[Bug 1847440] Re: ppc64le: KVM guest fails to boot with an error `virtio_scsi: probe of virtio1 failed with error -22` on master

[Satheesh Rajendran]

Domain vm1 started
Connected to domain vm1
Escape character is ^]
Populating /vdevice methods
Populating /vdevice/vty@3000
Populating /vdevice/nvram@7100
Populating /pci@8002000
 00 0800 (D) : 1af4 1000virtio [ net ]
 00 1000 (D) : 1af4 1004virtio [ scsi ]
Populating /pci@8002000/scsi@2
   SCSI: Looking for devices
  100 DISK : "QEMU QEMU HARDDISK2.5+"
 00 1800 (D) : 1b36 000dserial bus [ usb-xhci ]
 00 2000 (D) : 1af4 1002unknown-legacy-device*
No NVRAM common partition, re-initializing...
Scanning USB 
  XHCI: Initializing
Using default console: /vdevice/vty@3000
 
  Welcome to Open Firmware

  Copyright (c) 2004, 2017 IBM Corporation All rights reserved.
  This program and the accompanying materials are made available
  under the terms of the BSD License available at
  http://www.opensource.org/licenses/bsd-license.php


Trying to load:  from: /pci@8002000/scsi@2/disk@100 ...   
Successfully loaded


OF stdout device is: /vdevice/vty@3000
Preparing to boot Linux version 4.13.9-300.fc27.ppc64le 
(mockbu...@buildvm-ppc64le-06.ppc.fedoraproject.org) (gcc version 7.2.1 
20170915 (Red Hat 7.2.1-2) (GCC)) #1 SMP Mon Oct 23 13:28:27 UTC 2017
Detected machine type: 0101
command line: BOOT_IMAGE=/boot/vmlinuz-4.13.9-300.fc27.ppc64le 
root=UUID=500d2159-c568-459e-8864-1c21b3519a80 ro console=tty0 
console=ttyS0,115200 console=hvc0
Max number of cores passed to firmware: 1024 (NR_CPUS = 1024)
Calling ibm,client-architecture-support...Node not supported 
Node not supported 
 not implemented
memory layout at init:
  memory_limit :  (16 MB aligned)
  alloc_bottom : 046a
  alloc_top: 1000
  alloc_top_hi : 0014
  rmo_top  : 1000
  ram_top  : 0014
instantiating rtas at 0x0daf... done
prom_hold_cpus: skipped
copying OF device tree...
Building dt strings...
Building dt structure...
Device tree strings 0x046b -> 0x046b0b3f
Device tree struct  0x046c -> 0x046d
Quiescing Open Firmware ...
Booting Linux via __start() @ 0x0200 ...
[0.00] Page sizes from device-tree:
[0.00] Page size shift = 12 AP=0x0
[0.00] Page size shift = 16 AP=0x5
[0.00] Page size shift = 21 AP=0x1
[0.00] Page size shift = 30 AP=0x2
[0.00] Using radix MMU under hypervisor
[0.00] Mapped range 0x0 - 0x14 with 0x4000
[0.00] Process table c013ff00 and radix root for kernel: 
c14c
[0.00] Linux version 4.13.9-300.fc27.ppc64le 
(mockbu...@buildvm-ppc64le-06.ppc.fedoraproject.org) (gcc version 7.2.1 
20170915 (Red Hat 7.2.1-2) (GCC)) #1 SMP Mon Oct 23 13:28:27 UTC 2017
[0.00] Found initrd at 0xc390:0xc46967f5
[0.00] Using pSeries machine description
[0.00] bootconsole [udbg0] enabled
[0.00] Partition configured for 2 cpus.
[0.00] CPU maps initialized for 1 thread per core
 -> smp_release_cpus()
spinning_secondaries = 1
 <- smp_release_cpus()
[0.00] -
[0.00] ppc64_pft_size= 0x0
[0.00] phys_mem_size = 0x14
[0.00] dcache_bsize  = 0x80
[0.00] icache_bsize  = 0x80
[0.00] cpu_features  = 0x075c7a7c18500249
[0.00]   possible= 0x5fff18500649
[0.00]   always  = 0x18100040
[0.00] cpu_user_features = 0xdc0065c2 0xaee0
[0.00] mmu_features  = 0x3c006041
[0.00] firmware_features = 0x0001455a445f
[0.00] -
[0.00] numa:   NODE_DATA [mem 0x13fffe7e80-0x131b7f]
[0.00] PCI host bridge /pci@8002000  ranges:
[0.00]   IO 0x2000..0x2000 -> 0x
[0.00]  MEM 0x20008000..0x2000 -> 
0x8000 
[0.00]  MEM 0x2100..0x21ff -> 
0x2100 
[0.00] OF: PCI: PROBE_ONLY disabled
[0.00] PPC64 nvram contains 65536 bytes
[0.00] Zone ranges:
[0.00]   DMA  [mem 0x-0x0013]
[0.00]   DMA32empty
[0.00]   Normal   empty
[0.00] Movable zone start for each node
[0.00] Early memory node ranges
[0.00]   node   0: [mem 0x-0x0013]
[0.00] Initmem setup node 0 [mem 0x-0x0013]
[0.00] percpu: Embedded 3 pages/cpu @c013fef8 s151064 r0 d45544 
u196608
[0.00] Built 1 zonelists in Node order, mobility grouping on.  Total 
pages: 1309440
[0.00] Policy zone: DMA
[0.00] Kernel command line: 

[Bug 1847440] Re: ppc64le: KVM guest fails to boot with an error `virtio_scsi: probe of virtio1 failed with error -22` on master

[Satheesh Rajendran]

Same observation with smp 1 even.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1847440

Title:
  ppc64le: KVM guest fails to boot with an error `virtio_scsi: probe of
  virtio1 failed with error -22` on master

Status in QEMU:
  New

Bug description:
  PowerPC KVM Guest fails to boot on current qemu master, bad commit:
  e68cd0cb5cf49d334abe17231a1d2c28b846afa2

  Env:
  HW: IBM Power9
  Host Kernel: 5.4.0-rc2-00038-ge3280b54afed
  Guest Kernel: 4.13.9-300.fc27.ppc64le
  Qemu: https://github.com/qemu/qemu.git (master)
  Libvirt: 5.4.0

  Guest boot gets stuck:
  ...
  [  OK  ] Mounted Kernel Configuration File System.
  [7.598740] virtio-pci :00:01.0: enabling device ( -> 0003)
  [7.598828] virtio-pci :00:01.0: virtio_pci: leaving for legacy driver
  [7.598957] virtio-pci :00:02.0: enabling device ( -> 0003)
  [7.599017] virtio-pci :00:02.0: virtio_pci: leaving for legacy driver
  [7.599123] virtio-pci :00:04.0: enabling device ( -> 0003)
  [7.599182] virtio-pci :00:04.0: virtio_pci: leaving for legacy driver
  [7.620620] synth uevent: /devices/vio: failed to send uevent
  [7.620624] vio vio: uevent: failed to send synthetic uevent
  [  OK  ] Started udev Coldplug all Devices.
  [7.624559] audit: type=1130 audit(1570610300.990:5): pid=1 uid=0 
auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-udev-trigger 
comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? 
res=success'
  [  OK  ] Reached target System Initialization.
  [  OK  ] Reached target Basic System.
  [  OK  ] Reached target Remote File Systems (Pre).
  [  OK  ] Reached target Remote File Systems.
  [7.642961] virtio_scsi: probe of virtio1 failed with error -22
  [ ***  ] A start job is running for dev-disk…21b3519a80.device (14s / no 
limit)
  ...

  git bisect, yielded a bad commit
  [e68cd0cb5cf49d334abe17231a1d2c28b846afa2] spapr: Render full FDT on
  ibm,client-architecture-support, reverting this commit boot the guest
  properly.

  git bisect start
  # good: [9e06029aea3b2eca1d5261352e695edc1e7d7b8b] Update version for v4.1.0 
release
  git bisect good 9e06029aea3b2eca1d5261352e695edc1e7d7b8b
  # bad: [98b2e3c9ab3abfe476a2b02f8f51813edb90e72d] Merge remote-tracking 
branch 'remotes/stefanha/tags/block-pull-request' into staging
  git bisect bad 98b2e3c9ab3abfe476a2b02f8f51813edb90e72d
  # good: [56e6250ede81b4e4b4ddb623874d6c3cdad4a96d] target/arm: Convert T16, 
nop hints
  git bisect good 56e6250ede81b4e4b4ddb623874d6c3cdad4a96d
  # good: [5d69cbdfdd5cd6dadc9f0c986899844a0e4de703] tests/tcg: target/s390x: 
Test MVC
  git bisect good 5d69cbdfdd5cd6dadc9f0c986899844a0e4de703
  # good: [88112488cf228df8b7588c8aa38e16ecd0dff48e] qapi: Make check_type()'s 
array case a bit more obvious
  git bisect good 88112488cf228df8b7588c8aa38e16ecd0dff48e
  # good: [972bd57689f1e11311d86b290134ea2ed9c7c11e] ppc/kvm: Skip writing 
DPDES back when in run time state
  git bisect good 972bd57689f1e11311d86b290134ea2ed9c7c11e
  # bad: [1aba8716c8335e88b8c358002a6e1ac89f7dd258] ppc/pnv: Remove the 
XICSFabric Interface from the POWER9 machine
  git bisect bad 1aba8716c8335e88b8c358002a6e1ac89f7dd258
  # bad: [00ed3da9b5c2e66e796a172df3e19545462b9c90] xics: Minor fixes for 
XICSFabric interface
  git bisect bad 00ed3da9b5c2e66e796a172df3e19545462b9c90
  # good: [33432d7737b53c92791f90ece5dbe3b7bb1c79f5] target/ppc: introduce 
set_dfp{64,128}() helper functions
  git bisect good 33432d7737b53c92791f90ece5dbe3b7bb1c79f5
  # good: [f6d4c423a222f02bfa84a49c3d306d7341ec9bab] target/ppc: remove 
unnecessary if() around calls to set_dfp{64,128}() in DFP macros
  git bisect good f6d4c423a222f02bfa84a49c3d306d7341ec9bab
  # bad: [e68cd0cb5cf49d334abe17231a1d2c28b846afa2] spapr: Render full FDT on 
ibm,client-architecture-support
  git bisect bad e68cd0cb5cf49d334abe17231a1d2c28b846afa2
  # good: [c4ec08ab70bab90685d1443d6da47293e3aa312a] spapr-pci: Stop providing 
assigned-addresses
  git bisect good c4ec08ab70bab90685d1443d6da47293e3aa312a
  # first bad commit: [e68cd0cb5cf49d334abe17231a1d2c28b846afa2] spapr: Render 
full FDT on ibm,client-architecture-support

  attached vmxml.

  qemu commandline:
  /home/sath/qemu/ppc64-softmmu/qemu-system-ppc64 -name 
guest=vm1,debug-threads=on -S -object 
secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-19-vm1/master-key.aes
 -machine pseries-4.2,accel=kvm,usb=off,dump-guest-core=off -m 81920 
-overcommit mem-lock=off -smp 512,sockets=1,cores=128,threads=4 -uuid 
fd4a5d54-0216-490e-82d2-1d4e89683b3d -display none -no-user-config -nodefaults 
-chardev socket,id=charmonitor,fd=24,server,nowait -mon 
chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot 
strict=on -device qemu-xhci,id=usb,bus=pci.0,addr=0x3 -device 
virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x2 -drive 

[Bug 1847440] Re: ppc64le: KVM guest fails to boot with an error `virtio_scsi: probe of virtio1 failed with error -22` on master

[Alexey Kardashevskiy]

Please provide the entire guest booting output, from slof till it is stuck.
Also please try with -smp 1. Thanks.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1847440

Title:
  ppc64le: KVM guest fails to boot with an error `virtio_scsi: probe of
  virtio1 failed with error -22` on master

Status in QEMU:
  New

Bug description:
  PowerPC KVM Guest fails to boot on current qemu master, bad commit:
  e68cd0cb5cf49d334abe17231a1d2c28b846afa2

  Env:
  HW: IBM Power9
  Host Kernel: 5.4.0-rc2-00038-ge3280b54afed
  Guest Kernel: 4.13.9-300.fc27.ppc64le
  Qemu: https://github.com/qemu/qemu.git (master)
  Libvirt: 5.4.0

  Guest boot gets stuck:
  ...
  [  OK  ] Mounted Kernel Configuration File System.
  [7.598740] virtio-pci :00:01.0: enabling device ( -> 0003)
  [7.598828] virtio-pci :00:01.0: virtio_pci: leaving for legacy driver
  [7.598957] virtio-pci :00:02.0: enabling device ( -> 0003)
  [7.599017] virtio-pci :00:02.0: virtio_pci: leaving for legacy driver
  [7.599123] virtio-pci :00:04.0: enabling device ( -> 0003)
  [7.599182] virtio-pci :00:04.0: virtio_pci: leaving for legacy driver
  [7.620620] synth uevent: /devices/vio: failed to send uevent
  [7.620624] vio vio: uevent: failed to send synthetic uevent
  [  OK  ] Started udev Coldplug all Devices.
  [7.624559] audit: type=1130 audit(1570610300.990:5): pid=1 uid=0 
auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-udev-trigger 
comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? 
res=success'
  [  OK  ] Reached target System Initialization.
  [  OK  ] Reached target Basic System.
  [  OK  ] Reached target Remote File Systems (Pre).
  [  OK  ] Reached target Remote File Systems.
  [7.642961] virtio_scsi: probe of virtio1 failed with error -22
  [ ***  ] A start job is running for dev-disk…21b3519a80.device (14s / no 
limit)
  ...

  git bisect, yielded a bad commit
  [e68cd0cb5cf49d334abe17231a1d2c28b846afa2] spapr: Render full FDT on
  ibm,client-architecture-support, reverting this commit boot the guest
  properly.

  git bisect start
  # good: [9e06029aea3b2eca1d5261352e695edc1e7d7b8b] Update version for v4.1.0 
release
  git bisect good 9e06029aea3b2eca1d5261352e695edc1e7d7b8b
  # bad: [98b2e3c9ab3abfe476a2b02f8f51813edb90e72d] Merge remote-tracking 
branch 'remotes/stefanha/tags/block-pull-request' into staging
  git bisect bad 98b2e3c9ab3abfe476a2b02f8f51813edb90e72d
  # good: [56e6250ede81b4e4b4ddb623874d6c3cdad4a96d] target/arm: Convert T16, 
nop hints
  git bisect good 56e6250ede81b4e4b4ddb623874d6c3cdad4a96d
  # good: [5d69cbdfdd5cd6dadc9f0c986899844a0e4de703] tests/tcg: target/s390x: 
Test MVC
  git bisect good 5d69cbdfdd5cd6dadc9f0c986899844a0e4de703
  # good: [88112488cf228df8b7588c8aa38e16ecd0dff48e] qapi: Make check_type()'s 
array case a bit more obvious
  git bisect good 88112488cf228df8b7588c8aa38e16ecd0dff48e
  # good: [972bd57689f1e11311d86b290134ea2ed9c7c11e] ppc/kvm: Skip writing 
DPDES back when in run time state
  git bisect good 972bd57689f1e11311d86b290134ea2ed9c7c11e
  # bad: [1aba8716c8335e88b8c358002a6e1ac89f7dd258] ppc/pnv: Remove the 
XICSFabric Interface from the POWER9 machine
  git bisect bad 1aba8716c8335e88b8c358002a6e1ac89f7dd258
  # bad: [00ed3da9b5c2e66e796a172df3e19545462b9c90] xics: Minor fixes for 
XICSFabric interface
  git bisect bad 00ed3da9b5c2e66e796a172df3e19545462b9c90
  # good: [33432d7737b53c92791f90ece5dbe3b7bb1c79f5] target/ppc: introduce 
set_dfp{64,128}() helper functions
  git bisect good 33432d7737b53c92791f90ece5dbe3b7bb1c79f5
  # good: [f6d4c423a222f02bfa84a49c3d306d7341ec9bab] target/ppc: remove 
unnecessary if() around calls to set_dfp{64,128}() in DFP macros
  git bisect good f6d4c423a222f02bfa84a49c3d306d7341ec9bab
  # bad: [e68cd0cb5cf49d334abe17231a1d2c28b846afa2] spapr: Render full FDT on 
ibm,client-architecture-support
  git bisect bad e68cd0cb5cf49d334abe17231a1d2c28b846afa2
  # good: [c4ec08ab70bab90685d1443d6da47293e3aa312a] spapr-pci: Stop providing 
assigned-addresses
  git bisect good c4ec08ab70bab90685d1443d6da47293e3aa312a
  # first bad commit: [e68cd0cb5cf49d334abe17231a1d2c28b846afa2] spapr: Render 
full FDT on ibm,client-architecture-support

  attached vmxml.

  qemu commandline:
  /home/sath/qemu/ppc64-softmmu/qemu-system-ppc64 -name 
guest=vm1,debug-threads=on -S -object 
secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-19-vm1/master-key.aes
 -machine pseries-4.2,accel=kvm,usb=off,dump-guest-core=off -m 81920 
-overcommit mem-lock=off -smp 512,sockets=1,cores=128,threads=4 -uuid 
fd4a5d54-0216-490e-82d2-1d4e89683b3d -display none -no-user-config -nodefaults 
-chardev socket,id=charmonitor,fd=24,server,nowait -mon 
chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot 
strict=on -device qemu-xhci,id=usb,bus=pci.0,addr=0x3 

Re: [PATCH] vhost-user-scsi: implement handle_output

[Yongji Xie]

On Fri, 18 Oct 2019 at 19:14, Felipe Franciosi  wrote:
>
>
>
> > On Oct 18, 2019, at 3:59 AM, Yongji Xie  wrote:
> >
> > On Fri, 18 Oct 2019 at 01:17, Felipe Franciosi  wrote:
> >>
> >> Originally, vhost-user-scsi did not implement a handle_output callback
> >> as that didn't seem necessary. Turns out it is.
> >>
> >> Depending on which other devices are presented to a VM, SeaBIOS may
> >> decide to map vhost-user-scsi devices on the 64-bit range of the address
> >> space. As a result, SeaBIOS will kick VQs via the config space. Those
> >> land on Qemu (not the vhost backend) and are missed, causing the VM not
> >> to boot. This fixes the issue by getting Qemu to post the notification.
> >>
> > Should we fix this in vhost-user-blk too?
>
> I'm not sure vhost-user-blk suffers from the same problem. Certainly

Actually I found vhost-user-blk has the same problem in a mutilple
GPUs passthough environment.

Thanks,
Yongji

Re: [PATCH v2 02/20] piix4: Add the Reset Control Register

[Li Qiang]

Philippe Mathieu-Daudé  于2019年10月18日周五 下午9:50写道：

> From: Hervé Poussineau 
>
> The RCR I/O port (0xcf9) is used to generate a hard reset or a soft reset.
>
> Acked-by: Michael S. Tsirkin 
> Acked-by: Paolo Bonzini 
> Signed-off-by: Hervé Poussineau 
> Message-Id: <20171216090228.28505-7-hpous...@reactos.org>
> Reviewed-by: Aleksandar Markovic 
> [PMD: rebased, updated includes]
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/isa/piix4.c | 49 ++---
>  1 file changed, 46 insertions(+), 3 deletions(-)
>
> diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
> index 890d999abf..d0b18e0586 100644
> --- a/hw/isa/piix4.c
> +++ b/hw/isa/piix4.c
> @@ -2,6 +2,7 @@
>   * QEMU PIIX4 PCI Bridge Emulation
>   *
>   * Copyright (c) 2006 Fabrice Bellard
> + * Copyright (c) 2018 Hervé Poussineau
>   *
>   * Permission is hereby granted, free of charge, to any person obtaining
> a copy
>   * of this software and associated documentation files (the "Software"),
> to deal
> @@ -28,11 +29,17 @@
>  #include "hw/isa/isa.h"
>  #include "hw/sysbus.h"
>  #include "migration/vmstate.h"
> +#include "sysemu/reset.h"
> +#include "sysemu/runstate.h"
>
>  PCIDevice *piix4_dev;
>
>  typedef struct PIIX4State {
>  PCIDevice dev;
> +
> +/* Reset Control Register */
> +MemoryRegion rcr_mem;
> +uint8_t rcr;
>  } PIIX4State;
>
>  #define TYPE_PIIX4_PCI_DEVICE "PIIX4"
> @@ -87,15 +94,51 @@ static const VMStateDescription vmstate_piix4 = {
>  }
>  };
>
> +static void piix4_rcr_write(void *opaque, hwaddr addr, uint64_t val,
> +unsigned int len)
> +{
> +PIIX4State *s = opaque;
> +
> +if (val & 4) {
> +qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
> +return;
> +}
> +
> +s->rcr = val & 2; /* keep System Reset type only */
> +}
> +
> +static uint64_t piix4_rcr_read(void *opaque, hwaddr addr, unsigned int
> len)
> +{
> +PIIX4State *s = opaque;
> +
> +return s->rcr;
> +}
> +
> +static const MemoryRegionOps piix4_rcr_ops = {
> +.read = piix4_rcr_read,
> +.write = piix4_rcr_write,
> +.endianness = DEVICE_LITTLE_ENDIAN,
> +.impl = {
> +.min_access_size = 1,
> +.max_access_size = 1,
> +},
> +};
> +
>  static void piix4_realize(PCIDevice *dev, Error **errp)
>  {
> -PIIX4State *d = PIIX4_PCI_DEVICE(dev);
> +PIIX4State *s = PIIX4_PCI_DEVICE(dev);
>
> -if (!isa_bus_new(DEVICE(d), pci_address_space(dev),
> +if (!isa_bus_new(DEVICE(dev), pci_address_space(dev),
>   pci_address_space_io(dev), errp)) {
>  return;
>  }
> -piix4_dev = >dev;
> +
> +memory_region_init_io(>rcr_mem, OBJECT(dev), _rcr_ops, s,
> +  "reset-control", 1);
> +memory_region_add_subregion_overlap(pci_address_space_io(dev), 0xcf9,
>


Can we use 'RCR_IOPORT' instead of constant value here? Also don't see this
change
in later patches of this seirals.
Anyway

Reviewed-by: Li Qiang 

Thanks,
Li Qiang


> +>rcr_mem, 1);
> +
> +piix4_dev = dev;
>  }
>
>  int piix4_init(PCIBus *bus, ISABus **isa_bus, int devfn)
> --
> 2.21.0
>
>
>

[PATCH v2] qemu-img.texi: Describe data_file and data_file_raw

[Han Han]

https://bugzilla.redhat.com/show_bug.cgi?id=1763105

Signed-off-by: Han Han 
---
 qemu-img.texi | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/qemu-img.texi b/qemu-img.texi
index b5156d6316..983c6122f8 100644
--- a/qemu-img.texi
+++ b/qemu-img.texi
@@ -763,6 +763,16 @@ file which is COW and has data blocks already, it couldn't 
be changed to NOCOW
 by setting @code{nocow=on}. One can issue @code{lsattr filename} to check if
 the NOCOW flag is set or not (Capital 'C' is NOCOW flag).
 
+@item data_file
+File name of data file that is stored in the image and used as a default for
+opening the image. If the option is used, qcow2 file only stores the metadata
+for the image.
+
+@item data_file_raw
+This option requires @option{data_file}. If this option is set to @code{on},
+qemu will always keep the external data file consistent as a standalone
+read-only raw image. Default value is @code{off}.
+
 @end table
 
 @item Other
-- 
2.20.1

Re: [PATCH 19/21] hw/ppc: Let the machine be the owner of the system memory

[David Gibson]

On Mon, Oct 21, 2019 at 12:56:48AM +0200, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 

Acked-by: David Gibson 

> ---
>  hw/ppc/e500.c  | 3 ++-
>  hw/ppc/mac_newworld.c  | 3 ++-
>  hw/ppc/mac_oldworld.c  | 2 +-
>  hw/ppc/pnv.c   | 2 +-
>  hw/ppc/ppc405_boards.c | 6 +++---
>  hw/ppc/prep.c  | 3 ++-
>  hw/ppc/spapr.c | 2 +-
>  hw/ppc/virtex_ml507.c  | 2 +-
>  8 files changed, 13 insertions(+), 10 deletions(-)
> 
> diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
> index 91cd4c26f9..9c7be26248 100644
> --- a/hw/ppc/e500.c
> +++ b/hw/ppc/e500.c
> @@ -912,7 +912,8 @@ void ppce500_init(MachineState *machine)
>  machine->ram_size = ram_size;
>  
>  /* Register Memory */
> -memory_region_allocate_system_memory(ram, NULL, "mpc8544ds.ram", 
> ram_size);
> +memory_region_allocate_system_memory(ram, machine, "mpc8544ds.ram",
> + ram_size);
>  memory_region_add_subregion(address_space_mem, 0, ram);
>  
>  dev = qdev_create(NULL, "e500-ccsr");
> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
> index c5bbcc7433..8409114eed 100644
> --- a/hw/ppc/mac_newworld.c
> +++ b/hw/ppc/mac_newworld.c
> @@ -152,7 +152,8 @@ static void ppc_core99_init(MachineState *machine)
>  }
>  
>  /* allocate RAM */
> -memory_region_allocate_system_memory(ram, NULL, "ppc_core99.ram", 
> ram_size);
> +memory_region_allocate_system_memory(ram, machine, "ppc_core99.ram",
> + ram_size);
>  memory_region_add_subregion(get_system_memory(), 0, ram);
>  
>  /* allocate and load BIOS */
> diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
> index 0fa680b749..9dd645476a 100644
> --- a/hw/ppc/mac_oldworld.c
> +++ b/hw/ppc/mac_oldworld.c
> @@ -127,7 +127,7 @@ static void ppc_heathrow_init(MachineState *machine)
>  exit(1);
>  }
>  
> -memory_region_allocate_system_memory(ram, NULL, "ppc_heathrow.ram",
> +memory_region_allocate_system_memory(ram, machine, "ppc_heathrow.ram",
>   ram_size);
>  memory_region_add_subregion(sysmem, 0, ram);
>  
> diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
> index 7cf64b6d25..ac731c4f88 100644
> --- a/hw/ppc/pnv.c
> +++ b/hw/ppc/pnv.c
> @@ -640,7 +640,7 @@ static void pnv_init(MachineState *machine)
>  }
>  
>  ram = g_new(MemoryRegion, 1);
> -memory_region_allocate_system_memory(ram, NULL, "pnv.ram",
> +memory_region_allocate_system_memory(ram, machine, "pnv.ram",
>   machine->ram_size);
>  memory_region_add_subregion(get_system_memory(), 0, ram);
>  
> diff --git a/hw/ppc/ppc405_boards.c b/hw/ppc/ppc405_boards.c
> index 388cae0b43..8a2d2f4511 100644
> --- a/hw/ppc/ppc405_boards.c
> +++ b/hw/ppc/ppc405_boards.c
> @@ -162,8 +162,8 @@ static void ref405ep_init(MachineState *machine)
>  MemoryRegion *sysmem = get_system_memory();
>  
>  /* XXX: fix this */
> -memory_region_allocate_system_memory(_memories[0], NULL, 
> "ef405ep.ram",
> - 0x0800);
> +memory_region_allocate_system_memory(_memories[0], machine,
> + "ef405ep.ram", 128 * MiB);
>  ram_bases[0] = 0;
>  ram_sizes[0] = 0x0800;
>  memory_region_init(_memories[1], NULL, "ef405ep.ram1", 0);
> @@ -427,7 +427,7 @@ static void taihu_405ep_init(MachineState *machine)
>  
>  /* RAM is soldered to the board so the size cannot be changed */
>  ram_size = 0x0800;
> -memory_region_allocate_system_memory(ram, NULL, "taihu_405ep.ram",
> +memory_region_allocate_system_memory(ram, machine, "taihu_405ep.ram",
>   ram_size);
>  
>  ram_bases[0] = 0;
> diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
> index 4f3c6bf190..54b00805e0 100644
> --- a/hw/ppc/prep.c
> +++ b/hw/ppc/prep.c
> @@ -445,7 +445,8 @@ static void ppc_prep_init(MachineState *machine)
>  }
>  
>  /* allocate RAM */
> -memory_region_allocate_system_memory(ram, NULL, "ppc_prep.ram", 
> ram_size);
> +memory_region_allocate_system_memory(ram, machine, "ppc_prep.ram",
> + ram_size);
>  memory_region_add_subregion(sysmem, 0, ram);
>  
>  if (linux_boot) {
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 4eb97d3a9b..1f168edd43 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -2840,7 +2840,7 @@ static void spapr_machine_init(MachineState *machine)
>  }
>  
>  /* allocate RAM */
> -memory_region_allocate_system_memory(ram, NULL, "ppc_spapr.ram",
> +memory_region_allocate_system_memory(ram, machine, "ppc_spapr.ram",
>   machine->ram_size);
>  memory_region_add_subregion(sysmem, 0, ram);
>  
> diff --git a/hw/ppc/virtex_ml507.c b/hw/ppc/virtex_ml507.c
> index 68625522d8..86c9273dc0 100644
> --- 

[PATCH v2] qemu-img.texi: Describe data_file and data_file_raw

[Han Han]

https://bugzilla.redhat.com/show_bug.cgi?id=1763105

Signed-off-by: Han Han 
---
 qemu-img.texi | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/qemu-img.texi b/qemu-img.texi
index b5156d6316..983c6122f8 100644
--- a/qemu-img.texi
+++ b/qemu-img.texi
@@ -763,6 +763,16 @@ file which is COW and has data blocks already, it couldn't 
be changed to NOCOW
 by setting @code{nocow=on}. One can issue @code{lsattr filename} to check if
 the NOCOW flag is set or not (Capital 'C' is NOCOW flag).
 
+@item data_file
+File name of data file that is stored in the image and used as a default for
+opening the image. If the option is used, qcow2 file only stores the metadata
+for the image.
+
+@item data_file_raw
+This option requires @option{data_file}. If this option is set to @code{on},
+qemu will always keep the external data file consistent as a standalone
+read-only raw image. Default value is @code{off}.
+
 @end table
 
 @item Other
-- 
2.20.1

Re: [PATCH] qemu-img.texi: Describe data_file and data_file_raw

[Han Han]

On Sat, Oct 19, 2019 at 4:58 AM John Snow  wrote:

> CC qemu-block
>
> On 10/18/19 5:59 AM, Han Han wrote:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1763105
> >
> > Signed-off-by: Han Han 
> > ---
> >  qemu-img.texi | 10 ++
> >  1 file changed, 10 insertions(+)
> >
> > diff --git a/qemu-img.texi b/qemu-img.texi
> > index b5156d6316..44596c2d93 100644
> > --- a/qemu-img.texi
> > +++ b/qemu-img.texi
> > @@ -763,6 +763,16 @@ file which is COW and has data blocks already, it
> couldn't be changed to NOCOW
> >  by setting @code{nocow=on}. One can issue @code{lsattr filename} to
> check if
> >  the NOCOW flag is set or not (Capital 'C' is NOCOW flag).
> >
> > +@item data_file
> > +File name of data file that is stored in the image and used as a
> default for
> > +opening the image. If the option is used, qcow2 file only stores the
> metadata
> > +of the image.
> > +
>
> This is a little unclear, and seems to imply the data file is stored
> *IN* the image.
>
> "Optional filename to be used as a data store for this qcow2 file. If
> this option is used, the qcow2 file only stores metadata for this image."
>
Thanks for your advice. I will update it in v2.

>
> > +@item data_file_raw
> > +This option requires @option{data_file}. If this option is set to
> @code{on},
> > +qemu will always keep the external data file consistent as a standalone
> > +read-only raw image. Default value is @code{off}.
> > +
> >  @end table
> >
> >  @item Other
> >
>
>

-- 
Best regards,
---
Han Han
Quality Engineer
Redhat.

Email: h...@redhat.com
Phone: +861065339333

Re: [PATCH v2 01/20] MAINTAINERS: Keep PIIX4 South Bridge separate from PC Chipsets

[Li Qiang]

Philippe Mathieu-Daudé  于2019年10月18日周五 下午9:50写道：

> From: Philippe Mathieu-Daudé 
>
> The PIIX4 Southbridge is not used by the PC machine,
> but by the Malta board (MIPS). Add a new section to
> keep it covered.
>
> Suggested-by: Michael S. Tsirkin 
> Reviewed-by: Aleksandar Markovic 
> Signed-off-by: Philippe Mathieu-Daudé 
>

Reviewed-by: Li Qiang 


> ---
>  MAINTAINERS | 7 ++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index fe4dc51b08..c9f625fc2e 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1230,7 +1230,6 @@ F: hw/pci-host/q35.c
>  F: hw/pci-host/pam.c
>  F: include/hw/pci-host/q35.h
>  F: include/hw/pci-host/pam.h
> -F: hw/isa/piix4.c
>  F: hw/isa/lpc_ich9.c
>  F: hw/i2c/smbus_ich9.c
>  F: hw/acpi/piix4.c
> @@ -1716,6 +1715,12 @@ F: hw/display/edid*
>  F: include/hw/display/edid.h
>  F: qemu-edid.c
>
> +PIIX4 South Bridge (i82371AB)
> +M: Hervé Poussineau 
> +M: Philippe Mathieu-Daudé 
> +S: Maintained
> +F: hw/isa/piix4.c
> +
>  Firmware configuration (fw_cfg)
>  M: Philippe Mathieu-Daudé 
>  R: Laszlo Ersek 
> --
> 2.21.0
>
>
>

Re: Using virtual IOMMU in guest hypervisors other than KVM and Xen?

[Peter Xu]

On Fri, Oct 18, 2019 at 11:19:55PM -0700, Jintack Lim wrote:
> On Fri, Oct 18, 2019 at 8:37 PM Peter Xu  wrote:
> >
> > On Wed, Oct 16, 2019 at 03:01:22PM -0700, Jintack Lim wrote:
> > > On Mon, Oct 14, 2019 at 7:50 PM Peter Xu  wrote:
> > > >
> > > > On Mon, Oct 14, 2019 at 01:28:49PM -0700, Jintack Lim wrote:
> > > > > Hi,
> > > >
> > > > Hello, Jintack,
> > > >
> > > Hi Peter,
> > >
> > > > >
> > > > > I'm trying to pass through a physical network device to a nested VM
> > > > > using virtual IOMMU. While I was able to do it successfully using KVM
> > > > > and Xen guest hypervisors running in a VM respectively, I couldn't do
> > > > > it with Hyper-V as I described below. I wonder if anyone have
> > > > > successfully used virtual IOMMU in other hypervisors other than KVM
> > > > > and Xen? (like Hyper-V or VMware)
> > > > >
> > > > > The issue I have with Hyper-V is that Hyper-V gives an error that the
> > > > > underlying hardware is not capable of doing passthrough. The exact
> > > > > error message is as follows.
> > > > >
> > > > > Windows Power-shell > (Get-VMHost).IovSupportReasons
> > > > > The chipset on the system does not do DMA remapping, without which
> > > > > SR-IOV cannot be supported.
> > > > >
> > > > > I'm pretty sure that Hyper-V recognizes virtual IOMMU, though; I have
> > > > > enabled iommu in windows boot loader[1], and I see differences when
> > > > > booing a Windows VM with and without virtual IOMMU. I also checked
> > > > > that virtual IOMMU traces are printed.
> > > >
> > > > What traces have you checked?  More explicitly, have you seen DMAR
> > > > enabled and page table setup for that specific device to be
> > > > pass-throughed?
> > >
> > > Thanks for the pointers. I checked that DMAR is NOT enabled. The only
> > > registers that Windows guest accessed were Version Register,
> > > Capability Register, and Extended Capability Register. On the other
> > > hand, a Linux guest accessed other registers and enabled DMAR.
> > > Here's a link to the trace I got using QEMU 4.1.0. Do you see anything
> > > interesting there?
> > > http://paste.ubuntu.com/p/YcSyxG9Z3x/
> >
> > Then I feel like Windows is reluctant to enable DMAR due to lacking of
> > some caps.
> >
> > >
> > > >
> > > > >
> > > > > I have tried multiple KVM/QEMU versions including the latest ones
> > > > > (kernel v5.3, QEMU 4.1.0) as well as two different Windows servers
> > > > > (2016 and 2019), but I see the same result. [4]
> > > > >
> > > > > I'd love to hear if somebody is using virtual IOMMU in Hyper-V or
> > > > > VMware successfully, especially for passthrough. I also appreciate if
> > > > > somebody can point out any configuration errors I have.
> > > > >
> > > > > Here's the qemu command line I use, basically from the QEMU vt-d
> > > > > page[2] and Hyper-v on KVM from kvmforum [3].
> > > > >
> > > > > ./qemu/x86_64-softmmu/qemu-system-x86_64 -device
> > > > > intel-iommu,intremap=on,caching-mode=on -smp 6 -m 24G -M
> > > >
> > > > Have you tried to use 4-level IOMMU page table (aw-bits=48 on latest
> > > > QEMU, or x-aw-bits=48 on some old ones)?  IIRC we've encountered
> > > > issues when trying to pass the SVVP Windows test with this, in which
> > > > 4-level is required.  I'm not sure whether whether that is required in
> > > > general usages of vIOMMU in Windows.
> > >
> > > I just tried the option you mentioned, but it didn't change anything.
> > > BTW, what version of Windows was it?
> >
> > Sorry I don't remember that. I didn't do the test but I was just
> > acknowledged that with it the test passed.  I assume you're using the
> > latest QEMU here because I know Windows could require another
> > capability (DMA draining) and it should be on by default in latest
> > qemu master.
> 
> Thanks. Yes, I plan to use v2.11.0 eventually, but I'm trying to make
> things work with the latest version first.
> 
> >
> > At that time the complete cmdline to pass the test should be:
> >
> >   -device intel-iommu,intremap=on,aw-bits=48,caching-mode=off,eim=on
> >
> > I also don't remember on why caching-mode needs to be off at that
> > time (otherwise SVVP fails too).
> 
> Thanks for providing the cmdline. However, turning off the
> caching-mode with an assigned device resulted in the following error
> on VM boot.
> "We need to set caching-mode=on for intel-iommu to enable device assignment."
> Does this mean that we can't assign a physical device all the way to a
> nested VM with a Windows L1 hypervisor as of now?
> 
> Without assigning a device, I was able to boot a Windows VM with the
> cmdline above and I see that DMAR in vIOMMU is enabled. Windows still
> complains about DMA remapping, though. I'll investigate further.

We're going to have other ways to do device assignment in the future
leveraging the coming nested device page tables just like ARM, but
it's still a long way until even the hardware is ready...  And we also
don't know whether Microsoft will be unhappy again on these new
bits. :)

So, I 

Re: [PATCH 00/21] hw: Let the machine be the owner of the system memory

[no-reply]

Patchew URL: https://patchew.org/QEMU/20191020225650.3671-1-phi...@redhat.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PATCH 00/21] hw: Let the machine be the owner of the system memory
Type: series
Message-id: 20191020225650.3671-1-phi...@redhat.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Switched to a new branch 'test'
23b4e9a hw/core: Assert memory_region_allocate_system_memory has machine owner
67caaf0 hw/sparc: Let the machine be the owner of the system memory
9610d69 hw/ppc: Let the machine be the owner of the system memory
3cf0c55 hw/mips: Let the machine be the owner of the system memory
c6cd486 hw/m68k: Let the machine be the owner of the system memory
dd8e9a6 hw/lm32: Let the machine be the owner of the system memory
c7b9ccd hw/i386: Let the machine be the owner of the system memory
655182f hw/hppa: Let the machine be the owner of the system memory
20dc622 hw/cris: Let the machine be the owner of the system memory
fc3c6d2 hw/arm: Let the machine be the owner of the system memory
e9f1ebc hw/alpha: Let the machine be the owner of the system memory
3ef111b hw/core: Let the machine be the owner of the system memory
31bd838 hw: Let memory_region_allocate_system_memory take MachineState argument
dae9d11 hw/alpha/dp264: Create the RAM in the board
c31eba0 hw: Drop QOM ownership on memory_region_allocate_system_memory() calls
728aa65 hw/arm/digic4: Inline digic4_board_setup_ram() function
c2a9052 hw/arm/omap1: Create the RAM in the board
4f4977f hw/arm/omap2: Create the RAM in the board
d1959b2 hw/arm/collie: Create the RAM in the board
815f5c1 hw/arm/mps2: Use the IEC binary prefix definitions
103190f hw/arm/xilinx_zynq: Use the IEC binary prefix definitions

=== OUTPUT BEGIN ===
1/21 Checking commit 103190fd9b28 (hw/arm/xilinx_zynq: Use the IEC binary 
prefix definitions)
2/21 Checking commit 815f5c166924 (hw/arm/mps2: Use the IEC binary prefix 
definitions)
3/21 Checking commit d1959b2d3e49 (hw/arm/collie: Create the RAM in the board)
4/21 Checking commit 4f4977fa8205 (hw/arm/omap2: Create the RAM in the board)
5/21 Checking commit c2a90524bd33 (hw/arm/omap1: Create the RAM in the board)
6/21 Checking commit 728aa65672f4 (hw/arm/digic4: Inline 
digic4_board_setup_ram() function)
7/21 Checking commit c31eba0d025b (hw: Drop QOM ownership on 
memory_region_allocate_system_memory() calls)
8/21 Checking commit dae9d111acb1 (hw/alpha/dp264: Create the RAM in the board)
ERROR: spaces required around that '*' (ctx:WxV)
#24: FILE: hw/alpha/alpha_sys.h:13:
+PCIBus *typhoon_init(ISABus **, qemu_irq *, AlphaCPU *[4],
  ^

total: 1 errors, 0 warnings, 59 lines checked

Patch 8/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

9/21 Checking commit 31bd838d2d79 (hw: Let memory_region_allocate_system_memory 
take MachineState argument)
10/21 Checking commit 3ef111b6a62a (hw/core: Let the machine be the owner of 
the system memory)
11/21 Checking commit e9f1ebcb1624 (hw/alpha: Let the machine be the owner of 
the system memory)
12/21 Checking commit fc3c6d23b63f (hw/arm: Let the machine be the owner of the 
system memory)
13/21 Checking commit 20dc622c1df3 (hw/cris: Let the machine be the owner of 
the system memory)
14/21 Checking commit 655182f6e74a (hw/hppa: Let the machine be the owner of 
the system memory)
15/21 Checking commit c7b9ccda7442 (hw/i386: Let the machine be the owner of 
the system memory)
16/21 Checking commit dd8e9a66c1f0 (hw/lm32: Let the machine be the owner of 
the system memory)
17/21 Checking commit c6cd4866d6a0 (hw/m68k: Let the machine be the owner of 
the system memory)
18/21 Checking commit 3cf0c55fcc1b (hw/mips: Let the machine be the owner of 
the system memory)
19/21 Checking commit 9610d6908cbc (hw/ppc: Let the machine be the owner of the 
system memory)
20/21 Checking commit 67caaf05019b (hw/sparc: Let the machine be the owner of 
the system memory)
21/21 Checking commit 23b4e9a52318 (hw/core: Assert 
memory_region_allocate_system_memory has machine owner)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20191020225650.3671-1-phi...@redhat.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[PATCH 20/21] hw/sparc: Let the machine be the owner of the system memory

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/sparc/leon3.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/sparc/leon3.c b/hw/sparc/leon3.c
index c5f1b1ee72..f58f2782c6 100644
--- a/hw/sparc/leon3.c
+++ b/hw/sparc/leon3.c
@@ -244,7 +244,7 @@ static void leon3_generic_hw_init(MachineState *machine)
 exit(1);
 }
 
-memory_region_allocate_system_memory(ram, NULL, "leon3.ram", ram_size);
+memory_region_allocate_system_memory(ram, machine, "leon3.ram", ram_size);
 memory_region_add_subregion(address_space_mem, LEON3_RAM_OFFSET, ram);
 
 /* Allocate BIOS */
-- 
2.21.0

[PATCH 18/21] hw/mips: Let the machine be the owner of the system memory

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/mips/boston.c| 2 +-
 hw/mips/mips_fulong2e.c | 3 ++-
 hw/mips/mips_jazz.c | 2 +-
 hw/mips/mips_malta.c| 2 +-
 hw/mips/mips_mipssim.c  | 2 +-
 hw/mips/mips_r4k.c  | 3 ++-
 6 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/hw/mips/boston.c b/hw/mips/boston.c
index ca7d813a52..8445fee0f1 100644
--- a/hw/mips/boston.c
+++ b/hw/mips/boston.c
@@ -474,7 +474,7 @@ static void boston_mach_init(MachineState *machine)
 memory_region_add_subregion_overlap(sys_mem, 0x1800, flash, 0);
 
 ddr = g_new(MemoryRegion, 1);
-memory_region_allocate_system_memory(ddr, NULL, "boston.ddr",
+memory_region_allocate_system_memory(ddr, machine, "boston.ddr",
  machine->ram_size);
 memory_region_add_subregion_overlap(sys_mem, 0x8000, ddr, 0);
 
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index cf537dd7e6..d5a5cef619 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -318,7 +318,8 @@ static void mips_fulong2e_init(MachineState *machine)
 ram_size = 256 * MiB;
 
 /* allocate RAM */
-memory_region_allocate_system_memory(ram, NULL, "fulong2e.ram", ram_size);
+memory_region_allocate_system_memory(ram, machine,
+ "fulong2e.ram", ram_size);
 memory_region_init_ram(bios, NULL, "fulong2e.bios", BIOS_SIZE,
_fatal);
 memory_region_set_readonly(bios, true);
diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index 8d010a0b6e..88b125855f 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@@ -188,7 +188,7 @@ static void mips_jazz_init(MachineState *machine,
 cc->do_transaction_failed = mips_jazz_do_transaction_failed;
 
 /* allocate RAM */
-memory_region_allocate_system_memory(ram, NULL, "mips_jazz.ram",
+memory_region_allocate_system_memory(ram, machine, "mips_jazz.ram",
  machine->ram_size);
 memory_region_add_subregion(address_space, 0, ram);
 
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 4d9c64b36a..af56a29ccb 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1267,7 +1267,7 @@ void mips_malta_init(MachineState *machine)
 }
 
 /* register RAM at high address where it is undisturbed by IO */
-memory_region_allocate_system_memory(ram_high, NULL, "mips_malta.ram",
+memory_region_allocate_system_memory(ram_high, machine, "mips_malta.ram",
  ram_size);
 memory_region_add_subregion(system_memory, 0x8000, ram_high);
 
diff --git a/hw/mips/mips_mipssim.c b/hw/mips/mips_mipssim.c
index 282bbecb24..c1933231e2 100644
--- a/hw/mips/mips_mipssim.c
+++ b/hw/mips/mips_mipssim.c
@@ -166,7 +166,7 @@ mips_mipssim_init(MachineState *machine)
 qemu_register_reset(main_cpu_reset, reset_info);
 
 /* Allocate RAM. */
-memory_region_allocate_system_memory(ram, NULL, "mips_mipssim.ram",
+memory_region_allocate_system_memory(ram, machine, "mips_mipssim.ram",
  ram_size);
 memory_region_init_ram(bios, NULL, "mips_mipssim.bios", BIOS_SIZE,
_fatal);
diff --git a/hw/mips/mips_r4k.c b/hw/mips/mips_r4k.c
index bc0be26544..59f8cacfb6 100644
--- a/hw/mips/mips_r4k.c
+++ b/hw/mips/mips_r4k.c
@@ -203,7 +203,8 @@ void mips_r4k_init(MachineState *machine)
  " maximum 256MB", ram_size / MiB);
 exit(1);
 }
-memory_region_allocate_system_memory(ram, NULL, "mips_r4k.ram", ram_size);
+memory_region_allocate_system_memory(ram, machine, "mips_r4k.ram",
+ ram_size);
 
 memory_region_add_subregion(address_space_mem, 0, ram);
 
-- 
2.21.0

[PATCH 21/21] hw/core: Assert memory_region_allocate_system_memory has machine owner

[Philippe Mathieu-Daudé]

All the memory_region_allocate_system_memory() pass a MachineState
argument. Add an assertion to ensure the new boards/machines added
set this argument, so all system memory object have the machine as
its QOM owner.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/core/numa.c  | 4 +---
 include/hw/boards.h | 2 +-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/hw/core/numa.c b/hw/core/numa.c
index 2e29e4bfe0..3e07e94d00 100644
--- a/hw/core/numa.c
+++ b/hw/core/numa.c
@@ -527,9 +527,7 @@ void memory_region_allocate_system_memory(MemoryRegion *mr, 
MachineState *ms,
 uint64_t addr = 0;
 int i;
 
-if (!ms) {
-ms = MACHINE(qdev_get_machine());
-}
+g_assert(ms);
 
 if (ms->numa_state == NULL ||
 ms->numa_state->num_nodes == 0 || !have_memdevs) {
diff --git a/include/hw/boards.h b/include/hw/boards.h
index 3b6cb82b6c..31ab6e7586 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -14,7 +14,7 @@
 /**
  * memory_region_allocate_system_memory - Allocate a board's main memory
  * @mr: the #MemoryRegion to be initialized
- * @ms: the #MachineState object that own the system memory
+ * @ms: the #MachineState object that own the system memory (must not be NULL)
  * @name: name of the memory region
  * @ram_size: size of the region in bytes
  *
-- 
2.21.0

[PATCH 17/21] hw/m68k: Let the machine be the owner of the system memory

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/m68k/an5206.c| 2 +-
 hw/m68k/mcf5208.c   | 2 +-
 hw/m68k/next-cube.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/m68k/an5206.c b/hw/m68k/an5206.c
index 54ccbe1a82..fb045c2436 100644
--- a/hw/m68k/an5206.c
+++ b/hw/m68k/an5206.c
@@ -46,7 +46,7 @@ static void an5206_init(MachineState *machine)
 env->rambar0 = AN5206_RAMBAR_ADDR | 1;
 
 /* DRAM at address zero */
-memory_region_allocate_system_memory(ram, NULL, "an5206.ram", ram_size);
+memory_region_allocate_system_memory(ram, machine, "an5206.ram", ram_size);
 memory_region_add_subregion(address_space_mem, 0, ram);
 
 /* Internal SRAM.  */
diff --git a/hw/m68k/mcf5208.c b/hw/m68k/mcf5208.c
index 34d34eba17..8e8c8ef349 100644
--- a/hw/m68k/mcf5208.c
+++ b/hw/m68k/mcf5208.c
@@ -248,7 +248,7 @@ static void mcf5208evb_init(MachineState *machine)
 memory_region_add_subregion(address_space_mem, 0x, rom);
 
 /* DRAM at 0x4000 */
-memory_region_allocate_system_memory(ram, NULL, "mcf5208.ram", ram_size);
+memory_region_allocate_system_memory(ram, machine, "mcf5208.ram", 
ram_size);
 memory_region_add_subregion(address_space_mem, 0x4000, ram);
 
 /* Internal SRAM.  */
diff --git a/hw/m68k/next-cube.c b/hw/m68k/next-cube.c
index e5343348d0..6aed9376f3 100644
--- a/hw/m68k/next-cube.c
+++ b/hw/m68k/next-cube.c
@@ -893,7 +893,7 @@ static void next_cube_init(MachineState *machine)
 memcpy(ns->rtc.ram, rtc_ram2, 32);
 
 /* 64MB RAM starting at 0x0400  */
-memory_region_allocate_system_memory(ram, NULL, "next.ram", ram_size);
+memory_region_allocate_system_memory(ram, machine, "next.ram", ram_size);
 memory_region_add_subregion(sysmem, 0x0400, ram);
 
 /* Framebuffer */
-- 
2.21.0

[PATCH 15/21] hw/i386: Let the machine be the owner of the system memory

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/i386/pc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 4b1904237e..3414dc423a 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1655,7 +1655,7 @@ void pc_memory_init(PCMachineState *pcms,
  * with older qemus that used qemu_ram_alloc().
  */
 ram = g_malloc(sizeof(*ram));
-memory_region_allocate_system_memory(ram, NULL, "pc.ram",
+memory_region_allocate_system_memory(ram, machine, "pc.ram",
  machine->ram_size);
 *ram_memory = ram;
 ram_below_4g = g_malloc(sizeof(*ram_below_4g));
-- 
2.21.0

[PATCH 14/21] hw/hppa: Let the machine be the owner of the system memory

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/hppa/machine.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c
index dbe1ff0fe5..6703bfd351 100644
--- a/hw/hppa/machine.c
+++ b/hw/hppa/machine.c
@@ -96,7 +96,7 @@ static void machine_hppa_init(MachineState *machine)
 
 /* Main memory region. */
 ram_region = g_new(MemoryRegion, 1);
-memory_region_allocate_system_memory(ram_region, NULL,
+memory_region_allocate_system_memory(ram_region, machine,
  "ram", ram_size);
 memory_region_add_subregion(addr_space, 0, ram_region);
 
-- 
2.21.0

[PATCH 11/21] hw/alpha: Let the machine be the owner of the system memory

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/alpha/dp264.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
index ddc249261c..5696b1e79b 100644
--- a/hw/alpha/dp264.c
+++ b/hw/alpha/dp264.c
@@ -78,7 +78,7 @@ static void clipper_init(MachineState *machine)
  * Main memory region, 0x00...  Real hardware supports 32GB,
  * but the address space hole reserved at this point is 8TB.
  */
-memory_region_allocate_system_memory(_region, NULL, "ram",
+memory_region_allocate_system_memory(_region, machine, "ram",
  ram_size);
 memory_region_add_subregion(get_system_memory(), 0, _region);
 
-- 
2.21.0

[PATCH 13/21] hw/cris: Let the machine be the owner of the system memory

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/cris/axis_dev88.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/cris/axis_dev88.c b/hw/cris/axis_dev88.c
index 940c7dd122..faa7058733 100644
--- a/hw/cris/axis_dev88.c
+++ b/hw/cris/axis_dev88.c
@@ -270,7 +270,7 @@ void axisdev88_init(MachineState *machine)
 env = >env;
 
 /* allocate RAM */
-memory_region_allocate_system_memory(phys_ram, NULL, "axisdev88.ram",
+memory_region_allocate_system_memory(phys_ram, machine, "axisdev88.ram",
  ram_size);
 memory_region_add_subregion(address_space_mem, 0x4000, phys_ram);
 
-- 
2.21.0

[PATCH 19/21] hw/ppc: Let the machine be the owner of the system memory

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/ppc/e500.c  | 3 ++-
 hw/ppc/mac_newworld.c  | 3 ++-
 hw/ppc/mac_oldworld.c  | 2 +-
 hw/ppc/pnv.c   | 2 +-
 hw/ppc/ppc405_boards.c | 6 +++---
 hw/ppc/prep.c  | 3 ++-
 hw/ppc/spapr.c | 2 +-
 hw/ppc/virtex_ml507.c  | 2 +-
 8 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index 91cd4c26f9..9c7be26248 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -912,7 +912,8 @@ void ppce500_init(MachineState *machine)
 machine->ram_size = ram_size;
 
 /* Register Memory */
-memory_region_allocate_system_memory(ram, NULL, "mpc8544ds.ram", ram_size);
+memory_region_allocate_system_memory(ram, machine, "mpc8544ds.ram",
+ ram_size);
 memory_region_add_subregion(address_space_mem, 0, ram);
 
 dev = qdev_create(NULL, "e500-ccsr");
diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index c5bbcc7433..8409114eed 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -152,7 +152,8 @@ static void ppc_core99_init(MachineState *machine)
 }
 
 /* allocate RAM */
-memory_region_allocate_system_memory(ram, NULL, "ppc_core99.ram", 
ram_size);
+memory_region_allocate_system_memory(ram, machine, "ppc_core99.ram",
+ ram_size);
 memory_region_add_subregion(get_system_memory(), 0, ram);
 
 /* allocate and load BIOS */
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 0fa680b749..9dd645476a 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -127,7 +127,7 @@ static void ppc_heathrow_init(MachineState *machine)
 exit(1);
 }
 
-memory_region_allocate_system_memory(ram, NULL, "ppc_heathrow.ram",
+memory_region_allocate_system_memory(ram, machine, "ppc_heathrow.ram",
  ram_size);
 memory_region_add_subregion(sysmem, 0, ram);
 
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 7cf64b6d25..ac731c4f88 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -640,7 +640,7 @@ static void pnv_init(MachineState *machine)
 }
 
 ram = g_new(MemoryRegion, 1);
-memory_region_allocate_system_memory(ram, NULL, "pnv.ram",
+memory_region_allocate_system_memory(ram, machine, "pnv.ram",
  machine->ram_size);
 memory_region_add_subregion(get_system_memory(), 0, ram);
 
diff --git a/hw/ppc/ppc405_boards.c b/hw/ppc/ppc405_boards.c
index 388cae0b43..8a2d2f4511 100644
--- a/hw/ppc/ppc405_boards.c
+++ b/hw/ppc/ppc405_boards.c
@@ -162,8 +162,8 @@ static void ref405ep_init(MachineState *machine)
 MemoryRegion *sysmem = get_system_memory();
 
 /* XXX: fix this */
-memory_region_allocate_system_memory(_memories[0], NULL, "ef405ep.ram",
- 0x0800);
+memory_region_allocate_system_memory(_memories[0], machine,
+ "ef405ep.ram", 128 * MiB);
 ram_bases[0] = 0;
 ram_sizes[0] = 0x0800;
 memory_region_init(_memories[1], NULL, "ef405ep.ram1", 0);
@@ -427,7 +427,7 @@ static void taihu_405ep_init(MachineState *machine)
 
 /* RAM is soldered to the board so the size cannot be changed */
 ram_size = 0x0800;
-memory_region_allocate_system_memory(ram, NULL, "taihu_405ep.ram",
+memory_region_allocate_system_memory(ram, machine, "taihu_405ep.ram",
  ram_size);
 
 ram_bases[0] = 0;
diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 4f3c6bf190..54b00805e0 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -445,7 +445,8 @@ static void ppc_prep_init(MachineState *machine)
 }
 
 /* allocate RAM */
-memory_region_allocate_system_memory(ram, NULL, "ppc_prep.ram", ram_size);
+memory_region_allocate_system_memory(ram, machine, "ppc_prep.ram",
+ ram_size);
 memory_region_add_subregion(sysmem, 0, ram);
 
 if (linux_boot) {
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 4eb97d3a9b..1f168edd43 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2840,7 +2840,7 @@ static void spapr_machine_init(MachineState *machine)
 }
 
 /* allocate RAM */
-memory_region_allocate_system_memory(ram, NULL, "ppc_spapr.ram",
+memory_region_allocate_system_memory(ram, machine, "ppc_spapr.ram",
  machine->ram_size);
 memory_region_add_subregion(sysmem, 0, ram);
 
diff --git a/hw/ppc/virtex_ml507.c b/hw/ppc/virtex_ml507.c
index 68625522d8..86c9273dc0 100644
--- a/hw/ppc/virtex_ml507.c
+++ b/hw/ppc/virtex_ml507.c
@@ -224,7 +224,7 @@ static void virtex_init(MachineState *machine)
 
 qemu_register_reset(main_cpu_reset, cpu);
 
-memory_region_allocate_system_memory(phys_ram, NULL, "ram", ram_size);
+memory_region_allocate_system_memory(phys_ram, machine, "ram", ram_size);
 

[PATCH 09/21] hw: Let memory_region_allocate_system_memory take MachineState argument

[Philippe Mathieu-Daudé]

All the codebase calls memory_region_allocate_system_memory() with
a NULL 'owner' from the board_init() function.
Let pass a MachineState argument, and enforce the QOM ownership of
the system memory.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/core/numa.c  | 11 +++
 include/hw/boards.h |  6 --
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/hw/core/numa.c b/hw/core/numa.c
index 038c96d4ab..2e29e4bfe0 100644
--- a/hw/core/numa.c
+++ b/hw/core/numa.c
@@ -520,21 +520,24 @@ static void allocate_system_memory_nonnuma(MemoryRegion 
*mr, Object *owner,
 vmstate_register_ram_global(mr);
 }
 
-void memory_region_allocate_system_memory(MemoryRegion *mr, Object *owner,
+void memory_region_allocate_system_memory(MemoryRegion *mr, MachineState *ms,
   const char *name,
   uint64_t ram_size)
 {
 uint64_t addr = 0;
 int i;
-MachineState *ms = MACHINE(qdev_get_machine());
+
+if (!ms) {
+ms = MACHINE(qdev_get_machine());
+}
 
 if (ms->numa_state == NULL ||
 ms->numa_state->num_nodes == 0 || !have_memdevs) {
-allocate_system_memory_nonnuma(mr, owner, name, ram_size);
+allocate_system_memory_nonnuma(mr, OBJECT(ms), name, ram_size);
 return;
 }
 
-memory_region_init(mr, owner, name, ram_size);
+memory_region_init(mr, OBJECT(ms), name, ram_size);
 for (i = 0; i < ms->numa_state->num_nodes; i++) {
 uint64_t size = ms->numa_state->nodes[i].node_mem;
 HostMemoryBackend *backend = ms->numa_state->nodes[i].node_memdev;
diff --git a/include/hw/boards.h b/include/hw/boards.h
index de45087f34..3b6cb82b6c 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -14,7 +14,7 @@
 /**
  * memory_region_allocate_system_memory - Allocate a board's main memory
  * @mr: the #MemoryRegion to be initialized
- * @owner: the object that tracks the region's reference count
+ * @ms: the #MachineState object that own the system memory
  * @name: name of the memory region
  * @ram_size: size of the region in bytes
  *
@@ -38,8 +38,10 @@
  * Smaller pieces of memory (display RAM, static RAMs, etc) don't need
  * to be backed via the -mem-path memory backend and can simply
  * be created via memory_region_init_ram().
+ *
+ * The #MachineState object will track the region's reference count.
  */
-void memory_region_allocate_system_memory(MemoryRegion *mr, Object *owner,
+void memory_region_allocate_system_memory(MemoryRegion *mr, MachineState *ms,
   const char *name,
   uint64_t ram_size);
 
-- 
2.21.0

[PATCH 12/21] hw/arm: Let the machine be the owner of the system memory

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/aspeed.c   | 2 +-
 hw/arm/collie.c   | 2 +-
 hw/arm/cubieboard.c   | 2 +-
 hw/arm/digic_boards.c | 7 ---
 hw/arm/highbank.c | 3 ++-
 hw/arm/imx25_pdk.c| 2 +-
 hw/arm/integratorcp.c | 2 +-
 hw/arm/kzm.c  | 2 +-
 hw/arm/mcimx6ul-evk.c | 2 +-
 hw/arm/mcimx7d-sabre.c| 2 +-
 hw/arm/mps2-tz.c  | 4 ++--
 hw/arm/mps2.c | 4 ++--
 hw/arm/musicpal.c | 2 +-
 hw/arm/nseries.c  | 2 +-
 hw/arm/omap_sx1.c | 2 +-
 hw/arm/palm.c | 2 +-
 hw/arm/raspi.c| 2 +-
 hw/arm/sabrelite.c| 2 +-
 hw/arm/sbsa-ref.c | 2 +-
 hw/arm/versatilepb.c  | 2 +-
 hw/arm/vexpress.c | 4 ++--
 hw/arm/virt.c | 2 +-
 hw/arm/xilinx_zynq.c  | 2 +-
 hw/arm/xlnx-versal-virt.c | 2 +-
 hw/arm/xlnx-zcu102.c  | 2 +-
 25 files changed, 32 insertions(+), 30 deletions(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 52993f84b4..f2a52e1ade 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -212,7 +212,7 @@ static void aspeed_board_init(MachineState *machine,
 ram_size = object_property_get_uint(OBJECT(>soc), "ram-size",
 _abort);
 
-memory_region_allocate_system_memory(>ram, NULL, "ram", ram_size);
+memory_region_allocate_system_memory(>ram, machine, "ram", ram_size);
 memory_region_add_subregion(>ram_container, 0, >ram);
 memory_region_add_subregion(get_system_memory(),
 sc->memmap[ASPEED_SDRAM],
diff --git a/hw/arm/collie.c b/hw/arm/collie.c
index 970a4405cc..632531a88d 100644
--- a/hw/arm/collie.c
+++ b/hw/arm/collie.c
@@ -31,7 +31,7 @@ static void collie_init(MachineState *machine)
 
 s = sa1110_init(machine->cpu_type);
 
-memory_region_allocate_system_memory(sdram, NULL, "strongarm.sdram",
+memory_region_allocate_system_memory(sdram, machine, "strongarm.sdram",
  collie_binfo.ram_size);
 memory_region_add_subregion(get_system_memory(), SA_SDCS0, sdram);
 
diff --git a/hw/arm/cubieboard.c b/hw/arm/cubieboard.c
index 6dc2f1d6b6..b76ad7ef69 100644
--- a/hw/arm/cubieboard.c
+++ b/hw/arm/cubieboard.c
@@ -65,7 +65,7 @@ static void cubieboard_init(MachineState *machine)
 exit(1);
 }
 
-memory_region_allocate_system_memory(>sdram, NULL, "cubieboard.ram",
+memory_region_allocate_system_memory(>sdram, machine, "cubieboard.ram",
  machine->ram_size);
 memory_region_add_subregion(get_system_memory(), AW_A10_SDRAM_BASE,
 >sdram);
diff --git a/hw/arm/digic_boards.c b/hw/arm/digic_boards.c
index ef3fc2b6a5..f3d1febe87 100644
--- a/hw/arm/digic_boards.c
+++ b/hw/arm/digic_boards.c
@@ -53,7 +53,7 @@ typedef struct DigicBoard {
 const char *rom1_def_filename;
 } DigicBoard;
 
-static void digic4_board_init(DigicBoard *board)
+static void digic4_board_init(MachineState *machine, DigicBoard *board)
 {
 Error *err = NULL;
 
@@ -66,7 +66,8 @@ static void digic4_board_init(DigicBoard *board)
 exit(1);
 }
 
-memory_region_allocate_system_memory(>ram, NULL, "ram", 
board->ram_size);
+memory_region_allocate_system_memory(>ram, machine, "ram",
+ board->ram_size);
 memory_region_add_subregion(get_system_memory(), 0, >ram);
 
 if (board->add_rom0) {
@@ -142,7 +143,7 @@ static DigicBoard digic4_board_canon_a1100 = {
 
 static void canon_a1100_init(MachineState *machine)
 {
-digic4_board_init(_board_canon_a1100);
+digic4_board_init(machine, _board_canon_a1100);
 }
 
 static void canon_a1100_machine_init(MachineClass *mc)
diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
index f1724d6929..57e549ec00 100644
--- a/hw/arm/highbank.c
+++ b/hw/arm/highbank.c
@@ -290,7 +290,8 @@ static void calxeda_init(MachineState *machine, enum 
cxmachines machine_id)
 
 sysmem = get_system_memory();
 dram = g_new(MemoryRegion, 1);
-memory_region_allocate_system_memory(dram, NULL, "highbank.dram", 
ram_size);
+memory_region_allocate_system_memory(dram, machine, "highbank.dram",
+ ram_size);
 /* SDRAM at address zero.  */
 memory_region_add_subregion(sysmem, 0, dram);
 
diff --git a/hw/arm/imx25_pdk.c b/hw/arm/imx25_pdk.c
index c76fc2bd94..e88d325e10 100644
--- a/hw/arm/imx25_pdk.c
+++ b/hw/arm/imx25_pdk.c
@@ -84,7 +84,7 @@ static void imx25_pdk_init(MachineState *machine)
 machine->ram_size = FSL_IMX25_SDRAM0_SIZE + FSL_IMX25_SDRAM1_SIZE;
 }
 
-memory_region_allocate_system_memory(>ram, NULL, "imx25.ram",
+memory_region_allocate_system_memory(>ram, machine, "imx25.ram",
  machine->ram_size);
 memory_region_add_subregion(get_system_memory(), FSL_IMX25_SDRAM0_ADDR,
 >ram);
diff --git 

[PATCH 07/21] hw: Drop QOM ownership on memory_region_allocate_system_memory() calls

[Philippe Mathieu-Daudé]

All the memory_region_allocate_system_memory() calls are in the
board_init() code.  From the 58 calls in the repository, only
4 set the 'owner' parameter. It is obvious we want the Machine
to be the owner of the RAM, so we want to use OBJECT(machine)
as owner. We can simplify a bit by passing MachineState to
memory_region_allocate_system_memory(). In preparation of this
refactor, first drop the 'owner' argument from these 4 uses.

  $ git grep memory_region_allocate_system_memory hw/ | wc -l
  58

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/alpha/typhoon.c | 2 +-
 hw/arm/raspi.c | 2 +-
 hw/hppa/machine.c  | 2 +-
 hw/sparc/sun4m.c   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/alpha/typhoon.c b/hw/alpha/typhoon.c
index 179e1f7658..8489ec335c 100644
--- a/hw/alpha/typhoon.c
+++ b/hw/alpha/typhoon.c
@@ -851,7 +851,7 @@ PCIBus *typhoon_init(ram_addr_t ram_size, ISABus **isa_bus,
 
 /* Main memory region, 0x00...  Real hardware supports 32GB,
but the address space hole reserved at this point is 8TB.  */
-memory_region_allocate_system_memory(>ram_region, OBJECT(s), "ram",
+memory_region_allocate_system_memory(>ram_region, NULL, "ram",
  ram_size);
 memory_region_add_subregion(addr_space, 0, >ram_region);
 
diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index 615d755879..f76b6eaad3 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -182,7 +182,7 @@ static void raspi_init(MachineState *machine, int version)
 _abort, NULL);
 
 /* Allocate and map RAM */
-memory_region_allocate_system_memory(>ram, OBJECT(machine), "ram",
+memory_region_allocate_system_memory(>ram, NULL, "ram",
  machine->ram_size);
 /* FIXME: Remove when we have custom CPU address space support */
 memory_region_add_subregion_overlap(get_system_memory(), 0, >ram, 0);
diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c
index 953d454f48..dbe1ff0fe5 100644
--- a/hw/hppa/machine.c
+++ b/hw/hppa/machine.c
@@ -96,7 +96,7 @@ static void machine_hppa_init(MachineState *machine)
 
 /* Main memory region. */
 ram_region = g_new(MemoryRegion, 1);
-memory_region_allocate_system_memory(ram_region, OBJECT(machine),
+memory_region_allocate_system_memory(ram_region, NULL,
  "ram", ram_size);
 memory_region_add_subregion(addr_space, 0, ram_region);
 
diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index 6c5a17a020..0bb7524655 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -788,7 +788,7 @@ static void ram_realize(DeviceState *dev, Error **errp)
 RamDevice *d = SUN4M_RAM(dev);
 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 
-memory_region_allocate_system_memory(>ram, OBJECT(d), "sun4m.ram",
+memory_region_allocate_system_memory(>ram, NULL, "sun4m.ram",
  d->size);
 sysbus_init_mmio(sbd, >ram);
 }
-- 
2.21.0

[PATCH 16/21] hw/lm32: Let the machine be the owner of the system memory

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/lm32/lm32_boards.c | 4 ++--
 hw/lm32/milkymist.c   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/lm32/lm32_boards.c b/hw/lm32/lm32_boards.c
index 5ae308bfcf..50b607e0cc 100644
--- a/hw/lm32/lm32_boards.c
+++ b/hw/lm32/lm32_boards.c
@@ -107,7 +107,7 @@ static void lm32_evr_init(MachineState *machine)
 
 reset_info->flash_base = flash_base;
 
-memory_region_allocate_system_memory(phys_ram, NULL, "lm32_evr.sdram",
+memory_region_allocate_system_memory(phys_ram, machine, "lm32_evr.sdram",
  ram_size);
 memory_region_add_subregion(address_space_mem, ram_base, phys_ram);
 
@@ -200,7 +200,7 @@ static void lm32_uclinux_init(MachineState *machine)
 
 reset_info->flash_base = flash_base;
 
-memory_region_allocate_system_memory(phys_ram, NULL,
+memory_region_allocate_system_memory(phys_ram, machine,
  "lm32_uclinux.sdram", ram_size);
 memory_region_add_subregion(address_space_mem, ram_base, phys_ram);
 
diff --git a/hw/lm32/milkymist.c b/hw/lm32/milkymist.c
index 460d322de5..ee2eb1877e 100644
--- a/hw/lm32/milkymist.c
+++ b/hw/lm32/milkymist.c
@@ -116,7 +116,7 @@ milkymist_init(MachineState *machine)
 
 cpu_lm32_set_phys_msb_ignore(env, 1);
 
-memory_region_allocate_system_memory(phys_sdram, NULL, "milkymist.sdram",
+memory_region_allocate_system_memory(phys_sdram, machine, 
"milkymist.sdram",
  sdram_size);
 memory_region_add_subregion(address_space_mem, sdram_base, phys_sdram);
 
-- 
2.21.0

[PATCH 06/21] hw/arm/digic4: Inline digic4_board_setup_ram() function

[Philippe Mathieu-Daudé]

Having the RAM creation code in a separate function is not
very helpful. Move this code directly inside the board_init()
function, this will later allow the board to have the QOM
ownership of the RAM.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/digic_boards.c | 9 ++---
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/hw/arm/digic_boards.c b/hw/arm/digic_boards.c
index 304e4d1a29..ef3fc2b6a5 100644
--- a/hw/arm/digic_boards.c
+++ b/hw/arm/digic_boards.c
@@ -53,12 +53,6 @@ typedef struct DigicBoard {
 const char *rom1_def_filename;
 } DigicBoard;
 
-static void digic4_board_setup_ram(DigicBoardState *s, hwaddr ram_size)
-{
-memory_region_allocate_system_memory(>ram, NULL, "ram", ram_size);
-memory_region_add_subregion(get_system_memory(), 0, >ram);
-}
-
 static void digic4_board_init(DigicBoard *board)
 {
 Error *err = NULL;
@@ -72,7 +66,8 @@ static void digic4_board_init(DigicBoard *board)
 exit(1);
 }
 
-digic4_board_setup_ram(s, board->ram_size);
+memory_region_allocate_system_memory(>ram, NULL, "ram", 
board->ram_size);
+memory_region_add_subregion(get_system_memory(), 0, >ram);
 
 if (board->add_rom0) {
 board->add_rom0(s, DIGIC4_ROM0_BASE, board->rom0_def_filename);
-- 
2.21.0

[PATCH 08/21] hw/alpha/dp264: Create the RAM in the board

[Philippe Mathieu-Daudé]

The SDRAM is incorrectly created in the Tyohoon northbridge ASIC.
Move its creation in the board code, this will later allow the
board to have the QOM ownership of the RAM.

Signed-off-by: Philippe Mathieu-Daudé 
---
checkpatch complains:

 ERROR: spaces required around that '*' (ctx:WxV)
 #10: FILE: hw/alpha/alpha_sys.h:13:
 +PCIBus *typhoon_init(ISABus **, qemu_irq *, AlphaCPU *[4],
   ^
---
 hw/alpha/alpha_sys.h |  2 +-
 hw/alpha/dp264.c | 11 ++-
 hw/alpha/typhoon.c   |  9 +
 3 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/hw/alpha/alpha_sys.h b/hw/alpha/alpha_sys.h
index 4e127a6de8..17f97e1bfe 100644
--- a/hw/alpha/alpha_sys.h
+++ b/hw/alpha/alpha_sys.h
@@ -10,7 +10,7 @@
 #include "hw/i386/pc.h"
 
 
-PCIBus *typhoon_init(ram_addr_t, ISABus **, qemu_irq *, AlphaCPU *[4],
+PCIBus *typhoon_init(ISABus **, qemu_irq *, AlphaCPU *[4],
  pci_map_irq_fn);
 
 /* alpha_pci.c.  */
diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
index 51feee8558..ddc249261c 100644
--- a/hw/alpha/dp264.c
+++ b/hw/alpha/dp264.c
@@ -62,6 +62,7 @@ static void clipper_init(MachineState *machine)
 uint64_t palcode_entry, palcode_low, palcode_high;
 uint64_t kernel_entry, kernel_low, kernel_high;
 unsigned int smp_cpus = machine->smp.cpus;
+MemoryRegion ram_region;
 
 /* Create up to 4 cpus.  */
 memset(cpus, 0, sizeof(cpus));
@@ -73,8 +74,16 @@ static void clipper_init(MachineState *machine)
 cpus[0]->env.trap_arg1 = 0;
 cpus[0]->env.trap_arg2 = smp_cpus;
 
+/*
+ * Main memory region, 0x00...  Real hardware supports 32GB,
+ * but the address space hole reserved at this point is 8TB.
+ */
+memory_region_allocate_system_memory(_region, NULL, "ram",
+ ram_size);
+memory_region_add_subregion(get_system_memory(), 0, _region);
+
 /* Init the chipset.  */
-pci_bus = typhoon_init(ram_size, _bus, _irq, cpus,
+pci_bus = typhoon_init(_bus, _irq, cpus,
clipper_pci_map_irq);
 
 /* Since we have an SRM-compatible PALcode, use the SRM epoch.  */
diff --git a/hw/alpha/typhoon.c b/hw/alpha/typhoon.c
index 8489ec335c..12589ef331 100644
--- a/hw/alpha/typhoon.c
+++ b/hw/alpha/typhoon.c
@@ -58,7 +58,6 @@ typedef struct TyphoonState {
 TyphoonCchip cchip;
 TyphoonPchip pchip;
 MemoryRegion dchip_region;
-MemoryRegion ram_region;
 } TyphoonState;
 
 /* Called when one of DRIR or DIM changes.  */
@@ -817,7 +816,7 @@ static void typhoon_alarm_timer(void *opaque)
 cpu_interrupt(CPU(s->cchip.cpu[cpu]), CPU_INTERRUPT_TIMER);
 }
 
-PCIBus *typhoon_init(ram_addr_t ram_size, ISABus **isa_bus,
+PCIBus *typhoon_init(ISABus **isa_bus,
  qemu_irq *p_rtc_irq,
  AlphaCPU *cpus[4], pci_map_irq_fn sys_map_irq)
 {
@@ -849,12 +848,6 @@ PCIBus *typhoon_init(ram_addr_t ram_size, ISABus **isa_bus,
 
 *p_rtc_irq = qemu_allocate_irq(typhoon_set_timer_irq, s, 0);
 
-/* Main memory region, 0x00...  Real hardware supports 32GB,
-   but the address space hole reserved at this point is 8TB.  */
-memory_region_allocate_system_memory(>ram_region, NULL, "ram",
- ram_size);
-memory_region_add_subregion(addr_space, 0, >ram_region);
-
 /* TIGbus, 0x801.., 1GB.  */
 /* ??? The TIGbus is used for delivering interrupts, and access to
the flash ROM.  I'm not sure that we need to implement it at all.  */
-- 
2.21.0

[PATCH 10/21] hw/core: Let the machine be the owner of the system memory

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/core/null-machine.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/core/null-machine.c b/hw/core/null-machine.c
index 1aa0a9a01a..16546c8140 100644
--- a/hw/core/null-machine.c
+++ b/hw/core/null-machine.c
@@ -35,7 +35,7 @@ static void machine_none_init(MachineState *mch)
 if (mch->ram_size) {
 MemoryRegion *ram = g_new(MemoryRegion, 1);
 
-memory_region_allocate_system_memory(ram, NULL, "ram", mch->ram_size);
+memory_region_allocate_system_memory(ram, mch, "ram", mch->ram_size);
 memory_region_add_subregion(get_system_memory(), 0, ram);
 }
 
-- 
2.21.0

[PATCH 05/21] hw/arm/omap1: Create the RAM in the board

[Philippe Mathieu-Daudé]

The SDRAM is incorrectly created in the OMAP310 SoC.
Move its creation in the board code, this will later allow the
board to have the QOM ownership of the RAM.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/omap1.c| 12 +---
 hw/arm/omap_sx1.c |  8 ++--
 hw/arm/palm.c |  8 ++--
 include/hw/arm/omap.h |  6 ++
 4 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c
index 0400593805..6ce038a453 100644
--- a/hw/arm/omap1.c
+++ b/hw/arm/omap1.c
@@ -23,6 +23,7 @@
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "cpu.h"
+#include "exec/address-spaces.h"
 #include "hw/boards.h"
 #include "hw/hw.h"
 #include "hw/irq.h"
@@ -3858,8 +3859,7 @@ static int omap_validate_tipb_mpui_addr(struct 
omap_mpu_state_s *s,
 return range_covers_byte(0xe101, 0xe1020004 - 0xe101, addr);
 }
 
-struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *system_memory,
-unsigned long sdram_size,
+struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *dram,
 const char *cpu_type)
 {
 int i;
@@ -3867,11 +3867,12 @@ struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion 
*system_memory,
 qemu_irq dma_irqs[6];
 DriveInfo *dinfo;
 SysBusDevice *busdev;
+MemoryRegion *system_memory = get_system_memory();
 
 /* Core */
 s->mpu_model = omap310;
 s->cpu = ARM_CPU(cpu_create(cpu_type));
-s->sdram_size = sdram_size;
+s->sdram_size = memory_region_size(dram);
 s->sram_size = OMAP15XX_SRAM_SIZE;
 
 s->wakeup = qemu_allocate_irq(omap_mpu_wakeup, s, 0);
@@ -3880,9 +3881,6 @@ struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion 
*system_memory,
 omap_clk_init(s);
 
 /* Memory-mapped stuff */
-memory_region_allocate_system_memory(>emiff_ram, NULL, "omap1.dram",
- s->sdram_size);
-memory_region_add_subregion(system_memory, OMAP_EMIFF_BASE, >emiff_ram);
 memory_region_init_ram(>imif_ram, NULL, "omap1.sram", s->sram_size,
_fatal);
 memory_region_add_subregion(system_memory, OMAP_IMIF_BASE, >imif_ram);
@@ -3925,7 +3923,7 @@ struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion 
*system_memory,
 s->port[tipb_mpui].addr_valid = omap_validate_tipb_mpui_addr;
 
 /* Register SDRAM and SRAM DMA ports for fast transfers.  */
-soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(>emiff_ram),
+soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(dram),
  OMAP_EMIFF_BASE, s->sdram_size);
 soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(>imif_ram),
  OMAP_IMIF_BASE, s->sram_size);
diff --git a/hw/arm/omap_sx1.c b/hw/arm/omap_sx1.c
index c071197be7..be245714db 100644
--- a/hw/arm/omap_sx1.c
+++ b/hw/arm/omap_sx1.c
@@ -103,6 +103,7 @@ static void sx1_init(MachineState *machine, const int 
version)
 {
 struct omap_mpu_state_s *mpu;
 MemoryRegion *address_space = get_system_memory();
+MemoryRegion *dram = g_new(MemoryRegion, 1);
 MemoryRegion *flash = g_new(MemoryRegion, 1);
 MemoryRegion *cs = g_new(MemoryRegion, 4);
 static uint32_t cs0val = 0x00213090;
@@ -118,8 +119,11 @@ static void sx1_init(MachineState *machine, const int 
version)
 flash_size = flash2_size;
 }
 
-mpu = omap310_mpu_init(address_space, sx1_binfo.ram_size,
-   machine->cpu_type);
+memory_region_allocate_system_memory(dram, NULL, "omap1.dram",
+ sx1_binfo.ram_size);
+memory_region_add_subregion(address_space, OMAP_EMIFF_BASE, dram);
+
+mpu = omap310_mpu_init(dram, machine->cpu_type);
 
 /* External Flash (EMIFS) */
 memory_region_init_ram(flash, NULL, "omap_sx1.flash0-0", flash_size,
diff --git a/hw/arm/palm.c b/hw/arm/palm.c
index 02a3a82b9b..72eca8cc55 100644
--- a/hw/arm/palm.c
+++ b/hw/arm/palm.c
@@ -190,16 +190,20 @@ static void palmte_init(MachineState *machine)
 MemoryRegion *address_space_mem = get_system_memory();
 struct omap_mpu_state_s *mpu;
 int flash_size = 0x0080;
-int sdram_size = palmte_binfo.ram_size;
 static uint32_t cs0val = 0x;
 static uint32_t cs1val = 0xe1a0;
 static uint32_t cs2val = 0xe1a0;
 static uint32_t cs3val = 0xe1a0e1a0;
 int rom_size, rom_loaded = 0;
+MemoryRegion *dram = g_new(MemoryRegion, 1);
 MemoryRegion *flash = g_new(MemoryRegion, 1);
 MemoryRegion *cs = g_new(MemoryRegion, 4);
 
-mpu = omap310_mpu_init(address_space_mem, sdram_size, machine->cpu_type);
+memory_region_allocate_system_memory(dram, NULL, "omap1.dram",
+ palmte_binfo.ram_size);
+memory_region_add_subregion(address_space_mem, OMAP_EMIFF_BASE, dram);
+
+mpu = omap310_mpu_init(dram, machine->cpu_type);
 
 /* External Flash (EMIFS) */
 memory_region_init_ram(flash, NULL, "palmte.flash", 

[PATCH 04/21] hw/arm/omap2: Create the RAM in the board

[Philippe Mathieu-Daudé]

The SDRAM is incorrectly created in the OMAP2420 SoC.
Move its creation in the board code, this will later allow the
board to have the QOM ownership of the RAM.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/nseries.c  | 10 +++---
 hw/arm/omap2.c| 13 +
 include/hw/arm/omap.h |  4 +---
 3 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
index a36971d39a..11f2c193f3 100644
--- a/hw/arm/nseries.c
+++ b/hw/arm/nseries.c
@@ -1311,11 +1311,15 @@ static int n810_atag_setup(const struct arm_boot_info 
*info, void *p)
 static void n8x0_init(MachineState *machine,
   struct arm_boot_info *binfo, int model)
 {
-MemoryRegion *sysmem = get_system_memory();
+MemoryRegion *sdram = g_new(MemoryRegion, 1);
 struct n800_s *s = (struct n800_s *) g_malloc0(sizeof(*s));
-int sdram_size = binfo->ram_size;
+uint64_t sdram_size = binfo->ram_size;
 
-s->mpu = omap2420_mpu_init(sysmem, sdram_size, machine->cpu_type);
+memory_region_allocate_system_memory(sdram, NULL, "omap2.dram",
+ sdram_size);
+memory_region_add_subregion(get_system_memory(), OMAP2_Q2_BASE, sdram);
+
+s->mpu = omap2420_mpu_init(sdram, machine->cpu_type);
 
 /* Setup peripherals
  *
diff --git a/hw/arm/omap2.c b/hw/arm/omap2.c
index bd7ddff983..457f152bac 100644
--- a/hw/arm/omap2.c
+++ b/hw/arm/omap2.c
@@ -22,6 +22,7 @@
 #include "qemu/error-report.h"
 #include "qapi/error.h"
 #include "cpu.h"
+#include "exec/address-spaces.h"
 #include "sysemu/blockdev.h"
 #include "sysemu/qtest.h"
 #include "sysemu/reset.h"
@@ -2276,8 +2277,7 @@ static const struct dma_irq_map omap2_dma_irq_map[] = {
 { 0, OMAP_INT_24XX_SDMA_IRQ3 },
 };
 
-struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sysmem,
-unsigned long sdram_size,
+struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sdram,
 const char *cpu_type)
 {
 struct omap_mpu_state_s *s = g_new0(struct omap_mpu_state_s, 1);
@@ -2286,11 +2286,11 @@ struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion 
*sysmem,
 int i;
 SysBusDevice *busdev;
 struct omap_target_agent_s *ta;
+MemoryRegion *sysmem = get_system_memory();
 
 /* Core */
 s->mpu_model = omap2420;
 s->cpu = ARM_CPU(cpu_create(cpu_type));
-s->sdram_size = sdram_size;
 s->sram_size = OMAP242X_SRAM_SIZE;
 
 s->wakeup = qemu_allocate_irq(omap_mpu_wakeup, s, 0);
@@ -2299,9 +2299,6 @@ struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion 
*sysmem,
 omap_clk_init(s);
 
 /* Memory-mapped stuff */
-memory_region_allocate_system_memory(>sdram, NULL, "omap2.dram",
- s->sdram_size);
-memory_region_add_subregion(sysmem, OMAP2_Q2_BASE, >sdram);
 memory_region_init_ram(>sram, NULL, "omap2.sram", s->sram_size,
_fatal);
 memory_region_add_subregion(sysmem, OMAP2_SRAM_BASE, >sram);
@@ -2338,8 +2335,8 @@ struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion 
*sysmem,
 s->port->addr_valid = omap2_validate_addr;
 
 /* Register SDRAM and SRAM ports for fast DMA transfers.  */
-soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(>sdram),
- OMAP2_Q2_BASE, s->sdram_size);
+soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(sdram),
+ OMAP2_Q2_BASE, memory_region_size(sdram));
 soc_dma_port_add_mem(s->dma, memory_region_get_ram_ptr(>sram),
  OMAP2_SRAM_BASE, s->sram_size);
 
diff --git a/include/hw/arm/omap.h b/include/hw/arm/omap.h
index 2fda996648..763d8eab4f 100644
--- a/include/hw/arm/omap.h
+++ b/include/hw/arm/omap.h
@@ -824,7 +824,6 @@ struct omap_mpu_state_s {
 MemoryRegion tap_iomem;
 MemoryRegion imif_ram;
 MemoryRegion emiff_ram;
-MemoryRegion sdram;
 MemoryRegion sram;
 
 struct omap_dma_port_if_s {
@@ -938,8 +937,7 @@ struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion 
*system_memory,
 const char *core);
 
 /* omap2.c */
-struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sysmem,
-unsigned long sdram_size,
+struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sdram,
 const char *core);
 
 uint32_t omap_badwidth_read8(void *opaque, hwaddr addr);
-- 
2.21.0

[PATCH 02/21] hw/arm/mps2: Use the IEC binary prefix definitions

[Philippe Mathieu-Daudé]

IEC binary prefixes ease code review: the unit is explicit.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/mps2-tz.c | 3 ++-
 hw/arm/mps2.c| 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c
index 6b24aaacde..f8b620bcc6 100644
--- a/hw/arm/mps2-tz.c
+++ b/hw/arm/mps2-tz.c
@@ -38,6 +38,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/units.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
 #include "hw/arm/boot.h"
@@ -458,7 +459,7 @@ static void mps2tz_common_init(MachineState *machine)
  * call the 16MB our "system memory", as it's the largest lump.
  */
 memory_region_allocate_system_memory(>psram,
- NULL, "mps.ram", 0x0100);
+ NULL, "mps.ram", 16 * MiB);
 memory_region_add_subregion(system_memory, 0x8000, >psram);
 
 /* The overflow IRQs for all UARTs are ORed together.
diff --git a/hw/arm/mps2.c b/hw/arm/mps2.c
index 10efff36b2..d002b126d3 100644
--- a/hw/arm/mps2.c
+++ b/hw/arm/mps2.c
@@ -23,6 +23,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/units.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
 #include "hw/arm/boot.h"
@@ -146,7 +147,7 @@ static void mps2_common_init(MachineState *machine)
  * zbt_boot_ctrl is always zero).
  */
 memory_region_allocate_system_memory(>psram,
- NULL, "mps.ram", 0x100);
+ NULL, "mps.ram", 16 * MiB);
 memory_region_add_subregion(system_memory, 0x2100, >psram);
 
 switch (mmc->fpga_type) {
-- 
2.21.0

[PATCH 03/21] hw/arm/collie: Create the RAM in the board

[Philippe Mathieu-Daudé]

The SDRAM is incorrectly created in the SA1110 SoC.
Move its creation in the board code, this will later allow the
board to have the QOM ownership of the RAM.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/collie.c| 8 ++--
 hw/arm/strongarm.c | 7 +--
 hw/arm/strongarm.h | 4 +---
 3 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/hw/arm/collie.c b/hw/arm/collie.c
index b1288ccea8..970a4405cc 100644
--- a/hw/arm/collie.c
+++ b/hw/arm/collie.c
@@ -27,9 +27,13 @@ static void collie_init(MachineState *machine)
 {
 StrongARMState *s;
 DriveInfo *dinfo;
-MemoryRegion *sysmem = get_system_memory();
+MemoryRegion *sdram = g_new(MemoryRegion, 1);
 
-s = sa1110_init(sysmem, collie_binfo.ram_size, machine->cpu_type);
+s = sa1110_init(machine->cpu_type);
+
+memory_region_allocate_system_memory(sdram, NULL, "strongarm.sdram",
+ collie_binfo.ram_size);
+memory_region_add_subregion(get_system_memory(), SA_SDCS0, sdram);
 
 dinfo = drive_get(IF_PFLASH, 0, 0);
 pflash_cfi01_register(SA_CS0, "collie.fl1", 0x0200,
diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
index dc65d88a65..6bee034914 100644
--- a/hw/arm/strongarm.c
+++ b/hw/arm/strongarm.c
@@ -1586,8 +1586,7 @@ static const TypeInfo strongarm_ssp_info = {
 };
 
 /* Main CPU functions */
-StrongARMState *sa1110_init(MemoryRegion *sysmem,
-unsigned int sdram_size, const char *cpu_type)
+StrongARMState *sa1110_init(const char *cpu_type)
 {
 StrongARMState *s;
 int i;
@@ -1601,10 +1600,6 @@ StrongARMState *sa1110_init(MemoryRegion *sysmem,
 
 s->cpu = ARM_CPU(cpu_create(cpu_type));
 
-memory_region_allocate_system_memory(>sdram, NULL, "strongarm.sdram",
- sdram_size);
-memory_region_add_subregion(sysmem, SA_SDCS0, >sdram);
-
 s->pic = sysbus_create_varargs("strongarm_pic", 0x9005,
 qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_IRQ),
 qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_FIQ),
diff --git a/hw/arm/strongarm.h b/hw/arm/strongarm.h
index e98840b461..192821f6aa 100644
--- a/hw/arm/strongarm.h
+++ b/hw/arm/strongarm.h
@@ -55,7 +55,6 @@ enum {
 
 typedef struct {
 ARMCPU *cpu;
-MemoryRegion sdram;
 DeviceState *pic;
 DeviceState *gpio;
 DeviceState *ppc;
@@ -63,7 +62,6 @@ typedef struct {
 SSIBus *ssp_bus;
 } StrongARMState;
 
-StrongARMState *sa1110_init(MemoryRegion *sysmem,
-unsigned int sdram_size, const char *rev);
+StrongARMState *sa1110_init(const char *cpu_type);
 
 #endif
-- 
2.21.0

[PATCH 01/21] hw/arm/xilinx_zynq: Use the IEC binary prefix definitions

[Philippe Mathieu-Daudé]

IEC binary prefixes ease code review: the unit is explicit.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/xilinx_zynq.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
index c14774e542..3a0fa5b23f 100644
--- a/hw/arm/xilinx_zynq.c
+++ b/hw/arm/xilinx_zynq.c
@@ -16,6 +16,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/units.h"
 #include "qapi/error.h"
 #include "cpu.h"
 #include "hw/sysbus.h"
@@ -194,7 +195,7 @@ static void zynq_init(MachineState *machine)
 memory_region_add_subregion(address_space_mem, 0, ext_ram);
 
 /* 256K of on-chip memory */
-memory_region_init_ram(ocm_ram, NULL, "zynq.ocm_ram", 256 << 10,
+memory_region_init_ram(ocm_ram, NULL, "zynq.ocm_ram", 256 * KiB,
_fatal);
 memory_region_add_subregion(address_space_mem, 0xFFFC, ocm_ram);
 
-- 
2.21.0

[PATCH 00/21] hw: Let the machine be the owner of the system memory

[Philippe Mathieu-Daudé]

Hi,

This series is based on Igor's "eliminate remaining places that
abuse memory_region_allocate_system_memory()":
https://lists.gnu.org/archive/html/qemu-devel/2019-10/msg01601.html

It is quite simple, we enforce all machines to be the QOM owner
of the system memory.

This changes the memory tree from:

  (qemu) info mtree -o
  memory-region: pc.ram
-07ff (prio 0, ram): pc.ram parent:{obj 
path=/machine/unattached}

to:

  (qemu) info mtree -o
  memory-region: pc.ram
-07ff (prio 0, ram): pc.ram owner:{obj 
path=/machine}

Few patches are required to clean the codebase first, to unify the
creation of the system memory in the board/machine code. Mostly some
old ARM machines (pre-QOM) were affected.

Please review (as a generic codebase cleanup).

Regards,

Phil.

Based-on: <20191008113318.7012-1-imamm...@redhat.com>

Philippe Mathieu-Daudé (21):
  hw/arm/xilinx_zynq: Use the IEC binary prefix definitions
  hw/arm/mps2: Use the IEC binary prefix definitions
  hw/arm/collie: Create the RAM in the board
  hw/arm/omap2: Create the RAM in the board
  hw/arm/omap1: Create the RAM in the board
  hw/arm/digic4: Inline digic4_board_setup_ram() function
  hw: Drop QOM ownership on memory_region_allocate_system_memory() calls
  hw/alpha/dp264: Create the RAM in the board
  hw: Let memory_region_allocate_system_memory take MachineState
argument
  hw/core: Let the machine be the owner of the system memory
  hw/alpha: Let the machine be the owner of the system memory
  hw/arm: Let the machine be the owner of the system memory
  hw/cris: Let the machine be the owner of the system memory
  hw/hppa: Let the machine be the owner of the system memory
  hw/i386: Let the machine be the owner of the system memory
  hw/lm32: Let the machine be the owner of the system memory
  hw/m68k: Let the machine be the owner of the system memory
  hw/mips: Let the machine be the owner of the system memory
  hw/ppc: Let the machine be the owner of the system memory
  hw/sparc: Let the machine be the owner of the system memory
  hw/core: Assert memory_region_allocate_system_memory has machine owner

 hw/alpha/alpha_sys.h  |  2 +-
 hw/alpha/dp264.c  | 11 ++-
 hw/alpha/typhoon.c|  9 +
 hw/arm/aspeed.c   |  2 +-
 hw/arm/collie.c   |  8 ++--
 hw/arm/cubieboard.c   |  2 +-
 hw/arm/digic_boards.c | 14 +-
 hw/arm/highbank.c |  3 ++-
 hw/arm/imx25_pdk.c|  2 +-
 hw/arm/integratorcp.c |  2 +-
 hw/arm/kzm.c  |  2 +-
 hw/arm/mcimx6ul-evk.c |  2 +-
 hw/arm/mcimx7d-sabre.c|  2 +-
 hw/arm/mps2-tz.c  |  5 +++--
 hw/arm/mps2.c |  5 +++--
 hw/arm/musicpal.c |  2 +-
 hw/arm/nseries.c  | 10 +++---
 hw/arm/omap1.c| 12 +---
 hw/arm/omap2.c| 13 +
 hw/arm/omap_sx1.c |  8 ++--
 hw/arm/palm.c |  8 ++--
 hw/arm/raspi.c|  2 +-
 hw/arm/sabrelite.c|  2 +-
 hw/arm/sbsa-ref.c |  2 +-
 hw/arm/strongarm.c|  7 +--
 hw/arm/strongarm.h|  4 +---
 hw/arm/versatilepb.c  |  2 +-
 hw/arm/vexpress.c |  4 ++--
 hw/arm/virt.c |  2 +-
 hw/arm/xilinx_zynq.c  |  5 +++--
 hw/arm/xlnx-versal-virt.c |  2 +-
 hw/arm/xlnx-zcu102.c  |  2 +-
 hw/core/null-machine.c|  2 +-
 hw/core/numa.c|  9 +
 hw/cris/axis_dev88.c  |  2 +-
 hw/hppa/machine.c |  2 +-
 hw/i386/pc.c  |  2 +-
 hw/lm32/lm32_boards.c |  4 ++--
 hw/lm32/milkymist.c   |  2 +-
 hw/m68k/an5206.c  |  2 +-
 hw/m68k/mcf5208.c |  2 +-
 hw/m68k/next-cube.c   |  2 +-
 hw/mips/boston.c  |  2 +-
 hw/mips/mips_fulong2e.c   |  3 ++-
 hw/mips/mips_jazz.c   |  2 +-
 hw/mips/mips_malta.c  |  2 +-
 hw/mips/mips_mipssim.c|  2 +-
 hw/mips/mips_r4k.c|  3 ++-
 hw/ppc/e500.c |  3 ++-
 hw/ppc/mac_newworld.c |  3 ++-
 hw/ppc/mac_oldworld.c |  2 +-
 hw/ppc/pnv.c  |  2 +-
 hw/ppc/ppc405_boards.c|  6 +++---
 hw/ppc/prep.c |  3 ++-
 hw/ppc/spapr.c|  2 +-
 hw/ppc/virtex_ml507.c |  2 +-
 hw/sparc/leon3.c  |  2 +-
 hw/sparc/sun4m.c  |  2 +-
 include/hw/arm/omap.h | 10 +++---
 include/hw/boards.h   |  6 --
 60 files changed, 127 insertions(+), 117 deletions(-)

-- 
2.21.0

Re: [PATCH 3/3] hppa: drop usage of memory_region_allocate_system_memory() for ROM

[Philippe Mathieu-Daudé]

On 10/8/19 1:33 PM, Igor Mammedov wrote:

machine_hppa_init() violates memory_region_allocate_system_memory() contract
by calling it multiple times which could break with -mem-path. Replace
the second usage (for 'rom') with memory_region_init_ram() instead.

Signed-off-by: Igor Mammedov 
---
  hw/hppa/machine.c | 5 ++---
  1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c
index 7e23675429..953d454f48 100644
--- a/hw/hppa/machine.c
+++ b/hw/hppa/machine.c
@@ -161,9 +161,8 @@ static void machine_hppa_init(MachineState *machine)
  g_free(firmware_filename);
  
  rom_region = g_new(MemoryRegion, 1);

-memory_region_allocate_system_memory(rom_region, OBJECT(machine),
- "firmware",
- (FIRMWARE_END - FIRMWARE_START));
+memory_region_init_ram(rom_region, NULL, "firmware",
+   (FIRMWARE_END - FIRMWARE_START), _fatal);
  memory_region_add_subregion(addr_space, FIRMWARE_START, rom_region);
  
  /* Load kernel */




Tested-by: Philippe Mathieu-Daudé 

[PATCH 2/7] hppa: Add support for LASI chip with i82596 NIC

[Sven Schnelle]

From: Helge Deller 

LASI is a built-in multi-I/O chip which supports serial, parallel,
network (Intel i82596 Apricot), sound and other functionalities.
LASI has been used in many HP PARISC machines.
This patch adds the necessary parts to allow Linux and HP-UX to detect
LASI and the network card.

Signed-off-by: Helge Deller 
Signed-off-by: Sven Schnelle 
---
 MAINTAINERS |   2 +
 hw/hppa/Kconfig |   1 +
 hw/hppa/Makefile.objs   |   2 +-
 hw/hppa/hppa_sys.h  |   2 +
 hw/hppa/lasi.c  | 360 ++
 hw/hppa/machine.c   |   8 +-
 hw/hppa/trace-events|   5 +
 hw/net/Kconfig  |   7 +
 hw/net/Makefile.objs|   2 +
 hw/net/i82596.c | 734 
 hw/net/i82596.h |  55 +++
 hw/net/lasi_i82596.c| 188 +
 hw/net/trace-events |  13 +
 include/hw/net/lasi_82596.h |  29 ++
 14 files changed, 1406 insertions(+), 2 deletions(-)
 create mode 100644 hw/hppa/lasi.c
 create mode 100644 hw/net/i82596.c
 create mode 100644 hw/net/i82596.h
 create mode 100644 hw/net/lasi_i82596.c
 create mode 100644 include/hw/net/lasi_82596.h

diff --git a/MAINTAINERS b/MAINTAINERS
index f9541c3305..91e9e8ceac 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -178,6 +178,8 @@ S: Maintained
 F: target/hppa/
 F: hw/hppa/
 F: disas/hppa.c
+F: hw/net/*i82596*
+F: include/hw/net/lasi_82596.h
 
 LM32 TCG CPUs
 M: Michael Walle 
diff --git a/hw/hppa/Kconfig b/hw/hppa/Kconfig
index 6e5d74a825..2a7b38d6d6 100644
--- a/hw/hppa/Kconfig
+++ b/hw/hppa/Kconfig
@@ -10,3 +10,4 @@ config DINO
 select IDE_CMD646
 select MC146818RTC
 select LSI_SCSI_PCI
+select LASI_82596
diff --git a/hw/hppa/Makefile.objs b/hw/hppa/Makefile.objs
index 67838f50a3..eac3467d8a 100644
--- a/hw/hppa/Makefile.objs
+++ b/hw/hppa/Makefile.objs
@@ -1 +1 @@
-obj-$(CONFIG_DINO) += pci.o machine.o dino.o
+obj-$(CONFIG_DINO) += pci.o machine.o dino.o lasi.o
diff --git a/hw/hppa/hppa_sys.h b/hw/hppa/hppa_sys.h
index 43d25d21fc..d99b5dd87b 100644
--- a/hw/hppa/hppa_sys.h
+++ b/hw/hppa/hppa_sys.h
@@ -11,6 +11,8 @@
 #include "hppa_hardware.h"
 
 PCIBus *dino_init(MemoryRegion *, qemu_irq *, qemu_irq *);
+DeviceState *lasi_init(MemoryRegion *);
+#define enable_lasi_lan()   0
 
 #define TYPE_DINO_PCI_HOST_BRIDGE "dino-pcihost"
 
diff --git a/hw/hppa/lasi.c b/hw/hppa/lasi.c
new file mode 100644
index 00..51752589f3
--- /dev/null
+++ b/hw/hppa/lasi.c
@@ -0,0 +1,360 @@
+/*
+ * HP-PARISC Lasi chipset emulation.
+ *
+ * (C) 2019 by Helge Deller 
+ *
+ * This work is licensed under the GNU GPL license version 2 or later.
+ *
+ * Documentation available at:
+ * https://parisc.wiki.kernel.org/images-parisc/7/79/Lasi_ers.pdf
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/units.h"
+#include "qapi/error.h"
+#include "cpu.h"
+#include "trace.h"
+#include "hw/hw.h"
+#include "hw/irq.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/runstate.h"
+#include "hppa_sys.h"
+#include "hw/net/lasi_82596.h"
+#include "hw/char/parallel.h"
+#include "hw/char/serial.h"
+#include "exec/address-spaces.h"
+#include "migration/vmstate.h"
+
+#define TYPE_LASI_CHIP "lasi-chip"
+
+#define LASI_IRR0x00/* RO */
+#define LASI_IMR0x04
+#define LASI_IPR0x08
+#define LASI_ICR0x0c
+#define LASI_IAR0x10
+
+#define LASI_PCR0x0C000 /* LASI Power Control register */
+#define LASI_ERRLOG 0x0C004 /* LASI Error Logging register */
+#define LASI_VER0x0C008 /* LASI Version Control register */
+#define LASI_IORESET0x0C00C /* LASI I/O Reset register */
+#define LASI_AMR0x0C010 /* LASI Arbitration Mask register */
+#define LASI_IO_CONF0x7FFFE /* LASI primary configuration register */
+#define LASI_IO_CONF2   0x7 /* LASI secondary configuration register */
+
+#define LASI_BIT(x) (1ul << (x))
+#define LASI_IRQ_BITS   (LASI_BIT(5) | LASI_BIT(7) | LASI_BIT(8) | LASI_BIT(9) 
\
+| LASI_BIT(13) | LASI_BIT(14) | LASI_BIT(16) | LASI_BIT(17) \
+| LASI_BIT(18) | LASI_BIT(19) | LASI_BIT(20) | LASI_BIT(21) \
+| LASI_BIT(26))
+
+#define ICR_BUS_ERROR_BIT  LASI_BIT(8)  /* bit 8 in ICR */
+#define ICR_TOC_BITLASI_BIT(1)  /* bit 1 in ICR */
+
+#define LASI_CHIP(obj) \
+OBJECT_CHECK(LasiState, (obj), TYPE_LASI_CHIP)
+
+#define LASI_RTC_HPA(LASI_HPA + 0x9000)
+
+typedef struct LasiState {
+PCIHostState parent_obj;
+
+uint32_t irr;
+uint32_t imr;
+uint32_t ipr;
+uint32_t icr;
+uint32_t iar;
+
+uint32_t errlog;
+uint32_t amr;
+uint32_t rtc;
+time_t rtc_ref;
+
+MemoryRegion this_mem;
+} LasiState;
+
+static bool lasi_chip_mem_valid(void *opaque, hwaddr addr,
+unsigned size, bool is_write,
+MemTxAttrs attrs)
+{
+bool ret = false;
+
+switch (addr) {
+case LASI_IRR:
+case LASI_IMR:
+case LASI_IPR:
+case 

[PATCH 6/7] hppa: Add emulation of Artist graphics

[Sven Schnelle]

This adds emulation of Artist graphics good enough
to get a Text console on both Linux and HP-UX. The
X11 server from HP-UX also works.

Signed-off-by: Sven Schnelle 
---
 hw/display/Kconfig   |3 +
 hw/display/Makefile.objs |1 +
 hw/display/artist.c  | 1336 ++
 hw/display/trace-events  |9 +
 hw/hppa/Kconfig  |1 +
 hw/hppa/hppa_hardware.h  |1 +
 hw/hppa/machine.c|   10 +
 7 files changed, 1361 insertions(+)
 create mode 100644 hw/display/artist.c

diff --git a/hw/display/Kconfig b/hw/display/Kconfig
index cbdf7b1a67..953631afb6 100644
--- a/hw/display/Kconfig
+++ b/hw/display/Kconfig
@@ -91,6 +91,9 @@ config TCX
 config CG3
 bool
 
+config ARTIST
+bool
+
 config VGA
 bool
 
diff --git a/hw/display/Makefile.objs b/hw/display/Makefile.objs
index 5a4066383b..5f63294149 100644
--- a/hw/display/Makefile.objs
+++ b/hw/display/Makefile.objs
@@ -39,6 +39,7 @@ common-obj-$(CONFIG_SM501) += sm501.o
 common-obj-$(CONFIG_TCX) += tcx.o
 common-obj-$(CONFIG_CG3) += cg3.o
 common-obj-$(CONFIG_NEXTCUBE) += next-fb.o
+common-obj-$(CONFIG_ARTIST) += artist.o
 
 obj-$(CONFIG_VGA) += vga.o
 
diff --git a/hw/display/artist.c b/hw/display/artist.c
new file mode 100644
index 00..9b285b3993
--- /dev/null
+++ b/hw/display/artist.c
@@ -0,0 +1,1336 @@
+/*
+ * QEMU HP Artist Emulation
+ *
+ * Copyright (c) 2019 Sven Schnelle 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/error-report.h"
+#include "qemu/typedefs.h"
+#include "qemu/log.h"
+#include "qemu/module.h"
+#include "qapi/error.h"
+#include "hw/sysbus.h"
+#include "hw/loader.h"
+#include "hw/qdev-core.h"
+#include "hw/qdev-properties.h"
+#include "migration/vmstate.h"
+#include "ui/console.h"
+#include "trace.h"
+
+#define TYPE_ARTIST "artist"
+#define ARTIST(obj) OBJECT_CHECK(ARTISTState, (obj), TYPE_ARTIST)
+
+struct vram_buffer {
+uint8_t *data;
+int size;
+int width;
+int height;
+};
+
+typedef struct ARTISTState {
+SysBusDevice parent_obj;
+
+QemuConsole *con;
+MemoryRegion vram_mem;
+MemoryRegion reg;
+uint8_t *vram;
+
+struct vram_buffer vram_buffer[16];
+
+uint16_t width;
+uint16_t height;
+uint16_t depth;
+
+uint32_t fg_color;
+uint32_t bg_color;
+
+uint32_t vram_char_y;
+uint32_t vram_bitmask;
+
+uint32_t vram_start;
+uint32_t vram_pos;
+
+uint32_t vram_size;
+
+uint32_t blockmove_source;
+uint32_t blockmove_dest;
+uint32_t blockmove_size;
+
+uint32_t line_size;
+uint32_t line_end;
+uint32_t line_xy;
+uint32_t line_pattern_start;
+uint32_t line_pattern_skip;
+
+uint32_t cursor_pos;
+
+uint32_t cursor_height;
+uint32_t cursor_width;
+
+uint32_t plane_mask;
+
+uint32_t reg_100080;
+uint32_t reg_300200;
+uint32_t reg_300208;
+uint32_t reg_300218;
+
+uint32_t cmap_bm_access;
+uint32_t dst_bm_access;
+uint32_t src_bm_access;
+uint32_t control_plane;
+uint32_t transfer_data;
+uint32_t image_bitmap_op;
+
+uint32_t font_write1;
+uint32_t font_write2;
+uint32_t font_write_pos_y;
+
+int draw_line_pattern;
+} ARTISTState;
+
+typedef enum {
+ARTIST_BUFFER_AP = 1,
+ARTIST_BUFFER_OVERLAY = 2,
+ARTIST_BUFFER_CURSOR1 = 6,
+ARTIST_BUFFER_CURSOR2 = 7,
+ARTIST_BUFFER_ATTRIBUTE = 13,
+ARTIST_BUFFER_CMAP = 15,
+} artist_buffer_t;
+
+typedef enum {
+VRAM_IDX = 0x1004a0,
+VRAM_BITMASK = 0x1005a0,
+VRAM_WRITE_INCR_X = 0x100600,
+VRAM_WRITE_INCR_X2 = 0x100604,
+VRAM_WRITE_INCR_Y = 0x100620,
+VRAM_START = 0x100800,
+BLOCK_MOVE_SIZE = 0x100804,
+BLOCK_MOVE_SOURCE = 0x100808,
+TRANSFER_DATA = 0x100820,
+FONT_WRITE_INCR_Y = 0x1008a0,
+VRAM_START_TRIGGER = 0x100a00,
+VRAM_SIZE_TRIGGER = 0x100a04,
+FONT_WRITE_START = 0x100aa0,
+BLOCK_MOVE_DEST_TRIGGER = 0x100b00,
+BLOCK_MOVE_SIZE_TRIGGER = 0x100b04,
+LINE_XY = 0x100ccc,
+PATTERN_LINE_START = 0x100ecc,
+LINE_SIZE = 0x100e04,
+LINE_END = 0x100e44,
+CMAP_BM_ACCESS = 0x118000,
+DST_BM_ACCESS = 0x118004,
+SRC_BM_ACCESS = 0x118008,
+CONTROL_PLANE = 0x11800c,
+FG_COLOR = 0x118010,
+BG_COLOR = 0x118014,
+PLANE_MASK = 0x118018,
+IMAGE_BITMAP_OP = 0x11801c,
+CURSOR_POS = 0x300100,
+CURSOR_CTRL = 0x300104,
+} artist_reg_t;
+
+typedef enum {
+ARTIST_ROP_CLEAR = 0,
+ARTIST_ROP_COPY = 3,
+ARTIST_ROP_XOR = 6,
+ARTIST_ROP_NOT_DST = 10,
+ARTIST_ROP_SET = 15,
+} artist_rop_t;
+
+#define REG_NAME(_x) case _x: return " "#_x;
+static const char *artist_reg_name(uint64_t addr)
+{
+switch ((artist_reg_t)addr) {
+REG_NAME(VRAM_IDX);
+REG_NAME(VRAM_BITMASK);
+REG_NAME(VRAM_WRITE_INCR_X);
+REG_NAME(VRAM_WRITE_INCR_X2);
+REG_NAME(VRAM_WRITE_INCR_Y);
+REG_NAME(VRAM_START);
+REG_NAME(BLOCK_MOVE_SIZE);

[PATCH 4/7] ps2: accept 'Set Key Make and Break' commands

[Sven Schnelle]

HP-UX sends both the 'Set key make and break (0xfc) and
'Set all key typematic make and break' (0xfa). QEMU response
with 'Resend' as it doesn't handle these commands. HP-UX than
reports an PS/2 max retransmission exceeded error. Add these
commands and just reply with ACK.

Signed-off-by: Sven Schnelle 
---
 hw/input/ps2.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index 67f92f6112..6c2c7066a6 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -49,6 +49,8 @@
 #define KBD_CMD_RESET_DISABLE  0xF5/* reset and disable scanning */
 #define KBD_CMD_RESET_ENABLE   0xF6/* reset and enable scanning */
 #define KBD_CMD_RESET  0xFF/* Reset */
+#define KBD_CMD_SET_MAKE_BREAK  0xFC/* Set Make and Break mode */
+#define KBD_CMD_SET_TYPEMATIC   0xFA/* Set Typematic Make and Break mode */
 
 /* Keyboard Replies */
 #define KBD_REPLY_POR  0xAA/* Power on reset */
@@ -592,6 +594,10 @@ void ps2_write_keyboard(void *opaque, int val)
 KBD_REPLY_ACK,
 KBD_REPLY_POR);
 break;
+case KBD_CMD_SET_TYPEMATIC:
+case KBD_CMD_SET_MAKE_BREAK:
+ps2_queue(>common, KBD_REPLY_ACK);
+break;
 default:
 ps2_queue(>common, KBD_REPLY_RESEND);
 break;
-- 
2.23.0

[PATCH 5/7] hppa: add emulation of LASI PS2 controllers

[Sven Schnelle]

Signed-off-by: Sven Schnelle 
---
 hw/hppa/Kconfig|   1 +
 hw/hppa/lasi.c |  10 +-
 hw/input/Kconfig   |   3 +
 hw/input/Makefile.objs |   1 +
 hw/input/lasips2.c | 289 +
 hw/input/ps2.c |   5 +
 hw/input/trace-events  |   5 +
 include/hw/input/lasips2.h |  16 ++
 include/hw/input/ps2.h |   1 +
 9 files changed, 330 insertions(+), 1 deletion(-)
 create mode 100644 hw/input/lasips2.c
 create mode 100644 include/hw/input/lasips2.h

diff --git a/hw/hppa/Kconfig b/hw/hppa/Kconfig
index 2a7b38d6d6..7f9be7f25c 100644
--- a/hw/hppa/Kconfig
+++ b/hw/hppa/Kconfig
@@ -11,3 +11,4 @@ config DINO
 select MC146818RTC
 select LSI_SCSI_PCI
 select LASI_82596
+select LASIPS2
diff --git a/hw/hppa/lasi.c b/hw/hppa/lasi.c
index 51752589f3..d8d03f95c0 100644
--- a/hw/hppa/lasi.c
+++ b/hw/hppa/lasi.c
@@ -22,6 +22,7 @@
 #include "hw/net/lasi_82596.h"
 #include "hw/char/parallel.h"
 #include "hw/char/serial.h"
+#include "hw/input/lasips2.h"
 #include "exec/address-spaces.h"
 #include "migration/vmstate.h"
 
@@ -324,6 +325,7 @@ DeviceState *lasi_init(MemoryRegion *address_space)
  lpt_irq, parallel_hds[0]);
 
 /* Real time clock (RTC), it's only one 32-bit counter @9000 */
+
 s->rtc = time(NULL);
 s->rtc_ref = 0;
 
@@ -333,8 +335,14 @@ DeviceState *lasi_init(MemoryRegion *address_space)
 lasi_get_irq(LASI_UART_HPA));
 serial_mm_init(address_space, LASI_UART_HPA + 0x800, 0,
 serial_irq, 800 / 16,
-serial_hd(1), DEVICE_NATIVE_ENDIAN);
+serial_hd(0), DEVICE_NATIVE_ENDIAN);
 }
+
+/* PS/2 Keyboard/Mouse */
+qemu_irq ps2kbd_irq = qemu_allocate_irq(lasi_set_irq, s,
+lasi_get_irq(LASI_PS2KBD_HPA));
+lasips2_init(address_space, LASI_PS2KBD_HPA,  ps2kbd_irq);
+
 return dev;
 }
 
diff --git a/hw/input/Kconfig b/hw/input/Kconfig
index 287f08887b..25c77a1b87 100644
--- a/hw/input/Kconfig
+++ b/hw/input/Kconfig
@@ -41,3 +41,6 @@ config VHOST_USER_INPUT
 
 config TSC210X
 bool
+
+config LASIPS2
+select PS2
diff --git a/hw/input/Makefile.objs b/hw/input/Makefile.objs
index a1bc502ed0..f98f635685 100644
--- a/hw/input/Makefile.objs
+++ b/hw/input/Makefile.objs
@@ -15,3 +15,4 @@ common-obj-$(CONFIG_VHOST_USER_INPUT) += vhost-user-input.o
 obj-$(CONFIG_MILKYMIST) += milkymist-softusb.o
 obj-$(CONFIG_PXA2XX) += pxa2xx_keypad.o
 obj-$(CONFIG_TSC210X) += tsc210x.o
+obj-$(CONFIG_LASIPS2) += lasips2.o
diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
new file mode 100644
index 00..1943671d1e
--- /dev/null
+++ b/hw/input/lasips2.c
@@ -0,0 +1,289 @@
+/*
+ * QEMU HP Lasi PS/2 interface emulation
+ *
+ * Copyright (c) 2019 Sven Schnelle
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "hw/qdev-properties.h"
+#include "hw/hw.h"
+#include "hw/input/ps2.h"
+#include "hw/input/lasips2.h"
+#include "hw/sysbus.h"
+#include "exec/hwaddr.h"
+#include "sysemu/sysemu.h"
+#include "trace.h"
+#include "exec/address-spaces.h"
+#include "migration/vmstate.h"
+#include "hw/irq.h"
+struct LASIPS2State;
+typedef struct LASIPS2Port {
+struct LASIPS2State *parent;
+MemoryRegion reg;
+void *dev;
+uint8_t id;
+uint8_t control;
+uint8_t buf;
+bool loopback_rbne;
+bool irq;
+} LASIPS2Port;
+
+typedef struct LASIPS2State {
+LASIPS2Port kbd;
+LASIPS2Port mouse;
+qemu_irq irq;
+} LASIPS2State;
+
+static const VMStateDescription vmstate_lasips2 = {
+.name = "lasips2",
+.version_id = 0,
+.minimum_version_id = 0,
+.fields = (VMStateField[]) {
+VMSTATE_UINT8(kbd.control, LASIPS2State),
+VMSTATE_UINT8(kbd.id, LASIPS2State),
+VMSTATE_BOOL(kbd.irq, LASIPS2State),
+VMSTATE_UINT8(mouse.control, LASIPS2State),
+VMSTATE_UINT8(mouse.id, 

[PATCH 1/7] hw/hppa/dino.c: Improve emulation of Dino PCI chip

[Sven Schnelle]

From: Helge Deller 

The tests of the dino chip with the Online-diagnostics CD
("ODE DINOTEST") now succeeds.
Additionally add some qemu trace events.

Signed-off-by: Helge Deller 
Signed-off-by: Sven Schnelle 
---
 MAINTAINERS  |  2 +-
 hw/hppa/dino.c   | 82 +---
 hw/hppa/trace-events |  5 +++
 3 files changed, 76 insertions(+), 13 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 250ce8e7a1..f9541c3305 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -874,7 +874,7 @@ F: hw/*/etraxfs_*.c
 
 HP-PARISC Machines
 --
-Dino
+HP B160L
 M: Richard Henderson 
 R: Helge Deller 
 S: Odd Fixes
diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
index ab6969b45f..63f6f80203 100644
--- a/hw/hppa/dino.c
+++ b/hw/hppa/dino.c
@@ -1,7 +1,7 @@
 /*
- * HP-PARISC Dino PCI chipset emulation.
+ * HP-PARISC Dino PCI chipset emulation, as in B160L and similiar machines
  *
- * (C) 2017 by Helge Deller 
+ * (C) 2017-2019 by Helge Deller 
  *
  * This work is licensed under the GNU GPL license version 2 or later.
  *
@@ -21,6 +21,7 @@
 #include "migration/vmstate.h"
 #include "hppa_sys.h"
 #include "exec/address-spaces.h"
+#include "trace.h"
 
 
 #define TYPE_DINO_PCI_HOST_BRIDGE "dino-pcihost"
@@ -82,11 +83,16 @@
 #define DINO_PCI_HOST_BRIDGE(obj) \
 OBJECT_CHECK(DinoState, (obj), TYPE_DINO_PCI_HOST_BRIDGE)
 
+#define DINO800_REGS ((DINO_TLTIM - DINO_GMASK) / 4)
+static uint8_t reg800_keep_bits[DINO800_REGS]
+= { 1, 7, 7, 8, 7, 9, 32, 8, 30, 25, 22, 9 };
+
 typedef struct DinoState {
 PCIHostState parent_obj;
 
 /* PCI_CONFIG_ADDR is parent_obj.config_reg, via pci_host_conf_be_ops,
so that we can map PCI_CONFIG_DATA to pci_host_data_be_ops.  */
+uint32_t config_reg_dino; /* keep original copy, including 2 lowest bits */
 
 uint32_t iar0;
 uint32_t iar1;
@@ -94,8 +100,12 @@ typedef struct DinoState {
 uint32_t ipr;
 uint32_t icr;
 uint32_t ilr;
+uint32_t io_fbb_en;
 uint32_t io_addr_en;
 uint32_t io_control;
+uint32_t toc_addr;
+
+uint32_t reg800[DINO800_REGS];
 
 MemoryRegion this_mem;
 MemoryRegion pci_mem;
@@ -106,8 +116,6 @@ typedef struct DinoState {
 MemoryRegion bm_ram_alias;
 MemoryRegion bm_pci_alias;
 MemoryRegion bm_cpu_alias;
-
-MemoryRegion cpu0_eir_mem;
 } DinoState;
 
 /*
@@ -122,6 +130,8 @@ static void gsc_to_pci_forwarding(DinoState *s)
 tmp = extract32(s->io_control, 7, 2);
 enabled = (tmp == 0x01);
 io_addr_en = s->io_addr_en;
+/* Mask out first (=firmware) and last (=Dino) areas. */
+io_addr_en &= 0x7ffe;
 
 memory_region_transaction_begin();
 for (i = 1; i < 31; i++) {
@@ -142,6 +152,8 @@ static bool dino_chip_mem_valid(void *opaque, hwaddr addr,
 unsigned size, bool is_write,
 MemTxAttrs attrs)
 {
+bool ret = false;
+
 switch (addr) {
 case DINO_IAR0:
 case DINO_IAR1:
@@ -152,16 +164,22 @@ static bool dino_chip_mem_valid(void *opaque, hwaddr addr,
 case DINO_ICR:
 case DINO_ILR:
 case DINO_IO_CONTROL:
+case DINO_IO_FBB_EN:
 case DINO_IO_ADDR_EN:
 case DINO_PCI_IO_DATA:
-return true;
+case DINO_TOC_ADDR:
+case DINO_GMASK ... DINO_TLTIM:
+ret = true;
+break;
 case DINO_PCI_IO_DATA + 2:
-return size <= 2;
+ret = (size <= 2);
+break;
 case DINO_PCI_IO_DATA + 1:
 case DINO_PCI_IO_DATA + 3:
-return size == 1;
+ret = (size == 1);
 }
-return false;
+trace_dino_chip_mem_valid(addr, ret);
+return ret;
 }
 
 static MemTxResult dino_chip_read_with_attrs(void *opaque, hwaddr addr,
@@ -194,6 +212,9 @@ static MemTxResult dino_chip_read_with_attrs(void *opaque, 
hwaddr addr,
 }
 break;
 
+case DINO_IO_FBB_EN:
+val = s->io_fbb_en;
+break;
 case DINO_IO_ADDR_EN:
 val = s->io_addr_en;
 break;
@@ -227,12 +248,28 @@ static MemTxResult dino_chip_read_with_attrs(void 
*opaque, hwaddr addr,
 case DINO_IRR1:
 val = s->ilr & s->imr & s->icr;
 break;
+case DINO_TOC_ADDR:
+val = s->toc_addr;
+break;
+case DINO_GMASK ... DINO_TLTIM:
+val = s->reg800[(addr - DINO_GMASK) / 4];
+if (addr == DINO_PAMR) {
+val &= ~0x01;  /* LSB is hardwired to 0 */
+}
+if (addr == DINO_MLTIM) {
+val &= ~0x07;  /* 3 LSB are hardwired to 0 */
+}
+if (addr == DINO_BRDG_FEAT) {
+val &= ~(0x10710E0ul | 8); /* bits 5-7, 24 & 15 reserved */
+}
+break;
 
 default:
 /* Controlled by dino_chip_mem_valid above.  */
 g_assert_not_reached();
 }
 
+trace_dino_chip_read(addr, val);
 *data = val;
 return ret;
 }
@@ -245,6 +282,9 @@ static MemTxResult dino_chip_write_with_attrs(void *opaque, 
hwaddr addr,
 AddressSpace *io;
 MemTxResult ret;
   

[PATCH 0/7] HPPA: i82596, PS/2 and graphics emulation

[Sven Schnelle]

Hi,

these series adds quite a lot to the HPPA emulation in QEMU:
i82596 emulation from Helge, PS/2 and Artist graphics emulation.

See https://parisc.wiki.kernel.org/index.php/Qemu for a few screenshots
of QEMU running a X11/CDE session in HP-UX.

Regards,
Sven

Helge Deller (2):
  hw/hppa/dino.c: Improve emulation of Dino PCI chip
  hppa: Add support for LASI chip with i82596 NIC

Sven Schnelle (5):
  hppa: remove ISA region
  ps2: accept 'Set Key Make and Break' commands
  hppa: add emulation of LASI PS2 controllers
  hppa: Add emulation of Artist graphics
  seabios-hppa: update to latest version

 MAINTAINERS |4 +-
 hw/display/Kconfig  |3 +
 hw/display/Makefile.objs|1 +
 hw/display/artist.c | 1336 +++
 hw/display/trace-events |9 +
 hw/hppa/Kconfig |3 +
 hw/hppa/Makefile.objs   |2 +-
 hw/hppa/dino.c  |   82 ++-
 hw/hppa/hppa_hardware.h |2 +-
 hw/hppa/hppa_sys.h  |2 +
 hw/hppa/lasi.c  |  368 ++
 hw/hppa/machine.c   |   50 +-
 hw/hppa/trace-events|   10 +
 hw/input/Kconfig|3 +
 hw/input/Makefile.objs  |1 +
 hw/input/lasips2.c  |  289 
 hw/input/ps2.c  |   11 +
 hw/input/trace-events   |5 +
 hw/net/Kconfig  |7 +
 hw/net/Makefile.objs|2 +
 hw/net/i82596.c |  734 +++
 hw/net/i82596.h |   55 ++
 hw/net/lasi_i82596.c|  188 +
 hw/net/trace-events |   13 +
 include/hw/input/lasips2.h  |   16 +
 include/hw/input/ps2.h  |1 +
 include/hw/net/lasi_82596.h |   29 +
 pc-bios/hppa-firmware.img   |  Bin 783724 -> 772876 bytes
 roms/seabios-hppa   |2 +-
 29 files changed, 3179 insertions(+), 49 deletions(-)
 create mode 100644 hw/display/artist.c
 create mode 100644 hw/hppa/lasi.c
 create mode 100644 hw/input/lasips2.c
 create mode 100644 hw/net/i82596.c
 create mode 100644 hw/net/i82596.h
 create mode 100644 hw/net/lasi_i82596.c
 create mode 100644 include/hw/input/lasips2.h
 create mode 100644 include/hw/net/lasi_82596.h

-- 
2.23.0

[PATCH 3/7] hppa: remove ISA region

[Sven Schnelle]

B160L doesn't have an ISA bus, and we no longer need it to
workaround missing hardware, so remove it.

Signed-off-by: Sven Schnelle 
---
 hw/hppa/hppa_hardware.h |  1 -
 hw/hppa/machine.c   | 32 
 2 files changed, 33 deletions(-)

diff --git a/hw/hppa/hppa_hardware.h b/hw/hppa/hppa_hardware.h
index 507f91e05d..ce59cbbf94 100644
--- a/hw/hppa/hppa_hardware.h
+++ b/hw/hppa/hppa_hardware.h
@@ -26,7 +26,6 @@
 #define MEMORY_HPA  0xfffbf000
 
 #define PCI_HPA DINO_HPA/* PCI bus */
-#define IDE_HPA 0xf900  /* Boot disc controller */
 
 /* offsets to DINO HPA: */
 #define DINO_PCI_ADDR   0x064
diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c
index 65fc20ebed..542faae9be 100644
--- a/hw/hppa/machine.c
+++ b/hw/hppa/machine.c
@@ -22,30 +22,6 @@
 #include "qapi/error.h"
 #include "qemu/log.h"
 
-#define MAX_IDE_BUS 2
-
-static ISABus *hppa_isa_bus(void)
-{
-ISABus *isa_bus;
-qemu_irq *isa_irqs;
-MemoryRegion *isa_region;
-
-isa_region = g_new(MemoryRegion, 1);
-memory_region_init_io(isa_region, NULL, _pci_ignore_ops,
-  NULL, "isa-io", 0x800);
-memory_region_add_subregion(get_system_memory(), IDE_HPA,
-isa_region);
-
-isa_bus = isa_bus_new(NULL, get_system_memory(), isa_region,
-  _abort);
-isa_irqs = i8259_init(isa_bus,
-  /* qemu_allocate_irq(dino_set_isa_irq, s, 0)); */
-  NULL);
-isa_bus_irqs(isa_bus, isa_irqs);
-
-return isa_bus;
-}
-
 static uint64_t cpu_hppa_to_phys(void *opaque, uint64_t addr)
 {
 addr &= (0x1000 - 1);
@@ -62,7 +38,6 @@ static void machine_hppa_init(MachineState *machine)
 const char *initrd_filename = machine->initrd_filename;
 DeviceState *dev;
 PCIBus *pci_bus;
-ISABus *isa_bus;
 qemu_irq rtc_irq, serial_irq;
 char *firmware_filename;
 uint64_t firmware_low, firmware_high;
@@ -108,13 +83,6 @@ static void machine_hppa_init(MachineState *machine)
 pci_bus = dino_init(addr_space, _irq, _irq);
 assert(pci_bus);
 
-/* Create ISA bus. */
-isa_bus = hppa_isa_bus();
-assert(isa_bus);
-
-/* Realtime clock, used by firmware for PDC_TOD call. */
-mc146818_rtc_init(isa_bus, 2000, rtc_irq);
-
 /* Serial code setup.  */
 if (serial_hd(0)) {
 uint32_t addr = DINO_UART_HPA + 0x800;
-- 
2.23.0

[PATCH v5 1/4] block: support compressed write at generic layer

[Andrey Shinkevich]

To inform the block layer about writing all the data compressed, we
introduce the 'compress' command line option. Based on that option, the
written data will be aligned by the cluster size at the generic layer.

Suggested-by: Roman Kagan 
Suggested-by: Vladimir Sementsov-Ogievskiy 
Signed-off-by: Andrey Shinkevich 
Reviewed-by: Vladimir Sementsov-Ogievskiy 
---
 block.c   | 20 +++-
 block/io.c| 13 +
 block/qcow2.c |  4 
 blockdev.c|  9 -
 include/block/block.h |  1 +
 include/block/block_int.h |  2 ++
 qapi/block-core.json  |  5 -
 qemu-options.hx   |  6 --
 8 files changed, 51 insertions(+), 9 deletions(-)

diff --git a/block.c b/block.c
index 1946fc6..a674920 100644
--- a/block.c
+++ b/block.c
@@ -1418,6 +1418,11 @@ QemuOptsList bdrv_runtime_opts = {
 .type = QEMU_OPT_BOOL,
 .help = "always accept other writers (default: off)",
 },
+{
+.name = BDRV_OPT_COMPRESS,
+.type = QEMU_OPT_BOOL,
+.help = "compress all writes to the image (default: off)",
+},
 { /* end of list */ }
 },
 };
@@ -1545,6 +1550,14 @@ static int bdrv_open_common(BlockDriverState *bs, 
BlockBackend *file,
 }
 pstrcpy(bs->exact_filename, sizeof(bs->exact_filename), bs->filename);
 
+if (bs->all_write_compressed && !drv->bdrv_co_pwritev_compressed_part) {
+error_setg(errp, "Compression is not supported for the driver '%s'",
+   drv->format_name);
+bs->all_write_compressed = false;
+ret = -ENOTSUP;
+goto fail_opts;
+}
+
 /* Open the image, either directly or using a protocol */
 open_flags = bdrv_open_flags(bs, bs->open_flags);
 node_name = qemu_opt_get(opts, "node-name");
@@ -2983,6 +2996,11 @@ static BlockDriverState *bdrv_open_inherit(const char 
*filename,
 flags &= ~BDRV_O_RDWR;
 }
 
+if (!g_strcmp0(qdict_get_try_str(options, BDRV_OPT_COMPRESS), "on") ||
+qdict_get_try_bool(options, BDRV_OPT_COMPRESS, false)) {
+bs->all_write_compressed = true;
+}
+
 if (flags & BDRV_O_SNAPSHOT) {
 snapshot_options = qdict_new();
 bdrv_temp_snapshot_options(_flags, snapshot_options,
@@ -3208,7 +3226,7 @@ static int bdrv_reset_options_allowed(BlockDriverState 
*bs,
  * in bdrv_reopen_prepare() so they can be left out of @new_opts */
 const char *const common_options[] = {
 "node-name", "discard", "cache.direct", "cache.no-flush",
-"read-only", "auto-read-only", "detect-zeroes", NULL
+"read-only", "auto-read-only", "detect-zeroes", "compress", NULL
 };
 
 for (e = qdict_first(bs->options); e; e = qdict_next(bs->options, e)) {
diff --git a/block/io.c b/block/io.c
index f0b86c1..eb2ed36 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1360,9 +1360,14 @@ static int coroutine_fn 
bdrv_co_do_copy_on_readv(BdrvChild *child,
 /* This does not change the data on the disk, it is not
  * necessary to flush even in cache=writethrough mode.
  */
-ret = bdrv_driver_pwritev(bs, cluster_offset, pnum,
-  _qiov, 0,
-  BDRV_REQ_WRITE_UNCHANGED);
+if (bs->all_write_compressed) {
+ret = bdrv_driver_pwritev_compressed(bs, cluster_offset,
+ pnum, _qiov, 0);
+} else {
+ret = bdrv_driver_pwritev(bs, cluster_offset, pnum,
+  _qiov, 0,
+  BDRV_REQ_WRITE_UNCHANGED);
+}
 }
 
 if (ret < 0) {
@@ -1954,7 +1959,7 @@ static int coroutine_fn bdrv_aligned_pwritev(BdrvChild 
*child,
 } else if (flags & BDRV_REQ_ZERO_WRITE) {
 bdrv_debug_event(bs, BLKDBG_PWRITEV_ZERO);
 ret = bdrv_co_do_pwrite_zeroes(bs, offset, bytes, flags);
-} else if (flags & BDRV_REQ_WRITE_COMPRESSED) {
+} else if (flags & BDRV_REQ_WRITE_COMPRESSED || bs->all_write_compressed) {
 ret = bdrv_driver_pwritev_compressed(bs, offset, bytes,
  qiov, qiov_offset);
 } else if (bytes <= max_transfer) {
diff --git a/block/qcow2.c b/block/qcow2.c
index 7961c05..6b29e16 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -1787,6 +1787,10 @@ static void qcow2_refresh_limits(BlockDriverState *bs, 
Error **errp)
 /* Encryption works on a sector granularity */
 bs->bl.request_alignment = qcrypto_block_get_sector_size(s->crypto);
 }
+if (bs->all_write_compressed) {
+bs->bl.request_alignment = MAX(bs->bl.request_alignment,
+   s->cluster_size);
+}
 bs->bl.pwrite_zeroes_alignment = s->cluster_size;
 

[PATCH v5 3/4] tests/qemu-iotests: add case to write compressed data of multiple clusters

[Andrey Shinkevich]

Add the test case to the iotest #214 that checks possibility of writing
compressed data of more than one cluster size.

Signed-off-by: Andrey Shinkevich 
---
 tests/qemu-iotests/214 | 45 +
 tests/qemu-iotests/214.out | 14 ++
 2 files changed, 59 insertions(+)

diff --git a/tests/qemu-iotests/214 b/tests/qemu-iotests/214
index 21ec8a2..ab9b862 100755
--- a/tests/qemu-iotests/214
+++ b/tests/qemu-iotests/214
@@ -89,6 +89,51 @@ _check_test_img -r all
 $QEMU_IO -c "read  -P 0x11  0 4M" "$TEST_IMG" 2>&1 | _filter_qemu_io | 
_filter_testdir
 $QEMU_IO -c "read  -P 0x22 4M 4M" "$TEST_IMG" 2>&1 | _filter_qemu_io | 
_filter_testdir
 
+echo
+echo "=== Write compressed data of multiple clusters ==="
+echo
+cluster_size=0x1
+_make_test_img 2M -o cluster_size=$cluster_size
+
+echo "Write uncompressed data:"
+let data_size="8 * $cluster_size"
+$QEMU_IO -c "write -P 0xaa 0 $data_size" "$TEST_IMG" \
+ 2>&1 | _filter_qemu_io | _filter_testdir
+sizeA=$($QEMU_IMG info --output=json "$TEST_IMG" |
+sed -n '/"actual-size":/ s/[^0-9]//gp')
+
+_make_test_img 2M -o cluster_size=$cluster_size
+echo "Write compressed data:"
+let data_size="3 * $cluster_size + ($cluster_size / 2)"
+# Set compress=on. That will align the written data
+# by the cluster size and will write them compressed.
+QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT \
+$QEMU_IO -c "write -P 0xbb 0 $data_size" --image-opts \
+ driver=$IMGFMT,compress=on,file.filename=$TEST_IMG \
+ 2>&1 | _filter_qemu_io | _filter_testdir
+
+let offset="4 * $cluster_size"
+QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT \
+$QEMU_IO -c "write -P 0xcc $offset $data_size" "json:{\
+'driver': '$IMGFMT',
+'file': {
+'driver': 'file',
+'filename': '$TEST_IMG'
+},
+'compress': true
+}" | _filter_qemu_io | _filter_testdir
+
+sizeB=$($QEMU_IMG info --output=json "$TEST_IMG" |
+sed -n '/"actual-size":/ s/[^0-9]//gp')
+
+if [ $sizeA -le $sizeB ]
+then
+echo "Compression ERROR"
+fi
+
+$QEMU_IMG check --output=json "$TEST_IMG" |
+  sed -n 's/,$//; /"compressed-clusters":/ s/^ *//p'
+
 # success, all done
 echo '*** done'
 rm -f $seq.full
diff --git a/tests/qemu-iotests/214.out b/tests/qemu-iotests/214.out
index 0fcd8dc..4a2ec33 100644
--- a/tests/qemu-iotests/214.out
+++ b/tests/qemu-iotests/214.out
@@ -32,4 +32,18 @@ read 4194304/4194304 bytes at offset 0
 4 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 read 4194304/4194304 bytes at offset 4194304
 4 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+=== Write compressed data of multiple clusters ===
+
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=2097152
+Write uncompressed data:
+wrote 524288/524288 bytes at offset 0
+512 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=2097152
+Write compressed data:
+wrote 229376/229376 bytes at offset 0
+224 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 229376/229376 bytes at offset 262144
+224 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+"compressed-clusters": 8
 *** done
-- 
1.8.3.1

[PATCH v5 4/4] tests/qemu-iotests: add case for block-stream compress

[Andrey Shinkevich]

Add a case to the iotest #030 that tests the 'compress' option for a
block-stream job.

Signed-off-by: Andrey Shinkevich 
---
 tests/qemu-iotests/030 | 34 +-
 tests/qemu-iotests/030.out |  4 ++--
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/tests/qemu-iotests/030 b/tests/qemu-iotests/030
index f3766f2..f33fd21 100755
--- a/tests/qemu-iotests/030
+++ b/tests/qemu-iotests/030
@@ -21,7 +21,8 @@
 import time
 import os
 import iotests
-from iotests import qemu_img, qemu_io
+from iotests import qemu_img, qemu_io, qemu_img_pipe
+import json
 
 backing_img = os.path.join(iotests.test_dir, 'backing.img')
 mid_img = os.path.join(iotests.test_dir, 'mid.img')
@@ -956,6 +957,37 @@ class TestSetSpeed(iotests.QMPTestCase):
 
 self.cancel_and_wait(resume=True)
 
+class TestCompressed(iotests.QMPTestCase):
+allocated_clusters = 8
+
+def setUp(self):
+qemu_img('create', '-f', iotests.imgfmt, backing_img, '1M')
+qemu_img('create', '-f', iotests.imgfmt, '-o',
+ 'backing_file={}'.format(backing_img), test_img)
+cluster_size = 0x1
+data_size = self.allocated_clusters * cluster_size
+qemu_io('-c', 'write -P 0x1 0 {}'.format(data_size), backing_img)
+self.vm = iotests.VM().add_drive(test_img, "compress=on")
+self.vm.launch()
+
+def tearDown(self):
+self.vm.shutdown()
+os.remove(test_img)
+os.remove(backing_img)
+
+def test_stream_compress(self):
+self.assert_no_active_block_jobs()
+
+result = self.vm.qmp('block-stream', device='drive0')
+self.assert_qmp(result, 'return', {})
+
+match = {'data': {'type': 'stream', 'device': 'drive0'}}
+self.vm.event_wait(name='BLOCK_JOB_COMPLETED', match=match)
+self.vm.shutdown()
+
+top = json.loads(qemu_img_pipe('check', '--output=json', test_img))
+self.assertEqual(top['compressed-clusters'], self.allocated_clusters)
+
 if __name__ == '__main__':
 iotests.main(supported_fmts=['qcow2', 'qed'],
  supported_protocols=['file'])
diff --git a/tests/qemu-iotests/030.out b/tests/qemu-iotests/030.out
index 6d9bee1..af8dac1 100644
--- a/tests/qemu-iotests/030.out
+++ b/tests/qemu-iotests/030.out
@@ -1,5 +1,5 @@
-...
+
 --
-Ran 27 tests
+Ran 28 tests
 
 OK
-- 
1.8.3.1

[PATCH v5 0/4] qcow2: advanced compression options

[Andrey Shinkevich]

New enhancements for writing compressed data to QCOW2 image.

v5: The new iotests cases were amended and 'qiov_offset' parameter
value in the function bdrv_driver_pwritev_compressed() invoked
from the bdrv_co_do_copy_on_readv() fixed to 0.
Discussed on the email thread with ID:
<157124-882302-1-git-send-email-andrey.shinkev...@virtuozzo.com>

v4:
The 'compression' support at the block generic layer has been
accumulated in the separate patch 1/4. A little code refactoring
was made.
v3:
Instead of introducing multiple key options for many drivers, the
'compression' option has been introduced at the block generic layer
as suggested by Roman Kagan. Discussed on the email thread with ID
<1570026166-748566-1-git-send-email-andrey.shinkev...@virtuozzo.com>

Andrey Shinkevich (4):
  block: support compressed write at generic layer
  qcow2: Allow writing compressed data of multiple clusters
  tests/qemu-iotests: add case to write compressed data of multiple
clusters
  tests/qemu-iotests: add case for block-stream compress

 block.c|  20 -
 block/io.c |  13 --
 block/qcow2.c  | 106 +
 blockdev.c |   9 +++-
 include/block/block.h  |   1 +
 include/block/block_int.h  |   2 +
 qapi/block-core.json   |   5 ++-
 qemu-options.hx|   6 ++-
 tests/qemu-iotests/030 |  34 ++-
 tests/qemu-iotests/030.out |   4 +-
 tests/qemu-iotests/214 |  45 +++
 tests/qemu-iotests/214.out |  14 ++
 12 files changed, 220 insertions(+), 39 deletions(-)

-- 
1.8.3.1

[PATCH v5 2/4] qcow2: Allow writing compressed data of multiple clusters

[Andrey Shinkevich]

QEMU currently supports writing compressed data of the size equal to
one cluster. This patch allows writing QCOW2 compressed data that
exceed one cluster. Now, we split buffered data into separate clusters
and write them compressed using the existing functionality.

Suggested-by: Pavel Butsykin 
Signed-off-by: Andrey Shinkevich 
Reviewed-by: Vladimir Sementsov-Ogievskiy 
---
 block/qcow2.c | 102 ++
 1 file changed, 75 insertions(+), 27 deletions(-)

diff --git a/block/qcow2.c b/block/qcow2.c
index 6b29e16..a1e7279 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -4156,10 +4156,8 @@ fail:
 return ret;
 }
 
-/* XXX: put compressed sectors first, then all the cluster aligned
-   tables to avoid losing bytes in alignment */
 static coroutine_fn int
-qcow2_co_pwritev_compressed_part(BlockDriverState *bs,
+qcow2_co_pwritev_compressed_task(BlockDriverState *bs,
  uint64_t offset, uint64_t bytes,
  QEMUIOVector *qiov, size_t qiov_offset)
 {
@@ -4169,32 +4167,11 @@ qcow2_co_pwritev_compressed_part(BlockDriverState *bs,
 uint8_t *buf, *out_buf;
 uint64_t cluster_offset;
 
-if (has_data_file(bs)) {
-return -ENOTSUP;
-}
-
-if (bytes == 0) {
-/* align end of file to a sector boundary to ease reading with
-   sector based I/Os */
-int64_t len = bdrv_getlength(bs->file->bs);
-if (len < 0) {
-return len;
-}
-return bdrv_co_truncate(bs->file, len, PREALLOC_MODE_OFF, NULL);
-}
-
-if (offset_into_cluster(s, offset)) {
-return -EINVAL;
-}
+assert(bytes == s->cluster_size || (bytes < s->cluster_size &&
+   (offset + bytes == bs->total_sectors << BDRV_SECTOR_BITS)));
 
 buf = qemu_blockalign(bs, s->cluster_size);
-if (bytes != s->cluster_size) {
-if (bytes > s->cluster_size ||
-offset + bytes != bs->total_sectors << BDRV_SECTOR_BITS)
-{
-qemu_vfree(buf);
-return -EINVAL;
-}
+if (bytes < s->cluster_size) {
 /* Zero-pad last write if image size is not cluster aligned */
 memset(buf + bytes, 0, s->cluster_size - bytes);
 }
@@ -4243,6 +4220,77 @@ fail:
 return ret;
 }
 
+static coroutine_fn int qcow2_co_pwritev_compressed_task_entry(AioTask *task)
+{
+Qcow2AioTask *t = container_of(task, Qcow2AioTask, task);
+
+assert(!t->cluster_type && !t->l2meta);
+
+return qcow2_co_pwritev_compressed_task(t->bs, t->offset, t->bytes, 
t->qiov,
+t->qiov_offset);
+}
+
+/*
+ * XXX: put compressed sectors first, then all the cluster aligned
+ * tables to avoid losing bytes in alignment
+ */
+static coroutine_fn int
+qcow2_co_pwritev_compressed_part(BlockDriverState *bs,
+ uint64_t offset, uint64_t bytes,
+ QEMUIOVector *qiov, size_t qiov_offset)
+{
+BDRVQcow2State *s = bs->opaque;
+AioTaskPool *aio = NULL;
+int ret = 0;
+
+if (has_data_file(bs)) {
+return -ENOTSUP;
+}
+
+if (bytes == 0) {
+/*
+ * align end of file to a sector boundary to ease reading with
+ * sector based I/Os
+ */
+int64_t len = bdrv_getlength(bs->file->bs);
+if (len < 0) {
+return len;
+}
+return bdrv_co_truncate(bs->file, len, PREALLOC_MODE_OFF, NULL);
+}
+
+if (offset_into_cluster(s, offset)) {
+return -EINVAL;
+}
+
+while (bytes && aio_task_pool_status(aio) == 0) {
+uint64_t chunk_size = MIN(bytes, s->cluster_size);
+
+if (!aio && chunk_size != bytes) {
+aio = aio_task_pool_new(QCOW2_MAX_WORKERS);
+}
+
+ret = qcow2_add_task(bs, aio, qcow2_co_pwritev_compressed_task_entry,
+ 0, 0, offset, chunk_size, qiov, qiov_offset, 
NULL);
+if (ret < 0) {
+break;
+}
+qiov_offset += chunk_size;
+offset += chunk_size;
+bytes -= chunk_size;
+}
+
+if (aio) {
+aio_task_pool_wait_all(aio);
+if (ret == 0) {
+ret = aio_task_pool_status(aio);
+}
+g_free(aio);
+}
+
+return ret;
+}
+
 static int coroutine_fn
 qcow2_co_preadv_compressed(BlockDriverState *bs,
uint64_t file_cluster_offset,
-- 
1.8.3.1

Re: qemu/powernv: coreboot support?

[Peter Maydell]

On Sat, 19 Oct 2019 at 20:24, Marty E. Plummer  wrote:
> Turns out the 'not text' warning came from lists.sr.ht, I wonder why
> that mailed me.

It's just an individual subscribed address that complains,
not the qemu mailing list itself.

Philippe, did you say it was you that had subscribed
a lists.sr.ht address ? Could you configure it not
to complain to individual list senders? Failing that,
would it be too annoying to unsubscribe it? At the moment
it mostly seems to confuse people.

The other alternative here is I could turn back on the
qemu-devel list facility that turns HTML emails into plain
text. I sort of didn't want to do that, though, as editing
emails means we end up with from-header mangling if the
sender has a strict dmarc/dkim setup...

thanks
-- PMM

[Bug 1846427] Re: 4.1.0: qcow2 corruption on savevm/quit/loadvm cycle

[Simon John]

Can't seem to reproduce if I convert the qcow2 image to raw+sparse.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1846427

Title:
  4.1.0: qcow2 corruption on savevm/quit/loadvm cycle

Status in QEMU:
  New

Bug description:
  I'm seeing massive corruption of qcow2 images with qemu 4.1.0 and git
  master as of 7f21573c822805a8e6be379d9bcf3ad9effef3dc after a few
  savevm/quit/loadvm cycles. I've narrowed it down to the following
  reproducer (further notes below):

  # qemu-img check debian.qcow2
  No errors were found on the image.
  251601/327680 = 76.78% allocated, 1.63% fragmented, 0.00% compressed clusters
  Image end offset: 18340446208
  # bin/qemu/bin/qemu-system-x86_64 -machine pc-q35-4.0.1,accel=kvm -m 4096 
-chardev stdio,id=charmonitor -mon chardev=charmonitor -drive 
file=debian.qcow2,id=d -S
  qemu-system-x86_64: warning: dbind: Couldn't register with accessibility bus: 
Did not receive a reply. Possible causes include: the remote application did 
not send a reply, the message bus security policy blocked the reply, the reply 
timeout expired, or the network connection was broken.
  QEMU 4.1.50 monitor - type 'help' for more information
  (qemu) loadvm foo
  (qemu) c
  (qemu) qcow2_free_clusters failed: Invalid argument
  qcow2_free_clusters failed: Invalid argument
  qcow2_free_clusters failed: Invalid argument
  qcow2_free_clusters failed: Invalid argument
  quit
  [m@nargothrond:~] qemu-img check debian.qcow2
  Leaked cluster 85179 refcount=2 reference=1
  Leaked cluster 85180 refcount=2 reference=1
  ERROR cluster 266150 refcount=0 reference=2
  [...]
  ERROR OFLAG_COPIED data cluster: l2_entry=42284 refcount=1

  9493 errors were found on the image.
  Data may be corrupted, or further writes to the image may corrupt it.

  2 leaked clusters were found on the image.
  This means waste of disk space, but no harm to data.
  259266/327680 = 79.12% allocated, 1.67% fragmented, 0.00% compressed clusters
  Image end offset: 18340446208

  This is on a x86_64 Linux 5.3.1 Gentoo host with qemu-system-x86_64
  and accel=kvm. The compiler is gcc-9.2.0 with the rest of the system
  similarly current.

  Reproduced with qemu-4.1.0 from distribution package as well as
  vanilla git checkout of tag v4.1.0 and commit
  7f21573c822805a8e6be379d9bcf3ad9effef3dc (today's master). Does not
  happen with qemu compiled from vanilla checkout of tag v4.0.0. Build
  sequence:

  ./configure --prefix=$HOME/bin/qemu-bisect --target-list=x86_64-softmmu 
--disable-werror --disable-docs
  [...]
  CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g
  [...] (can provide full configure output if helpful)
  make -j8 install

  The kind of guest OS does not matter: seen with Debian testing 64bit,
  Windows 7 x86/x64 BIOS and Windows 7 x64 EFI.

  The virtual storage controller does not seem to matter: seen with
  VirtIO SCSI, emulated SCSI and emulated SATA AHCI.

  Caching modes (none, directsync, writeback), aio mode (threads,
  native) or discard (ignore, unmap) or detect-zeroes (off, unmap) does
  not influence occurence either.

  Having more RAM in the guest seems to increase odds of corruption:
  With 512MB to the Debian guest problem hardly occurs at all, with 4GB
  RAM it happens almost instantly.

  An automated reproducer works as follows:

  - the guest *does* mount its root fs and swap with option discard and
  my testing leaves me with the impression that file deletion rather
  than reading is causing the issue

  - foo is a snapshot of the running Debian VM which is already running
  command

  # while true ; do dd if=/dev/zero of=foo bs=10240k count=400 ; done

  to produce some I/O to the disk (4GB file with 4GB of RAM).

  - on the host a loop continuously resumes and saves the guest state
  and quits qemu inbetween:

  # while true ; do (echo loadvm foo ; echo c ; sleep 10 ; echo stop ;
  echo savevm foo ; echo quit ) | bin/qemu-bisect/bin/qemu-system-x86_64
  -machine pc-q35-3.1,accel=kvm -m 4096 -chardev stdio,id=charmonitor
  -mon chardev=charmonitor -drive file=debian.qcow2,id=d -S -display
  none ; done

  - quitting qemu inbetween saves and loads seems to be necessary for
  the problem to occur. Just continusouly in one session saving and
  loading guest state does not trigger it.

  - For me, after about 2 to 6 iterations of above loop the image is
  corrupted.

  - corruption manifests with other messages from qemu as well, e.g.:

  (qemu) loadvm foo
  Error: Device 'd' does not have the requested snapshot 'foo'

  Using above reproducer I have to the be best of my ability bisected
  the introduction of the problem to commit
  69f47505ee66afaa513305de0c1895a224e52c45 (block: avoid recursive
  block_status call if possible). qemu compiled from the commit before
  does not exhibit the issue, from that commit on it does and reverting
  the commit off of current master makes it 

Re: [PATCH v4 3/4] tests/qemu-iotests: add case to write compressed data of multiple clusters

[Andrey Shinkevich]

>> +# Set compress=on. That will align the written data
>> +# by the cluster size and will write them compressed.
>> +QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT \
>> +$QEMU_IO -c "write -P 0xbb 0 $data_size" --image-opts \
>> + driver=$IMGFMT,compress=on,file.filename=$TEST_IMG \
>> + 2>&1 | _filter_qemu_io | _filter_testdir
>> +
>> +let offset="4 * $cluster_size"
>> +QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT \
>> +$QEMU_IO -c "write -P 0xcc $offset $data_size" "json:{\
>> +'driver': '$IMGFMT',
>> +'file': {
>> +'driver': 'file',
>> +'filename': '$TEST_IMG'
>> +},
>> +'compress': true
>> +}" | _filter_qemu_io | _filter_testdir
>> +
> 
> It would be good to add case with unaligned offset as well. And, maybe,"
> check that we don't rewrite existing data in partial clusters when writing
> unaligned compressed data over it.
> 

The I/O error is raised in that case (see 
qcow2_alloc_compressed_cluster_offset()):
"Compression can't overwrite anything. Fail if the cluster was already 
allocated."

#0  qcow2_alloc_compressed_cluster_offset (bs=0x564669143390, 
offset=393216, compressed_size=79, host_offset=0x7f45289d9f00) at 
block/qcow2-cluster.c:767
#1  0x56466703da7f in qcow2_co_pwritev_compressed_task 
(bs=0x564669143390, offset=393216, bytes=65536, qiov=0x7f4528dddec0, 
qiov_offset=196608) at block/qcow2.c:4198
#2  0x56466703dc0c in qcow2_co_pwritev_compressed_task_entry 
(task=0x564669152ac0) at block/qcow2.c:4230
#3  0x5646670a69d0 in aio_task_co (opaque=0x564669152ac0) at 
block/aio_task.c:45
#4  0x564667147a87 in coroutine_trampoline (i0=1762994976, i1=22086) 
at util/coroutine-ucontext.c:115

Andrey
-- 
With the best regards,
Andrey Shinkevich

Re: [PATCH v5 00/10] target/mips: Misc cleanups for September/October 2019

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/1571592258-27994-1-git-send-email-aleksandar.marko...@rt-rk.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PATCH v5 00/10] target/mips: Misc cleanups for September/October 2019
Type: series
Message-id: 1571592258-27994-1-git-send-email-aleksandar.marko...@rt-rk.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
a3ac1b5 target/mips: msa: Split helpers for PCK.
f2d8cc8 target/mips: msa: Split helpers for S.
0fbd29f target/mips: msa: Split helpers for HADD_.
d5de108 target/mips: msa: Split helpers for ADD<_A|S_A|S_S|S_U|V>.
241b1e2 target/mips: msa: Split helpers for ILV.
3d8badc target/mips: msa: Split helpers for _.
5cdb8dc target/mips: msa: Split helpers for _A.
c90aa1a MAINTAINERS: Update mail address of Aleksandar Rikalo
87f42dd target/mips: Clean up op_helper.c
8f1a78b target/mips: Clean up helper.c

=== OUTPUT BEGIN ===
1/10 Checking commit 8f1a78be6a6f (target/mips: Clean up helper.c)
2/10 Checking commit 87f42dd3535d (target/mips: Clean up op_helper.c)
ERROR: spaces required around that '*' (ctx:WxV)
#1058: FILE: target/mips/op_helper.c:3871:
+  float_status *status)  \
^

total: 1 errors, 0 warnings, 1681 lines checked

Patch 2/10 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

3/10 Checking commit c90aa1a64eb4 (MAINTAINERS: Update mail address of 
Aleksandar Rikalo)
4/10 Checking commit 5cdb8dc16a58 (target/mips: msa: Split helpers for 
_A.)
5/10 Checking commit 3d8badc1112f (target/mips: msa: Split helpers for 
_.)
6/10 Checking commit 241b1e2b6824 (target/mips: msa: Split helpers for 
ILV.)
7/10 Checking commit d5de108dacd5 (target/mips: msa: Split helpers for 
ADD<_A|S_A|S_S|S_U|V>.)
8/10 Checking commit 0fbd29fa4a0b (target/mips: msa: Split helpers for 
HADD_.)
9/10 Checking commit f2d8cc85b88d (target/mips: msa: Split helpers for 
S.)
10/10 Checking commit a3ac1b5110e6 (target/mips: msa: Split helpers for 
PCK.)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/1571592258-27994-1-git-send-email-aleksandar.marko...@rt-rk.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[PATCH v5 02/10] target/mips: Clean up op_helper.c

[Aleksandar Markovic]

From: Aleksandar Markovic 

Mostly fix errors and warnings reported by 'checkpatch.pl -f'.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/op_helper.c | 1010 +++
 1 file changed, 663 insertions(+), 347 deletions(-)

diff --git a/target/mips/op_helper.c b/target/mips/op_helper.c
index 4de6465..18fcee4 100644
--- a/target/mips/op_helper.c
+++ b/target/mips/op_helper.c
@@ -64,8 +64,7 @@ static inline type do_##name(CPUMIPSState *env, target_ulong 
addr,  \
 static inline type do_##name(CPUMIPSState *env, target_ulong addr,  \
  int mem_idx, uintptr_t retaddr)\
 {   \
-switch (mem_idx)\
-{   \
+switch (mem_idx) {  \
 case 0: return (type) cpu_##insn##_kernel_ra(env, addr, retaddr);   \
 case 1: return (type) cpu_##insn##_super_ra(env, addr, retaddr);\
 default:\
@@ -92,12 +91,17 @@ static inline void do_##name(CPUMIPSState *env, 
target_ulong addr,  \
 static inline void do_##name(CPUMIPSState *env, target_ulong addr,  \
  type val, int mem_idx, uintptr_t retaddr)  \
 {   \
-switch (mem_idx)\
-{   \
-case 0: cpu_##insn##_kernel_ra(env, addr, val, retaddr); break; \
-case 1: cpu_##insn##_super_ra(env, addr, val, retaddr); break;  \
+switch (mem_idx) {  \
+case 0: \
+cpu_##insn##_kernel_ra(env, addr, val, retaddr);\
+break;  \
+case 1: \
+cpu_##insn##_super_ra(env, addr, val, retaddr); \
+break;  \
 default:\
-case 2: cpu_##insn##_user_ra(env, addr, val, retaddr); break;   \
+case 2: \
+cpu_##insn##_user_ra(env, addr, val, retaddr);  \
+break;  \
 case 3: \
 cpu_##insn##_error_ra(env, addr, val, retaddr); \
 break;  \
@@ -114,7 +118,8 @@ HELPER_ST(sd, stq, uint64_t)
 /* 64 bits arithmetic for 32 bits hosts */
 static inline uint64_t get_HILO(CPUMIPSState *env)
 {
-return ((uint64_t)(env->active_tc.HI[0]) << 32) | 
(uint32_t)env->active_tc.LO[0];
+return ((uint64_t)(env->active_tc.HI[0]) << 32) |
+   (uint32_t)env->active_tc.LO[0];
 }
 
 static inline target_ulong set_HIT0_LO(CPUMIPSState *env, uint64_t HILO)
@@ -435,9 +440,10 @@ void helper_swr(CPUMIPSState *env, target_ulong arg1, 
target_ulong arg2,
 }
 
 #if defined(TARGET_MIPS64)
-/* "half" load and stores.  We must do the memory access inline,
-   or fault handling won't work.  */
-
+/*
+ * "half" load and stores.  We must do the memory access inline,
+ * or fault handling won't work.
+ */
 #ifdef TARGET_WORDS_BIGENDIAN
 #define GET_LMASK64(v) ((v) & 7)
 #else
@@ -535,7 +541,7 @@ void helper_lwm(CPUMIPSState *env, target_ulong addr, 
target_ulong reglist,
 target_ulong base_reglist = reglist & 0xf;
 target_ulong do_r31 = reglist & 0x10;
 
-if (base_reglist > 0 && base_reglist <= ARRAY_SIZE (multiple_regs)) {
+if (base_reglist > 0 && base_reglist <= ARRAY_SIZE(multiple_regs)) {
 target_ulong i;
 
 for (i = 0; i < base_reglist; i++) {
@@ -557,7 +563,7 @@ void helper_swm(CPUMIPSState *env, target_ulong addr, 
target_ulong reglist,
 target_ulong base_reglist = reglist & 0xf;
 target_ulong do_r31 = reglist & 0x10;
 
-if (base_reglist > 0 && base_reglist <= ARRAY_SIZE (multiple_regs)) {
+if (base_reglist > 0 && base_reglist <= ARRAY_SIZE(multiple_regs)) {
 target_ulong i;
 
 for (i = 0; i < base_reglist; i++) {
@@ -579,7 +585,7 @@ void helper_ldm(CPUMIPSState *env, target_ulong addr, 
target_ulong reglist,
 target_ulong base_reglist = reglist & 0xf;
 target_ulong do_r31 = reglist & 0x10;
 
-if (base_reglist > 0 && base_reglist <= ARRAY_SIZE (multiple_regs)) {
+if (base_reglist > 0 && base_reglist <= ARRAY_SIZE(multiple_regs)) {
 target_ulong i;
 
 for (i = 0; i < base_reglist; i++) {

[PATCH v5 09/10] target/mips: msa: Split helpers for S.

[Aleksandar Markovic]

From: Aleksandar Markovic 

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  30 +++-
 target/mips/msa_helper.c | 424 +--
 target/mips/translate.c  |  91 --
 3 files changed, 479 insertions(+), 66 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index f25ba90..f779404 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -967,6 +967,31 @@ DEF_HELPER_4(msa_nor_v, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_or_v, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_xor_v, void, env, i32, i32, i32)
 
+DEF_HELPER_4(msa_sll_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_sll_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_sll_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_sll_d, void, env, i32, i32, i32)
+
+DEF_HELPER_4(msa_sra_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_sra_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_sra_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_sra_d, void, env, i32, i32, i32)
+
+DEF_HELPER_4(msa_srar_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_srar_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_srar_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_srar_d, void, env, i32, i32, i32)
+
+DEF_HELPER_4(msa_srl_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_srl_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_srl_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_srl_d, void, env, i32, i32, i32)
+
+DEF_HELPER_4(msa_srlr_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_srlr_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_srlr_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_srlr_d, void, env, i32, i32, i32)
+
 DEF_HELPER_3(msa_move_v, void, env, i32, i32)
 
 DEF_HELPER_4(msa_andi_b, void, env, i32, i32, i32)
@@ -1004,9 +1029,6 @@ DEF_HELPER_5(msa_sat_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_srari_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_srlri_df, void, env, i32, i32, i32, i32)
 
-DEF_HELPER_5(msa_sll_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_sra_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_srl_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_binsl_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_binsr_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_subv_df, void, env, i32, i32, i32, i32)
@@ -1030,8 +1052,6 @@ DEF_HELPER_5(msa_splat_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_pckev_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_pckod_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_vshf_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_srar_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_srlr_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_hsub_s_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_hsub_u_df, void, env, i32, i32, i32, i32)
 
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index f5d3737..38ff1da 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -3461,7 +3461,382 @@ void helper_msa_move_v(CPUMIPSState *env, uint32_t wd, 
uint32_t ws)
  * +---+--+
  */
 
-/* TODO: insert Shift group helpers here */
+
+static inline int64_t msa_sll_df(uint32_t df, int64_t arg1, int64_t arg2)
+{
+int32_t b_arg2 = BIT_POSITION(arg2, df);
+return arg1 << b_arg2;
+}
+
+void helper_msa_sll_b(CPUMIPSState *env,
+  uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->b[0]  = msa_sll_df(DF_BYTE, pws->b[0],  pwt->b[0]);
+pwd->b[1]  = msa_sll_df(DF_BYTE, pws->b[1],  pwt->b[1]);
+pwd->b[2]  = msa_sll_df(DF_BYTE, pws->b[2],  pwt->b[2]);
+pwd->b[3]  = msa_sll_df(DF_BYTE, pws->b[3],  pwt->b[3]);
+pwd->b[4]  = msa_sll_df(DF_BYTE, pws->b[4],  pwt->b[4]);
+pwd->b[5]  = msa_sll_df(DF_BYTE, pws->b[5],  pwt->b[5]);
+pwd->b[6]  = msa_sll_df(DF_BYTE, pws->b[6],  pwt->b[6]);
+pwd->b[7]  = msa_sll_df(DF_BYTE, pws->b[7],  pwt->b[7]);
+pwd->b[8]  = msa_sll_df(DF_BYTE, pws->b[8],  pwt->b[8]);
+pwd->b[9]  = msa_sll_df(DF_BYTE, pws->b[9],  pwt->b[9]);
+pwd->b[10] = msa_sll_df(DF_BYTE, pws->b[10], pwt->b[10]);
+pwd->b[11] = msa_sll_df(DF_BYTE, pws->b[11], pwt->b[11]);
+pwd->b[12] = msa_sll_df(DF_BYTE, pws->b[12], pwt->b[12]);
+pwd->b[13] = msa_sll_df(DF_BYTE, pws->b[13], pwt->b[13]);
+pwd->b[14] = msa_sll_df(DF_BYTE, pws->b[14], pwt->b[14]);
+pwd->b[15] = msa_sll_df(DF_BYTE, pws->b[15], pwt->b[15]);
+}
+
+void helper_msa_sll_h(CPUMIPSState *env,
+  uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->h[0]  = msa_sll_df(DF_HALF, pws->h[0],  pwt->h[0]);
+pwd->h[1]  = msa_sll_df(DF_HALF, pws->h[1],  

[PATCH v5 10/10] target/mips: msa: Split helpers for PCK.

[Aleksandar Markovic]

From: Aleksandar Markovic 

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  11 +-
 target/mips/msa_helper.c | 386 +--
 target/mips/translate.c  |  38 -
 3 files changed, 249 insertions(+), 186 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index f779404..7bb13d5 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -967,6 +967,15 @@ DEF_HELPER_4(msa_nor_v, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_or_v, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_xor_v, void, env, i32, i32, i32)
 
+DEF_HELPER_4(msa_pckev_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_pckev_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_pckev_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_pckev_d, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_pckod_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_pckod_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_pckod_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_pckod_d, void, env, i32, i32, i32)
+
 DEF_HELPER_4(msa_sll_b, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_sll_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_sll_w, void, env, i32, i32, i32)
@@ -1049,8 +1058,6 @@ DEF_HELPER_5(msa_dpsub_s_df, void, env, i32, i32, i32, 
i32)
 DEF_HELPER_5(msa_dpsub_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_sld_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_splat_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_pckev_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_pckod_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_vshf_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_hsub_s_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_hsub_u_df, void, env, i32, i32, i32, i32)
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index 38ff1da..2400632 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -3430,7 +3430,214 @@ void helper_msa_move_v(CPUMIPSState *env, uint32_t wd, 
uint32_t ws)
  * +---+--+
  */
 
-/* TODO: insert Pack group helpers here */
+
+void helper_msa_pckev_b(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+#if defined(HOST_WORDS_BIGENDIAN)
+pwd->b[8]  = pws->b[9];
+pwd->b[10] = pws->b[13];
+pwd->b[12] = pws->b[1];
+pwd->b[14] = pws->b[5];
+pwd->b[0]  = pwt->b[9];
+pwd->b[2]  = pwt->b[13];
+pwd->b[4]  = pwt->b[1];
+pwd->b[6]  = pwt->b[5];
+pwd->b[9]  = pws->b[11];
+pwd->b[13] = pws->b[3];
+pwd->b[1]  = pwt->b[11];
+pwd->b[5]  = pwt->b[3];
+pwd->b[11] = pws->b[15];
+pwd->b[3]  = pwt->b[15];
+pwd->b[15] = pws->b[7];
+pwd->b[7]  = pwt->b[7];
+#else
+pwd->b[15] = pws->b[14];
+pwd->b[13] = pws->b[10];
+pwd->b[11] = pws->b[6];
+pwd->b[9]  = pws->b[2];
+pwd->b[7]  = pwt->b[14];
+pwd->b[5]  = pwt->b[10];
+pwd->b[3]  = pwt->b[6];
+pwd->b[1]  = pwt->b[2];
+pwd->b[14] = pws->b[12];
+pwd->b[10] = pws->b[4];
+pwd->b[6]  = pwt->b[12];
+pwd->b[2]  = pwt->b[4];
+pwd->b[12] = pws->b[8];
+pwd->b[4]  = pwt->b[8];
+pwd->b[8]  = pws->b[0];
+pwd->b[0]  = pwt->b[0];
+#endif
+}
+
+void helper_msa_pckev_h(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+#if defined(HOST_WORDS_BIGENDIAN)
+pwd->h[4] = pws->h[5];
+pwd->h[6] = pws->h[1];
+pwd->h[0] = pwt->h[5];
+pwd->h[2] = pwt->h[1];
+pwd->h[5] = pws->h[7];
+pwd->h[1] = pwt->h[7];
+pwd->h[7] = pws->h[3];
+pwd->h[3] = pwt->h[3];
+#else
+pwd->h[7] = pws->h[6];
+pwd->h[5] = pws->h[2];
+pwd->h[3] = pwt->h[6];
+pwd->h[1] = pwt->h[2];
+pwd->h[6] = pws->h[4];
+pwd->h[2] = pwt->h[4];
+pwd->h[4] = pws->h[0];
+pwd->h[0] = pwt->h[0];
+#endif
+}
+
+void helper_msa_pckev_w(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+#if defined(HOST_WORDS_BIGENDIAN)
+pwd->w[2] = pws->w[3];
+pwd->w[0] = pwt->w[3];
+pwd->w[3] = pws->w[1];
+pwd->w[1] = pwt->w[1];
+#else
+pwd->w[3] = pws->w[2];
+pwd->w[1] = pwt->w[2];
+pwd->w[2] = pws->w[0];
+pwd->w[0] = pwt->w[0];
+#endif
+}
+
+void helper_msa_pckev_d(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->d[1] = pws->d[0];

[PATCH v5 06/10] target/mips: msa: Split helpers for ILV.

[Aleksandar Markovic]

From: Aleksandar Markovic 

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  21 +-
 target/mips/msa_helper.c | 768 +--
 target/mips/translate.c  |  76 -
 3 files changed, 496 insertions(+), 369 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index 6419bb8..f3df187 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -912,6 +912,23 @@ DEF_HELPER_4(msa_mod_s_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_mod_s_w, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_mod_s_d, void, env, i32, i32, i32)
 
+DEF_HELPER_4(msa_ilvev_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvev_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvev_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvev_d, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvod_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvod_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvod_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvod_d, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvl_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvl_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvl_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvl_d, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvr_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvr_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvr_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_ilvr_d, void, env, i32, i32, i32)
+
 DEF_HELPER_4(msa_and_v, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_nor_v, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_or_v, void, env, i32, i32, i32)
@@ -984,10 +1001,6 @@ DEF_HELPER_5(msa_sld_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_splat_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_pckev_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_pckod_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_ilvl_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_ilvr_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_ilvev_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_ilvod_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_vshf_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_srar_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_srlr_df, void, env, i32, i32, i32, i32)
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index 65df15d..499fcde 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -2432,7 +2432,421 @@ void helper_msa_mod_u_d(CPUMIPSState *env,
  * +---+--+
  */
 
-/* TODO: insert Interleave group helpers here */
+
+void helper_msa_ilvev_b(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+#if defined(HOST_WORDS_BIGENDIAN)
+pwd->b[8]  = pws->b[9];
+pwd->b[9]  = pwt->b[9];
+pwd->b[10] = pws->b[11];
+pwd->b[11] = pwt->b[11];
+pwd->b[12] = pws->b[13];
+pwd->b[13] = pwt->b[13];
+pwd->b[14] = pws->b[15];
+pwd->b[15] = pwt->b[15];
+pwd->b[0]  = pws->b[1];
+pwd->b[1]  = pwt->b[1];
+pwd->b[2]  = pws->b[3];
+pwd->b[3]  = pwt->b[3];
+pwd->b[4]  = pws->b[5];
+pwd->b[5]  = pwt->b[5];
+pwd->b[6]  = pws->b[7];
+pwd->b[7]  = pwt->b[7];
+#else
+pwd->b[15] = pws->b[14];
+pwd->b[14] = pwt->b[14];
+pwd->b[13] = pws->b[12];
+pwd->b[12] = pwt->b[12];
+pwd->b[11] = pws->b[10];
+pwd->b[10] = pwt->b[10];
+pwd->b[9]  = pws->b[8];
+pwd->b[8]  = pwt->b[8];
+pwd->b[7]  = pws->b[6];
+pwd->b[6]  = pwt->b[6];
+pwd->b[5]  = pws->b[4];
+pwd->b[4]  = pwt->b[4];
+pwd->b[3]  = pws->b[2];
+pwd->b[2]  = pwt->b[2];
+pwd->b[1]  = pws->b[0];
+pwd->b[0]  = pwt->b[0];
+#endif
+}
+
+void helper_msa_ilvev_h(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+#if defined(HOST_WORDS_BIGENDIAN)
+pwd->h[4] = pws->h[5];
+pwd->h[5] = pwt->h[5];
+pwd->h[6] = pws->h[7];
+pwd->h[7] = pwt->h[7];
+pwd->h[0] = pws->h[1];
+pwd->h[1] = pwt->h[1];
+pwd->h[2] = pws->h[3];
+pwd->h[3] = pwt->h[3];
+#else
+pwd->h[7] = pws->h[6];
+pwd->h[6] = pwt->h[6];
+pwd->h[5] = pws->h[4];
+pwd->h[4] = pwt->h[4];
+pwd->h[3] = pws->h[2];
+pwd->h[2] = pwt->h[2];
+pwd->h[1] = pws->h[0];
+pwd->h[0] = pwt->h[0];
+#endif
+}
+
+void helper_msa_ilvev_w(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+#if defined(HOST_WORDS_BIGENDIAN)
+pwd->w[2] = 

[PATCH v5 07/10] target/mips: msa: Split helpers for ADD<_A|S_A|S_S|S_U|V>.

[Aleksandar Markovic]

From: Aleksandar Markovic 

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  30 +++-
 target/mips/msa_helper.c | 426 +--
 target/mips/translate.c  |  95 +--
 3 files changed, 482 insertions(+), 69 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index f3df187..ce01e97 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -822,6 +822,31 @@ DEF_HELPER_4(msa_bset_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_bset_w, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_bset_d, void, env, i32, i32, i32)
 
+DEF_HELPER_4(msa_add_a_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_add_a_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_add_a_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_add_a_d, void, env, i32, i32, i32)
+
+DEF_HELPER_4(msa_adds_a_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_adds_a_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_adds_a_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_adds_a_d, void, env, i32, i32, i32)
+
+DEF_HELPER_4(msa_adds_s_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_adds_s_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_adds_s_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_adds_s_d, void, env, i32, i32, i32)
+
+DEF_HELPER_4(msa_adds_u_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_adds_u_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_adds_u_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_adds_u_d, void, env, i32, i32, i32)
+
+DEF_HELPER_4(msa_addv_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_addv_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_addv_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_addv_d, void, env, i32, i32, i32)
+
 DEF_HELPER_4(msa_ave_s_b, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_ave_s_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_ave_s_w, void, env, i32, i32, i32)
@@ -976,12 +1001,7 @@ DEF_HELPER_5(msa_sra_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_srl_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_binsl_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_binsr_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_addv_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_subv_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_add_a_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_adds_a_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_adds_s_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_adds_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_subs_s_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_subs_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_subsus_u_df, void, env, i32, i32, i32, i32)
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index 499fcde..c31f46c 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -805,7 +805,383 @@ void helper_msa_bset_d(CPUMIPSState *env, uint32_t wd, 
uint32_t ws, uint32_t wt)
  * +---+--+
  */
 
-/* TODO: insert Int Add group helpers here */
+
+static inline int64_t msa_add_a_df(uint32_t df, int64_t arg1, int64_t arg2)
+{
+uint64_t abs_arg1 = arg1 >= 0 ? arg1 : -arg1;
+uint64_t abs_arg2 = arg2 >= 0 ? arg2 : -arg2;
+return abs_arg1 + abs_arg2;
+}
+
+void helper_msa_add_a_b(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->b[0]  = msa_add_a_df(DF_BYTE, pws->b[0],  pwt->b[0]);
+pwd->b[1]  = msa_add_a_df(DF_BYTE, pws->b[1],  pwt->b[1]);
+pwd->b[2]  = msa_add_a_df(DF_BYTE, pws->b[2],  pwt->b[2]);
+pwd->b[3]  = msa_add_a_df(DF_BYTE, pws->b[3],  pwt->b[3]);
+pwd->b[4]  = msa_add_a_df(DF_BYTE, pws->b[4],  pwt->b[4]);
+pwd->b[5]  = msa_add_a_df(DF_BYTE, pws->b[5],  pwt->b[5]);
+pwd->b[6]  = msa_add_a_df(DF_BYTE, pws->b[6],  pwt->b[6]);
+pwd->b[7]  = msa_add_a_df(DF_BYTE, pws->b[7],  pwt->b[7]);
+pwd->b[8]  = msa_add_a_df(DF_BYTE, pws->b[8],  pwt->b[8]);
+pwd->b[9]  = msa_add_a_df(DF_BYTE, pws->b[9],  pwt->b[9]);
+pwd->b[10] = msa_add_a_df(DF_BYTE, pws->b[10], pwt->b[10]);
+pwd->b[11] = msa_add_a_df(DF_BYTE, pws->b[11], pwt->b[11]);
+pwd->b[12] = msa_add_a_df(DF_BYTE, pws->b[12], pwt->b[12]);
+pwd->b[13] = msa_add_a_df(DF_BYTE, pws->b[13], pwt->b[13]);
+pwd->b[14] = msa_add_a_df(DF_BYTE, pws->b[14], pwt->b[14]);
+pwd->b[15] = msa_add_a_df(DF_BYTE, pws->b[15], pwt->b[15]);
+}
+
+void helper_msa_add_a_h(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->h[0]  = msa_add_a_df(DF_HALF, pws->h[0],  pwt->h[0]);
+pwd->h[1]  = msa_add_a_df(DF_HALF, pws->h[1],  pwt->h[1]);
+pwd->h[2]  = 

[PATCH v5 01/10] target/mips: Clean up helper.c

[Aleksandar Markovic]

From: Aleksandar Markovic 

Mostly fix errors and warnings reported by 'checkpatch.pl -f'.

Cc: Markus Armbruster 
Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.c | 123 +++
 1 file changed, 74 insertions(+), 49 deletions(-)

diff --git a/target/mips/helper.c b/target/mips/helper.c
index a2b6459..781930a 100644
--- a/target/mips/helper.c
+++ b/target/mips/helper.c
@@ -39,8 +39,8 @@ enum {
 #if !defined(CONFIG_USER_ONLY)
 
 /* no MMU emulation */
-int no_mmu_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
-target_ulong address, int rw, int access_type)
+int no_mmu_map_address(CPUMIPSState *env, hwaddr *physical, int *prot,
+   target_ulong address, int rw, int access_type)
 {
 *physical = address;
 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
@@ -48,26 +48,28 @@ int no_mmu_map_address (CPUMIPSState *env, hwaddr 
*physical, int *prot,
 }
 
 /* fixed mapping MMU emulation */
-int fixed_mmu_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
-   target_ulong address, int rw, int access_type)
+int fixed_mmu_map_address(CPUMIPSState *env, hwaddr *physical, int *prot,
+  target_ulong address, int rw, int access_type)
 {
 if (address <= (int32_t)0x7FFFUL) {
-if (!(env->CP0_Status & (1 << CP0St_ERL)))
+if (!(env->CP0_Status & (1 << CP0St_ERL))) {
 *physical = address + 0x4000UL;
-else
+} else {
 *physical = address;
-} else if (address <= (int32_t)0xBFFFUL)
+}
+} else if (address <= (int32_t)0xBFFFUL) {
 *physical = address & 0x1FFF;
-else
+} else {
 *physical = address;
+}
 
 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
 return TLBRET_MATCH;
 }
 
 /* MIPS32/MIPS64 R4000-style MMU emulation */
-int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
- target_ulong address, int rw, int access_type)
+int r4k_map_address(CPUMIPSState *env, hwaddr *physical, int *prot,
+target_ulong address, int rw, int access_type)
 {
 uint16_t ASID = env->CP0_EntryHi & env->CP0_EntryHi_ASID_mask;
 int i;
@@ -99,8 +101,9 @@ int r4k_map_address (CPUMIPSState *env, hwaddr *physical, 
int *prot,
 if (rw != MMU_DATA_STORE || (n ? tlb->D1 : tlb->D0)) {
 *physical = tlb->PFN[n] | (address & (mask >> 1));
 *prot = PAGE_READ;
-if (n ? tlb->D1 : tlb->D0)
+if (n ? tlb->D1 : tlb->D0) {
 *prot |= PAGE_WRITE;
+}
 if (!(n ? tlb->XI1 : tlb->XI0)) {
 *prot |= PAGE_EXEC;
 }
@@ -130,7 +133,7 @@ static int is_seg_am_mapped(unsigned int am, bool eu, int 
mmu_idx)
 int32_t adetlb_mask;
 
 switch (mmu_idx) {
-case 3 /* ERL */:
+case 3: /* ERL */
 /* If EU is set, always unmapped */
 if (eu) {
 return 0;
@@ -204,7 +207,7 @@ static int get_segctl_physical_address(CPUMIPSState *env, 
hwaddr *physical,
 pa & ~(hwaddr)segmask);
 }
 
-static int get_physical_address (CPUMIPSState *env, hwaddr *physical,
+static int get_physical_address(CPUMIPSState *env, hwaddr *physical,
 int *prot, target_ulong real_address,
 int rw, int access_type, int mmu_idx)
 {
@@ -252,14 +255,15 @@ static int get_physical_address (CPUMIPSState *env, 
hwaddr *physical,
 } else {
 segctl = env->CP0_SegCtl2 >> 16;
 }
-ret = get_segctl_physical_address(env, physical, prot, real_address, 
rw,
-  access_type, mmu_idx, segctl,
-  0x3FFF);
+ret = get_segctl_physical_address(env, physical, prot,
+  real_address, rw, access_type,
+  mmu_idx, segctl, 0x3FFF);
 #if defined(TARGET_MIPS64)
 } else if (address < 0x4000ULL) {
 /* xuseg */
 if (UX && address <= (0x3FFFULL & env->SEGMask)) {
-ret = env->tlb->map_address(env, physical, prot, real_address, rw, 
access_type);
+ret = env->tlb->map_address(env, physical, prot,
+real_address, rw, access_type);
 } else {
 ret = TLBRET_BADADDR;
 }
@@ -267,7 +271,8 @@ static int get_physical_address (CPUMIPSState *env, hwaddr 
*physical,
 /* xsseg */
 if ((supervisor_mode || kernel_mode) &&
 SX && address <= (0x7FFFULL & env->SEGMask)) {
-ret = env->tlb->map_address(env, physical, prot, real_address, rw, 
access_type);
+ret = env->tlb->map_address(env, physical, prot,
+  

[PATCH v5 08/10] target/mips: msa: Split helpers for HADD_.

[Aleksandar Markovic]

From: Aleksandar Markovic 

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  10 +++-
 target/mips/msa_helper.c | 131 ++-
 target/mips/translate.c  |  32 +---
 3 files changed, 141 insertions(+), 32 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index ce01e97..f25ba90 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -847,6 +847,14 @@ DEF_HELPER_4(msa_addv_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_addv_w, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_addv_d, void, env, i32, i32, i32)
 
+DEF_HELPER_4(msa_hadd_s_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_hadd_s_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_hadd_s_d, void, env, i32, i32, i32)
+
+DEF_HELPER_4(msa_hadd_u_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_hadd_u_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_hadd_u_d, void, env, i32, i32, i32)
+
 DEF_HELPER_4(msa_ave_s_b, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_ave_s_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_ave_s_w, void, env, i32, i32, i32)
@@ -1024,8 +1032,6 @@ DEF_HELPER_5(msa_pckod_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_vshf_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_srar_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_srlr_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_hadd_s_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_hadd_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_hsub_s_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_hsub_u_df, void, env, i32, i32, i32, i32)
 
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index c31f46c..f5d3737 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -1184,6 +1184,113 @@ void helper_msa_addv_d(CPUMIPSState *env,
 }
 
 
+#define SIGNED_EVEN(a, df) \
+int64_t)(a)) << (64 - DF_BITS(df) / 2)) >> (64 - DF_BITS(df) / 2))
+
+#define UNSIGNED_EVEN(a, df) \
+uint64_t)(a)) << (64 - DF_BITS(df) / 2)) >> (64 - DF_BITS(df) / 2))
+
+#define SIGNED_ODD(a, df) \
+int64_t)(a)) << (64 - DF_BITS(df))) >> (64 - DF_BITS(df) / 2))
+
+#define UNSIGNED_ODD(a, df) \
+uint64_t)(a)) << (64 - DF_BITS(df))) >> (64 - DF_BITS(df) / 2))
+
+
+static inline int64_t msa_hadd_s_df(uint32_t df, int64_t arg1, int64_t arg2)
+{
+return SIGNED_ODD(arg1, df) + SIGNED_EVEN(arg2, df);
+}
+
+void helper_msa_hadd_s_h(CPUMIPSState *env,
+ uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->h[0]  = msa_hadd_s_df(DF_HALF, pws->h[0],  pwt->h[0]);
+pwd->h[1]  = msa_hadd_s_df(DF_HALF, pws->h[1],  pwt->h[1]);
+pwd->h[2]  = msa_hadd_s_df(DF_HALF, pws->h[2],  pwt->h[2]);
+pwd->h[3]  = msa_hadd_s_df(DF_HALF, pws->h[3],  pwt->h[3]);
+pwd->h[4]  = msa_hadd_s_df(DF_HALF, pws->h[4],  pwt->h[4]);
+pwd->h[5]  = msa_hadd_s_df(DF_HALF, pws->h[5],  pwt->h[5]);
+pwd->h[6]  = msa_hadd_s_df(DF_HALF, pws->h[6],  pwt->h[6]);
+pwd->h[7]  = msa_hadd_s_df(DF_HALF, pws->h[7],  pwt->h[7]);
+}
+
+void helper_msa_hadd_s_w(CPUMIPSState *env,
+ uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->w[0]  = msa_hadd_s_df(DF_WORD, pws->w[0],  pwt->w[0]);
+pwd->w[1]  = msa_hadd_s_df(DF_WORD, pws->w[1],  pwt->w[1]);
+pwd->w[2]  = msa_hadd_s_df(DF_WORD, pws->w[2],  pwt->w[2]);
+pwd->w[3]  = msa_hadd_s_df(DF_WORD, pws->w[3],  pwt->w[3]);
+}
+
+void helper_msa_hadd_s_d(CPUMIPSState *env,
+ uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->d[0]  = msa_hadd_s_df(DF_DOUBLE, pws->d[0],  pwt->d[0]);
+pwd->d[1]  = msa_hadd_s_df(DF_DOUBLE, pws->d[1],  pwt->d[1]);
+}
+
+
+static inline int64_t msa_hadd_u_df(uint32_t df, int64_t arg1, int64_t arg2)
+{
+return UNSIGNED_ODD(arg1, df) + UNSIGNED_EVEN(arg2, df);
+}
+
+void helper_msa_hadd_u_h(CPUMIPSState *env,
+ uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->h[0]  = msa_hadd_u_df(DF_HALF, pws->h[0],  pwt->h[0]);
+pwd->h[1]  = msa_hadd_u_df(DF_HALF, pws->h[1],  pwt->h[1]);
+pwd->h[2]  = msa_hadd_u_df(DF_HALF, pws->h[2],  pwt->h[2]);
+pwd->h[3]  = msa_hadd_u_df(DF_HALF, pws->h[3],  pwt->h[3]);
+pwd->h[4]  = msa_hadd_u_df(DF_HALF, pws->h[4],  pwt->h[4]);
+pwd->h[5]  = msa_hadd_u_df(DF_HALF, pws->h[5],  pwt->h[5]);
+pwd->h[6]  = 

[PATCH v5 03/10] MAINTAINERS: Update mail address of Aleksandar Rikalo

[Aleksandar Markovic]

From: Aleksandar Markovic 

Aleksandar Rikalo wishes to change his primary mail address for QEMU.
Some minor line order is corrected in .mailmap to be alphabetical,
too.

Signed-off-by: Aleksandar Markovic 
---
 .mailmap|  5 +++--
 MAINTAINERS | 18 +-
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/.mailmap b/.mailmap
index 0756a0b..3816e4e 100644
--- a/.mailmap
+++ b/.mailmap
@@ -39,10 +39,11 @@ Julia Suvorova  Julia Suvorova via 
Qemu-devel  Justin Terry (VM) via Qemu-devel 

 
 # Next, replace old addresses by a more recent one.
-Anthony Liguori  Anthony Liguori 
-James Hogan  
 Aleksandar Markovic  
 Aleksandar Markovic  
+Aleksandar Rikalo  
+Anthony Liguori  Anthony Liguori 
+James Hogan  
 Paul Burton  
 Paul Burton  
 Paul Burton  
diff --git a/MAINTAINERS b/MAINTAINERS
index 3ca8148..4964fbb 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -208,7 +208,7 @@ F: disas/microblaze.c
 MIPS TCG CPUs
 M: Aurelien Jarno 
 M: Aleksandar Markovic 
-R: Aleksandar Rikalo 
+R: Aleksandar Rikalo 
 S: Maintained
 F: target/mips/
 F: default-configs/*mips*
@@ -363,7 +363,7 @@ F: target/arm/kvm.c
 
 MIPS KVM CPUs
 M: James Hogan 
-R: Aleksandar Rikalo 
+R: Aleksandar Rikalo 
 S: Maintained
 F: target/mips/kvm.c
 
@@ -934,7 +934,7 @@ MIPS Machines
 -
 Jazz
 M: Hervé Poussineau 
-R: Aleksandar Rikalo 
+R: Aleksandar Rikalo 
 S: Maintained
 F: hw/mips/mips_jazz.c
 F: hw/display/jazz_led.c
@@ -942,7 +942,7 @@ F: hw/dma/rc4030.c
 
 Malta
 M: Aurelien Jarno 
-R: Aleksandar Rikalo 
+R: Aleksandar Rikalo 
 S: Maintained
 F: hw/mips/mips_malta.c
 F: hw/mips/gt64xxx_pci.c
@@ -950,20 +950,20 @@ F: tests/acceptance/linux_ssh_mips_malta.py
 
 Mipssim
 M: Aleksandar Markovic 
-R: Aleksandar Rikalo 
+R: Aleksandar Rikalo 
 S: Odd Fixes
 F: hw/mips/mips_mipssim.c
 F: hw/net/mipsnet.c
 
 R4000
 M: Aurelien Jarno 
-R: Aleksandar Rikalo 
+R: Aleksandar Rikalo 
 S: Maintained
 F: hw/mips/mips_r4k.c
 
 Fulong 2E
 M: Aleksandar Markovic 
-R: Aleksandar Rikalo 
+R: Aleksandar Rikalo 
 S: Odd Fixes
 F: hw/mips/mips_fulong2e.c
 F: hw/isa/vt82c686.c
@@ -972,7 +972,7 @@ F: include/hw/isa/vt82c686.h
 
 Boston
 M: Paul Burton 
-R: Aleksandar Rikalo 
+R: Aleksandar Rikalo 
 S: Maintained
 F: hw/core/loader-fit.c
 F: hw/mips/boston.c
@@ -2348,7 +2348,7 @@ F: disas/i386.c
 
 MIPS TCG target
 M: Aurelien Jarno 
-R: Aleksandar Rikalo 
+R: Aleksandar Rikalo 
 S: Maintained
 F: tcg/mips/
 
-- 
2.7.4

[PATCH v5 04/10] target/mips: msa: Split helpers for _A.

[Aleksandar Markovic]

From: Aleksandar Markovic 

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  11 +++-
 target/mips/msa_helper.c | 163 ++-
 target/mips/translate.c  |  38 +--
 3 files changed, 187 insertions(+), 25 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index d615c83..cef4de6 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -877,6 +877,15 @@ DEF_HELPER_4(msa_div_u_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_div_u_w, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_div_u_d, void, env, i32, i32, i32)
 
+DEF_HELPER_4(msa_max_a_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_max_a_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_max_a_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_max_a_d, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_min_a_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_min_a_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_min_a_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_min_a_d, void, env, i32, i32, i32)
+
 DEF_HELPER_4(msa_mod_u_b, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_mod_u_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_mod_u_w, void, env, i32, i32, i32)
@@ -940,8 +949,6 @@ DEF_HELPER_5(msa_max_s_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_max_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_min_s_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_min_u_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_max_a_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_min_a_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_add_a_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_adds_a_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_adds_s_df, void, env, i32, i32, i32, i32)
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index a2052ba..3eb0ab1 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -1736,7 +1736,152 @@ void helper_msa_div_u_d(CPUMIPSState *env,
  * +---+--+
  */
 
-/* TODO: insert Int Max Min group helpers here */
+static inline int64_t msa_max_a_df(uint32_t df, int64_t arg1, int64_t arg2)
+{
+uint64_t abs_arg1 = arg1 >= 0 ? arg1 : -arg1;
+uint64_t abs_arg2 = arg2 >= 0 ? arg2 : -arg2;
+return abs_arg1 > abs_arg2 ? arg1 : arg2;
+}
+
+void helper_msa_max_a_b(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->b[0]  = msa_max_a_df(DF_BYTE, pws->b[0],  pwt->b[0]);
+pwd->b[1]  = msa_max_a_df(DF_BYTE, pws->b[1],  pwt->b[1]);
+pwd->b[2]  = msa_max_a_df(DF_BYTE, pws->b[2],  pwt->b[2]);
+pwd->b[3]  = msa_max_a_df(DF_BYTE, pws->b[3],  pwt->b[3]);
+pwd->b[4]  = msa_max_a_df(DF_BYTE, pws->b[4],  pwt->b[4]);
+pwd->b[5]  = msa_max_a_df(DF_BYTE, pws->b[5],  pwt->b[5]);
+pwd->b[6]  = msa_max_a_df(DF_BYTE, pws->b[6],  pwt->b[6]);
+pwd->b[7]  = msa_max_a_df(DF_BYTE, pws->b[7],  pwt->b[7]);
+pwd->b[8]  = msa_max_a_df(DF_BYTE, pws->b[8],  pwt->b[8]);
+pwd->b[9]  = msa_max_a_df(DF_BYTE, pws->b[9],  pwt->b[9]);
+pwd->b[10] = msa_max_a_df(DF_BYTE, pws->b[10], pwt->b[10]);
+pwd->b[11] = msa_max_a_df(DF_BYTE, pws->b[11], pwt->b[11]);
+pwd->b[12] = msa_max_a_df(DF_BYTE, pws->b[12], pwt->b[12]);
+pwd->b[13] = msa_max_a_df(DF_BYTE, pws->b[13], pwt->b[13]);
+pwd->b[14] = msa_max_a_df(DF_BYTE, pws->b[14], pwt->b[14]);
+pwd->b[15] = msa_max_a_df(DF_BYTE, pws->b[15], pwt->b[15]);
+}
+
+void helper_msa_max_a_h(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->h[0]  = msa_max_a_df(DF_HALF, pws->h[0],  pwt->h[0]);
+pwd->h[1]  = msa_max_a_df(DF_HALF, pws->h[1],  pwt->h[1]);
+pwd->h[2]  = msa_max_a_df(DF_HALF, pws->h[2],  pwt->h[2]);
+pwd->h[3]  = msa_max_a_df(DF_HALF, pws->h[3],  pwt->h[3]);
+pwd->h[4]  = msa_max_a_df(DF_HALF, pws->h[4],  pwt->h[4]);
+pwd->h[5]  = msa_max_a_df(DF_HALF, pws->h[5],  pwt->h[5]);
+pwd->h[6]  = msa_max_a_df(DF_HALF, pws->h[6],  pwt->h[6]);
+pwd->h[7]  = msa_max_a_df(DF_HALF, pws->h[7],  pwt->h[7]);
+}
+
+void helper_msa_max_a_w(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->w[0]  = msa_max_a_df(DF_WORD, pws->w[0],  pwt->w[0]);
+pwd->w[1]  = msa_max_a_df(DF_WORD, pws->w[1],  pwt->w[1]);
+pwd->w[2]  = msa_max_a_df(DF_WORD, pws->w[2],  pwt->w[2]);
+pwd->w[3]  = msa_max_a_df(DF_WORD, pws->w[3],  pwt->w[3]);
+}
+
+void 

[PATCH v5 05/10] target/mips: msa: Split helpers for _.

[Aleksandar Markovic]

From: Aleksandar Markovic 

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  20 ++-
 target/mips/msa_helper.c | 320 ++-
 target/mips/translate.c  |  76 +--
 3 files changed, 372 insertions(+), 44 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index cef4de6..6419bb8 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -881,10 +881,26 @@ DEF_HELPER_4(msa_max_a_b, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_max_a_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_max_a_w, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_max_a_d, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_max_s_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_max_s_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_max_s_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_max_s_d, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_max_u_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_max_u_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_max_u_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_max_u_d, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_min_a_b, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_min_a_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_min_a_w, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_min_a_d, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_min_s_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_min_s_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_min_s_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_min_s_d, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_min_u_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_min_u_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_min_u_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_min_u_d, void, env, i32, i32, i32)
 
 DEF_HELPER_4(msa_mod_u_b, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_mod_u_h, void, env, i32, i32, i32)
@@ -945,10 +961,6 @@ DEF_HELPER_5(msa_binsl_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_binsr_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_addv_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_subv_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_max_s_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_max_u_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_min_s_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_min_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_add_a_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_adds_a_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_adds_s_df, void, env, i32, i32, i32, i32)
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index 3eb0ab1..65df15d 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -1810,6 +1810,152 @@ void helper_msa_max_a_d(CPUMIPSState *env,
 }
 
 
+static inline int64_t msa_max_s_df(uint32_t df, int64_t arg1, int64_t arg2)
+{
+return arg1 > arg2 ? arg1 : arg2;
+}
+
+void helper_msa_max_s_b(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->b[0]  = msa_max_s_df(DF_BYTE, pws->b[0],  pwt->b[0]);
+pwd->b[1]  = msa_max_s_df(DF_BYTE, pws->b[1],  pwt->b[1]);
+pwd->b[2]  = msa_max_s_df(DF_BYTE, pws->b[2],  pwt->b[2]);
+pwd->b[3]  = msa_max_s_df(DF_BYTE, pws->b[3],  pwt->b[3]);
+pwd->b[4]  = msa_max_s_df(DF_BYTE, pws->b[4],  pwt->b[4]);
+pwd->b[5]  = msa_max_s_df(DF_BYTE, pws->b[5],  pwt->b[5]);
+pwd->b[6]  = msa_max_s_df(DF_BYTE, pws->b[6],  pwt->b[6]);
+pwd->b[7]  = msa_max_s_df(DF_BYTE, pws->b[7],  pwt->b[7]);
+pwd->b[8]  = msa_max_s_df(DF_BYTE, pws->b[8],  pwt->b[8]);
+pwd->b[9]  = msa_max_s_df(DF_BYTE, pws->b[9],  pwt->b[9]);
+pwd->b[10] = msa_max_s_df(DF_BYTE, pws->b[10], pwt->b[10]);
+pwd->b[11] = msa_max_s_df(DF_BYTE, pws->b[11], pwt->b[11]);
+pwd->b[12] = msa_max_s_df(DF_BYTE, pws->b[12], pwt->b[12]);
+pwd->b[13] = msa_max_s_df(DF_BYTE, pws->b[13], pwt->b[13]);
+pwd->b[14] = msa_max_s_df(DF_BYTE, pws->b[14], pwt->b[14]);
+pwd->b[15] = msa_max_s_df(DF_BYTE, pws->b[15], pwt->b[15]);
+}
+
+void helper_msa_max_s_h(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->h[0]  = msa_max_s_df(DF_HALF, pws->h[0],  pwt->h[0]);
+pwd->h[1]  = msa_max_s_df(DF_HALF, pws->h[1],  pwt->h[1]);
+pwd->h[2]  = msa_max_s_df(DF_HALF, pws->h[2],  pwt->h[2]);
+pwd->h[3]  = msa_max_s_df(DF_HALF, pws->h[3],  pwt->h[3]);
+pwd->h[4]  = msa_max_s_df(DF_HALF, pws->h[4],  pwt->h[4]);
+pwd->h[5]  = msa_max_s_df(DF_HALF, pws->h[5],  pwt->h[5]);
+pwd->h[6]  = msa_max_s_df(DF_HALF, pws->h[6],  pwt->h[6]);
+pwd->h[7]  = msa_max_s_df(DF_HALF, pws->h[7],  pwt->h[7]);
+}
+
+void 

[PATCH v5 00/10] target/mips: Misc cleanups for September/October 2019

[Aleksandar Markovic]

From: Aleksandar Markovic 

Mostly cosmetic changes.

v4->v5:

  - minor correction in patch on helper.c
  - added patches 9 and 10

v3->v4:

  - added patches 7 and 8

v2->v3:

  - removed all patches that were already integrated
  - patches 1 and 2 are improved from v2
  - added patches 3-6

v1->v2:

  - minor corrections to satisfy reviews
  - added several more patches

Aleksandar Markovic (10):
  target/mips: Clean up helper.c
  target/mips: Clean up op_helper.c
  MAINTAINERS: Update mail address of Aleksandar Rikalo
  target/mips: msa: Split helpers for _A.
  target/mips: msa: Split helpers for _.
  target/mips: msa: Split helpers for ILV.
  target/mips: msa: Split helpers for ADD<_A|S_A|S_S|S_U|V>.
  target/mips: msa: Split helpers for HADD_.
  target/mips: msa: Split helpers for S.
  target/mips: msa: Split helpers for PCK.

 .mailmap |5 +-
 MAINTAINERS  |   18 +-
 target/mips/helper.c |  123 +-
 target/mips/helper.h |  133 +-
 target/mips/msa_helper.c | 4244 +-
 target/mips/op_helper.c  | 1010 +++
 target/mips/translate.c  |  442 -
 7 files changed, 3966 insertions(+), 2009 deletions(-)

-- 
2.7.4

Re: qemu/powernv: coreboot support?

[Marty E. Plummer]

On Sun, Oct 20, 2019 at 08:51:47AM +0200, Cédric Le Goater wrote:
> On 20/10/2019 08:28, David Gibson wrote:
> > Ok.  Note that the qemu emulated machine doesn't model the hardware
> > right down to the level of hostboot.  That's wy we're just loading
> > skiboot and jumping straight into it usually.  I guess clg's stuff to
> > load pnor images gets us a little closer to the hardware behaviour,
> > but I think it's still only a rough approximation.
> 
Yeah, but its useful enough to see that my rough understanding of ppc64
assembly is more/less correct (using the hostboot/skiboot sources as a
reference [both are elfv1] to write coreboot [I'm using elfv2] is a bit
fun)
> It's really tied to the OpenPOWER firmwares using the HIOMAP protocol
> to discuss with the BMC and load the flash. We could loosen how QEMU 
> interprets the MTD device and use a property to inform QEMU that this
> is an OpenPOWER  PNOR file and that skiboot and can be loaded from it.
> Something to discuss.
> 
Yeah, it would be useful to be able to use a non-pnor mtd device but
still get the hiomap behavior, because that's what I'll be dealing with
on real hardware.
> 
> I have applied this small hack to load larger -bios files :
>  
> --- qemu-powernv-4.2.git.orig/hw/ppc/pnv.c
> +++ qemu-powernv-4.2.git/hw/ppc/pnv.c
> @@ -58,7 +58,7 @@
>  
>  #define FW_FILE_NAME"skiboot.lid"
>  #define FW_LOAD_ADDR0x0
> -#define FW_MAX_SIZE (4 * MiB)
> +#define FW_MAX_SIZE (64 * MiB)
>  
Yeah, I did a similar hack after I realized I only did this hack to
version 4.1.0 and not the powernv-4.2 git version.
>  #define KERNEL_LOAD_ADDR0x2000
>  #define KERNEL_MAX_SIZE (256 * MiB)
> 
> and coreboot.rom loads and boots and loops.
> 
> 
> You can use -d exec,in_asm to check what's going on.
> 
Ended up using -s -S and gdb'ing it. It loops because of endian issues
in the coreboot fmap implmentation. That needs to be fixed upstream.
> 
> C.

Re: [PATCH 0/2] Convert sparc devices to new ptimer API

[Mark Cave-Ayland]

On 17/10/2019 14:23, Peter Maydell wrote:

> This patchset converts the devices used by sparc machines to the new
> ptimer API.
> 
> Currently the ptimer design uses a QEMU bottom-half as its mechanism
> for calling back into the device model using the ptimer when the
> timer has expired.  Unfortunately this design is fatally flawed,
> because it means that there is a lag between the ptimer updating its
> own state and the device callback function updating device state, and
> guest accesses to device registers between the two can return
> inconsistent device state. This was reported as a bug in a specific
> timer device but it's a problem with the generic ptimer code:
> https://bugs.launchpad.net/qemu/+bug/177
> 
> The updates to the individual ptimer devices are straightforward:
> we need to add begin/commit calls around the various places that
> modify the ptimer state, and use the new ptimer_init() function
> to create the timer.
> 
> Testing has been 'make check', and a quick smoke test of a sparc
> linux boot image I had lying around, which obviously doesn't
> exercise the devices very much, so more specific testing would
> be appreciated. I'm happy for these patches to go in via the
> sparc tree if you want, or I can collect them up with the other
> ptimer-related changes I'm sending for other archs.
> 
> thanks
> --PMM

I've given these patches a spin on my OpenBIOS test images and I don't see any
obvious regressions, so for the sun4m (slavio) part:

Tested-by: Mark Cave-Ayland 

Frederic, are you able to make sure that the leon3 parts don't cause any 
problems?
Currently I don't have any outstanding SPARC patches, so if you want to include 
them
in a ptimer-related PR then that's fine with me.


ATB,

Mark.

Re: [PATCH v2] yield_until_fd_readable: make it work with any AioContect

[no-reply]

Patchew URL: https://patchew.org/QEMU/20191020144750.1176-1-diet...@proxmox.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PATCH v2] yield_until_fd_readable: make it work with any AioContect
Type: series
Message-id: 20191020144750.1176-1-diet...@proxmox.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Switched to a new branch 'test'
5dabe8a yield_until_fd_readable: make it work with any AioContect

=== OUTPUT BEGIN ===
ERROR: line over 90 characters
#41: FILE: util/qemu-coroutine-io.c:73:
+aio_set_fd_handler(ctx, fd, false, (void (*)(void *))qemu_coroutine_enter, 
NULL, NULL, qemu_coroutine_self());

total: 1 errors, 0 warnings, 28 lines checked

Commit 5dabe8a02051 (yield_until_fd_readable: make it work with any AioContect) 
has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20191020144750.1176-1-diet...@proxmox.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[PATCH v2] yield_until_fd_readable: make it work with any AioContect

[Dietmar Maurer]

Simply use qemu_get_current_aio_context().

Signed-off-by: Dietmar Maurer 
---

Changelog for v2:

- use correct read handler in aio_set_fd_handler (instead of write handler)

 util/qemu-coroutine-io.c | 20 +++-
 1 file changed, 3 insertions(+), 17 deletions(-)

diff --git a/util/qemu-coroutine-io.c b/util/qemu-coroutine-io.c
index 44a8969a69..cb39b5ebdc 100644
--- a/util/qemu-coroutine-io.c
+++ b/util/qemu-coroutine-io.c
@@ -66,25 +66,11 @@ qemu_co_send_recv(int sockfd, void *buf, size_t bytes, bool 
do_send)
 return qemu_co_sendv_recvv(sockfd, , 1, 0, bytes, do_send);
 }
 
-typedef struct {
-Coroutine *co;
-int fd;
-} FDYieldUntilData;
-
-static void fd_coroutine_enter(void *opaque)
-{
-FDYieldUntilData *data = opaque;
-qemu_set_fd_handler(data->fd, NULL, NULL, NULL);
-qemu_coroutine_enter(data->co);
-}
-
 void coroutine_fn yield_until_fd_readable(int fd)
 {
-FDYieldUntilData data;
-
 assert(qemu_in_coroutine());
-data.co = qemu_coroutine_self();
-data.fd = fd;
-qemu_set_fd_handler(fd, fd_coroutine_enter, NULL, );
+AioContext *ctx = qemu_get_current_aio_context();
+aio_set_fd_handler(ctx, fd, false, (void (*)(void *))qemu_coroutine_enter, 
NULL, NULL, qemu_coroutine_self());
 qemu_coroutine_yield();
+aio_set_fd_handler(ctx, fd, false, NULL, NULL, NULL, NULL);
 }
-- 
2.20.1

Re: [PATCH 0/3] eliminate remaining places that abuse memory_region_allocate_system_memory()

[Philippe Mathieu-Daudé]

Ping?

On Fri, Oct 11, 2019 at 5:23 PM Igor Mammedov  wrote:
> On Thu, 10 Oct 2019 19:35:03 +0200
> Igor Mammedov  wrote:
>
> Forgot to actually CC Eduardo,
>
> > On Tue,  8 Oct 2019 07:33:15 -0400
> > Igor Mammedov  wrote:
> ...
> > Eduardo,
> >
> > This patches are fixing various machines across tree, so series does not 
> > belong
> > to any particular arch specific tree, can you merge it via generic machine 
> > tree?
>
>
> > >
> > >
> > > Igor Mammedov (3):
> > >   sparc64: use memory_region_allocate_system_memory() only for '-m'
> > > specified RAM
> > >   ppc: rs6000_mc: drop usage of memory_region_allocate_system_memory()
> > >   hppa: drop usage of memory_region_allocate_system_memory() for ROM
> > >
> > >  hw/hppa/machine.c|  5 ++---
> > >  hw/ppc/rs6000_mc.c   | 15 ++-
> > >  hw/sparc64/niagara.c | 25 +
> > >  3 files changed, 25 insertions(+), 20 deletions(-)
> > >

Re: [PATCH ] yield_until_fd_readable: make it work with any AioContect

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20191020135628.16255-1-diet...@proxmox.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PATCH ] yield_until_fd_readable: make it work with any AioContect
Type: series
Message-id: 20191020135628.16255-1-diet...@proxmox.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
ead4b5f yield_until_fd_readable: make it work with any AioContect

=== OUTPUT BEGIN ===
ERROR: line over 90 characters
#41: FILE: util/qemu-coroutine-io.c:73:
+aio_set_fd_handler(ctx, fd, false, NULL, (void (*)(void 
*))qemu_coroutine_enter, NULL, qemu_coroutine_self());

total: 1 errors, 0 warnings, 28 lines checked

Commit ead4b5fc8173 (yield_until_fd_readable: make it work with any AioContect) 
has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20191020135628.16255-1-diet...@proxmox.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[Bug 1846427] Re: 4.1.0: qcow2 corruption on savevm/quit/loadvm cycle

[Simon John]

Not sure if i have exactly the same problem, as my qcow2 corruption
seems to be limited to windows10 guests - win2019 and debian10 guests
with the same virtio-scsi setup are fine (as are various virtio-blk or
ide/sata images from linux/solaris/macos guests).

I find that i randomly have disk image corruption from little more than
boot/shutdown cycles - no heavy usage or anything is required. "qemu-img
check -r all" usually makes things worse, as does chkdsk.

host filesystem is an ssd with ext4 on top of luks, discard not used
(fstrim.timer instead) with features: has_journal ext_attr resize_inode
dir_index filetype needs_recovery extent 64bit flex_bg sparse_super
large_file huge_file dir_nlink extra_isize metadata_csum

Reported to redhat as assumed it was a virtio-win bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1762944 - includes virt-
install method to reproduce my test vm's (i don't use qemu directly).

Host is debian sid running qemu version 4.1.0 (Debian 1:4.1-1+b3),
libvirt 5.6.0-2, kernel 5.2.0-3 (5.2.17-1)

** Bug watch added: Red Hat Bugzilla #1762944
   https://bugzilla.redhat.com/show_bug.cgi?id=1762944

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1846427

Title:
  4.1.0: qcow2 corruption on savevm/quit/loadvm cycle

Status in QEMU:
  New

Bug description:
  I'm seeing massive corruption of qcow2 images with qemu 4.1.0 and git
  master as of 7f21573c822805a8e6be379d9bcf3ad9effef3dc after a few
  savevm/quit/loadvm cycles. I've narrowed it down to the following
  reproducer (further notes below):

  # qemu-img check debian.qcow2
  No errors were found on the image.
  251601/327680 = 76.78% allocated, 1.63% fragmented, 0.00% compressed clusters
  Image end offset: 18340446208
  # bin/qemu/bin/qemu-system-x86_64 -machine pc-q35-4.0.1,accel=kvm -m 4096 
-chardev stdio,id=charmonitor -mon chardev=charmonitor -drive 
file=debian.qcow2,id=d -S
  qemu-system-x86_64: warning: dbind: Couldn't register with accessibility bus: 
Did not receive a reply. Possible causes include: the remote application did 
not send a reply, the message bus security policy blocked the reply, the reply 
timeout expired, or the network connection was broken.
  QEMU 4.1.50 monitor - type 'help' for more information
  (qemu) loadvm foo
  (qemu) c
  (qemu) qcow2_free_clusters failed: Invalid argument
  qcow2_free_clusters failed: Invalid argument
  qcow2_free_clusters failed: Invalid argument
  qcow2_free_clusters failed: Invalid argument
  quit
  [m@nargothrond:~] qemu-img check debian.qcow2
  Leaked cluster 85179 refcount=2 reference=1
  Leaked cluster 85180 refcount=2 reference=1
  ERROR cluster 266150 refcount=0 reference=2
  [...]
  ERROR OFLAG_COPIED data cluster: l2_entry=42284 refcount=1

  9493 errors were found on the image.
  Data may be corrupted, or further writes to the image may corrupt it.

  2 leaked clusters were found on the image.
  This means waste of disk space, but no harm to data.
  259266/327680 = 79.12% allocated, 1.67% fragmented, 0.00% compressed clusters
  Image end offset: 18340446208

  This is on a x86_64 Linux 5.3.1 Gentoo host with qemu-system-x86_64
  and accel=kvm. The compiler is gcc-9.2.0 with the rest of the system
  similarly current.

  Reproduced with qemu-4.1.0 from distribution package as well as
  vanilla git checkout of tag v4.1.0 and commit
  7f21573c822805a8e6be379d9bcf3ad9effef3dc (today's master). Does not
  happen with qemu compiled from vanilla checkout of tag v4.0.0. Build
  sequence:

  ./configure --prefix=$HOME/bin/qemu-bisect --target-list=x86_64-softmmu 
--disable-werror --disable-docs
  [...]
  CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g
  [...] (can provide full configure output if helpful)
  make -j8 install

  The kind of guest OS does not matter: seen with Debian testing 64bit,
  Windows 7 x86/x64 BIOS and Windows 7 x64 EFI.

  The virtual storage controller does not seem to matter: seen with
  VirtIO SCSI, emulated SCSI and emulated SATA AHCI.

  Caching modes (none, directsync, writeback), aio mode (threads,
  native) or discard (ignore, unmap) or detect-zeroes (off, unmap) does
  not influence occurence either.

  Having more RAM in the guest seems to increase odds of corruption:
  With 512MB to the Debian guest problem hardly occurs at all, with 4GB
  RAM it happens almost instantly.

  An automated reproducer works as follows:

  - the guest *does* mount its root fs and swap with option discard and
  my testing leaves me with the impression that file deletion rather
  than reading is causing the issue

  - foo is a snapshot of the running Debian VM which is already running
  command

  # while true ; do dd if=/dev/zero of=foo bs=10240k count=400 ; done

  to produce some I/O to the disk (4GB file with 4GB of RAM).

  - on the host a loop continuously resumes and saves the guest state
  and quits qemu inbetween:

  # while true ; do (echo 

Re: [PATCH v3 3/9] tests/acceptance: Send on serial lines

[Philippe Mathieu-Daudé]

Cc'ing Paolo/Samuel/Marc-André

On 10/20/19 12:09 PM, David Gibson wrote:

On Thu, Oct 17, 2019 at 06:52:33PM +0200, Philippe Mathieu-Daudé wrote:

Some firmwares don't parse the  control character and
expect a .

Signed-off-by: Philippe Mathieu-Daudé 
---
  tests/acceptance/boot_linux_console.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index 9ff2213874..bf9861296a 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -30,7 +30,7 @@ class BootLinuxConsole(Test):
  KERNEL_COMMON_COMMAND_LINE = 'printk.time=0 '
  
  def exec_command_and_wait_for_pattern(self, command, success_message):

-command += '\n'
+command += '\r\n'


I'm actually wondering if '\r' alone is really what we should be using
here.  Isn't that usually the character that actually pressing the
Enter key generates (on an old school tty)?  IIRC it's the thing on
the other side of the console that echoes back a \r and \n in order to
reposition the cursor on the next line.


Our current tests mostly target Linux/*BSD.
When I started testing U-boot/VxWorks images, I noticed the tests were 
stuck, why testing manually it was working, then this patch solved my issue.
I haven't checked the source but think the readline() implementation of 
these do strchr('\r') instead of strchr('\n') to match a newline?


So input sending Cartridge Return makes more sense here...

I tested with:

-- >8 --
 def exec_command_and_wait_for_pattern(self, command, success_message):
-command += '\n'
+command += '\r'
 self.vm.console_socket.sendall(command.encode())
 self.wait_for_console_pattern(success_message)
---

And everything works fine, so we don't need to send the New Line char :)

Thanks for helping me figure this out!
I'll wait if there are other comments then respin.

Regards,

Phil.


  self.vm.console_socket.sendall(command.encode())
  wait_for_console_pattern(self, success_message)
  

[PATCH ] yield_until_fd_readable: make it work with any AioContect

[Dietmar Maurer]

Simply use qemu_get_current_aio_context().

Signed-off-by: Dietmar Maurer 
---
 util/qemu-coroutine-io.c | 20 +++-
 1 file changed, 3 insertions(+), 17 deletions(-)

diff --git a/util/qemu-coroutine-io.c b/util/qemu-coroutine-io.c
index 44a8969a69..2938c5420c 100644
--- a/util/qemu-coroutine-io.c
+++ b/util/qemu-coroutine-io.c
@@ -66,25 +66,11 @@ qemu_co_send_recv(int sockfd, void *buf, size_t bytes, bool 
do_send)
 return qemu_co_sendv_recvv(sockfd, , 1, 0, bytes, do_send);
 }
 
-typedef struct {
-Coroutine *co;
-int fd;
-} FDYieldUntilData;
-
-static void fd_coroutine_enter(void *opaque)
-{
-FDYieldUntilData *data = opaque;
-qemu_set_fd_handler(data->fd, NULL, NULL, NULL);
-qemu_coroutine_enter(data->co);
-}
-
 void coroutine_fn yield_until_fd_readable(int fd)
 {
-FDYieldUntilData data;
-
 assert(qemu_in_coroutine());
-data.co = qemu_coroutine_self();
-data.fd = fd;
-qemu_set_fd_handler(fd, fd_coroutine_enter, NULL, );
+AioContext *ctx = qemu_get_current_aio_context();
+aio_set_fd_handler(ctx, fd, false, NULL, (void (*)(void 
*))qemu_coroutine_enter, NULL, qemu_coroutine_self());
 qemu_coroutine_yield();
+aio_set_fd_handler(ctx, fd, false, NULL, NULL, NULL, NULL);
 }
-- 
2.20.1

Re: [PATCH v13 00/12] Build ACPI Heterogeneous Memory Attribute Table (HMAT)

[no-reply]

Patchew URL: https://patchew.org/QEMU/2019102025.27659-1-tao3...@intel.com/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

Looking for expected file 'tests/data/acpi/pc/SRAT.acpihmat'
Looking for expected file 'tests/data/acpi/pc/SRAT'
**
ERROR:/tmp/qemu-test/src/tests/bios-tables-test.c:354:load_expected_aml: 
assertion failed: (exp_sdt.aml_file)
ERROR - Bail out! 
ERROR:/tmp/qemu-test/src/tests/bios-tables-test.c:354:load_expected_aml: 
assertion failed: (exp_sdt.aml_file)
make: *** [check-qtest-x86_64] Error 1
make: *** Waiting for unfinished jobs
  TESTiotest-qcow2: 035
  TESTiotest-qcow2: 036
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=086575f112be4f06b5b6628ea1ada77d', '-u', 
'1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-ug9vqabf/src/docker-src.2019-10-20-09.09.36.21970:/var/tmp/qemu:z,ro',
 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=086575f112be4f06b5b6628ea1ada77d
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-ug9vqabf/src'
make: *** [docker-run-test-quick@centos7] Error 2

real10m16.781s
user0m8.561s


The full log is available at
http://patchew.org/logs/2019102025.27659-1-tao3...@intel.com/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PATCH v13 00/12] Build ACPI Heterogeneous Memory Attribute Table (HMAT)

[no-reply]

Patchew URL: https://patchew.org/QEMU/2019102025.27659-1-tao3...@intel.com/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

Looking for expected file 'tests/data/acpi/pc/SRAT.acpihmat'
Looking for expected file 'tests/data/acpi/pc/SRAT'
**
ERROR:/tmp/qemu-test/src/tests/bios-tables-test.c:354:load_expected_aml: 
assertion failed: (exp_sdt.aml_file)
ERROR - Bail out! 
ERROR:/tmp/qemu-test/src/tests/bios-tables-test.c:354:load_expected_aml: 
assertion failed: (exp_sdt.aml_file)
make: *** [check-qtest-x86_64] Error 1
make: *** Waiting for unfinished jobs
  TESTiotest-qcow2: 035
  TESTcheck-unit: tests/test-bufferiszero
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=333528b3def44bedb7868163d167de8a', '-u', 
'1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-83x7cpec/src/docker-src.2019-10-20-08.46.30.16537:/var/tmp/qemu:z,ro',
 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=333528b3def44bedb7868163d167de8a
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-83x7cpec/src'
make: *** [docker-run-test-quick@centos7] Error 2

real10m40.886s
user0m8.703s


The full log is available at
http://patchew.org/logs/2019102025.27659-1-tao3...@intel.com/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[Bug 1749223] Re: mouse offset or invisible wall 2.11.0-3

[roland via]

It sounds like I have the same problem.

There is a virtual wall where the mouse cursor goes from the guest window to 
the host desktop.
This virtual wall/cut off point is consistent.
Moving the mouse faster seems to break through this wall and puts the wall at a 
different place.

For me this happens on a host with ubuntu 19.10 with wayland.
I don't have the issue on ubuntu 19.10 with X.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749223

Title:
  mouse offset or invisible wall 2.11.0-3

Status in QEMU:
  New

Bug description:
  (There was another post, I'm not sure if it is related though. Also
  not sure if it's Arch related, I wouldn't be surprised as I normally
  use Gentoo and have less problems with Gentoo.)

  
  qemu-system-x86_64 -enable-kvm -M q35 -cpu host -m 8192 -vga vmware -smp 
4,sockets=1,cores=4,threads=1 -drive file=/path/to/my.img,if=virtio -soundhw 
ac97 -usb -monitor unix:/tmp/qemu-mon,server,nowait -usb --usbdevice 
host:: -device vfio-pci,host=00:00.0 -alt-grab &


  When I grab the mouse in/out of the VM I tend to get an "invisible wall" half 
of the time.
  I can push past if I fling the mouse through it but not if I slowly keep 
moving down.

  The direction always seems to be down when I hit a wall (so a Y offset? 
maybe?)
  This has been happening since at least version 2.10.

  Not sure if "-alt-grab" has anything to do with it, that'd be my first
  guess.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749223/+subscriptions

Re: [PATCH v13 00/12] Build ACPI Heterogeneous Memory Attribute Table (HMAT)

[no-reply]

Patchew URL: https://patchew.org/QEMU/2019102025.27659-1-tao3...@intel.com/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

Looking for expected file 'tests/data/acpi/pc/SRAT.acpihmat'
Looking for expected file 'tests/data/acpi/pc/SRAT'
**
ERROR:/tmp/qemu-test/src/tests/bios-tables-test.c:354:load_expected_aml: 
assertion failed: (exp_sdt.aml_file)
ERROR - Bail out! 
ERROR:/tmp/qemu-test/src/tests/bios-tables-test.c:354:load_expected_aml: 
assertion failed: (exp_sdt.aml_file)
make: *** [check-qtest-x86_64] Error 1
make: *** Waiting for unfinished jobs
  TESTiotest-qcow2: 036
  TESTiotest-qcow2: 037
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=1a622dbdc82341f49970cd92203d9bcd', '-u', 
'1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-6i8n4o9m/src/docker-src.2019-10-20-08.03.22.16115:/var/tmp/qemu:z,ro',
 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=1a622dbdc82341f49970cd92203d9bcd
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-6i8n4o9m/src'
make: *** [docker-run-test-quick@centos7] Error 2

real9m56.614s
user0m6.591s


The full log is available at
http://patchew.org/logs/2019102025.27659-1-tao3...@intel.com/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PATCH v13 00/12] Build ACPI Heterogeneous Memory Attribute Table (HMAT)

[no-reply]

Patchew URL: https://patchew.org/QEMU/2019102025.27659-1-tao3...@intel.com/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

Looking for expected file 'tests/data/acpi/pc/SRAT.acpihmat'
Looking for expected file 'tests/data/acpi/pc/SRAT'
**
ERROR:/tmp/qemu-test/src/tests/bios-tables-test.c:354:load_expected_aml: 
assertion failed: (exp_sdt.aml_file)
ERROR - Bail out! 
ERROR:/tmp/qemu-test/src/tests/bios-tables-test.c:354:load_expected_aml: 
assertion failed: (exp_sdt.aml_file)
make: *** [check-qtest-x86_64] Error 1
make: *** Waiting for unfinished jobs
  TESTiotest-qcow2: 025
  TESTiotest-qcow2: 027
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=d317dcfdadb14357ab4e6e456e466c28', '-u', 
'1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-jvsh36ab/src/docker-src.2019-10-20-07.31.22.24116:/var/tmp/qemu:z,ro',
 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=d317dcfdadb14357ab4e6e456e466c28
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-jvsh36ab/src'
make: *** [docker-run-test-quick@centos7] Error 2

real12m1.295s
user0m8.390s


The full log is available at
http://patchew.org/logs/2019102025.27659-1-tao3...@intel.com/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[PATCH v13 10/12] hmat acpi: Build System Locality Latency and Bandwidth Information Structure(s)

[Tao Xu]

From: Liu Jingqi 

This structure describes the memory access latency and bandwidth
information from various memory access initiator proximity domains.
The latency and bandwidth numbers represented in this structure
correspond to rated latency and bandwidth for the platform.
The software could use this information as hint for optimization.

Signed-off-by: Liu Jingqi 
Signed-off-by: Tao Xu 
---

Changes in v13:
- Calculate the entries in a new patch.
---
 hw/acpi/hmat.c | 96 +-
 1 file changed, 95 insertions(+), 1 deletion(-)

diff --git a/hw/acpi/hmat.c b/hw/acpi/hmat.c
index c595098ba7..6ec1310e62 100644
--- a/hw/acpi/hmat.c
+++ b/hw/acpi/hmat.c
@@ -27,6 +27,7 @@
 #include "qemu/osdep.h"
 #include "sysemu/numa.h"
 #include "hw/acpi/hmat.h"
+#include "qemu/error-report.h"
 
 /*
  * ACPI 6.3:
@@ -67,11 +68,81 @@ static void build_hmat_mpda(GArray *table_data, uint16_t 
flags,
 build_append_int_noprefix(table_data, 0, 8);
 }
 
+/*
+ * ACPI 6.3: 5.2.27.4 System Locality Latency and Bandwidth Information
+ * Structure: Table 5-146
+ */
+static void build_hmat_lb(GArray *table_data, HMAT_LB_Info *hmat_lb,
+  uint32_t num_initiator, uint32_t num_target,
+  uint32_t *initiator_list)
+{
+int i;
+uint16_t *lb_data;
+uint32_t base;
+/*
+ * Length in bytes for entire structure, including 32 bytes of
+ * fixed length, length of initiator proximity domain list,
+ * length of target proximity domain list and length of entries
+ * provides latency/bandwidth values.
+ */
+uint32_t lb_length = 32 + 4 * num_initiator + 4 * num_target +
+  2 * num_initiator * num_target;
+
+/* Type */
+build_append_int_noprefix(table_data, 1, 2);
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 2);
+/* Length */
+build_append_int_noprefix(table_data, lb_length, 4);
+/* Flags: Bits [3:0] Memory Hierarchy, Bits[7:4] Reserved */
+assert(!(hmat_lb->hierarchy >> 4));
+build_append_int_noprefix(table_data, hmat_lb->hierarchy, 1);
+/* Data Type */
+build_append_int_noprefix(table_data, hmat_lb->data_type, 1);
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 2);
+/* Number of Initiator Proximity Domains (s) */
+build_append_int_noprefix(table_data, num_initiator, 4);
+/* Number of Target Proximity Domains (t) */
+build_append_int_noprefix(table_data, num_target, 4);
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 4);
+
+if (hmat_lb->data_type <= HMAT_LB_DATA_WRITE_LATENCY) {
+base = hmat_lb->base_latency;
+lb_data = hmat_lb->entry_latency;
+} else {
+base = hmat_lb->base_bandwidth;
+lb_data = hmat_lb->entry_bandwidth;
+}
+
+/* Entry Base Unit */
+build_append_int_noprefix(table_data, base, 8);
+
+/* Initiator Proximity Domain List */
+for (i = 0; i < num_initiator; i++) {
+build_append_int_noprefix(table_data, initiator_list[i], 4);
+}
+
+/* Target Proximity Domain List */
+for (i = 0; i < num_target; i++) {
+build_append_int_noprefix(table_data, i, 4);
+}
+
+/* Latency or Bandwidth Entries */
+for (i = 0; i < num_initiator * num_target; i++) {
+build_append_int_noprefix(table_data, lb_data[i], 2);
+}
+}
+
 /* Build HMAT sub table structures */
 static void hmat_build_table_structs(GArray *table_data, NumaState *numa_state)
 {
 uint16_t flags;
-int i;
+uint32_t num_initiator = 0;
+uint32_t initiator_list[MAX_NODES];
+int i, hierarchy, type;
+HMAT_LB_Info *hmat_lb;
 
 for (i = 0; i < numa_state->num_nodes; i++) {
 flags = 0;
@@ -82,6 +153,29 @@ static void hmat_build_table_structs(GArray *table_data, 
NumaState *numa_state)
 
 build_hmat_mpda(table_data, flags, numa_state->nodes[i].initiator, i);
 }
+
+for (i = 0; i < numa_state->num_nodes; i++) {
+if (numa_state->nodes[i].has_cpu) {
+initiator_list[num_initiator++] = i;
+}
+}
+
+/*
+ * ACPI 6.3: 5.2.27.4 System Locality Latency and Bandwidth Information
+ * Structure: Table 5-146
+ */
+for (hierarchy = HMAT_LB_MEM_MEMORY;
+ hierarchy <= HMAT_LB_MEM_CACHE_3RD_LEVEL; hierarchy++) {
+for (type = HMAT_LB_DATA_ACCESS_LATENCY;
+ type <= HMAT_LB_DATA_WRITE_BANDWIDTH; type++) {
+hmat_lb = numa_state->hmat_lb[hierarchy][type];
+
+if (hmat_lb) {
+build_hmat_lb(table_data, hmat_lb, num_initiator,
+  numa_state->num_nodes, initiator_list);
+}
+}
+}
 }
 
 void build_hmat(GArray *table_data, BIOSLinker *linker, NumaState *numa_state)
-- 
2.20.1

[PATCH v13 11/12] hmat acpi: Build Memory Side Cache Information Structure(s)

[Tao Xu]

From: Liu Jingqi 

This structure describes memory side cache information for memory
proximity domains if the memory side cache is present and the
physical device forms the memory side cache.
The software could use this information to effectively place
the data in memory to maximize the performance of the system
memory that use the memory side cache.

Reviewed-by: Daniel Black 
Reviewed-by: Jonathan Cameron 
Signed-off-by: Liu Jingqi 
Signed-off-by: Tao Xu 
---

Changes in v13:
- rename level as cache_level
---
 hw/acpi/hmat.c | 72 +-
 1 file changed, 71 insertions(+), 1 deletion(-)

diff --git a/hw/acpi/hmat.c b/hw/acpi/hmat.c
index 6ec1310e62..931aa60678 100644
--- a/hw/acpi/hmat.c
+++ b/hw/acpi/hmat.c
@@ -135,14 +135,63 @@ static void build_hmat_lb(GArray *table_data, 
HMAT_LB_Info *hmat_lb,
 }
 }
 
+/* ACPI 6.3: 5.2.27.5 Memory Side Cache Information Structure: Table 5-147 */
+static void build_hmat_cache(GArray *table_data, HMAT_Cache_Info *hmat_cache)
+{
+/*
+ * Cache Attributes: Bits [3:0] – Total Cache Levels
+ * for this Memory Proximity Domain
+ */
+uint32_t cache_attr = hmat_cache->total_levels & 0xF;
+
+/* Bits [7:4] : Cache Level described in this structure */
+cache_attr |= (hmat_cache->level & 0xF) << 4;
+
+/* Bits [11:8] - Cache Associativity */
+cache_attr |= (hmat_cache->associativity & 0x7) << 8;
+
+/* Bits [15:12] - Write Policy */
+cache_attr |= (hmat_cache->write_policy & 0x7) << 12;
+
+/* Bits [31:16] - Cache Line size in bytes */
+cache_attr |= (hmat_cache->line_size & 0x) << 16;
+
+cache_attr = cpu_to_le32(cache_attr);
+
+/* Type */
+build_append_int_noprefix(table_data, 2, 2);
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 2);
+/* Length */
+build_append_int_noprefix(table_data, 32, 4);
+/* Proximity Domain for the Memory */
+build_append_int_noprefix(table_data, hmat_cache->proximity, 4);
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 4);
+/* Memory Side Cache Size */
+build_append_int_noprefix(table_data, hmat_cache->size, 8);
+/* Cache Attributes */
+build_append_int_noprefix(table_data, cache_attr, 4);
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 2);
+/*
+ * Number of SMBIOS handles (n)
+ * Linux kernel uses Memory Side Cache Information Structure
+ * without SMBIOS entries for now, so set Number of SMBIOS handles
+ * as 0.
+ */
+build_append_int_noprefix(table_data, 0, 2);
+}
+
 /* Build HMAT sub table structures */
 static void hmat_build_table_structs(GArray *table_data, NumaState *numa_state)
 {
 uint16_t flags;
 uint32_t num_initiator = 0;
 uint32_t initiator_list[MAX_NODES];
-int i, hierarchy, type;
+int i, hierarchy, type, cache_level, total_levels;
 HMAT_LB_Info *hmat_lb;
+HMAT_Cache_Info *hmat_cache;
 
 for (i = 0; i < numa_state->num_nodes; i++) {
 flags = 0;
@@ -176,6 +225,27 @@ static void hmat_build_table_structs(GArray *table_data, 
NumaState *numa_state)
 }
 }
 }
+
+/*
+ * ACPI 6.3: 5.2.27.5 Memory Side Cache Information Structure:
+ * Table 5-147
+ */
+for (i = 0; i < numa_state->num_nodes; i++) {
+total_levels = 0;
+for (cache_level = 1; cache_level <= MAX_HMAT_CACHE_LEVEL;
+ cache_level++) {
+if (numa_state->hmat_cache[i][cache_level]) {
+total_levels++;
+}
+}
+for (cache_level = 0; cache_level <= total_levels; cache_level++) {
+hmat_cache = numa_state->hmat_cache[i][cache_level];
+if (hmat_cache) {
+hmat_cache->total_levels = total_levels;
+build_hmat_cache(table_data, hmat_cache);
+}
+}
+}
 }
 
 void build_hmat(GArray *table_data, BIOSLinker *linker, NumaState *numa_state)
-- 
2.20.1

[PATCH v13 06/12] numa: Extend CLI to provide memory latency and bandwidth information

[Tao Xu]

From: Liu Jingqi 

Add -numa hmat-lb option to provide System Locality Latency and
Bandwidth Information. These memory attributes help to build
System Locality Latency and Bandwidth Information Structure(s)
in ACPI Heterogeneous Memory Attribute Table (HMAT).

Signed-off-by: Liu Jingqi 
Signed-off-by: Tao Xu 
---

Changes in v13:
- Reuse Garray to store the raw bandwidth and bandwidth data
- Calculate common base unit using range bitmap (Igor)
---
 hw/core/numa.c| 127 ++
 include/sysemu/numa.h |  68 ++
 qapi/machine.json |  95 ++-
 qemu-options.hx   |  49 +++-
 4 files changed, 336 insertions(+), 3 deletions(-)

diff --git a/hw/core/numa.c b/hw/core/numa.c
index eba66ab768..3cf77f6ac9 100644
--- a/hw/core/numa.c
+++ b/hw/core/numa.c
@@ -23,6 +23,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/units.h"
 #include "sysemu/hostmem.h"
 #include "sysemu/numa.h"
 #include "sysemu/sysemu.h"
@@ -198,6 +199,119 @@ void parse_numa_distance(MachineState *ms, 
NumaDistOptions *dist, Error **errp)
 ms->numa_state->have_numa_distance = true;
 }
 
+void parse_numa_hmat_lb(NumaState *numa_state, NumaHmatLBOptions *node,
+Error **errp)
+{
+int first_bit, last_bit;
+uint64_t temp_latency;
+NodeInfo *numa_info = numa_state->nodes;
+HMAT_LB_Info *hmat_lb =
+numa_state->hmat_lb[node->hierarchy][node->data_type];
+HMAT_LB_Data lb_data;
+
+/* Error checking */
+if (node->initiator >= numa_state->num_nodes) {
+error_setg(errp, "Invalid initiator=%d, it should be less than %d.",
+   node->initiator, numa_state->num_nodes);
+return;
+}
+if (node->target >= numa_state->num_nodes) {
+error_setg(errp, "Invalid target=%d, it should be less than %d.",
+   node->target, numa_state->num_nodes);
+return;
+}
+if (!numa_info[node->initiator].has_cpu) {
+error_setg(errp, "Invalid initiator=%d, it isn't an "
+   "initiator proximity domain.", node->initiator);
+return;
+}
+if (!numa_info[node->target].present) {
+error_setg(errp, "Invalid target=%d, it hasn't a valid NUMA node.",
+   node->target);
+return;
+}
+
+if (!hmat_lb) {
+hmat_lb = g_malloc0(sizeof(*hmat_lb));
+numa_state->hmat_lb[node->hierarchy][node->data_type] = hmat_lb;
+hmat_lb->latency = g_array_new(false, true, sizeof(HMAT_LB_Data));
+hmat_lb->bandwidth = g_array_new(false, true, sizeof(HMAT_LB_Data));
+}
+hmat_lb->hierarchy = node->hierarchy;
+hmat_lb->data_type = node->data_type;
+lb_data.initiator = node->initiator;
+lb_data.target = node->target;
+
+/* Input latency data */
+if (node->data_type <= HMATLB_DATA_TYPE_WRITE_LATENCY) {
+if (!node->has_latency) {
+error_setg(errp, "Missing 'latency' option.");
+return;
+}
+if (node->has_bandwidth) {
+error_setg(errp, "Invalid option 'bandwidth' since "
+   "the data type is latency.");
+return;
+}
+
+temp_latency = node->latency;
+hmat_lb->base_latency = 1;
+while (QEMU_IS_ALIGNED(temp_latency, 10)) {
+temp_latency /= 10;
+hmat_lb->base_latency *= 10;
+}
+
+if (temp_latency >= UINT64_MAX) {
+error_setg(errp, "Latency %" PRIu64 " between initiator=%d and "
+   "target=%d should not differ from previously entered "
+   "values on more than %d.", node->latency,
+   node->initiator, node->target, UINT16_MAX - 1);
+return;
+}
+if (temp_latency > hmat_lb->range_left_la) {
+hmat_lb->range_left_la = temp_latency;
+}
+
+lb_data.rawdata = node->latency;
+g_array_append_val(hmat_lb->latency, lb_data);
+}
+
+/* Input bandwidth data */
+if (node->data_type >= HMATLB_DATA_TYPE_ACCESS_BANDWIDTH) {
+if (!node->has_bandwidth) {
+error_setg(errp, "Missing 'bandwidth' option.");
+return;
+}
+if (node->has_latency) {
+error_setg(errp, "Invalid option 'latency' since "
+   "the data type is bandwidth.");
+return;
+}
+if (!QEMU_IS_ALIGNED(node->bandwidth, MiB)) {
+error_setg(errp, "Bandwidth %" PRIu64 " between initiator=%d and "
+   "target=%d should be 1MB aligned.", node->bandwidth,
+   node->initiator, node->target);
+return;
+}
+
+hmat_lb->range_bitmap_bw |= node->bandwidth;
+
+first_bit = __builtin_ffs(hmat_lb->range_bitmap_bw);
+last_bit = __builtin_ctz(hmat_lb->range_bitmap_bw);
+if ((last_bit - first_bit) > UINT16_BITS) {
+ 

[PATCH v13 00/12] Build ACPI Heterogeneous Memory Attribute Table (HMAT)

[Tao Xu]

This series of patches will build Heterogeneous Memory Attribute Table (HMAT)
according to the command line. The ACPI HMAT describes the memory attributes,
such as memory side cache attributes and bandwidth and latency details,
related to the Memory Proximity Domain.
The software is expected to use HMAT information as hint for optimization.

In the linux kernel, the codes in drivers/acpi/hmat/hmat.c parse and report
the platform's HMAT tables.

The V12 patches link:
https://patchwork.kernel.org/cover/11153861/

Changelog:
v13:
- Modify some text description
- Drop "initiator_valid" field in struct NodeInfo
- Reuse Garray to store the raw bandwidth and bandwidth data
- Calculate common base unit using range bitmap
- Add a patch to alculate hmat latency and bandwidth entry list
- Drop the total_levels option and use readable cache size
- Remove the unnecessary head file
- Use decimal notation with appropriate suffix for cache size
v12:
- Fix a bug that a memory-only node without initiator setting
  doesn't report error. (reported by Danmei Wei)
- Fix a bug that if HMAT is enabled and without hmat-lb setting,
  QEMU will crash. (reported by Danmei Wei)
v11:
- Move numa option patches forward.
- Add num_initiator in Numa_state to record the number of
initiators.
- Simplify struct HMAT_LB_Info, use uint64_t array to store data.
- Drop hmat_get_base().
- Calculate base in build_hmat_lb().
v10:
- Add qemu_strtotime_ps() to convert strings with time suffixes
to numbers, and add some tests for it.
- Add qapi buildin type time, and add some tests for it.
- Add machine oprion properties "-machine hmat=on|off" for
  enabling or disabling HMAT in QEMU.
v9:
- change the CLI input way, make it more user firendly (Daniel Black)
use latency=NUM[p|n|u]s and bandwidth=NUM[M|G|P](B/s) as input and drop
the base-lat and base-bw input.
Liu Jingqi (5):
  numa: Extend CLI to provide memory latency and bandwidth information
  numa: Extend CLI to provide memory side cache information
  hmat acpi: Build Memory Proximity Domain Attributes Structure(s)
  hmat acpi: Build System Locality Latency and Bandwidth Information
Structure(s)
  hmat acpi: Build Memory Side Cache Information Structure(s)

Tao Xu (7):
  util/cutils: Add qemu_strtotime_ps()
  tests/cutils: Add test for qemu_strtotime_ps()
  qapi: Add builtin type time
  tests: Add test for QAPI builtin type time
  numa: Extend CLI to provide initiator information for numa nodes
  numa: Calculate hmat latency and bandwidth entry list
  tests/bios-tables-test: add test cases for ACPI HMAT

 hw/acpi/Kconfig|   7 +-
 hw/acpi/Makefile.objs  |   1 +
 hw/acpi/hmat.c | 263 +++
 hw/acpi/hmat.h |  42 +
 hw/core/machine.c  |  70 
 hw/core/numa.c | 273 -
 hw/i386/acpi-build.c   |   5 +
 include/qapi/visitor-impl.h|   4 +
 include/qapi/visitor.h |   9 +
 include/qemu/cutils.h  |   1 +
 include/sysemu/numa.h  | 104 +++
 qapi/machine.json  | 179 ++-
 qapi/opts-visitor.c|  22 +++
 qapi/qapi-visit-core.c |  12 ++
 qapi/qobject-input-visitor.c   |  18 ++
 qapi/trace-events  |   1 +
 qemu-options.hx|  96 +-
 scripts/qapi/common.py |   1 +
 tests/bios-tables-test.c   |  44 +
 tests/test-cutils.c| 199 +
 tests/test-keyval.c| 125 +
 tests/test-qobject-input-visitor.c |  29 +++
 util/cutils.c  |  82 +
 23 files changed, 1575 insertions(+), 12 deletions(-)
 create mode 100644 hw/acpi/hmat.c
 create mode 100644 hw/acpi/hmat.h

-- 
2.20.1

[PATCH v13 09/12] hmat acpi: Build Memory Proximity Domain Attributes Structure(s)

[Tao Xu]

From: Liu Jingqi 

HMAT is defined in ACPI 6.3: 5.2.27 Heterogeneous Memory Attribute Table
(HMAT). The specification references below link:
http://www.uefi.org/sites/default/files/resources/ACPI_6_3_final_Jan30.pdf

It describes the memory attributes, such as memory side cache
attributes and bandwidth and latency details, related to the
Memory Proximity Domain. The software is
expected to use this information as hint for optimization.

This structure describes Memory Proximity Domain Attributes by memory
subsystem and its associativity with processor proximity domain as well as
hint for memory usage.

In the linux kernel, the codes in drivers/acpi/hmat/hmat.c parse and report
the platform's HMAT tables.

Reviewed-by: Daniel Black 
Reviewed-by: Jonathan Cameron 
Signed-off-by: Liu Jingqi 
Signed-off-by: Tao Xu 
---

Changes in v13:
- Remove the unnecessary head file.
---
 hw/acpi/Kconfig   |  7 ++-
 hw/acpi/Makefile.objs |  1 +
 hw/acpi/hmat.c| 99 +++
 hw/acpi/hmat.h| 42 ++
 hw/i386/acpi-build.c  |  5 +++
 5 files changed, 152 insertions(+), 2 deletions(-)
 create mode 100644 hw/acpi/hmat.c
 create mode 100644 hw/acpi/hmat.h

diff --git a/hw/acpi/Kconfig b/hw/acpi/Kconfig
index 12e3f1e86e..54209c6f2f 100644
--- a/hw/acpi/Kconfig
+++ b/hw/acpi/Kconfig
@@ -7,6 +7,7 @@ config ACPI_X86
 select ACPI_NVDIMM
 select ACPI_CPU_HOTPLUG
 select ACPI_MEMORY_HOTPLUG
+select ACPI_HMAT
 
 config ACPI_X86_ICH
 bool
@@ -23,6 +24,10 @@ config ACPI_NVDIMM
 bool
 depends on ACPI
 
+config ACPI_HMAT
+bool
+depends on ACPI
+
 config ACPI_PCI
 bool
 depends on ACPI && PCI
@@ -33,5 +38,3 @@ config ACPI_VMGENID
 depends on PC
 
 config ACPI_HW_REDUCED
-bool
-depends on ACPI
diff --git a/hw/acpi/Makefile.objs b/hw/acpi/Makefile.objs
index 655a9c1973..517bd88704 100644
--- a/hw/acpi/Makefile.objs
+++ b/hw/acpi/Makefile.objs
@@ -7,6 +7,7 @@ common-obj-$(CONFIG_ACPI_CPU_HOTPLUG) += cpu.o
 common-obj-$(CONFIG_ACPI_NVDIMM) += nvdimm.o
 common-obj-$(CONFIG_ACPI_VMGENID) += vmgenid.o
 common-obj-$(CONFIG_ACPI_HW_REDUCED) += generic_event_device.o
+common-obj-$(CONFIG_ACPI_HMAT) += hmat.o
 common-obj-$(call lnot,$(CONFIG_ACPI_X86)) += acpi-stub.o
 
 common-obj-y += acpi_interface.o
diff --git a/hw/acpi/hmat.c b/hw/acpi/hmat.c
new file mode 100644
index 00..c595098ba7
--- /dev/null
+++ b/hw/acpi/hmat.c
@@ -0,0 +1,99 @@
+/*
+ * HMAT ACPI Implementation
+ *
+ * Copyright(C) 2019 Intel Corporation.
+ *
+ * Author:
+ *  Liu jingqi 
+ *  Tao Xu 
+ *
+ * HMAT is defined in ACPI 6.3: 5.2.27 Heterogeneous Memory Attribute Table
+ * (HMAT)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see 
+ */
+
+#include "qemu/osdep.h"
+#include "sysemu/numa.h"
+#include "hw/acpi/hmat.h"
+
+/*
+ * ACPI 6.3:
+ * 5.2.27.3 Memory Proximity Domain Attributes Structure: Table 5-145
+ */
+static void build_hmat_mpda(GArray *table_data, uint16_t flags,
+uint16_t initiator, uint16_t mem_node)
+{
+
+/* Memory Proximity Domain Attributes Structure */
+/* Type */
+build_append_int_noprefix(table_data, 0, 2);
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 2);
+/* Length */
+build_append_int_noprefix(table_data, 40, 4);
+/* Flags */
+build_append_int_noprefix(table_data, flags, 2);
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 2);
+/* Proximity Domain for the Attached Initiator */
+build_append_int_noprefix(table_data, initiator, 4);
+/* Proximity Domain for the Memory */
+build_append_int_noprefix(table_data, mem_node, 4);
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 4);
+/*
+ * Reserved:
+ * Previously defined as the Start Address of the System Physical
+ * Address Range. Deprecated since ACPI Spec 6.3.
+ */
+build_append_int_noprefix(table_data, 0, 8);
+/*
+ * Reserved:
+ * Previously defined as the Range Length of the region in bytes.
+ * Deprecated since ACPI Spec 6.3.
+ */
+build_append_int_noprefix(table_data, 0, 8);
+}
+
+/* Build HMAT sub table structures */
+static void hmat_build_table_structs(GArray *table_data, NumaState *numa_state)
+{
+uint16_t flags;
+int i;
+
+for (i = 0; i < numa_state->num_nodes; i++) {
+  

[PATCH v13 02/12] tests/cutils: Add test for qemu_strtotime_ps()

[Tao Xu]

Test the input of basic, time suffixes, float, invaild, trailing and
overflow.

Signed-off-by: Tao Xu 
---

No changes in v13.
---
 tests/test-cutils.c | 199 
 1 file changed, 199 insertions(+)

diff --git a/tests/test-cutils.c b/tests/test-cutils.c
index 1aa8351520..19c967d3d5 100644
--- a/tests/test-cutils.c
+++ b/tests/test-cutils.c
@@ -2179,6 +2179,193 @@ static void test_qemu_strtosz_metric(void)
 g_assert(endptr == str + 6);
 }
 
+static void test_qemu_strtotime_ps_simple(void)
+{
+const char *str;
+const char *endptr;
+int err;
+uint64_t res = 0xbaadf00d;
+
+str = "0";
+err = qemu_strtotime_ps(str, , );
+g_assert_cmpint(err, ==, 0);
+g_assert_cmpint(res, ==, 0);
+g_assert(endptr == str + 1);
+
+str = "56789";
+err = qemu_strtotime_ps(str, , );
+g_assert_cmpint(err, ==, 0);
+g_assert_cmpint(res, ==, 56789);
+g_assert(endptr == str + 5);
+
+err = qemu_strtotime_ps(str, NULL, );
+g_assert_cmpint(err, ==, 0);
+g_assert_cmpint(res, ==, 56789);
+
+/* Note: precision is 53 bits since we're parsing with strtod() */
+
+str = "9007199254740991"; /* 2^53-1 */
+err = qemu_strtotime_ps(str, , );
+g_assert_cmpint(err, ==, 0);
+g_assert_cmpint(res, ==, 0x1f);
+g_assert(endptr == str + 16);
+
+str = "9007199254740992"; /* 2^53 */
+err = qemu_strtotime_ps(str, , );
+g_assert_cmpint(err, ==, 0);
+g_assert_cmpint(res, ==, 0x20);
+g_assert(endptr == str + 16);
+
+str = "9007199254740993"; /* 2^53+1 */
+err = qemu_strtotime_ps(str, , );
+g_assert_cmpint(err, ==, 0);
+g_assert_cmpint(res, ==, 0x20); /* rounded to 53 bits */
+g_assert(endptr == str + 16);
+
+str = "18446744073709549568"; /* 0xf800 (53 msbs set) */
+err = qemu_strtotime_ps(str, , );
+g_assert_cmpint(err, ==, 0);
+g_assert_cmpint(res, ==, 0xf800);
+g_assert(endptr == str + 20);
+
+str = "18446744073709550591"; /* 0xfbff */
+err = qemu_strtotime_ps(str, , );
+g_assert_cmpint(err, ==, 0);
+g_assert_cmpint(res, ==, 0xf800); /* rounded to 53 bits */
+g_assert(endptr == str + 20);
+
+/* 0x7e00..0x7fff get rounded to
+ * 0x8000, thus -ERANGE; see test_qemu_strtosz_erange() */
+}
+
+static void test_qemu_strtotime_ps_units(void)
+{
+const char *ps = "1ps";
+const char *ns = "1ns";
+const char *us = "1us";
+const char *ms = "1ms";
+const char *s = "1s";
+int err;
+const char *endptr;
+uint64_t res = 0xbaadf00d;
+
+err = qemu_strtotime_ps(ps, , );
+g_assert_cmpint(err, ==, 0);
+g_assert_cmpint(res, ==, 1);
+g_assert(endptr == ps + 3);
+
+err = qemu_strtotime_ps(ns, , );
+g_assert_cmpint(err, ==, 0);
+g_assert_cmpint(res, ==, 1000);
+g_assert(endptr == ns + 3);
+
+err = qemu_strtotime_ps(us, , );
+g_assert_cmpint(err, ==, 0);
+g_assert_cmpint(res, ==, 100);
+g_assert(endptr == us + 3);
+
+err = qemu_strtotime_ps(ms, , );
+g_assert_cmpint(err, ==, 0);
+g_assert_cmpint(res, ==, 10LL);
+g_assert(endptr == ms + 3);
+
+err = qemu_strtotime_ps(s, , );
+g_assert_cmpint(err, ==, 0);
+g_assert_cmpint(res, ==, 1ULL);
+g_assert(endptr == s + 2);
+}
+
+static void test_qemu_strtotime_ps_float(void)
+{
+const char *str = "56.789ns";
+int err;
+const char *endptr;
+uint64_t res = 0xbaadf00d;
+
+err = qemu_strtotime_ps(str, , );
+g_assert_cmpint(err, ==, 0);
+g_assert_cmpint(res, ==, 56.789 * 1000);
+g_assert(endptr == str + 8);
+}
+
+static void test_qemu_strtotime_ps_invalid(void)
+{
+const char *str;
+const char *endptr;
+int err;
+uint64_t res = 0xbaadf00d;
+
+str = "";
+err = qemu_strtotime_ps(str, , );
+g_assert_cmpint(err, ==, -EINVAL);
+g_assert(endptr == str);
+
+str = " \t ";
+err = qemu_strtotime_ps(str, , );
+g_assert_cmpint(err, ==, -EINVAL);
+g_assert(endptr == str);
+
+str = "crap";
+err = qemu_strtotime_ps(str, , );
+g_assert_cmpint(err, ==, -EINVAL);
+g_assert(endptr == str);
+
+str = "inf";
+err = qemu_strtotime_ps(str, , );
+g_assert_cmpint(err, ==, -EINVAL);
+g_assert(endptr == str);
+
+str = "NaN";
+err = qemu_strtotime_ps(str, , );
+g_assert_cmpint(err, ==, -EINVAL);
+g_assert(endptr == str);
+}
+
+static void test_qemu_strtotime_ps_trailing(void)
+{
+const char *str;
+int err;
+uint64_t res = 0xbaadf00d;
+
+str = "123xxx";
+
+err = qemu_strtotime_ps(str, NULL, );
+g_assert_cmpint(err, ==, -EINVAL);
+}
+
+static void test_qemu_strtotime_ps_erange(void)
+{
+const char *str;
+const char *endptr;
+int err;
+uint64_t res = 0xbaadf00d;
+
+str = "-1";
+err = qemu_strtotime_ps(str, , );
+g_assert_cmpint(err, ==, 

[PATCH v13 12/12] tests/bios-tables-test: add test cases for ACPI HMAT

[Tao Xu]

ACPI table HMAT has been introduced, QEMU now builds HMAT tables for
Heterogeneous Memory with boot option '-numa node'.

Add test cases on PC and Q35 machines with 2 numa nodes.
Because HMAT is generated when system enable numa, the
following tables need to be added for this test:
  tests/acpi-test-data/pc/*.acpihmat
  tests/acpi-test-data/pc/HMAT.*
  tests/acpi-test-data/q35/*.acpihmat
  tests/acpi-test-data/q35/HMAT.*

Reviewed-by: Igor Mammedov 
Reviewed-by: Daniel Black 
Reviewed-by: Jingqi Liu 
Suggested-by: Igor Mammedov 
Signed-off-by: Tao Xu 
---

Changes in v13:
- Use decimal notation with appropriate suffix for cache size
---
 tests/bios-tables-test.c | 44 
 1 file changed, 44 insertions(+)

diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index 0b33fb265f..96803c1f20 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -947,6 +947,48 @@ static void test_acpi_virt_tcg_numamem(void)
 
 }
 
+static void test_acpi_tcg_acpi_hmat(const char *machine)
+{
+test_data data;
+
+memset(, 0, sizeof(data));
+data.machine = machine;
+data.variant = ".acpihmat";
+test_acpi_one(" -machine hmat=on"
+  " -smp 2,sockets=2"
+  " -m 128M,slots=2,maxmem=1G"
+  " -object memory-backend-ram,size=64M,id=m0"
+  " -object memory-backend-ram,size=64M,id=m1"
+  " -numa node,nodeid=0,memdev=m0"
+  " -numa node,nodeid=1,memdev=m1,initiator=0"
+  " -numa cpu,node-id=0,socket-id=0"
+  " -numa cpu,node-id=0,socket-id=1"
+  " -numa hmat-lb,initiator=0,target=0,hierarchy=memory,"
+  "data-type=access-latency,latency=5ns"
+  " -numa hmat-lb,initiator=0,target=0,hierarchy=memory,"
+  "data-type=access-bandwidth,bandwidth=500M"
+  " -numa hmat-lb,initiator=0,target=1,hierarchy=memory,"
+  "data-type=access-latency,latency=10ns"
+  " -numa hmat-lb,initiator=0,target=1,hierarchy=memory,"
+  "data-type=access-bandwidth,bandwidth=100M"
+  " -numa hmat-cache,node-id=0,size=10K,level=1,assoc=direct,"
+  "policy=write-back,line=8"
+  " -numa hmat-cache,node-id=1,size=10K,level=1,assoc=direct,"
+  "policy=write-back,line=8",
+  );
+free_test_data();
+}
+
+static void test_acpi_q35_tcg_acpi_hmat(void)
+{
+test_acpi_tcg_acpi_hmat(MACHINE_Q35);
+}
+
+static void test_acpi_piix4_tcg_acpi_hmat(void)
+{
+test_acpi_tcg_acpi_hmat(MACHINE_PC);
+}
+
 static void test_acpi_virt_tcg(void)
 {
 test_data data = {
@@ -991,6 +1033,8 @@ int main(int argc, char *argv[])
 qtest_add_func("acpi/q35/numamem", test_acpi_q35_tcg_numamem);
 qtest_add_func("acpi/piix4/dimmpxm", test_acpi_piix4_tcg_dimm_pxm);
 qtest_add_func("acpi/q35/dimmpxm", test_acpi_q35_tcg_dimm_pxm);
+qtest_add_func("acpi/piix4/acpihmat", test_acpi_piix4_tcg_acpi_hmat);
+qtest_add_func("acpi/q35/acpihmat", test_acpi_q35_tcg_acpi_hmat);
 } else if (strcmp(arch, "aarch64") == 0) {
 qtest_add_func("acpi/virt", test_acpi_virt_tcg);
 qtest_add_func("acpi/virt/numamem", test_acpi_virt_tcg_numamem);
-- 
2.20.1

[PATCH v13 08/12] numa: Extend CLI to provide memory side cache information

[Tao Xu]

From: Liu Jingqi 

Add -numa hmat-cache option to provide Memory Side Cache Information.
These memory attributes help to build Memory Side Cache Information
Structure(s) in ACPI Heterogeneous Memory Attribute Table (HMAT).

Reviewed-by: Daniel Black 
Signed-off-by: Liu Jingqi 
Signed-off-by: Tao Xu 
---

Changes in v13:
- Drop the total_levels option.
- Use readable cache size (Igor)
---
 hw/core/numa.c| 66 
 include/sysemu/numa.h | 31 +
 qapi/machine.json | 78 +--
 qemu-options.hx   | 16 +++--
 4 files changed, 187 insertions(+), 4 deletions(-)

diff --git a/hw/core/numa.c b/hw/core/numa.c
index 4033a5a470..4ef7a94a84 100644
--- a/hw/core/numa.c
+++ b/hw/core/numa.c
@@ -312,6 +312,59 @@ void parse_numa_hmat_lb(NumaState *numa_state, 
NumaHmatLBOptions *node,
 }
 }
 
+void parse_numa_hmat_cache(MachineState *ms, NumaHmatCacheOptions *node,
+   Error **errp)
+{
+int nb_numa_nodes = ms->numa_state->num_nodes;
+HMAT_Cache_Info *hmat_cache = NULL;
+
+if (node->node_id >= nb_numa_nodes) {
+error_setg(errp, "Invalid node-id=%" PRIu32
+   ", it should be less than %d.",
+   node->node_id, nb_numa_nodes);
+return;
+}
+
+if (node->level > MAX_HMAT_CACHE_LEVEL) {
+error_setg(errp, "Invalid level=%" PRIu8
+   ", it should be less than or equal to %d.",
+   node->level, MAX_HMAT_CACHE_LEVEL);
+return;
+}
+if (ms->numa_state->hmat_cache[node->node_id][node->level]) {
+error_setg(errp, "Duplicate configuration of the side cache for "
+   "node-id=%" PRIu32 " and level=%" PRIu8 ".",
+   node->node_id, node->level);
+return;
+}
+
+if ((node->level > 1) &&
+ms->numa_state->hmat_cache[node->node_id][node->level - 1] &&
+(node->size >=
+ms->numa_state->hmat_cache[node->node_id][node->level - 1]->size)) 
{
+error_setg(errp, "Invalid size=0x%" PRIx64
+   ", the size of level=%" PRIu8
+   " should be less than the size(0x%" PRIx64
+   ") of level=%" PRIu8 ".",
+   node->size, node->level,
+   ms->numa_state->hmat_cache[node->node_id]
+ [node->level - 1]->size,
+   node->level - 1);
+return;
+}
+
+hmat_cache = g_malloc0(sizeof(*hmat_cache));
+
+hmat_cache->proximity = node->node_id;
+hmat_cache->size = node->size;
+hmat_cache->level = node->level;
+hmat_cache->associativity = node->assoc;
+hmat_cache->write_policy = node->policy;
+hmat_cache->line_size = node->line;
+
+ms->numa_state->hmat_cache[node->node_id][node->level] = hmat_cache;
+}
+
 void set_numa_options(MachineState *ms, NumaOptions *object, Error **errp)
 {
 Error *err = NULL;
@@ -363,6 +416,19 @@ void set_numa_options(MachineState *ms, NumaOptions 
*object, Error **errp)
 goto end;
 }
 break;
+case NUMA_OPTIONS_TYPE_HMAT_CACHE:
+if (!ms->numa_state->hmat_enabled) {
+error_setg(errp, "ACPI Heterogeneous Memory Attribute Table "
+   "(HMAT) is disabled, enable it with -machine hmat=on "
+   "before using any of hmat specific options.");
+return;
+}
+
+parse_numa_hmat_cache(ms, >u.hmat_cache, );
+if (err) {
+goto end;
+}
+break;
 default:
 abort();
 }
diff --git a/include/sysemu/numa.h b/include/sysemu/numa.h
index b45afcb29e..e80883819e 100644
--- a/include/sysemu/numa.h
+++ b/include/sysemu/numa.h
@@ -37,6 +37,8 @@ enum {
 #define HMAT_LB_LEVELS(HMAT_LB_MEM_CACHE_3RD_LEVEL + 1)
 #define HMAT_LB_TYPES (HMAT_LB_DATA_WRITE_BANDWIDTH + 1)
 
+#define MAX_HMAT_CACHE_LEVELHMAT_LB_MEM_CACHE_3RD_LEVEL
+
 struct NodeInfo {
 uint64_t node_mem;
 struct HostMemoryBackend *node_memdev;
@@ -91,6 +93,30 @@ struct HMAT_LB_Info {
 };
 typedef struct HMAT_LB_Info HMAT_LB_Info;
 
+struct HMAT_Cache_Info {
+/* The memory proximity domain to which the memory belongs. */
+uint32_tproximity;
+
+/* Size of memory side cache in bytes. */
+uint64_tsize;
+
+/* Total cache levels for this memory proximity domain. */
+uint8_t total_levels;
+
+/* Cache level described in this structure. */
+uint8_t level;
+
+/* Cache Associativity: None/Direct Mapped/Comple Cache Indexing */
+uint8_t associativity;
+
+/* Write Policy: None/Write Back(WB)/Write Through(WT) */
+uint8_t write_policy;
+
+/* Cache Line size in bytes. */
+uint16_tline_size;
+};
+typedef struct HMAT_Cache_Info HMAT_Cache_Info;
+
 struct NumaState {
 /* Number of NUMA nodes */
 int num_nodes;
@@ -106,6 +132,9 @@ 

[PATCH v13 07/12] numa: Calculate hmat latency and bandwidth entry list

[Tao Xu]

Compress HMAT latency and bandwidth raw data into uint16_t data,
which can be stored in HMAT table.

Suggested-by: Igor Mammedov 
Signed-off-by: Tao Xu 
---

New patch in v13.
---
 hw/core/numa.c | 57 +-
 1 file changed, 56 insertions(+), 1 deletion(-)

diff --git a/hw/core/numa.c b/hw/core/numa.c
index 3cf77f6ac9..4033a5a470 100644
--- a/hw/core/numa.c
+++ b/hw/core/numa.c
@@ -474,6 +474,45 @@ static void complete_init_numa_distance(MachineState *ms)
 }
 }
 
+static void calculate_hmat_entry_list(HMAT_LB_Info *hmat_lb, int num_nodes)
+{
+int i, index;
+uint16_t *entry_list;
+uint64_t base;
+GArray *lb_data_list;
+HMAT_LB_Data *lb_data;
+
+if (hmat_lb->data_type <= HMAT_LB_DATA_WRITE_LATENCY) {
+base = hmat_lb->base_latency;
+lb_data_list = hmat_lb->latency;
+} else {
+base = hmat_lb->base_bandwidth;
+lb_data_list = hmat_lb->bandwidth;
+}
+
+entry_list = g_malloc0(lb_data_list->len * sizeof(uint16_t));
+for (i = 0; i < lb_data_list->len; i++) {
+lb_data = _array_index(lb_data_list, HMAT_LB_Data, i);
+index = lb_data->initiator * num_nodes + lb_data->target;
+if (entry_list[index]) {
+error_report("Duplicate configuration of the latency for "
+"initiator=%d and target=%d.", lb_data->initiator,
+lb_data->target);
+exit(1);
+}
+
+entry_list[index] = (uint16_t)(lb_data->rawdata / base);
+}
+
+if (hmat_lb->data_type <= HMAT_LB_DATA_WRITE_LATENCY) {
+hmat_lb->entry_latency = entry_list;
+} else {
+/* Convert base from Byte to Megabyte */
+hmat_lb->base_bandwidth = base / MiB;
+hmat_lb->entry_bandwidth = entry_list;
+}
+}
+
 void numa_legacy_auto_assign_ram(MachineClass *mc, NodeInfo *nodes,
  int nb_nodes, ram_addr_t size)
 {
@@ -512,9 +551,10 @@ void numa_default_auto_assign_ram(MachineClass *mc, 
NodeInfo *nodes,
 
 void numa_complete_configuration(MachineState *ms)
 {
-int i;
+int i, hierarchy, type;
 MachineClass *mc = MACHINE_GET_CLASS(ms);
 NodeInfo *numa_info = ms->numa_state->nodes;
+HMAT_LB_Info *numa_hmat_lb;
 
 /*
  * If memory hotplug is enabled (slots > 0) but without '-numa'
@@ -611,6 +651,21 @@ void numa_complete_configuration(MachineState *ms)
 /* Validation succeeded, now fill in any missing distances. */
 complete_init_numa_distance(ms);
 }
+
+if (ms->numa_state->hmat_enabled) {
+for (hierarchy = HMAT_LB_MEM_MEMORY;
+ hierarchy <= HMAT_LB_MEM_CACHE_3RD_LEVEL; hierarchy++) {
+for (type = HMAT_LB_DATA_ACCESS_LATENCY;
+type <= HMAT_LB_DATA_WRITE_BANDWIDTH; type++) {
+numa_hmat_lb = ms->numa_state->hmat_lb[hierarchy][type];
+
+if (numa_hmat_lb) {
+calculate_hmat_entry_list(numa_hmat_lb,
+  ms->numa_state->num_nodes);
+}
+}
+}
+}
 }
 }
 
-- 
2.20.1

[PATCH v13 05/12] numa: Extend CLI to provide initiator information for numa nodes

[Tao Xu]

In ACPI 6.3 chapter 5.2.27 Heterogeneous Memory Attribute Table (HMAT),
The initiator represents processor which access to memory. And in 5.2.27.3
Memory Proximity Domain Attributes Structure, the attached initiator is
defined as where the memory controller responsible for a memory proximity
domain. With attached initiator information, the topology of heterogeneous
memory can be described.

Extend CLI of "-numa node" option to indicate the initiator numa node-id.
In the linux kernel, the codes in drivers/acpi/hmat/hmat.c parse and report
the platform's HMAT tables.

Reviewed-by: Jingqi Liu 
Suggested-by: Dan Williams 
Signed-off-by: Tao Xu 
---

Changes in v13:
- Modify some text description
- Drop "initiator_valid" field in struct NodeInfo (Igor)

Changes in v12:
- Fix the bug that a memory-only node without initiator setting
  doesn't report error. (reported by Danmei Wei)
---
 hw/core/machine.c | 70 +++
 hw/core/numa.c| 23 ++
 include/sysemu/numa.h |  5 
 qapi/machine.json | 10 ++-
 qemu-options.hx   | 35 ++
 5 files changed, 137 insertions(+), 6 deletions(-)

diff --git a/hw/core/machine.c b/hw/core/machine.c
index 1689ad3bf8..32a451bd84 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -518,6 +518,20 @@ static void machine_set_nvdimm(Object *obj, bool value, 
Error **errp)
 ms->nvdimms_state->is_enabled = value;
 }
 
+static bool machine_get_hmat(Object *obj, Error **errp)
+{
+MachineState *ms = MACHINE(obj);
+
+return ms->numa_state->hmat_enabled;
+}
+
+static void machine_set_hmat(Object *obj, bool value, Error **errp)
+{
+MachineState *ms = MACHINE(obj);
+
+ms->numa_state->hmat_enabled = value;
+}
+
 static char *machine_get_nvdimm_persistence(Object *obj, Error **errp)
 {
 MachineState *ms = MACHINE(obj);
@@ -645,6 +659,7 @@ void machine_set_cpu_numa_node(MachineState *machine,
const CpuInstanceProperties *props, Error 
**errp)
 {
 MachineClass *mc = MACHINE_GET_CLASS(machine);
+NodeInfo *numa_info = machine->numa_state->nodes;
 bool match = false;
 int i;
 
@@ -714,6 +729,17 @@ void machine_set_cpu_numa_node(MachineState *machine,
 match = true;
 slot->props.node_id = props->node_id;
 slot->props.has_node_id = props->has_node_id;
+
+if (machine->numa_state->hmat_enabled) {
+if ((numa_info[props->node_id].initiator < MAX_NODES) &&
+(props->node_id != numa_info[props->node_id].initiator)) {
+error_setg(errp, "The initiator of CPU NUMA node %" PRId64
+" should be itself.", props->node_id);
+return;
+}
+numa_info[props->node_id].has_cpu = true;
+numa_info[props->node_id].initiator = props->node_id;
+}
 }
 
 if (!match) {
@@ -960,6 +986,13 @@ static void machine_initfn(Object *obj)
 
 if (mc->numa_mem_supported) {
 ms->numa_state = g_new0(NumaState, 1);
+object_property_add_bool(obj, "hmat",
+ machine_get_hmat, machine_set_hmat,
+ _abort);
+object_property_set_description(obj, "hmat",
+"Set on/off to enable/disable "
+"ACPI Heterogeneous Memory Attribute "
+"Table (HMAT)", NULL);
 }
 
 /* Register notifier when init is done for sysbus sanity checks */
@@ -1048,6 +1081,38 @@ static char *cpu_slot_to_string(const CPUArchId *cpu)
 return g_string_free(s, false);
 }
 
+static void numa_validate_initiator(NumaState *numa_state)
+{
+int i;
+NodeInfo *numa_info = numa_state->nodes;
+
+for (i = 0; i < numa_state->num_nodes; i++) {
+if (numa_info[i].initiator == MAX_NODES) {
+error_report("The initiator of NUMA node %d is missing, use "
+ "'-numa node,initiator' option to declare it.", i);
+goto err;
+}
+
+if (!numa_info[numa_info[i].initiator].present) {
+error_report("NUMA node %" PRIu16 " is missing, use "
+ "'-numa node' option to declare it first.",
+ numa_info[i].initiator);
+goto err;
+}
+
+if (!numa_info[numa_info[i].initiator].has_cpu) {
+error_report("The initiator of NUMA node %d is invalid.", i);
+goto err;
+}
+}
+
+return;
+
+err:
+error_printf("\n");
+exit(1);
+}
+
 static void machine_numa_finish_cpu_init(MachineState *machine)
 {
 int i;
@@ -1088,6 +1153,11 @@ static void machine_numa_finish_cpu_init(MachineState 
*machine)
 machine_set_cpu_numa_node(machine, , _fatal);
 }
 }
+
+if (machine->numa_state->hmat_enabled) {
+

[PATCH v13 03/12] qapi: Add builtin type time

[Tao Xu]

Add optional builtin type time, fallback is uint64. This type use
qemu_strtotime_ps() for pre-converting time suffix to numbers.

Signed-off-by: Tao Xu 
---

No changes in v13.
---
 include/qapi/visitor-impl.h  |  4 
 include/qapi/visitor.h   |  9 +
 qapi/opts-visitor.c  | 22 ++
 qapi/qapi-visit-core.c   | 12 
 qapi/qobject-input-visitor.c | 18 ++
 qapi/trace-events|  1 +
 scripts/qapi/common.py   |  1 +
 7 files changed, 67 insertions(+)

diff --git a/include/qapi/visitor-impl.h b/include/qapi/visitor-impl.h
index 8ccb3b6c20..e0979563c7 100644
--- a/include/qapi/visitor-impl.h
+++ b/include/qapi/visitor-impl.h
@@ -88,6 +88,10 @@ struct Visitor
 void (*type_size)(Visitor *v, const char *name, uint64_t *obj,
   Error **errp);
 
+/* Optional; fallback is type_uint64() */
+void (*type_time)(Visitor *v, const char *name, uint64_t *obj,
+  Error **errp);
+
 /* Must be set */
 void (*type_bool)(Visitor *v, const char *name, bool *obj, Error **errp);
 
diff --git a/include/qapi/visitor.h b/include/qapi/visitor.h
index c5b23851a1..62565f4cb5 100644
--- a/include/qapi/visitor.h
+++ b/include/qapi/visitor.h
@@ -554,6 +554,15 @@ void visit_type_int64(Visitor *v, const char *name, 
int64_t *obj,
 void visit_type_size(Visitor *v, const char *name, uint64_t *obj,
  Error **errp);
 
+/*
+ * Visit a uint64_t value.
+ * Like visit_type_uint64(), except that some visitors may choose to
+ * recognize numbers with timeunit suffix, such as "ps", "ns", "us"
+ * "ms" and "s".
+ */
+void visit_type_time(Visitor *v, const char *name, uint64_t *obj,
+ Error **errp);
+
 /*
  * Visit a boolean value.
  *
diff --git a/qapi/opts-visitor.c b/qapi/opts-visitor.c
index 5fe0276c1c..e289c63b52 100644
--- a/qapi/opts-visitor.c
+++ b/qapi/opts-visitor.c
@@ -526,6 +526,27 @@ opts_type_size(Visitor *v, const char *name, uint64_t 
*obj, Error **errp)
 processed(ov, name);
 }
 
+static void
+opts_type_time(Visitor *v, const char *name, uint64_t *obj, Error **errp)
+{
+OptsVisitor *ov = to_ov(v);
+const QemuOpt *opt;
+int err;
+
+opt = lookup_scalar(ov, name, errp);
+if (!opt) {
+return;
+}
+
+err = qemu_strtotime_ps(opt->str ? opt->str : "", NULL, obj);
+if (err < 0) {
+error_setg(errp, QERR_INVALID_PARAMETER_VALUE, opt->name,
+   "a time value");
+return;
+}
+
+processed(ov, name);
+}
 
 static void
 opts_optional(Visitor *v, const char *name, bool *present)
@@ -573,6 +594,7 @@ opts_visitor_new(const QemuOpts *opts)
 ov->visitor.type_int64  = _type_int64;
 ov->visitor.type_uint64 = _type_uint64;
 ov->visitor.type_size   = _type_size;
+ov->visitor.type_time   = _type_time;
 ov->visitor.type_bool   = _type_bool;
 ov->visitor.type_str= _type_str;
 
diff --git a/qapi/qapi-visit-core.c b/qapi/qapi-visit-core.c
index 5365561b07..ac8896455c 100644
--- a/qapi/qapi-visit-core.c
+++ b/qapi/qapi-visit-core.c
@@ -277,6 +277,18 @@ void visit_type_size(Visitor *v, const char *name, 
uint64_t *obj,
 }
 }
 
+void visit_type_time(Visitor *v, const char *name, uint64_t *obj,
+ Error **errp)
+{
+assert(obj);
+trace_visit_type_time(v, name, obj);
+if (v->type_time) {
+v->type_time(v, name, obj, errp);
+} else {
+v->type_uint64(v, name, obj, errp);
+}
+}
+
 void visit_type_bool(Visitor *v, const char *name, bool *obj, Error **errp)
 {
 assert(obj);
diff --git a/qapi/qobject-input-visitor.c b/qapi/qobject-input-visitor.c
index 32236cbcb1..9b66941d8a 100644
--- a/qapi/qobject-input-visitor.c
+++ b/qapi/qobject-input-visitor.c
@@ -627,6 +627,23 @@ static void qobject_input_type_size_keyval(Visitor *v, 
const char *name,
 }
 }
 
+static void qobject_input_type_time_keyval(Visitor *v, const char *name,
+   uint64_t *obj, Error **errp)
+{
+QObjectInputVisitor *qiv = to_qiv(v);
+const char *str = qobject_input_get_keyval(qiv, name, errp);
+
+if (!str) {
+return;
+}
+
+if (qemu_strtotime_ps(str, NULL, obj) < 0) {
+/* TODO report -ERANGE more nicely */
+error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
+   full_name(qiv, name), "time");
+}
+}
+
 static void qobject_input_optional(Visitor *v, const char *name, bool *present)
 {
 QObjectInputVisitor *qiv = to_qiv(v);
@@ -708,6 +725,7 @@ Visitor *qobject_input_visitor_new_keyval(QObject *obj)
 v->visitor.type_any = qobject_input_type_any;
 v->visitor.type_null = qobject_input_type_null;
 v->visitor.type_size = qobject_input_type_size_keyval;
+v->visitor.type_time = qobject_input_type_time_keyval;
 v->keyval = true;
 
 return >visitor;
diff --git a/qapi/trace-events b/qapi/trace-events
index 5eb4afa110..c4605a7ccc 100644
--- 

[PATCH v13 04/12] tests: Add test for QAPI builtin type time

[Tao Xu]

Add tests for time input such as zero, around limit of precision,
signed upper limit, actual upper limit, beyond limits, time suffixes,
and etc.

Signed-off-by: Tao Xu 
---

No changes in v13.
---
 tests/test-keyval.c| 125 +
 tests/test-qobject-input-visitor.c |  29 +++
 2 files changed, 154 insertions(+)

diff --git a/tests/test-keyval.c b/tests/test-keyval.c
index 09b0ae3c68..b36914f0fc 100644
--- a/tests/test-keyval.c
+++ b/tests/test-keyval.c
@@ -490,6 +490,130 @@ static void test_keyval_visit_size(void)
 visit_free(v);
 }
 
+static void test_keyval_visit_time(void)
+{
+Error *err = NULL;
+Visitor *v;
+QDict *qdict;
+uint64_t time;
+
+/* Lower limit zero */
+qdict = keyval_parse("time1=0", NULL, _abort);
+v = qobject_input_visitor_new_keyval(QOBJECT(qdict));
+qobject_unref(qdict);
+visit_start_struct(v, NULL, NULL, 0, _abort);
+visit_type_time(v, "time1", , _abort);
+g_assert_cmpuint(time, ==, 0);
+visit_check_struct(v, _abort);
+visit_end_struct(v, NULL);
+visit_free(v);
+
+/* Around limit of precision: 2^53-1, 2^53, 2^53+1 */
+qdict = keyval_parse("time1=9007199254740991,"
+ "time2=9007199254740992,"
+ "time3=9007199254740993",
+ NULL, _abort);
+v = qobject_input_visitor_new_keyval(QOBJECT(qdict));
+qobject_unref(qdict);
+visit_start_struct(v, NULL, NULL, 0, _abort);
+visit_type_time(v, "time1", , _abort);
+g_assert_cmphex(time, ==, 0x1f);
+visit_type_time(v, "time2", , _abort);
+g_assert_cmphex(time, ==, 0x20);
+visit_type_time(v, "time3", , _abort);
+g_assert_cmphex(time, ==, 0x20);
+visit_check_struct(v, _abort);
+visit_end_struct(v, NULL);
+visit_free(v);
+
+/* Close to signed upper limit 0x7c00 (53 msbs set) */
+qdict = keyval_parse("time1=9223372036854774784," /* 7c00 */
+ "time2=9223372036854775295", /* 7dff */
+ NULL, _abort);
+v = qobject_input_visitor_new_keyval(QOBJECT(qdict));
+qobject_unref(qdict);
+visit_start_struct(v, NULL, NULL, 0, _abort);
+visit_type_time(v, "time1", , _abort);
+g_assert_cmphex(time, ==, 0x7c00);
+visit_type_time(v, "time2", , _abort);
+g_assert_cmphex(time, ==, 0x7c00);
+visit_check_struct(v, _abort);
+visit_end_struct(v, NULL);
+visit_free(v);
+
+/* Close to actual upper limit 0xf800 (53 msbs set) */
+qdict = keyval_parse("time1=18446744073709549568," /* f800 */
+ "time2=18446744073709550591", /* fbff */
+ NULL, _abort);
+v = qobject_input_visitor_new_keyval(QOBJECT(qdict));
+qobject_unref(qdict);
+visit_start_struct(v, NULL, NULL, 0, _abort);
+visit_type_time(v, "time1", , _abort);
+g_assert_cmphex(time, ==, 0xf800);
+visit_type_time(v, "time2", , _abort);
+g_assert_cmphex(time, ==, 0xf800);
+visit_check_struct(v, _abort);
+visit_end_struct(v, NULL);
+visit_free(v);
+
+/* Beyond limits */
+qdict = keyval_parse("time1=-1,"
+ "time2=18446744073709550592", /* fc00 */
+ NULL, _abort);
+v = qobject_input_visitor_new_keyval(QOBJECT(qdict));
+qobject_unref(qdict);
+visit_start_struct(v, NULL, NULL, 0, _abort);
+visit_type_time(v, "time1", , );
+error_free_or_abort();
+visit_type_time(v, "time2", , );
+error_free_or_abort();
+visit_end_struct(v, NULL);
+visit_free(v);
+
+/* Suffixes */
+qdict = keyval_parse("time1=2ps,time2=3.4ns,time3=5us,"
+ "time4=0.6ms,time5=700s",
+ NULL, _abort);
+v = qobject_input_visitor_new_keyval(QOBJECT(qdict));
+qobject_unref(qdict);
+visit_start_struct(v, NULL, NULL, 0, _abort);
+visit_type_time(v, "time1", , _abort);
+g_assert_cmpuint(time, ==, 2);
+visit_type_time(v, "time2", , _abort);
+g_assert_cmpuint(time, ==, 3400);
+visit_type_time(v, "time3", , _abort);
+g_assert_cmphex(time, ==, 5 * 1000 * 1000);
+visit_type_time(v, "time4", , _abort);
+g_assert_cmphex(time, ==, 600 * 1000 * 1000);
+visit_type_time(v, "time5", , _abort);
+g_assert_cmphex(time, ==, 700 * 1ULL);
+visit_check_struct(v, _abort);
+visit_end_struct(v, NULL);
+visit_free(v);
+
+/* Beyond limit with suffix */
+qdict = keyval_parse("time1=18446745s", NULL, _abort);
+v = qobject_input_visitor_new_keyval(QOBJECT(qdict));
+qobject_unref(qdict);
+visit_start_struct(v, NULL, NULL, 0, _abort);
+visit_type_time(v, "time1", , );
+error_free_or_abort();
+visit_end_struct(v, NULL);
+visit_free(v);
+
+/* Trailing crap */
+qdict = 

[PATCH v13 01/12] util/cutils: Add qemu_strtotime_ps()

[Tao Xu]

To convert strings with time suffixes to numbers, support time unit are
"ps" for picosecond, "ns" for nanosecond, "us" for microsecond, "ms"
for millisecond or "s" for second.

Signed-off-by: Tao Xu 
---

No changes in v13.
---
 include/qemu/cutils.h |  1 +
 util/cutils.c | 82 +++
 2 files changed, 83 insertions(+)

diff --git a/include/qemu/cutils.h b/include/qemu/cutils.h
index b54c847e0f..7b6d106bdd 100644
--- a/include/qemu/cutils.h
+++ b/include/qemu/cutils.h
@@ -182,5 +182,6 @@ int uleb128_decode_small(const uint8_t *in, uint32_t *n);
  * *str1 is <, == or > than *str2.
  */
 int qemu_pstrcmp0(const char **str1, const char **str2);
+int qemu_strtotime_ps(const char *nptr, const char **end, uint64_t *result);
 
 #endif
diff --git a/util/cutils.c b/util/cutils.c
index fd591cadf0..a50c15f46a 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -847,3 +847,85 @@ int qemu_pstrcmp0(const char **str1, const char **str2)
 {
 return g_strcmp0(*str1, *str2);
 }
+
+static int64_t timeunit_mul(const char *unitstr)
+{
+if (g_strcmp0(unitstr, "ps") == 0) {
+return 1;
+} else if (g_strcmp0(unitstr, "ns") == 0) {
+return 1000;
+} else if (g_strcmp0(unitstr, "us") == 0) {
+return 100;
+} else if (g_strcmp0(unitstr, "ms") == 0) {
+return 10LL;
+} else if (g_strcmp0(unitstr, "s") == 0) {
+return 1LL;
+} else {
+return -1;
+}
+}
+
+
+/*
+ * Convert string to time, support time unit are ps for picosecond,
+ * ns for nanosecond, us for microsecond, ms for millisecond or s for second.
+ * End pointer will be returned in *end, if not NULL. Return -ERANGE on
+ * overflow, and -EINVAL on other error.
+ */
+static int do_strtotime(const char *nptr, const char **end,
+  const char *default_unit, uint64_t *result)
+{
+int retval;
+const char *endptr;
+int mul_required = 0;
+int64_t mul;
+double val, integral, fraction;
+
+retval = qemu_strtod_finite(nptr, , );
+if (retval) {
+goto out;
+}
+fraction = modf(val, );
+if (fraction != 0) {
+mul_required = 1;
+}
+
+mul = timeunit_mul(endptr);
+
+if (mul == 1LL) {
+endptr++;
+} else if (mul != -1) {
+endptr += 2;
+} else {
+mul = timeunit_mul(default_unit);
+assert(mul >= 0);
+}
+if (mul == 1 && mul_required) {
+retval = -EINVAL;
+goto out;
+}
+/*
+ * Values >= 0xfc00 overflow uint64_t after their trip
+ * through double (53 bits of precision).
+ */
+if ((val * (double)mul >= 0xfc00) || val < 0) {
+retval = -ERANGE;
+goto out;
+}
+*result = val * (double)mul;
+retval = 0;
+
+out:
+if (end) {
+*end = endptr;
+} else if (*endptr) {
+retval = -EINVAL;
+}
+
+return retval;
+}
+
+int qemu_strtotime_ps(const char *nptr, const char **end, uint64_t *result)
+{
+return do_strtotime(nptr, end, "ps", result);
+}
-- 
2.20.1

Re: [PATCH v3 4/9] tests/acceptance: Refactor exec_command_and_wait_for_pattern()

[David Gibson]

On Thu, Oct 17, 2019 at 06:52:34PM +0200, Philippe Mathieu-Daudé wrote:
> From: Philippe Mathieu-Daudé 
> 
> The same utility method is already present in two different test
> files,

This patch only appears to remove it from one, though.

> so let's consolidate it into a single utility function.
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  tests/acceptance/avocado_qemu/__init__.py | 19 +++
>  tests/acceptance/boot_linux_console.py| 12 
>  2 files changed, 23 insertions(+), 8 deletions(-)
> 
> diff --git a/tests/acceptance/avocado_qemu/__init__.py 
> b/tests/acceptance/avocado_qemu/__init__.py
> index 39f72945cd..4d7d6b640a 100644
> --- a/tests/acceptance/avocado_qemu/__init__.py
> +++ b/tests/acceptance/avocado_qemu/__init__.py
> @@ -80,6 +80,25 @@ def wait_for_console_pattern(test, success_message,
>  test.fail(fail)
>  
>  
> +def exec_command_and_wait_for_pattern(test, command,
> +  success_message, failure_message):
> +"""
> +Send a command to a console (appending CRLF characters), then wait
> +for success_message to appear on the console, while logging the.
> +content. Mark the test as failed if failure_message is found instead.
> +
> +:param test: an Avocado test containing a VM that will have its console
> + read and probed for a success or failure message
> +:type test: :class:`avocado_qemu.Test`
> +:param command: the command to send
> +:param success_message: if this message appears, test succeeds
> +:param failure_message: if this message appears, test fails
> +"""
> +command += '\r\n'
> +self.vm.console_socket.sendall(command.encode())
> +wait_for_console_pattern(self, success_message)
> +
> +
>  class Test(avocado.Test):
>  def setUp(self):
>  self._vms = {}
> diff --git a/tests/acceptance/boot_linux_console.py 
> b/tests/acceptance/boot_linux_console.py
> index bf9861296a..cc4d9be625 100644
> --- a/tests/acceptance/boot_linux_console.py
> +++ b/tests/acceptance/boot_linux_console.py
> @@ -14,6 +14,7 @@ import gzip
>  import shutil
>  
>  from avocado_qemu import Test
> +from avocado_qemu import exec_command_and_wait_for_pattern
>  from avocado_qemu import wait_for_console_pattern
>  from avocado.utils import process
>  from avocado.utils import archive
> @@ -29,11 +30,6 @@ class BootLinuxConsole(Test):
>  
>  KERNEL_COMMON_COMMAND_LINE = 'printk.time=0 '
>  
> -def exec_command_and_wait_for_pattern(self, command, success_message):
> -command += '\r\n'
> -self.vm.console_socket.sendall(command.encode())
> -wait_for_console_pattern(self, success_message)
> -
>  def extract_from_deb(self, deb, path):
>  """
>  Extracts a file from a deb package into the test workdir
> @@ -162,11 +158,11 @@ class BootLinuxConsole(Test):
>  self.vm.launch()
>  wait_for_console_pattern(self, 'Boot successful.')
>  
> -self.exec_command_and_wait_for_pattern('cat /proc/cpuinfo',
> +exec_command_and_wait_for_pattern(self, 'cat /proc/cpuinfo',
> 'BogoMIPS')
> -self.exec_command_and_wait_for_pattern('uname -a',
> +exec_command_and_wait_for_pattern(self, 'uname -a',
> 'Debian')
> -self.exec_command_and_wait_for_pattern('reboot',
> +exec_command_and_wait_for_pattern(self, 'reboot',
> 'reboot: Restarting system')
>  
>  def do_test_mips_malta32el_nanomips(self, kernel_url, kernel_hash):

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH v3 3/9] tests/acceptance: Send on serial lines

[David Gibson]

On Thu, Oct 17, 2019 at 06:52:33PM +0200, Philippe Mathieu-Daudé wrote:
> Some firmwares don't parse the  control character and
> expect a .
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  tests/acceptance/boot_linux_console.py | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tests/acceptance/boot_linux_console.py 
> b/tests/acceptance/boot_linux_console.py
> index 9ff2213874..bf9861296a 100644
> --- a/tests/acceptance/boot_linux_console.py
> +++ b/tests/acceptance/boot_linux_console.py
> @@ -30,7 +30,7 @@ class BootLinuxConsole(Test):
>  KERNEL_COMMON_COMMAND_LINE = 'printk.time=0 '
>  
>  def exec_command_and_wait_for_pattern(self, command, success_message):
> -command += '\n'
> +command += '\r\n'

I'm actually wondering if '\r' alone is really what we should be using
here.  Isn't that usually the character that actually pressing the
Enter key generates (on an old school tty)?  IIRC it's the thing on
the other side of the console that echoes back a \r and \n in order to
reposition the cursor on the next line.

>  self.vm.console_socket.sendall(command.encode())
>  wait_for_console_pattern(self, success_message)
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH 1/1] Updated Bulgarian translation (19) - 4.1.0

[Paolo Bonzini]

On 19/10/19 14:05, Alexander Shopov wrote:
> Signed-off-by: Alexander Shopov 
> ---
>  po/bg.po | 10 +-
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/po/bg.po b/po/bg.po
> index 3d8c353372..98c57e5b22 100644
> --- a/po/bg.po
> +++ b/po/bg.po
> @@ -1,14 +1,14 @@
>  # Bulgarian translation of qemu po-file.
> -# Copyright (C) 2016 Alexander Shopov 
> +# Copyright (C) 2016, 2019 Alexander Shopov 
>  # This file is distributed under the same license as the qemu package.
> -# Alexander Shopov , 2016.
> +# Alexander Shopov , 2016, 2019.
>  #
>  msgid ""
>  msgstr ""
> -"Project-Id-Version: QEMU 2.6.50\n"
> +"Project-Id-Version: QEMU 4.1.0\n"
>  "Report-Msgid-Bugs-To: qemu-devel@nongnu.org\n"
>  "POT-Creation-Date: 2018-07-18 07:56+0200\n"
> -"PO-Revision-Date: 2016-06-09 15:54+0300\n"
> +"PO-Revision-Date: 2019-10-19 13:14+0200\n"
>  "Last-Translator: Alexander Shopov \n"
>  "Language-Team: Bulgarian \n"
>  "Language: bg\n"
> @@ -66,7 +66,7 @@ msgid "Detach Tab"
>  msgstr "Към самостоятелен подпрозорец"
>  
>  msgid "Show Menubar"
> -msgstr ""
> +msgstr "Лента за менюто"
>  
>  msgid "_Machine"
>  msgstr "_Машина"
> 

Queued, thanks.

Paolo

Re: qemu/powernv: coreboot support?

[Cédric Le Goater]

On 20/10/2019 08:28, David Gibson wrote:
> On Sat, Oct 19, 2019 at 11:09:34AM -0500, Marty E. Plummer wrote:
>> On Sat, Oct 19, 2019 at 05:53:12PM +0200, Cédric Le Goater wrote:
>>> On 19/10/2019 17:31, Marty E. Plummer wrote:
 On Sat, Oct 19, 2019 at 03:46:59PM +0200, Cédric Le Goater wrote:
> On 18/10/2019 19:28, Marty E. Plummer wrote:
>> Hello,
>>
>> First off, thank you for the work you've done on the ppc64 support, it
>> has been very useful. I'm currently working on a coreboot port for the
>> talos ii line of systems (which means more ppc64 support, support
>> specifically for the power9 sforza chip, and specific mainboard support.
>> My plate is very full lol) and have been using qemu to debug the
>> bootblock.
>>
>> It has been very useful for that, but I'm now at the point where I need
>> to jump to romstage, and that's where it gets tricky. qemu parses the rom
>> image and looks for a ffs header, locates skiboot on it, and jumps 
>> straight
>> to that. Not exactly ideal for debugging something not produced from 
>> op-build.
>
> yes. I suppose you are using my branch powernv-4.2 which adds PNOR support
> and a way to boot directly from PNOR. In that case, QEMU parses the PNOR
> file to extract the PAYLOAD partition (skiboot). skiboot also detects the
> flash and extract the kernel and initramfs from the PNOR.
>
> However, you can bypass all this internal boot process by simply passing
> a -bios option and not passing a MTD device.
>
 Doing so gives me the following error:
 qemu-system-ppc64: Could not load OPAL firmware 'build/coreboot.rom'
 (this is after I patched the 4mb size limit up)
>>>
>>> Could you make that rom available ? 
>>>
>> Sure, I think. Not sure about how sending files works in my current mail
>> client but will see. Its more or less a 'stock' (as stock as can be for
>> a new coreboot target) coreboot.rom file, but I've added some logic into
>> the build to fake a pnor ffs header at the end in order to trick hostboot
>> bootloader into loading it.
> 
> Ok.  Note that the qemu emulated machine doesn't model the hardware
> right down to the level of hostboot.  That's wy we're just loading
> skiboot and jumping straight into it usually.  I guess clg's stuff to
> load pnor images gets us a little closer to the hardware behaviour,
> but I think it's still only a rough approximation.

It's really tied to the OpenPOWER firmwares using the HIOMAP protocol
to discuss with the BMC and load the flash. We could loosen how QEMU 
interprets the MTD device and use a property to inform QEMU that this
is an OpenPOWER  PNOR file and that skiboot and can be loaded from it.
Something to discuss.


I have applied this small hack to load larger -bios files :
 
--- qemu-powernv-4.2.git.orig/hw/ppc/pnv.c
+++ qemu-powernv-4.2.git/hw/ppc/pnv.c
@@ -58,7 +58,7 @@
 
 #define FW_FILE_NAME"skiboot.lid"
 #define FW_LOAD_ADDR0x0
-#define FW_MAX_SIZE (4 * MiB)
+#define FW_MAX_SIZE (64 * MiB)
 
 #define KERNEL_LOAD_ADDR0x2000
 #define KERNEL_MAX_SIZE (256 * MiB)

and coreboot.rom loads and boots and loops.


You can use -d exec,in_asm to check what's going on.


C.

Re: [PATCH v3 1/9] Acceptance tests: refactor wait_for_console_pattern

[David Gibson]

On Thu, Oct 17, 2019 at 06:52:31PM +0200, Philippe Mathieu-Daudé wrote:
> From: Cleber Rosa 
> 
> The same utility method is already present in two different test
> files, so let's consolidate it into a single utility function.
> 
> Signed-off-by: Cleber Rosa 
> Message-Id: <20190916164011.7653-1-cr...@redhat.com>
> Reviewed-by: Philippe Mathieu-Daudé 
> [PMD: rebased fixing conflicts in linux_ssh_mips_malta.py]
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: David Gibson 

> ---
>  tests/acceptance/avocado_qemu/__init__.py | 26 +
>  tests/acceptance/boot_linux_console.py| 47 +++
>  tests/acceptance/linux_ssh_mips_malta.py  | 18 ++---
>  3 files changed, 42 insertions(+), 49 deletions(-)
> 
> diff --git a/tests/acceptance/avocado_qemu/__init__.py 
> b/tests/acceptance/avocado_qemu/__init__.py
> index bd41e0443c..a0fe16e47f 100644
> --- a/tests/acceptance/avocado_qemu/__init__.py
> +++ b/tests/acceptance/avocado_qemu/__init__.py
> @@ -8,6 +8,7 @@
>  # This work is licensed under the terms of the GNU GPL, version 2 or
>  # later.  See the COPYING file in the top-level directory.
>  
> +import logging
>  import os
>  import sys
>  import uuid
> @@ -53,6 +54,31 @@ def pick_default_qemu_bin(arch=None):
>  return qemu_bin_from_src_dir_path
>  
>  
> +def wait_for_console_pattern(test, success_message,
> + failure_message='Kernel panic - not syncing'):
> +"""
> +Waits for messages to appear on the console, while logging the content
> +
> +:param test: an Avocado test containing a VM that will have its console
> + read and probed for a success or failure message
> +:type test: :class:`avocado_qemu.Test`
> +:param success_message: if this message appears, test succeeds
> +:param failure_message: if this message appears, test fails
> +"""
> +console = test.vm.console_socket.makefile()
> +console_logger = logging.getLogger('console')
> +while True:
> +msg = console.readline().strip()
> +if not msg:
> +continue
> +console_logger.debug(msg)
> +if success_message in msg:
> +break
> +if failure_message in msg:
> +fail = 'Failure message found in console: %s' % failure_message
> +test.fail(fail)
> +
> +
>  class Test(avocado.Test):
>  def setUp(self):
>  self._vms = {}
> diff --git a/tests/acceptance/boot_linux_console.py 
> b/tests/acceptance/boot_linux_console.py
> index 8a9a314ab4..9ff2213874 100644
> --- a/tests/acceptance/boot_linux_console.py
> +++ b/tests/acceptance/boot_linux_console.py
> @@ -9,12 +9,12 @@
>  # later.  See the COPYING file in the top-level directory.
>  
>  import os
> -import logging
>  import lzma
>  import gzip
>  import shutil
>  
>  from avocado_qemu import Test
> +from avocado_qemu import wait_for_console_pattern
>  from avocado.utils import process
>  from avocado.utils import archive
>  
> @@ -29,31 +29,10 @@ class BootLinuxConsole(Test):
>  
>  KERNEL_COMMON_COMMAND_LINE = 'printk.time=0 '
>  
> -def wait_for_console_pattern(self, success_message,
> - failure_message='Kernel panic - not 
> syncing'):
> -"""
> -Waits for messages to appear on the console, while logging the 
> content
> -
> -:param success_message: if this message appears, test succeeds
> -:param failure_message: if this message appears, test fails
> -"""
> -console = self.vm.console_socket.makefile()
> -console_logger = logging.getLogger('console')
> -while True:
> -msg = console.readline().strip()
> -if not msg:
> -continue
> -console_logger.debug(msg)
> -if success_message in msg:
> -break
> -if failure_message in msg:
> -fail = 'Failure message found in console: %s' % 
> failure_message
> -self.fail(fail)
> -
>  def exec_command_and_wait_for_pattern(self, command, success_message):
>  command += '\n'
>  self.vm.console_socket.sendall(command.encode())
> -self.wait_for_console_pattern(success_message)
> +wait_for_console_pattern(self, success_message)
>  
>  def extract_from_deb(self, deb, path):
>  """
> @@ -89,7 +68,7 @@ class BootLinuxConsole(Test):
>   '-append', kernel_command_line)
>  self.vm.launch()
>  console_pattern = 'Kernel command line: %s' % kernel_command_line
> -self.wait_for_console_pattern(console_pattern)
> +wait_for_console_pattern(self, console_pattern)
>  
>  def test_mips_malta(self):
>  """
> @@ -112,7 +91,7 @@ class BootLinuxConsole(Test):
>   '-append', kernel_command_line)
>  self.vm.launch()
>  console_pattern = 'Kernel command line: %s' % kernel_command_line
> -

[PATCH] fdc: support READ command with VERIFY DMA mode

[Sven Schnelle]

While working on the Tulip driver i tried to write some Teledisk images to
a floppy image which didn't work. Turned out that Teledisk checks the written
data by issuing a READ command to the FDC but running the DMA controller
in VERIFY mode. As we ignored the DMA request in that case, the DMA transfer
never finished, and Teledisk reported an error.

Signed-off-by: Sven Schnelle 
---
 hw/block/fdc.c | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index ac5d31e8c1..8a1228df78 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -1733,7 +1733,8 @@ static void fdctrl_start_transfer(FDCtrl *fdctrl, int 
direction)
 dma_mode_ok = (dma_mode == ISADMA_TRANSFER_WRITE);
 break;
 case FD_DIR_READ:
-dma_mode_ok = (dma_mode == ISADMA_TRANSFER_READ);
+dma_mode_ok = (dma_mode == ISADMA_TRANSFER_READ) ||
+  (dma_mode == ISADMA_TRANSFER_VERIFY);
 break;
 case FD_DIR_VERIFY:
 dma_mode_ok = true;
@@ -1835,8 +1836,11 @@ static int fdctrl_transfer_handler (void *opaque, int 
nchan,
 switch (fdctrl->data_dir) {
 case FD_DIR_READ:
 /* READ commands */
-k->write_memory(fdctrl->dma, nchan, fdctrl->fifo + rel_pos,
-fdctrl->data_pos, len);
+if (k->get_transfer_mode(fdctrl->dma, fdctrl->dma_chann) !=
+ISADMA_TRANSFER_VERIFY) {
+k->write_memory(fdctrl->dma, nchan, fdctrl->fifo + rel_pos,
+fdctrl->data_pos, len);
+}
 break;
 case FD_DIR_WRITE:
 /* WRITE commands */
-- 
2.23.0

Re: qemu/powernv: coreboot support?

[David Gibson]

On Sat, Oct 19, 2019 at 10:31:09AM -0500, Marty E. Plummer wrote:
> On Sat, Oct 19, 2019 at 03:46:59PM +0200, Cédric Le Goater wrote:
> > On 18/10/2019 19:28, Marty E. Plummer wrote:
> > > Hello,
> > > 
> > > First off, thank you for the work you've done on the ppc64 support, it
> > > has been very useful. I'm currently working on a coreboot port for the
> > > talos ii line of systems (which means more ppc64 support, support
> > > specifically for the power9 sforza chip, and specific mainboard support.
> > > My plate is very full lol) and have been using qemu to debug the
> > > bootblock.
> > > 
> > > It has been very useful for that, but I'm now at the point where I need
> > > to jump to romstage, and that's where it gets tricky. qemu parses the rom
> > > image and looks for a ffs header, locates skiboot on it, and jumps 
> > > straight
> > > to that. Not exactly ideal for debugging something not produced from 
> > > op-build.
> > 
> > yes. I suppose you are using my branch powernv-4.2 which adds PNOR support
> > and a way to boot directly from PNOR. In that case, QEMU parses the PNOR
> > file to extract the PAYLOAD partition (skiboot). skiboot also detects the
> > flash and extract the kernel and initramfs from the PNOR.
> > 
> > However, you can bypass all this internal boot process by simply passing
> > a -bios option and not passing a MTD device.
> > 
> Doing so gives me the following error:
> qemu-system-ppc64: Could not load OPAL firmware 'build/coreboot.rom'
> (this is after I patched the 4mb size limit up)

Hm curious.  We'd have to delve into load_image_targphys() and see why
it's failing.  Have you checked for simple causes: incorrect path, or
bad permissions to your coreboot image.

> > I haven't published the PNOR support and the boot from PNOR yet. Lack
> > of time and because sPAPR is the priority.
> > 
> > > Do you think it would be within your wheelhouse to provide a generic, 
> > > non-ffs
> > > pnor interface for loading arbitary rom images? 
> > 
> > I should probably send the PNOR patchset now so that we can discuss on 
> > a better way to satisfy all needs.  
> > 
> > > It would be of great help if
> > > you could. (This would still hopefully have the bmc support code as
> > > well, as I'm still needing to support a system using one).
> > 
> > We have support for Aspeed machines AST2400, AST2500 and AST2600. It 
> > is possible to interconnect them through the BT device. Or you can use
> > the IPMI BT simulator of QEMU on the PowerNV machine
> > 
> > Thanks,
> > 
> > C. 
> > 
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: qemu/powernv: coreboot support?

[David Gibson]

On Sat, Oct 19, 2019 at 11:09:34AM -0500, Marty E. Plummer wrote:
> On Sat, Oct 19, 2019 at 05:53:12PM +0200, Cédric Le Goater wrote:
> > On 19/10/2019 17:31, Marty E. Plummer wrote:
> > > On Sat, Oct 19, 2019 at 03:46:59PM +0200, Cédric Le Goater wrote:
> > >> On 18/10/2019 19:28, Marty E. Plummer wrote:
> > >>> Hello,
> > >>>
> > >>> First off, thank you for the work you've done on the ppc64 support, it
> > >>> has been very useful. I'm currently working on a coreboot port for the
> > >>> talos ii line of systems (which means more ppc64 support, support
> > >>> specifically for the power9 sforza chip, and specific mainboard support.
> > >>> My plate is very full lol) and have been using qemu to debug the
> > >>> bootblock.
> > >>>
> > >>> It has been very useful for that, but I'm now at the point where I need
> > >>> to jump to romstage, and that's where it gets tricky. qemu parses the 
> > >>> rom
> > >>> image and looks for a ffs header, locates skiboot on it, and jumps 
> > >>> straight
> > >>> to that. Not exactly ideal for debugging something not produced from 
> > >>> op-build.
> > >>
> > >> yes. I suppose you are using my branch powernv-4.2 which adds PNOR 
> > >> support
> > >> and a way to boot directly from PNOR. In that case, QEMU parses the PNOR
> > >> file to extract the PAYLOAD partition (skiboot). skiboot also detects the
> > >> flash and extract the kernel and initramfs from the PNOR.
> > >>
> > >> However, you can bypass all this internal boot process by simply passing
> > >> a -bios option and not passing a MTD device.
> > >>
> > > Doing so gives me the following error:
> > > qemu-system-ppc64: Could not load OPAL firmware 'build/coreboot.rom'
> > > (this is after I patched the 4mb size limit up)
> > 
> > Could you make that rom available ? 
> > 
> Sure, I think. Not sure about how sending files works in my current mail
> client but will see. Its more or less a 'stock' (as stock as can be for
> a new coreboot target) coreboot.rom file, but I've added some logic into
> the build to fake a pnor ffs header at the end in order to trick hostboot
> bootloader into loading it.

Ok.  Note that the qemu emulated machine doesn't model the hardware
right down to the level of hostboot.  That's wy we're just loading
skiboot and jumping straight into it usually.  I guess clg's stuff to
load pnor images gets us a little closer to the hardware behaviour,
but I think it's still only a rough approximation.

> > Thanks,
> > 
> > C. 



-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: qemu/powernv: coreboot support?

[David Gibson]

On Sat, Oct 19, 2019 at 03:46:59PM +0200, Cédric Le Goater wrote:
> On 18/10/2019 19:28, Marty E. Plummer wrote:
> > Hello,
> > 
> > First off, thank you for the work you've done on the ppc64 support, it
> > has been very useful. I'm currently working on a coreboot port for the
> > talos ii line of systems (which means more ppc64 support, support
> > specifically for the power9 sforza chip, and specific mainboard support.
> > My plate is very full lol) and have been using qemu to debug the
> > bootblock.
> > 
> > It has been very useful for that, but I'm now at the point where I need
> > to jump to romstage, and that's where it gets tricky. qemu parses the rom
> > image and looks for a ffs header, locates skiboot on it, and jumps straight
> > to that. Not exactly ideal for debugging something not produced from 
> > op-build.
> 
> yes. I suppose you are using my branch powernv-4.2 which adds PNOR support
> and a way to boot directly from PNOR. In that case, QEMU parses the PNOR
> file to extract the PAYLOAD partition (skiboot). skiboot also detects the
> flash and extract the kernel and initramfs from the PNOR.

Ah!  Now I understand.  I hadn't looked at that branch, so I had no
idea what all this pnor stuff was about.  In mainline we just load
skiboot as a normal firmware file and jump into it.

> However, you can bypass all this internal boot process by simply passing
> a -bios option and not passing a MTD device.

Right.

> I haven't published the PNOR support and the boot from PNOR yet. Lack
> of time and because sPAPR is the priority.
> 
> > Do you think it would be within your wheelhouse to provide a generic, 
> > non-ffs
> > pnor interface for loading arbitary rom images? 
> 
> I should probably send the PNOR patchset now so that we can discuss on 
> a better way to satisfy all needs.  
> 
> > It would be of great help if
> > you could. (This would still hopefully have the bmc support code as
> > well, as I'm still needing to support a system using one).
> 
> We have support for Aspeed machines AST2400, AST2500 and AST2600. It 
> is possible to interconnect them through the BT device. Or you can use
> the IPMI BT simulator of QEMU on the PowerNV machine
> 
> Thanks,
> 
> C. 
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature