Re: [Qemu-devel] [PATCH] Makefile: remove unused variables

[Markus Armbruster]

Markus Armbruster  writes:

> Paolo Bonzini  writes:
>
>> Signed-off-by: Paolo Bonzini 
>> ---
>>  Makefile | 4 
>>  1 file changed, 4 deletions(-)
>>
>> diff --git a/Makefile b/Makefile
>> index 73fbba0..7b0e2f4 100644
>> --- a/Makefile
>> +++ b/Makefile
>> @@ -429,10 +429,6 @@ dummy := $(call unnest-vars,, \
>>  io-obj-y \
>>  common-obj-y \
>>  common-obj-m \
>> -ui-obj-y \
>> -ui-obj-m \
>> -audio-obj-y \
>> -audio-obj-m \
>>  trace-obj-y)
>>  
>>  include $(SRC_PATH)/tests/Makefile.include
>
> Reviewed-by: Markus Armbruster 

Hmm...  the two go back to

commit 08a05b379ac56430cbb748882ff1b48dc9fe8729
Author: Gerd Hoffmann 
Date:   Tue Mar 6 08:40:49 2018 +0100

build: enable audio modules

Add audio/ to common-obj-m variable.

Also run both audio and ui variables through unnest-vars.
This avoids sdl.mo (exists in both audio/ and ui/) name clashes.

Signed-off-by: Gerd Hoffmann 
Message-id: 20180306074053.22856-4-kra...@redhat.com

Gerd, anything funny going on here, or is Paolo's patch okay?

Re: [Qemu-devel] [PATCH] Makefile: remove unused variables

[Markus Armbruster]

Paolo Bonzini  writes:

> Signed-off-by: Paolo Bonzini 
> ---
>  Makefile | 4 
>  1 file changed, 4 deletions(-)
>
> diff --git a/Makefile b/Makefile
> index 73fbba0..7b0e2f4 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -429,10 +429,6 @@ dummy := $(call unnest-vars,, \
>  io-obj-y \
>  common-obj-y \
>  common-obj-m \
> -ui-obj-y \
> -ui-obj-m \
> -audio-obj-y \
> -audio-obj-m \
>  trace-obj-y)
>  
>  include $(SRC_PATH)/tests/Makefile.include

Reviewed-by: Markus Armbruster 

Re: [Qemu-devel] [PATCH v2] make check-unit: use after free in test-opts-visitor

[Markus Armbruster]

Andrey Shinkevich  writes:

> On 02/08/2019 14:34, Markus Armbruster wrote:
>> Andrey Shinkevich  writes:
>> 
>>> In struct OptsVisitor, repeated_opts member points to a list in the
>>> unprocessed_opts hash table after the list has been destroyed. A
>>> subsequent call to visit_type_int() references the deleted list. It
>>> results in use-after-free issue.
>> 
>> Let's mention the reproducer: valgrind tests/test/opts-visitor.
>> 
>>>   Also, the Visitor object call back
>>> functions are supposed to set the Error parameter in case of failure.
>> 
>> As far as I can tell, they all do.  The only place where you set an
>> error is the new failure you add to lookup_scalar().
>> 
>
> The story behind the comment is that the original 
> tests/test-opts-visitor fails being run under the Valgrind with the 
> error message:
>
> test-opts-visitor: util/error.c:276: error_free_or_abort: Assertion 
> `errp && *errp' failed.
>
> coming from
>
> assert(errp && *errp);
> error_free_or_abort (util/error.c:276)
> test_opts_range_beyond (tests/test-opts-visitor.c:241)
>
> because g_queue_peek_head() returns NULL under the Valgrind and errp 
> stays unset.
>
> Without the Valgrind, the g_queue_peek_head() returns a non-zero pointer 
> and the opts_type_int64() sets the following error:
>
> "Parameter '\340F\212\274\267U' expects an int64 value or range", 
> err_class = ERROR_CLASS_GENERIC_ERROR, src = 0x55b7bbc02163 
> "qapi/opts-visitor.c",
>func = 0x55b7bbc02410 <__func__.14916> "opts_type_int64", line = 433, 
> hint = 0x0}
>
> so, error_free_or_abort() doesn't abort and the test case passes.
>
> I will remove the comment in v3.

Thanks.

[...]
>>> diff --git a/qapi/opts-visitor.c b/qapi/opts-visitor.c
>>> index 324b197..23ac383 100644
>>> --- a/qapi/opts-visitor.c
>>> +++ b/qapi/opts-visitor.c
[...]
>>> @@ -289,8 +302,11 @@ opts_end_list(Visitor *v, void **obj)
>>>   
>>>   assert(ov->list_mode == LM_IN_PROGRESS ||
>>>  ov->list_mode == LM_SIGNED_INTERVAL ||
>>> -   ov->list_mode == LM_UNSIGNED_INTERVAL);
>>> -ov->repeated_opts = NULL;
>>> +   ov->list_mode == LM_UNSIGNED_INTERVAL ||
>>> +   ov->list_mode == LM_TRAVERSED);
>>> +if (ov->list_mode != LM_TRAVERSED) {
>>> +ov->repeated_opts = NULL;
>>> +}
>> 
>> What's wrong with zapping ov->repeated_opts unconditionally?
>> 
>>>   ov->list_mode = LM_NONE;
>>>   }
>>>   
>>> @@ -306,6 +322,10 @@ lookup_scalar(const OptsVisitor *ov, const char *name, 
>>> Error **errp)
>>>   list = lookup_distinct(ov, name, errp);
>>>   return list ? g_queue_peek_tail(list) : NULL;
>>>   }
>>> +if (ov->list_mode == LM_TRAVERSED) {
>>> +error_setg(errp, QERR_INVALID_PARAMETER, name);
>> 
>> Beware, @name is null when visiting list members.  The test still passes
>> for me, since g_strdup_vprintf() formats a null argument to %s as
>> "(null)".
>> 
>> For what it's worth, the qobject input visitor uses
>> QERR_MISSING_PARAMETER with a made-up name.  Computing the name is
>> pretty elaborate, see full_name_nth().  I'd rather not duplicate that
>> here.
>> 
>> Suggest something like
>> 
>> error_setg(errp, "Fewer list elements than expected");
>> 
>> The error message fails to mention the name of the list.  Bad, but the
>> error is a corner case; we don't normally visit beyond the end of the
>> list.  For a better message, we'd have to have start_list() store its
>> @name in struct OptsVisitor.  I'm not asking you to do that now.
>> 
>
> Will I do that work to add the @name of the list to the struct 
> OptsVisitor in a following series?

Entirely up to you.  To be honest, I'm not sure it's worth the trouble.

>>> +return NULL;
>>> +}
>>>   assert(ov->list_mode == LM_IN_PROGRESS);
>>>   return g_queue_peek_head(ov->repeated_opts);
>>>   }
>> 
>> I checked the remaining uses of ->list_mode, and I think they are okay.
>> 
> Thank you. I also had not noticed any potential issue with the list_mode.

Good :)

[Qemu-devel] [PATCH 2/2] migration/postcopy: use QEMU_IS_ALIGNED to replace host_offset

[Wei Yang]

Use QEMU_IS_ALIGNED for the check, it would be more consistent with
other align calculations.

Signed-off-by: Wei Yang 
---
 migration/ram.c | 7 ++-
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/migration/ram.c b/migration/ram.c
index d86661a015..dfbf71c580 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2956,14 +2956,12 @@ static void 
postcopy_chunk_hostpages_pass(MigrationState *ms, bool unsent_pass,
 }
 
 while (run_start < pages) {
-unsigned long host_offset;
 
 /*
  * If the start of this run of pages is in the middle of a host
  * page, then we need to fixup this host page.
  */
-host_offset = run_start % host_ratio;
-if (!host_offset) {
+if (QEMU_IS_ALIGNED(run_start, host_ratio)) {
 /* Find the end of this run */
 if (unsent_pass) {
 run_start = find_next_bit(unsentmap, pages, run_start + 1);
@@ -2975,10 +2973,9 @@ static void postcopy_chunk_hostpages_pass(MigrationState 
*ms, bool unsent_pass,
  * run doesn't finish at the end of a host page
  * and we need to discard.
  */
-host_offset = run_start % host_ratio;
 }
 
-if (host_offset) {
+if (!QEMU_IS_ALIGNED(run_start, host_ratio)) {
 unsigned long page;
 unsigned long fixup_start_addr = QEMU_ALIGN_DOWN(run_start,
  host_ratio);
-- 
2.17.1

[Qemu-devel] [PATCH 0/2] migration/postcopy: simplify postcopy_chunk_hostpages_pass

[Wei Yang]

When looking into function postcopy_chunk_hostpages_pass(), we could use
alignment calculation to simplify it.

Wei Yang (2):
  migration/postcopy: simplify calculation of run_start and
fixup_start_addr
  migration/postcopy: use QEMU_IS_ALIGNED to replace host_offset

 migration/ram.c | 37 +++--
 1 file changed, 7 insertions(+), 30 deletions(-)

-- 
2.17.1

[Qemu-devel] [PATCH 1/2] migration/postcopy: simplify calculation of run_start and fixup_start_addr

[Wei Yang]

The purpose of the calculation is to find a HostPage which is partially
dirty.

  * fixup_start_addr points to the start of the HostPage to discard
  * run_start points to the next HostPage to check

While in the middle stage, there would two cases for run_start:

  * aligned with HostPage means this is not partially dirty
  * not aligned means this is partially dirty

When it is aligned, no work and calculation is necessary. run_start
already points to the start of next HostPage and is ready to continue.

When it is not aligned, the calculation could be simplified with:

  * fixup_start_addr = QEMU_ALIGN_DOWN(run_start, host_ratio)
  * run_start = QEMU_ALIGN_UP(run_start, host_ratio)

By doing so, run_start always points to the next HostPage to check.
fixup_start_addr always points to the HostPage to discard.

Signed-off-by: Wei Yang 
---
 migration/ram.c | 34 +++---
 1 file changed, 7 insertions(+), 27 deletions(-)

diff --git a/migration/ram.c b/migration/ram.c
index c9585487ac..d86661a015 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2956,7 +2956,6 @@ static void postcopy_chunk_hostpages_pass(MigrationState 
*ms, bool unsent_pass,
 }
 
 while (run_start < pages) {
-unsigned long fixup_start_addr;
 unsigned long host_offset;
 
 /*
@@ -2964,45 +2963,26 @@ static void 
postcopy_chunk_hostpages_pass(MigrationState *ms, bool unsent_pass,
  * page, then we need to fixup this host page.
  */
 host_offset = run_start % host_ratio;
-if (host_offset) {
-fixup_start_addr = run_start - host_offset;
-/*
- * This host page has gone, the next loop iteration starts
- * from after the fixup
- */
-run_start = fixup_start_addr + host_ratio;
-} else {
+if (!host_offset) {
 /* Find the end of this run */
-unsigned long run_end;
 if (unsent_pass) {
-run_end = find_next_bit(unsentmap, pages, run_start + 1);
+run_start = find_next_bit(unsentmap, pages, run_start + 1);
 } else {
-run_end = find_next_zero_bit(bitmap, pages, run_start + 1);
+run_start = find_next_zero_bit(bitmap, pages, run_start + 1);
 }
 /*
  * If the end isn't at the start of a host page, then the
  * run doesn't finish at the end of a host page
  * and we need to discard.
  */
-host_offset = run_end % host_ratio;
-if (host_offset) {
-fixup_start_addr = run_end - host_offset;
-/*
- * This host page has gone, the next loop iteration starts
- * from after the fixup
- */
-run_start = fixup_start_addr + host_ratio;
-} else {
-/*
- * No discards on this iteration, next loop starts from
- * next sent/dirty page
- */
-run_start = run_end + 1;
-}
+host_offset = run_start % host_ratio;
 }
 
 if (host_offset) {
 unsigned long page;
+unsigned long fixup_start_addr = QEMU_ALIGN_DOWN(run_start,
+ host_ratio);
+run_start = QEMU_ALIGN_UP(run_start, host_ratio);
 
 /* Tell the destination to discard this page */
 if (unsent_pass || !test_bit(fixup_start_addr, unsentmap)) {
-- 
2.17.1

[Qemu-devel] [PATCH v3] hmp: Remove migration capabilities from "info migrate"

[Wei Yang]

With the growth of migration capabilities, it is not proper to display
them in "info migrate". Users are recommended to use "info
migrate_capabiltiies" to list them.

Signed-off-by: Wei Yang 
Suggested-by: Dr. David Alan Gilbert 

---
v3:
  * remove un-used variable caps
v2:
  * remove capabilities from "info migrate"
---
 monitor/hmp-cmds.c | 14 --
 1 file changed, 14 deletions(-)

diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index 5ca3ebe942..35788c0645 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -220,24 +220,11 @@ static char *SocketAddress_to_str(SocketAddress *addr)
 void hmp_info_migrate(Monitor *mon, const QDict *qdict)
 {
 MigrationInfo *info;
-MigrationCapabilityStatusList *caps, *cap;
 
 info = qmp_query_migrate(NULL);
-caps = qmp_query_migrate_capabilities(NULL);
 
 migration_global_dump(mon);
 
-/* do not display parameters during setup */
-if (info->has_status && caps) {
-monitor_printf(mon, "capabilities: ");
-for (cap = caps; cap; cap = cap->next) {
-monitor_printf(mon, "%s: %s ",
-   MigrationCapability_str(cap->value->capability),
-   cap->value->state ? "on" : "off");
-}
-monitor_printf(mon, "\n");
-}
-
 if (info->has_status) {
 monitor_printf(mon, "Migration status: %s",
MigrationStatus_str(info->status));
@@ -370,7 +357,6 @@ void hmp_info_migrate(Monitor *mon, const QDict *qdict)
 monitor_printf(mon, "]\n");
 }
 qapi_free_MigrationInfo(info);
-qapi_free_MigrationCapabilityStatusList(caps);
 }
 
 void hmp_info_migrate_capabilities(Monitor *mon, const QDict *qdict)
-- 
2.17.1

Re: [Qemu-devel] [PATCH v2] hmp: Remove migration capabilities from "info migrate"

[Wei Yang]

On Mon, Aug 05, 2019 at 12:12:25PM +0100, Dr. David Alan Gilbert wrote:
>* Wei Yang (richardw.y...@linux.intel.com) wrote:
>> With the growth of migration capabilities, it is not proper to display
>> them in "info migrate". Users are recommended to use "info
>> migrate_capabiltiies" to list them.
>> 
>> Signed-off-by: Wei Yang 
>> Suggested-by: Dr. David Alan Gilbert 
>> 
>> ---
>> v2:
>>   * remove capabilities from "info migrate"
>> ---
>>  monitor/hmp-cmds.c | 13 +
>>  1 file changed, 1 insertion(+), 12 deletions(-)
>> 
>> diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
>> index 99ceb0846b..05a09987da 100644
>> --- a/monitor/hmp-cmds.c
>> +++ b/monitor/hmp-cmds.c
>> @@ -220,24 +220,13 @@ static char *SocketAddress_to_str(SocketAddress *addr)
>>  void hmp_info_migrate(Monitor *mon, const QDict *qdict)
>>  {
>>  MigrationInfo *info;
>> -MigrationCapabilityStatusList *caps, *cap;
>> +MigrationCapabilityStatusList *caps;
>>  
>>  info = qmp_query_migrate(NULL);
>>  caps = qmp_query_migrate_capabilities(NULL);
>
>Why keep 'caps' and query them? Can't this go as well?

You are right. Let me remove it.


-- 
Wei Yang
Help you, Help me

Re: [Qemu-devel] [PATCH 23/28] riscv: sifive: Move sifive_mmio_emulate() to a common place

[Alistair Francis]

On Mon, Aug 5, 2019 at 9:08 AM Bin Meng  wrote:
>
> sifive_mmio_emulate() is currently only used in the sifive_e machine
> codes. It can be helpful for other machines as well.
>
> Change it to an inline routine and move it to sifive_cpu.h, so that
> other machines like sifive_u can use it.
>
> Signed-off-by: Bin Meng 

I don't like this. I don't think we should use this function. This
seems like we can use create_unimplemented_device() instead.

Alistair

> ---
>
>  hw/riscv/sifive_e.c   |  8 
>  include/hw/riscv/sifive_cpu.h | 10 +-
>  2 files changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
> index 2d67670..7e0fe7b 100644
> --- a/hw/riscv/sifive_e.c
> +++ b/hw/riscv/sifive_e.c
> @@ -74,14 +74,6 @@ static const struct MemmapEntry {
>  [SIFIVE_E_DTIM] = { 0x8000, 0x4000 }
>  };
>
> -static void sifive_mmio_emulate(MemoryRegion *parent, const char *name,
> - uintptr_t offset, uintptr_t length)
> -{
> -MemoryRegion *mock_mmio = g_new(MemoryRegion, 1);
> -memory_region_init_ram(mock_mmio, NULL, name, length, _fatal);
> -memory_region_add_subregion(parent, offset, mock_mmio);
> -}
> -
>  static void riscv_sifive_e_init(MachineState *machine)
>  {
>  const struct MemmapEntry *memmap = sifive_e_memmap;
> diff --git a/include/hw/riscv/sifive_cpu.h b/include/hw/riscv/sifive_cpu.h
> index 1367996..897b8f8 100644
> --- a/include/hw/riscv/sifive_cpu.h
> +++ b/include/hw/riscv/sifive_cpu.h
> @@ -1,5 +1,5 @@
>  /*
> - * SiFive CPU types
> + * SiFive CPU types and common utilities
>   *
>   * Copyright (c) 2017 SiFive, Inc.
>   * Copyright (c) 2019 Bin Meng 
> @@ -28,4 +28,12 @@
>  #define SIFIVE_U_CPU TYPE_RISCV_CPU_SIFIVE_U54
>  #endif
>
> +static inline void sifive_mmio_emulate(MemoryRegion *parent, const char 
> *name,
> +   uintptr_t offset, uintptr_t length)
> +{
> +MemoryRegion *mock_mmio = g_new(MemoryRegion, 1);
> +memory_region_init_ram(mock_mmio, NULL, name, length, _fatal);
> +memory_region_add_subregion(parent, offset, mock_mmio);
> +}
> +
>  #endif /* HW_SIFIVE_CPU_H */
> --
> 2.7.4
>
>

Re: [Qemu-devel] [PATCH 28/28] riscv: sifive_u: Update model and compatible strings in device tree

[Alistair Francis]

On Mon, Aug 5, 2019 at 9:13 AM Bin Meng  wrote:
>
> This updates model and compatible strings to use the same strings
> as used in the Linux kernel device tree (hifive-unleashed-a00.dts).
>
> Signed-off-by: Bin Meng 

Reviewed-by: Alistair Francis 

Alistair

>
> ---
>
>  hw/riscv/sifive_u.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index 5ded3a0..b7d4b4f 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -94,8 +94,9 @@ static void create_fdt(SiFiveUState *s, const struct 
> MemmapEntry *memmap,
>  exit(1);
>  }
>
> -qemu_fdt_setprop_string(fdt, "/", "model", "ucbbar,spike-bare,qemu");
> -qemu_fdt_setprop_string(fdt, "/", "compatible", "ucbbar,spike-bare-dev");
> +qemu_fdt_setprop_string(fdt, "/", "model", "SiFive HiFive Unleashed 
> A00");
> +qemu_fdt_setprop_string(fdt, "/", "compatible",
> +"sifive,hifive-unleashed-a00");
>  qemu_fdt_setprop_cell(fdt, "/", "#size-cells", 0x2);
>  qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 0x2);
>
> --
> 2.7.4
>
>

Re: [Qemu-devel] [PATCH 17/28] riscv: sifive_u: Change UART node name in device tree

[Alistair Francis]

On Mon, Aug 5, 2019 at 9:05 AM Bin Meng  wrote:
>
> OpenSBI for fu540 does DT fix up (see fu540_modify_dt()) by updating
> chosen "stdout-path" to point to "/soc/serial@...", and U-Boot will
> use this information to locate the serial node and probe its driver.
> However currently we generate the UART node name as "/soc/uart@...",
> causing U-Boot fail to find the serial node in DT.
>
> Signed-off-by: Bin Meng 

Reviewed-by: Alistair Francis 

Alistair

> ---
>
>  hw/riscv/sifive_u.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index 20dee52..8044166 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -273,7 +273,7 @@ static void create_fdt(SiFiveUState *s, const struct 
> MemmapEntry *memmap,
>  qemu_fdt_setprop_cell(fdt, nodename, "reg", 0x0);
>  g_free(nodename);
>
> -nodename = g_strdup_printf("/soc/uart@%lx",
> +nodename = g_strdup_printf("/soc/serial@%lx",
>  (long)memmap[SIFIVE_U_UART0].base);
>  qemu_fdt_add_subnode(fdt, nodename);
>  qemu_fdt_setprop_string(fdt, nodename, "compatible", "sifive,uart0");
> --
> 2.7.4
>
>

Re: [Qemu-devel] [PATCH 09/28] riscv: sifive_u: Update UART base addresses

[Alistair Francis]

On Mon, Aug 5, 2019 at 9:05 AM Bin Meng  wrote:
>
> This updates the UART base address to match the hardware.
>
> Signed-off-by: Bin Meng 

Acked-by: Alistair Francis 

Alistair

> ---
>
>  hw/riscv/sifive_u.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index b235f29..9f05e09 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -60,8 +60,8 @@ static const struct MemmapEntry {
>  [SIFIVE_U_MROM] = { 0x1000,0x11000 },
>  [SIFIVE_U_CLINT] ={  0x200,0x1 },
>  [SIFIVE_U_PLIC] = {  0xc00,  0x400 },
> -[SIFIVE_U_UART0] ={ 0x10013000, 0x1000 },
> -[SIFIVE_U_UART1] ={ 0x10023000, 0x1000 },
> +[SIFIVE_U_UART0] ={ 0x1001, 0x1000 },
> +[SIFIVE_U_UART1] ={ 0x10011000, 0x1000 },
>  [SIFIVE_U_DRAM] = { 0x8000,0x0 },
>  [SIFIVE_U_GEM] =  { 0x100900FC, 0x2000 },
>  };
> --
> 2.7.4
>
>

Re: [Qemu-devel] [PATCH 12/28] riscv: sifive_e: prci: Fix a typo of hfxosccfg register programming

[Alistair Francis]

On Mon, Aug 5, 2019 at 9:07 AM Bin Meng  wrote:
>
> It should use SIFIVE_PRCI_HFXOSCCFG_RDY and SIFIVE_PRCI_HFXOSCCFG_EN
> for hfxosccfg register programming.
>
> Signed-off-by: Bin Meng 

Acked-by: Alistair Francis 

Alistair

> ---
>
>  hw/riscv/sifive_e_prci.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/riscv/sifive_e_prci.c b/hw/riscv/sifive_e_prci.c
> index acb914d..c906f11 100644
> --- a/hw/riscv/sifive_e_prci.c
> +++ b/hw/riscv/sifive_e_prci.c
> @@ -89,7 +89,7 @@ static void sifive_prci_init(Object *obj)
>  sysbus_init_mmio(SYS_BUS_DEVICE(obj), >mmio);
>
>  s->hfrosccfg = (SIFIVE_PRCI_HFROSCCFG_RDY | SIFIVE_PRCI_HFROSCCFG_EN);
> -s->hfxosccfg = (SIFIVE_PRCI_HFROSCCFG_RDY | SIFIVE_PRCI_HFROSCCFG_EN);
> +s->hfxosccfg = (SIFIVE_PRCI_HFXOSCCFG_RDY | SIFIVE_PRCI_HFXOSCCFG_EN);
>  s->pllcfg = (SIFIVE_PRCI_PLLCFG_REFSEL | SIFIVE_PRCI_PLLCFG_BYPASS |
>  SIFIVE_PRCI_PLLCFG_LOCK);
>  s->plloutdiv = SIFIVE_PRCI_PLLOUTDIV_DIV1;
> --
> 2.7.4
>
>

Re: [Qemu-devel] [PATCH 10/28] riscv: sifive_u: Remove the unnecessary include of prci header

[Alistair Francis]

On Mon, Aug 5, 2019 at 9:10 AM Bin Meng  wrote:
>
> sifive_u machine does not use PRCI as of today. Remove the prci
> header inclusion.
>
> Signed-off-by: Bin Meng 

Reviewed-by: Alistair Francis 

Alistair

> ---
>
>  hw/riscv/sifive_u.c | 1 -
>  1 file changed, 1 deletion(-)
>
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index 9f05e09..dfcb525 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -40,7 +40,6 @@
>  #include "hw/riscv/sifive_plic.h"
>  #include "hw/riscv/sifive_clint.h"
>  #include "hw/riscv/sifive_uart.h"
> -#include "hw/riscv/sifive_prci.h"
>  #include "hw/riscv/sifive_u.h"
>  #include "hw/riscv/boot.h"
>  #include "chardev/char.h"
> --
> 2.7.4
>
>

Re: [Qemu-devel] [PATCH 08/28] riscv: sifive_u: Update PLIC hart topology configuration string

[Alistair Francis]

On Mon, Aug 5, 2019 at 9:03 AM Bin Meng  wrote:
>
> With heterogeneous harts config, the PLIC hart topology configuration
> string are "M,MS,.." because of the monitor hart #0.
>
> Suggested-by: Fabien Chouteau 
> Signed-off-by: Bin Meng 

Reviewed-by: Alistair Francis 

Alistair

> ---
>
>  hw/riscv/sifive_u.c | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index 206eccc..b235f29 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -372,10 +372,11 @@ static void riscv_sifive_u_soc_realize(DeviceState 
> *dev, Error **errp)
>  plic_hart_config = g_malloc0(plic_hart_config_len);
>  for (i = 0; i < ms->smp.cpus; i++) {
>  if (i != 0) {
> -strncat(plic_hart_config, ",", plic_hart_config_len);
> +strncat(plic_hart_config, "," SIFIVE_U_PLIC_HART_CONFIG,
> +plic_hart_config_len);
> +} else {
> +strncat(plic_hart_config, "M", plic_hart_config_len);
>  }
> -strncat(plic_hart_config, SIFIVE_U_PLIC_HART_CONFIG,
> -plic_hart_config_len);
>  plic_hart_config_len -= (strlen(SIFIVE_U_PLIC_HART_CONFIG) + 1);
>  }
>
> --
> 2.7.4
>
>

Re: [Qemu-devel] [Qemu-riscv] [PATCH 07/28] riscv: sifive_u: Set the minimum number of cpus to 2

[Alistair Francis]

On Mon, Aug 5, 2019 at 9:42 AM Jonathan Behrens  wrote:
>
> I'm not familiar with QEMU conventions on this, but would it make sense to
> require having exactly 5 CPUs to match the real board?

SMP can sometimes cause failures, so I think it makes some sense to
keep the default low.

Alistair

>
> Jonathan
>
>
> On Mon, Aug 5, 2019 at 12:05 PM Bin Meng  wrote:
>
> > It is not useful if we only have one management CPU.
> >
> > Signed-off-by: Bin Meng 
> > ---
> >
> >  hw/riscv/sifive_u.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> > index 08d406f..206eccc 100644
> > --- a/hw/riscv/sifive_u.c
> > +++ b/hw/riscv/sifive_u.c
> > @@ -428,6 +428,8 @@ static void riscv_sifive_u_machine_init(MachineClass
> > *mc)
> >   * management CPU.
> >   */
> >  mc->max_cpus = 5;
> > +/* It is not useful if we only have one management CPU */
> > +mc->min_cpus = 2;
> >  }
> >
> >  DEFINE_MACHINE("sifive_u", riscv_sifive_u_machine_init)
> > --
> > 2.7.4
> >
> >
> >

Re: [Qemu-devel] [PATCH v3 02/18] tests/boot-serial-test: add support for all the PowerNV machines

[David Gibson]

On Wed, Jul 31, 2019 at 04:12:17PM +0200, Cédric Le Goater wrote:
> Use the machine names specifiying the CPU type, POWER8 and POWER9.
> 
> Signed-off-by: Cédric Le Goater 

Applied to ppc-for-4.2, thanks.

> ---
>  tests/boot-serial-test.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
> index 24852d4c7d0b..a54d007298f7 100644
> --- a/tests/boot-serial-test.c
> +++ b/tests/boot-serial-test.c
> @@ -103,7 +103,8 @@ static testdef_t tests[] = {
>  { "ppc64", "pseries",
>"-machine cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken",
>"Open Firmware" },
> -{ "ppc64", "powernv", "-cpu POWER8", "OPAL" },
> +{ "ppc64", "powernv8", "", "OPAL" },
> +{ "ppc64", "powernv9", "", "OPAL" },
>  { "ppc64", "sam460ex", "-device e1000", "8086  100e" },
>  { "i386", "isapc", "-cpu qemu32 -device sga", "SGABIOS" },
>  { "i386", "pc", "-device sga", "SGABIOS" },

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 03/28] riscv: Add a sifive_cpu.h to include both E and U cpu type defines

[Alistair Francis]

On Mon, Aug 5, 2019 at 9:07 AM Bin Meng  wrote:
>
> Group SiFive E and U cpu type defines into one header file.
>
> Signed-off-by: Bin Meng 

Reviewed-by: Alistair Francis 

Alistair

> ---
>
>  include/hw/riscv/sifive_cpu.h | 31 +++
>  include/hw/riscv/sifive_e.h   |  7 +--
>  include/hw/riscv/sifive_u.h   |  7 +--
>  3 files changed, 33 insertions(+), 12 deletions(-)
>  create mode 100644 include/hw/riscv/sifive_cpu.h
>
> diff --git a/include/hw/riscv/sifive_cpu.h b/include/hw/riscv/sifive_cpu.h
> new file mode 100644
> index 000..1367996
> --- /dev/null
> +++ b/include/hw/riscv/sifive_cpu.h
> @@ -0,0 +1,31 @@
> +/*
> + * SiFive CPU types
> + *
> + * Copyright (c) 2017 SiFive, Inc.
> + * Copyright (c) 2019 Bin Meng 
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2 or later, as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
> + * more details.
> + *
> + * You should have received a copy of the GNU General Public License along 
> with
> + * this program.  If not, see .
> + */
> +
> +#ifndef HW_SIFIVE_CPU_H
> +#define HW_SIFIVE_CPU_H
> +
> +#if defined(TARGET_RISCV32)
> +#define SIFIVE_E_CPU TYPE_RISCV_CPU_SIFIVE_E31
> +#define SIFIVE_U_CPU TYPE_RISCV_CPU_SIFIVE_U34
> +#elif defined(TARGET_RISCV64)
> +#define SIFIVE_E_CPU TYPE_RISCV_CPU_SIFIVE_E51
> +#define SIFIVE_U_CPU TYPE_RISCV_CPU_SIFIVE_U54
> +#endif
> +
> +#endif /* HW_SIFIVE_CPU_H */
> diff --git a/include/hw/riscv/sifive_e.h b/include/hw/riscv/sifive_e.h
> index d175b24..e17cdfd 100644
> --- a/include/hw/riscv/sifive_e.h
> +++ b/include/hw/riscv/sifive_e.h
> @@ -19,6 +19,7 @@
>  #ifndef HW_SIFIVE_E_H
>  #define HW_SIFIVE_E_H
>
> +#include "hw/riscv/sifive_cpu.h"
>  #include "hw/riscv/sifive_gpio.h"
>
>  #define TYPE_RISCV_E_SOC "riscv.sifive.e.soc"
> @@ -83,10 +84,4 @@ enum {
>  #define SIFIVE_E_PLIC_CONTEXT_BASE 0x20
>  #define SIFIVE_E_PLIC_CONTEXT_STRIDE 0x1000
>
> -#if defined(TARGET_RISCV32)
> -#define SIFIVE_E_CPU TYPE_RISCV_CPU_SIFIVE_E31
> -#elif defined(TARGET_RISCV64)
> -#define SIFIVE_E_CPU TYPE_RISCV_CPU_SIFIVE_E51
> -#endif
> -
>  #endif
> diff --git a/include/hw/riscv/sifive_u.h b/include/hw/riscv/sifive_u.h
> index 892f0ee..4abc621 100644
> --- a/include/hw/riscv/sifive_u.h
> +++ b/include/hw/riscv/sifive_u.h
> @@ -20,6 +20,7 @@
>  #define HW_SIFIVE_U_H
>
>  #include "hw/net/cadence_gem.h"
> +#include "hw/riscv/sifive_cpu.h"
>
>  #define TYPE_RISCV_U_SOC "riscv.sifive.u.soc"
>  #define RISCV_U_SOC(obj) \
> @@ -77,10 +78,4 @@ enum {
>  #define SIFIVE_U_PLIC_CONTEXT_BASE 0x20
>  #define SIFIVE_U_PLIC_CONTEXT_STRIDE 0x1000
>
> -#if defined(TARGET_RISCV32)
> -#define SIFIVE_U_CPU TYPE_RISCV_CPU_SIFIVE_U34
> -#elif defined(TARGET_RISCV64)
> -#define SIFIVE_U_CPU TYPE_RISCV_CPU_SIFIVE_U54
> -#endif
> -
>  #endif
> --
> 2.7.4
>
>

Re: [Qemu-devel] [PATCH 02/28] riscv: hw: Use qemu_fdt_setprop_cell() for property with only 1 cell

[Alistair Francis]

On Mon, Aug 5, 2019 at 9:04 AM Bin Meng  wrote:
>
> Some of the properties only have 1 cell so we should use
> qemu_fdt_setprop_cell() instead of qemu_fdt_setprop_cells().
>
> Signed-off-by: Bin Meng 

Reviewed-by: Alistair Francis 

Alistair

> ---
>
>  hw/riscv/sifive_u.c | 16 
>  hw/riscv/virt.c | 24 
>  2 files changed, 20 insertions(+), 20 deletions(-)
>
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index ef36948..623ee64 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -182,7 +182,7 @@ static void create_fdt(SiFiveUState *s, const struct 
> MemmapEntry *memmap,
>  qemu_fdt_setprop_string(fdt, nodename, "reg-names", "control");
>  qemu_fdt_setprop_cell(fdt, nodename, "riscv,max-priority", 7);
>  qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", 0x35);
> -qemu_fdt_setprop_cells(fdt, nodename, "phandle", plic_phandle);
> +qemu_fdt_setprop_cell(fdt, nodename, "phandle", plic_phandle);
>  plic_phandle = qemu_fdt_get_phandle(fdt, nodename);
>  g_free(cells);
>  g_free(nodename);
> @@ -207,20 +207,20 @@ static void create_fdt(SiFiveUState *s, const struct 
> MemmapEntry *memmap,
>  0x0, memmap[SIFIVE_U_GEM].size);
>  qemu_fdt_setprop_string(fdt, nodename, "reg-names", "control");
>  qemu_fdt_setprop_string(fdt, nodename, "phy-mode", "gmii");
> -qemu_fdt_setprop_cells(fdt, nodename, "interrupt-parent", plic_phandle);
> -qemu_fdt_setprop_cells(fdt, nodename, "interrupts", SIFIVE_U_GEM_IRQ);
> +qemu_fdt_setprop_cell(fdt, nodename, "interrupt-parent", plic_phandle);
> +qemu_fdt_setprop_cell(fdt, nodename, "interrupts", SIFIVE_U_GEM_IRQ);
>  qemu_fdt_setprop_cells(fdt, nodename, "clocks",
>  ethclk_phandle, ethclk_phandle, ethclk_phandle);
>  qemu_fdt_setprop(fdt, nodename, "clocks-names", ethclk_names,
>  sizeof(ethclk_names));
> -qemu_fdt_setprop_cells(fdt, nodename, "#address-cells", 1);
> -qemu_fdt_setprop_cells(fdt, nodename, "#size-cells", 0);
> +qemu_fdt_setprop_cell(fdt, nodename, "#address-cells", 1);
> +qemu_fdt_setprop_cell(fdt, nodename, "#size-cells", 0);
>  g_free(nodename);
>
>  nodename = g_strdup_printf("/soc/ethernet@%lx/ethernet-phy@0",
>  (long)memmap[SIFIVE_U_GEM].base);
>  qemu_fdt_add_subnode(fdt, nodename);
> -qemu_fdt_setprop_cells(fdt, nodename, "reg", 0x0);
> +qemu_fdt_setprop_cell(fdt, nodename, "reg", 0x0);
>  g_free(nodename);
>
>  nodename = g_strdup_printf("/soc/uart@%lx",
> @@ -232,8 +232,8 @@ static void create_fdt(SiFiveUState *s, const struct 
> MemmapEntry *memmap,
>  0x0, memmap[SIFIVE_U_UART0].size);
>  qemu_fdt_setprop_cell(fdt, nodename, "clock-frequency",
>SIFIVE_U_CLOCK_FREQ / 2);
> -qemu_fdt_setprop_cells(fdt, nodename, "interrupt-parent", plic_phandle);
> -qemu_fdt_setprop_cells(fdt, nodename, "interrupts", SIFIVE_U_UART0_IRQ);
> +qemu_fdt_setprop_cell(fdt, nodename, "interrupt-parent", plic_phandle);
> +qemu_fdt_setprop_cell(fdt, nodename, "interrupts", SIFIVE_U_UART0_IRQ);
>
>  qemu_fdt_add_subnode(fdt, "/chosen");
>  qemu_fdt_setprop_string(fdt, "/chosen", "stdout-path", nodename);
> diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
> index 00be05a..127f005 100644
> --- a/hw/riscv/virt.c
> +++ b/hw/riscv/virt.c
> @@ -233,8 +233,8 @@ static void *create_fdt(RISCVVirtState *s, const struct 
> MemmapEntry *memmap,
>  nodename = g_strdup_printf("/soc/interrupt-controller@%lx",
>  (long)memmap[VIRT_PLIC].base);
>  qemu_fdt_add_subnode(fdt, nodename);
> -qemu_fdt_setprop_cells(fdt, nodename, "#address-cells",
> -   FDT_PLIC_ADDR_CELLS);
> +qemu_fdt_setprop_cell(fdt, nodename, "#address-cells",
> +  FDT_PLIC_ADDR_CELLS);
>  qemu_fdt_setprop_cell(fdt, nodename, "#interrupt-cells",
>FDT_PLIC_INT_CELLS);
>  qemu_fdt_setprop_string(fdt, nodename, "compatible", "riscv,plic0");
> @@ -247,7 +247,7 @@ static void *create_fdt(RISCVVirtState *s, const struct 
> MemmapEntry *memmap,
>  qemu_fdt_setprop_string(fdt, nodename, "reg-names", "control");
>  qemu_fdt_setprop_cell(fdt, nodename, "riscv,max-priority", 7);
>  qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", VIRTIO_NDEV);
> -qemu_fdt_setprop_cells(fdt, nodename, "phandle", plic_phandle);
> +qemu_fdt_setprop_cell(fdt, nodename, "phandle", plic_phandle);
>  plic_phandle = qemu_fdt_get_phandle(fdt, nodename);
>  g_free(cells);
>  g_free(nodename);
> @@ -260,19 +260,19 @@ static void *create_fdt(RISCVVirtState *s, const struct 
> MemmapEntry *memmap,
>  qemu_fdt_setprop_cells(fdt, nodename, "reg",
>  0x0, memmap[VIRT_VIRTIO].base + i * memmap[VIRT_VIRTIO].size,
>  0x0, memmap[VIRT_VIRTIO].size);
> -qemu_fdt_setprop_cells(fdt, nodename, "interrupt-parent", 
> plic_phandle);
> -   

Re: [Qemu-devel] [PATCH 01/28] riscv: hw: Remove superfluous "linux, phandle" property

[Alistair Francis]

On Mon, Aug 5, 2019 at 9:06 AM Bin Meng  wrote:
>
> "linux,phandle" property is optional. Remove all instances in the
> sifive_u and virt machine device tree.
>
> Signed-off-by: Bin Meng 

Reviewed-by: Alistair Francis 

Alistair

> ---
>
>  hw/riscv/sifive_u.c | 3 ---
>  hw/riscv/virt.c | 3 ---
>  2 files changed, 6 deletions(-)
>
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index 71b8083..ef36948 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -125,7 +125,6 @@ static void create_fdt(SiFiveUState *s, const struct 
> MemmapEntry *memmap,
>  qemu_fdt_setprop_string(fdt, nodename, "device_type", "cpu");
>  qemu_fdt_add_subnode(fdt, intc);
>  qemu_fdt_setprop_cell(fdt, intc, "phandle", cpu_phandle);
> -qemu_fdt_setprop_cell(fdt, intc, "linux,phandle", cpu_phandle);
>  qemu_fdt_setprop_string(fdt, intc, "compatible", "riscv,cpu-intc");
>  qemu_fdt_setprop(fdt, intc, "interrupt-controller", NULL, 0);
>  qemu_fdt_setprop_cell(fdt, intc, "#interrupt-cells", 1);
> @@ -184,7 +183,6 @@ static void create_fdt(SiFiveUState *s, const struct 
> MemmapEntry *memmap,
>  qemu_fdt_setprop_cell(fdt, nodename, "riscv,max-priority", 7);
>  qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", 0x35);
>  qemu_fdt_setprop_cells(fdt, nodename, "phandle", plic_phandle);
> -qemu_fdt_setprop_cells(fdt, nodename, "linux,phandle", plic_phandle);
>  plic_phandle = qemu_fdt_get_phandle(fdt, nodename);
>  g_free(cells);
>  g_free(nodename);
> @@ -197,7 +195,6 @@ static void create_fdt(SiFiveUState *s, const struct 
> MemmapEntry *memmap,
>  qemu_fdt_setprop_cell(fdt, nodename, "clock-frequency",
>  SIFIVE_U_GEM_CLOCK_FREQ);
>  qemu_fdt_setprop_cell(fdt, nodename, "phandle", ethclk_phandle);
> -qemu_fdt_setprop_cell(fdt, nodename, "linux,phandle", ethclk_phandle);
>  ethclk_phandle = qemu_fdt_get_phandle(fdt, nodename);
>  g_free(nodename);
>
> diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
> index 25faf3b..00be05a 100644
> --- a/hw/riscv/virt.c
> +++ b/hw/riscv/virt.c
> @@ -170,11 +170,9 @@ static void *create_fdt(RISCVVirtState *s, const struct 
> MemmapEntry *memmap,
>  qemu_fdt_setprop_cell(fdt, nodename, "reg", cpu);
>  qemu_fdt_setprop_string(fdt, nodename, "device_type", "cpu");
>  qemu_fdt_setprop_cell(fdt, nodename, "phandle", cpu_phandle);
> -qemu_fdt_setprop_cell(fdt, nodename, "linux,phandle", cpu_phandle);
>  intc_phandle = phandle++;
>  qemu_fdt_add_subnode(fdt, intc);
>  qemu_fdt_setprop_cell(fdt, intc, "phandle", intc_phandle);
> -qemu_fdt_setprop_cell(fdt, intc, "linux,phandle", intc_phandle);
>  qemu_fdt_setprop_string(fdt, intc, "compatible", "riscv,cpu-intc");
>  qemu_fdt_setprop(fdt, intc, "interrupt-controller", NULL, 0);
>  qemu_fdt_setprop_cell(fdt, intc, "#interrupt-cells", 1);
> @@ -250,7 +248,6 @@ static void *create_fdt(RISCVVirtState *s, const struct 
> MemmapEntry *memmap,
>  qemu_fdt_setprop_cell(fdt, nodename, "riscv,max-priority", 7);
>  qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", VIRTIO_NDEV);
>  qemu_fdt_setprop_cells(fdt, nodename, "phandle", plic_phandle);
> -qemu_fdt_setprop_cells(fdt, nodename, "linux,phandle", plic_phandle);
>  plic_phandle = qemu_fdt_get_phandle(fdt, nodename);
>  g_free(cells);
>  g_free(nodename);
> --
> 2.7.4
>
>

[Qemu-devel] [PATCH v4 1/3] target/arm: Split out recompute_hflags et al

[Richard Henderson]

Create functions to compute the values of the a64 and a32 hflags,
as well as one to compute the values that are shared between them.
For now, the env->hflags variable is not used, and the results are
fed back to cpu_get_tb_cpu_state.

Tested-by: Alex Bennée 
Reviewed-by: Alex Bennée 
Signed-off-by: Richard Henderson 
---
v3: Do not cache VECLEN, VECSTRIDE, VFPEN.
Move HANDLER and STACKCHECK to rebuild_hflags_a32.
v4: Do not cache XSCALE_CPAR now that it overlaps VECSTRIDE.
---
 target/arm/cpu.h   |  35 +++--
 target/arm/helper.h|   3 +
 target/arm/internals.h |   3 +
 target/arm/helper.c| 322 -
 4 files changed, 218 insertions(+), 145 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 94c990cddb..c13633e6a0 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -231,6 +231,9 @@ typedef struct CPUARMState {
 uint32_t pstate;
 uint32_t aarch64; /* 1 if CPU is in aarch64 state; inverse of PSTATE.nRW */
 
+/* Cached TBFLAGS state.  See below for which bits are included.  */
+uint32_t hflags;
+
 /* Frequently accessed CPSR bits are stored separately for efficiency.
This contains all the other bits.  Use cpsr_{read,write} to access
the whole CPSR.  */
@@ -3130,27 +3133,31 @@ typedef ARMCPU ArchCPU;
 
 #include "exec/cpu-all.h"
 
-/* Bit usage in the TB flags field: bit 31 indicates whether we are
+/*
+ * Bit usage in the TB flags field: bit 31 indicates whether we are
  * in 32 or 64 bit mode. The meaning of the other bits depends on that.
  * We put flags which are shared between 32 and 64 bit mode at the top
  * of the word, and flags which apply to only one mode at the bottom.
+ *
+ * Unless otherwise noted, these bits are cached in env->hflags.
  */
 FIELD(TBFLAG_ANY, AARCH64_STATE, 31, 1)
 FIELD(TBFLAG_ANY, MMUIDX, 28, 3)
 FIELD(TBFLAG_ANY, SS_ACTIVE, 27, 1)
-FIELD(TBFLAG_ANY, PSTATE_SS, 26, 1)
+FIELD(TBFLAG_ANY, PSTATE_SS, 26, 1) /* Not cached. */
 /* Target EL if we take a floating-point-disabled exception */
 FIELD(TBFLAG_ANY, FPEXC_EL, 24, 2)
 FIELD(TBFLAG_ANY, BE_DATA, 23, 1)
 
 /* Bit usage when in AArch32 state: */
-FIELD(TBFLAG_A32, THUMB, 0, 1)
-FIELD(TBFLAG_A32, VECLEN, 1, 3)
-FIELD(TBFLAG_A32, VECSTRIDE, 4, 2)
+FIELD(TBFLAG_A32, THUMB, 0, 1)  /* Not cached. */
+FIELD(TBFLAG_A32, VECLEN, 1, 3) /* Not cached. */
+FIELD(TBFLAG_A32, VECSTRIDE, 4, 2)  /* Not cached. */
 /*
  * We store the bottom two bits of the CPAR as TB flags and handle
  * checks on the other bits at runtime. This shares the same bits as
  * VECSTRIDE, which is OK as no XScale CPU has VFP.
+ * Not cached, because VECLEN+VECSTRIDE are not cached.
  */
 FIELD(TBFLAG_A32, XSCALE_CPAR, 4, 2)
 /*
@@ -3159,15 +3166,15 @@ FIELD(TBFLAG_A32, XSCALE_CPAR, 4, 2)
  * the same thing as the current security state of the processor!
  */
 FIELD(TBFLAG_A32, NS, 6, 1)
-FIELD(TBFLAG_A32, VFPEN, 7, 1)
-FIELD(TBFLAG_A32, CONDEXEC, 8, 8)
+FIELD(TBFLAG_A32, VFPEN, 7, 1)  /* Not cached. */
+FIELD(TBFLAG_A32, CONDEXEC, 8, 8)   /* Not cached. */
 FIELD(TBFLAG_A32, SCTLR_B, 16, 1)
 /* For M profile only, set if FPCCR.LSPACT is set */
-FIELD(TBFLAG_A32, LSPACT, 18, 1)
+FIELD(TBFLAG_A32, LSPACT, 18, 1)/* Not cached. */
 /* For M profile only, set if we must create a new FP context */
-FIELD(TBFLAG_A32, NEW_FP_CTXT_NEEDED, 19, 1)
+FIELD(TBFLAG_A32, NEW_FP_CTXT_NEEDED, 19, 1) /* Not cached. */
 /* For M profile only, set if FPCCR.S does not match current security state */
-FIELD(TBFLAG_A32, FPCCR_S_WRONG, 20, 1)
+FIELD(TBFLAG_A32, FPCCR_S_WRONG, 20, 1) /* Not cached. */
 /* For M profile only, Handler (ie not Thread) mode */
 FIELD(TBFLAG_A32, HANDLER, 21, 1)
 /* For M profile only, whether we should generate stack-limit checks */
@@ -3179,7 +3186,7 @@ FIELD(TBFLAG_A64, SVEEXC_EL, 2, 2)
 FIELD(TBFLAG_A64, ZCR_LEN, 4, 4)
 FIELD(TBFLAG_A64, PAUTH_ACTIVE, 8, 1)
 FIELD(TBFLAG_A64, BT, 9, 1)
-FIELD(TBFLAG_A64, BTYPE, 10, 2)
+FIELD(TBFLAG_A64, BTYPE, 10, 2) /* Not cached. */
 FIELD(TBFLAG_A64, TBID, 12, 2)
 
 static inline bool bswap_code(bool sctlr_b)
@@ -3264,6 +3271,12 @@ void arm_register_pre_el_change_hook(ARMCPU *cpu, 
ARMELChangeHookFn *hook,
 void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook, void
 *opaque);
 
+/**
+ * arm_rebuild_hflags:
+ * Rebuild the cached TBFLAGS for arbitrary changed processor state.
+ */
+void arm_rebuild_hflags(CPUARMState *env);
+
 /**
  * aa32_vfp_dreg:
  * Return a pointer to the Dn register within env in 32-bit mode.
diff --git a/target/arm/helper.h b/target/arm/helper.h
index 132aa1682e..3919acbe63 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -91,6 +91,9 @@ DEF_HELPER_4(msr_banked, void, env, i32, i32, i32)
 DEF_HELPER_2(get_user_reg, i32, env, i32)
 DEF_HELPER_3(set_user_reg, void, env, i32, i32)
 
+DEF_HELPER_FLAGS_2(rebuild_hflags_a32, TCG_CALL_NO_RWG, void, env, i32)
+DEF_HELPER_FLAGS_2(rebuild_hflags_a64, 

[Qemu-devel] [PATCH v4 3/3] target/arm: Rely on hflags correct in cpu_get_tb_cpu_state

[Richard Henderson]

This is the payoff.

>From perf record -g data of ubuntu 18 boot and shutdown:

BEFORE:

-   23.02% 2.82%  qemu-system-aar  [.] helper_lookup_tb_ptr
   - 20.22% helper_lookup_tb_ptr
  + 10.05% tb_htable_lookup
  - 9.13% cpu_get_tb_cpu_state
   3.20% aa64_va_parameters_both
   0.55% fp_exception_el

-   11.66% 4.74%  qemu-system-aar  [.] cpu_get_tb_cpu_state
   - 6.96% cpu_get_tb_cpu_state
3.63% aa64_va_parameters_both
0.60% fp_exception_el
0.53% sve_exception_el

AFTER:

-   16.40% 3.40%  qemu-system-aar  [.] helper_lookup_tb_ptr
   - 13.03% helper_lookup_tb_ptr
  + 11.19% tb_htable_lookup
0.55% cpu_get_tb_cpu_state

 0.98% 0.71%  qemu-system-aar  [.] cpu_get_tb_cpu_state

 0.87% 0.24%  qemu-system-aar  [.] rebuild_hflags_a64

Before, helper_lookup_tb_ptr is the second hottest function in the
application, consuming almost a quarter of the runtime.  Within the
entire execution, cpu_get_tb_cpu_state consumes about 12%.

After, helper_lookup_tb_ptr has dropped to the fourth hottest function,
with consumption dropping to a sixth of the runtime.  Within the
entire execution, cpu_get_tb_cpu_state has dropped below 1%, and the
supporting function to rebuild hflags also consumes about 1%.

Assertions are retained for --enable-debug-tcg.

Tested-by: Alex Bennée 
Reviewed-by: Alex Bennée 
Signed-off-by: Richard Henderson 
---
v2: Retain asserts for future debugging.
---
 target/arm/helper.c | 20 +++-
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 9b07350cfe..abb8cc52dd 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11155,19 +11155,29 @@ void HELPER(rebuild_hflags_a64)(CPUARMState *env, 
uint32_t el)
 void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
   target_ulong *cs_base, uint32_t *pflags)
 {
-int current_el = arm_current_el(env);
-uint32_t flags;
+uint32_t flags = env->hflags;
 uint32_t pstate_for_ss;
 
+#ifdef CONFIG_DEBUG_TCG
+{
+int el = arm_current_el(env);
+uint32_t check_flags;
+if (is_a64(env)) {
+check_flags = rebuild_hflags_a64(env, el);
+} else {
+check_flags = rebuild_hflags_a32(env, el);
+}
+assert(flags == check_flags);
+}
+#endif
+
 *cs_base = 0;
-if (is_a64(env)) {
+if (FIELD_EX32(flags, TBFLAG_ANY, AARCH64_STATE)) {
 *pc = env->pc;
-flags = rebuild_hflags_a64(env, current_el);
 flags = FIELD_DP32(flags, TBFLAG_A64, BTYPE, env->btype);
 pstate_for_ss = env->pstate;
 } else {
 *pc = env->regs[15];
-flags = rebuild_hflags_a32(env, current_el);
 flags = FIELD_DP32(flags, TBFLAG_A32, THUMB, env->thumb);
 flags = FIELD_DP32(flags, TBFLAG_A32, CONDEXEC, env->condexec_bits);
 /* Note that XSCALE_CPAR shares bits with VECSTRIDE */
-- 
2.17.1

[Qemu-devel] [PATCH v4 2/3] target/arm: Rebuild hflags at EL changes and MSR writes

[Richard Henderson]

Now setting, but not relying upon, env->hflags.

Tested-by: Alex Bennée 
Reviewed-by: Alex Bennée 
Signed-off-by: Richard Henderson 
---
v2: Fixed partial conversion to assignment to env->hflags.
---
 linux-user/syscall.c   |  1 +
 target/arm/cpu.c   |  1 +
 target/arm/helper-a64.c|  3 +++
 target/arm/helper.c|  2 ++
 target/arm/machine.c   |  1 +
 target/arm/op_helper.c |  1 +
 target/arm/translate-a64.c |  6 +-
 target/arm/translate.c | 14 --
 8 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 8367cb138d..55d5fdadf3 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9979,6 +9979,7 @@ static abi_long do_syscall1(void *cpu_env, int num, 
abi_long arg1,
 aarch64_sve_narrow_vq(env, vq);
 }
 env->vfp.zcr_el[1] = vq - 1;
+arm_rebuild_hflags(env);
 ret = vq * 16;
 }
 return ret;
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index ec2ab95dbe..995f4ea355 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -406,6 +406,7 @@ static void arm_cpu_reset(CPUState *s)
 
 hw_breakpoint_update_all(cpu);
 hw_watchpoint_update_all(cpu);
+arm_rebuild_hflags(env);
 }
 
 bool arm_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index 060699b901..3bc364ebb7 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -1025,6 +1025,7 @@ void HELPER(exception_return)(CPUARMState *env, uint64_t 
new_pc)
 } else {
 env->regs[15] = new_pc & ~0x3;
 }
+env->hflags = rebuild_hflags_a32(env, new_el);
 qemu_log_mask(CPU_LOG_INT, "Exception return from AArch64 EL%d to "
   "AArch32 EL%d PC 0x%" PRIx32 "\n",
   cur_el, new_el, env->regs[15]);
@@ -1036,10 +1037,12 @@ void HELPER(exception_return)(CPUARMState *env, 
uint64_t new_pc)
 }
 aarch64_restore_sp(env, new_el);
 env->pc = new_pc;
+env->hflags = rebuild_hflags_a64(env, new_el);
 qemu_log_mask(CPU_LOG_INT, "Exception return from AArch64 EL%d to "
   "AArch64 EL%d PC 0x%" PRIx64 "\n",
   cur_el, new_el, env->pc);
 }
+
 /*
  * Note that cur_el can never be 0.  If new_el is 0, then
  * el0_a64 is return_to_aa64, else el0_a64 is ignored.
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 43b7c41f11..9b07350cfe 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -7905,6 +7905,7 @@ static void take_aarch32_exception(CPUARMState *env, int 
new_mode,
 env->regs[14] = env->regs[15] + offset;
 }
 env->regs[15] = newpc;
+env->hflags = rebuild_hflags_a32(env, arm_current_el(env));
 }
 
 static void arm_cpu_do_interrupt_aarch32_hyp(CPUState *cs)
@@ -8251,6 +8252,7 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
 
 pstate_write(env, PSTATE_DAIF | new_mode);
 env->aarch64 = 1;
+env->hflags = rebuild_hflags_a64(env, new_el);
 aarch64_restore_sp(env, new_el);
 
 env->pc = addr;
diff --git a/target/arm/machine.c b/target/arm/machine.c
index 3fd319a309..838d154a3c 100644
--- a/target/arm/machine.c
+++ b/target/arm/machine.c
@@ -758,6 +758,7 @@ static int cpu_post_load(void *opaque, int version_id)
 if (!kvm_enabled()) {
 pmu_op_finish(>env);
 }
+arm_rebuild_hflags(>env);
 
 return 0;
 }
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 5e1625a1c8..6e6613b8a8 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -420,6 +420,7 @@ void HELPER(cpsr_write_eret)(CPUARMState *env, uint32_t val)
  */
 env->regs[15] &= (env->thumb ? ~1 : ~3);
 
+env->hflags = rebuild_hflags_a32(env, arm_current_el(env));
 qemu_mutex_lock_iothread();
 arm_call_el_change_hook(env_archcpu(env));
 qemu_mutex_unlock_iothread();
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index d3231477a2..f8b5debf82 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1799,11 +1799,15 @@ static void handle_sys(DisasContext *s, uint32_t insn, 
bool isread,
 /* I/O operations must end the TB here (whether read or write) */
 gen_io_end();
 s->base.is_jmp = DISAS_UPDATE;
-} else if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
+}
+if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
 /* We default to ending the TB on a coprocessor register write,
  * but allow this to be suppressed by the register definition
  * (usually only necessary to work around guest bugs).
  */
+TCGv_i32 tcg_el = tcg_const_i32(s->current_el);
+gen_helper_rebuild_hflags_a64(cpu_env, tcg_el);
+tcg_temp_free_i32(tcg_el);
 s->base.is_jmp = DISAS_UPDATE;
 }
 }
diff --git 

[Qemu-devel] [PATCH v4 0/3] target/arm: Reduce overhead of cpu_get_tb_cpu_state

[Richard Henderson]

Version 3 was back in February:
https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg06002.html

Changes since v3:
  * Rebase.
  * Do not cache XSCALE_CPAR now that it overlaps VECSTRIDE.
  * Leave the new v7m bits as uncached.  I haven't figured
out all of the ways fpccr is modified.

Changes since v2:
  * Do not cache VECLEN, VECSTRIDE, VFPEN.
These variables come from VFP_FPSCR and VFP_FPEXC, not from
system control registers.
  * Move HANDLER and STACKCHECK to rebuild_hflags_a32,
instead of building them in rebuild_hflags_common.

Changes since v1:
  * Apparently I had started a last-minute API change, and failed to
covert all of the users, and also failed to re-test afterward.
  * Retain assertions for --enable-debug-tcg.


r~


Richard Henderson (3):
  target/arm: Split out recompute_hflags et al
  target/arm: Rebuild hflags at EL changes and MSR writes
  target/arm: Rely on hflags correct in cpu_get_tb_cpu_state

 target/arm/cpu.h   |  35 ++--
 target/arm/helper.h|   3 +
 target/arm/internals.h |   3 +
 linux-user/syscall.c   |   1 +
 target/arm/cpu.c   |   1 +
 target/arm/helper-a64.c|   3 +
 target/arm/helper.c| 334 ++---
 target/arm/machine.c   |   1 +
 target/arm/op_helper.c |   1 +
 target/arm/translate-a64.c |   6 +-
 target/arm/translate.c |  14 +-
 11 files changed, 254 insertions(+), 148 deletions(-)

-- 
2.17.1

Re: [Qemu-devel] [PATCH] util/hbitmap: fix unaligned reset

[Paolo Bonzini]

On 02/08/19 23:19, Max Reitz wrote:
> 
> But I don’t know whether this patch is the best way forward still.  I
> think call hbitmap_reset() with unaligned boundaries generally calls for
> trouble, as John has laid out.  If mirror’s do_sync_target_write() is
> the only offender right now, I’d prefer for hbitmap_reset() to assert
> that the boundaries are aligned

I agree (it's not a bug, it's a feature though a nasty one).

Paolo

Re: [Qemu-devel] [PATCH] target/i386: Return 'indefinite integer value' for invalid SSE fp->int conversions

[Paolo Bonzini]

On 05/08/19 23:13, Richard Henderson wrote:
> On 8/5/19 11:03 AM, Peter Maydell wrote:
>> The x86 architecture requires that all conversions from floating
>> point to integer which raise the 'invalid' exception (infinities of
>> both signs, NaN, and all values which don't fit in the destination
>> integer) return what the x86 spec calls the "indefinite integer
>> value", which is 0x8000_ for 32-bits or 0x8000___ for
>> 64-bits.  The softfloat functions return the more usual behaviour of
>> positive overflows returning the maximum value that fits in the
>> destination integer format and negative overflows returning the
>> minimum value that fits.
>>
>> Wrap the softfloat functions in x86-specific versions which
>> detect the 'invalid' condition and return the indefinite integer.
>>
>> Note that we don't use these wrappers for the 3DNow! pf2id and pf2iw
>> instructions, which do return the minimum value that fits in
>> an int32 if the input float is a large negative number.
>>
>> Fixes: https://bugs.launchpad.net/qemu/+bug/1815423
>> Signed-off-by: Peter Maydell 
>> ---
>> I've tested that this fixes the LP:1815423 test case. If anybody
>> has an x86 VM image to hand that has node.js installed it would
>> also be useful to test the operations in
>> https://bugs.launchpad.net/qemu/+bug/1832281
>> (I don't have such a VM.)
>>
>> The other approach here would be to make the softfloat functions be
>> flexible enough to allow this behaviour -- from my reading of IEEE754
>> I think the exact returned result for 'invalid' inputs for float to
>> int conversions is not specified.
>>
>>  target/i386/ops_sse.h | 88 +--
>>  1 file changed, 60 insertions(+), 28 deletions(-)
> 
> I guess this is exactly what we already do in fpu_helper.c.
> Reviewed-by: Richard Henderson 
> 
> 
> r~
> 

Queued, thanks.

Paolo

Re: [Qemu-devel] [PATCH] tests/test-hbitmap: test next_zero and _next_dirty_area after truncate

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190805164652.42409-1-vsement...@virtuozzo.com/



Hi,

This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===

PASS 1 fdc-test /x86_64/fdc/cmos
PASS 2 fdc-test /x86_64/fdc/no_media_on_start
PASS 3 fdc-test /x86_64/fdc/read_without_media
==7966==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 4 fdc-test /x86_64/fdc/media_change
PASS 5 fdc-test /x86_64/fdc/sense_interrupt
PASS 6 fdc-test /x86_64/fdc/relative_seek
---
PASS 32 test-opts-visitor /visitor/opts/range/beyond
PASS 33 test-opts-visitor /visitor/opts/dict/unvisited
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-coroutine -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="test-coroutine" 
==8011==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
==8011==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 
0x7ffd55e05000; bottom 0x7f25df1f8000; size: 0x00d776c0d000 (925410316288)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 1 test-coroutine /basic/no-dangling-access
---
PASS 11 test-aio /aio/event/wait
PASS 12 test-aio /aio/event/flush
PASS 13 test-aio /aio/event/wait/no-flush-cb
==8030==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 14 test-aio /aio/timer/schedule
PASS 15 test-aio /aio/coroutine/queue-chaining
PASS 16 test-aio /aio-gsource/flush
---
PASS 13 fdc-test /x86_64/fdc/fuzz-registers
PASS 28 test-aio /aio-gsource/timer/schedule
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-aio-multithread -m=quick -k --tap < /dev/null | 
./scripts/tap-driver.pl --test-name="test-aio-multithread" 
==8037==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 1 test-aio-multithread /aio/multi/lifecycle
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img 
tests/ide-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="ide-test" 
==8054==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 2 test-aio-multithread /aio/multi/schedule
PASS 1 ide-test /x86_64/ide/identify
==8065==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 3 test-aio-multithread /aio/multi/mutex/contended
PASS 2 ide-test /x86_64/ide/flush
==8076==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 3 ide-test /x86_64/ide/bmdma/simple_rw
==8082==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 4 ide-test /x86_64/ide/bmdma/trim
PASS 4 test-aio-multithread /aio/multi/mutex/handoff
==8088==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 5 ide-test /x86_64/ide/bmdma/short_prdt
PASS 5 test-aio-multithread /aio/multi/mutex/mcs
==8099==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 6 ide-test /x86_64/ide/bmdma/one_sector_short_prdt
PASS 6 test-aio-multithread /aio/multi/mutex/pthread
==8110==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-throttle -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="test-throttle" 
==8117==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 1 test-throttle /throttle/leak_bucket
PASS 2 test-throttle /throttle/compute_wait
PASS 3 test-throttle /throttle/init
---
PASS 15 test-throttle /throttle/config/iops_size
PASS 7 ide-test /x86_64/ide/bmdma/long_prdt
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-thread-pool -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="test-thread-pool" 
==8124==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 1 test-thread-pool /thread-pool/submit
PASS 2 test-thread-pool /thread-pool/submit-aio
PASS 3 test-thread-pool /thread-pool/submit-co
PASS 4 test-thread-pool 

Re: [Qemu-devel] [PATCH 2/3] iotests: Enable -d for Python non-unittest tests

[John Snow]

On 8/2/19 10:07 AM, Kevin Wolf wrote:
> Am 01.08.2019 um 19:57 hat Max Reitz geschrieben:
>> On 01.08.19 17:17, Kevin Wolf wrote:
>>> The part of iotests.main() that is related to the implementation of the
>>> debug option -d and enables QEMU and QMP logging is not only useful in
>>> tests that use the Python unittest framework, but also in tests that
>>> work by comparing with a reference output.
>>>
>>> Factor these parts out into iotests.init() and call it from the test
>>> cases that currently lack support for debug output.
>>
>> How does this relate to
>> https://lists.nongnu.org/archive/html/qemu-block/2019-07/msg01212.html ?
> 
> Hm, no idea? :-)
> 
> Looks like John's patch depends on some other patches which would then
> conflict with mine, too, so maybe I'll just drop my patch and wait what
> happens?
> 
> John, any opinion?
> 
> Kevin
> 

My patches do roughly the same plus a little more. If you don't mind
waiting, I can take care of this for you when the tree reopens?

--js

[Qemu-devel] [PATCH] Makefile: remove unused variables

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 Makefile | 4 
 1 file changed, 4 deletions(-)

diff --git a/Makefile b/Makefile
index 73fbba0..7b0e2f4 100644
--- a/Makefile
+++ b/Makefile
@@ -429,10 +429,6 @@ dummy := $(call unnest-vars,, \
 io-obj-y \
 common-obj-y \
 common-obj-m \
-ui-obj-y \
-ui-obj-m \
-audio-obj-y \
-audio-obj-m \
 trace-obj-y)
 
 include $(SRC_PATH)/tests/Makefile.include
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH] target/i386: Return 'indefinite integer value' for invalid SSE fp->int conversions

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190805180332.10185-1-peter.mayd...@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Subject: [Qemu-devel] [PATCH] target/i386: Return 'indefinite integer value' 
for invalid SSE fp->int conversions
Message-id: 20190805180332.10185-1-peter.mayd...@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]  patchew/20190805180332.10185-1-peter.mayd...@linaro.org -> 
patchew/20190805180332.10185-1-peter.mayd...@linaro.org
Submodule 'capstone' (https://git.qemu.org/git/capstone.git) registered for 
path 'capstone'
Submodule 'dtc' (https://git.qemu.org/git/dtc.git) registered for path 'dtc'
Submodule 'roms/QemuMacDrivers' (https://git.qemu.org/git/QemuMacDrivers.git) 
registered for path 'roms/QemuMacDrivers'
Submodule 'roms/SLOF' (https://git.qemu.org/git/SLOF.git) registered for path 
'roms/SLOF'
Submodule 'roms/edk2' (https://git.qemu.org/git/edk2.git) registered for path 
'roms/edk2'
Submodule 'roms/ipxe' (https://git.qemu.org/git/ipxe.git) registered for path 
'roms/ipxe'
Submodule 'roms/openbios' (https://git.qemu.org/git/openbios.git) registered 
for path 'roms/openbios'
Submodule 'roms/openhackware' (https://git.qemu.org/git/openhackware.git) 
registered for path 'roms/openhackware'
Submodule 'roms/opensbi' (https://git.qemu.org/git/opensbi.git) registered for 
path 'roms/opensbi'
Submodule 'roms/qemu-palcode' (https://git.qemu.org/git/qemu-palcode.git) 
registered for path 'roms/qemu-palcode'
Submodule 'roms/seabios' (https://git.qemu.org/git/seabios.git/) registered for 
path 'roms/seabios'
Submodule 'roms/seabios-hppa' (https://git.qemu.org/git/seabios-hppa.git) 
registered for path 'roms/seabios-hppa'
Submodule 'roms/sgabios' (https://git.qemu.org/git/sgabios.git) registered for 
path 'roms/sgabios'
Submodule 'roms/skiboot' (https://git.qemu.org/git/skiboot.git) registered for 
path 'roms/skiboot'
Submodule 'roms/u-boot' (https://git.qemu.org/git/u-boot.git) registered for 
path 'roms/u-boot'
Submodule 'roms/u-boot-sam460ex' (https://git.qemu.org/git/u-boot-sam460ex.git) 
registered for path 'roms/u-boot-sam460ex'
Submodule 'slirp' (https://git.qemu.org/git/libslirp.git) registered for path 
'slirp'
Submodule 'tests/fp/berkeley-softfloat-3' 
(https://git.qemu.org/git/berkeley-softfloat-3.git) registered for path 
'tests/fp/berkeley-softfloat-3'
Submodule 'tests/fp/berkeley-testfloat-3' 
(https://git.qemu.org/git/berkeley-testfloat-3.git) registered for path 
'tests/fp/berkeley-testfloat-3'
Submodule 'ui/keycodemapdb' (https://git.qemu.org/git/keycodemapdb.git) 
registered for path 'ui/keycodemapdb'
Cloning into 'capstone'...
Submodule path 'capstone': checked out 
'22ead3e0bfdb87516656453336160e0a37b066bf'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Cloning into 'roms/QemuMacDrivers'...
Submodule path 'roms/QemuMacDrivers': checked out 
'90c488d5f4a407342247b9ea869df1c2d9c8e266'
Cloning into 'roms/SLOF'...
Submodule path 'roms/SLOF': checked out 
'ba1ab360eebe6338bb8d7d83a9220ccf7e213af3'
Cloning into 'roms/edk2'...
Submodule path 'roms/edk2': checked out 
'20d2e5a125e34fc8501026613a71549b2a1a3e54'
Submodule 'SoftFloat' (https://github.com/ucb-bar/berkeley-softfloat-3.git) 
registered for path 'ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3'
Submodule 'CryptoPkg/Library/OpensslLib/openssl' 
(https://github.com/openssl/openssl) registered for path 
'CryptoPkg/Library/OpensslLib/openssl'
Cloning into 'ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3'...
Submodule path 'roms/edk2/ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3': 
checked out 'b64af41c3276f97f0e181920400ee056b9c88037'
Cloning into 'CryptoPkg/Library/OpensslLib/openssl'...
Submodule path 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl': checked out 
'50eaac9f3337667259de725451f201e784599687'
Submodule 'boringssl' (https://boringssl.googlesource.com/boringssl) registered 
for path 'boringssl'
Submodule 'krb5' (https://github.com/krb5/krb5) registered for path 'krb5'
Submodule 'pyca.cryptography' (https://github.com/pyca/cryptography.git) 
registered for path 'pyca-cryptography'
Cloning into 'boringssl'...
Submodule path 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl': 
checked out '2070f8ad9151dc8f3a73bffaa146b5e6937a583f'
Cloning into 'krb5'...
Submodule path 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/krb5': checked 
out 'b9ad6c49505c96a088326b62a52568e3484f2168'
Cloning into 'pyca-cryptography'...
Submodule path 
'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography': checked out 

Re: [Qemu-devel] [PATCH 00/67] target/arm: Convert aa32 base isa to decodetree

[Richard Henderson]

On 8/5/19 8:44 AM, Peter Maydell wrote:
> On Fri, 26 Jul 2019 at 18:50, Richard Henderson
>  wrote:
>>
>> This unifies the implementation of the actual instructions
>> for a32, t32, and t16.  In order to make this happen, we
>> need several preliminary cleanups.  Most importantly to how
>> we handle the architectural representation of PC.
> 
> I'd be happy to take the preliminary-cleanups part (subject
> to the various review comments) without waiting for the
> rest of the series to get respun.

I had an outstanding question re patch 4:
Message-ID: 
https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg06520.html

and another re patch 6:
Message-ID: <09b930e2-0a92-25a3-4e26-8bea1f437...@linaro.org>
https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg06508.html


r~

Re: [Qemu-devel] [PATCH] target/i386: Return 'indefinite integer value' for invalid SSE fp->int conversions

[Richard Henderson]

On 8/5/19 11:03 AM, Peter Maydell wrote:
> The x86 architecture requires that all conversions from floating
> point to integer which raise the 'invalid' exception (infinities of
> both signs, NaN, and all values which don't fit in the destination
> integer) return what the x86 spec calls the "indefinite integer
> value", which is 0x8000_ for 32-bits or 0x8000___ for
> 64-bits.  The softfloat functions return the more usual behaviour of
> positive overflows returning the maximum value that fits in the
> destination integer format and negative overflows returning the
> minimum value that fits.
> 
> Wrap the softfloat functions in x86-specific versions which
> detect the 'invalid' condition and return the indefinite integer.
> 
> Note that we don't use these wrappers for the 3DNow! pf2id and pf2iw
> instructions, which do return the minimum value that fits in
> an int32 if the input float is a large negative number.
> 
> Fixes: https://bugs.launchpad.net/qemu/+bug/1815423
> Signed-off-by: Peter Maydell 
> ---
> I've tested that this fixes the LP:1815423 test case. If anybody
> has an x86 VM image to hand that has node.js installed it would
> also be useful to test the operations in
> https://bugs.launchpad.net/qemu/+bug/1832281
> (I don't have such a VM.)
> 
> The other approach here would be to make the softfloat functions be
> flexible enough to allow this behaviour -- from my reading of IEEE754
> I think the exact returned result for 'invalid' inputs for float to
> int conversions is not specified.
> 
>  target/i386/ops_sse.h | 88 +--
>  1 file changed, 60 insertions(+), 28 deletions(-)

I guess this is exactly what we already do in fpu_helper.c.
Reviewed-by: Richard Henderson 


r~

[Qemu-devel] [PATCH 2/3] tests/acceptance/avocado_qemu: add method to get supported machine types

[Balamuruhan S]

add `get_machine_types()` to return list of supported machine types
by the qemu binary.

Signed-off-by: Balamuruhan S 
---
 tests/acceptance/avocado_qemu/__init__.py | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/tests/acceptance/avocado_qemu/__init__.py 
b/tests/acceptance/avocado_qemu/__init__.py
index aee5d820ed..df18561e97 100644
--- a/tests/acceptance/avocado_qemu/__init__.py
+++ b/tests/acceptance/avocado_qemu/__init__.py
@@ -82,6 +82,12 @@ class Test(avocado.Test):
 self._vms[name] = self._new_vm(*args)
 return self._vms[name]
 
+def get_machine_types(self):
+cmd = "%s -machine ?" % self.qemu_bin
+output = avocado.utils.process.getoutput(cmd).split("\n")
+output.remove("Supported machines are:")
+return [each.split()[0] for each in output]
+
 def tearDown(self):
 for vm in self._vms.values():
 vm.shutdown()
-- 
2.14.5

[Qemu-devel] [PATCH 1/3] tests/acceptance/migration: fix post migration check

[Balamuruhan S]

assert `query-migrate` in target doesn't give migration
status and test errors even if migration succeeds.

In target:
{'execute': 'query-migrate'}
{"return": {}}

Signed-off-by: Balamuruhan S 
---
 tests/acceptance/migration.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/acceptance/migration.py b/tests/acceptance/migration.py
index 6115cf6c24..66941db3b3 100644
--- a/tests/acceptance/migration.py
+++ b/tests/acceptance/migration.py
@@ -47,7 +47,6 @@ class Migration(Test):
 step=0.1,
 args=(source_vm,)
 )
-self.assertEqual(dest_vm.command('query-migrate')['status'], 
'completed')
 self.assertEqual(source_vm.command('query-migrate')['status'], 
'completed')
 self.assertEqual(dest_vm.command('query-status')['status'], 'running')
 self.assertEqual(source_vm.command('query-status')['status'], 
'postmigrate')
-- 
2.14.5

[Qemu-devel] [PATCH 3/3] tests/acceptance/migration: test to migrate will all machine types

[Balamuruhan S]

add migration test to query machine types supported by qemu binary
and migrate vm will all supported type.

Signed-off-by: Balamuruhan S 
---
 tests/acceptance/migration.py | 26 ++
 1 file changed, 26 insertions(+)

diff --git a/tests/acceptance/migration.py b/tests/acceptance/migration.py
index 66941db3b3..a598b54718 100644
--- a/tests/acceptance/migration.py
+++ b/tests/acceptance/migration.py
@@ -50,3 +50,29 @@ class Migration(Test):
 self.assertEqual(source_vm.command('query-migrate')['status'], 
'completed')
 self.assertEqual(dest_vm.command('query-status')['status'], 'running')
 self.assertEqual(source_vm.command('query-status')['status'], 
'postmigrate')
+
+
+def test_migration_with_machine_types(self):
+migration_port = self._get_free_port()
+for machine in self.get_machine_types():
+if 'pseries' in machine:
+print("migrating with machine type - {}".format(machine))
+source_vm = self.get_vm('-M', '{},cap-htm=off'.format(machine))
+dest_uri = 'tcp:localhost:%u' % migration_port
+dest_vm = self.get_vm('-M', '{},cap-htm=off'.format(machine),
+  '-incoming', dest_uri)
+dest_vm.launch()
+source_vm.launch()
+source_vm.qmp('migrate', uri=dest_uri)
+wait.wait_for(
+self.migration_finished,
+timeout=self.timeout,
+step=0.1,
+args=(source_vm,)
+)
+self.assertEqual(source_vm.command('query-migrate')['status'],
+   'completed')
+self.assertEqual(dest_vm.command('query-status')['status'],
+ 'running')
+self.assertEqual(source_vm.command('query-status')['status'],
+   'postmigrate')
-- 
2.14.5

[Qemu-devel] [PATCH 0/3] Add acceptance test for migration

[Balamuruhan S]

Add new test for migration that bringup vm with different machine types and
migrate it, introduce new API in avocado_qemu to query all the machine
types supported by qemu.

Test run:

# avocado run migration.py
JOB ID : ef54f57a073eb267d2347e32225f2adbe27969de
JOB LOG: 
/home/bala/avocado-fvt-wrapper/results/job-2019-08-05T13.54-ef54f57/job.log
 (1/2) migration.py:Migration.test_migration_with_tcp_localhost: PASS (0.54 s)
 (2/2) migration.py:Migration.test_migration_with_machine_types: PASS (5.21 s)
RESULTS: PASS 2 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | CANCEL 0
JOB TIME   : 5.86 s

Currently acceptance test for migration error out as we check `query-migrate`
in target after migration which is not appropriate.

Balamuruhan S (3):
  tests/acceptance/migration: fix post migration check
  tests/acceptance/avocado_qemu: add method to get supported machine
types
  tests/acceptance/migration: test to migrate will all machine types

 tests/acceptance/avocado_qemu/__init__.py |  6 ++
 tests/acceptance/migration.py | 27 ++-
 2 files changed, 32 insertions(+), 1 deletion(-)

-- 
2.14.5

[Qemu-devel] [Bug 1838946] Re: qemu 3.10 golang crash

[Antony Rheneus]

Facing similar crash with the latest qemu, Can you give some pointers to
debug further like backtrace/breakpoints or so

$ ./qemu-4.1.0-rc3/arm-linux-user/qemu-arm --version
qemu-arm version 4.0.93
Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers


$ ./qemu-4.1.0-rc3/arm-linux-user/qemu-arm $GOROOT/bin/go  get -v 
github.com/Azure/sonic-telemetry/dialout/dialout_client_cli
Fetching https://google.golang.org/grpc?go-get=1

<<<   LOG Truncated>>>

Parsing meta tags from https://golang.org/x/net/context?go-get=1 (status code 
200)
get "golang.org/x/net/context": found meta tag 
get.metaImport{Prefix:"golang.org/x/net", VCS:"git", 
RepoRoot:"https://go.googlesource.com/net"} at 
https://golang.org/x/net/context?go-get=1
get "golang.org/x/net/context": verifying non-authoritative meta tag
github.com/c9s/goprocinfo (download)
github.com/go-redis/redis (download)
github.com/golang/glog (download)
github.com/workiva/go-datastructures (download)
github.com/openconfig/ygot (download)
github.com/kylelemons/godebug (download)
github.com/openconfig/goyang (download)
go tool compile: signal: aborted (core dumped)
qemu: unhandled CPU exception 0x10004 - aborting
R00= R01=001e R02=00e2b180 R03=
R04=0001 R05=00d8 R06=00f6 R07=f6ffec64
R08= R09=00e0 R10=00e1e740 R11=00e3610c
R12=0034 R13=f6ffebc8 R14=00018d90 R15=0006668c
PSR=2010 --C- A usr32
go tool compile: signal: aborted (core dumped)
qemu: unhandled CPU exception 0x10004 - aborting
R00= R01=001e R02=00e1e690 R03=
R04=0001 R05=0008 R06=0004 R07=0003
R08=da507899 R09=0107 R10=01000540 R11=00e3610c
R12=f67cc015 R13=01049f1c R14=00018d90 R15=0006668c
PSR=2010 --C- A usr32

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1838946

Title:
  qemu 3.10 golang crash

Status in QEMU:
  New

Bug description:
  Encountered below crashes in qemu 3.10 arm 
  Also have raised the same in golang groups. But seems like in ARM32 hardware, 
the below commands works fine, only in qemu if crashes. 
  
https://groups.google.com/forum/?utm_medium=email_source=footer#!topic/golang-nuts/1txPOGa4aGc

  Need some pointers to narrow down

  Please see log below.

  $ qemu-arm-static --version
  qemu-arm version 3.1.0 (qemu-3.1.0-6.fc30)
  Copyright (c) 2003-2018 Fabrice Bellard and the QEMU Project developers


  
  arheneus@bbdee4f6f57d:/sonic/src/telemetry/test$ /usr/local/go/bin/go get -v 
github.com/Azure/sonic-telemetry/dialout/dialout_client_cli
  github.com/openconfig/ygot (download)
  github.com/kylelemons/godebug (download)
  github.com/openconfig/goyang (download)
  SIGSEGV: segmentation violation
  PC=0x4512c m=12 sigcode=1

  goroutine 15 [syscall]:
  syscall.Syscall6(0x118, 0x1, 0x11c3, 0xf513b0, 0x104, 0x0, 0x0, 0x1c63c, 
0x15e54, 0xe280a0)
  /usr/local/go/src/syscall/asm_linux_arm.s:45 +0x8 fp=0xf51380 
sp=0xf5137c pc=0x88298
  os.(*Process).blockUntilWaitable(0xf80300, 0xf80300, 0x0, 0x0)
  /usr/local/go/src/os/wait_waitid.go:31 +0x64 fp=0xf51438 sp=0xf51380 
pc=0xa94a0
  os.(*Process).wait(0xf80300, 0x13, 0xe6e1d0, 0xeba010)
  /usr/local/go/src/os/exec_unix.go:22 +0x2c fp=0xf51470 sp=0xf51438 
pc=0xa2d58
  os.(*Process).Wait(0xf80300, 0x4d5f58, 0x4d5f5c, 0x4d5f54)
  /usr/local/go/src/os/exec.go:125 +0x1c fp=0xf51484 sp=0xf51470 
pc=0xa2494
  os/exec.(*Cmd).Wait(0xe14000, 0x0, 0x0)
  /usr/local/go/src/os/exec/exec.go:465 +0x40 fp=0xf514bc sp=0xf51484 
pc=0xf8620
  os/exec.(*Cmd).Run(0xe14000, 0xd5c720, 0xf3)
  /usr/local/go/src/os/exec/exec.go:309 +0x44 fp=0xf514cc sp=0xf514bc 
pc=0xf7e1c
  cmd/go/internal/work.(*Builder).toolID(0xd5cf60, 0x497ee2, 0x7, 0x2c, 
0x116f8e0)
  /usr/local/go/src/cmd/go/internal/work/buildid.go:193 +0x2e0 
fp=0xf515bc sp=0xf514cc pc=0x3549bc
  cmd/go/internal/work.(*Builder).buildActionID(0xd5cf60, 0x1177d90, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
  /usr/local/go/src/cmd/go/internal/work/exec.go:223 +0xb8c fp=0xf51978 
sp=0xf515bc pc=0x3594fc
  cmd/go/internal/work.(*Builder).build(0xd5cf60, 0x1177d90, 0x0, 0x0)
  /usr/local/go/src/cmd/go/internal/work/exec.go:373 +0x3d3c 
fp=0xf51f44 sp=0xf51978 pc=0x35e374
  cmd/go/internal/work.(*Builder).Do.func1(0x1177d90)
  /usr/local/go/src/cmd/go/internal/work/exec.go:107 +0x58 fp=0xf51f84 
sp=0xf51f44 pc=0x38287c
  cmd/go/internal/work.(*Builder).Do.func2(0xdf0070, 0xd5cf60, 0x10427a0)
  /usr/local/go/src/cmd/go/internal/work/exec.go:165 +0x84 fp=0xf51fdc 
sp=0xf51f84 pc=0x382b24
  runtime.goexit()
  /usr/local/go/src/runtime/asm_arm.s:867 +0x4 fp=0xf51fdc sp=0xf51fdc 
pc=0x67f44
  created by cmd/go/internal/work.(*Builder).Do
  /usr/local/go/src/cmd/go/internal/work/exec.go:152 +0x2e4

  goroutine 1 [semacquire]:
  sync.runtime_Semacquire(0xdf0078)
  

Re: [Qemu-devel] [PATCH] util/hbitmap: fix unaligned reset

[John Snow]

On 8/5/19 5:48 AM, Vladimir Sementsov-Ogievskiy wrote:
> 05.08.2019 12:26, Vladimir Sementsov-Ogievskiy wrote:
>> 02.08.2019 22:21, John Snow wrote:
>>>
>>>
>>> On 8/2/19 2:58 PM, Vladimir Sementsov-Ogievskiy wrote:
 hbitmap_reset is broken: it rounds up the requested region. It leads to
 the following bug, which is shown by fixed test:

 assume granularity = 2
 set(0, 3) # count becomes 4
 reset(0, 1) # count becomes 2

 But user of the interface assume that virtual bit 1 should be still
 dirty, so hbitmap should report count to be 4!

 In other words, because of granularity, when we set one "virtual" bit,
 yes, we make all "virtual" bits in same chunk to be dirty. But this
 should not be so for reset.

 Fix this, aligning bound correctly.

 Signed-off-by: Vladimir Sementsov-Ogievskiy 
 ---

 Hi all!

 Hmm, is it a bug or feature? :)
>>>
>>> Very, very good question.
>>>
 I don't have a test for mirror yet, but I think that sync mirror may be 
 broken
 because of this, as do_sync_target_write() seems to be using unaligned 
 reset.

>>>
>>> Honestly I was worried about this -- if you take a look at my patches
>>> where I add new bitmap sync modes, I bent over backwards to align
>>> requests for the sync=top bitmap initialization methods because I was
>>> worried about this possibly being the case.
>>>
>>>
>>> I'm not sure what the "right" behavior ought to be.
>>>
>>> Let's say you have a granularity of 8 bytes:
>>>
>>> if you reset 0-3 in one call, and then 4-7 in the next, what happens? If
>>> the caller naively thinks there's a 1:1 relationship, it might actually
>>> expect that to reflect a cleared bit. With alignment protection, we'll
>>> just fail to clear it both times and it remains set.
>>>
>>> On the other hand, if you do allow partial clears, the first reset for
>>> 0-3 will toggle off 4-7 too, where we might rely on the fact that it's
>>> actually still dirty.
>>>
>>> Whether or not that's dangerous depends on the context, and only the
>>> caller knows the context. I think we need to make the semantic effect of
>>> the reset "obvious" to the caller.
>>>
>>>
>>> I envision this:
>>>
>>> - hbitmap_reset(bitmap, start, length)
>>>    returns -EINVAL if the range is not properly aligned
>>
>> hbitmap_reset don't return, I thinks it should be an assertion
> 
> don't return any value
> 

Works for me.

>>
>>>
>>> - hbitmap_reset_flags(bitmap, flags, start, length)
>>>    if (flags & HBITMAP_ALIGN_DOWN) align request to only full bits
>>>    if (flags & HBITMAP_ALIGN_UP) align request to cover any bit even
>>> partially touched by the specified range
>>>    otherwise, pass range through as-is to hbitmap_reset (and possibly get
>>> -EINVAL if caller did not align the request.)
>>>
>>>
>>> That way the semantics are always clear to the caller.
>>
>> Hmm, I doubt, is there any use of ALIGN_UP? In most cases it's safe to thing 
>> that
>> something clear is dirty (and this is how hbitmap actually works on 
>> set/get), but
>> it seems always unsafe to ALIGN_UP reset..
>>
>> So, I think that it should be default to ALIGN_DOWN, or just an assertion 
>> that request
>> is aligned (which anyway leads to implementing a helper 
>> hbitmap_reset_align_up)..
> 
> hbitmap_reset_align_down I mean.
> 
There might not be one at the moment -- it's just the existing behavior
so I catered to it. I'd definitely just omit it if no callers need that
semantic.

So we'd have a "strict aligned" mode and a "clamped down" mode, which
probably gives us what we need in all current cases.

(Still catching up on all of today's emails, though.)

--js

[Qemu-devel] ]Re: [BUG] gcov support appears to be broken - solved?

[Aleksandar Markovic]

> > it shows very low coverage for our FP code (softfloat), while, in
> > fact, we know that "make check" contains detailed tests on FP
> > functionalities. But this is most likely a separate problem of a very
> > different nature, perhaps the issue of separate git repo for FP tests
> > (testfloat) that our FP tests use as a mid-layer.
> 
> I get:
> 
> 68.6 %  2593 / 3782 62.2 %  1690 / 2718
> 

This problem is solved too. (and it is my fault)

I worked with multiple versions of QEMU, and my previous low-coverage results 
were for QEMU 3.0, and for that version the directory tests/fp did not even 
exist. :D ()

For QEMU ToT, I get now:

fpu/softfloat.c 
68.8 %  2592 / 3770 62.3 %  1693 / 2718

which is identical for all intents and purposes to your result.

Yours cordially,
Aleksandar

Re: [Qemu-devel] [BUG] gcov support appears to be broken - solved?

[Aleksandar Markovic]

> > it shows very low coverage for our FP code (softfloat), while, in
> > fact, we know that "make check" contains detailed tests on FP
> > functionalities. But this is most likely a separate problem of a very
> > different nature, perhaps the issue of separate git repo for FP tests
> > (testfloat) that our FP tests use as a mid-layer.
> 
> I get:
> 
> 68.6 %  2593 / 3782 62.2 %  1690 / 2718
> 

I would expect that kind of result too.

However, I get:

File:   fpu/softfloat.c Lines:  8   33340.2 %
Date:   2019-08-05 19:56:58 Branches:   3   23760.1 %

:(

OK, I'll try to figure that out, and most likely I could live with it if it is 
an isolated problem.

Thank you for your assistance in this matter,
Aleksandar

> Which is not bad considering we don't exercise the 80 and 128 bit
> softfloat code at all (which is not shared by the re-factored 16/32/64
> bit code).
> 
> Alex Bennée

Re: [Qemu-devel] [BUG] gcov support appears to be broken - solved?

[Alex Bennée]

Aleksandar Markovic  writes:

>>> #./configure --enable-gcov
>>> #make
>>> #make check
>>> #make coverage-report
>>>
>>> It seems that first three commands execute as expected. (For example,
>>> there are plenty of files generated by "make check" that would've not
>>> been generated if "enable-gcov" hadn't been chosen.) However, the
>>> last command complains about some missing files related to FP
>
>> So your failure mode is no report is generated at all? It's working for
>> me here.
>
> Alex, here is the thing:
>
> Seeing that my gcovr is relatively old (2014) 3.2 version, I upgraded it from 
> git repo to the most recent 4.1 (actually, to a dev version, from the very 
> tip of the tree), and "make coverage-report" started generating coverage 
> reports. It did emit some error messages (totally different than previous), 
> but still it did not stop like it used to do with gcovr 3.2.
>
> Perhaps you would want to add some gcov/gcovr minimal version info in our 
> docs. (or at least a statement "this was tested with such and such gcc, gcov 
> and gcovr", etc.?)
>
> Coverage report looked fine at first glance, but it a kind of
> disappointed me when I digged deeper into its content - for example,
> it shows very low coverage for our FP code (softfloat), while, in
> fact, we know that "make check" contains detailed tests on FP
> functionalities. But this is most likely a separate problem of a very
> different nature, perhaps the issue of separate git repo for FP tests
> (testfloat) that our FP tests use as a mid-layer.

I get:

68.6 %  2593 / 3782 62.2 %  1690 / 2718

Which is not bad considering we don't exercise the 80 and 128 bit
softfloat code at all (which is not shared by the re-factored 16/32/64
bit code).

>
> I'll try how everything works with my test examples, and will let you know.
>
> Your help is greatly appreciated,
> Aleksandar
>
> Fond regards,
> Aleksandar
>
>
>> Alex Bennée


--
Alex Bennée

[Qemu-devel] [PATCH] gdbstub: Fix handling of '!' packet with new infra

[Ramiro Polla]

Since the '!' packet is not handled by the new infrastructure,
gdb_handle_packet() would call run_cmd_parser() with a NULL cmd_parser
value, which would lead to an unsupported packet ("$#00") being sent,
which could confuse the gdb client.

This also has a side-effect of speeding up the initial connection with
gdb.

Fixes: 3e2c12615b52 ("gdbstub: Implement deatch (D pkt) with new infra")
Signed-off-by: Ramiro Polla 
---
 gdbstub.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gdbstub.c b/gdbstub.c
index b470aec8ea..d051344488 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -2587,7 +2587,9 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 break;
 }
 
-run_cmd_parser(s, line_buf, cmd_parser);
+if (cmd_parser) {
+run_cmd_parser(s, line_buf, cmd_parser);
+}
 
 return RS_IDLE;
 }
-- 
2.11.0

Re: [Qemu-devel] [PATCH 3/4] virtiofsd: fix lo_destroy() resource leaks

[Dr. David Alan Gilbert]

* Dr. David Alan Gilbert (dgilb...@redhat.com) wrote:
> * Stefan Hajnoczi (stefa...@redhat.com) wrote:
> > Now that lo_destroy() is serialized we can call unref_inode() so that
> > all inode resources are freed.
> > 
> > Signed-off-by: Stefan Hajnoczi 
> 
> Reviewed-by: Dr. David Alan Gilbert 
> 
> > ---
> >  contrib/virtiofsd/passthrough_ll.c | 43 ++
> >  1 file changed, 20 insertions(+), 23 deletions(-)
> > 
> > diff --git a/contrib/virtiofsd/passthrough_ll.c 
> > b/contrib/virtiofsd/passthrough_ll.c
> > index a81c01d0d1..02a5e97326 100644
> > --- a/contrib/virtiofsd/passthrough_ll.c
> > +++ b/contrib/virtiofsd/passthrough_ll.c
> > @@ -1340,28 +1340,6 @@ static void unref_inode(struct lo_data *lo, struct 
> > lo_inode *inode, uint64_t n)
> > }
> >  }
> >  
> > -static int unref_all_inodes_cb(gpointer key, gpointer value,
> > -  gpointer user_data)
> > -{
> > -   struct lo_inode *inode  = value;
> > -   struct lo_data *lo = user_data;
> > -
> > -   inode->nlookup = 0;
> > -   lo_map_remove(>ino_map, inode->fuse_ino);
> > -   close(inode->fd);
> > -   lo_inode_put(lo, ); /* Drop our refcount from lo_do_lookup() */
> > -
> > -   return TRUE;
> > -}
> > -
> > -static void unref_all_inodes(struct lo_data *lo)
> > -{
> > -   pthread_mutex_lock(>mutex);
> > -   g_hash_table_foreach_remove(lo->inodes, unref_all_inodes_cb, lo);
> > -   pthread_mutex_unlock(>mutex);
> > -
> > -}
> > -
> >  static void lo_forget_one(fuse_req_t req, fuse_ino_t ino, uint64_t nlookup)
> >  {
> > struct lo_data *lo = lo_data(req);
> > @@ -2462,6 +2440,18 @@ static void lo_removemapping(fuse_req_t req, struct 
> > fuse_session *se,
> > fuse_reply_err(req, ret);
> >  }
> >  
> > +static int destroy_inode_cb(gpointer key, gpointer value, gpointer 
> > user_data)
> > +{
> > +struct lo_inode *inode = value;
> > +struct lo_data *lo = user_data;
> > +
> > +/* inode->nlookup is normally protected by lo->mutex but see the
> > + * comment in lo_destroy().
> > + */
> > +unref_inode(lo, inode, inode->nlookup);
> > +return TRUE;
> > +}
> > +
> >  static void lo_destroy(void *userdata, struct fuse_session *se)
> >  {
> > struct lo_data *lo = (struct lo_data*) userdata;
> > @@ -2475,7 +2465,14 @@ static void lo_destroy(void *userdata, struct 
> > fuse_session *se)
> >  fuse_err("%s: unmap during destroy failed\n", 
> > __func__);
> >  }
> >  }
> > -   unref_all_inodes(lo);
> > +
> > +/* Normally lo->mutex must be taken when traversing lo->inodes but
> > + * lo_destroy() is a serialized request so no races are possible 
> > here.
> > + *
> > + * In addition, we cannot acquire lo->mutex since 
> > destroy_inode_cb() takes it
> > + * too and this would result in a recursive lock.
> > + */
> > +g_hash_table_foreach_remove(lo->inodes, destroy_inode_cb, lo);

I'm seeing a crash here if I ctrl-c the virtiofsd after it's got an
active mount:

(process:3219): GLib-CRITICAL **: 18:42:08.334: 
g_hash_table_foreach_remove_or_steal: assertion 'version == 
hash_table->version' failed

(I only get the debug if I give seccomp both getpeername and ioctl;
I think glib is trying to get to syslog and wants getpeername
and I'm guessing ioctl to do something funky with the terminal).

Dave

> >  }
> >  
> >  static struct fuse_lowlevel_ops lo_oper = {
> > -- 
> > 2.21.0
> > 
> --
> Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [BUG] gcov support appears to be broken - solved?

[Aleksandar Markovic]

>> #./configure --enable-gcov
>> #make
>> #make check
>> #make coverage-report
>>
>> It seems that first three commands execute as expected. (For example,
>> there are plenty of files generated by "make check" that would've not
>> been generated if "enable-gcov" hadn't been chosen.) However, the
>> last command complains about some missing files related to FP

> So your failure mode is no report is generated at all? It's working for
> me here.

Alex, here is the thing:

Seeing that my gcovr is relatively old (2014) 3.2 version, I upgraded it from 
git repo to the most recent 4.1 (actually, to a dev version, from the very tip 
of the tree), and "make coverage-report" started generating coverage reports. 
It did emit some error messages (totally different than previous), but still it 
did not stop like it used to do with gcovr 3.2.

Perhaps you would want to add some gcov/gcovr minimal version info in our docs. 
(or at least a statement "this was tested with such and such gcc, gcov and 
gcovr", etc.?)

Coverage report looked fine at first glance, but it a kind of disappointed me 
when I digged deeper into its content - for example, it shows very low coverage 
for our FP code (softfloat), while, in fact, we know that "make check" contains 
detailed tests on FP functionalities. But this is most likely a separate 
problem of a very different nature, perhaps the issue of separate git repo for 
FP tests (testfloat) that our FP tests use as a mid-layer.

I'll try how everything works with my test examples, and will let you know.

Your help is greatly appreciated,
Aleksandar

Fond regards,
Aleksandar


> Alex Bennée

Re: [Qemu-devel] [PATCH v2 0/9] add failover feature for assigned network devices

[Jens Freimann]

On Mon, Aug 05, 2019 at 10:22:25AM -0400, Michael S. Tsirkin wrote:

On Mon, Aug 05, 2019 at 03:12:15PM +0200, Jens Freimann wrote:

On Fri, Aug 02, 2019 at 11:22:10AM -0400, Michael S. Tsirkin wrote:
> On Fri, Aug 02, 2019 at 05:05:56PM +0200, Jens Freimann wrote:
> > This is implementing the host side of the net_failover concept
> > (https://www.kernel.org/doc/html/latest/networking/net_failover.html)
> >
> > Changes since v1:

[...]

> Didn't read this yet, one question: how do migration commands look
> like?

You mean the hmp commands I think:

migrate -d tcp:host:port

and to cancel

migrate_cancel


regards,
Jens


Sorry, no. I mean the command line on the incoming side.


It looks the same with -incoming tcp:0: added. Pci address of
vfio-pci device can be changed. 


--
MST

Re: [Qemu-devel] [PULL 0/7] Block patches for 4.1.0-rc4

[Peter Maydell]

On Mon, 5 Aug 2019 at 19:21, Max Reitz  wrote:
> Would dropping the test patches make it better? :-)
>
> I am reasonably (i.e., rc4-levels of) confident that the patches don’t
> break anything that wasn’t broken before.
>
> (I’m least confident about the test patches working for everyone and
> everywhere, as with all new test cases.  But it was my impression that
> it’s always fine to include test case additions.)
>
> Patch 1 is very important.  I’m very confident about it.
> It fixes a silent corruption in the backup job, so I’m not too surprised
> people haven’t noticed.  I would be surprised if really noone was
> affected so far.
>
> Patch 3 is not that important, but it is sufficiently simple, so I think
> we should take it, even into rc4.
>
> Patch 5 is very important for a specific mirror copying mode.  It can be
> argued that nobody really uses this mode because otherwise somebody
> should have noticed the corruption, because if you hit it, you will
> simply lose data (as opposed to the backup case, where you will simply
> get the wrong version of the data in the output image).
> But that is why it’s so important.  I really don’t want anyone to hit it.
> It is probably the most complicated patch here, but at any other point,
> it would still be considered a simple patch.  (Just not quite trivial.)
> I think it is worth taking it.
>
> Patch 7 is actually not important.  But it’s an obvious trivial
> one-liner.  I thought I might as well.

Thanks for the clarifications -- these all sound worth taking.
The thing about rc4 is that we don't really have much chance
to find any problems with patches we put in at this point,
so I like to be pretty cautious.

thanks
-- PMM

Re: [Qemu-devel] [PULL 0/7] Block patches for 4.1.0-rc4

[Max Reitz]

On 05.08.19 20:05, Peter Maydell wrote:
> On Mon, 5 Aug 2019 at 17:37, Max Reitz  wrote:
>>
>> The following changes since commit 9bb68d34dda9be60335e73e65c8fb61bca035362:
>>
>>   Merge remote-tracking branch 
>> 'remotes/philmd-gitlab/tags/edk2-next-20190803' into staging (2019-08-05 
>> 11:05:36 +0100)
>>
>> are available in the Git repository at:
>>
>>   https://github.com/XanClic/qemu.git tags/pull-block-2019-08-05
>>
>> for you to fetch changes up to 07b0851c592efe188a87259adbda26a63c61dc92:
>>
>>   block/backup: disable copy_range for compressed backup (2019-08-05 
>> 18:05:05 +0200)
>>
>> 
>> Block patches for 4.1.0-rc4:
>> - Fix the backup block job when using copy offloading
>> - Fix the mirror block job when using the write-blocking copy mode
>> - Fix incremental backups after the image has been grown with the
>>   respective bitmap attached to it
>>
>> 
>> Max Reitz (5):
>>   backup: Copy only dirty areas
>>   iotests: Test backup job with two guest writes
>>   iotests: Test incremental backup after truncation
>>   mirror: Only mirror granularity-aligned chunks
>>   iotests: Test unaligned blocking mirror write
>>
>> Vladimir Sementsov-Ogievskiy (2):
>>   util/hbitmap: update orig_size on truncate
>>   block/backup: disable copy_range for compressed backup
>>
>>  block/backup.c | 15 ---
>>  block/mirror.c | 29 
>>  util/hbitmap.c |  6 +-
>>  tests/qemu-iotests/056 | 39 ++
>>  tests/qemu-iotests/056.out |  4 ++--
>>  tests/qemu-iotests/124 | 38 +
>>  tests/qemu-iotests/124.out |  4 ++--
>>  tests/qemu-iotests/151 | 25 
>>  tests/qemu-iotests/151.out |  4 ++--
>>  9 files changed, 150 insertions(+), 14 deletions(-)
> 
> This is quite a lot of changes for rc4 -- how confident are
> you about them ? I suppose 3 out of 4 commits are updating
> the test suite...

Would dropping the test patches make it better? :-)

I am reasonably (i.e., rc4-levels of) confident that the patches don’t
break anything that wasn’t broken before.

(I’m least confident about the test patches working for everyone and
everywhere, as with all new test cases.  But it was my impression that
it’s always fine to include test case additions.)

Patch 1 is very important.  I’m very confident about it.
It fixes a silent corruption in the backup job, so I’m not too surprised
people haven’t noticed.  I would be surprised if really noone was
affected so far.

Patch 3 is not that important, but it is sufficiently simple, so I think
we should take it, even into rc4.

Patch 5 is very important for a specific mirror copying mode.  It can be
argued that nobody really uses this mode because otherwise somebody
should have noticed the corruption, because if you hit it, you will
simply lose data (as opposed to the backup case, where you will simply
get the wrong version of the data in the output image).
But that is why it’s so important.  I really don’t want anyone to hit it.
It is probably the most complicated patch here, but at any other point,
it would still be considered a simple patch.  (Just not quite trivial.)
I think it is worth taking it.

Patch 7 is actually not important.  But it’s an obvious trivial
one-liner.  I thought I might as well.

Max



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [Bug 1815423] Re: x86_64 TCG: Incorrect floating point cast to int.

[Peter Maydell]

https://patchew.org/QEMU/20190805180332.10185-1-peter.mayd...@linaro.org/
is a patch which fixes the C test case (and may also fix the node.js
case, though I don't have a setup to test that).


** Changed in: qemu
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1815423

Title:
  x86_64 TCG: Incorrect floating point cast to int.

Status in QEMU:
  In Progress

Bug description:
  I used exaample from:
  
https://stackoverflow.com/questions/3986795/what-is-the-result-of-casting-float-inf-inf-and-nan-to-integer-in-c

  #include 
  #include 

  int main(int argc, char** argv) {
float a = INFINITY;
float b = -INFINITY;
float c = NAN;

printf("float %f %f %f\n", a, b, c); 
printf("int %d %d %d\n", (int) a, (int) b, (int) c); 
printf("uint %u %u %u\n", (unsigned int) a, (unsigned int) b, (unsigned 
int) c); 
printf("lint %ld %ld %ld\n", (long int) a, (long int) b, (long int) b); 
printf("luint %lu %lu %lu\n", (unsigned long int) a, (unsigned long int) b, 
(unsigned long int) c); 

return 0;
  }

  And got different results on real computer and on qemu.

  output from real HW is the same as on stackoverflow:

  $ gcc test.c && ./a.out 
  float inf -inf nan
  int -2147483648 -2147483648 -2147483648
  uint 0 0 0
  lint -9223372036854775808 -9223372036854775808 -9223372036854775808
  luint 0 9223372036854775808 9223372036854775808

  
  But on qemu I got another results:

  float inf -inf nan
  int 2147483647 -2147483648 2147483647
  uint 4294967295 0 4294967295
  lint 9223372036854775807 -9223372036854775808 -9223372036854775808
  luint 18446744073709551615 9223372036854775808 9223372036854775807

  qemu launch string:
  /qemu-system-x86_64 -m 1024 -cpu core2duo -serial stdio -netdev 
user,id=network0 -device e1000,netdev=network0 -kernel my_kernel

  
  qemu version:
  x86_64-softmmu/qemu-system-x86_64 --version
  QEMU emulator version 3.1.50 (v3.1.0-1676-ge47f81b617-dirty)
  Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers

  
  This bug affect some javascript (surprise) calculations:

  var conversion = "01234567890";
  var x;
  var result = conversion[x & 42];
  console.log(result)

  
  In example, var x is "undefined"
  and when do calculation "x & 42" on js we should get 0 (it is documented 
feature), but actually got "42"

  and "result" sould be "0" but actually we got "undefined"

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1815423/+subscriptions

Re: [Qemu-devel] [PATCH] target/i386: Return 'indefinite integer value' for invalid SSE fp->int conversions

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190805180332.10185-1-peter.mayd...@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Subject: [Qemu-devel] [PATCH] target/i386: Return 'indefinite integer value' 
for invalid SSE fp->int conversions
Message-id: 20190805180332.10185-1-peter.mayd...@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]  
patchew/1564792052-6469-1-git-send-email-bmeng...@gmail.com -> 
patchew/1564792052-6469-1-git-send-email-bmeng...@gmail.com
 - [tag update]  
patchew/1564812484-20385-1-git-send-email-bmeng...@gmail.com -> 
patchew/1564812484-20385-1-git-send-email-bmeng...@gmail.com
 * [new tag] patchew/20190805180332.10185-1-peter.mayd...@linaro.org -> 
patchew/20190805180332.10185-1-peter.mayd...@linaro.org
Submodule 'capstone' (https://git.qemu.org/git/capstone.git) registered for 
path 'capstone'
Submodule 'dtc' (https://git.qemu.org/git/dtc.git) registered for path 'dtc'
Submodule 'roms/QemuMacDrivers' (https://git.qemu.org/git/QemuMacDrivers.git) 
registered for path 'roms/QemuMacDrivers'
Submodule 'roms/SLOF' (https://git.qemu.org/git/SLOF.git) registered for path 
'roms/SLOF'
Submodule 'roms/edk2' (https://git.qemu.org/git/edk2.git) registered for path 
'roms/edk2'
Submodule 'roms/ipxe' (https://git.qemu.org/git/ipxe.git) registered for path 
'roms/ipxe'
Submodule 'roms/openbios' (https://git.qemu.org/git/openbios.git) registered 
for path 'roms/openbios'
Submodule 'roms/openhackware' (https://git.qemu.org/git/openhackware.git) 
registered for path 'roms/openhackware'
Submodule 'roms/opensbi' (https://git.qemu.org/git/opensbi.git) registered for 
path 'roms/opensbi'
Submodule 'roms/qemu-palcode' (https://git.qemu.org/git/qemu-palcode.git) 
registered for path 'roms/qemu-palcode'
Submodule 'roms/seabios' (https://git.qemu.org/git/seabios.git/) registered for 
path 'roms/seabios'
Submodule 'roms/seabios-hppa' (https://git.qemu.org/git/seabios-hppa.git) 
registered for path 'roms/seabios-hppa'
Submodule 'roms/sgabios' (https://git.qemu.org/git/sgabios.git) registered for 
path 'roms/sgabios'
Submodule 'roms/skiboot' (https://git.qemu.org/git/skiboot.git) registered for 
path 'roms/skiboot'
Submodule 'roms/u-boot' (https://git.qemu.org/git/u-boot.git) registered for 
path 'roms/u-boot'
Submodule 'roms/u-boot-sam460ex' (https://git.qemu.org/git/u-boot-sam460ex.git) 
registered for path 'roms/u-boot-sam460ex'
Submodule 'slirp' (https://git.qemu.org/git/libslirp.git) registered for path 
'slirp'
Submodule 'tests/fp/berkeley-softfloat-3' 
(https://git.qemu.org/git/berkeley-softfloat-3.git) registered for path 
'tests/fp/berkeley-softfloat-3'
Submodule 'tests/fp/berkeley-testfloat-3' 
(https://git.qemu.org/git/berkeley-testfloat-3.git) registered for path 
'tests/fp/berkeley-testfloat-3'
Submodule 'ui/keycodemapdb' (https://git.qemu.org/git/keycodemapdb.git) 
registered for path 'ui/keycodemapdb'
Cloning into 'capstone'...
Submodule path 'capstone': checked out 
'22ead3e0bfdb87516656453336160e0a37b066bf'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Cloning into 'roms/QemuMacDrivers'...
Submodule path 'roms/QemuMacDrivers': checked out 
'90c488d5f4a407342247b9ea869df1c2d9c8e266'
Cloning into 'roms/SLOF'...
Submodule path 'roms/SLOF': checked out 
'ba1ab360eebe6338bb8d7d83a9220ccf7e213af3'
Cloning into 'roms/edk2'...
Submodule path 'roms/edk2': checked out 
'20d2e5a125e34fc8501026613a71549b2a1a3e54'
Submodule 'SoftFloat' (https://github.com/ucb-bar/berkeley-softfloat-3.git) 
registered for path 'ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3'
Submodule 'CryptoPkg/Library/OpensslLib/openssl' 
(https://github.com/openssl/openssl) registered for path 
'CryptoPkg/Library/OpensslLib/openssl'
Cloning into 'ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3'...
Submodule path 'roms/edk2/ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3': 
checked out 'b64af41c3276f97f0e181920400ee056b9c88037'
Cloning into 'CryptoPkg/Library/OpensslLib/openssl'...
Submodule path 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl': checked out 
'50eaac9f3337667259de725451f201e784599687'
Submodule 'boringssl' (https://boringssl.googlesource.com/boringssl) registered 
for path 'boringssl'
Submodule 'krb5' (https://github.com/krb5/krb5) registered for path 'krb5'
Submodule 'pyca.cryptography' (https://github.com/pyca/cryptography.git) 
registered for path 'pyca-cryptography'
Cloning into 'boringssl'...
Submodule path 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl': 
checked out '2070f8ad9151dc8f3a73bffaa146b5e6937a583f'

Re: [Qemu-devel] [PATCH] qtest: Rename qtest.c:qtest_init()

[John Snow]

On 8/4/19 11:13 PM, Oleinik, Alexander wrote:
> Both the qtest client, libqtest.c, and server, qtest.c, used the same
> name for initialization functions which can cause confusion.
> 
> Signed-off-by: Alexander Oleinik 
> ---
> Thank you, Thomas Huth for the suggestion.

Sometimes we use:

Suggested-by: Thomas Huth 

to give people credit in a way that our tooling has the ability to
track. We don't really rigorously check or enforce such things, though.

> 
>  include/sysemu/qtest.h | 2 +-
>  qtest.c| 3 +--
>  vl.c   | 2 +-
>  3 files changed, 3 insertions(+), 4 deletions(-)
> 
> diff --git a/include/sysemu/qtest.h b/include/sysemu/qtest.h
> index cd114b8d80..5ed09c80b1 100644
> --- a/include/sysemu/qtest.h
> +++ b/include/sysemu/qtest.h
> @@ -24,6 +24,6 @@ static inline bool qtest_enabled(void)
>  
>  bool qtest_driver(void);
>  
> -void qtest_init(const char *qtest_chrdev, const char *qtest_log, Error 
> **errp);
> +void qtest_server_init(const char *qtest_chrdev, const char *qtest_log, 
> Error **errp);
>  
>  #endif
> diff --git a/qtest.c b/qtest.c
> index 15e27e911f..c9681dbdf3 100644
> --- a/qtest.c
> +++ b/qtest.c
> @@ -748,8 +748,7 @@ static void qtest_event(void *opaque, int event)
>  break;
>  }
>  }
> -
> -void qtest_init(const char *qtest_chrdev, const char *qtest_log, Error 
> **errp)
> +void qtest_server_init(const char *qtest_chrdev, const char *qtest_log, 
> Error **errp)
>  {
>  Chardev *chr;
>  
> diff --git a/vl.c b/vl.c
> index b426b32134..130a389712 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -4197,7 +4197,7 @@ int main(int argc, char **argv, char **envp)
>  migration_object_init();
>  
>  if (qtest_chrdev) {
> -qtest_init(qtest_chrdev, qtest_log, _fatal);
> +qtest_server_init(qtest_chrdev, qtest_log, _fatal);
>  }
>  
>  machine_opts = qemu_get_machine_opts();
> 

Makes good sense to me, that IS confusing.

Reviewed-by: John Snow 

Re: [Qemu-devel] [PULL 0/7] Block patches for 4.1.0-rc4

[Peter Maydell]

On Mon, 5 Aug 2019 at 19:05, Peter Maydell  wrote:

> This is quite a lot of changes for rc4 -- how confident are
> you about them ? I suppose 3 out of 4 commits are updating
> the test suite...

3 out of 7, I meant :-)

thanks
-- PMM

Re: [Qemu-devel] [PULL 0/7] Block patches for 4.1.0-rc4

[Peter Maydell]

On Mon, 5 Aug 2019 at 17:37, Max Reitz  wrote:
>
> The following changes since commit 9bb68d34dda9be60335e73e65c8fb61bca035362:
>
>   Merge remote-tracking branch 
> 'remotes/philmd-gitlab/tags/edk2-next-20190803' into staging (2019-08-05 
> 11:05:36 +0100)
>
> are available in the Git repository at:
>
>   https://github.com/XanClic/qemu.git tags/pull-block-2019-08-05
>
> for you to fetch changes up to 07b0851c592efe188a87259adbda26a63c61dc92:
>
>   block/backup: disable copy_range for compressed backup (2019-08-05 18:05:05 
> +0200)
>
> 
> Block patches for 4.1.0-rc4:
> - Fix the backup block job when using copy offloading
> - Fix the mirror block job when using the write-blocking copy mode
> - Fix incremental backups after the image has been grown with the
>   respective bitmap attached to it
>
> 
> Max Reitz (5):
>   backup: Copy only dirty areas
>   iotests: Test backup job with two guest writes
>   iotests: Test incremental backup after truncation
>   mirror: Only mirror granularity-aligned chunks
>   iotests: Test unaligned blocking mirror write
>
> Vladimir Sementsov-Ogievskiy (2):
>   util/hbitmap: update orig_size on truncate
>   block/backup: disable copy_range for compressed backup
>
>  block/backup.c | 15 ---
>  block/mirror.c | 29 
>  util/hbitmap.c |  6 +-
>  tests/qemu-iotests/056 | 39 ++
>  tests/qemu-iotests/056.out |  4 ++--
>  tests/qemu-iotests/124 | 38 +
>  tests/qemu-iotests/124.out |  4 ++--
>  tests/qemu-iotests/151 | 25 
>  tests/qemu-iotests/151.out |  4 ++--
>  9 files changed, 150 insertions(+), 14 deletions(-)

This is quite a lot of changes for rc4 -- how confident are
you about them ? I suppose 3 out of 4 commits are updating
the test suite...

thanks
-- PMM

[Qemu-devel] [PATCH] target/i386: Return 'indefinite integer value' for invalid SSE fp->int conversions

[Peter Maydell]

The x86 architecture requires that all conversions from floating
point to integer which raise the 'invalid' exception (infinities of
both signs, NaN, and all values which don't fit in the destination
integer) return what the x86 spec calls the "indefinite integer
value", which is 0x8000_ for 32-bits or 0x8000___ for
64-bits.  The softfloat functions return the more usual behaviour of
positive overflows returning the maximum value that fits in the
destination integer format and negative overflows returning the
minimum value that fits.

Wrap the softfloat functions in x86-specific versions which
detect the 'invalid' condition and return the indefinite integer.

Note that we don't use these wrappers for the 3DNow! pf2id and pf2iw
instructions, which do return the minimum value that fits in
an int32 if the input float is a large negative number.

Fixes: https://bugs.launchpad.net/qemu/+bug/1815423
Signed-off-by: Peter Maydell 
---
I've tested that this fixes the LP:1815423 test case. If anybody
has an x86 VM image to hand that has node.js installed it would
also be useful to test the operations in
https://bugs.launchpad.net/qemu/+bug/1832281
(I don't have such a VM.)

The other approach here would be to make the softfloat functions be
flexible enough to allow this behaviour -- from my reading of IEEE754
I think the exact returned result for 'invalid' inputs for float to
int conversions is not specified.

 target/i386/ops_sse.h | 88 +--
 1 file changed, 60 insertions(+), 28 deletions(-)

diff --git a/target/i386/ops_sse.h b/target/i386/ops_sse.h
index ed05989768f..ec1ec745d09 100644
--- a/target/i386/ops_sse.h
+++ b/target/i386/ops_sse.h
@@ -710,102 +710,134 @@ void helper_cvtsq2sd(CPUX86State *env, ZMMReg *d, 
uint64_t val)
 #endif
 
 /* float to integer */
+
+/*
+ * x86 mandates that we return the indefinite integer value for the result
+ * of any float-to-integer conversion that raises the 'invalid' exception.
+ * Wrap the softfloat functions to get this behaviour.
+ */
+#define WRAP_FLOATCONV(RETTYPE, FN, FLOATTYPE, INDEFVALUE)  \
+static inline RETTYPE x86_##FN(FLOATTYPE a, float_status *s)\
+{   \
+int oldflags, newflags; \
+RETTYPE r;  \
+\
+oldflags = get_float_exception_flags(s);\
+set_float_exception_flags(0, s);\
+r = FN(a, s);   \
+newflags = get_float_exception_flags(s);\
+if (newflags & float_flag_invalid) {\
+r = INDEFVALUE; \
+}   \
+set_float_exception_flags(newflags | oldflags, s);  \
+return r;   \
+}
+
+WRAP_FLOATCONV(int32_t, float32_to_int32, float32, INT32_MIN)
+WRAP_FLOATCONV(int32_t, float32_to_int32_round_to_zero, float32, INT32_MIN)
+WRAP_FLOATCONV(int32_t, float64_to_int32, float64, INT32_MIN)
+WRAP_FLOATCONV(int32_t, float64_to_int32_round_to_zero, float64, INT32_MIN)
+WRAP_FLOATCONV(int64_t, float32_to_int64, float32, INT64_MIN)
+WRAP_FLOATCONV(int64_t, float32_to_int64_round_to_zero, float32, INT64_MIN)
+WRAP_FLOATCONV(int64_t, float64_to_int64, float64, INT64_MIN)
+WRAP_FLOATCONV(int64_t, float64_to_int64_round_to_zero, float64, INT64_MIN)
+
 void helper_cvtps2dq(CPUX86State *env, ZMMReg *d, ZMMReg *s)
 {
-d->ZMM_L(0) = float32_to_int32(s->ZMM_S(0), >sse_status);
-d->ZMM_L(1) = float32_to_int32(s->ZMM_S(1), >sse_status);
-d->ZMM_L(2) = float32_to_int32(s->ZMM_S(2), >sse_status);
-d->ZMM_L(3) = float32_to_int32(s->ZMM_S(3), >sse_status);
+d->ZMM_L(0) = x86_float32_to_int32(s->ZMM_S(0), >sse_status);
+d->ZMM_L(1) = x86_float32_to_int32(s->ZMM_S(1), >sse_status);
+d->ZMM_L(2) = x86_float32_to_int32(s->ZMM_S(2), >sse_status);
+d->ZMM_L(3) = x86_float32_to_int32(s->ZMM_S(3), >sse_status);
 }
 
 void helper_cvtpd2dq(CPUX86State *env, ZMMReg *d, ZMMReg *s)
 {
-d->ZMM_L(0) = float64_to_int32(s->ZMM_D(0), >sse_status);
-d->ZMM_L(1) = float64_to_int32(s->ZMM_D(1), >sse_status);
+d->ZMM_L(0) = x86_float64_to_int32(s->ZMM_D(0), >sse_status);
+d->ZMM_L(1) = x86_float64_to_int32(s->ZMM_D(1), >sse_status);
 d->ZMM_Q(1) = 0;
 }
 
 void helper_cvtps2pi(CPUX86State *env, MMXReg *d, ZMMReg *s)
 {
-d->MMX_L(0) = float32_to_int32(s->ZMM_S(0), >sse_status);
-d->MMX_L(1) = float32_to_int32(s->ZMM_S(1), >sse_status);
+d->MMX_L(0) = x86_float32_to_int32(s->ZMM_S(0), >sse_status);
+d->MMX_L(1) = 

Re: [Qemu-devel] [PATCH] riscv: sifive_e: Correct various SoC IP block sizes

[Alistair Francis]

On Fri, Aug 2, 2019 at 5:27 PM Bin Meng  wrote:
>
> Some of the SoC IP block sizes are wrong. Correct them according
> to the FE310 manual.
>
> Signed-off-by: Bin Meng 

Reviewed-by: Alistair Francis 

Alistair

> ---
>
>  hw/riscv/sifive_e.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
> index 2a499d8..9655847 100644
> --- a/hw/riscv/sifive_e.c
> +++ b/hw/riscv/sifive_e.c
> @@ -53,13 +53,13 @@ static const struct MemmapEntry {
>  hwaddr base;
>  hwaddr size;
>  } sifive_e_memmap[] = {
> -[SIFIVE_E_DEBUG] ={0x0,  0x100 },
> +[SIFIVE_E_DEBUG] ={0x0, 0x1000 },
>  [SIFIVE_E_MROM] = { 0x1000, 0x2000 },
>  [SIFIVE_E_OTP] =  {0x2, 0x2000 },
>  [SIFIVE_E_CLINT] ={  0x200,0x1 },
>  [SIFIVE_E_PLIC] = {  0xc00,  0x400 },
> -[SIFIVE_E_AON] =  { 0x1000, 0x8000 },
> -[SIFIVE_E_PRCI] = { 0x10008000, 0x8000 },
> +[SIFIVE_E_AON] =  { 0x1000, 0x1000 },
> +[SIFIVE_E_PRCI] = { 0x10008000, 0x1000 },
>  [SIFIVE_E_OTP_CTRL] = { 0x1001, 0x1000 },
>  [SIFIVE_E_GPIO0] ={ 0x10012000, 0x1000 },
>  [SIFIVE_E_UART0] ={ 0x10013000, 0x1000 },
> --
> 2.7.4
>
>

Re: [Qemu-devel] [PATCH-4.2 v1 6/6] target/riscv: Fix Floating Point register names

[Alistair Francis]

On Wed, Jul 31, 2019 at 1:10 AM Chih-Min Chao  wrote:
>
>
>
> On Wed, Jul 31, 2019 at 2:41 AM Alistair Francis  wrote:
>>
>> On Mon, Jul 29, 2019 at 8:19 AM Chih-Min Chao  
>> wrote:
>> >
>> >
>> > On Fri, Jul 26, 2019 at 2:56 AM Alistair Francis 
>> >  wrote:
>> >>
>> >> From: Atish Patra 
>> >>
>> >> As per the RISC-V spec, Floating Point registers are named as f0..f31
>> >> so lets fix the register names accordingly.
>> >>
>> >> Signed-off-by: Atish Patra 
>> >> Signed-off-by: Alistair Francis 
>> >> ---
>> >>  target/riscv/cpu.c | 8 
>> >>  1 file changed, 4 insertions(+), 4 deletions(-)
>> >>
>> >> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
>> >> index f8d07bd20a..af1e9b7690 100644
>> >> --- a/target/riscv/cpu.c
>> >> +++ b/target/riscv/cpu.c
>> >> @@ -40,10 +40,10 @@ const char * const riscv_int_regnames[] = {
>> >>  };
>> >>
>> >>  const char * const riscv_fpr_regnames[] = {
>> >> -  "ft0", "ft1", "ft2",  "ft3",  "ft4", "ft5", "ft6",  "ft7",
>> >> -  "fs0", "fs1", "fa0",  "fa1",  "fa2", "fa3", "fa4",  "fa5",
>> >> -  "fa6", "fa7", "fs2",  "fs3",  "fs4", "fs5", "fs6",  "fs7",
>> >> -  "fs8", "fs9", "fs10", "fs11", "ft8", "ft9", "ft10", "ft11"
>> >> +  "f0", "f1", "f2",  "f3",  "f4", "f5", "f6", "f7",
>> >> +  "f8", "f9", "f10",  "f11",  "f12", "f13", "f14", "f15",
>> >> +  "f16", "f17", "f18",  "f19",  "f20", "f21", "f22", "f23",
>> >> +  "f24", "f25", "f26", "f27", "f28", "f29", "f30", "f31"
>> >>  };
>> >
>> >
>> > Could you indicate the section of the spec ?
>>
>> Chapter 11: "“F” Standard Extension for Single-Precision
>> Floating-Point, Version 2.2", section 11.1, Figure 11.1 shows f0 -
>> f32.
>>
>> > By chapter 20 of user spec, the patch changes the floating register name 
>> > to architecture name but leave the integer register use the ABI name.
>>
>> You mean the Packed-SIMD extension?
>>
>> Alistair
>
>
> I means  "Chapter 20RISC-V Assembly Programmer’s Handbook".
> There is an table, "Table 20.1: Assembler mnemonics for RISC-V integer and 
> floating-point registers.",  describes
> the architecture name and ABI name for integer and floating-point register.

Ah ok. In general I think it makes sense to base the names on the spec
and not other sources.

Alistair

>
> By the way,  I reference the riscv-spec-2.2
>
> chihmin
>
>
>>
>> >
>> > chihmin
>> >>
>> >>  const char * const riscv_excp_names[] = {
>> >> --
>> >> 2.22.0
>> >>
>> >>

Re: [Qemu-devel] [PATCH v2 4/8] hw/core: Add a config switch for the "register" device

[Alistair Francis]

On Wed, Jul 31, 2019 at 5:33 AM Paolo Bonzini  wrote:
>
> On 31/07/19 13:44, Philippe Mathieu-Daudé wrote:
> > What about naming it REGISTER_ARRAY or REGISTER_BLOCK?
> >
> > The API is:
> >
> > RegisterInfoArray *register_init_block32(...);
> >
> > Cc'ing Alistair for better name ideas :)
> >
>
> I think REGISTER is okay. :)

I think REGISTER is fine as well. If you really wanted something
longer I would go with REGISTER_API.

Alistair

>
> Paolo
>

Re: [Qemu-devel] [FOR 4.1 PATCH] riscv: roms: Fix make rules for building sifive_u bios

[Alistair Francis]

On Fri, Aug 2, 2019 at 11:08 PM Bin Meng  wrote:
>
> Currently the make rules are wrongly using qemu/virt opensbi image
> for sifive_u machine. Correct it.
>
> Signed-off-by: Bin Meng 

Good catch.

@Palmer Dabbelt can you take this for 4.1?

Reviewed-by: Alistair Francis 

Alistair

>
> ---
>
>  roms/Makefile | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/roms/Makefile b/roms/Makefile
> index dc70fb5..775c963 100644
> --- a/roms/Makefile
> +++ b/roms/Makefile
> @@ -183,7 +183,7 @@ opensbi64-sifive_u:
> $(MAKE) -C opensbi \
> CROSS_COMPILE=$(riscv64_cross_prefix) \
> PLATFORM="qemu/sifive_u"
> -   cp opensbi/build/platform/qemu/virt/firmware/fw_jump.bin 
> ../pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin
> +   cp opensbi/build/platform/qemu/sifive_u/firmware/fw_jump.bin 
> ../pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin
>
>  clean:
> rm -rf seabios/.config seabios/out seabios/builds
> --
> 2.7.4
>
>

[Qemu-devel] [PATCH v3] make check-unit: use after free in test-opts-visitor

[Andrey Shinkevich]

In the struct OptsVisitor, the 'repeated_opts' member points to a list
in the 'unprocessed_opts' hash table after the list has been destroyed.
A subsequent call to visit_type_int() references the deleted list.
It results in use-after-free issue reproduced by running the test case
under the Valgrind: valgrind tests/test-opts-visitor.
A new mode ListMode::LM_TRAVERSED is declared to mark the list
traversal completed.

Suggested-by: Markus Armbruster 
Signed-off-by: Andrey Shinkevich 
---

v3:
 01: The comment of the patch header was amended.
 02: The change in spacing of 'ListMode' comment blocks was rolled back.
 03: The 'repeated_opts' in opts_end_list() is now reset unconditionally
 as it was.
 04: The 'name' in the error_setg() was removed as the pointer to the list 
 name can be null (suggested by Markus).

 qapi/opts-visitor.c | 26 ++
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/qapi/opts-visitor.c b/qapi/opts-visitor.c
index 324b197..5fe0276 100644
--- a/qapi/opts-visitor.c
+++ b/qapi/opts-visitor.c
@@ -24,7 +24,8 @@ enum ListMode
 {
 LM_NONE, /* not traversing a list of repeated options */
 
-LM_IN_PROGRESS,  /* opts_next_list() ready to be called.
+LM_IN_PROGRESS,  /*
+  * opts_next_list() ready to be called.
   *
   * Generating the next list link will consume the most
   * recently parsed QemuOpt instance of the repeated
@@ -36,7 +37,8 @@ enum ListMode
   * LM_UNSIGNED_INTERVAL.
   */
 
-LM_SIGNED_INTERVAL,  /* opts_next_list() has been called.
+LM_SIGNED_INTERVAL,  /*
+  * opts_next_list() has been called.
   *
   * Generating the next list link will consume the most
   * recently stored element from the signed interval,
@@ -48,7 +50,14 @@ enum ListMode
   * next element of the signed interval.
   */
 
-LM_UNSIGNED_INTERVAL /* Same as above, only for an unsigned interval. */
+LM_UNSIGNED_INTERVAL, /* Same as above, only for an unsigned interval. */
+
+LM_TRAVERSED  /*
+   * opts_next_list() has been called.
+   *
+   * No more QemuOpt instance in the list.
+   * The traversal has been completed.
+   */
 };
 
 typedef enum ListMode ListMode;
@@ -238,6 +247,8 @@ opts_next_list(Visitor *v, GenericList *tail, size_t size)
 OptsVisitor *ov = to_ov(v);
 
 switch (ov->list_mode) {
+case LM_TRAVERSED:
+return NULL;
 case LM_SIGNED_INTERVAL:
 case LM_UNSIGNED_INTERVAL:
 if (ov->list_mode == LM_SIGNED_INTERVAL) {
@@ -258,6 +269,8 @@ opts_next_list(Visitor *v, GenericList *tail, size_t size)
 opt = g_queue_pop_head(ov->repeated_opts);
 if (g_queue_is_empty(ov->repeated_opts)) {
 g_hash_table_remove(ov->unprocessed_opts, opt->name);
+ov->repeated_opts = NULL;
+ov->list_mode = LM_TRAVERSED;
 return NULL;
 }
 break;
@@ -289,7 +302,8 @@ opts_end_list(Visitor *v, void **obj)
 
 assert(ov->list_mode == LM_IN_PROGRESS ||
ov->list_mode == LM_SIGNED_INTERVAL ||
-   ov->list_mode == LM_UNSIGNED_INTERVAL);
+   ov->list_mode == LM_UNSIGNED_INTERVAL ||
+   ov->list_mode == LM_TRAVERSED);
 ov->repeated_opts = NULL;
 ov->list_mode = LM_NONE;
 }
@@ -306,6 +320,10 @@ lookup_scalar(const OptsVisitor *ov, const char *name, 
Error **errp)
 list = lookup_distinct(ov, name, errp);
 return list ? g_queue_peek_tail(list) : NULL;
 }
+if (ov->list_mode == LM_TRAVERSED) {
+error_setg(errp, "Fewer list elements than expected");
+return NULL;
+}
 assert(ov->list_mode == LM_IN_PROGRESS);
 return g_queue_peek_head(ov->repeated_opts);
 }
-- 
1.8.3.1

Re: [Qemu-devel] [Qemu-riscv] [PATCH 26/28] riscv: hw: Update PLIC device tree

[Jonathan Behrens]

I was a little surprised to see the "riscv,max-priority" element removed,
but there is no mention of it in the kernel documentation

so I guess that max-priority=7 is now assumed.

Reviewed-by: Jonathan Behrens 

On Mon, Aug 5, 2019 at 12:10 PM Bin Meng  wrote:

> This removes "reg-names" and "riscv,max-priority" properties of the
> PLIC node from device tree, and updates its compatible string, to
> keep in sync with the Linux kernel device tree.
>
> Signed-off-by: Bin Meng 
> ---
>
>  hw/riscv/sifive_u.c | 4 +---
>  hw/riscv/virt.c | 4 +---
>  2 files changed, 2 insertions(+), 6 deletions(-)
>
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index d77b3c3..5ded3a0 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -229,15 +229,13 @@ static void create_fdt(SiFiveUState *s, const struct
> MemmapEntry *memmap,
>  (long)memmap[SIFIVE_U_PLIC].base);
>  qemu_fdt_add_subnode(fdt, nodename);
>  qemu_fdt_setprop_cell(fdt, nodename, "#interrupt-cells", 1);
> -qemu_fdt_setprop_string(fdt, nodename, "compatible", "riscv,plic0");
> +qemu_fdt_setprop_string(fdt, nodename, "compatible",
> "sifive,plic-1.0.0");
>  qemu_fdt_setprop(fdt, nodename, "interrupt-controller", NULL, 0);
>  qemu_fdt_setprop(fdt, nodename, "interrupts-extended",
>  cells, s->soc.cpus.num_harts * sizeof(uint32_t) * 4);
>  qemu_fdt_setprop_cells(fdt, nodename, "reg",
>  0x0, memmap[SIFIVE_U_PLIC].base,
>  0x0, memmap[SIFIVE_U_PLIC].size);
> -qemu_fdt_setprop_string(fdt, nodename, "reg-names", "control");
> -qemu_fdt_setprop_cell(fdt, nodename, "riscv,max-priority", 7);
>  qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", 0x35);
>  qemu_fdt_setprop_cell(fdt, nodename, "phandle", plic_phandle);
>  plic_phandle = qemu_fdt_get_phandle(fdt, nodename);
> diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
> index 127f005..f662100 100644
> --- a/hw/riscv/virt.c
> +++ b/hw/riscv/virt.c
> @@ -237,15 +237,13 @@ static void *create_fdt(RISCVVirtState *s, const
> struct MemmapEntry *memmap,
>FDT_PLIC_ADDR_CELLS);
>  qemu_fdt_setprop_cell(fdt, nodename, "#interrupt-cells",
>FDT_PLIC_INT_CELLS);
> -qemu_fdt_setprop_string(fdt, nodename, "compatible", "riscv,plic0");
> +qemu_fdt_setprop_string(fdt, nodename, "compatible",
> "sifive,plic-1.0.0");
>  qemu_fdt_setprop(fdt, nodename, "interrupt-controller", NULL, 0);
>  qemu_fdt_setprop(fdt, nodename, "interrupts-extended",
>  cells, s->soc.num_harts * sizeof(uint32_t) * 4);
>  qemu_fdt_setprop_cells(fdt, nodename, "reg",
>  0x0, memmap[VIRT_PLIC].base,
>  0x0, memmap[VIRT_PLIC].size);
> -qemu_fdt_setprop_string(fdt, nodename, "reg-names", "control");
> -qemu_fdt_setprop_cell(fdt, nodename, "riscv,max-priority", 7);
>  qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", VIRTIO_NDEV);
>  qemu_fdt_setprop_cell(fdt, nodename, "phandle", plic_phandle);
>  plic_phandle = qemu_fdt_get_phandle(fdt, nodename);
> --
> 2.7.4
>
>
>

Re: [Qemu-devel] [PULL 0/7] Block patches for 4.1.0-rc4

[Max Reitz]

On 05.08.19 18:59, Vladimir Sementsov-Ogievskiy wrote:
> 05.08.2019 19:37, Max Reitz wrote:
>> The following changes since commit 9bb68d34dda9be60335e73e65c8fb61bca035362:
>>
>>Merge remote-tracking branch 
>> 'remotes/philmd-gitlab/tags/edk2-next-20190803' into staging (2019-08-05 
>> 11:05:36 +0100)
>>
>> are available in the Git repository at:
>>
>>https://github.com/XanClic/qemu.git tags/pull-block-2019-08-05
>>
>> for you to fetch changes up to 07b0851c592efe188a87259adbda26a63c61dc92:
>>
>>block/backup: disable copy_range for compressed backup (2019-08-05 
>> 18:05:05 +0200)
>>
>> 
>> Block patches for 4.1.0-rc4:
>> - Fix the backup block job when using copy offloading
>> - Fix the mirror block job when using the write-blocking copy mode
>> - Fix incremental backups after the image has been grown with the
>>respective bitmap attached to it
>>
>> 
>> Max Reitz (5):
>>backup: Copy only dirty areas
>>iotests: Test backup job with two guest writes
>>iotests: Test incremental backup after truncation
>>mirror: Only mirror granularity-aligned chunks
>>iotests: Test unaligned blocking mirror write
>>
>> Vladimir Sementsov-Ogievskiy (2):
>>util/hbitmap: update orig_size on truncate
>>block/backup: disable copy_range for compressed backup
>>
> 
> As I understand, this all should go to stable too? CC it.
Ah, yes.  Thanks.

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PULL 0/7] Block patches for 4.1.0-rc4

[Vladimir Sementsov-Ogievskiy]

05.08.2019 19:37, Max Reitz wrote:
> The following changes since commit 9bb68d34dda9be60335e73e65c8fb61bca035362:
> 
>Merge remote-tracking branch 
> 'remotes/philmd-gitlab/tags/edk2-next-20190803' into staging (2019-08-05 
> 11:05:36 +0100)
> 
> are available in the Git repository at:
> 
>https://github.com/XanClic/qemu.git tags/pull-block-2019-08-05
> 
> for you to fetch changes up to 07b0851c592efe188a87259adbda26a63c61dc92:
> 
>block/backup: disable copy_range for compressed backup (2019-08-05 
> 18:05:05 +0200)
> 
> 
> Block patches for 4.1.0-rc4:
> - Fix the backup block job when using copy offloading
> - Fix the mirror block job when using the write-blocking copy mode
> - Fix incremental backups after the image has been grown with the
>respective bitmap attached to it
> 
> 
> Max Reitz (5):
>backup: Copy only dirty areas
>iotests: Test backup job with two guest writes
>iotests: Test incremental backup after truncation
>mirror: Only mirror granularity-aligned chunks
>iotests: Test unaligned blocking mirror write
> 
> Vladimir Sementsov-Ogievskiy (2):
>util/hbitmap: update orig_size on truncate
>block/backup: disable copy_range for compressed backup
> 

As I understand, this all should go to stable too? CC it.

-- 
Best regards,
Vladimir

[Qemu-devel] [PATCH] tests/test-hbitmap: test next_zero and _next_dirty_area after truncate

[Vladimir Sementsov-Ogievskiy]

Test that hbitmap_next_zero and hbitmap_next_dirty_area can find things
after old bitmap end.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---

It's a follow-up for 

[PATCH for-4.1] util/hbitmap: update orig_size on truncate

 tests/test-hbitmap.c | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/tests/test-hbitmap.c b/tests/test-hbitmap.c
index 592d8219db..eed5d288cb 100644
--- a/tests/test-hbitmap.c
+++ b/tests/test-hbitmap.c
@@ -1004,6 +1004,15 @@ static void test_hbitmap_next_zero_4(TestHBitmapData 
*data, const void *unused)
 test_hbitmap_next_zero_do(data, 4);
 }
 
+static void test_hbitmap_next_zero_after_truncate(TestHBitmapData *data,
+  const void *unused)
+{
+hbitmap_test_init(data, L1, 0);
+hbitmap_test_truncate_impl(data, L1 * 2);
+hbitmap_set(data->hb, 0, L1);
+test_hbitmap_next_zero_check(data, 0);
+}
+
 static void test_hbitmap_next_dirty_area_check(TestHBitmapData *data,
uint64_t offset,
uint64_t count)
@@ -1104,6 +1113,15 @@ static void 
test_hbitmap_next_dirty_area_4(TestHBitmapData *data,
 test_hbitmap_next_dirty_area_do(data, 4);
 }
 
+static void test_hbitmap_next_dirty_area_after_truncate(TestHBitmapData *data,
+const void *unused)
+{
+hbitmap_test_init(data, L1, 0);
+hbitmap_test_truncate_impl(data, L1 * 2);
+hbitmap_set(data->hb, L1 + 1, 1);
+test_hbitmap_next_dirty_area_check(data, 0, UINT64_MAX);
+}
+
 int main(int argc, char **argv)
 {
 g_test_init(, , NULL);
@@ -1169,6 +1187,8 @@ int main(int argc, char **argv)
  test_hbitmap_next_zero_0);
 hbitmap_test_add("/hbitmap/next_zero/next_zero_4",
  test_hbitmap_next_zero_4);
+hbitmap_test_add("/hbitmap/next_zero/next_zero_after_truncate",
+ test_hbitmap_next_zero_after_truncate);
 
 hbitmap_test_add("/hbitmap/next_dirty_area/next_dirty_area_0",
  test_hbitmap_next_dirty_area_0);
@@ -1176,6 +1196,8 @@ int main(int argc, char **argv)
  test_hbitmap_next_dirty_area_1);
 hbitmap_test_add("/hbitmap/next_dirty_area/next_dirty_area_4",
  test_hbitmap_next_dirty_area_4);
+hbitmap_test_add("/hbitmap/next_dirty_area/next_dirty_area_after_truncate",
+ test_hbitmap_next_dirty_area_after_truncate);
 
 g_test_run();
 
-- 
2.18.0

Re: [Qemu-devel] [Qemu-riscv] [PATCH 09/28] riscv: sifive_u: Update UART base addresses

[Jonathan Behrens]

Reviewed-by: Jonathan Behrens  

On Mon, Aug 5, 2019 at 12:07 PM Bin Meng  wrote:

> This updates the UART base address to match the hardware.
>
> Signed-off-by: Bin Meng 
> ---
>
>  hw/riscv/sifive_u.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index b235f29..9f05e09 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -60,8 +60,8 @@ static const struct MemmapEntry {
>  [SIFIVE_U_MROM] = { 0x1000,0x11000 },
>  [SIFIVE_U_CLINT] ={  0x200,0x1 },
>  [SIFIVE_U_PLIC] = {  0xc00,  0x400 },
> -[SIFIVE_U_UART0] ={ 0x10013000, 0x1000 },
> -[SIFIVE_U_UART1] ={ 0x10023000, 0x1000 },
> +[SIFIVE_U_UART0] ={ 0x1001, 0x1000 },
> +[SIFIVE_U_UART1] ={ 0x10011000, 0x1000 },
>  [SIFIVE_U_DRAM] = { 0x8000,0x0 },
>  [SIFIVE_U_GEM] =  { 0x100900FC, 0x2000 },
>  };
> --
> 2.7.4
>
>
>

Re: [Qemu-devel] [Qemu-riscv] [PATCH 07/28] riscv: sifive_u: Set the minimum number of cpus to 2

[Jonathan Behrens]

I'm not familiar with QEMU conventions on this, but would it make sense to
require having exactly 5 CPUs to match the real board?

Jonathan


On Mon, Aug 5, 2019 at 12:05 PM Bin Meng  wrote:

> It is not useful if we only have one management CPU.
>
> Signed-off-by: Bin Meng 
> ---
>
>  hw/riscv/sifive_u.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index 08d406f..206eccc 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -428,6 +428,8 @@ static void riscv_sifive_u_machine_init(MachineClass
> *mc)
>   * management CPU.
>   */
>  mc->max_cpus = 5;
> +/* It is not useful if we only have one management CPU */
> +mc->min_cpus = 2;
>  }
>
>  DEFINE_MACHINE("sifive_u", riscv_sifive_u_machine_init)
> --
> 2.7.4
>
>
>

[Qemu-devel] [PULL 7/7] block/backup: disable copy_range for compressed backup

[Max Reitz]

From: Vladimir Sementsov-Ogievskiy 

Enabled by default copy_range ignores compress option. It's definitely
unexpected for user.

It's broken since introduction of copy_range usage in backup in
9ded4a011496.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Message-id: 20190730163251.755248-3-vsement...@virtuozzo.com
Reviewed-by: John Snow 
Reviewed-by: Max Reitz 
Signed-off-by: Max Reitz 
---
 block/backup.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/backup.c b/block/backup.c
index 1ee271f9f1..b26c22c4b8 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -657,7 +657,7 @@ BlockJob *backup_job_create(const char *job_id, 
BlockDriverState *bs,
 job->cluster_size = cluster_size;
 job->copy_bitmap = copy_bitmap;
 copy_bitmap = NULL;
-job->use_copy_range = true;
+job->use_copy_range = !compress; /* compression isn't supported for it */
 job->copy_range_size = MIN_NON_ZERO(blk_get_max_transfer(job->common.blk),
 blk_get_max_transfer(job->target));
 job->copy_range_size = MAX(job->cluster_size,
-- 
2.21.0

[Qemu-devel] [PULL 4/7] iotests: Test incremental backup after truncation

[Max Reitz]

Signed-off-by: Max Reitz 
Message-id: 20190805152840.32190-1-mre...@redhat.com
Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/124 | 38 ++
 tests/qemu-iotests/124.out |  4 ++--
 2 files changed, 36 insertions(+), 6 deletions(-)

diff --git a/tests/qemu-iotests/124 b/tests/qemu-iotests/124
index 80b356f7bb..3440f54781 100755
--- a/tests/qemu-iotests/124
+++ b/tests/qemu-iotests/124
@@ -212,25 +212,28 @@ class TestIncrementalBackupBase(iotests.QMPTestCase):
 return bitmap
 
 
-def prepare_backup(self, bitmap=None, parent=None):
+def prepare_backup(self, bitmap=None, parent=None, **kwargs):
 if bitmap is None:
 bitmap = self.bitmaps[-1]
 if parent is None:
 parent, _ = bitmap.last_target()
 
 target, _ = bitmap.new_target()
-self.img_create(target, bitmap.drive['fmt'], parent=parent)
+self.img_create(target, bitmap.drive['fmt'], parent=parent,
+**kwargs)
 return target
 
 
 def create_incremental(self, bitmap=None, parent=None,
-   parentFormat=None, validate=True):
+   parentFormat=None, validate=True,
+   target=None):
 if bitmap is None:
 bitmap = self.bitmaps[-1]
 if parent is None:
 parent, _ = bitmap.last_target()
 
-target = self.prepare_backup(bitmap, parent)
+if target is None:
+target = self.prepare_backup(bitmap, parent)
 res = self.do_qmp_backup(job_id=bitmap.drive['id'],
  device=bitmap.drive['id'],
  sync='incremental', bitmap=bitmap.name,
@@ -572,6 +575,33 @@ class TestIncrementalBackup(TestIncrementalBackupBase):
   'bitmap0', self.drives[0],
   granularity=64000)
 
+def test_growing_before_backup(self):
+'''
+Test: Add a bitmap, truncate the image, write past the old
+  end, do a backup.
+
+Incremental backup should not ignore dirty bits past the old
+image end.
+'''
+self.assert_no_active_block_jobs()
+
+self.create_anchor_backup()
+
+self.add_bitmap('bitmap0', self.drives[0])
+
+res = self.vm.qmp('block_resize', device=self.drives[0]['id'],
+  size=(65 * 1048576))
+self.assert_qmp(res, 'return', {})
+
+# Dirty the image past the old end
+self.vm.hmp_qemu_io(self.drives[0]['id'], 'write 64M 64k')
+
+target = self.prepare_backup(size='65M')
+self.create_incremental(target=target)
+
+self.vm.shutdown()
+self.check_backups()
+
 
 class TestIncrementalBackupBlkdebug(TestIncrementalBackupBase):
 '''Incremental backup tests that utilize a BlkDebug filter on drive0.'''
diff --git a/tests/qemu-iotests/124.out b/tests/qemu-iotests/124.out
index 281b69efea..fa16b5ccef 100644
--- a/tests/qemu-iotests/124.out
+++ b/tests/qemu-iotests/124.out
@@ -1,5 +1,5 @@
-
+.
 --
-Ran 12 tests
+Ran 13 tests
 
 OK
-- 
2.21.0

[Qemu-devel] [PULL 1/7] backup: Copy only dirty areas

[Max Reitz]

The backup job must only copy areas that the copy_bitmap reports as
dirty.  This is always the case when using traditional non-offloading
backup, because it copies each cluster separately.  When offloading the
copy operation, we sometimes copy more than one cluster at a time, but
we only check whether the first one is dirty.

Therefore, whenever copy offloading is possible, the backup job
currently produces wrong output when the guest writes to an area of
which an inner part has already been backed up, because that inner part
will be re-copied.

Fixes: 9ded4a0114968e98b41494fc035ba14f84cdf700
Signed-off-by: Max Reitz 
Reviewed-by: Vladimir Sementsov-Ogievskiy 
Message-id: 20190801173900.23851-2-mre...@redhat.com
Signed-off-by: Max Reitz 
---
 block/backup.c | 13 +++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/block/backup.c b/block/backup.c
index 715e1d3be8..1ee271f9f1 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -202,22 +202,31 @@ static int coroutine_fn backup_do_cow(BackupBlockJob *job,
 cow_request_begin(_request, job, start, end);
 
 while (start < end) {
+int64_t dirty_end;
+
 if (!hbitmap_get(job->copy_bitmap, start)) {
 trace_backup_do_cow_skip(job, start);
 start += job->cluster_size;
 continue; /* already copied */
 }
 
+dirty_end = hbitmap_next_zero(job->copy_bitmap, start, (end - start));
+if (dirty_end < 0) {
+dirty_end = end;
+}
+
 trace_backup_do_cow_process(job, start);
 
 if (job->use_copy_range) {
-ret = backup_cow_with_offload(job, start, end, is_write_notifier);
+ret = backup_cow_with_offload(job, start, dirty_end,
+  is_write_notifier);
 if (ret < 0) {
 job->use_copy_range = false;
 }
 }
 if (!job->use_copy_range) {
-ret = backup_cow_with_bounce_buffer(job, start, end, 
is_write_notifier,
+ret = backup_cow_with_bounce_buffer(job, start, dirty_end,
+is_write_notifier,
 error_is_read, _buffer);
 }
 if (ret < 0) {
-- 
2.21.0

[Qemu-devel] [PULL 5/7] mirror: Only mirror granularity-aligned chunks

[Max Reitz]

In write-blocking mode, all writes to the top node directly go to the
target.  We must only mirror chunks of data that are aligned to the
job's granularity, because that is how the dirty bitmap works.
Therefore, the request alignment for writes must be the job's
granularity (in write-blocking mode).

Unfortunately, this forces all reads and writes to have the same
granularity (we only need this alignment for writes to the target, not
the source), but that is something to be fixed another time.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Max Reitz 
Message-id: 20190805153308.2657-1-mre...@redhat.com
Reviewed-by: Vladimir Sementsov-Ogievskiy 
Fixes: d06107ade0ce74dc39739bac80de84b51ec18546
Signed-off-by: Max Reitz 
---
 block/mirror.c | 29 +
 1 file changed, 29 insertions(+)

diff --git a/block/mirror.c b/block/mirror.c
index 8cb75fb409..9f5c59ece1 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -1481,6 +1481,15 @@ static void bdrv_mirror_top_child_perm(BlockDriverState 
*bs, BdrvChild *c,
 *nshared = BLK_PERM_ALL;
 }
 
+static void bdrv_mirror_top_refresh_limits(BlockDriverState *bs, Error **errp)
+{
+MirrorBDSOpaque *s = bs->opaque;
+
+if (s && s->job && s->job->copy_mode == MIRROR_COPY_MODE_WRITE_BLOCKING) {
+bs->bl.request_alignment = s->job->granularity;
+}
+}
+
 /* Dummy node that provides consistent read to its users without requiring it
  * from its backing file and that allows writes on the backing file chain. */
 static BlockDriver bdrv_mirror_top = {
@@ -1493,6 +1502,7 @@ static BlockDriver bdrv_mirror_top = {
 .bdrv_co_block_status   = bdrv_co_block_status_from_backing,
 .bdrv_refresh_filename  = bdrv_mirror_top_refresh_filename,
 .bdrv_child_perm= bdrv_mirror_top_child_perm,
+.bdrv_refresh_limits= bdrv_mirror_top_refresh_limits,
 };
 
 static BlockJob *mirror_start_job(
@@ -1637,6 +1647,25 @@ static BlockJob *mirror_start_job(
 s->should_complete = true;
 }
 
+/*
+ * Must be called before we start tracking writes, but after
+ *
+ * ((MirrorBlockJob *)
+ * ((MirrorBDSOpaque *)
+ * mirror_top_bs->opaque
+ * )->job
+ * )->copy_mode
+ *
+ * has the correct value.
+ * (We start tracking writes as of the following
+ * bdrv_create_dirty_bitmap() call.)
+ */
+bdrv_refresh_limits(mirror_top_bs, _err);
+if (local_err) {
+error_propagate(errp, local_err);
+goto fail;
+}
+
 s->dirty_bitmap = bdrv_create_dirty_bitmap(bs, granularity, NULL, errp);
 if (!s->dirty_bitmap) {
 goto fail;
-- 
2.21.0

[Qemu-devel] [PULL 6/7] iotests: Test unaligned blocking mirror write

[Max Reitz]

Signed-off-by: Max Reitz 
Message-id: 20190805113526.20319-1-mre...@redhat.com
Reviewed-by: Vladimir Sementsov-Ogievskiy 
Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/151 | 25 +
 tests/qemu-iotests/151.out |  4 ++--
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/tests/qemu-iotests/151 b/tests/qemu-iotests/151
index 1bb74d67c4..ad7359fc8d 100755
--- a/tests/qemu-iotests/151
+++ b/tests/qemu-iotests/151
@@ -114,6 +114,31 @@ class TestActiveMirror(iotests.QMPTestCase):
 def testActiveIOFlushed(self):
 self.doActiveIO(True)
 
+def testUnalignedActiveIO(self):
+# Fill the source image
+result = self.vm.hmp_qemu_io('source', 'write -P 1 0 2M')
+
+# Start the block job (very slowly)
+result = self.vm.qmp('blockdev-mirror',
+ job_id='mirror',
+ filter_node_name='mirror-node',
+ device='source-node',
+ target='target-node',
+ sync='full',
+ copy_mode='write-blocking',
+ buf_size=(1048576 // 4),
+ speed=1)
+self.assert_qmp(result, 'return', {})
+
+# Start an unaligned request to a dirty area
+result = self.vm.hmp_qemu_io('source', 'write -P 2 %i 1' % (1048576 + 
42))
+
+# Let the job finish
+result = self.vm.qmp('block-job-set-speed', device='mirror', speed=0)
+self.assert_qmp(result, 'return', {})
+self.complete_and_wait(drive='mirror')
+
+self.potential_writes_in_flight = False
 
 
 if __name__ == '__main__':
diff --git a/tests/qemu-iotests/151.out b/tests/qemu-iotests/151.out
index fbc63e62f8..8d7e996700 100644
--- a/tests/qemu-iotests/151.out
+++ b/tests/qemu-iotests/151.out
@@ -1,5 +1,5 @@
-..
+...
 --
-Ran 2 tests
+Ran 3 tests
 
 OK
-- 
2.21.0

[Qemu-devel] [PULL 2/7] iotests: Test backup job with two guest writes

[Max Reitz]

Perform two guest writes to not yet backed up areas of an image, where
the former touches an inner area of the latter.

Before HEAD^, copy offloading broke this in two ways:
(1) The target image differs from the reference image (what the source
was when the backup started).
(2) But you will not see that in the failing output, because the job
offset is reported as being greater than the job length.  This is
because one cluster is copied twice, and thus accounted for twice,
but of course the job length does not increase.

Signed-off-by: Max Reitz 
Message-id: 20190801173900.23851-3-mre...@redhat.com
Reviewed-by: Vladimir Sementsov-Ogievskiy 
Tested-by: Vladimir Sementsov-Ogievskiy 
Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/056 | 39 ++
 tests/qemu-iotests/056.out |  4 ++--
 2 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/tests/qemu-iotests/056 b/tests/qemu-iotests/056
index f40fc11a09..e761e465ae 100755
--- a/tests/qemu-iotests/056
+++ b/tests/qemu-iotests/056
@@ -133,6 +133,7 @@ class BackupTest(iotests.QMPTestCase):
 self.vm = iotests.VM()
 self.test_img = img_create('test')
 self.dest_img = img_create('dest')
+self.ref_img = img_create('ref')
 self.vm.add_drive(self.test_img)
 self.vm.launch()
 
@@ -140,6 +141,7 @@ class BackupTest(iotests.QMPTestCase):
 self.vm.shutdown()
 try_remove(self.test_img)
 try_remove(self.dest_img)
+try_remove(self.ref_img)
 
 def hmp_io_writes(self, drive, patterns):
 for pattern in patterns:
@@ -177,6 +179,43 @@ class BackupTest(iotests.QMPTestCase):
 self.assert_qmp(event, 'data/error', qerror)
 return False
 
+def test_overlapping_writes(self):
+# Write something to back up
+self.hmp_io_writes('drive0', [('42', '0M', '2M')])
+
+# Create a reference backup
+self.qmp_backup_and_wait(device='drive0', format=iotests.imgfmt,
+ sync='full', target=self.ref_img,
+ auto_dismiss=False)
+res = self.vm.qmp('block-job-dismiss', id='drive0')
+self.assert_qmp(res, 'return', {})
+
+# Now to the test backup: We simulate the following guest
+# writes:
+# (1) [1M + 64k, 1M + 128k): Afterwards, everything in that
+# area should be in the target image, and we must not copy
+# it again (because the source image has changed now)
+# (64k is the job's cluster size)
+# (2) [1M, 2M): The backup job must not get overeager.  It
+# must copy [1M, 1M + 64k) and [1M + 128k, 2M) separately,
+# but not the area in between.
+
+self.qmp_backup(device='drive0', format=iotests.imgfmt, sync='full',
+target=self.dest_img, speed=1, auto_dismiss=False)
+
+self.hmp_io_writes('drive0', [('23', '%ik' % (1024 + 64), '64k'),
+  ('66', '1M', '1M')])
+
+# Let the job complete
+res = self.vm.qmp('block-job-set-speed', device='drive0', speed=0)
+self.assert_qmp(res, 'return', {})
+self.qmp_backup_wait('drive0')
+res = self.vm.qmp('block-job-dismiss', id='drive0')
+self.assert_qmp(res, 'return', {})
+
+self.assertTrue(iotests.compare_images(self.ref_img, self.dest_img),
+'target image does not match reference image')
+
 def test_dismiss_false(self):
 res = self.vm.qmp('query-block-jobs')
 self.assert_qmp(res, 'return', [])
diff --git a/tests/qemu-iotests/056.out b/tests/qemu-iotests/056.out
index dae404e278..36376bed87 100644
--- a/tests/qemu-iotests/056.out
+++ b/tests/qemu-iotests/056.out
@@ -1,5 +1,5 @@
-.
+..
 --
-Ran 9 tests
+Ran 10 tests
 
 OK
-- 
2.21.0

[Qemu-devel] [PULL 3/7] util/hbitmap: update orig_size on truncate

[Max Reitz]

From: Vladimir Sementsov-Ogievskiy 

Without this, hbitmap_next_zero and hbitmap_next_dirty_area are broken
after truncate. So, orig_size is broken since it's introduction in
76d570dc495c56bb.

Fixes: 76d570dc495c56bb
Signed-off-by: Vladimir Sementsov-Ogievskiy 
Message-id: 20190805120120.23585-1-vsement...@virtuozzo.com
Reviewed-by: Max Reitz 
Signed-off-by: Max Reitz 
---
 util/hbitmap.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/util/hbitmap.c b/util/hbitmap.c
index 7905212a8b..bcc0acdc6a 100644
--- a/util/hbitmap.c
+++ b/util/hbitmap.c
@@ -53,7 +53,9 @@
  */
 
 struct HBitmap {
-/* Size of the bitmap, as requested in hbitmap_alloc. */
+/*
+ * Size of the bitmap, as requested in hbitmap_alloc or in 
hbitmap_truncate.
+ */
 uint64_t orig_size;
 
 /* Number of total bits in the bottom level.  */
@@ -732,6 +734,8 @@ void hbitmap_truncate(HBitmap *hb, uint64_t size)
 uint64_t num_elements = size;
 uint64_t old;
 
+hb->orig_size = size;
+
 /* Size comes in as logical elements, adjust for granularity. */
 size = (size + (1ULL << hb->granularity) - 1) >> hb->granularity;
 assert(size <= ((uint64_t)1 << HBITMAP_LOG_MAX_SIZE));
-- 
2.21.0

[Qemu-devel] [PULL 0/7] Block patches for 4.1.0-rc4

[Max Reitz]

The following changes since commit 9bb68d34dda9be60335e73e65c8fb61bca035362:

  Merge remote-tracking branch 'remotes/philmd-gitlab/tags/edk2-next-20190803' 
into staging (2019-08-05 11:05:36 +0100)

are available in the Git repository at:

  https://github.com/XanClic/qemu.git tags/pull-block-2019-08-05

for you to fetch changes up to 07b0851c592efe188a87259adbda26a63c61dc92:

  block/backup: disable copy_range for compressed backup (2019-08-05 18:05:05 
+0200)


Block patches for 4.1.0-rc4:
- Fix the backup block job when using copy offloading
- Fix the mirror block job when using the write-blocking copy mode
- Fix incremental backups after the image has been grown with the
  respective bitmap attached to it


Max Reitz (5):
  backup: Copy only dirty areas
  iotests: Test backup job with two guest writes
  iotests: Test incremental backup after truncation
  mirror: Only mirror granularity-aligned chunks
  iotests: Test unaligned blocking mirror write

Vladimir Sementsov-Ogievskiy (2):
  util/hbitmap: update orig_size on truncate
  block/backup: disable copy_range for compressed backup

 block/backup.c | 15 ---
 block/mirror.c | 29 
 util/hbitmap.c |  6 +-
 tests/qemu-iotests/056 | 39 ++
 tests/qemu-iotests/056.out |  4 ++--
 tests/qemu-iotests/124 | 38 +
 tests/qemu-iotests/124.out |  4 ++--
 tests/qemu-iotests/151 | 25 
 tests/qemu-iotests/151.out |  4 ++--
 9 files changed, 150 insertions(+), 14 deletions(-)

-- 
2.21.0

Re: [Qemu-devel] [Qemu-riscv] [PATCH 2/2] riscv: sifive_u: Update the plic hart config to support multicore

[Fabien Chouteau]

On 05/08/2019 18:10, Bin Meng wrote:
> Thank you for the suggestion. A patch was created for this:
> http://patchwork.ozlabs.org/patch/1142282/

Awesome, thank you Bin!

Re: [Qemu-devel] [PATCH 14/67] target/arm: Convert multiply and multiply accumulate

[Richard Henderson]

On 8/5/19 8:32 AM, Peter Maydell wrote:
>> -/* load a 32-bit value from a register and perform a 64-bit accumulate.  */
>> -static void gen_addq_lo(DisasContext *s, TCGv_i64 val, int rlow)
>> -{
>> -TCGv_i64 tmp;
>> -TCGv_i32 tmp2;
>> -
>> -/* Load value and extend to 64 bits.  */
>> -tmp = tcg_temp_new_i64();
>> -tmp2 = load_reg(s, rlow);
>> -tcg_gen_extu_i32_i64(tmp, tmp2);
>> -tcg_temp_free_i32(tmp2);
>> -tcg_gen_add_i64(val, val, tmp);
>> -tcg_temp_free_i64(tmp);
>> -}
>> -
> 
>> +static bool trans_UMAAL(DisasContext *s, arg_UMAAL *a)
>> +{
>> +TCGv_i32 t0, t1, t2, zero;
>> +
>> +if (s->thumb
>> +? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)
>> +: !ENABLE_ARCH_6) {
>> +return false;
>> +}
>> +
>> +t0 = load_reg(s, a->rm);
>> +t1 = load_reg(s, a->rn);
>> +tcg_gen_mulu2_i32(t0, t1, t0, t1);
>> +zero = tcg_const_i32(0);
>> +t2 = load_reg(s, a->ra);
>> +tcg_gen_add2_i32(t0, t1, t0, t1, t2, zero);
>> +tcg_temp_free_i32(t2);
>> +t2 = load_reg(s, a->rd);
>> +tcg_gen_add2_i32(t0, t1, t0, t1, t2, zero);
>> +tcg_temp_free_i32(t2);
>> +tcg_temp_free_i32(zero);
>> +store_reg(s, a->ra, t0);
>> +store_reg(s, a->rd, t1);
>> +return true;
>> +
> 
> Is using mulu2/add2/add2 like this really generating better
> code than the mulu_i64_i32 and 2 64-bit adds that we had before?
> If we're going to change how we're generating code it would be
> nice to at least mention it in the commit message...

I didn't really think about the code generation difference, merely that it
seemed more obvious, given that all of the inputs are i32, and we need i32
outputs.  I assumed it wasn't written like this in the first place because
tcg_gen_mulu2_i32 is relatively new.


r~

Re: [Qemu-devel] [Qemu-riscv] [PATCH 2/2] riscv: sifive_u: Update the plic hart config to support multicore

[Bin Meng]

Hi Fabien,

On Tue, Jul 9, 2019 at 12:31 AM Fabien Chouteau  wrote:
>
> Hi Bin,
>
> Thanks for this patch.
>
> I know I am very late to the game but I have a comment here.
>
> On 17/05/2019 17:51, Bin Meng wrote:
> > +/* create PLIC hart topology configuration string */
> > +plic_hart_config_len = (strlen(SIFIVE_U_PLIC_HART_CONFIG) + 1) * 
> > smp_cpus;
> > +plic_hart_config = g_malloc0(plic_hart_config_len);
> > +for (i = 0; i < smp_cpus; i++) {
> > +if (i != 0) {
> > +strncat(plic_hart_config, ",", plic_hart_config_len);
> > +}
> > +strncat(plic_hart_config, SIFIVE_U_PLIC_HART_CONFIG,
> > +plic_hart_config_len);
> > +plic_hart_config_len -= (strlen(SIFIVE_U_PLIC_HART_CONFIG) + 1);
> > +}
> > +
>
> This will create up to 4 MS PLIC devices. However on the Unleashed FU540 the 
> PLICs are M,MS,MS,MS,MS because of the monitor hart #0.
>
> This means a different memory layout than the real hardware.
>
> For instance address 0x0C00_2080 will be hart #0 S-Mode interrupt enables in 
> QEMU, instead of #1 M-Mode interrupt enables for the real hardware.
>
> To fix this I suggest to change this loop to:
>
> for (i = 0; i < smp_cpus; i++) {
> if (i != 0) {
> strncat(plic_hart_config, "," SIFIVE_U_PLIC_HART_CONFIG,
> plic_hart_config_len);
> } else {
> strncat(plic_hart_config, "M", plic_hart_config_len);
> }
> plic_hart_config_len -= (strlen(SIFIVE_U_PLIC_HART_CONFIG) + 1);
> }
>
> This will make hart #0 PLIC in M mode and the others in MS.
>
> What do you think?

Thank you for the suggestion. A patch was created for this:
http://patchwork.ozlabs.org/patch/1142282/

Regards,
Bin

[Qemu-devel] [PATCH 28/28] riscv: sifive_u: Update model and compatible strings in device tree

[Bin Meng]

This updates model and compatible strings to use the same strings
as used in the Linux kernel device tree (hifive-unleashed-a00.dts).

Signed-off-by: Bin Meng 

---

 hw/riscv/sifive_u.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 5ded3a0..b7d4b4f 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -94,8 +94,9 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 exit(1);
 }
 
-qemu_fdt_setprop_string(fdt, "/", "model", "ucbbar,spike-bare,qemu");
-qemu_fdt_setprop_string(fdt, "/", "compatible", "ucbbar,spike-bare-dev");
+qemu_fdt_setprop_string(fdt, "/", "model", "SiFive HiFive Unleashed A00");
+qemu_fdt_setprop_string(fdt, "/", "compatible",
+"sifive,hifive-unleashed-a00");
 qemu_fdt_setprop_cell(fdt, "/", "#size-cells", 0x2);
 qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 0x2);
 
-- 
2.7.4

Re: [Qemu-devel] [PATCH 2/3] block/backup: disable copy_range for compressed backup

[Max Reitz]

On 30.07.19 18:32, Vladimir Sementsov-Ogievskiy wrote:
> Enabled by default copy_range ignores compress option. It's definitely
> unexpected for user.
> 
> It's broken since introduction of copy_range usage in backup in
> 9ded4a011496.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
>  block/backup.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
Thanks, applied to my block branch:

https://git.xanclic.moe/XanClic/qemu/commits/branch/block

Max



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 27/28] riscv: virt: Change create_fdt() to return void

[Bin Meng]

There is no need to return fdt at the end of create_fdt() because
it's already saved in s->fdt. Other machines (sifive_u, spike)
don't do it neither.

Signed-off-by: Bin Meng 
---

 hw/riscv/virt.c | 11 ---
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index f662100..5935ac8 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -112,7 +112,7 @@ static void create_pcie_irq_map(void *fdt, char *nodename,
0x1800, 0, 0, 0x7);
 }
 
-static void *create_fdt(RISCVVirtState *s, const struct MemmapEntry *memmap,
+static void create_fdt(RISCVVirtState *s, const struct MemmapEntry *memmap,
 uint64_t mem_size, const char *cmdline)
 {
 void *fdt;
@@ -316,8 +316,6 @@ static void *create_fdt(RISCVVirtState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_string(fdt, "/chosen", "bootargs", cmdline);
 }
 g_free(nodename);
-
-return fdt;
 }
 
 
@@ -373,7 +371,6 @@ static void riscv_virt_board_init(MachineState *machine)
 size_t plic_hart_config_len;
 int i;
 unsigned int smp_cpus = machine->smp.cpus;
-void *fdt;
 
 /* Initialize SOC */
 object_initialize_child(OBJECT(machine), "soc", >soc, sizeof(s->soc),
@@ -392,7 +389,7 @@ static void riscv_virt_board_init(MachineState *machine)
 main_mem);
 
 /* create device tree */
-fdt = create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline);
+create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline);
 
 /* boot rom */
 memory_region_init_rom(mask_rom, NULL, "riscv_virt_board.mrom",
@@ -411,9 +408,9 @@ static void riscv_virt_board_init(MachineState *machine)
 hwaddr end = riscv_load_initrd(machine->initrd_filename,
machine->ram_size, kernel_entry,
);
-qemu_fdt_setprop_cell(fdt, "/chosen",
+qemu_fdt_setprop_cell(s->fdt, "/chosen",
   "linux,initrd-start", start);
-qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end",
+qemu_fdt_setprop_cell(s->fdt, "/chosen", "linux,initrd-end",
   end);
 }
 }
-- 
2.7.4

[Qemu-devel] [PATCH 26/28] riscv: hw: Update PLIC device tree

[Bin Meng]

This removes "reg-names" and "riscv,max-priority" properties of the
PLIC node from device tree, and updates its compatible string, to
keep in sync with the Linux kernel device tree.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_u.c | 4 +---
 hw/riscv/virt.c | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index d77b3c3..5ded3a0 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -229,15 +229,13 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 (long)memmap[SIFIVE_U_PLIC].base);
 qemu_fdt_add_subnode(fdt, nodename);
 qemu_fdt_setprop_cell(fdt, nodename, "#interrupt-cells", 1);
-qemu_fdt_setprop_string(fdt, nodename, "compatible", "riscv,plic0");
+qemu_fdt_setprop_string(fdt, nodename, "compatible", "sifive,plic-1.0.0");
 qemu_fdt_setprop(fdt, nodename, "interrupt-controller", NULL, 0);
 qemu_fdt_setprop(fdt, nodename, "interrupts-extended",
 cells, s->soc.cpus.num_harts * sizeof(uint32_t) * 4);
 qemu_fdt_setprop_cells(fdt, nodename, "reg",
 0x0, memmap[SIFIVE_U_PLIC].base,
 0x0, memmap[SIFIVE_U_PLIC].size);
-qemu_fdt_setprop_string(fdt, nodename, "reg-names", "control");
-qemu_fdt_setprop_cell(fdt, nodename, "riscv,max-priority", 7);
 qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", 0x35);
 qemu_fdt_setprop_cell(fdt, nodename, "phandle", plic_phandle);
 plic_phandle = qemu_fdt_get_phandle(fdt, nodename);
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 127f005..f662100 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -237,15 +237,13 @@ static void *create_fdt(RISCVVirtState *s, const struct 
MemmapEntry *memmap,
   FDT_PLIC_ADDR_CELLS);
 qemu_fdt_setprop_cell(fdt, nodename, "#interrupt-cells",
   FDT_PLIC_INT_CELLS);
-qemu_fdt_setprop_string(fdt, nodename, "compatible", "riscv,plic0");
+qemu_fdt_setprop_string(fdt, nodename, "compatible", "sifive,plic-1.0.0");
 qemu_fdt_setprop(fdt, nodename, "interrupt-controller", NULL, 0);
 qemu_fdt_setprop(fdt, nodename, "interrupts-extended",
 cells, s->soc.num_harts * sizeof(uint32_t) * 4);
 qemu_fdt_setprop_cells(fdt, nodename, "reg",
 0x0, memmap[VIRT_PLIC].base,
 0x0, memmap[VIRT_PLIC].size);
-qemu_fdt_setprop_string(fdt, nodename, "reg-names", "control");
-qemu_fdt_setprop_cell(fdt, nodename, "riscv,max-priority", 7);
 qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", VIRTIO_NDEV);
 qemu_fdt_setprop_cell(fdt, nodename, "phandle", plic_phandle);
 plic_phandle = qemu_fdt_get_phandle(fdt, nodename);
-- 
2.7.4

Re: [Qemu-devel] [Qemu-riscv] [PATCH 2/2] riscv: sifive_u: Update the plic hart config to support multicore

[Bin Meng]

Hi Alistair,

On Tue, Jul 16, 2019 at 5:33 AM Alistair Francis  wrote:
>
> On Sat, Jul 13, 2019 at 8:23 PM Bin Meng  wrote:
> >
> > Hi Fabien,
> >
> > On Tue, Jul 9, 2019 at 12:31 AM Fabien Chouteau  
> > wrote:
> > >
> > > Hi Bin,
> > >
> > > Thanks for this patch.
> > >
> > > I know I am very late to the game but I have a comment here.
> > >
> > > On 17/05/2019 17:51, Bin Meng wrote:
> > > > +/* create PLIC hart topology configuration string */
> > > > +plic_hart_config_len = (strlen(SIFIVE_U_PLIC_HART_CONFIG) + 1) * 
> > > > smp_cpus;
> > > > +plic_hart_config = g_malloc0(plic_hart_config_len);
> > > > +for (i = 0; i < smp_cpus; i++) {
> > > > +if (i != 0) {
> > > > +strncat(plic_hart_config, ",", plic_hart_config_len);
> > > > +}
> > > > +strncat(plic_hart_config, SIFIVE_U_PLIC_HART_CONFIG,
> > > > +plic_hart_config_len);
> > > > +plic_hart_config_len -= (strlen(SIFIVE_U_PLIC_HART_CONFIG) + 
> > > > 1);
> > > > +}
> > > > +
> > >
> > > This will create up to 4 MS PLIC devices. However on the Unleashed FU540 
> > > the PLICs are M,MS,MS,MS,MS because of the monitor hart #0.
> > >
> > > This means a different memory layout than the real hardware.
> > >
> > > For instance address 0x0C00_2080 will be hart #0 S-Mode interrupt enables 
> > > in QEMU, instead of #1 M-Mode interrupt enables for the real hardware.
> >
> > Thanks for the notes! I agree to better match the real hardware, it
> > should be modeled like that. However I am not sure what the original
> > intention was when creating the "sifive_u" machine. Both OpenSBI and
> > U-Boot list sifive_u as a special target, instead of the real
> > Unleashed board hence I assume this is a hypothetical target too, like
> > the "virt", but was created to best match the real Unleashed board
> > though.
>
> I thought (Palmer correct me if I'm wrong) that the sifive_u machine
> *should* match the hardware. The problem is that QEMU doesn't support
> everything that the HW supports which is why U-Boot and OpenSBI have
> their own targets. The goal is to not require special QEMU targets, so
> this is a step in the right direction.
>

I've sent a series that improves the emulation fidelity of sifive_u
machine, so that the upstream OpenSBI, U-Boot and kernel images built
for the SiFive HiFive Unleashed board can be used out of the box
without any special hack.

Please have a look.
http://patchwork.ozlabs.org/project/qemu-devel/list/?series=123386

Regards,
Bin

[Qemu-devel] [PATCH 24/28] riscv: sifive_u: Fix broken GEM support

[Bin Meng]

At present the GEM support in sifive_u machine is seriously broken.

- The GEM block register base was set to a weird number (0x100900FC),
  which for no way could work with the cadence_gem model in QEMU.
- The generated DT node for GEM has a "clocks-names" which is an
  invalid property name.

Not like other GEM variants, the FU540-specific GEM has a management
block to control 10/100/1000Mbps link speed changes, that is mapped
to 0x100a. We can simply map it into MMIO space without special
handling using sifive_mmio_emulate().

Update the GEM node compatible string to use the official name used
by the upstream Linux kernel, and add the management block reg base
& size to the  property encoding.

Tested with upstream U-Boot and Linux kernel MACB drivers.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_u.c | 17 +
 include/hw/riscv/sifive_u.h |  3 ++-
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 9945b82..85cd4b5 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -3,6 +3,7 @@
  *
  * Copyright (c) 2016-2017 Sagar Karandikar, sag...@eecs.berkeley.edu
  * Copyright (c) 2017 SiFive, Inc.
+ * Copyright (c) 2019 Bin Meng 
  *
  * Provides a board compatible with the SiFive Freedom U SDK:
  *
@@ -11,6 +12,7 @@
  * 2) PLIC (Platform Level Interrupt Controller)
  * 3) PRCI (Power, Reset, Clock, Interrupt)
  * 4) OTP (One-Time Programmable) memory with stored serial number
+ * 5) GEM (Gigabit Ethernet Controller) and management block
  *
  * This board currently uses a hardcoded devicetree that indicates five harts.
  *
@@ -68,7 +70,8 @@ static const struct MemmapEntry {
 [SIFIVE_U_UART1] ={ 0x10011000, 0x1000 },
 [SIFIVE_U_OTP] =  { 0x1007, 0x1000 },
 [SIFIVE_U_DRAM] = { 0x8000,0x0 },
-[SIFIVE_U_GEM] =  { 0x100900FC, 0x2000 },
+[SIFIVE_U_GEM] =  { 0x1009, 0x2000 },
+[SIFIVE_U_GEM_MGMT] = { 0x100a, 0x1000 },
 };
 
 #define SIFIVE_OTP_SERIAL   1
@@ -244,17 +247,20 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 nodename = g_strdup_printf("/soc/ethernet@%lx",
 (long)memmap[SIFIVE_U_GEM].base);
 qemu_fdt_add_subnode(fdt, nodename);
-qemu_fdt_setprop_string(fdt, nodename, "compatible", "cdns,macb");
+qemu_fdt_setprop_string(fdt, nodename, "compatible",
+"sifive,fu540-c000-gem");
 qemu_fdt_setprop_cells(fdt, nodename, "reg",
 0x0, memmap[SIFIVE_U_GEM].base,
-0x0, memmap[SIFIVE_U_GEM].size);
+0x0, memmap[SIFIVE_U_GEM].size,
+0x0, memmap[SIFIVE_U_GEM_MGMT].base,
+0x0, memmap[SIFIVE_U_GEM_MGMT].size);
 qemu_fdt_setprop_string(fdt, nodename, "reg-names", "control");
 qemu_fdt_setprop_string(fdt, nodename, "phy-mode", "gmii");
 qemu_fdt_setprop_cell(fdt, nodename, "interrupt-parent", plic_phandle);
 qemu_fdt_setprop_cell(fdt, nodename, "interrupts", SIFIVE_U_GEM_IRQ);
 qemu_fdt_setprop_cells(fdt, nodename, "clocks",
 prci_phandle, PRCI_CLK_GEMGXLPLL, prci_phandle, PRCI_CLK_GEMGXLPLL);
-qemu_fdt_setprop(fdt, nodename, "clocks-names", ethclk_names,
+qemu_fdt_setprop(fdt, nodename, "clock-names", ethclk_names,
 sizeof(ethclk_names));
 qemu_fdt_setprop_cell(fdt, nodename, "#address-cells", 1);
 qemu_fdt_setprop_cell(fdt, nodename, "#size-cells", 0);
@@ -455,6 +461,9 @@ static void riscv_sifive_u_soc_realize(DeviceState *dev, 
Error **errp)
 sysbus_mmio_map(SYS_BUS_DEVICE(>gem), 0, memmap[SIFIVE_U_GEM].base);
 sysbus_connect_irq(SYS_BUS_DEVICE(>gem), 0,
plic_gpios[SIFIVE_U_GEM_IRQ]);
+
+sifive_mmio_emulate(system_memory, "riscv.sifive.u.gem-mgmt",
+memmap[SIFIVE_U_GEM_MGMT].base, memmap[SIFIVE_U_GEM_MGMT].size);
 }
 
 static void riscv_sifive_u_machine_init(MachineClass *mc)
diff --git a/include/hw/riscv/sifive_u.h b/include/hw/riscv/sifive_u.h
index 0461331..e92f1aa 100644
--- a/include/hw/riscv/sifive_u.h
+++ b/include/hw/riscv/sifive_u.h
@@ -56,7 +56,8 @@ enum {
 SIFIVE_U_UART1,
 SIFIVE_U_OTP,
 SIFIVE_U_DRAM,
-SIFIVE_U_GEM
+SIFIVE_U_GEM,
+SIFIVE_U_GEM_MGMT
 };
 
 enum {
-- 
2.7.4

[Qemu-devel] [PATCH 10/28] riscv: sifive_u: Remove the unnecessary include of prci header

[Bin Meng]

sifive_u machine does not use PRCI as of today. Remove the prci
header inclusion.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_u.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 9f05e09..dfcb525 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -40,7 +40,6 @@
 #include "hw/riscv/sifive_plic.h"
 #include "hw/riscv/sifive_clint.h"
 #include "hw/riscv/sifive_uart.h"
-#include "hw/riscv/sifive_prci.h"
 #include "hw/riscv/sifive_u.h"
 #include "hw/riscv/boot.h"
 #include "chardev/char.h"
-- 
2.7.4

[Qemu-devel] [PATCH 22/28] riscv: sifive_u: Generate an aliases node in the device tree

[Bin Meng]

The Linux kernel SiFive UART driver expects an aliases node to be
present in the device tree, from which the driver extracts the port
number from "serial#" in the aliases node.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_u.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 061d6d4..9945b82 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -283,6 +283,8 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 if (cmdline) {
 qemu_fdt_setprop_string(fdt, "/chosen", "bootargs", cmdline);
 }
+qemu_fdt_add_subnode(fdt, "/aliases");
+qemu_fdt_setprop_string(fdt, "/aliases", "serial0", nodename);
 g_free(nodename);
 }
 
-- 
2.7.4

[Qemu-devel] [PATCH 14/28] riscv: sifive: Implement PRCI model for FU540

[Bin Meng]

This adds a simple PRCI model for FU540 (sifive_u). It has different
register layout from the existing PRCI model for FE310 (sifive_e).

Signed-off-by: Bin Meng 
---

 hw/riscv/Makefile.objs   |   1 +
 hw/riscv/sifive_u_prci.c | 163 +++
 include/hw/riscv/sifive_u_prci.h |  90 +
 3 files changed, 254 insertions(+)
 create mode 100644 hw/riscv/sifive_u_prci.c
 create mode 100644 include/hw/riscv/sifive_u_prci.h

diff --git a/hw/riscv/Makefile.objs b/hw/riscv/Makefile.objs
index c859697..b95bbd5 100644
--- a/hw/riscv/Makefile.objs
+++ b/hw/riscv/Makefile.objs
@@ -8,6 +8,7 @@ obj-$(CONFIG_SIFIVE) += sifive_gpio.o
 obj-$(CONFIG_SIFIVE) += sifive_plic.o
 obj-$(CONFIG_SIFIVE) += sifive_test.o
 obj-$(CONFIG_SIFIVE_U) += sifive_u.o
+obj-$(CONFIG_SIFIVE_U) += sifive_u_prci.o
 obj-$(CONFIG_SIFIVE) += sifive_uart.o
 obj-$(CONFIG_SPIKE) += spike.o
 obj-$(CONFIG_RISCV_VIRT) += virt.o
diff --git a/hw/riscv/sifive_u_prci.c b/hw/riscv/sifive_u_prci.c
new file mode 100644
index 000..35e5962
--- /dev/null
+++ b/hw/riscv/sifive_u_prci.c
@@ -0,0 +1,163 @@
+/*
+ * QEMU SiFive U PRCI (Power, Reset, Clock, Interrupt)
+ *
+ * Copyright (c) 2019 Bin Meng 
+ *
+ * Simple model of the PRCI to emulate register reads made by the SDK BSP
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "qemu/module.h"
+#include "target/riscv/cpu.h"
+#include "hw/riscv/sifive_u_prci.h"
+
+static uint64_t sifive_prci_read(void *opaque, hwaddr addr, unsigned int size)
+{
+SiFivePRCIState *s = opaque;
+
+switch (addr) {
+case SIFIVE_PRCI_HFXOSCCFG:
+return s->hfxosccfg;
+case SIFIVE_PRCI_COREPLLCFG0:
+return s->corepllcfg0;
+case SIFIVE_PRCI_DDRPLLCFG0:
+return s->ddrpllcfg0;
+case SIFIVE_PRCI_DDRPLLCFG1:
+return s->ddrpllcfg1;
+case SIFIVE_PRCI_GEMGXLPLLCFG0:
+return s->gemgxlpllcfg0;
+case SIFIVE_PRCI_GEMGXLPLLCFG1:
+return s->gemgxlpllcfg1;
+case SIFIVE_PRCI_CORECLKSEL:
+return s->coreclksel;
+case SIFIVE_PRCI_DEVICESRESET:
+return s->devicesreset;
+case SIFIVE_PRCI_CLKMUXSTATUS:
+return s->clkmuxstatus;
+}
+
+hw_error("%s: read: addr=0x%x\n", __func__, (int)addr);
+return 0;
+}
+
+static void sifive_prci_write(void *opaque, hwaddr addr,
+  uint64_t val64, unsigned int size)
+{
+SiFivePRCIState *s = opaque;
+
+switch (addr) {
+case SIFIVE_PRCI_HFXOSCCFG:
+s->hfxosccfg = (uint32_t) val64;
+/* OSC stays ready */
+s->hfxosccfg |= SIFIVE_PRCI_HFXOSCCFG_RDY;
+break;
+case SIFIVE_PRCI_COREPLLCFG0:
+s->corepllcfg0 = (uint32_t) val64;
+/* internal feedback */
+s->corepllcfg0 |= SIFIVE_PRCI_PLLCFG0_FSE;
+/* PLL stays locked */
+s->corepllcfg0 |= SIFIVE_PRCI_PLLCFG0_LOCK;
+break;
+case SIFIVE_PRCI_DDRPLLCFG0:
+s->ddrpllcfg0 = (uint32_t) val64;
+/* internal feedback */
+s->ddrpllcfg0 |= SIFIVE_PRCI_PLLCFG0_FSE;
+/* PLL stays locked */
+s->ddrpllcfg0 |= SIFIVE_PRCI_PLLCFG0_LOCK;
+break;
+case SIFIVE_PRCI_DDRPLLCFG1:
+s->ddrpllcfg1 = (uint32_t) val64;
+break;
+case SIFIVE_PRCI_GEMGXLPLLCFG0:
+s->gemgxlpllcfg0 = (uint32_t) val64;
+ /* internal feedback */
+s->gemgxlpllcfg0 |= SIFIVE_PRCI_PLLCFG0_FSE;
+   /* PLL stays locked */
+s->gemgxlpllcfg0 |= SIFIVE_PRCI_PLLCFG0_LOCK;
+break;
+case SIFIVE_PRCI_GEMGXLPLLCFG1:
+s->gemgxlpllcfg1 = (uint32_t) val64;
+break;
+case SIFIVE_PRCI_CORECLKSEL:
+s->coreclksel = (uint32_t) val64;
+break;
+case SIFIVE_PRCI_DEVICESRESET:
+s->devicesreset = (uint32_t) val64;
+break;
+case SIFIVE_PRCI_CLKMUXSTATUS:
+s->clkmuxstatus = (uint32_t) val64;
+break;
+default:
+hw_error("%s: bad write: addr=0x%x v=0x%x\n",
+ __func__, (int)addr, (int)val64);
+}
+}
+
+static const MemoryRegionOps sifive_prci_ops = {
+.read = sifive_prci_read,
+.write = sifive_prci_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4
+}
+};
+
+static void sifive_prci_init(Object *obj)
+{
+SiFivePRCIState *s = 

[Qemu-devel] [PATCH 21/28] riscv: sifive_u: Update UART and ethernet node clock properties

[Bin Meng]

Now that we have added PRCI nodes, update existing UART and ethernet
nodes to use PRCI as their clock sources, to keep in sync with the
Linux kernel device tree.

With above changes, the previously handcrafted "/soc/ethclk" node is
no longer needed. Remove it.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_u.c  | 21 +
 include/hw/riscv/sifive_u.h  |  3 +--
 include/hw/riscv/sifive_u_prci.h | 10 ++
 3 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index b90aa53..061d6d4 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -81,8 +81,8 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 int cpu;
 uint32_t *cells;
 char *nodename;
-char ethclk_names[] = "pclk\0hclk\0tx_clk";
-uint32_t plic_phandle, prci_phandle, ethclk_phandle, phandle = 1;
+char ethclk_names[] = "pclk\0hclk";
+uint32_t plic_phandle, prci_phandle, phandle = 1;
 uint32_t hfclk_phandle, rtcclk_phandle;
 
 fdt = s->fdt = create_device_tree(>fdt_size);
@@ -241,17 +241,6 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 g_free(cells);
 g_free(nodename);
 
-ethclk_phandle = phandle++;
-nodename = g_strdup_printf("/soc/ethclk");
-qemu_fdt_add_subnode(fdt, nodename);
-qemu_fdt_setprop_string(fdt, nodename, "compatible", "fixed-clock");
-qemu_fdt_setprop_cell(fdt, nodename, "#clock-cells", 0x0);
-qemu_fdt_setprop_cell(fdt, nodename, "clock-frequency",
-SIFIVE_U_GEM_CLOCK_FREQ);
-qemu_fdt_setprop_cell(fdt, nodename, "phandle", ethclk_phandle);
-ethclk_phandle = qemu_fdt_get_phandle(fdt, nodename);
-g_free(nodename);
-
 nodename = g_strdup_printf("/soc/ethernet@%lx",
 (long)memmap[SIFIVE_U_GEM].base);
 qemu_fdt_add_subnode(fdt, nodename);
@@ -264,7 +253,7 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_cell(fdt, nodename, "interrupt-parent", plic_phandle);
 qemu_fdt_setprop_cell(fdt, nodename, "interrupts", SIFIVE_U_GEM_IRQ);
 qemu_fdt_setprop_cells(fdt, nodename, "clocks",
-ethclk_phandle, ethclk_phandle, ethclk_phandle);
+prci_phandle, PRCI_CLK_GEMGXLPLL, prci_phandle, PRCI_CLK_GEMGXLPLL);
 qemu_fdt_setprop(fdt, nodename, "clocks-names", ethclk_names,
 sizeof(ethclk_names));
 qemu_fdt_setprop_cell(fdt, nodename, "#address-cells", 1);
@@ -284,8 +273,8 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_cells(fdt, nodename, "reg",
 0x0, memmap[SIFIVE_U_UART0].base,
 0x0, memmap[SIFIVE_U_UART0].size);
-qemu_fdt_setprop_cell(fdt, nodename, "clock-frequency",
-  SIFIVE_U_CLOCK_FREQ / 2);
+qemu_fdt_setprop_cells(fdt, nodename, "clocks",
+prci_phandle, PRCI_CLK_TLCLK);
 qemu_fdt_setprop_cell(fdt, nodename, "interrupt-parent", plic_phandle);
 qemu_fdt_setprop_cell(fdt, nodename, "interrupts", SIFIVE_U_UART0_IRQ);
 
diff --git a/include/hw/riscv/sifive_u.h b/include/hw/riscv/sifive_u.h
index 2f475c5..0461331 100644
--- a/include/hw/riscv/sifive_u.h
+++ b/include/hw/riscv/sifive_u.h
@@ -68,8 +68,7 @@ enum {
 enum {
 SIFIVE_U_CLOCK_FREQ = 10,
 SIFIVE_U_HFCLK_FREQ = ,
-SIFIVE_U_RTCCLK_FREQ = 100,
-SIFIVE_U_GEM_CLOCK_FREQ = 12500
+SIFIVE_U_RTCCLK_FREQ = 100
 };
 
 #define SIFIVE_U_PLIC_HART_CONFIG "MS"
diff --git a/include/hw/riscv/sifive_u_prci.h b/include/hw/riscv/sifive_u_prci.h
index f3a4656..640c641 100644
--- a/include/hw/riscv/sifive_u_prci.h
+++ b/include/hw/riscv/sifive_u_prci.h
@@ -87,4 +87,14 @@ typedef struct SiFivePRCIState {
 
 DeviceState *sifive_u_prci_create(hwaddr addr);
 
+/*
+ * Clock indexes for use by Device Tree data and the PRCI driver.
+ *
+ * These values are from sifive-fu540-prci.h in the Linux kernel.
+ */
+#define PRCI_CLK_COREPLL0
+#define PRCI_CLK_DDRPLL 1
+#define PRCI_CLK_GEMGXLPLL  2
+#define PRCI_CLK_TLCLK  3
+
 #endif /* HW_SIFIVE_U_PRCI_H */
-- 
2.7.4

[Qemu-devel] [PATCH 25/28] riscv: sifive_u: Support loading initramfs

[Bin Meng]

The loading of initramfs is currently not supported on 'sifive_u'.
Add the support to make '-initrd' command line parameter useful.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_u.c | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 85cd4b5..d77b3c3 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -323,7 +323,18 @@ static void riscv_sifive_u_init(MachineState *machine)
  memmap[SIFIVE_U_DRAM].base);
 
 if (machine->kernel_filename) {
-riscv_load_kernel(machine->kernel_filename);
+uint64_t kernel_entry = riscv_load_kernel(machine->kernel_filename);
+
+if (machine->initrd_filename) {
+hwaddr start;
+hwaddr end = riscv_load_initrd(machine->initrd_filename,
+   machine->ram_size, kernel_entry,
+   );
+qemu_fdt_setprop_cell(s->fdt, "/chosen",
+  "linux,initrd-start", start);
+qemu_fdt_setprop_cell(s->fdt, "/chosen", "linux,initrd-end",
+  end);
+}
 }
 
 /* reset vector */
-- 
2.7.4

[Qemu-devel] [PATCH 05/28] riscv: hart: Support heterogeneous harts population

[Bin Meng]

At present we only allow symmetric harts to be created. In order to
support heterogeneous harts like SiFive FU540, update hart array's
"cpu-type" property to allow cpu type to be set per hart, separated
by delimiter ",". The frist cpu type before the delimiter is assigned
to hart 0, and the second cpu type before delimiter is assigned to
hart 1, and so on.

If the total number of cpu types supplied in "cpu-type" property is
less than number of maximum harts, the last cpu type in the property
will be used to populate remaining harts.

Signed-off-by: Bin Meng 
---

 hw/riscv/riscv_hart.c | 48 +---
 1 file changed, 45 insertions(+), 3 deletions(-)

diff --git a/hw/riscv/riscv_hart.c b/hw/riscv/riscv_hart.c
index 3dd1c6a..27093e0 100644
--- a/hw/riscv/riscv_hart.c
+++ b/hw/riscv/riscv_hart.c
@@ -58,13 +58,55 @@ static void riscv_hart_realize(RISCVHartArrayState *s, int 
hart,
 static void riscv_harts_realize(DeviceState *dev, Error **errp)
 {
 RISCVHartArrayState *s = RISCV_HART_ARRAY(dev);
-int n;
+char *cpu_types;
+char *first_type, *last_type, *tmp_type;
+int n = 0;
 
 s->harts = g_new0(RISCVCPU, s->num_harts);
 
-for (n = 0; n < s->num_harts; n++) {
-riscv_hart_realize(s, n, s->cpu_type, errp);
+/* we should not touch the original s->cpu_type */
+cpu_types = g_strdup(s->cpu_type);
+
+/*
+ * Expect s->cpu_type property was initialized this way:
+ *
+ * "cpu-type-a": symmetric harts
+ * "cpu-type-a,cpu-type-b,cpu-type-c": heterogeneous harts
+ *
+ * For heterogeneous harts, hart cpu types are separated by delimiter ",".
+ * The frist cpu type before the delimiter is assigned to hart 0, and the
+ * second cpu type before delimiter is assigned to hart 1, and so on.
+ *
+ * If the total number of cpu types is less than s->num_harts, the last
+ * cpu type in s->cpu_type will be used to populate remaining harts.
+ */
+
+first_type = strtok(cpu_types, ",");
+riscv_hart_realize(s, n++, first_type, errp);
+tmp_type = strtok(NULL, ",");
+if (!tmp_type) {
+/* symmetric harts */
+for (; n < s->num_harts; n++) {
+riscv_hart_realize(s, n, first_type, errp);
+   }
+} else {
+/* heterogeneous harts */
+while (tmp_type) {
+if (n >= s->num_harts) {
+break;
+}
+riscv_hart_realize(s, n++, tmp_type, errp);
+last_type = tmp_type;
+tmp_type = strtok(NULL, ",");
+}
+
+/* populate remaining harts using the last cpu type in s->cpu_type */
+for (; n < s->num_harts; n++) {
+riscv_hart_realize(s, n, last_type, errp);
+}
 }
+
+g_free(cpu_types);
 }
 
 static void riscv_harts_class_init(ObjectClass *klass, void *data)
-- 
2.7.4

[Qemu-devel] [PATCH 23/28] riscv: sifive: Move sifive_mmio_emulate() to a common place

[Bin Meng]

sifive_mmio_emulate() is currently only used in the sifive_e machine
codes. It can be helpful for other machines as well.

Change it to an inline routine and move it to sifive_cpu.h, so that
other machines like sifive_u can use it.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_e.c   |  8 
 include/hw/riscv/sifive_cpu.h | 10 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index 2d67670..7e0fe7b 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -74,14 +74,6 @@ static const struct MemmapEntry {
 [SIFIVE_E_DTIM] = { 0x8000, 0x4000 }
 };
 
-static void sifive_mmio_emulate(MemoryRegion *parent, const char *name,
- uintptr_t offset, uintptr_t length)
-{
-MemoryRegion *mock_mmio = g_new(MemoryRegion, 1);
-memory_region_init_ram(mock_mmio, NULL, name, length, _fatal);
-memory_region_add_subregion(parent, offset, mock_mmio);
-}
-
 static void riscv_sifive_e_init(MachineState *machine)
 {
 const struct MemmapEntry *memmap = sifive_e_memmap;
diff --git a/include/hw/riscv/sifive_cpu.h b/include/hw/riscv/sifive_cpu.h
index 1367996..897b8f8 100644
--- a/include/hw/riscv/sifive_cpu.h
+++ b/include/hw/riscv/sifive_cpu.h
@@ -1,5 +1,5 @@
 /*
- * SiFive CPU types
+ * SiFive CPU types and common utilities
  *
  * Copyright (c) 2017 SiFive, Inc.
  * Copyright (c) 2019 Bin Meng 
@@ -28,4 +28,12 @@
 #define SIFIVE_U_CPU TYPE_RISCV_CPU_SIFIVE_U54
 #endif
 
+static inline void sifive_mmio_emulate(MemoryRegion *parent, const char *name,
+   uintptr_t offset, uintptr_t length)
+{
+MemoryRegion *mock_mmio = g_new(MemoryRegion, 1);
+memory_region_init_ram(mock_mmio, NULL, name, length, _fatal);
+memory_region_add_subregion(parent, offset, mock_mmio);
+}
+
 #endif /* HW_SIFIVE_CPU_H */
-- 
2.7.4

[Qemu-devel] [PATCH 16/28] riscv: sifive_u: Add PRCI block to the SoC

[Bin Meng]

Add PRCI mmio base address and size mappings to sifive_u machine,
and generate the corresponding device tree node.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_u.c | 21 -
 include/hw/riscv/sifive_u.h |  1 +
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index f619ca6..20dee52 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -9,6 +9,7 @@
  * 0) UART
  * 1) CLINT (Core Level Interruptor)
  * 2) PLIC (Platform Level Interrupt Controller)
+ * 3) PRCI (Power, Reset, Clock, Interrupt)
  *
  * This board currently uses a hardcoded devicetree that indicates five harts.
  *
@@ -41,6 +42,7 @@
 #include "hw/riscv/sifive_clint.h"
 #include "hw/riscv/sifive_uart.h"
 #include "hw/riscv/sifive_u.h"
+#include "hw/riscv/sifive_u_prci.h"
 #include "hw/riscv/boot.h"
 #include "chardev/char.h"
 #include "sysemu/arch_init.h"
@@ -59,6 +61,7 @@ static const struct MemmapEntry {
 [SIFIVE_U_MROM] = { 0x1000,0x11000 },
 [SIFIVE_U_CLINT] ={  0x200,0x1 },
 [SIFIVE_U_PLIC] = {  0xc00,  0x400 },
+[SIFIVE_U_PRCI] = { 0x1000, 0x1000 },
 [SIFIVE_U_UART0] ={ 0x1001, 0x1000 },
 [SIFIVE_U_UART1] ={ 0x10011000, 0x1000 },
 [SIFIVE_U_DRAM] = { 0x8000,0x0 },
@@ -75,7 +78,7 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 uint32_t *cells;
 char *nodename;
 char ethclk_names[] = "pclk\0hclk\0tx_clk";
-uint32_t plic_phandle, ethclk_phandle, phandle = 1;
+uint32_t plic_phandle, prci_phandle, ethclk_phandle, phandle = 1;
 uint32_t hfclk_phandle, rtcclk_phandle;
 
 fdt = s->fdt = create_device_tree(>fdt_size);
@@ -182,6 +185,21 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 g_free(cells);
 g_free(nodename);
 
+prci_phandle = phandle++;
+nodename = g_strdup_printf("/soc/clock-controller@%lx",
+(long)memmap[SIFIVE_U_PRCI].base);
+qemu_fdt_add_subnode(fdt, nodename);
+qemu_fdt_setprop_cell(fdt, nodename, "phandle", prci_phandle);
+qemu_fdt_setprop_cell(fdt, nodename, "#clock-cells", 0x1);
+qemu_fdt_setprop_cells(fdt, nodename, "clocks",
+hfclk_phandle, rtcclk_phandle);
+qemu_fdt_setprop_cells(fdt, nodename, "reg",
+0x0, memmap[SIFIVE_U_PRCI].base,
+0x0, memmap[SIFIVE_U_PRCI].size);
+qemu_fdt_setprop_string(fdt, nodename, "compatible",
+"sifive,fu540-c000-prci");
+g_free(nodename);
+
 plic_phandle = phandle++;
 cells =  g_new0(uint32_t, s->soc.cpus.num_harts * 4 - 2);
 for (cpu = 0; cpu < s->soc.cpus.num_harts; cpu++) {
@@ -421,6 +439,7 @@ static void riscv_sifive_u_soc_realize(DeviceState *dev, 
Error **errp)
 sifive_clint_create(memmap[SIFIVE_U_CLINT].base,
 memmap[SIFIVE_U_CLINT].size, ms->smp.cpus,
 SIFIVE_SIP_BASE, SIFIVE_TIMECMP_BASE, SIFIVE_TIME_BASE);
+sifive_u_prci_create(memmap[SIFIVE_U_PRCI].base);
 
 for (i = 0; i < SIFIVE_U_PLIC_NUM_SOURCES; i++) {
 plic_gpios[i] = qdev_get_gpio_in(DEVICE(s->plic), i);
diff --git a/include/hw/riscv/sifive_u.h b/include/hw/riscv/sifive_u.h
index bacd60f..19d5a6f 100644
--- a/include/hw/riscv/sifive_u.h
+++ b/include/hw/riscv/sifive_u.h
@@ -51,6 +51,7 @@ enum {
 SIFIVE_U_MROM,
 SIFIVE_U_CLINT,
 SIFIVE_U_PLIC,
+SIFIVE_U_PRCI,
 SIFIVE_U_UART0,
 SIFIVE_U_UART1,
 SIFIVE_U_DRAM,
-- 
2.7.4

[Qemu-devel] [PATCH 03/28] riscv: Add a sifive_cpu.h to include both E and U cpu type defines

[Bin Meng]

Group SiFive E and U cpu type defines into one header file.

Signed-off-by: Bin Meng 
---

 include/hw/riscv/sifive_cpu.h | 31 +++
 include/hw/riscv/sifive_e.h   |  7 +--
 include/hw/riscv/sifive_u.h   |  7 +--
 3 files changed, 33 insertions(+), 12 deletions(-)
 create mode 100644 include/hw/riscv/sifive_cpu.h

diff --git a/include/hw/riscv/sifive_cpu.h b/include/hw/riscv/sifive_cpu.h
new file mode 100644
index 000..1367996
--- /dev/null
+++ b/include/hw/riscv/sifive_cpu.h
@@ -0,0 +1,31 @@
+/*
+ * SiFive CPU types
+ *
+ * Copyright (c) 2017 SiFive, Inc.
+ * Copyright (c) 2019 Bin Meng 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef HW_SIFIVE_CPU_H
+#define HW_SIFIVE_CPU_H
+
+#if defined(TARGET_RISCV32)
+#define SIFIVE_E_CPU TYPE_RISCV_CPU_SIFIVE_E31
+#define SIFIVE_U_CPU TYPE_RISCV_CPU_SIFIVE_U34
+#elif defined(TARGET_RISCV64)
+#define SIFIVE_E_CPU TYPE_RISCV_CPU_SIFIVE_E51
+#define SIFIVE_U_CPU TYPE_RISCV_CPU_SIFIVE_U54
+#endif
+
+#endif /* HW_SIFIVE_CPU_H */
diff --git a/include/hw/riscv/sifive_e.h b/include/hw/riscv/sifive_e.h
index d175b24..e17cdfd 100644
--- a/include/hw/riscv/sifive_e.h
+++ b/include/hw/riscv/sifive_e.h
@@ -19,6 +19,7 @@
 #ifndef HW_SIFIVE_E_H
 #define HW_SIFIVE_E_H
 
+#include "hw/riscv/sifive_cpu.h"
 #include "hw/riscv/sifive_gpio.h"
 
 #define TYPE_RISCV_E_SOC "riscv.sifive.e.soc"
@@ -83,10 +84,4 @@ enum {
 #define SIFIVE_E_PLIC_CONTEXT_BASE 0x20
 #define SIFIVE_E_PLIC_CONTEXT_STRIDE 0x1000
 
-#if defined(TARGET_RISCV32)
-#define SIFIVE_E_CPU TYPE_RISCV_CPU_SIFIVE_E31
-#elif defined(TARGET_RISCV64)
-#define SIFIVE_E_CPU TYPE_RISCV_CPU_SIFIVE_E51
-#endif
-
 #endif
diff --git a/include/hw/riscv/sifive_u.h b/include/hw/riscv/sifive_u.h
index 892f0ee..4abc621 100644
--- a/include/hw/riscv/sifive_u.h
+++ b/include/hw/riscv/sifive_u.h
@@ -20,6 +20,7 @@
 #define HW_SIFIVE_U_H
 
 #include "hw/net/cadence_gem.h"
+#include "hw/riscv/sifive_cpu.h"
 
 #define TYPE_RISCV_U_SOC "riscv.sifive.u.soc"
 #define RISCV_U_SOC(obj) \
@@ -77,10 +78,4 @@ enum {
 #define SIFIVE_U_PLIC_CONTEXT_BASE 0x20
 #define SIFIVE_U_PLIC_CONTEXT_STRIDE 0x1000
 
-#if defined(TARGET_RISCV32)
-#define SIFIVE_U_CPU TYPE_RISCV_CPU_SIFIVE_U34
-#elif defined(TARGET_RISCV64)
-#define SIFIVE_U_CPU TYPE_RISCV_CPU_SIFIVE_U54
-#endif
-
 #endif
-- 
2.7.4

[Qemu-devel] [PATCH 15/28] riscv: sifive_u: Generate hfclk and rtcclk nodes

[Bin Meng]

To keep in sync with Linux kernel device tree, generate hfclk and
rtcclk nodes in the device tree, to be referenced by PRCI node.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_u.c | 23 +++
 include/hw/riscv/sifive_u.h |  2 ++
 2 files changed, 25 insertions(+)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index dfcb525..f619ca6 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -76,6 +76,7 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 char *nodename;
 char ethclk_names[] = "pclk\0hclk\0tx_clk";
 uint32_t plic_phandle, ethclk_phandle, phandle = 1;
+uint32_t hfclk_phandle, rtcclk_phandle;
 
 fdt = s->fdt = create_device_tree(>fdt_size);
 if (!fdt) {
@@ -94,6 +95,28 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_cell(fdt, "/soc", "#size-cells", 0x2);
 qemu_fdt_setprop_cell(fdt, "/soc", "#address-cells", 0x2);
 
+hfclk_phandle = phandle++;
+nodename = g_strdup_printf("/hfclk");
+qemu_fdt_add_subnode(fdt, nodename);
+qemu_fdt_setprop_cell(fdt, nodename, "phandle", hfclk_phandle);
+qemu_fdt_setprop_string(fdt, nodename, "clock-output-names", "hfclk");
+qemu_fdt_setprop_cell(fdt, nodename, "clock-frequency",
+SIFIVE_U_HFCLK_FREQ);
+qemu_fdt_setprop_string(fdt, nodename, "compatible", "fixed-clock");
+qemu_fdt_setprop_cell(fdt, nodename, "#clock-cells", 0x0);
+g_free(nodename);
+
+rtcclk_phandle = phandle++;
+nodename = g_strdup_printf("/rtcclk");
+qemu_fdt_add_subnode(fdt, nodename);
+qemu_fdt_setprop_cell(fdt, nodename, "phandle", rtcclk_phandle);
+qemu_fdt_setprop_string(fdt, nodename, "clock-output-names", "rtcclk");
+qemu_fdt_setprop_cell(fdt, nodename, "clock-frequency",
+SIFIVE_U_RTCCLK_FREQ);
+qemu_fdt_setprop_string(fdt, nodename, "compatible", "fixed-clock");
+qemu_fdt_setprop_cell(fdt, nodename, "#clock-cells", 0x0);
+g_free(nodename);
+
 nodename = g_strdup_printf("/memory@%lx",
 (long)memmap[SIFIVE_U_DRAM].base);
 qemu_fdt_add_subnode(fdt, nodename);
diff --git a/include/hw/riscv/sifive_u.h b/include/hw/riscv/sifive_u.h
index 4abc621..bacd60f 100644
--- a/include/hw/riscv/sifive_u.h
+++ b/include/hw/riscv/sifive_u.h
@@ -65,6 +65,8 @@ enum {
 
 enum {
 SIFIVE_U_CLOCK_FREQ = 10,
+SIFIVE_U_HFCLK_FREQ = ,
+SIFIVE_U_RTCCLK_FREQ = 100,
 SIFIVE_U_GEM_CLOCK_FREQ = 12500
 };
 
-- 
2.7.4

[Qemu-devel] [PATCH 18/28] riscv: hw: Implement a model for SiFive FU540 OTP

[Bin Meng]

This implements a simple model for SiFive FU540 OTP (One-Time
Programmable) Memory interface, primarily for reading out the
stored serial number from the first 1 KiB of the 16 KiB OTP
memory reserved by SiFive for internal use.

Signed-off-by: Bin Meng 
---

 hw/riscv/Makefile.objs  |   1 +
 hw/riscv/sifive_u_otp.c | 194 
 include/hw/riscv/sifive_u_otp.h |  90 +++
 3 files changed, 285 insertions(+)
 create mode 100644 hw/riscv/sifive_u_otp.c
 create mode 100644 include/hw/riscv/sifive_u_otp.h

diff --git a/hw/riscv/Makefile.objs b/hw/riscv/Makefile.objs
index b95bbd5..fc3c6dd 100644
--- a/hw/riscv/Makefile.objs
+++ b/hw/riscv/Makefile.objs
@@ -8,6 +8,7 @@ obj-$(CONFIG_SIFIVE) += sifive_gpio.o
 obj-$(CONFIG_SIFIVE) += sifive_plic.o
 obj-$(CONFIG_SIFIVE) += sifive_test.o
 obj-$(CONFIG_SIFIVE_U) += sifive_u.o
+obj-$(CONFIG_SIFIVE_U) += sifive_u_otp.o
 obj-$(CONFIG_SIFIVE_U) += sifive_u_prci.o
 obj-$(CONFIG_SIFIVE) += sifive_uart.o
 obj-$(CONFIG_SPIKE) += spike.o
diff --git a/hw/riscv/sifive_u_otp.c b/hw/riscv/sifive_u_otp.c
new file mode 100644
index 000..f21d9f4
--- /dev/null
+++ b/hw/riscv/sifive_u_otp.c
@@ -0,0 +1,194 @@
+/*
+ * QEMU SiFive U OTP (One-Time Programmable) Memory interface
+ *
+ * Copyright (c) 2019 Bin Meng 
+ *
+ * Simple model of the OTP to emulate register reads made by the SDK BSP
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "qemu/module.h"
+#include "target/riscv/cpu.h"
+#include "hw/riscv/sifive_u_otp.h"
+
+static uint64_t sifive_otp_read(void *opaque, hwaddr addr, unsigned int size)
+{
+SiFiveOTPState *s = opaque;
+
+switch (addr) {
+case SIFIVE_OTP_PA:
+return s->pa;
+case SIFIVE_OTP_PAIO:
+return s->paio;
+case SIFIVE_OTP_PAS:
+return s->pas;
+case SIFIVE_OTP_PCE:
+return s->pce;
+case SIFIVE_OTP_PCLK:
+return s->pclk;
+case SIFIVE_OTP_PDIN:
+return s->pdin;
+case SIFIVE_OTP_PDOUT:
+if ((s->pce & SIFIVE_OTP_PCE_EN) &&
+(s->pdstb & SIFIVE_OTP_PDSTB_EN) &&
+(s->ptrim & SIFIVE_OTP_PTRIM_EN)) {
+return s->fuse[s->pa & SIFIVE_OTP_PA_MASK];
+} else {
+return 0xff;
+}
+case SIFIVE_OTP_PDSTB:
+return s->pdstb;
+case SIFIVE_OTP_PPROG:
+return s->pprog;
+case SIFIVE_OTP_PTC:
+return s->ptc;
+case SIFIVE_OTP_PTM:
+return s->ptm;
+case SIFIVE_OTP_PTM_REP:
+return s->ptm_rep;
+case SIFIVE_OTP_PTR:
+return s->ptr;
+case SIFIVE_OTP_PTRIM:
+return s->ptrim;
+case SIFIVE_OTP_PWE:
+return s->pwe;
+}
+
+hw_error("%s: read: addr=0x%x\n", __func__, (int)addr);
+return 0;
+}
+
+static void sifive_otp_write(void *opaque, hwaddr addr,
+ uint64_t val64, unsigned int size)
+{
+SiFiveOTPState *s = opaque;
+
+switch (addr) {
+case SIFIVE_OTP_PA:
+s->pa = (uint32_t) val64 & SIFIVE_OTP_PA_MASK;
+break;
+case SIFIVE_OTP_PAIO:
+s->paio = (uint32_t) val64;
+break;
+case SIFIVE_OTP_PAS:
+s->pas = (uint32_t) val64;
+break;
+case SIFIVE_OTP_PCE:
+s->pce = (uint32_t) val64;
+break;
+case SIFIVE_OTP_PCLK:
+s->pclk = (uint32_t) val64;
+break;
+case SIFIVE_OTP_PDIN:
+s->pdin = (uint32_t) val64;
+break;
+case SIFIVE_OTP_PDOUT:
+/* read-only */
+break;
+case SIFIVE_OTP_PDSTB:
+s->pdstb = (uint32_t) val64;
+break;
+case SIFIVE_OTP_PPROG:
+s->pprog = (uint32_t) val64;
+break;
+case SIFIVE_OTP_PTC:
+s->ptc = (uint32_t) val64;
+break;
+case SIFIVE_OTP_PTM:
+s->ptm = (uint32_t) val64;
+break;
+case SIFIVE_OTP_PTM_REP:
+s->ptm_rep = (uint32_t) val64;
+break;
+case SIFIVE_OTP_PTR:
+s->ptr = (uint32_t) val64;
+break;
+case SIFIVE_OTP_PTRIM:
+s->ptrim = (uint32_t) val64;
+break;
+case SIFIVE_OTP_PWE:
+s->pwe = (uint32_t) val64;
+break;
+default:
+hw_error("%s: bad write: addr=0x%x v=0x%x\n",
+ __func__, (int)addr, (int)val64);
+}
+}
+
+static const MemoryRegionOps sifive_otp_ops = {
+.read = 

[Qemu-devel] [PATCH 13/28] riscv: sifive_e: prci: Update the PRCI register block size

[Bin Meng]

Currently the PRCI register block size is set to 0x8000, but in fact
0x1000 is enough, which is also what the manual says.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_e_prci.c | 2 +-
 include/hw/riscv/sifive_e_prci.h | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/riscv/sifive_e_prci.c b/hw/riscv/sifive_e_prci.c
index c906f11..4cbce48 100644
--- a/hw/riscv/sifive_e_prci.c
+++ b/hw/riscv/sifive_e_prci.c
@@ -85,7 +85,7 @@ static void sifive_prci_init(Object *obj)
 SiFivePRCIState *s = SIFIVE_E_PRCI(obj);
 
 memory_region_init_io(>mmio, obj, _prci_ops, s,
-  TYPE_SIFIVE_E_PRCI, 0x8000);
+  TYPE_SIFIVE_E_PRCI, SIFIVE_E_PRCI_REG_SIZE);
 sysbus_init_mmio(SYS_BUS_DEVICE(obj), >mmio);
 
 s->hfrosccfg = (SIFIVE_PRCI_HFROSCCFG_RDY | SIFIVE_PRCI_HFROSCCFG_EN);
diff --git a/include/hw/riscv/sifive_e_prci.h b/include/hw/riscv/sifive_e_prci.h
index 7932fe7..81e506b 100644
--- a/include/hw/riscv/sifive_e_prci.h
+++ b/include/hw/riscv/sifive_e_prci.h
@@ -47,6 +47,8 @@ enum {
 SIFIVE_PRCI_PLLOUTDIV_DIV1  = (1 << 8)
 };
 
+#define SIFIVE_E_PRCI_REG_SIZE  0x1000
+
 #define TYPE_SIFIVE_E_PRCI  "riscv.sifive.e.prci"
 
 #define SIFIVE_E_PRCI(obj) \
-- 
2.7.4

[Qemu-devel] [PATCH 01/28] riscv: hw: Remove superfluous "linux, phandle" property

[Bin Meng]

"linux,phandle" property is optional. Remove all instances in the
sifive_u and virt machine device tree.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_u.c | 3 ---
 hw/riscv/virt.c | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 71b8083..ef36948 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -125,7 +125,6 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_string(fdt, nodename, "device_type", "cpu");
 qemu_fdt_add_subnode(fdt, intc);
 qemu_fdt_setprop_cell(fdt, intc, "phandle", cpu_phandle);
-qemu_fdt_setprop_cell(fdt, intc, "linux,phandle", cpu_phandle);
 qemu_fdt_setprop_string(fdt, intc, "compatible", "riscv,cpu-intc");
 qemu_fdt_setprop(fdt, intc, "interrupt-controller", NULL, 0);
 qemu_fdt_setprop_cell(fdt, intc, "#interrupt-cells", 1);
@@ -184,7 +183,6 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_cell(fdt, nodename, "riscv,max-priority", 7);
 qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", 0x35);
 qemu_fdt_setprop_cells(fdt, nodename, "phandle", plic_phandle);
-qemu_fdt_setprop_cells(fdt, nodename, "linux,phandle", plic_phandle);
 plic_phandle = qemu_fdt_get_phandle(fdt, nodename);
 g_free(cells);
 g_free(nodename);
@@ -197,7 +195,6 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_cell(fdt, nodename, "clock-frequency",
 SIFIVE_U_GEM_CLOCK_FREQ);
 qemu_fdt_setprop_cell(fdt, nodename, "phandle", ethclk_phandle);
-qemu_fdt_setprop_cell(fdt, nodename, "linux,phandle", ethclk_phandle);
 ethclk_phandle = qemu_fdt_get_phandle(fdt, nodename);
 g_free(nodename);
 
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 25faf3b..00be05a 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -170,11 +170,9 @@ static void *create_fdt(RISCVVirtState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_cell(fdt, nodename, "reg", cpu);
 qemu_fdt_setprop_string(fdt, nodename, "device_type", "cpu");
 qemu_fdt_setprop_cell(fdt, nodename, "phandle", cpu_phandle);
-qemu_fdt_setprop_cell(fdt, nodename, "linux,phandle", cpu_phandle);
 intc_phandle = phandle++;
 qemu_fdt_add_subnode(fdt, intc);
 qemu_fdt_setprop_cell(fdt, intc, "phandle", intc_phandle);
-qemu_fdt_setprop_cell(fdt, intc, "linux,phandle", intc_phandle);
 qemu_fdt_setprop_string(fdt, intc, "compatible", "riscv,cpu-intc");
 qemu_fdt_setprop(fdt, intc, "interrupt-controller", NULL, 0);
 qemu_fdt_setprop_cell(fdt, intc, "#interrupt-cells", 1);
@@ -250,7 +248,6 @@ static void *create_fdt(RISCVVirtState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_cell(fdt, nodename, "riscv,max-priority", 7);
 qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", VIRTIO_NDEV);
 qemu_fdt_setprop_cells(fdt, nodename, "phandle", plic_phandle);
-qemu_fdt_setprop_cells(fdt, nodename, "linux,phandle", plic_phandle);
 plic_phandle = qemu_fdt_get_phandle(fdt, nodename);
 g_free(cells);
 g_free(nodename);
-- 
2.7.4

[Qemu-devel] [PATCH 12/28] riscv: sifive_e: prci: Fix a typo of hfxosccfg register programming

[Bin Meng]

It should use SIFIVE_PRCI_HFXOSCCFG_RDY and SIFIVE_PRCI_HFXOSCCFG_EN
for hfxosccfg register programming.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_e_prci.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/riscv/sifive_e_prci.c b/hw/riscv/sifive_e_prci.c
index acb914d..c906f11 100644
--- a/hw/riscv/sifive_e_prci.c
+++ b/hw/riscv/sifive_e_prci.c
@@ -89,7 +89,7 @@ static void sifive_prci_init(Object *obj)
 sysbus_init_mmio(SYS_BUS_DEVICE(obj), >mmio);
 
 s->hfrosccfg = (SIFIVE_PRCI_HFROSCCFG_RDY | SIFIVE_PRCI_HFROSCCFG_EN);
-s->hfxosccfg = (SIFIVE_PRCI_HFROSCCFG_RDY | SIFIVE_PRCI_HFROSCCFG_EN);
+s->hfxosccfg = (SIFIVE_PRCI_HFXOSCCFG_RDY | SIFIVE_PRCI_HFXOSCCFG_EN);
 s->pllcfg = (SIFIVE_PRCI_PLLCFG_REFSEL | SIFIVE_PRCI_PLLCFG_BYPASS |
 SIFIVE_PRCI_PLLCFG_LOCK);
 s->plloutdiv = SIFIVE_PRCI_PLLOUTDIV_DIV1;
-- 
2.7.4

[Qemu-devel] [PATCH 11/28] riscv: sifive: Rename sifive_prci.{c, h} to sifive_e_prci.{c, h}

[Bin Meng]

Current SiFive PRCI model only works with sifive_e machine, as it
only emulates registers or PRCI block in the FE310 SoC.

Rename the file name to make it clear that it is for sifive_e.

Signed-off-by: Bin Meng 
---

 hw/riscv/Makefile.objs  |  2 +-
 hw/riscv/sifive_e.c |  4 ++--
 hw/riscv/{sifive_prci.c => sifive_e_prci.c} | 14 +++---
 include/hw/riscv/{sifive_prci.h => sifive_e_prci.h} | 14 +++---
 4 files changed, 17 insertions(+), 17 deletions(-)
 rename hw/riscv/{sifive_prci.c => sifive_e_prci.c} (90%)
 rename include/hw/riscv/{sifive_prci.h => sifive_e_prci.h} (82%)

diff --git a/hw/riscv/Makefile.objs b/hw/riscv/Makefile.objs
index eb9d4f9..c859697 100644
--- a/hw/riscv/Makefile.objs
+++ b/hw/riscv/Makefile.objs
@@ -2,9 +2,9 @@ obj-y += boot.o
 obj-$(CONFIG_SPIKE) += riscv_htif.o
 obj-$(CONFIG_HART) += riscv_hart.o
 obj-$(CONFIG_SIFIVE_E) += sifive_e.o
+obj-$(CONFIG_SIFIVE_E) += sifive_e_prci.o
 obj-$(CONFIG_SIFIVE) += sifive_clint.o
 obj-$(CONFIG_SIFIVE) += sifive_gpio.o
-obj-$(CONFIG_SIFIVE) += sifive_prci.o
 obj-$(CONFIG_SIFIVE) += sifive_plic.o
 obj-$(CONFIG_SIFIVE) += sifive_test.o
 obj-$(CONFIG_SIFIVE_U) += sifive_u.o
diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index 2a499d8..2d67670 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -41,9 +41,9 @@
 #include "hw/riscv/riscv_hart.h"
 #include "hw/riscv/sifive_plic.h"
 #include "hw/riscv/sifive_clint.h"
-#include "hw/riscv/sifive_prci.h"
 #include "hw/riscv/sifive_uart.h"
 #include "hw/riscv/sifive_e.h"
+#include "hw/riscv/sifive_e_prci.h"
 #include "hw/riscv/boot.h"
 #include "chardev/char.h"
 #include "sysemu/arch_init.h"
@@ -174,7 +174,7 @@ static void riscv_sifive_e_soc_realize(DeviceState *dev, 
Error **errp)
 SIFIVE_SIP_BASE, SIFIVE_TIMECMP_BASE, SIFIVE_TIME_BASE);
 sifive_mmio_emulate(sys_mem, "riscv.sifive.e.aon",
 memmap[SIFIVE_E_AON].base, memmap[SIFIVE_E_AON].size);
-sifive_prci_create(memmap[SIFIVE_E_PRCI].base);
+sifive_e_prci_create(memmap[SIFIVE_E_PRCI].base);
 
 /* GPIO */
 
diff --git a/hw/riscv/sifive_prci.c b/hw/riscv/sifive_e_prci.c
similarity index 90%
rename from hw/riscv/sifive_prci.c
rename to hw/riscv/sifive_e_prci.c
index f406682..acb914d 100644
--- a/hw/riscv/sifive_prci.c
+++ b/hw/riscv/sifive_e_prci.c
@@ -1,5 +1,5 @@
 /*
- * QEMU SiFive PRCI (Power, Reset, Clock, Interrupt)
+ * QEMU SiFive E PRCI (Power, Reset, Clock, Interrupt)
  *
  * Copyright (c) 2017 SiFive, Inc.
  *
@@ -22,7 +22,7 @@
 #include "hw/sysbus.h"
 #include "qemu/module.h"
 #include "target/riscv/cpu.h"
-#include "hw/riscv/sifive_prci.h"
+#include "hw/riscv/sifive_e_prci.h"
 
 static uint64_t sifive_prci_read(void *opaque, hwaddr addr, unsigned int size)
 {
@@ -82,10 +82,10 @@ static const MemoryRegionOps sifive_prci_ops = {
 
 static void sifive_prci_init(Object *obj)
 {
-SiFivePRCIState *s = SIFIVE_PRCI(obj);
+SiFivePRCIState *s = SIFIVE_E_PRCI(obj);
 
 memory_region_init_io(>mmio, obj, _prci_ops, s,
-  TYPE_SIFIVE_PRCI, 0x8000);
+  TYPE_SIFIVE_E_PRCI, 0x8000);
 sysbus_init_mmio(SYS_BUS_DEVICE(obj), >mmio);
 
 s->hfrosccfg = (SIFIVE_PRCI_HFROSCCFG_RDY | SIFIVE_PRCI_HFROSCCFG_EN);
@@ -97,7 +97,7 @@ static void sifive_prci_init(Object *obj)
 }
 
 static const TypeInfo sifive_prci_info = {
-.name  = TYPE_SIFIVE_PRCI,
+.name  = TYPE_SIFIVE_E_PRCI,
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_size = sizeof(SiFivePRCIState),
 .instance_init = sifive_prci_init,
@@ -114,9 +114,9 @@ type_init(sifive_prci_register_types)
 /*
  * Create PRCI device.
  */
-DeviceState *sifive_prci_create(hwaddr addr)
+DeviceState *sifive_e_prci_create(hwaddr addr)
 {
-DeviceState *dev = qdev_create(NULL, TYPE_SIFIVE_PRCI);
+DeviceState *dev = qdev_create(NULL, TYPE_SIFIVE_E_PRCI);
 qdev_init_nofail(dev);
 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr);
 return dev;
diff --git a/include/hw/riscv/sifive_prci.h b/include/hw/riscv/sifive_e_prci.h
similarity index 82%
rename from include/hw/riscv/sifive_prci.h
rename to include/hw/riscv/sifive_e_prci.h
index bd51c4a..7932fe7 100644
--- a/include/hw/riscv/sifive_prci.h
+++ b/include/hw/riscv/sifive_e_prci.h
@@ -1,5 +1,5 @@
 /*
- * QEMU SiFive PRCI (Power, Reset, Clock, Interrupt) interface
+ * QEMU SiFive E PRCI (Power, Reset, Clock, Interrupt) interface
  *
  * Copyright (c) 2017 SiFive, Inc.
  *
@@ -16,8 +16,8 @@
  * this program.  If not, see .
  */
 
-#ifndef HW_SIFIVE_PRCI_H
-#define HW_SIFIVE_PRCI_H
+#ifndef HW_SIFIVE_E_PRCI_H
+#define HW_SIFIVE_E_PRCI_H
 
 enum {
 SIFIVE_PRCI_HFROSCCFG   = 0x0,
@@ -47,10 +47,10 @@ enum {
 SIFIVE_PRCI_PLLOUTDIV_DIV1  = (1 << 8)
 };
 
-#define TYPE_SIFIVE_PRCI "riscv.sifive.prci"
+#define TYPE_SIFIVE_E_PRCI  "riscv.sifive.e.prci"
 
-#define SIFIVE_PRCI(obj) \
-

[Qemu-devel] [PATCH 17/28] riscv: sifive_u: Change UART node name in device tree

[Bin Meng]

OpenSBI for fu540 does DT fix up (see fu540_modify_dt()) by updating
chosen "stdout-path" to point to "/soc/serial@...", and U-Boot will
use this information to locate the serial node and probe its driver.
However currently we generate the UART node name as "/soc/uart@...",
causing U-Boot fail to find the serial node in DT.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_u.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 20dee52..8044166 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -273,7 +273,7 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_cell(fdt, nodename, "reg", 0x0);
 g_free(nodename);
 
-nodename = g_strdup_printf("/soc/uart@%lx",
+nodename = g_strdup_printf("/soc/serial@%lx",
 (long)memmap[SIFIVE_U_UART0].base);
 qemu_fdt_add_subnode(fdt, nodename);
 qemu_fdt_setprop_string(fdt, nodename, "compatible", "sifive,uart0");
-- 
2.7.4

[Qemu-devel] [PATCH 09/28] riscv: sifive_u: Update UART base addresses

[Bin Meng]

This updates the UART base address to match the hardware.

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_u.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index b235f29..9f05e09 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -60,8 +60,8 @@ static const struct MemmapEntry {
 [SIFIVE_U_MROM] = { 0x1000,0x11000 },
 [SIFIVE_U_CLINT] ={  0x200,0x1 },
 [SIFIVE_U_PLIC] = {  0xc00,  0x400 },
-[SIFIVE_U_UART0] ={ 0x10013000, 0x1000 },
-[SIFIVE_U_UART1] ={ 0x10023000, 0x1000 },
+[SIFIVE_U_UART0] ={ 0x1001, 0x1000 },
+[SIFIVE_U_UART1] ={ 0x10011000, 0x1000 },
 [SIFIVE_U_DRAM] = { 0x8000,0x0 },
 [SIFIVE_U_GEM] =  { 0x100900FC, 0x2000 },
 };
-- 
2.7.4

[Qemu-devel] [PATCH 00/28] riscv: sifive_u: Improve the emulation fidelity of sifive_u machine

[Bin Meng]

As of today, the QEMU 'sifive_u' machine is a special target that does
not boot the upstream OpenSBI/U-Boot firmware images built for the real
SiFive HiFive Unleashed board. Hence OpenSBI supports a special platform
"qemu/sifive_u". For U-Boot, the sifive_fu540_defconfig is referenced
in the OpenSBI doc as its payload, but that does not boot at all due
to various issues in current QEMU 'sifive_u' machine codes.

This series aims to improve the emulation fidelity of sifive_u machine,
so that the upstream OpenSBI, U-Boot and kernel images built for the
SiFive HiFive Unleashed board can be used out of the box without any
special hack.

The major changes are:
- Heterogeneous harts creation supported, so that we can create a CPU
  that exactly mirrors the real hardware: 1 E51 + 4 U54.
- Implemented a PRCI model for FU540
- Implemented an OTP model for FU540, primarily used for storing serial
  number of the board
- Fixed GEM support that was seriously broken on sifive_u
- Synced device tree with upstream Linux kernel on sifive_u
- Adding initramfs loading support on sifive_u

OpenSBI v0.4 image built for sifive/fu540 is included as the default
bios image for 'sifive_u' machine.

The series is tested against OpenSBI v0.4 image for sifive/fu540
paltform, U-Boot v2019.10-rc1 image for sifive_fu540_defconfig,
and Linux kernel v5.3-rc3 image with the following patch:

macb: Update compatibility string for SiFive FU540-C000
https://patchwork.kernel.org/patch/11050003/

OpenSBI + U-Boot, ping/tftpboot with U-Boot MACB driver works well.
For Linux, only checked boot log of MACB probe success without error.


Bin Meng (28):
  riscv: hw: Remove superfluous "linux,phandle" property
  riscv: hw: Use qemu_fdt_setprop_cell() for property with only 1 cell
  riscv: Add a sifive_cpu.h to include both E and U cpu type defines
  riscv: hart: Extract hart realize to a separate routine
  riscv: hart: Support heterogeneous harts population
  riscv: sifive_u: Update hart configuration to reflect the real FU540
SoC
  riscv: sifive_u: Set the minimum number of cpus to 2
  riscv: sifive_u: Update PLIC hart topology configuration string
  riscv: sifive_u: Update UART base addresses
  riscv: sifive_u: Remove the unnecessary include of prci header
  riscv: sifive: Rename sifive_prci.{c,h} to sifive_e_prci.{c,h}
  riscv: sifive_e: prci: Fix a typo of hfxosccfg register programming
  riscv: sifive_e: prci: Update the PRCI register block size
  riscv: sifive: Implement PRCI model for FU540
  riscv: sifive_u: Generate hfclk and rtcclk nodes
  riscv: sifive_u: Add PRCI block to the SoC
  riscv: sifive_u: Change UART node name in device tree
  riscv: hw: Implement a model for SiFive FU540 OTP
  riscv: sifive_u: Instantiate OTP memory with a serial number
  riscv: roms: Update default bios for sifive_u machine
  riscv: sifive_u: Update UART and ethernet node clock properties
  riscv: sifive_u: Generate an aliases node in the device tree
  riscv: sifive: Move sifive_mmio_emulate() to a common place
  riscv: sifive_u: Fix broken GEM support
  riscv: sifive_u: Support loading initramfs
  riscv: hw: Update PLIC device tree
  riscv: virt: Change create_fdt() to return void
  riscv: sifive_u: Update model and compatible strings in device tree

 hw/riscv/Makefile.objs |   4 +-
 hw/riscv/riscv_hart.c  |  75 ++--
 hw/riscv/sifive_e.c|  12 +-
 hw/riscv/{sifive_prci.c => sifive_e_prci.c}|  16 +-
 hw/riscv/sifive_u.c| 181 +--
 hw/riscv/sifive_u_otp.c| 194 +
 hw/riscv/sifive_u_prci.c   | 163 +
 hw/riscv/virt.c|  42 ++---
 include/hw/riscv/sifive_cpu.h  |  39 +
 include/hw/riscv/sifive_e.h|   7 +-
 .../hw/riscv/{sifive_prci.h => sifive_e_prci.h}|  16 +-
 include/hw/riscv/sifive_u.h|  15 +-
 include/hw/riscv/sifive_u_otp.h|  90 ++
 include/hw/riscv/sifive_u_prci.h   | 100 +++
 pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin   | Bin 40968 -> 45064 bytes
 roms/Makefile  |   4 +-
 16 files changed, 824 insertions(+), 134 deletions(-)
 rename hw/riscv/{sifive_prci.c => sifive_e_prci.c} (88%)
 create mode 100644 hw/riscv/sifive_u_otp.c
 create mode 100644 hw/riscv/sifive_u_prci.c
 create mode 100644 include/hw/riscv/sifive_cpu.h
 rename include/hw/riscv/{sifive_prci.h => sifive_e_prci.h} (80%)
 create mode 100644 include/hw/riscv/sifive_u_otp.h
 create mode 100644 include/hw/riscv/sifive_u_prci.h

-- 
2.7.4

[Qemu-devel] [PATCH 02/28] riscv: hw: Use qemu_fdt_setprop_cell() for property with only 1 cell

[Bin Meng]

Some of the properties only have 1 cell so we should use
qemu_fdt_setprop_cell() instead of qemu_fdt_setprop_cells().

Signed-off-by: Bin Meng 
---

 hw/riscv/sifive_u.c | 16 
 hw/riscv/virt.c | 24 
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index ef36948..623ee64 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -182,7 +182,7 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_string(fdt, nodename, "reg-names", "control");
 qemu_fdt_setprop_cell(fdt, nodename, "riscv,max-priority", 7);
 qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", 0x35);
-qemu_fdt_setprop_cells(fdt, nodename, "phandle", plic_phandle);
+qemu_fdt_setprop_cell(fdt, nodename, "phandle", plic_phandle);
 plic_phandle = qemu_fdt_get_phandle(fdt, nodename);
 g_free(cells);
 g_free(nodename);
@@ -207,20 +207,20 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 0x0, memmap[SIFIVE_U_GEM].size);
 qemu_fdt_setprop_string(fdt, nodename, "reg-names", "control");
 qemu_fdt_setprop_string(fdt, nodename, "phy-mode", "gmii");
-qemu_fdt_setprop_cells(fdt, nodename, "interrupt-parent", plic_phandle);
-qemu_fdt_setprop_cells(fdt, nodename, "interrupts", SIFIVE_U_GEM_IRQ);
+qemu_fdt_setprop_cell(fdt, nodename, "interrupt-parent", plic_phandle);
+qemu_fdt_setprop_cell(fdt, nodename, "interrupts", SIFIVE_U_GEM_IRQ);
 qemu_fdt_setprop_cells(fdt, nodename, "clocks",
 ethclk_phandle, ethclk_phandle, ethclk_phandle);
 qemu_fdt_setprop(fdt, nodename, "clocks-names", ethclk_names,
 sizeof(ethclk_names));
-qemu_fdt_setprop_cells(fdt, nodename, "#address-cells", 1);
-qemu_fdt_setprop_cells(fdt, nodename, "#size-cells", 0);
+qemu_fdt_setprop_cell(fdt, nodename, "#address-cells", 1);
+qemu_fdt_setprop_cell(fdt, nodename, "#size-cells", 0);
 g_free(nodename);
 
 nodename = g_strdup_printf("/soc/ethernet@%lx/ethernet-phy@0",
 (long)memmap[SIFIVE_U_GEM].base);
 qemu_fdt_add_subnode(fdt, nodename);
-qemu_fdt_setprop_cells(fdt, nodename, "reg", 0x0);
+qemu_fdt_setprop_cell(fdt, nodename, "reg", 0x0);
 g_free(nodename);
 
 nodename = g_strdup_printf("/soc/uart@%lx",
@@ -232,8 +232,8 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 0x0, memmap[SIFIVE_U_UART0].size);
 qemu_fdt_setprop_cell(fdt, nodename, "clock-frequency",
   SIFIVE_U_CLOCK_FREQ / 2);
-qemu_fdt_setprop_cells(fdt, nodename, "interrupt-parent", plic_phandle);
-qemu_fdt_setprop_cells(fdt, nodename, "interrupts", SIFIVE_U_UART0_IRQ);
+qemu_fdt_setprop_cell(fdt, nodename, "interrupt-parent", plic_phandle);
+qemu_fdt_setprop_cell(fdt, nodename, "interrupts", SIFIVE_U_UART0_IRQ);
 
 qemu_fdt_add_subnode(fdt, "/chosen");
 qemu_fdt_setprop_string(fdt, "/chosen", "stdout-path", nodename);
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 00be05a..127f005 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -233,8 +233,8 @@ static void *create_fdt(RISCVVirtState *s, const struct 
MemmapEntry *memmap,
 nodename = g_strdup_printf("/soc/interrupt-controller@%lx",
 (long)memmap[VIRT_PLIC].base);
 qemu_fdt_add_subnode(fdt, nodename);
-qemu_fdt_setprop_cells(fdt, nodename, "#address-cells",
-   FDT_PLIC_ADDR_CELLS);
+qemu_fdt_setprop_cell(fdt, nodename, "#address-cells",
+  FDT_PLIC_ADDR_CELLS);
 qemu_fdt_setprop_cell(fdt, nodename, "#interrupt-cells",
   FDT_PLIC_INT_CELLS);
 qemu_fdt_setprop_string(fdt, nodename, "compatible", "riscv,plic0");
@@ -247,7 +247,7 @@ static void *create_fdt(RISCVVirtState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_string(fdt, nodename, "reg-names", "control");
 qemu_fdt_setprop_cell(fdt, nodename, "riscv,max-priority", 7);
 qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", VIRTIO_NDEV);
-qemu_fdt_setprop_cells(fdt, nodename, "phandle", plic_phandle);
+qemu_fdt_setprop_cell(fdt, nodename, "phandle", plic_phandle);
 plic_phandle = qemu_fdt_get_phandle(fdt, nodename);
 g_free(cells);
 g_free(nodename);
@@ -260,19 +260,19 @@ static void *create_fdt(RISCVVirtState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_cells(fdt, nodename, "reg",
 0x0, memmap[VIRT_VIRTIO].base + i * memmap[VIRT_VIRTIO].size,
 0x0, memmap[VIRT_VIRTIO].size);
-qemu_fdt_setprop_cells(fdt, nodename, "interrupt-parent", 
plic_phandle);
-qemu_fdt_setprop_cells(fdt, nodename, "interrupts", VIRTIO_IRQ + i);
+qemu_fdt_setprop_cell(fdt, nodename, "interrupt-parent", plic_phandle);
+qemu_fdt_setprop_cell(fdt, nodename, "interrupts", VIRTIO_IRQ + i);
 g_free(nodename);
 }