[Qemu-devel] [PATCH v13 08/12] hw/rx: RX Target hardware definition

[Yoshinori Sato]

rx62n - RX62N cpu.
rx-virt - RX QEMU virtual target.

Signed-off-by: Yoshinori Sato 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
---
 include/hw/rx/rx.h|   7 ++
 include/hw/rx/rx62n.h |  94 
 hw/rx/rx-virt.c   | 105 ++
 hw/rx/rx62n.c | 238 ++
 hw/rx/Kconfig |  14 +++
 hw/rx/Makefile.objs   |   2 +
 6 files changed, 460 insertions(+)
 create mode 100644 include/hw/rx/rx.h
 create mode 100644 include/hw/rx/rx62n.h
 create mode 100644 hw/rx/rx-virt.c
 create mode 100644 hw/rx/rx62n.c
 create mode 100644 hw/rx/Kconfig
 create mode 100644 hw/rx/Makefile.objs

diff --git a/include/hw/rx/rx.h b/include/hw/rx/rx.h
new file mode 100644
index 00..ff5924b81f
--- /dev/null
+++ b/include/hw/rx/rx.h
@@ -0,0 +1,7 @@
+#ifndef QEMU_RX_H
+#define QEMU_RX_H
+/* Definitions for RX board emulation.  */
+
+#include "target/rx/cpu-qom.h"
+
+#endif
diff --git a/include/hw/rx/rx62n.h b/include/hw/rx/rx62n.h
new file mode 100644
index 00..5f6912fe46
--- /dev/null
+++ b/include/hw/rx/rx62n.h
@@ -0,0 +1,94 @@
+/*
+ * RX62N MCU Object
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef HW_RX_RX62N_H
+#define HW_RX_RX62N_H
+
+#include "hw/sysbus.h"
+#include "hw/intc/rx_icu.h"
+#include "hw/timer/renesas_tmr.h"
+#include "hw/timer/renesas_cmt.h"
+#include "hw/char/renesas_sci.h"
+#include "target/rx/cpu.h"
+#include "qemu/units.h"
+
+#define TYPE_RX62N "rx62n"
+#define TYPE_RX62N_CPU RX_CPU_TYPE_NAME(TYPE_RX62N)
+#define RX62N(obj) OBJECT_CHECK(RX62NState, (obj), TYPE_RX62N)
+
+enum {
+RX62N_NR_TMR = 2,
+RX62N_NR_CMT = 2,
+RX62N_NR_SCI = 6,
+};
+
+typedef struct RX62NState {
+SysBusDevice parent_obj;
+
+RXCPU cpu;
+RXICUState icu;
+RTMRState tmr[RX62N_NR_TMR];
+RCMTState cmt[RX62N_NR_CMT];
+RSCIState sci[RX62N_NR_SCI];
+
+MemoryRegion *sysmem;
+bool kernel;
+
+MemoryRegion iram;
+MemoryRegion iomem1;
+MemoryRegion d_flash;
+MemoryRegion iomem2;
+MemoryRegion iomem3;
+MemoryRegion c_flash;
+qemu_irq irq[NR_IRQS];
+} RX62NState;
+
+/*
+ * RX62N Peripheral Address
+ * See users manual section 5
+ */
+#define RX62N_ICUBASE 0x00087000
+#define RX62N_TMRBASE 0x00088200
+#define RX62N_CMTBASE 0x00088000
+#define RX62N_SCIBASE 0x00088240
+
+/*
+ * RX62N Peripheral IRQ
+ * See users manual section 11
+ */
+#define RX62N_TMR_IRQBASE 174
+#define RX62N_CMT_IRQBASE 28
+#define RX62N_SCI_IRQBASE 214
+
+/*
+ * RX62N Internal Memory
+ * It is the value of R5F562N8.
+ * Please change the size for R5F562N7.
+ */
+#define RX62N_IRAM_BASE 0x
+#define RX62N_IRAM_SIZE (96 * KiB)
+#define RX62N_DFLASH_BASE 0x0010
+#define RX62N_DFLASH_SIZE (32 * KiB)
+#define RX62N_CFLASH_BASE 0xfff8
+#define RX62N_CFLASH_SIZE (512 * KiB)
+
+#define RX62N_PCLK (48 * 1000 * 1000)
+#endif
diff --git a/hw/rx/rx-virt.c b/hw/rx/rx-virt.c
new file mode 100644
index 00..3deb7cb335
--- /dev/null
+++ b/hw/rx/rx-virt.c
@@ -0,0 +1,105 @@
+/*
+ * RX QEMU virtual platform
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/loader.h"
+#include "hw/rx/rx62n.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/qtest.h"
+#include "sysemu/device_tree.h"
+#include "hw/boards.h"
+
+/* Same address of GDB integrated simulator */
+#define SDRAM_BASE 0x0100
+
+static void rxvirt_init(MachineState *machine)
+{
+RX62NState *s = g_new(RX62NState, 1);
+MemoryRegion *sysmem = 

[Qemu-devel] [PATCH v13 02/12] target/rx: TCG helper

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
---
 target/rx/helper.h|  31 
 target/rx/helper.c| 148 
 target/rx/op_helper.c | 481 ++
 3 files changed, 660 insertions(+)
 create mode 100644 target/rx/helper.h
 create mode 100644 target/rx/helper.c
 create mode 100644 target/rx/op_helper.c

diff --git a/target/rx/helper.h b/target/rx/helper.h
new file mode 100644
index 00..f0b7ebbbf7
--- /dev/null
+++ b/target/rx/helper.h
@@ -0,0 +1,31 @@
+DEF_HELPER_1(raise_illegal_instruction, noreturn, env)
+DEF_HELPER_1(raise_access_fault, noreturn, env)
+DEF_HELPER_1(raise_privilege_violation, noreturn, env)
+DEF_HELPER_1(wait, noreturn, env)
+DEF_HELPER_1(debug, noreturn, env)
+DEF_HELPER_2(rxint, noreturn, env, i32)
+DEF_HELPER_1(rxbrk, noreturn, env)
+DEF_HELPER_FLAGS_3(fadd, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fsub, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fmul, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fdiv, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fcmp, TCG_CALL_NO_WG, void, env, f32, f32)
+DEF_HELPER_FLAGS_2(ftoi, TCG_CALL_NO_WG, i32, env, f32)
+DEF_HELPER_FLAGS_2(round, TCG_CALL_NO_WG, i32, env, f32)
+DEF_HELPER_FLAGS_2(itof, TCG_CALL_NO_WG, f32, env, i32)
+DEF_HELPER_2(set_fpsw, void, env, i32)
+DEF_HELPER_FLAGS_2(racw, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(set_psw_rte, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(set_psw, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_1(pack_psw, i32, env)
+DEF_HELPER_FLAGS_3(div, TCG_CALL_NO_WG, i32, env, i32, i32)
+DEF_HELPER_FLAGS_3(divu, TCG_CALL_NO_WG, i32, env, i32, i32)
+DEF_HELPER_FLAGS_1(scmpu, TCG_CALL_NO_WG, void, env)
+DEF_HELPER_1(smovu, void, env)
+DEF_HELPER_1(smovf, void, env)
+DEF_HELPER_1(smovb, void, env)
+DEF_HELPER_2(sstr, void, env, i32)
+DEF_HELPER_FLAGS_2(swhile, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(suntil, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(rmpa, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_1(satr, void, env)
diff --git a/target/rx/helper.c b/target/rx/helper.c
new file mode 100644
index 00..8e598c9c1d
--- /dev/null
+++ b/target/rx/helper.c
@@ -0,0 +1,148 @@
+/*
+ *  RX emulation
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bitops.h"
+#include "cpu.h"
+#include "exec/log.h"
+#include "exec/cpu_ldst.h"
+#include "sysemu/sysemu.h"
+
+void rx_cpu_unpack_psw(CPURXState *env, uint32_t psw, int rte)
+{
+if (env->psw_pm == 0) {
+env->psw_ipl = FIELD_EX32(psw, PSW, IPL);
+if (rte) {
+/* PSW.PM can write RTE and RTFI */
+env->psw_pm = FIELD_EX32(psw, PSW, PM);
+}
+env->psw_u = FIELD_EX32(psw, PSW, U);
+env->psw_i = FIELD_EX32(psw, PSW, I);
+}
+env->psw_o = FIELD_EX32(psw, PSW, O) << 31;
+env->psw_s = FIELD_EX32(psw, PSW, S) << 31;
+env->psw_z = 1 - FIELD_EX32(psw, PSW, Z);
+env->psw_c = FIELD_EX32(psw, PSW, C);
+}
+
+#define INT_FLAGS (CPU_INTERRUPT_HARD | CPU_INTERRUPT_FIR)
+void rx_cpu_do_interrupt(CPUState *cs)
+{
+RXCPU *cpu = RXCPU(cs);
+CPURXState *env = >env;
+int do_irq = cs->interrupt_request & INT_FLAGS;
+uint32_t save_psw;
+
+env->in_sleep = 0;
+
+if (env->psw_u) {
+env->usp = env->regs[0];
+} else {
+env->isp = env->regs[0];
+}
+save_psw = rx_cpu_pack_psw(env);
+env->psw_pm = env->psw_i = env->psw_u = 0;
+
+if (do_irq) {
+if (do_irq & CPU_INTERRUPT_FIR) {
+env->bpc = env->pc;
+env->bpsw = save_psw;
+env->pc = env->fintv;
+env->psw_ipl = 15;
+cs->interrupt_request &= ~CPU_INTERRUPT_FIR;
+qemu_set_irq(env->ack, env->ack_irq);
+qemu_log_mask(CPU_LOG_INT, "fast interrupt raised\n");
+} else if (do_irq & CPU_INTERRUPT_HARD) {
+env->isp -= 4;
+cpu_stl_all(env, env->isp, save_psw);
+env->isp -= 4;
+cpu_stl_all(env, env->isp, env->pc);
+env->pc = cpu_ldl_all(env, env->intb + env->ack_irq * 4);
+env->psw_ipl = env->ack_ipl;
+cs->interrupt_request &= ~CPU_INTERRUPT_HARD;
+qemu_set_irq(env->ack, env->ack_irq);
+qemu_log_mask(CPU_LOG_INT,
+   

[Qemu-devel] [PATCH v13 05/12] hw/intc: RX62N interrupt controller (ICUa)

[Yoshinori Sato]

This implementation supported only ICUa.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
---
 include/hw/intc/rx_icu.h |  57 +++
 hw/intc/rx_icu.c | 376 +++
 hw/intc/Kconfig  |   3 +
 hw/intc/Makefile.objs|   1 +
 4 files changed, 437 insertions(+)
 create mode 100644 include/hw/intc/rx_icu.h
 create mode 100644 hw/intc/rx_icu.c

diff --git a/include/hw/intc/rx_icu.h b/include/hw/intc/rx_icu.h
new file mode 100644
index 00..7b0bfdeac1
--- /dev/null
+++ b/include/hw/intc/rx_icu.h
@@ -0,0 +1,57 @@
+#ifndef RX_ICU_H
+#define RX_ICU_H
+
+#include "qemu-common.h"
+#include "hw/irq.h"
+
+enum TRG_MODE {
+TRG_LEVEL = 0,
+TRG_NEDGE = 1, /* Falling */
+TRG_PEDGE = 2, /* Raising */
+TRG_BEDGE = 3, /* Both */
+};
+
+struct IRQSource {
+enum TRG_MODE sense;
+int level;
+};
+
+enum {
+NR_IRQS = 256,
+};
+
+struct RXICUState {
+SysBusDevice parent_obj;
+
+MemoryRegion memory;
+struct IRQSource src[NR_IRQS];
+char *icutype;
+uint32_t nr_irqs;
+uint32_t *map;
+uint32_t nr_sense;
+uint32_t *init_sense;
+
+uint8_t ir[NR_IRQS];
+uint8_t dtcer[NR_IRQS];
+uint8_t ier[NR_IRQS / 8];
+uint8_t ipr[142];
+uint8_t dmasr[4];
+uint16_t fir;
+uint8_t nmisr;
+uint8_t nmier;
+uint8_t nmiclr;
+uint8_t nmicr;
+int req_irq;
+qemu_irq _irq;
+qemu_irq _fir;
+qemu_irq _swi;
+};
+typedef struct RXICUState RXICUState;
+
+#define TYPE_RXICU "rxicu"
+#define RXICU(obj) OBJECT_CHECK(RXICUState, (obj), TYPE_RXICU)
+
+/* Software interrupt request */
+#define SWI 27
+
+#endif /* RX_ICU_H */
diff --git a/hw/intc/rx_icu.c b/hw/intc/rx_icu.c
new file mode 100644
index 00..cb28c7a8d2
--- /dev/null
+++ b/hw/intc/rx_icu.c
@@ -0,0 +1,376 @@
+/*
+ * RX Interrupt Control Unit
+ *
+ * Warning: Only ICUa is supported.
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/intc/rx_icu.h"
+#include "qemu/error-report.h"
+
+REG8(IR, 0)
+  FIELD(IR, IR,  0, 1)
+REG8(DTCER, 0x100)
+  FIELD(DTCER, DTCE,  0, 1)
+REG8(IER, 0x200)
+REG8(SWINTR, 0x2e0)
+  FIELD(SWINTR, SWINT, 0, 1)
+REG16(FIR, 0x2f0)
+  FIELD(FIR, FVCT, 0, 8)
+  FIELD(FIR, FIEN, 15, 1)
+REG8(IPR, 0x300)
+  FIELD(IPR, IPR, 0, 4)
+REG8(DMRSR, 0x400)
+REG8(IRQCR, 0x500)
+  FIELD(IRQCR, IRQMD, 2, 2)
+REG8(NMISR, 0x580)
+  FIELD(NMISR, NMIST, 0, 1)
+  FIELD(NMISR, LVDST, 1, 1)
+  FIELD(NMISR, OSTST, 2, 1)
+REG8(NMIER, 0x581)
+  FIELD(NMIER, NMIEN, 0, 1)
+  FIELD(NMIER, LVDEN, 1, 1)
+  FIELD(NMIER, OSTEN, 2, 1)
+REG8(NMICLR, 0x582)
+  FIELD(NMICLR, NMICLR, 0, 1)
+  FIELD(NMICLR, OSTCLR, 2, 1)
+REG8(NMICR, 0x583)
+  FIELD(NMICR, NMIMD, 3, 1)
+
+#define request(icu, n) (icu->ipr[icu->map[n]] << 8 | n)
+
+static void set_irq(RXICUState *icu, int n_IRQ, int req)
+{
+if ((icu->fir & R_FIR_FIEN_MASK) &&
+(icu->fir & R_FIR_FVCT_MASK) == n_IRQ) {
+qemu_set_irq(icu->_fir, req);
+} else {
+qemu_set_irq(icu->_irq, req);
+}
+}
+
+static void rxicu_request(RXICUState *icu, int n_IRQ)
+{
+int enable;
+
+enable = icu->ier[n_IRQ / 8] & (1 << (n_IRQ & 7));
+if (n_IRQ > 0 && enable != 0 && atomic_read(>req_irq) < 0) {
+atomic_set(>req_irq, n_IRQ);
+set_irq(icu, n_IRQ, request(icu, n_IRQ));
+}
+}
+
+static void rxicu_set_irq(void *opaque, int n_IRQ, int level)
+{
+RXICUState *icu = opaque;
+struct IRQSource *src;
+int issue;
+
+if (n_IRQ >= NR_IRQS) {
+error_report("%s: IRQ %d out of range", __func__, n_IRQ);
+return;
+}
+
+src = >src[n_IRQ];
+
+level = (level != 0);
+switch (src->sense) {
+case TRG_LEVEL:
+/* level-sensitive irq */
+issue = level;
+src->level = level;
+break;
+case TRG_NEDGE:
+issue = (level == 0 && src->level == 1);
+src->level = level;
+break;
+case TRG_PEDGE:
+issue = (level == 1 && src->level == 

[Qemu-devel] [PATCH v13 11/12] qemu/bitops.h: Add extract8 and extract16

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
---
 include/qemu/bitops.h | 38 ++
 1 file changed, 38 insertions(+)

diff --git a/include/qemu/bitops.h b/include/qemu/bitops.h
index 3f0926cf40..764f9d1ea0 100644
--- a/include/qemu/bitops.h
+++ b/include/qemu/bitops.h
@@ -301,6 +301,44 @@ static inline uint32_t extract32(uint32_t value, int 
start, int length)
 }
 
 /**
+ * extract8:
+ * @value: the value to extract the bit field from
+ * @start: the lowest bit in the bit field (numbered from 0)
+ * @length: the length of the bit field
+ *
+ * Extract from the 8 bit input @value the bit field specified by the
+ * @start and @length parameters, and return it. The bit field must
+ * lie entirely within the 8 bit word. It is valid to request that
+ * all 8 bits are returned (ie @length 8 and @start 0).
+ *
+ * Returns: the value of the bit field extracted from the input value.
+ */
+static inline uint8_t extract8(uint8_t value, int start, int length)
+{
+assert(start >= 0 && length > 0 && length <= 8 - start);
+return extract32(value, start, length);
+}
+
+/**
+ * extract16:
+ * @value: the value to extract the bit field from
+ * @start: the lowest bit in the bit field (numbered from 0)
+ * @length: the length of the bit field
+ *
+ * Extract from the 16 bit input @value the bit field specified by the
+ * @start and @length parameters, and return it. The bit field must
+ * lie entirely within the 16 bit word. It is valid to request that
+ * all 16 bits are returned (ie @length 16 and @start 0).
+ *
+ * Returns: the value of the bit field extracted from the input value.
+ */
+static inline uint16_t extract16(uint16_t value, int start, int length)
+{
+assert(start >= 0 && length > 0 && length <= 16 - start);
+return extract32(value, start, length);
+}
+
+/**
  * extract64:
  * @value: the value to extract the bit field from
  * @start: the lowest bit in the bit field (numbered from 0)
-- 
2.11.0

[Qemu-devel] [PATCH v13 04/12] target/rx: RX disassembler

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Tested-by: Philippe Mathieu-Daudé 
---
 include/disas/dis-asm.h |5 +
 target/rx/disas.c   | 1480 +++
 2 files changed, 1485 insertions(+)
 create mode 100644 target/rx/disas.c

diff --git a/include/disas/dis-asm.h b/include/disas/dis-asm.h
index 9240ec32c2..de17792e88 100644
--- a/include/disas/dis-asm.h
+++ b/include/disas/dis-asm.h
@@ -226,6 +226,10 @@ enum bfd_architecture
 #define bfd_mach_nios2r22
   bfd_arch_lm32,   /* Lattice Mico32 */
 #define bfd_mach_lm32 1
+  bfd_arch_rx,   /* Renesas RX */
+#define bfd_mach_rx0x75
+#define bfd_mach_rx_v2 0x76
+#define bfd_mach_rx_v3 0x77
   bfd_arch_last
   };
 #define bfd_mach_s390_31 31
@@ -433,6 +437,7 @@ int print_insn_little_nios2 (bfd_vma, 
disassemble_info*);
 int print_insn_xtensa   (bfd_vma, disassemble_info*);
 int print_insn_riscv32  (bfd_vma, disassemble_info*);
 int print_insn_riscv64  (bfd_vma, disassemble_info*);
+int print_insn_rx(bfd_vma, disassemble_info *);
 
 #if 0
 /* Fetch the disassembler for a given BFD, if that support is available.  */
diff --git a/target/rx/disas.c b/target/rx/disas.c
new file mode 100644
index 00..8cada4825d
--- /dev/null
+++ b/target/rx/disas.c
@@ -0,0 +1,1480 @@
+/*
+ * Renesas RX Disassembler
+ *
+ * Copyright (c) 2019 Yoshinori Sato 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "disas/dis-asm.h"
+#include "qemu/bitops.h"
+#include "cpu.h"
+
+typedef struct DisasContext {
+disassemble_info *dis;
+uint32_t addr;
+uint32_t pc;
+} DisasContext;
+
+
+static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
+   int i, int n)
+{
+bfd_byte buf;
+while (++i <= n) {
+ctx->dis->read_memory_func(ctx->addr++, , 1, ctx->dis);
+insn |= buf << (32 - i * 8);
+}
+return insn;
+}
+
+static int32_t li(DisasContext *ctx, int sz)
+{
+int32_t addr;
+bfd_byte buf[4];
+addr = ctx->addr;
+
+switch (sz) {
+case 1:
+ctx->addr += 1;
+ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
+return (int8_t)buf[0];
+case 2:
+ctx->addr += 2;
+ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
+return ldsw_le_p(buf);
+case 3:
+ctx->addr += 3;
+ctx->dis->read_memory_func(addr, buf, 3, ctx->dis);
+return (int8_t)buf[2] << 16 | lduw_le_p(buf);
+case 0:
+ctx->addr += 4;
+ctx->dis->read_memory_func(addr, buf, 4, ctx->dis);
+return ldl_le_p(buf);
+default:
+g_assert_not_reached();
+}
+}
+
+static int bdsp_s(DisasContext *ctx, int d)
+{
+/*
+ * 0 -> 8
+ * 1 -> 9
+ * 2 -> 10
+ * 3 -> 3
+ * :
+ * 7 -> 7
+ */
+if (d < 3) {
+d += 8;
+}
+return d;
+}
+
+/* Include the auto-generated decoder.  */
+#include "decode.inc.c"
+
+#define prt(...) (ctx->dis->fprintf_func)((ctx->dis->stream), __VA_ARGS__)
+
+#define RX_MEMORY_BYTE 0
+#define RX_MEMORY_WORD 1
+#define RX_MEMORY_LONG 2
+
+#define RX_IM_BYTE 0
+#define RX_IM_WORD 1
+#define RX_IM_LONG 2
+#define RX_IM_UWORD 3
+
+static const char size[] = {'b', 'w', 'l'};
+static const char cond[][4] = {
+"eq", "ne", "c", "nc", "gtu", "leu", "pz", "n",
+"ge", "lt", "gt", "le", "o", "no", "ra", "f"
+};
+static const char psw[] = {
+'c', 'z', 's', 'o', 0, 0, 0, 0,
+'i', 'u', 0, 0, 0, 0, 0, 0,
+};
+
+static uint32_t rx_index_addr(int ld, int size, DisasContext *ctx)
+{
+bfd_byte buf[2];
+switch (ld) {
+case 0:
+return 0;
+case 1:
+ctx->dis->read_memory_func(ctx->addr, buf, 1, ctx->dis);
+ctx->addr += 1;
+return ((uint8_t)buf[0]) << size;
+case 2:
+ctx->dis->read_memory_func(ctx->addr, buf, 2, ctx->dis);
+ctx->addr += 2;
+return lduw_le_p(buf) << size;
+}
+g_assert_not_reached();
+}
+
+static void operand(DisasContext *ctx, int ld, int mi, int rs, int rd)
+{
+int dsp;
+static const char sizes[][4] = {".b", ".w", ".l", ".uw", ".ub"};
+if (ld < 3) {
+switch (mi) {
+case 4:
+/* dsp[rs].ub */
+dsp = rx_index_addr(ld, RX_MEMORY_BYTE, ctx);
+break;
+case 3:
+/* dsp[rs].uw */
+

[Qemu-devel] [PATCH v13 03/12] target/rx: CPU definition

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
---
 target/rx/cpu.h | 227 
 target/rx/cpu.c | 222 ++
 target/rx/gdbstub.c | 112 ++
 target/rx/monitor.c |  38 +
 4 files changed, 599 insertions(+)
 create mode 100644 target/rx/cpu.h
 create mode 100644 target/rx/cpu.c
 create mode 100644 target/rx/gdbstub.c
 create mode 100644 target/rx/monitor.c

diff --git a/target/rx/cpu.h b/target/rx/cpu.h
new file mode 100644
index 00..fa07c25af4
--- /dev/null
+++ b/target/rx/cpu.h
@@ -0,0 +1,227 @@
+/*
+ *  RX emulation definition
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef RX_CPU_H
+#define RX_CPU_H
+
+#include "qemu/bitops.h"
+#include "qemu-common.h"
+#include "hw/registerfields.h"
+#include "qom/cpu.h"
+
+#define TYPE_RXCPU "rxcpu"
+
+#define RXCPU_CLASS(klass) \
+OBJECT_CLASS_CHECK(RXCPUClass, (klass), TYPE_RXCPU)
+#define RXCPU(obj) \
+OBJECT_CHECK(RXCPU, (obj), TYPE_RXCPU)
+#define RXCPU_GET_CLASS(obj) \
+OBJECT_GET_CLASS(RXCPUClass, (obj), TYPE_RXCPU)
+
+/*
+ * RXCPUClass:
+ * @parent_realize: The parent class' realize handler.
+ * @parent_reset: The parent class' reset handler.
+ *
+ * A RX CPU model.
+ */
+typedef struct RXCPUClass {
+/*< private >*/
+CPUClass parent_class;
+/*< public >*/
+
+DeviceRealize parent_realize;
+void (*parent_reset)(CPUState *cpu);
+
+} RXCPUClass;
+
+#define TARGET_LONG_BITS 32
+#define TARGET_PAGE_BITS 12
+
+#define CPUArchState struct CPURXState
+
+#include "exec/cpu-defs.h"
+
+#define TARGET_PHYS_ADDR_SPACE_BITS 32
+#define TARGET_VIRT_ADDR_SPACE_BITS 32
+
+/* PSW define */
+REG32(PSW, 0)
+FIELD(PSW, C, 0, 1)
+FIELD(PSW, Z, 1, 1)
+FIELD(PSW, S, 2, 1)
+FIELD(PSW, O, 3, 1)
+FIELD(PSW, I, 16, 1)
+FIELD(PSW, U, 17, 1)
+FIELD(PSW, PM, 20, 1)
+FIELD(PSW, IPL, 24, 4)
+
+/* FPSW define */
+REG32(FPSW, 0)
+FIELD(FPSW, RM, 0, 2)
+FIELD(FPSW, CV, 2, 1)
+FIELD(FPSW, CO, 3, 1)
+FIELD(FPSW, CZ, 4, 1)
+FIELD(FPSW, CU, 5, 1)
+FIELD(FPSW, CX, 6, 1)
+FIELD(FPSW, CE, 7, 1)
+FIELD(FPSW, CAUSE, 2, 6)
+FIELD(FPSW, DN, 8, 1)
+FIELD(FPSW, EV, 10, 1)
+FIELD(FPSW, EO, 11, 1)
+FIELD(FPSW, EZ, 12, 1)
+FIELD(FPSW, EU, 13, 1)
+FIELD(FPSW, EX, 14, 1)
+FIELD(FPSW, ENABLE, 10, 5)
+FIELD(FPSW, FV, 26, 1)
+FIELD(FPSW, FO, 27, 1)
+FIELD(FPSW, FZ, 28, 1)
+FIELD(FPSW, FU, 29, 1)
+FIELD(FPSW, FX, 30, 1)
+FIELD(FPSW, FLAGS, 26, 4)
+FIELD(FPSW, FS, 31, 1)
+
+#define NB_MMU_MODES 1
+#define MMU_MODE0_SUFFIX _all
+
+enum {
+NUM_REGS = 16,
+};
+
+typedef struct CPURXState {
+/* CPU registers */
+uint32_t regs[NUM_REGS];/* general registers */
+uint32_t psw_o; /* O bit of status register */
+uint32_t psw_s; /* S bit of status register */
+uint32_t psw_z; /* Z bit of status register */
+uint32_t psw_c; /* C bit of status register */
+uint32_t psw_u;
+uint32_t psw_i;
+uint32_t psw_pm;
+uint32_t psw_ipl;
+uint32_t bpsw;  /* backup status */
+uint32_t bpc;   /* backup pc */
+uint32_t isp;   /* global base register */
+uint32_t usp;   /* vector base register */
+uint32_t pc;/* program counter */
+uint32_t intb;  /* interrupt vector */
+uint32_t fintv;
+uint32_t fpsw;
+uint64_t acc;
+
+/* Fields up to this point are cleared by a CPU reset */
+struct {} end_reset_fields;
+
+/* Internal use */
+uint32_t in_sleep;
+uint32_t req_irq;   /* Requested interrupt no (hard) */
+uint32_t req_ipl;   /* Requested interrupt level */
+uint32_t ack_irq;   /* execute irq */
+uint32_t ack_ipl;   /* execute ipl */
+float_status fp_status;
+qemu_irq ack;  /* Interrupt acknowledge */
+
+CPU_COMMON
+} CPURXState;
+
+/*
+ * RXCPU:
+ * @env: #CPURXState
+ *
+ * A RX CPU
+ */
+struct RXCPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPURXState env;
+};
+
+typedef struct RXCPU RXCPU;
+
+static inline RXCPU *rx_env_get_cpu(CPURXState *env)
+{
+return container_of(env, RXCPU, env);
+}
+
+#define ENV_GET_CPU(e) CPU(rx_env_get_cpu(e))
+
+#define ENV_OFFSET offsetof(RXCPU, env)
+

[Qemu-devel] [PATCH v13 00/12] Add RX archtecture support

[Yoshinori Sato]

Hello.
This patch series is added Renesas RX target emulation.

Add "Reviewed-by" for all changes.

My git repository is bellow.
git://git.pf.osdn.net/gitroot/y/ys/ysato/qemu.git tags/rx-20190514

Testing binaries bellow.
u-boot
Download - https://osdn.net/users/ysato/pf/qemu/dl/u-boot.bin.gz

starting
$ gzip -d u-boot.bin.gz
$ qemu-system-rx -bios u-boot.bin

linux and pico-root (only sash)
Download - https://osdn.net/users/ysato/pf/qemu/dl/zImage (kernel)
   https://osdn.net/users/ysato/pf/qemu/dl/rx-qemu.dtb (DeviceTree)

starting
$ qemu-system-rx -kernel zImage -dtb rx-qemu.dtb -append "earlycon"

Changes for v12.
- None

Yoshinori Sato (12):
  target/rx: TCG translation
  target/rx: TCG helper
  target/rx: CPU definition
  target/rx: RX disassembler
  hw/intc: RX62N interrupt controller (ICUa)
  hw/timer: RX62N internal timer modules
  hw/char: RX62N serial communication interface (SCI)
  hw/rx: RX Target hardware definition
  Add rx-softmmu
  hw/registerfields.h: Add 8bit and 16bit register macros.
  qemu/bitops.h: Add extract8 and extract16
  MAINTAINERS: Add RX

 configure  |8 +
 default-configs/rx-softmmu.mak |3 +
 include/disas/dis-asm.h|5 +
 include/hw/char/renesas_sci.h  |   45 +
 include/hw/intc/rx_icu.h   |   57 +
 include/hw/registerfields.h|   32 +-
 include/hw/rx/rx.h |7 +
 include/hw/rx/rx62n.h  |   94 ++
 include/hw/timer/renesas_cmt.h |   38 +
 include/hw/timer/renesas_tmr.h |   50 +
 include/qemu/bitops.h  |   38 +
 include/sysemu/arch_init.h |1 +
 target/rx/cpu.h|  227 
 target/rx/helper.h |   31 +
 arch_init.c|2 +
 hw/char/renesas_sci.c  |  340 ++
 hw/intc/rx_icu.c   |  376 +++
 hw/rx/rx-virt.c|  105 ++
 hw/rx/rx62n.c  |  238 
 hw/timer/renesas_cmt.c |  275 +
 hw/timer/renesas_tmr.c |  455 
 target/rx/cpu.c|  222 
 target/rx/disas.c  | 1480 
 target/rx/gdbstub.c|  112 ++
 target/rx/helper.c |  148 +++
 target/rx/monitor.c|   38 +
 target/rx/op_helper.c  |  481 
 target/rx/translate.c  | 2432 
 MAINTAINERS|   19 +
 hw/Kconfig |1 +
 hw/char/Kconfig|3 +
 hw/char/Makefile.objs  |1 +
 hw/intc/Kconfig|3 +
 hw/intc/Makefile.objs  |1 +
 hw/rx/Kconfig  |   14 +
 hw/rx/Makefile.objs|2 +
 hw/timer/Kconfig   |6 +
 hw/timer/Makefile.objs |3 +
 target/rx/Makefile.objs|   12 +
 target/rx/insns.decode |  621 ++
 40 files changed, 8025 insertions(+), 1 deletion(-)
 create mode 100644 default-configs/rx-softmmu.mak
 create mode 100644 include/hw/char/renesas_sci.h
 create mode 100644 include/hw/intc/rx_icu.h
 create mode 100644 include/hw/rx/rx.h
 create mode 100644 include/hw/rx/rx62n.h
 create mode 100644 include/hw/timer/renesas_cmt.h
 create mode 100644 include/hw/timer/renesas_tmr.h
 create mode 100644 target/rx/cpu.h
 create mode 100644 target/rx/helper.h
 create mode 100644 hw/char/renesas_sci.c
 create mode 100644 hw/intc/rx_icu.c
 create mode 100644 hw/rx/rx-virt.c
 create mode 100644 hw/rx/rx62n.c
 create mode 100644 hw/timer/renesas_cmt.c
 create mode 100644 hw/timer/renesas_tmr.c
 create mode 100644 target/rx/cpu.c
 create mode 100644 target/rx/disas.c
 create mode 100644 target/rx/gdbstub.c
 create mode 100644 target/rx/helper.c
 create mode 100644 target/rx/monitor.c
 create mode 100644 target/rx/op_helper.c
 create mode 100644 target/rx/translate.c
 create mode 100644 hw/rx/Kconfig
 create mode 100644 hw/rx/Makefile.objs
 create mode 100644 target/rx/Makefile.objs
 create mode 100644 target/rx/insns.decode

-- 
2.11.0

[Qemu-devel] [PATCH v13 12/12] MAINTAINERS: Add RX

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
---
 MAINTAINERS | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index a73a61a546..ef6a02702e 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -272,6 +272,13 @@ F: include/hw/riscv/
 F: linux-user/host/riscv32/
 F: linux-user/host/riscv64/
 
+RENESAS RX
+M: Yoshinori Sato 
+S: Maintained
+F: target/rx/
+F: hw/rx/
+F: include/hw/rx/
+
 S390
 M: Richard Henderson 
 M: David Hildenbrand 
@@ -1106,6 +1113,18 @@ F: pc-bios/canyonlands.dt[sb]
 F: pc-bios/u-boot-sam460ex-20100605.bin
 F: roms/u-boot-sam460ex
 
+RX Machines
+---
+RX-QEMU
+M: Yoshinori Sato 
+S: Maintained
+F: hw/rx/rxqemu.c
+F: hw/intc/rx_icu.c
+F: hw/timer/renesas_*.c
+F: hw/char/renesas_sci.c
+F: include/hw/timer/renesas_*.h
+F: include/hw/char/renesas_sci.h
+
 SH4 Machines
 
 R2D
-- 
2.11.0

[Qemu-devel] [PATCH v13 10/12] hw/registerfields.h: Add 8bit and 16bit register macros.

[Yoshinori Sato]

Some RX peripheral using 8bit and 16bit registers.
Added 8bit and 16bit APIs.

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
---
 include/hw/registerfields.h | 32 +++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/include/hw/registerfields.h b/include/hw/registerfields.h
index 2659a58737..a0bb0654d6 100644
--- a/include/hw/registerfields.h
+++ b/include/hw/registerfields.h
@@ -22,6 +22,14 @@
 enum { A_ ## reg = (addr) };  \
 enum { R_ ## reg = (addr) / 4 };
 
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };
+
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };
+
 /* Define SHIFT, LENGTH and MASK constants for a field within a register */
 
 /* This macro will define R_FOO_BAR_MASK, R_FOO_BAR_SHIFT and R_FOO_BAR_LENGTH
@@ -34,6 +42,12 @@
 MAKE_64BIT_MASK(shift, length)};
 
 /* Extract a field from a register */
+#define FIELD_EX8(storage, reg, field)\
+extract8((storage), R_ ## reg ## _ ## field ## _SHIFT,\
+  R_ ## reg ## _ ## field ## _LENGTH)
+#define FIELD_EX16(storage, reg, field)   \
+extract16((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH)
 #define FIELD_EX32(storage, reg, field)   \
 extract32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
   R_ ## reg ## _ ## field ## _LENGTH)
@@ -49,6 +63,22 @@
  * Assigning values larger then the target field will result in
  * compilation warnings.
  */
+#define FIELD_DP8(storage, reg, field, val) ({\
+struct {  \
+unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
+} v = { .v = val };   \
+uint8_t d;\
+d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
+d; })
+#define FIELD_DP16(storage, reg, field, val) ({   \
+struct {  \
+unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
+} v = { .v = val };   \
+uint16_t d;   \
+d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
+d; })
 #define FIELD_DP32(storage, reg, field, val) ({   \
 struct {  \
 unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
@@ -57,7 +87,7 @@
 d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
   R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
 d; })
-#define FIELD_DP64(storage, reg, field, val) ({   \
+#define FIELD_DP64(storage, reg, field, val) ({ \
 struct {  \
 unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
 } v = { .v = val };   \
-- 
2.11.0

[Qemu-devel] [PATCH v13 09/12] Add rx-softmmu

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Tested-by: Philippe Mathieu-Daudé 

Using only CONFIG_RX=y:
Reviewed-by: Philippe Mathieu-Daudé 

Signed-off-by: Yoshinori Sato 
---
 configure  | 8 
 default-configs/rx-softmmu.mak | 3 +++
 include/sysemu/arch_init.h | 1 +
 arch_init.c| 2 ++
 hw/Kconfig | 1 +
 5 files changed, 15 insertions(+)
 create mode 100644 default-configs/rx-softmmu.mak

diff --git a/configure b/configure
index 8999698bc2..28782762dd 100755
--- a/configure
+++ b/configure
@@ -7547,6 +7547,11 @@ case "$target_name" in
 gdb_xml_files="riscv-64bit-cpu.xml riscv-64bit-fpu.xml riscv-64bit-csr.xml"
 target_compiler=$cross_cc_riscv64
   ;;
+  rx)
+TARGET_ARCH=rx
+bflt="yes"
+target_compiler=$cross_cc_rx
+  ;;
   sh4|sh4eb)
 TARGET_ARCH=sh4
 bflt="yes"
@@ -7767,6 +7772,9 @@ for i in $ARCH $TARGET_BASE_ARCH ; do
   riscv*)
 disas_config "RISCV"
   ;;
+  rx)
+disas_config "RX"
+  ;;
   s390*)
 disas_config "S390"
   ;;
diff --git a/default-configs/rx-softmmu.mak b/default-configs/rx-softmmu.mak
new file mode 100644
index 00..a3eecefb11
--- /dev/null
+++ b/default-configs/rx-softmmu.mak
@@ -0,0 +1,3 @@
+# Default configuration for rx-softmmu
+
+CONFIG_RX_VIRT=y
diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
index 10cbafe970..3f4f844f7b 100644
--- a/include/sysemu/arch_init.h
+++ b/include/sysemu/arch_init.h
@@ -25,6 +25,7 @@ enum {
 QEMU_ARCH_NIOS2 = (1 << 17),
 QEMU_ARCH_HPPA = (1 << 18),
 QEMU_ARCH_RISCV = (1 << 19),
+QEMU_ARCH_RX = (1 << 20),
 };
 
 extern const uint32_t arch_type;
diff --git a/arch_init.c b/arch_init.c
index f4f3f610c8..cc25ddd7ca 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -74,6 +74,8 @@ int graphic_depth = 32;
 #define QEMU_ARCH QEMU_ARCH_PPC
 #elif defined(TARGET_RISCV)
 #define QEMU_ARCH QEMU_ARCH_RISCV
+#elif defined(TARGET_RX)
+#define QEMU_ARCH QEMU_ARCH_RX
 #elif defined(TARGET_S390X)
 #define QEMU_ARCH QEMU_ARCH_S390X
 #elif defined(TARGET_SH4)
diff --git a/hw/Kconfig b/hw/Kconfig
index 88b9f15007..63a071092e 100644
--- a/hw/Kconfig
+++ b/hw/Kconfig
@@ -53,6 +53,7 @@ source nios2/Kconfig
 source openrisc/Kconfig
 source ppc/Kconfig
 source riscv/Kconfig
+source rx/Kconfig
 source s390x/Kconfig
 source sh4/Kconfig
 source sparc/Kconfig
-- 
2.11.0

Re: [Qemu-devel] [RFC] hw/core/bus.c: Only the main system bus can have no parent

[Markus Armbruster]

Peter Maydell  writes:

> In commit 80376c3fc2c38fdd453 in 2010 we added a workaround for
> some qbus buses not being connected to qdev devices -- if the
> bus has no parent object then we register a reset function which
> resets the bus on system reset.
>
> Nearly a decade later, we have now no buses in the tree which
> are created with non-NULL parents, so we can remove the
> workaround and instead just assert that if the bus has a NULL
> parent then it is the main system bus.
>
> (The absence of other parentless buses was confirmed by
> code inspection of all the callsites of qbus_create() and
> qbus_create_inplace() and cross-checked by 'make check'.)

Could we assert(parent || bus == main_system_bus) in qbus_realize()?

Aside: I hate sysbus_get_default().  It creates main_system_bus on first
call, wherever that call may be hiding.  I feel we should create it
explicitly.  I'd then make main_system_bus public, and delete
sysbus_get_default().

> Signed-off-by: Peter Maydell 
> ---
> While I was reviewing Damian's reset patchset I noticed this
> code which meant that we theoretically had multiple 'roots' to
> the set of things being reset, so I wondered what was actually
> using it. It turns out nothing was :-)
>
> Commit 80376c3fc2c38fdd453 also added a TODO in vl.c suggesting
> that there is the wrong place to register the reset function
> which effectively resets the whole system starting at the
> root which is the main system bus:
>qemu_register_reset(qbus_reset_all_fn, sysbus_get_default());
> I don't understand why vl.c is a bad place to put that, and I'd
> rather not move it to qdev.c (where in qdev.c?) because that
> would reshuffle reset ordering which seems liable to cause
> regressions. So maybe we should just delete that TODO comment?

Hmm.

The one in vl.c arranges to run qbus_reset_all(main_system_bus), which
walks the tree rooted at main_system_bus, resetting its buses and
devices in post-order.

A registry of callbacks to run on certain events is a fine technique.
Relying on registration order, however, is in bad taste.  We should
model dependencies between reset functions explicitly.

That said, we can't ignore dependencies just because we've coded them
badly.

I count more than 100 qemu_register_reset(), and most of them look like
they reset hardware.  Why do devices use qemu_register_reset() instead
of DeviceClass method reset?

Registered handlers run in (implicitly defined) registration order,
reset methods in (explicit) qdev tree post order.  Much better as long
as that's the order we want.

Say we managed to clean up this mess somehow, so reset handler
registration order doesn't matter anymore.  Then moving the
qemu_register_reset() for main_system_bus from main() to wherever we
create main_system_bus would make sense, wouldn't it?

If it does make sense, we should keep the TODO in main(), because it
asks for exactly that.  Perhaps delete "by qdev.c".

> ---
>  hw/core/bus.c | 7 +++
>  1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/hw/core/bus.c b/hw/core/bus.c
> index e09843f6abe..e50287c2b35 100644
> --- a/hw/core/bus.c
> +++ b/hw/core/bus.c
> @@ -96,10 +96,9 @@ static void qbus_realize(BusState *bus, DeviceState 
> *parent, const char *name)
>  bus->parent->num_child_bus++;
>  object_property_add_child(OBJECT(bus->parent), bus->name, 
> OBJECT(bus), NULL);
>  object_unref(OBJECT(bus));
> -} else if (bus != sysbus_get_default()) {
> -/* TODO: once all bus devices are qdevified,
> -   only reset handler for main_system_bus should be registered here. 
> */
> -qemu_register_reset(qbus_reset_all_fn, bus);
> +} else {
> +/* The only bus without a parent is the main system bus */
> +assert(bus == sysbus_get_default());
>  }
>  }

You delete a qemu_register_reset() because it's unreachable.  The commit
that added it also added a qemu_unregister_reset().  It's now in
bus_unparent().  Why is it still needed?

Re: [Qemu-devel] [PATCH v2 11/13] tests/vm: netbsd autoinstall, using serial console

[Kamil Rytarowski]

On 10.05.2019 12:46, Gerd Hoffmann wrote:
> Instead of fetching the prebuilt image from patchew download the install
> iso and prepare the image locally.  Install to disk, using the serial
> console.  Create qemu user, configure ssh login.  Install packages
> needed for qemu builds.
> 
> Signed-off-by: Gerd Hoffmann 

Reviewed-by: Kamil Rytarowski 

> ---
>  tests/vm/netbsd | 187 +---
>  1 file changed, 177 insertions(+), 10 deletions(-)
> 
> diff --git a/tests/vm/netbsd b/tests/vm/netbsd
> index 4c6624ea5ed5..6dbfc1b0fbe3 100755
> --- a/tests/vm/netbsd
> +++ b/tests/vm/netbsd
> @@ -2,10 +2,11 @@
>  #
>  # NetBSD VM image
>  #
> -# Copyright 2017 Red Hat Inc.
> +# Copyright 2017-2019 Red Hat Inc.
>  #
>  # Authors:
>  #  Fam Zheng 
> +#  Gerd Hoffmann 
>  #
>  # This code is licensed under the GPL version 2 or later.  See
>  # the COPYING file in the top-level directory.
> @@ -13,32 +14,198 @@
>  
>  import os
>  import sys
> +import time
>  import subprocess
>  import basevm
>  
>  class NetBSDVM(basevm.BaseVM):
>  name = "netbsd"
>  arch = "x86_64"
> +
> +link = 
> "https://cdn.netbsd.org/pub/NetBSD/NetBSD-8.0/images/NetBSD-8.0-amd64.iso;
> +size = "20G"
> +pkgs = [
> +# tools
> +"git-base",
> +"pkgconf",
> +"xz",
> +"python37",
> +
> +# gnu tools
> +"bash",
> +"gmake",
> +"gsed",
> +"flex", "bison",
> +
> +# libs: crypto
> +"gnutls",
> +
> +# libs: images
> +"jpeg",
> +"png",
> +
> + # libs: ui
> +"SDL2",
> +"gtk3+",
> +"libxkbcommon",
> +]
> +
>  BUILD_SCRIPT = """
>  set -e;
> -rm -rf /var/tmp/qemu-test.*
> -cd $(mktemp -d /var/tmp/qemu-test.XX);
> +rm -rf /home/qemu/qemu-test.*
> +cd $(mktemp -d /home/qemu/qemu-test.XX);
> +mkdir src build; cd src;
>  tar -xf /dev/rld1a;
> -./configure --python=python2.7 {configure_opts};
> +cd ../build
> +../src/configure --python=python3.7 --disable-opengl 
> {configure_opts};
>  gmake --output-sync -j{jobs} {target} {verbose};
>  """
> +poweroff = "/sbin/poweroff"
>  
>  def build_image(self, img):
> -cimg = 
> self._download_with_cache("http://download.patchew.org/netbsd-7.1-amd64.img.xz;,
> - 
> sha256sum='b633d565b0eac3d02015cd0c81440bd8a7a8df8512615ac1ee05d318be015732')
> -img_tmp_xz = img + ".tmp.xz"
> +cimg = self._download_with_cache(self.link)
>  img_tmp = img + ".tmp"
> -sys.stderr.write("Extracting the image...\n")
> -subprocess.check_call(["cp", "-f", cimg, img_tmp_xz])
> -subprocess.check_call(["xz", "-dvf", img_tmp_xz])
> +iso = img + ".install.iso"
> +
> +self.print_step("Preparing iso and disk image")
> +subprocess.check_call(["cp", "-f", cimg, iso])
> +subprocess.check_call(["qemu-img", "create", "-f", "qcow2",
> +   img_tmp, self.size])
> +
> +self.print_step("Booting installer")
> +self.boot(img_tmp, extra_args = [
> +"-device", "VGA",
> +"-machine", "graphics=off",
> +"-cdrom", iso
> +])
> +self.console_init()
> +self.console_wait("Primary Bootstrap")
> +
> +# serial console boot menu output doesn't work for some
> +# reason, so we have to fly blind ...
> +for char in list("5consdev com0\n"):
> +time.sleep(0.2)
> +self.console_send(char)
> +self.console_wait("")
> +self.console_wait_send("> ", "boot\n")
> +
> +self.console_wait_send("Terminal type","xterm\n")
> +self.console_wait_send("a: Installation messages", "a\n")
> +self.console_wait_send("b: US-English","b\n")
> +self.console_wait_send("a: Install NetBSD","a\n")
> +self.console_wait("Shall we continue?")
> +self.console_wait_send("b: Yes",   "b\n")
> +
> +self.console_wait_send("a: ld0",   "a\n")
> +self.console_wait_send("a: This is the correct",   "a\n")
> +self.console_wait_send("b: Use the entire disk",   "b\n")
> +self.console_wait("NetBSD bootcode")
> +self.console_wait_send("a: Yes",   "a\n")
> +self.console_wait_send("b: Use existing part", "b\n")
> +self.console_wait_send("x: Partition sizes ok","x\n")
> +self.console_wait_send("for your NetBSD disk", "\n")
> +self.console_wait("Shall we continue?")
> +self.console_wait_send("b: Yes",   "b\n")
> +
> +self.console_wait_send("b: Use serial port com0",  "b\n")
> +self.console_wait_send("f: Set serial baud rate",  "f\n")
> +self.console_wait_send("a: 9600",  

Re: [Qemu-devel] [Qemu-ppc] [PATCH v8 5/6] ppc: spapr: Enable FWNMI capability

[Aravinda Prasad]

On Thursday 16 May 2019 07:15 AM, David Gibson wrote:
> On Tue, May 14, 2019 at 11:02:07AM +0530, Aravinda Prasad wrote:
>>
>>
>> On Tuesday 14 May 2019 10:17 AM, David Gibson wrote:
>>> On Mon, May 13, 2019 at 04:00:43PM +0530, Aravinda Prasad wrote:


 On Friday 10 May 2019 03:23 PM, David Gibson wrote:
> On Fri, May 10, 2019 at 12:45:29PM +0530, Aravinda Prasad wrote:
>>
>>
>> On Friday 10 May 2019 12:16 PM, David Gibson wrote:
>>> On Mon, Apr 22, 2019 at 12:33:35PM +0530, Aravinda Prasad wrote:
 Enable the KVM capability KVM_CAP_PPC_FWNMI so that
 the KVM causes guest exit with NMI as exit reason
 when it encounters a machine check exception on the
 address belonging to a guest. Without this capability
 enabled, KVM redirects machine check exceptions to
 guest's 0x200 vector.

 This patch also deals with the case when a guest with
 the KVM_CAP_PPC_FWNMI capability enabled is attempted
 to migrate to a host that does not support this
 capability.

 Signed-off-by: Aravinda Prasad 
 ---
  hw/ppc/spapr.c |1 +
  hw/ppc/spapr_caps.c|   26 ++
  hw/ppc/spapr_rtas.c|   14 ++
  include/hw/ppc/spapr.h |4 +++-
  target/ppc/kvm.c   |   14 ++
  target/ppc/kvm_ppc.h   |6 ++
  6 files changed, 64 insertions(+), 1 deletion(-)

 diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
 index ffd1715..44e09bb 100644
 --- a/hw/ppc/spapr.c
 +++ b/hw/ppc/spapr.c
 @@ -4372,6 +4372,7 @@ static void spapr_machine_class_init(ObjectClass 
 *oc, void *data)
  smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
  smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = 
 SPAPR_CAP_ON;
  smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_OFF;
 +smc->default_caps.caps[SPAPR_CAP_FWNMI_MCE] = SPAPR_CAP_OFF;
  spapr_caps_add_properties(smc, _abort);
  smc->irq = _irq_xics;
  smc->dr_phb_enabled = true;
 diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
 index edc5ed0..5b3af04 100644
 --- a/hw/ppc/spapr_caps.c
 +++ b/hw/ppc/spapr_caps.c
 @@ -473,6 +473,22 @@ static void 
 cap_ccf_assist_apply(SpaprMachineState *spapr, uint8_t val,
  }
  }
  
 +static void cap_fwnmi_mce_apply(SpaprMachineState *spapr, uint8_t val,
 +Error **errp)
 +{
 +PowerPCCPU *cpu = POWERPC_CPU(first_cpu);
 +
 +if (!val) {
 +return; /* Disabled by default */
 +}
 +
 +if (kvm_enabled()) {
 +if (kvmppc_fwnmi_enable(cpu)) {
 +error_setg(errp, "Requested fwnmi capability not support 
 by KVM");
 +}
 +}
 +}
 +
  SpaprCapabilityInfo capability_table[SPAPR_CAP_NUM] = {
  [SPAPR_CAP_HTM] = {
  .name = "htm",
 @@ -571,6 +587,15 @@ SpaprCapabilityInfo 
 capability_table[SPAPR_CAP_NUM] = {
  .type = "bool",
  .apply = cap_ccf_assist_apply,
  },
 +[SPAPR_CAP_FWNMI_MCE] = {
 +.name = "fwnmi-mce",
 +.description = "Handle fwnmi machine check exceptions",
 +.index = SPAPR_CAP_FWNMI_MCE,
 +.get = spapr_cap_get_bool,
 +.set = spapr_cap_set_bool,
 +.type = "bool",
 +.apply = cap_fwnmi_mce_apply,
 +},
  };
  
  static SpaprCapabilities default_caps_with_cpu(SpaprMachineState 
 *spapr,
 @@ -706,6 +731,7 @@ SPAPR_CAP_MIG_STATE(ibs, SPAPR_CAP_IBS);
  SPAPR_CAP_MIG_STATE(nested_kvm_hv, SPAPR_CAP_NESTED_KVM_HV);
  SPAPR_CAP_MIG_STATE(large_decr, SPAPR_CAP_LARGE_DECREMENTER);
  SPAPR_CAP_MIG_STATE(ccf_assist, SPAPR_CAP_CCF_ASSIST);
 +SPAPR_CAP_MIG_STATE(fwnmi, SPAPR_CAP_FWNMI_MCE);
  
  void spapr_caps_init(SpaprMachineState *spapr)
  {
 diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
 index d3499f9..997cf19 100644
 --- a/hw/ppc/spapr_rtas.c
 +++ b/hw/ppc/spapr_rtas.c
 @@ -49,6 +49,7 @@
  #include "hw/ppc/fdt.h"
  #include "target/ppc/mmu-hash64.h"
  #include "target/ppc/mmu-book3s-v3.h"
 +#include "kvm_ppc.h"
  
  static void rtas_display_character(PowerPCCPU *cpu, SpaprMachineState 
 *spapr,
 uint32_t token, uint32_t nargs,
 @@ -354,6 +355,7 @@ static void 

Re: [Qemu-devel] [Qemu-ppc] [PATCH v8 4/6] target/ppc: Build rtas error log upon an MCE

[Aravinda Prasad]

On Thursday 16 May 2019 07:17 AM, David Gibson wrote:
> On Tue, May 14, 2019 at 10:36:17AM +0530, Aravinda Prasad wrote:
>>
>>
>> On Tuesday 14 May 2019 10:10 AM, David Gibson wrote:
>>> On Tue, May 14, 2019 at 09:56:41AM +0530, Aravinda Prasad wrote:


 On Tuesday 14 May 2019 05:38 AM, David Gibson wrote:
> On Mon, May 13, 2019 at 01:30:53PM +0200, Greg Kurz wrote:
>> On Mon, 22 Apr 2019 12:33:26 +0530
>> Aravinda Prasad  wrote:
>>
>>> Upon a machine check exception (MCE) in a guest address space,
>>> KVM causes a guest exit to enable QEMU to build and pass the
>>> error to the guest in the PAPR defined rtas error log format.
>>>
>>> This patch builds the rtas error log, copies it to the rtas_addr
>>> and then invokes the guest registered machine check handler. The
>>> handler in the guest takes suitable action(s) depending on the type
>>> and criticality of the error. For example, if an error is
>>> unrecoverable memory corruption in an application inside the
>>> guest, then the guest kernel sends a SIGBUS to the application.
>>> For recoverable errors, the guest performs recovery actions and
>>> logs the error.
>>>
>>> Signed-off-by: Aravinda Prasad 
>>> ---
>>>  hw/ppc/spapr.c |4 +
>>>  hw/ppc/spapr_events.c  |  245 
>>> 
>>>  include/hw/ppc/spapr.h |4 +
>>>  3 files changed, 253 insertions(+)
>>>
>>> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
>>> index 2779efe..ffd1715 100644
>>> --- a/hw/ppc/spapr.c
>>> +++ b/hw/ppc/spapr.c
>>> @@ -2918,6 +2918,10 @@ static void spapr_machine_init(MachineState 
>>> *machine)
>>>  error_report("Could not get size of LPAR rtas '%s'", filename);
>>>  exit(1);
>>>  }
>>> +
>>> +/* Resize blob to accommodate error log. */
>>> +spapr->rtas_size = spapr_get_rtas_size(spapr->rtas_size);
>>> +
>>
>> This is the only user for spapr_get_rtas_size(), which is trivial.
>> I suggest you simply open-code it here.
>
> I agree.

 Sure.

>
>> But also, spapr->rtas_size is a guest visible thing, "rtas-size" prop in 
>> the
>> DT. Since existing machine types don't do that, I guess we should only 
>> use
>> the new size if cap-fwnmi-mce=on for the sake of compatibility.
>
> Yes, that's a good idea.  Changing this is very unlikely to break a
> guest, but it's easy to be safe here so let's do it.

 I did it like that because the rtas_blob is allocated based on rtas_size
 in spapr_machine_init(). During spapr_machine_init() it is not know if
 the guest calls "ibm, nmi-register". So if we want to use the new size
 only when cap_fwnmi=on, then we have to realloc the blob in "ibm,
 nmi-register".
>>>
>>> What?  Just always allocate the necessary space in
>>> spapr_machine_init() if cap_fwnmi=on, it'll be wasted if
>>> ibm,nmi-register is never called, but it's not that much space so we
>>> don't really care.
>>
>> Yes, not that much space, and ibm,nmi-register is called when the Linux
>> kernel boots. I guess, even though other OSes might not call
>> ibm,nmi-register, they do not constitute significant QEMU on Power users.
>>
>> So I think, I will keep the code as is.
> 
> No, that's not right.  It's impractical to change the allocation
> depending on whether fwnmi is currently active.  But you *can* (and
> should) base the allocation on whether fwnmi is *possible* - that is,
> the value of the spapr cap.

Sure..

> 

-- 
Regards,
Aravinda

Re: [Qemu-devel] [PATCH v12 00/12] Add RX archtecture support

[Yoshinori Sato]

On Thu, 16 May 2019 01:48:29 +0900,
Richard Henderson wrote:
> 
> On 5/13/19 11:14 PM, Yoshinori Sato wrote:
> > This patch series is added Renesas RX target emulation.
> > 
> > I fixed the ROM address because v11 was incorrect.
> > 
> > My git repository is bellow.
> > git://git.pf.osdn.net/gitroot/y/ys/ysato/qemu.git tags/rx-20190514
> > 
> > Testing binaries bellow.
> > u-boot
> > Download - https://osdn.net/users/ysato/pf/qemu/dl/u-boot.bin.gz
> > 
> > starting
> > $ gzip -d u-boot.bin.gz
> > $ qemu-system-rx -bios u-boot.bin
> > 
> > linux and pico-root (only sash)
> > Download - https://osdn.net/users/ysato/pf/qemu/dl/zImage (kernel)
> >https://osdn.net/users/ysato/pf/qemu/dl/rx-qemu.dtb (DeviceTree)
> > 
> > starting
> > $ qemu-system-rx -kernel zImage -dtb rx-qemu.dtb -append "earlycon"
> > 
> > Changes for v11.
> > - Fix ROM address.
> 
> I think this is ready to be committed, but it is difficult to tell because you
> have not retained the Reviewed-by: tags that have been given to previous 
> versions.
> 
> Looking at
> 
> https://patchwork.ozlabs.org/project/qemu-devel/list/?series==7114
> 
>   Review  Tested
> 
> >From v10:
> 13/13 -   -
> 12/13 1   -
> 11/13 -   -
> 10/13 2   1
> 09/13 1   1
> 08/13 -   1
> 07/13 -   -
> 06/13 -   1
> 05/13 1   -
> 04/13 1   1
> 03/13 1   -
> 02/13 1   -
> 01/13 1   1
> 
> >From v8:
> 08/12 1   -
> 07/12 1   -
> 06/12 1   -
> 
> In summary, only the last patch is unreviewed, and it appears that you've 
> fixed
> the issue I pointed out in v11.  I have now sent reviews for those.
> 
> In future, please retain the tags as you go through the development process.
> 
> Rather than having you send out a v13 with only changes to the tags, I will
> apply them myself while preparing an initial pull request for this.
> 
> Thanks for your patience.
>

OK.
I prepare v13 which added Reviewed-by.

Thanks.

> 
> r~
> 

-- 
Yosinori Sato

Re: [Qemu-devel] [PATCH for-4.0.1] q35: Revert to kernel irqchip

[Peter Xu]

On Tue, May 14, 2019 at 02:22:03PM -0600, Alex Williamson wrote:
> On Tue, 14 May 2019 13:03:31 -0600
> Alex Williamson  wrote:
> 
> > Commit b2fc91db8447 ("q35: set split kernel irqchip as default") changed
> > the default for the pc-q35-4.0 machine type to use split irqchip, which
> > turned out to have disasterous effects on vfio-pci INTx support.  KVM
> > resampling irqfds are registered for handling these interrupts, but
> > these are non-functional in split irqchip mode.  We can't simply test
> > for split irqchip in QEMU as userspace handling of this interrupt is a
> > significant performance regression versus KVM handling (GeForce GPUs
> > assigned to Windows VMs are non-functional without forcing MSI mode or
> > re-enabling kernel irqchip).
> > 
> > The resolution is to revert the change in default irqchip mode with a
> > new pc-q35-4.0.1 machine type for qemu-stable while the development
> > branch makes the same change in the pc-q35-4.1 machine type.  The
> > qemu-q35-4.0 machine type should not be used in vfio-pci configurations
> > for devices requiring legacy INTx support without explicitly modifying
> > the VM configuration to use KVM irqchip.  This new 4.0.1 machine type
> > makes this change automatically.
> > 
> > Link: https://bugs.launchpad.net/qemu/+bug/1826422
> > Link: https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg03305.html
> 
> This link is superseded by a v2 of the mainline patch:
> 
> Link: https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg03338.html
> 
> I believe this patch is still the proper stable backport though.  Also
> to clarify, this patch should be gated on mainline acceptance of the
> link above, but clearly there's no clean cherry-pick between mainline
> and stable for this, so I'm proposing them in parallel.  Thanks,

Agreed.  As long as the 4.1 patch can be accepted, this should be the
correct patch for 4.0-stable AFAICT:

Reviewed-by: Peter Xu 

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH for-4.1 v2] q35: Revert to kernel irqchipQEM

[Peter Xu]

On Wed, May 15, 2019 at 07:23:13AM -0600, Alex Williamson wrote:
> On Wed, 15 May 2019 14:15:03 +0800
> Peter Xu  wrote:
> 
> > On Tue, May 14, 2019 at 02:14:41PM -0600, Alex Williamson wrote:
> > > Commit b2fc91db8447 ("q35: set split kernel irqchip as default") changed
> > > the default for the pc-q35-4.0 machine type to use split irqchip, which
> > > turned out to have disasterous effects on vfio-pci INTx support.  KVM
> > > resampling irqfds are registered for handling these interrupts, but
> > > these are non-functional in split irqchip mode.  We can't simply test
> > > for split irqchip in QEMU as userspace handling of this interrupt is a
> > > significant performance regression versus KVM handling (GeForce GPUs
> > > assigned to Windows VMs are non-functional without forcing MSI mode or
> > > re-enabling kernel irqchip).
> > > 
> > > The resolution is to revert the change in default irqchip mode in the
> > > pc-q35-4.1 machine and create a pc-q35-4.0.1 machine for the 4.0-stable
> > > branch.  The qemu-q35-4.0 machine type should not be used in vfio-pci
> > > configurations for devices requiring legacy INTx support without
> > > explicitly modifying the VM configuration to use kernel irqchip.
> > > 
> > > Link: https://bugs.launchpad.net/qemu/+bug/1826422
> > > Fixes: b2fc91db8447 ("q35: set split kernel irqchip as default")
> > > Signed-off-by: Alex Williamson   
> > 
> > Hi, Alex,
> > 
> > I have two (probably naive) questions about the patch, possibly due to
> > lack of context of previous discussions so please let me know if
> > there's any upstream discussion that I can read.
> > 
> > Firstly, could I ask why we need this 4.0.1 machine type specific for
> > fixing this problem?  Asked because this seems to be the first time
> > QEMU introduces the X.Y.Z machine type in master.  Could it be somehow
> > delayed to the release of QEMU 4.1?  From the planning page I see that
> > it's releasing on Aug 06th/13th, a bit far away but not really that
> > much imho.  I'm perfectly fine with this, but I just want to make sure
> > I have the correct understanding of the motivations.
> 
> As I see it, this is a regression from previous releases, therefore it
> should be fixed in 4.0-stable.  Users are encountering this issue and
> leaning on support groups like reddit.com/r/VFIO to find workarounds.
> It would be a disservice to our user base and downstream consumers to
> simply ignore this regression until the 4.1 release.  If this is the
> first z-stream release of upstream QEMU with a new machine type, we've
> been lucky, but previous discussions indicate that we cannot currently
> change the irqchip mode without rev'ing the machine type for migration
> compatibility.
>  
> > The second question is about our previous decision to introduce QEMU
> > 4.1 machine type before it's released (which is not related to the
> > patch at all).  Is it really correct to do so before releasing of 4.1?
> > So now even with a development QEMU 4.0 branch the user will be able
> > to create 4.1 machines using "-M pc-q35-4.1", then what if the user
> > migrated a real 4.1 machine (with the to-be-released QEMU 4.1 binary)
> > to some 4.1 machine that was run with such an old 4.0 QEMU binary?
> > The problem is we can add more compatible properties into
> > pc_q35_4_1_machine_options and future pc_compat_4_1 array before QEMU
> > 4.1 is finally released and then "-M pc-q35-4.1" will actually have
> > different combination of properties IMHO, which seems to break
> > compatibility.  Am I wrong somewhere?
> 
> Users who expect migration stability from VMs based on unreleased
> development code are in for a world of hurt.  I assume that the 4.1
> machine types are entirely unstable until 4.1 is released.  We
> introduce them early in the development cycle because we've been burned
> in the past introducing them late and inconsistently.  Ideally this
> change would trigger a migration regression test to generate a warning
> for the in-development machine type changing in an incompatible way,
> we'd acknowledge that, perhaps log it to a changelog, and move on, but
> I suspect we don't have such automated testing in place.  Thanks,

I see the points, thanks for explaining (to Dan as well).

About "introducing them late and inconsistently" for the machine types
- I completely agree it was mostly always too late, e.g., in most
cases the new machine type will only be introduced by the one who will
need the first compatilble property (no matter which arch he/she is
working on and which module...).  It seems more ideal to me to just
introduce the major new machine types along with each of the QEMU
release (I mean the final release no matter which RC, it's just the
point when we push the release tag), but of course that'll be a burden
to the project maintainer or machine type maintainers... and anyway
ignoring compatible with development branches looks reasonable too.

In all cases, this patch looks good to me:

Reviewed-by: Peter Xu 

Re: [Qemu-devel] [Qemu-ppc] [PATCH v8 5/6] ppc: spapr: Enable FWNMI capability

[David Gibson]

On Tue, May 14, 2019 at 11:02:07AM +0530, Aravinda Prasad wrote:
> 
> 
> On Tuesday 14 May 2019 10:17 AM, David Gibson wrote:
> > On Mon, May 13, 2019 at 04:00:43PM +0530, Aravinda Prasad wrote:
> >>
> >>
> >> On Friday 10 May 2019 03:23 PM, David Gibson wrote:
> >>> On Fri, May 10, 2019 at 12:45:29PM +0530, Aravinda Prasad wrote:
> 
> 
>  On Friday 10 May 2019 12:16 PM, David Gibson wrote:
> > On Mon, Apr 22, 2019 at 12:33:35PM +0530, Aravinda Prasad wrote:
> >> Enable the KVM capability KVM_CAP_PPC_FWNMI so that
> >> the KVM causes guest exit with NMI as exit reason
> >> when it encounters a machine check exception on the
> >> address belonging to a guest. Without this capability
> >> enabled, KVM redirects machine check exceptions to
> >> guest's 0x200 vector.
> >>
> >> This patch also deals with the case when a guest with
> >> the KVM_CAP_PPC_FWNMI capability enabled is attempted
> >> to migrate to a host that does not support this
> >> capability.
> >>
> >> Signed-off-by: Aravinda Prasad 
> >> ---
> >>  hw/ppc/spapr.c |1 +
> >>  hw/ppc/spapr_caps.c|   26 ++
> >>  hw/ppc/spapr_rtas.c|   14 ++
> >>  include/hw/ppc/spapr.h |4 +++-
> >>  target/ppc/kvm.c   |   14 ++
> >>  target/ppc/kvm_ppc.h   |6 ++
> >>  6 files changed, 64 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> >> index ffd1715..44e09bb 100644
> >> --- a/hw/ppc/spapr.c
> >> +++ b/hw/ppc/spapr.c
> >> @@ -4372,6 +4372,7 @@ static void spapr_machine_class_init(ObjectClass 
> >> *oc, void *data)
> >>  smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
> >>  smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = 
> >> SPAPR_CAP_ON;
> >>  smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_OFF;
> >> +smc->default_caps.caps[SPAPR_CAP_FWNMI_MCE] = SPAPR_CAP_OFF;
> >>  spapr_caps_add_properties(smc, _abort);
> >>  smc->irq = _irq_xics;
> >>  smc->dr_phb_enabled = true;
> >> diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
> >> index edc5ed0..5b3af04 100644
> >> --- a/hw/ppc/spapr_caps.c
> >> +++ b/hw/ppc/spapr_caps.c
> >> @@ -473,6 +473,22 @@ static void 
> >> cap_ccf_assist_apply(SpaprMachineState *spapr, uint8_t val,
> >>  }
> >>  }
> >>  
> >> +static void cap_fwnmi_mce_apply(SpaprMachineState *spapr, uint8_t val,
> >> +Error **errp)
> >> +{
> >> +PowerPCCPU *cpu = POWERPC_CPU(first_cpu);
> >> +
> >> +if (!val) {
> >> +return; /* Disabled by default */
> >> +}
> >> +
> >> +if (kvm_enabled()) {
> >> +if (kvmppc_fwnmi_enable(cpu)) {
> >> +error_setg(errp, "Requested fwnmi capability not support 
> >> by KVM");
> >> +}
> >> +}
> >> +}
> >> +
> >>  SpaprCapabilityInfo capability_table[SPAPR_CAP_NUM] = {
> >>  [SPAPR_CAP_HTM] = {
> >>  .name = "htm",
> >> @@ -571,6 +587,15 @@ SpaprCapabilityInfo 
> >> capability_table[SPAPR_CAP_NUM] = {
> >>  .type = "bool",
> >>  .apply = cap_ccf_assist_apply,
> >>  },
> >> +[SPAPR_CAP_FWNMI_MCE] = {
> >> +.name = "fwnmi-mce",
> >> +.description = "Handle fwnmi machine check exceptions",
> >> +.index = SPAPR_CAP_FWNMI_MCE,
> >> +.get = spapr_cap_get_bool,
> >> +.set = spapr_cap_set_bool,
> >> +.type = "bool",
> >> +.apply = cap_fwnmi_mce_apply,
> >> +},
> >>  };
> >>  
> >>  static SpaprCapabilities default_caps_with_cpu(SpaprMachineState 
> >> *spapr,
> >> @@ -706,6 +731,7 @@ SPAPR_CAP_MIG_STATE(ibs, SPAPR_CAP_IBS);
> >>  SPAPR_CAP_MIG_STATE(nested_kvm_hv, SPAPR_CAP_NESTED_KVM_HV);
> >>  SPAPR_CAP_MIG_STATE(large_decr, SPAPR_CAP_LARGE_DECREMENTER);
> >>  SPAPR_CAP_MIG_STATE(ccf_assist, SPAPR_CAP_CCF_ASSIST);
> >> +SPAPR_CAP_MIG_STATE(fwnmi, SPAPR_CAP_FWNMI_MCE);
> >>  
> >>  void spapr_caps_init(SpaprMachineState *spapr)
> >>  {
> >> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> >> index d3499f9..997cf19 100644
> >> --- a/hw/ppc/spapr_rtas.c
> >> +++ b/hw/ppc/spapr_rtas.c
> >> @@ -49,6 +49,7 @@
> >>  #include "hw/ppc/fdt.h"
> >>  #include "target/ppc/mmu-hash64.h"
> >>  #include "target/ppc/mmu-book3s-v3.h"
> >> +#include "kvm_ppc.h"
> >>  
> >>  static void rtas_display_character(PowerPCCPU *cpu, SpaprMachineState 
> >> *spapr,
> >> uint32_t token, uint32_t nargs,
> >> @@ -354,6 +355,7 @@ static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
> >>

[Qemu-devel] [Bug 1828508] Re: qemu-img created VMDK files lead to "Unsupported or invalid disk type 7"

[Jake Mikelson]

Hi, I'm running 5.5.

I've been playing around with some of the options, and if I run the
below, I end up with 2 files.

qemu-img.exe convert "c:\test\AppD-VM01.vhd" -O vmdk -o
adapter_type=lsilogic,subformat=monolithicFlat -p "c:\test\AppD-
VM01.vmdk"

The files I get are:
AppD-VM01.vmdk (which is always 12kb)
AppD-VM01-flat.vmdk (which is the full size of the disk, eg 30GB).

If I then upload both of these files to the datastore, they somehow
merge into 1 and I can attach and power on the VM. If you dont upload
both files into the datastore, VMware does not recognise it.

This is the only method that seems to work for me.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1828508

Title:
  qemu-img created VMDK files lead to "Unsupported or invalid disk type
  7"

Status in QEMU:
  New

Bug description:
  Using qemu-img version 3.1.50 (v3.1.0-13607-geb2db0f7ba-dirty) on a
  Windows 10 machine.

  Converting a VHD to VMDK.
  qemu-img.exe convert "c:\test\AppD-VM01.vhd" -O vmdk -o adapter_type=buslogic 
-p "c:\test\AppD-VM01.vmdk"

  I have also tried:
  qemu-img.exe convert "c:\test\AppD-VM01.vhd" -O vmdk -o 
adapter_type=buslogic,hwversion=6 -p "c:\test\AppD-VM01.vmdk"

  Attaching the VMDK to a VM in VMware produces the following error when
  powering on.

  Power On virtual machine:Failed to open disk scsi0:1: Unsupported or invalid 
disk type 7. Ensure that the disk has been imported.
  Target: MyVM1
  vCenter Server: VCENTER
  Error Stack
  An error was received from the ESX host while powering on VM MyVM1.
  Failed to start the virtual machine.
  Module DevicePowerOn power on failed. 
  Unable to create virtual SCSI device for scsi0:1, 
'/vmfs/volumes/5cca0155-bdddf31d-2714-00215acbeb1e/AppD-VM01/AppDdisk1-VM01.vmdk'
 
  Failed to open disk scsi0:1: Unsupported or invalid disk type 7. Ensure that 
the disk has been imported.

  
  If I do not specify the adapter type, it creates an IDE VMDK which works 
perfectly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1828508/+subscriptions

Re: [Qemu-devel] [PATCH v6 24/25] target/ppc: Use gen_io_start/end around DARN

[David Gibson]

On Fri, May 10, 2019 at 10:30:48AM -0700, Richard Henderson wrote:
> Generating a random number counts as I/O, as it cannot be
> replayed and produce the same results.
> 
> Cc: David Gibson 
> Suggested-by: Peter Maydell 
> Signed-off-by: Richard Henderson 

Acked-by: David Gibson 

> ---
>  target/ppc/translate.c | 21 +++--
>  1 file changed, 15 insertions(+), 6 deletions(-)
> 
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index 8d08625c33..76628df6dd 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -1847,13 +1847,22 @@ static void gen_darn(DisasContext *ctx)
>  {
>  int l = L(ctx->opcode);
>  
> -if (l == 0) {
> -gen_helper_darn32(cpu_gpr[rD(ctx->opcode)]);
> -} else if (l <= 2) {
> -/* Return 64-bit random for both CRN and RRN */
> -gen_helper_darn64(cpu_gpr[rD(ctx->opcode)]);
> -} else {
> +if (l > 2) {
>  tcg_gen_movi_i64(cpu_gpr[rD(ctx->opcode)], -1);
> +} else {
> +if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> +gen_io_start();
> +}
> +if (l == 0) {
> +gen_helper_darn32(cpu_gpr[rD(ctx->opcode)]);
> +} else {
> +/* Return 64-bit random for both CRN and RRN */
> +gen_helper_darn64(cpu_gpr[rD(ctx->opcode)]);
> +}
> +if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> +gen_io_end();
> +gen_stop_exception(ctx);
> +}
>  }
>  }
>  #endif

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-ppc] [PATCH v8 4/6] target/ppc: Build rtas error log upon an MCE

[David Gibson]

On Tue, May 14, 2019 at 10:36:17AM +0530, Aravinda Prasad wrote:
> 
> 
> On Tuesday 14 May 2019 10:10 AM, David Gibson wrote:
> > On Tue, May 14, 2019 at 09:56:41AM +0530, Aravinda Prasad wrote:
> >>
> >>
> >> On Tuesday 14 May 2019 05:38 AM, David Gibson wrote:
> >>> On Mon, May 13, 2019 at 01:30:53PM +0200, Greg Kurz wrote:
>  On Mon, 22 Apr 2019 12:33:26 +0530
>  Aravinda Prasad  wrote:
> 
> > Upon a machine check exception (MCE) in a guest address space,
> > KVM causes a guest exit to enable QEMU to build and pass the
> > error to the guest in the PAPR defined rtas error log format.
> >
> > This patch builds the rtas error log, copies it to the rtas_addr
> > and then invokes the guest registered machine check handler. The
> > handler in the guest takes suitable action(s) depending on the type
> > and criticality of the error. For example, if an error is
> > unrecoverable memory corruption in an application inside the
> > guest, then the guest kernel sends a SIGBUS to the application.
> > For recoverable errors, the guest performs recovery actions and
> > logs the error.
> >
> > Signed-off-by: Aravinda Prasad 
> > ---
> >  hw/ppc/spapr.c |4 +
> >  hw/ppc/spapr_events.c  |  245 
> > 
> >  include/hw/ppc/spapr.h |4 +
> >  3 files changed, 253 insertions(+)
> >
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index 2779efe..ffd1715 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -2918,6 +2918,10 @@ static void spapr_machine_init(MachineState 
> > *machine)
> >  error_report("Could not get size of LPAR rtas '%s'", filename);
> >  exit(1);
> >  }
> > +
> > +/* Resize blob to accommodate error log. */
> > +spapr->rtas_size = spapr_get_rtas_size(spapr->rtas_size);
> > +
> 
>  This is the only user for spapr_get_rtas_size(), which is trivial.
>  I suggest you simply open-code it here.
> >>>
> >>> I agree.
> >>
> >> Sure.
> >>
> >>>
>  But also, spapr->rtas_size is a guest visible thing, "rtas-size" prop in 
>  the
>  DT. Since existing machine types don't do that, I guess we should only 
>  use
>  the new size if cap-fwnmi-mce=on for the sake of compatibility.
> >>>
> >>> Yes, that's a good idea.  Changing this is very unlikely to break a
> >>> guest, but it's easy to be safe here so let's do it.
> >>
> >> I did it like that because the rtas_blob is allocated based on rtas_size
> >> in spapr_machine_init(). During spapr_machine_init() it is not know if
> >> the guest calls "ibm, nmi-register". So if we want to use the new size
> >> only when cap_fwnmi=on, then we have to realloc the blob in "ibm,
> >> nmi-register".
> > 
> > What?  Just always allocate the necessary space in
> > spapr_machine_init() if cap_fwnmi=on, it'll be wasted if
> > ibm,nmi-register is never called, but it's not that much space so we
> > don't really care.
> 
> Yes, not that much space, and ibm,nmi-register is called when the Linux
> kernel boots. I guess, even though other OSes might not call
> ibm,nmi-register, they do not constitute significant QEMU on Power users.
> 
> So I think, I will keep the code as is.

No, that's not right.  It's impractical to change the allocation
depending on whether fwnmi is currently active.  But you *can* (and
should) base the allocation on whether fwnmi is *possible* - that is,
the value of the spapr cap.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] target/ppc: Set PSSCR_EC on cpu halt to prevent spurious wakeup

[David Gibson]

On Thu, May 16, 2019 at 10:57:44AM +1000, Suraj Jitindar Singh wrote:
> The processor stop status and control register (PSSCR) is used to
> control the power saving facilities of the thread. The exit criterion
> bit (EC) is used to specify whether the thread should be woken by any
> interrupt (EC == 0) or only an interrupt enabled in the LPCR to wake the
> thread (EC == 1).
> 
> The rtas facilities start-cpu and self-stop are used to transition a
> vcpu between the stopped and running states. When a vcpu is stopped it
> may only be started again by the start-cpu rtas call.
> 
> Currently a vcpu in the stopped state will start again whenever an
> interrupt comes along due to PSSCR_EC being cleared, and while this is
> architecturally correct for a hardware thread, a vcpu is expected to
> only be woken by calling start-cpu. This means when performing a reboot
> on a tcg machine that the secondary threads will restart while the
> primary is still in slof, this is unsupported and causes call traces
> like:
> 
> SLOF **
> QEMU Starting
>  Build Date = Jan 14 2019 18:00:39
>  FW Version = git-a5b428e1c1eae703
>  Press "s" to enter Open Firmware.
> 
> qemu: fatal: Trying to deliver HV exception (MSR) 70 with no HV support
> 
> NIP 6d61676963313230   LR 3dbe0308 CTR 6d61676963313233 XER 
>  CPU#1
> MSR  HID0   HF  iidx 3 didx 3
> TB 0026 115746031956 DECR 18446744073326238463
> GPR00 3dbe0308 3e669fe0 3dc10700 0003
> GPR04 3dc62198 3dc62178 3dc0ea48 0030
> GPR08 3dc621a8 0018 3e466008 3dc50700
> GPR12 c093a4e0 c0003300 c0003e533f90 
> GPR16   3e466010 3dc0b040
> GPR20 8000 f003 0006 3e66a050
> GPR24 3dc06400 3dc0ae70 0003 f001
> GPR28 3e66a060  6d61676963313233 0028
> CR 28000222  [ E  L  -  -  -  E  E  E  ] RES 
> FPR00    
> FPR04    
> FPR08    311825e0
> FPR12 311825e0   
> FPR16    
> FPR20    
> FPR24    
> FPR28    
> FPSCR 
>  SRR0 3dbe06b0  SRR1 0008PVR 004e1200 VRSAVE 
> 
> SPRG0 3dbe0308 SPRG1 3e669fe0  SPRG2 00d8  SPRG3 
> 3dbe0308
> SPRG4  SPRG5   SPRG6   SPRG7 
> 
> HSRR0 6d61676963313230 HSRR1 
>  CFAR 3dbe3e64
>  LPCR 04020008
>  PTCR    DAR   DSISR 
> Aborted (core dumped)
> 
> To fix this, set the PSSCR_EC bit when a vcpu is stopped to disable it
> from coming back online until the start-cpu rtas call is made.
> 
> Fixes: 21c0d66a9c99 ("target/ppc: Fix support for "STOP light" states on 
> POWER9")
> 
> Signed-off-by: Suraj Jitindar Singh 

Applied, thanks.

> ---
>  hw/ppc/spapr_cpu_core.c | 2 ++
>  hw/ppc/spapr_rtas.c | 6 +-
>  2 files changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
> index f04e06cdf6..5621fb9a3d 100644
> --- a/hw/ppc/spapr_cpu_core.c
> +++ b/hw/ppc/spapr_cpu_core.c
> @@ -58,9 +58,11 @@ static void spapr_cpu_reset(void *opaque)
>   *
>   * Disable Power-saving mode Exit Cause exceptions for the CPU, so
>   * we don't get spurious wakups before an RTAS start-cpu call.
> + * For the same reason, set PSSCR_EC.
>   */
>  lpcr &= ~(LPCR_VPM0 | LPCR_VPM1 | LPCR_ISL | LPCR_KBV | pcc->lpcr_pm);
>  lpcr |= LPCR_LPES0 | LPCR_LPES1;
> +env->spr[SPR_PSSCR] |= PSSCR_EC;
>  
>  /* Set RMLS to the max (ie, 16G) */
>  lpcr &= ~LPCR_RMLS;
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index ee24212765..5bc1a93271 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -177,6 +177,7 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, 
> SpaprMachineState *spapr,
>  } else {
>  lpcr &= ~(LPCR_UPRT | LPCR_GTSE | LPCR_HR);
>  }
> +env->spr[SPR_PSSCR] &= ~PSSCR_EC;
>  }
>  ppc_store_lpcr(newcpu, lpcr);
>  
> @@ -205,8 +206,11 @@ static void rtas_stop_self(PowerPCCPU *cpu, 
> SpaprMachineState *spapr,
>  
>  /* Disable 

Re: [Qemu-devel] [PATCH] spapr/xive: Sanity checks of OV5 during CAS

[David Gibson]

On Wed, May 15, 2019 at 07:04:24PM +0200, Greg Kurz wrote:
> If a machine is started with ic-mode=xive but the guest only knows
> about XICS, eg. an RHEL 7.6 guest, the kernel panics. This is
> expected but a bit unfortunate since the crash doesn't provide
> much information for the end user to guess what's happening.
> 
> Detect that during CAS and exit QEMU with a proper error message
> instead, like it is already done for the MMU.
> 
> Even if this is less likely to happen, the opposite case of a guest
> that only knows about XIVE would certainly fail all the same if the
> machine is started with ic-mode=xics.
> 
> Also, the only valid values a guest can pass in byte 23 of OV5 during
> CAS are 0b00 (XIVE legacy mode) and 0b01 (XIVE exploitation mode). Any
> other value is a bug, at least with the current spec. Again, it does
> not seem right to let the guest go on without a precise idea of the
> interrupt mode it asked for.
> 
> Handle these cases as well.
> 
> Reported-by: Satheesh Rajendran 
> Signed-off-by: Greg Kurz 

Seems sensible to me, applied.

> ---
>  hw/ppc/spapr_hcall.c |   24 
>  1 file changed, 24 insertions(+)
> 
> diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
> index 6c16d2b12040..63a55614b83d 100644
> --- a/hw/ppc/spapr_hcall.c
> +++ b/hw/ppc/spapr_hcall.c
> @@ -1513,6 +1513,7 @@ static target_ulong 
> h_client_architecture_support(PowerPCCPU *cpu,
>  bool guest_radix;
>  Error *local_err = NULL;
>  bool raw_mode_supported = false;
> +bool guest_xive;
>  
>  cas_pvr = cas_check_pvr(spapr, cpu, , _mode_supported, 
> _err);
>  if (local_err) {
> @@ -1545,10 +1546,17 @@ static target_ulong 
> h_client_architecture_support(PowerPCCPU *cpu,
>  error_report("guest requested hash and radix MMU, which is 
> invalid.");
>  exit(EXIT_FAILURE);
>  }
> +if (spapr_ovec_test(ov5_guest, OV5_XIVE_BOTH)) {
> +error_report("guest requested an invalid interrupt mode");
> +exit(EXIT_FAILURE);
> +}
> +
>  /* The radix/hash bit in byte 24 requires special handling: */
>  guest_radix = spapr_ovec_test(ov5_guest, OV5_MMU_RADIX_300);
>  spapr_ovec_clear(ov5_guest, OV5_MMU_RADIX_300);
>  
> +guest_xive = spapr_ovec_test(ov5_guest, OV5_XIVE_EXPLOIT);
> +
>  /*
>   * HPT resizing is a bit of a special case, because when enabled
>   * we assume an HPT guest will support it until it says it
> @@ -1632,6 +1640,22 @@ static target_ulong 
> h_client_architecture_support(PowerPCCPU *cpu,
>ov5_updates) != 0);
>  }
>  
> +/*
> + * Ensure the guest asks for an interrupt mode we support; otherwise
> + * terminate the boot.
> + */
> +if (guest_xive) {
> +if (spapr->irq->ov5 == SPAPR_OV5_XIVE_LEGACY) {
> +error_report("Guest requested unavailable interrupt mode 
> (XIVE)");
> +exit(EXIT_FAILURE);
> +}
> +} else {
> +if (spapr->irq->ov5 == SPAPR_OV5_XIVE_EXPLOIT) {
> +error_report("Guest requested unavailable interrupt mode 
> (XICS)");
> +exit(EXIT_FAILURE);
> +}
> +}
> +
>  /*
>   * Generate a machine reset when we have an update of the
>   * interrupt mode. Only required when the machine supports both
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [RFC v2 PATCH 2/3] spapr: Add NVDIMM device support

[David Gibson]

On Wed, May 15, 2019 at 12:30:07PM +0530, Shivaprasad G Bhat wrote:
> Hi David,
> 
> Thanks for the comments. Replies inline..
> 
> On 05/14/2019 07:52 AM, David Gibson wrote:
> > On Mon, May 13, 2019 at 04:28:02AM -0500, Shivaprasad G Bhat wrote:
> > > Add support for NVDIMM devices for sPAPR. Piggyback on existing nvdimm
> > > device interface in QEMU to support virtual NVDIMM devices for Power (May 
> > > have
> > > to re-look at this later).  Create the required DT entries for the
> > > device (some entries have dummy values right now).
> > > 
> > > The patch creates the required DT node and sends a hotplug
> > > interrupt to the guest. Guest is expected to undertake the normal
> > > DR resource add path in response and start issuing PAPR SCM hcalls.
> > > 
> > > This is how it can be used ..
> > > Add nvdimm=on to the qemu machine argument.
> > > Ex : -machine pseries,nvdimm=on
> > > For coldplug, the device to be added in qemu command line as shown below
> > > -object 
> > > memory-backend-file,id=memnvdimm0,prealloc=yes,mem-path=/tmp/nvdimm0,share=yes,size=1073872896
> > > -device 
> > > nvdimm,label-size=128k,uuid=75a3cdd7-6a2f-4791-8d15-fe0a920e8e9e,memdev=memnvdimm0,id=nvdimm0,slot=0
> > > 
> > > For hotplug, the device to be added from monitor as below
> > > object_add 
> > > memory-backend-file,id=memnvdimm0,prealloc=yes,mem-path=/tmp/nvdimm0,share=yes,size=1073872896
> > > device_add 
> > > nvdimm,label-size=128k,uuid=75a3cdd7-6a2f-4791-8d15-fe0a920e8e9e,memdev=memnvdimm0,id=nvdimm0,slot=0
> > > 
> > > Signed-off-by: Shivaprasad G Bhat 
> > > Signed-off-by: Bharata B Rao 
> > > [Early implementation]
> > > ---
> > > ---
> > >   default-configs/ppc64-softmmu.mak |1
> > >   hw/mem/Kconfig|2
> > >   hw/mem/nvdimm.c   |   43 
> > >   hw/ppc/spapr.c|  202 
> > > +++--
> > >   hw/ppc/spapr_drc.c|   18 +++
> > >   hw/ppc/spapr_events.c |4 +
> > >   include/hw/mem/nvdimm.h   |6 +
> > >   include/hw/ppc/spapr.h|   12 ++
> > >   include/hw/ppc/spapr_drc.h|9 ++
> > >   9 files changed, 286 insertions(+), 11 deletions(-)
> > > 
> > > diff --git a/default-configs/ppc64-softmmu.mak 
> > > b/default-configs/ppc64-softmmu.mak
> > > index cca52665d9..ae0841fa3a 100644
> > > --- a/default-configs/ppc64-softmmu.mak
> > > +++ b/default-configs/ppc64-softmmu.mak
> > > @@ -8,3 +8,4 @@ CONFIG_POWERNV=y
> > >   # For pSeries
> > >   CONFIG_PSERIES=y
> > > +CONFIG_NVDIMM=y
> > > diff --git a/hw/mem/Kconfig b/hw/mem/Kconfig
> > > index 620fd4cb59..2ad052a536 100644
> > > --- a/hw/mem/Kconfig
> > > +++ b/hw/mem/Kconfig
> > > @@ -8,4 +8,4 @@ config MEM_DEVICE
> > >   config NVDIMM
> > >   bool
> > >   default y
> > > -depends on PC
> > > +depends on (PC || PSERIES)
> > > diff --git a/hw/mem/nvdimm.c b/hw/mem/nvdimm.c
> > > index f221ec7a9a..deaeb5 100644
> > > --- a/hw/mem/nvdimm.c
> > > +++ b/hw/mem/nvdimm.c
> > > @@ -93,11 +93,54 @@ out:
> > >   error_propagate(errp, local_err);
> > >   }
> > > +static void nvdimm_get_uuid(Object *obj, Visitor *v, const char *name,
> > > +  void *opaque, Error **errp)
> > > +{
> > > +NVDIMMDevice *nvdimm = NVDIMM(obj);
> > > +char *value = NULL;
> > > +
> > > +value = qemu_uuid_unparse_strdup(>uuid);
> > > +
> > > +visit_type_str(v, name, , errp);
> > > +}
> > > +
> > > +
> > > +static void nvdimm_set_uuid(Object *obj, Visitor *v, const char *name,
> > > +  void *opaque, Error **errp)
> > > +{
> > > +NVDIMMDevice *nvdimm = NVDIMM(obj);
> > > +Error *local_err = NULL;
> > > +char *value;
> > > +
> > > +visit_type_str(v, name, , _err);
> > > +if (local_err) {
> > > +goto out;
> > > +}
> > > +
> > > +if (strcmp(value, "") == 0) {
> > > +error_setg(_err, "Property '%s.%s' %s is required"
> > > +   " at least 0x%lx", object_get_typename(obj),
> > > +   name, value, MIN_NAMESPACE_LABEL_SIZE);
> > > +goto out;
> > > +}
> > > +
> > > +if (qemu_uuid_parse(value, >uuid) != 0) {
> > > +error_setg(errp, "Invalid UUID");
> > > +return;
> > > +}
> > > +out:
> > > +error_propagate(errp, local_err);
> > > +}
> > > +
> > > +
> > >   static void nvdimm_init(Object *obj)
> > >   {
> > >   object_property_add(obj, NVDIMM_LABEL_SIZE_PROP, "int",
> > >   nvdimm_get_label_size, nvdimm_set_label_size, 
> > > NULL,
> > >   NULL, NULL);
> > > +
> > > +object_property_add(obj, NVDIMM_UUID_PROP, "QemuUUID", 
> > > nvdimm_get_uuid,
> > > +nvdimm_set_uuid, NULL, NULL, NULL);
> > >   }
> > >   static void nvdimm_finalize(Object *obj)
> > > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > > index 2ef3ce4362..b6951577e7 100644
> > > --- 

Re: [Qemu-devel] [PATCH v2 1/2] vfio/mdev: add version attribute for mdev device

[Yan Zhao]

On Tue, May 14, 2019 at 11:01:42PM +0800, Alex Williamson wrote:
> On Tue, 14 May 2019 09:43:44 +0200
> Erik Skultety  wrote:
> 
> > On Tue, May 14, 2019 at 03:32:19AM -0400, Yan Zhao wrote:
> > > On Tue, May 14, 2019 at 03:20:40PM +0800, Erik Skultety wrote:  
> > > > On Tue, May 14, 2019 at 02:12:35AM -0400, Yan Zhao wrote:  
> > > > > On Mon, May 13, 2019 at 09:28:04PM +0800, Erik Skultety wrote:  
> > > > > > On Fri, May 10, 2019 at 11:48:38AM +0200, Cornelia Huck wrote:  
> > > > > > > On Fri, 10 May 2019 10:36:09 +0100
> > > > > > > "Dr. David Alan Gilbert"  wrote:
> > > > > > >  
> > > > > > > > * Cornelia Huck (coh...@redhat.com) wrote:  
> > > > > > > > > On Thu, 9 May 2019 17:48:26 +0100
> > > > > > > > > "Dr. David Alan Gilbert"  wrote:
> > > > > > > > >  
> > > > > > > > > > * Cornelia Huck (coh...@redhat.com) wrote:  
> > > > > > > > > > > On Thu, 9 May 2019 16:48:57 +0100
> > > > > > > > > > > "Dr. David Alan Gilbert"  wrote:
> > > > > > > > > > >  
> > > > > > > > > > > > * Cornelia Huck (coh...@redhat.com) wrote:  
> > > > > > > > > > > > > On Tue, 7 May 2019 15:18:26 -0600
> > > > > > > > > > > > > Alex Williamson  wrote:
> > > > > > > > > > > > >  
> > > > > > > > > > > > > > On Sun,  5 May 2019 21:49:04 -0400
> > > > > > > > > > > > > > Yan Zhao  wrote:  
> > > > > > > > > > > > >  
> > > > > > > > > > > > > > > +  Errno:
> > > > > > > > > > > > > > > +  If vendor driver wants to claim a mdev device 
> > > > > > > > > > > > > > > incompatible to all other mdev
> > > > > > > > > > > > > > > +  devices, it should not register version 
> > > > > > > > > > > > > > > attribute for this mdev device. But if
> > > > > > > > > > > > > > > +  a vendor driver has already registered version 
> > > > > > > > > > > > > > > attribute and it wants to claim
> > > > > > > > > > > > > > > +  a mdev device incompatible to all other mdev 
> > > > > > > > > > > > > > > devices, it needs to return
> > > > > > > > > > > > > > > +  -ENODEV on access to this mdev device's 
> > > > > > > > > > > > > > > version attribute.
> > > > > > > > > > > > > > > +  If a mdev device is only incompatible to 
> > > > > > > > > > > > > > > certain mdev devices, write of
> > > > > > > > > > > > > > > +  incompatible mdev devices's version strings to 
> > > > > > > > > > > > > > > its version attribute should
> > > > > > > > > > > > > > > +  return -EINVAL;  
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > I think it's best not to define the specific errno 
> > > > > > > > > > > > > > returned for a
> > > > > > > > > > > > > > specific situation, let the vendor driver decide, 
> > > > > > > > > > > > > > userspace simply
> > > > > > > > > > > > > > needs to know that an errno on read indicates the 
> > > > > > > > > > > > > > device does not
> > > > > > > > > > > > > > support migration version comparison and that an 
> > > > > > > > > > > > > > errno on write
> > > > > > > > > > > > > > indicates the devices are incompatible or the 
> > > > > > > > > > > > > > target doesn't support
> > > > > > > > > > > > > > migration versions.  
> > > > > > > > > > > > >
> > > > > > > > > > > > > I think I have to disagree here: It's probably 
> > > > > > > > > > > > > valuable to have an
> > > > > > > > > > > > > agreed error for 'cannot migrate at all' vs 'cannot 
> > > > > > > > > > > > > migrate between
> > > > > > > > > > > > > those two particular devices'. Userspace might want 
> > > > > > > > > > > > > to do different
> > > > > > > > > > > > > things (e.g. trying with different device pairs).  
> > > > > > > > > > > >
> > > > > > > > > > > > Trying to stuff these things down an errno seems a bad 
> > > > > > > > > > > > idea; we can't
> > > > > > > > > > > > get much information that way.  
> > > > > > > > > > >
> > > > > > > > > > > So, what would be a reasonable approach? Userspace should 
> > > > > > > > > > > first read
> > > > > > > > > > > the version attributes on both devices (to find out 
> > > > > > > > > > > whether migration
> > > > > > > > > > > is supported at all), and only then figure out via 
> > > > > > > > > > > writing whether they
> > > > > > > > > > > are compatible?
> > > > > > > > > > >
> > > > > > > > > > > (Or just go ahead and try, if it does not care about the 
> > > > > > > > > > > reason.)  
> > > > > > > > > >
> > > > > > > > > > Well, I'm OK with something like writing to test whether 
> > > > > > > > > > it's
> > > > > > > > > > compatible, it's just we need a better way of saying 'no'.
> > > > > > > > > > I'm not sure if that involves reading back from somewhere 
> > > > > > > > > > after
> > > > > > > > > > the write or what.  
> > > > > > > > >
> > > > > > > > > Hm, so I basically see two ways of doing that:
> > > > > > > > > - standardize on some error codes... problem: error codes can 
> > > > > > > > > be hard
> > > > > > > > >   to fit to reasons
> > > > > > > > > - make the error available in some attribute that can be read
> > > > > > > > >
> > > > > > > > > I'm not sure how we can 

[Qemu-devel] [PATCH] target/ppc: Set PSSCR_EC on cpu halt to prevent spurious wakeup

[Suraj Jitindar Singh]

The processor stop status and control register (PSSCR) is used to
control the power saving facilities of the thread. The exit criterion
bit (EC) is used to specify whether the thread should be woken by any
interrupt (EC == 0) or only an interrupt enabled in the LPCR to wake the
thread (EC == 1).

The rtas facilities start-cpu and self-stop are used to transition a
vcpu between the stopped and running states. When a vcpu is stopped it
may only be started again by the start-cpu rtas call.

Currently a vcpu in the stopped state will start again whenever an
interrupt comes along due to PSSCR_EC being cleared, and while this is
architecturally correct for a hardware thread, a vcpu is expected to
only be woken by calling start-cpu. This means when performing a reboot
on a tcg machine that the secondary threads will restart while the
primary is still in slof, this is unsupported and causes call traces
like:

SLOF **
QEMU Starting
 Build Date = Jan 14 2019 18:00:39
 FW Version = git-a5b428e1c1eae703
 Press "s" to enter Open Firmware.

qemu: fatal: Trying to deliver HV exception (MSR) 70 with no HV support

NIP 6d61676963313230   LR 3dbe0308 CTR 6d61676963313233 XER 
 CPU#1
MSR  HID0   HF  iidx 3 didx 3
TB 0026 115746031956 DECR 18446744073326238463
GPR00 3dbe0308 3e669fe0 3dc10700 0003
GPR04 3dc62198 3dc62178 3dc0ea48 0030
GPR08 3dc621a8 0018 3e466008 3dc50700
GPR12 c093a4e0 c0003300 c0003e533f90 
GPR16   3e466010 3dc0b040
GPR20 8000 f003 0006 3e66a050
GPR24 3dc06400 3dc0ae70 0003 f001
GPR28 3e66a060  6d61676963313233 0028
CR 28000222  [ E  L  -  -  -  E  E  E  ] RES 
FPR00    
FPR04    
FPR08    311825e0
FPR12 311825e0   
FPR16    
FPR20    
FPR24    
FPR28    
FPSCR 
 SRR0 3dbe06b0  SRR1 0008PVR 004e1200 VRSAVE 

SPRG0 3dbe0308 SPRG1 3e669fe0  SPRG2 00d8  SPRG3 
3dbe0308
SPRG4  SPRG5   SPRG6   SPRG7 

HSRR0 6d61676963313230 HSRR1 
 CFAR 3dbe3e64
 LPCR 04020008
 PTCR    DAR   DSISR 
Aborted (core dumped)

To fix this, set the PSSCR_EC bit when a vcpu is stopped to disable it
from coming back online until the start-cpu rtas call is made.

Fixes: 21c0d66a9c99 ("target/ppc: Fix support for "STOP light" states on 
POWER9")

Signed-off-by: Suraj Jitindar Singh 
---
 hw/ppc/spapr_cpu_core.c | 2 ++
 hw/ppc/spapr_rtas.c | 6 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index f04e06cdf6..5621fb9a3d 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -58,9 +58,11 @@ static void spapr_cpu_reset(void *opaque)
  *
  * Disable Power-saving mode Exit Cause exceptions for the CPU, so
  * we don't get spurious wakups before an RTAS start-cpu call.
+ * For the same reason, set PSSCR_EC.
  */
 lpcr &= ~(LPCR_VPM0 | LPCR_VPM1 | LPCR_ISL | LPCR_KBV | pcc->lpcr_pm);
 lpcr |= LPCR_LPES0 | LPCR_LPES1;
+env->spr[SPR_PSSCR] |= PSSCR_EC;
 
 /* Set RMLS to the max (ie, 16G) */
 lpcr &= ~LPCR_RMLS;
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index ee24212765..5bc1a93271 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -177,6 +177,7 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, 
SpaprMachineState *spapr,
 } else {
 lpcr &= ~(LPCR_UPRT | LPCR_GTSE | LPCR_HR);
 }
+env->spr[SPR_PSSCR] &= ~PSSCR_EC;
 }
 ppc_store_lpcr(newcpu, lpcr);
 
@@ -205,8 +206,11 @@ static void rtas_stop_self(PowerPCCPU *cpu, 
SpaprMachineState *spapr,
 
 /* Disable Power-saving mode Exit Cause exceptions for the CPU.
  * This could deliver an interrupt on a dying CPU and crash the
- * guest */
+ * guest.
+ * For the same reason, set PSSCR_EC.
+ */
 ppc_store_lpcr(cpu, env->spr[SPR_LPCR] & ~pcc->lpcr_pm);
+env->spr[SPR_PSSCR] |= 

Re: [Qemu-devel] [Qemu-arm] [PATCH v2 1/1] target/arm: Fix vector operation segfault

[Alistair Francis]

On Wed, May 15, 2019 at 6:11 AM Alex Bennée  wrote:
>
>
> Alistair Francis  writes:
>
> > Commit 89e68b575 "target/arm: Use vector operations for saturation"
> > causes this abort() when booting QEMU ARM with a Cortex-A15:
>
> You may want to check your email settings because when I tried to apply
> this patch it failed because the message is base64 encoded which choked 
> git-am:
>
>   Content-Type: text/plain; charset="utf-8"
>   Content-Transfer-Encoding: base64

Yeah, it does look strange. I'll look into it, thanks for pointing it out.

Alistair

>
> --
> Alex Bennée

Re: [Qemu-devel] [PATCH for-4.1] vfio/common: Introduce vfio_set_irq_signaling helper

[Alex Williamson]

On Tue,  9 Apr 2019 17:58:31 +0200
Eric Auger  wrote:

> The code used to assign an interrupt index/subindex to an
> eventfd is duplicated many times. Let's introduce an helper that
> allows to set/unset the signaling for an ACTION_TRIGGER or
> ACTION_UNMASK action.
> 
> Signed-off-by: Eric Auger 
> 
> ---
> 
> This is a follow-up to
> [PATCH v2 0/2] vfio-pci: Introduce vfio_set_event_handler().
> It looks to me that introducing vfio_set_irq_signaling() has more
> benefits in term of code reduction and the helper abstraction
> looks cleaner.
> ---
>  hw/vfio/common.c  |  61 +
>  hw/vfio/pci.c | 224 --
>  hw/vfio/platform.c|  55 +++--
>  include/hw/vfio/vfio-common.h |   2 +
>  4 files changed, 134 insertions(+), 208 deletions(-)
> 
> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
> index 4374cc6176..f88fd10ca3 100644
> --- a/hw/vfio/common.c
> +++ b/hw/vfio/common.c
> @@ -95,6 +95,67 @@ void vfio_mask_single_irqindex(VFIODevice *vbasedev, int 
> index)
>  ioctl(vbasedev->fd, VFIO_DEVICE_SET_IRQS, _set);
>  }
>  
> +static inline const char *action_to_str(int action)
> +{
> +switch (action) {
> +case VFIO_IRQ_SET_ACTION_MASK:
> +return "MASK";
> +case VFIO_IRQ_SET_ACTION_UNMASK:
> +return "UNMASK";
> +case VFIO_IRQ_SET_ACTION_TRIGGER:
> +return "TRIGGER";
> +default:
> +return "UNKNOWN ACTION";
> +}
> +}
> +
> +int vfio_set_irq_signaling(VFIODevice *vbasedev, int index, int subindex,
> +   int action, int fd, Error **errp)
> +{
> +struct vfio_irq_info irq_info = { .argsz = sizeof(irq_info),
> +  .index = index };
> +struct vfio_irq_set *irq_set;
> +int argsz, ret = 0;
> +int32_t *pfd;
> +
> +ret = ioctl(vbasedev->fd, VFIO_DEVICE_GET_IRQ_INFO, _info);
> +if (ret < 0) {
> +error_setg_errno(errp, errno, "index %d does not exist", index);
> +goto error;
> +}
> +if (irq_info.count < subindex + 1) {
> +error_setg_errno(errp, errno, "subindex %d does not exist", 
> subindex);
> +goto error;
> +}
> +
> +argsz = sizeof(*irq_set) + sizeof(*pfd);
> +
> +irq_set = g_malloc0(argsz);
> +irq_set->argsz = argsz;
> +irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD | action;
> +irq_set->index = index;
> +irq_set->start = subindex;
> +irq_set->count = 1;
> +pfd = (int32_t *)_set->data;
> +*pfd = fd;
> +
> +ret = ioctl(vbasedev->fd, VFIO_DEVICE_SET_IRQS, irq_set);

Hi Eric,

Sorry for the long delay.  While I like the code reduction and
simplification, is it really acceptable that every SET_IRQS ioctl is
now a GET_IRQ_INFO + SET_IRQS?  Are we trying to protect against
devices dynamically changing their interrupt support?  Do we not trust
the callers?

> +
> +g_free(irq_set);
> +
> +if (ret) {
> +error_setg_errno(errp, -ret, "VFIO_DEVICE_SET_IRQS failure");
> +goto error;
> +}
> +return 0;
> +error:
> +error_prepend(errp,
> +  "Failed to %s %s eventfd signaling for interrupt [%d,%d]: 
> ",
> +  fd < 0 ? "tear down" : "set up", action_to_str(action),
> +  index, subindex);


Maybe icing on the cake, but this leaves me wishing it printed "MSIX-3"
rather than "[2,3]" for a PCI device ;)


> +return ret;
> +}
> +
>  /*
>   * IO Port/MMIO - Beware of the endians, VFIO is always little endian
>   */
> diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> index 504019c458..cd93ff6fa3 100644
> --- a/hw/vfio/pci.c
> +++ b/hw/vfio/pci.c
[snip]
> @@ -2718,77 +2630,43 @@ static void vfio_req_notifier_handler(void *opaque)
>  
>  static void vfio_register_req_notifier(VFIOPCIDevice *vdev)
>  {
> -struct vfio_irq_info irq_info = { .argsz = sizeof(irq_info),
> -  .index = VFIO_PCI_REQ_IRQ_INDEX };
> -int argsz;
> -struct vfio_irq_set *irq_set;
> -int32_t *pfd;
> +Error *err = NULL;
> +int32_t fd;
>  
>  if (!(vdev->features & VFIO_FEATURE_ENABLE_REQ)) {
>  return;
>  }
>  
> -if (ioctl(vdev->vbasedev.fd,
> -  VFIO_DEVICE_GET_IRQ_INFO, _info) < 0 || irq_info.count < 
> 1) {
> -return;
> -}

Here we used GET_IRQ_INFO to quietly only enable the request notifier
when it's available, now it looks like this is no longer quiet if that
support is unavailable.  Is that intentional?  Thanks,

Alex

> -
>  if (event_notifier_init(>req_notifier, 0)) {
>  error_report("vfio: Unable to init event notifier for device 
> request");
>  return;
>  }
>  
> -argsz = sizeof(*irq_set) + sizeof(*pfd);
> +fd = event_notifier_get_fd(>req_notifier);
> +qemu_set_fd_handler(fd, vfio_req_notifier_handler, NULL, vdev);
>  
> -irq_set = g_malloc0(argsz);
> -irq_set->argsz = argsz;
> -irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD |
> - 

Re: [Qemu-devel] [PATCH v9 1/7] libnvdimm: nd_region flush callback support

[Dan Williams]

On Tue, May 14, 2019 at 7:55 AM Pankaj Gupta  wrote:
>
> This patch adds functionality to perform flush from guest
> to host over VIRTIO. We are registering a callback based
> on 'nd_region' type. virtio_pmem driver requires this special
> flush function. For rest of the region types we are registering
> existing flush function. Report error returned by host fsync
> failure to userspace.
>
> Signed-off-by: Pankaj Gupta 
> ---
>  drivers/acpi/nfit/core.c |  4 ++--
>  drivers/nvdimm/claim.c   |  6 --
>  drivers/nvdimm/nd.h  |  1 +
>  drivers/nvdimm/pmem.c| 13 -
>  drivers/nvdimm/region_devs.c | 26 --
>  include/linux/libnvdimm.h|  8 +++-
>  6 files changed, 46 insertions(+), 12 deletions(-)
>
> diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
> index 5a389a4f4f65..08dde76cf459 100644
> --- a/drivers/acpi/nfit/core.c
> +++ b/drivers/acpi/nfit/core.c
> @@ -2434,7 +2434,7 @@ static void write_blk_ctl(struct nfit_blk *nfit_blk, 
> unsigned int bw,
> offset = to_interleave_offset(offset, mmio);
>
> writeq(cmd, mmio->addr.base + offset);
> -   nvdimm_flush(nfit_blk->nd_region);
> +   nvdimm_flush(nfit_blk->nd_region, NULL);
>
> if (nfit_blk->dimm_flags & NFIT_BLK_DCR_LATCH)
> readq(mmio->addr.base + offset);
> @@ -2483,7 +2483,7 @@ static int acpi_nfit_blk_single_io(struct nfit_blk 
> *nfit_blk,
> }
>
> if (rw)
> -   nvdimm_flush(nfit_blk->nd_region);
> +   nvdimm_flush(nfit_blk->nd_region, NULL);
>
> rc = read_blk_stat(nfit_blk, lane) ? -EIO : 0;
> return rc;
> diff --git a/drivers/nvdimm/claim.c b/drivers/nvdimm/claim.c
> index fb667bf469c7..13510bae1e6f 100644
> --- a/drivers/nvdimm/claim.c
> +++ b/drivers/nvdimm/claim.c
> @@ -263,7 +263,7 @@ static int nsio_rw_bytes(struct nd_namespace_common *ndns,
> struct nd_namespace_io *nsio = to_nd_namespace_io(>dev);
> unsigned int sz_align = ALIGN(size + (offset & (512 - 1)), 512);
> sector_t sector = offset >> 9;
> -   int rc = 0;
> +   int rc = 0, ret = 0;
>
> if (unlikely(!size))
> return 0;
> @@ -301,7 +301,9 @@ static int nsio_rw_bytes(struct nd_namespace_common *ndns,
> }
>
> memcpy_flushcache(nsio->addr + offset, buf, size);
> -   nvdimm_flush(to_nd_region(ndns->dev.parent));
> +   ret = nvdimm_flush(to_nd_region(ndns->dev.parent), NULL);
> +   if (ret)
> +   rc = ret;
>
> return rc;
>  }
> diff --git a/drivers/nvdimm/nd.h b/drivers/nvdimm/nd.h
> index a5ac3b240293..0c74d2428bd7 100644
> --- a/drivers/nvdimm/nd.h
> +++ b/drivers/nvdimm/nd.h
> @@ -159,6 +159,7 @@ struct nd_region {
> struct badblocks bb;
> struct nd_interleave_set *nd_set;
> struct nd_percpu_lane __percpu *lane;
> +   int (*flush)(struct nd_region *nd_region, struct bio *bio);

So this triggers:

In file included from drivers/nvdimm/e820.c:7:
./include/linux/libnvdimm.h:140:51: warning: ‘struct bio’ declared
inside parameter list will not be visible outside of this definition
or declaration
  int (*flush)(struct nd_region *nd_region, struct bio *bio);
   ^~~
I was already feeling uneasy about trying to squeeze this into v5.2,
but this warning and the continued drip of comments leads me to
conclude that this driver would do well to wait one more development
cycle. Lets close out the final fixups and let this driver soak in
-next. Then for the v5.3 cycle I'll redouble my efforts towards the
goal of closing patch acceptance at the -rc6 / -rc7 development
milestone.

[Qemu-devel] Unhandled Fault when trying to access PCIE [AARCH64/VIRT]

[Adam Parker]

Hello all,

I am attempting to write PCIe drivers for my OP-TEE project against
the Cortex-A57 using the virt machine.  I am using the default
packaged qemu, 3.0.93v3.1.0-rc3-dirty and v4.0.0-rc4.  I have added
the PCIE device to the page table of the OS and when I try to write to
PIO (0xCF8) I get an unhandled fault.  Tracing this down I found the
memory access was falling into unassigned_mem_write.  Unfortunately I
don't have an example of PCIe working so I don't know what this is
supposed to look like.  Is this normal behavior and the issue lies
elsewhere?  Or is unassigned_mem_write always a problem?  The debug
text for the unassigned_mem_write does say the correct physical
address and value for the operation.

>E/TC:0 0
>E/TC:0 0 Core data-abort at address 0x107f0cf8
>E/TC:0 0 esr 0x9650 ttbr0 0x0e29f000 ttbr1 0x cidr 0x0
>E/TC:0 0 cpu #0 cpsr 0x63c4
>E/TC:0 0 x0 107f0cf8 x1 107f
>E/TC:0 0 x2 117f x3 0e14a6a0
>E/TC:0 0 x4 0120 x5 000d
>E/TC:0 0 x6 3eff x7 0020
>E/TC:0 0 x8 0e127c48 x9 0e146d24
>E/TC:0 0 x10 0e142f20 x11 f1906769
>E/TC:0 0 x12 113044e7 x13 0e2a693c
>E/TC:0 0 x14 1180 x15 
>E/TC:0 0 x16  x17 
>E/TC:0 0 x18  x19 8000
>E/TC:0 0 x20  x21 0e1480b4
>E/TC:0 0 x22 0e1480a2 x23 0001
>E/TC:0 0 x24 0002 x25 000a
>E/TC:0 0 x26  x27 
>E/TC:0 0 x28  x29 0e2a6990
>E/TC:0 0 x30 0e125af4 elr 0e125af4
>E/TC:0 0 sp_el0 0e2a6990
>D/TC:0 0 get_fault_type:602 [abort] Unhandled fault!

Thanks,
Adam Parker

[Qemu-devel] [PULL 21/21] hw/net/ne2000: Extract the PCI device from the chipset common code

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

The ne2000.c file contains functions common the the ISA and PCI
devices. To allow to build with one or another, extract the PCI
specific part into a new file.

This fix an issue where the NE2000_ISA Kconfig had to pull the
full PCI core objects.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20190504123538.14952-1-phi...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/net/Kconfig   |   7 ++-
 hw/net/Makefile.objs |   3 +-
 hw/net/ne2000-pci.c  | 132 +++
 hw/net/ne2000.c  | 105 
 4 files changed, 139 insertions(+), 108 deletions(-)
 create mode 100644 hw/net/ne2000-pci.c

diff --git a/hw/net/Kconfig b/hw/net/Kconfig
index 7d7bbc5..4ef86dc 100644
--- a/hw/net/Kconfig
+++ b/hw/net/Kconfig
@@ -1,10 +1,14 @@
 config DP8393X
 bool
 
+config NE2000_COMMON
+bool
+
 config NE2000_PCI
 bool
 default y if PCI_DEVICES
 depends on PCI
+select NE2000_COMMON
 
 config EEPRO100_PCI
 bool
@@ -51,8 +55,7 @@ config NE2000_ISA
 bool
 default y
 depends on ISA_BUS
-depends on PCI # for NE2000State
-select NE2000_PCI
+select NE2000_COMMON
 
 config OPENCORES_ETH
 bool
diff --git a/hw/net/Makefile.objs b/hw/net/Makefile.objs
index ea63715..9904273 100644
--- a/hw/net/Makefile.objs
+++ b/hw/net/Makefile.objs
@@ -1,8 +1,9 @@
 common-obj-$(CONFIG_DP8393X) += dp8393x.o
 common-obj-$(CONFIG_XEN) += xen_nic.o
+common-obj-$(CONFIG_NE2000_COMMON) += ne2000.o
 
 # PCI network cards
-common-obj-$(CONFIG_NE2000_PCI) += ne2000.o
+common-obj-$(CONFIG_NE2000_PCI) += ne2000-pci.o
 common-obj-$(CONFIG_EEPRO100_PCI) += eepro100.o
 common-obj-$(CONFIG_PCNET_PCI) += pcnet-pci.o
 common-obj-$(CONFIG_PCNET_COMMON) += pcnet.o
diff --git a/hw/net/ne2000-pci.c b/hw/net/ne2000-pci.c
new file mode 100644
index 000..cb05744
--- /dev/null
+++ b/hw/net/ne2000-pci.c
@@ -0,0 +1,132 @@
+/*
+ * QEMU NE2000 emulation (PCI bus)
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "hw/pci/pci.h"
+#include "ne2000.h"
+#include "sysemu/sysemu.h"
+
+typedef struct PCINE2000State {
+PCIDevice dev;
+NE2000State ne2000;
+} PCINE2000State;
+
+static const VMStateDescription vmstate_pci_ne2000 = {
+.name = "ne2000",
+.version_id = 3,
+.minimum_version_id = 3,
+.fields = (VMStateField[]) {
+VMSTATE_PCI_DEVICE(dev, PCINE2000State),
+VMSTATE_STRUCT(ne2000, PCINE2000State, 0, vmstate_ne2000, NE2000State),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static NetClientInfo net_ne2000_info = {
+.type = NET_CLIENT_DRIVER_NIC,
+.size = sizeof(NICState),
+.receive = ne2000_receive,
+};
+
+static void pci_ne2000_realize(PCIDevice *pci_dev, Error **errp)
+{
+PCINE2000State *d = DO_UPCAST(PCINE2000State, dev, pci_dev);
+NE2000State *s;
+uint8_t *pci_conf;
+
+pci_conf = d->dev.config;
+pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
+
+s = >ne2000;
+ne2000_setup_io(s, DEVICE(pci_dev), 0x100);
+pci_register_bar(>dev, 0, PCI_BASE_ADDRESS_SPACE_IO, >io);
+s->irq = pci_allocate_irq(>dev);
+
+qemu_macaddr_default_if_unset(>c.macaddr);
+ne2000_reset(s);
+
+s->nic = qemu_new_nic(_ne2000_info, >c,
+  object_get_typename(OBJECT(pci_dev)),
+  pci_dev->qdev.id, s);
+qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
+}
+
+static void pci_ne2000_exit(PCIDevice *pci_dev)
+{
+PCINE2000State *d = DO_UPCAST(PCINE2000State, dev, pci_dev);
+NE2000State *s = >ne2000;
+
+qemu_del_nic(s->nic);
+qemu_free_irq(s->irq);
+}
+
+static void ne2000_instance_init(Object *obj)
+{
+PCIDevice *pci_dev = PCI_DEVICE(obj);
+PCINE2000State *d = DO_UPCAST(PCINE2000State, dev, pci_dev);
+NE2000State *s = >ne2000;
+
+

[Qemu-devel] [PULL 15/21] build: replace GENERATED_FILES by generated-files-y

[Paolo Bonzini]

From: Laurent Vivier 

When possible use generated-files-$(FLAG) to disable
some targets (like KEYCODEMAP_FILES).

Suggested-by: Paolo Bonzini 
Signed-off-by: Laurent Vivier 
Message-Id: <20190401141222.30034-3-lviv...@redhat.com>
---
 Makefile   | 36 +---
 Makefile.target|  6 +++---
 target/s390x/Makefile.objs |  2 +-
 tests/Makefile.include | 26 +-
 4 files changed, 34 insertions(+), 36 deletions(-)

diff --git a/Makefile b/Makefile
index 66d5c65..d9a3040 100644
--- a/Makefile
+++ b/Makefile
@@ -101,7 +101,7 @@ QEMU_PKGVERSION := $(if $(PKGVERSION),$(PKGVERSION),$(shell 
\
 # Either "version (pkgversion)", or just "version" if pkgversion not set
 FULL_VERSION := $(if $(QEMU_PKGVERSION),$(VERSION) 
($(QEMU_PKGVERSION)),$(VERSION))
 
-GENERATED_FILES = qemu-version.h config-host.h qemu-options.def
+generated-files-y = qemu-version.h config-host.h qemu-options.def
 
 GENERATED_QAPI_FILES = qapi/qapi-builtin-types.h qapi/qapi-builtin-types.c
 GENERATED_QAPI_FILES += qapi/qapi-types.h qapi/qapi-types.c
@@ -121,20 +121,18 @@ GENERATED_QAPI_FILES += 
$(QAPI_MODULES:%=qapi/qapi-events-%.c)
 GENERATED_QAPI_FILES += qapi/qapi-introspect.c qapi/qapi-introspect.h
 GENERATED_QAPI_FILES += qapi/qapi-doc.texi
 
-GENERATED_FILES += $(GENERATED_QAPI_FILES)
+generated-files-y += $(GENERATED_QAPI_FILES)
 
-GENERATED_FILES += trace/generated-tcg-tracers.h
+generated-files-y += trace/generated-tcg-tracers.h
 
-GENERATED_FILES += trace/generated-helpers-wrappers.h
-GENERATED_FILES += trace/generated-helpers.h
-GENERATED_FILES += trace/generated-helpers.c
+generated-files-y += trace/generated-helpers-wrappers.h
+generated-files-y += trace/generated-helpers.h
+generated-files-y += trace/generated-helpers.c
 
-ifdef CONFIG_TRACE_UST
-GENERATED_FILES += trace-ust-all.h
-GENERATED_FILES += trace-ust-all.c
-endif
+generated-files-$(CONFIG_TRACE_UST) += trace-ust-all.h
+generated-files-$(CONFIG_TRACE_UST) += trace-ust-all.c
 
-GENERATED_FILES += module_block.h
+generated-files-y += module_block.h
 
 TRACE_HEADERS = trace-root.h $(trace-events-subdirs:%=%/trace.h)
 TRACE_SOURCES = trace-root.c $(trace-events-subdirs:%=%/trace.c)
@@ -147,10 +145,10 @@ ifdef CONFIG_TRACE_UST
 TRACE_HEADERS += trace-ust-root.h $(trace-events-subdirs:%=%/trace-ust.h)
 endif
 
-GENERATED_FILES += $(TRACE_HEADERS)
-GENERATED_FILES += $(TRACE_SOURCES)
-GENERATED_FILES += $(BUILD_DIR)/trace-events-all
-GENERATED_FILES += .git-submodule-status
+generated-files-y += $(TRACE_HEADERS)
+generated-files-y += $(TRACE_SOURCES)
+generated-files-y += $(BUILD_DIR)/trace-events-all
+generated-files-y += .git-submodule-status
 
 trace-group-name = $(shell dirname $1 | sed -e 's/[^a-zA-Z0-9]/_/g')
 
@@ -281,7 +279,7 @@ KEYCODEMAP_FILES = \
 ui/input-keymap-osx-to-qcode.c \
 $(NULL)
 
-GENERATED_FILES += $(KEYCODEMAP_FILES)
+generated-files-$(CONFIG_SOFTMMU) += $(KEYCODEMAP_FILES)
 
 ui/input-keymap-%.c: $(KEYCODEMAP_GEN) $(KEYCODEMAP_CSV) 
$(SRC_PATH)/ui/Makefile.objs
$(call quiet-command,\
@@ -643,10 +641,10 @@ clean:
rm -f fsdev/*.pod scsi/*.pod
rm -f qemu-img-cmds.h
rm -f ui/shader/*-vert.h ui/shader/*-frag.h
-   @# May not be present in GENERATED_FILES
+   @# May not be present in generated-files-y
rm -f trace/generated-tracers-dtrace.dtrace*
rm -f trace/generated-tracers-dtrace.h*
-   rm -f $(foreach f,$(GENERATED_FILES),$(f) $(f)-timestamp)
+   rm -f $(foreach f,$(generated-files-y),$(f) $(f)-timestamp)
rm -f qapi-gen-timestamp
rm -rf qga/qapi-generated
for d in $(ALL_SUBDIRS); do \
@@ -1062,7 +1060,7 @@ endif # CONFIG_WIN
 # rebuilt before other object files
 ifneq ($(wildcard config-host.mak),)
 ifneq ($(filter-out $(UNCHECKED_GOALS),$(MAKECMDGOALS)),$(if 
$(MAKECMDGOALS),,fail))
-Makefile: $(GENERATED_FILES)
+Makefile: $(generated-files-y)
 endif
 endif
 
diff --git a/Makefile.target b/Makefile.target
index ae02495..fdbe7c8 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -166,7 +166,7 @@ else
 obj-y += hw/$(TARGET_BASE_ARCH)/
 endif
 
-GENERATED_FILES += hmp-commands.h hmp-commands-info.h
+generated-files-y += hmp-commands.h hmp-commands-info.h
 
 endif # CONFIG_SOFTMMU
 
@@ -236,5 +236,5 @@ ifdef CONFIG_TRACE_SYSTEMTAP
$(INSTALL_DATA) $(QEMU_PROG)-log.stp 
"$(DESTDIR)$(qemu_datadir)/../systemtap/tapset/$(QEMU_PROG)-log.stp"
 endif
 
-GENERATED_FILES += config-target.h
-Makefile: $(GENERATED_FILES)
+generated-files-y += config-target.h
+Makefile: $(generated-files-y)
diff --git a/target/s390x/Makefile.objs b/target/s390x/Makefile.objs
index 683..312bf4f 100644
--- a/target/s390x/Makefile.objs
+++ b/target/s390x/Makefile.objs
@@ -12,7 +12,7 @@ obj-$(call lnot,$(CONFIG_TCG)) += tcg-stub.o
 feat-src = $(SRC_PATH)/target/$(TARGET_BASE_ARCH)/
 feat-dst = $(BUILD_DIR)/$(TARGET_DIR)
 ifneq ($(MAKECMDGOALS),clean)
-GENERATED_FILES += 

[Qemu-devel] [PULL 17/21] build: chardev is only needed for softmmu targets

[Paolo Bonzini]

From: Laurent Vivier 

Move the dependency from SUBDIR_RULES to SOFTMMU_SUBDIR_RULES

Suggested-by: Paolo Bonzini 
Signed-off-by: Laurent Vivier 
Message-Id: <20190401141222.30034-5-lviv...@redhat.com>
---
 Makefile  | 3 ++-
 Makefile.objs | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index d9a3040..1851f8c 100644
--- a/Makefile
+++ b/Makefile
@@ -444,6 +444,7 @@ SOFTMMU_SUBDIR_RULES=$(filter %-softmmu,$(SUBDIR_RULES))
 
 $(SOFTMMU_SUBDIR_RULES): $(authz-obj-y)
 $(SOFTMMU_SUBDIR_RULES): $(block-obj-y)
+$(SOFTMMU_SUBDIR_RULES): $(chardev-obj-y)
 $(SOFTMMU_SUBDIR_RULES): $(crypto-obj-y)
 $(SOFTMMU_SUBDIR_RULES): $(io-obj-y)
 $(SOFTMMU_SUBDIR_RULES): config-all-devices.mak
@@ -480,7 +481,7 @@ subdir-capstone: .git-submodule-status
 subdir-slirp: .git-submodule-status
$(call quiet-command,$(MAKE) -C $(SRC_PATH)/slirp 
BUILD_DIR="$(BUILD_DIR)/slirp" CC="$(CC)" AR="$(AR)" LD="$(LD)" 
RANLIB="$(RANLIB)" CFLAGS="$(QEMU_CFLAGS) $(CFLAGS)" LDFLAGS="$(LDFLAGS)")
 
-$(SUBDIR_RULES): libqemuutil.a $(common-obj-y) $(chardev-obj-y) \
+$(SUBDIR_RULES): libqemuutil.a $(common-obj-y) \
$(qom-obj-y) $(crypto-aes-obj-$(CONFIG_USER_ONLY))
 
 ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))
diff --git a/Makefile.objs b/Makefile.objs
index dda5bbc..43c9e45 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -129,9 +129,9 @@ trace-events-subdirs += accel/kvm
 trace-events-subdirs += accel/tcg
 trace-events-subdirs += authz
 trace-events-subdirs += block
-trace-events-subdirs += chardev
 trace-events-subdirs += crypto
 ifeq ($(CONFIG_SOFTMMU),y)
+trace-events-subdirs += chardev
 trace-events-subdirs += audio
 trace-events-subdirs += hw/9pfs
 trace-events-subdirs += hw/acpi
-- 
1.8.3.1

[Qemu-devel] [PULL 16/21] configure: qemu-ga is only needed with softmmu targets

[Paolo Bonzini]

From: Laurent Vivier 

Remove it from the list of tools if --disable-system
and --disable-tools are used as we don't need it for
linux-user targets.

Suggested-by: Paolo Bonzini 
[lv: I also disable it with disable-tools, not only with disable-system]
Signed-off-by: Laurent Vivier 
Message-Id: <20190401141222.30034-4-lviv...@redhat.com>
---
 configure | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/configure b/configure
index 8999698..d2fc346 100755
--- a/configure
+++ b/configure
@@ -6079,7 +6079,9 @@ fi
 # Probe for guest agent support/options
 
 if [ "$guest_agent" != "no" ]; then
-  if [ "$linux" = "yes" -o "$bsd" = "yes" -o "$solaris" = "yes" -o "$mingw32" 
= "yes" ] ; then
+  if [ "$softmmu" = no -a "$want_tools" = no ] ; then
+  guest_agent=no
+  elif [ "$linux" = "yes" -o "$bsd" = "yes" -o "$solaris" = "yes" -o 
"$mingw32" = "yes" ] ; then
   tools="qemu-ga $tools"
   guest_agent=yes
   elif [ "$guest_agent" != yes ]; then
-- 
1.8.3.1

[Qemu-devel] [PULL 20/21] hw/char: Move multi-serial devices into separate file

[Paolo Bonzini]

From: Thomas Huth 

In our downstream distribution of QEMU, we'd like to ship the binary
without the multi-serial PCI devices. To make this disablement easier,
let's move the devices into a separate file and add a proper Kconfig-
switch for these devices.

Signed-off-by: Thomas Huth 
Message-Id: <1554036028-31410-1-git-send-email-th...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/char/Kconfig|   6 ++
 hw/char/Makefile.objs  |   1 +
 hw/char/serial-pci-multi.c | 208 +
 hw/char/serial-pci.c   | 170 
 4 files changed, 215 insertions(+), 170 deletions(-)
 create mode 100644 hw/char/serial-pci-multi.c

diff --git a/hw/char/Kconfig b/hw/char/Kconfig
index 6360c9f..40e7a8b 100644
--- a/hw/char/Kconfig
+++ b/hw/char/Kconfig
@@ -24,6 +24,12 @@ config SERIAL_PCI
 depends on PCI
 select SERIAL
 
+config SERIAL_PCI_MULTI
+bool
+default y if PCI_DEVICES
+depends on PCI
+select SERIAL
+
 config VIRTIO_SERIAL
 bool
 default y
diff --git a/hw/char/Makefile.objs b/hw/char/Makefile.objs
index cf086e7..02d8a66 100644
--- a/hw/char/Makefile.objs
+++ b/hw/char/Makefile.objs
@@ -7,6 +7,7 @@ common-obj-$(CONFIG_PL011) += pl011.o
 common-obj-$(CONFIG_SERIAL) += serial.o
 common-obj-$(CONFIG_SERIAL_ISA) += serial-isa.o
 common-obj-$(CONFIG_SERIAL_PCI) += serial-pci.o
+common-obj-$(CONFIG_SERIAL_PCI_MULTI) += serial-pci-multi.o
 common-obj-$(CONFIG_VIRTIO_SERIAL) += virtio-console.o
 common-obj-$(CONFIG_XILINX) += xilinx_uartlite.o
 common-obj-$(CONFIG_XEN) += xen_console.o
diff --git a/hw/char/serial-pci-multi.c b/hw/char/serial-pci-multi.c
new file mode 100644
index 000..63dcbaa
--- /dev/null
+++ b/hw/char/serial-pci-multi.c
@@ -0,0 +1,208 @@
+/*
+ * QEMU 16550A multi UART emulation
+ *
+ * SPDX-License-Identifier: MIT
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ * Copyright (c) 2008 Citrix Systems, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/* see docs/specs/pci-serial.txt */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "hw/char/serial.h"
+#include "hw/pci/pci.h"
+
+#define PCI_SERIAL_MAX_PORTS 4
+
+typedef struct PCIMultiSerialState {
+PCIDevicedev;
+MemoryRegion iobar;
+uint32_t ports;
+char *name[PCI_SERIAL_MAX_PORTS];
+SerialState  state[PCI_SERIAL_MAX_PORTS];
+uint32_t level[PCI_SERIAL_MAX_PORTS];
+qemu_irq *irqs;
+uint8_t  prog_if;
+} PCIMultiSerialState;
+
+static void multi_serial_pci_exit(PCIDevice *dev)
+{
+PCIMultiSerialState *pci = DO_UPCAST(PCIMultiSerialState, dev, dev);
+SerialState *s;
+int i;
+
+for (i = 0; i < pci->ports; i++) {
+s = pci->state + i;
+serial_exit_core(s);
+memory_region_del_subregion(>iobar, >io);
+g_free(pci->name[i]);
+}
+qemu_free_irqs(pci->irqs, pci->ports);
+}
+
+static void multi_serial_irq_mux(void *opaque, int n, int level)
+{
+PCIMultiSerialState *pci = opaque;
+int i, pending = 0;
+
+pci->level[n] = level;
+for (i = 0; i < pci->ports; i++) {
+if (pci->level[i]) {
+pending = 1;
+}
+}
+pci_set_irq(>dev, pending);
+}
+
+static void multi_serial_pci_realize(PCIDevice *dev, Error **errp)
+{
+PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
+PCIMultiSerialState *pci = DO_UPCAST(PCIMultiSerialState, dev, dev);
+SerialState *s;
+Error *err = NULL;
+int i, nr_ports = 0;
+
+switch (pc->device_id) {
+case 0x0003:
+nr_ports = 2;
+break;
+case 0x0004:
+nr_ports = 4;
+break;
+}
+assert(nr_ports > 0);
+assert(nr_ports <= PCI_SERIAL_MAX_PORTS);
+
+pci->dev.config[PCI_CLASS_PROG] = pci->prog_if;
+pci->dev.config[PCI_INTERRUPT_PIN] = 0x01;
+memory_region_init(>iobar, OBJECT(pci), "multiserial", 8 * nr_ports);
+pci_register_bar(>dev, 0, 

[Qemu-devel] [PULL 19/21] ioapic: allow buggy guests mishandling level-triggered interrupts to make progress

[Paolo Bonzini]

From: Vitaly Kuznetsov 

It was found that Hyper-V 2016 on KVM in some configurations (q35 machine +
piix4-usb-uhci) hangs on boot. Root-cause was that one of Hyper-V
level-triggered interrupt handler performs EOI before fixing the cause of
the interrupt. This results in IOAPIC keep re-raising the level-triggered
interrupt after EOI because irq-line remains asserted.

Gory details: https://www.spinics.net/lists/kvm/msg184484.html
(the whole thread).

Turns out we were dealing with similar issues before; in-kernel IOAPIC
implementation has commit 184564efae4d ("kvm: ioapic: conditionally delay
irq delivery duringeoi broadcast") which describes a very similar issue.

Steal the idea from the above mentioned commit for IOAPIC implementation in
QEMU. SUCCESSIVE_IRQ_MAX_COUNT, delay and the comment are borrowed as well.

Signed-off-by: Vitaly Kuznetsov 
Message-Id: <20190402080215.10747-1-vkuzn...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/intc/ioapic.c  | 57 +++
 hw/intc/trace-events  |  1 +
 include/hw/i386/ioapic_internal.h |  3 +++
 3 files changed, 56 insertions(+), 5 deletions(-)

diff --git a/hw/intc/ioapic.c b/hw/intc/ioapic.c
index 9d75f84..7074489 100644
--- a/hw/intc/ioapic.c
+++ b/hw/intc/ioapic.c
@@ -139,6 +139,15 @@ static void ioapic_service(IOAPICCommonState *s)
 }
 }
 
+#define SUCCESSIVE_IRQ_MAX_COUNT 1
+
+static void delayed_ioapic_service_cb(void *opaque)
+{
+IOAPICCommonState *s = opaque;
+
+ioapic_service(s);
+}
+
 static void ioapic_set_irq(void *opaque, int vector, int level)
 {
 IOAPICCommonState *s = opaque;
@@ -222,13 +231,39 @@ void ioapic_eoi_broadcast(int vector)
 }
 for (n = 0; n < IOAPIC_NUM_PINS; n++) {
 entry = s->ioredtbl[n];
-if ((entry & IOAPIC_LVT_REMOTE_IRR)
-&& (entry & IOAPIC_VECTOR_MASK) == vector) {
-trace_ioapic_clear_remote_irr(n, vector);
-s->ioredtbl[n] = entry & ~IOAPIC_LVT_REMOTE_IRR;
-if (!(entry & IOAPIC_LVT_MASKED) && (s->irr & (1 << n))) {
+
+if ((entry & IOAPIC_VECTOR_MASK) != vector ||
+((entry >> IOAPIC_LVT_TRIGGER_MODE_SHIFT) & 1) != 
IOAPIC_TRIGGER_LEVEL) {
+continue;
+}
+
+if (!(entry & IOAPIC_LVT_REMOTE_IRR)) {
+continue;
+}
+
+trace_ioapic_clear_remote_irr(n, vector);
+s->ioredtbl[n] = entry & ~IOAPIC_LVT_REMOTE_IRR;
+
+if (!(entry & IOAPIC_LVT_MASKED) && (s->irr & (1 << n))) {
+++s->irq_eoi[vector];
+if (s->irq_eoi[vector] >= SUCCESSIVE_IRQ_MAX_COUNT) {
+/*
+ * Real hardware does not deliver the interrupt immediately
+ * during eoi broadcast, and this lets a buggy guest make
+ * slow progress even if it does not correctly handle a
+ * level-triggered interrupt. Emulate this behavior if we
+ * detect an interrupt storm.
+ */
+s->irq_eoi[vector] = 0;
+timer_mod_anticipate(s->delayed_ioapic_service_timer,
+ qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) 
+
+ NANOSECONDS_PER_SECOND / 100);
+trace_ioapic_eoi_delayed_reassert(vector);
+} else {
 ioapic_service(s);
 }
+} else {
+s->irq_eoi[vector] = 0;
 }
 }
 }
@@ -401,6 +436,9 @@ static void ioapic_realize(DeviceState *dev, Error **errp)
 memory_region_init_io(>io_memory, OBJECT(s), _io_ops, s,
   "ioapic", 0x1000);
 
+s->delayed_ioapic_service_timer =
+timer_new_ns(QEMU_CLOCK_VIRTUAL, delayed_ioapic_service_cb, s);
+
 qdev_init_gpio_in(dev, ioapic_set_irq, IOAPIC_NUM_PINS);
 
 ioapics[ioapic_no] = s;
@@ -408,6 +446,14 @@ static void ioapic_realize(DeviceState *dev, Error **errp)
 qemu_add_machine_init_done_notifier(>machine_done);
 }
 
+static void ioapic_unrealize(DeviceState *dev, Error **errp)
+{
+IOAPICCommonState *s = IOAPIC_COMMON(dev);
+
+timer_del(s->delayed_ioapic_service_timer);
+timer_free(s->delayed_ioapic_service_timer);
+}
+
 static Property ioapic_properties[] = {
 DEFINE_PROP_UINT8("version", IOAPICCommonState, version, IOAPIC_VER_DEF),
 DEFINE_PROP_END_OF_LIST(),
@@ -419,6 +465,7 @@ static void ioapic_class_init(ObjectClass *klass, void 
*data)
 DeviceClass *dc = DEVICE_CLASS(klass);
 
 k->realize = ioapic_realize;
+k->unrealize = ioapic_unrealize;
 /*
  * If APIC is in kernel, we need to update the kernel cache after
  * migration, otherwise first 24 gsi routes will be invalid.
diff --git a/hw/intc/trace-events b/hw/intc/trace-events
index a28bdce..90c9d07 100644
--- 

[Qemu-devel] [PULL 18/21] build: don't build hardware objects with linux-user

[Paolo Bonzini]

From: Laurent Vivier 

Some objects are only needed for system emulation and tools.
We can ignore them for the user mode case

Update tests to run accordingly: conditionally build some tests
on CONFIG_BLOCK.

Some tests use components that are only built when softmmu or
block tools are enabled, not for linux-user. So, if these components
are not available, disable the tests.

Signed-off-by: Laurent Vivier 
Message-Id: <20190401141222.30034-6-lviv...@redhat.com>
---
 Makefile   |  4 +++
 Makefile.objs  | 14 +---
 tests/Makefile.include | 90 +-
 3 files changed, 58 insertions(+), 50 deletions(-)

diff --git a/Makefile b/Makefile
index 1851f8c..155f066 100644
--- a/Makefile
+++ b/Makefile
@@ -87,6 +87,10 @@ endif
 
 include $(SRC_PATH)/rules.mak
 
+# notempy and lor are defined in rules.mak
+CONFIG_TOOLS := $(call notempty,$(TOOLS))
+CONFIG_BLOCK := $(call lor,$(CONFIG_SOFTMMU),$(CONFIG_TOOLS))
+
 # Create QEMU_PKGVERSION and FULL_VERSION strings
 # If PKGVERSION is set, use that; otherwise get version and -dirty status from 
git
 QEMU_PKGVERSION := $(if $(PKGVERSION),$(PKGVERSION),$(shell \
diff --git a/Makefile.objs b/Makefile.objs
index 43c9e45..2b0793e 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -127,9 +127,17 @@ rdmacm-mux-obj-y = contrib/rdmacm-mux/
 trace-events-subdirs =
 trace-events-subdirs += accel/kvm
 trace-events-subdirs += accel/tcg
+trace-events-subdirs += crypto
+ifeq ($(CONFIG_USER_ONLY),y)
+trace-events-subdirs += linux-user
+endif
+ifeq ($(CONFIG_BLOCK),y)
 trace-events-subdirs += authz
 trace-events-subdirs += block
-trace-events-subdirs += crypto
+trace-events-subdirs += io
+trace-events-subdirs += nbd
+trace-events-subdirs += scsi
+endif
 ifeq ($(CONFIG_SOFTMMU),y)
 trace-events-subdirs += chardev
 trace-events-subdirs += audio
@@ -178,12 +186,8 @@ trace-events-subdirs += net
 trace-events-subdirs += ui
 endif
 trace-events-subdirs += hw/display
-trace-events-subdirs += io
-trace-events-subdirs += linux-user
-trace-events-subdirs += nbd
 trace-events-subdirs += qapi
 trace-events-subdirs += qom
-trace-events-subdirs += scsi
 trace-events-subdirs += target/arm
 trace-events-subdirs += target/hppa
 trace-events-subdirs += target/i386
diff --git a/tests/Makefile.include b/tests/Makefile.include
index ad95a14..1865f6b 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -45,7 +45,7 @@ SYSEMU_TARGET_LIST := $(subst -softmmu.mak,,$(notdir \
 
 check-unit-y += tests/check-qdict$(EXESUF)
 check-unit-y += tests/check-block-qdict$(EXESUF)
-check-unit-y += tests/test-char$(EXESUF)
+check-unit-$(CONFIG_SOFTMMU) += tests/test-char$(EXESUF)
 check-unit-y += tests/check-qnum$(EXESUF)
 check-unit-y += tests/check-qstring$(EXESUF)
 check-unit-y += tests/check-qlist$(EXESUF)
@@ -61,21 +61,21 @@ check-unit-y += tests/test-string-input-visitor$(EXESUF)
 check-unit-y += tests/test-string-output-visitor$(EXESUF)
 check-unit-y += tests/test-qmp-event$(EXESUF)
 check-unit-y += tests/test-opts-visitor$(EXESUF)
-check-unit-y += tests/test-coroutine$(EXESUF)
+check-unit-$(CONFIG_BLOCK) += tests/test-coroutine$(EXESUF)
 check-unit-y += tests/test-visitor-serialization$(EXESUF)
 check-unit-y += tests/test-iov$(EXESUF)
-check-unit-y += tests/test-aio$(EXESUF)
-check-unit-y += tests/test-aio-multithread$(EXESUF)
-check-unit-y += tests/test-throttle$(EXESUF)
-check-unit-y += tests/test-thread-pool$(EXESUF)
-check-unit-y += tests/test-hbitmap$(EXESUF)
-check-unit-y += tests/test-bdrv-drain$(EXESUF)
-check-unit-y += tests/test-bdrv-graph-mod$(EXESUF)
-check-unit-y += tests/test-blockjob$(EXESUF)
-check-unit-y += tests/test-blockjob-txn$(EXESUF)
-check-unit-y += tests/test-block-backend$(EXESUF)
-check-unit-y += tests/test-block-iothread$(EXESUF)
-check-unit-y += tests/test-image-locking$(EXESUF)
+check-unit-$(CONFIG_BLOCK) += tests/test-aio$(EXESUF)
+check-unit-$(CONFIG_BLOCK) += tests/test-aio-multithread$(EXESUF)
+check-unit-$(CONFIG_BLOCK) += tests/test-throttle$(EXESUF)
+check-unit-$(CONFIG_BLOCK) += tests/test-thread-pool$(EXESUF)
+check-unit-$(CONFIG_BLOCK) += tests/test-hbitmap$(EXESUF)
+check-unit-$(CONFIG_BLOCK) += tests/test-bdrv-drain$(EXESUF)
+check-unit-$(CONFIG_BLOCK) += tests/test-bdrv-graph-mod$(EXESUF)
+check-unit-$(CONFIG_BLOCK) += tests/test-blockjob$(EXESUF)
+check-unit-$(CONFIG_BLOCK) += tests/test-blockjob-txn$(EXESUF)
+check-unit-$(CONFIG_BLOCK) += tests/test-block-backend$(EXESUF)
+check-unit-$(CONFIG_BLOCK) += tests/test-block-iothread$(EXESUF)
+check-unit-$(CONFIG_BLOCK) += tests/test-image-locking$(EXESUF)
 check-unit-y += tests/test-x86-cpuid$(EXESUF)
 # all code tested by test-x86-cpuid is inside topology.h
 ifeq ($(CONFIG_SOFTMMU),y)
@@ -101,40 +101,40 @@ check-unit-y += tests/check-qom-interface$(EXESUF)
 check-unit-y += tests/check-qom-proplist$(EXESUF)
 check-unit-y += tests/test-qemu-opts$(EXESUF)
 check-unit-y += tests/test-keyval$(EXESUF)
-check-unit-y += tests/test-write-threshold$(EXESUF)

[Qemu-devel] [PULL 14/21] trace: only include trace-event-subdirs when they are needed

[Paolo Bonzini]

From: Laurent Vivier 

Some directories are built only for softmmu targets,
and the related trace-event-subdirs must do the same

Signed-off-by: Laurent Vivier 
Reviewed-by: Stefan Hajnoczi 
Message-Id: <20190401141222.30034-2-lviv...@redhat.com>
---
 Makefile.objs | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/Makefile.objs b/Makefile.objs
index cf065de..dda5bbc 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -127,11 +127,12 @@ rdmacm-mux-obj-y = contrib/rdmacm-mux/
 trace-events-subdirs =
 trace-events-subdirs += accel/kvm
 trace-events-subdirs += accel/tcg
-trace-events-subdirs += audio
 trace-events-subdirs += authz
 trace-events-subdirs += block
 trace-events-subdirs += chardev
 trace-events-subdirs += crypto
+ifeq ($(CONFIG_SOFTMMU),y)
+trace-events-subdirs += audio
 trace-events-subdirs += hw/9pfs
 trace-events-subdirs += hw/acpi
 trace-events-subdirs += hw/alpha
@@ -140,7 +141,6 @@ trace-events-subdirs += hw/audio
 trace-events-subdirs += hw/block
 trace-events-subdirs += hw/block/dataplane
 trace-events-subdirs += hw/char
-trace-events-subdirs += hw/display
 trace-events-subdirs += hw/dma
 trace-events-subdirs += hw/hppa
 trace-events-subdirs += hw/i2c
@@ -173,11 +173,14 @@ trace-events-subdirs += hw/virtio
 trace-events-subdirs += hw/watchdog
 trace-events-subdirs += hw/xen
 trace-events-subdirs += hw/gpio
+trace-events-subdirs += migration
+trace-events-subdirs += net
+trace-events-subdirs += ui
+endif
+trace-events-subdirs += hw/display
 trace-events-subdirs += io
 trace-events-subdirs += linux-user
-trace-events-subdirs += migration
 trace-events-subdirs += nbd
-trace-events-subdirs += net
 trace-events-subdirs += qapi
 trace-events-subdirs += qom
 trace-events-subdirs += scsi
@@ -189,7 +192,6 @@ trace-events-subdirs += target/ppc
 trace-events-subdirs += target/riscv
 trace-events-subdirs += target/s390x
 trace-events-subdirs += target/sparc
-trace-events-subdirs += ui
 trace-events-subdirs += util
 
 trace-events-files = $(SRC_PATH)/trace-events 
$(trace-events-subdirs:%=$(SRC_PATH)/%/trace-events)
-- 
1.8.3.1

[Qemu-devel] [PULL 08/21] memory: correct the comment to DIRTY_MEMORY_MIGRATION

[Paolo Bonzini]

From: Wei Yang 

The dirty bit is DIRTY_MEMORY_MIGRATION. Correct the comment.

Signed-off-by: Wei Yang 
Message-Id: <20190426020927.25470-1-richardw.y...@linux.intel.com>
Signed-off-by: Paolo Bonzini 
---
 memory.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/memory.c b/memory.c
index bb2b71e..3071c4b 100644
--- a/memory.c
+++ b/memory.c
@@ -2584,7 +2584,7 @@ void memory_global_dirty_log_start(void)
 
 MEMORY_LISTENER_CALL_GLOBAL(log_global_start, Forward);
 
-/* Refresh DIRTY_LOG_MIGRATION bit.  */
+/* Refresh DIRTY_MEMORY_MIGRATION bit.  */
 memory_region_transaction_begin();
 memory_region_update_pending = true;
 memory_region_transaction_commit();
@@ -2594,7 +2594,7 @@ static void memory_global_dirty_log_do_stop(void)
 {
 global_dirty_log = false;
 
-/* Refresh DIRTY_LOG_MIGRATION bit.  */
+/* Refresh DIRTY_MEMORY_MIGRATION bit.  */
 memory_region_transaction_begin();
 memory_region_update_pending = true;
 memory_region_transaction_commit();
-- 
1.8.3.1

[Qemu-devel] [PULL 12/21] mips-fulong2e: obey -vga none

[Paolo Bonzini]

Do not create an ATI VGA if "-vga none" was passed on the command line.

Cc: BALATON Zoltan 
Signed-off-by: Paolo Bonzini 
---
 hw/mips/mips_fulong2e.c | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index 9d7480e..05a5a82 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -349,10 +349,12 @@ static void mips_fulong2e_init(MachineState *machine)
, _bus);
 
 /* GPU */
-dev = DEVICE(pci_create(pci_bus, -1, "ati-vga"));
-qdev_prop_set_uint32(dev, "vgamem_mb", 16);
-qdev_prop_set_uint16(dev, "x-device-id", 0x5159);
-qdev_init_nofail(dev);
+if (vga_interface_type != VGA_NONE) {
+dev = DEVICE(pci_create(pci_bus, -1, "ati-vga"));
+qdev_prop_set_uint32(dev, "vgamem_mb", 16);
+qdev_prop_set_uint16(dev, "x-device-id", 0x5159);
+qdev_init_nofail(dev);
+}
 
 /* Populate SPD eeprom data */
 spd_data = spd_data_generate(DDR, ram_size, );
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v9 2/7] virtio-pmem: Add virtio pmem driver

[David Hildenbrand]

On 15.05.19 22:46, David Hildenbrand wrote:
>> +vpmem->vdev = vdev;
>> +vdev->priv = vpmem;
>> +err = init_vq(vpmem);
>> +if (err) {
>> +dev_err(>dev, "failed to initialize virtio pmem vq's\n");
>> +goto out_err;
>> +}
>> +
>> +virtio_cread(vpmem->vdev, struct virtio_pmem_config,
>> +start, >start);
>> +virtio_cread(vpmem->vdev, struct virtio_pmem_config,
>> +size, >size);
>> +
>> +res.start = vpmem->start;
>> +res.end   = vpmem->start + vpmem->size-1;
> 
> nit: " - 1;"
> 
>> +vpmem->nd_desc.provider_name = "virtio-pmem";
>> +vpmem->nd_desc.module = THIS_MODULE;
>> +
>> +vpmem->nvdimm_bus = nvdimm_bus_register(>dev,
>> +>nd_desc);
>> +if (!vpmem->nvdimm_bus) {
>> +dev_err(>dev, "failed to register device with 
>> nvdimm_bus\n");
>> +err = -ENXIO;
>> +goto out_vq;
>> +}
>> +
>> +dev_set_drvdata(>dev, vpmem->nvdimm_bus);
>> +
>> +ndr_desc.res = 
>> +ndr_desc.numa_node = nid;
>> +ndr_desc.flush = async_pmem_flush;
>> +set_bit(ND_REGION_PAGEMAP, _desc.flags);
>> +set_bit(ND_REGION_ASYNC, _desc.flags);
>> +nd_region = nvdimm_pmem_region_create(vpmem->nvdimm_bus, _desc);
>> +if (!nd_region) {
>> +dev_err(>dev, "failed to create nvdimm region\n");
>> +err = -ENXIO;
>> +goto out_nd;
>> +}
>> +nd_region->provider_data = dev_to_virtio(nd_region->dev.parent->parent);
>> +return 0;
>> +out_nd:
>> +nvdimm_bus_unregister(vpmem->nvdimm_bus);
>> +out_vq:
>> +vdev->config->del_vqs(vdev);
>> +out_err:
>> +return err;
>> +}
>> +
>> +static void virtio_pmem_remove(struct virtio_device *vdev)
>> +{
>> +struct nvdimm_bus *nvdimm_bus = dev_get_drvdata(>dev);
>> +
>> +nvdimm_bus_unregister(nvdimm_bus);
>> +vdev->config->del_vqs(vdev);
>> +vdev->config->reset(vdev);
>> +}
>> +
>> +static struct virtio_driver virtio_pmem_driver = {
>> +.driver.name= KBUILD_MODNAME,
>> +.driver.owner   = THIS_MODULE,
>> +.id_table   = id_table,
>> +.probe  = virtio_pmem_probe,
>> +.remove = virtio_pmem_remove,
>> +};
>> +
>> +module_virtio_driver(virtio_pmem_driver);
>> +MODULE_DEVICE_TABLE(virtio, id_table);
>> +MODULE_DESCRIPTION("Virtio pmem driver");
>> +MODULE_LICENSE("GPL");
>> diff --git a/drivers/nvdimm/virtio_pmem.h b/drivers/nvdimm/virtio_pmem.h
>> new file mode 100644
>> index ..ab1da877575d
>> --- /dev/null
>> +++ b/drivers/nvdimm/virtio_pmem.h
>> @@ -0,0 +1,60 @@
>> +/* SPDX-License-Identifier: GPL-2.0 */
>> +/*
>> + * virtio_pmem.h: virtio pmem Driver
>> + *
>> + * Discovers persistent memory range information
>> + * from host and provides a virtio based flushing
>> + * interface.
>> + **/
>> +
>> +#ifndef _LINUX_VIRTIO_PMEM_H
>> +#define _LINUX_VIRTIO_PMEM_H
>> +
>> +#include 
>> +#include 
>> +#include 
>> +#include 
>> +#include 
>> +#include 
>> +
>> +struct virtio_pmem_request {
>> +/* Host return status corresponding to flush request */
>> +int ret;
>> +
>> +/* command name*/
>> +char name[16];
> 
> So ... why are we sending string commands and expect native-endianess
> integers and don't define a proper request/response structure + request
> types in include/uapi/linux/virtio_pmem.h like
> 
> struct virtio_pmem_resp {
>   __virtio32 ret;
> }

FWIW, I wonder if we should even properly translate return values and
define types like

VIRTIO_PMEM_RESP_TYPE_OK0
VIRTIO_PMEM_RESP_TYPE_EIO   1

..

> 
> #define VIRTIO_PMEM_REQ_TYPE_FLUSH1
> struct virtio_pmem_req {
>   __virtio16 type;
> }
> 
> ... and this way we also define a proper endianess format for exchange
> and keep it extensible
> 
> @MST, what's your take on this?
> 
> 


-- 

Thanks,

David / dhildenb

[Qemu-devel] [PULL 13/21] sun4m: obey -vga none

[Paolo Bonzini]

Do not create a TCX if "-vga none" was passed on the command line.
Remove some dead code along the way to avoid big reindentation.

Signed-off-by: Paolo Bonzini 
---
 hw/sparc/sun4m.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index ca1e382..07d126a 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -850,7 +850,6 @@ static void sun4m_hw_init(const struct sun4m_hwdef *hwdef,
 uint32_t initrd_size;
 DriveInfo *fd[MAX_FD];
 FWCfgState *fw_cfg;
-unsigned int num_vsimms;
 DeviceState *dev;
 SysBusDevice *s;
 
@@ -909,8 +908,7 @@ static void sun4m_hw_init(const struct sun4m_hwdef *hwdef,
 error_report("Unsupported depth: %d", graphic_depth);
 exit (1);
 }
-num_vsimms = 0;
-if (num_vsimms == 0) {
+if (vga_interface_type != VGA_NONE) {
 if (vga_interface_type == VGA_CG3) {
 if (graphic_depth != 8) {
 error_report("Unsupported depth: %d", graphic_depth);
@@ -945,7 +943,7 @@ static void sun4m_hw_init(const struct sun4m_hwdef *hwdef,
 }
 }
 
-for (i = num_vsimms; i < MAX_VSIMMS; i++) {
+for (i = 0; i < MAX_VSIMMS; i++) {
 /* vsimm registers probed by OBP */
 if (hwdef->vsimm[i].reg_base) {
 empty_slot_init(hwdef->vsimm[i].reg_base, 0x2000);
-- 
1.8.3.1

[Qemu-devel] [PULL 11/21] hw/i386/acpi: Assert a pointer is not null BEFORE using it

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Commit 72c194f7e75c added a non-null check on the 'obj' pointer.
Later, commit 500b11ea5095 added code which uses the 'obj'
pointer _before_ the assertion check. Move the assertion
_before_ the pointer use.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20190427144025.22880-4-phi...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/i386/acpi-build.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 123ff2b..b4ec14e 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -186,6 +186,7 @@ static void acpi_get_pm_info(AcpiPmInfo *pm)
 pm->pcihp_io_base = 0;
 pm->pcihp_io_len = 0;
 
+assert(obj);
 init_common_fadt_data(obj, >fadt);
 if (piix) {
 /* w2k requires FADT(rev1) or it won't boot, keep PC compatible */
@@ -204,7 +205,6 @@ static void acpi_get_pm_info(AcpiPmInfo *pm)
 pm->fadt.flags |= 1 << ACPI_FADT_F_RESET_REG_SUP;
 pm->cpu_hp_io_base = ICH9_CPU_HOTPLUG_IO_BASE;
 }
-assert(obj);
 
 /* The above need not be conditional on machine type because the reset port
  * happens to be the same on PIIX (pc) and ICH9 (q35). */
-- 
1.8.3.1

[Qemu-devel] [PULL 04/21] vl: Add missing descriptions to the VGA adapters list

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Some VGA adapters do not contain an helpful description,
this can be confusing:

  $ qemu-system-arm -M virt -vga help
  none
  std  standard VGA
  cirrus   Cirrus VGA (default)
  vmware   VMWare SVGA
  xenfb

Add a description to the missing adapters:

  $ qemu-system-arm -M virt -vga help
  none no graphic card
  std  standard VGA
  cirrus   Cirrus VGA (default)
  vmware   VMWare SVGA
  xenfbXen paravirtualized framebuffer

Signed-off-by: Philippe Mathieu-Daudé 
Based-on: <20190412152713.16018-1-marcandre.lur...@redhat.com>
Reviewed-by: Marc-André Lureau 
Reviewed-by: Paul Durrant 
Message-Id: <20190412163706.3878-1-phi...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 vl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/vl.c b/vl.c
index 2e44f7d..f49b119 100644
--- a/vl.c
+++ b/vl.c
@@ -2018,6 +2018,7 @@ typedef struct VGAInterfaceInfo {
 static const VGAInterfaceInfo vga_interfaces[VGA_TYPE_MAX] = {
 [VGA_NONE] = {
 .opt_name = "none",
+.name = "no graphic card",
 },
 [VGA_STD] = {
 .opt_name = "std",
@@ -2056,6 +2057,7 @@ static const VGAInterfaceInfo 
vga_interfaces[VGA_TYPE_MAX] = {
 },
 [VGA_XENFB] = {
 .opt_name = "xenfb",
+.name = "Xen paravirtualized framebuffer",
 },
 };
 
-- 
1.8.3.1

[Qemu-devel] [PULL 10/21] hw/i386/acpi: Add object_resolve_type_unambiguous to improve modularity

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

When building with CONFIG_Q35=n, we get:

LINKx86_64-softmmu/qemu-system-x86_64
  /usr/bin/ld: hw/i386/acpi-build.o: in function `acpi_get_misc_info':
  /source/qemu/hw/i386/acpi-build.c:243: undefined reference to `ich9_lpc_find'
  collect2: error: ld returned 1 exit status
  make[1]: *** [Makefile:204: qemu-system-x86_64] Error 1

This is due to a dependency in acpi-build.c on the ICH9_LPC
(via ich9_lpc_find) and PIIX4_PM (via piix4_pm_find) devices.

To allow better modularity (compile acpi-build.c with only
Q35/ICH9 or ISAPC/PIIX4), refactor the similar helper as
object_resolve_type_unambiguous(). This way we relax the
linker dependencies and can build the x86 targets with a
selection of machines (instead of all of them).

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20190427144025.22880-3-phi...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/acpi/piix4.c | 11 ---
 hw/i386/acpi-build.c| 20 
 hw/isa/lpc_ich9.c   | 11 ---
 include/hw/acpi/piix4.h |  2 --
 include/hw/i386/ich9.h  |  2 --
 5 files changed, 16 insertions(+), 30 deletions(-)

diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 160e730..c903e65 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -552,17 +552,6 @@ static void piix4_pm_realize(PCIDevice *dev, Error **errp)
 piix4_pm_add_propeties(s);
 }
 
-Object *piix4_pm_find(void)
-{
-bool ambig;
-Object *o = object_resolve_path_type("", TYPE_PIIX4_PM, );
-
-if (ambig || !o) {
-return NULL;
-}
-return o;
-}
-
 I2CBus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
   qemu_irq sci_irq, qemu_irq smi_irq,
   int smm_enabled, DeviceState **piix4_pm)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 416da31..123ff2b 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -35,6 +35,7 @@
 #include "hw/acpi/acpi-defs.h"
 #include "hw/acpi/acpi.h"
 #include "hw/acpi/cpu.h"
+#include "hw/acpi/piix4.h"
 #include "hw/nvram/fw_cfg.h"
 #include "hw/acpi/bios-linker-loader.h"
 #include "hw/loader.h"
@@ -164,10 +165,21 @@ static void init_common_fadt_data(Object *o, AcpiFadtData 
*data)
 *data = fadt;
 }
 
+static Object *object_resolve_type_unambiguous(const char *typename)
+{
+bool ambig;
+Object *o = object_resolve_path_type("", typename, );
+
+if (ambig || !o) {
+return NULL;
+}
+return o;
+}
+
 static void acpi_get_pm_info(AcpiPmInfo *pm)
 {
-Object *piix = piix4_pm_find();
-Object *lpc = ich9_lpc_find();
+Object *piix = object_resolve_type_unambiguous(TYPE_PIIX4_PM);
+Object *lpc = object_resolve_type_unambiguous(TYPE_ICH9_LPC_DEVICE);
 Object *obj = piix ? piix : lpc;
 QObject *o;
 pm->cpu_hp_io_base = 0;
@@ -228,8 +240,8 @@ static void acpi_get_pm_info(AcpiPmInfo *pm)
 
 static void acpi_get_misc_info(AcpiMiscInfo *info)
 {
-Object *piix = piix4_pm_find();
-Object *lpc = ich9_lpc_find();
+Object *piix = object_resolve_type_unambiguous(TYPE_PIIX4_PM);
+Object *lpc = object_resolve_type_unambiguous(TYPE_ICH9_LPC_DEVICE);
 assert(!!piix != !!lpc);
 
 if (piix) {
diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index ac44aa5..031ee9c 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -624,17 +624,6 @@ static const MemoryRegionOps ich9_rst_cnt_ops = {
 .endianness = DEVICE_LITTLE_ENDIAN
 };
 
-Object *ich9_lpc_find(void)
-{
-bool ambig;
-Object *o = object_resolve_path_type("", TYPE_ICH9_LPC_DEVICE, );
-
-if (ambig) {
-return NULL;
-}
-return o;
-}
-
 static void ich9_lpc_get_sci_int(Object *obj, Visitor *v, const char *name,
  void *opaque, Error **errp)
 {
diff --git a/include/hw/acpi/piix4.h b/include/hw/acpi/piix4.h
index 57d7e1c..028bb53 100644
--- a/include/hw/acpi/piix4.h
+++ b/include/hw/acpi/piix4.h
@@ -3,6 +3,4 @@
 
 #define TYPE_PIIX4_PM "PIIX4_PM"
 
-Object *piix4_pm_find(void);
-
 #endif
diff --git a/include/hw/i386/ich9.h b/include/hw/i386/ich9.h
index 673d13d..046bcf3 100644
--- a/include/hw/i386/ich9.h
+++ b/include/hw/i386/ich9.h
@@ -81,8 +81,6 @@ typedef struct ICH9LPCState {
 qemu_irq gsi[GSI_NUM_PINS];
 } ICH9LPCState;
 
-Object *ich9_lpc_find(void);
-
 #define Q35_MASK(bit, ms_bit, ls_bit) \
 ((uint##bit##_t)(((1ULL << ((ms_bit) + 1)) - 1) & ~((1ULL << ls_bit) - 1)))
 
-- 
1.8.3.1

[Qemu-devel] [PULL 09/21] hw/acpi/piix4: Move TYPE_PIIX4_PM to a public header

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Move the TYPE_PIIX4_PM definition to the corresponding header,
so other files can use it.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20190427144025.22880-2-phi...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/acpi/piix4.c | 2 --
 include/hw/acpi/piix4.h | 2 ++
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 9c079d6..160e730 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -92,8 +92,6 @@ typedef struct PIIX4PMState {
 MemHotplugState acpi_memory_hotplug;
 } PIIX4PMState;
 
-#define TYPE_PIIX4_PM "PIIX4_PM"
-
 #define PIIX4_PM(obj) \
 OBJECT_CHECK(PIIX4PMState, (obj), TYPE_PIIX4_PM)
 
diff --git a/include/hw/acpi/piix4.h b/include/hw/acpi/piix4.h
index 26c2370..57d7e1c 100644
--- a/include/hw/acpi/piix4.h
+++ b/include/hw/acpi/piix4.h
@@ -1,6 +1,8 @@
 #ifndef HW_ACPI_PIIX4_H
 #define HW_ACPI_PIIX4_H
 
+#define TYPE_PIIX4_PM "PIIX4_PM"
+
 Object *piix4_pm_find(void);
 
 #endif
-- 
1.8.3.1

[Qemu-devel] [PULL 07/21] vl: fix -sandbox parsing crash when seccomp support is disabled

[Paolo Bonzini]

From: Marc-André Lureau 

$ ./x86_64-softmmu/qemu-system-x86_64 -sandbox off
qemu-system-x86_64: -sandbox off: There is no option group 'sandbox'
Segmentation fault

Commit 5780760f5e ("seccomp: check TSYNC host capability") wrapped one
use of the sandbox option group to produce a sensible error, it didn't
do the same for another call to qemu_opts_parse_noisily():

(gdb) bt
at util/qemu-option.c:829
 #0  0x105b36d8 in opts_parse (list=0x0, params=0x3ab5 "off", 
permit_abbrev=true, defaults=false, errp=0x3080)
 at util/qemu-option.c:829
 #1  0x105b3b74 in qemu_opts_parse_noisily (list=, 
params=, permit_abbrev=) at util/qemu-option.c:890
 #2  0x10024964 in main (argc=, argv=, 
envp=) at vl.c:3589

Fixes: 5780760f5ea6163939a5dabe7427318b4f07d1a2
Cc: da...@gibson.dropbear.id.au
Cc: ot...@redhat.com
Signed-off-by: Marc-André Lureau 
Message-Id: <20190429134757.13570-1-marcandre.lur...@redhat.com>
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Laurent Vivier 
Signed-off-by: Paolo Bonzini 
---
 vl.c | 18 ++
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/vl.c b/vl.c
index f49b119..c8ca9ff 100644
--- a/vl.c
+++ b/vl.c
@@ -3896,17 +3896,19 @@ int main(int argc, char **argv, char **envp)
 qtest_log = optarg;
 break;
 case QEMU_OPTION_sandbox:
-#ifdef CONFIG_SECCOMP
-opts = qemu_opts_parse_noisily(qemu_find_opts("sandbox"),
-   optarg, true);
+olist = qemu_find_opts("sandbox");
+if (!olist) {
+#ifndef CONFIG_SECCOMP
+error_report("-sandbox support is not enabled "
+ "in this QEMU binary");
+#endif
+exit(1);
+}
+
+opts = qemu_opts_parse_noisily(olist, optarg, true);
 if (!opts) {
 exit(1);
 }
-#else
-error_report("-sandbox support is not enabled "
- "in this QEMU binary");
-exit(1);
-#endif
 break;
 case QEMU_OPTION_add_fd:
 #ifndef _WIN32
-- 
1.8.3.1

[Qemu-devel] [PULL 01/21] hw/input: Add a CONFIG_PS2 switch for the ps2.c file

[Paolo Bonzini]

From: Thomas Huth 

ps2.c only needs to be compiled if we are building pckbd.c or pl050.c.

Signed-off-by: Thomas Huth 
Message-Id: <20190411182240.5957-1-th...@redhat.com>
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Paolo Bonzini 
---
 hw/input/Kconfig   | 5 +
 hw/input/Makefile.objs | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/input/Kconfig b/hw/input/Kconfig
index 889363d..287f088 100644
--- a/hw/input/Kconfig
+++ b/hw/input/Kconfig
@@ -8,10 +8,15 @@ config LM832X
 config PCKBD
 bool
 default y
+select PS2
 depends on ISA_BUS
 
 config PL050
 bool
+select PS2
+
+config PS2
+bool
 
 config STELLARIS_INPUT
 bool
diff --git a/hw/input/Makefile.objs b/hw/input/Makefile.objs
index d1de307..a1bc502 100644
--- a/hw/input/Makefile.objs
+++ b/hw/input/Makefile.objs
@@ -3,7 +3,7 @@ common-obj-y += hid.o
 common-obj-$(CONFIG_LM832X) += lm832x.o
 common-obj-$(CONFIG_PCKBD) += pckbd.o
 common-obj-$(CONFIG_PL050) += pl050.o
-common-obj-y += ps2.o
+common-obj-$(CONFIG_PS2) += ps2.o
 common-obj-$(CONFIG_STELLARIS_INPUT) += stellaris_input.o
 common-obj-$(CONFIG_TSC2005) += tsc2005.o
 
-- 
1.8.3.1

[Qemu-devel] [PULL 06/21] hvf: Add missing break statement

[Paolo Bonzini]

From: Chen Zhang via Qemu-devel 

In target/i386/hvf/hvf.c, a break statement was probably missing in
`hvf_vcpu_exec()`, in handling EXIT_REASON_HLT.

These lines seemed to be equivalent to `kvm_handle_halt()`.

Signed-off-by: Chen Zhang 
Message-Id: <087f1d9c-109d-41d1-be2c-ce5d840c9...@me.com>
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Paolo Bonzini 
---
 target/i386/hvf/hvf.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index 42f9447..2751c81 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -708,6 +708,7 @@ int hvf_vcpu_exec(CPUState *cpu)
 !(idtvec_info & VMCS_IDT_VEC_VALID)) {
 cpu->halted = 1;
 ret = EXCP_HLT;
+break;
 }
 ret = EXCP_INTERRUPT;
 break;
-- 
1.8.3.1

[Qemu-devel] [PULL 02/21] roms: assert if max rom size is less than the used size

[Paolo Bonzini]

From: Igor Mammedov 

It would ensure that we would notice attempt to write beyond
the allocated buffer. In case of MemoryRegion backed ROM it's
the host buffer and the guest RAM otherwise.

assert can be triggered with:
  dd if=/dev/zero of=/tmp/blob bs=63k count=1
  qemu-system-x86_64 `for  i in {1..33}; do echo -n " -acpitable /tmp/blob"; 
done`

Fixes: (a1666142db acpi-build: make ROMs RAM blocks resizeable)

Reported-by: Wei Yang 
Signed-off-by: Igor Mammedov 
Message-Id: <1554982098-336210-1-git-send-email-imamm...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/core/loader.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/core/loader.c b/hw/core/loader.c
index fe5cb24..a097bbe 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -1025,6 +1025,7 @@ MemoryRegion *rom_add_blob(const char *name, const void 
*blob, size_t len,
 rom->addr = addr;
 rom->romsize  = max_len ? max_len : len;
 rom->datasize = len;
+g_assert(rom->romsize >= rom->datasize);
 rom->data = g_malloc0(rom->datasize);
 memcpy(rom->data, blob, len);
 rom_insert(rom);
-- 
1.8.3.1

[Qemu-devel] [PULL 00/21] Misc patches for 2019-05-15

[Paolo Bonzini]

The following changes since commit e329ad2ab72c43b56df88b34954c2c7d839bb373:

  Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20190513' into 
staging (2019-05-14 10:08:47 +0100)

are available in the git repository at:


  git://github.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to 88f1090e9020057022ac04531ca87d25f67f57ca:

  hw/net/ne2000: Extract the PCI device from the chipset common code 
(2019-05-15 11:56:54 +0200)


Mostly bugfixes and cleanups, the most important being
"megasas: fix mapped frame size" from Peter Lieven.
In addition, -realtime is marked as deprecated.


Chen Zhang via Qemu-devel (1):
  hvf: Add missing break statement

Igor Mammedov (1):
  roms: assert if max rom size is less than the used size

Laurent Vivier (5):
  trace: only include trace-event-subdirs when they are needed
  build: replace GENERATED_FILES by generated-files-y
  configure: qemu-ga is only needed with softmmu targets
  build: chardev is only needed for softmmu targets
  build: don't build hardware objects with linux-user

Marc-André Lureau (1):
  vl: fix -sandbox parsing crash when seccomp support is disabled

Paolo Bonzini (2):
  mips-fulong2e: obey -vga none
  sun4m: obey -vga none

Peter Lieven (1):
  megasas: fix mapped frame size

Philippe Mathieu-Daudé (5):
  vl: Add missing descriptions to the VGA adapters list
  hw/acpi/piix4: Move TYPE_PIIX4_PM to a public header
  hw/i386/acpi: Add object_resolve_type_unambiguous to improve modularity
  hw/i386/acpi: Assert a pointer is not null BEFORE using it
  hw/net/ne2000: Extract the PCI device from the chipset common code

Thomas Huth (3):
  hw/input: Add a CONFIG_PS2 switch for the ps2.c file
  Declare -realtime as deprecated
  hw/char: Move multi-serial devices into separate file

Vitaly Kuznetsov (1):
  ioapic: allow buggy guests mishandling level-triggered interrupts to make 
progress

Wei Yang (1):
  memory: correct the comment to DIRTY_MEMORY_MIGRATION

 Makefile  |  43 
 Makefile.objs |  22 ++--
 Makefile.target   |   6 +-
 configure |   4 +-
 hw/acpi/piix4.c   |  13 ---
 hw/char/Kconfig   |   6 ++
 hw/char/Makefile.objs |   1 +
 hw/char/serial-pci-multi.c| 208 ++
 hw/char/serial-pci.c  | 170 ---
 hw/core/loader.c  |   1 +
 hw/i386/acpi-build.c  |  22 +++-
 hw/input/Kconfig  |   5 +
 hw/input/Makefile.objs|   2 +-
 hw/intc/ioapic.c  |  57 ++-
 hw/intc/trace-events  |   1 +
 hw/isa/lpc_ich9.c |  11 --
 hw/mips/mips_fulong2e.c   |  10 +-
 hw/net/Kconfig|   7 +-
 hw/net/Makefile.objs  |   3 +-
 hw/net/ne2000-pci.c   | 132 
 hw/net/ne2000.c   | 105 ---
 hw/scsi/megasas.c |   2 +-
 hw/sparc/sun4m.c  |   6 +-
 include/hw/acpi/piix4.h   |   2 +-
 include/hw/i386/ich9.h|   2 -
 include/hw/i386/ioapic_internal.h |   3 +
 memory.c  |   4 +-
 qemu-deprecated.texi  |   5 +
 target/i386/hvf/hvf.c |   1 +
 target/s390x/Makefile.objs|   2 +-
 tests/Makefile.include| 116 ++---
 vl.c  |  22 ++--
 32 files changed, 568 insertions(+), 426 deletions(-)
 create mode 100644 hw/char/serial-pci-multi.c
 create mode 100644 hw/net/ne2000-pci.c
-- 
1.8.3.1

[Qemu-devel] [PULL 05/21] megasas: fix mapped frame size

[Paolo Bonzini]

From: Peter Lieven 

the current value of 1024 bytes (16 * MFI_FRAME_SIZE) we map is not enough to 
hold
the maximum number of scatter gather elements we advertise. We actually need a
maximum of 2048 bytes. This is 128 max sg elements * 16 bytes (sizeof (union 
mfi_sgl)).

Cc: qemu-sta...@nongnu.org
Signed-off-by: Peter Lieven 
Message-Id: <20190404121015.28634-1...@kamp.de>
Reviewed-by: Hannes Reinecke 
Signed-off-by: Paolo Bonzini 
---
 hw/scsi/megasas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index a56317e..5ad762d 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -477,7 +477,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
 {
 PCIDevice *pcid = PCI_DEVICE(s);
 MegasasCmd *cmd = NULL;
-int frame_size = MFI_FRAME_SIZE * 16;
+int frame_size = MEGASAS_MAX_SGE * sizeof(union mfi_sgl);
 hwaddr frame_size_p = frame_size;
 unsigned long index;
 
-- 
1.8.3.1

[Qemu-devel] [PULL 03/21] Declare -realtime as deprecated

[Paolo Bonzini]

From: Thomas Huth 

The old -realtime mlock=on|off parameter does exactly the same as the
new -overcommit mem-lock=on|off parameter. Additionally, "-realtime"
does not activate any additional "realtime" capabilities as the name
might indicate. We should avoid to confuse the users this way, so
let's deprecate the old -realtime option.

Signed-off-by: Thomas Huth 
Reviewed-by: Eduardo Habkost 
Message-Id: <20190411175345.19414-1-th...@redhat.com>
---
 qemu-deprecated.texi | 5 +
 vl.c | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi
index 842e71b..ab62dd7 100644
--- a/qemu-deprecated.texi
+++ b/qemu-deprecated.texi
@@ -72,6 +72,11 @@ backend settings instead of environment variables.  To ease 
migration to
 the new format, the ``-audiodev-help'' option can be used to convert
 the current values of the environment variables to ``-audiodev'' options.
 
+@subsection -realtime (since 4.1)
+
+The @code{-realtime mlock=on|off} argument has been replaced by the
+@code{-overcommit mem-lock=on|off} argument.
+
 @section QEMU Machine Protocol (QMP) commands
 
 @subsection block-dirty-bitmap-add "autoload" parameter (since 2.12.0)
diff --git a/vl.c b/vl.c
index b670951..2e44f7d 100644
--- a/vl.c
+++ b/vl.c
@@ -3927,6 +3927,8 @@ int main(int argc, char **argv, char **envp)
 }
 break;
 case QEMU_OPTION_realtime:
+warn_report("'-realtime mlock=...' is deprecated, please use "
+ "'-overcommit mem-lock=...' instead");
 opts = qemu_opts_parse_noisily(qemu_find_opts("realtime"),
optarg, false);
 if (!opts) {
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v9 4/7] dm: enable synchronous dax

[Dan Williams]

[ add Mike and dm-devel ]

Mike, any concerns with the below addition to the device-mapper-dax
implementation?

On Tue, May 14, 2019 at 7:58 AM Pankaj Gupta  wrote:
>
>  This patch sets dax device 'DAXDEV_SYNC' flag if all the target
>  devices of device mapper support synchrononous DAX. If device
>  mapper consists of both synchronous and asynchronous dax devices,
>  we don't set 'DAXDEV_SYNC' flag.
>
> Signed-off-by: Pankaj Gupta 
> ---
>  drivers/md/dm-table.c | 14 ++
>  1 file changed, 14 insertions(+)
>
> diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c
> index cde3b49b2a91..1cce626ff576 100644
> --- a/drivers/md/dm-table.c
> +++ b/drivers/md/dm-table.c
> @@ -886,10 +886,17 @@ static int device_supports_dax(struct dm_target *ti, 
> struct dm_dev *dev,
> return bdev_dax_supported(dev->bdev, PAGE_SIZE);
>  }
>
> +static int device_synchronous(struct dm_target *ti, struct dm_dev *dev,
> +  sector_t start, sector_t len, void *data)
> +{
> +   return dax_synchronous(dev->dax_dev);
> +}
> +
>  static bool dm_table_supports_dax(struct dm_table *t)
>  {
> struct dm_target *ti;
> unsigned i;
> +   bool dax_sync = true;
>
> /* Ensure that all targets support DAX. */
> for (i = 0; i < dm_table_get_num_targets(t); i++) {
> @@ -901,7 +908,14 @@ static bool dm_table_supports_dax(struct dm_table *t)
> if (!ti->type->iterate_devices ||
> !ti->type->iterate_devices(ti, device_supports_dax, NULL))
> return false;
> +
> +   /* Check devices support synchronous DAX */
> +   if (dax_sync &&
> +   !ti->type->iterate_devices(ti, device_synchronous, NULL))
> +   dax_sync = false;
> }
> +   if (dax_sync)
> +   set_dax_synchronous(t->md->dax_dev);
>
> return true;
>  }
> --
> 2.20.1
>

Re: [Qemu-devel] [PATCH v9 2/7] virtio-pmem: Add virtio pmem driver

[Dan Williams]

On Tue, May 14, 2019 at 8:25 AM Pankaj Gupta  wrote:
>
>
> > On 5/14/19 7:54 AM, Pankaj Gupta wrote:
> > > diff --git a/drivers/virtio/Kconfig b/drivers/virtio/Kconfig
> > > index 35897649c24f..94bad084ebab 100644
> > > --- a/drivers/virtio/Kconfig
> > > +++ b/drivers/virtio/Kconfig
> > > @@ -42,6 +42,17 @@ config VIRTIO_PCI_LEGACY
> > >
> > >   If unsure, say Y.
> > >
> > > +config VIRTIO_PMEM
> > > +   tristate "Support for virtio pmem driver"
> > > +   depends on VIRTIO
> > > +   depends on LIBNVDIMM
> > > +   help
> > > +   This driver provides access to virtio-pmem devices, storage devices
> > > +   that are mapped into the physical address space - similar to NVDIMMs
> > > +- with a virtio-based flushing interface.
> > > +
> > > +   If unsure, say M.
> >
> > 
> > from Documentation/process/coding-style.rst:
> > "Lines under a ``config`` definition
> > are indented with one tab, while help text is indented an additional two
> > spaces."
>
> ah... I changed help text and 'checkpatch' did not say anything :( .
>
> Will wait for Dan, If its possible to add two spaces to help text while 
> applying
> the series.

I'm inclined to handle this with a fixup appended to the end of the
series just so the patchwork-bot does not get confused by the content
changing from what was sent to the list.

Re: [Qemu-devel] [PATCH v9 2/7] virtio-pmem: Add virtio pmem driver

[David Hildenbrand]

> + vpmem->vdev = vdev;
> + vdev->priv = vpmem;
> + err = init_vq(vpmem);
> + if (err) {
> + dev_err(>dev, "failed to initialize virtio pmem vq's\n");
> + goto out_err;
> + }
> +
> + virtio_cread(vpmem->vdev, struct virtio_pmem_config,
> + start, >start);
> + virtio_cread(vpmem->vdev, struct virtio_pmem_config,
> + size, >size);
> +
> + res.start = vpmem->start;
> + res.end   = vpmem->start + vpmem->size-1;

nit: " - 1;"

> + vpmem->nd_desc.provider_name = "virtio-pmem";
> + vpmem->nd_desc.module = THIS_MODULE;
> +
> + vpmem->nvdimm_bus = nvdimm_bus_register(>dev,
> + >nd_desc);
> + if (!vpmem->nvdimm_bus) {
> + dev_err(>dev, "failed to register device with 
> nvdimm_bus\n");
> + err = -ENXIO;
> + goto out_vq;
> + }
> +
> + dev_set_drvdata(>dev, vpmem->nvdimm_bus);
> +
> + ndr_desc.res = 
> + ndr_desc.numa_node = nid;
> + ndr_desc.flush = async_pmem_flush;
> + set_bit(ND_REGION_PAGEMAP, _desc.flags);
> + set_bit(ND_REGION_ASYNC, _desc.flags);
> + nd_region = nvdimm_pmem_region_create(vpmem->nvdimm_bus, _desc);
> + if (!nd_region) {
> + dev_err(>dev, "failed to create nvdimm region\n");
> + err = -ENXIO;
> + goto out_nd;
> + }
> + nd_region->provider_data = dev_to_virtio(nd_region->dev.parent->parent);
> + return 0;
> +out_nd:
> + nvdimm_bus_unregister(vpmem->nvdimm_bus);
> +out_vq:
> + vdev->config->del_vqs(vdev);
> +out_err:
> + return err;
> +}
> +
> +static void virtio_pmem_remove(struct virtio_device *vdev)
> +{
> + struct nvdimm_bus *nvdimm_bus = dev_get_drvdata(>dev);
> +
> + nvdimm_bus_unregister(nvdimm_bus);
> + vdev->config->del_vqs(vdev);
> + vdev->config->reset(vdev);
> +}
> +
> +static struct virtio_driver virtio_pmem_driver = {
> + .driver.name= KBUILD_MODNAME,
> + .driver.owner   = THIS_MODULE,
> + .id_table   = id_table,
> + .probe  = virtio_pmem_probe,
> + .remove = virtio_pmem_remove,
> +};
> +
> +module_virtio_driver(virtio_pmem_driver);
> +MODULE_DEVICE_TABLE(virtio, id_table);
> +MODULE_DESCRIPTION("Virtio pmem driver");
> +MODULE_LICENSE("GPL");
> diff --git a/drivers/nvdimm/virtio_pmem.h b/drivers/nvdimm/virtio_pmem.h
> new file mode 100644
> index ..ab1da877575d
> --- /dev/null
> +++ b/drivers/nvdimm/virtio_pmem.h
> @@ -0,0 +1,60 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * virtio_pmem.h: virtio pmem Driver
> + *
> + * Discovers persistent memory range information
> + * from host and provides a virtio based flushing
> + * interface.
> + **/
> +
> +#ifndef _LINUX_VIRTIO_PMEM_H
> +#define _LINUX_VIRTIO_PMEM_H
> +
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +struct virtio_pmem_request {
> + /* Host return status corresponding to flush request */
> + int ret;
> +
> + /* command name*/
> + char name[16];

So ... why are we sending string commands and expect native-endianess
integers and don't define a proper request/response structure + request
types in include/uapi/linux/virtio_pmem.h like

struct virtio_pmem_resp {
__virtio32 ret;
}

#define VIRTIO_PMEM_REQ_TYPE_FLUSH  1
struct virtio_pmem_req {
__virtio16 type;
}

... and this way we also define a proper endianess format for exchange
and keep it extensible

@MST, what's your take on this?


-- 

Thanks,

David / dhildenb

[Qemu-devel] [PATCH v1 5/5] s390x/tcg: Implement VECTOR STRING RANGE COMPARE

[David Hildenbrand]

Crazy stuff. Implement it similar to VECTOR FIND ANY ELEMENT
EQUAL.

Signed-off-by: David Hildenbrand 
---
 target/s390x/helper.h|   6 ++
 target/s390x/insn-data.def   |   2 +
 target/s390x/translate_vx.inc.c  |  37 +++
 target/s390x/vec_string_helper.c | 108 +++
 4 files changed, 153 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 1f9f0b463b..f2743ccd97 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -236,6 +236,12 @@ DEF_HELPER_FLAGS_3(gvec_vistr32, TCG_CALL_NO_RWG, void, 
ptr, cptr, i32)
 DEF_HELPER_4(gvec_vistr_cc8, void, ptr, cptr, env, i32)
 DEF_HELPER_4(gvec_vistr_cc16, void, ptr, cptr, env, i32)
 DEF_HELPER_4(gvec_vistr_cc32, void, ptr, cptr, env, i32)
+DEF_HELPER_FLAGS_5(gvec_vstrc8, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, cptr, 
i32)
+DEF_HELPER_FLAGS_5(gvec_vstrc16, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, cptr, 
i32)
+DEF_HELPER_FLAGS_5(gvec_vstrc32, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, cptr, 
i32)
+DEF_HELPER_6(gvec_vstrc_cc8, void, ptr, cptr, cptr, cptr, env, i32)
+DEF_HELPER_6(gvec_vstrc_cc16, void, ptr, cptr, cptr, cptr, env, i32)
+DEF_HELPER_6(gvec_vstrc_cc32, void, ptr, cptr, cptr, cptr, env, i32)
 
 #ifndef CONFIG_USER_ONLY
 DEF_HELPER_3(servc, i32, env, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index b4a6b59608..a2969fab58 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -1201,6 +1201,8 @@
 F(0xe781, VFENE,   VRR_b, V,   0, 0, 0, 0, vfene, 0, IF_VEC)
 /* VECTOR ISOLATE STRING */
 F(0xe75c, VISTR,   VRR_a, V,   0, 0, 0, 0, vistr, 0, IF_VEC)
+/* VECTOR STRING RANGE COMPARE */
+F(0xe78a, VSTRC,   VRR_d, V,   0, 0, 0, 0, vstrc, 0, IF_VEC)
 
 #ifndef CONFIG_USER_ONLY
 /* COMPARE AND SWAP AND PURGE */
diff --git a/target/s390x/translate_vx.inc.c b/target/s390x/translate_vx.inc.c
index 437b416b4a..62a8d4d738 100644
--- a/target/s390x/translate_vx.inc.c
+++ b/target/s390x/translate_vx.inc.c
@@ -217,6 +217,10 @@ static void get_vec_element_ptr_i64(TCGv_ptr ptr, uint8_t 
reg, TCGv_i64 enr,
 tcg_gen_gvec_4_ool(vec_full_reg_offset(v1), vec_full_reg_offset(v2), \
vec_full_reg_offset(v3), vec_full_reg_offset(v4), \
16, 16, data, fn)
+#define gen_gvec_4_ptr(v1, v2, v3, v4, ptr, data, fn) \
+tcg_gen_gvec_4_ptr(vec_full_reg_offset(v1), vec_full_reg_offset(v2), \
+   vec_full_reg_offset(v3), vec_full_reg_offset(v4), \
+   ptr, 16, 16, data, fn)
 #define gen_gvec_dup_i64(es, v1, c) \
 tcg_gen_gvec_dup_i64(es, vec_full_reg_offset(v1), 16, 16, c)
 #define gen_gvec_mov(v1, v2) \
@@ -2480,3 +2484,36 @@ static DisasJumpType op_vistr(DisasContext *s, DisasOps 
*o)
 }
 return DISAS_NEXT;
 }
+
+static DisasJumpType op_vstrc(DisasContext *s, DisasOps *o)
+{
+const uint8_t es = get_field(s->fields, m5);
+const uint8_t m6 = get_field(s->fields, m6);
+static gen_helper_gvec_4_ptr * const cc[3] = {
+gen_helper_gvec_vstrc_cc8,
+gen_helper_gvec_vstrc_cc16,
+gen_helper_gvec_vstrc_cc32,
+};
+static gen_helper_gvec_4 * const nocc[3] = {
+gen_helper_gvec_vstrc8,
+gen_helper_gvec_vstrc16,
+gen_helper_gvec_vstrc32,
+};
+
+if (es > ES_32) {
+gen_program_exception(s, PGM_SPECIFICATION);
+return DISAS_NORETURN;
+}
+
+if (m6 & 1) {
+gen_gvec_4_ptr(get_field(s->fields, v1), get_field(s->fields, v2),
+   get_field(s->fields, v3), get_field(s->fields, v4),
+   cpu_env, m6, cc[es]);
+set_cc_static(s);
+} else {
+gen_gvec_4_ool(get_field(s->fields, v1), get_field(s->fields, v2),
+   get_field(s->fields, v3), get_field(s->fields, v4), m6,
+   nocc[es]);
+}
+return DISAS_NEXT;
+}
diff --git a/target/s390x/vec_string_helper.c b/target/s390x/vec_string_helper.c
index 2e998c21a2..6d6dbfa061 100644
--- a/target/s390x/vec_string_helper.c
+++ b/target/s390x/vec_string_helper.c
@@ -248,3 +248,111 @@ void HELPER(gvec_vistr_cc##BITS)(void *v1, const void 
*v2, \
 DEF_VISTR_CC_HELPER(8)
 DEF_VISTR_CC_HELPER(16)
 DEF_VISTR_CC_HELPER(32)
+
+#define DEF_ELEMENT_COMPARE(BITS)  
\
+static bool element_compare##BITS(uint##BITS##_t data, uint##BITS##_t l,   
\
+  uint##BITS##_t c)
\
+{  
\
+const bool equal = extract32(c, BITS - 1, 1);  
\
+const bool lower = extract32(c, BITS - 2, 1);  
\
+const bool higher = extract32(c, BITS - 3, 1); 
\
+   
\
+if (equal && data == l) {  

[Qemu-devel] [PATCH v1 4/5] s390x/tcg: Implement VECTOR ISOLATE STRING

[David Hildenbrand]

Signed-off-by: David Hildenbrand 
---
 target/s390x/helper.h|  6 +
 target/s390x/insn-data.def   |  2 ++
 target/s390x/translate_vx.inc.c  | 34 ++
 target/s390x/vec_string_helper.c | 41 
 4 files changed, 83 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index fb50b404db..1f9f0b463b 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -230,6 +230,12 @@ DEF_HELPER_FLAGS_4(gvec_vfene32, TCG_CALL_NO_RWG, void, 
ptr, cptr, cptr, i32)
 DEF_HELPER_5(gvec_vfene_cc8, void, ptr, cptr, cptr, env, i32)
 DEF_HELPER_5(gvec_vfene_cc16, void, ptr, cptr, cptr, env, i32)
 DEF_HELPER_5(gvec_vfene_cc32, void, ptr, cptr, cptr, env, i32)
+DEF_HELPER_FLAGS_3(gvec_vistr8, TCG_CALL_NO_RWG, void, ptr, cptr, i32)
+DEF_HELPER_FLAGS_3(gvec_vistr16, TCG_CALL_NO_RWG, void, ptr, cptr, i32)
+DEF_HELPER_FLAGS_3(gvec_vistr32, TCG_CALL_NO_RWG, void, ptr, cptr, i32)
+DEF_HELPER_4(gvec_vistr_cc8, void, ptr, cptr, env, i32)
+DEF_HELPER_4(gvec_vistr_cc16, void, ptr, cptr, env, i32)
+DEF_HELPER_4(gvec_vistr_cc32, void, ptr, cptr, env, i32)
 
 #ifndef CONFIG_USER_ONLY
 DEF_HELPER_3(servc, i32, env, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index d03c1ee0b3..b4a6b59608 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -1199,6 +1199,8 @@
 F(0xe780, VFEE,VRR_b, V,   0, 0, 0, 0, vfee, 0, IF_VEC)
 /* VECTOR FIND ELEMENT NOT EQUAL */
 F(0xe781, VFENE,   VRR_b, V,   0, 0, 0, 0, vfene, 0, IF_VEC)
+/* VECTOR ISOLATE STRING */
+F(0xe75c, VISTR,   VRR_a, V,   0, 0, 0, 0, vistr, 0, IF_VEC)
 
 #ifndef CONFIG_USER_ONLY
 /* COMPARE AND SWAP AND PURGE */
diff --git a/target/s390x/translate_vx.inc.c b/target/s390x/translate_vx.inc.c
index e36cc5c401..437b416b4a 100644
--- a/target/s390x/translate_vx.inc.c
+++ b/target/s390x/translate_vx.inc.c
@@ -188,6 +188,9 @@ static void get_vec_element_ptr_i64(TCGv_ptr ptr, uint8_t 
reg, TCGv_i64 enr,
 #define gen_gvec_2s(v1, v2, c, gen) \
 tcg_gen_gvec_2s(vec_full_reg_offset(v1), vec_full_reg_offset(v2), \
 16, 16, c, gen)
+#define gen_gvec_2_ool(v1, v2, data, fn) \
+tcg_gen_gvec_2_ool(vec_full_reg_offset(v1), vec_full_reg_offset(v2), \
+   16, 16, data, fn)
 #define gen_gvec_2i_ool(v1, v2, c, data, fn) \
 tcg_gen_gvec_2i_ool(vec_full_reg_offset(v1), vec_full_reg_offset(v2), \
 c, 16, 16, data, fn)
@@ -2446,3 +2449,34 @@ static DisasJumpType op_vfene(DisasContext *s, DisasOps 
*o)
 }
 return DISAS_NEXT;
 }
+
+static DisasJumpType op_vistr(DisasContext *s, DisasOps *o)
+{
+const uint8_t es = get_field(s->fields, m4);
+const uint8_t m5 = get_field(s->fields, m5);
+static gen_helper_gvec_2_ptr * const cc[3] = {
+gen_helper_gvec_vistr_cc8,
+gen_helper_gvec_vistr_cc16,
+gen_helper_gvec_vistr_cc32,
+};
+static gen_helper_gvec_2 * const nocc[3] = {
+gen_helper_gvec_vistr8,
+gen_helper_gvec_vistr16,
+gen_helper_gvec_vistr32,
+};
+
+if (es > ES_32 || m5 & ~0x1) {
+gen_program_exception(s, PGM_SPECIFICATION);
+return DISAS_NORETURN;
+}
+
+if (m5 & 1) {
+gen_gvec_2_ptr(get_field(s->fields, v1), get_field(s->fields, v2),
+   cpu_env, 0, cc[es]);
+set_cc_static(s);
+} else {
+gen_gvec_2_ool(get_field(s->fields, v1), get_field(s->fields, v2), 0,
+   nocc[es]);
+}
+return DISAS_NEXT;
+}
diff --git a/target/s390x/vec_string_helper.c b/target/s390x/vec_string_helper.c
index 181f044fe5..2e998c21a2 100644
--- a/target/s390x/vec_string_helper.c
+++ b/target/s390x/vec_string_helper.c
@@ -207,3 +207,44 @@ void HELPER(gvec_vfene_cc##BITS)(void *v1, const void *v2, 
const void *v3, \
 DEF_VFENE_CC_HELPER(8)
 DEF_VFENE_CC_HELPER(16)
 DEF_VFENE_CC_HELPER(32)
+
+#define DEF_VISTR(BITS)
\
+static int vistr##BITS(void *v1, const void *v2)   
\
+{  
\
+S390Vector tmp = {};   
\
+int i, cc = 3; 
\
+   
\
+for (i = 0; i < (128 / BITS); i++) {   
\
+const uint##BITS##_t data = s390_vec_read_element##BITS(v2, i);
\
+   
\
+if (!data) {   
\
+cc = 0;
\
+break; 
\
+}  

[Qemu-devel] [PATCH v1 0/5] s390x/tcg: Vector Instruction Support Part 3

[David Hildenbrand]

This is the third part of vector instruction support for s390x. It is based
on part 2, which is will send a pull-request for to Conny soon.

Part 1: Vector Support Instructions
Part 2: Vector Integer Instructions
Part 3: Vector String Instructions
Part 4: Vector Floating-Point Instructions

The current state can be found at (kept updated):
https://github.com/davidhildenbrand/qemu/tree/vx

With the current state I can boot Linux kernel + user space compiled with
SIMD support. This allows to boot distributions compiled exclusively for
z13, requiring SIMD support. Also, it is now possible to build a complete
kernel using rpmbuild as quite some issues have been sorted out.

In this part, all Vector String Instructions introduced with the
"Vector Facility" are added.

David Hildenbrand (5):
  s390x/tcg: Implement VECTOR FIND ANY ELEMENT EQUAL
  s390x/tcg: Implement VECTOR FIND ELEMENT EQUAL
  s390x/tcg: Implement VECTOR FIND ELEMENT NOT EQUAL
  s390x/tcg: Implement VECTOR ISOLATE STRING
  s390x/tcg: Implement VECTOR STRING RANGE COMPARE

 target/s390x/Makefile.objs   |   2 +-
 target/s390x/helper.h|  32 +++
 target/s390x/insn-data.def   |  13 ++
 target/s390x/translate_vx.inc.c  | 164 ++
 target/s390x/vec_string_helper.c | 358 +++
 5 files changed, 568 insertions(+), 1 deletion(-)
 create mode 100644 target/s390x/vec_string_helper.c

-- 
2.20.1

[Qemu-devel] [PATCH v1 3/5] s390x/tcg: Implement VECTOR FIND ELEMENT NOT EQUAL

[David Hildenbrand]

Similar to VECTOR FIND ELEMENT EQUAL, however the search also stops on
any inequality. A match for inequality seems to have precedence over
a match for zero, because both elements have to be zero.

Signed-off-by: David Hildenbrand 
---
 target/s390x/helper.h|  6 
 target/s390x/insn-data.def   |  2 ++
 target/s390x/translate_vx.inc.c  | 31 +++
 target/s390x/vec_string_helper.c | 53 
 4 files changed, 92 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index a1b169b666..fb50b404db 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -224,6 +224,12 @@ DEF_HELPER_FLAGS_4(gvec_vfee32, TCG_CALL_NO_RWG, void, 
ptr, cptr, cptr, i32)
 DEF_HELPER_5(gvec_vfee_cc8, void, ptr, cptr, cptr, env, i32)
 DEF_HELPER_5(gvec_vfee_cc16, void, ptr, cptr, cptr, env, i32)
 DEF_HELPER_5(gvec_vfee_cc32, void, ptr, cptr, cptr, env, i32)
+DEF_HELPER_FLAGS_4(gvec_vfene8, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
+DEF_HELPER_FLAGS_4(gvec_vfene16, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
+DEF_HELPER_FLAGS_4(gvec_vfene32, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
+DEF_HELPER_5(gvec_vfene_cc8, void, ptr, cptr, cptr, env, i32)
+DEF_HELPER_5(gvec_vfene_cc16, void, ptr, cptr, cptr, env, i32)
+DEF_HELPER_5(gvec_vfene_cc32, void, ptr, cptr, cptr, env, i32)
 
 #ifndef CONFIG_USER_ONLY
 DEF_HELPER_3(servc, i32, env, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index d8907ef6a5..d03c1ee0b3 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -1197,6 +1197,8 @@
 F(0xe782, VFAE,VRR_b, V,   0, 0, 0, 0, vfae, 0, IF_VEC)
 /* VECTOR FIND ELEMENT EQUAL */
 F(0xe780, VFEE,VRR_b, V,   0, 0, 0, 0, vfee, 0, IF_VEC)
+/* VECTOR FIND ELEMENT NOT EQUAL */
+F(0xe781, VFENE,   VRR_b, V,   0, 0, 0, 0, vfene, 0, IF_VEC)
 
 #ifndef CONFIG_USER_ONLY
 /* COMPARE AND SWAP AND PURGE */
diff --git a/target/s390x/translate_vx.inc.c b/target/s390x/translate_vx.inc.c
index 848f6d7163..e36cc5c401 100644
--- a/target/s390x/translate_vx.inc.c
+++ b/target/s390x/translate_vx.inc.c
@@ -2415,3 +2415,34 @@ static DisasJumpType op_vfee(DisasContext *s, DisasOps 
*o)
 }
 return DISAS_NEXT;
 }
+
+static DisasJumpType op_vfene(DisasContext *s, DisasOps *o)
+{
+const uint8_t es = get_field(s->fields, m4);
+const uint8_t m5 = get_field(s->fields, m5);
+static gen_helper_gvec_3_ptr * const cc[3] = {
+gen_helper_gvec_vfene_cc8,
+gen_helper_gvec_vfene_cc16,
+gen_helper_gvec_vfene_cc32,
+};
+static gen_helper_gvec_3 * const nocc[3] = {
+gen_helper_gvec_vfene8,
+gen_helper_gvec_vfene16,
+gen_helper_gvec_vfene32,
+};
+
+if (es > ES_32 || m5 & ~0x3) {
+gen_program_exception(s, PGM_SPECIFICATION);
+return DISAS_NORETURN;
+}
+
+if (m5 & 1) {
+gen_gvec_3_ptr(get_field(s->fields, v1), get_field(s->fields, v2),
+   get_field(s->fields, v3), cpu_env, m5, cc[es]);
+set_cc_static(s);
+} else {
+gen_gvec_3_ool(get_field(s->fields, v1), get_field(s->fields, v2),
+   get_field(s->fields, v3), m5, nocc[es]);
+}
+return DISAS_NEXT;
+}
diff --git a/target/s390x/vec_string_helper.c b/target/s390x/vec_string_helper.c
index 6a5d05271c..181f044fe5 100644
--- a/target/s390x/vec_string_helper.c
+++ b/target/s390x/vec_string_helper.c
@@ -154,3 +154,56 @@ void HELPER(gvec_vfee_cc##BITS)(void *v1, const void *v2, 
const void *v3,  \
 DEF_VFEE_CC_HELPER(8)
 DEF_VFEE_CC_HELPER(16)
 DEF_VFEE_CC_HELPER(32)
+
+#define DEF_VFENE(BITS)
\
+static int vfene##BITS(void *v1, const void *v2, const void *v3, uint8_t m5)   
\
+{  
\
+const bool zs = extract32(m5, 1, 1);   
\
+S390Vector tmp = {};   
\
+int first_byte = 16;   
\
+int cc = 3; /* no match */ 
\
+int i; 
\
+   
\
+for (i = 0; i < (128 / BITS); i++) {   
\
+const uint##BITS##_t data1 = s390_vec_read_element##BITS(v2, i);   
\
+const uint##BITS##_t data2 = s390_vec_read_element##BITS(v3, i);   
\
+   
\
+if (data1 != data2) {  
\
+first_byte = i * (BITS / 8);   
\
+cc = data1 < data2 ? 1 : 2; /* inequality found */ 
\
+break;  

[Qemu-devel] [PATCH v1 1/5] s390x/tcg: Implement VECTOR FIND ANY ELEMENT EQUAL

[David Hildenbrand]

Complicated stuff. Provide two variants, one for the CC and one without
the CC. The CC is returned via cpu_env.

Signed-off-by: David Hildenbrand 
---
 target/s390x/Makefile.objs   |  2 +-
 target/s390x/helper.h|  8 +++
 target/s390x/insn-data.def   |  5 ++
 target/s390x/translate_vx.inc.c  | 31 ++
 target/s390x/vec_string_helper.c | 97 
 5 files changed, 142 insertions(+), 1 deletion(-)
 create mode 100644 target/s390x/vec_string_helper.c

diff --git a/target/s390x/Makefile.objs b/target/s390x/Makefile.objs
index 993ac93ed6..0a38281a14 100644
--- a/target/s390x/Makefile.objs
+++ b/target/s390x/Makefile.objs
@@ -1,7 +1,7 @@
 obj-y += cpu.o cpu_models.o cpu_features.o gdbstub.o interrupt.o helper.o
 obj-$(CONFIG_TCG) += translate.o cc_helper.o excp_helper.o fpu_helper.o
 obj-$(CONFIG_TCG) += int_helper.o mem_helper.o misc_helper.o crypto_helper.o
-obj-$(CONFIG_TCG) += vec_helper.o vec_int_helper.o
+obj-$(CONFIG_TCG) += vec_helper.o vec_int_helper.o vec_string_helper.o
 obj-$(CONFIG_SOFTMMU) += machine.o ioinst.o arch_dump.o mmu_helper.o diag.o
 obj-$(CONFIG_SOFTMMU) += sigp.o
 obj-$(CONFIG_KVM) += kvm.o
diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 7755a96c33..c45328cf73 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -211,6 +211,14 @@ DEF_HELPER_FLAGS_4(gvec_vscbi8, TCG_CALL_NO_RWG, void, 
ptr, cptr, cptr, i32)
 DEF_HELPER_FLAGS_4(gvec_vscbi16, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
 DEF_HELPER_4(gvec_vtm, void, ptr, cptr, env, i32)
 
+/* === Vector String Instructions === */
+DEF_HELPER_FLAGS_4(gvec_vfae8, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
+DEF_HELPER_FLAGS_4(gvec_vfae16, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
+DEF_HELPER_FLAGS_4(gvec_vfae32, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
+DEF_HELPER_5(gvec_vfae_cc8, void, ptr, cptr, cptr, env, i32)
+DEF_HELPER_5(gvec_vfae_cc16, void, ptr, cptr, cptr, env, i32)
+DEF_HELPER_5(gvec_vfae_cc32, void, ptr, cptr, cptr, env, i32)
+
 #ifndef CONFIG_USER_ONLY
 DEF_HELPER_3(servc, i32, env, i64, i64)
 DEF_HELPER_4(diag, void, env, i32, i32, i32)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index e61475bdc4..070ce2a471 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -1191,6 +1191,11 @@
 /* VECTOR TEST UNDER MASK */
 F(0xe7d8, VTM, VRR_a, V,   0, 0, 0, 0, vtm, 0, IF_VEC)
 
+/* === Vector String Instructions === */
+
+/* VECTOR FIND ANY ELEMENT EQUAL */
+F(0xe782, VFAE,VRR_b, V,   0, 0, 0, 0, vfae, 0, IF_VEC)
+
 #ifndef CONFIG_USER_ONLY
 /* COMPARE AND SWAP AND PURGE */
 E(0xb250, CSP, RRE,   Z,   r1_32u, ra2, r1_P, 0, csp, 0, MO_TEUL, 
IF_PRIV)
diff --git a/target/s390x/translate_vx.inc.c b/target/s390x/translate_vx.inc.c
index 7e0bfcb190..022990dda3 100644
--- a/target/s390x/translate_vx.inc.c
+++ b/target/s390x/translate_vx.inc.c
@@ -2353,3 +2353,34 @@ static DisasJumpType op_vtm(DisasContext *s, DisasOps *o)
 set_cc_static(s);
 return DISAS_NEXT;
 }
+
+static DisasJumpType op_vfae(DisasContext *s, DisasOps *o)
+{
+const uint8_t es = get_field(s->fields, m4);
+const uint8_t m5 = get_field(s->fields, m5);
+static gen_helper_gvec_3_ptr * const cc[3] = {
+gen_helper_gvec_vfae_cc8,
+gen_helper_gvec_vfae_cc16,
+gen_helper_gvec_vfae_cc32,
+};
+static gen_helper_gvec_3 * const nocc[3] = {
+gen_helper_gvec_vfae8,
+gen_helper_gvec_vfae16,
+gen_helper_gvec_vfae32,
+};
+
+if (es > ES_32) {
+gen_program_exception(s, PGM_SPECIFICATION);
+return DISAS_NORETURN;
+}
+
+if (m5 & 1) {
+gen_gvec_3_ptr(get_field(s->fields, v1), get_field(s->fields, v2),
+   get_field(s->fields, v3), cpu_env, m5, cc[es]);
+set_cc_static(s);
+} else {
+gen_gvec_3_ool(get_field(s->fields, v1), get_field(s->fields, v2),
+   get_field(s->fields, v3), m5, nocc[es]);
+}
+return DISAS_NEXT;
+}
diff --git a/target/s390x/vec_string_helper.c b/target/s390x/vec_string_helper.c
new file mode 100644
index 00..8a4e65b70f
--- /dev/null
+++ b/target/s390x/vec_string_helper.c
@@ -0,0 +1,97 @@
+/*
+ * QEMU TCG support -- s390x vector string instruction support
+ *
+ * Copyright (C) 2019 Red Hat Inc
+ *
+ * Authors:
+ *   David Hildenbrand 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "internal.h"
+#include "vec.h"
+#include "tcg/tcg-gvec-desc.h"
+#include "exec/helper-proto.h"
+
+#define DEF_VFAE(BITS) 
\
+static int vfae##BITS(void *v1, const void *v2, const void *v3, uint8_t m5)
\
+{  
\
+const bool in = extract32(m5, 3, 1);   

[Qemu-devel] [PATCH v1 2/5] s390x/tcg: Implement VECTOR FIND ELEMENT EQUAL

[David Hildenbrand]

Implement it similar to VECTOR FIND ANY ELEMENT EQUAL.

The zero-check seems to have precedence in case we have
"data1 == data2 == 0". The description in the PoP is a little bi
confusing.

Signed-off-by: David Hildenbrand 
---
 target/s390x/helper.h|  6 
 target/s390x/insn-data.def   |  2 ++
 target/s390x/translate_vx.inc.c  | 31 +
 target/s390x/vec_string_helper.c | 59 
 4 files changed, 98 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index c45328cf73..a1b169b666 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -218,6 +218,12 @@ DEF_HELPER_FLAGS_4(gvec_vfae32, TCG_CALL_NO_RWG, void, 
ptr, cptr, cptr, i32)
 DEF_HELPER_5(gvec_vfae_cc8, void, ptr, cptr, cptr, env, i32)
 DEF_HELPER_5(gvec_vfae_cc16, void, ptr, cptr, cptr, env, i32)
 DEF_HELPER_5(gvec_vfae_cc32, void, ptr, cptr, cptr, env, i32)
+DEF_HELPER_FLAGS_4(gvec_vfee8, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
+DEF_HELPER_FLAGS_4(gvec_vfee16, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
+DEF_HELPER_FLAGS_4(gvec_vfee32, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
+DEF_HELPER_5(gvec_vfee_cc8, void, ptr, cptr, cptr, env, i32)
+DEF_HELPER_5(gvec_vfee_cc16, void, ptr, cptr, cptr, env, i32)
+DEF_HELPER_5(gvec_vfee_cc32, void, ptr, cptr, cptr, env, i32)
 
 #ifndef CONFIG_USER_ONLY
 DEF_HELPER_3(servc, i32, env, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 070ce2a471..d8907ef6a5 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -1195,6 +1195,8 @@
 
 /* VECTOR FIND ANY ELEMENT EQUAL */
 F(0xe782, VFAE,VRR_b, V,   0, 0, 0, 0, vfae, 0, IF_VEC)
+/* VECTOR FIND ELEMENT EQUAL */
+F(0xe780, VFEE,VRR_b, V,   0, 0, 0, 0, vfee, 0, IF_VEC)
 
 #ifndef CONFIG_USER_ONLY
 /* COMPARE AND SWAP AND PURGE */
diff --git a/target/s390x/translate_vx.inc.c b/target/s390x/translate_vx.inc.c
index 022990dda3..848f6d7163 100644
--- a/target/s390x/translate_vx.inc.c
+++ b/target/s390x/translate_vx.inc.c
@@ -2384,3 +2384,34 @@ static DisasJumpType op_vfae(DisasContext *s, DisasOps 
*o)
 }
 return DISAS_NEXT;
 }
+
+static DisasJumpType op_vfee(DisasContext *s, DisasOps *o)
+{
+const uint8_t es = get_field(s->fields, m4);
+const uint8_t m5 = get_field(s->fields, m5);
+static gen_helper_gvec_3_ptr * const cc[3] = {
+gen_helper_gvec_vfee_cc8,
+gen_helper_gvec_vfee_cc16,
+gen_helper_gvec_vfee_cc32,
+};
+static gen_helper_gvec_3 * const nocc[3] = {
+gen_helper_gvec_vfee8,
+gen_helper_gvec_vfee16,
+gen_helper_gvec_vfee32,
+};
+
+if (es > ES_32 || m5 & ~0x3) {
+gen_program_exception(s, PGM_SPECIFICATION);
+return DISAS_NORETURN;
+}
+
+if (m5 & 1) {
+gen_gvec_3_ptr(get_field(s->fields, v1), get_field(s->fields, v2),
+   get_field(s->fields, v3), cpu_env, m5, cc[es]);
+set_cc_static(s);
+} else {
+gen_gvec_3_ool(get_field(s->fields, v1), get_field(s->fields, v2),
+   get_field(s->fields, v3), m5, nocc[es]);
+}
+return DISAS_NEXT;
+}
diff --git a/target/s390x/vec_string_helper.c b/target/s390x/vec_string_helper.c
index 8a4e65b70f..6a5d05271c 100644
--- a/target/s390x/vec_string_helper.c
+++ b/target/s390x/vec_string_helper.c
@@ -95,3 +95,62 @@ void HELPER(gvec_vfae_cc##BITS)(void *v1, const void *v2, 
const void *v3,  \
 DEF_VFAE_CC_HELPER(8)
 DEF_VFAE_CC_HELPER(16)
 DEF_VFAE_CC_HELPER(32)
+
+#define DEF_VFEE(BITS) 
\
+static int vfee##BITS(void *v1, const void *v2, const void *v3, uint8_t m5)
\
+{  
\
+const bool zs = extract32(m5, 1, 1);   
\
+S390Vector tmp = {};   
\
+int first_byte = 16;   
\
+int cc = 3; /* no match */ 
\
+int i; 
\
+   
\
+for (i = 0; i < (128 / BITS); i++) {   
\
+const uint##BITS##_t data1 = s390_vec_read_element##BITS(v2, i);   
\
+const uint##BITS##_t data2 = s390_vec_read_element##BITS(v3, i);   
\
+   
\
+if (zs && !data1) {
\
+if (cc == 3) { 
\
+first_byte = i * (BITS / 8);   
\
+cc = 0; /* match for zero */   
\
+} else {   

[Qemu-devel] [PATCH 4/4] iotests: Make 245 faster and more reliable

[Max Reitz]

Sometimes, 245 fails for me because some stream job has already finished
while the test expects it to still be active.  (With -c none, it fails
basically every time.) The most reliable way to fix this is to simply
set auto_finalize=false so the job will remain in the block graph as
long as we need it.  This allows us to drop the rate limiting, too,
which makes the test faster.

The only problem with this is that there is a single place that yields a
different error message depending on whether the stream job is still
copying data (so COR is enabled) or not (COR has been disabled, but the
job still has the WRITE_UNCHANGED permission on the target node).  We
can easily address that by expecting either error message.

Note that we do not need auto_finalize=false (or rate limiting) for the
active commit job, because It never completes without an explicit
block-job-complete anyway.

Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/245 | 22 ++
 tests/qemu-iotests/245.out | 12 
 2 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/tests/qemu-iotests/245 b/tests/qemu-iotests/245
index a04c6235c1..349b94aace 100644
--- a/tests/qemu-iotests/245
+++ b/tests/qemu-iotests/245
@@ -862,7 +862,8 @@ class TestBlockdevReopen(iotests.QMPTestCase):
 
 # hd2 <- hd0
 result = self.vm.qmp('block-stream', conv_keys = True, job_id = 
'stream0',
- device = 'hd0', base_node = 'hd2', speed = 512 * 
1024)
+ device = 'hd0', base_node = 'hd2',
+ auto_finalize = False)
 self.assert_qmp(result, 'return', {})
 
 # We can't remove hd2 while the stream job is ongoing
@@ -873,7 +874,7 @@ class TestBlockdevReopen(iotests.QMPTestCase):
 opts['backing'] = None
 self.reopen(opts, {}, "Cannot change 'backing' link from 'hd0' to 
'hd1'")
 
-self.wait_until_completed(drive = 'stream0')
+self.vm.run_job('stream0', auto_finalize = False, auto_dismiss = True)
 
 # Reopen the chain during a block-stream job (from hd2 to hd1)
 def test_block_stream_4(self):
@@ -886,12 +887,16 @@ class TestBlockdevReopen(iotests.QMPTestCase):
 
 # hd1 <- hd0
 result = self.vm.qmp('block-stream', conv_keys = True, job_id = 
'stream0',
- device = 'hd1', speed = 512 * 1024)
+ device = 'hd1', auto_finalize = False)
 self.assert_qmp(result, 'return', {})
 
 # We can't reopen with the original options because that would
 # make hd1 read-only and block-stream requires it to be read-write
-self.reopen(opts, {}, "Can't set node 'hd1' to r/o with copy-on-read 
enabled")
+# (Which error message appears depends on whether the stream job is
+# already done with copying at this point.)
+self.reopen(opts, {},
+["Can't set node 'hd1' to r/o with copy-on-read enabled",
+ "Cannot make block node read-only, there is a writer on it"])
 
 # We can't remove hd2 while the stream job is ongoing
 opts['backing']['backing'] = None
@@ -901,7 +906,7 @@ class TestBlockdevReopen(iotests.QMPTestCase):
 opts['backing'] = None
 self.reopen(opts)
 
-self.wait_until_completed(drive = 'stream0')
+self.vm.run_job('stream0', auto_finalize = False, auto_dismiss = True)
 
 # Reopen the chain during a block-commit job (from hd0 to hd2)
 def test_block_commit_1(self):
@@ -913,7 +918,7 @@ class TestBlockdevReopen(iotests.QMPTestCase):
 self.assert_qmp(result, 'return', {})
 
 result = self.vm.qmp('block-commit', conv_keys = True, job_id = 
'commit0',
- device = 'hd0', speed = 1024 * 1024)
+ device = 'hd0')
 self.assert_qmp(result, 'return', {})
 
 # We can't remove hd2 while the commit job is ongoing
@@ -944,7 +949,8 @@ class TestBlockdevReopen(iotests.QMPTestCase):
 self.assert_qmp(result, 'return', {})
 
 result = self.vm.qmp('block-commit', conv_keys = True, job_id = 
'commit0',
- device = 'hd0', top_node = 'hd1', speed = 1024 * 
1024)
+ device = 'hd0', top_node = 'hd1',
+ auto_finalize = False)
 self.assert_qmp(result, 'return', {})
 
 # We can't remove hd2 while the commit job is ongoing
@@ -956,7 +962,7 @@ class TestBlockdevReopen(iotests.QMPTestCase):
 self.reopen(opts, {}, "Cannot change backing link if 'hd0' has an 
implicit backing file")
 
 # hd2 <- hd0
-self.wait_until_completed(drive = 'commit0')
+self.vm.run_job('commit0', auto_finalize = False, auto_dismiss = True)
 
 self.assert_qmp(self.get_node('hd0'), 'ro', False)
 self.assertEqual(self.get_node('hd1'), None)
diff --git a/tests/qemu-iotests/245.out b/tests/qemu-iotests/245.out
index 

[Qemu-devel] [PATCH 2/4] iotests.py: Let assert_qmp() accept an array

[Max Reitz]

Sometimes we cannot tell which error message qemu will emit, and we do
not care.  With this change, we can then just pass an array of all
possible messages to assert_qmp() and it will choose the right one.

Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/iotests.py | 18 --
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index f811f69135..d96ba1f63c 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -596,9 +596,23 @@ class QMPTestCase(unittest.TestCase):
 self.fail('path "%s" has value "%s"' % (path, str(result)))
 
 def assert_qmp(self, d, path, value):
-'''Assert that the value for a specific path in a QMP dict matches'''
+'''Assert that the value for a specific path in a QMP dict
+   matches.  When given a list of values, assert that any of
+   them matches.'''
+
 result = self.dictpath(d, path)
-self.assertEqual(result, value, 'values not equal "%s" and "%s"' % 
(str(result), str(value)))
+
+# [] makes no sense as a list of valid values, so treat it as
+# an actual single value.
+if isinstance(value, list) and value != []:
+for v in value:
+if result == v:
+return
+self.fail('no match for "%s" in %s' % (str(result), str(value)))
+else:
+self.assertEqual(result, value,
+ 'values not equal "%s" and "%s"'
+ % (str(result), str(value)))
 
 def assert_no_active_block_jobs(self):
 result = self.vm.qmp('query-block-jobs')
-- 
2.21.0

[Qemu-devel] [PATCH 3/4] iotests.py: Fix VM.run_job

[Max Reitz]

log() is in the current module, there is no need to prefix it.  In fact,
doing so may make VM.run_job() unusable in tests that never use
iotests.log() themselves.

Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/iotests.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index d96ba1f63c..7bde380d96 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -552,7 +552,7 @@ class VM(qtest.QEMUQtestMachine):
 elif status == 'null':
 return error
 else:
-iotests.log(ev)
+log(ev)
 
 def node_info(self, node_name):
 nodes = self.qmp('query-named-block-nodes')
-- 
2.21.0

Re: [Qemu-devel] [PATCH v7 01/24] build: Link user-only with crypto-rng-obj-y

[Daniel P . Berrangé]

On Wed, May 15, 2019 at 09:38:00PM +0200, Laurent Vivier wrote:
> On 15/05/2019 19:49, Daniel P. Berrangé wrote:
> > On Wed, May 15, 2019 at 10:22:08AM -0700, Richard Henderson wrote:
> >> On 5/15/19 9:53 AM, Daniel P. Berrangé wrote:
> >>> On Tue, May 14, 2019 at 12:16:30PM -0700, Richard Henderson wrote:
>  For user-only, we require only the random number bits of the
>  crypto subsystem.
> 
>  We need to preserve --static linking, which for many recent Linux
>  distributions precludes using GnuTLS or GCrypt.  Instead, use our
>  random-platform module unconditionally.
> >>>
> >>> I don't think we need to special case in this way.
> >>>
> >>> Today if you do a default build with all targets & tools and want
> >>> to use --static, but don't have static libs available for some
> >>> things you can achieve that
> >>>
> >>>  ./configure --static --disable-gnutls --disable-gcrypt --disable-nettle
> >>
> >> But we don't really want all of those --disable arguments by default.  It 
> >> would
> >> be one thing if one explicitly used --enable-gnutls and got link errors.  
> >> We
> >> must preserve --static working all by itself.
> > 
> > That's already not working today unless you add extra args to disable
> > build of the system emulators and tools. 
> > 
> 
> Perhaps it can help, I have a series queued by Paolo to cleanup the
> build dependencies for --{disable,enable}-{system,user,tools}:
> 
> [v3,0/5] build: cleanup in Makefile.objs
> https://patchwork.kernel.org/cover/10880135/

I don't think it'll make a difference to use of --static when trying
to build a default config (ie all targets + tools)


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[Qemu-devel] [PATCH 1/4] block: Improve "Block node is read-only" message

[Max Reitz]

This message does not make any sense when it appears as the response to
making an R/W node read-only.  We should detect that case and emit a
different message, then.

Signed-off-by: Max Reitz 
---
 block.c | 17 -
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/block.c b/block.c
index 16ef5edfd8..af662d5f17 100644
--- a/block.c
+++ b/block.c
@@ -1689,6 +1689,8 @@ static int bdrv_child_check_perm(BdrvChild *c, 
BlockReopenQueue *q,
  GSList *ignore_children, Error **errp);
 static void bdrv_child_abort_perm_update(BdrvChild *c);
 static void bdrv_child_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared);
+static void bdrv_get_cumulative_perm(BlockDriverState *bs, uint64_t *perm,
+ uint64_t *shared_perm);
 
 typedef struct BlockReopenQueueEntry {
  bool prepared;
@@ -1775,7 +1777,20 @@ static int bdrv_check_perm(BlockDriverState *bs, 
BlockReopenQueue *q,
 if ((cumulative_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) &&
 !bdrv_is_writable_after_reopen(bs, q))
 {
-error_setg(errp, "Block node is read-only");
+if (!bdrv_is_writable_after_reopen(bs, NULL)) {
+error_setg(errp, "Block node is read-only");
+} else {
+uint64_t current_perms, current_shared;
+bdrv_get_cumulative_perm(bs, _perms, _shared);
+if (current_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) {
+error_setg(errp, "Cannot make block node read-only, there is "
+   "a writer on it");
+} else {
+error_setg(errp, "Cannot make block node read-only and create "
+   "a writer on it");
+}
+}
+
 return -EPERM;
 }
 
-- 
2.21.0

[Qemu-devel] [PATCH 0/4] iotests: Make 245 faster and more reliable

[Max Reitz]

245 is a bit flakey for me, because it uses block jobs that copy 1 MB of
data but have a buffer size of 512 kB, so they may be done before the
test gets to do the things it wants to do while the check is running.
(Rate limiting doesn’t change this.)

The boring way to fix this would be to increase the amount of data.

The interesting way to fix this is to make use of auto_finalize=false
and thus keep the jobs around until the test is done with them.
However, this has one problem: In one case, 245 tries to make the target
node of a stream job read-only.  If the job is still copying data, doing
so will fail because the target node is in COR mode.  Otherwise, we get
a cryptic “Block node is read-only” message.

What the message means is “After reopening, the node will be read-only,
and that won’t work, because there is a writer on it.”  It doesn’t say
that, though, but it should.  So patch 1 makes it say something to that
effect (“Cannot make block node read-only, there is a writer on it”).

245 doesn’t care about the actual error message, both reflect that qemu
correctly detects that this node cannot be made read-only at this time.
So the other thing we have to do is let assert_qmp() accept an array of
valid error messages and choose the one that matches (if any).  Then we
can just pass both error messages to it and everything works.


Nice side effect: For me, the test duration goes down from about 12 s to
about 6 s.
(That’s because the test forgot to disable rate limiting on the jobs
before waiting for their completion.)


Max Reitz (4):
  block: Improve "Block node is read-only" message
  iotests.py: Let assert_qmp() accept an array
  iotests.py: Fix VM.run_job
  iotests: Make 245 faster and more reliable

 block.c   | 17 -
 tests/qemu-iotests/245| 22 ++
 tests/qemu-iotests/245.out| 12 
 tests/qemu-iotests/iotests.py | 20 +---
 4 files changed, 59 insertions(+), 12 deletions(-)

-- 
2.21.0

Re: [Qemu-devel] [PATCH v7 01/24] build: Link user-only with crypto-rng-obj-y

[Laurent Vivier]

On 15/05/2019 19:49, Daniel P. Berrangé wrote:
> On Wed, May 15, 2019 at 10:22:08AM -0700, Richard Henderson wrote:
>> On 5/15/19 9:53 AM, Daniel P. Berrangé wrote:
>>> On Tue, May 14, 2019 at 12:16:30PM -0700, Richard Henderson wrote:
 For user-only, we require only the random number bits of the
 crypto subsystem.

 We need to preserve --static linking, which for many recent Linux
 distributions precludes using GnuTLS or GCrypt.  Instead, use our
 random-platform module unconditionally.
>>>
>>> I don't think we need to special case in this way.
>>>
>>> Today if you do a default build with all targets & tools and want
>>> to use --static, but don't have static libs available for some
>>> things you can achieve that
>>>
>>>  ./configure --static --disable-gnutls --disable-gcrypt --disable-nettle
>>
>> But we don't really want all of those --disable arguments by default.  It 
>> would
>> be one thing if one explicitly used --enable-gnutls and got link errors.  We
>> must preserve --static working all by itself.
> 
> That's already not working today unless you add extra args to disable
> build of the system emulators and tools. 
> 

Perhaps it can help, I have a series queued by Paolo to cleanup the
build dependencies for --{disable,enable}-{system,user,tools}:

[v3,0/5] build: cleanup in Makefile.objs
https://patchwork.kernel.org/cover/10880135/

Thanks,
Laurent

Re: [Qemu-devel] cpu.fail / MDS fixes

[Stefan Priebe - Profihost AG]

Am 15.05.19 um 19:54 schrieb Daniel P. Berrangé:
> On Wed, May 15, 2019 at 07:13:56PM +0200, Stefan Priebe - Profihost AG wrote:
>> Hello list,
>>
>> i've updated my host to kernel 4.19.43 and applied the following patch
>> to my qemu 2.12.1:
>> https://bugzilla.suse.com/attachment.cgi?id=798722
>>
>> But my guest running 4.19.43 still says:
>> Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state
>> unknown
>>
>> while the host says:
>> Vulnerable: Clear CPU buffers attempted, SMT Host state unknown
> 
> That suggests your host OS hasn't got the new microcode installed
> or has not loaded it.

No it does not. A not loaded Microcode looks like this:
Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable

but in my case it is:
Mitigation: Clear CPU buffers; SMT vulnerable

on the host as hyper threading is still enabled.

> You want the host to report that it is Mitigated, and for the
> host's /proc/cpuinfo to report "md-clear" exists.
> 
>> I expected the guest can use the new microcode.
> 
> You've not said what CPU model you've given to the guest.
> 
> You need either "-cpu host", or if using a named CPU model
> you need to explicitly turn on the "md-clear" feature
> (and all previous fixes)
> 
>eg  "-cpu Haswell,+spec-ctrl,+ssbd,+md-clear"
hah yes you're true i need to specifiy +md-clean

Thanks!

> Regards,
> Daniel
> 

Re: [Qemu-devel] [PATCH] configure: Disable slirp if --disable-system

[Aleksandar Markovic]

On May 15, 2019 12:07 PM, "Peter Maydell"  wrote:
>
> On Tue, 14 May 2019 at 20:16, Aleksandar Markovic
>  wrote:
> >
> > On May 13, 2019 11:14 PM, "Richard Henderson" <
richard.hender...@linaro.org>
> > wrote:
> > >
> > > On 5/11/19 5:47 AM, Aleksandar Markovic wrote:
> > > > If no, the patch shoud be amended. If yes, the commit message
should be
> > > > extended.
> > >
> > > Like what?  I think it's pretty clear as is.
> > >
> >
> > Richard, no. In this case, there is a glaring discrepancy between the
title
> > and the functionality that the change provides. Much better title would
be
> > “configure: Disable slirp if no system mode target is selected”.
> >
> > I leave it to you to find out what can be improved in the commit
message.
>
> Aleksandar: I think this is not really a very productive stance to take.
> Richard thinks the commit message is reasonable. If you have something
> you would like him to change, I think we will reach a useful endpoint
> much more quickly and smoothly if you suggest some new text, rather than
> effectively saying "you need to think of something, and I'm going to keep
> making you rewrite it until you telepathically figure out what the text
> I wanted you to write is".
>

OK, Peter, no problem from my side. I was trying to make Richard think more
about what he writes in his commit messages, and how he organizes his code.
Sorry if this looked unproductive or even perhaps offensive.

Yours,
Aleksadar

> thanks
> -- PMM

Re: [Qemu-devel] cpu.fail / MDS fixes

[Daniel P . Berrangé]

On Wed, May 15, 2019 at 07:13:56PM +0200, Stefan Priebe - Profihost AG wrote:
> Hello list,
> 
> i've updated my host to kernel 4.19.43 and applied the following patch
> to my qemu 2.12.1:
> https://bugzilla.suse.com/attachment.cgi?id=798722
> 
> But my guest running 4.19.43 still says:
> Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state
> unknown
> 
> while the host says:
> Vulnerable: Clear CPU buffers attempted, SMT Host state unknown

That suggests your host OS hasn't got the new microcode installed
or has not loaded it.

You want the host to report that it is Mitigated, and for the
host's /proc/cpuinfo to report "md-clear" exists.

> I expected the guest can use the new microcode.

You've not said what CPU model you've given to the guest.

You need either "-cpu host", or if using a named CPU model
you need to explicitly turn on the "md-clear" feature
(and all previous fixes)

   eg  "-cpu Haswell,+spec-ctrl,+ssbd,+md-clear"

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH v9 00/27] gdbstub: Refactor command packets handler

[Alex Bennée]

Jon Doron  writes:

> This patch series refactors the old gdbstub command packets handler
> with a new infrastructure which should ease extending and adding new
> and missing gdb command packets.

Jon,

I've finished my review and things are looking pretty good. The code is
a good clean-up and makes adding new features a lot easier. Thanks for
the examples of extensions - they were worth it to see how this might be
used although we shouldn't include them in the first merge. As they
extend the gdbserver ABI we'll want to think carefully about exactly
what we want to expose before we include it in master.

Going forwards aside from the various comments on each patch it would be
worth making sure the branch has gone through at least one CI run to
make sure the non-x86 builds (and disable-tcg and other exotica) haven't
been broken.

It would be nice if we could extend the testing of the gdbserver. Have
you been testing this with the gdb test suite or just manually? Now we
have system test and linux-user binaries being built we could probably
do better than the manually run tests/guest-debug/test-gdbstub.py.

Finally it would be nice if we could modernise the membuf and strbuf
handling with a more robust glib based approach. I understand if you
don't want to do that now and I'll happily accept the patches without it
but I did notice you can send the gdbserver a bit loopy if you send it
some very long maint packets so it would be nice to have that a bit
safer.

--
Alex Bennée

[Qemu-devel] [PATCH 6/6] tests/hd-geo-test: Use qtest_init() instead of qtest_start()

[Thomas Huth]

qtest_start() + qtest_end() should be avoided, since they use the
global_qtest variable that we want to get rid of in the long run.
Use qtest_init() and qtest_quit() instead.

Signed-off-by: Thomas Huth 
---
 tests/hd-geo-test.c | 76 -
 1 file changed, 41 insertions(+), 35 deletions(-)

diff --git a/tests/hd-geo-test.c b/tests/hd-geo-test.c
index ce665f1f83..9e43161a3d 100644
--- a/tests/hd-geo-test.c
+++ b/tests/hd-geo-test.c
@@ -77,33 +77,35 @@ static bool is_hd(const CHST *expected_chst)
 return expected_chst && expected_chst->cyls;
 }
 
-static void test_cmos_byte(int reg, int expected)
+static void test_cmos_byte(QTestState *qts, int reg, int expected)
 {
 enum { cmos_base = 0x70 };
 int actual;
 
-outb(cmos_base + 0, reg);
-actual = inb(cmos_base + 1);
+qtest_outb(qts, cmos_base + 0, reg);
+actual = qtest_inb(qts, cmos_base + 1);
 g_assert(actual == expected);
 }
 
-static void test_cmos_bytes(int reg0, int n, uint8_t expected[])
+static void test_cmos_bytes(QTestState *qts, int reg0, int n, 
+uint8_t expected[])
 {
 int i;
 
 for (i = 0; i < 9; i++) {
-test_cmos_byte(reg0 + i, expected[i]);
+test_cmos_byte(qts, reg0 + i, expected[i]);
 }
 }
 
-static void test_cmos_disk_data(void)
+static void test_cmos_disk_data(QTestState *qts)
 {
-test_cmos_byte(0x12,
+test_cmos_byte(qts, 0x12,
(is_hd(cur_ide[0]) ? 0xf0 : 0) |
(is_hd(cur_ide[1]) ? 0x0f : 0));
 }
 
-static void test_cmos_drive_cyl(int reg0, const CHST *expected_chst)
+static void test_cmos_drive_cyl(QTestState *qts, int reg0,
+const CHST *expected_chst)
 {
 if (is_hd(expected_chst)) {
 int c = expected_chst->cyls;
@@ -113,29 +115,29 @@ static void test_cmos_drive_cyl(int reg0, const CHST 
*expected_chst)
 c & 0xff, c >> 8, h, 0xff, 0xff, 0xc0 | ((h > 8) << 3),
 c & 0xff, c >> 8, s
 };
-test_cmos_bytes(reg0, 9, expected_bytes);
+test_cmos_bytes(qts, reg0, 9, expected_bytes);
 } else {
 int i;
 
 for (i = 0; i < 9; i++) {
-test_cmos_byte(reg0 + i, 0);
+test_cmos_byte(qts, reg0 + i, 0);
 }
 }
 }
 
-static void test_cmos_drive1(void)
+static void test_cmos_drive1(QTestState *qts)
 {
-test_cmos_byte(0x19, is_hd(cur_ide[0]) ? 47 : 0);
-test_cmos_drive_cyl(0x1b, cur_ide[0]);
+test_cmos_byte(qts, 0x19, is_hd(cur_ide[0]) ? 47 : 0);
+test_cmos_drive_cyl(qts, 0x1b, cur_ide[0]);
 }
 
-static void test_cmos_drive2(void)
+static void test_cmos_drive2(QTestState *qts)
 {
-test_cmos_byte(0x1a, is_hd(cur_ide[1]) ? 47 : 0);
-test_cmos_drive_cyl(0x24, cur_ide[1]);
+test_cmos_byte(qts, 0x1a, is_hd(cur_ide[1]) ? 47 : 0);
+test_cmos_drive_cyl(qts, 0x24, cur_ide[1]);
 }
 
-static void test_cmos_disktransflag(void)
+static void test_cmos_disktransflag(QTestState *qts)
 {
 int val, i;
 
@@ -145,15 +147,15 @@ static void test_cmos_disktransflag(void)
 val |= cur_ide[i]->trans << (2 * i);
 }
 }
-test_cmos_byte(0x39, val);
+test_cmos_byte(qts, 0x39, val);
 }
 
-static void test_cmos(void)
+static void test_cmos(QTestState *qts)
 {
-test_cmos_disk_data();
-test_cmos_drive1();
-test_cmos_drive2();
-test_cmos_disktransflag();
+test_cmos_disk_data(qts);
+test_cmos_drive1(qts);
+test_cmos_drive2(qts);
+test_cmos_disktransflag(qts);
 }
 
 static int append_arg(int argc, char *argv[], int argv_sz, char *arg)
@@ -238,14 +240,15 @@ static void test_ide_none(void)
 {
 char **argv = g_new0(char *, ARGV_SIZE);
 char *args;
+QTestState *qts;
 
 setup_common(argv, ARGV_SIZE);
 args = g_strjoinv(" ", argv);
-qtest_start(args);
+qts = qtest_init(args);
 g_strfreev(argv);
 g_free(args);
-test_cmos();
-qtest_end();
+test_cmos(qts);
+qtest_quit(qts);
 }
 
 static void test_ide_mbr(bool use_device, MBRcontents mbr)
@@ -255,6 +258,7 @@ static void test_ide_mbr(bool use_device, MBRcontents mbr)
 int argc;
 Backend i;
 const char *dev;
+QTestState *qts;
 
 argc = setup_common(argv, ARGV_SIZE);
 for (i = 0; i < backend_last; i++) {
@@ -263,11 +267,11 @@ static void test_ide_mbr(bool use_device, MBRcontents mbr)
 argc = setup_ide(argc, argv, ARGV_SIZE, i, dev, i, mbr);
 }
 args = g_strjoinv(" ", argv);
-qtest_start(args);
+qts = qtest_init(args);
 g_strfreev(argv);
 g_free(args);
-test_cmos();
-qtest_end();
+test_cmos(qts);
+qtest_quit(qts);
 }
 
 /*
@@ -325,6 +329,7 @@ static void test_ide_drive_user(const char *dev, bool trans)
 int argc;
 int secs = img_secs[backend_small];
 const CHST expected_chst = { secs / (4 * 32) , 4, 32, trans };
+QTestState *qts;
 
 argc = setup_common(argv, ARGV_SIZE);
 opts = 

Re: [Qemu-devel] [PATCH v9 26/27] gdbstub: Add support to read a MSR for KVM target

[Alex Bennée]

Jon Doron  writes:

> gdb> maint packet qqemu.kvm.Rdmsr:MsrIndex

gdbserver already has a mechanism for exposing system registers see:

  commit 200bf5b7ffea635079cc05fdfb363372b9544ce7
  Author: Abdallah Bouassida 
  Date:   Fri May 18 17:48:07 2018 +0100

for an example. As MSR's are very specific to x86 all this should be
handled via target/i386/gdbstub and kept out of the generic code.

>
> Signed-off-by: Jon Doron 
> ---
>  gdbstub.c | 38 +-
>  1 file changed, 37 insertions(+), 1 deletion(-)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index 34da10260d..f48c3a2b5f 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -2141,7 +2141,14 @@ static void handle_query_attached(GdbCmdContext 
> *gdb_ctx, void *user_ctx)
>
>  static void handle_query_qemu_supported(GdbCmdContext *gdb_ctx, void 
> *user_ctx)
>  {
> -put_packet(gdb_ctx->s, "sstepbits;sstep;PhyMemMode");
> +snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf),
> + "sstepbits;sstep;PhyMemMode");
> +
> +if (kvm_enabled()) {
> +pstrcat(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), ";kvm.Rdmsr");
> +}
> +
> +put_packet(gdb_ctx->s, gdb_ctx->str_buf);
>  }
>
>  static void handle_query_qemu_phy_mem_mode(GdbCmdContext *gdb_ctx,
> @@ -2166,6 +2173,29 @@ static void handle_set_qemu_phy_mem_mode(GdbCmdContext 
> *gdb_ctx, void *user_ctx)
>  put_packet(gdb_ctx->s, "OK");
>  }
>
> +static void handle_query_kvm_read_msr(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +uint64_t msr_val;
> +
> +if (!kvm_enabled()) {
> +return;
> +}
> +
> +if (!gdb_ctx->num_params) {
> +put_packet(gdb_ctx->s, "E22");
> +return;
> +}
> +
> +if (kvm_arch_read_msr(gdbserver_state->c_cpu, gdb_ctx->params[0].val_ul,
> +  _val)) {
> +put_packet(gdb_ctx->s, "E00");
> +return;
> +}
> +
> +snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "0x%" PRIx64, 
> msr_val);
> +put_packet(gdb_ctx->s, gdb_ctx->str_buf);
> +}
> +
>  static GdbCmdParseEntry gdb_gen_query_set_common_table[] = {
>  /* Order is important if has same prefix */
>  {
> @@ -2250,6 +2280,12 @@ static GdbCmdParseEntry gdb_gen_query_table[] = {
>  .handler = handle_query_qemu_phy_mem_mode,
>  .cmd = "qemu.PhyMemMode",
>  },
> +{
> +.handler = handle_query_kvm_read_msr,
> +.cmd = "qemu.kvm.Rdmsr:",
> +.cmd_startswith = 1,
> +.schema = "l0"
> +},
>  };
>
>  static GdbCmdParseEntry gdb_gen_set_table[] = {


--
Alex Bennée

Re: [Qemu-devel] [PATCH v7 01/24] build: Link user-only with crypto-rng-obj-y

[Daniel P . Berrangé]

On Wed, May 15, 2019 at 10:22:08AM -0700, Richard Henderson wrote:
> On 5/15/19 9:53 AM, Daniel P. Berrangé wrote:
> > On Tue, May 14, 2019 at 12:16:30PM -0700, Richard Henderson wrote:
> >> For user-only, we require only the random number bits of the
> >> crypto subsystem.
> >>
> >> We need to preserve --static linking, which for many recent Linux
> >> distributions precludes using GnuTLS or GCrypt.  Instead, use our
> >> random-platform module unconditionally.
> > 
> > I don't think we need to special case in this way.
> > 
> > Today if you do a default build with all targets & tools and want
> > to use --static, but don't have static libs available for some
> > things you can achieve that
> > 
> >  ./configure --static --disable-gnutls --disable-gcrypt --disable-nettle
> 
> But we don't really want all of those --disable arguments by default.  It 
> would
> be one thing if one explicitly used --enable-gnutls and got link errors.  We
> must preserve --static working all by itself.

That's already not working today unless you add extra args to disable
build of the system emulators and tools. 

> > Previously if you took care to disable system emulators & tools
> > you could avoid the need to pass the --disable-* args, but I
> > think that's fairly minor.
> 
> Well, no, you get link errors.
> 
> (As an aside, IMO pkg-config is stupid in being only able to ask "is version X
> installed" without also being about to ask "is a static version of X
> installed".  pkg-config has a --static option, it just doesn't use it.)

Yeah it is very frustrating that it isn't actually useful in the way
you'd expect.

> But suppose we add back the patch for --static sanity check from v6.  What are
> we left with?  No crypto libraries remain on Fedora 30.  It appears that 
> Ubuntu
> Bionic ships a static version of nettle, but nothing else.  Is that useful on
> its own?

nettle isn't useful from POV of RNG.

> > So I think we should just use $(crypto-obj-y) unconditionally in
> > the user emulators, and get rid of crypto-aes-obj-y too.
> > 
> > This will give a consistent crypto story across all the things we
> > build with no special cases.
> 
> Well, maybe.  But what are we trying to accomplish?

With this v7, if building dynamically we get some parts of QEMU using
the full crypto/ impl and thus GNUTLS for RNG, and some parts of QEMU
using just the rng-platform.o.  I'd like it all to use the full crypto
impl when building dynamically.

Similarly if building statically, it should again result in the same
fallback choices. If a static gnutls is available it should use that,
but if none is present everything, it will get build with rng-platform.o

IOW, either we just document need to pass

   --disable-gnutls --disable-gcrypt --disable-nettle

if the distro lacks static versions of those libs - we already need
thus documented as we already suffer from that problem when building
statically.

Or we need to make configure more clever and check if static linking
actually works for these libs.

> What use is crypto to the host side of linux-user?  In general, all the crypto
> that the application will do is on the guest side, within guest versions of
> gnutls etc.  All crypto that the guest expects of its kernel is done passing
> off the syscall to the host kernel.
> 
> That's why, here in v7, I began to think that perhaps all the faffing about
> with pkg-config vs --static was just a waste of time.
> 
> Have I missed something?


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[Qemu-devel] [PATCH 3/6] tests/numa-test: Use qtest_init() instead of qtest_start()

[Thomas Huth]

qtest_start() + qtest_end() should be avoided, since they use the
global_qtest variable that we want to get rid of in the long run.
Use qtest_init() and qtest_quit() instead.

Signed-off-by: Thomas Huth 
---
 tests/numa-test.c | 53 +++
 1 file changed, 30 insertions(+), 23 deletions(-)

diff --git a/tests/numa-test.c b/tests/numa-test.c
index 9824fdd587..8de8581231 100644
--- a/tests/numa-test.c
+++ b/tests/numa-test.c
@@ -23,18 +23,19 @@ static void test_mon_explicit(const void *data)
 {
 char *s;
 char *cli;
+QTestState *qts;
 
 cli = make_cli(data, "-smp 8 "
"-numa node,nodeid=0,cpus=0-3 "
"-numa node,nodeid=1,cpus=4-7 ");
-qtest_start(cli);
+qts = qtest_init(cli);
 
-s = hmp("info numa");
+s = qtest_hmp(qts, "info numa");
 g_assert(strstr(s, "node 0 cpus: 0 1 2 3"));
 g_assert(strstr(s, "node 1 cpus: 4 5 6 7"));
 g_free(s);
 
-qtest_end();
+qtest_quit(qts);
 g_free(cli);
 }
 
@@ -42,16 +43,17 @@ static void test_mon_default(const void *data)
 {
 char *s;
 char *cli;
+QTestState *qts;
 
 cli = make_cli(data, "-smp 8 -numa node -numa node");
-qtest_start(cli);
+qts = qtest_init(cli);
 
-s = hmp("info numa");
+s = qtest_hmp(qts, "info numa");
 g_assert(strstr(s, "node 0 cpus: 0 2 4 6"));
 g_assert(strstr(s, "node 1 cpus: 1 3 5 7"));
 g_free(s);
 
-qtest_end();
+qtest_quit(qts);
 g_free(cli);
 }
 
@@ -59,24 +61,25 @@ static void test_mon_partial(const void *data)
 {
 char *s;
 char *cli;
+QTestState *qts;
 
 cli = make_cli(data, "-smp 8 "
"-numa node,nodeid=0,cpus=0-1 "
"-numa node,nodeid=1,cpus=4-5 ");
-qtest_start(cli);
+qts = qtest_init(cli);
 
-s = hmp("info numa");
+s = qtest_hmp(qts, "info numa");
 g_assert(strstr(s, "node 0 cpus: 0 1 2 3 6 7"));
 g_assert(strstr(s, "node 1 cpus: 4 5"));
 g_free(s);
 
-qtest_end();
+qtest_quit(qts);
 g_free(cli);
 }
 
-static QList *get_cpus(QDict **resp)
+static QList *get_cpus(QTestState *qts, QDict **resp)
 {
-*resp = qmp("{ 'execute': 'query-cpus' }");
+*resp = qtest_qmp(qts, "{ 'execute': 'query-cpus' }");
 g_assert(*resp);
 g_assert(qdict_haskey(*resp, "return"));
 return qdict_get_qlist(*resp, "return");
@@ -88,10 +91,11 @@ static void test_query_cpus(const void *data)
 QDict *resp;
 QList *cpus;
 QObject *e;
+QTestState *qts;
 
 cli = make_cli(data, "-smp 8 -numa node,cpus=0-3 -numa node,cpus=4-7");
-qtest_start(cli);
-cpus = get_cpus();
+qts = qtest_init(cli);
+cpus = get_cpus(qts, );
 g_assert(cpus);
 
 while ((e = qlist_pop(cpus))) {
@@ -115,7 +119,7 @@ static void test_query_cpus(const void *data)
 }
 
 qobject_unref(resp);
-qtest_end();
+qtest_quit(qts);
 g_free(cli);
 }
 
@@ -125,6 +129,7 @@ static void pc_numa_cpu(const void *data)
 QDict *resp;
 QList *cpus;
 QObject *e;
+QTestState *qts;
 
 cli = make_cli(data, "-cpu pentium -smp 8,sockets=2,cores=2,threads=2 "
 "-numa node,nodeid=0 -numa node,nodeid=1 "
@@ -132,8 +137,8 @@ static void pc_numa_cpu(const void *data)
 "-numa cpu,node-id=0,socket-id=1,core-id=0 "
 "-numa cpu,node-id=0,socket-id=1,core-id=1,thread-id=0 "
 "-numa cpu,node-id=1,socket-id=1,core-id=1,thread-id=1");
-qtest_start(cli);
-cpus = get_cpus();
+qts = qtest_init(cli);
+cpus = get_cpus(qts, );
 g_assert(cpus);
 
 while ((e = qlist_pop(cpus))) {
@@ -168,7 +173,7 @@ static void pc_numa_cpu(const void *data)
 }
 
 qobject_unref(resp);
-qtest_end();
+qtest_quit(qts);
 g_free(cli);
 }
 
@@ -178,6 +183,7 @@ static void spapr_numa_cpu(const void *data)
 QDict *resp;
 QList *cpus;
 QObject *e;
+QTestState *qts;
 
 cli = make_cli(data, "-smp 4,cores=4 "
 "-numa node,nodeid=0 -numa node,nodeid=1 "
@@ -185,8 +191,8 @@ static void spapr_numa_cpu(const void *data)
 "-numa cpu,node-id=0,core-id=1 "
 "-numa cpu,node-id=0,core-id=2 "
 "-numa cpu,node-id=1,core-id=3");
-qtest_start(cli);
-cpus = get_cpus();
+qts = qtest_init(cli);
+cpus = get_cpus(qts, );
 g_assert(cpus);
 
 while ((e = qlist_pop(cpus))) {
@@ -213,7 +219,7 @@ static void spapr_numa_cpu(const void *data)
 }
 
 qobject_unref(resp);
-qtest_end();
+qtest_quit(qts);
 g_free(cli);
 }
 
@@ -223,13 +229,14 @@ static void aarch64_numa_cpu(const void *data)
 QDict *resp;
 QList *cpus;
 QObject *e;
+QTestState *qts;
 
 cli = make_cli(data, "-smp 2 "
 "-numa node,nodeid=0 -numa node,nodeid=1 "
 "-numa cpu,node-id=1,thread-id=0 "
 "-numa cpu,node-id=0,thread-id=1");
-qtest_start(cli);
-cpus = get_cpus();
+qts = qtest_init(cli);
+cpus = get_cpus(qts, );
 g_assert(cpus);
 

[Qemu-devel] [PATCH 4/6] tests/qom-test: Use qtest_init() instead of qtest_start()

[Thomas Huth]

qtest_start() + qtest_end() should be avoided, since they use the
global_qtest variable that we want to get rid of in the long run.
Use qtest_init() and qtest_quit() instead.

Signed-off-by: Thomas Huth 
---
 tests/qom-test.c | 28 +---
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/tests/qom-test.c b/tests/qom-test.c
index 73c52af3bb..4f94cc678c 100644
--- a/tests/qom-test.c
+++ b/tests/qom-test.c
@@ -44,7 +44,7 @@ static bool is_blacklisted(const char *arch, const char *mach)
 return false;
 }
 
-static void test_properties(const char *path, bool recurse)
+static void test_properties(QTestState *qts, const char *path, bool recurse)
 {
 char *child_path;
 QDict *response, *tuple, *tmp;
@@ -52,8 +52,8 @@ static void test_properties(const char *path, bool recurse)
 QListEntry *entry;
 
 g_test_message("Obtaining properties of %s", path);
-response = qmp("{ 'execute': 'qom-list',"
-   "  'arguments': { 'path': %s } }", path);
+response = qtest_qmp(qts, "{ 'execute': 'qom-list',"
+  "  'arguments': { 'path': %s } }", path);
 g_assert(response);
 
 if (!recurse) {
@@ -71,15 +71,15 @@ static void test_properties(const char *path, bool recurse)
 if (is_child || is_link) {
 child_path = g_strdup_printf("%s/%s",
  path, qdict_get_str(tuple, "name"));
-test_properties(child_path, is_child);
+test_properties(qts, child_path, is_child);
 g_free(child_path);
 } else {
 const char *prop = qdict_get_str(tuple, "name");
 g_test_message("Testing property %s.%s", path, prop);
-tmp = qmp("{ 'execute': 'qom-get',"
-  "  'arguments': { 'path': %s,"
-  " 'property': %s } }",
-  path, prop);
+tmp = qtest_qmp(qts,
+"{ 'execute': 'qom-get',"
+"  'arguments': { 'path': %s, 'property': %s } }",
+path, prop);
 /* qom-get may fail but should not, e.g., segfault. */
 g_assert(tmp);
 qobject_unref(tmp);
@@ -91,20 +91,18 @@ static void test_properties(const char *path, bool recurse)
 static void test_machine(gconstpointer data)
 {
 const char *machine = data;
-char *args;
 QDict *response;
+QTestState *qts;
 
-args = g_strdup_printf("-machine %s", machine);
-qtest_start(args);
+qts = qtest_initf("-machine %s", machine);
 
-test_properties("/machine", true);
+test_properties(qts, "/machine", true);
 
-response = qmp("{ 'execute': 'quit' }");
+response = qtest_qmp(qts, "{ 'execute': 'quit' }");
 g_assert(qdict_haskey(response, "return"));
 qobject_unref(response);
 
-qtest_end();
-g_free(args);
+qtest_quit(qts);
 g_free((void *)machine);
 }
 
-- 
2.21.0

Re: [Qemu-devel] [PATCH v9 24/27] gdbstub: Add another handler for setting qemu.sstep

[Alex Bennée]

Jon Doron  writes:

> Follow GDB general query/set packet conventions, qemu.sstep can now
> be set with the following command as well:
> gdb> maint packet Qqemu.sstep:Value

I;m not sure about exposing internal values to a protocol like this.
Maybe text based flags would be better?

>
> Signed-off-by: Jon Doron 
> ---
>  gdbstub.c | 6 ++
>  1 file changed, 6 insertions(+)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index 88ff6224e6..34da10260d 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -2260,6 +2260,12 @@ static GdbCmdParseEntry gdb_gen_set_table[] = {
>  .cmd_startswith = 1,
>  .schema = "l0"
>  },
> +{
> +.handler = handle_set_qemu_sstep,
> +.cmd = "qemu.sstep:",
> +.cmd_startswith = 1,
> +.schema = "l0"
> +},

Hmm the implementation seems to have gone in earlier. These should be
together as a feature patch (along with changing the query/probe
responses).

>  };
>
>  static void handle_gen_query(GdbCmdContext *gdb_ctx, void *user_ctx)


--
Alex Bennée

[Qemu-devel] [PATCH 5/6] tests/device-introspect: Use qtest_init() instead of qtest_start()

[Thomas Huth]

qtest_start() + qtest_end() should be avoided, since they use the
global_qtest variable that we want to get rid of in the long run.
Use qtest_init() and qtest_quit() instead.

Signed-off-by: Thomas Huth 
---
 tests/device-introspect-test.c | 85 ++
 1 file changed, 46 insertions(+), 39 deletions(-)

diff --git a/tests/device-introspect-test.c b/tests/device-introspect-test.c
index a25092dfaa..04f22903b0 100644
--- a/tests/device-introspect-test.c
+++ b/tests/device-introspect-test.c
@@ -26,7 +26,8 @@
 
 const char common_args[] = "-nodefaults -machine none";
 
-static QList *qom_list_types(const char *implements, bool abstract)
+static QList *qom_list_types(QTestState * qts, const char *implements,
+ bool abstract)
 {
 QDict *resp;
 QList *ret;
@@ -36,8 +37,8 @@ static QList *qom_list_types(const char *implements, bool 
abstract)
 if (implements) {
 qdict_put_str(args, "implements", implements);
 }
-resp = qmp("{'execute': 'qom-list-types',"
-   " 'arguments': %p }", args);
+resp = qtest_qmp(qts, "{'execute': 'qom-list-types', 'arguments': %p }",
+ args);
 g_assert(qdict_haskey(resp, "return"));
 ret = qdict_get_qlist(resp, "return");
 qobject_ref(ret);
@@ -95,12 +96,12 @@ static QDict *type_list_find(QList *types, const char *name)
 return NULL;
 }
 
-static QList *device_type_list(bool abstract)
+static QList *device_type_list(QTestState *qts, bool abstract)
 {
-return qom_list_types("device", abstract);
+return qom_list_types(qts, "device", abstract);
 }
 
-static void test_one_device(const char *type)
+static void test_one_device(QTestState *qts, const char *type)
 {
 QDict *resp;
 char *help;
@@ -109,15 +110,15 @@ static void test_one_device(const char *type)
 
 g_test_message("Testing device '%s'", type);
 
-qom_tree_start = hmp("info qom-tree");
-qtree_start = hmp("info qtree");
+qom_tree_start = qtest_hmp(qts, "info qom-tree");
+qtree_start = qtest_hmp(qts, "info qtree");
 
-resp = qmp("{'execute': 'device-list-properties',"
-   " 'arguments': {'typename': %s}}",
+resp = qtest_qmp(qts, "{'execute': 'device-list-properties',"
+  " 'arguments': {'typename': %s}}",
type);
 qobject_unref(resp);
 
-help = hmp("device_add \"%s,help\"", type);
+help = qtest_hmp(qts, "device_add \"%s,help\"", type);
 g_free(help);
 
 /*
@@ -125,12 +126,12 @@ static void test_one_device(const char *type)
  * "info qom-tree" or "info qtree" have a good chance at crashing then.
  * Also make sure that the tree did not change.
  */
-qom_tree_end = hmp("info qom-tree");
+qom_tree_end = qtest_hmp(qts, "info qom-tree");
 g_assert_cmpstr(qom_tree_start, ==, qom_tree_end);
 g_free(qom_tree_start);
 g_free(qom_tree_end);
 
-qtree_end = hmp("info qtree");
+qtree_end = qtest_hmp(qts, "info qtree");
 g_assert_cmpstr(qtree_start, ==, qtree_end);
 g_free(qtree_start);
 g_free(qtree_end);
@@ -140,29 +141,30 @@ static void test_device_intro_list(void)
 {
 QList *types;
 char *help;
+QTestState *qts;
 
-qtest_start(common_args);
+qts = qtest_init(common_args);
 
-types = device_type_list(true);
+types = device_type_list(qts, true);
 qobject_unref(types);
 
-help = hmp("device_add help");
+help = qtest_hmp(qts, "device_add help");
 g_free(help);
 
-qtest_end();
+qtest_quit(qts);
 }
 
 /*
  * Ensure all entries returned by qom-list-types implements=
  * have  as a parent.
  */
-static void test_qom_list_parents(const char *parent)
+static void test_qom_list_parents(QTestState *qts, const char *parent)
 {
 QList *types;
 QListEntry *e;
 QDict *index;
 
-types = qom_list_types(parent, true);
+types = qom_list_types(qts, parent, true);
 index = qom_type_index(types);
 
 QLIST_FOREACH_ENTRY(types, e) {
@@ -181,11 +183,12 @@ static void test_qom_list_fields(void)
 QList *all_types;
 QList *non_abstract;
 QListEntry *e;
+QTestState *qts;
 
-qtest_start(common_args);
+qts = qtest_init(common_args);
 
-all_types = qom_list_types(NULL, true);
-non_abstract = qom_list_types(NULL, false);
+all_types = qom_list_types(qts, NULL, true);
+non_abstract = qom_list_types(qts, NULL, false);
 
 QLIST_FOREACH_ENTRY(all_types, e) {
 QDict *d = qobject_to(QDict, qlist_entry_obj(e));
@@ -198,27 +201,29 @@ static void test_qom_list_fields(void)
 g_assert(abstract == expected_abstract);
 }
 
-test_qom_list_parents("object");
-test_qom_list_parents("device");
-test_qom_list_parents("sys-bus-device");
+test_qom_list_parents(qts, "object");
+test_qom_list_parents(qts, "device");
+test_qom_list_parents(qts, "sys-bus-device");
 
 qobject_unref(all_types);
 qobject_unref(non_abstract);
-

[Qemu-devel] [PATCH 2/6] tests/q35-test: Make test independent of global_qtest

[Thomas Huth]

Use a local QTestState variable, so that we can finally get rid
of the undesired global_qtest variable in this file, too.

Signed-off-by: Thomas Huth 
---
 tests/q35-test.c | 39 ++-
 1 file changed, 18 insertions(+), 21 deletions(-)

diff --git a/tests/q35-test.c b/tests/q35-test.c
index 34b34bc2b9..a68183d513 100644
--- a/tests/q35-test.c
+++ b/tests/q35-test.c
@@ -84,10 +84,11 @@ static void test_smram_lock(void)
 QPCIBus *pcibus;
 QPCIDevice *pcidev;
 QDict *response;
+QTestState *qts;
 
-qtest_start("-M q35");
+qts = qtest_init("-M q35");
 
-pcibus = qpci_new_pc(global_qtest, NULL);
+pcibus = qpci_new_pc(qts, NULL);
 g_assert(pcibus != NULL);
 
 pcidev = qpci_device_find(pcibus, 0);
@@ -106,7 +107,7 @@ static void test_smram_lock(void)
 g_assert(smram_test_bit(pcidev, MCH_HOST_BRIDGE_SMRAM_D_OPEN) == false);
 
 /* reset */
-response = qmp("{'execute': 'system_reset', 'arguments': {} }");
+response = qtest_qmp(qts, "{'execute': 'system_reset', 'arguments': {} }");
 g_assert(response);
 g_assert(!qdict_haskey(response, "error"));
 qobject_unref(response);
@@ -120,33 +121,29 @@ static void test_smram_lock(void)
 g_free(pcidev);
 qpci_free_pc(pcibus);
 
-qtest_end();
+qtest_quit(qts);
 }
 
 static void test_tseg_size(const void *data)
 {
 const TsegSizeArgs *args = data;
-char *cmdline;
 QPCIBus *pcibus;
 QPCIDevice *pcidev;
 uint8_t smram_val;
 uint8_t esmramc_val;
 uint32_t ram_offs;
+QTestState *qts;
 
 if (args->esmramc_tseg_sz == MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_MASK) {
-cmdline = g_strdup_printf("-M q35 -m %uM "
-  "-global mch.extended-tseg-mbytes=%u",
-  TSEG_SIZE_TEST_GUEST_RAM_MBYTES,
-  args->extended_tseg_mbytes);
+qts = qtest_initf("-M q35 -m %uM -global mch.extended-tseg-mbytes=%u",
+  TSEG_SIZE_TEST_GUEST_RAM_MBYTES,
+  args->extended_tseg_mbytes);
 } else {
-cmdline = g_strdup_printf("-M q35 -m %uM",
-  TSEG_SIZE_TEST_GUEST_RAM_MBYTES);
+qts = qtest_initf("-M q35 -m %uM", TSEG_SIZE_TEST_GUEST_RAM_MBYTES);
 }
-qtest_start(cmdline);
-g_free(cmdline);
 
 /* locate the DRAM controller */
-pcibus = qpci_new_pc(global_qtest, NULL);
+pcibus = qpci_new_pc(qts, NULL);
 g_assert(pcibus != NULL);
 pcidev = qpci_device_find(pcibus, 0);
 g_assert(pcidev != NULL);
@@ -175,18 +172,18 @@ static void test_tseg_size(const void *data)
  */
 ram_offs = (TSEG_SIZE_TEST_GUEST_RAM_MBYTES - args->expected_tseg_mbytes) *
1024 * 1024 - 1;
-g_assert_cmpint(readb(ram_offs), ==, 0);
-writeb(ram_offs, 1);
-g_assert_cmpint(readb(ram_offs), ==, 1);
+g_assert_cmpint(qtest_readb(qts, ram_offs), ==, 0);
+qtest_writeb(qts, ram_offs, 1);
+g_assert_cmpint(qtest_readb(qts, ram_offs), ==, 1);
 
 ram_offs++;
-g_assert_cmpint(readb(ram_offs), ==, 0xff);
-writeb(ram_offs, 1);
-g_assert_cmpint(readb(ram_offs), ==, 0xff);
+g_assert_cmpint(qtest_readb(qts, ram_offs), ==, 0xff);
+qtest_writeb(qts, ram_offs, 1);
+g_assert_cmpint(qtest_readb(qts, ram_offs), ==, 0xff);
 
 g_free(pcidev);
 qpci_free_pc(pcibus);
-qtest_end();
+qtest_quit(qts);
 }
 
 int main(int argc, char **argv)
-- 
2.21.0

[Qemu-devel] [PATCH 0/6] Get rid of global_qtest in q35-, qom-, numa- and more tests

[Thomas Huth]

Here are some more patches that get rid of global_qtest and related
functions in some of the qtests (hacked along the way while waiting
for other compilation and test processes to finish). A global variable
like global_qtest is very problematic in tests that track multiple test
states (like migration tests). But since we often share code between
tests, it is better to avoid these global_qtest related functions
completely - i.e. the plan is to get rid of global_qtest completely
in the long run.

Thomas Huth (6):
  tests/libqos: Get rid of global_qtest dependency in qvring_init()
  tests/q35-test: Make test independent of global_qtest
  tests/numa-test: Use qtest_init() instead of qtest_start()
  tests/qom-test: Use qtest_init() instead of qtest_start()
  tests/device-introspect: Use qtest_init() instead of qtest_start()
  tests/hd-geo-test: Use qtest_init() instead of qtest_start()

 tests/device-introspect-test.c | 85 ++
 tests/hd-geo-test.c| 76 --
 tests/libqos/virtio-mmio.c |  2 +-
 tests/libqos/virtio-pci.c  |  3 +-
 tests/libqos/virtio.c  | 18 +++
 tests/libqos/virtio.h  |  3 +-
 tests/numa-test.c  | 53 -
 tests/q35-test.c   | 39 +++-
 tests/qom-test.c   | 28 ++-
 9 files changed, 163 insertions(+), 144 deletions(-)

-- 
2.21.0

[Qemu-devel] [PATCH 1/6] tests/libqos: Get rid of global_qtest dependency in qvring_init()

[Thomas Huth]

Library functions should not depend on global_qtest functions like
writew() and writeq(), so that they can also be used in tests that
deal with multiple QTestStates at the same time (like migration tests).

Signed-off-by: Thomas Huth 
---
 tests/libqos/virtio-mmio.c |  2 +-
 tests/libqos/virtio-pci.c  |  3 ++-
 tests/libqos/virtio.c  | 18 ++
 tests/libqos/virtio.h  |  3 ++-
 4 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/tests/libqos/virtio-mmio.c b/tests/libqos/virtio-mmio.c
index 3678c07ef0..213a5f9de0 100644
--- a/tests/libqos/virtio-mmio.c
+++ b/tests/libqos/virtio-mmio.c
@@ -148,7 +148,7 @@ static QVirtQueue 
*qvirtio_mmio_virtqueue_setup(QVirtioDevice *d,
 g_assert_cmpint(vq->size & (vq->size - 1), ==, 0);
 
 addr = guest_alloc(alloc, qvring_size(vq->size, dev->page_size));
-qvring_init(alloc, vq, addr);
+qvring_init(dev->qts, alloc, vq, addr);
 qvirtio_mmio_set_queue_address(d, vq->desc / dev->page_size);
 
 return vq;
diff --git a/tests/libqos/virtio-pci.c b/tests/libqos/virtio-pci.c
index 993d347830..a622ca26ca 100644
--- a/tests/libqos/virtio-pci.c
+++ b/tests/libqos/virtio-pci.c
@@ -199,6 +199,7 @@ static QVirtQueue 
*qvirtio_pci_virtqueue_setup(QVirtioDevice *d,
 uint32_t feat;
 uint64_t addr;
 QVirtQueuePCI *vqpci;
+QVirtioPCIDevice *qvpcidev = container_of(d, QVirtioPCIDevice, vdev);
 
 vqpci = g_malloc0(sizeof(*vqpci));
 feat = qvirtio_pci_get_guest_features(d);
@@ -224,7 +225,7 @@ static QVirtQueue 
*qvirtio_pci_virtqueue_setup(QVirtioDevice *d,
 
 addr = guest_alloc(alloc, qvring_size(vqpci->vq.size,
   VIRTIO_PCI_VRING_ALIGN));
-qvring_init(alloc, >vq, addr);
+qvring_init(qvpcidev->pdev->bus->qts, alloc, >vq, addr);
 qvirtio_pci_set_queue_address(d, vqpci->vq.desc / VIRTIO_PCI_VRING_ALIGN);
 
 return >vq;
diff --git a/tests/libqos/virtio.c b/tests/libqos/virtio.c
index 5e8f39b4d3..b4c01dc0c1 100644
--- a/tests/libqos/virtio.c
+++ b/tests/libqos/virtio.c
@@ -162,7 +162,8 @@ void qvirtio_wait_config_isr(QVirtioDevice *d, gint64 
timeout_us)
 }
 }
 
-void qvring_init(const QGuestAllocator *alloc, QVirtQueue *vq, uint64_t addr)
+void qvring_init(QTestState *qts, const QGuestAllocator *alloc, QVirtQueue *vq,
+ uint64_t addr)
 {
 int i;
 
@@ -173,22 +174,23 @@ void qvring_init(const QGuestAllocator *alloc, QVirtQueue 
*vq, uint64_t addr)
 
 for (i = 0; i < vq->size - 1; i++) {
 /* vq->desc[i].addr */
-writeq(vq->desc + (16 * i), 0);
+qtest_writeq(qts, vq->desc + (16 * i), 0);
 /* vq->desc[i].next */
-writew(vq->desc + (16 * i) + 14, i + 1);
+qtest_writew(qts, vq->desc + (16 * i) + 14, i + 1);
 }
 
 /* vq->avail->flags */
-writew(vq->avail, 0);
+qtest_writew(qts, vq->avail, 0);
 /* vq->avail->idx */
-writew(vq->avail + 2, 0);
+qtest_writew(qts, vq->avail + 2, 0);
 /* vq->avail->used_event */
-writew(vq->avail + 4 + (2 * vq->size), 0);
+qtest_writew(qts, vq->avail + 4 + (2 * vq->size), 0);
 
 /* vq->used->flags */
-writew(vq->used, 0);
+qtest_writew(qts, vq->used, 0);
 /* vq->used->avail_event */
-writew(vq->used + 2 + sizeof(struct vring_used_elem) * vq->size, 0);
+qtest_writew(qts, vq->used + 2 + sizeof(struct vring_used_elem) * vq->size,
+ 0);
 }
 
 QVRingIndirectDesc *qvring_indirect_desc_setup(QVirtioDevice *d,
diff --git a/tests/libqos/virtio.h b/tests/libqos/virtio.h
index 51d2359ace..7b97f5e567 100644
--- a/tests/libqos/virtio.h
+++ b/tests/libqos/virtio.h
@@ -129,7 +129,8 @@ QVirtQueue *qvirtqueue_setup(QVirtioDevice *d,
 void qvirtqueue_cleanup(const QVirtioBus *bus, QVirtQueue *vq,
 QGuestAllocator *alloc);
 
-void qvring_init(const QGuestAllocator *alloc, QVirtQueue *vq, uint64_t addr);
+void qvring_init(QTestState *qts, const QGuestAllocator *alloc, QVirtQueue *vq,
+ uint64_t addr);
 QVRingIndirectDesc *qvring_indirect_desc_setup(QVirtioDevice *d,
 QGuestAllocator *alloc, uint16_t elem);
 void qvring_indirect_desc_add(QVRingIndirectDesc *indirect, uint64_t data,
-- 
2.21.0

Re: [Qemu-devel] [PATCH v9 22/27] gdbstub: Implement generic query qemu.Supported

[Alex Bennée]

Jon Doron  writes:

> qemu.Supported query reply back with the supported qemu query/set
> commands (commands are seperated with a semicolon from each other).
>
> gdb> maint packet qqemu.Supported
>
> Signed-off-by: Jon Doron 
> ---
>  gdbstub.c | 9 +
>  1 file changed, 9 insertions(+)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index 8bdfae4b29..00c07d6ec0 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -2127,6 +2127,11 @@ static void handle_query_attached(GdbCmdContext 
> *gdb_ctx, void *user_ctx)
>  put_packet(gdb_ctx->s, GDB_ATTACHED);
>  }
>
> +static void handle_query_qemu_supported(GdbCmdContext *gdb_ctx, void 
> *user_ctx)
> +{
> +put_packet(gdb_ctx->s, "sstepbits;sstep");

To maintain bisectability this response should be extended as each
feature is added.

> +}
> +
>  static GdbCmdParseEntry gdb_gen_query_set_common_table[] = {
>  /* Order is important if has same prefix */
>  {
> @@ -2203,6 +2208,10 @@ static GdbCmdParseEntry gdb_gen_query_table[] = {
>  .handler = handle_query_attached,
>  .cmd = "Attached",
>  },
> +{
> +.handler = handle_query_qemu_supported,
> +.cmd = "qemu.Supported",
> +},
>  };
>
>  static void handle_gen_query(GdbCmdContext *gdb_ctx, void *user_ctx)


--
Alex Bennée

Re: [Qemu-devel] [PATCH 1/6] qemu-bridge-helper: Fix misuse of isspace()

[Richard Henderson]

On 5/15/19 9:55 AM, Markus Armbruster wrote:
> Proposal:
> 
> 1. Add qemu-bridge-helper.c to Jason's "Network device backends"
> 
> 2. Deprecate -netdev tap parameter "helper"
> 
> 3. Improve documentation of -netdev bridge
> 
> 4. Create a manual page for qemu-bridge-helper that also covers
>/etc/qemu/bridge.conf.
> 
> 5. Fix the nutty error handling in parse_acl_file()

LGTM.  Thanks!


r~

Re: [Qemu-devel] [PATCH v9 21/27] gdbstub: Clear unused variables in gdb_handle_packet

[Alex Bennée]

Jon Doron  writes:

> Signed-off-by: Jon Doron 

Reviewed-by: Alex Bennée 

> ---
>  gdbstub.c | 11 ++-
>  1 file changed, 2 insertions(+), 9 deletions(-)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index d678191705..8bdfae4b29 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -2259,17 +2259,11 @@ static void handle_target_halt(GdbCmdContext 
> *gdb_ctx, void *user_ctx)
>
>  static int gdb_handle_packet(GDBState *s, const char *line_buf)
>  {
> -const char *p;
> -int ch;
> -uint8_t mem_buf[MAX_PACKET_LENGTH];
> -char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
>  const GdbCmdParseEntry *cmd_parser = NULL;
>
>  trace_gdbstub_io_command(line_buf);
>
> -p = line_buf;
> -ch = *p++;
> -switch(ch) {
> +switch (line_buf[0]) {
>  case '!':
>  put_packet(s, "OK");
>  break;
> @@ -2486,8 +2480,7 @@ static int gdb_handle_packet(GDBState *s, const char 
> *line_buf)
>  break;
>  default:
>  /* put empty packet */
> -buf[0] = '\0';
> -put_packet(s, buf);
> +put_packet(s, "");
>  break;
>  }


--
Alex Bennée

Re: [Qemu-devel] [PATCH v7 01/24] build: Link user-only with crypto-rng-obj-y

[Richard Henderson]

On 5/15/19 9:53 AM, Daniel P. Berrangé wrote:
> On Tue, May 14, 2019 at 12:16:30PM -0700, Richard Henderson wrote:
>> For user-only, we require only the random number bits of the
>> crypto subsystem.
>>
>> We need to preserve --static linking, which for many recent Linux
>> distributions precludes using GnuTLS or GCrypt.  Instead, use our
>> random-platform module unconditionally.
> 
> I don't think we need to special case in this way.
> 
> Today if you do a default build with all targets & tools and want
> to use --static, but don't have static libs available for some
> things you can achieve that
> 
>  ./configure --static --disable-gnutls --disable-gcrypt --disable-nettle

But we don't really want all of those --disable arguments by default.  It would
be one thing if one explicitly used --enable-gnutls and got link errors.  We
must preserve --static working all by itself.

> Previously if you took care to disable system emulators & tools
> you could avoid the need to pass the --disable-* args, but I
> think that's fairly minor.

Well, no, you get link errors.

(As an aside, IMO pkg-config is stupid in being only able to ask "is version X
installed" without also being about to ask "is a static version of X
installed".  pkg-config has a --static option, it just doesn't use it.)

But suppose we add back the patch for --static sanity check from v6.  What are
we left with?  No crypto libraries remain on Fedora 30.  It appears that Ubuntu
Bionic ships a static version of nettle, but nothing else.  Is that useful on
its own?


> So I think we should just use $(crypto-obj-y) unconditionally in
> the user emulators, and get rid of crypto-aes-obj-y too.
> 
> This will give a consistent crypto story across all the things we
> build with no special cases.

Well, maybe.  But what are we trying to accomplish?

What use is crypto to the host side of linux-user?  In general, all the crypto
that the application will do is on the guest side, within guest versions of
gnutls etc.  All crypto that the guest expects of its kernel is done passing
off the syscall to the host kernel.

That's why, here in v7, I began to think that perhaps all the faffing about
with pkg-config vs --static was just a waste of time.

Have I missed something?


r~

Re: [Qemu-devel] [PATCH v9 20/27] gdbstub: Implement target halted (? pkt) with new infra

[Alex Bennée]

Jon Doron  writes:

> Signed-off-by: Jon Doron 
> ---
>  gdbstub.c | 36 ++--
>  1 file changed, 26 insertions(+), 10 deletions(-)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index 2fd0d66f4d..d678191705 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -2239,13 +2239,30 @@ static void handle_gen_set(GdbCmdContext *gdb_ctx, 
> void *user_ctx)
>  put_packet(gdb_ctx->s, "");
>  }
>
> +static void handle_target_halt(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +char thread_id[16];
> +
> +/* TODO: Make this return the correct value for user-mode.  */

Can this be cleaned up as we convert?

> +gdb_fmt_thread_id(gdb_ctx->s, gdb_ctx->s->c_cpu, thread_id,
> +  sizeof(thread_id));
> +snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "T%02xthread:%s;",
> + GDB_SIGNAL_TRAP, thread_id);
> +put_packet(gdb_ctx->s, gdb_ctx->str_buf);
> +/*
> + * Remove all the breakpoints when this query is issued,
> + * because gdb is doing and initial connect and the state

s/and/an/

> + * should be cleaned up.
> + */
> +gdb_breakpoint_remove_all();
> +}
> +
>  static int gdb_handle_packet(GDBState *s, const char *line_buf)
>  {
>  const char *p;
>  int ch;
>  uint8_t mem_buf[MAX_PACKET_LENGTH];
>  char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
> -char thread_id[16];
>  const GdbCmdParseEntry *cmd_parser = NULL;
>
>  trace_gdbstub_io_command(line_buf);
> @@ -2257,15 +2274,14 @@ static int gdb_handle_packet(GDBState *s, const char 
> *line_buf)
>  put_packet(s, "OK");
>  break;
>  case '?':
> -/* TODO: Make this return the correct value for user-mode.  */
> -snprintf(buf, sizeof(buf), "T%02xthread:%s;", GDB_SIGNAL_TRAP,
> - gdb_fmt_thread_id(s, s->c_cpu, thread_id, 
> sizeof(thread_id)));
> -put_packet(s, buf);
> -/* Remove all the breakpoints when this query is issued,
> - * because gdb is doing and initial connect and the state
> - * should be cleaned up.
> - */
> -gdb_breakpoint_remove_all();
> +{
> +static const GdbCmdParseEntry target_halted_cmd_desc = {
> +.handler = handle_target_halt,
> +.cmd = "?",
> +.cmd_startswith = 1
> +};
> +cmd_parser = _halted_cmd_desc;
> +}
>  break;
>  case 'c':
>  {


--
Alex Bennée

[Qemu-devel] cpu.fail / MDS fixes

[Stefan Priebe - Profihost AG]

Hello list,

i've updated my host to kernel 4.19.43 and applied the following patch
to my qemu 2.12.1:
https://bugzilla.suse.com/attachment.cgi?id=798722

But my guest running 4.19.43 still says:
Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state
unknown

while the host says:
Vulnerable: Clear CPU buffers attempted, SMT Host state unknown

I expected the guest can use the new microcode.

Greets,
Stefan

Re: [Qemu-devel] [PATCH v9 18/27] gdbstub: Implement generic query (q pkt) with new infra

[Alex Bennée]

Jon Doron  writes:

A bit more for the commit message here as there seems to be a fair
amount going on.

> Signed-off-by: Jon Doron 
> ---
>  gdbstub.c | 327 ++
>  1 file changed, 327 insertions(+)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index d56d0fd235..83ae8738cc 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -1915,6 +1915,323 @@ static void handle_v_commands(GdbCmdContext *gdb_ctx, 
> void *user_ctx)
>  }
>  }
>
> +static void handle_query_qemu_sstepbits(GdbCmdContext *gdb_ctx, void 
> *user_ctx)
> +{
> +snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf),
> + "ENABLE=%x,NOIRQ=%x,NOTIMER=%x", SSTEP_ENABLE,
> + SSTEP_NOIRQ, SSTEP_NOTIMER);
> +put_packet(gdb_ctx->s, gdb_ctx->str_buf);
> +}
> +
> +static void handle_set_qemu_sstep(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +if (!gdb_ctx->num_params) {
> +return;
> +}
> +
> +sstep_flags = gdb_ctx->params[0].val_ul;
> +put_packet(gdb_ctx->s, "OK");
> +}
> +
> +static void handle_query_qemu_sstep(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "0x%x", 
> sstep_flags);
> +put_packet(gdb_ctx->s, gdb_ctx->str_buf);
> +}
> +
> +static void handle_query_curr_tid(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +CPUState *cpu;
> +GDBProcess *process;
> +char thread_id[16];
> +
> +/*
> + * "Current thread" remains vague in the spec, so always return
> + * the first thread of the current process (gdb returns the
> + * first thread).
> + */
> +process = gdb_get_cpu_process(gdb_ctx->s, gdb_ctx->s->g_cpu);
> +cpu = get_first_cpu_in_process(gdb_ctx->s, process);
> +gdb_fmt_thread_id(gdb_ctx->s, cpu, thread_id, sizeof(thread_id));
> +snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "QC%s", thread_id);
> +put_packet(gdb_ctx->s, gdb_ctx->str_buf);
> +}
> +
> +static void handle_query_threads(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +char thread_id[16];
> +
> +if (!gdb_ctx->s->query_cpu) {
> +put_packet(gdb_ctx->s, "l");
> +return;
> +}
> +
> +gdb_fmt_thread_id(gdb_ctx->s, gdb_ctx->s->query_cpu, thread_id,
> +  sizeof(thread_id));
> +snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "m%s", thread_id);
> +put_packet(gdb_ctx->s, gdb_ctx->str_buf);
> +gdb_ctx->s->query_cpu =
> +gdb_next_attached_cpu(gdb_ctx->s, gdb_ctx->s->query_cpu);
> +}
> +
> +static void handle_query_first_threads(GdbCmdContext *gdb_ctx, void 
> *user_ctx)
> +{
> +gdb_ctx->s->query_cpu = gdb_first_attached_cpu(gdb_ctx->s);
> +handle_query_threads(gdb_ctx, user_ctx);
> +}
> +
> +static void handle_query_thread_extra(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +CPUState *cpu;
> +int len;
> +
> +if (!gdb_ctx->num_params ||
> +gdb_ctx->params[0].thread_id.kind == GDB_READ_THREAD_ERR) {
> +put_packet(gdb_ctx->s, "E22");
> +return;
> +}
> +
> +cpu = gdb_get_cpu(gdb_ctx->s, gdb_ctx->params[0].thread_id.pid,
> +  gdb_ctx->params[0].thread_id.tid);
> +if (!cpu) {
> +return;
> +}
> +
> +cpu_synchronize_state(cpu);
> +
> +if (gdb_ctx->s->multiprocess && (gdb_ctx->s->process_num > 1)) {
> +/* Print the CPU model and name in multiprocess mode */
> +ObjectClass *oc = object_get_class(OBJECT(cpu));
> +const char *cpu_model = object_class_get_name(oc);
> +char *cpu_name = object_get_canonical_path_component(OBJECT(cpu));
> +len = snprintf((char *)gdb_ctx->mem_buf, sizeof(gdb_ctx->str_buf) / 
> 2,
> +   "%s %s [%s]", cpu_model, cpu_name,
> +   cpu->halted ? "halted " : "running");
> +g_free(cpu_name);
> +} else {
> +/* memtohex() doubles the required space */
> +len = snprintf((char *)gdb_ctx->mem_buf, sizeof(gdb_ctx->str_buf) / 
> 2,
> +"CPU#%d [%s]", cpu->cpu_index,
> +cpu->halted ? "halted " : "running");
> +}
> +trace_gdbstub_op_extra_info((char *)gdb_ctx->mem_buf);
> +memtohex(gdb_ctx->str_buf, gdb_ctx->mem_buf, len);
> +put_packet(gdb_ctx->s, gdb_ctx->str_buf);
> +}
> +
> +#ifdef CONFIG_USER_ONLY
> +static void handle_query_offsets(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +TaskState *ts;
> +
> +ts = gdb_ctx->s->c_cpu->opaque;
> +snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf),
> + "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
> + ";Bss=" TARGET_ABI_FMT_lx,
> + ts->info->code_offset,
> + ts->info->data_offset,
> + ts->info->data_offset);
> +put_packet(gdb_ctx->s, gdb_ctx->str_buf);
> +}
> +#else
> +static void handle_query_rcmd(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +int len;
> +
> +if (!gdb_ctx->num_params) {
> +

Re: [Qemu-devel] [PATCH v9 17/27] gdbstub: Implement v commands with new infra

[Alex Bennée]

Jon Doron  writes:

> Signed-off-by: Jon Doron 
> ---
>  gdbstub.c | 170 +++---
>  1 file changed, 110 insertions(+), 60 deletions(-)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index 9b0556f8be..d56d0fd235 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -1815,6 +1815,106 @@ static void handle_step(GdbCmdContext *gdb_ctx, void 
> *user_ctx)
>  gdb_continue(gdb_ctx->s);
>  }
>
> +static void handle_v_cont_query(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +put_packet(gdb_ctx->s, "vCont;c;C;s;S");
> +}
> +
> +static void handle_v_cont(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +int res;
> +
> +if (!gdb_ctx->num_params) {
> +return;
> +}
> +
> +res = gdb_handle_vcont(gdb_ctx->s, gdb_ctx->params[0].data);
> +if ((res == -EINVAL) || (res == -ERANGE)) {
> +put_packet(gdb_ctx->s, "E22");
> +} else if (res) {
> +put_packet(gdb_ctx->s, "\0");

Isn't this just ""?

Either way my reading of the spec say the response needs to be a "Stop
Reply Packet" which I don't think includes empty or E codes.

> +}
> +}
> +
> +static void handle_v_attach(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +GDBProcess *process;
> +CPUState *cpu;
> +char thread_id[16];
> +
> +strcpy(gdb_ctx->str_buf, "E22");

pstrcpy (see HACKING about strncpy) but...

> +if (!gdb_ctx->num_params) {
> +goto cleanup;
> +}
> +
> +process = gdb_get_process(gdb_ctx->s, gdb_ctx->params[0].val_ul);
> +if (!process) {
> +goto cleanup;
> +}
> +
> +cpu = get_first_cpu_in_process(gdb_ctx->s, process);
> +if (!cpu) {
> +goto cleanup;
> +}
> +
> +process->attached = true;
> +gdb_ctx->s->g_cpu = cpu;
> +gdb_ctx->s->c_cpu = cpu;
> +
> +gdb_fmt_thread_id(gdb_ctx->s, cpu, thread_id, sizeof(thread_id));
> +snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "T%02xthread:%s;",
> + GDB_SIGNAL_TRAP, thread_id);

again this would be an argument for using GString to build-up our reply packets.

> +cleanup:
> +put_packet(gdb_ctx->s, gdb_ctx->str_buf);
> +}
> +
> +static void handle_v_kill(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +/* Kill the target */
> +put_packet(gdb_ctx->s, "OK");
> +error_report("QEMU: Terminated via GDBstub");
> +exit(0);
> +}
> +
> +static GdbCmdParseEntry gdb_v_commands_table[] = {
> +/* Order is important if has same prefix */
> +{
> +.handler = handle_v_cont_query,
> +.cmd = "Cont?",
> +.cmd_startswith = 1
> +},
> +{
> +.handler = handle_v_cont,
> +.cmd = "Cont",
> +.cmd_startswith = 1,
> +.schema = "s0"
> +},
> +{
> +.handler = handle_v_attach,
> +.cmd = "Attach;",
> +.cmd_startswith = 1,
> +.schema = "l0"
> +},
> +{
> +.handler = handle_v_kill,
> +.cmd = "Kill;",
> +.cmd_startswith = 1
> +},
> +};
> +
> +static void handle_v_commands(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +if (!gdb_ctx->num_params) {
> +return;
> +}
> +
> +if (process_string_cmd(gdb_ctx->s, NULL, gdb_ctx->params[0].data,
> +   gdb_v_commands_table,
> +   ARRAY_SIZE(gdb_v_commands_table))) {
> +put_packet(gdb_ctx->s, "");
> +}
> +}
> +
>  static int gdb_handle_packet(GDBState *s, const char *line_buf)
>  {
>  CPUState *cpu;
> @@ -1822,7 +1922,7 @@ static int gdb_handle_packet(GDBState *s, const char 
> *line_buf)
>  CPUClass *cc;
>  const char *p;
>  uint32_t pid, tid;
> -int ch, type, res;
> +int ch, type;
>  uint8_t mem_buf[MAX_PACKET_LENGTH];
>  char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
>  char thread_id[16];
> @@ -1871,66 +1971,16 @@ static int gdb_handle_packet(GDBState *s, const char 
> *line_buf)
>  }
>  break;
>  case 'v':
> -if (strncmp(p, "Cont", 4) == 0) {
> -p += 4;
> -if (*p == '?') {
> -put_packet(s, "vCont;c;C;s;S");
> -break;
> -}
> -
> -res = gdb_handle_vcont(s, p);
> -
> -if (res) {
> -if ((res == -EINVAL) || (res == -ERANGE)) {
> -put_packet(s, "E22");
> -break;
> -}
> -goto unknown_command;
> -}
> -break;
> -} else if (strncmp(p, "Attach;", 7) == 0) {
> -unsigned long pid;
> -
> -p += 7;
> -
> -if (qemu_strtoul(p, , 16, )) {
> -put_packet(s, "E22");
> -break;
> -}
> -
> -process = gdb_get_process(s, pid);
> -
> -if (process == NULL) {
> -put_packet(s, "E22");
> -break;
> -}
> -
> -cpu = get_first_cpu_in_process(s, process);
> -
> -if (cpu == 

[Qemu-devel] [PATCH] spapr/xive: Sanity checks of OV5 during CAS

[Greg Kurz]

If a machine is started with ic-mode=xive but the guest only knows
about XICS, eg. an RHEL 7.6 guest, the kernel panics. This is
expected but a bit unfortunate since the crash doesn't provide
much information for the end user to guess what's happening.

Detect that during CAS and exit QEMU with a proper error message
instead, like it is already done for the MMU.

Even if this is less likely to happen, the opposite case of a guest
that only knows about XIVE would certainly fail all the same if the
machine is started with ic-mode=xics.

Also, the only valid values a guest can pass in byte 23 of OV5 during
CAS are 0b00 (XIVE legacy mode) and 0b01 (XIVE exploitation mode). Any
other value is a bug, at least with the current spec. Again, it does
not seem right to let the guest go on without a precise idea of the
interrupt mode it asked for.

Handle these cases as well.

Reported-by: Satheesh Rajendran 
Signed-off-by: Greg Kurz 
---
 hw/ppc/spapr_hcall.c |   24 
 1 file changed, 24 insertions(+)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 6c16d2b12040..63a55614b83d 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1513,6 +1513,7 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
 bool guest_radix;
 Error *local_err = NULL;
 bool raw_mode_supported = false;
+bool guest_xive;
 
 cas_pvr = cas_check_pvr(spapr, cpu, , _mode_supported, 
_err);
 if (local_err) {
@@ -1545,10 +1546,17 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
 error_report("guest requested hash and radix MMU, which is invalid.");
 exit(EXIT_FAILURE);
 }
+if (spapr_ovec_test(ov5_guest, OV5_XIVE_BOTH)) {
+error_report("guest requested an invalid interrupt mode");
+exit(EXIT_FAILURE);
+}
+
 /* The radix/hash bit in byte 24 requires special handling: */
 guest_radix = spapr_ovec_test(ov5_guest, OV5_MMU_RADIX_300);
 spapr_ovec_clear(ov5_guest, OV5_MMU_RADIX_300);
 
+guest_xive = spapr_ovec_test(ov5_guest, OV5_XIVE_EXPLOIT);
+
 /*
  * HPT resizing is a bit of a special case, because when enabled
  * we assume an HPT guest will support it until it says it
@@ -1632,6 +1640,22 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
   ov5_updates) != 0);
 }
 
+/*
+ * Ensure the guest asks for an interrupt mode we support; otherwise
+ * terminate the boot.
+ */
+if (guest_xive) {
+if (spapr->irq->ov5 == SPAPR_OV5_XIVE_LEGACY) {
+error_report("Guest requested unavailable interrupt mode (XIVE)");
+exit(EXIT_FAILURE);
+}
+} else {
+if (spapr->irq->ov5 == SPAPR_OV5_XIVE_EXPLOIT) {
+error_report("Guest requested unavailable interrupt mode (XICS)");
+exit(EXIT_FAILURE);
+}
+}
+
 /*
  * Generate a machine reset when we have an update of the
  * interrupt mode. Only required when the machine supports both

Re: [Qemu-devel] [PATCH 1/6] qemu-bridge-helper: Fix misuse of isspace()

[Markus Armbruster]

Markus Armbruster  writes:

> Daniel P. Berrangé  writes:
>
>> On Wed, May 15, 2019 at 08:34:17AM +0200, Markus Armbruster wrote:
>>> Jason Wang  writes:
>>> 
>>> > On 2019/5/14 下午8:18, Markus Armbruster wrote:
>>> >> Peter Maydell  writes:
>>> >>
>>> >>> On Mon, 13 May 2019 at 14:21, Markus Armbruster  
>>> >>> wrote:
>>>  Perhaps I should do it just for this file while I touch it anyway.  The
>>>  question to ask: should parse_acl_file() obey the locale for whitespace
>>>  recognition?
>>> >>> I vote for "no".
>>> >>>
>>> >>> Q: do we document the format of the ACL file anywhere ?
>>> >> Support for it was added in commit bdef79a2994, v1.1.  Just code, no
>>> >> documentation.
>>> >>
>>> >> Grepping for qemu-bridge-helper finds just qemu-options.hx.  Contains
>>> >> -help output and some .texi that goes into qemu-doc and the manual page.
>>> >> None of it mentions how qemu-bridge-helper is run, or the ACL file
>>> >> feature, let alone what its format might be.
>>> >>
>>> >> I'm afraid all we have is the commit message.  Which doesn't really
>>> >> define the file format, it merely gives a bunch of examples.
>>> >>
>>> >> As far as I can tell, qemu-bridge-helper is for use with -netdev tap and
>>> >> -netdev bridge.
>>> >>
>>> >> Both variations of -netdev call net_bridge_run_helper() to run the
>>> >> helper.  First argument is -netdev parameter "helper", default usually
>>> >> "$prefix/libexec/qemu-bridge-helper".  Second argument is parameter
>>> >> "br", default "br0".
>>> >>
>>> >> If @helper contains space or tab, net_bridge_run_helper() guesses its a
>>> >> full command, else it guesses its the name of the executable.  Bad
>>> >> magic.
>>> >>
>>> >> If it guesses name of executable, it execv()s this executable with
>>> >> arguments "--use-vnet", "--fd=FD", "--br=@bridge".
>>> >>
>>> >> If it guesses full command, it appends "--use-vnet --fd=FD", where FD is
>>> >> the helper's half of the socketpair used to connect QEMU and the helper.
>>> >> It further appends "--br=@bridge", unless @helper contains "--br=".
>>> >> More bad magic.
>>> >>
>>> >> It executes the resulting string with sh -c.  Magic cherry on top.
>>> >>
>>> >> When the helper fails, netdev creation fails.
>>> >>
>>> >> The helper we ship with QEMU unconditionally tries to read
>>> >> "$prefix/etc/bridge.conf".  Fatal error if this file doesn't exist.

Correction: $prefix/etc/qemu/bridge.conf

>>> >> Errors in this file are fatal.  Errors in files it includes are not
>>> >> fatal; instead, the remainder of the erroneous file is ignored.
>>> >> *Boggle*
>>> >>
>>> >> As far as I can tell, libvirt runs qemu-bridge-helper itself (Paolo's
>>> >> commit 2d80fbb14df).  Makes sense, because running QEMU with the
>>> >> necessary privileges would be unwise, and so would be letting it execute
>>> >> setuid helpers.  Also bypasses the bad magic in QEMU's
>>> >> net_bridge_run_helper().
>>> >
>>> >
>>> > I don't notice this before. Is this only for the convenience of
>>> > development? I guess libvirt should have native support like adding
>>> > port to bridge/OVS without the help any external command or script.
>>> 
>>> Commit 2d80fbb14df hints at the reason:
>>> 
>>>  uses a helper application to do the necessary
>>> TUN/TAP setup to use an existing network bridge, thus letting
>>> unprivileged users use TUN/TAP interfaces.
>>> ~~
>>> 
>>> The code confirms:
>>> 
>>> /* qemuInterfaceBridgeConnect:
>>>  * @def: the definition of the VM
>>>  * @driver: qemu driver data
>>>  * @net: pointer to the VM's interface description
>>>  * @tapfd: array of file descriptor return value for the new device
>>>  * @tapfdsize: number of file descriptors in @tapfd
>>>  *
>>> ---> * Called *only* called if actualType is VIR_DOMAIN_NET_TYPE_NETWORK or
>>> ---> * VIR_DOMAIN_NET_TYPE_BRIDGE (i.e. if the connection is made with a tap
>>>  * device connecting to a bridge device)
>>>  */
>>> int
>>> qemuInterfaceBridgeConnect(virDomainDefPtr def,
>>>virQEMUDriverPtr driver,
>>>virDomainNetDefPtr net,
>>>int *tapfd,
>>>size_t *tapfdSize)
>>> {
>>> [...]
>>> --->if (virQEMUDriverIsPrivileged(driver)) {
>>> [...]
>>> } else {
>>> if (qemuCreateInBridgePortWithHelper(cfg, brname,
>>>  >ifname,
>>>  tapfd, tap_create_flags) < 
>>> 0) {
>>> virDomainAuditNetDevice(def, net, tunpath, false);
>>> goto cleanup;
>>> }
>>> [...]
>>> }
>>> [...]
>>> }
>>> 
>>> >> qemu-bridge-helper should have a manual page, and its handling of errors
>>> >> in ACL include files needs work.  There's probably more; I just glanced
>>> >> at it.  I'm not volunteering, 

Re: [Qemu-devel] [PATCH v9 16/27] gdbstub: Implement step (s pkt) with new infra

[Alex Bennée]

Jon Doron  writes:

> Signed-off-by: Jon Doron 

Reviewed-by: Alex Bennée 

> ---
>  gdbstub.c | 25 +++--
>  1 file changed, 19 insertions(+), 6 deletions(-)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index 9fe130f30d..9b0556f8be 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -1805,6 +1805,16 @@ static void handle_file_io(GdbCmdContext *gdb_ctx, 
> void *user_ctx)
>  gdb_continue(gdb_ctx->s);
>  }
>
> +static void handle_step(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +if (gdb_ctx->num_params) {
> +gdb_set_cpu_pc(gdb_ctx->s, (target_ulong)gdb_ctx->params[0].val_ull);
> +}
> +
> +cpu_single_step(gdb_ctx->s->c_cpu, sstep_flags);
> +gdb_continue(gdb_ctx->s);
> +}
> +
>  static int gdb_handle_packet(GDBState *s, const char *line_buf)
>  {
>  CPUState *cpu;
> @@ -1937,13 +1947,16 @@ static int gdb_handle_packet(GDBState *s, const char 
> *line_buf)
>  }
>  break;
>  case 's':
> -if (*p != '\0') {
> -addr = strtoull(p, (char **), 16);
> -gdb_set_cpu_pc(s, addr);
> +{
> +static const GdbCmdParseEntry step_cmd_desc = {
> +.handler = handle_step,
> +.cmd = "s",
> +.cmd_startswith = 1,
> +.schema = "L0"
> +};
> +cmd_parser = _cmd_desc;
>  }
> -cpu_single_step(s->c_cpu, sstep_flags);
> -gdb_continue(s);
> -return RS_IDLE;
> +break;
>  case 'F':
>  {
>  static const GdbCmdParseEntry file_io_cmd_desc = {


--
Alex Bennée

Re: [Qemu-devel] [PATCH v9 15/27] gdbstub: Implement file io (F pkt) with new infra

[Alex Bennée]

Jon Doron  writes:

There is a bit more going on here than a simple conversion. I think we
need some additional commentary about the format of the data coming
back.


> Signed-off-by: Jon Doron 
> ---
>  gdbstub.c | 62 +++
>  1 file changed, 40 insertions(+), 22 deletions(-)
>
> diff --git a/gdbstub.c b/gdbstub.c
> index 3478ac778d..9fe130f30d 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -1772,6 +1772,39 @@ static void handle_read_all_regs(GdbCmdContext 
> *gdb_ctx, void *user_ctx)
>  put_packet(gdb_ctx->s, gdb_ctx->str_buf);
>  }
>
> +static void handle_file_io(GdbCmdContext *gdb_ctx, void *user_ctx)
> +{
> +int num_syscall_params;
> +GdbCmdVariant syscall_params[3] = {};
> +
> +if (!gdb_ctx->num_params) {
> +return;
> +}
> +
> +if (cmd_parse_params(gdb_ctx->params[0].data, "L,L,o0", syscall_params,
> + _syscall_params)) {
> +return;
> +}

What's going on here? I thought the schema was meant to handle the
parsing of data. I see bellow we originally parse the command as a null
terminated string but we actually should handle:

  ‘Fretcode,errno,Ctrl-C flag;call-specific attachment’

I see the argument for dealing with the call-specific attachment here
but shouldn't the generic parsing code be able to split everything
apart?

> +
> +if (!num_syscall_params) {
> +return;
> +}
> +
> +if (gdb_ctx->s->current_syscall_cb) {
> +gdb_ctx->s->current_syscall_cb(gdb_ctx->s->c_cpu,
> +   
> (target_ulong)syscall_params[0].val_ull,
> +   
> (target_ulong)syscall_params[1].val_ull);
> +gdb_ctx->s->current_syscall_cb = NULL;
> +}



> +
> +if (syscall_params[2].opcode == (uint8_t)'C') {
> +put_packet(gdb_ctx->s, "T02");
> +return;
> +}
> +
> +gdb_continue(gdb_ctx->s);
> +}
> +
>  static int gdb_handle_packet(GDBState *s, const char *line_buf)
>  {
>  CPUState *cpu;
> @@ -1913,28 +1946,13 @@ static int gdb_handle_packet(GDBState *s, const char 
> *line_buf)
>  return RS_IDLE;
>  case 'F':
>  {
> -target_ulong ret;
> -target_ulong err;
> -
> -ret = strtoull(p, (char **), 16);
> -if (*p == ',') {
> -p++;
> -err = strtoull(p, (char **), 16);
> -} else {
> -err = 0;
> -}
> -if (*p == ',')
> -p++;
> -type = *p;
> -if (s->current_syscall_cb) {
> -s->current_syscall_cb(s->c_cpu, ret, err);
> -s->current_syscall_cb = NULL;
> -}
> -if (type == 'C') {
> -put_packet(s, "T02");
> -} else {
> -gdb_continue(s);
> -}
> +static const GdbCmdParseEntry file_io_cmd_desc = {
> +.handler = handle_file_io,
> +.cmd = "F",
> +.cmd_startswith = 1,
> +.schema = "s0"
> +};
> +cmd_parser = _io_cmd_desc;
>  }
>  break;
>  case 'g':


--
Alex Bennée

Re: [Qemu-devel] [PATCH v7 01/24] build: Link user-only with crypto-rng-obj-y

[Daniel P . Berrangé]

On Tue, May 14, 2019 at 12:16:30PM -0700, Richard Henderson wrote:
> For user-only, we require only the random number bits of the
> crypto subsystem.
> 
> We need to preserve --static linking, which for many recent Linux
> distributions precludes using GnuTLS or GCrypt.  Instead, use our
> random-platform module unconditionally.

I don't think we need to special case in this way.

Today if you do a default build with all targets & tools and want
to use --static, but don't have static libs available for some
things you can achieve that

 ./configure --static --disable-gnutls --disable-gcrypt --disable-nettle

Previously if you took care to disable system emulators & tools
you could avoid the need to pass the --disable-* args, but I
think that's fairly minor.

So I think we should just use $(crypto-obj-y) unconditionally in
the user emulators, and get rid of crypto-aes-obj-y too.

This will give a consistent crypto story across all the things we
build with no special cases.

If people want a minimal static build they can stsill pass the
above --disable-XXX args which will result in them only using
the aes.o and rng-platform.o pieces.

> 
> Signed-off-by: Richard Henderson 
> ---
>  Makefile | 6 --
>  Makefile.objs| 1 +
>  Makefile.target  | 3 ++-
>  crypto/Makefile.objs | 1 +
>  4 files changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/Makefile b/Makefile
> index 66d5c65156..524f2f8a57 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -411,6 +411,7 @@ dummy := $(call unnest-vars,, \
>  block-obj-m \
>  crypto-obj-y \
>  crypto-aes-obj-y \
> +crypto-rng-obj-y \
>  qom-obj-y \
>  io-obj-y \
>  common-obj-y \
> @@ -482,8 +483,9 @@ subdir-capstone: .git-submodule-status
>  subdir-slirp: .git-submodule-status
>   $(call quiet-command,$(MAKE) -C $(SRC_PATH)/slirp 
> BUILD_DIR="$(BUILD_DIR)/slirp" CC="$(CC)" AR="$(AR)" LD="$(LD)" 
> RANLIB="$(RANLIB)" CFLAGS="$(QEMU_CFLAGS) $(CFLAGS)" LDFLAGS="$(LDFLAGS)")
>  
> -$(SUBDIR_RULES): libqemuutil.a $(common-obj-y) $(chardev-obj-y) \
> - $(qom-obj-y) $(crypto-aes-obj-$(CONFIG_USER_ONLY))
> +$(SUBDIR_RULES): libqemuutil.a $(common-obj-y) $(chardev-obj-y) $(qom-obj-y) 
> \
> + $(crypto-aes-obj-$(CONFIG_USER_ONLY)) \
> + $(crypto-rng-obj-$(CONFIG_USER_ONLY))
>  
>  ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))
>  # Only keep -O and -g cflags
> diff --git a/Makefile.objs b/Makefile.objs
> index cf065de5ed..0c13ff47ea 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -26,6 +26,7 @@ block-obj-m = block/
>  
>  crypto-obj-y = crypto/
>  crypto-aes-obj-y = crypto/
> +crypto-rng-obj-y = crypto/
>  
>  ###
>  # qom-obj-y is code used by both qemu system emulation and qemu-img
> diff --git a/Makefile.target b/Makefile.target
> index ae02495951..4e579a0a84 100644
> --- a/Makefile.target
> +++ b/Makefile.target
> @@ -181,6 +181,7 @@ dummy := $(call unnest-vars,.., \
> chardev-obj-y \
> crypto-obj-y \
> crypto-aes-obj-y \
> +   crypto-rng-obj-y \
> qom-obj-y \
> io-obj-y \
> common-obj-y \
> @@ -189,7 +190,7 @@ all-obj-y += $(common-obj-y)
>  all-obj-y += $(qom-obj-y)
>  all-obj-$(CONFIG_SOFTMMU) += $(authz-obj-y)
>  all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y) $(chardev-obj-y)
> -all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y)
> +all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y) $(crypto-rng-obj-y)
>  all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y)
>  all-obj-$(CONFIG_SOFTMMU) += $(io-obj-y)
>  
> diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
> index 256c9aca1f..ee7e628ca6 100644
> --- a/crypto/Makefile.objs
> +++ b/crypto/Makefile.objs
> @@ -37,5 +37,6 @@ crypto-obj-y += block-luks.o
>  
>  # Let the userspace emulators avoid linking gnutls/etc
>  crypto-aes-obj-y = aes.o
> +crypto-rng-obj-y = random-platform.o
>  
>  stub-obj-y += pbkdf-stub.o
> -- 
> 2.17.1
> 
> 

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH v7 01/24] build: Link user-only with crypto-rng-obj-y

[Richard Henderson]

On 5/15/19 9:42 AM, Laurent Vivier wrote:
> On 14/05/2019 21:16, Richard Henderson wrote:
>> For user-only, we require only the random number bits of the
>> crypto subsystem.
>>
>> We need to preserve --static linking, which for many recent Linux
>> distributions precludes using GnuTLS or GCrypt.  Instead, use our
>> random-platform module unconditionally.
>>
> 
> Perhaps we can rename "crypto-aes-obj" to "crypto-user-obj" and put
> aes.o and random-platform.o into?
> 
> The only aim of crypto-aes-obj was to link aes.o with linux-user binaries.

That does seem better.  I'll make the change.


r~

> 
> Anyway, it's only cosmetic, so you can add:
> 
> Reviewed-by: Laurent Vivier 
> 
>> Signed-off-by: Richard Henderson 
>> ---
>>  Makefile | 6 --
>>  Makefile.objs| 1 +
>>  Makefile.target  | 3 ++-
>>  crypto/Makefile.objs | 1 +
>>  4 files changed, 8 insertions(+), 3 deletions(-)

Re: [Qemu-devel] [PATCH v12 00/12] Add RX archtecture support

[Richard Henderson]

On 5/13/19 11:14 PM, Yoshinori Sato wrote:
> This patch series is added Renesas RX target emulation.
> 
> I fixed the ROM address because v11 was incorrect.
> 
> My git repository is bellow.
> git://git.pf.osdn.net/gitroot/y/ys/ysato/qemu.git tags/rx-20190514
> 
> Testing binaries bellow.
> u-boot
> Download - https://osdn.net/users/ysato/pf/qemu/dl/u-boot.bin.gz
> 
> starting
> $ gzip -d u-boot.bin.gz
> $ qemu-system-rx -bios u-boot.bin
> 
> linux and pico-root (only sash)
> Download - https://osdn.net/users/ysato/pf/qemu/dl/zImage (kernel)
>https://osdn.net/users/ysato/pf/qemu/dl/rx-qemu.dtb (DeviceTree)
> 
> starting
> $ qemu-system-rx -kernel zImage -dtb rx-qemu.dtb -append "earlycon"
> 
> Changes for v11.
> - Fix ROM address.

I think this is ready to be committed, but it is difficult to tell because you
have not retained the Reviewed-by: tags that have been given to previous 
versions.

Looking at

https://patchwork.ozlabs.org/project/qemu-devel/list/?series==7114

Review  Tested

>From v10:
13/13   -   -
12/13   1   -
11/13   -   -
10/13   2   1
09/13   1   1
08/13   -   1
07/13   -   -
06/13   -   1
05/13   1   -
04/13   1   1
03/13   1   -
02/13   1   -
01/13   1   1

>From v8:
08/12   1   -
07/12   1   -
06/12   1   -

In summary, only the last patch is unreviewed, and it appears that you've fixed
the issue I pointed out in v11.  I have now sent reviews for those.

In future, please retain the tags as you go through the development process.

Rather than having you send out a v13 with only changes to the tags, I will
apply them myself while preparing an initial pull request for this.

Thanks for your patience.


r~

Re: [Qemu-devel] [PATCH v7 01/24] build: Link user-only with crypto-rng-obj-y

[Laurent Vivier]

On 14/05/2019 21:16, Richard Henderson wrote:
> For user-only, we require only the random number bits of the
> crypto subsystem.
> 
> We need to preserve --static linking, which for many recent Linux
> distributions precludes using GnuTLS or GCrypt.  Instead, use our
> random-platform module unconditionally.
> 

Perhaps we can rename "crypto-aes-obj" to "crypto-user-obj" and put
aes.o and random-platform.o into?

The only aim of crypto-aes-obj was to link aes.o with linux-user binaries.

Anyway, it's only cosmetic, so you can add:

Reviewed-by: Laurent Vivier 

> Signed-off-by: Richard Henderson 
> ---
>  Makefile | 6 --
>  Makefile.objs| 1 +
>  Makefile.target  | 3 ++-
>  crypto/Makefile.objs | 1 +
>  4 files changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/Makefile b/Makefile
> index 66d5c65156..524f2f8a57 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -411,6 +411,7 @@ dummy := $(call unnest-vars,, \
>  block-obj-m \
>  crypto-obj-y \
>  crypto-aes-obj-y \
> +crypto-rng-obj-y \
>  qom-obj-y \
>  io-obj-y \
>  common-obj-y \
> @@ -482,8 +483,9 @@ subdir-capstone: .git-submodule-status
>  subdir-slirp: .git-submodule-status
>   $(call quiet-command,$(MAKE) -C $(SRC_PATH)/slirp 
> BUILD_DIR="$(BUILD_DIR)/slirp" CC="$(CC)" AR="$(AR)" LD="$(LD)" 
> RANLIB="$(RANLIB)" CFLAGS="$(QEMU_CFLAGS) $(CFLAGS)" LDFLAGS="$(LDFLAGS)")
>  
> -$(SUBDIR_RULES): libqemuutil.a $(common-obj-y) $(chardev-obj-y) \
> - $(qom-obj-y) $(crypto-aes-obj-$(CONFIG_USER_ONLY))
> +$(SUBDIR_RULES): libqemuutil.a $(common-obj-y) $(chardev-obj-y) $(qom-obj-y) 
> \
> + $(crypto-aes-obj-$(CONFIG_USER_ONLY)) \
> + $(crypto-rng-obj-$(CONFIG_USER_ONLY))
>  
>  ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))
>  # Only keep -O and -g cflags
> diff --git a/Makefile.objs b/Makefile.objs
> index cf065de5ed..0c13ff47ea 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -26,6 +26,7 @@ block-obj-m = block/
>  
>  crypto-obj-y = crypto/
>  crypto-aes-obj-y = crypto/
> +crypto-rng-obj-y = crypto/
>  
>  ###
>  # qom-obj-y is code used by both qemu system emulation and qemu-img
> diff --git a/Makefile.target b/Makefile.target
> index ae02495951..4e579a0a84 100644
> --- a/Makefile.target
> +++ b/Makefile.target
> @@ -181,6 +181,7 @@ dummy := $(call unnest-vars,.., \
> chardev-obj-y \
> crypto-obj-y \
> crypto-aes-obj-y \
> +   crypto-rng-obj-y \
> qom-obj-y \
> io-obj-y \
> common-obj-y \
> @@ -189,7 +190,7 @@ all-obj-y += $(common-obj-y)
>  all-obj-y += $(qom-obj-y)
>  all-obj-$(CONFIG_SOFTMMU) += $(authz-obj-y)
>  all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y) $(chardev-obj-y)
> -all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y)
> +all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y) $(crypto-rng-obj-y)
>  all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y)
>  all-obj-$(CONFIG_SOFTMMU) += $(io-obj-y)
>  
> diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
> index 256c9aca1f..ee7e628ca6 100644
> --- a/crypto/Makefile.objs
> +++ b/crypto/Makefile.objs
> @@ -37,5 +37,6 @@ crypto-obj-y += block-luks.o
>  
>  # Let the userspace emulators avoid linking gnutls/etc
>  crypto-aes-obj-y = aes.o
> +crypto-rng-obj-y = random-platform.o
>  
>  stub-obj-y += pbkdf-stub.o
> 

Re: [Qemu-devel] [PATCH v12 12/12] MAINTAINERS: Add RX

[Richard Henderson]

On 5/13/19 11:14 PM, Yoshinori Sato wrote:
> Signed-off-by: Yoshinori Sato 
> ---
>  MAINTAINERS | 19 +++
>  1 file changed, 19 insertions(+)

Reviewed-by: Richard Henderson 


r~