[Qemu-devel] [PULL] target/riscv: Fix manually parsed 16 bit insn

[Palmer Dabbelt]

From: Bastian Koppelmann 

during the refactor to decodetree we removed the manual decoding that is
necessary for c.jal/c.addiw and removed the translation of c.flw/c.ld
and c.fsw/c.sd. This reintroduces the manual parsing and the
omited implementation.

Signed-off-by: Bastian Koppelmann 
Tested-by: Palmer Dabbelt 
Reviewed-by: Alistair Francis 
Tested-by: Alistair Francis 
Signed-off-by: Palmer Dabbelt 
---
 target/riscv/insn_trans/trans_rvc.inc.c | 30 -
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvc.inc.c 
b/target/riscv/insn_trans/trans_rvc.inc.c
index bcdf64d3b705..5819f53f900e 100644
--- a/target/riscv/insn_trans/trans_rvc.inc.c
+++ b/target/riscv/insn_trans/trans_rvc.inc.c
@@ -44,10 +44,19 @@ static bool trans_c_flw_ld(DisasContext *ctx, arg_c_flw_ld 
*a)
 {
 #ifdef TARGET_RISCV32
 /* C.FLW ( RV32FC-only ) */
-return false;
+REQUIRE_FPU;
+REQUIRE_EXT(ctx, RVF);
+
+arg_c_lw tmp;
+decode_insn16_extract_cl_w(, ctx->opcode);
+arg_flw arg = { .rd = tmp.rd, .rs1 = tmp.rs1, .imm = tmp.uimm };
+return trans_flw(ctx, );
 #else
 /* C.LD ( RV64C/RV128C-only ) */
-return false;
+arg_c_fld tmp;
+decode_insn16_extract_cl_d(, ctx->opcode);
+arg_ld arg = { .rd = tmp.rd, .rs1 = tmp.rs1, .imm = tmp.uimm };
+return trans_ld(ctx, );
 #endif
 }
 
@@ -67,10 +76,19 @@ static bool trans_c_fsw_sd(DisasContext *ctx, arg_c_fsw_sd 
*a)
 {
 #ifdef TARGET_RISCV32
 /* C.FSW ( RV32FC-only ) */
-return false;
+REQUIRE_FPU;
+REQUIRE_EXT(ctx, RVF);
+
+arg_c_sw tmp;
+decode_insn16_extract_cs_w(, ctx->opcode);
+arg_fsw arg = { .rs1 = tmp.rs1, .rs2 = tmp.rs2, .imm = tmp.uimm };
+return trans_fsw(ctx, );
 #else
 /* C.SD ( RV64C/RV128C-only ) */
-return false;
+arg_c_fsd tmp;
+decode_insn16_extract_cs_d(, ctx->opcode);
+arg_sd arg = { .rs1 = tmp.rs1, .rs2 = tmp.rs2, .imm = tmp.uimm };
+return trans_sd(ctx, );
 #endif
 }
 
@@ -88,7 +106,9 @@ static bool trans_c_jal_addiw(DisasContext *ctx, 
arg_c_jal_addiw *a)
 {
 #ifdef TARGET_RISCV32
 /* C.JAL */
-arg_jal arg = { .rd = 1, .imm = a->imm };
+arg_c_j tmp;
+decode_insn16_extract_cj(, ctx->opcode);
+arg_jal arg = { .rd = 1, .imm = tmp.imm };
 return trans_jal(ctx, );
 #else
 /* C.ADDIW */
-- 
2.19.2

[Qemu-devel] [PULL] A Single RISC-V Patch for 4.0-rc0

[Palmer Dabbelt]

The following changes since commit d4e65539e570d5872003710b5a1064489911d33d:

  Merge remote-tracking branch 'remotes/rth/tags/pull-hppa-20190316' into 
staging (2019-03-17 14:10:52 +)

are available in the Git repository at:

  git://github.com/palmer-dabbelt/qemu.git tags/riscv-for-4.0-rc0

for you to fetch changes up to f330433b3633647b047cfa418c2ca4d18fda69c7:

  target/riscv: Fix manually parsed 16 bit insn (2019-03-17 22:21:32 -0700)


A Single RISC-V Patch for 4.0-rc0

There was a regression introduced by the decodetree conversion that has
a fairly straight-forward fix.  Since this fixes bugs that everyone has
hit I'd like to target it for rc0.


Bastian Koppelmann (1):
  target/riscv: Fix manually parsed 16 bit insn

 target/riscv/insn_trans/trans_rvc.inc.c | 30 +-
 1 file changed, 25 insertions(+), 5 deletions(-)

Re: [Qemu-devel] [PATCH 0/5] QEMU VFIO live migration

[Zhao Yan]

On Mon, Mar 18, 2019 at 11:09:04AM +0800, Alex Williamson wrote:
> On Sun, 17 Mar 2019 22:51:27 -0400
> Zhao Yan  wrote:
> 
> > On Fri, Mar 15, 2019 at 10:24:02AM +0800, Alex Williamson wrote:
> > > On Thu, 14 Mar 2019 19:05:06 -0400
> > > Zhao Yan  wrote:
> > >   
> > > > On Fri, Mar 15, 2019 at 06:44:58AM +0800, Alex Williamson wrote:  
> > > > > On Wed, 13 Mar 2019 21:12:22 -0400
> > > > > Zhao Yan  wrote:
> > > > > 
> > > > > > On Thu, Mar 14, 2019 at 03:14:54AM +0800, Alex Williamson wrote:
> > > > > > > On Tue, 12 Mar 2019 21:13:01 -0400
> > > > > > > Zhao Yan  wrote:
> > > > > > >   
> > > > > > > > hi Alex
> > > > > > > > Any comments to the sequence below?
> > > > > > > > 
> > > > > > > > Actaully we have some concerns and suggestions to 
> > > > > > > > userspace-opaque migration
> > > > > > > > data.
> > > > > > > > 
> > > > > > > > 1. if data is opaque to userspace, kernel interface must be 
> > > > > > > > tightly bound to
> > > > > > > > migration. 
> > > > > > > >e.g. vendor driver has to know state (running + not logging) 
> > > > > > > > should not
> > > > > > > >return any data, and state (running + logging) should return 
> > > > > > > > whole
> > > > > > > >snapshot first and dirty later. it also has to know qemu 
> > > > > > > > migration will
> > > > > > > >not call GET_BUFFER in state (running + not logging), 
> > > > > > > > otherwise, it has
> > > > > > > >to adjust its behavior.  
> > > > > > > 
> > > > > > > This all just sounds like defining the protocol we expect with the
> > > > > > > interface.  For instance if we define a session as beginning when
> > > > > > > logging is enabled and ending when the device is stopped and the
> > > > > > > interface reports no more data is available, then we can state 
> > > > > > > that any
> > > > > > > partial accumulation of data is incomplete relative to migration. 
> > > > > > >  If
> > > > > > > userspace wants to initiate a new migration stream, they can 
> > > > > > > simply
> > > > > > > toggle logging.  How the vendor driver provides the data during 
> > > > > > > the
> > > > > > > session is not defined, but beginning the session with a snapshot
> > > > > > > followed by repeated iterations of dirtied data is certainly a 
> > > > > > > valid
> > > > > > > approach.
> > > > > > >   
> > > > > > > > 2. vendor driver cannot ensure userspace get all the data it 
> > > > > > > > intends to
> > > > > > > > save in pre-copy phase.
> > > > > > > >   e.g. in stop-and-copy phase, vendor driver has to first check 
> > > > > > > > and send
> > > > > > > >   data in previous phase.  
> > > > > > > 
> > > > > > > First, I don't think the device has control of when QEMU switches 
> > > > > > > from
> > > > > > > pre-copy to stop-and-copy, the protocol needs to support that
> > > > > > > transition at any point.  However, it seems a simply data 
> > > > > > > available
> > > > > > > counter provides an indication of when it might be optimal to 
> > > > > > > make such
> > > > > > > a transition.  If a vendor driver follows a scheme as above, the
> > > > > > > available data counter would indicate a large value, the entire 
> > > > > > > initial
> > > > > > > snapshot of the device.  As the migration continues and pages are
> > > > > > > dirtied, the device would reach a steady state amount of data
> > > > > > > available, depending on the guest activity.  This could indicate 
> > > > > > > to the
> > > > > > > user to stop the device.  The migration stream would not be 
> > > > > > > considered
> > > > > > > completed until the available data counter reaches zero while the
> > > > > > > device is in the stopped|logging state.
> > > > > > >   
> > > > > > > > 3. if all the sequence is tightly bound to live migration, can 
> > > > > > > > we remove the
> > > > > > > > logging state? what about adding two states migrate-in and 
> > > > > > > > migrate-out?
> > > > > > > > so there are four states: running, stopped, migrate-in, 
> > > > > > > > migrate-out.
> > > > > > > >migrate-out is for source side when migration starts. 
> > > > > > > > together with
> > > > > > > >state running and stopped, it can substitute state logging.
> > > > > > > >migrate-in is for target side.  
> > > > > > > 
> > > > > > > In fact, Kirti's implementation specifies a data direction, but I 
> > > > > > > think
> > > > > > > we still need logging to indicate sessions.  I'd also assume that
> > > > > > > logging implies some overhead for the vendor driver.
> > > > > > >  
> > > > > > ok. If you prefer logging, I'm ok with it. just found migrate-in and
> > > > > > migrate-out are more universal againt hardware requirement changes.
> > > > > > 
> > > > > > > > On Tue, Mar 12, 2019 at 10:57:47AM +0800, Zhao Yan wrote:  
> > > > > > > > > hi Alex
> > > > > > > > > thanks for your reply.
> > > > > > > > > 
> > > > > > > > > So, if we choose migration data to be userspace opaque, do 
> > > > > > > > > 

Re: [Qemu-devel] [PATCH 0/5] QEMU VFIO live migration

[Alex Williamson]

On Sun, 17 Mar 2019 22:51:27 -0400
Zhao Yan  wrote:

> On Fri, Mar 15, 2019 at 10:24:02AM +0800, Alex Williamson wrote:
> > On Thu, 14 Mar 2019 19:05:06 -0400
> > Zhao Yan  wrote:
> >   
> > > On Fri, Mar 15, 2019 at 06:44:58AM +0800, Alex Williamson wrote:  
> > > > On Wed, 13 Mar 2019 21:12:22 -0400
> > > > Zhao Yan  wrote:
> > > > 
> > > > > On Thu, Mar 14, 2019 at 03:14:54AM +0800, Alex Williamson wrote:
> > > > > > On Tue, 12 Mar 2019 21:13:01 -0400
> > > > > > Zhao Yan  wrote:
> > > > > >   
> > > > > > > hi Alex
> > > > > > > Any comments to the sequence below?
> > > > > > > 
> > > > > > > Actaully we have some concerns and suggestions to 
> > > > > > > userspace-opaque migration
> > > > > > > data.
> > > > > > > 
> > > > > > > 1. if data is opaque to userspace, kernel interface must be 
> > > > > > > tightly bound to
> > > > > > > migration. 
> > > > > > >e.g. vendor driver has to know state (running + not logging) 
> > > > > > > should not
> > > > > > >return any data, and state (running + logging) should return 
> > > > > > > whole
> > > > > > >snapshot first and dirty later. it also has to know qemu 
> > > > > > > migration will
> > > > > > >not call GET_BUFFER in state (running + not logging), 
> > > > > > > otherwise, it has
> > > > > > >to adjust its behavior.  
> > > > > > 
> > > > > > This all just sounds like defining the protocol we expect with the
> > > > > > interface.  For instance if we define a session as beginning when
> > > > > > logging is enabled and ending when the device is stopped and the
> > > > > > interface reports no more data is available, then we can state that 
> > > > > > any
> > > > > > partial accumulation of data is incomplete relative to migration.  
> > > > > > If
> > > > > > userspace wants to initiate a new migration stream, they can simply
> > > > > > toggle logging.  How the vendor driver provides the data during the
> > > > > > session is not defined, but beginning the session with a snapshot
> > > > > > followed by repeated iterations of dirtied data is certainly a valid
> > > > > > approach.
> > > > > >   
> > > > > > > 2. vendor driver cannot ensure userspace get all the data it 
> > > > > > > intends to
> > > > > > > save in pre-copy phase.
> > > > > > >   e.g. in stop-and-copy phase, vendor driver has to first check 
> > > > > > > and send
> > > > > > >   data in previous phase.  
> > > > > > 
> > > > > > First, I don't think the device has control of when QEMU switches 
> > > > > > from
> > > > > > pre-copy to stop-and-copy, the protocol needs to support that
> > > > > > transition at any point.  However, it seems a simply data available
> > > > > > counter provides an indication of when it might be optimal to make 
> > > > > > such
> > > > > > a transition.  If a vendor driver follows a scheme as above, the
> > > > > > available data counter would indicate a large value, the entire 
> > > > > > initial
> > > > > > snapshot of the device.  As the migration continues and pages are
> > > > > > dirtied, the device would reach a steady state amount of data
> > > > > > available, depending on the guest activity.  This could indicate to 
> > > > > > the
> > > > > > user to stop the device.  The migration stream would not be 
> > > > > > considered
> > > > > > completed until the available data counter reaches zero while the
> > > > > > device is in the stopped|logging state.
> > > > > >   
> > > > > > > 3. if all the sequence is tightly bound to live migration, can we 
> > > > > > > remove the
> > > > > > > logging state? what about adding two states migrate-in and 
> > > > > > > migrate-out?
> > > > > > > so there are four states: running, stopped, migrate-in, 
> > > > > > > migrate-out.
> > > > > > >migrate-out is for source side when migration starts. together 
> > > > > > > with
> > > > > > >state running and stopped, it can substitute state logging.
> > > > > > >migrate-in is for target side.  
> > > > > > 
> > > > > > In fact, Kirti's implementation specifies a data direction, but I 
> > > > > > think
> > > > > > we still need logging to indicate sessions.  I'd also assume that
> > > > > > logging implies some overhead for the vendor driver.
> > > > > >  
> > > > > ok. If you prefer logging, I'm ok with it. just found migrate-in and
> > > > > migrate-out are more universal againt hardware requirement changes.
> > > > > 
> > > > > > > On Tue, Mar 12, 2019 at 10:57:47AM +0800, Zhao Yan wrote:  
> > > > > > > > hi Alex
> > > > > > > > thanks for your reply.
> > > > > > > > 
> > > > > > > > So, if we choose migration data to be userspace opaque, do you 
> > > > > > > > think below
> > > > > > > > sequence is the right behavior for vendor driver to follow:
> > > > > > > > 
> > > > > > > > 1. initially LOGGING state is not set. If userspace calls 
> > > > > > > > GET_BUFFER to
> > > > > > > > vendor driver,  vendor driver should reject and return 0.  
> > > > > > 
> > > > > > 

Re: [Qemu-devel] [PATCH for-4.1 v2 02/13] tcg: Return bool success from tcg_out_mov

[Aleksandar Markovic]

On Sunday, March 17, 2019, Richard Henderson 
wrote:

> This patch merely changes the interface, aborting on all failures,
> of which there are currently none.
>
>
Why is this necessary?

Aleksandar


> Signed-off-by: Richard Henderson 
> ---
>  tcg/aarch64/tcg-target.inc.c |  5 +++--
>  tcg/arm/tcg-target.inc.c |  7 +--
>  tcg/i386/tcg-target.inc.c|  5 +++--
>  tcg/mips/tcg-target.inc.c|  3 ++-
>  tcg/ppc/tcg-target.inc.c |  3 ++-
>  tcg/riscv/tcg-target.inc.c   |  5 +++--
>  tcg/s390/tcg-target.inc.c|  3 ++-
>  tcg/sparc/tcg-target.inc.c   |  3 ++-
>  tcg/tcg.c| 14 ++
>  tcg/tci/tcg-target.inc.c |  3 ++-
>  10 files changed, 34 insertions(+), 17 deletions(-)
>
> diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
> index d57f9e500f..6ba9050d9a 100644
> --- a/tcg/aarch64/tcg-target.inc.c
> +++ b/tcg/aarch64/tcg-target.inc.c
> @@ -938,10 +938,10 @@ static void tcg_out_ldst(TCGContext *s, AArch64Insn
> insn, TCGReg rd,
>  tcg_out_ldst_r(s, insn, rd, rn, TCG_TYPE_I64, TCG_REG_TMP);
>  }
>
> -static void tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg
> arg)
> +static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg
> arg)
>  {
>  if (ret == arg) {
> -return;
> +return true;
>  }
>  switch (type) {
>  case TCG_TYPE_I32:
> @@ -970,6 +970,7 @@ static void tcg_out_mov(TCGContext *s, TCGType type,
> TCGReg ret, TCGReg arg)
>  default:
>  g_assert_not_reached();
>  }
> +return true;
>  }
>
>  static void tcg_out_ld(TCGContext *s, TCGType type, TCGReg ret,
> diff --git a/tcg/arm/tcg-target.inc.c b/tcg/arm/tcg-target.inc.c
> index 2245a8aeb9..b303befa50 100644
> --- a/tcg/arm/tcg-target.inc.c
> +++ b/tcg/arm/tcg-target.inc.c
> @@ -2250,10 +2250,13 @@ static inline bool tcg_out_sti(TCGContext *s,
> TCGType type, TCGArg val,
>  return false;
>  }
>
> -static inline void tcg_out_mov(TCGContext *s, TCGType type,
> +static inline bool tcg_out_mov(TCGContext *s, TCGType type,
> TCGReg ret, TCGReg arg)
>  {
> -tcg_out_dat_reg(s, COND_AL, ARITH_MOV, ret, 0, arg, SHIFT_IMM_LSL(0));
> +if (ret != arg) {
> +tcg_out_dat_reg(s, COND_AL, ARITH_MOV, ret, 0, arg,
> SHIFT_IMM_LSL(0));
> +}
> +return true;
>  }
>
>  static inline void tcg_out_movi(TCGContext *s, TCGType type,
> diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
> index e0670e5098..7100cf7ac3 100644
> --- a/tcg/i386/tcg-target.inc.c
> +++ b/tcg/i386/tcg-target.inc.c
> @@ -808,12 +808,12 @@ static inline void tgen_arithr(TCGContext *s, int
> subop, int dest, int src)
>  tcg_out_modrm(s, OPC_ARITH_GvEv + (subop << 3) + ext, dest, src);
>  }
>
> -static void tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg
> arg)
> +static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg
> arg)
>  {
>  int rexw = 0;
>
>  if (arg == ret) {
> -return;
> +return true;
>  }
>  switch (type) {
>  case TCG_TYPE_I64:
> @@ -851,6 +851,7 @@ static void tcg_out_mov(TCGContext *s, TCGType type,
> TCGReg ret, TCGReg arg)
>  default:
>  g_assert_not_reached();
>  }
> +return true;
>  }
>
>  static void tcg_out_dup_vec(TCGContext *s, TCGType type, unsigned vece,
> diff --git a/tcg/mips/tcg-target.inc.c b/tcg/mips/tcg-target.inc.c
> index 8a92e916dd..f31ebb43bf 100644
> --- a/tcg/mips/tcg-target.inc.c
> +++ b/tcg/mips/tcg-target.inc.c
> @@ -558,13 +558,14 @@ static inline void tcg_out_dsra(TCGContext *s,
> TCGReg rd, TCGReg rt, TCGArg sa)
>  tcg_out_opc_sa64(s, OPC_DSRA, OPC_DSRA32, rd, rt, sa);
>  }
>
> -static inline void tcg_out_mov(TCGContext *s, TCGType type,
> +static inline bool tcg_out_mov(TCGContext *s, TCGType type,
> TCGReg ret, TCGReg arg)
>  {
>  /* Simple reg-reg move, optimising out the 'do nothing' case */
>  if (ret != arg) {
>  tcg_out_opc_reg(s, OPC_OR, ret, arg, TCG_REG_ZERO);
>  }
> +return true;
>  }
>
>  static void tcg_out_movi(TCGContext *s, TCGType type,
> diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
> index 773690f1d9..ec8e336be8 100644
> --- a/tcg/ppc/tcg-target.inc.c
> +++ b/tcg/ppc/tcg-target.inc.c
> @@ -566,12 +566,13 @@ static bool patch_reloc(tcg_insn_unit *code_ptr, int
> type,
>  static void tcg_out_mem_long(TCGContext *s, int opi, int opx, TCGReg rt,
>   TCGReg base, tcg_target_long offset);
>
> -static void tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg
> arg)
> +static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg
> arg)
>  {
>  tcg_debug_assert(TCG_TARGET_REG_BITS == 64 || type == TCG_TYPE_I32);
>  if (ret != arg) {
>  tcg_out32(s, OR | SAB(arg, ret, arg));
>  }
> +return true;
>  }
>
>  static inline void tcg_out_rld(TCGContext *s, int op, TCGReg ra, TCGReg
> rs,
> diff --git 

Re: [Qemu-devel] [PATCH 0/5] QEMU VFIO live migration

[Zhao Yan]

On Fri, Mar 15, 2019 at 10:24:02AM +0800, Alex Williamson wrote:
> On Thu, 14 Mar 2019 19:05:06 -0400
> Zhao Yan  wrote:
> 
> > On Fri, Mar 15, 2019 at 06:44:58AM +0800, Alex Williamson wrote:
> > > On Wed, 13 Mar 2019 21:12:22 -0400
> > > Zhao Yan  wrote:
> > >   
> > > > On Thu, Mar 14, 2019 at 03:14:54AM +0800, Alex Williamson wrote:  
> > > > > On Tue, 12 Mar 2019 21:13:01 -0400
> > > > > Zhao Yan  wrote:
> > > > > 
> > > > > > hi Alex
> > > > > > Any comments to the sequence below?
> > > > > > 
> > > > > > Actaully we have some concerns and suggestions to userspace-opaque 
> > > > > > migration
> > > > > > data.
> > > > > > 
> > > > > > 1. if data is opaque to userspace, kernel interface must be tightly 
> > > > > > bound to
> > > > > > migration. 
> > > > > >e.g. vendor driver has to know state (running + not logging) 
> > > > > > should not
> > > > > >return any data, and state (running + logging) should return 
> > > > > > whole
> > > > > >snapshot first and dirty later. it also has to know qemu 
> > > > > > migration will
> > > > > >not call GET_BUFFER in state (running + not logging), otherwise, 
> > > > > > it has
> > > > > >to adjust its behavior.
> > > > > 
> > > > > This all just sounds like defining the protocol we expect with the
> > > > > interface.  For instance if we define a session as beginning when
> > > > > logging is enabled and ending when the device is stopped and the
> > > > > interface reports no more data is available, then we can state that 
> > > > > any
> > > > > partial accumulation of data is incomplete relative to migration.  If
> > > > > userspace wants to initiate a new migration stream, they can simply
> > > > > toggle logging.  How the vendor driver provides the data during the
> > > > > session is not defined, but beginning the session with a snapshot
> > > > > followed by repeated iterations of dirtied data is certainly a valid
> > > > > approach.
> > > > > 
> > > > > > 2. vendor driver cannot ensure userspace get all the data it 
> > > > > > intends to
> > > > > > save in pre-copy phase.
> > > > > >   e.g. in stop-and-copy phase, vendor driver has to first check and 
> > > > > > send
> > > > > >   data in previous phase.
> > > > > 
> > > > > First, I don't think the device has control of when QEMU switches from
> > > > > pre-copy to stop-and-copy, the protocol needs to support that
> > > > > transition at any point.  However, it seems a simply data available
> > > > > counter provides an indication of when it might be optimal to make 
> > > > > such
> > > > > a transition.  If a vendor driver follows a scheme as above, the
> > > > > available data counter would indicate a large value, the entire 
> > > > > initial
> > > > > snapshot of the device.  As the migration continues and pages are
> > > > > dirtied, the device would reach a steady state amount of data
> > > > > available, depending on the guest activity.  This could indicate to 
> > > > > the
> > > > > user to stop the device.  The migration stream would not be considered
> > > > > completed until the available data counter reaches zero while the
> > > > > device is in the stopped|logging state.
> > > > > 
> > > > > > 3. if all the sequence is tightly bound to live migration, can we 
> > > > > > remove the
> > > > > > logging state? what about adding two states migrate-in and 
> > > > > > migrate-out?
> > > > > > so there are four states: running, stopped, migrate-in, migrate-out.
> > > > > >migrate-out is for source side when migration starts. together 
> > > > > > with
> > > > > >state running and stopped, it can substitute state logging.
> > > > > >migrate-in is for target side.
> > > > > 
> > > > > In fact, Kirti's implementation specifies a data direction, but I 
> > > > > think
> > > > > we still need logging to indicate sessions.  I'd also assume that
> > > > > logging implies some overhead for the vendor driver.
> > > > >
> > > > ok. If you prefer logging, I'm ok with it. just found migrate-in and
> > > > migrate-out are more universal againt hardware requirement changes.
> > > >   
> > > > > > On Tue, Mar 12, 2019 at 10:57:47AM +0800, Zhao Yan wrote:
> > > > > > > hi Alex
> > > > > > > thanks for your reply.
> > > > > > > 
> > > > > > > So, if we choose migration data to be userspace opaque, do you 
> > > > > > > think below
> > > > > > > sequence is the right behavior for vendor driver to follow:
> > > > > > > 
> > > > > > > 1. initially LOGGING state is not set. If userspace calls 
> > > > > > > GET_BUFFER to
> > > > > > > vendor driver,  vendor driver should reject and return 0.
> > > > > 
> > > > > What would this state mean otherwise?  If we're not logging then it
> > > > > should not be expected that we can construct dirtied data from a
> > > > > previous read of the state before logging was enabled (it would be
> > > > > outside of the "session").  So at best this is an incomplete segment 
> > > > > of
> > > > > the initial 

Re: [Qemu-devel] [PATCH v6 1/2] hw/arm: Add arm SBSA reference machine, skeleton part

[Hongbo Zhang]

On Fri, 15 Mar 2019 at 18:41, Ard Biesheuvel  wrote:
>
> On Fri, 15 Mar 2019 at 11:08, Hongbo Zhang  wrote:
> >
> > For the Aarch64, there is one machine 'virt', it is primarily meant to
> > run on KVM and execute virtualization workloads, but we need an
> > environment as faithful as possible to physical hardware, for supporting
> > firmware and OS development for pysical Aarch64 machines.
> >
> > This patch introduces new machine type 'sbsa-ref' with main features:
> >  - Based on 'virt' machine type.
> >  - A new memory map.
> >  - CPU type cortex-a57.
> >  - EL2 and EL3 are enabled.
> >  - GIC version 3.
> >  - System bus AHCI controller.
> >  - System bus EHCI controller.
>
> Hello Hongbo,
>
> Apologies for bringing this up now, but I seem to remember that the
> EHCI does not support 64-bit DMA. Did you run into any issues with
> this? Or was this fixed in QEMU in the mean time?
>
Hi Ard,
Which EHCI do you mean?
This time I use a newly introduced system bus EHCI, commit 114529f7
and I only tested USB mouse and key board, didn't test DMA function.

>
> >  - CDROM and hard disc on AHCI bus.
> >  - E1000E ethernet card on PCIE bus.
> >  - VGA display adaptor on PCIE bus.
> >  - No virtio deivces.
> >  - No fw_cfg device.
> >  - No ACPI table supplied.
> >  - Only minimal device tree nodes.
> >
> > Arm Trusted Firmware and UEFI porting to this are done accordingly, and
> > it should supply ACPI tables to load OS, the minimal device tree nodes
> > supplied from this platform are only to pass the dynamic info reflecting
> > command line input to firmware, not for loading OS.
> >
> > To make the review easier, this task is split into two patches, the
> > fundamental sceleton part and the peripheral devices part, this patch is
> > the first part.
> >
> > Signed-off-by: Hongbo Zhang 
> > ---
> >  default-configs/arm-softmmu.mak |   1 +
> >  hw/arm/Kconfig  |   3 +
> >  hw/arm/Makefile.objs|   1 +
> >  hw/arm/sbsa-ref.c   | 303 
> > 
> >  4 files changed, 308 insertions(+)
> >  create mode 100644 hw/arm/sbsa-ref.c
> >
> > diff --git a/default-configs/arm-softmmu.mak 
> > b/default-configs/arm-softmmu.mak
> > index 2a7efc1..4fbb6ac 100644
> > --- a/default-configs/arm-softmmu.mak
> > +++ b/default-configs/arm-softmmu.mak
> > @@ -144,6 +144,7 @@ CONFIG_IOH3420=y
> >  CONFIG_I82801B11=y
> >  CONFIG_ACPI=y
> >  CONFIG_ARM_VIRT=y
> > +CONFIG_SBSA_REF=y
> >  CONFIG_SMBIOS=y
> >  CONFIG_ASPEED_SOC=y
> >  CONFIG_SMBUS_EEPROM=y
> > diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
> > index d298fbd..6654914 100644
> > --- a/hw/arm/Kconfig
> > +++ b/hw/arm/Kconfig
> > @@ -38,6 +38,9 @@ config PXA2XX
> >  config REALVIEW
> >  bool
> >
> > +config SBSA_REF
> > +bool
> > +
> >  config STELLARIS
> >  bool
> >
> > diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
> > index fa57c7c..fa812ec 100644
> > --- a/hw/arm/Makefile.objs
> > +++ b/hw/arm/Makefile.objs
> > @@ -12,6 +12,7 @@ obj-$(CONFIG_NSERIES) += nseries.o
> >  obj-$(CONFIG_OMAP) += omap_sx1.o palm.o
> >  obj-$(CONFIG_PXA2XX) += gumstix.o spitz.o tosa.o z2.o
> >  obj-$(CONFIG_REALVIEW) += realview.o
> > +obj-$(CONFIG_SBSA_REF) += sbsa-ref.o
> >  obj-$(CONFIG_STELLARIS) += stellaris.o
> >  obj-$(CONFIG_STRONGARM) += collie.o
> >  obj-$(CONFIG_VERSATILE) += vexpress.o versatilepb.o
> > diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
> > new file mode 100644
> > index 000..b6d31f2
> > --- /dev/null
> > +++ b/hw/arm/sbsa-ref.c
> > @@ -0,0 +1,303 @@
> > +/*
> > + * ARM SBSA Reference Platform emulation
> > + *
> > + * Copyright (c) 2018 Linaro Limited
> > + * Written by Hongbo Zhang 
> > + *
> > + * This program is free software; you can redistribute it and/or modify it
> > + * under the terms and conditions of the GNU General Public License,
> > + * version 2 or later, as published by the Free Software Foundation.
> > + *
> > + * This program is distributed in the hope it will be useful, but WITHOUT
> > + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> > + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License 
> > for
> > + * more details.
> > + *
> > + * You should have received a copy of the GNU General Public License along 
> > with
> > + * this program.  If not, see .
> > + */
> > +
> > +#include "qemu/osdep.h"
> > +#include "qapi/error.h"
> > +#include "qemu/error-report.h"
> > +#include "qemu/units.h"
> > +#include "sysemu/numa.h"
> > +#include "sysemu/sysemu.h"
> > +#include "exec/address-spaces.h"
> > +#include "exec/hwaddr.h"
> > +#include "kvm_arm.h"
> > +#include "hw/arm/arm.h"
> > +#include "hw/boards.h"
> > +#include "hw/intc/arm_gicv3_common.h"
> > +
> > +#define RAMLIMIT_GB 8192
> > +#define RAMLIMIT_BYTES (RAMLIMIT_GB * GiB)
> > +
> > +enum {
> > +SBSA_FLASH,
> > +SBSA_MEM,
> > +SBSA_CPUPERIPHS,
> > +SBSA_GIC_DIST,
> > +SBSA_GIC_REDIST,
> > +SBSA_SMMU,
> > +

Re: [Qemu-devel] [RFC PATCH] spapr/irq: force XICS interrupt mode on non P9 machines

[David Gibson]

On Sun, Mar 17, 2019 at 09:33:42PM +0100, Cédric Le Goater wrote:
> There is no need to propose the 'dual' interrupt mode interrupt device
> on POWER7/8 machines and the XIVE mode will not operate. Simply force
> XICS in this case.
> 
> This makes the check in spapr_machine_init() redundant on XIVE-only
> machines.
> 
> Signed-off-by: Cédric Le Goater 

This is not my preferred approach.  If the user explicitly selects
xive or dual mode with a POWER8 cpu, we should hard error, rather than
forcing a different mode from the one requested.

We do need to make sure we default to xics mode with POWER8, even on
new machine types.

> ---
>  hw/ppc/spapr_irq.c | 10 ++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/hw/ppc/spapr_irq.c b/hw/ppc/spapr_irq.c
> index f2ca1bb66c9d..d27ae68915a1 100644
> --- a/hw/ppc/spapr_irq.c
> +++ b/hw/ppc/spapr_irq.c
> @@ -16,6 +16,7 @@
>  #include "hw/ppc/spapr_xive.h"
>  #include "hw/ppc/xics.h"
>  #include "hw/ppc/xics_spapr.h"
> +#include "cpu-models.h"
>  #include "sysemu/kvm.h"
>  
>  #include "trace.h"
> @@ -655,6 +656,7 @@ SpaprIrq spapr_irq_dual = {
>  void spapr_irq_init(SpaprMachineState *spapr, Error **errp)
>  {
>  MachineState *machine = MACHINE(spapr);
> +Error *local_err = NULL;
>  
>  if (machine_kernel_irqchip_split(machine)) {
>  error_setg(errp, "kernel_irqchip split mode not supported on 
> pseries");
> @@ -667,6 +669,14 @@ void spapr_irq_init(SpaprMachineState *spapr, Error 
> **errp)
>  return;
>  }
>  
> +/* Force XICS on non P9 machines */
> +if (!ppc_type_check_compat(machine->cpu_type, CPU_POWERPC_LOGICAL_3_00,
> +  0, spapr->max_compat_pvr)) {
> +error_setg(_err, "forcing XICS interrupt controller");
> +warn_report_err(local_err);
> +spapr->irq = _irq_xics;
> +}
> +
>  /* Initialize the MSI IRQ allocator. */
>  if (!SPAPR_MACHINE_GET_CLASS(spapr)->legacy_irq_allocation) {
>  spapr_irq_msi_init(spapr, spapr->irq->nr_msis);

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH for-4.1 v2 02/13] tcg: Return bool success from tcg_out_mov

[David Gibson]

On Sun, Mar 17, 2019 at 02:08:23AM -0700, Richard Henderson wrote:
> This patch merely changes the interface, aborting on all failures,
> of which there are currently none.
> 
> Signed-off-by: Richard Henderson 

Reviewed-by: David Gibson 

> ---
>  tcg/aarch64/tcg-target.inc.c |  5 +++--
>  tcg/arm/tcg-target.inc.c |  7 +--
>  tcg/i386/tcg-target.inc.c|  5 +++--
>  tcg/mips/tcg-target.inc.c|  3 ++-
>  tcg/ppc/tcg-target.inc.c |  3 ++-
>  tcg/riscv/tcg-target.inc.c   |  5 +++--
>  tcg/s390/tcg-target.inc.c|  3 ++-
>  tcg/sparc/tcg-target.inc.c   |  3 ++-
>  tcg/tcg.c| 14 ++
>  tcg/tci/tcg-target.inc.c |  3 ++-
>  10 files changed, 34 insertions(+), 17 deletions(-)
> 
> diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
> index d57f9e500f..6ba9050d9a 100644
> --- a/tcg/aarch64/tcg-target.inc.c
> +++ b/tcg/aarch64/tcg-target.inc.c
> @@ -938,10 +938,10 @@ static void tcg_out_ldst(TCGContext *s, AArch64Insn 
> insn, TCGReg rd,
>  tcg_out_ldst_r(s, insn, rd, rn, TCG_TYPE_I64, TCG_REG_TMP);
>  }
>  
> -static void tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
> +static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
>  {
>  if (ret == arg) {
> -return;
> +return true;
>  }
>  switch (type) {
>  case TCG_TYPE_I32:
> @@ -970,6 +970,7 @@ static void tcg_out_mov(TCGContext *s, TCGType type, 
> TCGReg ret, TCGReg arg)
>  default:
>  g_assert_not_reached();
>  }
> +return true;
>  }
>  
>  static void tcg_out_ld(TCGContext *s, TCGType type, TCGReg ret,
> diff --git a/tcg/arm/tcg-target.inc.c b/tcg/arm/tcg-target.inc.c
> index 2245a8aeb9..b303befa50 100644
> --- a/tcg/arm/tcg-target.inc.c
> +++ b/tcg/arm/tcg-target.inc.c
> @@ -2250,10 +2250,13 @@ static inline bool tcg_out_sti(TCGContext *s, TCGType 
> type, TCGArg val,
>  return false;
>  }
>  
> -static inline void tcg_out_mov(TCGContext *s, TCGType type,
> +static inline bool tcg_out_mov(TCGContext *s, TCGType type,
> TCGReg ret, TCGReg arg)
>  {
> -tcg_out_dat_reg(s, COND_AL, ARITH_MOV, ret, 0, arg, SHIFT_IMM_LSL(0));
> +if (ret != arg) {
> +tcg_out_dat_reg(s, COND_AL, ARITH_MOV, ret, 0, arg, 
> SHIFT_IMM_LSL(0));
> +}
> +return true;
>  }
>  
>  static inline void tcg_out_movi(TCGContext *s, TCGType type,
> diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
> index e0670e5098..7100cf7ac3 100644
> --- a/tcg/i386/tcg-target.inc.c
> +++ b/tcg/i386/tcg-target.inc.c
> @@ -808,12 +808,12 @@ static inline void tgen_arithr(TCGContext *s, int 
> subop, int dest, int src)
>  tcg_out_modrm(s, OPC_ARITH_GvEv + (subop << 3) + ext, dest, src);
>  }
>  
> -static void tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
> +static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
>  {
>  int rexw = 0;
>  
>  if (arg == ret) {
> -return;
> +return true;
>  }
>  switch (type) {
>  case TCG_TYPE_I64:
> @@ -851,6 +851,7 @@ static void tcg_out_mov(TCGContext *s, TCGType type, 
> TCGReg ret, TCGReg arg)
>  default:
>  g_assert_not_reached();
>  }
> +return true;
>  }
>  
>  static void tcg_out_dup_vec(TCGContext *s, TCGType type, unsigned vece,
> diff --git a/tcg/mips/tcg-target.inc.c b/tcg/mips/tcg-target.inc.c
> index 8a92e916dd..f31ebb43bf 100644
> --- a/tcg/mips/tcg-target.inc.c
> +++ b/tcg/mips/tcg-target.inc.c
> @@ -558,13 +558,14 @@ static inline void tcg_out_dsra(TCGContext *s, TCGReg 
> rd, TCGReg rt, TCGArg sa)
>  tcg_out_opc_sa64(s, OPC_DSRA, OPC_DSRA32, rd, rt, sa);
>  }
>  
> -static inline void tcg_out_mov(TCGContext *s, TCGType type,
> +static inline bool tcg_out_mov(TCGContext *s, TCGType type,
> TCGReg ret, TCGReg arg)
>  {
>  /* Simple reg-reg move, optimising out the 'do nothing' case */
>  if (ret != arg) {
>  tcg_out_opc_reg(s, OPC_OR, ret, arg, TCG_REG_ZERO);
>  }
> +return true;
>  }
>  
>  static void tcg_out_movi(TCGContext *s, TCGType type,
> diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
> index 773690f1d9..ec8e336be8 100644
> --- a/tcg/ppc/tcg-target.inc.c
> +++ b/tcg/ppc/tcg-target.inc.c
> @@ -566,12 +566,13 @@ static bool patch_reloc(tcg_insn_unit *code_ptr, int 
> type,
>  static void tcg_out_mem_long(TCGContext *s, int opi, int opx, TCGReg rt,
>   TCGReg base, tcg_target_long offset);
>  
> -static void tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
> +static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
>  {
>  tcg_debug_assert(TCG_TARGET_REG_BITS == 64 || type == TCG_TYPE_I32);
>  if (ret != arg) {
>  tcg_out32(s, OR | SAB(arg, ret, arg));
>  }
> +return true;
>  }
>  
>  static inline void tcg_out_rld(TCGContext *s, int op, TCGReg ra, TCGReg 

Re: [Qemu-devel] [PATCH] backends: cryptodev: fix oob access issue

[Gonglei (Arei)]

Hi Michael,

Could you pls apply this patch in your tree?

Thanks,
-Gonglei


> -Original Message-
> From: Li Qiang [mailto:liq...@163.com]
> Sent: Monday, March 18, 2019 9:12 AM
> To: Gonglei (Arei) 
> Cc: qemu-devel@nongnu.org; Li Qiang 
> Subject: [PATCH] backends: cryptodev: fix oob access issue
> 
> The 'queue_index' of create/close_session function
> is from guest and can be exceed 'MAX_CRYPTO_QUEUE_NUM'.
> This leads oob access. This patch avoid this.
> 
> Signed-off-by: Li Qiang 
> ---
>  backends/cryptodev-builtin.c| 4 
>  backends/cryptodev-vhost-user.c | 4 
>  2 files changed, 8 insertions(+)
> 

Reviewed-by: Gonglei 


> diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
> index 9fb0bd57a6..c3a65b2f5f 100644
> --- a/backends/cryptodev-builtin.c
> +++ b/backends/cryptodev-builtin.c
> @@ -249,6 +249,8 @@ static int64_t cryptodev_builtin_sym_create_session(
> CryptoDevBackendSymSessionInfo *sess_info,
> uint32_t queue_index, Error **errp)
>  {
> +assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
> +
>  CryptoDevBackendBuiltin *builtin =
>CRYPTODEV_BACKEND_BUILTIN(backend);
>  int64_t session_id = -1;
> @@ -280,6 +282,8 @@ static int cryptodev_builtin_sym_close_session(
> uint64_t session_id,
> uint32_t queue_index, Error **errp)
>  {
> +assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
> +
>  CryptoDevBackendBuiltin *builtin =
>CRYPTODEV_BACKEND_BUILTIN(backend);
> 
> diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
> index 1052a5d0e9..36a40eeb4d 100644
> --- a/backends/cryptodev-vhost-user.c
> +++ b/backends/cryptodev-vhost-user.c
> @@ -236,6 +236,8 @@ static int64_t
> cryptodev_vhost_user_sym_create_session(
> CryptoDevBackendSymSessionInfo *sess_info,
> uint32_t queue_index, Error **errp)
>  {
> +assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
> +
>  CryptoDevBackendClient *cc =
> backend->conf.peers.ccs[queue_index];
>  CryptoDevBackendVhost *vhost_crypto;
> @@ -262,6 +264,8 @@ static int cryptodev_vhost_user_sym_close_session(
> uint64_t session_id,
> uint32_t queue_index, Error **errp)
>  {
> +assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
> +
>  CryptoDevBackendClient *cc =
>backend->conf.peers.ccs[queue_index];
>  CryptoDevBackendVhost *vhost_crypto;
> --
> 2.17.1
> 

[Qemu-devel] [PATCH] backends: cryptodev: fix oob access issue

[Li Qiang]

The 'queue_index' of create/close_session function
is from guest and can be exceed 'MAX_CRYPTO_QUEUE_NUM'.
This leads oob access. This patch avoid this.

Signed-off-by: Li Qiang 
---
 backends/cryptodev-builtin.c| 4 
 backends/cryptodev-vhost-user.c | 4 
 2 files changed, 8 insertions(+)

diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
index 9fb0bd57a6..c3a65b2f5f 100644
--- a/backends/cryptodev-builtin.c
+++ b/backends/cryptodev-builtin.c
@@ -249,6 +249,8 @@ static int64_t cryptodev_builtin_sym_create_session(
CryptoDevBackendSymSessionInfo *sess_info,
uint32_t queue_index, Error **errp)
 {
+assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
+
 CryptoDevBackendBuiltin *builtin =
   CRYPTODEV_BACKEND_BUILTIN(backend);
 int64_t session_id = -1;
@@ -280,6 +282,8 @@ static int cryptodev_builtin_sym_close_session(
uint64_t session_id,
uint32_t queue_index, Error **errp)
 {
+assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
+
 CryptoDevBackendBuiltin *builtin =
   CRYPTODEV_BACKEND_BUILTIN(backend);
 
diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
index 1052a5d0e9..36a40eeb4d 100644
--- a/backends/cryptodev-vhost-user.c
+++ b/backends/cryptodev-vhost-user.c
@@ -236,6 +236,8 @@ static int64_t cryptodev_vhost_user_sym_create_session(
CryptoDevBackendSymSessionInfo *sess_info,
uint32_t queue_index, Error **errp)
 {
+assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
+
 CryptoDevBackendClient *cc =
backend->conf.peers.ccs[queue_index];
 CryptoDevBackendVhost *vhost_crypto;
@@ -262,6 +264,8 @@ static int cryptodev_vhost_user_sym_close_session(
uint64_t session_id,
uint32_t queue_index, Error **errp)
 {
+assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
+
 CryptoDevBackendClient *cc =
   backend->conf.peers.ccs[queue_index];
 CryptoDevBackendVhost *vhost_crypto;
-- 
2.17.1

[Qemu-devel] [PATCH v2] vnc: fix unalignment access in tight_pack24

[Li Qiang]

When adding '-fsanitize=undefined' in compiling configuration
and connect VM with vnc, it reports following error:

ui/vnc-enc-tight.c:910:13: runtime error: load of
misaligned address 0x621000466513 for type 'uint32_t',
which requires 4 byte alignment

This patch fix this issue.

Signed-off-by: Li Qiang 
---
v1->v2: Use ldl_he_p per Peter's advice

 ui/vnc-enc-tight.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ui/vnc-enc-tight.c b/ui/vnc-enc-tight.c
index 0b4a5ac71f..d20cd1d86d 100644
--- a/ui/vnc-enc-tight.c
+++ b/ui/vnc-enc-tight.c
@@ -886,11 +886,11 @@ static int tight_compress_data(VncState *vs, int 
stream_id, size_t bytes,
  */
 static void tight_pack24(VncState *vs, uint8_t *buf, size_t count, size_t *ret)
 {
-uint32_t *buf32;
+uint8_t *buf8;
 uint32_t pix;
 int rshift, gshift, bshift;
 
-buf32 = (uint32_t *)buf;
+buf8 = buf;
 
 if (1 /* FIXME */) {
 rshift = vs->client_pf.rshift;
@@ -907,10 +907,11 @@ static void tight_pack24(VncState *vs, uint8_t *buf, 
size_t count, size_t *ret)
 }
 
 while (count--) {
-pix = *buf32++;
+pix = ldl_he_p(buf8);
 *buf++ = (char)(pix >> rshift);
 *buf++ = (char)(pix >> gshift);
 *buf++ = (char)(pix >> bshift);
+buf8 += 4;
 }
 }
 
-- 
2.17.1

Re: [Qemu-devel] [PATCH] cryptodev-vhost-user: fix a oob access

[Gonglei (Arei)]

Hi,

> -Original Message-
> From: Li Qiang [mailto:liq...@163.com]
> Sent: Sunday, March 17, 2019 5:10 PM
> To: Gonglei (Arei) 
> Cc: qemu-devel@nongnu.org; Li Qiang 
> Subject: [PATCH] cryptodev-vhost-user: fix a oob access
> 
> The 'queue_index' of create/close_session function
> is from guest and can be exceed 'MAX_CRYPTO_QUEUE_NUM'.
> This leads oob access. This patch avoid this.
> 
> Signed-off-by: Li Qiang 
> ---
>  backends/cryptodev-vhost-user.c | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
> index 1052a5d0e9..36a40eeb4d 100644
> --- a/backends/cryptodev-vhost-user.c
> +++ b/backends/cryptodev-vhost-user.c
> @@ -236,6 +236,8 @@ static int64_t
> cryptodev_vhost_user_sym_create_session(
> CryptoDevBackendSymSessionInfo *sess_info,
> uint32_t queue_index, Error **errp)
>  {
> +assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
> +
>  CryptoDevBackendClient *cc =
> backend->conf.peers.ccs[queue_index];
>  CryptoDevBackendVhost *vhost_crypto;
> @@ -262,6 +264,8 @@ static int cryptodev_vhost_user_sym_close_session(
> uint64_t session_id,
> uint32_t queue_index, Error **errp)
>  {
> +assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
> +
>  CryptoDevBackendClient *cc =
>backend->conf.peers.ccs[queue_index];
>  CryptoDevBackendVhost *vhost_crypto;
> --
> 2.17.1
> 

Pls add an assertion for cryptodev-builtin backend though the queue_index 
isn't used currently.

Thanks,
-Gonglei

Re: [Qemu-devel] [PATCH 08/14] hw/ppc/Kconfig: Bamboo machine requires e1000 network card

[David Gibson]

On Sat, Mar 16, 2019 at 09:08:12PM +0100, Philippe Mathieu-Daudé wrote:
> This fixes when configuring with --without-default-devices:
> 
>   $ qemu-system-ppc64 -bios /dev/null -M bamboo
>   qemu-system-ppc64: Unsupported NIC model: e1000
> 
> Fixes: 7c28b925b7e
> Signed-off-by: Philippe Mathieu-Daudé 

Acked-by: David Gibson 

> ---
>  hw/ppc/Kconfig | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
> index 2b83637511..2f2b21097b 100644
> --- a/hw/ppc/Kconfig
> +++ b/hw/ppc/Kconfig
> @@ -37,6 +37,7 @@ config PPC440
>  imply PCI_DEVICES
>  imply TEST_DEVICES
>  select PCI_EXPRESS
> +select E1000_PCI
>  select PPC4XX
>  select SERIAL
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 09/14] hw/ppc/Kconfig: e500 based machines require virtio-net-pci device

[David Gibson]

On Sat, Mar 16, 2019 at 09:08:13PM +0100, Philippe Mathieu-Daudé wrote:
> This fixes when configuring with --without-default-devices:
> 
>   $ qemu-system-ppc64 -bios /dev/null -M ppce500
>   qemu-system-ppc64: Unsupported NIC model: virtio-net-pci
> 
> And:
> 
>   $ qemu-system-ppc64 -bios /dev/null -M mpc8544ds
>   qemu-system-ppc64: Unsupported NIC model: virtio-net-pci
> 
> Fixes: 98bd1db99f
> Signed-off-by: Philippe Mathieu-Daudé 

Acked-by: David Gibson 

> ---
>  hw/ppc/Kconfig | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
> index 2f2b21097b..8a2772ee6e 100644
> --- a/hw/ppc/Kconfig
> +++ b/hw/ppc/Kconfig
> @@ -103,6 +103,7 @@ config E500
>  select PLATFORM_BUS
>  select PPCE500_PCI
>  select SERIAL
> +select VIRTIO
>  
>  config VIRTEX
>  bool

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PULL 00/12] EDK2 Firmware roms

[Peter Maydell]

On Sun, 17 Mar 2019 at 20:29, Peter Maydell  wrote:
>
> On Sat, 16 Mar 2019 at 22:25, Philippe Mathieu-Daudé  
> wrote:
> >
> > The following changes since commit 8b088d3f8ab5642020d28fa0c2a8d938bc5f3592:
> >
> >   Merge remote-tracking branch 
> > 'remotes/pmaydell/tags/pull-target-arm-20190315' into staging (2019-03-15 
> > 11:39:42 +)
> >
> > are available in the Git repository at:
> >
> >   https://github.com/philmd/qemu.git tags/edk2_build-pull-request
> >
> > for you to fetch changes up to e487994c19ddca0e6340f72ddafc5b410877bbed:
> >
> >   MAINTAINERS: add the "EDK2 Firmware" subsystem (2019-03-16 16:09:29 +0100)
> >
> > 
> >
> > Advance the roms/edk2 submodule to the "edk2-stable201903" release,
> > build and capture platform firmware binaries from that release.
> >
> > 
>
> Hi; this fails to build on OSX and OpenBSD:
>
>   UNXZpc-bios/edk2-aarch64-code.fd.xz
> /bin/sh: xz: command not found
>
> (NetBSD barfed for a different reason -- the tests/vm setup
> seems to occasionally simply fail the initial 600s timeout
> for being able to ssh into the VM for reasons that I've
> never been able to track down. So it might be OK or might
> also not have xz.)

NetBSD was OK on the second try.

thanks
-- PMM

[Qemu-devel] [RFC PATCH] spapr/irq: force XICS interrupt mode on non P9 machines

[Cédric Le Goater]

There is no need to propose the 'dual' interrupt mode interrupt device
on POWER7/8 machines and the XIVE mode will not operate. Simply force
XICS in this case.

This makes the check in spapr_machine_init() redundant on XIVE-only
machines.

Signed-off-by: Cédric Le Goater 
---
 hw/ppc/spapr_irq.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/hw/ppc/spapr_irq.c b/hw/ppc/spapr_irq.c
index f2ca1bb66c9d..d27ae68915a1 100644
--- a/hw/ppc/spapr_irq.c
+++ b/hw/ppc/spapr_irq.c
@@ -16,6 +16,7 @@
 #include "hw/ppc/spapr_xive.h"
 #include "hw/ppc/xics.h"
 #include "hw/ppc/xics_spapr.h"
+#include "cpu-models.h"
 #include "sysemu/kvm.h"
 
 #include "trace.h"
@@ -655,6 +656,7 @@ SpaprIrq spapr_irq_dual = {
 void spapr_irq_init(SpaprMachineState *spapr, Error **errp)
 {
 MachineState *machine = MACHINE(spapr);
+Error *local_err = NULL;
 
 if (machine_kernel_irqchip_split(machine)) {
 error_setg(errp, "kernel_irqchip split mode not supported on pseries");
@@ -667,6 +669,14 @@ void spapr_irq_init(SpaprMachineState *spapr, Error **errp)
 return;
 }
 
+/* Force XICS on non P9 machines */
+if (!ppc_type_check_compat(machine->cpu_type, CPU_POWERPC_LOGICAL_3_00,
+  0, spapr->max_compat_pvr)) {
+error_setg(_err, "forcing XICS interrupt controller");
+warn_report_err(local_err);
+spapr->irq = _irq_xics;
+}
+
 /* Initialize the MSI IRQ allocator. */
 if (!SPAPR_MACHINE_GET_CLASS(spapr)->legacy_irq_allocation) {
 spapr_irq_msi_init(spapr, spapr->irq->nr_msis);
-- 
2.20.1

Re: [Qemu-devel] [PULL 00/12] EDK2 Firmware roms

[Peter Maydell]

On Sat, 16 Mar 2019 at 22:25, Philippe Mathieu-Daudé  wrote:
>
> The following changes since commit 8b088d3f8ab5642020d28fa0c2a8d938bc5f3592:
>
>   Merge remote-tracking branch 
> 'remotes/pmaydell/tags/pull-target-arm-20190315' into staging (2019-03-15 
> 11:39:42 +)
>
> are available in the Git repository at:
>
>   https://github.com/philmd/qemu.git tags/edk2_build-pull-request
>
> for you to fetch changes up to e487994c19ddca0e6340f72ddafc5b410877bbed:
>
>   MAINTAINERS: add the "EDK2 Firmware" subsystem (2019-03-16 16:09:29 +0100)
>
> 
>
> Advance the roms/edk2 submodule to the "edk2-stable201903" release,
> build and capture platform firmware binaries from that release.
>
> 

Hi; this fails to build on OSX and OpenBSD:

  UNXZpc-bios/edk2-aarch64-code.fd.xz
/bin/sh: xz: command not found

(NetBSD barfed for a different reason -- the tests/vm setup
seems to occasionally simply fail the initial 600s timeout
for being able to ssh into the VM for reasons that I've
never been able to track down. So it might be OK or might
also not have xz.)

thanks
-- PMM

Re: [Qemu-devel] [PATCH] hw/riscv/virt: re-add machine-specific compatible string to /soc/ node

[Auer, Lukas]

Hi Bin,

On Fri, 2019-03-15 at 09:54 +0800, Bin Meng wrote:
> Hi Lukas,
> 
> On Fri, Mar 15, 2019 at 5:01 AM Auer, Lukas
>  wrote:
> > Hi Bin,
> > 
> > On Wed, 2019-03-13 at 09:51 +0800, Bin Meng wrote:
> > > Hi Lukas,
> > > 
> > > On Tue, Mar 12, 2019 at 10:39 PM Auer, Lukas
> > >  wrote:
> > > > Hi Bin,
> > > > 
> > > > On Mon, 2019-03-11 at 23:28 +0800, Bin Meng wrote:
> > > > > Hi Lukas,
> > > > > 
> > > > > On Mon, Mar 11, 2019 at 2:03 AM Auer, Lukas
> > > > >  wrote:
> > > > > > Hi Bin,
> > > > > > 
> > > > > > On Sun, 2019-03-10 at 22:57 +0800, Bin Meng wrote:
> > > > > > > Hi Lukas,
> > > > > > > 
> > > > > > > On Sun, Mar 10, 2019 at 9:44 PM Auer, Lukas
> > > > > > >  wrote:
> > > > > > > > Hi Bin,
> > > > > > > > 
> > > > > > > > On Sun, 2019-03-10 at 09:07 +0800, Bin Meng wrote:
> > > > > > > > > Hi Lukas,
> > > > > > > > > 
> > > > > > > > > On Mon, Feb 11, 2019 at 6:13 AM Lukas Auer
> > > > > > > > >  wrote:
> > > > > > > > > > Re-add the previous compatible string "riscv-
> > > > > > > > > > virtio-
> > > > > > > > > > soc" to
> > > > > > > > > > the
> > > > > > > > > > soc
> > > > > > > > > > device tree node to allow U-Boot and Linux to bind
> > > > > > > > > > machine-
> > > > > > > > > > specific
> > > > > > > > > > drivers to it. The current compatible string
> > > > > > > > > > "simple-
> > > > > > > > > > bus"
> > > > > > > > > > is
> > > > > > > > > > retained.
> > > > > > > > > > 
> > > > > > > > > > This is required by U-Boot to bind devices early,
> > > > > > > > > > as
> > > > > > > > > > part
> > > > > > > > > > of
> > > > > > > > > > the
> > > > > > > > > > pre-relocation driver model.
> > > > > > > > > > 
> > > > > > > > > 
> > > > > > > > > I see no problem with U-Boot working with current
> > > > > > > > > compatible
> > > > > > > > > string
> > > > > > > > > "simple-bus". In fact I had planned to remove the
> > > > > > > > > compatible
> > > > > > > > > string
> > > > > > > > > "riscv-virtio-soc" in U-Boot but did not get time to
> > > > > > > > > work
> > > > > > > > > on
> > > > > > > > > it.
> > > > > > > > > 
> > > > > > > > 
> > > > > > > > It is only required if U-Boot is running in machine-
> > > > > > > > mode.
> > > > > > > > For
> > > > > > > > relocation it needs to use the CLINT driver to send
> > > > > > > > appropriate
> > > > > > > > IPIs to
> > > > > > > > the other harts. To be able to probe the driver, the
> > > > > > > > device
> > > > > > > > and
> > > > > > > > its
> > > > > > > > parent device tree node (soc) must therefore be
> > > > > > > > available
> > > > > > > > in
> > > > > > > > the
> > > > > > > > pre-
> > > > > > > > relocation device model.
> > > > > > > > This patch was the easiest way I could think of for
> > > > > > > > achieving
> > > > > > > > this.
> > > > > > > > It
> > > > > > > > could be that there is a better way of solving this.
> > > > > > > > 
> > > > > > > 
> > > > > > > I tested your SMP U-Boot series in both M-mode and S-
> > > > > > > mode,
> > > > > > > using
> > > > > > > a 4
> > > > > > > core 'virt' target. Works fine. I am using QEMU 3.1.0 so
> > > > > > > it
> > > > > > > is
> > > > > > > "simple-bus".
> > > > > > > 
> > > > > > 
> > > > > > That is actually my fault, it should not work.
> > > > > > What is happening is that U-Boot fails to relocate the
> > > > > > secondary
> > > > > > harts,
> > > > > > because the CLINT driver cannot get the memory address of
> > > > > > the
> > > > > > CLINT
> > > > > > device. This error is currently silently ignored.
> > > > > 
> > > > > I still don't understand. Why does the CLINT driver fail to
> > > > > get
> > > > > the
> > > > > memory address? U-Boot has been supporting "simpile-bus" for
> > > > > a
> > > > > long
> > > > > time. It was because QEMU 3.0.0 generated the /soc node with
> > > > > "riscv-virtio-soc" compatible string, U-Boot was taught to
> > > > > treat
> > > > > such
> > > > > compatible string as a "simple-bus" too (that was the U-Boot
> > > > > commit
> > > > > 27dc2c130e29)
> > > > 
> > > > That's correct. The problem with the default simple-bus U-Boot
> > > > driver
> > > > is that it does not have the DM_FLAG_PRE_RELOC flag set. The
> > > > /soc
> > > > and
> > > > /soc/clint nodes are therefore not available before relocation,
> > > > meaning
> > > > that IPIs cannot be sent to relocate the secondary harts.
> > > > 
> > > 
> > > Thanks for the clarifications. Now I see the problem. But I think
> > > we
> > > should fix U-Boot "simple-bus" driver instead. As seen on FU540
> > > or
> > > likely other hardware, QEMU generates the "simple-bus" compatible
> > > string for the /soc node, as well as the DT provided by the
> > > hardware.
> > > 
> > 
> > That makes sense, I can send a patch to set the DM_FLAG_PRE_RELOC
> > flag
> > in the simple-bus U-Boot driver. I think it's best to send it
> > separately from the SMP patch series, since it could affect other
> > boards and it's a bit late in the release cycle. What do you think?
> > 
> 
> Yes, agreed that 

Re: [Qemu-devel] [PATCH for-4.0?] arm: Allow system registers for KVM guests to be changed by QEMU code

[Auger Eric]

Hi Peter,

On 3/15/19 3:30 PM, Peter Maydell wrote:
> At the moment the Arm implementations of kvm_arch_{get,put}_registers()
> don't support having QEMU change the values of system registers
> (aka coprocessor registers for AArch32). This is because although
> kvm_arch_get_registers() calls write_list_to_cpustate() to
> update the CPU state struct fields (so QEMU code can read the
> values in the usual way), kvm_arch_put_registers() does not
> call write_cpustate_to_list(), meaning that any changes to
> the CPU state struct fields will not be passed back to KVM.
> 
> The rationale for this design is documented in a comment in the
> AArch32 kvm_arch_put_registers() -- writing the values in the
> cpregs list into the CPU state struct is "lossy" because the
> write of a register might not succeed, and so if we blindly
> copy the CPU state values back again we will incorrectly
> change register values for the guest. The assumption was that
> no QEMU code would need to write to the registers.
> 
> However, when we implemented debug support for KVM guests, we
> broke that assumption: the code to handle "set the guest up
> to take a breakpoint exception" does so by updating various
> guest registers including ESR_EL1.
> 
> Support this by making kvm_arch_put_registers() synchronize
> CPU state back into the list. We sync only those registers
> where the initial write succeeds, which should be sufficient.
> 
> This commit is the same as commit 823e1b3818f9b10b824ddc which we
> had to revert in commit 942f99c825fc94c8b1a4, except that the bug
> which was preventing EDK2 guest firmware running has been fixed:
> kvm_arm_reset_vcpu() now calls write_list_to_cpustate().
> 
> Signed-off-by: Peter Maydell 
Tested-by: Eric Auger 

With this patch applied on the revert, I don't observe the regression I
reported earlier. I didn't test the guest debug feature though.

Thanks

Eric

> ---
> Should we try to put this in for rc1? Not sure... Testing
> definitely appreciated.
> 
> ---
>  target/arm/cpu.h |  9 -
>  target/arm/helper.c  | 27 +--
>  target/arm/kvm.c |  8 
>  target/arm/kvm32.c   | 20 ++--
>  target/arm/kvm64.c   |  2 ++
>  target/arm/machine.c |  2 +-
>  6 files changed, 46 insertions(+), 22 deletions(-)
> 
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 5f23c621325..82f40a7ea90 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -2559,18 +2559,25 @@ bool write_list_to_cpustate(ARMCPU *cpu);
>  /**
>   * write_cpustate_to_list:
>   * @cpu: ARMCPU
> + * @kvm_sync: true if this is for syncing back to KVM
>   *
>   * For each register listed in the ARMCPU cpreg_indexes list, write
>   * its value from the ARMCPUState structure into the cpreg_values list.
>   * This is used to copy info from TCG's working data structures into
>   * KVM or for outbound migration.
>   *
> + * @kvm_sync is true if we are doing this in order to sync the
> + * register state back to KVM. In this case we will only update
> + * values in the list if the previous list->cpustate sync actually
> + * successfully wrote the CPU state. Otherwise we will keep the value
> + * that is in the list.
> + *
>   * Returns: true if all register values were read correctly,
>   * false if some register was unknown or could not be read.
>   * Note that we do not stop early on failure -- we will attempt
>   * reading all registers in the list.
>   */
> -bool write_cpustate_to_list(ARMCPU *cpu);
> +bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
>  
>  #define ARM_CPUID_TI915T  0x54029152
>  #define ARM_CPUID_TI925T  0x54029252
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 2607d39ad1c..554f111ea89 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -265,7 +265,7 @@ static bool raw_accessors_invalid(const ARMCPRegInfo *ri)
>  return true;
>  }
>  
> -bool write_cpustate_to_list(ARMCPU *cpu)
> +bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync)
>  {
>  /* Write the coprocessor state from cpu->env to the (index,value) list. 
> */
>  int i;
> @@ -274,6 +274,7 @@ bool write_cpustate_to_list(ARMCPU *cpu)
>  for (i = 0; i < cpu->cpreg_array_len; i++) {
>  uint32_t regidx = kvm_to_cpreg_id(cpu->cpreg_indexes[i]);
>  const ARMCPRegInfo *ri;
> +uint64_t newval;
>  
>  ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
>  if (!ri) {
> @@ -283,7 +284,29 @@ bool write_cpustate_to_list(ARMCPU *cpu)
>  if (ri->type & ARM_CP_NO_RAW) {
>  continue;
>  }
> -cpu->cpreg_values[i] = read_raw_cp_reg(>env, ri);
> +
> +newval = read_raw_cp_reg(>env, ri);
> +if (kvm_sync) {
> +/*
> + * Only sync if the previous list->cpustate sync succeeded.
> + * Rather than tracking the success/failure state for every
> + * item in the list, we just recheck "does the raw write we must
> + * have 

Re: [Qemu-devel] [PULL for-4.0 0/2] target/hppa last fixes

[Peter Maydell]

On Sat, 16 Mar 2019 at 16:24, Richard Henderson
 wrote:
>
> The following changes since commit 8b088d3f8ab5642020d28fa0c2a8d938bc5f3592:
>
>   Merge remote-tracking branch 
> 'remotes/pmaydell/tags/pull-target-arm-20190315' into staging (2019-03-15 
> 11:39:42 +)
>
> are available in the Git repository at:
>
>   https://github.com/rth7680/qemu.git tags/pull-hppa-20190316
>
> for you to fetch changes up to 2b42f31eae2c24507c38326b3534cd9292e7dfcf:
>
>   Update seabios-hppa to latest upstream (2019-03-15 10:11:16 -0700)
>
> 
> Fix lost interrupts.
> Update seabios-hppa.
>
> 

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.0
for any user-visible changes.

-- PMM

Re: [Qemu-devel] [PATCH] vnc: fix unalignment access in tight_pack24

[Li Qiang]

Peter Maydell  于2019年3月17日周日 下午10:10写道：

> On Sun, 17 Mar 2019 at 12:09, Li Qiang  wrote:
> >
> > When adding '-fsanitize=undefined' in compiling configuration
> > and connect VM with vnc, it reports following error:
> >
> > ui/vnc-enc-tight.c:910:13: runtime error: load of
> > misaligned address 0x621000466513 for type 'uint32_t',
> > which requires 4 byte alignment
> >
> > This patch fix this issue.
> >
> > Signed-off-by: Li Qiang 
> > ---
> >  ui/vnc-enc-tight.c | 7 ---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/ui/vnc-enc-tight.c b/ui/vnc-enc-tight.c
> > index 0b4a5ac71f..7e1be63af3 100644
> > --- a/ui/vnc-enc-tight.c
> > +++ b/ui/vnc-enc-tight.c
> > @@ -886,11 +886,11 @@ static int tight_compress_data(VncState *vs, int
> stream_id, size_t bytes,
> >   */
> >  static void tight_pack24(VncState *vs, uint8_t *buf, size_t count,
> size_t *ret)
> >  {
> > -uint32_t *buf32;
> > +uint8_t *buf8;
> >  uint32_t pix;
> >  int rshift, gshift, bshift;
> >
> > -buf32 = (uint32_t *)buf;
> > +buf8 = buf;
> >
> >  if (1 /* FIXME */) {
> >  rshift = vs->client_pf.rshift;
> > @@ -907,10 +907,11 @@ static void tight_pack24(VncState *vs, uint8_t
> *buf, size_t count, size_t *ret)
> >  }
> >
> >  while (count--) {
> > -pix = *buf32++;
> > +memcpy(, buf8, sizeof(uint32_t));
>
> Better to use ldl_he_p() rather than hand-rolling
> an unaligned accessor with memcpy(), I think.
>
>
Will do next revision.


> Is the input data definitely in host endianness
> order ?
>

AFAICS, Yes.

Thanks,
Li Qiang


>
> >  *buf++ = (char)(pix >> rshift);
> >  *buf++ = (char)(pix >> gshift);
> >  *buf++ = (char)(pix >> bshift);
> > +buf8 += 4;
> >  }
> >  }
> >
> > --
> > 2.17.1
>
> thanks
> -- PMM
>

[Qemu-devel] [PATCH v2] nrf51_gpio: reflect pull-up/pull-down to IRQs

[Paolo Bonzini]

Some drivers do I2C bitbanging by keeping the output to 0 and flipping
the GPIO direction between input and output (see for example in Linux
gpio_set_open_drain_value_commit, in drivers/gpio/gpiolib.c).
When the GPIO is set to input, the pull-up resistor brings the output
to 1, while when the GPIO is set to output, the output driver brings
the output to 0.

Implement this for the nRF51 GPIO device model.  First, if both input and
output are floating, and there is a pull-up or pull-down resistor
configured, do not just set s->in, but also make any devices listening
on the output qemu_irq receive that value.  Second, if the pin is
driven both internally (output pin) and externally you don't get a
short circuit if both sides drive the pin to the same value.

Signed-off-by: Paolo Bonzini 
---
v1->v2: fixed short circuit conditions, reordering the code according
to the schematic in the datasheet
---
 hw/gpio/nrf51_gpio.c | 64 +++-
 1 file changed, 39 insertions(+), 25 deletions(-)

diff --git a/hw/gpio/nrf51_gpio.c b/hw/gpio/nrf51_gpio.c
index 86e047d649..e061c58dd2 100644
--- a/hw/gpio/nrf51_gpio.c
+++ b/hw/gpio/nrf51_gpio.c
@@ -43,6 +43,17 @@ static bool is_connected(uint32_t config, uint32_t level)
 return state;
 }
 
+static int pull_value(uint32_t config)
+{
+int pull = extract32(config, 2, 2);
+if (pull == NRF51_GPIO_PULLDOWN) {
+return 0;
+} else if (pull == NRF51_GPIO_PULLUP) {
+return 1;
+}
+return -1;
+}
+
 static void update_output_irq(NRF51GPIOState *s, size_t i,
   bool connected, bool level)
 {
@@ -61,43 +72,46 @@ static void update_output_irq(NRF51GPIOState *s, size_t i,
 
 static void update_state(NRF51GPIOState *s)
 {
-uint32_t pull;
+int pull;
 size_t i;
-bool connected_out, dir, connected_in, out, input;
+bool connected_out, dir, connected_in, out, in, input;
 
 for (i = 0; i < NRF51_GPIO_PINS; i++) {
-pull = extract32(s->cnf[i], 2, 2);
+pull = pull_value(s->cnf[i]);
 dir = extract32(s->cnf[i], 0, 1);
 connected_in = extract32(s->in_mask, i, 1);
 out = extract32(s->out, i, 1);
+in = extract32(s->in, i, 1);
 input = !extract32(s->cnf[i], 1, 1);
 connected_out = is_connected(s->cnf[i], out) && dir;
 
-update_output_irq(s, i, connected_out, out);
-
-/* Pin both driven externally and internally */
-if (connected_out && connected_in) {
-qemu_log_mask(LOG_GUEST_ERROR, "GPIO pin %zu short circuited\n", 
i);
-}
-
-/*
- * Input buffer disconnected from internal/external drives, so
- * pull-up/pull-down becomes relevant
- */
-if (!input || (input && !connected_in && !connected_out)) {
-if (pull == NRF51_GPIO_PULLDOWN) {
-s->in = deposit32(s->in, i, 1, 0);
-} else if (pull == NRF51_GPIO_PULLUP) {
-s->in = deposit32(s->in, i, 1, 1);
+if (!input) {
+if (pull >= 0) {
+/* Input buffer disconnected from external drives */
+s->in = deposit32(s->in, i, 1, pull);
+}
+} else {
+if (connected_out && connected_in && out != in) {
+/* Pin both driven externally and internally */
+qemu_log_mask(LOG_GUEST_ERROR, "GPIO pin %zu short 
circuited\n", i);
+}
+if (!connected_in) {
+/*
+ * Floating input: the output stimulates IN if connected,
+ * otherwise pull-up/pull-down resistors put a value on both
+ * IN and OUT.
+ */
+if (pull >= 0 && !connected_out) {
+connected_out = true;
+out = pull;
+}
+if (connected_out) {
+s->in = deposit32(s->in, i, 1, out);
+}
 }
 }
-
-/* Self stimulation through internal output driver */
-if (connected_out && !connected_in && input) {
-s->in = deposit32(s->in, i, 1, out);
-}
+update_output_irq(s, i, connected_out, out);
 }
-
 }
 
 /*
-- 
2.20.1

Re: [Qemu-devel] [PATCH PULL 00/18] RDMA queue

[Peter Maydell]

On Sat, 16 Mar 2019 at 14:34, Marcel Apfelbaum
 wrote:
>
> The following changes since commit 8b088d3f8ab5642020d28fa0c2a8d938bc5f3592:
>
>   Merge remote-tracking branch 
> 'remotes/pmaydell/tags/pull-target-arm-20190315' into staging (2019-03-15 
> 11:39:42 +)
>
> are available in the Git repository at:
>
>   https://github.com/marcel-apf/qemu tags/rdma-pull-request
>
> for you to fetch changes up to cb42a5867e7677a9fa1885a8436d3e7e8cb9:
>
>   hw/rdma: Fix the error prints in create_qp_rings() (2019-03-16 15:52:44 
> +0200)
>
> 
> RDMA queue
>
>  * Another Clang compilation fix
>  * Collect pvrdma debugging statistics
>  * Various fixes for the pvrdma device
>
> 

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.0
for any user-visible changes.

-- PMM

Re: [Qemu-devel] [PATCH] vnc: fix unalignment access in tight_pack24

[Peter Maydell]

On Sun, 17 Mar 2019 at 12:09, Li Qiang  wrote:
>
> When adding '-fsanitize=undefined' in compiling configuration
> and connect VM with vnc, it reports following error:
>
> ui/vnc-enc-tight.c:910:13: runtime error: load of
> misaligned address 0x621000466513 for type 'uint32_t',
> which requires 4 byte alignment
>
> This patch fix this issue.
>
> Signed-off-by: Li Qiang 
> ---
>  ui/vnc-enc-tight.c | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/ui/vnc-enc-tight.c b/ui/vnc-enc-tight.c
> index 0b4a5ac71f..7e1be63af3 100644
> --- a/ui/vnc-enc-tight.c
> +++ b/ui/vnc-enc-tight.c
> @@ -886,11 +886,11 @@ static int tight_compress_data(VncState *vs, int 
> stream_id, size_t bytes,
>   */
>  static void tight_pack24(VncState *vs, uint8_t *buf, size_t count, size_t 
> *ret)
>  {
> -uint32_t *buf32;
> +uint8_t *buf8;
>  uint32_t pix;
>  int rshift, gshift, bshift;
>
> -buf32 = (uint32_t *)buf;
> +buf8 = buf;
>
>  if (1 /* FIXME */) {
>  rshift = vs->client_pf.rshift;
> @@ -907,10 +907,11 @@ static void tight_pack24(VncState *vs, uint8_t *buf, 
> size_t count, size_t *ret)
>  }
>
>  while (count--) {
> -pix = *buf32++;
> +memcpy(, buf8, sizeof(uint32_t));

Better to use ldl_he_p() rather than hand-rolling
an unaligned accessor with memcpy(), I think.

Is the input data definitely in host endianness
order ?

>  *buf++ = (char)(pix >> rshift);
>  *buf++ = (char)(pix >> gshift);
>  *buf++ = (char)(pix >> bshift);
> +buf8 += 4;
>  }
>  }
>
> --
> 2.17.1

thanks
-- PMM

[Qemu-devel] [PATCH] vnc: fix unalignment access in tight_pack24

[Li Qiang]

When adding '-fsanitize=undefined' in compiling configuration
and connect VM with vnc, it reports following error:

ui/vnc-enc-tight.c:910:13: runtime error: load of
misaligned address 0x621000466513 for type 'uint32_t',
which requires 4 byte alignment

This patch fix this issue.

Signed-off-by: Li Qiang 
---
 ui/vnc-enc-tight.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ui/vnc-enc-tight.c b/ui/vnc-enc-tight.c
index 0b4a5ac71f..7e1be63af3 100644
--- a/ui/vnc-enc-tight.c
+++ b/ui/vnc-enc-tight.c
@@ -886,11 +886,11 @@ static int tight_compress_data(VncState *vs, int 
stream_id, size_t bytes,
  */
 static void tight_pack24(VncState *vs, uint8_t *buf, size_t count, size_t *ret)
 {
-uint32_t *buf32;
+uint8_t *buf8;
 uint32_t pix;
 int rshift, gshift, bshift;
 
-buf32 = (uint32_t *)buf;
+buf8 = buf;
 
 if (1 /* FIXME */) {
 rshift = vs->client_pf.rshift;
@@ -907,10 +907,11 @@ static void tight_pack24(VncState *vs, uint8_t *buf, 
size_t count, size_t *ret)
 }
 
 while (count--) {
-pix = *buf32++;
+memcpy(, buf8, sizeof(uint32_t));
 *buf++ = (char)(pix >> rshift);
 *buf++ = (char)(pix >> gshift);
 *buf++ = (char)(pix >> bshift);
+buf8 += 4;
 }
 }
 
-- 
2.17.1

Re: [Qemu-devel] [PATCH for-4.1 v2 00/13] tcg/ppc: Add vector opcodes

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190317090834.5552-1-richard.hender...@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH for-4.1 v2 00/13] tcg/ppc: Add vector opcodes
Type: series
Message-id: 20190317090834.5552-1-richard.hender...@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/20190317090834.5552-1-richard.hender...@linaro.org -> 
patchew/20190317090834.5552-1-richard.hender...@linaro.org
Switched to a new branch 'test'
9e9ef28e00 tcg/ppc: Update vector support to v3.00
e805447820 tcg/ppc: Update vector support to v2.07
29a048fa5c tcg/ppc: Update vector support to v2.06
702b53e3fe tcg/ppc: Support vector multiply
2ba329a816 tcg/ppc: Support vector shift by immediate
5e65162310 tcg/ppc: Implement INDEX_op_dupm_vec
3446564d5b tcg: Add INDEX_op_dup_mem_vec
f7bd30e149 tcg/ppc: Initial backend support for Altivec
593da57da7 target/arm: Fill in .opc for cmtst_op
18026c831d tcg: Allow add_vec, sub_vec, neg_vec, not_vec to be expanded
378fdc5169 tcg: Support cross-class moves without instruction support
b7b9445e8a tcg: Return bool success from tcg_out_mov
4a8963a14a tcg: Assert fixed_reg is read-only

=== OUTPUT BEGIN ===
1/13 Checking commit 4a8963a14ab4 (tcg: Assert fixed_reg is read-only)
WARNING: Block comments use a leading /* on a separate line
#102: FILE: tcg/tcg.c:3529:
+/* temp value is modified, so the value kept in memory is

WARNING: Block comments use * on subsequent lines
#103: FILE: tcg/tcg.c:3530:
+/* temp value is modified, so the value kept in memory is
+   potentially not the same */

WARNING: Block comments use a trailing */ on a separate line
#103: FILE: tcg/tcg.c:3530:
+   potentially not the same */

total: 0 errors, 3 warnings, 140 lines checked

Patch 1/13 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/13 Checking commit b7b9445e8a4f (tcg: Return bool success from tcg_out_mov)
3/13 Checking commit 378fdc51691e (tcg: Support cross-class moves without 
instruction support)
WARNING: Block comments use a leading /* on a separate line
#23: FILE: tcg/tcg.c:3372:
+/* Cross register class move not supported.

WARNING: Block comments use * on subsequent lines
#24: FILE: tcg/tcg.c:3373:
+/* Cross register class move not supported.
+   Store the source register into the destination slot

WARNING: Block comments use a trailing */ on a separate line
#25: FILE: tcg/tcg.c:3374:
+   and leave the destination temp as TEMP_VAL_MEM.  */

WARNING: Block comments use a leading /* on a separate line
#43: FILE: tcg/tcg.c:3485:
+/* Cross register class move not supported.  Sync the

WARNING: Block comments use * on subsequent lines
#44: FILE: tcg/tcg.c:3486:
+/* Cross register class move not supported.  Sync the
+   temp back to its slot and load from there.  */

WARNING: Block comments use a trailing */ on a separate line
#44: FILE: tcg/tcg.c:3486:
+   temp back to its slot and load from there.  */

WARNING: Block comments use a leading /* on a separate line
#56: FILE: tcg/tcg.c:3648:
+/* Cross register class move not supported.  Sync the

WARNING: Block comments use * on subsequent lines
#57: FILE: tcg/tcg.c:3649:
+/* Cross register class move not supported.  Sync the
+   temp back to its slot and load from there.  */

WARNING: Block comments use a trailing */ on a separate line
#57: FILE: tcg/tcg.c:3649:
+   temp back to its slot and load from there.  */

total: 0 errors, 9 warnings, 43 lines checked

Patch 3/13 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
4/13 Checking commit 18026c831d0e (tcg: Allow add_vec, sub_vec, neg_vec, 
not_vec to be expanded)
5/13 Checking commit 593da57da76b (target/arm: Fill in .opc for cmtst_op)
6/13 Checking commit f7bd30e149b0 (tcg/ppc: Initial backend support for Altivec)
ERROR: spaces required around that '|' (ctx:VxV)
#187: FILE: tcg/ppc/tcg-target.inc.c:327:
+#define VX4(opc)  (OPCD(4)|(opc))
   ^

ERROR: trailing whitespace
#541: FILE: tcg/ppc/tcg-target.inc.c:2871:
+umin_op[4] = { VMINUB, VMINUH, VMINUW, 0 }, $

ERROR: trailing whitespace
#542: FILE: tcg/ppc/tcg-target.inc.c:2872:
+smin_op[4] = { VMINSB, VMINSH, VMINSW, 0 

[Qemu-devel] [PATCH for-4.1 v2 13/13] tcg/ppc: Update vector support to v3.00

[Richard Henderson]

This includes vector load/store with immediate offset, some extra
move and splat insns, compare ne, and negate.

Signed-off-by: Richard Henderson 
---
 tcg/ppc/tcg-target.h |   3 +-
 tcg/ppc/tcg-target.inc.c | 115 +--
 2 files changed, 89 insertions(+), 29 deletions(-)

diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
index 4bbb33df7e..2babcff45f 100644
--- a/tcg/ppc/tcg-target.h
+++ b/tcg/ppc/tcg-target.h
@@ -62,6 +62,7 @@ extern bool have_isa_altivec;
 extern bool have_isa_2_06;
 extern bool have_isa_2_07_vsx;
 extern bool have_isa_3_00;
+extern bool have_isa_3_00_vsx;
 
 /* optional instructions automatically implemented */
 #define TCG_TARGET_HAS_ext8u_i320 /* andi */
@@ -145,7 +146,7 @@ extern bool have_isa_3_00;
 #define TCG_TARGET_HAS_andc_vec 1
 #define TCG_TARGET_HAS_orc_vec  have_isa_2_07_vsx
 #define TCG_TARGET_HAS_not_vec  1
-#define TCG_TARGET_HAS_neg_vec  0
+#define TCG_TARGET_HAS_neg_vec  have_isa_3_00_vsx
 #define TCG_TARGET_HAS_shi_vec  0
 #define TCG_TARGET_HAS_shs_vec  0
 #define TCG_TARGET_HAS_shv_vec  1
diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
index b8df9b55cf..3e99d3cadb 100644
--- a/tcg/ppc/tcg-target.inc.c
+++ b/tcg/ppc/tcg-target.inc.c
@@ -69,6 +69,7 @@ bool have_isa_2_06;
 bool have_isa_2_06_vsx;
 bool have_isa_2_07_vsx;
 bool have_isa_3_00;
+bool have_isa_3_00_vsx;
 
 #define HAVE_ISA_2_06  have_isa_2_06
 #define HAVE_ISEL  have_isa_2_06
@@ -475,11 +476,16 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 #define LXSDX  XO31(588)  /* v2.06 */
 #define LXVDSX XO31(332)  /* v2.06 */
 #define LXSIWZXXO31(12)   /* v2.07 */
+#define LXV(OPCD(61) | 1) /* v3.00 */
+#define LXSD   (OPCD(51) | 2) /* v3.00 */
+#define LXVWSX XO31(364)  /* v3.00 */
 
 #define STVX   XO31(231)
 #define STVEWX XO31(199)
 #define STXSDX XO31(716)  /* v2.06 */
 #define STXSIWXXO31(140)  /* v2.07 */
+#define STXV   (OPCD(61) | 5) /* v3.00 */
+#define STXSD  (OPCD(61) | 2) /* v3.00 */
 
 #define VADDSBSVX4(768)
 #define VADDUBSVX4(512)
@@ -503,6 +509,9 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 #define VSUBUWMVX4(1152)
 #define VSUBUDMVX4(1216)  /* v2.07 */
 
+#define VNEGW  (VX4(1538) | (6 << 16))  /* v3.00 */
+#define VNEGD  (VX4(1538) | (7 << 16))  /* v3.00 */
+
 #define VMAXSB VX4(258)
 #define VMAXSH VX4(322)
 #define VMAXSW VX4(386)
@@ -532,6 +541,9 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 #define VCMPGTUH   VX4(582)
 #define VCMPGTUW   VX4(646)
 #define VCMPGTUD   VX4(711)   /* v2.07 */
+#define VCMPNEBVX4(7) /* v3.00 */
+#define VCMPNEHVX4(71)/* v3.00 */
+#define VCMPNEWVX4(135)   /* v3.00 */
 
 #define VSLB   VX4(260)
 #define VSLH   VX4(324)
@@ -588,12 +600,15 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 #define VPERM  VX4(43)
 #define VSLDOI VX4(44)
 
-#define XXPERMDI   (OPCD(60) | (10 << 3))   /* 2.06 */
+#define XXPERMDI   (OPCD(60) | (10 << 3))   /* v2.06 */
+#define XXSPLTIB   (OPCD(60) | (360 << 1))  /* v3.00 */
 
 #define MFVSRD XO31(51)   /* v2.07 */
 #define MFVSRWZXO31(115)  /* v2.07 */
 #define MTVSRD XO31(179)  /* v2.07 */
 #define MTVSRWZXO31(179)  /* v2.07 */
+#define MTVSRDDXO31(435)  /* v3.00 */
+#define MTVSRWSXO31(403)  /* v3.00 */
 
 #define RT(r) ((r)<<21)
 #define RS(r) ((r)<<21)
@@ -931,6 +946,11 @@ static void tcg_out_dupi_vec(TCGContext *s, TCGType type, 
TCGReg ret,
 }
 }
 
+if (have_isa_3_00_vsx && val == (tcg_target_long)dup_const(MO_8, val)) {
+tcg_out32(s, XXSPLTIB | VRT(ret) | ((val & 0xff) << 11) | 1);
+return;
+}
+
 /* With Altivec, we load the whole 128-bit value.  */
 tcg_out_imm_vec(s, ret, val, val);
 }
@@ -1084,7 +1104,7 @@ static void tcg_out_mem_long(TCGContext *s, int opi, int 
opx, TCGReg rt,
  TCGReg base, tcg_target_long offset)
 {
 tcg_target_long orig = offset, l0, l1, extra = 0, align = 0;
-bool is_store = false;
+bool is_int_store = false;
 TCGReg rs = TCG_REG_TMP1;
 
 switch (opi) {
@@ -1097,11 +1117,20 @@ static void tcg_out_mem_long(TCGContext *s, int opi, 
int opx, TCGReg rt,
 break;
 }
 break;
+case LXSD:
+case STXSD:
+align = 3;
+break;
+case LXV: case LXV | 8:
+case STXV: case STXV | 8:
+/* The |8 cases force altivec registers.  */
+align = 15;
+break;
 case STD:
 align = 3;
 /* FALLTHRU */
 case STB: case STH: case STW:
-is_store = true;
+is_int_store = true;
 break;
 }
 
@@ -1110,7 +1139,7 @@ static void tcg_out_mem_long(TCGContext *s, int opi, int 

[Qemu-devel] [PATCH for-4.1 v2 12/13] tcg/ppc: Update vector support to v2.07

[Richard Henderson]

This includes single-word loads and stores, lots of double-word
arithmetic, and a few extra logical operations.

Signed-off-by: Richard Henderson 
---
 tcg/ppc/tcg-target.h |   3 +-
 tcg/ppc/tcg-target.inc.c | 155 +--
 2 files changed, 134 insertions(+), 24 deletions(-)

diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
index 5797ad35d5..4bbb33df7e 100644
--- a/tcg/ppc/tcg-target.h
+++ b/tcg/ppc/tcg-target.h
@@ -60,6 +60,7 @@ typedef enum {
 
 extern bool have_isa_altivec;
 extern bool have_isa_2_06;
+extern bool have_isa_2_07_vsx;
 extern bool have_isa_3_00;
 
 /* optional instructions automatically implemented */
@@ -142,7 +143,7 @@ extern bool have_isa_3_00;
 #endif
 
 #define TCG_TARGET_HAS_andc_vec 1
-#define TCG_TARGET_HAS_orc_vec  0
+#define TCG_TARGET_HAS_orc_vec  have_isa_2_07_vsx
 #define TCG_TARGET_HAS_not_vec  1
 #define TCG_TARGET_HAS_neg_vec  0
 #define TCG_TARGET_HAS_shi_vec  0
diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
index e6f3dca394..b8df9b55cf 100644
--- a/tcg/ppc/tcg-target.inc.c
+++ b/tcg/ppc/tcg-target.inc.c
@@ -67,6 +67,7 @@ static tcg_insn_unit *tb_ret_addr;
 bool have_isa_altivec;
 bool have_isa_2_06;
 bool have_isa_2_06_vsx;
+bool have_isa_2_07_vsx;
 bool have_isa_3_00;
 
 #define HAVE_ISA_2_06  have_isa_2_06
@@ -473,10 +474,12 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 #define LVEWX  XO31(71)
 #define LXSDX  XO31(588)  /* v2.06 */
 #define LXVDSX XO31(332)  /* v2.06 */
+#define LXSIWZXXO31(12)   /* v2.07 */
 
 #define STVX   XO31(231)
 #define STVEWX XO31(199)
 #define STXSDX XO31(716)  /* v2.06 */
+#define STXSIWXXO31(140)  /* v2.07 */
 
 #define VADDSBSVX4(768)
 #define VADDUBSVX4(512)
@@ -487,6 +490,7 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 #define VADDSWSVX4(896)
 #define VADDUWSVX4(640)
 #define VADDUWMVX4(128)
+#define VADDUDMVX4(192)   /* v2.07 */
 
 #define VSUBSBSVX4(1792)
 #define VSUBUBSVX4(1536)
@@ -497,47 +501,62 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 #define VSUBSWSVX4(1920)
 #define VSUBUWSVX4(1664)
 #define VSUBUWMVX4(1152)
+#define VSUBUDMVX4(1216)  /* v2.07 */
 
 #define VMAXSB VX4(258)
 #define VMAXSH VX4(322)
 #define VMAXSW VX4(386)
+#define VMAXSD VX4(450)   /* v2.07 */
 #define VMAXUB VX4(2)
 #define VMAXUH VX4(66)
 #define VMAXUW VX4(130)
+#define VMAXUD VX4(194)   /* v2.07 */
 #define VMINSB VX4(770)
 #define VMINSH VX4(834)
 #define VMINSW VX4(898)
+#define VMINSD VX4(962)   /* v2.07 */
 #define VMINUB VX4(514)
 #define VMINUH VX4(578)
 #define VMINUW VX4(642)
+#define VMINUD VX4(706)   /* v2.07 */
 
 #define VCMPEQUB   VX4(6)
 #define VCMPEQUH   VX4(70)
 #define VCMPEQUW   VX4(134)
+#define VCMPEQUD   VX4(199)   /* v2.07 */
 #define VCMPGTSB   VX4(774)
 #define VCMPGTSH   VX4(838)
 #define VCMPGTSW   VX4(902)
+#define VCMPGTSD   VX4(967)   /* v2.07 */
 #define VCMPGTUB   VX4(518)
 #define VCMPGTUH   VX4(582)
 #define VCMPGTUW   VX4(646)
+#define VCMPGTUD   VX4(711)   /* v2.07 */
 
 #define VSLB   VX4(260)
 #define VSLH   VX4(324)
 #define VSLW   VX4(388)
+#define VSLD   VX4(1476)  /* v2.07 */
 #define VSRB   VX4(516)
 #define VSRH   VX4(580)
 #define VSRW   VX4(644)
+#define VSRD   VX4(1732)  /* v2.07 */
 #define VSRAB  VX4(772)
 #define VSRAH  VX4(836)
 #define VSRAW  VX4(900)
+#define VSRAD  VX4(964)   /* v2.07 */
 #define VRLB   VX4(4)
 #define VRLH   VX4(68)
 #define VRLW   VX4(132)
+#define VRLD   VX4(196)   /* v2.07 */
 
 #define VMULEUBVX4(520)
 #define VMULEUHVX4(584)
+#define VMULEUWVX4(648)   /* v2.07 */
 #define VMULOUBVX4(8)
 #define VMULOUHVX4(72)
+#define VMULOUWVX4(136)   /* v2.07 */
+#define VMULUWMVX4(137)   /* v2.07 */
 #define VMSUMUHM   VX4(38)
 
 #define VMRGHB VX4(12)
@@ -555,6 +574,9 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 #define VNOR   VX4(1284)
 #define VORVX4(1156)
 #define VXOR   VX4(1220)
+#define VEQV   VX4(1668)  /* v2.07 */
+#define VNAND  VX4(1412)  /* v2.07 */
+#define VORC   VX4(1348)  /* v2.07 */
 
 #define VSPLTB VX4(524)
 #define VSPLTH VX4(588)
@@ -568,6 +590,11 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 
 #define XXPERMDI   (OPCD(60) | (10 << 3))   /* 2.06 */
 
+#define MFVSRD XO31(51)   /* v2.07 */
+#define MFVSRWZXO31(115)  /* v2.07 */
+#define MTVSRD XO31(179)  /* v2.07 */
+#define MTVSRWZXO31(179)  /* v2.07 */
+
 #define RT(r) ((r)<<21)
 #define RS(r) ((r)<<21)
 #define RA(r) ((r)<<16)
@@ -691,7 +718,15 @@ static bool 

[Qemu-devel] [PATCH] cryptodev-vhost-user: fix a oob access

[Li Qiang]

The 'queue_index' of create/close_session function
is from guest and can be exceed 'MAX_CRYPTO_QUEUE_NUM'.
This leads oob access. This patch avoid this.

Signed-off-by: Li Qiang 
---
 backends/cryptodev-vhost-user.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
index 1052a5d0e9..36a40eeb4d 100644
--- a/backends/cryptodev-vhost-user.c
+++ b/backends/cryptodev-vhost-user.c
@@ -236,6 +236,8 @@ static int64_t cryptodev_vhost_user_sym_create_session(
CryptoDevBackendSymSessionInfo *sess_info,
uint32_t queue_index, Error **errp)
 {
+assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
+
 CryptoDevBackendClient *cc =
backend->conf.peers.ccs[queue_index];
 CryptoDevBackendVhost *vhost_crypto;
@@ -262,6 +264,8 @@ static int cryptodev_vhost_user_sym_close_session(
uint64_t session_id,
uint32_t queue_index, Error **errp)
 {
+assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
+
 CryptoDevBackendClient *cc =
   backend->conf.peers.ccs[queue_index];
 CryptoDevBackendVhost *vhost_crypto;
-- 
2.17.1

[Qemu-devel] [PATCH for-4.1 v2 10/13] tcg/ppc: Support vector multiply

[Richard Henderson]

For Altivec, this is always an expansion.

Signed-off-by: Richard Henderson 
---
 tcg/ppc/tcg-target.opc.h |   8 +++
 tcg/ppc/tcg-target.inc.c | 112 ++-
 2 files changed, 119 insertions(+), 1 deletion(-)

diff --git a/tcg/ppc/tcg-target.opc.h b/tcg/ppc/tcg-target.opc.h
index 4816a6c3d4..5c6a5ad52c 100644
--- a/tcg/ppc/tcg-target.opc.h
+++ b/tcg/ppc/tcg-target.opc.h
@@ -1,3 +1,11 @@
 /* Target-specific opcodes for host vector expansion.  These will be
emitted by tcg_expand_vec_op.  For those familiar with GCC internals,
consider these to be UNSPEC with names.  */
+
+DEF(ppc_mrgh_vec, 1, 2, 0, IMPLVEC)
+DEF(ppc_mrgl_vec, 1, 2, 0, IMPLVEC)
+DEF(ppc_msum_vec, 1, 3, 0, IMPLVEC)
+DEF(ppc_muleu_vec, 1, 2, 0, IMPLVEC)
+DEF(ppc_mulou_vec, 1, 2, 0, IMPLVEC)
+DEF(ppc_pkum_vec, 1, 2, 0, IMPLVEC)
+DEF(ppc_rotl_vec, 1, 2, 0, IMPLVEC)
diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
index d91bc9a229..4c5943be03 100644
--- a/tcg/ppc/tcg-target.inc.c
+++ b/tcg/ppc/tcg-target.inc.c
@@ -526,6 +526,25 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 #define VSRAB  VX4(772)
 #define VSRAH  VX4(836)
 #define VSRAW  VX4(900)
+#define VRLB   VX4(4)
+#define VRLH   VX4(68)
+#define VRLW   VX4(132)
+
+#define VMULEUBVX4(520)
+#define VMULEUHVX4(584)
+#define VMULOUBVX4(8)
+#define VMULOUHVX4(72)
+#define VMSUMUHM   VX4(38)
+
+#define VMRGHB VX4(12)
+#define VMRGHH VX4(76)
+#define VMRGHW VX4(140)
+#define VMRGLB VX4(268)
+#define VMRGLH VX4(332)
+#define VMRGLW VX4(396)
+
+#define VPKUHUMVX4(14)
+#define VPKUWUMVX4(78)
 
 #define VAND   VX4(1028)
 #define VANDC  VX4(1092)
@@ -2864,6 +2883,7 @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece)
 case INDEX_op_sarv_vec:
 return vece <= MO_32;
 case INDEX_op_cmp_vec:
+case INDEX_op_mul_vec:
 case INDEX_op_shli_vec:
 case INDEX_op_shri_vec:
 case INDEX_op_sari_vec:
@@ -2942,7 +2962,13 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 smax_op[4] = { VMAXSB, VMAXSH, VMAXSW, 0 },
 shlv_op[4] = { VSLB, VSLH, VSLW, 0 },
 shrv_op[4] = { VSRB, VSRH, VSRW, 0 },
-sarv_op[4] = { VSRAB, VSRAH, VSRAW, 0 };
+sarv_op[4] = { VSRAB, VSRAH, VSRAW, 0 },
+mrgh_op[4] = { VMRGHB, VMRGHH, VMRGHW, 0 },
+mrgl_op[4] = { VMRGLB, VMRGLH, VMRGLW, 0 },
+muleu_op[4] = { VMULEUB, VMULEUH, 0, 0 },
+mulou_op[4] = { VMULOUB, VMULOUH, 0, 0 },
+pkum_op[4] = { VPKUHUM, VPKUWUM, 0, 0 },
+rotl_op[4] = { VRLB, VRLH, VRLW, 0 };
 
 TCGType type = vecl + TCG_TYPE_V64;
 TCGArg a0 = args[0], a1 = args[1], a2 = args[2];
@@ -3060,6 +3086,29 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 }
 return;
 
+case INDEX_op_ppc_mrgh_vec:
+insn = mrgh_op[vece];
+break;
+case INDEX_op_ppc_mrgl_vec:
+insn = mrgl_op[vece];
+break;
+case INDEX_op_ppc_muleu_vec:
+insn = muleu_op[vece];
+break;
+case INDEX_op_ppc_mulou_vec:
+insn = mulou_op[vece];
+break;
+case INDEX_op_ppc_pkum_vec:
+insn = pkum_op[vece];
+break;
+case INDEX_op_ppc_rotl_vec:
+insn = rotl_op[vece];
+break;
+case INDEX_op_ppc_msum_vec:
+tcg_debug_assert(vece == MO_16);
+tcg_out32(s, VMSUMUHM | VRT(a0) | VRA(a1) | VRB(a2) | VRC(args[3]));
+return;
+
 default:
 g_assert_not_reached();
 }
@@ -3126,6 +3175,53 @@ static void expand_vec_cmp(TCGType type, unsigned vece, 
TCGv_vec v0,
 }
 }
 
+static void expand_vec_mul(TCGType type, unsigned vece, TCGv_vec v0,
+   TCGv_vec v1, TCGv_vec v2)
+{
+TCGv_vec t1 = tcg_temp_new_vec(type);
+TCGv_vec t2 = tcg_temp_new_vec(type);
+TCGv_vec t3, t4;
+
+switch (vece) {
+case MO_8:
+case MO_16:
+vec_gen_3(INDEX_op_ppc_muleu_vec, type, vece, tcgv_vec_arg(t1),
+  tcgv_vec_arg(v1), tcgv_vec_arg(v2));
+vec_gen_3(INDEX_op_ppc_mulou_vec, type, vece, tcgv_vec_arg(t2),
+  tcgv_vec_arg(v1), tcgv_vec_arg(v2));
+vec_gen_3(INDEX_op_ppc_mrgh_vec, type, vece + 1, tcgv_vec_arg(v0),
+  tcgv_vec_arg(t1), tcgv_vec_arg(t2));
+vec_gen_3(INDEX_op_ppc_mrgl_vec, type, vece + 1, tcgv_vec_arg(t1),
+  tcgv_vec_arg(t1), tcgv_vec_arg(t2));
+vec_gen_3(INDEX_op_ppc_pkum_vec, type, vece, tcgv_vec_arg(v0),
+  tcgv_vec_arg(v0), tcgv_vec_arg(t1));
+   break;
+
+case MO_32:
+t3 = tcg_temp_new_vec(type);
+t4 = tcg_temp_new_vec(type);
+tcg_gen_dupi_vec(MO_8, t4, -16);
+vec_gen_3(INDEX_op_ppc_rotl_vec, type, MO_32, tcgv_vec_arg(t1),
+  tcgv_vec_arg(v2), tcgv_vec_arg(t4));
+vec_gen_3(INDEX_op_ppc_mulou_vec, type, MO_16, tcgv_vec_arg(t2),
+

[Qemu-devel] [PATCH for-4.1 v2 11/13] tcg/ppc: Update vector support to v2.06

[Richard Henderson]

This includes double-word loads and stores, double-word load and splat,
and double-word permute.  All of which require multiple operations in
the base Altivec instruction set.

Signed-off-by: Richard Henderson 
---
 tcg/ppc/tcg-target.inc.c | 34 ++
 1 file changed, 34 insertions(+)

diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
index 4c5943be03..e6f3dca394 100644
--- a/tcg/ppc/tcg-target.inc.c
+++ b/tcg/ppc/tcg-target.inc.c
@@ -66,6 +66,7 @@ static tcg_insn_unit *tb_ret_addr;
 
 bool have_isa_altivec;
 bool have_isa_2_06;
+bool have_isa_2_06_vsx;
 bool have_isa_3_00;
 
 #define HAVE_ISA_2_06  have_isa_2_06
@@ -470,9 +471,12 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 #define LVEBX  XO31(7)
 #define LVEHX  XO31(39)
 #define LVEWX  XO31(71)
+#define LXSDX  XO31(588)  /* v2.06 */
+#define LXVDSX XO31(332)  /* v2.06 */
 
 #define STVX   XO31(231)
 #define STVEWX XO31(199)
+#define STXSDX XO31(716)  /* v2.06 */
 
 #define VADDSBSVX4(768)
 #define VADDUBSVX4(512)
@@ -562,6 +566,8 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 #define VPERM  VX4(43)
 #define VSLDOI VX4(44)
 
+#define XXPERMDI   (OPCD(60) | (10 << 3))   /* 2.06 */
+
 #define RT(r) ((r)<<21)
 #define RS(r) ((r)<<21)
 #define RA(r) ((r)<<16)
@@ -853,6 +859,15 @@ static void tcg_out_imm_vec(TCGContext *s, TCGReg ret,
 uint64_t t = l; l = h; h = t;
 #endif
 
+if (have_isa_2_06_vsx && l == h) {
+new_pool_label(s, l, R_PPC_ADDR16, s->code_ptr,
+   -(intptr_t)s->code_gen_ptr);
+tcg_out32(s, ADDIS | TAI(TCG_REG_TMP1, TCG_REG_TB, 0));
+tcg_out32(s, ADDI | TAI(TCG_REG_TMP1, TCG_REG_TMP1, 0));
+tcg_out32(s, LXVDSX | 1 | VRT(ret) | RB(TCG_REG_TMP1));
+return;
+}
+
 /* FIXME: 32-bit altivec */
 new_pool_l2(s, R_PPC_ADDR16, s->code_ptr,
 -(intptr_t)s->code_gen_ptr, h, l);
@@ -1114,6 +1129,10 @@ static void tcg_out_ld(TCGContext *s, TCGType type, 
TCGReg ret,
 /* fallthru */
 case TCG_TYPE_V64:
 tcg_debug_assert(ret >= 32);
+if (have_isa_2_06_vsx) {
+tcg_out_mem_long(s, 0, LXSDX | 1, ret & 31, base, offset);
+break;
+}
 assert((offset & 7) == 0);
 tcg_out_mem_long(s, 0, LVX, ret & 31, base, offset);
 if (offset & 8) {
@@ -1157,6 +1176,10 @@ static void tcg_out_st(TCGContext *s, TCGType type, 
TCGReg arg,
 /* fallthru */
 case TCG_TYPE_V64:
 tcg_debug_assert(arg >= 32);
+if (have_isa_2_06_vsx) {
+tcg_out_mem_long(s, 0, STXSDX | 1, arg & 31, base, offset);
+break;
+}
 assert((offset & 7) == 0);
 if (offset & 8) {
 tcg_out32(s, VSLDOI | VRT(TCG_VEC_TMP1)
@@ -2927,6 +2950,10 @@ static void tcg_out_dupm_vec(TCGContext *s, unsigned 
vece, TCGReg out,
 tcg_out32(s, VSPLTW | VRT(out) | VRB(out) | (elt << 16));
 break;
 case MO_64:
+if (have_isa_2_06_vsx) {
+tcg_out_mem_long(s, 0, LXVDSX | 1, out, base, offset);
+break;
+}
 assert((offset & 7) == 0);
 tcg_out_mem_long(s, 0, LVX, out, base, offset);
 /* FIXME: 32-bit altivec */
@@ -3054,6 +3081,10 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 tcg_out32(s, VSPLTW | VRT(a0) | VRB(a1) | (1 << 16));
 break;
 case MO_64:
+if (have_isa_2_06_vsx) {
+tcg_out32(s, XXPERMDI | 7 | VRT(a0) | VRA(a1) | VRB(a1));
+break;
+}
 /* FIXME: 32-bit altivec */
 tcg_out_dupi_vec(s, TCG_TYPE_V128, TCG_VEC_TMP1,
  0x0001020304050607ull);
@@ -3487,6 +3518,9 @@ static void tcg_target_init(TCGContext *s)
 }
 if (hwcap & PPC_FEATURE_ARCH_2_06) {
 have_isa_2_06 = true;
+if (hwcap & PPC_FEATURE_HAS_VSX) {
+have_isa_2_06_vsx = true;
+}
 }
 #ifdef PPC_FEATURE2_ARCH_3_00
 if (hwcap2 & PPC_FEATURE2_ARCH_3_00) {
-- 
2.17.2

[Qemu-devel] [PATCH for-4.1 v2 06/13] tcg/ppc: Initial backend support for Altivec

[Richard Henderson]

There are a few missing operations yet, like expansion of
multiply and shifts.  But this has move, load, store, and
basic arithmetic.

Signed-off-by: Richard Henderson 
---
 tcg/ppc/tcg-target.h |  31 +-
 tcg/ppc/tcg-target.opc.h |   3 +
 tcg/ppc/tcg-target.inc.c | 609 +++
 3 files changed, 584 insertions(+), 59 deletions(-)
 create mode 100644 tcg/ppc/tcg-target.opc.h

diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
index 52c1bb04b1..683eb807ae 100644
--- a/tcg/ppc/tcg-target.h
+++ b/tcg/ppc/tcg-target.h
@@ -31,7 +31,7 @@
 # define TCG_TARGET_REG_BITS  32
 #endif
 
-#define TCG_TARGET_NB_REGS 32
+#define TCG_TARGET_NB_REGS 64
 #define TCG_TARGET_INSN_UNIT_SIZE 4
 #define TCG_TARGET_TLB_DISPLACEMENT_BITS 16
 
@@ -45,10 +45,20 @@ typedef enum {
 TCG_REG_R24, TCG_REG_R25, TCG_REG_R26, TCG_REG_R27,
 TCG_REG_R28, TCG_REG_R29, TCG_REG_R30, TCG_REG_R31,
 
+TCG_REG_V0,  TCG_REG_V1,  TCG_REG_V2,  TCG_REG_V3,
+TCG_REG_V4,  TCG_REG_V5,  TCG_REG_V6,  TCG_REG_V7,
+TCG_REG_V8,  TCG_REG_V9,  TCG_REG_V10, TCG_REG_V11,
+TCG_REG_V12, TCG_REG_V13, TCG_REG_V14, TCG_REG_V15,
+TCG_REG_V16, TCG_REG_V17, TCG_REG_V18, TCG_REG_V19,
+TCG_REG_V20, TCG_REG_V21, TCG_REG_V22, TCG_REG_V23,
+TCG_REG_V24, TCG_REG_V25, TCG_REG_V26, TCG_REG_V27,
+TCG_REG_V28, TCG_REG_V29, TCG_REG_V30, TCG_REG_V31,
+
 TCG_REG_CALL_STACK = TCG_REG_R1,
 TCG_AREG0 = TCG_REG_R27
 } TCGReg;
 
+extern bool have_isa_altivec;
 extern bool have_isa_2_06;
 extern bool have_isa_3_00;
 
@@ -124,6 +134,25 @@ extern bool have_isa_3_00;
 #define TCG_TARGET_HAS_mulsh_i641
 #endif
 
+/* ??? Constant pool not yet supported for 32-bit.  */
+#if TCG_TARGET_REG_BITS == 64
+#define TCG_TARGET_HAS_v64  have_isa_altivec
+#define TCG_TARGET_HAS_v128 have_isa_altivec
+#define TCG_TARGET_HAS_v256 0
+#endif
+
+#define TCG_TARGET_HAS_andc_vec 1
+#define TCG_TARGET_HAS_orc_vec  0
+#define TCG_TARGET_HAS_not_vec  1
+#define TCG_TARGET_HAS_neg_vec  0
+#define TCG_TARGET_HAS_shi_vec  0
+#define TCG_TARGET_HAS_shs_vec  0
+#define TCG_TARGET_HAS_shv_vec  0
+#define TCG_TARGET_HAS_cmp_vec  1
+#define TCG_TARGET_HAS_mul_vec  1
+#define TCG_TARGET_HAS_sat_vec  1
+#define TCG_TARGET_HAS_minmax_vec   1
+
 void flush_icache_range(uintptr_t start, uintptr_t stop);
 void tb_target_set_jmp_target(uintptr_t, uintptr_t, uintptr_t);
 
diff --git a/tcg/ppc/tcg-target.opc.h b/tcg/ppc/tcg-target.opc.h
new file mode 100644
index 00..4816a6c3d4
--- /dev/null
+++ b/tcg/ppc/tcg-target.opc.h
@@ -0,0 +1,3 @@
+/* Target-specific opcodes for host vector expansion.  These will be
+   emitted by tcg_expand_vec_op.  For those familiar with GCC internals,
+   consider these to be UNSPEC with names.  */
diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
index ec8e336be8..61a245b828 100644
--- a/tcg/ppc/tcg-target.inc.c
+++ b/tcg/ppc/tcg-target.inc.c
@@ -42,6 +42,9 @@
 # define TCG_REG_TMP1   TCG_REG_R12
 #endif
 
+#define TCG_VEC_TMP1TCG_REG_V0
+#define TCG_VEC_TMP2TCG_REG_V1
+
 #define TCG_REG_TB TCG_REG_R31
 #define USE_REG_TB (TCG_TARGET_REG_BITS == 64)
 
@@ -61,6 +64,7 @@
 
 static tcg_insn_unit *tb_ret_addr;
 
+bool have_isa_altivec;
 bool have_isa_2_06;
 bool have_isa_3_00;
 
@@ -72,39 +76,15 @@ bool have_isa_3_00;
 #endif
 
 #ifdef CONFIG_DEBUG_TCG
-static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
-"r0",
-"r1",
-"r2",
-"r3",
-"r4",
-"r5",
-"r6",
-"r7",
-"r8",
-"r9",
-"r10",
-"r11",
-"r12",
-"r13",
-"r14",
-"r15",
-"r16",
-"r17",
-"r18",
-"r19",
-"r20",
-"r21",
-"r22",
-"r23",
-"r24",
-"r25",
-"r26",
-"r27",
-"r28",
-"r29",
-"r30",
-"r31"
+static const char tcg_target_reg_names[TCG_TARGET_NB_REGS][4] = {
+"r0",  "r1",  "r2",  "r3",  "r4",  "r5",  "r6",  "r7",
+"r8",  "r9",  "r10", "r11", "r12", "r13", "r14", "r15",
+"r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
+"r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
+"v0",  "v1",  "v2",  "v3",  "v4",  "v5",  "v6",  "v7",
+"v8",  "v9",  "v10", "v11", "v12", "v13", "v14", "v15",
+"v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+"v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31",
 };
 #endif
 
@@ -139,6 +119,26 @@ static const int tcg_target_reg_alloc_order[] = {
 TCG_REG_R5,
 TCG_REG_R4,
 TCG_REG_R3,
+
+/* V0 and V1 reserved as temporaries; V20 - V31 are call-saved */
+TCG_REG_V2,   /* call clobbered, vectors */
+TCG_REG_V3,
+TCG_REG_V4,
+TCG_REG_V5,
+TCG_REG_V6,
+TCG_REG_V7,
+TCG_REG_V8,
+TCG_REG_V9,
+TCG_REG_V10,
+TCG_REG_V11,
+TCG_REG_V12,
+TCG_REG_V13,
+TCG_REG_V14,
+TCG_REG_V15,
+TCG_REG_V16,
+TCG_REG_V17,
+

[Qemu-devel] [PATCH for-4.1 v2 08/13] tcg/ppc: Implement INDEX_op_dupm_vec

[Richard Henderson]

This saves a round trip through an integer register and back to memory.

Signed-off-by: Richard Henderson 
---
 tcg/ppc/tcg-target.h |  2 +-
 tcg/ppc/tcg-target.inc.c | 57 +++-
 2 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
index 5143ee853a..8ba5668fae 100644
--- a/tcg/ppc/tcg-target.h
+++ b/tcg/ppc/tcg-target.h
@@ -152,7 +152,7 @@ extern bool have_isa_3_00;
 #define TCG_TARGET_HAS_mul_vec  1
 #define TCG_TARGET_HAS_sat_vec  1
 #define TCG_TARGET_HAS_minmax_vec   1
-#define TCG_TARGET_HAS_dupm_vec 0
+#define TCG_TARGET_HAS_dupm_vec 1
 
 void flush_icache_range(uintptr_t start, uintptr_t stop);
 void tb_target_set_jmp_target(uintptr_t, uintptr_t, uintptr_t);
diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
index 61a245b828..85e332fcd3 100644
--- a/tcg/ppc/tcg-target.inc.c
+++ b/tcg/ppc/tcg-target.inc.c
@@ -467,6 +467,8 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 #define NOPORI  /* ori 0,0,0 */
 
 #define LVXXO31(103)
+#define LVEBX  XO31(7)
+#define LVEHX  XO31(39)
 #define LVEWX  XO31(71)
 
 #define STVX   XO31(231)
@@ -2835,6 +2837,7 @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece)
 case INDEX_op_xor_vec:
 case INDEX_op_andc_vec:
 case INDEX_op_not_vec:
+case INDEX_op_dupm_vec:
 return 1;
 case INDEX_op_add_vec:
 case INDEX_op_sub_vec:
@@ -2854,6 +2857,55 @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece)
 }
 }
 
+static void tcg_out_dupm_vec(TCGContext *s, unsigned vece, TCGReg out,
+ TCGReg base, intptr_t offset)
+{
+int elt;
+
+out &= 31;
+switch (vece) {
+case MO_8:
+tcg_out_mem_long(s, 0, LVEBX, out, base, offset);
+elt = extract32(offset, 0, 4);
+#ifndef HOST_WORDS_BIGENDIAN
+elt ^= 15;
+#endif
+tcg_out32(s, VSPLTB | VRT(out) | VRB(out) | (elt << 16));
+break;
+case MO_16:
+assert((offset & 1) == 0);
+tcg_out_mem_long(s, 0, LVEHX, out, base, offset);
+elt = extract32(offset, 1, 3);
+#ifndef HOST_WORDS_BIGENDIAN
+elt ^= 7;
+#endif
+tcg_out32(s, VSPLTH | VRT(out) | VRB(out) | (elt << 16));
+break;
+case MO_32:
+assert((offset & 3) == 0);
+tcg_out_mem_long(s, 0, LVEWX, out, base, offset);
+elt = extract32(offset, 2, 2);
+#ifndef HOST_WORDS_BIGENDIAN
+elt ^= 3;
+#endif
+tcg_out32(s, VSPLTW | VRT(out) | VRB(out) | (elt << 16));
+break;
+case MO_64:
+assert((offset & 7) == 0);
+tcg_out_mem_long(s, 0, LVX, out, base, offset);
+/* FIXME: 32-bit altivec */
+tcg_out_dupi_vec(s, TCG_TYPE_V128, TCG_VEC_TMP1,
+ offset & 8
+ ? 0x08090a0b0c0d0e0full
+ : 0x0001020304050607ull);
+tcg_out32(s, VPERM | VRT(out) | VRA(out) | VRB(out)
+  | VRC(TCG_VEC_TMP1));
+break;
+default:
+g_assert_not_reached();
+}
+}
+
 static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
unsigned vecl, unsigned vece,
const TCGArg *args, const int *const_args)
@@ -2884,7 +2936,9 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 case INDEX_op_st_vec:
 tcg_out_st(s, type, a0, a1, a2);
 return;
-
+case INDEX_op_dupm_vec:
+tcg_out_dupm_vec(s, vece, a0, a1, a2);
+return;
 case INDEX_op_add_vec:
 insn = add_op[vece];
 break;
@@ -3251,6 +3305,7 @@ static const TCGTargetOpDef *tcg_target_op_def(TCGOpcode 
op)
 return _v;
 case INDEX_op_ld_vec:
 case INDEX_op_st_vec:
+case INDEX_op_dupm_vec:
 return _r;
 
 default:
-- 
2.17.2

[Qemu-devel] [PATCH for-4.1 v2 09/13] tcg/ppc: Support vector shift by immediate

[Richard Henderson]

For Altivec, this is done via vector shift by vector,
and loading the immediate into a register.

Signed-off-by: Richard Henderson 
---
 tcg/ppc/tcg-target.h |  2 +-
 tcg/ppc/tcg-target.inc.c | 58 ++--
 2 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
index 8ba5668fae..5797ad35d5 100644
--- a/tcg/ppc/tcg-target.h
+++ b/tcg/ppc/tcg-target.h
@@ -147,7 +147,7 @@ extern bool have_isa_3_00;
 #define TCG_TARGET_HAS_neg_vec  0
 #define TCG_TARGET_HAS_shi_vec  0
 #define TCG_TARGET_HAS_shs_vec  0
-#define TCG_TARGET_HAS_shv_vec  0
+#define TCG_TARGET_HAS_shv_vec  1
 #define TCG_TARGET_HAS_cmp_vec  1
 #define TCG_TARGET_HAS_mul_vec  1
 #define TCG_TARGET_HAS_sat_vec  1
diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
index 85e332fcd3..d91bc9a229 100644
--- a/tcg/ppc/tcg-target.inc.c
+++ b/tcg/ppc/tcg-target.inc.c
@@ -517,6 +517,16 @@ static int tcg_target_const_match(tcg_target_long val, 
TCGType type,
 #define VCMPGTUH   VX4(582)
 #define VCMPGTUW   VX4(646)
 
+#define VSLB   VX4(260)
+#define VSLH   VX4(324)
+#define VSLW   VX4(388)
+#define VSRB   VX4(516)
+#define VSRH   VX4(580)
+#define VSRW   VX4(644)
+#define VSRAB  VX4(772)
+#define VSRAH  VX4(836)
+#define VSRAW  VX4(900)
+
 #define VAND   VX4(1028)
 #define VANDC  VX4(1092)
 #define VNOR   VX4(1284)
@@ -2849,8 +2859,14 @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece)
 case INDEX_op_sssub_vec:
 case INDEX_op_usadd_vec:
 case INDEX_op_ussub_vec:
+case INDEX_op_shlv_vec:
+case INDEX_op_shrv_vec:
+case INDEX_op_sarv_vec:
 return vece <= MO_32;
 case INDEX_op_cmp_vec:
+case INDEX_op_shli_vec:
+case INDEX_op_shri_vec:
+case INDEX_op_sari_vec:
 return vece <= MO_32 ? -1 : 0;
 default:
 return 0;
@@ -2923,7 +2939,10 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 umin_op[4] = { VMINUB, VMINUH, VMINUW, 0 }, 
 smin_op[4] = { VMINSB, VMINSH, VMINSW, 0 }, 
 umax_op[4] = { VMAXUB, VMAXUH, VMAXUW, 0 }, 
-smax_op[4] = { VMAXSB, VMAXSH, VMAXSW, 0 };
+smax_op[4] = { VMAXSB, VMAXSH, VMAXSW, 0 },
+shlv_op[4] = { VSLB, VSLH, VSLW, 0 },
+shrv_op[4] = { VSRB, VSRH, VSRW, 0 },
+sarv_op[4] = { VSRAB, VSRAH, VSRAW, 0 };
 
 TCGType type = vecl + TCG_TYPE_V64;
 TCGArg a0 = args[0], a1 = args[1], a2 = args[2];
@@ -2969,6 +2988,15 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 case INDEX_op_umax_vec:
 insn = umax_op[vece];
 break;
+case INDEX_op_shlv_vec:
+insn = shlv_op[vece];
+break;
+case INDEX_op_shrv_vec:
+insn = shrv_op[vece];
+break;
+case INDEX_op_sarv_vec:
+insn = sarv_op[vece];
+break;
 case INDEX_op_and_vec:
 insn = VAND;
 break;
@@ -3040,6 +3068,18 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 tcg_out32(s, insn | VRT(a0) | VRA(a1) | VRB(a2));
 }
 
+static void expand_vec_shi(TCGType type, unsigned vece, TCGv_vec v0,
+   TCGv_vec v1, TCGArg imm, TCGOpcode opci)
+{
+TCGv_vec t1 = tcg_temp_new_vec(type);
+
+/* Splat w/bytes for xxspltib.  */
+tcg_gen_dupi_vec(MO_8, t1, imm & ((8 << vece) - 1));
+vec_gen_3(opci, type, vece, tcgv_vec_arg(v0),
+  tcgv_vec_arg(v1), tcgv_vec_arg(t1));
+tcg_temp_free_vec(t1);
+}
+
 static void expand_vec_cmp(TCGType type, unsigned vece, TCGv_vec v0,
TCGv_vec v1, TCGv_vec v2, TCGCond cond)
 {
@@ -3091,14 +3131,25 @@ void tcg_expand_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece,
 {
 va_list va;
 TCGv_vec v0, v1, v2;
+TCGArg a2;
 
 va_start(va, a0);
 v0 = temp_tcgv_vec(arg_temp(a0));
 v1 = temp_tcgv_vec(arg_temp(va_arg(va, TCGArg)));
-v2 = temp_tcgv_vec(arg_temp(va_arg(va, TCGArg)));
+a2 = va_arg(va, TCGArg);
 
 switch (opc) {
+case INDEX_op_shli_vec:
+expand_vec_shi(type, vece, v0, v1, a2, INDEX_op_shlv_vec);
+break;
+case INDEX_op_shri_vec:
+expand_vec_shi(type, vece, v0, v1, a2, INDEX_op_shrv_vec);
+break;
+case INDEX_op_sari_vec:
+expand_vec_shi(type, vece, v0, v1, a2, INDEX_op_sarv_vec);
+break;
 case INDEX_op_cmp_vec:
+v2 = temp_tcgv_vec(arg_temp(a2));
 expand_vec_cmp(type, vece, v0, v1, v2, va_arg(va, TCGArg));
 break;
 default:
@@ -3299,6 +3350,9 @@ static const TCGTargetOpDef *tcg_target_op_def(TCGOpcode 
op)
 case INDEX_op_smin_vec:
 case INDEX_op_umax_vec:
 case INDEX_op_umin_vec:
+case INDEX_op_shlv_vec:
+case INDEX_op_shrv_vec:
+case INDEX_op_sarv_vec:
 return _v_v;
 case INDEX_op_not_vec:
 case INDEX_op_dup_vec:
-- 
2.17.2

[Qemu-devel] [PATCH for-4.1 v2 04/13] tcg: Allow add_vec, sub_vec, neg_vec, not_vec to be expanded

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/tcg-op-vec.c | 49 
 1 file changed, 33 insertions(+), 16 deletions(-)

diff --git a/tcg/tcg-op-vec.c b/tcg/tcg-op-vec.c
index 27f65600c3..cfb18682b1 100644
--- a/tcg/tcg-op-vec.c
+++ b/tcg/tcg-op-vec.c
@@ -226,16 +226,6 @@ void tcg_gen_stl_vec(TCGv_vec r, TCGv_ptr b, TCGArg o, 
TCGType low_type)
 vec_gen_3(INDEX_op_st_vec, low_type, 0, ri, bi, o);
 }
 
-void tcg_gen_add_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
-{
-vec_gen_op3(INDEX_op_add_vec, vece, r, a, b);
-}
-
-void tcg_gen_sub_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
-{
-vec_gen_op3(INDEX_op_sub_vec, vece, r, a, b);
-}
-
 void tcg_gen_and_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
 {
 vec_gen_op3(INDEX_op_and_vec, 0, r, a, b);
@@ -296,11 +286,30 @@ void tcg_gen_eqv_vec(unsigned vece, TCGv_vec r, TCGv_vec 
a, TCGv_vec b)
 tcg_gen_not_vec(0, r, r);
 }
 
+static bool do_op2(unsigned vece, TCGv_vec r, TCGv_vec a, TCGOpcode opc)
+{
+TCGTemp *rt = tcgv_vec_temp(r);
+TCGTemp *at = tcgv_vec_temp(a);
+TCGArg ri = temp_arg(rt);
+TCGArg ai = temp_arg(at);
+TCGType type = rt->base_type;
+int can;
+
+tcg_debug_assert(at->base_type >= type);
+can = tcg_can_emit_vec_op(opc, type, vece);
+if (can > 0) {
+vec_gen_2(opc, type, vece, ri, ai);
+} else if (can < 0) {
+tcg_expand_vec_op(opc, type, vece, ri, ai);
+} else {
+return false;
+}
+return true;
+}
+
 void tcg_gen_not_vec(unsigned vece, TCGv_vec r, TCGv_vec a)
 {
-if (TCG_TARGET_HAS_not_vec) {
-vec_gen_op2(INDEX_op_not_vec, 0, r, a);
-} else {
+if (!TCG_TARGET_HAS_not_vec || !do_op2(vece, r, a, INDEX_op_not_vec)) {
 TCGv_vec t = tcg_const_ones_vec_matching(r);
 tcg_gen_xor_vec(0, r, a, t);
 tcg_temp_free_vec(t);
@@ -309,9 +318,7 @@ void tcg_gen_not_vec(unsigned vece, TCGv_vec r, TCGv_vec a)
 
 void tcg_gen_neg_vec(unsigned vece, TCGv_vec r, TCGv_vec a)
 {
-if (TCG_TARGET_HAS_neg_vec) {
-vec_gen_op2(INDEX_op_neg_vec, vece, r, a);
-} else {
+if (!TCG_TARGET_HAS_neg_vec || !do_op2(vece, r, a, INDEX_op_neg_vec)) {
 TCGv_vec t = tcg_const_zeros_vec_matching(r);
 tcg_gen_sub_vec(vece, r, t, a);
 tcg_temp_free_vec(t);
@@ -409,6 +416,16 @@ static void do_op3(unsigned vece, TCGv_vec r, TCGv_vec a,
 }
 }
 
+void tcg_gen_add_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
+{
+do_op3(vece, r, a, b, INDEX_op_add_vec);
+}
+
+void tcg_gen_sub_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
+{
+do_op3(vece, r, a, b, INDEX_op_sub_vec);
+}
+
 void tcg_gen_mul_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b)
 {
 do_op3(vece, r, a, b, INDEX_op_mul_vec);
-- 
2.17.2

[Qemu-devel] [PATCH for-4.1 v2 03/13] tcg: Support cross-class moves without instruction support

[Richard Henderson]

PowerPC Altivec does not support direct moves between vector registers
and general registers.  So when tcg_out_mov fails, we can use the
backing memory for the temporary to perform the move.

Signed-off-by: Richard Henderson 
---
 tcg/tcg.c | 25 ++---
 1 file changed, 22 insertions(+), 3 deletions(-)

diff --git a/tcg/tcg.c b/tcg/tcg.c
index 34ee06564f..b5389ea767 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -3369,7 +3369,18 @@ static void tcg_reg_alloc_mov(TCGContext *s, const TCGOp 
*op)
  ots->indirect_base);
 }
 if (!tcg_out_mov(s, otype, ots->reg, ts->reg)) {
-abort();
+/* Cross register class move not supported.
+   Store the source register into the destination slot
+   and leave the destination temp as TEMP_VAL_MEM.  */
+assert(!ots->fixed_reg);
+if (!ts->mem_allocated) {
+temp_allocate_frame(s, ots);
+}
+tcg_out_st(s, ts->type, ts->reg,
+   ots->mem_base->reg, ots->mem_offset);
+ots->mem_coherent = 1;
+temp_free_or_dead(s, ots, -1);
+return;
 }
 }
 ots->val_type = TEMP_VAL_REG;
@@ -3471,7 +3482,11 @@ static void tcg_reg_alloc_op(TCGContext *s, const TCGOp 
*op)
 reg = tcg_reg_alloc(s, arg_ct->u.regs, i_allocated_regs,
 o_preferred_regs, ts->indirect_base);
 if (!tcg_out_mov(s, ts->type, reg, ts->reg)) {
-abort();
+/* Cross register class move not supported.  Sync the
+   temp back to its slot and load from there.  */
+temp_sync(s, ts, i_allocated_regs, 0, 0);
+tcg_out_ld(s, ts->type, reg,
+   ts->mem_base->reg, ts->mem_offset);
 }
 }
 new_args[i] = reg;
@@ -3630,7 +3645,11 @@ static void tcg_reg_alloc_call(TCGContext *s, TCGOp *op)
 if (ts->reg != reg) {
 tcg_reg_free(s, reg, allocated_regs);
 if (!tcg_out_mov(s, ts->type, reg, ts->reg)) {
-abort();
+/* Cross register class move not supported.  Sync the
+   temp back to its slot and load from there.  */
+temp_sync(s, ts, allocated_regs, 0, 0);
+tcg_out_ld(s, ts->type, reg,
+   ts->mem_base->reg, ts->mem_offset);
 }
 }
 } else {
-- 
2.17.2

[Qemu-devel] [PATCH for-4.1 v2 05/13] target/arm: Fill in .opc for cmtst_op

[Richard Henderson]

This allows us to fall back to integers if the tcg backend
does not support comparisons in the given vece.

Signed-off-by: Richard Henderson 
---
 target/arm/translate.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index d408e4d7ef..13e2dc6562 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -6140,16 +6140,20 @@ static void gen_cmtst_vec(unsigned vece, TCGv_vec d, 
TCGv_vec a, TCGv_vec b)
 const GVecGen3 cmtst_op[4] = {
 { .fni4 = gen_helper_neon_tst_u8,
   .fniv = gen_cmtst_vec,
+  .opc = INDEX_op_cmp_vec,
   .vece = MO_8 },
 { .fni4 = gen_helper_neon_tst_u16,
   .fniv = gen_cmtst_vec,
+  .opc = INDEX_op_cmp_vec,
   .vece = MO_16 },
 { .fni4 = gen_cmtst_i32,
   .fniv = gen_cmtst_vec,
+  .opc = INDEX_op_cmp_vec,
   .vece = MO_32 },
 { .fni8 = gen_cmtst_i64,
   .fniv = gen_cmtst_vec,
   .prefer_i64 = TCG_TARGET_REG_BITS == 64,
+  .opc = INDEX_op_cmp_vec,
   .vece = MO_64 },
 };
 
-- 
2.17.2

[Qemu-devel] [PATCH for-4.1 v2 01/13] tcg: Assert fixed_reg is read-only

[Richard Henderson]

The only fixed_reg is cpu_env, and it should not be modified
during any TB.  Therefore code that tries to special-case moves
into a fixed_reg is dead.  Remove it.

Signed-off-by: Richard Henderson 
---
 tcg/tcg.c | 85 +--
 1 file changed, 38 insertions(+), 47 deletions(-)

diff --git a/tcg/tcg.c b/tcg/tcg.c
index 9b2bf7f439..6f320a4849 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -3275,11 +3275,8 @@ static void tcg_reg_alloc_do_movi(TCGContext *s, TCGTemp 
*ots,
   tcg_target_ulong val, TCGLifeData arg_life,
   TCGRegSet preferred_regs)
 {
-if (ots->fixed_reg) {
-/* For fixed registers, we do not do any constant propagation.  */
-tcg_out_movi(s, ots->type, ots->reg, val);
-return;
-}
+/* ENV should not be modified.  */
+tcg_debug_assert(!ots->fixed_reg);
 
 /* The movi is not explicitly generated here.  */
 if (ots->val_type == TEMP_VAL_REG) {
@@ -3315,6 +3312,9 @@ static void tcg_reg_alloc_mov(TCGContext *s, const TCGOp 
*op)
 ots = arg_temp(op->args[0]);
 ts = arg_temp(op->args[1]);
 
+/* ENV should not be modified.  */
+tcg_debug_assert(!ots->fixed_reg);
+
 /* Note that otype != itype for no-op truncation.  */
 otype = ots->type;
 itype = ts->type;
@@ -3339,7 +3339,7 @@ static void tcg_reg_alloc_mov(TCGContext *s, const TCGOp 
*op)
 }
 
 tcg_debug_assert(ts->val_type == TEMP_VAL_REG);
-if (IS_DEAD_ARG(0) && !ots->fixed_reg) {
+if (IS_DEAD_ARG(0)) {
 /* mov to a non-saved dead register makes no sense (even with
liveness analysis disabled). */
 tcg_debug_assert(NEED_SYNC_ARG(0));
@@ -3352,7 +3352,7 @@ static void tcg_reg_alloc_mov(TCGContext *s, const TCGOp 
*op)
 }
 temp_dead(s, ots);
 } else {
-if (IS_DEAD_ARG(1) && !ts->fixed_reg && !ots->fixed_reg) {
+if (IS_DEAD_ARG(1) && !ts->fixed_reg) {
 /* the mov can be suppressed */
 if (ots->val_type == TEMP_VAL_REG) {
 s->reg_to_temp[ots->reg] = NULL;
@@ -3505,6 +3505,10 @@ static void tcg_reg_alloc_op(TCGContext *s, const TCGOp 
*op)
 arg = op->args[i];
 arg_ct = >args_ct[i];
 ts = arg_temp(arg);
+
+/* ENV should not be modified.  */
+tcg_debug_assert(!ts->fixed_reg);
+
 if ((arg_ct->ct & TCG_CT_ALIAS)
 && !const_args[arg_ct->alias_index]) {
 reg = new_args[arg_ct->alias_index];
@@ -3513,29 +3517,19 @@ static void tcg_reg_alloc_op(TCGContext *s, const TCGOp 
*op)
 i_allocated_regs | o_allocated_regs,
 op->output_pref[k], ts->indirect_base);
 } else {
-/* if fixed register, we try to use it */
-reg = ts->reg;
-if (ts->fixed_reg &&
-tcg_regset_test_reg(arg_ct->u.regs, reg)) {
-goto oarg_end;
-}
 reg = tcg_reg_alloc(s, arg_ct->u.regs, o_allocated_regs,
 op->output_pref[k], ts->indirect_base);
 }
 tcg_regset_set_reg(o_allocated_regs, reg);
-/* if a fixed register is used, then a move will be done 
afterwards */
-if (!ts->fixed_reg) {
-if (ts->val_type == TEMP_VAL_REG) {
-s->reg_to_temp[ts->reg] = NULL;
-}
-ts->val_type = TEMP_VAL_REG;
-ts->reg = reg;
-/* temp value is modified, so the value kept in memory is
-   potentially not the same */
-ts->mem_coherent = 0;
-s->reg_to_temp[reg] = ts;
+if (ts->val_type == TEMP_VAL_REG) {
+s->reg_to_temp[ts->reg] = NULL;
 }
-oarg_end:
+ts->val_type = TEMP_VAL_REG;
+ts->reg = reg;
+/* temp value is modified, so the value kept in memory is
+   potentially not the same */
+ts->mem_coherent = 0;
+s->reg_to_temp[reg] = ts;
 new_args[i] = reg;
 }
 }
@@ -3551,10 +3545,10 @@ static void tcg_reg_alloc_op(TCGContext *s, const TCGOp 
*op)
 /* move the outputs in the correct register if needed */
 for(i = 0; i < nb_oargs; i++) {
 ts = arg_temp(op->args[i]);
-reg = new_args[i];
-if (ts->fixed_reg && ts->reg != reg) {
-tcg_out_mov(s, ts->type, ts->reg, reg);
-}
+
+/* ENV should not be modified.  */
+tcg_debug_assert(!ts->fixed_reg);
+
 if (NEED_SYNC_ARG(i)) {
 temp_sync(s, ts, o_allocated_regs, 0, IS_DEAD_ARG(i));
 } else if (IS_DEAD_ARG(i)) {
@@ -3675,26 +3669,23 @@ static void tcg_reg_alloc_call(TCGContext *s, TCGOp *op)
 for(i = 0; i < nb_oargs; i++) {
 

[Qemu-devel] [PATCH for-4.1 v2 07/13] tcg: Add INDEX_op_dup_mem_vec

[Richard Henderson]

Allow the backend to expand dup from memory directly, instead of
forcing the value into a temp first.  This is especially important
if integer/vector register moves do not exist.

Signed-off-by: Richard Henderson 
---
 tcg/aarch64/tcg-target.h |  1 +
 tcg/i386/tcg-target.h|  1 +
 tcg/ppc/tcg-target.h |  1 +
 tcg/tcg-op.h |  1 +
 tcg/tcg-opc.h|  1 +
 tcg/tcg.h|  1 +
 tcg/tcg-op-gvec.c| 88 +---
 tcg/tcg-op-vec.c | 11 +
 tcg/tcg.c|  2 +
 9 files changed, 66 insertions(+), 41 deletions(-)

diff --git a/tcg/aarch64/tcg-target.h b/tcg/aarch64/tcg-target.h
index 2d93cf404e..8ce99fc9c8 100644
--- a/tcg/aarch64/tcg-target.h
+++ b/tcg/aarch64/tcg-target.h
@@ -137,6 +137,7 @@ typedef enum {
 #define TCG_TARGET_HAS_mul_vec  1
 #define TCG_TARGET_HAS_sat_vec  1
 #define TCG_TARGET_HAS_minmax_vec   1
+#define TCG_TARGET_HAS_dupm_vec 0
 
 #define TCG_TARGET_DEFAULT_MO (0)
 #define TCG_TARGET_HAS_MEMORY_BSWAP 1
diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index 7995fe3eab..8e8d59f4f4 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -187,6 +187,7 @@ extern bool have_avx2;
 #define TCG_TARGET_HAS_mul_vec  1
 #define TCG_TARGET_HAS_sat_vec  1
 #define TCG_TARGET_HAS_minmax_vec   1
+#define TCG_TARGET_HAS_dupm_vec 0
 
 #define TCG_TARGET_deposit_i32_valid(ofs, len) \
 (((ofs) == 0 && (len) == 8) || ((ofs) == 8 && (len) == 8) || \
diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
index 683eb807ae..5143ee853a 100644
--- a/tcg/ppc/tcg-target.h
+++ b/tcg/ppc/tcg-target.h
@@ -152,6 +152,7 @@ extern bool have_isa_3_00;
 #define TCG_TARGET_HAS_mul_vec  1
 #define TCG_TARGET_HAS_sat_vec  1
 #define TCG_TARGET_HAS_minmax_vec   1
+#define TCG_TARGET_HAS_dupm_vec 0
 
 void flush_icache_range(uintptr_t start, uintptr_t stop);
 void tb_target_set_jmp_target(uintptr_t, uintptr_t, uintptr_t);
diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index d3e51b15af..64cd3f58ef 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -950,6 +950,7 @@ void tcg_gen_atomic_umax_fetch_i64(TCGv_i64, TCGv, 
TCGv_i64, TCGArg, TCGMemOp);
 void tcg_gen_mov_vec(TCGv_vec, TCGv_vec);
 void tcg_gen_dup_i32_vec(unsigned vece, TCGv_vec, TCGv_i32);
 void tcg_gen_dup_i64_vec(unsigned vece, TCGv_vec, TCGv_i64);
+void tcg_gen_dup_mem_vec(unsigned vece, TCGv_vec, TCGv_ptr, tcg_target_long);
 void tcg_gen_dup8i_vec(TCGv_vec, uint32_t);
 void tcg_gen_dup16i_vec(TCGv_vec, uint32_t);
 void tcg_gen_dup32i_vec(TCGv_vec, uint32_t);
diff --git a/tcg/tcg-opc.h b/tcg/tcg-opc.h
index 4e0238ad1a..b8ad147377 100644
--- a/tcg/tcg-opc.h
+++ b/tcg/tcg-opc.h
@@ -211,6 +211,7 @@ DEF(qemu_st_i64, 0, TLADDR_ARGS + DATA64_ARGS, 1,
 
 DEF(mov_vec, 1, 1, 0, TCG_OPF_VECTOR | TCG_OPF_NOT_PRESENT)
 DEF(dupi_vec, 1, 0, 1, TCG_OPF_VECTOR | TCG_OPF_NOT_PRESENT)
+DEF(dupm_vec, 1, 1, 1, TCG_OPF_VECTOR | IMPL(TCG_TARGET_HAS_dupm_vec))
 
 DEF(dup_vec, 1, 1, 0, IMPLVEC)
 DEF(dup2_vec, 1, 2, 0, IMPLVEC | IMPL(TCG_TARGET_REG_BITS == 32))
diff --git a/tcg/tcg.h b/tcg/tcg.h
index 32b7cf3489..f7c12de75a 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -185,6 +185,7 @@ typedef uint64_t TCGRegSet;
 #define TCG_TARGET_HAS_mul_vec  0
 #define TCG_TARGET_HAS_sat_vec  0
 #define TCG_TARGET_HAS_minmax_vec   0
+#define TCG_TARGET_HAS_dupm_vec 0
 #else
 #define TCG_TARGET_MAYBE_vec1
 #endif
diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c
index 0996ef0812..59ab516bf0 100644
--- a/tcg/tcg-op-gvec.c
+++ b/tcg/tcg-op-gvec.c
@@ -390,6 +390,40 @@ static TCGType choose_vector_type(TCGOpcode op, unsigned 
vece, uint32_t size,
 return 0;
 }
 
+static void do_dup_store(TCGType type, uint32_t dofs, uint32_t oprsz,
+ uint32_t maxsz, TCGv_vec t_vec)
+{
+uint32_t i = 0;
+
+switch (type) {
+case TCG_TYPE_V256:
+/* Recall that ARM SVE allows vector sizes that are not a
+ * power of 2, but always a multiple of 16.  The intent is
+ * that e.g. size == 80 would be expanded with 2x32 + 1x16.
+ */
+for (; i + 32 <= oprsz; i += 32) {
+tcg_gen_stl_vec(t_vec, cpu_env, dofs + i, TCG_TYPE_V256);
+}
+/* fallthru */
+case TCG_TYPE_V128:
+for (; i + 16 <= oprsz; i += 16) {
+tcg_gen_stl_vec(t_vec, cpu_env, dofs + i, TCG_TYPE_V128);
+}
+break;
+case TCG_TYPE_V64:
+for (; i < oprsz; i += 8) {
+tcg_gen_stl_vec(t_vec, cpu_env, dofs + i, TCG_TYPE_V64);
+}
+break;
+default:
+g_assert_not_reached();
+}
+
+if (oprsz < maxsz) {
+expand_clr(dofs + oprsz, maxsz - oprsz);
+}
+}
+
 /* Set OPRSZ bytes at DOFS to replications of IN_32, IN_64 or IN_C.
  * Only one of IN_32 or IN_64 may be set;
  * IN_C is used if IN_32 and IN_64 are unset.
@@ -429,49 +463,11 @@ static void 

[Qemu-devel] [PATCH for-4.1 v2 02/13] tcg: Return bool success from tcg_out_mov

[Richard Henderson]

This patch merely changes the interface, aborting on all failures,
of which there are currently none.

Signed-off-by: Richard Henderson 
---
 tcg/aarch64/tcg-target.inc.c |  5 +++--
 tcg/arm/tcg-target.inc.c |  7 +--
 tcg/i386/tcg-target.inc.c|  5 +++--
 tcg/mips/tcg-target.inc.c|  3 ++-
 tcg/ppc/tcg-target.inc.c |  3 ++-
 tcg/riscv/tcg-target.inc.c   |  5 +++--
 tcg/s390/tcg-target.inc.c|  3 ++-
 tcg/sparc/tcg-target.inc.c   |  3 ++-
 tcg/tcg.c| 14 ++
 tcg/tci/tcg-target.inc.c |  3 ++-
 10 files changed, 34 insertions(+), 17 deletions(-)

diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
index d57f9e500f..6ba9050d9a 100644
--- a/tcg/aarch64/tcg-target.inc.c
+++ b/tcg/aarch64/tcg-target.inc.c
@@ -938,10 +938,10 @@ static void tcg_out_ldst(TCGContext *s, AArch64Insn insn, 
TCGReg rd,
 tcg_out_ldst_r(s, insn, rd, rn, TCG_TYPE_I64, TCG_REG_TMP);
 }
 
-static void tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
+static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
 {
 if (ret == arg) {
-return;
+return true;
 }
 switch (type) {
 case TCG_TYPE_I32:
@@ -970,6 +970,7 @@ static void tcg_out_mov(TCGContext *s, TCGType type, TCGReg 
ret, TCGReg arg)
 default:
 g_assert_not_reached();
 }
+return true;
 }
 
 static void tcg_out_ld(TCGContext *s, TCGType type, TCGReg ret,
diff --git a/tcg/arm/tcg-target.inc.c b/tcg/arm/tcg-target.inc.c
index 2245a8aeb9..b303befa50 100644
--- a/tcg/arm/tcg-target.inc.c
+++ b/tcg/arm/tcg-target.inc.c
@@ -2250,10 +2250,13 @@ static inline bool tcg_out_sti(TCGContext *s, TCGType 
type, TCGArg val,
 return false;
 }
 
-static inline void tcg_out_mov(TCGContext *s, TCGType type,
+static inline bool tcg_out_mov(TCGContext *s, TCGType type,
TCGReg ret, TCGReg arg)
 {
-tcg_out_dat_reg(s, COND_AL, ARITH_MOV, ret, 0, arg, SHIFT_IMM_LSL(0));
+if (ret != arg) {
+tcg_out_dat_reg(s, COND_AL, ARITH_MOV, ret, 0, arg, SHIFT_IMM_LSL(0));
+}
+return true;
 }
 
 static inline void tcg_out_movi(TCGContext *s, TCGType type,
diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
index e0670e5098..7100cf7ac3 100644
--- a/tcg/i386/tcg-target.inc.c
+++ b/tcg/i386/tcg-target.inc.c
@@ -808,12 +808,12 @@ static inline void tgen_arithr(TCGContext *s, int subop, 
int dest, int src)
 tcg_out_modrm(s, OPC_ARITH_GvEv + (subop << 3) + ext, dest, src);
 }
 
-static void tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
+static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
 {
 int rexw = 0;
 
 if (arg == ret) {
-return;
+return true;
 }
 switch (type) {
 case TCG_TYPE_I64:
@@ -851,6 +851,7 @@ static void tcg_out_mov(TCGContext *s, TCGType type, TCGReg 
ret, TCGReg arg)
 default:
 g_assert_not_reached();
 }
+return true;
 }
 
 static void tcg_out_dup_vec(TCGContext *s, TCGType type, unsigned vece,
diff --git a/tcg/mips/tcg-target.inc.c b/tcg/mips/tcg-target.inc.c
index 8a92e916dd..f31ebb43bf 100644
--- a/tcg/mips/tcg-target.inc.c
+++ b/tcg/mips/tcg-target.inc.c
@@ -558,13 +558,14 @@ static inline void tcg_out_dsra(TCGContext *s, TCGReg rd, 
TCGReg rt, TCGArg sa)
 tcg_out_opc_sa64(s, OPC_DSRA, OPC_DSRA32, rd, rt, sa);
 }
 
-static inline void tcg_out_mov(TCGContext *s, TCGType type,
+static inline bool tcg_out_mov(TCGContext *s, TCGType type,
TCGReg ret, TCGReg arg)
 {
 /* Simple reg-reg move, optimising out the 'do nothing' case */
 if (ret != arg) {
 tcg_out_opc_reg(s, OPC_OR, ret, arg, TCG_REG_ZERO);
 }
+return true;
 }
 
 static void tcg_out_movi(TCGContext *s, TCGType type,
diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
index 773690f1d9..ec8e336be8 100644
--- a/tcg/ppc/tcg-target.inc.c
+++ b/tcg/ppc/tcg-target.inc.c
@@ -566,12 +566,13 @@ static bool patch_reloc(tcg_insn_unit *code_ptr, int type,
 static void tcg_out_mem_long(TCGContext *s, int opi, int opx, TCGReg rt,
  TCGReg base, tcg_target_long offset);
 
-static void tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
+static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
 {
 tcg_debug_assert(TCG_TARGET_REG_BITS == 64 || type == TCG_TYPE_I32);
 if (ret != arg) {
 tcg_out32(s, OR | SAB(arg, ret, arg));
 }
+return true;
 }
 
 static inline void tcg_out_rld(TCGContext *s, int op, TCGReg ra, TCGReg rs,
diff --git a/tcg/riscv/tcg-target.inc.c b/tcg/riscv/tcg-target.inc.c
index b785f4acb7..e2bf1c2c6e 100644
--- a/tcg/riscv/tcg-target.inc.c
+++ b/tcg/riscv/tcg-target.inc.c
@@ -515,10 +515,10 @@ static bool patch_reloc(tcg_insn_unit *code_ptr, int type,
  * TCG intrinsics
  */
 
-static void tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
+static 

[Qemu-devel] [PATCH for-4.1 v2 00/13] tcg/ppc: Add vector opcodes

[Richard Henderson]

Version 2 does not require VSX, and works with just Altivec.
But the last 3 patches incrementally add Power7/8/9 instructions.

I've tested this vs aa64 risu on power7 big-endian and power9
little-endian, so all of the easy bugs are out.  ;-)


r~


Richard Henderson (13):
  tcg: Assert fixed_reg is read-only
  tcg: Return bool success from tcg_out_mov
  tcg: Support cross-class moves without instruction support
  tcg: Allow add_vec, sub_vec, neg_vec, not_vec to be expanded
  target/arm: Fill in .opc for cmtst_op
  tcg/ppc: Initial backend support for Altivec
  tcg: Add INDEX_op_dup_mem_vec
  tcg/ppc: Implement INDEX_op_dupm_vec
  tcg/ppc: Support vector shift by immediate
  tcg/ppc: Support vector multiply
  tcg/ppc: Update vector support to v2.06
  tcg/ppc: Update vector support to v2.07
  tcg/ppc: Update vector support to v3.00

 tcg/aarch64/tcg-target.h |1 +
 tcg/i386/tcg-target.h|1 +
 tcg/ppc/tcg-target.h |   34 +-
 tcg/ppc/tcg-target.opc.h |   11 +
 tcg/tcg-op.h |1 +
 tcg/tcg-opc.h|1 +
 tcg/tcg.h|1 +
 target/arm/translate.c   |4 +
 tcg/aarch64/tcg-target.inc.c |5 +-
 tcg/arm/tcg-target.inc.c |7 +-
 tcg/i386/tcg-target.inc.c|5 +-
 tcg/mips/tcg-target.inc.c|3 +-
 tcg/ppc/tcg-target.inc.c | 1039 --
 tcg/riscv/tcg-target.inc.c   |5 +-
 tcg/s390/tcg-target.inc.c|3 +-
 tcg/sparc/tcg-target.inc.c   |3 +-
 tcg/tcg-op-gvec.c|   88 +--
 tcg/tcg-op-vec.c |   60 +-
 tcg/tcg.c|  120 ++--
 tcg/tci/tcg-target.inc.c |3 +-
 20 files changed, 1212 insertions(+), 183 deletions(-)
 create mode 100644 tcg/ppc/tcg-target.opc.h

-- 
2.17.2

[Qemu-devel] [PATCH 1/2] riscv: sifive_uart: Generate TX interrupt

[Bin Meng]

At present the sifive uart model only generates RX interrupt. This
updates it to generate TX interrupt so that it is more useful.

Note the TX fifo is still unimplemented.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_uart.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/riscv/sifive_uart.c b/hw/riscv/sifive_uart.c
index 456a3d3..3b3f94f 100644
--- a/hw/riscv/sifive_uart.c
+++ b/hw/riscv/sifive_uart.c
@@ -51,7 +51,8 @@ static uint64_t uart_ip(SiFiveUARTState *s)
 static void update_irq(SiFiveUARTState *s)
 {
 int cond = 0;
-if ((s->ie & SIFIVE_UART_IE_RXWM) && s->rx_fifo_len) {
+if ((s->ie & SIFIVE_UART_IE_TXWM) ||
+((s->ie & SIFIVE_UART_IE_RXWM) && s->rx_fifo_len)) {
 cond = 1;
 }
 if (cond) {
@@ -108,6 +109,7 @@ uart_write(void *opaque, hwaddr addr,
 switch (addr) {
 case SIFIVE_UART_TXFIFO:
 qemu_chr_fe_write(>chr, , 1);
+update_irq(s);
 return;
 case SIFIVE_UART_IE:
 s->ie = val64;
-- 
2.7.4

[Qemu-devel] [PATCH 2/2] riscv: sifive_u: Correct UART0's IRQ in the device tree

[Bin Meng]

The UART0's interrupt vector is wrongly set to 1 in the device tree.
Use SIFIVE_U_UART0_IRQ instead.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_u.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 7bc2582..57741c2 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -244,7 +244,7 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_cell(fdt, nodename, "clock-frequency",
   SIFIVE_U_CLOCK_FREQ / 2);
 qemu_fdt_setprop_cells(fdt, nodename, "interrupt-parent", plic_phandle);
-qemu_fdt_setprop_cells(fdt, nodename, "interrupts", 1);
+qemu_fdt_setprop_cells(fdt, nodename, "interrupts", SIFIVE_U_UART0_IRQ);
 
 qemu_fdt_add_subnode(fdt, "/chosen");
 qemu_fdt_setprop_string(fdt, "/chosen", "stdout-path", nodename);
-- 
2.7.4

Re: [Qemu-devel] Combining synchronous and asynchronous IO

[Fam Zheng]

> On Mar 15, 2019, at 01:31, Sergio Lopez  wrote:
> 
> Hi,
> 
> Our current AIO path does a great job at unloading the work from the VM,
> and combined with IOThreads provides a good performance in most
> scenarios. But it also comes with its costs, in both a longer execution
> path and the need of the intervention of the scheduler at various
> points.
> 
> There's one particular workload that suffers from this cost, and that's
> when you have just 1 or 2 cores on the Guest issuing synchronous
> requests. This happens to be a pretty common workload for some DBs and,
> in a general sense, on small VMs.
> 
> I did a quick'n'dirty implementation on top of virtio-blk to get some
> numbers. This comes from a VM with 4 CPUs running on an idle server,
> with a secondary virtio-blk disk backed by a null_blk device with a
> simulated latency of 30us.
> 
> - Average latency (us)
> 
> 
> || AIO+iothread | SIO+iothread |
> | 1 job  |  70  |  55  |
> | 2 jobs |  83  |  82  |
> | 4 jobs |  90  | 159  |
> 
> 
> In this case the intuition matches the reality, and synchronous IO wins
> when there's just 1 job issuing the requests, while it loses hard when
> the are 4.
> 
> While my first thought was implementing this as a tunable, turns out we
> have a hint about the nature of the workload in the number of the
> requests in the VQ. So I updated the code to use SIO if there's just 1
> request and AIO otherwise, with these results:
> 
> ---
> || AIO+iothread | SIO+iothread | AIO+SIO+iothread |
> | 1 job  |  70  |  55  |55|
> | 2 jobs |  83  |  82  |78|
> | 4 jobs |  90  | 159  |90|
> ---
> 
> This data makes me think this is something worth pursuing, but I'd like
> to hear your opinion on it.

Nice. In many cases coroutines just forward the raw read/write to the raw file 
(no qcow2 LBA translation, backup, throttling, etc. in the data path), being 
able to transparently (and dynamically, since the said condition can change any 
time for any request) bypass block layer will be a very interesting idea to 
explore. The challenge is how not to totally break existing features (e.g. live 
snapshot and everything).

> 
> Thanks,
> Sergio.
> 

Re: [Qemu-devel] State of QEMU CI as we enter 4.0

[Fam Zheng]

> On Mar 15, 2019, at 23:12, Stefan Hajnoczi  wrote:
> 
> On Thu, Mar 14, 2019 at 03:57:06PM +, Alex Bennée wrote:
>> As we approach stabilisation for 4.0 I thought it would be worth doing a
>> review of the current state of CI and stimulate some discussion of where
>> it is working for us and what could be improved.
> 
> Thanks for this summary and for all the work that is being put into CI.
> 
> How should all sub-maintainers be checking their pull requests?
> 
> We should have information and a strict policy on minimum testing of
> pull requests.  Right now I imagine it varies a lot between
> sub-maintainers.
> 
> For my block pull requests I run qemu-iotests locally and also push to
> GitHub to trigger Travis CI.

Well, long story short, by pushing to gitlab.

If the patchew importer is changed to push to a gitlab repo that is watched by 
the same set of gitlab runners (this is a supported setup by gitlab CI), all 
posted patches can be tested the same way.

It’s a natural next step after we figure out how to automate things just for 
Peter's manual pre-merge testing, as long as the machine resources allow 
testing more subjects.

Tesing private branches are much more costly depending on test set size and 
developer numbers. Maybe it’ll be have to limited to maintainer branches first.

Fam

> 
> Stefan