date:20191208

Add which features are added or removed in this version. Remove the
changed model-id in versioned CPU models.

Signed-off-by: Tao Xu 
---

Changes in v2:
- correct the note of Cascadelake v3 (Xiaoyao)
---
 target/i386/cpu.c | 50 +++
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 7b3bd6d4db..4717862cee 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2281,10 +2281,9 @@ static X86CPUDefinition builtin_x86_defs[] = {
 {
 .version = 2,
 .alias = "Nehalem-IBRS",
+.note = "IBRS",
 .props = (PropValue[]) {
 { "spec-ctrl", "on" },
-{ "model-id",
-  "Intel Core i7 9xx (Nehalem Core i7, IBRS update)" },
 { /* end of list */ }
 }
 },
@@ -2362,10 +2361,9 @@ static X86CPUDefinition builtin_x86_defs[] = {
 {
 .version = 2,
 .alias = "Westmere-IBRS",
+.note = "IBRS",
 .props = (PropValue[]) {
 { "spec-ctrl", "on" },
-{ "model-id",
-  "Westmere E56xx/L56xx/X56xx (IBRS update)" },
 { /* end of list */ }
 }
 },
@@ -2448,10 +2446,9 @@ static X86CPUDefinition builtin_x86_defs[] = {
 {
 .version = 2,
 .alias = "SandyBridge-IBRS",
+.note = "IBRS",
 .props = (PropValue[]) {
 { "spec-ctrl", "on" },
-{ "model-id",
-  "Intel Xeon E312xx (Sandy Bridge, IBRS update)" },
 { /* end of list */ }
 }
 },
@@ -2540,10 +2537,9 @@ static X86CPUDefinition builtin_x86_defs[] = {
 {
 .version = 2,
 .alias = "IvyBridge-IBRS",
+.note = "IBRS",
 .props = (PropValue[]) {
 { "spec-ctrl", "on" },
-{ "model-id",
-  "Intel Xeon E3-12xx v2 (Ivy Bridge, IBRS)" },
 { /* end of list */ }
 }
 },
@@ -2637,17 +2633,18 @@ static X86CPUDefinition builtin_x86_defs[] = {
 {
 .version = 2,
 .alias = "Haswell-noTSX",
+.note = "no TSX",
 .props = (PropValue[]) {
 { "hle", "off" },
 { "rtm", "off" },
 { "stepping", "1" },
-{ "model-id", "Intel Core Processor (Haswell, no TSX)", },
 { /* end of list */ }
 },
 },
 {
 .version = 3,
 .alias = "Haswell-IBRS",
+.note = "IBRS",
 .props = (PropValue[]) {
 /* Restore TSX features removed by -v2 above */
 { "hle", "on" },
@@ -2658,21 +2655,18 @@ static X86CPUDefinition builtin_x86_defs[] = {
  */
 { "stepping", "4" },
 { "spec-ctrl", "on" },
-{ "model-id",
-  "Intel Core Processor (Haswell, IBRS)" },
 { /* end of list */ }
 }
 },
 {
 .version = 4,
 .alias = "Haswell-noTSX-IBRS",
+.note = "no TSX, IBRS",
 .props = (PropValue[]) {
 { "hle", "off" },
 { "rtm", "off" },
 /* spec-ctrl was already enabled by -v3 above */
 { "stepping", "1" },
-{ "model-id",
-  "Intel Core Processor (Haswell, no TSX, IBRS)" },
 { /* end of list */ }
 }
 },
@@ -2768,35 +2762,33 @@ static X86CPUDefinition builtin_x86_defs[] = {
 {
 .version = 2,
 .alias = "Broadwell-noTSX",
+.note = "no TSX",
 .props = (PropValue[]) {
 { "hle", "off" },
 { "rtm", "off" },
-{ "model-id", "Intel Core Processor (Broadwell, no TSX)", 
},
 { /* end of list */ }
 },
 },
 {
 .version = 3,
 .alias = "Broadwell-IBRS",
+.note = "IBRS",
 .props = (PropValue[]) {
 /* Restore TSX features removed by -v2 above */
 { "hle", "on" },
 { "rtm", "on" },
 { "spec-ctrl", "on" },
-{ "model-id",
-  "Intel Core Processor (Broadwell, IBRS)" },
 { /* end of list */

[PATCH v2 1/4] target/i386: Add Denverton-v2 (no MPX) CPU model

Because MPX is being removed from the linux kernel, remove MPX feature
from Denverton.

Signed-off-by: Tao Xu 
---
 target/i386/cpu.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 69f518a21a..06a3077f95 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3482,6 +3482,18 @@ static X86CPUDefinition builtin_x86_defs[] = {
 .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
 .xlevel = 0x8008,
 .model_id = "Intel Atom Processor (Denverton)",
+.versions = (X86CPUVersionDefinition[]) {
+{ .version = 1 },
+{
+.version = 2,
+.props = (PropValue[]) {
+{ "monitor", "off" },
+{ "mpx", "off" },
+{ /* end of list */ },
+},
+},
+{ /* end of list */ },
+},
 },
 {
 .name = "Snowridge",
-- 
2.20.1

[PATCH v2 0/4] Add extra information to versioned CPU models

This series of patches will remove MPX from Denverton, remove Remove
monitor from some CPU models. Add additional information for -cpu help
to indicate the changes in this version of CPU model.

The output is as follows:
./x86_64-softmmu/qemu-system-x86_64 -cpu help | grep "\["
x86 Broadwell-v2  Intel Core Processor (Broadwell) [no TSX] 

x86 Broadwell-v3  Intel Core Processor (Broadwell) [IBRS]   

x86 Broadwell-v4  Intel Core Processor (Broadwell) [no TSX, IBRS]   

x86 Cascadelake-Server-v2  Intel Xeon Processor (Cascadelake) 
[ARCH_CAPABILITIES]
x86 Cascadelake-Server-v3  Intel Xeon Processor (Cascadelake) 
[ARCH_CAPABILITIES, no TSX]
x86 Denverton-v2  Intel Atom Processor (Denverton) [no MPX, no MONITOR] 

x86 Dhyana-v2 Hygon Dhyana Processor [no MONITOR]   

x86 EPYC-v2   AMD EPYC Processor [IBPB] 

x86 EPYC-v3   AMD EPYC Processor [IBPB, no MONITOR] 

x86 Haswell-v2Intel Core Processor (Haswell) [no TSX]   

x86 Haswell-v3Intel Core Processor (Haswell) [IBRS] 

x86 Haswell-v4Intel Core Processor (Haswell) [no TSX, IBRS] 

x86 Icelake-Client-v2 Intel Core Processor (Icelake) [no TSX]   

x86 Icelake-Server-v2 Intel Xeon Processor (Icelake) [no TSX]   

x86 IvyBridge-v2  Intel Xeon E3-12xx v2 (Ivy Bridge) [IBRS] 

x86 Nehalem-v2Intel Core i7 9xx (Nehalem Class Core i7) [IBRS]  

x86 Opteron_G3-v2 AMD Opteron 23xx (Gen 3 Class Opteron) [no MONITOR]   

x86 SandyBridge-v2Intel Xeon E312xx (Sandy Bridge) [IBRS]   

x86 Skylake-Client-v2 Intel Core Processor (Skylake) [IBRS] 

x86 Skylake-Client-v3 Intel Core Processor (Skylake) [no TSX, IBRS] 

x86 Skylake-Server-v2 Intel Xeon Processor (Skylake) [IBRS] 

x86 Skylake-Server-v3 Intel Xeon Processor (Skylake) [no TSX, IBRS] 

x86 Snowridge-v2  Intel Atom Processor (SnowRidge) [no MPX] 

x86 Snowridge-v3  Intel Atom Processor (SnowRidge) [no MPX, no MONITOR] 

x86 Westmere-v2   Westmere E56xx/L56xx/X56xx (Nehalem-C) [IBRS]

Changes in v2:
- correct the note of Cascadelake v3 (Xiaoyao)

Tao Xu (4):
  target/i386: Add Denverton-v2 (no MPX) CPU model
  target/i386: Remove monitor from some CPU models
  target/i386: Add new property note to versioned CPU models
  target/i386: Add notes for versioned CPU models

 target/i386/cpu.c | 112 +++---
 1 file changed, 85 insertions(+), 27 deletions(-)

-- 
2.20.1

[PATCH v2 2/4] target/i386: Remove monitor from some CPU models

Add new version of Snowridge, Denverton, Opteron_G3, EPYC, and Dhyana
CPU model to remove MONITOR/MWAIT feature.

After QEMU/KVM use "-overcommit cpu-pm=on" to expose MONITOR/MWAIT
(commit id 6f131f13e68d648a8e4f083c667ab1acd88ce4cd), the MONITOR/MWAIT
feature in these CPU model is unused.

Signed-off-by: Tao Xu 
---
 target/i386/cpu.c | 38 ++
 1 file changed, 38 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 06a3077f95..b09ac38409 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3621,6 +3621,14 @@ static X86CPUDefinition builtin_x86_defs[] = {
 { /* end of list */ },
 },
 },
+{
+.version = 3,
+.props = (PropValue[]) {
+/* mpx was already removed by -v2 above */
+{ "monitor", "off" },
+{ /* end of list */ },
+},
+},
 { /* end of list */ },
 },
 },
@@ -3732,6 +3740,17 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_EXT3_ABM | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM,
 .xlevel = 0x8008,
 .model_id = "AMD Opteron 23xx (Gen 3 Class Opteron)",
+.versions = (X86CPUVersionDefinition[]) {
+{ .version = 1 },
+{
+.version = 2,
+.props = (PropValue[]) {
+{ "monitor", "off" },
+{ /* end of list */ },
+},
+},
+{ /* end of list */ },
+},
 },
 {
 .name = "Opteron_G4",
@@ -3856,6 +3875,14 @@ static X86CPUDefinition builtin_x86_defs[] = {
 { /* end of list */ }
 }
 },
+{
+.version = 3,
+.props = (PropValue[]) {
+/* ibpb was already enabled by -v2 above */
+{ "monitor", "off" },
+{ /* end of list */ },
+},
+},
 { /* end of list */ }
 }
 },
@@ -3908,6 +3935,17 @@ static X86CPUDefinition builtin_x86_defs[] = {
 .xlevel = 0x801E,
 .model_id = "Hygon Dhyana Processor",
 .cache_info = _cache_info,
+.versions = (X86CPUVersionDefinition[]) {
+{ .version = 1 },
+{
+.version = 2,
+.props = (PropValue[]) {
+{ "monitor", "off" },
+{ /* end of list */ },
+},
+},
+{ /* end of list */ },
+},
 },
 };
 
-- 
2.20.1

[PATCH v2 3/4] target/i386: Add new property note to versioned CPU models

Add additional information for -cpu help to indicate the changes in this
version of CPU model.

Suggested-by: Eduardo Habkost 
Signed-off-by: Tao Xu 
---
 target/i386/cpu.c | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index b09ac38409..7b3bd6d4db 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1693,6 +1693,7 @@ typedef struct PropValue {
 typedef struct X86CPUVersionDefinition {
 X86CPUVersion version;
 const char *alias;
+const char *note;
 PropValue *props;
 } X86CPUVersionDefinition;
 
@@ -1723,6 +1724,7 @@ struct X86CPUModel {
 X86CPUDefinition *cpudef;
 /* CPU model version */
 X86CPUVersion version;
+const char *note;
 /*
  * If true, this is an alias CPU model.
  * This matters only for "-cpu help" and query-cpu-definitions
@@ -4788,6 +4790,7 @@ static void x86_cpu_list_entry(gpointer data, gpointer 
user_data)
 char *name = x86_cpu_class_get_model_name(cc);
 char *desc = g_strdup(cc->model_description);
 char *alias_of = x86_cpu_class_get_alias_of(cc);
+char *model_id = x86_cpu_class_get_model_id(cc);
 
 if (!desc && alias_of) {
 if (cc->model && cc->model->version == CPU_VERSION_AUTO) {
@@ -4796,14 +4799,18 @@ static void x86_cpu_list_entry(gpointer data, gpointer 
user_data)
 desc = g_strdup_printf("(alias of %s)", alias_of);
 }
 }
+if (!desc && cc->model && cc->model->note) {
+desc = g_strdup_printf("%s [%s]", model_id, cc->model->note);
+}
 if (!desc) {
-desc = x86_cpu_class_get_model_id(cc);
+desc = g_strdup_printf("%s", model_id);
 }
 
-qemu_printf("x86 %-20s  %-48s\n", name, desc);
+qemu_printf("x86 %-20s  %-58s\n", name, desc);
 g_free(name);
 g_free(desc);
 g_free(alias_of);
+g_free(model_id);
 }
 
 /* list available CPU models and flags */
@@ -5280,6 +5287,7 @@ static void x86_register_cpudef_types(X86CPUDefinition 
*def)
 X86CPUModel *m = g_new0(X86CPUModel, 1);
 m->cpudef = def;
 m->version = vdef->version;
+m->note = vdef->note;
 name = x86_cpu_versioned_model_name(def, vdef->version);
 x86_register_cpu_model_type(name, m);
 g_free(name);
-- 
2.20.1

Re: [PULL 0/1] ppc-for-4.2 queue 20191206

On Fri, Dec 06, 2019 at 01:40:19PM +, Peter Maydell wrote:
> On Fri, 6 Dec 2019 at 11:19, Peter Maydell  wrote:
> >
> > On Fri, 6 Dec 2019 at 10:43, David Gibson  
> > wrote:
> > >
> > > On Fri, Dec 06, 2019 at 09:52:54AM +, Peter Maydell wrote:
> > > > On Fri, 6 Dec 2019 at 04:41, David Gibson  
> > > > wrote:
> > > > >
> > > > > The following changes since commit 
> > > > > 1bdc319ab5d289ce6b822e06fb2b13666fd9278e:
> > > > >
> > > > >   Update version for v4.2.0-rc4 release (2019-12-03 17:56:30 +)
> > > > >
> > > > > are available in the Git repository at:
> > > > >
> > > > >   git://github.com/dgibson/qemu.git tags/ppc-for-4.2-20191206
> > > > >
> > > > > for you to fetch changes up to 
> > > > > d887a8cfc083bcf3856f9f42352989f3624e0cae:
> > > > >
> > > > >   pseries: Update SLOF firmware image (2019-12-06 15:33:23 +1100)
> > > > >
> > > > > 
> > > > > ppc patch queue 2019-12-06
> > > > >
> > > > > This is a last minute pull request for ppc-for-4.2.  I know it's very
> > > > > late in freeze, but this does fix a regression: a bad interaction
> > > > > between the new qemu and SLOF device tree construction code means that
> > > > > SLOF will crash if PCI to PCI bridges are included in the system.
> > > >
> > > > I really really really don't want to do an rc5. This would
> > > > have to be "everybody using ppc gets crashes" for me to
> > > > really want to put it in at this point...
> > >
> > > Yeah, alright.  I'll send it to Mike for a 4.2.1.
> >
> > Paolo says he has something that needs to go into rc5, so maybe
> > we can take this too. How confident are you that the change is
> > small and safe? It's a bit hard to tell with updates to
> > firmware binaries.
> 
> ...I just read the commit message for the firmware blob update.
> That is way too many random changes to go into rc5. I'd have
> taken a firmware blob update that was just "one change, fixing
> this specific bug", but not one which has all that other stuff too.

Yeah, that's a good point.  I've just resent, but with a cherry-picked
update that only includes the SLOF patches directly relevant to this
regression.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[PATCH v1 ppc-for-5.0 2/2] ppc/spapr: Support reboot of secure pseries guest

2019-12-08 Thread Bharata B Rao

A pseries guest can be run as a secure guest on Ultravisor-enabled
POWER platforms. When such a secure guest is reset, we need to
release/reset a few resources both on ultravisor and hypervisor side.
This is achieved by invoking this new ioctl KVM_PPC_SVM_OFF from the
machine reset path.

As part of this ioctl, the secure guest is essentially transitioned
back to normal mode so that it can reboot like a regular guest and
become secure again.

This ioctl has no effect when invoked for a normal guest.

Signed-off-by: Bharata B Rao 
---
 hw/ppc/spapr.c   | 1 +
 target/ppc/kvm.c | 7 +++
 target/ppc/kvm_ppc.h | 6 ++
 3 files changed, 14 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index f11422fc41..4c7ad3400d 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1597,6 +1597,7 @@ static void spapr_machine_reset(MachineState *machine)
 void *fdt;
 int rc;
 
+kvmppc_svm_off();
 spapr_caps_apply(spapr);
 
 first_ppc_cpu = POWERPC_CPU(first_cpu);
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 7406d18945..1a86fa4f0c 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -2900,3 +2900,10 @@ void kvmppc_set_reg_tb_offset(PowerPCCPU *cpu, int64_t 
tb_offset)
 kvm_set_one_reg(cs, KVM_REG_PPC_TB_OFFSET, _offset);
 }
 }
+
+int kvmppc_svm_off(void)
+{
+KVMState *s = KVM_STATE(current_machine->accelerator);
+
+return kvm_vm_ioctl(s, KVM_PPC_SVM_OFF);
+}
diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
index 47b08a4030..5cc812e486 100644
--- a/target/ppc/kvm_ppc.h
+++ b/target/ppc/kvm_ppc.h
@@ -37,6 +37,7 @@ int kvmppc_booke_watchdog_enable(PowerPCCPU *cpu);
 target_ulong kvmppc_configure_v3_mmu(PowerPCCPU *cpu,
  bool radix, bool gtse,
  uint64_t proc_tbl);
+int kvmppc_svm_off(void);
 #ifndef CONFIG_USER_ONLY
 bool kvmppc_spapr_use_multitce(void);
 int kvmppc_spapr_enable_inkernel_multitce(void);
@@ -201,6 +202,11 @@ static inline target_ulong 
kvmppc_configure_v3_mmu(PowerPCCPU *cpu,
 return 0;
 }
 
+static inline int kvmppc_svm_off(void)
+{
+return 0;
+}
+
 static inline void kvmppc_set_reg_ppc_online(PowerPCCPU *cpu,
  unsigned int online)
 {
-- 
2.21.0

[PATCH v1 ppc-for-5.0 1/2] linux-headers: Update

2019-12-08 Thread Bharata B Rao

Update to mainline commit: e42617b825f8 ("Linux 5.5-rc1")

Signed-off-by: Bharata B Rao 
---
 include/standard-headers/asm-x86/bootparam.h  |  7 +-
 .../infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h | 15 +++-
 include/standard-headers/drm/drm_fourcc.h | 28 ++-
 .../linux/input-event-codes.h | 77 +++
 include/standard-headers/linux/pci_regs.h |  3 +
 .../standard-headers/rdma/vmw_pvrdma-abi.h|  5 ++
 linux-headers/linux/kvm.h |  1 +
 7 files changed, 132 insertions(+), 4 deletions(-)

diff --git a/include/standard-headers/asm-x86/bootparam.h 
b/include/standard-headers/asm-x86/bootparam.h
index a6f7cf535e..072e2ed546 100644
--- a/include/standard-headers/asm-x86/bootparam.h
+++ b/include/standard-headers/asm-x86/bootparam.h
@@ -2,7 +2,7 @@
 #ifndef _ASM_X86_BOOTPARAM_H
 #define _ASM_X86_BOOTPARAM_H
 
-/* setup_data types */
+/* setup_data/setup_indirect types */
 #define SETUP_NONE 0
 #define SETUP_E820_EXT 1
 #define SETUP_DTB  2
@@ -11,6 +11,11 @@
 #define SETUP_APPLE_PROPERTIES 5
 #define SETUP_JAILHOUSE6
 
+#define SETUP_INDIRECT (1<<31)
+
+/* SETUP_INDIRECT | max(SETUP_*) */
+#define SETUP_TYPE_MAX (SETUP_INDIRECT | SETUP_JAILHOUSE)
+
 /* ram_size flags */
 #define RAMDISK_IMAGE_START_MASK   0x07FF
 #define RAMDISK_PROMPT_FLAG0x8000
diff --git 
a/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h 
b/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h
index d019872608..a5a1c8234e 100644
--- a/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h
+++ b/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h
@@ -58,7 +58,8 @@
 #define PVRDMA_ROCEV1_VERSION  17
 #define PVRDMA_ROCEV2_VERSION  18
 #define PVRDMA_PPN64_VERSION   19
-#define PVRDMA_VERSION PVRDMA_PPN64_VERSION
+#define PVRDMA_QPHANDLE_VERSION20
+#define PVRDMA_VERSION PVRDMA_QPHANDLE_VERSION
 
 #define PVRDMA_BOARD_ID1
 #define PVRDMA_REV_ID  1
@@ -581,6 +582,17 @@ struct pvrdma_cmd_create_qp_resp {
uint32_t max_inline_data;
 };
 
+struct pvrdma_cmd_create_qp_resp_v2 {
+   struct pvrdma_cmd_resp_hdr hdr;
+   uint32_t qpn;
+   uint32_t qp_handle;
+   uint32_t max_send_wr;
+   uint32_t max_recv_wr;
+   uint32_t max_send_sge;
+   uint32_t max_recv_sge;
+   uint32_t max_inline_data;
+};
+
 struct pvrdma_cmd_modify_qp {
struct pvrdma_cmd_hdr hdr;
uint32_t qp_handle;
@@ -663,6 +675,7 @@ union pvrdma_cmd_resp {
struct pvrdma_cmd_create_cq_resp create_cq_resp;
struct pvrdma_cmd_resize_cq_resp resize_cq_resp;
struct pvrdma_cmd_create_qp_resp create_qp_resp;
+   struct pvrdma_cmd_create_qp_resp_v2 create_qp_resp_v2;
struct pvrdma_cmd_query_qp_resp query_qp_resp;
struct pvrdma_cmd_destroy_qp_resp destroy_qp_resp;
struct pvrdma_cmd_create_srq_resp create_srq_resp;
diff --git a/include/standard-headers/drm/drm_fourcc.h 
b/include/standard-headers/drm/drm_fourcc.h
index a308c91b4f..46d279f515 100644
--- a/include/standard-headers/drm/drm_fourcc.h
+++ b/include/standard-headers/drm/drm_fourcc.h
@@ -68,7 +68,7 @@ extern "C" {
 #define fourcc_code(a, b, c, d) ((uint32_t)(a) | ((uint32_t)(b) << 8) | \
 ((uint32_t)(c) << 16) | ((uint32_t)(d) << 24))
 
-#define DRM_FORMAT_BIG_ENDIAN (1<<31) /* format is big endian instead of 
little endian */
+#define DRM_FORMAT_BIG_ENDIAN (1U<<31) /* format is big endian instead of 
little endian */
 
 /* Reserve 0 for the invalid format specifier */
 #define DRM_FORMAT_INVALID 0
@@ -647,7 +647,21 @@ extern "C" {
  * Further information on the use of AFBC modifiers can be found in
  * Documentation/gpu/afbc.rst
  */
-#define DRM_FORMAT_MOD_ARM_AFBC(__afbc_mode)   fourcc_mod_code(ARM, 
__afbc_mode)
+
+/*
+ * The top 4 bits (out of the 56 bits alloted for specifying vendor specific
+ * modifiers) denote the category for modifiers. Currently we have only two
+ * categories of modifiers ie AFBC and MISC. We can have a maximum of sixteen
+ * different categories.
+ */
+#define DRM_FORMAT_MOD_ARM_CODE(__type, __val) \
+   fourcc_mod_code(ARM, ((uint64_t)(__type) << 52) | ((__val) & 
0x000fULL))
+
+#define DRM_FORMAT_MOD_ARM_TYPE_AFBC 0x00
+#define DRM_FORMAT_MOD_ARM_TYPE_MISC 0x01
+
+#define DRM_FORMAT_MOD_ARM_AFBC(__afbc_mode) \
+   DRM_FORMAT_MOD_ARM_CODE(DRM_FORMAT_MOD_ARM_TYPE_AFBC, __afbc_mode)
 
 /*
  * AFBC superblock size
@@ -741,6 +755,16 @@ extern "C" {
  */
 #define AFBC_FORMAT_MOD_BCH (1ULL << 11)
 
+/*
+ * Arm 16x16 Block U-Interleaved modifier
+ *
+ * This is used by Arm Mali Utgard and Midgard GPUs. It divides the image
+ * into 16x16 pixel blocks. Blocks are

[PATCH v1 ppc-for-5.0 0/2] ppc/spapr: Support reboot of secure pseries guest

2019-12-08 Thread Bharata B Rao

This patchset adds KVM_PPC_SVM_OFF ioctl which is required to support
reset of secure guest. This includes linux-headers update so that we get
the newly introduced ioctl.

v0: https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg02408.html

Bharata B Rao (2):
  linux-headers: Update
  ppc/spapr: Support reboot of secure pseries guest

 hw/ppc/spapr.c|  1 +
 include/standard-headers/asm-x86/bootparam.h  |  7 +-
 .../infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h | 15 +++-
 include/standard-headers/drm/drm_fourcc.h | 28 ++-
 .../linux/input-event-codes.h | 77 +++
 include/standard-headers/linux/pci_regs.h |  3 +
 .../standard-headers/rdma/vmw_pvrdma-abi.h|  5 ++
 linux-headers/linux/kvm.h |  1 +
 target/ppc/kvm.c  |  7 ++
 target/ppc/kvm_ppc.h  |  6 ++
 10 files changed, 146 insertions(+), 4 deletions(-)

-- 
2.21.0

[PULL 1/1] pseries: Update SLOF firmware image

From: Alexey Kardashevskiy 

This fixes PCI bridge regression.

Alexey Kardashevskiy (3):
  ibm,client-architecture-support: Fix stack handling
  fdt: Fix updating the tree at H_CAS
  version: update to 20191209

Signed-off-by: Alexey Kardashevskiy 
Signed-off-by: David Gibson 
---
 pc-bios/README   |   2 +-
 pc-bios/slof.bin | Bin 928552 -> 931040 bytes
 roms/SLOF|   2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pc-bios/README b/pc-bios/README
index 830645c51f..91218c69e9 100644
--- a/pc-bios/README
+++ b/pc-bios/README
@@ -17,7 +17,7 @@
 - SLOF (Slimline Open Firmware) is a free IEEE 1275 Open Firmware
   implementation for certain IBM POWER hardware.  The sources are at
   https://github.com/aik/SLOF, and the image currently in qemu is
-  built from git tag qemu-slof-20191022.
+  built from git tag qemu-slof-20191209.
 
 - sgabios (the Serial Graphics Adapter option ROM) provides a means for
   legacy x86 software to communicate with an attached serial console as
diff --git a/pc-bios/slof.bin b/pc-bios/slof.bin
index 
0b93fe8c011fc352803dc24e3110b7f926493769..50fc9b1e1cb837809c38fed1e9099b262e8600f1
 100644
GIT binary patch
delta 5477
zcmcIoZEzdK8J6}W>+MN>Gp-$0%_u%P2A?P$N<=|yjTW4FrmadYV
zI7}Kl43lK|QA84F4L=yuFsTU)BO2h`(k7;2sE46oXo{2%g9bWn3LTo^M{Af4>AR(^BnaofFkJ0DL(Vo}_TmBUHid;Ra6F}CPc^v~#>C0(4l12tL5B
z7YD>Vr~a$vTZb2~=+!X}WiE+Ax!U^_ypVKST~C2Or`4Vk-6ghPQE#b2
zr*q=bN))X|XFQ^2B|05IXU4@>ccSg9(JNizk}*`bo_hISN4IHECM`bnCVBwkOudvv
zUUge$su`&?@&$yxd$Talh#pRpGsQbYcTmsepTK
zQ@2XvnNXE^MpailJ((%-p=7GgD3t5^iW|
zRVH`ml`kqlP#G2b=;};PT(Xg?LkM1cn>eqUPI|PNdro?BwQwCUdqDi$sv2u1|5L|3
z?=(A9>J5+@2K=b$@2hx(%BPAIE7FmA^MML
z-(KXi3;m!2jtV`1Kb?U?m($hN0Zp;#FX0W!VY72NWh7@qDdW&$CBjAhni(%
z`pF92$W@$KFsBfY3E*Fkg-Fl+P{?<*8L5^q-#yd^9lW*fYq1Bq?$`f1?CsXr()GZt5
ze^gJrXSLSqFLg`e=@04nOj9#b4+$`C4fwZhh3T}=Y`8XgX#(lg;W2*c84Lurf@v_&
z+G(s0)0Df6O~#GIY)VU9vPf)Yv4gJZEp@mz5)C`)TH}(USW2q`(8u(E2z*n;3
z1~~sg%SrgT__WrzsGutnP4e;hkdSl^hJ=DRTE7mXR5flFUV|Z4X~p9f@}s|N
zY&)D#%2zK*nKan|8;j*w3|uJFW-s7O`9h(R*G_6NX+5d^jyB5g7WzqLwQdpdRqKqf
zo#>t@#8_^0_h2VZ><$SS-as#XB~Lu7wVLIrrJ|1#h=c}JP|$kp|J
zqx{g7<@dx?ASbUE&%P?%J1%Xdfw)^2SuQz-CKewl>N55WlxKG?3uw
zLCBVg8M2|gaU(39bcWn4V~lYxj>V7B{EXYi
zAna4AUg6bO$Bt@f!;(Yyo+J-*l8$Q*(R8bfsV~EuKVhPM`Ova+z%xJ;8^41
z$vsrTwMzg65bAnCx(VeQN+zxT>e9YGFPmWtCgJeGn>*E3FbT_o9|3C!W_@MjWu}$(Zb0K)PhV
z8VE~w$PaNVoHDF760mC5<}4lSYv@50OZLOv{R8?f04o^b6YxE7ZLy>*^9x#VZ#*`L
z>BkIq8>v>&{gQV5D{3R@+g;XF$?m|;t=j^HOHw?(yKI@dhJ7Cv_q?CvLO_I0~S#h%XPN9%qs-kjB~R-?HAu`8$Z
zB6RVRIDTH}4mp;(FR{@`2V*VexRS3=LMg6C`chku0BKe=|+n^Qg$MtIsHgB4K
zteY#%HfT6_T(qy!c+;Zrto}8lt;It7=E~&{LsMeVViAL){)-yaB9P!)dMmVI|6BSK
zH=&?
zpv`ZmBTkC*+YQ@I6bN=p0O{{Ge6kRr<}|p`r1{_}1Q2=*KLh(?;ez?%u;B!CpDy
zT-eaK1o_j%vY%!rO?<2s_EU$ncxb<&7Lt;t@yt~oWm3}O^n-@`s*rz*;4wPase<9X
z@b3$mk|`3D@x4m^;OLk^933<6BDQQ7BUjO2DwWAYf6dnH4q|bdthQ`Fbm=sUd^_U>
z;*r=d@EP99rpvZ8F7HY3?7
zg;kzeO)K!r44;wXx%i9Arlf$7pv5N6#6t@IWh};eJ&5(Ql9Du{+tDxQaw`)cM+ExYU*52YPX!D
z`75=f<5B;V0>8xYv>eyl89qx=5O?IVl^emQ=9
z(SB6I$;x_D<;Z!(VqD+FoYM;DVTR8raOzJ*#NH}?sinw5x8(HgFz7|v
zl$3>aoZ*WV_$0+iWacP`(1wPI29TL7~VINs%88IvoU*dU_RAa(3gj-Es_+%n!sfAmawqMK;mj~L7>4SpD1W(4_RP%?X@CW|^d^2ya

delta 3433
zcmbW3eQXow9mnsU^UGbF7$*TI7)Y<##tyoqj={l~CczCOWK_+(j)AvHC2uB#4aW;f
z=T}M^&0c($m-%RpS&4cW*>^$e|hVt+gIsgy1KUX{CdnkjeKA49+W*E+2gKLr^s80g96`<>VkMm;Oo)+G)W8m
zr>6fqJy{m{egP%iBvQ;bzd;u`9_KwEd=lq3i?DE9;Okq_bd0nu^SjH?Ihnj%io)gS
z+%PeH30>TY^r#MEQS
zmoV??8#%hC`|aje+Y+d$g)_anIUzJvYs}O>%*juSXi}9qjh^Hkni}Wgo6Z%g(?e5RN_dPFiS1*
zmkW0^q0uGW0pLE%Z@}MLC;S*T*>%EGV23a9_mfxF3qu>q67nOec(9FZo!%f1Q+QPkEXg6uf4q;=3God`Q=^OJ+n>b$GG%7s#g%e$$DG3FS
z1%$P>7CItrGuxL?Ncua%i>pu~@Y1`TRrtk2f}gI*jYGnr5|oG#e^eNG1YL{a*hW*u
z=tu7e?`~=YdbwfGnY=SZ{-Zd#
zdwc2WpHQQ7*hXvoQ=Hu5Qd2pH-xU=)s3{Utq>C1$F5->{B`38c`k+LgKq@G8Qmsq<
zFc*2_iXn0lN9rV}OTEeXtbu=sV+H~wzmOzQhMrSbP+YcIX=XKJAJJpW+a1O0q}
zD?QN0V$SXN#sL;dhexU}cd6-|!#^ge)g6JFCh?upQ94i>yLUmxG-=xaa9q`)HockE`M>pyAGVu_(20t(mlivV_AjzCkuHAJGI#{
z9MJfLfkQrskKtjBPZ@ZY@i>lae5R1w9gHV|TD*WH~`$OrkCu%iL`gL!oGIRZI8
zCt^SFImoByGUN2efW~33$a{Al>WhL%+2CTok7$M{^UJ^~`~;_e(LqMT5S?
z^elEiL|>m%S5IJ4LZcreo|3`?q>RgL2qMvT+@%OJa}vJ0aptH*5m`y
z1|1rK!dZh3jZpo%!=OVWpeuU4nB&=XBm&+VaktPKUv6~m5j#>
zIuwF}kY9IaoIa+f3_2V1`jSBp=KSFsgywl*<;0u^8Gr`#1)@xMV}BDJXdV*l`2^z~
zI70ccdGOcs8OFy9dXni=1|0^WgU%-ndYbM*Uo_~MoW9UOt%<|tW?Ly*7$%j?Ham~3
zC$X~Kb`**9ixBK<8LaqiBdFmNj{9x(=wm-#qPA#Z8nSSfg=wrjY-^@Jr0_w_rtuWm
de>w0HSa)_*X|d6(m?$kJ(|

[PULL 0/1] ppc-for-4.2 queue 2019-12-06

The following changes since commit 02f9c885edefae66d787847758d13ed60c0f539e:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging 
(2019-12-06 15:05:20 +)

are available in the Git repository at:

  git://github.com/dgibson/qemu.git tags/ppc-for-4.2-20191209

for you to fetch changes up to a2fad86497b981426dc720236c15f2a99ca674a9:

  pseries: Update SLOF firmware image (2019-12-09 12:16:26 +1100)


ppc patch queue 2019-12-09

This is a last minute pull request for ppc-for-4.2.  It fixes a
regression: a bad interaction between the new qemu and SLOF device
tree construction code means that SLOF will crash if PCI to PCI
bridges are included in the system.

This PR supersedes ppc-for-4.2-20191206.  This one has only a more
minimal change to the firmware addressed only at fixing this bug and
not incorporating some other unrelated changes that happened in the
meantime.

This is very late, maybe too late.  However, since there appears to be
an -rc5 in the works for other reasons, I figured it was worth
submitting this in case.

Alexey Kardashevskiy (1): pseries: Update SLOF firmware image

 pc-bios/README   |   2 +-
 pc-bios/slof.bin | Bin 928552 -> 931040 bytes
 roms/SLOF|   2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

Re: [PATCH 1/5] arm64: zynqmp: Add firmware DT node

2019-12-08 Thread Michal Simek

Hi, +Edgar

On 08. 12. 19 23:38, Guenter Roeck wrote:
> On Fri, Oct 18, 2019 at 06:07:31PM +0200, Michael Tretter wrote:
>> From: Rajan Vaja 
>>
>> Add firmware DT node in ZynqMP device tree. This node
>> uses bindings as per new firmware interface driver.
>>
>> Signed-off-by: Rajan Vaja 
>> Signed-off-by: Michal Simek 
>> Signed-off-by: Michael Tretter 
> 
> With this patch applied in the mainline kernel, the qemu xlnx-zcu102
> emulation crashes (see below). Any idea what it might take to get
> qemu back to working ?

Driver talks through ATF to PMU unit(microblaze). I don't think A53+MB
concept is working with mainline qemu. But crash is too hard. It should
be no response from PMU and then this panic.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/firmware/xilinx/zynqmp.c?h=v5.5-rc1#n728

Edgar: can you please comment this?

Thanks,
Michal

[PATCH v6 1/2] hw/arm/acpi: simplify AML bit and/or statement

2019-12-08 Thread Heyi Guo

The last argument of AML bit and/or statement is the target variable,
so we don't need to use a NULL target and then an additional store
operation; using just aml_and() or aml_or() statement is enough.

Also update tests/data/acpi/virt/DSDT* to pass "make check".

Cc: Shannon Zhao 
Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Suggested-by: Igor Mammedov 
Reviewed-by: Igor Mammedov 
Signed-off-by: Heyi Guo 
---
 hw/arm/virt-acpi-build.c  |  16 
 tests/data/acpi/virt/DSDT | Bin 18470 -> 18462 bytes
 tests/data/acpi/virt/DSDT.memhp   | Bin 19807 -> 19799 bytes
 tests/data/acpi/virt/DSDT.numamem | Bin 18470 -> 18462 bytes
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 4cd50175e0..51b293e0a1 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -267,17 +267,17 @@ static void acpi_dsdt_add_pci(Aml *scope, const 
MemMapEntry *memmap,
 aml_create_dword_field(aml_arg(3), aml_int(8), "CDW3"));
 aml_append(ifctx, aml_store(aml_name("CDW2"), aml_name("SUPP")));
 aml_append(ifctx, aml_store(aml_name("CDW3"), aml_name("CTRL")));
-aml_append(ifctx, aml_store(aml_and(aml_name("CTRL"), aml_int(0x1D), NULL),
-aml_name("CTRL")));
+aml_append(ifctx, aml_and(aml_name("CTRL"), aml_int(0x1D),
+  aml_name("CTRL")));
 
 ifctx1 = aml_if(aml_lnot(aml_equal(aml_arg(1), aml_int(0x1;
-aml_append(ifctx1, aml_store(aml_or(aml_name("CDW1"), aml_int(0x08), NULL),
- aml_name("CDW1")));
+aml_append(ifctx1, aml_or(aml_name("CDW1"), aml_int(0x08),
+  aml_name("CDW1")));
 aml_append(ifctx, ifctx1);
 
 ifctx1 = aml_if(aml_lnot(aml_equal(aml_name("CDW3"), aml_name("CTRL";
-aml_append(ifctx1, aml_store(aml_or(aml_name("CDW1"), aml_int(0x10), NULL),
- aml_name("CDW1")));
+aml_append(ifctx1, aml_or(aml_name("CDW1"), aml_int(0x10),
+  aml_name("CDW1")));
 aml_append(ifctx, ifctx1);
 
 aml_append(ifctx, aml_store(aml_name("CTRL"), aml_name("CDW3")));
@@ -285,8 +285,8 @@ static void acpi_dsdt_add_pci(Aml *scope, const MemMapEntry 
*memmap,
 aml_append(method, ifctx);
 
 elsectx = aml_else();
-aml_append(elsectx, aml_store(aml_or(aml_name("CDW1"), aml_int(4), NULL),
-  aml_name("CDW1")));
+aml_append(elsectx, aml_or(aml_name("CDW1"), aml_int(4),
+   aml_name("CDW1")));
 aml_append(elsectx, aml_return(aml_arg(3)));
 aml_append(method, elsectx);
 aml_append(dev, method);
diff --git a/tests/data/acpi/virt/DSDT b/tests/data/acpi/virt/DSDT
index 
bce76e3d23e99e6c5ef64c94c770282dd30ecdd0..05bcfc8a912f58f266aa906563ea01c24906717e
 100644
GIT binary patch
delta 133
zcmZ2BfpOjhMlP3Nmk>D*1_q|2iCof5o%I{lJ2{y;?{412x!p#mARjJS5V=5L(Nq{%?q7$gZ1761tsfcPNsCD{x4
MAmS{W8QoPG0j8@bzW@LL

delta 141
zcmbO?fpOUcMlP3Nmk>1%1_q`n6S<_B8XGpMcXBc{-rKy1bGwazA7{LOuro_nHiNTE
zxZwi7$(3%F{sq;}AwfP|vJ41%1_q`n6S<_B8XGpMcXBc{-rKy1bGwazA7{LOuro_nHiNTE
zxZwi7$(3%F{sq;}AwfP|vJ4

[PATCH v2] util/cutils: Expand do_strtosz parsing precision to 64 bits

Parse input string both as a double and as a uint64_t, then use the
method which consumes more characters. Update the related test cases.

Signed-off-by: Tao Xu 
---

Changes in v2:
- Add more test case for double overflow and underflow.
- Set mul as int64_t (Markus)
- Restore endptr (Markus)
---
 tests/test-cutils.c| 37 +++
 tests/test-keyval.c| 47 +
 tests/test-qemu-opts.c | 39 +---
 util/cutils.c  | 67 +++---
 4 files changed, 75 insertions(+), 115 deletions(-)

diff --git a/tests/test-cutils.c b/tests/test-cutils.c
index 1aa8351520..6fa9f88488 100644
--- a/tests/test-cutils.c
+++ b/tests/test-cutils.c
@@ -1970,40 +1970,25 @@ static void test_qemu_strtosz_simple(void)
 g_assert_cmpint(err, ==, 0);
 g_assert_cmpint(res, ==, 12345);
 
-/* Note: precision is 53 bits since we're parsing with strtod() */
-
-str = "9007199254740991"; /* 2^53-1 */
-err = qemu_strtosz(str, , );
-g_assert_cmpint(err, ==, 0);
-g_assert_cmpint(res, ==, 0x1f);
-g_assert(endptr == str + 16);
-
-str = "9007199254740992"; /* 2^53 */
-err = qemu_strtosz(str, , );
-g_assert_cmpint(err, ==, 0);
-g_assert_cmpint(res, ==, 0x20);
-g_assert(endptr == str + 16);
+/* Note: precision is 64 bits (UINT64_MAX) */
 
 str = "9007199254740993"; /* 2^53+1 */
 err = qemu_strtosz(str, , );
 g_assert_cmpint(err, ==, 0);
-g_assert_cmpint(res, ==, 0x20); /* rounded to 53 bits */
+g_assert_cmpint(res, ==, 0x21);
 g_assert(endptr == str + 16);
 
-str = "18446744073709549568"; /* 0xf800 (53 msbs set) */
+str = "18446744073709550591"; /* 0xfbff */
 err = qemu_strtosz(str, , );
 g_assert_cmpint(err, ==, 0);
-g_assert_cmpint(res, ==, 0xf800);
+g_assert_cmpint(res, ==, 0xfbff);
 g_assert(endptr == str + 20);
 
-str = "18446744073709550591"; /* 0xfbff */
+str = "18446744073709551615"; /* 2^64-1 (UINT64_MAX) */
 err = qemu_strtosz(str, , );
 g_assert_cmpint(err, ==, 0);
-g_assert_cmpint(res, ==, 0xf800); /* rounded to 53 bits */
+g_assert_cmpint(res, ==, 0x);
 g_assert(endptr == str + 20);
-
-/* 0x7e00..0x7fff get rounded to
- * 0x8000, thus -ERANGE; see test_qemu_strtosz_erange() */
 }
 
 static void test_qemu_strtosz_units(void)
@@ -2145,20 +2130,20 @@ static void test_qemu_strtosz_erange(void)
 g_assert_cmpint(err, ==, -ERANGE);
 g_assert(endptr == str + 2);
 
-str = "18446744073709550592"; /* 0xfc00 */
+str = "18446744073709551616"; /* 2^64 */
 err = qemu_strtosz(str, , );
 g_assert_cmpint(err, ==, -ERANGE);
 g_assert(endptr == str + 20);
 
-str = "18446744073709551615"; /* 2^64-1 */
+str = "1.7976931348623158e+308"; /* DBL_MAX */
 err = qemu_strtosz(str, , );
 g_assert_cmpint(err, ==, -ERANGE);
-g_assert(endptr == str + 20);
+g_assert(endptr == str + 23);
 
-str = "18446744073709551616"; /* 2^64 */
+str = "2.2250738585072014e-308"; /* DBL_MIN */
 err = qemu_strtosz(str, , );
 g_assert_cmpint(err, ==, -ERANGE);
-g_assert(endptr == str + 20);
+g_assert(endptr == str + 23);
 
 str = "20E";
 err = qemu_strtosz(str, , );
diff --git a/tests/test-keyval.c b/tests/test-keyval.c
index 09b0ae3c68..fad941fcb8 100644
--- a/tests/test-keyval.c
+++ b/tests/test-keyval.c
@@ -383,59 +383,26 @@ static void test_keyval_visit_size(void)
 visit_end_struct(v, NULL);
 visit_free(v);
 
-/* Note: precision is 53 bits since we're parsing with strtod() */
+/* Note: precision is 64 bits (UINT64_MAX) */
 
-/* Around limit of precision: 2^53-1, 2^53, 2^53+1 */
-qdict = keyval_parse("sz1=9007199254740991,"
- "sz2=9007199254740992,"
- "sz3=9007199254740993",
+/* Around limit of precision: UINT64_MAX - 1, UINT64_MAX */
+qdict = keyval_parse("sz1=18446744073709551614,"
+ "sz2=18446744073709551615",
  NULL, _abort);
 v = qobject_input_visitor_new_keyval(QOBJECT(qdict));
 qobject_unref(qdict);
 visit_start_struct(v, NULL, NULL, 0, _abort);
 visit_type_size(v, "sz1", , _abort);
-g_assert_cmphex(sz, ==, 0x1f);
+g_assert_cmphex(sz, ==, 0xfffe);
 visit_type_size(v, "sz2", , _abort);
-g_assert_cmphex(sz, ==, 0x20);
-visit_type_size(v, "sz3", , _abort);
-g_assert_cmphex(sz, ==, 0x20);
-visit_check_struct(v, _abort);
-visit_end_struct(v, NULL);
-visit_free(v);
-
-/* Close to signed upper limit 0x7c00 (53 msbs set) */
-qdict = keyval_parse("sz1=9223372036854774784," /* 7c00 */
-

[PATCH v6 0/2] arm/acpi: simplify aml code and enable SHPC

2019-12-08 Thread Heyi Guo

After the introduction of generic PCIe root port and PCIe-PCI bridge, we will
also have SHPC controller on ARM, and we don't support ACPI hot plug, so just
enable SHPC native hot plug.

Igor also spotted the store operation outside of bit and/or is not necessary, so
simply the code at first.

v6:
- Fix "make check" errors by updating tests/data/acpi/virt/DSDT*.

v5:
- Refine commit message of patch 1/2

v4:
- Improve the code indention.

Cc: Shannon Zhao 
Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 



Heyi Guo (2):
  hw/arm/acpi: simplify AML bit and/or statement
  hw/arm/acpi: enable SHPC native hot plug

 hw/arm/virt-acpi-build.c  |  21 +
 tests/data/acpi/virt/DSDT | Bin 18470 -> 18462 bytes
 tests/data/acpi/virt/DSDT.memhp   | Bin 19807 -> 19799 bytes
 tests/data/acpi/virt/DSDT.numamem | Bin 18470 -> 18462 bytes
 4 files changed, 13 insertions(+), 8 deletions(-)

-- 
2.19.1

[PATCH v6 2/2] hw/arm/acpi: enable SHPC native hot plug

2019-12-08 Thread Heyi Guo

After the introduction of generic PCIe root port and PCIe-PCI bridge,
we will also have SHPC controller on ARM, so just enable SHPC native
hot plug.

Also update tests/data/acpi/virt/DSDT* to pass "make check".

Cc: Shannon Zhao 
Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Reviewed-by: Igor Mammedov 
Signed-off-by: Heyi Guo 
---
 hw/arm/virt-acpi-build.c  |   7 ++-
 tests/data/acpi/virt/DSDT | Bin 18462 -> 18462 bytes
 tests/data/acpi/virt/DSDT.memhp   | Bin 19799 -> 19799 bytes
 tests/data/acpi/virt/DSDT.numamem | Bin 18462 -> 18462 bytes
 4 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 51b293e0a1..bd5f771e9b 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -267,7 +267,12 @@ static void acpi_dsdt_add_pci(Aml *scope, const 
MemMapEntry *memmap,
 aml_create_dword_field(aml_arg(3), aml_int(8), "CDW3"));
 aml_append(ifctx, aml_store(aml_name("CDW2"), aml_name("SUPP")));
 aml_append(ifctx, aml_store(aml_name("CDW3"), aml_name("CTRL")));
-aml_append(ifctx, aml_and(aml_name("CTRL"), aml_int(0x1D),
+
+/*
+ * Allow OS control for all 5 features:
+ * PCIeHotplug SHPCHotplug PME AER PCIeCapability.
+ */
+aml_append(ifctx, aml_and(aml_name("CTRL"), aml_int(0x1F),
   aml_name("CTRL")));
 
 ifctx1 = aml_if(aml_lnot(aml_equal(aml_arg(1), aml_int(0x1;
diff --git a/tests/data/acpi/virt/DSDT b/tests/data/acpi/virt/DSDT
index 
05bcfc8a912f58f266aa906563ea01c24906717e..d0f3afeb134fdf1c11f64cd06dbcdd30be603b80
 100644
GIT binary patch
delta 28
kcmbO?fpOjhMlP3Nmk>D*1_q{tja=*8809zbbW3Ff0C~9xM*si-

delta 28
kcmbO?fpOjhMlP3Nmk>D*1_q|2ja=*87-cu_bW3Ff0C~j-M*si-

diff --git a/tests/data/acpi/virt/DSDT.memhp b/tests/data/acpi/virt/DSDT.memhp
index 
c041a910fdf272cb89263bb636239ae3a5e1708d..41ccc6431b917252bcbaac86c33b340c796be5ce
 100644
GIT binary patch
delta 28
kcmcaUi}Cs_MlP3NmymE@1_mbija=*8809zbbeqQp0Eq|*2mk;8

delta 28
kcmcaUi}Cs_MlP3NmymE@1_ma@ja=*87-cu_beqQp0ErX{2mk;8

diff --git a/tests/data/acpi/virt/DSDT.numamem 
b/tests/data/acpi/virt/DSDT.numamem
index 
05bcfc8a912f58f266aa906563ea01c24906717e..d0f3afeb134fdf1c11f64cd06dbcdd30be603b80
 100644
GIT binary patch
delta 28
kcmbO?fpOjhMlP3Nmk>D*1_q{tja=*8809zbbW3Ff0C~9xM*si-

delta 28
kcmbO?fpOjhMlP3Nmk>D*1_q|2ja=*87-cu_bW3Ff0C~j-M*si-

-- 
2.19.1

Re: [RFC PATCH 4/9] vfio-pci: register default dynamic-trap-bar-info region

2019-12-08 Thread Yan Zhao

On Fri, Dec 06, 2019 at 11:20:38PM +0800, Alex Williamson wrote:
> On Fri, 6 Dec 2019 01:04:07 -0500
> Yan Zhao  wrote:
> 
> > On Fri, Dec 06, 2019 at 07:55:30AM +0800, Alex Williamson wrote:
> > > On Wed,  4 Dec 2019 22:26:50 -0500
> > > Yan Zhao  wrote:
> > >   
> > > > Dynamic trap bar info region is a channel for QEMU and vendor driver to
> > > > communicate dynamic trap info. It is of type
> > > > VFIO_REGION_TYPE_DYNAMIC_TRAP_BAR_INFO and subtype
> > > > VFIO_REGION_SUBTYPE_DYNAMIC_TRAP_BAR_INFO.
> > > > 
> > > > This region has two fields: dt_fd and trap.
> > > > When QEMU detects a device regions of this type, it will create an
> > > > eventfd and write its eventfd id to dt_fd field.
> > > > When vendor drivre signals this eventfd, QEMU reads trap field of this
> > > > info region.
> > > > - If trap is true, QEMU would search the device's PCI BAR
> > > > regions and disable all the sparse mmaped subregions (if the sparse
> > > > mmaped subregion is disablable).
> > > > - If trap is false, QEMU would re-enable those subregions.
> > > > 
> > > > A typical usage is
> > > > 1. vendor driver first cuts its bar 0 into several sections, all in a
> > > > sparse mmap array. So initally, all its bar 0 are passthroughed.
> > > > 2. vendor driver specifys part of bar 0 sections to be disablable.
> > > > 3. on migration starts, vendor driver signals dt_fd and set trap to true
> > > > to notify QEMU disabling the bar 0 sections of disablable flags on.
> > > > 4. QEMU disables those bar 0 section and hence let vendor driver be able
> > > > to trap access of bar 0 registers and make dirty page tracking possible.
> > > > 5. on migration failure, vendor driver signals dt_fd to QEMU again.
> > > > QEMU reads trap field of this info region which is false and QEMU
> > > > re-passthrough the whole bar 0 region.
> > > > 
> > > > Vendor driver specifies whether it supports dynamic-trap-bar-info region
> > > > through cap VFIO_PCI_DEVICE_CAP_DYNAMIC_TRAP_BAR in
> > > > vfio_pci_mediate_ops->open().
> > > > 
> > > > If vfio-pci detects this cap, it will create a default
> > > > dynamic_trap_bar_info region on behalf of vendor driver with region 
> > > > len=0
> > > > and region->ops=null.
> > > > Vvendor driver should override this region's len, flags, rw, mmap in its
> > > > vfio_pci_mediate_ops.  
> > > 
> > > TBH, I don't like this interface at all.  Userspace doesn't pass data
> > > to the kernel via INFO ioctls.  We have a SET_IRQS ioctl for
> > > configuring user signaling with eventfds.  I think we only need to
> > > define an IRQ type that tells the user to re-evaluate the sparse mmap
> > > information for a region.  The user would enumerate the device IRQs via
> > > GET_IRQ_INFO, find one of this type where the IRQ info would also
> > > indicate which region(s) should be re-evaluated on signaling.  The user
> > > would enable that signaling via SET_IRQS and simply re-evaluate the  
> > ok. I'll try to switch to this way. Thanks for this suggestion.
> > 
> > > sparse mmap capability for the associated regions when signaled.  
> > 
> > Do you like the "disablable" flag of sparse mmap ?
> > I think it's a lightweight way for user to switch mmap state of a whole 
> > region,
> > otherwise going through a complete flow of GET_REGION_INFO and re-setup
> > region might be too heavy.
> 
> No, I don't like the disable-able flag.  At what frequency do we expect
> regions to change?  It seems like we'd only change when switching into
> and out of the _SAVING state, which is rare.  It seems easy for
> userspace, at least QEMU, to drop the entire mmap configuration and
ok. I'll try this way.

> re-read it.  Another concern here is how do we synchronize the event?
> Are we assuming that this event would occur when a user switch to
> _SAVING mode on the device?  That operation is synchronous, the device
> must be in saving mode after the write to device state completes, but
> it seems like this might be trying to add an asynchronous dependency.
> Will the write to device_state only complete once the user handles the
> eventfd?  How would the kernel know when the mmap re-evaluation is
> complete.  It seems like there are gaps here that the vendor driver
> could miss traps required for migration because the user hasn't
> completed the mmap transition yet.  Thanks,
> 
> Alex

yes, this asynchronous event notification will cause vendor driver miss
traps. But it's supposed to be of very short period time. That's also a
reason for us to wish the re-evaluation to be lightweight. E.g. if it's
able to be finished before the first iterate, it's still safe.

But I agree, the timing is not guaranteed, and so it's best for kernel
to wait for mmap re-evaluation to complete. 

migration_thread
|->qemu_savevm_state_setup
|   |->ram_save_setup
|   |   |->migration_bitmap_sync
|   |   |->kvm_log_sync
|   |   |->vfio_log_sync
|   |
|   |->vfio_save_setup
|   |->set_device_state(_SAVING)
|

Re: [PATCH] util/cutils: Expand do_strtosz parsing precision to 64 bits





On 12/5/19 11:29 PM, Markus Armbruster wrote:

Tao Xu  writes:


Parse input string both as a double and as a uint64_t, then use the
method which consumes more characters. Update the related test cases.

Signed-off-by: Tao Xu 
---

[...]

diff --git a/util/cutils.c b/util/cutils.c
index 77acadc70a..b08058c57c 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -212,24 +212,43 @@ static int do_strtosz(const char *nptr, const char **end,
const char default_suffix, int64_t unit,
uint64_t *result)
  {
-int retval;
-const char *endptr;
+int retval, retd, retu;
+const char *suffix, *suffixd, *suffixu;
  unsigned char c;
  int mul_required = 0;
-double val, mul, integral, fraction;
+bool use_strtod;
+uint64_t valu;
+double vald, mul, integral, fraction;


Note for later: @mul is double.


+
+retd = qemu_strtod_finite(nptr, , );
+retu = qemu_strtou64(nptr, , 0, );
+use_strtod = strlen(suffixd) < strlen(suffixu);
+
+/*
+ * Parse @nptr both as a double and as a uint64_t, then use the method
+ * which consumes more characters.
+ */


The comment is in a funny place.  I'd put it right before the
qemu_strtod_finite() line.


+if (use_strtod) {
+suffix = suffixd;
+retval = retd;
+} else {
+suffix = suffixu;
+retval = retu;
+}
  
-retval = qemu_strtod_finite(nptr, , );

  if (retval) {
  goto out;
  }


This is even more subtle than it looks.

A close reading of the function contracts leads to three cases for each
conversion:

* parse error (including infinity and NaN)

   @retu / @retd is -EINVAL
   @valu / @vald is uninitialized
   @suffixu / @suffixd is @nptr

* range error

   @retu / @retd is -ERANGE
   @valu / @vald is our best approximation of the conversion result
   @suffixu / @suffixd points to the first character not consumed by the
   conversion.

   Sub-cases:

   - uint64_t overflow

 We know the conversion result exceeds UINT64_MAX.

   - double overflow

 we know the conversion result's magnitude exceeds the largest
 representable finite double DBL_MAX.

   - double underflow

 we know the conversion result is close to zero (closer than DBL_MIN,
 the smallest normalized positive double).

* success

   @retu / @retd is 0
   @valu / @vald is the conversion result
   @suffixu / @suffixd points to the first character not consumed by the
   conversion.

This leads to a matrix (parse error, uint64_t overflow, success) x
(parse error, double overflow, double underflow, success).  We need to
check the code does what we want for each element of this matrix, and
document any behavior that's not perfectly obvious.

(success, success): we pick uint64_t if qemu_strtou64() consumed more
characters than qemu_strtod_finite(), else double.  "More" is important
here; when they consume the same characters, we *need* to use the
uint64_t result.  Example: for "18446744073709551615", we need to use
uint64_t 18446744073709551615, not double 18446744073709551616.0.  But
for "18446744073709551616.", we need to use the double.  Good.

(success, parse error) and (parse error, success): we pick the one that
succeeds, because success consumes characters, and failure to parse does
not.  Good.

(parse error, parse error): neither consumes characters, so we pick
uint64_t.  Good.

(parse error, double overflow), (parse error, double underflow) and
(uint64_t overflow, parse error): we pick the range error, because it
consumes characters.  Good.

These are the simple combinations.  The remainder are hairier: (success,
double overflow), (success, double underflow), (uint64_t overflow,
success).  I lack the time to analyze them today.  Must be done before
we take this patch.  Any takers?


(success, double overflow), (success, double underflow), pick double 
overflow error, return -ERANGE. Because it consumes characters. Example: 
for "1.79769e+309", qemu_strtou64 consumes "1", and prases as uint64_t; 
but qemu_strtod_finite return -ERANGE and consumes all characters. It is OK.


(uint64_t overflow, success), consume the same characters, use the
uint64_t return -ERANGE. Note that even if qemu_strtod_finite can parse 
these cases such as "18446744073709551617", but the result is uint64_t 
so we also need to return -ERANGE. It is OK.


Thank you for your analysis and suggestion. I will add more test cases 
to cover some of these analysis.



-fraction = modf(val, );
-if (fraction != 0) {
-mul_required = 1;
+if (use_strtod) {
+fraction = modf(vald, );
+if (fraction != 0) {
+mul_required = 1;
+}
  }


Here, @suffix points to the suffix character, if any.


-c = *endptr;
+c = *suffix;
  mul = suffix_mul(c, unit);
  if (mul >= 0) {
-endptr++;
+suffix++;


Now @suffix points to the first character not consumed, *not* the
suffix.

Your patch effectively

Re: [for-5.0 PATCH 2/3] cpu: Introduce cpu_class_set_parent_reset()

2019-12-08 Thread Alistair Francis

On Fri, Dec 6, 2019 at 10:44 AM Greg Kurz  wrote:
>
> Similarly to what we already do with qdev, use a helper to overload the
> reset QOM methods of the parent in children classes, for clarity.
>
> Signed-off-by: Greg Kurz 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/core/cpu.c |8 
>  include/hw/core/cpu.h |4 
>  2 files changed, 12 insertions(+)
>
> diff --git a/hw/core/cpu.c b/hw/core/cpu.c
> index db1a03c6bbb3..6dad2c8488a9 100644
> --- a/hw/core/cpu.c
> +++ b/hw/core/cpu.c
> @@ -239,6 +239,14 @@ void cpu_dump_statistics(CPUState *cpu, int flags)
>  }
>  }
>
> +void cpu_class_set_parent_reset(CPUClass *cc,
> +CPUReset child_reset,
> +CPUReset *parent_reset)
> +{
> +*parent_reset = cc->reset;
> +cc->reset = child_reset;
> +}
> +
>  void cpu_reset(CPUState *cpu)
>  {
>  CPUClass *klass = CPU_GET_CLASS(cpu);
> diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
> index 047e3972ecaf..6680f4b047f4 100644
> --- a/include/hw/core/cpu.h
> +++ b/include/hw/core/cpu.h
> @@ -1137,6 +1137,10 @@ void cpu_exec_unrealizefn(CPUState *cpu);
>   */
>  bool target_words_bigendian(void);
>
> +void cpu_class_set_parent_reset(CPUClass *cc,
> +CPUReset child_reset,
> +CPUReset *parent_reset);
> +
>  #ifdef NEED_CPU_H
>
>  #ifdef CONFIG_SOFTMMU
>
>

Re: [for-5.0 PATCH 3/3] cpu: Use cpu_class_set_parent_reset()

2019-12-08 Thread Alistair Francis

On Fri, Dec 6, 2019 at 10:45 AM Greg Kurz  wrote:
>
> Convert all targets to use cpu_class_set_parent_reset() with the following
> coccinelle script:
>
> @@
> type CPUParentClass;
> CPUParentClass *pcc;
> CPUClass *cc;
> identifier parent_fn;
> identifier child_fn;
> @@
> +cpu_class_set_parent_reset(cc, child_fn, >parent_fn);
> -pcc->parent_fn = cc->reset;
> ...
> -cc->reset = child_fn;
>
> Signed-off-by: Greg Kurz 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/arm/cpu.c|3 +--
>  target/cris/cpu.c   |3 +--
>  target/i386/cpu.c   |3 +--
>  target/lm32/cpu.c   |3 +--
>  target/m68k/cpu.c   |3 +--
>  target/microblaze/cpu.c |3 +--
>  target/mips/cpu.c   |3 +--
>  target/moxie/cpu.c  |3 +--
>  target/nios2/cpu.c  |3 +--
>  target/openrisc/cpu.c   |3 +--
>  target/ppc/translate_init.inc.c |3 +--
>  target/riscv/cpu.c  |3 +--
>  target/s390x/cpu.c  |3 +--
>  target/sh4/cpu.c|3 +--
>  target/sparc/cpu.c  |3 +--
>  target/tilegx/cpu.c |3 +--
>  target/tricore/cpu.c|3 +--
>  target/xtensa/cpu.c |3 +--
>  18 files changed, 18 insertions(+), 36 deletions(-)
>
> diff --git a/target/arm/cpu.c b/target/arm/cpu.c
> index 7a4ac9339bf9..712a9425fdf5 100644
> --- a/target/arm/cpu.c
> +++ b/target/arm/cpu.c
> @@ -2625,8 +2625,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
> *data)
>  >parent_realize);
>  dc->props = arm_cpu_properties;
>
> -acc->parent_reset = cc->reset;
> -cc->reset = arm_cpu_reset;
> +cpu_class_set_parent_reset(cc, arm_cpu_reset, >parent_reset);
>
>  cc->class_by_name = arm_cpu_class_by_name;
>  cc->has_work = arm_cpu_has_work;
> diff --git a/target/cris/cpu.c b/target/cris/cpu.c
> index 7adfd6caf4ed..486675e3822f 100644
> --- a/target/cris/cpu.c
> +++ b/target/cris/cpu.c
> @@ -256,8 +256,7 @@ static void cris_cpu_class_init(ObjectClass *oc, void 
> *data)
>  device_class_set_parent_realize(dc, cris_cpu_realizefn,
>  >parent_realize);
>
> -ccc->parent_reset = cc->reset;
> -cc->reset = cris_cpu_reset;
> +cpu_class_set_parent_reset(cc, cris_cpu_reset, >parent_reset);
>
>  cc->class_by_name = cris_cpu_class_by_name;
>  cc->has_work = cris_cpu_has_work;
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 69f518a21a9b..57d36931725d 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -7049,8 +7049,7 @@ static void x86_cpu_common_class_init(ObjectClass *oc, 
> void *data)
>>parent_unrealize);
>  dc->props = x86_cpu_properties;
>
> -xcc->parent_reset = cc->reset;
> -cc->reset = x86_cpu_reset;
> +cpu_class_set_parent_reset(cc, x86_cpu_reset, >parent_reset);
>  cc->reset_dump_flags = CPU_DUMP_FPU | CPU_DUMP_CCOP;
>
>  cc->class_by_name = x86_cpu_class_by_name;
> diff --git a/target/lm32/cpu.c b/target/lm32/cpu.c
> index b35537de6285..687bf35e6588 100644
> --- a/target/lm32/cpu.c
> +++ b/target/lm32/cpu.c
> @@ -218,8 +218,7 @@ static void lm32_cpu_class_init(ObjectClass *oc, void 
> *data)
>
>  device_class_set_parent_realize(dc, lm32_cpu_realizefn,
>  >parent_realize);
> -lcc->parent_reset = cc->reset;
> -cc->reset = lm32_cpu_reset;
> +cpu_class_set_parent_reset(cc, lm32_cpu_reset, >parent_reset);
>
>  cc->class_by_name = lm32_cpu_class_by_name;
>  cc->has_work = lm32_cpu_has_work;
> diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
> index e6596de29c2c..176d95e6fcfb 100644
> --- a/target/m68k/cpu.c
> +++ b/target/m68k/cpu.c
> @@ -257,8 +257,7 @@ static void m68k_cpu_class_init(ObjectClass *c, void 
> *data)
>
>  device_class_set_parent_realize(dc, m68k_cpu_realizefn,
>  >parent_realize);
> -mcc->parent_reset = cc->reset;
> -cc->reset = m68k_cpu_reset;
> +cpu_class_set_parent_reset(cc, m68k_cpu_reset, >parent_reset);
>
>  cc->class_by_name = m68k_cpu_class_by_name;
>  cc->has_work = m68k_cpu_has_work;
> diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
> index 9cfd7445e7da..71d88f603b2e 100644
> --- a/target/microblaze/cpu.c
> +++ b/target/microblaze/cpu.c
> @@ -292,8 +292,7 @@ static void mb_cpu_class_init(ObjectClass *oc, void *data)
>
>  device_class_set_parent_realize(dc, mb_cpu_realizefn,
>  >parent_realize);
> -mcc->parent_reset = cc->reset;
> -cc->reset = mb_cpu_reset;
> +cpu_class_set_parent_reset(cc, mb_cpu_reset, >parent_reset);
>
>  cc->class_by_name = mb_cpu_class_by_name;
>  cc->has_work = mb_cpu_has_work;
> diff --git a/target/mips/cpu.c b/target/mips/cpu.c
> index bbcf7ca4635c..6cd6b9650baa 100644
> ---

Re: [for-5.0 PATCH 1/3] cpu: Introduce CPUReset callback typedef

2019-12-08 Thread Alistair Francis

On Fri, Dec 6, 2019 at 10:50 AM Greg Kurz  wrote:
>
> Use it in include/hw/core/cpu.h and convert all targets to use it as
> well with:
>
> perl -pi \
>  -e 's/void\s+\(\*(parent_reset)\)\(CPUState\s+\*\w+\)/CPUReset \1/;' \
>  $(git ls-files 'target/*.h')
>
> Signed-off-by: Greg Kurz 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  include/hw/core/cpu.h   |4 +++-
>  target/alpha/cpu-qom.h  |2 +-
>  target/arm/cpu-qom.h|2 +-
>  target/cris/cpu-qom.h   |2 +-
>  target/hppa/cpu-qom.h   |2 +-
>  target/i386/cpu-qom.h   |2 +-
>  target/lm32/cpu-qom.h   |2 +-
>  target/m68k/cpu-qom.h   |2 +-
>  target/microblaze/cpu-qom.h |2 +-
>  target/mips/cpu-qom.h   |2 +-
>  target/moxie/cpu.h  |2 +-
>  target/nios2/cpu.h  |2 +-
>  target/openrisc/cpu.h   |2 +-
>  target/ppc/cpu-qom.h|2 +-
>  target/riscv/cpu.h  |2 +-
>  target/s390x/cpu-qom.h  |2 +-
>  target/sh4/cpu-qom.h|2 +-
>  target/sparc/cpu-qom.h  |2 +-
>  target/tilegx/cpu.h |2 +-
>  target/tricore/cpu-qom.h|2 +-
>  target/xtensa/cpu-qom.h |2 +-
>  21 files changed, 23 insertions(+), 21 deletions(-)
>
> diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
> index 77c6f0529903..047e3972ecaf 100644
> --- a/include/hw/core/cpu.h
> +++ b/include/hw/core/cpu.h
> @@ -74,6 +74,8 @@ typedef struct CPUWatchpoint CPUWatchpoint;
>
>  struct TranslationBlock;
>
> +typedef void (*CPUReset)(CPUState *cpu);
> +
>  /**
>   * CPUClass:
>   * @class_by_name: Callback to map -cpu command line model name to an
> @@ -165,7 +167,7 @@ typedef struct CPUClass {
>  ObjectClass *(*class_by_name)(const char *cpu_model);
>  void (*parse_features)(const char *typename, char *str, Error **errp);
>
> -void (*reset)(CPUState *cpu);
> +CPUReset reset;
>  int reset_dump_flags;
>  bool (*has_work)(CPUState *cpu);
>  void (*do_interrupt)(CPUState *cpu);
> diff --git a/target/alpha/cpu-qom.h b/target/alpha/cpu-qom.h
> index 6f0a0adb9efa..0c974805481b 100644
> --- a/target/alpha/cpu-qom.h
> +++ b/target/alpha/cpu-qom.h
> @@ -44,7 +44,7 @@ typedef struct AlphaCPUClass {
>  /*< public >*/
>
>  DeviceRealize parent_realize;
> -void (*parent_reset)(CPUState *cpu);
> +CPUReset parent_reset;
>  } AlphaCPUClass;
>
>  typedef struct AlphaCPU AlphaCPU;
> diff --git a/target/arm/cpu-qom.h b/target/arm/cpu-qom.h
> index 7f5b244bde35..aeaa84afcc9a 100644
> --- a/target/arm/cpu-qom.h
> +++ b/target/arm/cpu-qom.h
> @@ -51,7 +51,7 @@ typedef struct ARMCPUClass {
>
>  const ARMCPUInfo *info;
>  DeviceRealize parent_realize;
> -void (*parent_reset)(CPUState *cpu);
> +CPUReset parent_reset;
>  } ARMCPUClass;
>
>  typedef struct ARMCPU ARMCPU;
> diff --git a/target/cris/cpu-qom.h b/target/cris/cpu-qom.h
> index 308c1f95bdf6..079ffe6bda0a 100644
> --- a/target/cris/cpu-qom.h
> +++ b/target/cris/cpu-qom.h
> @@ -45,7 +45,7 @@ typedef struct CRISCPUClass {
>  /*< public >*/
>
>  DeviceRealize parent_realize;
> -void (*parent_reset)(CPUState *cpu);
> +CPUReset parent_reset;
>
>  uint32_t vr;
>  } CRISCPUClass;
> diff --git a/target/hppa/cpu-qom.h b/target/hppa/cpu-qom.h
> index 6367dc479391..5c129de148a8 100644
> --- a/target/hppa/cpu-qom.h
> +++ b/target/hppa/cpu-qom.h
> @@ -44,7 +44,7 @@ typedef struct HPPACPUClass {
>  /*< public >*/
>
>  DeviceRealize parent_realize;
> -void (*parent_reset)(CPUState *cpu);
> +CPUReset parent_reset;
>  } HPPACPUClass;
>
>  typedef struct HPPACPU HPPACPU;
> diff --git a/target/i386/cpu-qom.h b/target/i386/cpu-qom.h
> index 0efab2fc670f..1e962518e68e 100644
> --- a/target/i386/cpu-qom.h
> +++ b/target/i386/cpu-qom.h
> @@ -71,7 +71,7 @@ typedef struct X86CPUClass {
>
>  DeviceRealize parent_realize;
>  DeviceUnrealize parent_unrealize;
> -void (*parent_reset)(CPUState *cpu);
> +CPUReset parent_reset;
>  } X86CPUClass;
>
>  typedef struct X86CPU X86CPU;
> diff --git a/target/lm32/cpu-qom.h b/target/lm32/cpu-qom.h
> index dc9ac9ac9f7b..e105a315aa3e 100644
> --- a/target/lm32/cpu-qom.h
> +++ b/target/lm32/cpu-qom.h
> @@ -44,7 +44,7 @@ typedef struct LM32CPUClass {
>  /*< public >*/
>
>  DeviceRealize parent_realize;
> -void (*parent_reset)(CPUState *cpu);
> +CPUReset parent_reset;
>  } LM32CPUClass;
>
>  typedef struct LM32CPU LM32CPU;
> diff --git a/target/m68k/cpu-qom.h b/target/m68k/cpu-qom.h
> index b56da8a21374..0a196775e5d1 100644
> --- a/target/m68k/cpu-qom.h
> +++ b/target/m68k/cpu-qom.h
> @@ -44,7 +44,7 @@ typedef struct M68kCPUClass {
>  /*< public >*/
>
>  DeviceRealize parent_realize;
> -void (*parent_reset)(CPUState *cpu);
> +CPUReset parent_reset;
>  } M68kCPUClass;
>
>  typedef struct M68kCPU M68kCPU;
> diff --git a/target/microblaze/cpu-qom.h b/target/microblaze/cpu-qom.h
> index 49b07cc697b9..7a4ff4a11e33 100644
> ---

Re: [PATCH v2 3/5] MAINTAINERS: Adjust maintainership for Malta board

2019-12-08 Thread Markus Armbruster

Aleksandar Markovic  writes:

> On Thursday, November 14, 2019, Philippe Mathieu-Daudé 
> wrote:
>
>> +Paul Burton
>>
>> On 11/13/19 2:47 PM, Aleksandar Markovic wrote:
>>
>>> From: Aleksandar Markovic 
>>>
>>> Change the maintainership for Malta board to improve its quality.
>>>
>>> Acked-by: Aurelien Jarno 
>>> Signed-off-by: Aleksandar Markovic 
>>> ---
>>>   MAINTAINERS | 5 +++--
>>>   1 file changed, 3 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/MAINTAINERS b/MAINTAINERS
>>> index 3bf2144..6afec32 100644
>>> --- a/MAINTAINERS
>>> +++ b/MAINTAINERS
>>> @@ -955,8 +955,9 @@ F: hw/display/jazz_led.c
>>>   F: hw/dma/rc4030.c
>>> Malta
>>> -M: Aurelien Jarno 
>>>
>> > +R: Aurelien Jarno 
>>
>> Aurelien, do you want to stay co-maintainer with this one?
>> Else, thanks for staying listed as designated reviewer :)
>>
>> -R: Aleksandar Rikalo 
>>> +M: Philippe Mathieu-Daudé 
>>>
>>
>> I'm happy to continue Aurelien work with this board :)
>> Similarly to the Fuloong board, I mostly use the Malta as a hobby, so I'll
>> use my personal email.
>>
>> Paul, do you mind being co-maintainer or at least listed as designated
>> reviewer here?
>>
>> +R: Hervé Poussineau 
>>>
>>
>> I don't see commits from Hervé with this board, so he is probably not
>> interested.
>>
>>   S: Maintained
>>>
>>
>> Until Paul is interested in co-maintenance, let's change this board status
>> to 'Odd Fixes'.
>>
>>
> Philippe, I'll use your other email address in v3 as you asked, but this
> board really has to have Maintained status, since it is used for tests,
> within and outside of QEMU official tests, it would be really shame to
> degrade it to Odd fixes, unthinkable.

If "Odd Fixes" is what Philippe can provide, and "Maintained" is what we
want, then we need to find an additional maintainer (Paul Burton?) who
can provide what we want.

Re: [RFC PATCH 1/9] vfio/pci: introduce mediate ops to intercept vfio-pci ops

2019-12-08 Thread Yan Zhao

On Sat, Dec 07, 2019 at 05:22:26AM +0800, Alex Williamson wrote:
> On Fri, 6 Dec 2019 02:56:55 -0500
> Yan Zhao  wrote:
> 
> > On Fri, Dec 06, 2019 at 07:55:19AM +0800, Alex Williamson wrote:
> > > On Wed,  4 Dec 2019 22:25:36 -0500
> > > Yan Zhao  wrote:
> > >   
> > > > when vfio-pci is bound to a physical device, almost all the hardware
> > > > resources are passthroughed.
> > > > Sometimes, vendor driver of this physcial device may want to mediate 
> > > > some
> > > > hardware resource access for a short period of time, e.g. dirty page
> > > > tracking during live migration.
> > > > 
> > > > Here we introduce mediate ops in vfio-pci for this purpose.
> > > > 
> > > > Vendor driver can register a mediate ops to vfio-pci.
> > > > But rather than directly bind to the passthroughed device, the
> > > > vendor driver is now either a module that does not bind to any device or
> > > > a module binds to other device.
> > > > E.g. when passing through a VF device that is bound to vfio-pci modules,
> > > > PF driver that binds to PF device can register to vfio-pci to mediate
> > > > VF's regions, hence supporting VF live migration.
> > > > 
> > > > The sequence goes like this:
> > > > 1. Vendor driver register its vfio_pci_mediate_ops to vfio-pci driver
> > > > 
> > > > 2. vfio-pci maintains a list of those registered vfio_pci_mediate_ops
> > > > 
> > > > 3. Whenever vfio-pci opens a device, it searches the list and call
> > > > vfio_pci_mediate_ops->open() to check whether a vendor driver supports
> > > > mediating this device.
> > > > Upon a success return value of from vfio_pci_mediate_ops->open(),
> > > > vfio-pci will stop list searching and store a mediate handle to
> > > > represent this open into vendor driver.
> > > > (so if multiple vendor drivers support mediating a device through
> > > > vfio_pci_mediate_ops, only one will win, depending on their registering
> > > > sequence)
> > > > 
> > > > 4. Whenever a VFIO_DEVICE_GET_REGION_INFO ioctl is received in vfio-pci
> > > > ops, it will chain into vfio_pci_mediate_ops->get_region_info(), so that
> > > > vendor driver is able to override a region's default flags and caps,
> > > > e.g. adding a sparse mmap cap to passthrough only sub-regions of a whole
> > > > region.
> > > > 
> > > > 5. vfio_pci_rw()/vfio_pci_mmap() first calls into
> > > > vfio_pci_mediate_ops->rw()/vfio_pci_mediate_ops->mmaps().
> > > > if pt=true is rteturned, vfio_pci_rw()/vfio_pci_mmap() will further
> > > > passthrough this read/write/mmap to physical device, otherwise it just
> > > > returns without touch physical device.
> > > > 
> > > > 6. When vfio-pci closes a device, vfio_pci_release() chains into
> > > > vfio_pci_mediate_ops->release() to close the reference in vendor driver.
> > > > 
> > > > 7. Vendor driver unregister its vfio_pci_mediate_ops when driver exits
> > > > 
> > > > Cc: Kevin Tian 
> > > > 
> > > > Signed-off-by: Yan Zhao 
> > > > ---
> > > >  drivers/vfio/pci/vfio_pci.c | 146 
> > > >  drivers/vfio/pci/vfio_pci_private.h |   2 +
> > > >  include/linux/vfio.h|  16 +++
> > > >  3 files changed, 164 insertions(+)
> > > > 
> > > > diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
> > > > index 02206162eaa9..55080ff29495 100644
> > > > --- a/drivers/vfio/pci/vfio_pci.c
> > > > +++ b/drivers/vfio/pci/vfio_pci.c
> > > > @@ -54,6 +54,14 @@ module_param(disable_idle_d3, bool, S_IRUGO | 
> > > > S_IWUSR);
> > > >  MODULE_PARM_DESC(disable_idle_d3,
> > > >  "Disable using the PCI D3 low power state for idle, 
> > > > unused devices");
> > > >  
> > > > +static LIST_HEAD(mediate_ops_list);
> > > > +static DEFINE_MUTEX(mediate_ops_list_lock);
> > > > +struct vfio_pci_mediate_ops_list_entry {
> > > > +   struct vfio_pci_mediate_ops *ops;
> > > > +   int refcnt;
> > > > +   struct list_headnext;
> > > > +};
> > > > +
> > > >  static inline bool vfio_vga_disabled(void)
> > > >  {
> > > >  #ifdef CONFIG_VFIO_PCI_VGA
> > > > @@ -472,6 +480,10 @@ static void vfio_pci_release(void *device_data)
> > > > if (!(--vdev->refcnt)) {
> > > > vfio_spapr_pci_eeh_release(vdev->pdev);
> > > > vfio_pci_disable(vdev);
> > > > +   if (vdev->mediate_ops && vdev->mediate_ops->release) {
> > > > +   
> > > > vdev->mediate_ops->release(vdev->mediate_handle);
> > > > +   vdev->mediate_ops = NULL;
> > > > +   }
> > > > }
> > > >  
> > > > mutex_unlock(>reflck->lock);
> > > > @@ -483,6 +495,7 @@ static int vfio_pci_open(void *device_data)
> > > >  {
> > > > struct vfio_pci_device *vdev = device_data;
> > > > int ret = 0;
> > > > +   struct vfio_pci_mediate_ops_list_entry *mentry;
> > > >  
> > > > if (!try_module_get(THIS_MODULE))
> > > > return -ENODEV;
> > > > @@ -495,6 +508,30 @@ static int

Re: [RFC PATCH 1/9] vfio/pci: introduce mediate ops to intercept vfio-pci ops

2019-12-08 Thread Yan Zhao

Sorry about that. I'll pay attention to them next time and thank you for
pointing them out :)

On Sat, Dec 07, 2019 at 07:13:30AM +0800, Eric Blake wrote:
> On 12/4/19 9:25 PM, Yan Zhao wrote:
> > when vfio-pci is bound to a physical device, almost all the hardware
> > resources are passthroughed.
> 
> The intent is obvious, but it sounds awkward to a native speaker.
> s/passthroughed/passed through/
> 
> > Sometimes, vendor driver of this physcial device may want to mediate some
> 
> physical
> 
> > hardware resource access for a short period of time, e.g. dirty page
> > tracking during live migration.
> > 
> > Here we introduce mediate ops in vfio-pci for this purpose.
> > 
> > Vendor driver can register a mediate ops to vfio-pci.
> > But rather than directly bind to the passthroughed device, the
> 
> passed-through
> 
> -- 
> Eric Blake, Principal Software Engineer
> Red Hat, Inc.   +1-919-301-3226
> Virtualization:  qemu.org | libvirt.org
>

Re: [PATCH v3 1/3] virtio: add ability to delete vq through a pointer

2019-12-08 Thread Pan Nengyuan




On 2019/12/9 10:00, pannengy...@huawei.com wrote:
> From: Michael S. Tsirkin  
> 
> Devices tend to maintain vq pointers, allow deleting them through a vq
> pointer.
> 
> Signed-off-by: Michael S. Tsirkin 
> Signed-off-by: Pan Nengyuan 
> [PMM: change function name to virtio_queue_cleanup; set used_elems to NULL 
> after free]

Oh. I'm sorry. Here is PNM (not PMM).

> Cc: Amit Shah 
> Reviewed-by: Pankaj Gupta 
> Reviewed-by: Laurent Vivier 
> ---
> Changes v2 to v1:
> - use virtio_delete_queue to cleanup vq through a vq pointer
> ---
> Changes v3 to v2:
> - change function name from virtio_delete_queue to virtio_queue_cleanup
> ---
>  hw/virtio/virtio.c | 16 +++-
>  include/hw/virtio/virtio.h |  2 ++
>  2 files changed, 13 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index 04716b5..2743258 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -2330,17 +2330,23 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int 
> queue_size,
>  return >vq[i];
>  }
>  
> +void virtio_queue_cleanup(VirtQueue *vq)
> +{
> +vq->vring.num = 0;
> +vq->vring.num_default = 0;
> +vq->handle_output = NULL;
> +vq->handle_aio_output = NULL;
> +g_free(vq->used_elems);
> +vq->used_elems = NULL;
> +}
> +
>  void virtio_del_queue(VirtIODevice *vdev, int n)
>  {
>  if (n < 0 || n >= VIRTIO_QUEUE_MAX) {
>  abort();
>  }
>  
> -vdev->vq[n].vring.num = 0;
> -vdev->vq[n].vring.num_default = 0;
> -vdev->vq[n].handle_output = NULL;
> -vdev->vq[n].handle_aio_output = NULL;
> -g_free(vdev->vq[n].used_elems);
> +virtio_queue_cleanup(>vq[n]);
>  }
>  
>  static void virtio_set_isr(VirtIODevice *vdev, int value)
> diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
> index c32a815..cc0b3f0 100644
> --- a/include/hw/virtio/virtio.h
> +++ b/include/hw/virtio/virtio.h
> @@ -183,6 +183,8 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int 
> queue_size,
>  
>  void virtio_del_queue(VirtIODevice *vdev, int n);
>  
> +void virtio_queue_cleanup(VirtQueue *vq);
> +
>  void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem,
>  unsigned int len);
>  void virtqueue_flush(VirtQueue *vq, unsigned int count);
>

Re: [PATCH RESEND 4/4] target/i386: Add notes for versioned CPU models


On 12/5/2019 4:44 PM, Xiaoyao Li wrote:

On 12/2/2019 2:32 PM, Tao Xu wrote:

Add which features are added or removed in this version. Remove the
changed model-id in versioned CPU models.

Signed-off-by: Tao Xu 
---
   target/i386/cpu.c | 50 +++
   1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 7b3bd6d4db..c82fbfd02e 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c


[...]


@@ -3141,6 +3133,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
   .versions = (X86CPUVersionDefinition[]) {
   { .version = 1 },
   { .version = 2,
+  .note = "ARCH_CAPABILITIES",


Here ARCH_CAPABILITIES doesn't tell what bits in
MSR_IA32_ARCH_CAPABILITIES this version has, which makes it meaningless.

Maybe
 .note = "ARCH_CAPABLITIES(rdctl-no, ibrs-all, skip-l1dfl-vmentry, 
mds-no)",

is better?



But it is too long for -cpu help, break the info into 2 lines.

Re: [PATCH RESEND 0/4] Add extra information to versioned CPU models


On 12/5/2019 4:55 PM, Xiaoyao Li wrote:

On 12/2/2019 2:32 PM, Tao Xu wrote:

This series of patches will remove MPX from Denverton, remove Remove
monitor from some CPU models. Add additional information for -cpu help
to indicate the changes in this version of CPU model.

The output is as follows:
x86_64-softmmu/qemu-system-x86_64 -cpu help | grep "\["
x86 Broadwell-v2  Intel Core Processor (Broadwell) [no TSX]
x86 Broadwell-v3  Intel Core Processor (Broadwell) [IBRS]
x86 Broadwell-v4  Intel Core Processor (Broadwell) [no TSX, IBRS]


Above the changes of each Broadwell-v{2,3,4} are based on Broadwell-v1.


x86 Cascadelake-Server-v2  Intel Xeon Processor (Cascadelake) 
[ARCH_CAPABILITIES]
x86 Cascadelake-Server-v3  Intel Xeon Processor (Cascadelake) [no TSX]


But in the code, Cascadelake-Server-v3 inherits all the features in
Cascadelake-Server-v2 and removes TSX related hle & rtm.

So if we keep the same rule based on v1, it should be

   x86 Cascadelake-Server-v3  Intel Xeon Processor (Cascadelake)
[ARCH_CAPABILITIES, no TSX]


Thank you for your suggestion. I will correct this.

RE: [Qemu-devel] [RFC PATCH 0/6] hw/arm/virt: Introduce cpu topology support

2019-12-08 Thread Zengtao (B)

Hi Andrew:

Any update for this patch series? I have met the same issue, and if the 
topology guessed by linux MPIDR conflicts with qemu specified numa, it
will failed to boot (sched domain initialization will fall into deadloop).

Thanks.

> -Original Message-
> From: Qemu-devel
> [mailto:qemu-devel-bounces+incoming=patchwork.ozlabs@nongnu.or
> g] On Behalf Of Andrew Jones
> Sent: Thursday, July 05, 2018 4:49 AM
> To: qemu-devel@nongnu.org; qemu-...@nongnu.org
> Cc: w...@redhat.com; peter.mayd...@linaro.org; eric.au...@redhat.com;
> imamm...@redhat.com
> Subject: [Qemu-devel] [RFC PATCH 0/6] hw/arm/virt: Introduce cpu
> topology support
> 
> This series provides support for booting mach-virt machines with
> non-flat cpu topology, i.e. enabling the extended options of the
> '-smp' command line parameter (sockets,cores,threads). Both DT and
> ACPI description generators are added. We only apply the new feature
> to 3.1 and later machine types, as the change is guest visible, even
> when no command line change is made. This is because the basic
> '-smp ' parameter makes the assumption that  refers to the
> number of sockets, but when no topology description is provided,
> Linux will use the MPIDR to guess. Neither the MPIDR exposed to
> the guest when running with KVM nor TCG currently provides socket
> information, leaving Linux to assume all processing elements are
> cores in the same socket. For example, before this series '-smp 4'
> would show up in the guest as
> 
>  CPU(s):4
>  On-line CPU(s) list:   0-3
>  Thread(s) per core:1
>  Core(s) per socket:4
>  Socket(s): 1
> 
> and after it shows up as
> 
>  CPU(s):4
>  On-line CPU(s) list:   0-3
>  Thread(s) per core:1
>  Core(s) per socket:1
>  Socket(s): 4
> 
> It's not expected that this should be a problem, but it's worth
> considering. The only way to avoid the silent change is for QEMU to
> provide boards a way to override the default '-smp' parsing function.
> Otherwise, if a user wants to avoid a guest visible change, but still
> use a 3.1 or later mach-virt machine type, then they must ensure the
> command line specifies a single socket, e.g. '-smp sockets=1,cores=4'
> 
> Thanks,
> drew
> 
> 
> Andrew Jones (6):
>   hw/arm/virt: Add virt-3.1 machine type
>   device_tree: add qemu_fdt_add_path
>   hw/arm/virt: DT: add cpu-map
>   hw/arm/virt-acpi-build: distinguish possible and present cpus
>   virt-acpi-build: add PPTT table
>   hw/arm/virt: cpu topology: don't allow threads
> 
>  device_tree.c| 24 +
>  hw/acpi/aml-build.c  | 50 ++
>  hw/arm/virt-acpi-build.c | 25 ++---
>  hw/arm/virt.c| 69
> +---
>  include/hw/acpi/aml-build.h  |  2 ++
>  include/hw/arm/virt.h|  1 +
>  include/sysemu/device_tree.h |  1 +
>  7 files changed, 162 insertions(+), 10 deletions(-)

Re: [Qemu-devel] [PATCH v5 0/2] arm/acpi: simplify aml code and enable SHPC

2019-12-08 Thread Guoheyi

在 2019/12/6 21:50, Peter Maydell 写道:

On Sat, 30 Nov 2019 at 03:47, Guoheyi wrote:

Hi Peter, Igor,

I couldn't find these 2 patches in the latest tree. Could you help to
merge them?

In future I recommend pinging unapplied patches with a shorter
delay than nine months :-)

Tha's really a long time...

In QEMU's process, unless somebody
has specifically said they've picked up the patch, it still
"belongs" to the submitter to chase if it hasn't been
applied. In this case I simply didn't see Igor's request
that I take it -- the chances of me actually reading any
particular list email even if it's cc'd to me are not good.

One of the reasons that I didn't check it earlier is that we don't
really use PCI SHPC in our production version, for Linux ITS driver can
only allocate a fixed range of MSI interrupts for a PCI-bridge during
initialization, so a later plugged-in PCI device may not be able to get
enough MSI interrupts and then fall back to legacy INTx. However, I
think it is still better to let guest OS make the decision.

I tried applying them to target-arm.next but unfortunately
they break 'make check':

TESTcheck-qtest-aarch64: tests/bios-tables-test
acpi-test: Warning! DSDT binary file mismatch. Actual
[aml:/tmp/aml-4IELC0], Expected [aml:tests/data/acpi/virt/DSDT].
acpi-test: Warning! DSDT mismatch. Actual [asl:/tmp/asl-AOELC0.dsl,
aml:/tmp/aml-4IELC0], Expected [asl:/tmp/asl-XL7KC0.dsl,
aml:tests/data/acpi/virt/DSDT].
**
ERROR:/home/petmay01/linaro/qemu-from-laptop/qemu/tests/bios-tables-test.c:477:test_acpi_asl:
assertion failed: (all_tables_match)
ERROR - Bail out!
ERROR:/home/petmay01/linaro/qemu-from-laptop/qemu/tests/bios-tables-test.c:477:test_acpi_asl:
assertion failed: (all_tables_match)
Aborted (core dumped)
/home/petmay01/linaro/qemu-from-laptop/qemu/tests/Makefile.include:918:
recipe for target 'check-qtest-aarch64' failed

Could you fix and resubmit, please?

Sure.

Thanks,

Heyi

thanks
-- PMM

[PATCH v3 3/3] virtio-serial-bus: fix memory leak while attach virtio-serial-bus

From: Pan Nengyuan 

ivqs/ovqs/c_ivq/c_ovq forgot to cleanup in
virtio_serial_device_unrealize, the memory leak stack is as below:

Direct leak of 1290240 byte(s) in 180 object(s) allocated from:
#0 0x7fc9bfc27560 in calloc (/usr/lib64/libasan.so.3+0xc7560)
#1 0x7fc9bed6f015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015)
#2 0x5650e02b83e7 in virtio_add_queue hw/virtio/virtio.c:2327
#3 0x5650e02847b5 in virtio_serial_device_realize 
hw/char/virtio-serial-bus.c:1089
#4 0x5650e02b56a7 in virtio_device_realize hw/virtio/virtio.c:3504
#5 0x5650e03bf031 in device_set_realized hw/core/qdev.c:876
#6 0x5650e0531efd in property_set_bool qom/object.c:2080
#7 0x5650e053650e in object_property_set_qobject qom/qom-qobject.c:26
#8 0x5650e0533e14 in object_property_set_bool qom/object.c:1338
#9 0x5650e04c0e37 in virtio_pci_realize hw/virtio/virtio-pci.c:1801

Reported-by: Euler Robot 
Signed-off-by: Pan Nengyuan 
Reviewed-by: Laurent Vivier 
Cc: Laurent Vivier 
Cc: Amit Shah 
Cc: "Marc-André Lureau" 
Cc: Paolo Bonzini 
---
Changes v2 to v1:
- use virtio_delete_queue to cleanup vq through a vq pointer (suggested by
  Michael S. Tsirkin)
Changes v3 to v1:
- change virtio_delete_queue to virtio_queue_cleanup.
---
 hw/char/virtio-serial-bus.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
index 3325904..f63dc46 100644
--- a/hw/char/virtio-serial-bus.c
+++ b/hw/char/virtio-serial-bus.c
@@ -1126,9 +1126,17 @@ static void virtio_serial_device_unrealize(DeviceState 
*dev, Error **errp)
 {
 VirtIODevice *vdev = VIRTIO_DEVICE(dev);
 VirtIOSerial *vser = VIRTIO_SERIAL(dev);
+int i;
 
 QLIST_REMOVE(vser, next);
 
+virtio_queue_cleanup(vser->c_ivq);
+virtio_queue_cleanup(vser->c_ovq);
+for (i = 0; i < vser->bus.max_nr_ports; i++) {
+virtio_queue_cleanup(vser->ivqs[i]);
+virtio_queue_cleanup(vser->ovqs[i]);
+}
+
 g_free(vser->ivqs);
 g_free(vser->ovqs);
 g_free(vser->ports_map);
-- 
2.7.2.windows.1

[PATCH v3 2/3] virtio-balloon: fix memory leak while attach virtio-balloon device

From: Pan Nengyuan 

ivq/dvq/svq/free_page_vq forgot to cleanup in
virtio_balloon_device_unrealize, the memory leak stack is as follow:

Direct leak of 14336 byte(s) in 2 object(s) allocated from:
#0 0x7f99fd9d8560 in calloc (/usr/lib64/libasan.so.3+0xc7560)
#1 0x7f99fcb20015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015)
#2 0x557d90638437 in virtio_add_queue hw/virtio/virtio.c:2327
#3 0x557d9064401d in virtio_balloon_device_realize 
hw/virtio/virtio-balloon.c:793
#4 0x557d906356f7 in virtio_device_realize hw/virtio/virtio.c:3504
#5 0x557d9073f081 in device_set_realized hw/core/qdev.c:876
#6 0x557d908b1f4d in property_set_bool qom/object.c:2080
#7 0x557d908b655e in object_property_set_qobject qom/qom-qobject.c:26

Reported-by: Euler Robot 
Signed-off-by: Pan Nengyuan 
Cc: Amit Shah 
Reviewed-by: Laurent Vivier 
---
Changes v2 to v1:
- use virtio_delete_queue to cleanup vq through a vq pointer (suggested by
  Michael S. Tsirkin)
---
Changes v3 to v2:
- change virtio_delete_queue to virtio_queue_cleanup
---
 hw/virtio/virtio-balloon.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index 40b04f5..681a2b2 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -831,6 +831,13 @@ static void virtio_balloon_device_unrealize(DeviceState 
*dev, Error **errp)
 }
 balloon_stats_destroy_timer(s);
 qemu_remove_balloon_handler(s);
+
+virtio_queue_cleanup(s->ivq);
+virtio_queue_cleanup(s->dvq);
+virtio_queue_cleanup(s->svq);
+if (s->free_page_vq) {
+virtio_queue_cleanup(s->free_page_vq);
+}
 virtio_cleanup(vdev);
 }
 
-- 
2.7.2.windows.1

[PATCH v3 0/3] virtio: fix memory leak in virtio-balloon/virtio-serial-bus

From: Pan Nengyuan 

This series add a new function to cleanup vqueue through a vq pointer, and fix 
memory
leaks in virtio-balloon and virtio-serial-bus.

---
Changes v2 to v1:
- add a new function to cleanup vqueue through a vq pointer.
---
Changes v3 to v2:
- change function name from virtio_delete_queue to virtio_queue_cleanup.

Michael S. Tsirkin(1)
  virtio: add ability to delete vq through a pointer 

Pan Nengyuan (2):
  virtio-balloon: fix memory leak while attach virtio-balloon device
  virtio-serial-bus: fix memory leak while attach virtio-serial-bus

 hw/char/virtio-serial-bus.c |  8 
 hw/virtio/virtio-balloon.c  |  7 +++
 hw/virtio/virtio.c  | 16 +++-
 include/hw/virtio/virtio.h  |  2 ++
 4 files changed, 28 insertions(+), 5 deletions(-)

-- 
2.7.2.windows.1

[PATCH v3 1/3] virtio: add ability to delete vq through a pointer

From: Michael S. Tsirkin  

Devices tend to maintain vq pointers, allow deleting them through a vq
pointer.

Signed-off-by: Michael S. Tsirkin 
Signed-off-by: Pan Nengyuan 
[PMM: change function name to virtio_queue_cleanup; set used_elems to NULL 
after free]
Cc: Amit Shah 
Reviewed-by: Pankaj Gupta 
Reviewed-by: Laurent Vivier 
---
Changes v2 to v1:
- use virtio_delete_queue to cleanup vq through a vq pointer
---
Changes v3 to v2:
- change function name from virtio_delete_queue to virtio_queue_cleanup
---
 hw/virtio/virtio.c | 16 +++-
 include/hw/virtio/virtio.h |  2 ++
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 04716b5..2743258 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -2330,17 +2330,23 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int 
queue_size,
 return >vq[i];
 }
 
+void virtio_queue_cleanup(VirtQueue *vq)
+{
+vq->vring.num = 0;
+vq->vring.num_default = 0;
+vq->handle_output = NULL;
+vq->handle_aio_output = NULL;
+g_free(vq->used_elems);
+vq->used_elems = NULL;
+}
+
 void virtio_del_queue(VirtIODevice *vdev, int n)
 {
 if (n < 0 || n >= VIRTIO_QUEUE_MAX) {
 abort();
 }
 
-vdev->vq[n].vring.num = 0;
-vdev->vq[n].vring.num_default = 0;
-vdev->vq[n].handle_output = NULL;
-vdev->vq[n].handle_aio_output = NULL;
-g_free(vdev->vq[n].used_elems);
+virtio_queue_cleanup(>vq[n]);
 }
 
 static void virtio_set_isr(VirtIODevice *vdev, int value)
diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index c32a815..cc0b3f0 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -183,6 +183,8 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int 
queue_size,
 
 void virtio_del_queue(VirtIODevice *vdev, int n);
 
+void virtio_queue_cleanup(VirtQueue *vq);
+
 void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem,
 unsigned int len);
 void virtqueue_flush(VirtQueue *vq, unsigned int count);
-- 
2.7.2.windows.1

[PATCH v8] Implement backend program convention command for vhost-user-blk

2019-12-08 Thread Micky Yun Chan(michiboo)

From: Micky Yun Chan 

This patch is to add standard commands defined in docs/interop/vhost-user.rst
For vhost-user-* program

Signed-off-by: Micky Yun Chan (michiboo) 
---
 contrib/vhost-user-blk/vhost-user-blk.c | 108 ++--
 docs/interop/vhost-user.json|  31 +++
 docs/interop/vhost-user.rst |  17 
 3 files changed, 112 insertions(+), 44 deletions(-)

diff --git a/contrib/vhost-user-blk/vhost-user-blk.c 
b/contrib/vhost-user-blk/vhost-user-blk.c
index ae61034656..6fd91c7e99 100644
--- a/contrib/vhost-user-blk/vhost-user-blk.c
+++ b/contrib/vhost-user-blk/vhost-user-blk.c
@@ -576,70 +576,90 @@ vub_new(char *blk_file)
 return vdev_blk;
 }
 
+static int opt_fdnum = -1;
+static char *opt_socket_path;
+static char *opt_blk_file;
+static gboolean opt_print_caps;
+static gboolean opt_read_only;
+
+static GOptionEntry entries[] = {
+{ "print-capabilities", 'c', 0, G_OPTION_ARG_NONE, _print_caps,
+  "Print capabilities", NULL },
+{ "fd", 'f', 0, G_OPTION_ARG_INT, _fdnum,
+  "Use inherited fd socket", "FDNUM" },
+{ "socket-path", 's', 0, G_OPTION_ARG_FILENAME, _socket_path,
+  "Use UNIX socket path", "PATH" },
+{"blk-file", 'b', 0, G_OPTION_ARG_FILENAME, _blk_file,
+ "block device or file path", "PATH"},
+{ "read-only", 'r', 0, G_OPTION_ARG_NONE, _read_only,
+  "Enable read-only", NULL }
+};
+
 int main(int argc, char **argv)
 {
-int opt;
-char *unix_socket = NULL;
-char *blk_file = NULL;
-bool enable_ro = false;
 int lsock = -1, csock = -1;
 VubDev *vdev_blk = NULL;
+GError *error = NULL;
+GOptionContext *context;
 
-while ((opt = getopt(argc, argv, "b:rs:h")) != -1) {
-switch (opt) {
-case 'b':
-blk_file = g_strdup(optarg);
-break;
-case 's':
-unix_socket = g_strdup(optarg);
-break;
-case 'r':
-enable_ro = true;
-break;
-case 'h':
-default:
-printf("Usage: %s [ -b block device or file, -s UNIX domain socket"
-   " | -r Enable read-only ] | [ -h ]\n", argv[0]);
-return 0;
+context = g_option_context_new(NULL);
+g_option_context_add_main_entries(context, entries, NULL);
+if (!g_option_context_parse(context, , , )) {
+g_printerr("Option parsing failed: %s\n", error->message);
+exit(EXIT_FAILURE);
+}
+if (opt_print_caps) {
+g_print("{\n");
+g_print("  \"type\": \"block\",\n");
+g_print("  \"features\": [\n");
+g_print("\"read-only\",\n");
+g_print("\"blk-file\"\n");
+g_print("  ]\n");
+g_print("}\n");
+exit(EXIT_SUCCESS);
+}
+
+if (!opt_blk_file) {
+g_print("%s\n", g_option_context_get_help(context, true, NULL));
+exit(EXIT_FAILURE);
+}
+
+if (opt_socket_path) {
+lsock = unix_sock_new(opt_socket_path);
+if (lsock < 0) {
+exit(EXIT_FAILURE);
 }
+} else if (opt_fdnum < 0) {
+g_print("%s\n", g_option_context_get_help(context, true, NULL));
+exit(EXIT_FAILURE);
+} else {
+lsock = opt_fdnum;
 }
 
-if (!unix_socket || !blk_file) {
-printf("Usage: %s [ -b block device or file, -s UNIX domain socket"
-   " | -r Enable read-only ] | [ -h ]\n", argv[0]);
-return -1;
-}
-
-lsock = unix_sock_new(unix_socket);
-if (lsock < 0) {
-goto err;
-}
-
-csock = accept(lsock, (void *)0, (void *)0);
+csock = accept(lsock, NULL, NULL);
 if (csock < 0) {
-fprintf(stderr, "Accept error %s\n", strerror(errno));
-goto err;
+g_printerr("Accept error %s\n", strerror(errno));
+exit(EXIT_FAILURE);
 }
 
-vdev_blk = vub_new(blk_file);
+vdev_blk = vub_new(opt_blk_file);
 if (!vdev_blk) {
-goto err;
+exit(EXIT_FAILURE);
 }
-if (enable_ro) {
+if (opt_read_only) {
 vdev_blk->enable_ro = true;
 }
 
 if (!vug_init(_blk->parent, VHOST_USER_BLK_MAX_QUEUES, csock,
   vub_panic_cb, _iface)) {
-fprintf(stderr, "Failed to initialized libvhost-user-glib\n");
-goto err;
+g_printerr("Failed to initialize libvhost-user-glib\n");
+exit(EXIT_FAILURE);
 }
 
 g_main_loop_run(vdev_blk->loop);
-
+g_main_loop_unref(vdev_blk->loop);
+g_option_context_free(context);
 vug_deinit(_blk->parent);
-
-err:
 vub_free(vdev_blk);
 if (csock >= 0) {
 close(csock);
@@ -647,8 +667,8 @@ err:
 if (lsock >= 0) {
 close(lsock);
 }
-g_free(unix_socket);
-g_free(blk_file);
+g_free(opt_socket_path);
+g_free(opt_blk_file);
 
 return 0;
 }
diff --git a/docs/interop/vhost-user.json b/docs/interop/vhost-user.json
index da6aaf51c8..ce0ef74db5 100644
--- a/docs/interop/vhost-user.json
+++ b/docs/interop/vhost-user.json
@@ -54,6

Re: [PATCH v7] Implement backend program convention command for vhost-user-blk

2019-12-08 Thread Micky C

I agree, I just sent the updated version.

On Thu, Dec 5, 2019 at 9:39 PM Marc-André Lureau 
wrote:

> Hi
>
> On Mon, Nov 25, 2019 at 9:17 AM Micky Yun Chan(michiboo)
>  wrote:
> >
> > From: Micky Yun Chan 
> >
> > This patch is to add standard commands defined in
> docs/interop/vhost-user.rst
> > For vhost-user-* program
> >
> > Signed-off-by: Micky Yun Chan (michiboo) 
> > ---
> >  contrib/vhost-user-blk/vhost-user-blk.c | 108 ++--
> >  docs/interop/vhost-user.json|  31 +++
> >  docs/interop/vhost-user.rst |  15 
> >  3 files changed, 110 insertions(+), 44 deletions(-)
> >
> > diff --git a/contrib/vhost-user-blk/vhost-user-blk.c
> b/contrib/vhost-user-blk/vhost-user-blk.c
> > index ae61034656..6fd91c7e99 100644
> > --- a/contrib/vhost-user-blk/vhost-user-blk.c
> > +++ b/contrib/vhost-user-blk/vhost-user-blk.c
> > @@ -576,70 +576,90 @@ vub_new(char *blk_file)
> >  return vdev_blk;
> >  }
> >
> > +static int opt_fdnum = -1;
> > +static char *opt_socket_path;
> > +static char *opt_blk_file;
> > +static gboolean opt_print_caps;
> > +static gboolean opt_read_only;
> > +
> > +static GOptionEntry entries[] = {
> > +{ "print-capabilities", 'c', 0, G_OPTION_ARG_NONE, _print_caps,
> > +  "Print capabilities", NULL },
> > +{ "fd", 'f', 0, G_OPTION_ARG_INT, _fdnum,
> > +  "Use inherited fd socket", "FDNUM" },
> > +{ "socket-path", 's', 0, G_OPTION_ARG_FILENAME, _socket_path,
> > +  "Use UNIX socket path", "PATH" },
> > +{"blk-file", 'b', 0, G_OPTION_ARG_FILENAME, _blk_file,
> > + "block device or file path", "PATH"},
> > +{ "read-only", 'r', 0, G_OPTION_ARG_NONE, _read_only,
> > +  "Enable read-only", NULL }
> > +};
> > +
> >  int main(int argc, char **argv)
> >  {
> > -int opt;
> > -char *unix_socket = NULL;
> > -char *blk_file = NULL;
> > -bool enable_ro = false;
> >  int lsock = -1, csock = -1;
> >  VubDev *vdev_blk = NULL;
> > +GError *error = NULL;
> > +GOptionContext *context;
> >
> > -while ((opt = getopt(argc, argv, "b:rs:h")) != -1) {
> > -switch (opt) {
> > -case 'b':
> > -blk_file = g_strdup(optarg);
> > -break;
> > -case 's':
> > -unix_socket = g_strdup(optarg);
> > -break;
> > -case 'r':
> > -enable_ro = true;
> > -break;
> > -case 'h':
> > -default:
> > -printf("Usage: %s [ -b block device or file, -s UNIX domain
> socket"
> > -   " | -r Enable read-only ] | [ -h ]\n", argv[0]);
> > -return 0;
> > +context = g_option_context_new(NULL);
> > +g_option_context_add_main_entries(context, entries, NULL);
> > +if (!g_option_context_parse(context, , , )) {
> > +g_printerr("Option parsing failed: %s\n", error->message);
> > +exit(EXIT_FAILURE);
> > +}
> > +if (opt_print_caps) {
> > +g_print("{\n");
> > +g_print("  \"type\": \"block\",\n");
> > +g_print("  \"features\": [\n");
> > +g_print("\"read-only\",\n");
> > +g_print("\"blk-file\"\n");
> > +g_print("  ]\n");
> > +g_print("}\n");
> > +exit(EXIT_SUCCESS);
> > +}
> > +
> > +if (!opt_blk_file) {
> > +g_print("%s\n", g_option_context_get_help(context, true, NULL));
> > +exit(EXIT_FAILURE);
> > +}
> > +
> > +if (opt_socket_path) {
> > +lsock = unix_sock_new(opt_socket_path);
> > +if (lsock < 0) {
> > +exit(EXIT_FAILURE);
> >  }
> > +} else if (opt_fdnum < 0) {
> > +g_print("%s\n", g_option_context_get_help(context, true, NULL));
> > +exit(EXIT_FAILURE);
> > +} else {
> > +lsock = opt_fdnum;
> >  }
> >
> > -if (!unix_socket || !blk_file) {
> > -printf("Usage: %s [ -b block device or file, -s UNIX domain
> socket"
> > -   " | -r Enable read-only ] | [ -h ]\n", argv[0]);
> > -return -1;
> > -}
> > -
> > -lsock = unix_sock_new(unix_socket);
> > -if (lsock < 0) {
> > -goto err;
> > -}
> > -
> > -csock = accept(lsock, (void *)0, (void *)0);
> > +csock = accept(lsock, NULL, NULL);
> >  if (csock < 0) {
> > -fprintf(stderr, "Accept error %s\n", strerror(errno));
> > -goto err;
> > +g_printerr("Accept error %s\n", strerror(errno));
> > +exit(EXIT_FAILURE);
> >  }
> >
> > -vdev_blk = vub_new(blk_file);
> > +vdev_blk = vub_new(opt_blk_file);
> >  if (!vdev_blk) {
> > -goto err;
> > +exit(EXIT_FAILURE);
> >  }
> > -if (enable_ro) {
> > +if (opt_read_only) {
> >  vdev_blk->enable_ro = true;
> >  }
> >
> >  if (!vug_init(_blk->parent, VHOST_USER_BLK_MAX_QUEUES, csock,
> >vub_panic_cb, _iface)) {
> > -fprintf(stderr, "Failed to initialized libvhost-user-glib\n");
> > -goto err;
> > +

Re: [for-5.0 PATCH 0/4] ppc: Fix interrupt controller emulation

On Wed, Dec 04, 2019 at 08:43:31PM +0100, Greg Kurz wrote:
> Guest hangs have been observed recently on POWER9 hosts, specifically LC92x
> "Boston" systems, when the guests are being rebooted multiple times. The
> issue isn't POWER9 specific though. It is caused by a very long standing bug
> when using the uncommon accel=kvm,kernel-irqchip=off machine configuration
> which happens to be enforced on LC92x because of a host FW limitation. This
> affects both the XICS and XIVE emulated interrupt controllers.
> 
> The actual fix is in patch 1. Patch 2 is a followup cleanup. The other
> patches are unrelated cleanups I came up with while investigating.
> 
> Since this bug always existed and we're already in rc4, I think it is better
> to fix it in 5.0 and possibly backport it to stable and downstream if needed.

Applied to ppc-for-5.0.


-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[PULL SUBSYSTEM qemu-pseries] pseries: Update SLOF firmware image

2019-12-08 Thread Alexey Kardashevskiy

The following changes since commit 1bdc319ab5d289ce6b822e06fb2b13666fd9278e:

  Update version for v4.2.0-rc4 release (2019-12-03 17:56:30 +)

are available in the Git repository at:

  g...@github.com:aik/qemu.git tags/qemu-slof-20191209

for you to fetch changes up to 5d8e32b0d6b4f1240c240184d5012ec200da65ab:

  pseries: Update SLOF firmware image (2019-12-09 12:08:25 +1100)


Alexey Kardashevskiy (1):
  pseries: Update SLOF firmware image

 pc-bios/README   |   2 +-
 pc-bios/slof.bin | Bin 928552 -> 931040 bytes
 roms/SLOF|   2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)


*** Note: this is not for master, this is for pseries


I am not quite sure what exactly is a subsystem here (pseries or
pc-bios/slof.bin), either way I hope I have right keywords in
the right places to keep certain mailfilters happy :) Thanks,

Re: [for-5.0 PATCH 3/3] cpu: Use cpu_class_set_parent_reset()

On Fri, Dec 06, 2019 at 07:44:06PM +0100, Greg Kurz wrote:
> Convert all targets to use cpu_class_set_parent_reset() with the following
> coccinelle script:
> 
> @@
> type CPUParentClass;
> CPUParentClass *pcc;
> CPUClass *cc;
> identifier parent_fn;
> identifier child_fn;
> @@
> +cpu_class_set_parent_reset(cc, child_fn, >parent_fn);
> -pcc->parent_fn = cc->reset;
> ...
> -cc->reset = child_fn;
> 
> Signed-off-by: Greg Kurz 

ppc parts
Acked-by: David Gibson 

> ---
>  target/arm/cpu.c|3 +--
>  target/cris/cpu.c   |3 +--
>  target/i386/cpu.c   |3 +--
>  target/lm32/cpu.c   |3 +--
>  target/m68k/cpu.c   |3 +--
>  target/microblaze/cpu.c |3 +--
>  target/mips/cpu.c   |3 +--
>  target/moxie/cpu.c  |3 +--
>  target/nios2/cpu.c  |3 +--
>  target/openrisc/cpu.c   |3 +--
>  target/ppc/translate_init.inc.c |3 +--
>  target/riscv/cpu.c  |3 +--
>  target/s390x/cpu.c  |3 +--
>  target/sh4/cpu.c|3 +--
>  target/sparc/cpu.c  |3 +--
>  target/tilegx/cpu.c |3 +--
>  target/tricore/cpu.c|3 +--
>  target/xtensa/cpu.c |3 +--
>  18 files changed, 18 insertions(+), 36 deletions(-)
> 
> diff --git a/target/arm/cpu.c b/target/arm/cpu.c
> index 7a4ac9339bf9..712a9425fdf5 100644
> --- a/target/arm/cpu.c
> +++ b/target/arm/cpu.c
> @@ -2625,8 +2625,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
> *data)
>  >parent_realize);
>  dc->props = arm_cpu_properties;
>  
> -acc->parent_reset = cc->reset;
> -cc->reset = arm_cpu_reset;
> +cpu_class_set_parent_reset(cc, arm_cpu_reset, >parent_reset);
>  
>  cc->class_by_name = arm_cpu_class_by_name;
>  cc->has_work = arm_cpu_has_work;
> diff --git a/target/cris/cpu.c b/target/cris/cpu.c
> index 7adfd6caf4ed..486675e3822f 100644
> --- a/target/cris/cpu.c
> +++ b/target/cris/cpu.c
> @@ -256,8 +256,7 @@ static void cris_cpu_class_init(ObjectClass *oc, void 
> *data)
>  device_class_set_parent_realize(dc, cris_cpu_realizefn,
>  >parent_realize);
>  
> -ccc->parent_reset = cc->reset;
> -cc->reset = cris_cpu_reset;
> +cpu_class_set_parent_reset(cc, cris_cpu_reset, >parent_reset);
>  
>  cc->class_by_name = cris_cpu_class_by_name;
>  cc->has_work = cris_cpu_has_work;
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 69f518a21a9b..57d36931725d 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -7049,8 +7049,7 @@ static void x86_cpu_common_class_init(ObjectClass *oc, 
> void *data)
>>parent_unrealize);
>  dc->props = x86_cpu_properties;
>  
> -xcc->parent_reset = cc->reset;
> -cc->reset = x86_cpu_reset;
> +cpu_class_set_parent_reset(cc, x86_cpu_reset, >parent_reset);
>  cc->reset_dump_flags = CPU_DUMP_FPU | CPU_DUMP_CCOP;
>  
>  cc->class_by_name = x86_cpu_class_by_name;
> diff --git a/target/lm32/cpu.c b/target/lm32/cpu.c
> index b35537de6285..687bf35e6588 100644
> --- a/target/lm32/cpu.c
> +++ b/target/lm32/cpu.c
> @@ -218,8 +218,7 @@ static void lm32_cpu_class_init(ObjectClass *oc, void 
> *data)
>  
>  device_class_set_parent_realize(dc, lm32_cpu_realizefn,
>  >parent_realize);
> -lcc->parent_reset = cc->reset;
> -cc->reset = lm32_cpu_reset;
> +cpu_class_set_parent_reset(cc, lm32_cpu_reset, >parent_reset);
>  
>  cc->class_by_name = lm32_cpu_class_by_name;
>  cc->has_work = lm32_cpu_has_work;
> diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
> index e6596de29c2c..176d95e6fcfb 100644
> --- a/target/m68k/cpu.c
> +++ b/target/m68k/cpu.c
> @@ -257,8 +257,7 @@ static void m68k_cpu_class_init(ObjectClass *c, void 
> *data)
>  
>  device_class_set_parent_realize(dc, m68k_cpu_realizefn,
>  >parent_realize);
> -mcc->parent_reset = cc->reset;
> -cc->reset = m68k_cpu_reset;
> +cpu_class_set_parent_reset(cc, m68k_cpu_reset, >parent_reset);
>  
>  cc->class_by_name = m68k_cpu_class_by_name;
>  cc->has_work = m68k_cpu_has_work;
> diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
> index 9cfd7445e7da..71d88f603b2e 100644
> --- a/target/microblaze/cpu.c
> +++ b/target/microblaze/cpu.c
> @@ -292,8 +292,7 @@ static void mb_cpu_class_init(ObjectClass *oc, void *data)
>  
>  device_class_set_parent_realize(dc, mb_cpu_realizefn,
>  >parent_realize);
> -mcc->parent_reset = cc->reset;
> -cc->reset = mb_cpu_reset;
> +cpu_class_set_parent_reset(cc, mb_cpu_reset, >parent_reset);
>  
>  cc->class_by_name = mb_cpu_class_by_name;
>  cc->has_work = mb_cpu_has_work;
> diff --git a/target/mips/cpu.c b/target/mips/cpu.c
> index

Re: [for-5.0 PATCH 1/3] cpu: Introduce CPUReset callback typedef

On Fri, Dec 06, 2019 at 07:43:54PM +0100, Greg Kurz wrote:
> Use it in include/hw/core/cpu.h and convert all targets to use it as
> well with:
> 
> perl -pi \
>  -e 's/void\s+\(\*(parent_reset)\)\(CPUState\s+\*\w+\)/CPUReset \1/;' \
>  $(git ls-files 'target/*.h')
> 
> Signed-off-by: Greg Kurz 

ppc parts
Acked-by: David Gibson 

> ---
>  include/hw/core/cpu.h   |4 +++-
>  target/alpha/cpu-qom.h  |2 +-
>  target/arm/cpu-qom.h|2 +-
>  target/cris/cpu-qom.h   |2 +-
>  target/hppa/cpu-qom.h   |2 +-
>  target/i386/cpu-qom.h   |2 +-
>  target/lm32/cpu-qom.h   |2 +-
>  target/m68k/cpu-qom.h   |2 +-
>  target/microblaze/cpu-qom.h |2 +-
>  target/mips/cpu-qom.h   |2 +-
>  target/moxie/cpu.h  |2 +-
>  target/nios2/cpu.h  |2 +-
>  target/openrisc/cpu.h   |2 +-
>  target/ppc/cpu-qom.h|2 +-
>  target/riscv/cpu.h  |2 +-
>  target/s390x/cpu-qom.h  |2 +-
>  target/sh4/cpu-qom.h|2 +-
>  target/sparc/cpu-qom.h  |2 +-
>  target/tilegx/cpu.h |2 +-
>  target/tricore/cpu-qom.h|2 +-
>  target/xtensa/cpu-qom.h |2 +-
>  21 files changed, 23 insertions(+), 21 deletions(-)
> 
> diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
> index 77c6f0529903..047e3972ecaf 100644
> --- a/include/hw/core/cpu.h
> +++ b/include/hw/core/cpu.h
> @@ -74,6 +74,8 @@ typedef struct CPUWatchpoint CPUWatchpoint;
>  
>  struct TranslationBlock;
>  
> +typedef void (*CPUReset)(CPUState *cpu);
> +
>  /**
>   * CPUClass:
>   * @class_by_name: Callback to map -cpu command line model name to an
> @@ -165,7 +167,7 @@ typedef struct CPUClass {
>  ObjectClass *(*class_by_name)(const char *cpu_model);
>  void (*parse_features)(const char *typename, char *str, Error **errp);
>  
> -void (*reset)(CPUState *cpu);
> +CPUReset reset;
>  int reset_dump_flags;
>  bool (*has_work)(CPUState *cpu);
>  void (*do_interrupt)(CPUState *cpu);
> diff --git a/target/alpha/cpu-qom.h b/target/alpha/cpu-qom.h
> index 6f0a0adb9efa..0c974805481b 100644
> --- a/target/alpha/cpu-qom.h
> +++ b/target/alpha/cpu-qom.h
> @@ -44,7 +44,7 @@ typedef struct AlphaCPUClass {
>  /*< public >*/
>  
>  DeviceRealize parent_realize;
> -void (*parent_reset)(CPUState *cpu);
> +CPUReset parent_reset;
>  } AlphaCPUClass;
>  
>  typedef struct AlphaCPU AlphaCPU;
> diff --git a/target/arm/cpu-qom.h b/target/arm/cpu-qom.h
> index 7f5b244bde35..aeaa84afcc9a 100644
> --- a/target/arm/cpu-qom.h
> +++ b/target/arm/cpu-qom.h
> @@ -51,7 +51,7 @@ typedef struct ARMCPUClass {
>  
>  const ARMCPUInfo *info;
>  DeviceRealize parent_realize;
> -void (*parent_reset)(CPUState *cpu);
> +CPUReset parent_reset;
>  } ARMCPUClass;
>  
>  typedef struct ARMCPU ARMCPU;
> diff --git a/target/cris/cpu-qom.h b/target/cris/cpu-qom.h
> index 308c1f95bdf6..079ffe6bda0a 100644
> --- a/target/cris/cpu-qom.h
> +++ b/target/cris/cpu-qom.h
> @@ -45,7 +45,7 @@ typedef struct CRISCPUClass {
>  /*< public >*/
>  
>  DeviceRealize parent_realize;
> -void (*parent_reset)(CPUState *cpu);
> +CPUReset parent_reset;
>  
>  uint32_t vr;
>  } CRISCPUClass;
> diff --git a/target/hppa/cpu-qom.h b/target/hppa/cpu-qom.h
> index 6367dc479391..5c129de148a8 100644
> --- a/target/hppa/cpu-qom.h
> +++ b/target/hppa/cpu-qom.h
> @@ -44,7 +44,7 @@ typedef struct HPPACPUClass {
>  /*< public >*/
>  
>  DeviceRealize parent_realize;
> -void (*parent_reset)(CPUState *cpu);
> +CPUReset parent_reset;
>  } HPPACPUClass;
>  
>  typedef struct HPPACPU HPPACPU;
> diff --git a/target/i386/cpu-qom.h b/target/i386/cpu-qom.h
> index 0efab2fc670f..1e962518e68e 100644
> --- a/target/i386/cpu-qom.h
> +++ b/target/i386/cpu-qom.h
> @@ -71,7 +71,7 @@ typedef struct X86CPUClass {
>  
>  DeviceRealize parent_realize;
>  DeviceUnrealize parent_unrealize;
> -void (*parent_reset)(CPUState *cpu);
> +CPUReset parent_reset;
>  } X86CPUClass;
>  
>  typedef struct X86CPU X86CPU;
> diff --git a/target/lm32/cpu-qom.h b/target/lm32/cpu-qom.h
> index dc9ac9ac9f7b..e105a315aa3e 100644
> --- a/target/lm32/cpu-qom.h
> +++ b/target/lm32/cpu-qom.h
> @@ -44,7 +44,7 @@ typedef struct LM32CPUClass {
>  /*< public >*/
>  
>  DeviceRealize parent_realize;
> -void (*parent_reset)(CPUState *cpu);
> +CPUReset parent_reset;
>  } LM32CPUClass;
>  
>  typedef struct LM32CPU LM32CPU;
> diff --git a/target/m68k/cpu-qom.h b/target/m68k/cpu-qom.h
> index b56da8a21374..0a196775e5d1 100644
> --- a/target/m68k/cpu-qom.h
> +++ b/target/m68k/cpu-qom.h
> @@ -44,7 +44,7 @@ typedef struct M68kCPUClass {
>  /*< public >*/
>  
>  DeviceRealize parent_realize;
> -void (*parent_reset)(CPUState *cpu);
> +CPUReset parent_reset;
>  } M68kCPUClass;
>  
>  typedef struct M68kCPU M68kCPU;
> diff --git a/target/microblaze/cpu-qom.h b/target/microblaze/cpu-qom.h
> index

Re: [for-5.0 PATCH 2/3] cpu: Introduce cpu_class_set_parent_reset()

On Fri, Dec 06, 2019 at 07:44:00PM +0100, Greg Kurz wrote:
> Similarly to what we already do with qdev, use a helper to overload the
> reset QOM methods of the parent in children classes, for clarity.
> 
> Signed-off-by: Greg Kurz 

Reviewed-by: David Gibson 

> ---
>  hw/core/cpu.c |8 
>  include/hw/core/cpu.h |4 
>  2 files changed, 12 insertions(+)
> 
> diff --git a/hw/core/cpu.c b/hw/core/cpu.c
> index db1a03c6bbb3..6dad2c8488a9 100644
> --- a/hw/core/cpu.c
> +++ b/hw/core/cpu.c
> @@ -239,6 +239,14 @@ void cpu_dump_statistics(CPUState *cpu, int flags)
>  }
>  }
>  
> +void cpu_class_set_parent_reset(CPUClass *cc,
> +CPUReset child_reset,
> +CPUReset *parent_reset)
> +{
> +*parent_reset = cc->reset;
> +cc->reset = child_reset;
> +}
> +
>  void cpu_reset(CPUState *cpu)
>  {
>  CPUClass *klass = CPU_GET_CLASS(cpu);
> diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
> index 047e3972ecaf..6680f4b047f4 100644
> --- a/include/hw/core/cpu.h
> +++ b/include/hw/core/cpu.h
> @@ -1137,6 +1137,10 @@ void cpu_exec_unrealizefn(CPUState *cpu);
>   */
>  bool target_words_bigendian(void);
>  
> +void cpu_class_set_parent_reset(CPUClass *cc,
> +CPUReset child_reset,
> +CPUReset *parent_reset);
> +
>  #ifdef NEED_CPU_H
>  
>  #ifdef CONFIG_SOFTMMU
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [RFC net-next 07/18] tun: set offloaded xdp program

2019-12-08 Thread Prashant Bhole





On 12/2/19 11:47 AM, Jason Wang wrote:


On 2019/12/2 上午12:45, David Ahern wrote:

On 11/26/19 4:07 AM, Prashant Bhole wrote:

From: Jason Wang 

This patch introduces an ioctl way to set an offloaded XDP program
to tun driver. This ioctl will be used by qemu to offload XDP program
from virtio_net in the guest.


Seems like you need to set / reset the SOCK_XDP flag on tfile->sk since
this is an XDP program.

Also, why not add this program using netlink instead of ioctl? e.g., as
part of a generic XDP in the egress path like I am looking into for the
host side.



Maybe both, otherwise, qemu may need netlink as a dependency.

Thanks



Thank you all for reviewing. We will continue to improve this set.

If we split this work, Tx path XDP is one of the necessary part
which can be developed first. As suggested by David Ahern it will be
a netlink way but we will still need ioctl way for tap. I will try
to come up with Tx path XDP set next time.

Thanks.

Re: [PATCH 1/5] arm64: zynqmp: Add firmware DT node

2019-12-08 Thread Guenter Roeck

On Fri, Oct 18, 2019 at 06:07:31PM +0200, Michael Tretter wrote:
> From: Rajan Vaja 
> 
> Add firmware DT node in ZynqMP device tree. This node
> uses bindings as per new firmware interface driver.
> 
> Signed-off-by: Rajan Vaja 
> Signed-off-by: Michal Simek 
> Signed-off-by: Michael Tretter 

With this patch applied in the mainline kernel, the qemu xlnx-zcu102
emulation crashes (see below). Any idea what it might take to get
qemu back to working ?

Thanks,
Guenter

---
[   30.719268] [ cut here ]
[   30.719403] kernel BUG at arch/arm64/kernel/traps.c:406!
[   30.719971] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[   30.720358] Modules linked in:
[   30.720741] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 
5.4.0-13331-g9455d25f4e3b #1
[   30.720852] Hardware name: ZynqMP ZCU102 Rev1.0 (DT)
[   30.721157] pstate: 0005 (nzcv daif -PAN -UAO)
[   30.721261] pc : do_undefinstr+0x2f4/0x318
[   30.721336] lr : do_undefinstr+0x1fc/0x318
[   30.721410] sp : 80001003b930
[   30.721486] x29: 80001003b930 x28: 7d178040
[   30.721597] x27:  x26: 8000117d0514
[   30.721683] x25: 8000118c90d0 x24: 
[   30.721769] x23: 4005 x22: d403
[   30.721854] x21: 800011e1c850 x20: 80001003b990
[   30.721940] x19: 800011e0fa08 x18: 0001
[   30.722025] x17: 800010c0f1d8 x16: 800010c11fb8
[   30.722111] x15:  x14: 
[   30.722196] x13: 0018 x12: 0101010101010101
[   30.722281] x11:  x10: 628e21fa
[   30.722384] x9 : 7d178858 x8 : 7d178880
[   30.722471] x7 : 80001003b8b0 x6 : 0001
[   30.722560] x5 : 0001 x4 : 0001
[   30.722646] x3 :  x2 : 000174b1
[   30.722730] x1 : 7d178040 x0 : 4005
[   30.722913] Call trace:
[   30.722993]  do_undefinstr+0x2f4/0x318
[   30.723070]  el1_sync_handler+0xb0/0x108
[   30.723138]  el1_sync+0x7c/0x100
[   30.723201]  __arm_smccc_smc+0x0/0x2c
[   30.723272]  zynqmp_pm_get_api_version.part.1+0x40/0x68
[   30.723352]  zynqmp_firmware_probe+0xbc/0x298

Re: [PATCH-for-5.0] roms/edk2-funcs.sh: Use available GCC for ARM/Aarch64 targets

2019-12-08 Thread dann frazier

On Fri, Dec 06, 2019 at 06:07:58AM +0100, Philippe Mathieu-Daudé wrote:
> On 12/5/19 8:35 PM, Laszlo Ersek wrote:
> > On 12/05/19 17:50, Ard Biesheuvel wrote:
> > > On Thu, 5 Dec 2019 at 16:27, Philippe Mathieu-Daudé  
> > > wrote:
> > > > 
> > > > On 12/5/19 5:13 PM, Laszlo Ersek wrote:
> > > > > Hi Phil,
> > > > > 
> > > > > (+Ard)
> > > > > 
> > > > > On 12/04/19 23:12, Philippe Mathieu-Daudé wrote:
> > > > > > Centos 7.7 only provides cross GCC 4.8.5, but the script forces
> > > > > > us to use GCC5. Since the same machinery is valid to check the
> > > > > > GCC version, remove the $emulation_target check.
> > > > > > 
> > > > > > $ cat /etc/redhat-release
> > > > > > CentOS Linux release 7.7.1908 (Core)
> > > > > > 
> > > > > > $ aarch64-linux-gnu-gcc -v 2>&1 | tail -1
> > > > > > gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
> > > > > 
> > > > > this patch is not correct, in my opinion. ARM / AARCH64 support in 
> > > > > edk2
> > > > > requires GCC5 as a minimum. It was never tested with an earlier
> > > > > toolchain, to my understanding. Not on my part, anyway.
> > > > > 
> > > > > To be more precise: when I tested cross-gcc toolchains earlier than
> > > > > that, the ArmVirtQemu builds always failed. Minimally, those 
> > > > > toolchains
> > > > > didn't recognize some of the AARCH64 system registers.
> > > > > 
> > > > > If CentOS 7.7 does not provide a suitable (>=GCC5) toolchain, then we
> > > > > can't build ArmVirtQemu binaries on CentOS 7.7, in my opinion.
> > > > > 
> > > > > Personally, on my RHEL7 laptop, over time I've used the following
> > > > > toolchains, to satisfy the GCC5 requirement of ArmVirtQemu (which
> > > > > requirement I took as experimental evidence):
> > > > > 
> > > > > - Initially (last quarter of 2014), I used binary distributions --
> > > > > tarballs -- of cross-binutils and cross-gcc, from Linaro.
> > > > > 
> > > > > - Later (last quarter of 2016), I rebuilt some SRPMs that were at the
> > > > > time Fedora-only for RHEL7. Namely:
> > > > > 
> > > > > - cross-binutils-2.27-3.fc24
> > > > >   https://koji.fedoraproject.org/koji/buildinfo?buildID=801348
> > > > > 
> > > > > - gcc-6.1.1-2.fc24
> > > > >   https://koji.fedoraproject.org/koji/buildinfo?buildID=761767
> > > > > 
> > > > > - Most recently, I've been using cross-binutils updated from EPEL7:
> > > > > 
> > > > > - cross-binutils-2.27-9.el7.1
> > > > >   https://koji.fedoraproject.org/koji/buildinfo?buildID=918474
> > > > > 
> > > > > To my knowledge, there is still no suitable cross-compiler available 
> > > > > on
> > > > > RHEL7, from any trustworthy RPM repository. So, to this day, I use
> > > > > gcc-6.1.1-2 for cross-building ArmVirtQemu, on my RHEL7 laptop.
> > > > > 
> > > > > Again: I believe it does not matter if the gcc-4.8.5-based
> > > > > cross-compiler in CentOS 7 "happens" to work. That's a compiler that I
> > > > > have never tested with, or vetted for, upstream ArmVirtQemu.
> > > > > 
> > > > > Now, I realize that in edk2, we have stuff like
> > > > > 
> > > > > GCC48_AARCH64_CC_FLAGS
> > > > > 
> > > > > in "BaseTools/Conf/tools_def.template" -- coming from commit
> > > > > 7a9dbf2c94d1 ("BaseTools/Conf/tools_def.template: drop ARM/AARCH 
> > > > > support
> > > > > from GCC46/GCC47", 2019-01-08). That doesn't change the fact that I've
> > > > > never built or tested ArmVirtQemu with such a compiler. And so this
> > > > > patch makes me quite uncomfortable.
> > > > > 
> > > > > If that rules out CentOS 7 as a QEMU project build / CI platform for 
> > > > > the
> > > > > bundled ArmVirtQemu binaries, then we need a more recent platform
> > > > > (perhaps CentOS 8, not sure).
> > > > 
> > > > Unfortunately CentOS 8 is not available as a Docker image, which is a
> > > > convenient way to build EDK2 in a CI.
> > > > 
> > > > > I think it's also educational to check the origin of the code that 
> > > > > your
> > > > > patch proposes to remove. Most recently it was moved around from a
> > > > > different place, in QEMU commit 65a109ab4b1a ('roms: lift
> > > > > "edk2-funcs.sh" from "tests/uefi-test-tools/build.sh"', 2019-04-17).
> > > > > 
> > > > > In that commit, for some reason I didn't keep the original code 
> > > > > comments
> > > > > (perhaps it would have been too difficult or messy to preserve the
> > > > > comments sanely with the restructured / factored-out code). But, they
> > > > > went like this (originally from commit 77db55fc8155,
> > > > > "tests/uefi-test-tools: add build scripts", 2019-02-21):
> > > > > 
> > > > > # Expose cross_prefix (which is possibly empty) to the edk2 tools. 
> > > > > While at it,
> > > > > # determine the suitable edk2 toolchain as well.
> > > > > # - For ARM and AARCH64, edk2 only offers the GCC5 toolchain tag, 
> > > > > which covers
> > > > > #   the gcc-5+ releases.
> > > > > # - For IA32 and X64, edk2 offers the GCC44 through GCC49 toolchain 
> > > > > tags, in
> > > > > #   addition

Re: [PATCH] exec: Remove the duplicated check in parse_cpu_option()

2019-12-08 Thread Gavin Shan


On 12/8/19 3:51 AM, Greg Kurz wrote:

On Sat, 7 Dec 2019 23:56:55 +1100
Gavin Shan  wrote:


On 12/7/19 3:58 AM, Greg Kurz wrote:

On Fri,  6 Dec 2019 17:33:37 +1100
Gavin Shan  wrote:


The @cpu_option shouldn't be NULL, otherwise assertion from g_strsplit()
should be raised as below message indicates. So it's meaningless to validate
@model_pices[0] in parse_cpu_option() as it shouldn't be NULL either.

 qemu-system-aarch64: GLib: g_strsplit: assertion 'string != NULL' failed

This just removes the check and unused message.



Hrm... the check isn't about @cpu_option being NULL. It is about filtering out
invalid syntaxes like:

-cpu ''

or

-cpu ,some-prop



Greg, Thanks for your review on this trivial patch.

@cpu_option[0] is NULL when we have "-cpu ''". We run into assertion raised
by subsequent cpu_class_by_name(). However, @cpu_option[0] isn't NULL with
something like "-cpu ,xxx", but the CPU model specific class can't be found
at last.



You're right, the case with a leading ',' is caught by the other check.


So the validation mostly relies on cpu_class_by_name() if I'm correct. It's
fine to remove the check. However, it provides explicit error message, which
isn't bad though:

 error_report("-cpu option cannot be empty");



It's definitely not fine to remove an error message that clearly explains
to the user what he has done wrong in favor of QEMU aborting and printing
something cryptic like:

 cpu_class_by_name: Assertion `cpu_model && cc->class_by_name' failed.

Assertions are for bugs, not for bad command line usage.



Yes, Agree as explained previously. The explicit message is a bonus at least.
So please ignore this trivial patch and sorry for the noise.


Signed-off-by: Gavin Shan 
---
   exec.c | 5 -
   1 file changed, 5 deletions(-)

diff --git a/exec.c b/exec.c
index ffdb518535..3cff459e43 100644
--- a/exec.c
+++ b/exec.c
@@ -963,11 +963,6 @@ const char *parse_cpu_option(const char *cpu_option)
   const char *cpu_type;
   
   model_pieces = g_strsplit(cpu_option, ",", 2);

-if (!model_pieces[0]) {
-error_report("-cpu option cannot be empty");
-exit(1);
-}
-
   oc = cpu_class_by_name(CPU_RESOLVING_TYPE, model_pieces[0]);
   if (oc == NULL) {
   error_report("unable to find CPU model '%s'", model_pieces[0]);




Regards,
Gavin

[Bug 1855617] [NEW] savevm with hax saves wrong register state

2019-12-08 Thread Alex

Public bug reported:

I use qemu-i386 with IntelHaxm on Windows 10 x64 host with Windows 7 x86 guest. 
I run the guest till OS loads and create a snapshot with savevm, then close 
qemu, run it again and try to load the snapshot with loadvm. The guest crashes 
or freezes. I dumped registers on snapshot creation and loading (in Haxm) and 
found that they are different.
When returning from Haxm in hax_vcpu_hax_exec, there is no regular register 
read. I found hax_arch_get_registers function which reads registers from Haxm 
and is called from a synchronization procedure. I placed a breakpoint on it, 
ran qemu and found that it is hit one time during guest OS boot. Exactly these 
registers where saved in the snapshot.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1855617

Title:
  savevm with hax saves wrong register state

Status in QEMU:
  New

Bug description:
  I use qemu-i386 with IntelHaxm on Windows 10 x64 host with Windows 7 x86 
guest. I run the guest till OS loads and create a snapshot with savevm, then 
close qemu, run it again and try to load the snapshot with loadvm. The guest 
crashes or freezes. I dumped registers on snapshot creation and loading (in 
Haxm) and found that they are different.
  When returning from Haxm in hax_vcpu_hax_exec, there is no regular register 
read. I found hax_arch_get_registers function which reads registers from Haxm 
and is called from a synchronization procedure. I placed a breakpoint on it, 
ran qemu and found that it is hit one time during guest OS boot. Exactly these 
registers where saved in the snapshot.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1855617/+subscriptions

[PATCH v38 13/22] target/avr: Add limited support for 16 bit timer peripheral

These were designed to facilitate testing but should provide enough function to 
be useful in other contexts.
Only a subset of the functions of each peripheral is implemented, mainly due to 
the lack of a standard way to handle electrical connections (like GPIO pins).

Signed-off-by: Sarah Harris 
---
 include/hw/timer/avr_timer16.h |  93 +
 hw/timer/avr_timer16.c | 601 +
 hw/timer/Kconfig   |   3 +
 hw/timer/Makefile.objs |   2 +
 4 files changed, 699 insertions(+)
 create mode 100644 include/hw/timer/avr_timer16.h
 create mode 100644 hw/timer/avr_timer16.c

diff --git a/include/hw/timer/avr_timer16.h b/include/hw/timer/avr_timer16.h
new file mode 100644
index 00..662f56aa55
--- /dev/null
+++ b/include/hw/timer/avr_timer16.h
@@ -0,0 +1,93 @@
+/*
+ * AVR 16 bit timer
+ *
+ * Copyright (c) 2018 University of Kent
+ * Author: Ed Robbins
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+/*
+ * Driver for 16 bit timers on 8 bit AVR devices.
+ * Note:
+ * On ATmega640/V-1280/V-1281/V-2560/V-2561/V timers 1, 3, 4 and 5 are 16 bit
+ */
+
+#ifndef AVR_TIMER16_H
+#define AVR_TIMER16_H
+
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "hw/hw.h"
+
+enum NextInterrupt {
+OVERFLOW,
+COMPA,
+COMPB,
+COMPC,
+CAPT
+};
+
+#define TYPE_AVR_TIMER16 "avr-timer16"
+#define AVR_TIMER16(obj) \
+OBJECT_CHECK(AVRTimer16State, (obj), TYPE_AVR_TIMER16)
+
+typedef struct AVRTimer16State {
+/*  */
+SysBusDevice parent_obj;
+
+/*  */
+MemoryRegion iomem;
+MemoryRegion imsk_iomem;
+MemoryRegion ifr_iomem;
+QEMUTimer *timer;
+qemu_irq capt_irq;
+qemu_irq compa_irq;
+qemu_irq compb_irq;
+qemu_irq compc_irq;
+qemu_irq ovf_irq;
+
+bool enabled;
+
+/* registers */
+uint8_t cra;
+uint8_t crb;
+uint8_t crc;
+uint8_t cntl;
+uint8_t cnth;
+uint8_t icrl;
+uint8_t icrh;
+uint8_t ocral;
+uint8_t ocrah;
+uint8_t ocrbl;
+uint8_t ocrbh;
+uint8_t ocrcl;
+uint8_t ocrch;
+/*
+ * Reads and writes to CNT and ICR utilise a bizarre temporary
+ * register, which we emulate
+ */
+uint8_t rtmp;
+uint8_t imsk;
+uint8_t ifr;
+
+uint64_t cpu_freq_hz;
+uint64_t freq_hz;
+uint64_t period_ns;
+uint64_t reset_time_ns;
+enum NextInterrupt next_interrupt;
+} AVRTimer16State;
+
+#endif /* AVR_TIMER16_H */
diff --git a/hw/timer/avr_timer16.c b/hw/timer/avr_timer16.c
new file mode 100644
index 00..f3dcef7246
--- /dev/null
+++ b/hw/timer/avr_timer16.c
@@ -0,0 +1,601 @@
+/*
+ * AVR 16 bit timer
+ *
+ * Copyright (c) 2018 University of Kent
+ * Author: Ed Robbins
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+/*
+ * Driver for 16 bit timers on 8 bit AVR devices.
+ * Note:
+ * ATmega640/V-1280/V-1281/V-2560/V-2561/V timers 1, 3, 4 and 5 are 16 bit
+ */
+
+/*
+ * XXX TODO: Power Reduction Register support
+ *   prescaler pause support
+ *   PWM modes, GPIO, output capture pins, input compare pin
+ */
+
+#include "qemu/osdep.h"
+#include "hw/timer/avr_timer16.h"
+#include "qemu/log.h"
+#include "hw/irq.h"
+#include "hw/qdev-properties.h"
+
+/* Register offsets */
+#define T16_CRA 0x0
+#define T16_CRB 0x1
+#define T16_CRC 0x2
+#define T16_CNTL0x4
+#define T16_CNTH0x5
+#define T16_ICRL0x6
+#define T16_ICRH0x7
+#define T16_OCRAL   0x8
+#define T16_OCRAH   0x9
+#define T16_OCRBL   0xa
+#define T16_OCRBH   0xb
+#define T16_OCRCL   0xc
+#define T16_OCRCH   0xd
+
+/* Field masks */
+#define T16_CRA_WGM01   0x3
+#define T16_CRA_COMC0xc
+#define T16_CRA_COMB0x30
+#define

[PATCH v38 19/22] target/avr: Update build system

Make AVR support buildable

Signed-off-by: Michael Rolnik 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Aleksandar Markovic 
---
 configure   |  7 +++
 default-configs/avr-softmmu.mak |  5 +
 target/avr/Makefile.objs| 34 +
 3 files changed, 46 insertions(+)
 create mode 100644 default-configs/avr-softmmu.mak
 create mode 100644 target/avr/Makefile.objs

diff --git a/configure b/configure
index 6099be1d84..e9dab313d5 100755
--- a/configure
+++ b/configure
@@ -7649,6 +7649,10 @@ case "$target_name" in
 mttcg="yes"
 gdb_xml_files="aarch64-core.xml aarch64-fpu.xml arm-core.xml arm-vfp.xml 
arm-vfp3.xml arm-neon.xml"
   ;;
+  avr)
+gdb_xml_files="avr-cpu.xml"
+target_compiler=$cross_cc_avr
+  ;;
   cris)
   ;;
   hppa)
@@ -7868,6 +7872,9 @@ for i in $ARCH $TARGET_BASE_ARCH ; do
   disas_config "ARM_A64"
 fi
   ;;
+  avr)
+disas_config "AVR"
+  ;;
   cris)
 disas_config "CRIS"
   ;;
diff --git a/default-configs/avr-softmmu.mak b/default-configs/avr-softmmu.mak
new file mode 100644
index 00..d1e1c28118
--- /dev/null
+++ b/default-configs/avr-softmmu.mak
@@ -0,0 +1,5 @@
+# Default configuration for avr-softmmu
+
+# Boards:
+#
+CONFIG_AVR_SAMPLE=y
diff --git a/target/avr/Makefile.objs b/target/avr/Makefile.objs
new file mode 100644
index 00..7523e0c6e2
--- /dev/null
+++ b/target/avr/Makefile.objs
@@ -0,0 +1,34 @@
+#
+#  QEMU AVR CPU
+#
+#  Copyright (c) 2019 Michael Rolnik
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation; either
+#  version 2.1 of the License, or (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, see
+#  
+#
+
+DECODETREE = $(SRC_PATH)/scripts/decodetree.py
+decode-y = $(SRC_PATH)/target/avr/insn.decode
+
+target/avr/decode_insn.inc.c: $(decode-y) $(DECODETREE)
+   $(call quiet-command, \
+ $(PYTHON) $(DECODETREE) -o $@ --decode decode_insn --insnwidth 16 $<, 
\
+ "GEN", $(TARGET_DIR)$@)
+
+target/avr/translate.o: target/avr/decode_insn.inc.c
+
+obj-y += translate.o cpu.o helper.o
+obj-y += gdbstub.o
+obj-y += disas.o
+obj-$(CONFIG_SOFTMMU) += machine.o
-- 
2.17.2 (Apple Git-113)

[PATCH v38 16/22] target/avr: Add section about AVR into QEMU documentation

Signed-off-by: Michael Rolnik 
---
 qemu-doc.texi | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/qemu-doc.texi b/qemu-doc.texi
index 3ddf5c0a68..cea1008800 100644
--- a/qemu-doc.texi
+++ b/qemu-doc.texi
@@ -1757,6 +1757,7 @@ differences are mentioned in the following sections.
 * Microblaze System emulator::
 * SH4 System emulator::
 * Xtensa System emulator::
+* AVR System emulator::
 @end menu
 
 @node PowerPC System emulator
@@ -2532,6 +2533,15 @@ so should only be used with trusted guest OS.
 
 @c man end
 
+@node AVR System emulator
+@section AVR System emulator
+@cindex system emulation (AVR)
+
+Use the executable @file{qemu-system-avr} to emulates a AVR 8 bit based 
machine having one for the following cores: avr1, avr2, avr25, avr3, avr31, 
avr35, avr4, avr5, avr51, avr6, avrtiny, xmega2, xmega3, xmega4, xmega5, xmega6 
and xmega7.
+
+As for now it does not support any real MCUs. However, it does support a 
"sample" board for educational and testing purposes. This "sample" board hosts 
USART & 16 bit timer devices.
+
+
 @node QEMU User space emulator
 @chapter QEMU User space emulator
 
-- 
2.17.2 (Apple Git-113)

[PATCH v38 21/22] target/avr: Add Avocado test

The test is based on
https://github.com/seharris/qemu-avr-tests/tree/master/free-rtos/Demo
demo which. If working correctly, prints 'ABCDEFGHIJKLMNOPQRSTUVWX' out.
it also demostrates that timer and IRQ are working

Signed-off-by: Michael Rolnik 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Acked-by: Thomas Huth 
---
 tests/acceptance/machine_avr6.py | 58 
 1 file changed, 58 insertions(+)
 create mode 100644 tests/acceptance/machine_avr6.py

diff --git a/tests/acceptance/machine_avr6.py b/tests/acceptance/machine_avr6.py
new file mode 100644
index 00..7a7d8afc29
--- /dev/null
+++ b/tests/acceptance/machine_avr6.py
@@ -0,0 +1,58 @@
+#
+# QEMU AVR
+#
+# Copyright (c) 2019 Michael Rolnik 
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import logging
+import time
+import distutils.spawn
+
+from avocado import skipUnless
+from avocado_qemu import Test
+from avocado.utils import process
+
+class AVR6Machine(Test):
+timeout = 5
+
+def test_freertos(self):
+"""
+:avocado: tags=arch:avr
+:avocado: tags=machine:sample
+"""
+"""
+
https://github.com/seharris/qemu-avr-tests/raw/master/free-rtos/Demo/AVR_ATMega2560_GCC/demo.elf
+constantly prints out 
'ABCDEFGHIJKLMNOPQRSTUVWXABCDEFGHIJKLMNOPQRSTUVWX'
+"""
+rom_url = 'https://github.com/seharris/qemu-avr-tests'
+rom_sha1= '36c3e67b8755dcf37e06af6730ef5d477b8ed16d'
+rom_url += '/raw/'
+rom_url += rom_sha1
+rom_url += '/free-rtos/Demo/AVR_ATMega2560_GCC/demo.elf'
+rom_hash = '7eb521f511ca8f2622e0a3c5e8dd686efbb911d4'
+rom_path = self.fetch_asset(rom_url, asset_hash=rom_hash)
+
+self.vm.set_machine('sample')
+self.vm.add_args('-bios', rom_path)
+self.vm.add_args('-nographic')
+self.vm.launch()
+
+time.sleep(2)
+self.vm.shutdown()
+
+match = 'ABCDEFGHIJKLMNOPQRSTUVWXABCDEFGHIJKLMNOPQRSTUVWX'
+
+self.assertIn(match, self.vm.get_log())
-- 
2.17.2 (Apple Git-113)

[PATCH v38 22/22] target/avr: Update MAINTAINERS file

Include AVR maintaners in MAINTAINERS file

Signed-off-by: Michael Rolnik 
---
 MAINTAINERS | 21 +
 1 file changed, 21 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 5e5e3e52d6..9ab7ed0865 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -163,6 +163,27 @@ S: Maintained
 F: hw/arm/smmu*
 F: include/hw/arm/smmu*
 
+AVR TCG CPUs
+M: Michael Rolnik 
+R: Sarah Harris 
+S: Maintained
+F: target/avr/
+F: tests/acceptance/machine_avr6.py
+F: default-configs/avr-softmmu.mak
+F: gdb-xml/avr-cpu.xml
+
+AVR Machines
+M: Michael Rolnik 
+R: Sarah Harris 
+S: Maintained
+F: hw/avr/
+F: hw/char/avr_usart.c
+F: include/hw/char/avr_usart.h
+F: hw/timer/avr_timer16.c
+F: include/hw/timer/avr_timer16.h
+F: hw/misc/avr_mask.c
+F: include/hw/misc/avr_mask.h
+
 CRIS TCG CPUs
 M: Edgar E. Iglesias 
 S: Maintained
-- 
2.17.2 (Apple Git-113)

[PATCH v38 17/22] target/avr: Register AVR support with the rest of QEMU

Add AVR related definitions into QEMU

Signed-off-by: Michael Rolnik 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Aleksandar Markovic 
---
 qapi/machine.json  | 3 ++-
 include/disas/dis-asm.h| 6 ++
 include/sysemu/arch_init.h | 1 +
 arch_init.c| 2 ++
 4 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/qapi/machine.json b/qapi/machine.json
index ca26779f1a..8c6df54921 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -21,11 +21,12 @@
 #is true even for "qemu-system-x86_64".
 #
 # ppcemb: dropped in 3.1
+# avr: since 5.0
 #
 # Since: 3.0
 ##
 { 'enum' : 'SysEmuTarget',
-  'data' : [ 'aarch64', 'alpha', 'arm', 'cris', 'hppa', 'i386', 'lm32',
+  'data' : [ 'aarch64', 'alpha', 'arm', 'avr', 'cris', 'hppa', 'i386', 'lm32',
  'm68k', 'microblaze', 'microblazeel', 'mips', 'mips64',
  'mips64el', 'mipsel', 'moxie', 'nios2', 'or1k', 'ppc',
  'ppc64', 'riscv32', 'riscv64', 's390x', 'sh4',
diff --git a/include/disas/dis-asm.h b/include/disas/dis-asm.h
index e9c7dd8eb4..8bedce17ac 100644
--- a/include/disas/dis-asm.h
+++ b/include/disas/dis-asm.h
@@ -211,6 +211,12 @@ enum bfd_architecture
 #define bfd_mach_m32r  0  /* backwards compatibility */
   bfd_arch_mn10200,/* Matsushita MN10200 */
   bfd_arch_mn10300,/* Matsushita MN10300 */
+  bfd_arch_avr,   /* Atmel AVR microcontrollers.  */
+#define bfd_mach_avr1  1
+#define bfd_mach_avr2  2
+#define bfd_mach_avr3  3
+#define bfd_mach_avr4  4
+#define bfd_mach_avr5  5
   bfd_arch_cris,   /* Axis CRIS */
 #define bfd_mach_cris_v0_v10   255
 #define bfd_mach_cris_v32  32
diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
index 62c6fe4cf1..893df26ce2 100644
--- a/include/sysemu/arch_init.h
+++ b/include/sysemu/arch_init.h
@@ -24,6 +24,7 @@ enum {
 QEMU_ARCH_NIOS2 = (1 << 17),
 QEMU_ARCH_HPPA = (1 << 18),
 QEMU_ARCH_RISCV = (1 << 19),
+QEMU_ARCH_AVR = (1 << 20),
 };
 
 extern const uint32_t arch_type;
diff --git a/arch_init.c b/arch_init.c
index 705d0b94ad..6a741165b2 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -89,6 +89,8 @@ int graphic_depth = 32;
 #define QEMU_ARCH QEMU_ARCH_UNICORE32
 #elif defined(TARGET_XTENSA)
 #define QEMU_ARCH QEMU_ARCH_XTENSA
+#elif defined(TARGET_AVR)
+#define QEMU_ARCH QEMU_ARCH_AVR
 #endif
 
 const uint32_t arch_type = QEMU_ARCH;
-- 
2.17.2 (Apple Git-113)

[PATCH v38 07/22] target/avr: Add instruction translation - Data Transfer Instructions

This includes:
- MOV, MOVW
- LDI, LDS LDX LDY LDZ
- LDDY, LDDZ
- STS, STX STY STZ
- STDY, STDZ
- LPM, LPMX
- ELPM, ELPMX
- SPM, SPMX
- IN, OUT
- PUSH, POP
- XCH
- LAS, LAC LAT

Signed-off-by: Michael Rolnik 
---
 target/avr/translate.c | 861 +
 1 file changed, 861 insertions(+)

diff --git a/target/avr/translate.c b/target/avr/translate.c
index 8eb39a868d..031176c9bd 100644
--- a/target/avr/translate.c
+++ b/target/avr/translate.c
@@ -1412,3 +1412,864 @@ static bool trans_BRBS(DisasContext *ctx, arg_BRBS *a)
 return true;
 }
 
+
+/*
+ *  This instruction makes a copy of one register into another. The source
+ *  register Rr is left unchanged, while the destination register Rd is loaded
+ *  with a copy of Rr.
+ */
+static bool trans_MOV(DisasContext *ctx, arg_MOV *a)
+{
+TCGv Rd = cpu_r[a->rd];
+TCGv Rr = cpu_r[a->rr];
+
+tcg_gen_mov_tl(Rd, Rr);
+
+return true;
+}
+
+
+/*
+ *  This instruction makes a copy of one register pair into another register
+ *  pair. The source register pair Rr+1:Rr is left unchanged, while the
+ *  destination register pair Rd+1:Rd is loaded with a copy of Rr + 1:Rr.  This
+ *  instruction is not available in all devices. Refer to the device specific
+ *  instruction set summary.
+ */
+static bool trans_MOVW(DisasContext *ctx, arg_MOVW *a)
+{
+if (!avr_have_feature(ctx, AVR_FEATURE_MOVW)) {
+return true;
+}
+
+TCGv RdL = cpu_r[a->rd];
+TCGv RdH = cpu_r[a->rd + 1];
+TCGv RrL = cpu_r[a->rr];
+TCGv RrH = cpu_r[a->rr + 1];
+
+tcg_gen_mov_tl(RdH, RrH);
+tcg_gen_mov_tl(RdL, RrL);
+
+return true;
+}
+
+
+/*
+ * Loads an 8 bit constant directly to register 16 to 31.
+ */
+static bool trans_LDI(DisasContext *ctx, arg_LDI *a)
+{
+TCGv Rd = cpu_r[a->rd];
+int imm = a->imm;
+
+tcg_gen_movi_tl(Rd, imm);
+
+return true;
+}
+
+
+/*
+ *  Loads one byte from the data space to a register. For parts with SRAM,
+ *  the data space consists of the Register File, I/O memory and internal SRAM
+ *  (and external SRAM if applicable). For parts without SRAM, the data space
+ *  consists of the register file only. The EEPROM has a separate address 
space.
+ *  A 16-bit address must be supplied. Memory access is limited to the current
+ *  data segment of 64KB. The LDS instruction uses the RAMPD Register to access
+ *  memory above 64KB. To access another data segment in devices with more than
+ *  64KB data space, the RAMPD in register in the I/O area has to be changed.
+ *  This instruction is not available in all devices. Refer to the device
+ *  specific instruction set summary.
+ */
+static bool trans_LDS(DisasContext *ctx, arg_LDS *a)
+{
+TCGv Rd = cpu_r[a->rd];
+TCGv addr = tcg_temp_new_i32();
+TCGv H = cpu_rampD;
+a->imm = next_word(ctx);
+
+tcg_gen_mov_tl(addr, H); /* addr = H:M:L */
+tcg_gen_shli_tl(addr, addr, 16);
+tcg_gen_ori_tl(addr, addr, a->imm);
+
+gen_data_load(ctx, Rd, addr);
+
+tcg_temp_free_i32(addr);
+
+return true;
+}
+
+
+/*
+ *  Loads one byte indirect from the data space to a register. For parts
+ *  with SRAM, the data space consists of the Register File, I/O memory and
+ *  internal SRAM (and external SRAM if applicable). For parts without SRAM, 
the
+ *  data space consists of the Register File only. In some parts the Flash
+ *  Memory has been mapped to the data space and can be read using this 
command.
+ *  The EEPROM has a separate address space.  The data location is pointed to 
by
+ *  the X (16 bits) Pointer Register in the Register File. Memory access is
+ *  limited to the current data segment of 64KB. To access another data segment
+ *  in devices with more than 64KB data space, the RAMPX in register in the I/O
+ *  area has to be changed.  The X-pointer Register can either be left 
unchanged
+ *  by the operation, or it can be post-incremented or predecremented.  These
+ *  features are especially suited for accessing arrays, tables, and Stack
+ *  Pointer usage of the X-pointer Register. Note that only the low byte of the
+ *  X-pointer is updated in devices with no more than 256 bytes data space. For
+ *  such devices, the high byte of the pointer is not used by this instruction
+ *  and can be used for other purposes. The RAMPX Register in the I/O area is
+ *  updated in parts with more than 64KB data space or more than 64KB Program
+ *  memory, and the increment/decrement is added to the entire 24-bit address 
on
+ *  such devices.  Not all variants of this instruction is available in all
+ *  devices. Refer to the device specific instruction set summary.  In the
+ *  Reduced Core tinyAVR the LD instruction can be used to achieve the same
+ *  operation as LPM since the program memory is mapped to the data memory
+ *  space.
+ */
+static bool trans_LDX1(DisasContext *ctx, arg_LDX1 *a)
+{
+TCGv Rd = cpu_r[a->rd];
+TCGv addr = gen_get_xaddr();
+
+

[PATCH v38 20/22] target/avr: Add boot serial test

Print out 'T' through serial port

Signed-off-by: Michael Rolnik 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Acked-by: Thomas Huth 
---
 tests/boot-serial-test.c | 10 ++
 tests/Makefile.include   |  2 ++
 2 files changed, 12 insertions(+)

diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index d3a54a0ba5..1121ed0db2 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -16,6 +16,15 @@
 #include "qemu/osdep.h"
 #include "libqtest.h"
 
+static const uint8_t bios_avr[] = {
+0x88, 0xe0, /* ldi r24, 0x08   */
+0x80, 0x93, 0xc1, 0x00, /* sts 0x00C1, r24 ; Enable tx */
+0x86, 0xe0, /* ldi r24, 0x06   */
+0x80, 0x93, 0xc2, 0x00, /* sts 0x00C2, r24 ; Set the data bits to 8 */
+0x84, 0xe5, /* ldi r24, 0x54   */
+0x80, 0x93, 0xc6, 0x00, /* sts 0x00C6, r24 ; Output 'T' */
+};
+
 static const uint8_t kernel_mcf5208[] = {
 0x41, 0xf9, 0xfc, 0x06, 0x00, 0x00, /* lea 0xfc06,%a0 */
 0x10, 0x3c, 0x00, 0x54, /* move.b #'T',%d0 */
@@ -103,6 +112,7 @@ typedef struct testdef {
 
 static testdef_t tests[] = {
 { "alpha", "clipper", "", "PCI:" },
+{ "avr", "sample", "", "T", sizeof(bios_avr), NULL, bios_avr },
 { "ppc", "ppce500", "", "U-Boot" },
 { "ppc", "40p", "-vga none -boot d", "Trying cd:," },
 { "ppc", "g3beige", "", "PowerPC,750" },
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 8566f5f119..3e18e5770c 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -208,6 +208,8 @@ check-qtest-i386-y += tests/test-x86-cpuid-compat$(EXESUF)
 check-qtest-i386-y += tests/numa-test$(EXESUF)
 check-qtest-x86_64-y += $(check-qtest-i386-y)
 
+check-qtest-avr-y += tests/boot-serial-test$(EXESUF)
+
 check-qtest-alpha-y += tests/boot-serial-test$(EXESUF)
 check-qtest-alpha-$(CONFIG_VGA) += tests/display-vga-test$(EXESUF)
 
-- 
2.17.2 (Apple Git-113)

Re: [PATCH v38 00/22] QEMU AVR 8 bit cores

I hope I did not miss anything.

On Sun, Dec 8, 2019 at 8:39 PM Michael Rolnik  wrote:

> This series of patches adds 8bit AVR cores to QEMU.
> All instruction, except BREAK/DES/SPM/SPMX, are implemented. Not fully
> tested yet.
> However I was able to execute simple code with functions. e.g fibonacci
> calculation.
> This series of patches include a non real, sample board.
> No fuses support yet. PC is set to 0 at reset.
>
> Following are examples of possible usages, assuming program.elf is
> compiled for AVR cpu
> 1.  Continious non interrupted execution
> run `qemu-system-avr -kernel program.elf`
> 2.  Continious non interrupted execution with serial output into telnet
> window
> run `qemu-system-avr -kernel program.elf -serial
> tcp::5678,server,nowait -nographic `
> run `telent localhost 5678`
> 3.  Continious non interrupted execution with serial output into stdout
> run `qemu-system-avr -kernel program.elf -serial stdio`
> 4.  Debugging wit GDB debugger
> run `qemu-system-avr -kernel program.elf -s -S`
> run `avr-gdb program.elf` and then within GDB shell `target remote
> :1234`
> 5.  Print out executed instructions
> run `qemu-system-avr -kernel program.elf -d in_asm`
>
>
> the patches include the following
> 1. just a basic 8bit AVR CPU, without instruction decoding or translation
> 2. CPU features which allow define the following 8bit AVR cores
>  avr1
>  avr2 avr25
>  avr3 avr31 avr35
>  avr4
>  avr5 avr51
>  avr6
>  xmega2 xmaga3 xmega4 xmega5 xmega6 xmega7
> 3. a definition of sample machine with SRAM, FLASH and CPU which allows to
> execute simple code
> 4. encoding for all AVR instructions
> 5. interrupt handling
> 6. helpers for IN, OUT, SLEEP, WBR & unsupported instructions
> 7. a decoder which given an opcode decides what istruction it is
> 8. translation of AVR instruction into TCG
> 9. all features together
>
> changes since v3
> 1. rampD/X/Y/Z registers are encoded as 0x00ff (instead of 0x00ff)
> for faster address manipulaton
> 2. ffs changed to ctz32
> 3. duplicate code removed at avr_cpu_do_interrupt
> 4. using andc instead of not + and
> 5. fixing V flag calculation in varios instructions
> 6. freeing local variables in PUSH
> 7. tcg_const_local_i32 -> tcg_const_i32
> 8. using sextract32 instead of my implementation
> 9. fixing BLD instruction
> 10.xor(r) instead of 0xff - r at COM
> 11.fixing MULS/MULSU not to modify inputs' content
> 12.using SUB for NEG
> 13.fixing tcg_gen_qemu_ld/st call in XCH
>
> changes since v4
> 1. target is now defined as big endian in order to optimize
> push_ret/pop_ret
> 2. all style warnings are fixed
> 3. adding cpu_set/get_sreg functions
> 4. simplifying gen_goto_tb as there is no real paging
> 5. env->pc -> env->pc_w
> 6. making flag dump more compact
> 7. more spacing
> 8. renaming CODE/DATA_INDEX -> MMU_CODE/DATA_IDX
> 9. removing avr_set_feature
> 10. SPL/SPH set bug fix
> 11. switching stb_phys to cpu_stb_data
> 12. cleaning up avr_decode
> 13. saving sreg, rampD/X/Y/Z, eind in HW format (savevm)
> 14. saving CPU features (savevm)
>
> changes since v5
> 1. BLD bug fix
> 2. decoder generator is added
>
> chages since v6
> 1. using cpu_get_sreg/cpu_set_sreg in
> avr_cpu_gdb_read_register/avr_cpu_gdb_write_register
> 2. configure the target as little endian because otherwise GDB does not
> work
> 3. fixing and testing gen_push_ret/gen_pop_ret
>
> changes since v7
> 1. folding back v6
> 2. logging at helper_outb and helper_inb are done for non supported yet
> registers only
> 3. MAINTAINERS updated
>
> changes since v8
> 1. removing hw/avr from hw/Makefile.obj as it should not be built for all
> 2. making linux compilable
> 3. testing on
> a. Mac, Apple LLVM version 7.0.0
> b. Ubuntu 12.04, gcc 4.9.2
> c. Fedora 23, gcc 5.3.1
> 4. folding back some patches
> 5. translation bug fixes for ORI, CPI, XOR instructions
> 6. propper handling of cpu register writes though memory
>
> changes since v9
> 1. removing forward declarations of static functions
> 2. disabling debug prints
> 3. switching to case range instead of if else if ...
> 4. LD/ST IN/OUT accessing CPU maintainder registers are not routed to any
> device
> 5. commenst about sample board and sample IO device added
> 6. sample board description is more descriptive now
> 7. memory_region_allocate_system_memory is used to create RAM
> 8. now there are helper_fullrd & helper_fullwr when LD/ST try to access
> registers
>
> changes since v10
> 1. movig back fullwr & fullrd into the commit where outb and inb were
> introduced
> 2. changing tlb_fill function signature
> 3. adding empty line between functions
> 4. adding newline on the last line of the file
> 5. using tb->flags to generae full access ST/LD instructions
> 6. fixing SBRC bug
> 7. folding back 10th commit
> 8. whenever a new file is introduced it's added to Makefile.objs
>
> changes since v11
> 1. updating to v2.7.0-rc
> 2. removing assignment to env->fullacc

[PATCH v38 08/22] target/avr: Add instruction translation - Bit and Bit-test Instructions

This includes:
- LSR, ROR
- ASR
- SWAP
- SBI, CBI
- BST, BLD
- BSET, BCLR

Signed-off-by: Michael Rolnik 
---
 target/avr/translate.c | 243 +
 1 file changed, 243 insertions(+)

diff --git a/target/avr/translate.c b/target/avr/translate.c
index 031176c9bd..d8d8f11933 100644
--- a/target/avr/translate.c
+++ b/target/avr/translate.c
@@ -313,6 +313,15 @@ static void gen_goto_tb(DisasContext *ctx, int n, 
target_ulong dest)
 }
 
 
+static void gen_rshift_ZNVSf(TCGv R)
+{
+tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
+tcg_gen_shri_tl(cpu_Nf, R, 7); /* Nf = R(7) */
+tcg_gen_xor_tl(cpu_Vf, cpu_Nf, cpu_Cf);
+tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */
+}
+
+
 /*
  *  Adds two registers without the C Flag and places the result in the
  *  destination register Rd.
@@ -2273,3 +2282,237 @@ static bool trans_LAT(DisasContext *ctx, arg_LAT *a)
 
 return true;
 }
+
+
+/*
+ *  Shifts all bits in Rd one place to the right. Bit 7 is cleared. Bit 0 is
+ *  loaded into the C Flag of the SREG. This operation effectively divides an
+ *  unsigned value by two. The C Flag can be used to round the result.
+ */
+static bool trans_LSR(DisasContext *ctx, arg_LSR *a)
+{
+TCGv Rd = cpu_r[a->rd];
+
+tcg_gen_andi_tl(cpu_Cf, Rd, 1);
+tcg_gen_shri_tl(Rd, Rd, 1);
+tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, Rd, 0); /* Zf = Rd == 0 */
+tcg_gen_movi_tl(cpu_Nf, 0);
+tcg_gen_mov_tl(cpu_Vf, cpu_Cf);
+tcg_gen_mov_tl(cpu_Sf, cpu_Vf);
+
+return true;
+}
+
+
+/*
+ *  Shifts all bits in Rd one place to the right. The C Flag is shifted into
+ *  bit 7 of Rd. Bit 0 is shifted into the C Flag.  This operation, combined
+ *  with ASR, effectively divides multi-byte signed values by two. Combined 
with
+ *  LSR it effectively divides multi-byte unsigned values by two. The Carry 
Flag
+ *  can be used to round the result.
+ */
+static bool trans_ROR(DisasContext *ctx, arg_ROR *a)
+{
+TCGv Rd = cpu_r[a->rd];
+TCGv t0 = tcg_temp_new_i32();
+
+tcg_gen_shli_tl(t0, cpu_Cf, 7);
+tcg_gen_andi_tl(cpu_Cf, Rd, 1);
+tcg_gen_shri_tl(Rd, Rd, 1);
+tcg_gen_or_tl(Rd, Rd, t0);
+gen_rshift_ZNVSf(Rd);
+
+tcg_temp_free_i32(t0);
+
+return true;
+}
+
+
+/*
+ *  Shifts all bits in Rd one place to the right. Bit 7 is held constant. Bit 0
+ *  is loaded into the C Flag of the SREG. This operation effectively divides a
+ *  signed value by two without changing its sign. The Carry Flag can be used 
to
+ *  round the result.
+ */
+static bool trans_ASR(DisasContext *ctx, arg_ASR *a)
+{
+TCGv Rd = cpu_r[a->rd];
+TCGv t0 = tcg_temp_new_i32();
+
+tcg_gen_andi_tl(cpu_Cf, Rd, 1); /* Cf = Rd(0) */
+tcg_gen_andi_tl(t0, Rd, 0x80); /* Rd = (Rd & 0x80) | (Rd >> 1) */
+tcg_gen_shri_tl(Rd, Rd, 1);
+tcg_gen_or_tl(Rd, Rd, t0);
+
+gen_rshift_ZNVSf(Rd);
+
+tcg_temp_free_i32(t0);
+
+return true;
+}
+
+
+/*
+ *  Swaps high and low nibbles in a register.
+ */
+static bool trans_SWAP(DisasContext *ctx, arg_SWAP *a)
+{
+TCGv Rd = cpu_r[a->rd];
+TCGv t0 = tcg_temp_new_i32();
+TCGv t1 = tcg_temp_new_i32();
+
+tcg_gen_andi_tl(t0, Rd, 0x0f);
+tcg_gen_shli_tl(t0, t0, 4);
+tcg_gen_andi_tl(t1, Rd, 0xf0);
+tcg_gen_shri_tl(t1, t1, 4);
+tcg_gen_or_tl(Rd, t0, t1);
+
+tcg_temp_free_i32(t1);
+tcg_temp_free_i32(t0);
+
+return true;
+}
+
+
+/*
+ *  Sets a specified bit in an I/O Register. This instruction operates on
+ *  the lower 32 I/O Registers -- addresses 0-31.
+ */
+static bool trans_SBI(DisasContext *ctx, arg_SBI *a)
+{
+TCGv data = tcg_temp_new_i32();
+TCGv port = tcg_const_i32(a->reg);
+
+gen_helper_inb(data, cpu_env, port);
+tcg_gen_ori_tl(data, data, 1 << a->bit);
+gen_helper_outb(cpu_env, port, data);
+
+tcg_temp_free_i32(port);
+tcg_temp_free_i32(data);
+
+return true;
+}
+
+
+/*
+ *  Clears a specified bit in an I/O Register. This instruction operates on
+ *  the lower 32 I/O Registers -- addresses 0-31.
+ */
+static bool trans_CBI(DisasContext *ctx, arg_CBI *a)
+{
+TCGv data = tcg_temp_new_i32();
+TCGv port = tcg_const_i32(a->reg);
+
+gen_helper_inb(data, cpu_env, port);
+tcg_gen_andi_tl(data, data, ~(1 << a->bit));
+gen_helper_outb(cpu_env, port, data);
+
+tcg_temp_free_i32(data);
+tcg_temp_free_i32(port);
+
+return true;
+}
+
+
+/*
+ *  Stores bit b from Rd to the T Flag in SREG (Status Register).
+ */
+static bool trans_BST(DisasContext *ctx, arg_BST *a)
+{
+TCGv Rd = cpu_r[a->rd];
+
+tcg_gen_andi_tl(cpu_Tf, Rd, 1 << a->bit);
+tcg_gen_shri_tl(cpu_Tf, cpu_Tf, a->bit);
+
+return true;
+}
+
+
+/*
+ *  Copies the T Flag in the SREG (Status Register) to bit b in register Rd.
+ */
+static bool trans_BLD(DisasContext *ctx, arg_BLD *a)
+{
+TCGv Rd = cpu_r[a->rd];
+TCGv t1 = tcg_temp_new_i32();
+
+tcg_gen_andi_tl(Rd, Rd, ~(1u << a->bit)); /* clear bit */
+

[PATCH v38 18/22] target/avr: Add machine none test

Signed-off-by: Michael Rolnik 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Aleksandar Markovic 
---
 tests/machine-none-test.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/machine-none-test.c b/tests/machine-none-test.c
index 5953d31755..3e5c74e73e 100644
--- a/tests/machine-none-test.c
+++ b/tests/machine-none-test.c
@@ -27,6 +27,7 @@ static struct arch2cpu cpus_map[] = {
 /* tested targets list */
 { "arm", "cortex-a15" },
 { "aarch64", "cortex-a57" },
+{ "avr", "avr6-avr-cpu" },
 { "x86_64", "qemu64,apic-id=0" },
 { "i386", "qemu32,apic-id=0" },
 { "alpha", "ev67" },
-- 
2.17.2 (Apple Git-113)

[PATCH v38 15/22] target/avr: Add example board configuration

A simple board setup that configures an AVR CPU to run a given firmware image.
This is all that's useful to implement without peripheral emulation as AVR CPUs 
include a lot of on-board peripherals.

NOTE: this is not a real board 
NOTE: it's used for CPU testing

Signed-off-by: Michael Rolnik 
Reviewed-by: Aleksandar Markovic 
Nacked-by: Philippe Mathieu-Daudé 
---
 include/elf.h|   2 +
 include/hw/elf_ops.h |   6 +-
 include/hw/loader.h  |   3 +-
 hw/avr/sample.c  | 293 +++
 hw/core/loader.c |  13 +-
 hw/Kconfig   |   1 +
 hw/avr/Kconfig   |   6 +
 hw/avr/Makefile.objs |   1 +
 8 files changed, 317 insertions(+), 8 deletions(-)
 create mode 100644 hw/avr/sample.c
 create mode 100644 hw/avr/Kconfig
 create mode 100644 hw/avr/Makefile.objs

diff --git a/include/elf.h b/include/elf.h
index 3501e0c8d0..53cdfa23b7 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -202,6 +202,8 @@ typedef struct mips_elf_abiflags_v0 {
 #define EM_MOXIE   223 /* Moxie processor family */
 #define EM_MOXIE_OLD   0xFEED
 
+#define EM_AVR 83 /* AVR 8-bit microcontroller */
+
 /* This is the info that is needed to parse the dynamic section of the file */
 #define DT_NULL0
 #define DT_NEEDED  1
diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h
index e07d276df7..9f28c16490 100644
--- a/include/hw/elf_ops.h
+++ b/include/hw/elf_ops.h
@@ -316,7 +316,8 @@ static int glue(load_elf, SZ)(const char *name, int fd,
   void *translate_opaque,
   int must_swab, uint64_t *pentry,
   uint64_t *lowaddr, uint64_t *highaddr,
-  int elf_machine, int clear_lsb, int data_swab,
+  int elf_machine, uint32_t *pflags,
+  int clear_lsb, int data_swab,
   AddressSpace *as, bool load_rom,
   symbol_fn_t sym_cb)
 {
@@ -594,6 +595,9 @@ static int glue(load_elf, SZ)(const char *name, int fd,
 }
 }
 
+if (pflags) {
+*pflags = (uint32_t)(elf_sword)ehdr.e_flags;
+}
 if (lowaddr)
 *lowaddr = (uint64_t)(elf_sword)low;
 if (highaddr)
diff --git a/include/hw/loader.h b/include/hw/loader.h
index 48a96cd559..3dbdd1868d 100644
--- a/include/hw/loader.h
+++ b/include/hw/loader.h
@@ -132,7 +132,8 @@ int load_elf_ram_sym(const char *filename,
  uint64_t (*translate_fn)(void *, uint64_t),
  void *translate_opaque, uint64_t *pentry,
  uint64_t *lowaddr, uint64_t *highaddr, int big_endian,
- int elf_machine, int clear_lsb, int data_swab,
+ int elf_machine, uint32_t *pflags,
+ int clear_lsb, int data_swab,
  AddressSpace *as, bool load_rom, symbol_fn_t sym_cb);
 
 /** load_elf_ram:
diff --git a/hw/avr/sample.c b/hw/avr/sample.c
new file mode 100644
index 00..6574733b57
--- /dev/null
+++ b/hw/avr/sample.c
@@ -0,0 +1,293 @@
+/*
+ * QEMU AVR CPU
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+/*
+ *  NOTE:
+ *  This is not a real AVR board, this is an example!
+ *  The CPU is an approximation of an ATmega2560, but is missing various
+ *  built-in peripherals.
+ *
+ *  This example board loads provided binary file into flash memory and
+ *  executes it from 0x address in the code memory space.
+ *
+ *  Currently used for AVR CPU validation
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/qtest.h"
+#include "ui/console.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "qemu/error-report.h"
+#include "exec/address-spaces.h"
+#include "include/hw/sysbus.h"
+#include "include/hw/char/avr_usart.h"
+#include "include/hw/timer/avr_timer16.h"
+#include "include/hw/misc/avr_mask.h"
+#include "elf.h"
+#include "hw/misc/unimp.h"
+
+#define SIZE_FLASH 0x0004
+#define SIZE_SRAM 0x2000
+/*
+ * Size of additional "external" memory, as if the AVR were configured to use
+ * an external RAM chip.
+ * Note that the

[PATCH v38 14/22] target/avr: Add dummy mask device

Signed-off-by: Michael Rolnik 
---
 include/hw/misc/avr_mask.h |  47 
 hw/misc/avr_mask.c | 112 +
 hw/misc/Kconfig|   3 +
 hw/misc/Makefile.objs  |   2 +
 4 files changed, 164 insertions(+)
 create mode 100644 include/hw/misc/avr_mask.h
 create mode 100644 hw/misc/avr_mask.c

diff --git a/include/hw/misc/avr_mask.h b/include/hw/misc/avr_mask.h
new file mode 100644
index 00..d3e21972d8
--- /dev/null
+++ b/include/hw/misc/avr_mask.h
@@ -0,0 +1,47 @@
+/*
+ * AVR Power Reduction
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef HW_avr_mask_H
+#define HW_avr_mask_H
+
+#include "hw/sysbus.h"
+#include "chardev/char-fe.h"
+#include "hw/hw.h"
+
+
+#define TYPE_AVR_MASK "avr-mask"
+#define AVR_MASK(obj) OBJECT_CHECK(AVRMaskState, (obj), TYPE_AVR_MASK)
+
+typedef struct {
+/*  */
+SysBusDevice parent_obj;
+
+/*  */
+MemoryRegion iomem;
+
+uint8_t val;
+qemu_irq irq[8];
+} AVRMaskState;
+
+#endif /* HW_avr_mask_H */
diff --git a/hw/misc/avr_mask.c b/hw/misc/avr_mask.c
new file mode 100644
index 00..3af82ed9c1
--- /dev/null
+++ b/hw/misc/avr_mask.c
@@ -0,0 +1,112 @@
+/*
+ * AVR Power Reduction
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/misc/avr_mask.h"
+#include "qemu/log.h"
+#include "hw/qdev-properties.h"
+#include "hw/irq.h"
+
+#define DB_PRINT(fmt, args...) /* Nothing */
+/*#define DB_PRINT(fmt, args...) printf("%s: " fmt "\n", __func__, ## args)*/
+
+static void avr_mask_reset(DeviceState *dev)
+{
+AVRMaskState *s = AVR_MASK(dev);
+
+s->val = 0x00;
+
+for (int i = 0; i < 8; i++) {
+qemu_set_irq(s->irq[i], 0);
+}
+}
+
+static uint64_t avr_mask_read(void *opaque, hwaddr offset, unsigned size)
+{
+assert(size == 1);
+assert(offset == 0);
+AVRMaskState *s = opaque;
+
+return (uint64_t)s->val;
+}
+
+static void avr_mask_write(void *opaque, hwaddr offset,
+  uint64_t val64, unsigned size)
+{
+assert(size == 1);
+assert(offset == 0);
+AVRMaskState *s = opaque;
+uint8_t val8 = val64;
+
+DB_PRINT("write %d to offset %d", val8, (uint8_t)offset);
+
+s->val = val8;
+for (int i = 0; i < 8; i++) {
+qemu_set_irq(s->irq[i], (val8 & (1 << i)) != 0);
+}
+}
+
+static const MemoryRegionOps avr_mask_ops = {
+.read = avr_mask_read,
+.write = avr_mask_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.impl = {.max_access_size = 1}
+};
+
+static void avr_mask_init(Object *dev)
+{
+AVRMaskState *s = AVR_MASK(dev);
+SysBusDevice *busdev = SYS_BUS_DEVICE(dev);
+
+memory_region_init_io(>iomem, dev, _mask_ops, s, TYPE_AVR_MASK,
+0x01);
+sysbus_init_mmio(busdev, >iomem);
+
+for

[PATCH v38 09/22] target/avr: Add instruction translation - MCU Control Instructions

This includes:
- BREAK
- NOP
- SLEEP
- WDR

Signed-off-by: Michael Rolnik 
---
 target/avr/translate.c | 174 +
 1 file changed, 174 insertions(+)

diff --git a/target/avr/translate.c b/target/avr/translate.c
index d8d8f11933..68025112ff 100644
--- a/target/avr/translate.c
+++ b/target/avr/translate.c
@@ -369,6 +369,115 @@ static bool trans_ADC(DisasContext *ctx, arg_ADC *a)
 }
 
 
+static void gen_jmp_ez(DisasContext *ctx)
+{
+tcg_gen_deposit_tl(cpu_pc, cpu_r[30], cpu_r[31], 8, 8);
+tcg_gen_or_tl(cpu_pc, cpu_pc, cpu_eind);
+ctx->bstate = DISAS_LOOKUP;
+}
+
+
+static void gen_jmp_z(DisasContext *ctx)
+{
+tcg_gen_deposit_tl(cpu_pc, cpu_r[30], cpu_r[31], 8, 8);
+ctx->bstate = DISAS_LOOKUP;
+}
+
+
+/*
+ *  in the gen_set_addr & gen_get_addr functions
+ *  H assumed to be in 0x00ff format
+ *  M assumed to be in 0x00ff format
+ *  L assumed to be in 0x00ff format
+ */
+static void gen_set_addr(TCGv addr, TCGv H, TCGv M, TCGv L)
+{
+
+tcg_gen_andi_tl(L, addr, 0x00ff);
+
+tcg_gen_andi_tl(M, addr, 0xff00);
+tcg_gen_shri_tl(M, M, 8);
+
+tcg_gen_andi_tl(H, addr, 0x00ff);
+}
+
+
+static void gen_set_xaddr(TCGv addr)
+{
+gen_set_addr(addr, cpu_rampX, cpu_r[27], cpu_r[26]);
+}
+
+
+static void gen_set_yaddr(TCGv addr)
+{
+gen_set_addr(addr, cpu_rampY, cpu_r[29], cpu_r[28]);
+}
+
+
+static void gen_set_zaddr(TCGv addr)
+{
+gen_set_addr(addr, cpu_rampZ, cpu_r[31], cpu_r[30]);
+}
+
+
+static TCGv gen_get_addr(TCGv H, TCGv M, TCGv L)
+{
+TCGv addr = tcg_temp_new_i32();
+
+tcg_gen_deposit_tl(addr, M, H, 8, 8);
+tcg_gen_deposit_tl(addr, L, addr, 8, 16);
+
+return addr;
+}
+
+
+static TCGv gen_get_xaddr(void)
+{
+return gen_get_addr(cpu_rampX, cpu_r[27], cpu_r[26]);
+}
+
+
+static TCGv gen_get_yaddr(void)
+{
+return gen_get_addr(cpu_rampY, cpu_r[29], cpu_r[28]);
+}
+
+
+static TCGv gen_get_zaddr(void)
+{
+return gen_get_addr(cpu_rampZ, cpu_r[31], cpu_r[30]);
+}
+
+
+/*
+ *  Load one byte indirect from data space to register and stores an clear
+ *  the bits in data space specified by the register. The instruction can only
+ *  be used towards internal SRAM.  The data location is pointed to by the Z 
(16
+ *  bits) Pointer Register in the Register File. Memory access is limited to 
the
+ *  current data segment of 64KB. To access another data segment in devices 
with
+ *  more than 64KB data space, the RAMPZ in register in the I/O area has to be
+ *  changed.  The Z-pointer Register is left unchanged by the operation. This
+ *  instruction is especially suited for clearing status bits stored in SRAM.
+ */
+static void gen_data_store(DisasContext *ctx, TCGv data, TCGv addr)
+{
+if (ctx->tb->flags & TB_FLAGS_FULL_ACCESS) {
+gen_helper_fullwr(cpu_env, data, addr);
+} else {
+tcg_gen_qemu_st8(data, addr, MMU_DATA_IDX); /* mem[addr] = data */
+}
+}
+
+static void gen_data_load(DisasContext *ctx, TCGv data, TCGv addr)
+{
+if (ctx->tb->flags & TB_FLAGS_FULL_ACCESS) {
+gen_helper_fullrd(data, cpu_env, addr);
+} else {
+tcg_gen_qemu_ld8u(data, addr, MMU_DATA_IDX); /* data = mem[addr] */
+}
+}
+
+
 /*
  *  Subtracts an immediate value (0-63) from a register pair and places the
  *  result in the register pair. This instruction operates on the upper four
@@ -2516,3 +2625,68 @@ static bool trans_BCLR(DisasContext *ctx, arg_BCLR *a)
 
 return true;
 }
+
+
+/*
+ *  The BREAK instruction is used by the On-chip Debug system, and is
+ *  normally not used in the application software. When the BREAK instruction 
is
+ *  executed, the AVR CPU is set in the Stopped Mode. This gives the On-chip
+ *  Debugger access to internal resources.  If any Lock bits are set, or either
+ *  the JTAGEN or OCDEN Fuses are unprogrammed, the CPU will treat the BREAK
+ *  instruction as a NOP and will not enter the Stopped mode.  This instruction
+ *  is not available in all devices. Refer to the device specific instruction
+ *  set summary.
+ */
+static bool trans_BREAK(DisasContext *ctx, arg_BREAK *a)
+{
+if (!avr_have_feature(ctx, AVR_FEATURE_BREAK)) {
+return true;
+}
+
+#ifdef BREAKPOINT_ON_BREAK
+tcg_gen_movi_tl(cpu_pc, ctx->npc - 1);
+gen_helper_debug(cpu_env);
+ctx->bstate = DISAS_EXIT;
+#else
+/* NOP */
+#endif
+
+return true;
+}
+
+
+/*
+ *  This instruction performs a single cycle No Operation.
+ */
+static bool trans_NOP(DisasContext *ctx, arg_NOP *a)
+{
+
+/* NOP */
+
+return true;
+}
+
+
+/*
+ *  This instruction sets the circuit in sleep mode defined by the MCU
+ *  Control Register.
+ */
+static bool trans_SLEEP(DisasContext *ctx, arg_SLEEP *a)
+{
+gen_helper_sleep(cpu_env);
+ctx->bstate = DISAS_NORETURN;
+return true;
+}
+
+
+/*
+ *  This instruction resets the Watchdog Timer. This instruction must be
+ *  executed within a limited time given by the WD prescaler. See the Watchdog

[PATCH v38 04/22] target/avr: Add instruction translation - Registers definition

Signed-off-by: Michael Rolnik 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 target/avr/translate.c | 143 +
 1 file changed, 143 insertions(+)
 create mode 100644 target/avr/translate.c

diff --git a/target/avr/translate.c b/target/avr/translate.c
new file mode 100644
index 00..0139bcabb1
--- /dev/null
+++ b/target/avr/translate.c
@@ -0,0 +1,143 @@
+/*
+ * QEMU AVR CPU
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/qemu-print.h"
+#include "tcg/tcg.h"
+#include "cpu.h"
+#include "exec/exec-all.h"
+#include "tcg-op.h"
+#include "exec/cpu_ldst.h"
+#include "exec/helper-proto.h"
+#include "exec/helper-gen.h"
+#include "exec/log.h"
+#include "exec/translator.h"
+#include "exec/gen-icount.h"
+
+/*
+ *  Define if you want a BREAK instruction translated to a breakpoint
+ *  Active debugging connection is assumed
+ *  This is for
+ *  https://github.com/seharris/qemu-avr-tests/tree/master/instruction-tests
+ *  tests
+ */
+#undef BREAKPOINT_ON_BREAK
+
+static TCGv cpu_pc;
+
+static TCGv cpu_Cf;
+static TCGv cpu_Zf;
+static TCGv cpu_Nf;
+static TCGv cpu_Vf;
+static TCGv cpu_Sf;
+static TCGv cpu_Hf;
+static TCGv cpu_Tf;
+static TCGv cpu_If;
+
+static TCGv cpu_rampD;
+static TCGv cpu_rampX;
+static TCGv cpu_rampY;
+static TCGv cpu_rampZ;
+
+static TCGv cpu_r[NUMBER_OF_CPU_REGISTERS];
+static TCGv cpu_eind;
+static TCGv cpu_sp;
+
+static TCGv cpu_skip;
+
+static const char reg_names[NUMBER_OF_CPU_REGISTERS][8] = {
+"r0",  "r1",  "r2",  "r3",  "r4",  "r5",  "r6",  "r7",
+"r8",  "r9",  "r10", "r11", "r12", "r13", "r14", "r15",
+"r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
+"r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
+};
+#define REG(x) (cpu_r[x])
+
+enum {
+DISAS_EXIT   = DISAS_TARGET_0,  /* We want return to the cpu main loop.  */
+DISAS_LOOKUP = DISAS_TARGET_1,  /* We have a variable condition exit.  */
+DISAS_CHAIN  = DISAS_TARGET_2,  /* We have a single condition exit.  */
+};
+
+typedef struct DisasContext DisasContext;
+
+/* This is the state at translation time. */
+struct DisasContext {
+TranslationBlock *tb;
+
+CPUAVRState *env;
+CPUState *cs;
+
+target_long npc;
+uint32_t opcode;
+
+/* Routine used to access memory */
+int memidx;
+int bstate;
+int singlestep;
+
+TCGv skip_var0;
+TCGv skip_var1;
+TCGCond skip_cond;
+bool free_skip_var0;
+};
+
+static int to_regs_16_31_by_one(DisasContext *ctx, int indx)
+{
+return 16 + (indx % 16);
+}
+
+static int to_regs_16_23_by_one(DisasContext *ctx, int indx)
+{
+return 16 + (indx % 8);
+}
+static int to_regs_24_30_by_two(DisasContext *ctx, int indx)
+{
+return 24 + (indx % 4) * 2;
+}
+static int to_regs_00_30_by_two(DisasContext *ctx, int indx)
+{
+return (indx % 16) * 2;
+}
+
+static uint16_t next_word(DisasContext *ctx)
+{
+return cpu_lduw_code(ctx->env, ctx->npc++ * 2);
+}
+
+static int append_16(DisasContext *ctx, int x)
+{
+return x << 16 | next_word(ctx);
+}
+
+
+static bool avr_have_feature(DisasContext *ctx, int feature)
+{
+if (!avr_feature(ctx->env, feature)) {
+gen_helper_unsupported(cpu_env);
+ctx->bstate = DISAS_NORETURN;
+return false;
+}
+return true;
+}
+
+static bool decode_insn(DisasContext *ctx, uint16_t insn);
+#include "decode_insn.inc.c"
+
-- 
2.17.2 (Apple Git-113)

[PATCH v38 12/22] target/avr: Add limited support for USART peripheral

These were designed to facilitate testing but should provide enough function to 
be useful in other contexts.
Only a subset of the functions of each peripheral is implemented, mainly due to 
the lack of a standard way to handle electrical connections (like GPIO pins).

Signed-off-by: Sarah Harris 
---
 include/hw/char/avr_usart.h |  93 +++
 hw/char/avr_usart.c | 320 
 hw/char/Kconfig |   3 +
 hw/char/Makefile.objs   |   1 +
 4 files changed, 417 insertions(+)
 create mode 100644 include/hw/char/avr_usart.h
 create mode 100644 hw/char/avr_usart.c

diff --git a/include/hw/char/avr_usart.h b/include/hw/char/avr_usart.h
new file mode 100644
index 00..467e97e8c0
--- /dev/null
+++ b/include/hw/char/avr_usart.h
@@ -0,0 +1,93 @@
+/*
+ * AVR USART
+ *
+ * Copyright (c) 2018 University of Kent
+ * Author: Sarah Harris
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#ifndef HW_AVR_USART_H
+#define HW_AVR_USART_H
+
+#include "hw/sysbus.h"
+#include "chardev/char-fe.h"
+#include "hw/hw.h"
+
+/* Offsets of registers. */
+#define USART_DR   0x06
+#define USART_CSRA  0x00
+#define USART_CSRB  0x01
+#define USART_CSRC  0x02
+#define USART_BRRH 0x05
+#define USART_BRRL 0x04
+
+/* Relevant bits in regiters. */
+#define USART_CSRA_RXC(1 << 7)
+#define USART_CSRA_TXC(1 << 6)
+#define USART_CSRA_DRE(1 << 5)
+#define USART_CSRA_MPCM   (1 << 0)
+
+#define USART_CSRB_RXCIE  (1 << 7)
+#define USART_CSRB_TXCIE  (1 << 6)
+#define USART_CSRB_DREIE  (1 << 5)
+#define USART_CSRB_RXEN   (1 << 4)
+#define USART_CSRB_TXEN   (1 << 3)
+#define USART_CSRB_CSZ2   (1 << 2)
+#define USART_CSRB_RXB8   (1 << 1)
+#define USART_CSRB_TXB8   (1 << 0)
+
+#define USART_CSRC_MSEL1  (1 << 7)
+#define USART_CSRC_MSEL0  (1 << 6)
+#define USART_CSRC_PM1(1 << 5)
+#define USART_CSRC_PM0(1 << 4)
+#define USART_CSRC_CSZ1   (1 << 2)
+#define USART_CSRC_CSZ0   (1 << 1)
+
+#define TYPE_AVR_USART "avr-usart"
+#define AVR_USART(obj) \
+OBJECT_CHECK(AVRUsartState, (obj), TYPE_AVR_USART)
+
+typedef struct {
+/*  */
+SysBusDevice parent_obj;
+
+/*  */
+MemoryRegion mmio;
+
+CharBackend chr;
+
+bool enabled;
+
+uint8_t data;
+bool data_valid;
+uint8_t char_mask;
+/* Control and Status Registers */
+uint8_t csra;
+uint8_t csrb;
+uint8_t csrc;
+/* Baud Rate Registers (low/high byte) */
+uint8_t brrh;
+uint8_t brrl;
+
+/* Receive Complete */
+qemu_irq rxc_irq;
+/* Transmit Complete */
+qemu_irq txc_irq;
+/* Data Register Empty */
+qemu_irq dre_irq;
+} AVRUsartState;
+
+#endif /* HW_AVR_USART_H */
diff --git a/hw/char/avr_usart.c b/hw/char/avr_usart.c
new file mode 100644
index 00..cb307fe23d
--- /dev/null
+++ b/hw/char/avr_usart.c
@@ -0,0 +1,320 @@
+/*
+ * AVR USART
+ *
+ * Copyright (c) 2018 University of Kent
+ * Author: Sarah Harris
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "hw/char/avr_usart.h"
+#include "qemu/log.h"
+#include "hw/irq.h"
+#include "hw/qdev-properties.h"
+
+static int avr_usart_can_receive(void *opaque)
+{
+AVRUsartState *usart = opaque;
+
+if (usart->data_valid || !(usart->csrb & USART_CSRB_RXEN)) {
+return 0;
+}
+return 1;
+}
+
+static void avr_usart_receive(void *opaque, const uint8_t *buffer, int size)
+{
+AVRUsartState *usart = opaque;
+assert(size == 1);
+assert(!usart->data_valid);
+usart->data = buffer[0];
+usart->data_valid = true;
+usart->csra |= USART_CSRA_RXC;
+if (usart->csrb & USART_CSRB_RXCIE) {
+qemu_set_irq(usart->rxc_irq, 1);
+}
+}
+
+static void

[PATCH v38 10/22] target/avr: Add instruction translation - CPU main translation function

Co-developed-by: Richard Henderson 
Co-developed-by: Michael Rolnik 

Signed-off-by: Michael Rolnik 
Tested-by: Philippe Mathieu-Daudé 
---
 target/avr/translate.c | 234 +
 1 file changed, 234 insertions(+)

diff --git a/target/avr/translate.c b/target/avr/translate.c
index 68025112ff..c8c6f798bf 100644
--- a/target/avr/translate.c
+++ b/target/avr/translate.c
@@ -2690,3 +2690,237 @@ static bool trans_WDR(DisasContext *ctx, arg_WDR *a)
 
 return true;
 }
+
+
+void avr_cpu_tcg_init(void)
+{
+int i;
+
+#define AVR_REG_OFFS(x) offsetof(CPUAVRState, x)
+cpu_pc = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(pc_w), "pc");
+cpu_Cf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregC), "Cf");
+cpu_Zf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregZ), "Zf");
+cpu_Nf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregN), "Nf");
+cpu_Vf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregV), "Vf");
+cpu_Sf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregS), "Sf");
+cpu_Hf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregH), "Hf");
+cpu_Tf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregT), "Tf");
+cpu_If = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregI), "If");
+cpu_rampD = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampD), "rampD");
+cpu_rampX = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampX), "rampX");
+cpu_rampY = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampY), "rampY");
+cpu_rampZ = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampZ), "rampZ");
+cpu_eind = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(eind), "eind");
+cpu_sp = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sp), "sp");
+cpu_skip = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(skip), "skip");
+
+for (i = 0; i < NUMBER_OF_CPU_REGISTERS; i++) {
+cpu_r[i] = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(r[i]),
+  reg_names[i]);
+}
+#undef AVR_REG_OFFS
+}
+
+static void translate(DisasContext *ctx)
+{
+uint32_t opcode = next_word(ctx);
+
+if (!decode_insn(ctx, opcode)) {
+gen_helper_unsupported(cpu_env);
+ctx->bstate = DISAS_NORETURN;
+}
+}
+
+/* Standardize the cpu_skip condition to NE.  */
+static bool canonicalize_skip(DisasContext *ctx)
+{
+switch (ctx->skip_cond) {
+case TCG_COND_NEVER:
+/* Normal case: cpu_skip is known to be false.  */
+return false;
+
+case TCG_COND_ALWAYS:
+/*
+ * Breakpoint case: cpu_skip is known to be true, via TB_FLAGS_SKIP.
+ * The breakpoint is on the instruction being skipped, at the start
+ * of the TranslationBlock.  No need to update.
+ */
+return false;
+
+case TCG_COND_NE:
+if (ctx->skip_var1 == NULL) {
+tcg_gen_mov_tl(cpu_skip, ctx->skip_var0);
+} else {
+tcg_gen_xor_tl(cpu_skip, ctx->skip_var0, ctx->skip_var1);
+ctx->skip_var1 = NULL;
+}
+break;
+
+default:
+/* Convert to a NE condition vs 0. */
+if (ctx->skip_var1 == NULL) {
+tcg_gen_setcondi_tl(ctx->skip_cond, cpu_skip, ctx->skip_var0, 0);
+} else {
+tcg_gen_setcond_tl(ctx->skip_cond, cpu_skip,
+   ctx->skip_var0, ctx->skip_var1);
+ctx->skip_var1 = NULL;
+}
+ctx->skip_cond = TCG_COND_NE;
+break;
+}
+if (ctx->free_skip_var0) {
+tcg_temp_free(ctx->skip_var0);
+ctx->free_skip_var0 = false;
+}
+ctx->skip_var0 = cpu_skip;
+return true;
+}
+
+void gen_intermediate_code(CPUState *cs, TranslationBlock *tb, int max_insns)
+{
+CPUAVRState *env = cs->env_ptr;
+DisasContext ctx = {
+.tb = tb,
+.cs = cs,
+.env = env,
+.memidx = 0,
+.bstate = DISAS_NEXT,
+.skip_cond = TCG_COND_NEVER,
+.singlestep = cs->singlestep_enabled,
+};
+target_ulong pc_start = tb->pc / 2;
+int num_insns = 0;
+
+if (tb->flags & TB_FLAGS_FULL_ACCESS) {
+/*
+ * This flag is set by ST/LD instruction we will regenerate it ONLY
+ * with mem/cpu memory access instead of mem access
+ */
+max_insns = 1;
+}
+if (ctx.singlestep) {
+max_insns = 1;
+}
+
+gen_tb_start(tb);
+
+ctx.npc = pc_start;
+if (tb->flags & TB_FLAGS_SKIP) {
+ctx.skip_cond = TCG_COND_ALWAYS;
+ctx.skip_var0 = cpu_skip;
+}
+
+do {
+TCGLabel *skip_label = NULL;
+
+/* translate current instruction */
+tcg_gen_insn_start(ctx.npc);
+num_insns++;
+
+/*
+ * this is due to some strange GDB behavior
+ * let's assume main has address 0x100
+ * b main   - sets breakpoint at address 0x0100 (code)
+ * b *0x100 - sets breakpoint at address 0x00800100 (data)
+ */
+if

[PATCH v38 11/22] target/avr: Add instruction disassembly function

Provide function disassembles executed instruction when `-d in_asm` is
provided

Example:
`./avr-softmmu/qemu-system-avr -bios free-rtos/Demo/AVR_ATMega2560_GCC/demo.elf 
-d in_asm` will produce something like the following

```
...
IN:
0x014a:  CALL  0x3808

IN: main
0x3808:  CALL  0x4b4

IN: vParTestInitialise
0x04b4:  LDI   r24, 255
0x04b6:  STS   r24, 0
0x04b8:  MULS  r16, r20
0x04ba:  OUT   $1, r24
0x04bc:  LDS   r24, 0
0x04be:  MULS  r16, r20
0x04c0:  OUT   $2, r24
0x04c2:  RET
...
```

Signed-off-by: Michael Rolnik 
Suggested-by: Richard Henderson 
Suggested-by: Philippe Mathieu-Daudé 
Suggested-by: Aleksandar Markovic 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 target/avr/cpu.h   |   1 +
 target/avr/cpu.c   |   2 +-
 target/avr/disas.c | 226 +
 target/avr/translate.c |  11 ++
 4 files changed, 239 insertions(+), 1 deletion(-)
 create mode 100644 target/avr/disas.c

diff --git a/target/avr/cpu.h b/target/avr/cpu.h
index c217eefeb4..a8a3e7ade6 100644
--- a/target/avr/cpu.h
+++ b/target/avr/cpu.h
@@ -178,6 +178,7 @@ bool avr_cpu_exec_interrupt(CPUState *cpu, int int_req);
 hwaddr avr_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
 int avr_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
 int avr_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
+int avr_print_insn(bfd_vma addr, disassemble_info *info);
 
 static inline int avr_feature(CPUAVRState *env, int feature)
 {
diff --git a/target/avr/cpu.c b/target/avr/cpu.c
index c5cafcae3c..be4b921e4d 100644
--- a/target/avr/cpu.c
+++ b/target/avr/cpu.c
@@ -83,7 +83,7 @@ static void avr_cpu_reset(CPUState *cs)
 static void avr_cpu_disas_set_info(CPUState *cpu, disassemble_info *info)
 {
 info->mach = bfd_arch_avr;
-info->print_insn = NULL;
+info->print_insn = avr_print_insn;
 }
 
 static void avr_cpu_realizefn(DeviceState *dev, Error **errp)
diff --git a/target/avr/disas.c b/target/avr/disas.c
new file mode 100644
index 00..22863d2eb1
--- /dev/null
+++ b/target/avr/disas.c
@@ -0,0 +1,226 @@
+/*
+ * AVR disassembler
+ *
+ * Copyright (c) 2019 Richard Henderson 
+ * Copyright (c) 2019 Michael Rolnik 
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+
+typedef struct {
+disassemble_info *info;
+uint16_t next_word;
+bool next_word_used;
+} DisasContext;
+
+static int to_regs_16_31_by_one(DisasContext *ctx, int indx)
+{
+return 16 + (indx % 16);
+}
+
+static int to_regs_16_23_by_one(DisasContext *ctx, int indx)
+{
+return 16 + (indx % 8);
+}
+static int to_regs_24_30_by_two(DisasContext *ctx, int indx)
+{
+return 24 + (indx % 4) * 2;
+}
+static int to_regs_00_30_by_two(DisasContext *ctx, int indx)
+{
+return (indx % 16) * 2;
+}
+
+static uint16_t next_word(DisasContext *ctx)
+{
+ctx->next_word_used = true;
+return ctx->next_word;
+}
+
+static int append_16(DisasContext *ctx, int x)
+{
+return x << 16 | next_word(ctx);
+}
+
+
+/* Include the auto-generated decoder.  */
+static bool decode_insn(DisasContext *ctx, uint16_t insn);
+#include "decode_insn.inc.c"
+
+#define output(mnemonic, format, ...) \
+(pctx->info->fprintf_func(pctx->info->stream, "%-9s " format, \
+mnemonic, ##__VA_ARGS__))
+
+int avr_print_insn(bfd_vma addr, disassemble_info *info)
+{
+DisasContext ctx;
+DisasContext *pctx = 
+bfd_byte buffer[4];
+uint16_t insn;
+int status;
+
+ctx.info = info;
+
+status = info->read_memory_func(addr, buffer, 4, info);
+if (status != 0) {
+info->memory_error_func(status, addr, info);
+return -1;
+}
+insn = bfd_getl16(buffer);
+ctx.next_word = bfd_getl16(buffer + 2);
+ctx.next_word_used = false;
+
+if (!decode_insn(, insn)) {
+output(".db", "0x%02x, 0x%02x", buffer[0], buffer[1]);
+}
+
+return ctx.next_word_used ? 4 : 2;
+}
+
+
+#define INSN(opcode, format, ...)   \
+static bool trans_##opcode(DisasContext *pctx, arg_##opcode * a)\
+{   \
+output(#opcode, format, ##__VA_ARGS__);

[PATCH v38 01/22] target/avr: Add outward facing interfaces and core CPU logic

This includes:
- CPU data structures
- object model classes and functions
- migration functions
- GDB hooks

Co-developed-by: Michael Rolnik 
Co-developed-by: Sarah Harris 
Signed-off-by: Michael Rolnik 
Signed-off-by: Sarah Harris 
Signed-off-by: Michael Rolnik 
Acked-by: Igor Mammedov 
Tested-by: Philippe Mathieu-Daudé 
---
 target/avr/cpu-param.h |  37 +++
 target/avr/cpu-qom.h   |  54 
 target/avr/cpu.h   | 276 +
 target/avr/cpu.c   | 653 +
 target/avr/gdbstub.c   |  84 ++
 target/avr/machine.c   | 121 
 gdb-xml/avr-cpu.xml|  49 
 7 files changed, 1274 insertions(+)
 create mode 100644 target/avr/cpu-param.h
 create mode 100644 target/avr/cpu-qom.h
 create mode 100644 target/avr/cpu.h
 create mode 100644 target/avr/cpu.c
 create mode 100644 target/avr/gdbstub.c
 create mode 100644 target/avr/machine.c
 create mode 100644 gdb-xml/avr-cpu.xml

diff --git a/target/avr/cpu-param.h b/target/avr/cpu-param.h
new file mode 100644
index 00..ccd1ea3429
--- /dev/null
+++ b/target/avr/cpu-param.h
@@ -0,0 +1,37 @@
+/*
+ * QEMU AVR CPU
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#ifndef AVR_CPU_PARAM_H
+#define AVR_CPU_PARAM_H 1
+
+#define TARGET_LONG_BITS 32
+/*
+ * TARGET_PAGE_BITS cannot be more than 8 bits because
+ * 1.  all IO registers occupy [0x .. 0x00ff] address range, and they
+ * should be implemented as a device and not memory
+ * 2.  SRAM starts at the address 0x0100
+ */
+#define TARGET_PAGE_BITS 8
+#define TARGET_PHYS_ADDR_SPACE_BITS 24
+#define TARGET_VIRT_ADDR_SPACE_BITS 24
+#define NB_MMU_MODES 2
+
+
+#endif
diff --git a/target/avr/cpu-qom.h b/target/avr/cpu-qom.h
new file mode 100644
index 00..e28b58c897
--- /dev/null
+++ b/target/avr/cpu-qom.h
@@ -0,0 +1,54 @@
+/*
+ * QEMU AVR CPU
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#ifndef QEMU_AVR_QOM_H
+#define QEMU_AVR_QOM_H
+
+#include "hw/core/cpu.h"
+
+#define TYPE_AVR_CPU "avr-cpu"
+
+#define AVR_CPU_CLASS(klass) \
+OBJECT_CLASS_CHECK(AVRCPUClass, (klass), TYPE_AVR_CPU)
+#define AVR_CPU(obj) \
+OBJECT_CHECK(AVRCPU, (obj), TYPE_AVR_CPU)
+#define AVR_CPU_GET_CLASS(obj) \
+OBJECT_GET_CLASS(AVRCPUClass, (obj), TYPE_AVR_CPU)
+
+/**
+ *  AVRCPUClass:
+ *  @parent_realize: The parent class' realize handler.
+ *  @parent_reset: The parent class' reset handler.
+ *  @vr: Version Register value.
+ *
+ *  A AVR CPU model.
+ */
+typedef struct AVRCPUClass {
+/*< private >*/
+CPUClass parent_class;
+/*< public >*/
+DeviceRealize parent_realize;
+void (*parent_reset)(CPUState *cpu);
+} AVRCPUClass;
+
+typedef struct AVRCPU AVRCPU;
+
+
+#endif /* !defined (QEMU_AVR_CPU_QOM_H) */
diff --git a/target/avr/cpu.h b/target/avr/cpu.h
new file mode 100644
index 00..c217eefeb4
--- /dev/null
+++ b/target/avr/cpu.h
@@ -0,0 +1,276 @@
+/*
+ * QEMU AVR CPU
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ *

[PATCH v38 06/22] target/avr: Add instruction translation - Branch Instructions

This includes:
- RJMP, IJMP, EIJMP, JMP
- RCALL, ICALL, EICALL, CALL
- RET, RETI
- CPSE, CP, CPC, CPI
- SBRC, SBRS, SBIC, SBIS
- BRBC, BRBS

Signed-off-by: Michael Rolnik 
Tested-by: Philippe Mathieu-Daudé 
---
 target/avr/translate.c | 537 +
 1 file changed, 537 insertions(+)

diff --git a/target/avr/translate.c b/target/avr/translate.c
index 1d6e4a55f2..8eb39a868d 100644
--- a/target/avr/translate.c
+++ b/target/avr/translate.c
@@ -233,6 +233,86 @@ static void gen_ZNSf(TCGv R)
 }
 
 
+static void gen_push_ret(DisasContext *ctx, int ret)
+{
+if (avr_feature(ctx->env, AVR_FEATURE_1_BYTE_PC)) {
+
+TCGv t0 = tcg_const_i32((ret & 0xff));
+
+tcg_gen_qemu_st_tl(t0, cpu_sp, MMU_DATA_IDX, MO_UB);
+tcg_gen_subi_tl(cpu_sp, cpu_sp, 1);
+
+tcg_temp_free_i32(t0);
+} else if (avr_feature(ctx->env, AVR_FEATURE_2_BYTE_PC)) {
+
+TCGv t0 = tcg_const_i32((ret & 0x00));
+
+tcg_gen_subi_tl(cpu_sp, cpu_sp, 1);
+tcg_gen_qemu_st_tl(t0, cpu_sp, MMU_DATA_IDX, MO_BEUW);
+tcg_gen_subi_tl(cpu_sp, cpu_sp, 1);
+
+tcg_temp_free_i32(t0);
+
+} else if (avr_feature(ctx->env, AVR_FEATURE_3_BYTE_PC)) {
+
+TCGv lo = tcg_const_i32((ret & 0xff));
+TCGv hi = tcg_const_i32((ret & 0x00) >> 8);
+
+tcg_gen_qemu_st_tl(lo, cpu_sp, MMU_DATA_IDX, MO_UB);
+tcg_gen_subi_tl(cpu_sp, cpu_sp, 2);
+tcg_gen_qemu_st_tl(hi, cpu_sp, MMU_DATA_IDX, MO_BEUW);
+tcg_gen_subi_tl(cpu_sp, cpu_sp, 1);
+
+tcg_temp_free_i32(lo);
+tcg_temp_free_i32(hi);
+}
+}
+
+
+static void gen_pop_ret(DisasContext *ctx, TCGv ret)
+{
+if (avr_feature(ctx->env, AVR_FEATURE_1_BYTE_PC)) {
+tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
+tcg_gen_qemu_ld_tl(ret, cpu_sp, MMU_DATA_IDX, MO_UB);
+} else if (avr_feature(ctx->env, AVR_FEATURE_2_BYTE_PC)) {
+tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
+tcg_gen_qemu_ld_tl(ret, cpu_sp, MMU_DATA_IDX, MO_BEUW);
+tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
+} else if (avr_feature(ctx->env, AVR_FEATURE_3_BYTE_PC)) {
+TCGv lo = tcg_temp_new_i32();
+TCGv hi = tcg_temp_new_i32();
+
+tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
+tcg_gen_qemu_ld_tl(hi, cpu_sp, MMU_DATA_IDX, MO_BEUW);
+
+tcg_gen_addi_tl(cpu_sp, cpu_sp, 2);
+tcg_gen_qemu_ld_tl(lo, cpu_sp, MMU_DATA_IDX, MO_UB);
+
+tcg_gen_deposit_tl(ret, lo, hi, 8, 16);
+
+tcg_temp_free_i32(lo);
+tcg_temp_free_i32(hi);
+}
+}
+
+
+static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
+{
+TranslationBlock *tb = ctx->tb;
+
+if (ctx->singlestep == 0) {
+tcg_gen_goto_tb(n);
+tcg_gen_movi_i32(cpu_pc, dest);
+tcg_gen_exit_tb(tb, n);
+} else {
+tcg_gen_movi_i32(cpu_pc, dest);
+gen_helper_debug(cpu_env);
+tcg_gen_exit_tb(NULL, 0);
+}
+ctx->bstate = DISAS_NORETURN;
+}
+
+
 /*
  *  Adds two registers without the C Flag and places the result in the
  *  destination register Rd.
@@ -875,3 +955,460 @@ static bool trans_DES(DisasContext *ctx, arg_DES *a)
 
 return true;
 }
+
+
+/*
+ *  Relative jump to an address within PC - 2K +1 and PC + 2K (words). For
+ *  AVR microcontrollers with Program memory not exceeding 4K words (8KB) this
+ *  instruction can address the entire memory from every address location. See
+ *  also JMP.
+ */
+static bool trans_RJMP(DisasContext *ctx, arg_RJMP *a)
+{
+int dst = ctx->npc + a->imm;
+
+gen_goto_tb(ctx, 0, dst);
+
+return true;
+}
+
+
+/*
+ *  Indirect jump to the address pointed to by the Z (16 bits) Pointer
+ *  Register in the Register File. The Z-pointer Register is 16 bits wide and
+ *  allows jump within the lowest 64K words (128KB) section of Program memory.
+ *  This instruction is not available in all devices. Refer to the device
+ *  specific instruction set summary.
+ */
+static bool trans_IJMP(DisasContext *ctx, arg_IJMP *a)
+{
+if (!avr_have_feature(ctx, AVR_FEATURE_IJMP_ICALL)) {
+return true;
+}
+
+gen_jmp_z(ctx);
+
+return true;
+}
+
+
+/*
+ *  Indirect jump to the address pointed to by the Z (16 bits) Pointer
+ *  Register in the Register File and the EIND Register in the I/O space. This
+ *  instruction allows for indirect jumps to the entire 4M (words) Program
+ *  memory space. See also IJMP.  This instruction is not available in all
+ *  devices. Refer to the device specific instruction set summary.
+ */
+static bool trans_EIJMP(DisasContext *ctx, arg_EIJMP *a)
+{
+if (!avr_have_feature(ctx, AVR_FEATURE_EIJMP_EICALL)) {
+return true;
+}
+
+gen_jmp_ez(ctx);
+return true;
+}
+
+
+/*
+ *  Jump to an address within the entire 4M (words) Program memory. See also
+ *  RJMP.  This instruction is not available in all devices. Refer to the 
device
+ *  specific instruction set summary.0
+ */
+static bool

[PATCH v38 05/22] target/avr: Add instruction translation - Arithmetic and Logic Instructions

This includes:
- ADD, ADC, ADIW
- SBIW, SUB, SUBI, SBC, SBCI
- AND, ANDI
- OR, ORI, EOR
- COM, NEG
- INC, DEC
- MUL, MULS, MULSU
- FMUL, FMULS, FMULSU
- DES

Signed-off-by: Michael Rolnik 
Tested-by: Philippe Mathieu-Daudé 
---
 target/avr/translate.c | 734 +
 1 file changed, 734 insertions(+)

diff --git a/target/avr/translate.c b/target/avr/translate.c
index 0139bcabb1..1d6e4a55f2 100644
--- a/target/avr/translate.c
+++ b/target/avr/translate.c
@@ -141,3 +141,737 @@ static bool avr_have_feature(DisasContext *ctx, int 
feature)
 static bool decode_insn(DisasContext *ctx, uint16_t insn);
 #include "decode_insn.inc.c"
 
+
+static void gen_add_CHf(TCGv R, TCGv Rd, TCGv Rr)
+{
+TCGv t1 = tcg_temp_new_i32();
+TCGv t2 = tcg_temp_new_i32();
+TCGv t3 = tcg_temp_new_i32();
+
+tcg_gen_and_tl(t1, Rd, Rr); /* t1 = Rd & Rr */
+tcg_gen_andc_tl(t2, Rd, R); /* t2 = Rd & ~R */
+tcg_gen_andc_tl(t3, Rr, R); /* t3 = Rr & ~R */
+tcg_gen_or_tl(t1, t1, t2); /* t1 = t1 | t2 | t3 */
+tcg_gen_or_tl(t1, t1, t3);
+tcg_gen_shri_tl(cpu_Cf, t1, 7); /* Cf = t1(7) */
+tcg_gen_shri_tl(cpu_Hf, t1, 3); /* Hf = t1(3) */
+tcg_gen_andi_tl(cpu_Hf, cpu_Hf, 1);
+
+tcg_temp_free_i32(t3);
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t1);
+}
+
+
+static void gen_add_Vf(TCGv R, TCGv Rd, TCGv Rr)
+{
+TCGv t1 = tcg_temp_new_i32();
+TCGv t2 = tcg_temp_new_i32();
+
+/* t1 = Rd & Rr & ~R | ~Rd & ~Rr & R */
+/*= (Rd ^ R) & ~(Rd ^ Rr) */
+tcg_gen_xor_tl(t1, Rd, R);
+tcg_gen_xor_tl(t2, Rd, Rr);
+tcg_gen_andc_tl(t1, t1, t2);
+tcg_gen_shri_tl(cpu_Vf, t1, 7); /* Vf = t1(7) */
+
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t1);
+}
+
+
+static void gen_sub_CHf(TCGv R, TCGv Rd, TCGv Rr)
+{
+TCGv t1 = tcg_temp_new_i32();
+TCGv t2 = tcg_temp_new_i32();
+TCGv t3 = tcg_temp_new_i32();
+
+tcg_gen_not_tl(t1, Rd); /* t1 = ~Rd */
+tcg_gen_and_tl(t2, t1, Rr); /* t2 = ~Rd & Rr */
+tcg_gen_or_tl(t3, t1, Rr); /* t3 = (~Rd | Rr) & R */
+tcg_gen_and_tl(t3, t3, R);
+tcg_gen_or_tl(t2, t2, t3); /* t2 = ~Rd & Rr | ~Rd & R | R & Rr */
+tcg_gen_shri_tl(cpu_Cf, t2, 7); /* Cf = t2(7) */
+tcg_gen_shri_tl(cpu_Hf, t2, 3); /* Hf = t2(3) */
+tcg_gen_andi_tl(cpu_Hf, cpu_Hf, 1);
+
+tcg_temp_free_i32(t3);
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t1);
+}
+
+
+static void gen_sub_Vf(TCGv R, TCGv Rd, TCGv Rr)
+{
+TCGv t1 = tcg_temp_new_i32();
+TCGv t2 = tcg_temp_new_i32();
+
+/* t1 = Rd & ~Rr & ~R | ~Rd & Rr & R */
+/*= (Rd ^ R) & (Rd ^ R) */
+tcg_gen_xor_tl(t1, Rd, R);
+tcg_gen_xor_tl(t2, Rd, Rr);
+tcg_gen_and_tl(t1, t1, t2);
+tcg_gen_shri_tl(cpu_Vf, t1, 7); /* Vf = t1(7) */
+
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t1);
+}
+
+
+static void gen_NSf(TCGv R)
+{
+tcg_gen_shri_tl(cpu_Nf, R, 7); /* Nf = R(7) */
+tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */
+}
+
+
+static void gen_ZNSf(TCGv R)
+{
+tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
+tcg_gen_shri_tl(cpu_Nf, R, 7); /* Nf = R(7) */
+tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */
+}
+
+
+/*
+ *  Adds two registers without the C Flag and places the result in the
+ *  destination register Rd.
+ */
+static bool trans_ADD(DisasContext *ctx, arg_ADD *a)
+{
+TCGv Rd = cpu_r[a->rd];
+TCGv Rr = cpu_r[a->rr];
+TCGv R = tcg_temp_new_i32();
+
+tcg_gen_add_tl(R, Rd, Rr); /* Rd = Rd + Rr */
+tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
+gen_add_CHf(R, Rd, Rr);
+gen_add_Vf(R, Rd, Rr);
+gen_ZNSf(R);
+tcg_gen_mov_tl(Rd, R);
+
+tcg_temp_free_i32(R);
+
+return true;
+}
+
+
+/*
+ *  Adds two registers and the contents of the C Flag and places the result in
+ *  the destination register Rd.
+ */
+static bool trans_ADC(DisasContext *ctx, arg_ADC *a)
+{
+TCGv Rd = cpu_r[a->rd];
+TCGv Rr = cpu_r[a->rr];
+TCGv R = tcg_temp_new_i32();
+
+tcg_gen_add_tl(R, Rd, Rr); /* R = Rd + Rr + Cf */
+tcg_gen_add_tl(R, R, cpu_Cf);
+tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
+gen_add_CHf(R, Rd, Rr);
+gen_add_Vf(R, Rd, Rr);
+gen_ZNSf(R);
+tcg_gen_mov_tl(Rd, R);
+
+tcg_temp_free_i32(R);
+
+return true;
+}
+
+
+/*
+ *  Subtracts an immediate value (0-63) from a register pair and places the
+ *  result in the register pair. This instruction operates on the upper four
+ *  register pairs, and is well suited for operations on the Pointer Registers.
+ *  This instruction is not available in all devices. Refer to the device
+ *  specific instruction set summary.
+ */
+static bool trans_SBIW(DisasContext *ctx, arg_SBIW *a)
+{
+if (!avr_have_feature(ctx, AVR_FEATURE_ADIW_SBIW)) {
+return true;
+}
+
+TCGv RdL = cpu_r[a->rd];
+TCGv RdH = cpu_r[a->rd + 1];
+int Imm = (a->imm);
+TCGv R = tcg_temp_new_i32();
+TCGv Rd = tcg_temp_new_i32();
+
+

[PATCH v38 00/22] QEMU AVR 8 bit cores

This series of patches adds 8bit AVR cores to QEMU.
All instruction, except BREAK/DES/SPM/SPMX, are implemented. Not fully tested 
yet.
However I was able to execute simple code with functions. e.g fibonacci 
calculation.
This series of patches include a non real, sample board.
No fuses support yet. PC is set to 0 at reset.

Following are examples of possible usages, assuming program.elf is compiled for 
AVR cpu
1.  Continious non interrupted execution
run `qemu-system-avr -kernel program.elf` 
2.  Continious non interrupted execution with serial output into telnet window
run `qemu-system-avr -kernel program.elf -serial tcp::5678,server,nowait 
-nographic `
run `telent localhost 5678`
3.  Continious non interrupted execution with serial output into stdout
run `qemu-system-avr -kernel program.elf -serial stdio`
4.  Debugging wit GDB debugger
run `qemu-system-avr -kernel program.elf -s -S`
run `avr-gdb program.elf` and then within GDB shell `target remote :1234`
5.  Print out executed instructions
run `qemu-system-avr -kernel program.elf -d in_asm` 


the patches include the following
1. just a basic 8bit AVR CPU, without instruction decoding or translation
2. CPU features which allow define the following 8bit AVR cores
 avr1
 avr2 avr25
 avr3 avr31 avr35
 avr4
 avr5 avr51
 avr6
 xmega2 xmaga3 xmega4 xmega5 xmega6 xmega7
3. a definition of sample machine with SRAM, FLASH and CPU which allows to 
execute simple code
4. encoding for all AVR instructions
5. interrupt handling
6. helpers for IN, OUT, SLEEP, WBR & unsupported instructions
7. a decoder which given an opcode decides what istruction it is
8. translation of AVR instruction into TCG
9. all features together

changes since v3
1. rampD/X/Y/Z registers are encoded as 0x00ff (instead of 0x00ff) for 
faster address manipulaton
2. ffs changed to ctz32
3. duplicate code removed at avr_cpu_do_interrupt
4. using andc instead of not + and
5. fixing V flag calculation in varios instructions
6. freeing local variables in PUSH
7. tcg_const_local_i32 -> tcg_const_i32
8. using sextract32 instead of my implementation
9. fixing BLD instruction
10.xor(r) instead of 0xff - r at COM
11.fixing MULS/MULSU not to modify inputs' content
12.using SUB for NEG
13.fixing tcg_gen_qemu_ld/st call in XCH

changes since v4
1. target is now defined as big endian in order to optimize push_ret/pop_ret
2. all style warnings are fixed
3. adding cpu_set/get_sreg functions
4. simplifying gen_goto_tb as there is no real paging
5. env->pc -> env->pc_w
6. making flag dump more compact
7. more spacing
8. renaming CODE/DATA_INDEX -> MMU_CODE/DATA_IDX
9. removing avr_set_feature
10. SPL/SPH set bug fix
11. switching stb_phys to cpu_stb_data
12. cleaning up avr_decode
13. saving sreg, rampD/X/Y/Z, eind in HW format (savevm)
14. saving CPU features (savevm)

changes since v5
1. BLD bug fix
2. decoder generator is added

chages since v6
1. using cpu_get_sreg/cpu_set_sreg in 
avr_cpu_gdb_read_register/avr_cpu_gdb_write_register
2. configure the target as little endian because otherwise GDB does not work
3. fixing and testing gen_push_ret/gen_pop_ret

changes since v7
1. folding back v6
2. logging at helper_outb and helper_inb are done for non supported yet 
registers only
3. MAINTAINERS updated

changes since v8
1. removing hw/avr from hw/Makefile.obj as it should not be built for all
2. making linux compilable
3. testing on
a. Mac, Apple LLVM version 7.0.0
b. Ubuntu 12.04, gcc 4.9.2
c. Fedora 23, gcc 5.3.1
4. folding back some patches
5. translation bug fixes for ORI, CPI, XOR instructions
6. propper handling of cpu register writes though memory

changes since v9
1. removing forward declarations of static functions
2. disabling debug prints
3. switching to case range instead of if else if ...
4. LD/ST IN/OUT accessing CPU maintainder registers are not routed to any device
5. commenst about sample board and sample IO device added
6. sample board description is more descriptive now
7. memory_region_allocate_system_memory is used to create RAM
8. now there are helper_fullrd & helper_fullwr when LD/ST try to access 
registers

changes since v10
1. movig back fullwr & fullrd into the commit where outb and inb were introduced
2. changing tlb_fill function signature
3. adding empty line between functions
4. adding newline on the last line of the file
5. using tb->flags to generae full access ST/LD instructions
6. fixing SBRC bug
7. folding back 10th commit
8. whenever a new file is introduced it's added to Makefile.objs

changes since v11
1. updating to v2.7.0-rc
2. removing assignment to env->fullacc from gen_intermediate_code

changes since v12
1. fixing spacing
2. fixing get/put_segment functions
3. removing target-avr/machine.h file
4. VMSTATE_SINGLE_TEST -> VMSTATE_SINGLE
5. comment spelling
6. removing hw/avr/sample_io.c
7. char const* -> const char*
8. proper ram allocation
9. fixing breakpoint functionality.
10.env1 ->

[PATCH v38 03/22] target/avr: Add instruction decoding

This includes:
- encoding of all 16 bit instructions
- encoding of all 32 bit instructions

Signed-off-by: Michael Rolnik 
Tested-by: Philippe Mathieu-Daudé 
---
 target/avr/insn.decode | 194 +
 1 file changed, 194 insertions(+)
 create mode 100644 target/avr/insn.decode

diff --git a/target/avr/insn.decode b/target/avr/insn.decode
new file mode 100644
index 00..2eb6de692a
--- /dev/null
+++ b/target/avr/insn.decode
@@ -0,0 +1,194 @@
+#
+# AVR instruction decode definitions.
+#
+# Copyright (c) 2019 Michael Rolnik 
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, see .
+#
+
+#
+#   regs_16_31_by_one = [16 .. 31]
+#   regs_16_23_by_one = [16 .. 23]
+#   regs_24_30_by_two = [24, 26, 28, 30]
+#   regs_00_30_by_two = [0, 2, 4, 6, 8, .. 30]
+
+%rd 4:5
+%rr 9:1 0:4
+
+_rr  rd rr
+_imm rd imm
+
+@op_rd_rr    .. . . _rr  rd=%rd rr=%rr
+ADD  11 . . @op_rd_rr
+ADC 0001 11 . . @op_rd_rr
+AND 0010 00 . . @op_rd_rr
+CP  0001 01 . . @op_rd_rr
+CPC  01 . . @op_rd_rr
+CPSE0001 00 . . @op_rd_rr
+EOR 0010 01 . . @op_rd_rr
+MOV 0010 11 . . @op_rd_rr
+MUL 1001 11 . . @op_rd_rr
+OR  0010 10 . . @op_rd_rr
+SBC  10 . . @op_rd_rr
+SUB 0001 10 . . @op_rd_rr
+
+
+%rd_c   4:2 !function=to_regs_24_30_by_two
+%imm6   6:2 0:4
+
+@op_rd_imm6   .. .. _imm rd=%rd_c imm=%imm6
+ADIW1001 0110 .. .. @op_rd_imm6
+SBIW1001 0111 .. .. @op_rd_imm6
+
+
+%rd_a   4:4 !function=to_regs_16_31_by_one
+%rr_a   0:4 !function=to_regs_16_31_by_one
+%rd_d   4:4 !function=to_regs_00_30_by_two
+%rr_d   0:4 !function=to_regs_00_30_by_two
+%imm8   8:4 0:4
+
+@op_rd_imm8     _imm rd=%rd_a imm=%imm8
+ANDI0111    @op_rd_imm8
+CPI 0011    @op_rd_imm8
+LDI 1110    @op_rd_imm8
+ORI 0110    @op_rd_imm8
+SBCI0100    @op_rd_imm8
+SUBI0101    @op_rd_imm8
+
+
+@op_rd   ... rd:5 
+ASR 1001 010 . 0101 @op_rd
+COM 1001 010 .  @op_rd
+DEC 1001 010 . 1010 @op_rd
+ELPM2   1001 000 . 0110 @op_rd
+ELPMX   1001 000 . 0111 @op_rd
+INC 1001 010 . 0011 @op_rd
+LDX11001 000 . 1100 @op_rd
+LDX21001 000 . 1101 @op_rd
+LDX31001 000 . 1110 @op_rd
+LDY21001 000 . 1001 @op_rd
+LDY31001 000 . 1010 @op_rd
+LDZ21001 000 . 0001 @op_rd
+LDZ31001 000 . 0010 @op_rd
+LPM21001 000 . 0100 @op_rd
+LPMX1001 000 . 0101 @op_rd
+LSR 1001 010 . 0110 @op_rd
+NEG 1001 010 . 0001 @op_rd
+POP 1001 000 .  @op_rd
+PUSH1001 001 .  @op_rd
+ROR 1001 010 . 0111 @op_rd
+STY21001 001 . 1001 @op_rd
+STY31001 001 . 1010 @op_rd
+STZ21001 001 . 0001 @op_rd
+STZ31001 001 . 0010 @op_rd
+SWAP1001 010 . 0010 @op_rd
+
+
+@op_bit   . bit:3 
+BCLR1001 0100 1 ... 1000@op_bit
+BSET1001 0100 0 ... 1000@op_bit
+
+
+@op_rd_bit   ... rd:5 . bit:3
+BLD  100 . 0 ...@op_rd_bit
+BST  101 . 0 ...@op_rd_bit
+
+
+@op_bit_imm  .. imm:s7 bit:3
+BRBC 01 ... ...

[PATCH v38 02/22] target/avr: Add instruction helpers