/translate.h
index 5bc15819c34..dea59c7214d 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -191,6 +191,12 @@ static inline TCGv_i32 get_ahp_flag(void)
return ret;
}
+
+/* Vector operations shared between ARM and AArch64. */
+extern const GVecGen3 bsl_op;
+extern const GVecGen3 bit_op;
+extern const GVecGen3 bif_op;
+
/*
* Forward to the isar_feature_* tests given a DisasContext pointer.
*/
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index f1bd9d7633a..384bcbbb00c 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -10392,70 +10392,9 @@ static void disas_simd_three_reg_diff(DisasContext *s,
uint32_t insn)
}
}
-static void gen_bsl_i64(TCGv_i64 rd, TCGv_i64 rn, TCGv_i64 rm)
-{
-tcg_gen_xor_i64(rn, rn, rm);
-tcg_gen_and_i64(rn, rn, rd);
-tcg_gen_xor_i64(rd, rm, rn);
-}
-
-static void gen_bit_i64(TCGv_i64 rd, TCGv_i64 rn, TCGv_i64 rm)
-{
-tcg_gen_xor_i64(rn, rn, rd);
-tcg_gen_and_i64(rn, rn, rm);
-tcg_gen_xor_i64(rd, rd, rn);
-}
-
-static void gen_bif_i64(TCGv_i64 rd, TCGv_i64 rn, TCGv_i64 rm)
-{
-tcg_gen_xor_i64(rn, rn, rd);
-tcg_gen_andc_i64(rn, rn, rm);
-tcg_gen_xor_i64(rd, rd, rn);
-}
-
-static void gen_bsl_vec(unsigned vece, TCGv_vec rd, TCGv_vec rn, TCGv_vec rm)
-{
-tcg_gen_xor_vec(vece, rn, rn, rm);
-tcg_gen_and_vec(vece, rn, rn, rd);
-tcg_gen_xor_vec(vece, rd, rm, rn);
-}
-
-static void gen_bit_vec(unsigned vece, TCGv_vec rd, TCGv_vec rn, TCGv_vec rm)
-{
-tcg_gen_xor_vec(vece, rn, rn, rd);
-tcg_gen_and_vec(vece, rn, rn, rm);
-tcg_gen_xor_vec(vece, rd, rd, rn);
-}
-
-static void gen_bif_vec(unsigned vece, TCGv_vec rd, TCGv_vec rn, TCGv_vec rm)
-{
-tcg_gen_xor_vec(vece, rn, rn, rd);
-tcg_gen_andc_vec(vece, rn, rn, rm);
-tcg_gen_xor_vec(vece, rd, rd, rn);
-}
-
/* Logic op (opcode == 3) subgroup of C3.6.16. */
static void disas_simd_3same_logic(DisasContext *s, uint32_t insn)
{
-static const GVecGen3 bsl_op = {
-.fni8 = gen_bsl_i64,
-.fniv = gen_bsl_vec,
-.prefer_i64 = TCG_TARGET_REG_BITS == 64,
-.load_dest = true
-};
-static const GVecGen3 bit_op = {
-.fni8 = gen_bit_i64,
-.fniv = gen_bit_vec,
-.prefer_i64 = TCG_TARGET_REG_BITS == 64,
-.load_dest = true
-};
-static const GVecGen3 bif_op = {
-.fni8 = gen_bif_i64,
-.fniv = gen_bif_vec,
-.prefer_i64 = TCG_TARGET_REG_BITS == 64,
-.load_dest = true
-};
-
int rd = extract32(insn, 0, 5);
int rn = extract32(insn, 5, 5);
int rm = extract32(insn, 16, 5);
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 7cc0c76420f..82710fb1175 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -5262,14 +5262,6 @@ static int disas_neon_ls_insn(DisasContext *s, uint32_t
insn)
return 0;
}
-/* Bitwise select. dest = c ? t : f. Clobbers T and F. */
-static void gen_neon_bsl(TCGv_i32 dest, TCGv_i32 t, TCGv_i32 f, TCGv_i32 c)
-{
-tcg_gen_and_i32(t, t, c);
-tcg_gen_andc_i32(f, f, c);
-tcg_gen_or_i32(dest, t, f);
-}
-
static inline void gen_neon_narrow(int size, TCGv_i32 dest, TCGv_i64 src)
{
switch (size) {
@@ -5712,6 +5704,73 @@ static int do_v81_helper(DisasContext *s,
gen_helper_gvec_3_ptr *fn,
return 1;
}
+/*
+ * Expanders for VBitOps_VBIF, VBIT, VBSL.
+ */
+static void gen_bsl_i64(TCGv_i64 rd, TCGv_i64 rn, TCGv_i64 rm)
+{
+tcg_gen_xor_i64(rn, rn, rm);
+tcg_gen_and_i64(rn, rn, rd);
+tcg_gen_xor_i64(rd, rm, rn);
+}
+
+static void gen_bit_i64(TCGv_i64 rd, TCGv_i64 rn, TCGv_i64 rm)
+{
+tcg_gen_xor_i64(rn, rn, rd);
+tcg_gen_and_i64(rn, rn, rm);
+tcg_gen_xor_i64(rd, rd, rn);
+}
+
+static void gen_bif_i64(TCGv_i64 rd, TCGv_i64 rn, TCGv_i64 rm)
+{
+tcg_gen_xor_i64(rn, rn, rd);
+tcg_gen_andc_i64(rn, rn, rm);
+tcg_gen_xor_i64(rd, rd, rn);
+}
+
+static void gen_bsl_vec(unsigned vece, TCGv_vec rd, TCGv_vec rn, TCGv_vec rm)
+{
+tcg_gen_xor_vec(vece, rn, rn, rm);
+tcg_gen_and_vec(vece, rn, rn, rd);
+tcg_gen_xor_vec(vece, rd, rm, rn);
+}
+
+static void gen_bit_vec(unsigned vece, TCGv_vec rd, TCGv_vec rn, TCGv_vec rm)
+{
+tcg_gen_xor_vec(vece, rn, rn, rd);
+tcg_gen_and_vec(vece, rn, rn, rm);
+tcg_gen_xor_vec(vece, rd, rd, rn);
+}
+
+static void gen_bif_vec(unsigned vece, TCGv_vec rd, TCGv_vec rn, TCGv_vec rm)
+{
+tcg_gen_xor_vec(vece, rn, rn, rd);
+
[Qemu-devel] [PULL 28/45] target/arm: Use gvec for NEON VMOV, VMVN, VBIC & VORR (immediate)
From: Richard Henderson
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-8-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate.c | 67 --
1 file changed, 39 insertions(+), 28 deletions(-)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 6fcc43f25c7..7cc0c76420f 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -6641,7 +6641,8 @@ static int disas_neon_data_insn(DisasContext *s, uint32_t
insn)
return 1;
}
} else { /* (insn & 0x00380080) == 0 */
-int invert;
+int invert, reg_ofs, vec_size;
+
if (q && (rd & 1)) {
return 1;
}
@@ -6681,8 +6682,9 @@ static int disas_neon_data_insn(DisasContext *s, uint32_t
insn)
break;
case 14:
imm |= (imm << 8) | (imm << 16) | (imm << 24);
-if (invert)
+if (invert) {
imm = ~imm;
+}
break;
case 15:
if (invert) {
@@ -6692,36 +6694,45 @@ static int disas_neon_data_insn(DisasContext *s,
uint32_t insn)
| ((imm & 0x40) ? (0x1f << 25) : (1 << 30));
break;
}
-if (invert)
+if (invert) {
imm = ~imm;
+}
-for (pass = 0; pass < (q ? 4 : 2); pass++) {
-if (op & 1 && op < 12) {
-tmp = neon_load_reg(rd, pass);
-if (invert) {
-/* The immediate value has already been inverted, so
- BIC becomes AND. */
-tcg_gen_andi_i32(tmp, tmp, imm);
-} else {
-tcg_gen_ori_i32(tmp, tmp, imm);
-}
+reg_ofs = neon_reg_offset(rd, 0);
+vec_size = q ? 16 : 8;
+
+if (op & 1 && op < 12) {
+if (invert) {
+/* The immediate value has already been inverted,
+ * so BIC becomes AND.
+ */
+tcg_gen_gvec_andi(MO_32, reg_ofs, reg_ofs, imm,
+ vec_size, vec_size);
} else {
-/* VMOV, VMVN. */
-tmp = tcg_temp_new_i32();
-if (op == 14 && invert) {
-int n;
-uint32_t val;
-val = 0;
-for (n = 0; n < 4; n++) {
-if (imm & (1 << (n + (pass & 1) * 4)))
-val |= 0xff << (n * 8);
-}
-tcg_gen_movi_i32(tmp, val);
-} else {
-tcg_gen_movi_i32(tmp, imm);
-}
+tcg_gen_gvec_ori(MO_32, reg_ofs, reg_ofs, imm,
+ vec_size, vec_size);
+}
+} else {
+/* VMOV, VMVN. */
+if (op == 14 && invert) {
+TCGv_i64 t64 = tcg_temp_new_i64();
+
+for (pass = 0; pass <= q; ++pass) {
+uint64_t val = 0;
+int n;
+
+for (n = 0; n < 8; n++) {
+if (imm & (1 << (n + pass * 8))) {
+val |= 0xffull << (n * 8);
+}
+}
+tcg_gen_movi_i64(t64, val);
+neon_store_reg64(t64, rd + pass);
+}
+tcg_temp_free_i64(t64);
+} else {
+tcg_gen_gvec_dup32i(reg_ofs, vec_size, vec_size, imm);
}
-neon_store_reg(rd, pass, tmp);
}
}
} else { /* (insn & 0x00800010 == 0x0080) */
--
2.19.1
[Qemu-devel] [PULL 01/45] ssi-sd: Make devices picking up backends unavailable with -device
From: Markus Armbruster
Device models aren't supposed to go on fishing expeditions for
backends. They should expose suitable properties for the user to set.
For onboard devices, board code sets them.
Device ssi-sd picks up its block backend in its init() method with
drive_get_next() instead. This mistake is already marked FIXME since
commit af9e40a.
Unset user_creatable to remove the mistake from our external
interface. Since the SSI bus doesn't support hotplug, only -device
can be affected. Only certain ARM machines have ssi-sd and provide an
SSI bus for it; this patch breaks -device ssi-sd for these machines.
No actual use of -device ssi-sd is known.
Signed-off-by: Markus Armbruster
Acked-by: Philippe Mathieu-Daudé
Acked-by: Thomas Huth
Message-id: 20181009060835.4608-1-arm...@redhat.com
Signed-off-by: Peter Maydell
---
hw/sd/ssi-sd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c
index 95a143bfba1..623d0333e86 100644
--- a/hw/sd/ssi-sd.c
+++ b/hw/sd/ssi-sd.c
@@ -284,6 +284,8 @@ static void ssi_sd_class_init(ObjectClass *klass, void
*data)
k->cs_polarity = SSI_CS_LOW;
dc->vmsd = _ssi_sd;
dc->reset = ssi_sd_reset;
+/* Reason: init() method uses drive_get_next() */
+dc->user_creatable = false;
}
static const TypeInfo ssi_sd_info = {
--
2.19.1
[Qemu-devel] [PULL 30/45] target/arm: Use gvec for NEON_3R_VADD_VSUB insns
From: Richard Henderson
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-10-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate.c | 29 ++---
1 file changed, 10 insertions(+), 19 deletions(-)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 82710fb1175..fc0173076a4 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -5949,6 +5949,16 @@ static int disas_neon_data_insn(DisasContext *s,
uint32_t insn)
break;
}
return 0;
+
+case NEON_3R_VADD_VSUB:
+if (u) {
+tcg_gen_gvec_sub(size, rd_ofs, rn_ofs, rm_ofs,
+ vec_size, vec_size);
+} else {
+tcg_gen_gvec_add(size, rd_ofs, rn_ofs, rm_ofs,
+ vec_size, vec_size);
+}
+return 0;
}
if (size == 3) {
/* 64-bit element instructions. */
@@ -6006,13 +6016,6 @@ static int disas_neon_data_insn(DisasContext *s,
uint32_t insn)
cpu_V1, cpu_V0);
}
break;
-case NEON_3R_VADD_VSUB:
-if (u) {
-tcg_gen_sub_i64(CPU_V001);
-} else {
-tcg_gen_add_i64(CPU_V001);
-}
-break;
default:
abort();
}
@@ -6147,18 +6150,6 @@ static int disas_neon_data_insn(DisasContext *s,
uint32_t insn)
tmp2 = neon_load_reg(rd, pass);
gen_neon_add(size, tmp, tmp2);
break;
-case NEON_3R_VADD_VSUB:
-if (!u) { /* VADD */
-gen_neon_add(size, tmp, tmp2);
-} else { /* VSUB */
-switch (size) {
-case 0: gen_helper_neon_sub_u8(tmp, tmp, tmp2); break;
-case 1: gen_helper_neon_sub_u16(tmp, tmp, tmp2); break;
-case 2: tcg_gen_sub_i32(tmp, tmp, tmp2); break;
-default: abort();
-}
-}
-break;
case NEON_3R_VTST_VCEQ:
if (!u) { /* VTST */
switch (size) {
--
2.19.1
[Qemu-devel] [PULL 32/45] target/arm: Use gvec for NEON_3R_VMUL
From: Richard Henderson
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-12-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate.c | 31 +++
1 file changed, 15 insertions(+), 16 deletions(-)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index d29328774b6..7b13717c0dc 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -5959,6 +5959,19 @@ static int disas_neon_data_insn(DisasContext *s,
uint32_t insn)
vec_size, vec_size);
}
return 0;
+
+case NEON_3R_VMUL: /* VMUL */
+if (u) {
+/* Polynomial case allows only P8 and is handled below. */
+if (size != 0) {
+return 1;
+}
+} else {
+tcg_gen_gvec_mul(size, rd_ofs, rn_ofs, rm_ofs,
+ vec_size, vec_size);
+return 0;
+}
+break;
}
if (size == 3) {
/* 64-bit element instructions. */
@@ -6065,12 +6078,6 @@ static int disas_neon_data_insn(DisasContext *s,
uint32_t insn)
return 1;
}
break;
-case NEON_3R_VMUL:
-if (u && (size != 0)) {
-/* UNDEF on invalid size for polynomial subcase */
-return 1;
-}
-break;
case NEON_3R_VFM_VQRDMLSH:
if (!arm_dc_feature(s, ARM_FEATURE_VFP4)) {
return 1;
@@ -6183,16 +6190,8 @@ static int disas_neon_data_insn(DisasContext *s,
uint32_t insn)
}
break;
case NEON_3R_VMUL:
-if (u) { /* polynomial */
-gen_helper_neon_mul_p8(tmp, tmp, tmp2);
-} else { /* Integer */
-switch (size) {
-case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
-case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
-case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
-default: abort();
-}
-}
+/* VMUL.P8; other cases already eliminated. */
+gen_helper_neon_mul_p8(tmp, tmp, tmp2);
break;
case NEON_3R_VPMAX:
GEN_NEON_INTEGER_OP(pmax);
--
2.19.1
[Qemu-devel] [PULL 34/45] target/arm: Use gvec for VSRA
From: Richard Henderson
Move ssra_op and usra_op expanders from translate-a64.c.
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-14-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate.h | 2 +
target/arm/translate-a64.c | 106
target/arm/translate.c | 139 ++---
3 files changed, 130 insertions(+), 117 deletions(-)
diff --git a/target/arm/translate.h b/target/arm/translate.h
index dea59c7214d..5e13571b362 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -196,6 +196,8 @@ static inline TCGv_i32 get_ahp_flag(void)
extern const GVecGen3 bsl_op;
extern const GVecGen3 bit_op;
extern const GVecGen3 bif_op;
+extern const GVecGen2i ssra_op[4];
+extern const GVecGen2i usra_op[4];
/*
* Forward to the isar_feature_* tests given a DisasContext pointer.
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 384bcbbb00c..6d11e384898 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -9392,66 +9392,6 @@ static void disas_simd_scalar_two_reg_misc(DisasContext
*s, uint32_t insn)
}
}
-static void gen_ssra8_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
-{
-tcg_gen_vec_sar8i_i64(a, a, shift);
-tcg_gen_vec_add8_i64(d, d, a);
-}
-
-static void gen_ssra16_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
-{
-tcg_gen_vec_sar16i_i64(a, a, shift);
-tcg_gen_vec_add16_i64(d, d, a);
-}
-
-static void gen_ssra32_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
-{
-tcg_gen_sari_i32(a, a, shift);
-tcg_gen_add_i32(d, d, a);
-}
-
-static void gen_ssra64_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
-{
-tcg_gen_sari_i64(a, a, shift);
-tcg_gen_add_i64(d, d, a);
-}
-
-static void gen_ssra_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
-{
-tcg_gen_sari_vec(vece, a, a, sh);
-tcg_gen_add_vec(vece, d, d, a);
-}
-
-static void gen_usra8_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
-{
-tcg_gen_vec_shr8i_i64(a, a, shift);
-tcg_gen_vec_add8_i64(d, d, a);
-}
-
-static void gen_usra16_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
-{
-tcg_gen_vec_shr16i_i64(a, a, shift);
-tcg_gen_vec_add16_i64(d, d, a);
-}
-
-static void gen_usra32_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
-{
-tcg_gen_shri_i32(a, a, shift);
-tcg_gen_add_i32(d, d, a);
-}
-
-static void gen_usra64_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
-{
-tcg_gen_shri_i64(a, a, shift);
-tcg_gen_add_i64(d, d, a);
-}
-
-static void gen_usra_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
-{
-tcg_gen_shri_vec(vece, a, a, sh);
-tcg_gen_add_vec(vece, d, d, a);
-}
-
static void gen_shr8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
{
uint64_t mask = dup_const(MO_8, 0xff >> shift);
@@ -9507,52 +9447,6 @@ static void gen_shr_ins_vec(unsigned vece, TCGv_vec d,
TCGv_vec a, int64_t sh)
static void handle_vec_simd_shri(DisasContext *s, bool is_q, bool is_u,
int immh, int immb, int opcode, int rn, int
rd)
{
-static const GVecGen2i ssra_op[4] = {
-{ .fni8 = gen_ssra8_i64,
- .fniv = gen_ssra_vec,
- .load_dest = true,
- .opc = INDEX_op_sari_vec,
- .vece = MO_8 },
-{ .fni8 = gen_ssra16_i64,
- .fniv = gen_ssra_vec,
- .load_dest = true,
- .opc = INDEX_op_sari_vec,
- .vece = MO_16 },
-{ .fni4 = gen_ssra32_i32,
- .fniv = gen_ssra_vec,
- .load_dest = true,
- .opc = INDEX_op_sari_vec,
- .vece = MO_32 },
-{ .fni8 = gen_ssra64_i64,
- .fniv = gen_ssra_vec,
- .prefer_i64 = TCG_TARGET_REG_BITS == 64,
- .load_dest = true,
- .opc = INDEX_op_sari_vec,
- .vece = MO_64 },
-};
-static const GVecGen2i usra_op[4] = {
-{ .fni8 = gen_usra8_i64,
- .fniv = gen_usra_vec,
- .load_dest = true,
- .opc = INDEX_op_shri_vec,
- .vece = MO_8, },
-{ .fni8 = gen_usra16_i64,
- .fniv = gen_usra_vec,
- .load_dest = true,
- .opc = INDEX_op_shri_vec,
- .vece = MO_16, },
-{ .fni4 = gen_usra32_i32,
- .fniv = gen_usra_vec,
- .load_dest = true,
- .opc = INDEX_op_shri_vec,
- .vece = MO_32, },
-{ .fni8 = gen_usra64_i64,
- .fniv = gen_usra_vec,
- .prefer_i64 = TCG_TARGET_REG_BITS == 64,
- .load_dest = true,
- .opc = INDEX_op_shri_vec,
- .vece = MO_64, },
-};
static const GVecGen2i sri_op[4] = {
{ .fni8 = gen_shr8_ins_i64,
.fniv = gen_shr_ins_vec,
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 2d715d9b47b..b3b2ef93f4d 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -5770,6 +5770,113 @@ const GVecGen3 bif_op = {
.load_dest = true
};
+static void gen_ssra8_i64(TCGv_i64
Re: [Qemu-devel] [RFC v3 16/56] riscv: convert to cpu_halted
On Thu, 18 Oct 2018 18:05:45 PDT (-0700), c...@braap.org wrote:
Cc: Michael Clark
Cc: Palmer Dabbelt
Cc: Sagar Karandikar
Cc: Bastian Koppelmann
Cc: Alistair Francis
Signed-off-by: Emilio G. Cota
---
target/riscv/op_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index aec7558e1b..b5c32241dd 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -736,7 +736,7 @@ void helper_wfi(CPURISCVState *env)
{
CPUState *cs = CPU(riscv_env_get_cpu(env));
-cs->halted = 1;
+cpu_halted_set(cs, 1);
cs->exception_index = EXCP_HLT;
cpu_loop_exit(cs);
}
Reviewed-by: Palmer Dabbelt
[Qemu-devel] [PATCH v2 3/5] qdev-monitor: Make device options help nicer
Just like in qemu_opts_print_help(), print the device name as a caption
instead of on every single line, indent all options, add angle brackets
around types, and align the descriptions after 24 characters. Also,
separate the descriptions with " - " instead of putting them in
parentheses, because that is what we do everywhere else. This does look
a bit funny here because basically all bits have the description
"on/off", but funny does not mean it is less readable.
Signed-off-by: Max Reitz
---
qdev-monitor.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/qdev-monitor.c b/qdev-monitor.c
index 802c18a74e..07147c63bf 100644
--- a/qdev-monitor.c
+++ b/qdev-monitor.c
@@ -285,10 +285,19 @@ int qdev_device_help(QemuOpts *opts)
goto error;
}
+if (prop_list) {
+out_printf("%s options:\n", driver);
+} else {
+out_printf("There are no options for %s.\n", driver);
+}
for (prop = prop_list; prop; prop = prop->next) {
-out_printf("%s.%s=%s", driver, prop->value->name, prop->value->type);
+int len;
+out_printf(" %s=<%s>%n", prop->value->name, prop->value->type, );
if (prop->value->has_description) {
-out_printf(" (%s)\n", prop->value->description);
+if (len < 24) {
+out_printf("%*s", 24 - len, "");
+}
+out_printf(" - %s\n", prop->value->description);
} else {
out_printf("\n");
}
--
2.17.1
[Qemu-devel] [PULL 33/45] target/arm: Use gvec for VSHR, VSHL
From: Richard Henderson
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-13-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate.c | 70 +-
1 file changed, 48 insertions(+), 22 deletions(-)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 7b13717c0dc..2d715d9b47b 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -6373,8 +6373,6 @@ static int disas_neon_data_insn(DisasContext *s, uint32_t
insn)
size--;
}
shift = (insn >> 16) & ((1 << (3 + size)) - 1);
-/* To avoid excessive duplication of ops we implement shift
- by immediate using the variable shift operations. */
if (op < 8) {
/* Shift by immediate:
VSHR, VSRA, VRSHR, VRSRA, VSRI, VSHL, VQSHL, VQSHLU. */
@@ -6386,37 +6384,62 @@ static int disas_neon_data_insn(DisasContext *s,
uint32_t insn)
}
/* Right shifts are encoded as N - shift, where N is the
element size in bits. */
-if (op <= 4)
+if (op <= 4) {
shift = shift - (1 << (size + 3));
+}
+
+switch (op) {
+case 0: /* VSHR */
+/* Right shift comes here negative. */
+shift = -shift;
+/* Shifts larger than the element size are architecturally
+ * valid. Unsigned results in all zeros; signed results
+ * in all sign bits.
+ */
+if (!u) {
+tcg_gen_gvec_sari(size, rd_ofs, rm_ofs,
+ MIN(shift, (8 << size) - 1),
+ vec_size, vec_size);
+} else if (shift >= 8 << size) {
+tcg_gen_gvec_dup8i(rd_ofs, vec_size, vec_size, 0);
+} else {
+tcg_gen_gvec_shri(size, rd_ofs, rm_ofs, shift,
+ vec_size, vec_size);
+}
+return 0;
+
+case 5: /* VSHL, VSLI */
+if (!u) { /* VSHL */
+/* Shifts larger than the element size are
+ * architecturally valid and results in zero.
+ */
+if (shift >= 8 << size) {
+tcg_gen_gvec_dup8i(rd_ofs, vec_size, vec_size, 0);
+} else {
+tcg_gen_gvec_shli(size, rd_ofs, rm_ofs, shift,
+ vec_size, vec_size);
+}
+return 0;
+}
+break;
+}
+
if (size == 3) {
count = q + 1;
} else {
count = q ? 4: 2;
}
-switch (size) {
-case 0:
-imm = (uint8_t) shift;
-imm |= imm << 8;
-imm |= imm << 16;
-break;
-case 1:
-imm = (uint16_t) shift;
-imm |= imm << 16;
-break;
-case 2:
-case 3:
-imm = shift;
-break;
-default:
-abort();
-}
+
+/* To avoid excessive duplication of ops we implement shift
+ * by immediate using the variable shift operations.
+ */
+imm = dup_const(size, shift);
for (pass = 0; pass < count; pass++) {
if (size == 3) {
neon_load_reg64(cpu_V0, rm + pass);
tcg_gen_movi_i64(cpu_V1, imm);
switch (op) {
-case 0: /* VSHR */
case 1: /* VSRA */
if (u)
gen_helper_neon_shl_u64(cpu_V0, cpu_V0,
cpu_V1);
@@ -6447,6 +6470,8 @@ static int disas_neon_data_insn(DisasContext *s, uint32_t
insn)
cpu_V0, cpu_V1);
}
break;
+default:
+g_assert_not_reached();
}
if (op == 1 || op == 3) {
/* Accumulate. */
@@ -6475,7 +6500,6 @@ static int disas_neon_data_insn(DisasContext *s, uint32_t
insn)
tmp2 = tcg_temp_new_i32();
tcg_gen_movi_i32(tmp2, imm);
[Qemu-devel] [PATCH v2 0/5] Various option help readability improvement suggestions
I noticed that with the (more or less) recent series from Marc-André the
output of qemu-img amend -f qcow2 -o help changed to this:
$ ./qemu-img amend -f qcow2 -o help
Creation options for 'qcow2':
qcow2-create-opts.backing_file=str - File name of a base image
qcow2-create-opts.backing_fmt=str - Image format of the base image
qcow2-create-opts.cluster_size=size - qcow2 cluster size
qcow2-create-opts.compat=str - Compatibility level (0.10 or 1.1)
[...]
The types are a nice addition, but I didn't like having the list name
printed in every single line (in fact, the list name does not make any
sense here at all, because there already is a caption which reads
"Creation options for 'qcow2'"), and I did not like the use of '=' for
types.
In general, I don't like the robot-y appearance, which is even worse in
things like -device virtio-blk,help, which gives you this (among
other lines):
> virtio-blk-pci.iothread=link
Sadly, there isn't much we can do about the "link", so this
series doesn't improve on that point.
What this series does do, however, is it changes these lists not to
print the list name on every single line, but only as a caption (and for
option lists, this caption is option, because the caller may want to
print a custom caption that is more expressive -- as is the case for
qemu-img amend -o help).
Consequentially, all list items are indented by two spaces to make clear
they belong to the caption. I can already see that some people might
disagree on having this indentation, but I like it, so I have it in this
series.
Furthermore, types are now enclosed by angle brackets, and the alignment
we originally had for descriptions is restored (although now after 24
instead of 16 characters, because every option name is now accompanied
by indentation and a type).
Thus, after this series, the amend output looks like this:
$ ./qemu-img amend -f qcow2 -o help
Creation options for 'qcow2':
backing_file= - File name of a base image
backing_fmt= - Image format of the base image
cluster_size=- qcow2 cluster size
compat= - Compatibility level (0.10 or 1.1)
[...]
virtio-blk's list presents itself like so:
$ x86_64-softmmu/qemu-system-x86_64 -device virtio-blk,help
virtio-blk-pci options:
iothread=>
request-merging= - on/off
secs=
[...]
And now we even print something when there are no options:
$ x86_64-softmmu/qemu-system-x86_64 -object can-bus,help
There are no options for can-bus.
(Before this series, there just is no output.)
As a side effect, patch 1 fixes iotest 082.
v2:
- Patch 1:
- Abandon the "$name: $type" formatting in favor of "$name=<$type>"
[Marc-André, at least the "abandon" part]
- Restore description alignment [Kevin]
- Do the alignment when generating each line's GString instead of when
printing them. This results in less lines modified and allows the
compiler to optimize the printf("%s\n", x) to puts(x).
- Patch 3:
- Same changes as above, with the addition of also separating the
description with " - " instead of enclosing it in parentheses (to
match the other places)
- Also, we never did align the descriptions here, so this is not
"restore" but "introduce description alignment".
- Patch 4:
- Same as patch 1, but again with the catch of s/restore/introduce/.
git-backport-diff against v1:
Key:
[] : patches are identical
[] : number of functional differences between upstream/downstream patch
[down] : patch is downstream-only
The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively
001/5:[0963] [FC] 'option: Make option help nicer to read'
002/5:[] [--] 'chardev: Indent list of chardevs'
003/5:[0008] [FC] 'qdev-monitor: Make device options help nicer'
004/5:[0007] [FC] 'object: Make option help nicer to read'
005/5:[] [--] 'fw_cfg: Drop newline in @file description'
Max Reitz (5):
option: Make option help nicer to read
chardev: Indent list of chardevs
qdev-monitor: Make device options help nicer
object: Make option help nicer to read
fw_cfg: Drop newline in @file description
include/qemu/option.h | 2 +-
chardev/char.c | 2 +-
qdev-monitor.c | 13 +-
qemu-img.c | 4 +-
util/qemu-option.c | 32 +-
vl.c | 15 +-
tests/qemu-iotests/082.out | 956 ++---
7 files changed, 530 insertions(+), 494 deletions(-)
--
2.17.1
[Qemu-devel] [PULL 41/45] target/arm: Reorg NEON VLD/VST single element to one lane
From: Richard Henderson
Instead of shifts and masks, use direct loads and stores from
the neon register file.
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-21-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate.c | 92 +++---
1 file changed, 50 insertions(+), 42 deletions(-)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 83e88242082..7c4675ffd8a 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -1611,6 +1611,25 @@ static TCGv_i32 neon_load_reg(int reg, int pass)
return tmp;
}
+static void neon_load_element(TCGv_i32 var, int reg, int ele, TCGMemOp mop)
+{
+long offset = neon_element_offset(reg, ele, mop & MO_SIZE);
+
+switch (mop) {
+case MO_UB:
+tcg_gen_ld8u_i32(var, cpu_env, offset);
+break;
+case MO_UW:
+tcg_gen_ld16u_i32(var, cpu_env, offset);
+break;
+case MO_UL:
+tcg_gen_ld_i32(var, cpu_env, offset);
+break;
+default:
+g_assert_not_reached();
+}
+}
+
static void neon_load_element64(TCGv_i64 var, int reg, int ele, TCGMemOp mop)
{
long offset = neon_element_offset(reg, ele, mop & MO_SIZE);
@@ -1639,6 +1658,25 @@ static void neon_store_reg(int reg, int pass, TCGv_i32
var)
tcg_temp_free_i32(var);
}
+static void neon_store_element(int reg, int ele, TCGMemOp size, TCGv_i32 var)
+{
+long offset = neon_element_offset(reg, ele, size);
+
+switch (size) {
+case MO_8:
+tcg_gen_st8_i32(var, cpu_env, offset);
+break;
+case MO_16:
+tcg_gen_st16_i32(var, cpu_env, offset);
+break;
+case MO_32:
+tcg_gen_st_i32(var, cpu_env, offset);
+break;
+default:
+g_assert_not_reached();
+}
+}
+
static void neon_store_element64(int reg, int ele, TCGMemOp size, TCGv_i64 var)
{
long offset = neon_element_offset(reg, ele, size);
@@ -4954,9 +4992,7 @@ static int disas_neon_ls_insn(DisasContext *s, uint32_t
insn)
int stride;
int size;
int reg;
-int pass;
int load;
-int shift;
int n;
int vec_size;
int mmu_idx;
@@ -5104,18 +5140,18 @@ static int disas_neon_ls_insn(DisasContext *s, uint32_t
insn)
} else {
/* Single element. */
int idx = (insn >> 4) & 0xf;
-pass = (insn >> 7) & 1;
+int reg_idx;
switch (size) {
case 0:
-shift = ((insn >> 5) & 3) * 8;
+reg_idx = (insn >> 5) & 7;
stride = 1;
break;
case 1:
-shift = ((insn >> 6) & 1) * 16;
+reg_idx = (insn >> 6) & 3;
stride = (insn & (1 << 5)) ? 2 : 1;
break;
case 2:
-shift = 0;
+reg_idx = (insn >> 7) & 1;
stride = (insn & (1 << 6)) ? 2 : 1;
break;
default:
@@ -5155,52 +5191,24 @@ static int disas_neon_ls_insn(DisasContext *s, uint32_t
insn)
*/
return 1;
}
+tmp = tcg_temp_new_i32();
addr = tcg_temp_new_i32();
load_reg_var(s, addr, rn);
for (reg = 0; reg < nregs; reg++) {
if (load) {
-tmp = tcg_temp_new_i32();
-switch (size) {
-case 0:
-gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
-break;
-case 1:
-gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
-break;
-case 2:
-gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
-break;
-default: /* Avoid compiler warnings. */
-abort();
-}
-if (size != 2) {
-tmp2 = neon_load_reg(rd, pass);
-tcg_gen_deposit_i32(tmp, tmp2, tmp,
-shift, size ? 16 : 8);
-tcg_temp_free_i32(tmp2);
-}
-neon_store_reg(rd, pass, tmp);
+gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
+s->be_data | size);
+neon_store_element(rd, reg_idx, size, tmp);
} else { /* Store */
-tmp = neon_load_reg(rd, pass);
-if (shift)
-tcg_gen_shri_i32(tmp, tmp, shift);
-switch (size) {
-case 0:
-gen_aa32_st8(s, tmp, addr, get_mem_index(s));
-break;
-case 1:
-gen_aa32_st16(s, tmp, addr, get_mem_index(s));
-
[Qemu-devel] [PULL 39/45] target/arm: Reorg NEON VLD/VST all elements
From: Richard Henderson
Instead of shifts and masks, use direct loads and stores from the neon
register file. Mirror the iteration structure of the ARM pseudocode
more closely. Correct the parameters of the VLD2 A2 insn.
Note that this includes a bugfix for handling of the insn
"VLD2 (multiple 2-element structures)" -- we were using an
incorrect stride value.
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-19-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate.c | 170 ++---
1 file changed, 74 insertions(+), 96 deletions(-)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index e5d723d03b7..7f209b4ae2b 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -1611,12 +1611,56 @@ static TCGv_i32 neon_load_reg(int reg, int pass)
return tmp;
}
+static void neon_load_element64(TCGv_i64 var, int reg, int ele, TCGMemOp mop)
+{
+long offset = neon_element_offset(reg, ele, mop & MO_SIZE);
+
+switch (mop) {
+case MO_UB:
+tcg_gen_ld8u_i64(var, cpu_env, offset);
+break;
+case MO_UW:
+tcg_gen_ld16u_i64(var, cpu_env, offset);
+break;
+case MO_UL:
+tcg_gen_ld32u_i64(var, cpu_env, offset);
+break;
+case MO_Q:
+tcg_gen_ld_i64(var, cpu_env, offset);
+break;
+default:
+g_assert_not_reached();
+}
+}
+
static void neon_store_reg(int reg, int pass, TCGv_i32 var)
{
tcg_gen_st_i32(var, cpu_env, neon_reg_offset(reg, pass));
tcg_temp_free_i32(var);
}
+static void neon_store_element64(int reg, int ele, TCGMemOp size, TCGv_i64 var)
+{
+long offset = neon_element_offset(reg, ele, size);
+
+switch (size) {
+case MO_8:
+tcg_gen_st8_i64(var, cpu_env, offset);
+break;
+case MO_16:
+tcg_gen_st16_i64(var, cpu_env, offset);
+break;
+case MO_32:
+tcg_gen_st32_i64(var, cpu_env, offset);
+break;
+case MO_64:
+tcg_gen_st_i64(var, cpu_env, offset);
+break;
+default:
+g_assert_not_reached();
+}
+}
+
static inline void neon_load_reg64(TCGv_i64 var, int reg)
{
tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(1, reg));
@@ -4885,16 +4929,16 @@ static struct {
int interleave;
int spacing;
} const neon_ls_element_type[11] = {
-{4, 4, 1},
-{4, 4, 2},
+{1, 4, 1},
+{1, 4, 2},
{4, 1, 1},
-{4, 2, 1},
-{3, 3, 1},
-{3, 3, 2},
+{2, 2, 2},
+{1, 3, 1},
+{1, 3, 2},
{3, 1, 1},
{1, 1, 1},
-{2, 2, 1},
-{2, 2, 2},
+{1, 2, 1},
+{1, 2, 2},
{2, 1, 1}
};
@@ -4915,6 +4959,8 @@ static int disas_neon_ls_insn(DisasContext *s, uint32_t
insn)
int shift;
int n;
int vec_size;
+int mmu_idx;
+TCGMemOp endian;
TCGv_i32 addr;
TCGv_i32 tmp;
TCGv_i32 tmp2;
@@ -4936,6 +4982,8 @@ static int disas_neon_ls_insn(DisasContext *s, uint32_t
insn)
rn = (insn >> 16) & 0xf;
rm = insn & 0xf;
load = (insn & (1 << 21)) != 0;
+endian = s->be_data;
+mmu_idx = get_mem_index(s);
if ((insn & (1 << 23)) == 0) {
/* Load store all elements. */
op = (insn >> 8) & 0xf;
@@ -4960,104 +5008,34 @@ static int disas_neon_ls_insn(DisasContext *s,
uint32_t insn)
nregs = neon_ls_element_type[op].nregs;
interleave = neon_ls_element_type[op].interleave;
spacing = neon_ls_element_type[op].spacing;
-if (size == 3 && (interleave | spacing) != 1)
+if (size == 3 && (interleave | spacing) != 1) {
return 1;
+}
+tmp64 = tcg_temp_new_i64();
addr = tcg_temp_new_i32();
+tmp2 = tcg_const_i32(1 << size);
load_reg_var(s, addr, rn);
-stride = (1 << size) * interleave;
for (reg = 0; reg < nregs; reg++) {
-if (interleave > 2 || (interleave == 2 && nregs == 2)) {
-load_reg_var(s, addr, rn);
-tcg_gen_addi_i32(addr, addr, (1 << size) * reg);
-} else if (interleave == 2 && nregs == 4 && reg == 2) {
-load_reg_var(s, addr, rn);
-tcg_gen_addi_i32(addr, addr, 1 << size);
-}
-if (size == 3) {
-tmp64 = tcg_temp_new_i64();
-if (load) {
-gen_aa32_ld64(s, tmp64, addr, get_mem_index(s));
-neon_store_reg64(tmp64, rd);
-} else {
-neon_load_reg64(tmp64, rd);
-gen_aa32_st64(s, tmp64, addr, get_mem_index(s));
-}
-tcg_temp_free_i64(tmp64);
-tcg_gen_addi_i32(addr, addr, stride);
-} else {
-for (pass = 0; pass < 2; pass++) {
-if (size == 2) {
-if (load) {
-tmp = tcg_temp_new_i32();
-
[Qemu-devel] [PULL 12/45] target/arm: Make switch_mode() file-local
The switch_mode() function is defined in target/arm/helper.c and used
only in that file and nowhere else, so we can make it file-local
rather than global.
Signed-off-by: Peter Maydell
Reviewed-by: Richard Henderson
Message-id: 20181012144235.19646-3-peter.mayd...@linaro.org
---
target/arm/internals.h | 1 -
target/arm/helper.c| 6 --
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 276f2d8a8df..6b204fad51e 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -145,7 +145,6 @@ static inline int bank_number(int mode)
g_assert_not_reached();
}
-void switch_mode(CPUARMState *, int);
void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu);
void arm_translate_init(void);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 09c31c47418..ee265892176 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -56,6 +56,8 @@ static void v8m_security_lookup(CPUARMState *env, uint32_t
address,
V8M_SAttributes *sattrs);
#endif
+static void switch_mode(CPUARMState *env, int mode);
+
static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
{
int nregs;
@@ -6316,7 +6318,7 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr,
uint32_t op)
return 0;
}
-void switch_mode(CPUARMState *env, int mode)
+static void switch_mode(CPUARMState *env, int mode)
{
ARMCPU *cpu = arm_env_get_cpu(env);
@@ -6338,7 +6340,7 @@ void aarch64_sync_64_to_32(CPUARMState *env)
#else
-void switch_mode(CPUARMState *env, int mode)
+static void switch_mode(CPUARMState *env, int mode)
{
int old_mode;
int i;
--
2.19.1
[Qemu-devel] [PULL 42/45] net: cadence_gem: Announce availability of priority queues
From: "Edgar E. Iglesias"
Announce the availability of the various priority queues.
This fixes an issue where guest kernels would miss to
configure secondary queues due to inproper feature bits.
Signed-off-by: Edgar E. Iglesias
Message-id: 20181017213932.19973-2-edgar.igles...@gmail.com
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
hw/net/cadence_gem.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index 17959989289..16a8455128c 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -1283,6 +1283,7 @@ static void gem_reset(DeviceState *d)
int i;
CadenceGEMState *s = CADENCE_GEM(d);
const uint8_t *a;
+uint32_t queues_mask = 0;
DB_PRINT("\n");
@@ -1299,7 +1300,12 @@ static void gem_reset(DeviceState *d)
s->regs[GEM_DESCONF] = 0x02500111;
s->regs[GEM_DESCONF2] = 0x2ab13fff;
s->regs[GEM_DESCONF5] = 0x002f2045;
-s->regs[GEM_DESCONF6] = 0x0200;
+s->regs[GEM_DESCONF6] = 0x0;
+
+if (s->num_priority_queues > 1) {
+queues_mask = MAKE_64BIT_MASK(1, s->num_priority_queues - 1);
+s->regs[GEM_DESCONF6] |= queues_mask;
+}
/* Set MAC address */
a = >conf.macaddr.a[0];
--
2.19.1
[Qemu-devel] [PULL 40/45] target/arm: Promote consecutive memory ops for aa32
From: Richard Henderson
For a sequence of loads or stores from a single register,
little-endian operations can be promoted to an 8-byte op.
This can reduce the number of operations by a factor of 8.
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-20-richard.hender...@linaro.org
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 7f209b4ae2b..83e88242082 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -5011,6 +5011,16 @@ static int disas_neon_ls_insn(DisasContext *s, uint32_t
insn)
if (size == 3 && (interleave | spacing) != 1) {
return 1;
}
+/* For our purposes, bytes are always little-endian. */
+if (size == 0) {
+endian = MO_LE;
+}
+/* Consecutive little-endian elements from a single register
+ * can be promoted to a larger little-endian operation.
+ */
+if (interleave == 1 && endian == MO_LE) {
+size = 3;
+}
tmp64 = tcg_temp_new_i64();
addr = tcg_temp_new_i32();
tmp2 = tcg_const_i32(1 << size);
--
2.19.1
[Qemu-devel] [PULL 27/45] target/arm: Use gvec for NEON VDUP
From: Richard Henderson
Also introduces neon_element_offset to find the env offset
of a specific element within a neon register.
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-7-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate.c | 63 --
1 file changed, 36 insertions(+), 27 deletions(-)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 869dadbe8db..6fcc43f25c7 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -1585,6 +1585,25 @@ neon_reg_offset (int reg, int n)
return vfp_reg_offset(0, sreg);
}
+/* Return the offset of a 2**SIZE piece of a NEON register, at index ELE,
+ * where 0 is the least significant end of the register.
+ */
+static inline long
+neon_element_offset(int reg, int element, TCGMemOp size)
+{
+int element_size = 1 << size;
+int ofs = element * element_size;
+#ifdef HOST_WORDS_BIGENDIAN
+/* Calculate the offset assuming fully little-endian,
+ * then XOR to account for the order of the 8-byte units.
+ */
+if (element_size < 8) {
+ofs ^= 8 - element_size;
+}
+#endif
+return neon_reg_offset(reg, 0) + ofs;
+}
+
static TCGv_i32 neon_load_reg(int reg, int pass)
{
TCGv_i32 tmp = tcg_temp_new_i32();
@@ -3432,17 +3451,10 @@ static int disas_vfp_insn(DisasContext *s, uint32_t
insn)
tmp = load_reg(s, rd);
if (insn & (1 << 23)) {
/* VDUP */
-if (size == 0) {
-gen_neon_dup_u8(tmp, 0);
-} else if (size == 1) {
-gen_neon_dup_low16(tmp);
-}
-for (n = 0; n <= pass * 2; n++) {
-tmp2 = tcg_temp_new_i32();
-tcg_gen_mov_i32(tmp2, tmp);
-neon_store_reg(rn, n, tmp2);
-}
-neon_store_reg(rn, n, tmp);
+int vec_size = pass ? 16 : 8;
+tcg_gen_gvec_dup_i32(size, neon_reg_offset(rn, 0),
+ vec_size, vec_size, tmp);
+tcg_temp_free_i32(tmp);
} else {
/* VMOV */
switch (size) {
@@ -7755,28 +7767,25 @@ static int disas_neon_data_insn(DisasContext *s,
uint32_t insn)
tcg_temp_free_i32(tmp);
} else if ((insn & 0x380) == 0) {
/* VDUP */
+int element;
+TCGMemOp size;
+
if ((insn & (7 << 16)) == 0 || (q && (rd & 1))) {
return 1;
}
-if (insn & (1 << 19)) {
-tmp = neon_load_reg(rm, 1);
-} else {
-tmp = neon_load_reg(rm, 0);
-}
if (insn & (1 << 16)) {
-gen_neon_dup_u8(tmp, ((insn >> 17) & 3) * 8);
+size = MO_8;
+element = (insn >> 17) & 7;
} else if (insn & (1 << 17)) {
-if ((insn >> 18) & 1)
-gen_neon_dup_high16(tmp);
-else
-gen_neon_dup_low16(tmp);
+size = MO_16;
+element = (insn >> 18) & 3;
+} else {
+size = MO_32;
+element = (insn >> 19) & 1;
}
-for (pass = 0; pass < (q ? 4 : 2); pass++) {
-tmp2 = tcg_temp_new_i32();
-tcg_gen_mov_i32(tmp2, tmp);
-neon_store_reg(rd, pass, tmp2);
-}
-tcg_temp_free_i32(tmp);
+tcg_gen_gvec_dup_mem(size, neon_reg_offset(rd, 0),
+ neon_element_offset(rm, element, size),
+ q ? 16 : 8, q ? 16 : 8);
} else {
return 1;
}
--
2.19.1
[Qemu-devel] [PULL 43/45] net: cadence_gem: Announce 64bit addressing support
From: "Edgar E. Iglesias"
Announce 64bit addressing support.
Reviewed-by: Alistair Francis
Signed-off-by: Edgar E. Iglesias
Message-id: 20181017213932.19973-3-edgar.igles...@gmail.com
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
hw/net/cadence_gem.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index 16a8455128c..d95cc27f583 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -142,6 +142,7 @@
#define GEM_DESCONF4 (0x028C/4)
#define GEM_DESCONF5 (0x0290/4)
#define GEM_DESCONF6 (0x0294/4)
+#define GEM_DESCONF6_64B_MASK (1U << 23)
#define GEM_DESCONF7 (0x0298/4)
#define GEM_INT_Q1_STATUS (0x0400 / 4)
@@ -1300,7 +1301,7 @@ static void gem_reset(DeviceState *d)
s->regs[GEM_DESCONF] = 0x02500111;
s->regs[GEM_DESCONF2] = 0x2ab13fff;
s->regs[GEM_DESCONF5] = 0x002f2045;
-s->regs[GEM_DESCONF6] = 0x0;
+s->regs[GEM_DESCONF6] = GEM_DESCONF6_64B_MASK;
if (s->num_priority_queues > 1) {
queues_mask = MAKE_64BIT_MASK(1, s->num_priority_queues - 1);
--
2.19.1
[Qemu-devel] [PULL 44/45] target/arm: Remove writefn from TTBR0_EL3
From: Richard Henderson
The EL3 version of this register does not include an ASID,
and so the tlb_flush performed by vmsa_ttbr_write is not needed.
Reviewed-by: Aaron Lindsay
Signed-off-by: Richard Henderson
Reviewed-by: Peter Maydell
Message-id: 20181019015617.22583-2-richard.hender...@linaro.org
Signed-off-by: Peter Maydell
---
target/arm/helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index bf4f50196de..20114bf574d 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4312,7 +4312,7 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
.fieldoffset = offsetof(CPUARMState, cp15.mvbar) },
{ .name = "TTBR0_EL3", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 6, .crn = 2, .crm = 0, .opc2 = 0,
- .access = PL3_RW, .writefn = vmsa_ttbr_write, .resetvalue = 0,
+ .access = PL3_RW, .resetvalue = 0,
.fieldoffset = offsetof(CPUARMState, cp15.ttbr0_el[3]) },
{ .name = "TCR_EL3", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 6, .crn = 2, .crm = 0, .opc2 = 2,
--
2.19.1
[Qemu-devel] [PULL 35/45] target/arm: Use gvec for VSRI, VSLI
From: Richard Henderson
Move shi_op and sli_op expanders from translate-a64.c.
Signed-off-by: Richard Henderson
Message-id: 20181011205206.3552-15-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
---
target/arm/translate.h | 2 +
target/arm/translate-a64.c | 152 +--
target/arm/translate.c | 244 ++---
3 files changed, 179 insertions(+), 219 deletions(-)
diff --git a/target/arm/translate.h b/target/arm/translate.h
index 5e13571b362..7eb759d0414 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -198,6 +198,8 @@ extern const GVecGen3 bit_op;
extern const GVecGen3 bif_op;
extern const GVecGen2i ssra_op[4];
extern const GVecGen2i usra_op[4];
+extern const GVecGen2i sri_op[4];
+extern const GVecGen2i sli_op[4];
/*
* Forward to the isar_feature_* tests given a DisasContext pointer.
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 6d11e384898..c26168d72c8 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -9392,85 +9392,10 @@ static void disas_simd_scalar_two_reg_misc(DisasContext
*s, uint32_t insn)
}
}
-static void gen_shr8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
-{
-uint64_t mask = dup_const(MO_8, 0xff >> shift);
-TCGv_i64 t = tcg_temp_new_i64();
-
-tcg_gen_shri_i64(t, a, shift);
-tcg_gen_andi_i64(t, t, mask);
-tcg_gen_andi_i64(d, d, ~mask);
-tcg_gen_or_i64(d, d, t);
-tcg_temp_free_i64(t);
-}
-
-static void gen_shr16_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
-{
-uint64_t mask = dup_const(MO_16, 0x >> shift);
-TCGv_i64 t = tcg_temp_new_i64();
-
-tcg_gen_shri_i64(t, a, shift);
-tcg_gen_andi_i64(t, t, mask);
-tcg_gen_andi_i64(d, d, ~mask);
-tcg_gen_or_i64(d, d, t);
-tcg_temp_free_i64(t);
-}
-
-static void gen_shr32_ins_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
-{
-tcg_gen_shri_i32(a, a, shift);
-tcg_gen_deposit_i32(d, d, a, 0, 32 - shift);
-}
-
-static void gen_shr64_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
-{
-tcg_gen_shri_i64(a, a, shift);
-tcg_gen_deposit_i64(d, d, a, 0, 64 - shift);
-}
-
-static void gen_shr_ins_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
-{
-uint64_t mask = (2ull << ((8 << vece) - 1)) - 1;
-TCGv_vec t = tcg_temp_new_vec_matching(d);
-TCGv_vec m = tcg_temp_new_vec_matching(d);
-
-tcg_gen_dupi_vec(vece, m, mask ^ (mask >> sh));
-tcg_gen_shri_vec(vece, t, a, sh);
-tcg_gen_and_vec(vece, d, d, m);
-tcg_gen_or_vec(vece, d, d, t);
-
-tcg_temp_free_vec(t);
-tcg_temp_free_vec(m);
-}
-
/* SSHR[RA]/USHR[RA] - Vector shift right (optional rounding/accumulate) */
static void handle_vec_simd_shri(DisasContext *s, bool is_q, bool is_u,
int immh, int immb, int opcode, int rn, int
rd)
{
-static const GVecGen2i sri_op[4] = {
-{ .fni8 = gen_shr8_ins_i64,
- .fniv = gen_shr_ins_vec,
- .load_dest = true,
- .opc = INDEX_op_shri_vec,
- .vece = MO_8 },
-{ .fni8 = gen_shr16_ins_i64,
- .fniv = gen_shr_ins_vec,
- .load_dest = true,
- .opc = INDEX_op_shri_vec,
- .vece = MO_16 },
-{ .fni4 = gen_shr32_ins_i32,
- .fniv = gen_shr_ins_vec,
- .load_dest = true,
- .opc = INDEX_op_shri_vec,
- .vece = MO_32 },
-{ .fni8 = gen_shr64_ins_i64,
- .fniv = gen_shr_ins_vec,
- .prefer_i64 = TCG_TARGET_REG_BITS == 64,
- .load_dest = true,
- .opc = INDEX_op_shri_vec,
- .vece = MO_64 },
-};
-
int size = 32 - clz32(immh) - 1;
int immhb = immh << 3 | immb;
int shift = 2 * (8 << size) - immhb;
@@ -9566,85 +9491,10 @@ static void handle_vec_simd_shri(DisasContext *s, bool
is_q, bool is_u,
clear_vec_high(s, is_q, rd);
}
-static void gen_shl8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
-{
-uint64_t mask = dup_const(MO_8, 0xff << shift);
-TCGv_i64 t = tcg_temp_new_i64();
-
-tcg_gen_shli_i64(t, a, shift);
-tcg_gen_andi_i64(t, t, mask);
-tcg_gen_andi_i64(d, d, ~mask);
-tcg_gen_or_i64(d, d, t);
-tcg_temp_free_i64(t);
-}
-
-static void gen_shl16_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
-{
-uint64_t mask = dup_const(MO_16, 0x << shift);
-TCGv_i64 t = tcg_temp_new_i64();
-
-tcg_gen_shli_i64(t, a, shift);
-tcg_gen_andi_i64(t, t, mask);
-tcg_gen_andi_i64(d, d, ~mask);
-tcg_gen_or_i64(d, d, t);
-tcg_temp_free_i64(t);
-}
-
-static void gen_shl32_ins_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
-{
-tcg_gen_deposit_i32(d, d, a, shift, 32 - shift);
-}
-
-static void gen_shl64_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
-{
-tcg_gen_deposit_i64(d, d, a, shift, 64 - shift);
-}
-
-static void gen_shl_ins_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
-{
-uint64_t mask = (1ull << sh) - 1;
-
