Re: [PATCH] util/cutils: Expand do_strtosz parsing precision to 64 bits

[Tao Xu]

On 12/19/2019 2:26 AM, Markus Armbruster wrote:

Tao Xu  writes:


On 12/18/2019 9:33 AM, Tao Xu wrote:

On 12/17/2019 6:25 PM, Markus Armbruster wrote:

[...]

Also fun: for "0123", we use uint64_t 83, not double 123.0.  But for
"0123.", we use 123.0, not 83.

Do we really want to accept octal and hexadecimal integers?



Thank you for reminding me. Octal and hexadecimal may bring more
confusion. I will use qemu_strtou64(nptr, , 10, ) and
add test for input like "0123".



Hi Markus,

After I use qemu_strtou64(nptr, , 10, ), it cause another
question. Because qemu_strtod_finite support hexadecimal input, so in
this situation, it will parsed as double. It will also let large
hexadecimal integers be rounded. So there may be two solution:

1: use qemu_strtou64(nptr, , 0, ) and parse octal as
decimal. This will keep hexadecimal valid as now.

"0123" --> 123; "0x123" --> 291


How would you make qemu_strtou64() parse octal as decimal?


How about this solution, set @base as variable, if we detect 
hexadecimal, we use 0, then can prase decimal as u64, else we use 10, 
then can prase octal as decimal, because 0 prefix will be ignored in 
qemu_strtou64(nptr, , 10, );


const char *p = nptr;
while (qemu_isspace(*p)) {
   p++;
}
if (*p == '0' && (qemu_toupper(*(p+1)) == 'X' ||) {
base = 0;
} else {
base = 10;
}

retd = qemu_strtod_finite(nptr, , );
retu = qemu_strtou64(nptr, , base, );
use_strtod = strlen(suffixd) < strlen(suffixu);

if (use_strtod) {
endptr = suffixd;
retval = retd;
} else {
endptr = suffixu;
retval = retu;
}



2: use qemu_strtou64(nptr, , 10, ) and reject octal and
decimal.

"0123" --> Error; "0x123" --> Error


How would you reject the 0x prefix?

How about check the first character is '0' and 'x' and then 
return -EINVAL.

[PATCH 09/10] ppc/pnv: Add an "nr-threads" property to the base chip class

[Cédric Le Goater]

From: Greg Kurz 

Set it at chip creation and forward it to the cores. This allows to drop
a call to qdev_get_machine().

Signed-off-by: Greg Kurz 
Signed-off-by: Cédric Le Goater 
---
 include/hw/ppc/pnv.h | 1 +
 hw/ppc/pnv.c | 8 +---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/include/hw/ppc/pnv.h b/include/hw/ppc/pnv.h
index 8b957dfb5736..4c13d4394a11 100644
--- a/include/hw/ppc/pnv.h
+++ b/include/hw/ppc/pnv.h
@@ -48,6 +48,7 @@ typedef struct PnvChip {
 uint64_t ram_size;
 
 uint32_t nr_cores;
+uint32_t nr_threads;
 uint64_t cores_mask;
 PnvCore  **cores;
 
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 023010bcf696..7add208f997b 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -791,6 +791,8 @@ static void pnv_init(MachineState *machine)
 _fatal);
 object_property_set_int(chip, machine->smp.cores,
 "nr-cores", _fatal);
+object_property_set_int(chip, machine->smp.threads,
+"nr-threads", _fatal);
 /*
  * TODO: Only the MMIO range should be of interest for the
  * controllers
@@ -1529,7 +1531,6 @@ static void pnv_chip_core_sanitize(PnvChip *chip, Error 
**errp)
 
 static void pnv_chip_core_realize(PnvChip *chip, Error **errp)
 {
-MachineState *ms = MACHINE(qdev_get_machine());
 Error *error = NULL;
 PnvChipClass *pcc = PNV_CHIP_GET_CLASS(chip);
 const char *typename = pnv_chip_core_typename(chip);
@@ -1565,8 +1566,8 @@ static void pnv_chip_core_realize(PnvChip *chip, Error 
**errp)
 object_property_add_child(OBJECT(chip), core_name, OBJECT(pnv_core),
   _abort);
 chip->cores[i] = pnv_core;
-object_property_set_int(OBJECT(pnv_core), ms->smp.threads, 
"nr-threads",
-_fatal);
+object_property_set_int(OBJECT(pnv_core), chip->nr_threads,
+"nr-threads", _fatal);
 object_property_set_int(OBJECT(pnv_core), core_hwid,
 CPU_CORE_PROP_CORE_ID, _fatal);
 object_property_set_int(OBJECT(pnv_core),
@@ -1607,6 +1608,7 @@ static Property pnv_chip_properties[] = {
 DEFINE_PROP_UINT64("cores-mask", PnvChip, cores_mask, 0x0),
 DEFINE_PROP_LINK("system-memory", PnvChip, system_memory,
  TYPE_MEMORY_REGION, MemoryRegion *),
+DEFINE_PROP_UINT32("nr-threads", PnvChip, nr_threads, 1),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.21.0

Re: [PATCH v2 06/10] migration: Add multifd-compress parameter

[Markus Armbruster]

Juan Quintela  writes:

> Signed-off-by: Juan Quintela 
>
> ---
> Rename it to NONE
> Fix typos (dave)
> We don't need to chek values returned by visit_type_MultifdCompress (markus)
> Fix yet more typos (wei)
> ---
>  hw/core/qdev-properties.c| 13 +
>  include/hw/qdev-properties.h |  3 +++
>  migration/migration.c| 13 +
>  monitor/hmp-cmds.c   | 13 +
>  qapi/migration.json  | 30 +++---
>  tests/migration-test.c   | 13 ++---
>  6 files changed, 79 insertions(+), 6 deletions(-)

For QAPI:
Acked-by: Markus Armbruster 

[PATCH 08/10] xive: Use the XIVE fabric link under the XIVE router

[Cédric Le Goater]

From: Greg Kurz 

Now that the spapr and pnv machines do set the "xive-fabric" link, the
use of the XIVE fabric pointer becomes mandatory. This is checked with
an assert() in a new realize hook. Since the XIVE router is realized at
machine init for the all the machine's life time, no risk to abort an
already running guest (ie. not a hotplug path).

This gets rid of a qdev_get_machine() call.

Signed-off-by: Greg Kurz 
Signed-off-by: Cédric Le Goater 
---
 hw/intc/xive.c | 14 +++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/hw/intc/xive.c b/hw/intc/xive.c
index 6df89b06da38..12a362b681a6 100644
--- a/hw/intc/xive.c
+++ b/hw/intc/xive.c
@@ -1378,6 +1378,13 @@ static int xive_router_get_block_id(XiveRouter *xrtr)
return xrc->get_block_id(xrtr);
 }
 
+static void xive_router_realize(DeviceState *dev, Error **errp)
+{
+XiveRouter *xrtr = XIVE_ROUTER(dev);
+
+assert(xrtr->xfb);
+}
+
 /*
  * Encode the HW CAM line in the block group mode format :
  *
@@ -1470,12 +1477,11 @@ int xive_presenter_tctx_match(XivePresenter *xptr, 
XiveTCTX *tctx,
  *
  * The parameters represent what is sent on the PowerBus
  */
-static bool xive_presenter_notify(uint8_t format,
+static bool xive_presenter_notify(XiveFabric *xfb, uint8_t format,
   uint8_t nvt_blk, uint32_t nvt_idx,
   bool cam_ignore, uint8_t priority,
   uint32_t logic_serv)
 {
-XiveFabric *xfb = XIVE_FABRIC(qdev_get_machine());
 XiveFabricClass *xfc = XIVE_FABRIC_GET_CLASS(xfb);
 XiveTCTXMatch match = { .tctx = NULL, .ring = 0 };
 int count;
@@ -1607,7 +1613,7 @@ static void xive_router_end_notify(XiveRouter *xrtr, 
uint8_t end_blk,
 return;
 }
 
-found = xive_presenter_notify(format, nvt_blk, nvt_idx,
+found = xive_presenter_notify(xrtr->xfb, format, nvt_blk, nvt_idx,
   xive_get_field32(END_W7_F0_IGNORE, end.w7),
   priority,
   xive_get_field32(END_W7_F1_LOG_SERVER_ID, end.w7));
@@ -1727,6 +1733,8 @@ static void xive_router_class_init(ObjectClass *klass, 
void *data)
 
 dc->desc= "XIVE Router Engine";
 dc->props   = xive_router_properties;
+/* Parent is SysBusDeviceClass. No need to call its realize hook */
+dc->realize = xive_router_realize;
 xnc->notify = xive_router_notify;
 }
 
-- 
2.21.0

[PATCH 03/10] ppc/pnv: Introduce a "xics" property alias under the PSI model

[Cédric Le Goater]

This removes the need of the intermediate link under PSI to pass the
XICS link to the underlying ICSState object.

Signed-off-by: Cédric Le Goater 
---
 hw/ppc/pnv.c |  4 ++--
 hw/ppc/pnv_psi.c | 11 ++-
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 2f611bfdda46..d6fe5ba13535 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -999,8 +999,6 @@ static void pnv_chip_power8_instance_init(Object *obj)
 
 object_initialize_child(obj, "psi",  >psi, sizeof(chip8->psi),
 TYPE_PNV8_PSI, _abort, NULL);
-object_property_add_const_link(OBJECT(>psi), "xics",
-   OBJECT(qdev_get_machine()), _abort);
 
 object_initialize_child(obj, "lpc",  >lpc, sizeof(chip8->lpc),
 TYPE_PNV8_LPC, _abort, NULL);
@@ -1069,6 +1067,8 @@ static void pnv_chip_power8_realize(DeviceState *dev, 
Error **errp)
 "bar", _fatal);
 object_property_set_link(OBJECT(>psi), OBJECT(chip->system_memory),
  "system-memory", _abort);
+object_property_set_link(OBJECT(>psi), OBJECT(qdev_get_machine()),
+ ICS_PROP_XICS, _abort);
 object_property_set_bool(OBJECT(>psi), true, "realized", 
_err);
 if (local_err) {
 error_propagate(errp, local_err);
diff --git a/hw/ppc/pnv_psi.c b/hw/ppc/pnv_psi.c
index 28d34e5c193a..d3124f673571 100644
--- a/hw/ppc/pnv_psi.c
+++ b/hw/ppc/pnv_psi.c
@@ -470,6 +470,8 @@ static void pnv_psi_power8_instance_init(Object *obj)
 
 object_initialize_child(obj, "ics-psi",  >ics, sizeof(psi8->ics),
 TYPE_ICS, _abort, NULL);
+object_property_add_alias(obj, ICS_PROP_XICS, OBJECT(>ics),
+  ICS_PROP_XICS, _abort);
 }
 
 static const uint8_t irq_to_xivr[] = {
@@ -485,21 +487,12 @@ static void pnv_psi_power8_realize(DeviceState *dev, 
Error **errp)
 {
 PnvPsi *psi = PNV_PSI(dev);
 ICSState *ics = _PSI(psi)->ics;
-Object *obj;
 Error *err = NULL;
 unsigned int i;
 
 assert(psi->system_memory);
 
-obj = object_property_get_link(OBJECT(dev), "xics", );
-if (!obj) {
-error_setg(errp, "%s: required link 'xics' not found: %s",
-   __func__, error_get_pretty(err));
-return;
-}
-
 /* Create PSI interrupt control source */
-object_property_set_link(OBJECT(ics), obj, ICS_PROP_XICS, _abort);
 object_property_set_int(OBJECT(ics), PSI_NUM_INTERRUPTS, "nr-irqs", );
 if (err) {
 error_propagate(errp, err);
-- 
2.21.0

[PATCH 01/10] ppc/pnv: Modify the powerdown notifier to get the PowerNV machine

[Cédric Le Goater]

Use container_of() instead of qdev_get_machine()

Signed-off-by: Cédric Le Goater 
---
 hw/ppc/pnv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index f77e7ca84ede..855254f28263 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -561,7 +561,7 @@ static void *pnv_dt_create(MachineState *machine)
 
 static void pnv_powerdown_notify(Notifier *n, void *opaque)
 {
-PnvMachineState *pnv = PNV_MACHINE(qdev_get_machine());
+PnvMachineState *pnv = container_of(n, PnvMachineState, 
powerdown_notifier);
 
 if (pnv->bmc) {
 pnv_bmc_powerdown(pnv->bmc);
-- 
2.21.0

[PATCH 07/10] spapr, pnv, xive: Add a "xive-fabric" link to the XIVE router

[Cédric Le Goater]

From: Greg Kurz 

In order to get rid of qdev_get_machine(), first add a pointer to the
XIVE fabric under the XIVE router and make it configurable through a
QOM link property.

Configure it in the spapr and pnv machine. In the case of pnv, the XIVE
routers are under the chip, so this is done with a QOM alias property of
the POWER9 pnv chip.

Signed-off-by: Greg Kurz 
Signed-off-by: Cédric Le Goater 
---
 include/hw/ppc/xive.h | 5 +++--
 hw/intc/xive.c| 8 
 hw/ppc/pnv.c  | 6 ++
 hw/ppc/spapr_irq.c| 2 ++
 4 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
index 1b7b89098f71..1ded82b1cda8 100644
--- a/include/hw/ppc/xive.h
+++ b/include/hw/ppc/xive.h
@@ -324,9 +324,12 @@ typedef struct XiveTCTX {
 /*
  * XIVE Router
  */
+typedef struct XiveFabric XiveFabric;
 
 typedef struct XiveRouter {
 SysBusDeviceparent;
+
+XiveFabric *xfb;
 } XiveRouter;
 
 #define TYPE_XIVE_ROUTER "xive-router"
@@ -402,8 +405,6 @@ int xive_presenter_tctx_match(XivePresenter *xptr, XiveTCTX 
*tctx,
  * XIVE Fabric (Interface between Interrupt Controller and Machine)
  */
 
-typedef struct XiveFabric XiveFabric;
-
 #define TYPE_XIVE_FABRIC "xive-fabric"
 #define XIVE_FABRIC(obj) \
 INTERFACE_CHECK(XiveFabric, (obj), TYPE_XIVE_FABRIC)
diff --git a/hw/intc/xive.c b/hw/intc/xive.c
index d4c6e21703b3..6df89b06da38 100644
--- a/hw/intc/xive.c
+++ b/hw/intc/xive.c
@@ -1714,12 +1714,19 @@ void xive_router_notify(XiveNotifier *xn, uint32_t lisn)
xive_get_field64(EAS_END_DATA,  eas.w));
 }
 
+static Property xive_router_properties[] = {
+DEFINE_PROP_LINK("xive-fabric", XiveRouter, xfb,
+ TYPE_XIVE_FABRIC, XiveFabric *),
+DEFINE_PROP_END_OF_LIST(),
+};
+
 static void xive_router_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
 XiveNotifierClass *xnc = XIVE_NOTIFIER_CLASS(klass);
 
 dc->desc= "XIVE Router Engine";
+dc->props   = xive_router_properties;
 xnc->notify = xive_router_notify;
 }
 
@@ -1727,6 +1734,7 @@ static const TypeInfo xive_router_info = {
 .name  = TYPE_XIVE_ROUTER,
 .parent= TYPE_SYS_BUS_DEVICE,
 .abstract  = true,
+.instance_size = sizeof(XiveRouter),
 .class_size= sizeof(XiveRouterClass),
 .class_init= xive_router_class_init,
 .interfaces= (InterfaceInfo[]) {
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 6500efba1317..023010bcf696 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -804,6 +804,10 @@ static void pnv_init(MachineState *machine)
 if (object_dynamic_cast(OBJECT(pnv), TYPE_XICS_FABRIC)) {
 object_property_set_link(chip, OBJECT(pnv), "xics", _abort);
 }
+if (object_dynamic_cast(OBJECT(pnv), TYPE_XIVE_FABRIC)) {
+object_property_set_link(chip, OBJECT(pnv), "xive-fabric",
+ _abort);
+}
 object_property_set_bool(chip, true, "realized", _fatal);
 }
 g_free(chip_typename);
@@ -1224,6 +1228,8 @@ static void pnv_chip_power9_instance_init(Object *obj)
 
 object_initialize_child(obj, "xive", >xive, sizeof(chip9->xive),
 TYPE_PNV_XIVE, _abort, NULL);
+object_property_add_alias(obj, "xive-fabric", OBJECT(>xive),
+  "xive-fabric", _abort);
 
 object_initialize_child(obj, "psi",  >psi, sizeof(chip9->psi),
 TYPE_PNV9_PSI, _abort, NULL);
diff --git a/hw/ppc/spapr_irq.c b/hw/ppc/spapr_irq.c
index 07e08d6544a0..2b656649ad6a 100644
--- a/hw/ppc/spapr_irq.c
+++ b/hw/ppc/spapr_irq.c
@@ -340,6 +340,8 @@ void spapr_irq_init(SpaprMachineState *spapr, Error **errp)
  * priority
  */
 qdev_prop_set_uint32(dev, "nr-ends", nr_servers << 3);
+object_property_set_link(OBJECT(dev), OBJECT(spapr), "xive-fabric",
+ _abort);
 qdev_init_nofail(dev);
 
 spapr->xive = SPAPR_XIVE(dev);
-- 
2.21.0

[PATCH 06/10] pnv/xive: Use device_class_set_parent_realize()

[Cédric Le Goater]

From: Greg Kurz 

The XIVE router base class currently inherits an empty realize hook
from the sysbus device base class, but it will soon implement one
of its own to perform some sanity checks. Do the preliminary plumbing
to have it called.

Signed-off-by: Greg Kurz 
Signed-off-by: Cédric Le Goater 
---
 include/hw/ppc/pnv_xive.h | 10 ++
 hw/intc/pnv_xive.c| 10 ++
 2 files changed, 20 insertions(+)

diff --git a/include/hw/ppc/pnv_xive.h b/include/hw/ppc/pnv_xive.h
index 4d641db691c8..ba9bbeab88c3 100644
--- a/include/hw/ppc/pnv_xive.h
+++ b/include/hw/ppc/pnv_xive.h
@@ -16,6 +16,10 @@ struct PnvChip;
 
 #define TYPE_PNV_XIVE "pnv-xive"
 #define PNV_XIVE(obj) OBJECT_CHECK(PnvXive, (obj), TYPE_PNV_XIVE)
+#define PNV_XIVE_CLASS(klass)   \
+OBJECT_CLASS_CHECK(PnvXiveClass, (klass), TYPE_PNV_XIVE)
+#define PNV_XIVE_GET_CLASS(obj) \
+OBJECT_GET_CLASS(PnvXiveClass, (obj), TYPE_PNV_XIVE)
 
 #define XIVE_BLOCK_MAX  16
 
@@ -87,6 +91,12 @@ typedef struct PnvXive {
 uint64_t  edt[XIVE_TABLE_EDT_MAX];
 } PnvXive;
 
+typedef struct PnvXiveClass {
+XiveRouterClass parent_class;
+
+DeviceRealize parent_realize;
+} PnvXiveClass;
+
 void pnv_xive_pic_print_info(PnvXive *xive, Monitor *mon);
 
 #endif /* PPC_PNV_XIVE_H */
diff --git a/hw/intc/pnv_xive.c b/hw/intc/pnv_xive.c
index 66970a60733b..1962f884d6de 100644
--- a/hw/intc/pnv_xive.c
+++ b/hw/intc/pnv_xive.c
@@ -1816,10 +1816,17 @@ static void pnv_xive_init(Object *obj)
 static void pnv_xive_realize(DeviceState *dev, Error **errp)
 {
 PnvXive *xive = PNV_XIVE(dev);
+PnvXiveClass *pxc = PNV_XIVE_GET_CLASS(dev);
 XiveSource *xsrc = >ipi_source;
 XiveENDSource *end_xsrc = >end_source;
 Error *local_err = NULL;
 
+pxc->parent_realize(dev, _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+
 assert(xive->chip);
 assert(xive->system_memory);
 
@@ -1950,10 +1957,12 @@ static void pnv_xive_class_init(ObjectClass *klass, 
void *data)
 XiveRouterClass *xrc = XIVE_ROUTER_CLASS(klass);
 XiveNotifierClass *xnc = XIVE_NOTIFIER_CLASS(klass);
 XivePresenterClass *xpc = XIVE_PRESENTER_CLASS(klass);
+PnvXiveClass *pxc = PNV_XIVE_CLASS(klass);
 
 xdc->dt_xscom = pnv_xive_dt_xscom;
 
 dc->desc = "PowerNV XIVE Interrupt Controller";
+device_class_set_parent_realize(dc, pnv_xive_realize, 
>parent_realize);
 dc->realize = pnv_xive_realize;
 dc->props = pnv_xive_properties;
 
@@ -1974,6 +1983,7 @@ static const TypeInfo pnv_xive_info = {
 .instance_init = pnv_xive_init,
 .instance_size = sizeof(PnvXive),
 .class_init= pnv_xive_class_init,
+.class_size= sizeof(PnvXiveClass),
 .interfaces= (InterfaceInfo[]) {
 { TYPE_PNV_XSCOM_INTERFACE },
 { }
-- 
2.21.0

[PATCH 05/10] spapr/xive: Use device_class_set_parent_realize()

[Cédric Le Goater]

From: Greg Kurz 

The XIVE router base class currently inherits an empty realize hook
from the sysbus device base class, but it will soon implement one
of its own to perform some sanity checks. Do the preliminary plumbing
to have it called.

Signed-off-by: Greg Kurz 
Signed-off-by: Cédric Le Goater 
---
 include/hw/ppc/spapr_xive.h | 10 ++
 hw/intc/spapr_xive.c| 12 +++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/include/hw/ppc/spapr_xive.h b/include/hw/ppc/spapr_xive.h
index 3a103c224d44..93d09d68deb7 100644
--- a/include/hw/ppc/spapr_xive.h
+++ b/include/hw/ppc/spapr_xive.h
@@ -15,6 +15,10 @@
 
 #define TYPE_SPAPR_XIVE "spapr-xive"
 #define SPAPR_XIVE(obj) OBJECT_CHECK(SpaprXive, (obj), TYPE_SPAPR_XIVE)
+#define SPAPR_XIVE_CLASS(klass) \
+OBJECT_CLASS_CHECK(SpaprXiveClass, (klass), TYPE_SPAPR_XIVE)
+#define SPAPR_XIVE_GET_CLASS(obj)   \
+OBJECT_GET_CLASS(SpaprXiveClass, (obj), TYPE_SPAPR_XIVE)
 
 typedef struct SpaprXive {
 XiveRouterparent;
@@ -47,6 +51,12 @@ typedef struct SpaprXive {
 VMChangeStateEntry *change;
 } SpaprXive;
 
+typedef struct SpaprXiveClass {
+XiveRouterClass parent;
+
+DeviceRealize parent_realize;
+} SpaprXiveClass;
+
 /*
  * The sPAPR machine has a unique XIVE IC device. Assign a fixed value
  * to the controller block id value. It can nevertheless be changed
diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
index 57305c56d707..32322470a8b8 100644
--- a/hw/intc/spapr_xive.c
+++ b/hw/intc/spapr_xive.c
@@ -286,10 +286,17 @@ static void spapr_xive_instance_init(Object *obj)
 static void spapr_xive_realize(DeviceState *dev, Error **errp)
 {
 SpaprXive *xive = SPAPR_XIVE(dev);
+SpaprXiveClass *sxc = SPAPR_XIVE_GET_CLASS(xive);
 XiveSource *xsrc = >source;
 XiveENDSource *end_xsrc = >end_source;
 Error *local_err = NULL;
 
+sxc->parent_realize(dev, _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+
 if (!xive->nr_irqs) {
 error_setg(errp, "Number of interrupt needs to be greater 0");
 return;
@@ -760,10 +767,12 @@ static void spapr_xive_class_init(ObjectClass *klass, 
void *data)
 XiveRouterClass *xrc = XIVE_ROUTER_CLASS(klass);
 SpaprInterruptControllerClass *sicc = SPAPR_INTC_CLASS(klass);
 XivePresenterClass *xpc = XIVE_PRESENTER_CLASS(klass);
+SpaprXiveClass *sxc = SPAPR_XIVE_CLASS(klass);
 
 dc->desc= "sPAPR XIVE Interrupt Controller";
 dc->props   = spapr_xive_properties;
-dc->realize = spapr_xive_realize;
+device_class_set_parent_realize(dc, spapr_xive_realize,
+>parent_realize);
 dc->vmsd= _spapr_xive;
 
 xrc->get_eas = spapr_xive_get_eas;
@@ -794,6 +803,7 @@ static const TypeInfo spapr_xive_info = {
 .instance_init = spapr_xive_instance_init,
 .instance_size = sizeof(SpaprXive),
 .class_init = spapr_xive_class_init,
+.class_size = sizeof(SpaprXiveClass),
 .interfaces = (InterfaceInfo[]) {
 { TYPE_SPAPR_INTC },
 { }
-- 
2.21.0

[PATCH 02/10] ppc/pnv: Introduce a "system-memory" property

[Cédric Le Goater]

and use a link to pass the system memory to the device models that
require it to map/unmap BARs. This replace the use of get_system_memory()

Signed-off-by: Cédric Le Goater 
---
 include/hw/ppc/pnv.h  |  2 ++
 include/hw/ppc/pnv_psi.h  |  1 +
 include/hw/ppc/pnv_xive.h |  2 ++
 hw/intc/pnv_xive.c|  5 -
 hw/ppc/pnv.c  | 31 ---
 hw/ppc/pnv_psi.c  | 13 ++---
 6 files changed, 43 insertions(+), 11 deletions(-)

diff --git a/include/hw/ppc/pnv.h b/include/hw/ppc/pnv.h
index f78fd0dd967c..f31180618672 100644
--- a/include/hw/ppc/pnv.h
+++ b/include/hw/ppc/pnv.h
@@ -56,6 +56,8 @@ typedef struct PnvChip {
 AddressSpace xscom_as;
 
 gchar*dt_isa_nodename;
+
+MemoryRegion *system_memory;
 } PnvChip;
 
 #define TYPE_PNV8_CHIP "pnv8-chip"
diff --git a/include/hw/ppc/pnv_psi.h b/include/hw/ppc/pnv_psi.h
index f0f5b5519767..f85babaff0be 100644
--- a/include/hw/ppc/pnv_psi.h
+++ b/include/hw/ppc/pnv_psi.h
@@ -35,6 +35,7 @@ typedef struct PnvPsi {
 
 MemoryRegion regs_mr;
 uint64_t bar;
+MemoryRegion *system_memory;
 
 /* FSP region not supported */
 /* MemoryRegion fsp_mr; */
diff --git a/include/hw/ppc/pnv_xive.h b/include/hw/ppc/pnv_xive.h
index f4c7caad40ee..4d641db691c8 100644
--- a/include/hw/ppc/pnv_xive.h
+++ b/include/hw/ppc/pnv_xive.h
@@ -30,6 +30,8 @@ typedef struct PnvXive {
 /* Owning chip */
 struct PnvChip *chip;
 
+MemoryRegion *system_memory;
+
 /* XSCOM addresses giving access to the controller registers */
 MemoryRegion  xscom_regs;
 
diff --git a/hw/intc/pnv_xive.c b/hw/intc/pnv_xive.c
index a0a69b98a713..66970a60733b 100644
--- a/hw/intc/pnv_xive.c
+++ b/hw/intc/pnv_xive.c
@@ -853,7 +853,7 @@ static void pnv_xive_ic_reg_write(void *opaque, hwaddr 
offset,
   uint64_t val, unsigned size)
 {
 PnvXive *xive = PNV_XIVE(opaque);
-MemoryRegion *sysmem = get_system_memory();
+MemoryRegion *sysmem = xive->system_memory;
 uint32_t reg = offset >> 3;
 bool is_chip0 = xive->chip->chip_id == 0;
 
@@ -1821,6 +1821,7 @@ static void pnv_xive_realize(DeviceState *dev, Error 
**errp)
 Error *local_err = NULL;
 
 assert(xive->chip);
+assert(xive->system_memory);
 
 /*
  * The XiveSource and XiveENDSource objects are realized with the
@@ -1937,6 +1938,8 @@ static Property pnv_xive_properties[] = {
 DEFINE_PROP_UINT64("tm-bar", PnvXive, tm_base, 0),
 /* The PnvChip id identifies the XIVE interrupt controller. */
 DEFINE_PROP_LINK("chip", PnvXive, chip, TYPE_PNV_CHIP, PnvChip *),
+DEFINE_PROP_LINK("system-memory", PnvXive, system_memory,
+ TYPE_MEMORY_REGION, MemoryRegion *),
 DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 855254f28263..2f611bfdda46 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -674,6 +674,7 @@ static void pnv_chip_power10_pic_print_info(PnvChip *chip, 
Monitor *mon)
 
 static void pnv_init(MachineState *machine)
 {
+MemoryRegion *sysmem = get_system_memory();
 PnvMachineState *pnv = PNV_MACHINE(machine);
 MachineClass *mc = MACHINE_GET_CLASS(machine);
 MemoryRegion *ram;
@@ -692,7 +693,7 @@ static void pnv_init(MachineState *machine)
 ram = g_new(MemoryRegion, 1);
 memory_region_allocate_system_memory(ram, NULL, "pnv.ram",
  machine->ram_size);
-memory_region_add_subregion(get_system_memory(), 0, ram);
+memory_region_add_subregion(sysmem, 0, ram);
 
 /*
  * Create our simple PNOR device
@@ -790,6 +791,12 @@ static void pnv_init(MachineState *machine)
 _fatal);
 object_property_set_int(chip, machine->smp.cores,
 "nr-cores", _fatal);
+/*
+ * TODO: Only the MMIO range should be of interest for the
+ * controllers
+ */
+object_property_set_link(chip, OBJECT(sysmem), "system-memory",
+ _abort);
 object_property_set_bool(chip, true, "realized", _fatal);
 }
 g_free(chip_typename);
@@ -1060,6 +1067,8 @@ static void pnv_chip_power8_realize(DeviceState *dev, 
Error **errp)
 /* Processor Service Interface (PSI) Host Bridge */
 object_property_set_int(OBJECT(>psi), PNV_PSIHB_BASE(chip),
 "bar", _fatal);
+object_property_set_link(OBJECT(>psi), OBJECT(chip->system_memory),
+ "system-memory", _abort);
 object_property_set_bool(OBJECT(>psi), true, "realized", 
_err);
 if (local_err) {
 error_propagate(errp, local_err);
@@ -1100,7 +1109,7 @@ static void pnv_chip_power8_realize(DeviceState *dev, 
Error **errp)
 pnv_xscom_add_subregion(chip, PNV_XSCOM_OCC_BASE, >occ.xscom_regs);
 
 /* OCC SRAM model */
-memory_region_add_subregion(get_system_memory(), PNV_OCC_SENSOR_BASE(chip),
+

[PATCH 10/10] ppc/pnv: Add a "pnor" const link property to the BMC internal simulator

[Cédric Le Goater]

From: Greg Kurz 

This allows to get rid of a call to qdev_get_machine().

Signed-off-by: Greg Kurz 
Signed-off-by: Cédric Le Goater 
---
 include/hw/ppc/pnv.h | 2 +-
 hw/ppc/pnv.c | 2 +-
 hw/ppc/pnv_bmc.c | 8 +---
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/include/hw/ppc/pnv.h b/include/hw/ppc/pnv.h
index 4c13d4394a11..d016ab0d0319 100644
--- a/include/hw/ppc/pnv.h
+++ b/include/hw/ppc/pnv.h
@@ -231,7 +231,7 @@ PnvChip *pnv_get_chip(uint32_t chip_id);
  */
 void pnv_dt_bmc_sensors(IPMIBmc *bmc, void *fdt);
 void pnv_bmc_powerdown(IPMIBmc *bmc);
-IPMIBmc *pnv_bmc_create(void);
+IPMIBmc *pnv_bmc_create(PnvPnor *pnor);
 
 /*
  * POWER8 MMIO base addresses
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 7add208f997b..6ef90da92325 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -815,7 +815,7 @@ static void pnv_init(MachineState *machine)
 g_free(chip_typename);
 
 /* Create the machine BMC simulator */
-pnv->bmc = pnv_bmc_create();
+pnv->bmc = pnv_bmc_create(pnv->pnor);
 
 /* Instantiate ISA bus on chip 0 */
 pnv->isa_bus = pnv_isa_create(pnv->chips[0], _fatal);
diff --git a/hw/ppc/pnv_bmc.c b/hw/ppc/pnv_bmc.c
index 07fa1e1c7e45..8863354c1c08 100644
--- a/hw/ppc/pnv_bmc.c
+++ b/hw/ppc/pnv_bmc.c
@@ -143,8 +143,8 @@ static uint16_t bytes_to_blocks(uint32_t bytes)
 static void hiomap_cmd(IPMIBmcSim *ibs, uint8_t *cmd, unsigned int cmd_len,
RspBuffer *rsp)
 {
-PnvMachineState *pnv = PNV_MACHINE(qdev_get_machine());
-PnvPnor *pnor = pnv->pnor;
+PnvPnor *pnor = PNV_PNOR(object_property_get_link(OBJECT(ibs), "pnor",
+  _abort));
 uint32_t pnor_size = pnor->size;
 uint32_t pnor_addr = PNOR_SPI_OFFSET;
 bool readonly = false;
@@ -217,11 +217,13 @@ static const IPMINetfn hiomap_netfn = {
  * Instantiate the machine BMC. PowerNV uses the QEMU internal
  * simulator but it could also be external.
  */
-IPMIBmc *pnv_bmc_create(void)
+IPMIBmc *pnv_bmc_create(PnvPnor *pnor)
 {
 Object *obj;
 
 obj = object_new(TYPE_IPMI_BMC_SIMULATOR);
+object_ref(OBJECT(pnor));
+object_property_add_const_link(obj, "pnor", OBJECT(pnor), _abort);
 object_property_set_bool(obj, true, "realized", _fatal);
 
 /* Install the HIOMAP protocol handlers to access the PNOR */
-- 
2.21.0

[PATCH 00/10] ppc/pnv: remove the use of qdev_get_machine() and get_system_memory()

[Cédric Le Goater]

Hello,

The PowerNV and sPAPR machine use qdev_get_machine() and
get_system_memory() in some places. This is not a good modeling
pratice and it should be avoided. This series replaces the uses of
these routines with a set of QOM properties and aliases.

The work is mostly complete. We still need to link the XiveTCTX to its
XiveRouter or XivePresenter under the sPAPR machine.

Thanks,

C.

Cédric Le Goater (4):
  ppc/pnv: Modify the powerdown notifier to get the PowerNV machine
  ppc/pnv: Introduce a "system-memory" property
  ppc/pnv: Introduce a "xics" property alias under the PSI model
  ppc/pnv: Introduce a "xics" property under the POWER8 chip

Greg Kurz (6):
  spapr/xive: Use device_class_set_parent_realize()
  pnv/xive: Use device_class_set_parent_realize()
  spapr, pnv, xive: Add a "xive-fabric" link to the XIVE router
  xive: Use the XIVE fabric link under the XIVE router
  ppc/pnv: Add an "nr-threads" property to the base chip class
  ppc/pnv: Add a "pnor" const link property to the BMC internal
simulator

 include/hw/ppc/pnv.h|  7 +++-
 include/hw/ppc/pnv_psi.h|  1 +
 include/hw/ppc/pnv_xive.h   | 12 ++
 include/hw/ppc/spapr_xive.h | 10 +
 include/hw/ppc/xive.h   |  5 ++-
 hw/intc/pnv_xive.c  | 15 +++-
 hw/intc/spapr_xive.c| 12 +-
 hw/intc/xive.c  | 22 +--
 hw/ppc/pnv.c| 75 -
 hw/ppc/pnv_bmc.c|  8 ++--
 hw/ppc/pnv_psi.c| 22 +--
 hw/ppc/spapr_irq.c  |  2 +
 12 files changed, 151 insertions(+), 40 deletions(-)

-- 
2.21.0

[PATCH 04/10] ppc/pnv: Introduce a "xics" property under the POWER8 chip

[Cédric Le Goater]

POWER8 is the only chip using the XICS interface. Add a "xics" link
and a XICSFabric attribute under this chip to remove the use of
qdev_get_machine()

Signed-off-by: Cédric Le Goater 
---
 include/hw/ppc/pnv.h |  2 ++
 hw/ppc/pnv.c | 26 --
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/include/hw/ppc/pnv.h b/include/hw/ppc/pnv.h
index f31180618672..8b957dfb5736 100644
--- a/include/hw/ppc/pnv.h
+++ b/include/hw/ppc/pnv.h
@@ -74,6 +74,8 @@ typedef struct Pnv8Chip {
 Pnv8Psi  psi;
 PnvOCC   occ;
 PnvHomer homer;
+
+XICSFabric*xics;
 } Pnv8Chip;
 
 #define TYPE_PNV9_CHIP "pnv9-chip"
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index d6fe5ba13535..6500efba1317 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -797,6 +797,13 @@ static void pnv_init(MachineState *machine)
  */
 object_property_set_link(chip, OBJECT(sysmem), "system-memory",
  _abort);
+/*
+ * The POWER8 machine use the XICS interrupt interface.
+ * Propagate the XICS fabric to the chip and its controllers.
+ */
+if (object_dynamic_cast(OBJECT(pnv), TYPE_XICS_FABRIC)) {
+object_property_set_link(chip, OBJECT(pnv), "xics", _abort);
+}
 object_property_set_bool(chip, true, "realized", _fatal);
 }
 g_free(chip_typename);
@@ -838,12 +845,12 @@ static uint32_t pnv_chip_core_pir_p8(PnvChip *chip, 
uint32_t core_id)
 static void pnv_chip_power8_intc_create(PnvChip *chip, PowerPCCPU *cpu,
 Error **errp)
 {
+Pnv8Chip *chip8 = PNV8_CHIP(chip);
 Error *local_err = NULL;
 Object *obj;
 PnvCPUState *pnv_cpu = pnv_cpu_state(cpu);
 
-obj = icp_create(OBJECT(cpu), TYPE_PNV_ICP, 
XICS_FABRIC(qdev_get_machine()),
- _err);
+obj = icp_create(OBJECT(cpu), TYPE_PNV_ICP, chip8->xics, _err);
 if (local_err) {
 error_propagate(errp, local_err);
 return;
@@ -997,6 +1004,12 @@ static void pnv_chip_power8_instance_init(Object *obj)
 {
 Pnv8Chip *chip8 = PNV8_CHIP(obj);
 
+object_property_add_link(obj, "xics", TYPE_XICS_FABRIC,
+ (Object **)>xics,
+ object_property_allow_set_link,
+ OBJ_PROP_LINK_STRONG,
+ _abort);
+
 object_initialize_child(obj, "psi",  >psi, sizeof(chip8->psi),
 TYPE_PNV8_PSI, _abort, NULL);
 
@@ -1016,7 +1029,6 @@ static void pnv_chip_icp_realize(Pnv8Chip *chip8, Error 
**errp)
 PnvChipClass *pcc = PNV_CHIP_GET_CLASS(chip);
 int i, j;
 char *name;
-XICSFabric *xi = XICS_FABRIC(qdev_get_machine());
 
 name = g_strdup_printf("icp-%x", chip->chip_id);
 memory_region_init(>icp_mmio, OBJECT(chip), name, PNV_ICP_SIZE);
@@ -1032,7 +1044,7 @@ static void pnv_chip_icp_realize(Pnv8Chip *chip8, Error 
**errp)
 
 for (j = 0; j < CPU_CORE(pnv_core)->nr_threads; j++) {
 uint32_t pir = pcc->core_pir(chip, core_hwid) + j;
-PnvICPState *icp = PNV_ICP(xics_icp_get(xi, pir));
+PnvICPState *icp = PNV_ICP(xics_icp_get(chip8->xics, pir));
 
 memory_region_add_subregion(>icp_mmio, pir << 12,
 >mmio);
@@ -1048,6 +1060,8 @@ static void pnv_chip_power8_realize(DeviceState *dev, 
Error **errp)
 Pnv8Psi *psi8 = >psi;
 Error *local_err = NULL;
 
+assert(chip8->xics);
+
 /* XSCOM bridge is first */
 pnv_xscom_realize(chip, PNV_XSCOM_SIZE, _err);
 if (local_err) {
@@ -1067,8 +1081,8 @@ static void pnv_chip_power8_realize(DeviceState *dev, 
Error **errp)
 "bar", _fatal);
 object_property_set_link(OBJECT(>psi), OBJECT(chip->system_memory),
  "system-memory", _abort);
-object_property_set_link(OBJECT(>psi), OBJECT(qdev_get_machine()),
- ICS_PROP_XICS, _abort);
+object_property_set_link(OBJECT(>psi), OBJECT(chip8->xics),
+  ICS_PROP_XICS, _abort);
 object_property_set_bool(OBJECT(>psi), true, "realized", 
_err);
 if (local_err) {
 error_propagate(errp, local_err);
-- 
2.21.0

Re: [RFC PATCH v3 000/132] Proof of concept for Meson integration

[Markus Armbruster]

I (mercifully?) haven't received PATCH 094-132, and the list archive
doesn't have them, either.

Re: [PATCH v2 5/7] configure: Unnest detection of -z, relro and -z, now

[Fangrui Song]

On 2019-12-18, Philippe Mathieu-Daudé wrote:

On 12/18/19 11:34 PM, Richard Henderson wrote:

There is nothing about these options that is related to PIE.
Use them unconditionally.

Signed-off-by: Richard Henderson 
---
v2: Do not split into two tests.
---
 configure | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index 7a646ec007..2503288654 100755
--- a/configure
+++ b/configure
@@ -2040,9 +2040,6 @@ if test "$pie" != "no" ; then
 QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
 LDFLAGS="-pie $LDFLAGS"
 pie="yes"
-if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
-  LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
-fi
   else
 if test "$pie" = "yes"; then
   error_exit "PIE not available due to missing toolchain support"
@@ -2053,6 +2050,12 @@ if test "$pie" != "no" ; then
   fi
 fi
+# Detect support for PT_GNU_RELRO + DT_BIND_NOW.
+# The combination is known as "full relro", because .got is read-only too.
+if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
+  LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
+fi
+
 ##
 # __sync_fetch_and_and requires at least -march=i486. Many toolchains
 # use i686 as default anyway, but for those that don't, an explicit



Reviewed-by: Philippe Mathieu-Daudé 


One nit, .got is also read-only in partial relro. Full relro makes .got.plt
read-only. (On EM_PPC and EM_PPC64, .got.plt is named .plt (yes,
misnomer)).

Reviewed-by: Fangrui Song 

Re: [RFC PATCH 13/14] hw/char/terminal3270: Explicit ignored QEMUChrEvent in IOEventHandler

[Markus Armbruster]

Philippe Mathieu-Daudé  writes:

> The Chardev events are listed in the QEMUChrEvent enum. To be
> able to use this enum in the IOEventHandler typedef, we need to
> explicit when frontends ignore some events, to silent GCC the
> following warnings:
>
> CC  s390x-softmmu/hw/char/terminal3270.o
>   hw/char/terminal3270.c: In function ‘chr_event’:
>   hw/char/terminal3270.c:156:5: error: enumeration value ‘CHR_EVENT_BREAK’ 
> not handled in switch [-Werror=switch]
> 156 | switch (event) {
> | ^~
>   hw/char/terminal3270.c:156:5: error: enumeration value ‘CHR_EVENT_MUX_IN’ 
> not handled in switch [-Werror=switch]
>   hw/char/terminal3270.c:156:5: error: enumeration value ‘CHR_EVENT_MUX_OUT’ 
> not handled in switch [-Werror=switch]
>   cc1: all warnings being treated as errors
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
> Cc: Cornelia Huck 
> Cc: Halil Pasic 
> Cc: Christian Borntraeger 
> Cc: "Marc-André Lureau" 
> Cc: Paolo Bonzini 
> Cc: qemu-s3...@nongnu.org
> ---
>  hw/char/terminal3270.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/hw/char/terminal3270.c b/hw/char/terminal3270.c
> index 6859c1bcb2..9e59a2d92b 100644
> --- a/hw/char/terminal3270.c
> +++ b/hw/char/terminal3270.c
> @@ -166,6 +166,9 @@ static void chr_event(void *opaque, int event)
>  sch->curr_status.scsw.dstat = SCSW_DSTAT_DEVICE_END;
>  css_conditional_io_interrupt(sch);
>  break;
> +default:
> +/* Ignore */
> +break;
>  }
>  }

I doubt the /* Ignore */ comment is worth its keep.

Splitting PATCH 02-13 feels excessive to me.

[PATCH 2/2] arm/virt/acpi: remove _ADR from devices identified by _HID

[Heyi Guo]

According to ACPI spec, _ADR should be used for device which is on a
bus that has a standard enumeration algorithm. It does not make sense
to have a _ADR object for devices which already have _HID and will be
enumerated by OSPM.

Signed-off-by: Heyi Guo 

---
Cc: Shannon Zhao 
Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org
---
 hw/arm/virt-acpi-build.c  |   8 
 tests/data/acpi/virt/DSDT | Bin 18449 -> 18426 bytes
 tests/data/acpi/virt/DSDT.memhp   | Bin 19786 -> 19763 bytes
 tests/data/acpi/virt/DSDT.numamem | Bin 18449 -> 18426 bytes
 4 files changed, 8 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 9f4c7d1889..be752c0ad8 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -78,11 +78,6 @@ static void acpi_dsdt_add_uart(Aml *scope, const MemMapEntry 
*uart_memmap,
  AML_EXCLUSIVE, _irq, 1));
 aml_append(dev, aml_name_decl("_CRS", crs));
 
-/* The _ADR entry is used to link this device to the UART described
- * in the SPCR table, i.e. SPCR.base_address.address == _ADR.
- */
-aml_append(dev, aml_name_decl("_ADR", aml_int(uart_memmap->base)));
-
 aml_append(scope, dev);
 }
 
@@ -170,7 +165,6 @@ static void acpi_dsdt_add_pci(Aml *scope, const MemMapEntry 
*memmap,
 aml_append(dev, aml_name_decl("_CID", aml_string("PNP0A03")));
 aml_append(dev, aml_name_decl("_SEG", aml_int(0)));
 aml_append(dev, aml_name_decl("_BBN", aml_int(0)));
-aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
 aml_append(dev, aml_name_decl("_UID", aml_string("PCI0")));
 aml_append(dev, aml_name_decl("_STR", aml_unicode("PCIe 0 Device")));
 aml_append(dev, aml_name_decl("_CCA", aml_int(1)));
@@ -334,7 +328,6 @@ static void acpi_dsdt_add_gpio(Aml *scope, const 
MemMapEntry *gpio_memmap,
 {
 Aml *dev = aml_device("GPO0");
 aml_append(dev, aml_name_decl("_HID", aml_string("ARMH0061")));
-aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
 aml_append(dev, aml_name_decl("_UID", aml_int(0)));
 
 Aml *crs = aml_resource_template();
@@ -364,7 +357,6 @@ static void acpi_dsdt_add_power_button(Aml *scope)
 {
 Aml *dev = aml_device(ACPI_POWER_BUTTON_DEVICE);
 aml_append(dev, aml_name_decl("_HID", aml_string("PNP0C0C")));
-aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
 aml_append(dev, aml_name_decl("_UID", aml_int(0)));
 aml_append(scope, dev);
 }
diff --git a/tests/data/acpi/virt/DSDT b/tests/data/acpi/virt/DSDT
index 
b5895cb22446860a0b9be3d32ec856feb388be4c..a759ff739a071d5fbf50519a6aea296e5e0f1e0c
 100644
GIT binary patch
delta 72
zcmbO@f$>*ABbQ6COUN_q{66S<_BT5Bh^tIeLL4lL8ZSqD=gU!!5x$Pt+
c1HyxxIO07#U3dfh0t}oDoEbRcLp@y>07w882mk;8

delta 94
zcmey>@cBbQ6CONgKc0|V26iCof5J#`b+RhV2^Ci+-%al|{i1o1F1FmP^cRp4ao
tnY@hCfEg`7$S;oxFTNc#soEyoaX?Z-8HbfwO@#16Tu)4E1zj005fm7mWY_

diff --git a/tests/data/acpi/virt/DSDT.memhp b/tests/data/acpi/virt/DSDT.memhp
index 
69ad844f65d047973a3e55198beecd45a35b8fce..6e5cc61977e4cd24f765fec0693f75a528c144c1
 100644
GIT binary patch
delta 72
zcmX>#i*fTTMlP3Nmk?uL1_q|eiCof5eHSLGt1wzk^tIeLL4lL8ZSqD=gU!!5U7RH)
c1HyxxIO07#U3dfh0t}oDoEbRcLp@y>03)CjmjD0&

delta 94
zcmdlyi}BPfMlP3Nmk=*s1_q}3iCof5t(PXMt1!8;O!Tqj;)r*23F2X3VBp-?s=&$E
tGkF=O0W(l&^JPwVXL*ABbQ6COUN_q{66S<_BT5Bh^tIeLL4lL8ZSqD=gU!!5x$Pt+
c1HyxxIO07#U3dfh0t}oDoEbRcLp@y>07w882mk;8

delta 94
zcmey>@cBbQ6CONgKc0|V26iCof5J#`b+RhV2^Ci+-%al|{i1o1F1FmP^cRp4ao
tnY@hCfEg`7$S;oxFTNc#soEyoaX?Z-8HbfwO@#16Tu)4E1zj005fm7mWY_

-- 
2.19.1

[PATCH 0/2] Some cleanup in arm/virt/acpi

[Heyi Guo]

Remove useless device node and conflict _ADR objects in ACPI/DSDT.

Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Shannon Zhao 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org

Heyi Guo (2):
  arm/virt/acpi: remove meaningless sub device "PR0" from PCI0
  arm/virt/acpi: remove _ADR from devices identified by _HID

 hw/arm/virt-acpi-build.c  |  12 
 tests/data/acpi/virt/DSDT | Bin 18462 -> 18426 bytes
 tests/data/acpi/virt/DSDT.memhp   | Bin 19799 -> 19763 bytes
 tests/data/acpi/virt/DSDT.numamem | Bin 18462 -> 18426 bytes
 4 files changed, 12 deletions(-)

-- 
2.19.1

[PATCH 1/2] arm/virt/acpi: remove meaningless sub device "PR0" from PCI0

[Heyi Guo]

The sub device "PR0" under PCI0 in ACPI/DSDT does not make any sense,
so simply remote it.

Signed-off-by: Heyi Guo 

---
Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Shannon Zhao 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org
---
 hw/arm/virt-acpi-build.c  |   4 
 tests/data/acpi/virt/DSDT | Bin 18462 -> 18449 bytes
 tests/data/acpi/virt/DSDT.memhp   | Bin 19799 -> 19786 bytes
 tests/data/acpi/virt/DSDT.numamem | Bin 18462 -> 18449 bytes
 4 files changed, 4 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index bd5f771e9b..9f4c7d1889 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -317,10 +317,6 @@ static void acpi_dsdt_add_pci(Aml *scope, const 
MemMapEntry *memmap,
 aml_append(method, aml_return(buf));
 aml_append(dev, method);
 
-Aml *dev_rp0 = aml_device("%s", "RP0");
-aml_append(dev_rp0, aml_name_decl("_ADR", aml_int(0)));
-aml_append(dev, dev_rp0);
-
 Aml *dev_res0 = aml_device("%s", "RES0");
 aml_append(dev_res0, aml_name_decl("_HID", aml_string("PNP0C02")));
 crs = aml_resource_template();
diff --git a/tests/data/acpi/virt/DSDT b/tests/data/acpi/virt/DSDT
index 
d0f3afeb134fdf1c11f64cd06dbcdd30be603b80..b5895cb22446860a0b9be3d32ec856feb388be4c
 100644
GIT binary patch
delta 39
vcmbO?fpOvlMlP3Nmk>b@1_q`B6S<_Bdg?Z+cXBfI+}XT|v(|R9jr$`2@RSW)

delta 50
zcmbO@fpOjhMlP3Nmk>D*1_q{tiCof5o%I{lJ2{y;?{412S!>J19TZ>?^tF5;R%I
G{V4!>hYx%J

diff --git a/tests/data/acpi/virt/DSDT.memhp b/tests/data/acpi/virt/DSDT.memhp
index 
41ccc6431b917252bcbaac86c33b340c796be5ce..69ad844f65d047973a3e55198beecd45a35b8fce
 100644
GIT binary patch
delta 40
wcmcaUi}BPfMlP3Nmk=*s1_q}3iCof5t(P{ccXBfI+}XT|v(|RAjk`1(02g)*ivR!s

delta 51
zcmX>#i}Cs_MlP3NmymE@1_mbiiCof5O_w*ScXBdy-rc;3v(}c2J1D>)o+IATC1|sb
HyBr$;t7;Fc

diff --git a/tests/data/acpi/virt/DSDT.numamem 
b/tests/data/acpi/virt/DSDT.numamem
index 
d0f3afeb134fdf1c11f64cd06dbcdd30be603b80..b5895cb22446860a0b9be3d32ec856feb388be4c
 100644
GIT binary patch
delta 39
vcmbO?fpOvlMlP3Nmk>b@1_q`B6S<_Bdg?Z+cXBfI+}XT|v(|R9jr$`2@RSW)

delta 50
zcmbO@fpOjhMlP3Nmk>D*1_q{tiCof5o%I{lJ2{y;?{412S!>J19TZ>?^tF5;R%I
G{V4!>hYx%J

-- 
2.19.1

[PATCH v7 4/4] hw/arm: Add the Netduino Plus 2

[Alistair Francis]

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Maydell 
---
 MAINTAINERS|  6 +
 hw/arm/Makefile.objs   |  1 +
 hw/arm/netduinoplus2.c | 52 ++
 3 files changed, 59 insertions(+)
 create mode 100644 hw/arm/netduinoplus2.c

diff --git a/MAINTAINERS b/MAINTAINERS
index bda53628a5..203ced66e0 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -829,6 +829,12 @@ M: Peter Maydell 
 S: Maintained
 F: hw/arm/netduino2.c
 
+Netduino Plus 2
+M: Alistair Francis 
+M: Peter Maydell 
+S: Maintained
+F: hw/arm/netduinoplus2.c
+
 SmartFusion2
 M: Subbaraya Sundeep 
 M: Peter Maydell 
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index d9d54da7cf..336f6dd374 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -11,6 +11,7 @@ obj-$(CONFIG_MAINSTONE) += mainstone.o
 obj-$(CONFIG_MICROBIT) += microbit.o
 obj-$(CONFIG_MUSICPAL) += musicpal.o
 obj-$(CONFIG_NETDUINO2) += netduino2.o
+obj-$(CONFIG_NETDUINOPLUS2) += netduinoplus2.o
 obj-$(CONFIG_NSERIES) += nseries.o
 obj-$(CONFIG_SX1) += omap_sx1.o
 obj-$(CONFIG_CHEETAH) += palm.o
diff --git a/hw/arm/netduinoplus2.c b/hw/arm/netduinoplus2.c
new file mode 100644
index 00..e5e247edbe
--- /dev/null
+++ b/hw/arm/netduinoplus2.c
@@ -0,0 +1,52 @@
+/*
+ * Netduino Plus 2 Machine Model
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "hw/boards.h"
+#include "hw/qdev-properties.h"
+#include "qemu/error-report.h"
+#include "hw/arm/stm32f405_soc.h"
+#include "hw/arm/boot.h"
+
+static void netduinoplus2_init(MachineState *machine)
+{
+DeviceState *dev;
+
+dev = qdev_create(NULL, TYPE_STM32F405_SOC);
+qdev_prop_set_string(dev, "cpu-type", ARM_CPU_TYPE_NAME("cortex-m4"));
+object_property_set_bool(OBJECT(dev), true, "realized", _fatal);
+
+armv7m_load_kernel(ARM_CPU(first_cpu),
+   machine->kernel_filename,
+   FLASH_SIZE);
+}
+
+static void netduinoplus2_machine_init(MachineClass *mc)
+{
+mc->desc = "Netduino Plus 2 Machine";
+mc->init = netduinoplus2_init;
+}
+
+DEFINE_MACHINE("netduinoplus2", netduinoplus2_machine_init)
-- 
2.24.0

[PATCH v7 3/4] hw/arm: Add the STM32F4xx SoC

[Alistair Francis]

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Maydell 
---
 MAINTAINERS|   8 +
 hw/arm/Makefile.objs   |   1 +
 hw/arm/stm32f405_soc.c | 302 +
 include/hw/arm/stm32f405_soc.h |  73 
 4 files changed, 384 insertions(+)
 create mode 100644 hw/arm/stm32f405_soc.c
 create mode 100644 include/hw/arm/stm32f405_soc.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 740401bcbb..bda53628a5 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -815,6 +815,14 @@ F: hw/adc/*
 F: hw/ssi/stm32f2xx_spi.c
 F: include/hw/*/stm32*.h
 
+STM32F405
+M: Alistair Francis 
+M: Peter Maydell 
+S: Maintained
+F: hw/arm/stm32f405_soc.c
+F: hw/misc/stm32f4xx_syscfg.c
+F: hw/misc/stm32f4xx_exti.c
+
 Netduino 2
 M: Alistair Francis 
 M: Peter Maydell 
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index fe749f65fd..d9d54da7cf 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -36,6 +36,7 @@ obj-$(CONFIG_STRONGARM) += strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_RASPI) += bcm2835_peripherals.o bcm2836.o raspi.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
+obj-$(CONFIG_STM32F405_SOC) += stm32f405_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx-zynqmp.o xlnx-zcu102.o
 obj-$(CONFIG_XLNX_VERSAL) += xlnx-versal.o xlnx-versal-virt.o
 obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
diff --git a/hw/arm/stm32f405_soc.c b/hw/arm/stm32f405_soc.c
new file mode 100644
index 00..f22516fdf7
--- /dev/null
+++ b/hw/arm/stm32f405_soc.c
@@ -0,0 +1,302 @@
+/*
+ * STM32F405 SoC
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "exec/address-spaces.h"
+#include "sysemu/sysemu.h"
+#include "hw/arm/stm32f405_soc.h"
+#include "hw/misc/unimp.h"
+
+#define SYSCFG_ADD 0x40013800
+static const uint32_t usart_addr[] = { 0x40011000, 0x40004400, 0x40004800,
+   0x40004C00, 0x40005000, 0x40011400,
+   0x40007800, 0x40007C00 };
+/* At the moment only Timer 2 to 5 are modelled */
+static const uint32_t timer_addr[] = { 0x4000, 0x4400,
+   0x4800, 0x4C00 };
+#define ADC_ADDR   0x40012000
+static const uint32_t spi_addr[] =   { 0x40013000, 0x40003800, 0x40003C00,
+   0x40013400, 0x40015000, 0x40015400 };
+#define EXTI_ADDR  0x40013C00
+
+#define SYSCFG_IRQ   71
+static const int usart_irq[] = { 37, 38, 39, 52, 53, 71, 82, 83 };
+static const int timer_irq[] = { 28, 29, 30, 50 };
+#define ADC_IRQ 18
+static const int spi_irq[] =   { 35, 36, 51, 0, 0, 0 };
+static const int exti_irq[] =  { 6, 7, 8, 9, 10, 23, 23, 23, 23, 23, 40,
+ 40, 40, 40, 40, 40} ;
+
+
+static void stm32f405_soc_initfn(Object *obj)
+{
+STM32F405State *s = STM32F405_SOC(obj);
+int i;
+
+sysbus_init_child_obj(obj, "armv7m", >armv7m, sizeof(s->armv7m),
+  TYPE_ARMV7M);
+
+sysbus_init_child_obj(obj, "syscfg", >syscfg, sizeof(s->syscfg),
+  TYPE_STM32F4XX_SYSCFG);
+
+for (i = 0; i < STM_NUM_USARTS; i++) {
+sysbus_init_child_obj(obj, "usart[*]", >usart[i],
+  sizeof(s->usart[i]), TYPE_STM32F2XX_USART);
+}
+
+for (i = 0; i < STM_NUM_TIMERS; i++) {
+sysbus_init_child_obj(obj, "timer[*]", >timer[i],
+  sizeof(s->timer[i]), TYPE_STM32F2XX_TIMER);
+}
+
+for (i = 0; i < STM_NUM_ADCS; i++) {
+sysbus_init_child_obj(obj, "adc[*]", >adc[i], sizeof(s->adc[i]),
+  TYPE_STM32F2XX_ADC);
+}
+
+for (i = 0; i < STM_NUM_SPIS; i++) {
+

[PATCH v7 1/4] hw/misc: Add the STM32F4xx Sysconfig device

[Alistair Francis]

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Maydell 
---
 default-configs/arm-softmmu.mak|   1 +
 hw/arm/Kconfig |   9 ++
 hw/misc/Kconfig|   3 +
 hw/misc/Makefile.objs  |   1 +
 hw/misc/stm32f4xx_syscfg.c | 171 +
 hw/misc/trace-events   |   6 +
 include/hw/misc/stm32f4xx_syscfg.h |  61 ++
 7 files changed, 252 insertions(+)
 create mode 100644 hw/misc/stm32f4xx_syscfg.c
 create mode 100644 include/hw/misc/stm32f4xx_syscfg.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 1f2e0e7fde..645e6201bb 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -30,6 +30,7 @@ CONFIG_Z2=y
 CONFIG_COLLIE=y
 CONFIG_ASPEED_SOC=y
 CONFIG_NETDUINO2=y
+CONFIG_NETDUINOPLUS2=y
 CONFIG_MPS2=y
 CONFIG_RASPI=y
 CONFIG_DIGIC=y
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index c6e7782580..4660d14715 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -101,6 +101,10 @@ config NETDUINO2
 bool
 select STM32F205_SOC
 
+config NETDUINOPLUS2
+bool
+select STM32F405_SOC
+
 config NSERIES
 bool
 select OMAP
@@ -307,6 +311,11 @@ config STM32F205_SOC
 select STM32F2XX_ADC
 select STM32F2XX_SPI
 
+config STM32F405_SOC
+bool
+select ARM_V7M
+select STM32F4XX_SYSCFG
+
 config XLNX_ZYNQMP_ARM
 bool
 select AHCI
diff --git a/hw/misc/Kconfig b/hw/misc/Kconfig
index 2164646553..72609650b7 100644
--- a/hw/misc/Kconfig
+++ b/hw/misc/Kconfig
@@ -82,6 +82,9 @@ config IMX
 config STM32F2XX_SYSCFG
 bool
 
+config STM32F4XX_SYSCFG
+bool
+
 config MIPS_ITU
 bool
 
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index ba898a5781..ea8025e0bb 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -58,6 +58,7 @@ common-obj-$(CONFIG_SLAVIO) += slavio_misc.o
 common-obj-$(CONFIG_ZYNQ) += zynq_slcr.o
 common-obj-$(CONFIG_ZYNQ) += zynq-xadc.o
 common-obj-$(CONFIG_STM32F2XX_SYSCFG) += stm32f2xx_syscfg.o
+common-obj-$(CONFIG_STM32F4XX_SYSCFG) += stm32f4xx_syscfg.o
 obj-$(CONFIG_MIPS_CPS) += mips_cmgcr.o
 obj-$(CONFIG_MIPS_CPS) += mips_cpc.o
 obj-$(CONFIG_MIPS_ITU) += mips_itu.o
diff --git a/hw/misc/stm32f4xx_syscfg.c b/hw/misc/stm32f4xx_syscfg.c
new file mode 100644
index 00..dbcdca59f8
--- /dev/null
+++ b/hw/misc/stm32f4xx_syscfg.c
@@ -0,0 +1,171 @@
+/*
+ * STM32F4xx SYSCFG
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "trace.h"
+#include "hw/irq.h"
+#include "migration/vmstate.h"
+#include "hw/misc/stm32f4xx_syscfg.h"
+
+static void stm32f4xx_syscfg_reset(DeviceState *dev)
+{
+STM32F4xxSyscfgState *s = STM32F4XX_SYSCFG(dev);
+
+s->syscfg_memrmp = 0x;
+s->syscfg_pmc = 0x;
+s->syscfg_exticr[0] = 0x;
+s->syscfg_exticr[1] = 0x;
+s->syscfg_exticr[2] = 0x;
+s->syscfg_exticr[3] = 0x;
+s->syscfg_cmpcr = 0x;
+}
+
+static void stm32f4xx_syscfg_set_irq(void *opaque, int irq, int level)
+{
+STM32F4xxSyscfgState *s = opaque;
+int icrreg = irq / 4;
+int startbit = (irq & 3) * 4;
+uint8_t config = config = irq / 16;
+
+trace_stm32f4xx_syscfg_set_irq(irq / 16, irq % 16, level);
+
+g_assert(icrreg < SYSCFG_NUM_EXTICR);
+
+if (extract32(s->syscfg_exticr[icrreg], startbit, 4) == config) {
+qemu_set_irq(s->gpio_out[irq], level);
+trace_stm32f4xx_pulse_exti(irq);
+   }
+}
+
+static uint64_t stm32f4xx_syscfg_read(void *opaque, hwaddr addr,
+ unsigned int size)
+{
+STM32F4xxSyscfgState *s = opaque;
+
+trace_stm32f4xx_syscfg_read(addr);
+
+switch (addr) {
+case SYSCFG_MEMRMP:
+return s->syscfg_memrmp;
+case SYSCFG_PMC:
+return s->syscfg_pmc;
+case 

[PATCH v7 0/4] Add the STM32F405 and Netduino Plus 2 machine

[Alistair Francis]

Now that the Arm-M4 CPU has been added to QEMU we can add the Netduino
Plus 2 machine. This is very similar to the STM32F205 and Netduino 2 SoC
and machine.

v7:
 - Fix the EXTI IRQ
 - Remove the duplicate configs
v6:
 - Remove machine specific reset code
 - Rebase on master
v5:
 - Fix checkpatch failures
 - Add mising includes
v4:
 - Rebase on master
v3:
 - Remove custom reset handler
 - Add init-entry and init-sp properties
 - Rebase on master (including Kconfig changes)
v2:
 - Reorder patchset
 - Return the kernel entry point instead of using a pointer
 - Address Peter's comments

Alistair Francis (4):
  hw/misc: Add the STM32F4xx Sysconfig device
  hw/misc: Add the STM32F4xx EXTI device
  hw/arm: Add the STM32F4xx SoC
  hw/arm: Add the Netduino Plus 2

 MAINTAINERS|  14 ++
 default-configs/arm-softmmu.mak|   1 +
 hw/arm/Kconfig |  10 +
 hw/arm/Makefile.objs   |   2 +
 hw/arm/netduinoplus2.c |  52 +
 hw/arm/stm32f405_soc.c | 302 +
 hw/misc/Kconfig|   6 +
 hw/misc/Makefile.objs  |   2 +
 hw/misc/stm32f4xx_exti.c   | 188 ++
 hw/misc/stm32f4xx_syscfg.c | 171 
 hw/misc/trace-events   |  11 ++
 include/hw/arm/stm32f405_soc.h |  73 +++
 include/hw/misc/stm32f4xx_exti.h   |  60 ++
 include/hw/misc/stm32f4xx_syscfg.h |  61 ++
 14 files changed, 953 insertions(+)
 create mode 100644 hw/arm/netduinoplus2.c
 create mode 100644 hw/arm/stm32f405_soc.c
 create mode 100644 hw/misc/stm32f4xx_exti.c
 create mode 100644 hw/misc/stm32f4xx_syscfg.c
 create mode 100644 include/hw/arm/stm32f405_soc.h
 create mode 100644 include/hw/misc/stm32f4xx_exti.h
 create mode 100644 include/hw/misc/stm32f4xx_syscfg.h

-- 
2.24.0

[PATCH v7 2/4] hw/misc: Add the STM32F4xx EXTI device

[Alistair Francis]

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Maydell 
---
 hw/arm/Kconfig   |   1 +
 hw/misc/Kconfig  |   3 +
 hw/misc/Makefile.objs|   1 +
 hw/misc/stm32f4xx_exti.c | 188 +++
 hw/misc/trace-events |   5 +
 include/hw/misc/stm32f4xx_exti.h |  60 ++
 6 files changed, 258 insertions(+)
 create mode 100644 hw/misc/stm32f4xx_exti.c
 create mode 100644 include/hw/misc/stm32f4xx_exti.h

diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 4660d14715..3d86691ae0 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -315,6 +315,7 @@ config STM32F405_SOC
 bool
 select ARM_V7M
 select STM32F4XX_SYSCFG
+select STM32F4XX_EXTI
 
 config XLNX_ZYNQMP_ARM
 bool
diff --git a/hw/misc/Kconfig b/hw/misc/Kconfig
index 72609650b7..bdd77d8020 100644
--- a/hw/misc/Kconfig
+++ b/hw/misc/Kconfig
@@ -85,6 +85,9 @@ config STM32F2XX_SYSCFG
 config STM32F4XX_SYSCFG
 bool
 
+config STM32F4XX_EXTI
+bool
+
 config MIPS_ITU
 bool
 
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index ea8025e0bb..c6ecbdd7b0 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -59,6 +59,7 @@ common-obj-$(CONFIG_ZYNQ) += zynq_slcr.o
 common-obj-$(CONFIG_ZYNQ) += zynq-xadc.o
 common-obj-$(CONFIG_STM32F2XX_SYSCFG) += stm32f2xx_syscfg.o
 common-obj-$(CONFIG_STM32F4XX_SYSCFG) += stm32f4xx_syscfg.o
+common-obj-$(CONFIG_STM32F4XX_EXTI) += stm32f4xx_exti.o
 obj-$(CONFIG_MIPS_CPS) += mips_cmgcr.o
 obj-$(CONFIG_MIPS_CPS) += mips_cpc.o
 obj-$(CONFIG_MIPS_ITU) += mips_itu.o
diff --git a/hw/misc/stm32f4xx_exti.c b/hw/misc/stm32f4xx_exti.c
new file mode 100644
index 00..02e7810046
--- /dev/null
+++ b/hw/misc/stm32f4xx_exti.c
@@ -0,0 +1,188 @@
+/*
+ * STM32F4XX EXTI
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "trace.h"
+#include "hw/irq.h"
+#include "migration/vmstate.h"
+#include "hw/misc/stm32f4xx_exti.h"
+
+static void stm32f4xx_exti_reset(DeviceState *dev)
+{
+STM32F4xxExtiState *s = STM32F4XX_EXTI(dev);
+
+s->exti_imr = 0x;
+s->exti_emr = 0x;
+s->exti_rtsr = 0x;
+s->exti_ftsr = 0x;
+s->exti_swier = 0x;
+s->exti_pr = 0x;
+}
+
+static void stm32f4xx_exti_set_irq(void *opaque, int irq, int level)
+{
+STM32F4xxExtiState *s = opaque;
+
+trace_stm32f4xx_exti_set_irq(irq, level);
+
+if (((1 << irq) & s->exti_rtsr) && level) {
+/* Rising Edge */
+s->exti_pr |= 1 << irq;
+}
+
+if (((1 << irq) & s->exti_ftsr) && !level) {
+/* Falling Edge */
+s->exti_pr |= 1 << irq;
+}
+
+if (!((1 << irq) & s->exti_imr)) {
+/* Interrupt is masked */
+return;
+}
+qemu_irq_pulse(s->irq[irq]);
+}
+
+static uint64_t stm32f4xx_exti_read(void *opaque, hwaddr addr,
+ unsigned int size)
+{
+STM32F4xxExtiState *s = opaque;
+
+trace_stm32f4xx_exti_read(addr);
+
+switch (addr) {
+case EXTI_IMR:
+return s->exti_imr;
+case EXTI_EMR:
+return s->exti_emr;
+case EXTI_RTSR:
+return s->exti_rtsr;
+case EXTI_FTSR:
+return s->exti_ftsr;
+case EXTI_SWIER:
+return s->exti_swier;
+case EXTI_PR:
+return s->exti_pr;
+default:
+qemu_log_mask(LOG_GUEST_ERROR,
+  "STM32F4XX_exti_read: Bad offset %x\n", (int)addr);
+return 0;
+}
+return 0;
+}
+
+static void stm32f4xx_exti_write(void *opaque, hwaddr addr,
+   uint64_t val64, unsigned int size)
+{
+STM32F4xxExtiState *s = opaque;
+uint32_t value = (uint32_t) val64;
+
+trace_stm32f4xx_exti_write(addr, value);
+
+switch (addr) {
+case EXTI_IMR:
+s->exti_imr = value;
+return;
+case EXTI_EMR:
+ 

Re: [PATCH v4 ppc-for-5.0 0/2] ppc/spapr: Support reboot of secure pseries guest

[David Gibson]

On Thu, Dec 19, 2019 at 08:44:43AM +0530, Bharata B Rao wrote:
> This patchset adds KVM_PPC_SVM_OFF ioctl which is required to support
> reset of secure guest. This includes linux-headers update so that we get
> the newly introduced ioctl.
> 
> v3:
> https://lists.gnu.org/archive/html/qemu-devel/2019-12/msg03685.html

Applied to ppc-for-5.0, thanks.

> 
> Changes in v4:
> -
> - s/error_setg/error_setg_errno (Greg Kurz)
> 
> Bharata B Rao (2):
>   linux-headers: Update
>   ppc/spapr: Support reboot of secure pseries guest
> 
>  hw/ppc/spapr.c|  1 +
>  include/standard-headers/asm-x86/bootparam.h  |  7 +-
>  .../infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h | 15 +++-
>  include/standard-headers/drm/drm_fourcc.h | 28 ++-
>  .../linux/input-event-codes.h | 77 +++
>  include/standard-headers/linux/pci_regs.h |  3 +
>  .../standard-headers/rdma/vmw_pvrdma-abi.h|  5 ++
>  linux-headers/linux/kvm.h |  1 +
>  target/ppc/kvm.c  | 15 
>  target/ppc/kvm_ppc.h  |  6 ++
>  10 files changed, 154 insertions(+), 4 deletions(-)
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH v5 1/5] tpm_spapr: Support TPM for ppc64 using CRQ based interface

[David Gibson]

On Wed, Dec 18, 2019 at 08:59:18PM -0500, Stefan Berger wrote:
> On 12/18/19 8:54 PM, David Gibson wrote:
> > On Tue, Dec 17, 2019 at 02:44:04PM -0500, Stefan Berger wrote:
> > > On 12/16/19 7:29 PM, David Gibson wrote:
> > > 
> > > 
> > > > Since you need to change compatible based on an internal variable,
> > > > we'd need to replace the static dt_compatible in the class with a
> > > > callback.
> > > 
> > > Why can we not initialize it once we know the version of TPM? From the
> > > perspective of SLOF at least this seems to be building the device tree 
> > > fine
> > > since it sees the proper value...
> > Because it's a serious layering / isolation violation.  You're
> > modifying QOM type information from the runtime code of a specific
> > instance.  You get away with it (now) because there's only one
> > instance and the ordering of things happens to let it work, but that's
> > assuming way too much about QOM's implementation details.
> > 
> > As a rule, once the QOM classes are set up with their class_init
> > function, they should never be modified.
> 
> 
> If we now add a get_dt_compatible() callback to the class that gets invoked
> when dt_compatible is NULL, does this then solve the issue?

Yes, that's what I'm suggesting.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH v5 1/5] tpm_spapr: Support TPM for ppc64 using CRQ based interface

[David Gibson]

On Thu, Dec 19, 2019 at 04:13:57PM +1100, David Gibson wrote:
> On Wed, Dec 18, 2019 at 08:59:18PM -0500, Stefan Berger wrote:
> > On 12/18/19 8:54 PM, David Gibson wrote:
> > > On Tue, Dec 17, 2019 at 02:44:04PM -0500, Stefan Berger wrote:
> > > > On 12/16/19 7:29 PM, David Gibson wrote:
> > > > 
> > > > 
> > > > > Since you need to change compatible based on an internal variable,
> > > > > we'd need to replace the static dt_compatible in the class with a
> > > > > callback.
> > > > 
> > > > Why can we not initialize it once we know the version of TPM? From the
> > > > perspective of SLOF at least this seems to be building the device tree 
> > > > fine
> > > > since it sees the proper value...
> > > Because it's a serious layering / isolation violation.  You're
> > > modifying QOM type information from the runtime code of a specific
> > > instance.  You get away with it (now) because there's only one
> > > instance and the ordering of things happens to let it work, but that's
> > > assuming way too much about QOM's implementation details.
> > > 
> > > As a rule, once the QOM classes are set up with their class_init
> > > function, they should never be modified.
> > 
> > 
> > If we now add a get_dt_compatible() callback to the class that gets invoked
> > when dt_compatible is NULL, does this then solve the issue?
> 
> Yes, that's what I'm suggesting.

Well, almost.  Actually I'd suggest the other way around - call the
callback method, but if that's NULL, fallback to the static value.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH 6/7] target/ppc: add support for Hypervisor Facility Unavailable Exception

[David Gibson]

On Thu, Nov 28, 2019 at 02:46:59PM +0100, Cédric Le Goater wrote:
> The privileged message send and clear instructions (msgsndp & msgclrp)
> are privileged, but will generate a hypervisor facility unavailable
> exception if not enabled in the HFSCR and executed in privileged
> non-hypervisor state.
> 
> Add checks when accessing the DPDES register and when using the
> msgsndp and msgclrp isntructions.
> 
> Based on previous work from Suraj Jitindar Singh.
> 
> Cc: Suraj Jitindar Singh 
> Signed-off-by: Cédric Le Goater 
> ---
>  target/ppc/cpu.h|  6 ++
>  target/ppc/helper.h |  1 +
>  target/ppc/excp_helper.c|  9 +
>  target/ppc/misc_helper.c| 24 
>  target/ppc/translate.c  |  4 
>  target/ppc/translate_init.inc.c | 18 ++
>  6 files changed, 62 insertions(+)
> 
> diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> index 8ffcfa0ea162..52608dfe6ff4 100644
> --- a/target/ppc/cpu.h
> +++ b/target/ppc/cpu.h
> @@ -397,6 +397,10 @@ typedef struct ppc_v3_pate_t {
>  #define PSSCR_ESL PPC_BIT(42) /* Enable State Loss */
>  #define PSSCR_EC  PPC_BIT(43) /* Exit Criterion */
>  
> +/* HFSCR bits */
> +#define HFSCR_MSGP PPC_BIT(53) /* Privileged Message Send Facilities */
> +#define HFSCR_IC_MSGP  0xA
> +
>  #define msr_sf   ((env->msr >> MSR_SF)   & 1)
>  #define msr_isf  ((env->msr >> MSR_ISF)  & 1)
>  #define msr_shv  ((env->msr >> MSR_SHV)  & 1)
> @@ -1333,6 +1337,8 @@ void cpu_ppc_set_vhyp(PowerPCCPU *cpu, 
> PPCVirtualHypervisor *vhyp);
>  #endif
>  
>  void store_fpscr(CPUPPCState *env, uint64_t arg, uint32_t mask);
> +void gen_hfscr_facility_check(DisasContext *ctx, int facility_sprn, int bit,
> +  int sprn, int cause);
>  
>  static inline uint64_t ppc_dump_gpr(CPUPPCState *env, int gprn)
>  {
> diff --git a/target/ppc/helper.h b/target/ppc/helper.h
> index 76518a1df6f0..14c9a30a45c9 100644
> --- a/target/ppc/helper.h
> +++ b/target/ppc/helper.h
> @@ -643,6 +643,7 @@ DEF_HELPER_3(store_dcr, void, env, tl, tl)
>  
>  DEF_HELPER_2(load_dump_spr, void, env, i32)
>  DEF_HELPER_2(store_dump_spr, void, env, i32)
> +DEF_HELPER_4(hfscr_facility_check, void, env, i32, i32, i32)
>  DEF_HELPER_4(fscr_facility_check, void, env, i32, i32, i32)
>  DEF_HELPER_4(msr_facility_check, void, env, i32, i32, i32)
>  DEF_HELPER_FLAGS_1(load_tbl, TCG_CALL_NO_RWG, tl, env)
> diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
> index 5a247945e97f..17dad626b74e 100644
> --- a/target/ppc/excp_helper.c
> +++ b/target/ppc/excp_helper.c
> @@ -469,6 +469,15 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
> excp_model, int excp)
>  case POWERPC_EXCP_FU: /* Facility unavailable exception  
> */
>  #ifdef TARGET_PPC64
>  env->spr[SPR_FSCR] |= ((target_ulong)env->error_code << 56);
> +#endif
> +break;
> +case POWERPC_EXCP_HV_FU: /* Hypervisor Facility Unavailable 
> Exception */
> +#ifdef TARGET_PPC64
> +env->spr[SPR_HFSCR] |= ((target_ulong)env->error_code << 
> FSCR_IC_POS);
> +srr0 = SPR_HSRR0;
> +srr1 = SPR_HSRR1;
> +new_msr |= (target_ulong)MSR_HVB;
> +new_msr |= env->msr & ((target_ulong)1 << MSR_RI);
>  #endif
>  break;
>  case POWERPC_EXCP_PIT:   /* Programmable interval timer interrupt
> */
> diff --git a/target/ppc/misc_helper.c b/target/ppc/misc_helper.c
> index a0e7bd9c32d3..0cd44c6edd82 100644
> --- a/target/ppc/misc_helper.c
> +++ b/target/ppc/misc_helper.c
> @@ -41,6 +41,17 @@ void helper_store_dump_spr(CPUPPCState *env, uint32_t sprn)
>  }
>  
>  #ifdef TARGET_PPC64
> +static void raise_hv_fu_exception(CPUPPCState *env, uint32_t bit,
> +  uint32_t sprn, uint32_t cause,
> +  uintptr_t raddr)
> +{
> +qemu_log("Facility SPR %d is unavailable (SPR HFSCR:%d)\n", sprn, bit);

That looks overly verbose.  Leftover debugging?

> +env->spr[SPR_HFSCR] &= ~((target_ulong)FSCR_IC_MASK << FSCR_IC_POS);
> +
> +raise_exception_err_ra(env, POWERPC_EXCP_HV_FU, cause, raddr);
> +}
> +
>  static void raise_fu_exception(CPUPPCState *env, uint32_t bit,
> uint32_t sprn, uint32_t cause,
> uintptr_t raddr)
> @@ -55,6 +66,17 @@ static void raise_fu_exception(CPUPPCState *env, uint32_t 
> bit,
>  }
>  #endif
>  
> +void helper_hfscr_facility_check(CPUPPCState *env, uint32_t bit,
> + uint32_t sprn, uint32_t cause)
> +{
> +#ifdef TARGET_PPC64
> +if ((env->msr_mask & MSR_HVB) && !msr_hv &&
> + !(env->spr[SPR_HFSCR] & (1UL << bit))) {
> +raise_hv_fu_exception(env, bit, sprn, cause, GETPC());
> +}
> +#endif
> +}
> +
>  void helper_fscr_facility_check(CPUPPCState *env, uint32_t bit,
>  uint32_t sprn, uint32_t cause)
>  {
> @@ 

[RFC PATCH] hw/arm/virt: Support NMI injection

[Gavin Shan]

This supports NMI injection for virtual machine and currently it's only
supported on GICv3 controller, which is emulated by qemu or host kernel.
The design is highlighted as below:

   * The NMI is identified by its priority (0x20). In the guest (linux)
 kernel, the GICC_PMR is set to 0x80, to block all interrupts except
 the NMIs when the external interrupt is disabled. It means the FIQ
 and IRQ bit in PSTATE isn't touched when the functionality (NMI) is
 functional.
   * LPIs aren't considered as NMIs because of their nature. It means NMI
 is either SPI or PPI. Besides, the NMIs are injected in round-robin
 fashion is there are multiple NMIs existing.
   * When the GICv3 controller is emulated by qemu, the interrupt states
 (e.g. enabled, priority) is fetched from the corresponding data struct
 directly. However, we have to pause all CPUs to fetch the interrupt
 states from host in advance if the GICv3 controller is emulated by
 host.

The testing scenario is to tweak guest (linux) kernel where the pl011 SPI
can be enabled as NMI by request_nmi(). Check "/proc/interrupts" after injecting
several NMIs, to see if the interrupt count is increased or not. The result
is just as expected.

Signed-off-by: Gavin Shan 
---
 hw/arm/virt.c  | 24 
 hw/intc/arm_gicv3.c| 76 
 hw/intc/arm_gicv3_kvm.c| 92 ++
 include/hw/intc/arm_gicv3_common.h |  2 +
 4 files changed, 194 insertions(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 39ab5f47e0..fc58ee70b4 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -71,6 +71,8 @@
 #include "hw/mem/pc-dimm.h"
 #include "hw/mem/nvdimm.h"
 #include "hw/acpi/generic_event_device.h"
+#include "hw/nmi.h"
+#include "hw/intc/arm_gicv3.h"
 
 #define DEFINE_VIRT_MACHINE_LATEST(major, minor, latest) \
 static void virt_##major##_##minor##_class_init(ObjectClass *oc, \
@@ -1980,6 +1982,25 @@ static void 
virt_machine_device_unplug_request_cb(HotplugHandler *hotplug_dev,
" type: %s", object_get_typename(OBJECT(dev)));
 }
 
+static void virt_nmi(NMIState *n, int cpu_index, Error **errp)
+{
+VirtMachineState *vms = VIRT_MACHINE(n);
+ARMGICv3CommonClass *agcc;
+
+if (vms->gic_version != 3) {
+error_setg(errp, "NMI is only supported by GICv3");
+return;
+}
+
+agcc = ARM_GICV3_COMMON_GET_CLASS(vms->gic);
+if (agcc->inject_nmi) {
+agcc->inject_nmi(vms->gic, cpu_index, errp);
+} else {
+error_setg(errp, "NMI injection isn't supported by %s",
+   object_get_typename(OBJECT(vms->gic)));
+}
+}
+
 static HotplugHandler *virt_machine_get_hotplug_handler(MachineState *machine,
 DeviceState *dev)
 {
@@ -2025,6 +2046,7 @@ static void virt_machine_class_init(ObjectClass *oc, void 
*data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
 HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
+NMIClass *nc = NMI_CLASS(oc);
 
 mc->init = machvirt_init;
 /* Start with max_cpus set to 512, which is the maximum supported by KVM.
@@ -2051,6 +2073,7 @@ static void virt_machine_class_init(ObjectClass *oc, void 
*data)
 hc->pre_plug = virt_machine_device_pre_plug_cb;
 hc->plug = virt_machine_device_plug_cb;
 hc->unplug_request = virt_machine_device_unplug_request_cb;
+nc->nmi_monitor_handler = virt_nmi;
 mc->numa_mem_supported = true;
 mc->auto_enable_numa_with_memhp = true;
 }
@@ -2136,6 +2159,7 @@ static const TypeInfo virt_machine_info = {
 .instance_init = virt_instance_init,
 .interfaces = (InterfaceInfo[]) {
  { TYPE_HOTPLUG_HANDLER },
+ { TYPE_NMI },
  { }
 },
 };
diff --git a/hw/intc/arm_gicv3.c b/hw/intc/arm_gicv3.c
index 66eaa97198..d3409cb6ef 100644
--- a/hw/intc/arm_gicv3.c
+++ b/hw/intc/arm_gicv3.c
@@ -338,6 +338,81 @@ static void gicv3_set_irq(void *opaque, int irq, int level)
 }
 }
 
+static bool arm_gicv3_inject_nmi_once(GICv3State*s, int start, int end)
+{
+GICv3CPUState *cs;
+int irq_count = (s->num_irq + (GIC_INTERNAL * (s->num_cpu - 1)));
+int i, cpu, irq;
+
+/* SPIs */
+for (i = start; (i < end) && (i < (s->num_irq - GIC_INTERNAL)); i++) {
+if (gicv3_gicd_enabled_test(s, i + GIC_INTERNAL) &&
+s->gicd_ipriority[i + GIC_INTERNAL] == 0x20) {
+
+/*
+ * Reset the level and toggling the pending bit will ensure
+ * the interrupt is queued.
+ */
+if (gicv3_gicd_level_test(s, i + GIC_INTERNAL)) {
+gicv3_set_irq(s, i, false);
+}
+
+gicv3_gicd_pending_set(s, i + GIC_INTERNAL);
+gicv3_set_irq(s, i, true);
+
+s->last_nmi_index = (i + 1);
+return true;
+}
+}
+
+/* PPIs */
+if (start < (s->num_irq - GIC_INTERNAL)) {
+start = (s->num_irq - 

[PATCH v4 ppc-for-5.0 1/2] linux-headers: Update

[Bharata B Rao]

Update to mainline commit: d1eef1c61974 ("Linux 5.5-rc2")

Signed-off-by: Bharata B Rao 
---
 include/standard-headers/asm-x86/bootparam.h  |  7 +-
 .../infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h | 15 +++-
 include/standard-headers/drm/drm_fourcc.h | 28 ++-
 .../linux/input-event-codes.h | 77 +++
 include/standard-headers/linux/pci_regs.h |  3 +
 .../standard-headers/rdma/vmw_pvrdma-abi.h|  5 ++
 linux-headers/linux/kvm.h |  1 +
 7 files changed, 132 insertions(+), 4 deletions(-)

diff --git a/include/standard-headers/asm-x86/bootparam.h 
b/include/standard-headers/asm-x86/bootparam.h
index a6f7cf535e..072e2ed546 100644
--- a/include/standard-headers/asm-x86/bootparam.h
+++ b/include/standard-headers/asm-x86/bootparam.h
@@ -2,7 +2,7 @@
 #ifndef _ASM_X86_BOOTPARAM_H
 #define _ASM_X86_BOOTPARAM_H
 
-/* setup_data types */
+/* setup_data/setup_indirect types */
 #define SETUP_NONE 0
 #define SETUP_E820_EXT 1
 #define SETUP_DTB  2
@@ -11,6 +11,11 @@
 #define SETUP_APPLE_PROPERTIES 5
 #define SETUP_JAILHOUSE6
 
+#define SETUP_INDIRECT (1<<31)
+
+/* SETUP_INDIRECT | max(SETUP_*) */
+#define SETUP_TYPE_MAX (SETUP_INDIRECT | SETUP_JAILHOUSE)
+
 /* ram_size flags */
 #define RAMDISK_IMAGE_START_MASK   0x07FF
 #define RAMDISK_PROMPT_FLAG0x8000
diff --git 
a/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h 
b/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h
index d019872608..a5a1c8234e 100644
--- a/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h
+++ b/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h
@@ -58,7 +58,8 @@
 #define PVRDMA_ROCEV1_VERSION  17
 #define PVRDMA_ROCEV2_VERSION  18
 #define PVRDMA_PPN64_VERSION   19
-#define PVRDMA_VERSION PVRDMA_PPN64_VERSION
+#define PVRDMA_QPHANDLE_VERSION20
+#define PVRDMA_VERSION PVRDMA_QPHANDLE_VERSION
 
 #define PVRDMA_BOARD_ID1
 #define PVRDMA_REV_ID  1
@@ -581,6 +582,17 @@ struct pvrdma_cmd_create_qp_resp {
uint32_t max_inline_data;
 };
 
+struct pvrdma_cmd_create_qp_resp_v2 {
+   struct pvrdma_cmd_resp_hdr hdr;
+   uint32_t qpn;
+   uint32_t qp_handle;
+   uint32_t max_send_wr;
+   uint32_t max_recv_wr;
+   uint32_t max_send_sge;
+   uint32_t max_recv_sge;
+   uint32_t max_inline_data;
+};
+
 struct pvrdma_cmd_modify_qp {
struct pvrdma_cmd_hdr hdr;
uint32_t qp_handle;
@@ -663,6 +675,7 @@ union pvrdma_cmd_resp {
struct pvrdma_cmd_create_cq_resp create_cq_resp;
struct pvrdma_cmd_resize_cq_resp resize_cq_resp;
struct pvrdma_cmd_create_qp_resp create_qp_resp;
+   struct pvrdma_cmd_create_qp_resp_v2 create_qp_resp_v2;
struct pvrdma_cmd_query_qp_resp query_qp_resp;
struct pvrdma_cmd_destroy_qp_resp destroy_qp_resp;
struct pvrdma_cmd_create_srq_resp create_srq_resp;
diff --git a/include/standard-headers/drm/drm_fourcc.h 
b/include/standard-headers/drm/drm_fourcc.h
index a308c91b4f..46d279f515 100644
--- a/include/standard-headers/drm/drm_fourcc.h
+++ b/include/standard-headers/drm/drm_fourcc.h
@@ -68,7 +68,7 @@ extern "C" {
 #define fourcc_code(a, b, c, d) ((uint32_t)(a) | ((uint32_t)(b) << 8) | \
 ((uint32_t)(c) << 16) | ((uint32_t)(d) << 24))
 
-#define DRM_FORMAT_BIG_ENDIAN (1<<31) /* format is big endian instead of 
little endian */
+#define DRM_FORMAT_BIG_ENDIAN (1U<<31) /* format is big endian instead of 
little endian */
 
 /* Reserve 0 for the invalid format specifier */
 #define DRM_FORMAT_INVALID 0
@@ -647,7 +647,21 @@ extern "C" {
  * Further information on the use of AFBC modifiers can be found in
  * Documentation/gpu/afbc.rst
  */
-#define DRM_FORMAT_MOD_ARM_AFBC(__afbc_mode)   fourcc_mod_code(ARM, 
__afbc_mode)
+
+/*
+ * The top 4 bits (out of the 56 bits alloted for specifying vendor specific
+ * modifiers) denote the category for modifiers. Currently we have only two
+ * categories of modifiers ie AFBC and MISC. We can have a maximum of sixteen
+ * different categories.
+ */
+#define DRM_FORMAT_MOD_ARM_CODE(__type, __val) \
+   fourcc_mod_code(ARM, ((uint64_t)(__type) << 52) | ((__val) & 
0x000fULL))
+
+#define DRM_FORMAT_MOD_ARM_TYPE_AFBC 0x00
+#define DRM_FORMAT_MOD_ARM_TYPE_MISC 0x01
+
+#define DRM_FORMAT_MOD_ARM_AFBC(__afbc_mode) \
+   DRM_FORMAT_MOD_ARM_CODE(DRM_FORMAT_MOD_ARM_TYPE_AFBC, __afbc_mode)
 
 /*
  * AFBC superblock size
@@ -741,6 +755,16 @@ extern "C" {
  */
 #define AFBC_FORMAT_MOD_BCH (1ULL << 11)
 
+/*
+ * Arm 16x16 Block U-Interleaved modifier
+ *
+ * This is used by Arm Mali Utgard and Midgard GPUs. It divides the image
+ * into 16x16 pixel blocks. Blocks are 

[PATCH v4 ppc-for-5.0 2/2] ppc/spapr: Support reboot of secure pseries guest

[Bharata B Rao]

A pseries guest can be run as a secure guest on Ultravisor-enabled
POWER platforms. When such a secure guest is reset, we need to
release/reset a few resources both on ultravisor and hypervisor side.
This is achieved by invoking this new ioctl KVM_PPC_SVM_OFF from the
machine reset path.

As part of this ioctl, the secure guest is essentially transitioned
back to normal mode so that it can reboot like a regular guest and
become secure again.

This ioctl has no effect when invoked for a normal guest. If this ioctl
fails for a secure guest, the guest is terminated.

Signed-off-by: Bharata B Rao 
---
 hw/ppc/spapr.c   |  1 +
 target/ppc/kvm.c | 15 +++
 target/ppc/kvm_ppc.h |  6 ++
 3 files changed, 22 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index f11422fc41..e62c89b3dd 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1597,6 +1597,7 @@ static void spapr_machine_reset(MachineState *machine)
 void *fdt;
 int rc;
 
+kvmppc_svm_off(_fatal);
 spapr_caps_apply(spapr);
 
 first_ppc_cpu = POWERPC_CPU(first_cpu);
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 7406d18945..5e24ae701f 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -2900,3 +2900,18 @@ void kvmppc_set_reg_tb_offset(PowerPCCPU *cpu, int64_t 
tb_offset)
 kvm_set_one_reg(cs, KVM_REG_PPC_TB_OFFSET, _offset);
 }
 }
+
+/*
+ * Don't set error if KVM_PPC_SVM_OFF ioctl is invoked on kernels
+ * that don't support this ioctl.
+ */
+void kvmppc_svm_off(Error **errp)
+{
+int rc;
+KVMState *s = KVM_STATE(current_machine->accelerator);
+
+rc = kvm_vm_ioctl(s, KVM_PPC_SVM_OFF);
+if (rc && rc != -ENOTTY) {
+error_setg_errno(errp, -rc, "KVM_PPC_SVM_OFF ioctl failed");
+}
+}
diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
index 47b08a4030..9a9bca1b72 100644
--- a/target/ppc/kvm_ppc.h
+++ b/target/ppc/kvm_ppc.h
@@ -37,6 +37,7 @@ int kvmppc_booke_watchdog_enable(PowerPCCPU *cpu);
 target_ulong kvmppc_configure_v3_mmu(PowerPCCPU *cpu,
  bool radix, bool gtse,
  uint64_t proc_tbl);
+void kvmppc_svm_off(Error **errp);
 #ifndef CONFIG_USER_ONLY
 bool kvmppc_spapr_use_multitce(void);
 int kvmppc_spapr_enable_inkernel_multitce(void);
@@ -201,6 +202,11 @@ static inline target_ulong 
kvmppc_configure_v3_mmu(PowerPCCPU *cpu,
 return 0;
 }
 
+static inline void kvmppc_svm_off(Error **errp)
+{
+return;
+}
+
 static inline void kvmppc_set_reg_ppc_online(PowerPCCPU *cpu,
  unsigned int online)
 {
-- 
2.21.0

[PATCH v4 ppc-for-5.0 0/2] ppc/spapr: Support reboot of secure pseries guest

[Bharata B Rao]

This patchset adds KVM_PPC_SVM_OFF ioctl which is required to support
reset of secure guest. This includes linux-headers update so that we get
the newly introduced ioctl.

v3: https://lists.gnu.org/archive/html/qemu-devel/2019-12/msg03685.html

Changes in v4:
-
- s/error_setg/error_setg_errno (Greg Kurz)

Bharata B Rao (2):
  linux-headers: Update
  ppc/spapr: Support reboot of secure pseries guest

 hw/ppc/spapr.c|  1 +
 include/standard-headers/asm-x86/bootparam.h  |  7 +-
 .../infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h | 15 +++-
 include/standard-headers/drm/drm_fourcc.h | 28 ++-
 .../linux/input-event-codes.h | 77 +++
 include/standard-headers/linux/pci_regs.h |  3 +
 .../standard-headers/rdma/vmw_pvrdma-abi.h|  5 ++
 linux-headers/linux/kvm.h |  1 +
 target/ppc/kvm.c  | 15 
 target/ppc/kvm_ppc.h  |  6 ++
 10 files changed, 154 insertions(+), 4 deletions(-)

-- 
2.21.0

[PATCH v39 00/22] QEMU AVR 8 bit cores

[Michael Rolnik]

This series of patches adds 8bit AVR cores to QEMU.
All instruction, except BREAK/DES/SPM/SPMX, are implemented. Not fully tested 
yet.
However I was able to execute simple code with functions. e.g fibonacci 
calculation.
This series of patches include a non real, sample board.
No fuses support yet. PC is set to 0 at reset.

Following are examples of possible usages, assuming program.elf is compiled for 
AVR cpu
1.  Continious non interrupted execution
run `qemu-system-avr -kernel program.elf` 
2.  Continious non interrupted execution with serial output into telnet window
run `qemu-system-avr -kernel program.elf -serial tcp::5678,server,nowait 
-nographic `
run `telent localhost 5678`
3.  Continious non interrupted execution with serial output into stdout
run `qemu-system-avr -kernel program.elf -serial stdio`
4.  Debugging wit GDB debugger
run `qemu-system-avr -kernel program.elf -s -S`
run `avr-gdb program.elf` and then within GDB shell `target remote :1234`
5.  Print out executed instructions
run `qemu-system-avr -kernel program.elf -d in_asm` 


the patches include the following
1. just a basic 8bit AVR CPU, without instruction decoding or translation
2. CPU features which allow define the following 8bit AVR cores
 avr1
 avr2 avr25
 avr3 avr31 avr35
 avr4
 avr5 avr51
 avr6
 xmega2 xmega4 xmega5 xmega6 xmega7
3. a definition of sample machine with SRAM, FLASH and CPU which allows to 
execute simple code
4. encoding for all AVR instructions
5. interrupt handling
6. helpers for IN, OUT, SLEEP, WBR & unsupported instructions
7. a decoder which given an opcode decides what istruction it is
8. translation of AVR instruction into TCG
9. all features together

changes since v3
1. rampD/X/Y/Z registers are encoded as 0x00ff (instead of 0x00ff) for 
faster address manipulaton
2. ffs changed to ctz32
3. duplicate code removed at avr_cpu_do_interrupt
4. using andc instead of not + and
5. fixing V flag calculation in varios instructions
6. freeing local variables in PUSH
7. tcg_const_local_i32 -> tcg_const_i32
8. using sextract32 instead of my implementation
9. fixing BLD instruction
10.xor(r) instead of 0xff - r at COM
11.fixing MULS/MULSU not to modify inputs' content
12.using SUB for NEG
13.fixing tcg_gen_qemu_ld/st call in XCH

changes since v4
1. target is now defined as big endian in order to optimize push_ret/pop_ret
2. all style warnings are fixed
3. adding cpu_set/get_sreg functions
4. simplifying gen_goto_tb as there is no real paging
5. env->pc -> env->pc_w
6. making flag dump more compact
7. more spacing
8. renaming CODE/DATA_INDEX -> MMU_CODE/DATA_IDX
9. removing avr_set_feature
10. SPL/SPH set bug fix
11. switching stb_phys to cpu_stb_data
12. cleaning up avr_decode
13. saving sreg, rampD/X/Y/Z, eind in HW format (savevm)
14. saving CPU features (savevm)

changes since v5
1. BLD bug fix
2. decoder generator is added

chages since v6
1. using cpu_get_sreg/cpu_set_sreg in 
avr_cpu_gdb_read_register/avr_cpu_gdb_write_register
2. configure the target as little endian because otherwise GDB does not work
3. fixing and testing gen_push_ret/gen_pop_ret

changes since v7
1. folding back v6
2. logging at helper_outb and helper_inb are done for non supported yet 
registers only
3. MAINTAINERS updated

changes since v8
1. removing hw/avr from hw/Makefile.obj as it should not be built for all
2. making linux compilable
3. testing on
a. Mac, Apple LLVM version 7.0.0
b. Ubuntu 12.04, gcc 4.9.2
c. Fedora 23, gcc 5.3.1
4. folding back some patches
5. translation bug fixes for ORI, CPI, XOR instructions
6. propper handling of cpu register writes though memory

changes since v9
1. removing forward declarations of static functions
2. disabling debug prints
3. switching to case range instead of if else if ...
4. LD/ST IN/OUT accessing CPU maintainder registers are not routed to any device
5. commenst about sample board and sample IO device added
6. sample board description is more descriptive now
7. memory_region_allocate_system_memory is used to create RAM
8. now there are helper_fullrd & helper_fullwr when LD/ST try to access 
registers

changes since v10
1. movig back fullwr & fullrd into the commit where outb and inb were introduced
2. changing tlb_fill function signature
3. adding empty line between functions
4. adding newline on the last line of the file
5. using tb->flags to generae full access ST/LD instructions
6. fixing SBRC bug
7. folding back 10th commit
8. whenever a new file is introduced it's added to Makefile.objs

changes since v11
1. updating to v2.7.0-rc
2. removing assignment to env->fullacc from gen_intermediate_code

changes since v12
1. fixing spacing
2. fixing get/put_segment functions
3. removing target-avr/machine.h file
4. VMSTATE_SINGLE_TEST -> VMSTATE_SINGLE
5. comment spelling
6. removing hw/avr/sample_io.c
7. char const* -> const char*
8. proper ram allocation
9. fixing breakpoint functionality.
10.env1 -> env

Re: [PATCH v5 1/5] tpm_spapr: Support TPM for ppc64 using CRQ based interface

[Stefan Berger]

On 12/18/19 8:54 PM, David Gibson wrote:

On Tue, Dec 17, 2019 at 02:44:04PM -0500, Stefan Berger wrote:

On 12/16/19 7:29 PM, David Gibson wrote:



Since you need to change compatible based on an internal variable,
we'd need to replace the static dt_compatible in the class with a
callback.


Why can we not initialize it once we know the version of TPM? From the
perspective of SLOF at least this seems to be building the device tree fine
since it sees the proper value...

Because it's a serious layering / isolation violation.  You're
modifying QOM type information from the runtime code of a specific
instance.  You get away with it (now) because there's only one
instance and the ordering of things happens to let it work, but that's
assuming way too much about QOM's implementation details.

As a rule, once the QOM classes are set up with their class_init
function, they should never be modified.



If we now add a get_dt_compatible() callback to the class that gets 
invoked when dt_compatible is NULL, does this then solve the issue?

Re: [PATCH v5 1/5] tpm_spapr: Support TPM for ppc64 using CRQ based interface

[David Gibson]

On Tue, Dec 17, 2019 at 02:44:04PM -0500, Stefan Berger wrote:
> On 12/16/19 7:29 PM, David Gibson wrote:
> > On Fri, Dec 13, 2019 at 08:03:36AM -0500, Stefan Berger wrote:
> > > On 12/13/19 12:34 AM, David Gibson wrote:
> > > 
> > > The existing one looks like this:
> > > 
> > > typedef struct SpaprVioCrq {
> > >      uint64_t qladdr;
> > >      uint32_t qsize;
> > >      uint32_t qnext;
> > >      int(*SendFunc)(struct SpaprVioDevice *vdev, uint8_t *crq);
> > > } SpaprVioCrq;
> > > 
> > > I don't seem to find the fields there that we need for vTPM support.
> > Yeah, I can see the difference in the structures.  What I'm after is
> > what is the difference in purpose which means they have different
> > content.
> > 
> > Having read through the whole series now, I *think* the answer is that
> > the tpm specific structure is one entry in the request queue for the
> > vtpm, whereas the VioCrq structure is a handle on an entire queue.
> > 
> > I think the tpm one needs a rename to reflect that a) it's vtpm
> > specific and b) it's not actually a queue, just part of it.
> 
> 
> v6 has it as TpmCrq. It's local to the file, so from that perspective it's
> specific to (v)TPM.

Ok.

> > > This is a 1:1 copy from the existing TIS driver.
> > Hm, right.  Probably not a bad idea to move that out as a helper
> > function then.
> 
> 
> In V7 then.

Ok.

> > > > > +static void tpm_spapr_update_deviceclass(SpaprVioDevice *dev)
> > > > > +{
> > > > > +SPAPRvTPMState *s = VIO_SPAPR_VTPM(dev);
> > > > > +SpaprVioDeviceClass *k = VIO_SPAPR_DEVICE_GET_CLASS(dev);
> > > > > +
> > > > > +switch (s->be_tpm_version) {
> > > > > +case TPM_VERSION_UNSPEC:
> > > > > +assert(false);
> > > > > +break;
> > > > > +case TPM_VERSION_1_2:
> > > > > +k->dt_name = "vtpm";
> > > > > +k->dt_type = "IBM,vtpm";
> > > > > +k->dt_compatible = "IBM,vtpm";
> > > > > +break;
> > > > > +case TPM_VERSION_2_0:
> > > > > +k->dt_name = "vtpm";
> > > > > +k->dt_type = "IBM,vtpm";
> > > > > +k->dt_compatible = "IBM,vtpm20";
> > > > > +break;
> > > > Erk.  Updating DeviceClass structures on the fly is hideously ugly.
> > > > We might need to take a different approach for this.
> > > Make a suggestion... Obviously, we can hard-initialize dt_name and dt_type
> > > but dt_compatible can only be set after we have determined the version of
> > > TPM.
> > As you say name and type can just be put into the class statically.
> 
> 
> I did this in v6.
> 
> 
> > Since you need to change compatible based on an internal variable,
> > we'd need to replace the static dt_compatible in the class with a
> > callback.
> 
> 
> Why can we not initialize it once we know the version of TPM? From the
> perspective of SLOF at least this seems to be building the device tree fine
> since it sees the proper value...

Because it's a serious layering / isolation violation.  You're
modifying QOM type information from the runtime code of a specific
instance.  You get away with it (now) because there's only one
instance and the ordering of things happens to let it work, but that's
assuming way too much about QOM's implementation details.

As a rule, once the QOM classes are set up with their class_init
function, they should never be modified.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[PATCH v39 03/22] target/avr: Add instruction decoding

[Michael Rolnik]

This includes:
- encoding of all 16 bit instructions
- encoding of all 32 bit instructions

Signed-off-by: Michael Rolnik 
Tested-by: Philippe Mathieu-Daudé 
---
 target/avr/insn.decode | 183 +
 1 file changed, 183 insertions(+)
 create mode 100644 target/avr/insn.decode

diff --git a/target/avr/insn.decode b/target/avr/insn.decode
new file mode 100644
index 00..0e4ec9ddf0
--- /dev/null
+++ b/target/avr/insn.decode
@@ -0,0 +1,183 @@
+#
+# AVR instruction decode definitions.
+#
+# Copyright (c) 2019 Michael Rolnik 
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, see .
+#
+
+#
+#   regs_16_31_by_one = [16 .. 31]
+#   regs_16_23_by_one = [16 .. 23]
+#   regs_24_30_by_two = [24, 26, 28, 30]
+#   regs_00_30_by_two = [0, 2, 4, 6, 8, .. 30]
+
+%rd 4:5
+%rr 9:1 0:4
+
+%rd_a   4:4 !function=to_regs_16_31_by_one
+%rd_b   4:3 !function=to_regs_16_23_by_one
+%rd_c   4:2 !function=to_regs_24_30_by_two
+%rd_d   4:4 !function=to_regs_00_30_by_two
+%rr_a   0:4 !function=to_regs_16_31_by_one
+%rr_b   0:3 !function=to_regs_16_23_by_one
+%rr_d   0:4 !function=to_regs_00_30_by_two
+
+%imm6   6:2 0:4
+%imm8   8:4 0:4
+
+%io_imm 9:2 0:4
+%ldst_d_imm 13:1 10:2 0:3
+
+# The 22-bit immediate is partially in the opcode word,
+# and partially in the next.  Use append_16 to build the
+# complete 22-bit value.
+%imm_call   4:5 0:1 !function=append_16
+
+
+_rr  rd rr
+_imm rd imm
+
+@op_rd_rr    .. . . _rr  rd=%rd rr=%rr
+@op_rd_imm6   .. .. _imm rd=%rd_c imm=%imm6
+@op_rd_imm8     _imm rd=%rd_a imm=%imm8
+@op_bit   . bit:3 
+@op_bit_imm  .. imm:s7 bit:3
+@fmul     . ... . ...   _rr  rd=%rd_b rr=%rr_b
+@io_rd_imm   . .. . _imm rd=%rd imm=%io_imm
+@ldst_d .. . . .. . rd:5  . ... _imm imm=%ldst_d_imm
+
+# The 16-bit immediate is completely in the next word.
+# Fields cannot be defined with no bits, so we cannot play
+# the same trick and append to a zero-bit value.
+# Defer reading the immediate until trans_{LDS,STS}.
+@ldst_s  ... rd:5   imm=0
+
+#
+# Arithmetic Instructions
+#
+ADD  11 . . @op_rd_rr
+ADC 0001 11 . . @op_rd_rr
+ADIW1001 0110 .. .. @op_rd_imm6
+SUB 0001 10 . . @op_rd_rr
+SUBI0101    @op_rd_imm8
+SBC  10 . . @op_rd_rr
+SBCI0100    @op_rd_imm8
+SBIW1001 0111 .. .. @op_rd_imm6
+AND 0010 00 . . @op_rd_rr
+ANDI0111    @op_rd_imm8
+OR  0010 10 . . @op_rd_rr
+ORI 0110    @op_rd_imm8
+EOR 0010 01 . . @op_rd_rr
+COM 1001 010 rd:5 
+NEG 1001 010 rd:5 0001
+INC 1001 010 rd:5 0011
+DEC 1001 010 rd:5 1010
+MUL 1001 11 . . @op_rd_rr
+MULS 0010   _rr  rd=%rd_a rr=%rr_a
+MULSU    0011 0 ... 0 ...   @fmul
+FMUL 0011 0 ... 1 ...   @fmul
+FMULS    0011 1 ... 0 ...   @fmul
+FMULSU   0011 1 ... 1 ...   @fmul
+DES 1001 0100 imm:4 1011
+
+#
+# Branch Instructions
+#
+RJMP1100 imm:s12
+IJMP1001 0100  1001
+EIJMP   1001 0100 0001 1001
+JMP 1001 010 . 110 .imm=%imm_call
+RCALL   1101 imm:s12
+ICALL   1001 0101  1001
+EICALL  1001 0101 0001 1001
+CALL1001 010 . 111 .imm=%imm_call
+RET 1001 0101  1000
+RETI1001 0101 0001 1000
+CPSE0001 00 . . @op_rd_rr
+CP  0001 01 . . @op_rd_rr
+CPC  01 . . 

Re: [PATCH v3 ppc-for-5.0 2/2] ppc/spapr: Support reboot of secure pseries guest

[David Gibson]

On Wed, Dec 18, 2019 at 02:22:49PM +0100, Greg Kurz wrote:
> On Wed, 18 Dec 2019 10:02:08 +0530
> Bharata B Rao  wrote:
> 
> > A pseries guest can be run as a secure guest on Ultravisor-enabled
> > POWER platforms. When such a secure guest is reset, we need to
> > release/reset a few resources both on ultravisor and hypervisor side.
> > This is achieved by invoking this new ioctl KVM_PPC_SVM_OFF from the
> > machine reset path.
> > 
> > As part of this ioctl, the secure guest is essentially transitioned
> > back to normal mode so that it can reboot like a regular guest and
> > become secure again.
> > 
> > This ioctl has no effect when invoked for a normal guest. If this ioctl
> > fails for a secure guest, the guest is terminated.
> > 
> > Signed-off-by: Bharata B Rao 
> > ---
> >  hw/ppc/spapr.c   |  1 +
> >  target/ppc/kvm.c | 15 +++
> >  target/ppc/kvm_ppc.h |  6 ++
> >  3 files changed, 22 insertions(+)
> > 
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index f11422fc41..e62c89b3dd 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -1597,6 +1597,7 @@ static void spapr_machine_reset(MachineState *machine)
> >  void *fdt;
> >  int rc;
> >  
> > +kvmppc_svm_off(_fatal);
> >  spapr_caps_apply(spapr);
> >  
> >  first_ppc_cpu = POWERPC_CPU(first_cpu);
> > diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
> > index 7406d18945..ae920ec310 100644
> > --- a/target/ppc/kvm.c
> > +++ b/target/ppc/kvm.c
> > @@ -2900,3 +2900,18 @@ void kvmppc_set_reg_tb_offset(PowerPCCPU *cpu, 
> > int64_t tb_offset)
> >  kvm_set_one_reg(cs, KVM_REG_PPC_TB_OFFSET, _offset);
> >  }
> >  }
> > +
> > +/*
> > + * Don't set error if KVM_PPC_SVM_OFF ioctl is invoked on kernels
> > + * that don't support this ioctl.
> > + */
> > +void kvmppc_svm_off(Error **errp)
> > +{
> > +int rc;
> > +KVMState *s = KVM_STATE(current_machine->accelerator);
> > +
> > +rc = kvm_vm_ioctl(s, KVM_PPC_SVM_OFF);
> > +if (rc && rc != -ENOTTY) {
> > +error_setg(errp, "KVM_PPC_SVM_OFF ioctl failed");
> 
> It could have made sense to use error_setg_errno(errp, -rc, ...) here
> but never mind.

Please update for this.  Otherwise we get no indication of what the
kernel level error was in the qemu error.

> 
> Reviewed-by: Greg Kurz 
> 
> > +}
> > +}
> > diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
> > index 47b08a4030..9a9bca1b72 100644
> > --- a/target/ppc/kvm_ppc.h
> > +++ b/target/ppc/kvm_ppc.h
> > @@ -37,6 +37,7 @@ int kvmppc_booke_watchdog_enable(PowerPCCPU *cpu);
> >  target_ulong kvmppc_configure_v3_mmu(PowerPCCPU *cpu,
> >   bool radix, bool gtse,
> >   uint64_t proc_tbl);
> > +void kvmppc_svm_off(Error **errp);
> >  #ifndef CONFIG_USER_ONLY
> >  bool kvmppc_spapr_use_multitce(void);
> >  int kvmppc_spapr_enable_inkernel_multitce(void);
> > @@ -201,6 +202,11 @@ static inline target_ulong 
> > kvmppc_configure_v3_mmu(PowerPCCPU *cpu,
> >  return 0;
> >  }
> >  
> > +static inline void kvmppc_svm_off(Error **errp)
> > +{
> > +return;
> > +}
> > +
> >  static inline void kvmppc_set_reg_ppc_online(PowerPCCPU *cpu,
> >   unsigned int online)
> >  {
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[PATCH v39 05/22] target/avr: Add instruction translation - Arithmetic and Logic Instructions

[Michael Rolnik]

This includes:
- ADD, ADC, ADIW
- SBIW, SUB, SUBI, SBC, SBCI
- AND, ANDI
- OR, ORI, EOR
- COM, NEG
- INC, DEC
- MUL, MULS, MULSU
- FMUL, FMULS, FMULSU
- DES

Signed-off-by: Michael Rolnik 
Tested-by: Philippe Mathieu-Daudé 
---
 target/avr/translate.c | 714 +
 1 file changed, 714 insertions(+)

diff --git a/target/avr/translate.c b/target/avr/translate.c
index 0139bcabb1..b8867e3b65 100644
--- a/target/avr/translate.c
+++ b/target/avr/translate.c
@@ -141,3 +141,717 @@ static bool avr_have_feature(DisasContext *ctx, int 
feature)
 static bool decode_insn(DisasContext *ctx, uint16_t insn);
 #include "decode_insn.inc.c"
 
+/*
+ * Arithmetic Instructions
+ */
+
+static void gen_add_CHf(TCGv R, TCGv Rd, TCGv Rr)
+{
+TCGv t1 = tcg_temp_new_i32();
+TCGv t2 = tcg_temp_new_i32();
+TCGv t3 = tcg_temp_new_i32();
+
+tcg_gen_and_tl(t1, Rd, Rr); /* t1 = Rd & Rr */
+tcg_gen_andc_tl(t2, Rd, R); /* t2 = Rd & ~R */
+tcg_gen_andc_tl(t3, Rr, R); /* t3 = Rr & ~R */
+tcg_gen_or_tl(t1, t1, t2); /* t1 = t1 | t2 | t3 */
+tcg_gen_or_tl(t1, t1, t3);
+tcg_gen_shri_tl(cpu_Cf, t1, 7); /* Cf = t1(7) */
+tcg_gen_shri_tl(cpu_Hf, t1, 3); /* Hf = t1(3) */
+tcg_gen_andi_tl(cpu_Hf, cpu_Hf, 1);
+
+tcg_temp_free_i32(t3);
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t1);
+}
+
+
+static void gen_add_Vf(TCGv R, TCGv Rd, TCGv Rr)
+{
+TCGv t1 = tcg_temp_new_i32();
+TCGv t2 = tcg_temp_new_i32();
+
+/* t1 = Rd & Rr & ~R | ~Rd & ~Rr & R */
+/*= (Rd ^ R) & ~(Rd ^ Rr) */
+tcg_gen_xor_tl(t1, Rd, R);
+tcg_gen_xor_tl(t2, Rd, Rr);
+tcg_gen_andc_tl(t1, t1, t2);
+tcg_gen_shri_tl(cpu_Vf, t1, 7); /* Vf = t1(7) */
+
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t1);
+}
+
+
+static void gen_sub_CHf(TCGv R, TCGv Rd, TCGv Rr)
+{
+TCGv t1 = tcg_temp_new_i32();
+TCGv t2 = tcg_temp_new_i32();
+TCGv t3 = tcg_temp_new_i32();
+
+tcg_gen_not_tl(t1, Rd); /* t1 = ~Rd */
+tcg_gen_and_tl(t2, t1, Rr); /* t2 = ~Rd & Rr */
+tcg_gen_or_tl(t3, t1, Rr); /* t3 = (~Rd | Rr) & R */
+tcg_gen_and_tl(t3, t3, R);
+tcg_gen_or_tl(t2, t2, t3); /* t2 = ~Rd & Rr | ~Rd & R | R & Rr */
+tcg_gen_shri_tl(cpu_Cf, t2, 7); /* Cf = t2(7) */
+tcg_gen_shri_tl(cpu_Hf, t2, 3); /* Hf = t2(3) */
+tcg_gen_andi_tl(cpu_Hf, cpu_Hf, 1);
+
+tcg_temp_free_i32(t3);
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t1);
+}
+
+
+static void gen_sub_Vf(TCGv R, TCGv Rd, TCGv Rr)
+{
+TCGv t1 = tcg_temp_new_i32();
+TCGv t2 = tcg_temp_new_i32();
+
+/* t1 = Rd & ~Rr & ~R | ~Rd & Rr & R */
+/*= (Rd ^ R) & (Rd ^ R) */
+tcg_gen_xor_tl(t1, Rd, R);
+tcg_gen_xor_tl(t2, Rd, Rr);
+tcg_gen_and_tl(t1, t1, t2);
+tcg_gen_shri_tl(cpu_Vf, t1, 7); /* Vf = t1(7) */
+
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t1);
+}
+
+
+static void gen_NSf(TCGv R)
+{
+tcg_gen_shri_tl(cpu_Nf, R, 7); /* Nf = R(7) */
+tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */
+}
+
+
+static void gen_ZNSf(TCGv R)
+{
+tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
+tcg_gen_shri_tl(cpu_Nf, R, 7); /* Nf = R(7) */
+tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */
+}
+
+/*
+ *  Adds two registers without the C Flag and places the result in the
+ *  destination register Rd.
+ */
+static bool trans_ADD(DisasContext *ctx, arg_ADD *a)
+{
+TCGv Rd = cpu_r[a->rd];
+TCGv Rr = cpu_r[a->rr];
+TCGv R = tcg_temp_new_i32();
+
+tcg_gen_add_tl(R, Rd, Rr); /* Rd = Rd + Rr */
+tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
+gen_add_CHf(R, Rd, Rr);
+gen_add_Vf(R, Rd, Rr);
+gen_ZNSf(R);
+tcg_gen_mov_tl(Rd, R);
+
+tcg_temp_free_i32(R);
+
+return true;
+}
+
+/*
+ *  Adds two registers and the contents of the C Flag and places the result in
+ *  the destination register Rd.
+ */
+static bool trans_ADC(DisasContext *ctx, arg_ADC *a)
+{
+TCGv Rd = cpu_r[a->rd];
+TCGv Rr = cpu_r[a->rr];
+TCGv R = tcg_temp_new_i32();
+
+tcg_gen_add_tl(R, Rd, Rr); /* R = Rd + Rr + Cf */
+tcg_gen_add_tl(R, R, cpu_Cf);
+tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
+gen_add_CHf(R, Rd, Rr);
+gen_add_Vf(R, Rd, Rr);
+gen_ZNSf(R);
+tcg_gen_mov_tl(Rd, R);
+
+tcg_temp_free_i32(R);
+
+return true;
+}
+
+/*
+ *  Adds an immediate value (0 - 63) to a register pair and places the result
+ *  in the register pair. This instruction operates on the upper four register
+ *  pairs, and is well suited for operations on the pointer registers.  This
+ *  instruction is not available in all devices. Refer to the device specific
+ *  instruction set summary.
+ */
+static bool trans_ADIW(DisasContext *ctx, arg_ADIW *a)
+{
+if (!avr_have_feature(ctx, AVR_FEATURE_ADIW_SBIW)) {
+return true;
+}
+
+TCGv RdL = cpu_r[a->rd];
+TCGv RdH = cpu_r[a->rd + 1];
+int Imm = (a->imm);
+TCGv R = tcg_temp_new_i32();
+TCGv Rd = 

Re: [PATCH RESEND v20 0/8] Build ACPI Heterogeneous Memory Attribute Table (HMAT)

[Tao Xu]

On 12/13/2019 6:06 PM, Michael S. Tsirkin wrote:

On Fri, Dec 13, 2019 at 09:19:21AM +0800, Tao Xu wrote:

This series of patches will build Heterogeneous Memory Attribute Table (HMAT)
according to the command line. The ACPI HMAT describes the memory attributes,
such as memory side cache attributes and bandwidth and latency details,
related to the Memory Proximity Domain.
The software is expected to use HMAT information as hint for optimization.

In the linux kernel, the codes in drivers/acpi/hmat/hmat.c parse and report
the platform's HMAT tables.

The V19 patches link:
https://patchwork.kernel.org/cover/11265525/


Looks good to me, I'll queue it for merge after the release. If possible
please ping me after the release to help make sure it didn't get
dropped.



Hi Michael,

I am wondering if these patches can be merged this week, because QEMU 
5.0 developing tree is open and next week may be the holidays.


Thank you very much!

Tao Xu

Re: [PATCH v10 Kernel 4/5] vfio iommu: Implementation of ioctl to for dirty pages tracking.

[Yan Zhao]

On Thu, Dec 19, 2019 at 04:05:52AM +0800, Dr. David Alan Gilbert wrote:
> * Yan Zhao (yan.y.z...@intel.com) wrote:
> > On Tue, Dec 17, 2019 at 07:47:05PM +0800, Kirti Wankhede wrote:
> > > 
> > > 
> > > On 12/17/2019 3:21 PM, Yan Zhao wrote:
> > > > On Tue, Dec 17, 2019 at 05:24:14PM +0800, Kirti Wankhede wrote:
> > > >>
> > > >>
> > > >> On 12/17/2019 10:45 AM, Yan Zhao wrote:
> > > >>> On Tue, Dec 17, 2019 at 04:21:39AM +0800, Kirti Wankhede wrote:
> > >  VFIO_IOMMU_DIRTY_PAGES ioctl performs three operations:
> > >  - Start unpinned pages dirty pages tracking while migration is 
> > >  active and
> > >  device is running, i.e. during pre-copy phase.
> > >  - Stop unpinned pages dirty pages tracking. This is required to stop
> > >  unpinned dirty pages tracking if migration failed or cancelled 
> > >  during
> > >  pre-copy phase. Unpinned pages tracking is clear.
> > >  - Get dirty pages bitmap. Stop unpinned dirty pages tracking and 
> > >  clear
> > >  unpinned pages information on bitmap read. This ioctl returns 
> > >  bitmap of
> > >  dirty pages, its user space application responsibility to copy 
> > >  content
> > >  of dirty pages from source to destination during migration.
> > > 
> > >  Signed-off-by: Kirti Wankhede 
> > >  Reviewed-by: Neo Jia 
> > >  ---
> > > drivers/vfio/vfio_iommu_type1.c | 210 
> > >  ++--
> > > 1 file changed, 203 insertions(+), 7 deletions(-)
> > > 
> > >  diff --git a/drivers/vfio/vfio_iommu_type1.c 
> > >  b/drivers/vfio/vfio_iommu_type1.c
> > >  index 3f6b04f2334f..264449654d3f 100644
> > >  --- a/drivers/vfio/vfio_iommu_type1.c
> > >  +++ b/drivers/vfio/vfio_iommu_type1.c
> > >  @@ -70,6 +70,7 @@ struct vfio_iommu {
> > >   unsigned intdma_avail;
> > >   boolv2;
> > >   boolnesting;
> > >  +booldirty_page_tracking;
> > > };
> > > 
> > > struct vfio_domain {
> > >  @@ -112,6 +113,7 @@ struct vfio_pfn {
> > >   dma_addr_t  iova;   /* Device address */
> > >   unsigned long   pfn;/* Host pfn */
> > >   atomic_tref_count;
> > >  +boolunpinned;
> > > };
> > > 
> > > struct vfio_regions {
> > >  @@ -244,6 +246,32 @@ static void vfio_remove_from_pfn_list(struct 
> > >  vfio_dma *dma,
> > >   kfree(vpfn);
> > > }
> > > 
> > >  +static void vfio_remove_unpinned_from_pfn_list(struct vfio_dma 
> > >  *dma, bool warn)
> > >  +{
> > >  +struct rb_node *n = rb_first(>pfn_list);
> > >  +
> > >  +for (; n; n = rb_next(n)) {
> > >  +struct vfio_pfn *vpfn = rb_entry(n, struct vfio_pfn, 
> > >  node);
> > >  +
> > >  +if (warn)
> > >  +WARN_ON_ONCE(vpfn->unpinned);
> > >  +
> > >  +if (vpfn->unpinned)
> > >  +vfio_remove_from_pfn_list(dma, vpfn);
> > >  +}
> > >  +}
> > >  +
> > >  +static void vfio_remove_unpinned_from_dma_list(struct vfio_iommu 
> > >  *iommu)
> > >  +{
> > >  +struct rb_node *n = rb_first(>dma_list);
> > >  +
> > >  +for (; n; n = rb_next(n)) {
> > >  +struct vfio_dma *dma = rb_entry(n, struct vfio_dma, 
> > >  node);
> > >  +
> > >  +vfio_remove_unpinned_from_pfn_list(dma, false);
> > >  +}
> > >  +}
> > >  +
> > > static struct vfio_pfn *vfio_iova_get_vfio_pfn(struct vfio_dma 
> > >  *dma,
> > >  unsigned long iova)
> > > {
> > >  @@ -254,13 +282,17 @@ static struct vfio_pfn 
> > >  *vfio_iova_get_vfio_pfn(struct vfio_dma *dma,
> > >   return vpfn;
> > > }
> > > 
> > >  -static int vfio_iova_put_vfio_pfn(struct vfio_dma *dma, struct 
> > >  vfio_pfn *vpfn)
> > >  +static int vfio_iova_put_vfio_pfn(struct vfio_dma *dma, struct 
> > >  vfio_pfn *vpfn,
> > >  +  bool dirty_tracking)
> > > {
> > >   int ret = 0;
> > > 
> > >   if (atomic_dec_and_test(>ref_count)) {
> > >   ret = put_pfn(vpfn->pfn, dma->prot);
> > > >>> if physical page here is put, it may cause problem when pin this iova
> > > >>> next time:
> > > >>> vfio_iommu_type1_pin_pages {
> > > >>>   ...
> > > >>>   vpfn = vfio_iova_get_vfio_pfn(dma, iova);
> > > >>>   if (vpfn) {
> > > >>>   phys_pfn[i] = vpfn->pfn;
> > > >>>   continue;
> > > >>>   }
> > > >>>   ...
> > > >>> }
> > > >>>
> > > >>
> > > >> Good point. Fixing it as:
> > > >>
> > > >>   

Re: [PATCH 1/5] tests/boot_linux_console: Add a quick test for the OrangePi PC board

[Cleber Rosa]

On Tue, Dec 17, 2019 at 07:27:26PM +0100, Philippe Mathieu-Daudé wrote:
> This test boots a Linux kernel on a OrangePi PC board and verify
> the serial output is working.
> 
> The kernel image and DeviceTree blob are built by the Raspbian
> project (based on Debian):
> https://www.raspbian.org/RaspbianImages
> 
> If ARM is a target being built, "make check-acceptance" will
> automatically include this test by the use of the "arch:arm" tags.
> 
> Alternatively, this test can be run using:
> 
>   $ make check-venv
>   $ ./tests/venv/bin/avocado --show=console,app run -t machine:orangepi-pc 
> tests/acceptance/boot_linux_console.py
>   JOB ID : 2e4d15eceb13c33672af406f08171e6e9de1414a
>   JOB LOG: ~/job-results/job-2019-12-17T05.46-2e4d15e/job.log
>   (1/1) 
> tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_arm_orangepi:
>   console: Uncompressing Linux... done, booting the kernel.
>   console: Booting Linux on physical CPU 0x0
>   console: Linux version 4.20.7-sunxi (r...@armbian.com) (gcc version 7.2.1 
> 20171011 (Linaro GCC 7.2-2017.11)) #5.75 SMP Fri Feb 8 09:02:10 CET 2019
>   console: CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=50c5387d
>   console: CPU: div instructions available: patching division code
>   console: CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction 
> cache
>   console: OF: fdt: Machine model: Xunlong Orange Pi PC
>   console: Memory policy: Data cache writealloc
>   console: OF: reserved mem: failed to allocate memory for node 'cma@4a00'
>   console: cma: Failed to reserve 128 MiB
>   console: psci: probing for conduit method from DT.
>   console: psci: PSCIv0.2 detected in firmware.
>   console: psci: Using standard PSCI v0.2 function IDs
>   console: psci: Trusted OS migration not required
>   console: random: get_random_bytes called from start_kernel+0x8d/0x3c2 with 
> crng_init=0
>   console: percpu: Embedded 18 pages/cpu @(ptrval) s41228 r8192 d24308 u73728
>   console: Built 1 zonelists, mobility grouping on.  Total pages: 32480
>   console: Kernel command line: printk.time=0 console=ttyS0,115200
>   PASS (8.59 s)
>   JOB TIME   : 8.81 s
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  tests/acceptance/boot_linux_console.py | 26 ++
>  1 file changed, 26 insertions(+)
> 
> diff --git a/tests/acceptance/boot_linux_console.py 
> b/tests/acceptance/boot_linux_console.py
> index 7e41cebd47..820239e439 100644
> --- a/tests/acceptance/boot_linux_console.py
> +++ b/tests/acceptance/boot_linux_console.py
> @@ -411,6 +411,32 @@ class BootLinuxConsole(Test):
>  self.wait_for_console_pattern('Boot successful.')
>  # TODO user command, for now the uart is stuck
>  
> +def test_arm_orangepi(self):

Maybe rename the test to include the full machine type?  I mean,
"test_arm_orangepi_pc"?

> +"""
> +:avocado: tags=arch:arm
> +:avocado: tags=machine:orangepi-pc
> +"""
> +deb_url = ('https://apt.armbian.com/pool/main/l/'
> +   'linux-4.20.7-sunxi/linux-image-dev-sunxi_5.75_armhf.deb')
> +deb_hash = '1334c29c44d984ffa05ed10de8c3361f33d78315'
> +deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
> +kernel_path = self.extract_from_deb(deb_path,
> +'/boot/vmlinuz-4.20.7-sunxi')
> +dtb_path = '/usr/lib/linux-image-dev-sunxi/sun8i-h3-orangepi-pc.dtb'
> +dtb_path = self.extract_from_deb(deb_path, dtb_path)
> +
> +self.vm.set_machine('orangepi-pc')
> +self.vm.set_console()
> +kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE +
> +   'console=ttyS0,115200n8 '
> +   'earlycon=uart,mmio32,0x1c28000')
> +self.vm.add_args('-kernel', kernel_path,
> + '-dtb', dtb_path,
> + '-append', kernel_command_line)
> +self.vm.launch()
> +console_pattern = 'Kernel command line: %s' % kernel_command_line
> +self.wait_for_console_pattern(console_pattern)
> +
>  def test_s390x_s390_ccw_virtio(self):
>  """
>  :avocado: tags=arch:s390x
> -- 
> 2.21.0
> 

Either way,

Reviewed-by: Cleber Rosa 
Tested-by: Cleber Rosa 


signature.asc
Description: PGP signature

[PATCH v39 04/22] target/avr: Add instruction translation - Registers definition

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 target/avr/translate.c | 143 +
 1 file changed, 143 insertions(+)
 create mode 100644 target/avr/translate.c

diff --git a/target/avr/translate.c b/target/avr/translate.c
new file mode 100644
index 00..0139bcabb1
--- /dev/null
+++ b/target/avr/translate.c
@@ -0,0 +1,143 @@
+/*
+ * QEMU AVR CPU
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/qemu-print.h"
+#include "tcg/tcg.h"
+#include "cpu.h"
+#include "exec/exec-all.h"
+#include "tcg-op.h"
+#include "exec/cpu_ldst.h"
+#include "exec/helper-proto.h"
+#include "exec/helper-gen.h"
+#include "exec/log.h"
+#include "exec/translator.h"
+#include "exec/gen-icount.h"
+
+/*
+ *  Define if you want a BREAK instruction translated to a breakpoint
+ *  Active debugging connection is assumed
+ *  This is for
+ *  https://github.com/seharris/qemu-avr-tests/tree/master/instruction-tests
+ *  tests
+ */
+#undef BREAKPOINT_ON_BREAK
+
+static TCGv cpu_pc;
+
+static TCGv cpu_Cf;
+static TCGv cpu_Zf;
+static TCGv cpu_Nf;
+static TCGv cpu_Vf;
+static TCGv cpu_Sf;
+static TCGv cpu_Hf;
+static TCGv cpu_Tf;
+static TCGv cpu_If;
+
+static TCGv cpu_rampD;
+static TCGv cpu_rampX;
+static TCGv cpu_rampY;
+static TCGv cpu_rampZ;
+
+static TCGv cpu_r[NUMBER_OF_CPU_REGISTERS];
+static TCGv cpu_eind;
+static TCGv cpu_sp;
+
+static TCGv cpu_skip;
+
+static const char reg_names[NUMBER_OF_CPU_REGISTERS][8] = {
+"r0",  "r1",  "r2",  "r3",  "r4",  "r5",  "r6",  "r7",
+"r8",  "r9",  "r10", "r11", "r12", "r13", "r14", "r15",
+"r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
+"r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
+};
+#define REG(x) (cpu_r[x])
+
+enum {
+DISAS_EXIT   = DISAS_TARGET_0,  /* We want return to the cpu main loop.  */
+DISAS_LOOKUP = DISAS_TARGET_1,  /* We have a variable condition exit.  */
+DISAS_CHAIN  = DISAS_TARGET_2,  /* We have a single condition exit.  */
+};
+
+typedef struct DisasContext DisasContext;
+
+/* This is the state at translation time. */
+struct DisasContext {
+TranslationBlock *tb;
+
+CPUAVRState *env;
+CPUState *cs;
+
+target_long npc;
+uint32_t opcode;
+
+/* Routine used to access memory */
+int memidx;
+int bstate;
+int singlestep;
+
+TCGv skip_var0;
+TCGv skip_var1;
+TCGCond skip_cond;
+bool free_skip_var0;
+};
+
+static int to_regs_16_31_by_one(DisasContext *ctx, int indx)
+{
+return 16 + (indx % 16);
+}
+
+static int to_regs_16_23_by_one(DisasContext *ctx, int indx)
+{
+return 16 + (indx % 8);
+}
+static int to_regs_24_30_by_two(DisasContext *ctx, int indx)
+{
+return 24 + (indx % 4) * 2;
+}
+static int to_regs_00_30_by_two(DisasContext *ctx, int indx)
+{
+return (indx % 16) * 2;
+}
+
+static uint16_t next_word(DisasContext *ctx)
+{
+return cpu_lduw_code(ctx->env, ctx->npc++ * 2);
+}
+
+static int append_16(DisasContext *ctx, int x)
+{
+return x << 16 | next_word(ctx);
+}
+
+
+static bool avr_have_feature(DisasContext *ctx, int feature)
+{
+if (!avr_feature(ctx->env, feature)) {
+gen_helper_unsupported(cpu_env);
+ctx->bstate = DISAS_NORETURN;
+return false;
+}
+return true;
+}
+
+static bool decode_insn(DisasContext *ctx, uint16_t insn);
+#include "decode_insn.inc.c"
+
-- 
2.17.2 (Apple Git-113)

Re: [PATCH v4 0/6] HPPA: i82596, PS/2 and graphics emulation

[Richard Henderson]

On 12/13/19 10:40 AM, Helge Deller wrote:
> To avoid confusion because we missed qemu 4.2, I've deleted the
> parisc-qemu-4.2 branch at the parisc-seabios git repo [1].
> Instead I've created a parisc-qemu-5.0 branch.
> Please use that instead if you push the prebuilt seabios rom and
> git submodule references.
> 
> Helge
> 
> [1] https://github.com/hdeller/seabios-hppa/tree/parisc-qemu-5.0

I've re-generated patch 6 using the head of that branch.


r~

[PATCH] 9p: init_in_iov_from_pdu can truncate the size

[Stefano Stabellini]

From: Stefano Stabellini 

init_in_iov_from_pdu might not be able to allocate the full buffer size
requested, which comes from the client and could be larger than the
transport has available at the time of the request. Specifically, this
can happen with read operations, with the client requesting a read up to
the max allowed, which might be more than the transport has available at
the time.

Today the implementation of init_in_iov_from_pdu throws an error, both
Xen and Virtio.

Instead, change the V9fsTransport interface so that the size becomes a
pointer and can be limited by the implementation of
init_in_iov_from_pdu.

Change both the Xen and Virtio implementations to set the size to the
size of the buffer they managed to allocate, instead of throwing an
error.

Signed-off-by: Stefano Stabellini 
CC: gr...@kaod.org
CC: anthony.per...@citrix.com
---
 hw/9pfs/9p.c   | 22 +++---
 hw/9pfs/9p.h   |  2 +-
 hw/9pfs/virtio-9p-device.c | 10 +++---
 hw/9pfs/xen-9p-backend.c   | 12 
 4 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index bdf7919abf..d6c89ce608 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1682,22 +1682,30 @@ out_nofid:
  * with qemu_iovec_destroy().
  */
 static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu,
-size_t skip, size_t size,
+size_t skip, size_t *size,
 bool is_write)
 {
 QEMUIOVector elem;
 struct iovec *iov;
 unsigned int niov;
+size_t alloc_size = *size + skip;
 
 if (is_write) {
-pdu->s->transport->init_out_iov_from_pdu(pdu, , , size + 
skip);
+pdu->s->transport->init_out_iov_from_pdu(pdu, , , alloc_size);
 } else {
-pdu->s->transport->init_in_iov_from_pdu(pdu, , , size + skip);
+pdu->s->transport->init_in_iov_from_pdu(pdu, , , _size);
+}
+
+if (alloc_size < skip)
+{
+*size = 0;
+} else {
+*size = alloc_size - skip;
 }
 
 qemu_iovec_init_external(, iov, niov);
 qemu_iovec_init(qiov, niov);
-qemu_iovec_concat(qiov, , skip, size);
+qemu_iovec_concat(qiov, , skip, *size);
 }
 
 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
@@ -1722,7 +1730,7 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, 
V9fsFidState *fidp,
 }
 offset += err;
 
-v9fs_init_qiov_from_pdu(_full, pdu, offset, read_count, false);
+v9fs_init_qiov_from_pdu(_full, pdu, offset, _count, false);
 err = v9fs_pack(qiov_full.iov, qiov_full.niov, 0,
 ((char *)fidp->fs.xattr.value) + off,
 read_count);
@@ -1852,7 +1860,7 @@ static void coroutine_fn v9fs_read(void *opaque)
 QEMUIOVector qiov;
 int32_t len;
 
-v9fs_init_qiov_from_pdu(_full, pdu, offset + 4, max_count, false);
+v9fs_init_qiov_from_pdu(_full, pdu, offset + 4, _count, 
false);
 qemu_iovec_init(, qiov_full.niov);
 do {
 qemu_iovec_reset();
@@ -2085,7 +2093,7 @@ static void coroutine_fn v9fs_write(void *opaque)
 return;
 }
 offset += err;
-v9fs_init_qiov_from_pdu(_full, pdu, offset, count, true);
+v9fs_init_qiov_from_pdu(_full, pdu, offset, , true);
 trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov);
 
 fidp = get_fid(pdu, fid);
diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
index 8883761b2c..50f7e21da6 100644
--- a/hw/9pfs/9p.h
+++ b/hw/9pfs/9p.h
@@ -365,7 +365,7 @@ struct V9fsTransport {
 ssize_t (*pdu_vunmarshal)(V9fsPDU *pdu, size_t offset, const char *fmt,
   va_list ap);
 void(*init_in_iov_from_pdu)(V9fsPDU *pdu, struct iovec **piov,
-unsigned int *pniov, size_t size);
+unsigned int *pniov, size_t *size);
 void(*init_out_iov_from_pdu)(V9fsPDU *pdu, struct iovec **piov,
  unsigned int *pniov, size_t size);
 void(*push_and_notify)(V9fsPDU *pdu);
diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c
index 775e8ff766..68873c3f5f 100644
--- a/hw/9pfs/virtio-9p-device.c
+++ b/hw/9pfs/virtio-9p-device.c
@@ -145,19 +145,15 @@ static ssize_t virtio_pdu_vunmarshal(V9fsPDU *pdu, size_t 
offset,
 }
 
 static void virtio_init_in_iov_from_pdu(V9fsPDU *pdu, struct iovec **piov,
-unsigned int *pniov, size_t size)
+unsigned int *pniov, size_t *size)
 {
 V9fsState *s = pdu->s;
 V9fsVirtioState *v = container_of(s, V9fsVirtioState, state);
 VirtQueueElement *elem = v->elems[pdu->idx];
 size_t buf_size = iov_size(elem->in_sg, elem->in_num);
 
-if (buf_size < size) {
-VirtIODevice *vdev = VIRTIO_DEVICE(v);
-
-virtio_error(vdev,
-   

Re: [PATCH v8 3/4] Acceptance tests: add make targets to download images

[Cleber Rosa]

On Thu, Dec 19, 2019 at 01:16:12AM +0100, Philippe Mathieu-Daudé wrote:
> On 12/19/19 12:24 AM, Cleber Rosa wrote:
> > The newly introduced "boot linux" tests make use of Linux images that
> > are larger than usual, and fall into what Avocado calls "vmimages",
> > and can be referred to by name, version and architecture.
> > 
> > The images can be downloaded automatically during the test. But, to
> > make for more reliable test results, this introduces a target that
> > will download the vmimages for the architectures that have been
> > configured and are available for the currently used distro (Fedora
> > 31).
> > 
> > Signed-off-by: Cleber Rosa 
> > ---
> >   tests/Makefile.include | 17 +++--
> >   1 file changed, 15 insertions(+), 2 deletions(-)
> > 
> > diff --git a/tests/Makefile.include b/tests/Makefile.include
> > index b381387048..78a6f089ff 100644
> > --- a/tests/Makefile.include
> > +++ b/tests/Makefile.include
> > @@ -1177,7 +1177,20 @@ $(TESTS_RESULTS_DIR):
> >   check-venv: $(TESTS_VENV_DIR)
> > -check-acceptance: check-venv $(TESTS_RESULTS_DIR)
> > +FEDORA_31_ARCHES_CANDIDATES=$(patsubst ppc64,ppc64le,$(TARGETS))
> > +FEDORA_31_ARCHES := x86_64 aarch64 ppc64le s390x
> > +FEDORA_31_DOWNLOAD=$(filter 
> > $(FEDORA_31_ARCHES),$(FEDORA_31_ARCHES_CANDIDATES))
> > +
> > +# download one specific Fedora 31 image
> > +get-vmimage-fedora-31-%: $(check-venv)
> > +   $(call quiet-command, \
> > + $(TESTS_VENV_DIR)/bin/python -m avocado vmimage get \
> > + --distro=fedora --distro-version=31 --arch=$*)
> > +
> > +# download all vm images, according to defined targets
> > +get-vmimage: $(patsubst %,get-vmimage-fedora-31-%, $(FEDORA_31_DOWNLOAD))
> > +
> > +check-acceptance: check-venv $(TESTS_RESULTS_DIR) get-vmimage
> > $(call quiet-command, \
> >   $(TESTS_VENV_DIR)/bin/python -m avocado \
> >   --show=$(AVOCADO_SHOW) run 
> > --job-results-dir=$(TESTS_RESULTS_DIR) \
> > @@ -1188,7 +1201,7 @@ check-acceptance: check-venv $(TESTS_RESULTS_DIR)
> >   # Consolidated targets
> > -.PHONY: check-block check-qapi-schema check-qtest check-unit check 
> > check-clean
> > +.PHONY: check-block check-qapi-schema check-qtest check-unit check 
> > check-clean get-vmimage
> >   check-qapi-schema: check-tests/qapi-schema/frontend 
> > check-tests/qapi-schema/doc-good.texi
> >   check-qtest: $(patsubst %,check-qtest-%, $(QTEST_TARGETS))
> >   check-block: $(patsubst %,check-%, $(check-block-y))
> > 
> 
> We have both 'make vm-help' and 'make check-help'. The check-acceptance
> target is in check-help. We get vm image... confusing.
>

I know... I had a hard time coming up with a name, and I'm aware it's not
a very good one.

> Anyway, can you list this new target, with a hint about the storage size
> required?

Sure thing, good point.

> Can you add an entry in the 'make
> 

I suspect you mean adding an entry in the 'make check-help' output, right?

- Cleber.


signature.asc
Description: PGP signature

Re: [PATCH v8 2/4] Acceptance test: add "boot_linux" tests

[Cleber Rosa]

On Thu, Dec 19, 2019 at 01:12:02AM +0100, Philippe Mathieu-Daudé wrote:
> Hi Cleber,
> 
> Few minor questions...
> 
> On 12/19/19 12:24 AM, Cleber Rosa wrote:
> > This acceptance test, validates that a full blown Linux guest can
> > successfully boot in QEMU.  In this specific case, the guest chosen is
> > Fedora version 31.
> > 
> >   * x86_64, pc and q35 machine types, with and without kvm as an
> > accelerator
> > 
> >   * aarch64 and virt machine type, with and without kvm as an
> > accelerator
> > 
> >   * ppc64 and pseries machine type
> > 
> >   * s390x and s390-ccw-virtio machine type
> > 
> > The Avocado vmimage utils library is used to download and cache the
> > Linux guest images, and from those images a snapshot image is created
> > and given to QEMU.  If a qemu-img binary is available in the build
> > directory, it's used to create the snapshot image, so that matching
> > qemu-system-* and qemu-img are used in the same test run.  If qemu-img
> > is not available in the build tree, one is attempted to be found
> > installed system-wide (in the $PATH).  If qemu-img is not found in the
> > build dir or in the $PATH, the test is canceled.
> > 
> > The method for checking the successful boot is based on "cloudinit"
> > and its "phone home" feature.  The guest is given an ISO image with
> > the location of the phone home server, and the information to post
> > (the instance ID).  Upon receiving the correct information, from the
> > guest, the test is considered to have PASSed.
> > 
> > This test is currently limited to user mode networking only, and
> > instructs the guest to connect to the "router" address that is hard
> > coded in QEMU.
> > 
> > To create the cloudinit ISO image that will be used to configure the
> > guest, the pycdlib library is also required and has been added as
> > requirement to the virtual environment created by "check-venv".
> > 
> > The console output is read by a separate thread, by means of the
> > Avocado datadrainer utility module.
> > 
> > Signed-off-by: Cleber Rosa 
> > ---
> >   .travis.yml|   2 +-
> >   tests/acceptance/boot_linux.py | 180 +
> >   tests/requirements.txt |   3 +-
> >   3 files changed, 183 insertions(+), 2 deletions(-)
> >   create mode 100644 tests/acceptance/boot_linux.py
> > 
> > diff --git a/.travis.yml b/.travis.yml
> > index 6cb8af6fa5..10c24330fd 100644
> > --- a/.travis.yml
> > +++ b/.travis.yml
> > @@ -264,7 +264,7 @@ matrix:
> >   # Acceptance (Functional) tests
> >   - env:
> > -- CONFIG="--python=/usr/bin/python3 
> > --target-list=x86_64-softmmu,mips-softmmu,mips64el-softmmu,aarch64-softmmu,arm-softmmu,s390x-softmmu,alpha-softmmu,ppc-softmmu,ppc64-softmmu,m68k-softmmu,sparc-softmmu"
> > +- CONFIG="--python=/usr/bin/python3 --enable-tools 
> > --target-list=x86_64-softmmu,mips-softmmu,mips64el-softmmu,aarch64-softmmu,arm-softmmu,s390x-softmmu,alpha-softmmu,ppc-softmmu,ppc64-softmmu,m68k-softmmu,sparc-softmmu"
> >   - TEST_CMD="make check-acceptance"
> > after_failure:
> >   - cat tests/results/latest/job.log
> > diff --git a/tests/acceptance/boot_linux.py b/tests/acceptance/boot_linux.py
> > new file mode 100644
> > index 00..495ff2963c
> > --- /dev/null
> > +++ b/tests/acceptance/boot_linux.py
> > @@ -0,0 +1,180 @@
> > +# Functional test that boots a complete Linux system via a cloud image
> > +#
> > +# Copyright (c) 2018-2019 Red Hat, Inc.
> > +#
> > +# Author:
> > +#  Cleber Rosa 
> > +#
> > +# This work is licensed under the terms of the GNU GPL, version 2 or
> > +# later.  See the COPYING file in the top-level directory.
> > +
> > +import os
> > +
> > +from avocado_qemu import Test, BLD_DIR
> > +
> > +from qemu.accel import kvm_available
> > +
> > +from avocado.utils import cloudinit
> > +from avocado.utils import network
> > +from avocado.utils import vmimage
> > +from avocado.utils import datadrainer
> > +
> > +
> > +KVM_NOT_AVAILABLE = "KVM accelerator does not seem to be available"
> > +
> > +
> > +class BootLinux(Test):
> > +"""
> > +Boots a Linux system, checking for a successful initialization
> > +"""
> > +
> > +timeout = 900
> > +chksum = None
> > +
> > +def setUp(self):
> > +super(BootLinux, self).setUp()
> > +self.prepare_boot()
> > +self.vm.add_args('-smp', '2')
> 
> Hmmm are we assuming everybody has multicore systems?
>

Not really, but isn't it possible to have virtual CPUs > actual CPUs?
IMO testing with smp > 1 is a better test than with smp == 1.

> > +self.vm.add_args('-m', '2048')
> 
> We should not fail the test if this condition is not possible.
>

You mean from the host side, right?  I have doubts about what to do
here, in the sense that we can't easily and reliably set aside memory
in the system to run qemu.  We could of course check the amount of
physical or free memory in the system at the test start time, but
there would still 

Re: [PATCH v4 5/6] hppa: Add emulation of Artist graphics

[Richard Henderson]

On 11/3/19 10:56 AM, Sven Schnelle wrote:
> This adds emulation of Artist graphics good enough
> to get a Text console on both Linux and HP-UX. The
> X11 server from HP-UX also works.
> 
> Signed-off-by: Sven Schnelle 
> ---
>  hw/display/Kconfig   |4 +
>  hw/display/Makefile.objs |1 +
>  hw/display/artist.c  | 1449 ++
>  hw/display/trace-events  |9 +
>  hw/hppa/Kconfig  |1 +
>  hw/hppa/hppa_hardware.h  |1 +
>  hw/hppa/machine.c|9 +
>  7 files changed, 1474 insertions(+)
>  create mode 100644 hw/display/artist.c

Seems to have some problems rebased upon master:


> Thread 6 "qemu-system-hpp" received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7fffee3b6700 (LWP 11752)]
> 0x558bba54 in artist_rop8 (s=s@entry=0x56105400, 
> dst=dst@entry=0x7fffed74 "", val=0 '\000')
> at /home/rth/qemu/qemu/hw/display/artist.c:288
> 288   *dst |= val & plane_mask;
> (gdb) where
> #0  0x558bba54 in artist_rop8
> (s=s@entry=0x56105400, dst=dst@entry=0x7fffed74 "", val=0 '\000')
> at /home/rth/qemu/qemu/hw/display/artist.c:288
> #1  0x558bc145 in vram_bit_write
> (s=s@entry=0x56105400, posx=, posy=, 
> incr_x=incr_x@entry=false, size=size@entry=4, data=, 
> data@entry=0)
> at /home/rth/qemu/qemu/hw/display/artist.c:430
> #2  0x558bd33b in artist_reg_write
> (opaque=0x56105400, addr=1050144, val=0, size=4)
> at /home/rth/qemu/qemu/hw/display/artist.c:862
> #3  0x557b271b in memory_region_write_accessor
> (mr=mr@entry=0x561058f0, addr=addr@entry=1050144, 
> value=value@entry=0x7fffee3b4f08, size=size@entry=4, shift=shift@entry=0, 
> mask=mask@entry=4294967295, attrs=...) at /home/rth/qemu/qemu/memory.c:483
> #4  0x557b03d3 in access_with_adjusted_size
> (addr=addr@entry=1050144, value=value@entry=0x7fffee3b4f08, 
> size=size@entry=4, access_size_min=, 
> access_size_max=, access_fn=access_fn@entry=
> 0x557b25f0 , mr=0x561058f0, 
> attrs=...) at /home/rth/qemu/qemu/memory.c:539
> #5  0x557b4b34 in memory_region_dispatch_write
> (mr=mr@entry=0x561058f0, addr=addr@entry=1050144, data= out>, data@entry=0, op=op@entry=MO_BEUL, attrs=...)
> at /home/rth/qemu/qemu/memory.c:1475
> #6  0x557c18ed in io_writex
> (env=env@entry=0x563a6b60, mmu_idx=mmu_idx@entry=4, val=val@entry=0, 
> addr=addr@entry=4161799712, retaddr=140736415114886, op=MO_BEUL, 
> iotlbentry=, iotlbentry=)
> at /home/rth/qemu/qemu/accel/tcg/cputlb.c:977
> #7  0x557c77bc in store_helper
> (op=MO_BEUL, retaddr=140736415114886, oi=, val=0, 
> addr=4161799712, env=0x563a6b60) at 
> /home/rth/qemu/qemu/accel/tcg/cputlb.c:1716
> #8  0x557c77bc in helper_be_stl_mmu
> (env=0x563a6b60, addr=4161799712, val=0, oi=, 
> retaddr=140736415114886) at /home/rth/qemu/qemu/accel/tcg/cputlb.c:1842
> #9  0x7fffc007a686 in code_gen_buffer ()

Re: [PATCH v8 1/4] Acceptance tests: introduce BLD_DIR, SRC_DIR and LNK_DIR

[Cleber Rosa]

On Thu, Dec 19, 2019 at 01:02:39AM +0100, Philippe Mathieu-Daudé wrote:
> On 12/19/19 12:24 AM, Cleber Rosa wrote:
> > Some tests may benefit from using resources from a build directory.
> > This introduces three variables that can help tests find resources in
> > those directories.
> > 
> > First, a BLD_DIR is assumed to exist, given that the primary form of
> > running the acceptance tests is from a build directory (which may or
> > may not be the same as the source tree, that is, the SRC_DIR).
> 
> Can we name this BUILD_DIR?
>

Yes, of course.

> This would be more in line with the other buildsys files (configure/make).
>

That's a good point.

> > If the directory containing the acceptance tests happens to be a link
> > to a directory (kept as LNK_DIR), it's assumed to it points to the
> > source tree (SRC_DIR), which is the behavior defined on the QEMU
> > Makefiles.  If the directory containing the acceptance tests is not a
> > link, then a in-tree build is assumed, and the BLD_DIR and SRC_DIR are
> > the same and LNK_DIR is set None.
> 
> Similarly, can we name this CURRENT_DIR instead of LNK_DIR?
>

Yes, or maybe even drop it?  TBH, I can only see use cases for build
and source dirs.  So, I assume you'd propose SRC_DIR would be
SOURCE_DIR?

Cheers,
- Cleber.


signature.asc
Description: PGP signature

Re: [PATCH v8 3/4] Acceptance tests: add make targets to download images

[Philippe Mathieu-Daudé]

On 12/19/19 12:24 AM, Cleber Rosa wrote:

The newly introduced "boot linux" tests make use of Linux images that
are larger than usual, and fall into what Avocado calls "vmimages",
and can be referred to by name, version and architecture.

The images can be downloaded automatically during the test. But, to
make for more reliable test results, this introduces a target that
will download the vmimages for the architectures that have been
configured and are available for the currently used distro (Fedora
31).

Signed-off-by: Cleber Rosa 
---
  tests/Makefile.include | 17 +++--
  1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index b381387048..78a6f089ff 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -1177,7 +1177,20 @@ $(TESTS_RESULTS_DIR):
  
  check-venv: $(TESTS_VENV_DIR)
  
-check-acceptance: check-venv $(TESTS_RESULTS_DIR)

+FEDORA_31_ARCHES_CANDIDATES=$(patsubst ppc64,ppc64le,$(TARGETS))
+FEDORA_31_ARCHES := x86_64 aarch64 ppc64le s390x
+FEDORA_31_DOWNLOAD=$(filter $(FEDORA_31_ARCHES),$(FEDORA_31_ARCHES_CANDIDATES))
+
+# download one specific Fedora 31 image
+get-vmimage-fedora-31-%: $(check-venv)
+   $(call quiet-command, \
+ $(TESTS_VENV_DIR)/bin/python -m avocado vmimage get \
+ --distro=fedora --distro-version=31 --arch=$*)
+
+# download all vm images, according to defined targets
+get-vmimage: $(patsubst %,get-vmimage-fedora-31-%, $(FEDORA_31_DOWNLOAD))
+
+check-acceptance: check-venv $(TESTS_RESULTS_DIR) get-vmimage
$(call quiet-command, \
  $(TESTS_VENV_DIR)/bin/python -m avocado \
  --show=$(AVOCADO_SHOW) run --job-results-dir=$(TESTS_RESULTS_DIR) 
\
@@ -1188,7 +1201,7 @@ check-acceptance: check-venv $(TESTS_RESULTS_DIR)
  
  # Consolidated targets
  
-.PHONY: check-block check-qapi-schema check-qtest check-unit check check-clean

+.PHONY: check-block check-qapi-schema check-qtest check-unit check check-clean 
get-vmimage
  check-qapi-schema: check-tests/qapi-schema/frontend 
check-tests/qapi-schema/doc-good.texi
  check-qtest: $(patsubst %,check-qtest-%, $(QTEST_TARGETS))
  check-block: $(patsubst %,check-%, $(check-block-y))



We have both 'make vm-help' and 'make check-help'. The check-acceptance 
target is in check-help. We get vm image... confusing.


Anyway, can you list this new target, with a hint about the storage size 
required?

Can you add an entry in the 'make

Re: [PATCH v8 2/4] Acceptance test: add "boot_linux" tests

[Philippe Mathieu-Daudé]

Hi Cleber,

Few minor questions...

On 12/19/19 12:24 AM, Cleber Rosa wrote:

This acceptance test, validates that a full blown Linux guest can
successfully boot in QEMU.  In this specific case, the guest chosen is
Fedora version 31.

  * x86_64, pc and q35 machine types, with and without kvm as an
accelerator

  * aarch64 and virt machine type, with and without kvm as an
accelerator

  * ppc64 and pseries machine type

  * s390x and s390-ccw-virtio machine type

The Avocado vmimage utils library is used to download and cache the
Linux guest images, and from those images a snapshot image is created
and given to QEMU.  If a qemu-img binary is available in the build
directory, it's used to create the snapshot image, so that matching
qemu-system-* and qemu-img are used in the same test run.  If qemu-img
is not available in the build tree, one is attempted to be found
installed system-wide (in the $PATH).  If qemu-img is not found in the
build dir or in the $PATH, the test is canceled.

The method for checking the successful boot is based on "cloudinit"
and its "phone home" feature.  The guest is given an ISO image with
the location of the phone home server, and the information to post
(the instance ID).  Upon receiving the correct information, from the
guest, the test is considered to have PASSed.

This test is currently limited to user mode networking only, and
instructs the guest to connect to the "router" address that is hard
coded in QEMU.

To create the cloudinit ISO image that will be used to configure the
guest, the pycdlib library is also required and has been added as
requirement to the virtual environment created by "check-venv".

The console output is read by a separate thread, by means of the
Avocado datadrainer utility module.

Signed-off-by: Cleber Rosa 
---
  .travis.yml|   2 +-
  tests/acceptance/boot_linux.py | 180 +
  tests/requirements.txt |   3 +-
  3 files changed, 183 insertions(+), 2 deletions(-)
  create mode 100644 tests/acceptance/boot_linux.py

diff --git a/.travis.yml b/.travis.yml
index 6cb8af6fa5..10c24330fd 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -264,7 +264,7 @@ matrix:
  
  # Acceptance (Functional) tests

  - env:
-- CONFIG="--python=/usr/bin/python3 
--target-list=x86_64-softmmu,mips-softmmu,mips64el-softmmu,aarch64-softmmu,arm-softmmu,s390x-softmmu,alpha-softmmu,ppc-softmmu,ppc64-softmmu,m68k-softmmu,sparc-softmmu"
+- CONFIG="--python=/usr/bin/python3 --enable-tools 
--target-list=x86_64-softmmu,mips-softmmu,mips64el-softmmu,aarch64-softmmu,arm-softmmu,s390x-softmmu,alpha-softmmu,ppc-softmmu,ppc64-softmmu,m68k-softmmu,sparc-softmmu"
  - TEST_CMD="make check-acceptance"
after_failure:
  - cat tests/results/latest/job.log
diff --git a/tests/acceptance/boot_linux.py b/tests/acceptance/boot_linux.py
new file mode 100644
index 00..495ff2963c
--- /dev/null
+++ b/tests/acceptance/boot_linux.py
@@ -0,0 +1,180 @@
+# Functional test that boots a complete Linux system via a cloud image
+#
+# Copyright (c) 2018-2019 Red Hat, Inc.
+#
+# Author:
+#  Cleber Rosa 
+#
+# This work is licensed under the terms of the GNU GPL, version 2 or
+# later.  See the COPYING file in the top-level directory.
+
+import os
+
+from avocado_qemu import Test, BLD_DIR
+
+from qemu.accel import kvm_available
+
+from avocado.utils import cloudinit
+from avocado.utils import network
+from avocado.utils import vmimage
+from avocado.utils import datadrainer
+
+
+KVM_NOT_AVAILABLE = "KVM accelerator does not seem to be available"
+
+
+class BootLinux(Test):
+"""
+Boots a Linux system, checking for a successful initialization
+"""
+
+timeout = 900
+chksum = None
+
+def setUp(self):
+super(BootLinux, self).setUp()
+self.prepare_boot()
+self.vm.add_args('-smp', '2')


Hmmm are we assuming everybody has multicore systems?


+self.vm.add_args('-m', '2048')


We should not fail the test if this condition is not possible.


+self.vm.add_args('-drive', 'file=%s' % self.boot.path)
+self.prepare_cloudinit()
+
+def prepare_boot(self):
+self.log.info('Downloading/preparing boot image')
+# Fedora 31 only provides ppc64le images
+image_arch = self.arch
+if image_arch == 'ppc64':
+image_arch = 'ppc64le'
+# If qemu-img has been built, use it, otherwise the system wide one
+# will be used.  If none is available, the test will cancel.
+qemu_img = os.path.join(BLD_DIR, 'qemu-img')
+if os.path.exists(qemu_img):
+vmimage.QEMU_IMG = qemu_img
+try:
+self.boot = vmimage.get(
+'fedora', arch=image_arch, version='31',
+checksum=self.chksum,
+algorithm='sha256',
+cache_dir=self.cache_dirs[0],
+snapshot_dir=self.workdir)
+except:
+

Re: [PATCH v2 06/10] arm/arm-powerctl: rebuild hflags after setting CP15 bits in arm_set_cpu_on()

[Niek Linnenbank]

Hello Richard,

On Tue, Dec 17, 2019 at 5:41 PM Richard Henderson <
richard.hender...@linaro.org> wrote:

> On 12/17/19 6:12 AM, Peter Maydell wrote:
> > Cc'ing Richard : this is one for you I think... (surely we
> > need to rebuild the hflags from scratch when we power up
> > a CPU anyway?)
>
> We do compute hflags from scratch in reset.
>
> It has also turned out that there were a few board models that poked at the
> contents of the cpu and needed special help.  Some of that I would imagine
> would be fixed properly with the multi-phase reset patches, where we could
> rebuild hflags when *leaving* reset.
>
> In arm_set_cpu_on_async_work, we start by resetting the cpu and then start
> poking at the contents of some system registers.  So, yes, we do need to
> rebuild after doing that.  Also, I'm not sure how this function should fit
> into
> the multi-phase reset future.
>

Great, thanks a lot for confirming and clarifying this!
You mention the multi-phase reset feature, is that going to replace the
arm_set_cpu_on() functionality?
Currently I chose to use this function for implementing the CPU
configuration module in the Allwinner H3 Soc.
U-Boot needs the CPU configuration module to provide PSCI which Linux uses
to bring up the secondary cores.
And basically the CPU configuration module needs something to let the
secondary CPUs power on, reset and start executing at some address.

Would you suggest to keep using arm_set_cpu_on() for this, or should I
instead use a different function?

Regards,
Niek

>
> So:
>
> >> On Tue, Dec 17, 2019 at 12:36 AM Niek Linnenbank <
> nieklinnenb...@gmail.com> wrote:
> >>>
> >>> After setting CP15 bits in arm_set_cpu_on() the cached hflags must
> >>> be rebuild to reflect the changed processor state. Without rebuilding,
> >>> the cached hflags would be inconsistent until the next call to
> >>> arm_rebuild_hflags(). When QEMU is compiled with debugging enabled
> >>> (--enable-debug), this problem is captured shortly after the first
> >>> call to arm_set_cpu_on() for CPUs running in ARM 32-bit non-secure
> mode:
> >>>
> >>>   qemu-system-arm: target/arm/helper.c:11359: cpu_get_tb_cpu_state:
> >>>   Assertion `flags == rebuild_hflags_internal(env)' failed.
> >>>   Aborted (core dumped)
> >>>
> >>> Fixes: 0c7f8c43daf65
> >>> Signed-off-by: Niek Linnenbank 
> >>> ---
> >>>  target/arm/arm-powerctl.c | 3 +++
> >>>  1 file changed, 3 insertions(+)
> >>>
> >>> diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c
> >>> index b064513d44..b75f813b40 100644
> >>> --- a/target/arm/arm-powerctl.c
> >>> +++ b/target/arm/arm-powerctl.c
> >>> @@ -127,6 +127,9 @@ static void arm_set_cpu_on_async_work(CPUState
> *target_cpu_state,
> >>>  target_cpu->env.regs[0] = info->context_id;
> >>>  }
> >>>
> >>> +/* CP15 update requires rebuilding hflags */
> >>> +arm_rebuild_hflags(_cpu->env);
> >>> +
> >>>  /* Start the new CPU at the requested address */
> >>>  cpu_set_pc(target_cpu_state, info->entry);
> >>>
>
> Reviewed-by: Richard Henderson 
>
>
> r~
>


-- 
Niek Linnenbank

Re: [PATCH] linux-user:Fix align mistake when mmap guest space

[Richard Henderson]

On 12/12/19 11:00 PM, Laurent Vivier wrote:
> Le 13/12/2019 à 03:29, Xinyu Li a écrit :
>> In init_guest_space, we need to mmap guest space. If the return address
>> of first mmap is not aligned with align, which was set to MAX(SHMLBA,
>> qemu_host_page_size), we need unmap and a new mmap(space is larger than
>> first size). The new size is named real_size, which is aligned_size +
>> qemu_host_page_size. alugned_size is the guest space size. And add a
>> qemu_host_page_size to avoid memory error when we align real_start
>> manually (ROUND_UP(real_start, align)). But when SHMLBA >
>> qemu_host_page_size, the added size will smaller than the size to align,
>> which can make a mistake(in a mips machine, it appears). So change
>> real_size from aligned_size +qemu_host_page_size
>> to aligned_size + align will solve it.
>>
>> Signed-off-by: Xinyu Li 
>> ---
>>  linux-user/elfload.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/linux-user/elfload.c b/linux-user/elfload.c
>> index f6693e5760..312ded0779 100644
>> --- a/linux-user/elfload.c
>> +++ b/linux-user/elfload.c
>> @@ -2189,7 +2189,7 @@ unsigned long init_guest_space(unsigned long 
>> host_start,
>>   * to where we need to put the commpage.
>>   */
>>  munmap((void *)real_start, host_size);
>> -real_size = aligned_size + qemu_host_page_size;
>> +real_size = aligned_size + align;
>>  real_start = (unsigned long)
>>  mmap((void *)real_start, real_size, PROT_NONE, flags, -1, 
>> 0);
>>  if (real_start == (unsigned long)-1) {
>>
> 
> Your change seems correct to me.
> 
> Richard did you miss this in your patch
> 30ab9ef2967d ("linux-user: Fix shmat emulation by honoring host SHMLBA")
> or was it voluntary to keep it?

Looks like I missed it.
Reviewed-by: Richard Henderson 


r~

Re: [PATCH v8 1/4] Acceptance tests: introduce BLD_DIR, SRC_DIR and LNK_DIR

[Philippe Mathieu-Daudé]

On 12/19/19 12:24 AM, Cleber Rosa wrote:

Some tests may benefit from using resources from a build directory.
This introduces three variables that can help tests find resources in
those directories.

First, a BLD_DIR is assumed to exist, given that the primary form of
running the acceptance tests is from a build directory (which may or
may not be the same as the source tree, that is, the SRC_DIR).


Can we name this BUILD_DIR?

This would be more in line with the other buildsys files (configure/make).


If the directory containing the acceptance tests happens to be a link
to a directory (kept as LNK_DIR), it's assumed to it points to the
source tree (SRC_DIR), which is the behavior defined on the QEMU
Makefiles.  If the directory containing the acceptance tests is not a
link, then a in-tree build is assumed, and the BLD_DIR and SRC_DIR are
the same and LNK_DIR is set None.


Similarly, can we name this CURRENT_DIR instead of LNK_DIR?



Signed-off-by: Cleber Rosa 
---
  tests/acceptance/avocado_qemu/__init__.py | 27 ++-
  1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/tests/acceptance/avocado_qemu/__init__.py 
b/tests/acceptance/avocado_qemu/__init__.py
index 6618ea67c1..ac7597f7fe 100644
--- a/tests/acceptance/avocado_qemu/__init__.py
+++ b/tests/acceptance/avocado_qemu/__init__.py
@@ -16,8 +16,23 @@ import tempfile
  
  import avocado
  
-SRC_ROOT_DIR = os.path.join(os.path.dirname(__file__), '..', '..', '..')

-sys.path.append(os.path.join(SRC_ROOT_DIR, 'python'))
+#: The QEMU build root directory.  It may also be the source directory
+#: if building from the source dir, but it's safer to use BLD_DIR for
+#: that purpose.  Be aware that if this code is moved outside of a source
+#: and build tree, it will not be accurate.
+BLD_DIR = 
os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(__file__
+
+if os.path.islink(os.path.dirname(os.path.dirname(__file__))):
+#: The link to the acceptance tests dir in the source code directory.  If
+#: build dir is the same as the source dir, this is set to None
+LNK_DIR = os.path.dirname(os.path.dirname(__file__))
+#: The QEMU root source directory
+SRC_DIR = os.path.dirname(os.path.dirname(os.readlink(LNK_DIR)))
+else:
+LNK_DIR = None
+SRC_DIR = BLD_DIR
+
+sys.path.append(os.path.join(SRC_DIR, 'python'))
  
  from qemu.machine import QEMUMachine
  
@@ -49,10 +64,10 @@ def pick_default_qemu_bin(arch=None):

  if is_readable_executable_file(qemu_bin_relative_path):
  return qemu_bin_relative_path
  
-qemu_bin_from_src_dir_path = os.path.join(SRC_ROOT_DIR,

+qemu_bin_from_bld_dir_path = os.path.join(BLD_DIR,
qemu_bin_relative_path)
-if is_readable_executable_file(qemu_bin_from_src_dir_path):
-return qemu_bin_from_src_dir_path
+if is_readable_executable_file(qemu_bin_from_bld_dir_path):
+return qemu_bin_from_bld_dir_path
  
  
  def wait_for_console_pattern(test, success_message, failure_message=None):

@@ -122,7 +137,7 @@ class Test(avocado.Test):
  self.qemu_bin = self.params.get('qemu_bin',
  default=default_qemu_bin)
  if self.qemu_bin is None:
-self.cancel("No QEMU binary defined or found in the source tree")
+self.cancel("No QEMU binary defined or found in the build tree")
  
  def _new_vm(self, *args):

  vm = QEMUMachine(self.qemu_bin, sock_dir=tempfile.mkdtemp())

Re: QEMU for Qualcomm Hexagon - KVM Forum talk and code available

[Richard Henderson]

On 12/17/19 8:21 AM, Peter Maydell wrote:
> On Tue, 17 Dec 2019 at 18:16, Taylor Simpson  wrote:
>> Question 2:
>> What is the best source of guidance on breaking down support for a new 
>> target into a patch series?
> 
> Look at how previous ports did it.

E.g. the hppa-linux-user port.  The initial merge ends at ebe9383caefd.

There are 15 patches -- mostly in linux-user -- before the one that enables
compilation.  At which point exactly zero instructions are actually implemented.

The actual cpu emulation comes afterwards in 8 patches (hppa 1.1 isn't terribly
complicated).


r~

[Bug 1856834] Re: Virtio broken in qemu ppc in 4.2.0 and other versions

[ecsdn]

Also tested on another system (Debian GNU/Linux 9 \n \l with kernel SMP
Debian 3.16.56-1+deb8u1 (2018-05-08) x86_64) besides the previous Ubuntu
17.04 and confirmed even Qemu 2.8.1 is working but Qemu 3.1.10 and
higher not working, virtio fails/freezes guest at vda as on the other
system.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1856834

Title:
  Virtio broken in qemu ppc in 4.2.0 and other versions

Status in QEMU:
  New

Bug description:
  The same qemu -M mpc... command that works on qemu-system-ppc version
  2.8.0 freezes guest on bootup and shows error for qemu-system-ppc
  version 4.2.0release and 4.19dirtygit:

  qemu-system-ppc: virtio-blk failed to set guest notifier (-24), ensure -accel 
kvm is set.
  qemu-system-ppc: virtio_bus_start_ioeventfd: failed. Fallback to userspace 
(slower).

  ends/freezes at:
  nbd: registered device at major 43
   vda:

  I'm using -drive file=/home/me/rawimage.dd,if=virtio and works fine in
  version 2.8.0 installed with apt-get install (Ubuntu 17.04) and also
  with 2.8.0 official release from git/github that I compiled/built
  myself. But both of the newer releases fail on the same exact machine
  same config.

  I also noticed that qemu-2.8.0 was fine with mtd but the newer ones I tried 
weren't, ie gave
  qemu-system-ppc: -drive if=mtd: machine type does not support 
if=mtd,bus=0,unit=0
  (but I removed -drive if=mtd since wasn't using it anyway)

  I also tried on windows but I think virtio doesn't work on windows
  hosts at all? On windows host it fails the same way, even version 2.12
  as well as 4.1.10...

  used:
  ./configure --prefix=/opt/... --enable-fdt --enable-kvm --enable-debug

  (basically all steps the same on same exact system same config, yet
  2.8.0 works fine whether apt-get installed or built from source while
  the others I built, 4.19/4.2.0 or 2.12/4.1.10(win) don't.)

  In case newer qemu versions act weird on various kernels, I did try with both 
vmlinuz-4.10.0-19-generic and vmlinuz-4.13.12-041312-generic (I didn't compile 
them but I can provide config-..files. This is on Ubuntu 17.04 x86_64 host 
emulating e500v2 cpm guest, ie -M mpc... GUEST kernel 2.6.32.44 which is why I 
can't use -M ppce500 instead..)
  tx
   ecs

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1856834/+subscriptions

Re: [PATCH v2 06/10] arm/arm-powerctl: rebuild hflags after setting CP15 bits in arm_set_cpu_on()

[Richard Henderson]

On 12/18/19 11:01 AM, Niek Linnenbank wrote:
> Hello Richard,
> 
> On Tue, Dec 17, 2019 at 5:41 PM Richard Henderson 
>  > wrote:
> 
> On 12/17/19 6:12 AM, Peter Maydell wrote:
> > Cc'ing Richard : this is one for you I think... (surely we
> > need to rebuild the hflags from scratch when we power up
> > a CPU anyway?)
> 
> We do compute hflags from scratch in reset.
> 
> It has also turned out that there were a few board models that poked at 
> the
> contents of the cpu and needed special help.  Some of that I would imagine
> would be fixed properly with the multi-phase reset patches, where we could
> rebuild hflags when *leaving* reset.
> 
> In arm_set_cpu_on_async_work, we start by resetting the cpu and then start
> poking at the contents of some system registers.  So, yes, we do need to
> rebuild after doing that.  Also, I'm not sure how this function should 
> fit into
> the multi-phase reset future.
> 
> 
> Great, thanks a lot for confirming and clarifying this!
> You mention the multi-phase reset feature, is that going to replace the
> arm_set_cpu_on() functionality?

I don't think so, but I'm not sure.  As I said above, I don't immediately see
how arm_set_cpu_on() will integrate.

In any case, multi-phase reset is still pending, though I believe it is high on
Peter's priority queue for the 5.0 development cycle.


r~

[PATCH v8 3/4] Acceptance tests: add make targets to download images

[Cleber Rosa]

The newly introduced "boot linux" tests make use of Linux images that
are larger than usual, and fall into what Avocado calls "vmimages",
and can be referred to by name, version and architecture.

The images can be downloaded automatically during the test. But, to
make for more reliable test results, this introduces a target that
will download the vmimages for the architectures that have been
configured and are available for the currently used distro (Fedora
31).

Signed-off-by: Cleber Rosa 
---
 tests/Makefile.include | 17 +++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index b381387048..78a6f089ff 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -1177,7 +1177,20 @@ $(TESTS_RESULTS_DIR):
 
 check-venv: $(TESTS_VENV_DIR)
 
-check-acceptance: check-venv $(TESTS_RESULTS_DIR)
+FEDORA_31_ARCHES_CANDIDATES=$(patsubst ppc64,ppc64le,$(TARGETS))
+FEDORA_31_ARCHES := x86_64 aarch64 ppc64le s390x
+FEDORA_31_DOWNLOAD=$(filter $(FEDORA_31_ARCHES),$(FEDORA_31_ARCHES_CANDIDATES))
+
+# download one specific Fedora 31 image
+get-vmimage-fedora-31-%: $(check-venv)
+   $(call quiet-command, \
+ $(TESTS_VENV_DIR)/bin/python -m avocado vmimage get \
+ --distro=fedora --distro-version=31 --arch=$*)
+
+# download all vm images, according to defined targets
+get-vmimage: $(patsubst %,get-vmimage-fedora-31-%, $(FEDORA_31_DOWNLOAD))
+
+check-acceptance: check-venv $(TESTS_RESULTS_DIR) get-vmimage
$(call quiet-command, \
 $(TESTS_VENV_DIR)/bin/python -m avocado \
 --show=$(AVOCADO_SHOW) run --job-results-dir=$(TESTS_RESULTS_DIR) \
@@ -1188,7 +1201,7 @@ check-acceptance: check-venv $(TESTS_RESULTS_DIR)
 
 # Consolidated targets
 
-.PHONY: check-block check-qapi-schema check-qtest check-unit check check-clean
+.PHONY: check-block check-qapi-schema check-qtest check-unit check check-clean 
get-vmimage
 check-qapi-schema: check-tests/qapi-schema/frontend 
check-tests/qapi-schema/doc-good.texi
 check-qtest: $(patsubst %,check-qtest-%, $(QTEST_TARGETS))
 check-block: $(patsubst %,check-%, $(check-block-y))
-- 
2.21.0

[PATCH v8 1/4] Acceptance tests: introduce BLD_DIR, SRC_DIR and LNK_DIR

[Cleber Rosa]

Some tests may benefit from using resources from a build directory.
This introduces three variables that can help tests find resources in
those directories.

First, a BLD_DIR is assumed to exist, given that the primary form of
running the acceptance tests is from a build directory (which may or
may not be the same as the source tree, that is, the SRC_DIR).

If the directory containing the acceptance tests happens to be a link
to a directory (kept as LNK_DIR), it's assumed to it points to the
source tree (SRC_DIR), which is the behavior defined on the QEMU
Makefiles.  If the directory containing the acceptance tests is not a
link, then a in-tree build is assumed, and the BLD_DIR and SRC_DIR are
the same and LNK_DIR is set None.

Signed-off-by: Cleber Rosa 
---
 tests/acceptance/avocado_qemu/__init__.py | 27 ++-
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/tests/acceptance/avocado_qemu/__init__.py 
b/tests/acceptance/avocado_qemu/__init__.py
index 6618ea67c1..ac7597f7fe 100644
--- a/tests/acceptance/avocado_qemu/__init__.py
+++ b/tests/acceptance/avocado_qemu/__init__.py
@@ -16,8 +16,23 @@ import tempfile
 
 import avocado
 
-SRC_ROOT_DIR = os.path.join(os.path.dirname(__file__), '..', '..', '..')
-sys.path.append(os.path.join(SRC_ROOT_DIR, 'python'))
+#: The QEMU build root directory.  It may also be the source directory
+#: if building from the source dir, but it's safer to use BLD_DIR for
+#: that purpose.  Be aware that if this code is moved outside of a source
+#: and build tree, it will not be accurate.
+BLD_DIR = 
os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(__file__
+
+if os.path.islink(os.path.dirname(os.path.dirname(__file__))):
+#: The link to the acceptance tests dir in the source code directory.  If
+#: build dir is the same as the source dir, this is set to None
+LNK_DIR = os.path.dirname(os.path.dirname(__file__))
+#: The QEMU root source directory
+SRC_DIR = os.path.dirname(os.path.dirname(os.readlink(LNK_DIR)))
+else:
+LNK_DIR = None
+SRC_DIR = BLD_DIR
+
+sys.path.append(os.path.join(SRC_DIR, 'python'))
 
 from qemu.machine import QEMUMachine
 
@@ -49,10 +64,10 @@ def pick_default_qemu_bin(arch=None):
 if is_readable_executable_file(qemu_bin_relative_path):
 return qemu_bin_relative_path
 
-qemu_bin_from_src_dir_path = os.path.join(SRC_ROOT_DIR,
+qemu_bin_from_bld_dir_path = os.path.join(BLD_DIR,
   qemu_bin_relative_path)
-if is_readable_executable_file(qemu_bin_from_src_dir_path):
-return qemu_bin_from_src_dir_path
+if is_readable_executable_file(qemu_bin_from_bld_dir_path):
+return qemu_bin_from_bld_dir_path
 
 
 def wait_for_console_pattern(test, success_message, failure_message=None):
@@ -122,7 +137,7 @@ class Test(avocado.Test):
 self.qemu_bin = self.params.get('qemu_bin',
 default=default_qemu_bin)
 if self.qemu_bin is None:
-self.cancel("No QEMU binary defined or found in the source tree")
+self.cancel("No QEMU binary defined or found in the build tree")
 
 def _new_vm(self, *args):
 vm = QEMUMachine(self.qemu_bin, sock_dir=tempfile.mkdtemp())
-- 
2.21.0

[PATCH v8 2/4] Acceptance test: add "boot_linux" tests

[Cleber Rosa]

This acceptance test, validates that a full blown Linux guest can
successfully boot in QEMU.  In this specific case, the guest chosen is
Fedora version 31.

 * x86_64, pc and q35 machine types, with and without kvm as an
   accelerator

 * aarch64 and virt machine type, with and without kvm as an
   accelerator

 * ppc64 and pseries machine type

 * s390x and s390-ccw-virtio machine type

The Avocado vmimage utils library is used to download and cache the
Linux guest images, and from those images a snapshot image is created
and given to QEMU.  If a qemu-img binary is available in the build
directory, it's used to create the snapshot image, so that matching
qemu-system-* and qemu-img are used in the same test run.  If qemu-img
is not available in the build tree, one is attempted to be found
installed system-wide (in the $PATH).  If qemu-img is not found in the
build dir or in the $PATH, the test is canceled.

The method for checking the successful boot is based on "cloudinit"
and its "phone home" feature.  The guest is given an ISO image with
the location of the phone home server, and the information to post
(the instance ID).  Upon receiving the correct information, from the
guest, the test is considered to have PASSed.

This test is currently limited to user mode networking only, and
instructs the guest to connect to the "router" address that is hard
coded in QEMU.

To create the cloudinit ISO image that will be used to configure the
guest, the pycdlib library is also required and has been added as
requirement to the virtual environment created by "check-venv".

The console output is read by a separate thread, by means of the
Avocado datadrainer utility module.

Signed-off-by: Cleber Rosa 
---
 .travis.yml|   2 +-
 tests/acceptance/boot_linux.py | 180 +
 tests/requirements.txt |   3 +-
 3 files changed, 183 insertions(+), 2 deletions(-)
 create mode 100644 tests/acceptance/boot_linux.py

diff --git a/.travis.yml b/.travis.yml
index 6cb8af6fa5..10c24330fd 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -264,7 +264,7 @@ matrix:
 
 # Acceptance (Functional) tests
 - env:
-- CONFIG="--python=/usr/bin/python3 
--target-list=x86_64-softmmu,mips-softmmu,mips64el-softmmu,aarch64-softmmu,arm-softmmu,s390x-softmmu,alpha-softmmu,ppc-softmmu,ppc64-softmmu,m68k-softmmu,sparc-softmmu"
+- CONFIG="--python=/usr/bin/python3 --enable-tools 
--target-list=x86_64-softmmu,mips-softmmu,mips64el-softmmu,aarch64-softmmu,arm-softmmu,s390x-softmmu,alpha-softmmu,ppc-softmmu,ppc64-softmmu,m68k-softmmu,sparc-softmmu"
 - TEST_CMD="make check-acceptance"
   after_failure:
 - cat tests/results/latest/job.log
diff --git a/tests/acceptance/boot_linux.py b/tests/acceptance/boot_linux.py
new file mode 100644
index 00..495ff2963c
--- /dev/null
+++ b/tests/acceptance/boot_linux.py
@@ -0,0 +1,180 @@
+# Functional test that boots a complete Linux system via a cloud image
+#
+# Copyright (c) 2018-2019 Red Hat, Inc.
+#
+# Author:
+#  Cleber Rosa 
+#
+# This work is licensed under the terms of the GNU GPL, version 2 or
+# later.  See the COPYING file in the top-level directory.
+
+import os
+
+from avocado_qemu import Test, BLD_DIR
+
+from qemu.accel import kvm_available
+
+from avocado.utils import cloudinit
+from avocado.utils import network
+from avocado.utils import vmimage
+from avocado.utils import datadrainer
+
+
+KVM_NOT_AVAILABLE = "KVM accelerator does not seem to be available"
+
+
+class BootLinux(Test):
+"""
+Boots a Linux system, checking for a successful initialization
+"""
+
+timeout = 900
+chksum = None
+
+def setUp(self):
+super(BootLinux, self).setUp()
+self.prepare_boot()
+self.vm.add_args('-smp', '2')
+self.vm.add_args('-m', '2048')
+self.vm.add_args('-drive', 'file=%s' % self.boot.path)
+self.prepare_cloudinit()
+
+def prepare_boot(self):
+self.log.info('Downloading/preparing boot image')
+# Fedora 31 only provides ppc64le images
+image_arch = self.arch
+if image_arch == 'ppc64':
+image_arch = 'ppc64le'
+# If qemu-img has been built, use it, otherwise the system wide one
+# will be used.  If none is available, the test will cancel.
+qemu_img = os.path.join(BLD_DIR, 'qemu-img')
+if os.path.exists(qemu_img):
+vmimage.QEMU_IMG = qemu_img
+try:
+self.boot = vmimage.get(
+'fedora', arch=image_arch, version='31',
+checksum=self.chksum,
+algorithm='sha256',
+cache_dir=self.cache_dirs[0],
+snapshot_dir=self.workdir)
+except:
+self.cancel('Failed to download/prepare boot image')
+
+def prepare_cloudinit(self):
+self.log.info('Preparing cloudinit image')
+try:
+cloudinit_iso = os.path.join(self.workdir, 

[PATCH v8 4/4] [TO BE REMOVED] Use Avocado master branch + vmimage fix

[Cleber Rosa]

This uses the Avocado from a custom branch that contains a fix, and is
proposed on the upstream Avocado project as pull request #3406.

Upon inclusion and a new release, this should be dropped and the
Avocado version bumped to 74.0.

Reference: https://github.com/avocado-framework/avocado/pull/3406
Signed-off-by: Cleber Rosa 
---
 tests/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/requirements.txt b/tests/requirements.txt
index 0192c352cd..ed99c25d03 100644
--- a/tests/requirements.txt
+++ b/tests/requirements.txt
@@ -1,5 +1,5 @@
 # Add Python module requirements, one per line, to be installed
 # in the tests/venv Python virtual environment. For more info,
 # refer to: https://pip.pypa.io/en/stable/user_guide/#id1
-avocado-framework==73.0
+-e 
git+https://github.com/clebergnu/avocado@vmimage_lazy_no_snapshot#egg=avocado_framework
 pycdlib==1.8.0
-- 
2.21.0

[PATCH v8 0/4] Acceptance test: Add "boot_linux" acceptance test

[Cleber Rosa]

This acceptance test, validates that a full blown Linux guest can
successfully boot in QEMU.  In this specific case, the guest chosen is
Fedora version 31.

 * x86_64, pc and q35 machine types, with and without kvm as an
   accellerator

 * aarch64 and virt machine type, with and without kvm as an
   accellerator

 * ppc64 and pseries machine type

 * s390x and s390-ccw-virtio machine type

This has been tested on x86_64 and ppc64le hosts and has been running
reliably (in my experience) on Travis CI.

On s390x hosts, it needs a pycdlib fix that has been merged on the
upstream project, but it's still pending being part of a release.

Git:
  - URI: https://github.com/clebergnu/qemu/tree/test_boot_linux_v8
  - Remote: https://github.com/clebergnu/qemu
  - Branch: test_boot_linux_v8

Travis CI:
  - Build: https://travis-ci.org/clebergnu/qemu/builds/626935191

Previous version:
  - v7: https://lists.gnu.org/archive/html/qemu-devel/2019-11/msg00220.html
  - v6: https://lists.gnu.org/archive/html/qemu-devel/2019-06/msg01202.html
  - v5: https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg04652.html
  - v4: https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg02032.html
  - v3: https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg01677.html
  - v2: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04318.html
  - v1: http://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02530.html

Changes from v7:


This version drops a number of commits that had been already reviewed
and have been merged:

 * Dropped commit "Acceptance tests: use relative location for tests",
   already present in the latest master.

 * Dropped commit "Acceptance tests: use avocado tags for machine type",
   already present in the latest master.

 * Dropped commit: "Acceptance tests: introduce utility method for tags
   unique vals", already present in the latest master.

With regards to the handling of the build directory, and the usage of
a qemu-img binary from the build tree, the following changed:

 * Dropped commit "Acceptance tests: add the build directory to the
   system PATH", because the qemu-img binary to be used is now
   explicitly defined, instead of relying on the modification of the
   PATH environment variable.

 * Dropped commit "Acceptance tests: depend on qemu-img", replaced by
   explicitly setting the qemu-img binary to be used for snapshot
   generation.  Also, the newly added "--enable-tools" configure line
   on Travis CI makes sure that a matching qemu-img binary is
   available on CI.

 * Dropped commit "Acceptance tests: keep a stable reference to the
   QEMU build dir", replaced by a different approach that introduces
   variables tracking the build dir, source dir and link (from build
   to source) dir.

 * New commit "Acceptance tests: introduce BLD_DIR, SRC_DIR and
   LNK_DIR".

 * New commit "Acceptance tests: add make targets to download images",
   that downloads the cloud images, aka vmimages, before the test
   execution itself.

 * New commit "[TO BE REMOVED] Use Avocado master branch + vmimage fix"
   to facilitate the review/test of this version.

Additionally:

  * The check for the availability of kvm now makes use of the
strengthened qemu.accel.kvm_available() and passes the QEMU binary
as an argument to make sure KVM support is compiled into that
binary.

 * The timeout was increased to 900 seconds.  This is just one extra
   step to avoid false negatives on very slow systems.  As a
   comparison, on Travis CI, on a x86_64 host, the slowest test takes
   around 250 seconds (boot_linux.py:BootLinuxAarch64.test_virt).  On
   x86_64 systems with KVM enabled, my experience is that a test will
   take around 15 seconds.

Changes from v6:


 * Bumped Fedora to most recently released version (31).

 * Included new architectures (ppc64 and s390x), consolidating all
   tests into the same commit.

 * New commit: "Acceptance tests: use avocado tags for machine type"

 * New commit: "Acceptance tests: introduce utility method for tags
   unique vals"

 * New commit: "Acceptance test x86_cpu_model_versions: use default
   vm", needed to normalize the use of the machine type tags

 * Added a lot of leniency to the test setup (and reliability to the
   test/job), canceling the test if there are any failures while
   downloading/preparing the boot images.

 * Made use of Avocado's data drainer a regular feature (dropped the
   commit with RFC) and squashed it.

 * Bumped pycdlib version to 1.8.0

 * Dropped explicit "--enable-slirp=git" (added on v5) to Travis CI
   configure line, as the default configuration on Travis CI now
   results in user networking capabilities.

Changes from v5:


 * Added explicit "--enable-slirp=git" to Travis CI configure line, as
   these tests depend on "-netdev user" like networking.

 * Bumped Fedora to most recently released version (30).

 * Changed "checksum" parameter to 'sha256' and use the same 

[PATCH v39 02/22] target/avr: Add instruction helpers

[Michael Rolnik]

Stubs for unimplemented instructions and helpers for instructions that need to 
interact with QEMU.
SPM and WDR are unimplemented because they require emulation of complex 
peripherals.
The implementation of SLEEP is very limited due to the lack of peripherals to 
generate wake interrupts.
Memory access instructions are implemented here because some address ranges 
actually refer to CPU registers.

Signed-off-by: Michael Rolnik 
Tested-by: Philippe Mathieu-Daudé 
---
 target/avr/helper.h |  29 
 target/avr/helper.c | 347 
 2 files changed, 376 insertions(+)
 create mode 100644 target/avr/helper.h
 create mode 100644 target/avr/helper.c

diff --git a/target/avr/helper.h b/target/avr/helper.h
new file mode 100644
index 00..bf087504a8
--- /dev/null
+++ b/target/avr/helper.h
@@ -0,0 +1,29 @@
+/*
+ * QEMU AVR CPU
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+DEF_HELPER_1(wdr, void, env)
+DEF_HELPER_1(debug, void, env)
+DEF_HELPER_1(break, void, env)
+DEF_HELPER_1(sleep, void, env)
+DEF_HELPER_1(unsupported, void, env)
+DEF_HELPER_3(outb, void, env, i32, i32)
+DEF_HELPER_2(inb, tl, env, i32)
+DEF_HELPER_3(fullwr, void, env, i32, i32)
+DEF_HELPER_2(fullrd, tl, env, i32)
diff --git a/target/avr/helper.c b/target/avr/helper.c
new file mode 100644
index 00..dd053b0b48
--- /dev/null
+++ b/target/avr/helper.c
@@ -0,0 +1,347 @@
+/*
+ * QEMU AVR CPU
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "exec/exec-all.h"
+#include "exec/helper-proto.h"
+
+bool avr_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
+{
+bool ret = false;
+CPUClass *cc = CPU_GET_CLASS(cs);
+AVRCPU *cpu = AVR_CPU(cs);
+CPUAVRState *env = >env;
+
+if (interrupt_request & CPU_INTERRUPT_RESET) {
+if (cpu_interrupts_enabled(env)) {
+cs->exception_index = EXCP_RESET;
+cc->do_interrupt(cs);
+
+cs->interrupt_request &= ~CPU_INTERRUPT_RESET;
+
+ret = true;
+}
+}
+if (interrupt_request & CPU_INTERRUPT_HARD) {
+if (cpu_interrupts_enabled(env) && env->intsrc != 0) {
+int index = ctz32(env->intsrc);
+cs->exception_index = EXCP_INT(index);
+cc->do_interrupt(cs);
+
+env->intsrc &= env->intsrc - 1; /* clear the interrupt */
+cs->interrupt_request &= ~CPU_INTERRUPT_HARD;
+
+ret = true;
+}
+}
+return ret;
+}
+
+void avr_cpu_do_interrupt(CPUState *cs)
+{
+AVRCPU *cpu = AVR_CPU(cs);
+CPUAVRState *env = >env;
+
+uint32_t ret = env->pc_w;
+int vector = 0;
+int size = avr_feature(env, AVR_FEATURE_JMP_CALL) ? 2 : 1;
+int base = 0;
+
+if (cs->exception_index == EXCP_RESET) {
+vector = 0;
+} else if (env->intsrc != 0) {
+vector = ctz32(env->intsrc) + 1;
+}
+
+if (avr_feature(env, AVR_FEATURE_3_BYTE_PC)) {
+cpu_stb_data(env, env->sp--, (ret & 0xff));
+cpu_stb_data(env, env->sp--, (ret & 0x00ff00) >> 8);
+cpu_stb_data(env, env->sp--, (ret & 0xff) >> 16);
+} else if (avr_feature(env, AVR_FEATURE_2_BYTE_PC)) {
+cpu_stb_data(env, env->sp--, (ret & 0xff));
+cpu_stb_data(env, env->sp--, (ret & 0x00ff00) >> 8);
+} else {
+cpu_stb_data(env, env->sp--, (ret & 0xff));
+}
+
+env->pc_w = base + vector * size;
+env->sregI = 0; /* clear Global Interrupt Flag */
+
+cs->exception_index = -1;
+}
+
+int avr_cpu_memory_rw_debug(CPUState *cs, vaddr addr, uint8_t *buf,

Re: [PATCH v2 5/7] configure: Unnest detection of -z, relro and -z, now

[Philippe Mathieu-Daudé]

On 12/18/19 11:34 PM, Richard Henderson wrote:

There is nothing about these options that is related to PIE.
Use them unconditionally.

Signed-off-by: Richard Henderson 
---
v2: Do not split into two tests.
---
  configure | 9 ++---
  1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index 7a646ec007..2503288654 100755
--- a/configure
+++ b/configure
@@ -2040,9 +2040,6 @@ if test "$pie" != "no" ; then
  QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
  LDFLAGS="-pie $LDFLAGS"
  pie="yes"
-if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
-  LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
-fi
else
  if test "$pie" = "yes"; then
error_exit "PIE not available due to missing toolchain support"
@@ -2053,6 +2050,12 @@ if test "$pie" != "no" ; then
fi
  fi
  
+# Detect support for PT_GNU_RELRO + DT_BIND_NOW.

+# The combination is known as "full relro", because .got is read-only too.
+if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
+  LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
+fi
+
  ##
  # __sync_fetch_and_and requires at least -march=i486. Many toolchains
  # use i686 as default anyway, but for those that don't, an explicit



Reviewed-by: Philippe Mathieu-Daudé 

Re: [RFC PATCH v2 02/14] hw/ipmi: Explicit we ignore some QEMUChrEvent in IOEventHandler

[Philippe Mathieu-Daudé]

On 12/18/19 9:47 PM, Richard Henderson wrote:

On 12/18/19 7:19 AM, Philippe Mathieu-Daudé wrote:

The Chardev events are listed in the QEMUChrEvent enum. To be
able to use this enum in the IOEventHandler typedef, we need to
explicit all the events ignored by this frontend, to silent the
following GCC warning:


In the title, s/Explicit we/Explicitly/.

Here in the body, "need to be explicit about all the events ignored", "to 
silence".

This same grammar cleanup applies to patches 2-13.


OK I'll fix that.



Otherwise,
Reviewed-by: Richard Henderson 
for all of 2-13.


Thanks!

Re: [PATCH] iotests: Add more "_require_drivers" checks to the shell-based tests

[Eric Blake]

On 12/18/19 10:15 AM, Thomas Huth wrote:

Test 051 should be skipped if nbd is not available, and 267 should
be skipped if copy-on-read is not enabled.

Signed-off-by: Thomas Huth 
---
  tests/qemu-iotests/051 | 1 +
  tests/qemu-iotests/267 | 1 +
  2 files changed, 2 insertions(+)


Reviewed-by: Eric Blake 



diff --git a/tests/qemu-iotests/051 b/tests/qemu-iotests/051
index 53bcdbc911..a13bce2fd0 100755
--- a/tests/qemu-iotests/051
+++ b/tests/qemu-iotests/051
@@ -41,6 +41,7 @@ _supported_proto file
  # A compat=0.10 image is created in this test which does not support anything
  # other than refcount_bits=16
  _unsupported_imgopts 'refcount_bits=\([^1]\|.\([^6]\|$\)\)'
+_require_drivers nbd
  
  do_run_qemu()

  {
diff --git a/tests/qemu-iotests/267 b/tests/qemu-iotests/267
index 17ac640a83..c1536f45b9 100755
--- a/tests/qemu-iotests/267
+++ b/tests/qemu-iotests/267
@@ -40,6 +40,7 @@ trap "_cleanup; exit \$status" 0 1 2 3 15
  _supported_fmt qcow2
  _supported_proto file
  _supported_os Linux
+_require_drivers copy-on-read
  
  # Internal snapshots are (currently) impossible with refcount_bits=1

  _unsupported_imgopts 'refcount_bits=1[^0-9]'



--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

[PATCH v2 7/7] configure: Support -static-pie if requested

[Richard Henderson]

Recent toolchains support static and pie at the same time.

As with normal dynamic builds, allow --static to default to PIE
if supported by the toolchain.  Allow --enable/--disable-pie to
override the default.

Signed-off-by: Richard Henderson 
---
v2: Fix --disable-pie --static
---
 configure | 19 ---
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/configure b/configure
index f6ff079fab..55586c5498 100755
--- a/configure
+++ b/configure
@@ -1024,7 +1024,6 @@ for opt do
   ;;
   --static)
 static="yes"
-LDFLAGS="-static $LDFLAGS"
 QEMU_PKG_CONFIG_FLAGS="--static $QEMU_PKG_CONFIG_FLAGS"
   ;;
   --mandir=*) mandir="$optarg"
@@ -2000,11 +1999,6 @@ if test "$static" = "yes" ; then
   if test "$modules" = "yes" ; then
 error_exit "static and modules are mutually incompatible"
   fi
-  if test "$pie" = "yes" ; then
-error_exit "static and pie are mutually incompatible"
-  else
-pie="no"
-  fi
 fi
 
 # Unconditional check for compiler __thread support
@@ -2035,7 +2029,18 @@ if compile_prog "-Werror -fno-pie" "-no-pie"; then
   LDFLAGS_NOPIE="-no-pie"
 fi
 
-if test "$pie" = "no"; then
+if test "$static" = "yes"; then
+  if test "$pie" != "no" && compile_prog "-fPIE -DPIE" "-static-pie"; then
+QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
+LDFLAGS="-static-pie $LDFLAGS"
+pie="yes"
+  elif test "$pie" = "yes"; then
+error_exit "-static-pie not available due to missing toolchain support"
+  else
+LDFLAGS="-static $LDFLAGS"
+pie="no"
+  fi
+elif test "$pie" = "no"; then
   QEMU_CFLAGS="$CFLAGS_NOPIE $QEMU_CFLAGS"
   LDFLAGS="$LDFLAGS_NOPIE $LDFLAGS"
 elif compile_prog "-fPIE -DPIE" "-pie"; then
-- 
2.20.1

[PATCH v2 6/7] configure: Override the os default with --disable-pie

[Richard Henderson]

Some distributions, e.g. Ubuntu 19.10, enable PIE by default.
If for some reason one wishes to build a non-pie binary, we
must provide additional options to override.

At the same time, reorg the code to an elif chain.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Signed-off-by: Richard Henderson 
---
 configure | 25 -
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/configure b/configure
index 2503288654..f6ff079fab 100755
--- a/configure
+++ b/configure
@@ -2035,19 +2035,18 @@ if compile_prog "-Werror -fno-pie" "-no-pie"; then
   LDFLAGS_NOPIE="-no-pie"
 fi
 
-if test "$pie" != "no" ; then
-  if compile_prog "-fPIE -DPIE" "-pie"; then
-QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
-LDFLAGS="-pie $LDFLAGS"
-pie="yes"
-  else
-if test "$pie" = "yes"; then
-  error_exit "PIE not available due to missing toolchain support"
-else
-  echo "Disabling PIE due to missing toolchain support"
-  pie="no"
-fi
-  fi
+if test "$pie" = "no"; then
+  QEMU_CFLAGS="$CFLAGS_NOPIE $QEMU_CFLAGS"
+  LDFLAGS="$LDFLAGS_NOPIE $LDFLAGS"
+elif compile_prog "-fPIE -DPIE" "-pie"; then
+  QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
+  LDFLAGS="-pie $LDFLAGS"
+  pie="yes"
+elif test "$pie" = "yes"; then
+  error_exit "PIE not available due to missing toolchain support"
+else
+  echo "Disabling PIE due to missing toolchain support"
+  pie="no"
 fi
 
 # Detect support for PT_GNU_RELRO + DT_BIND_NOW.
-- 
2.20.1

[PATCH v2 4/7] configure: Always detect -no-pie toolchain support

[Richard Henderson]

The CFLAGS_NOPIE and LDFLAGS_NOPIE variables are used
in pc-bios/optionrom/Makefile, which has nothing to do
with the PIE setting of the main qemu executables.

This overrides any operating system default to build
all executables as PIE, which is important for ROMs.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Signed-off-by: Richard Henderson 
---
 configure | 18 --
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/configure b/configure
index 99faf64a74..7a646ec007 100755
--- a/configure
+++ b/configure
@@ -2018,26 +2018,24 @@ if ! compile_prog "-Werror" "" ; then
"Thread-Local Storage (TLS). Please upgrade to a version that does."
 fi
 
-if test "$pie" != "no" ; then
-  cat > $TMPC << EOF
+cat > $TMPC << EOF
 
 #ifdef __linux__
 #  define THREAD __thread
 #else
 #  define THREAD
 #endif
-
 static THREAD int tls_var;
-
 int main(void) { return tls_var; }
-
 EOF
-  # check we support --no-pie first...
-  if compile_prog "-Werror -fno-pie" "-no-pie"; then
-CFLAGS_NOPIE="-fno-pie"
-LDFLAGS_NOPIE="-nopie"
-  fi
 
+# Check we support --no-pie first; we will need this for building ROMs.
+if compile_prog "-Werror -fno-pie" "-no-pie"; then
+  CFLAGS_NOPIE="-fno-pie"
+  LDFLAGS_NOPIE="-no-pie"
+fi
+
+if test "$pie" != "no" ; then
   if compile_prog "-fPIE -DPIE" "-pie"; then
 QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
 LDFLAGS="-pie $LDFLAGS"
-- 
2.20.1

[PATCH v2 3/7] configure: Do not force pie=no for non-x86

[Richard Henderson]

PIE is supported on many other hosts besides x86.

The default for non-x86 is now the same as x86: pie is used
if supported, and may be forced via --enable/--disable-pie.

The original commit (40d6444e91c) said:

  "Non-x86 are not changed, as they require TCG changes"

but I think that's wrong -- there's nothing about PIE that
affects TCG one way or another.

Tested on aarch64 (bionic) and ppc64le (centos 7) hosts.

Signed-off-by: Richard Henderson 
---
 configure | 10 --
 1 file changed, 10 deletions(-)

diff --git a/configure b/configure
index 30e3875c6b..99faf64a74 100755
--- a/configure
+++ b/configure
@@ -2018,16 +2018,6 @@ if ! compile_prog "-Werror" "" ; then
"Thread-Local Storage (TLS). Please upgrade to a version that does."
 fi
 
-if test "$pie" = ""; then
-  case "$cpu-$targetos" in
-i386-Linux|x86_64-Linux|x32-Linux|i386-OpenBSD|x86_64-OpenBSD)
-  ;;
-*)
-  pie="no"
-  ;;
-  esac
-fi
-
 if test "$pie" != "no" ; then
   cat > $TMPC << EOF
 
-- 
2.20.1

[PATCH v2 1/7] configure: Drop adjustment of textseg

[Richard Henderson]

This adjustment was random and unnecessary.  The user mode
startup code in probe_guest_base() will choose a value for
guest_base that allows the host qemu binary to not conflict
with the guest binary.

With modern distributions, this isn't even used, as the default
is PIE, which does the same job in a more portable way.

Reviewed-by: Thomas Huth 
Signed-off-by: Richard Henderson 
---
v2: Remove mention of config-host.ld from make distclean
---
 Makefile  |  2 +-
 configure | 47 ---
 2 files changed, 1 insertion(+), 48 deletions(-)

diff --git a/Makefile b/Makefile
index 1361def144..adf83f75a1 100644
--- a/Makefile
+++ b/Makefile
@@ -735,7 +735,7 @@ rm -f $(MANUAL_BUILDDIR)/$1/objects.inv 
$(MANUAL_BUILDDIR)/$1/searchindex.js $(M
 endef
 
 distclean: clean
-   rm -f config-host.mak config-host.h* config-host.ld $(DOCS) 
qemu-options.texi qemu-img-cmds.texi qemu-monitor.texi qemu-monitor-info.texi
+   rm -f config-host.mak config-host.h* $(DOCS) qemu-options.texi 
qemu-img-cmds.texi qemu-monitor.texi qemu-monitor-info.texi
rm -f tests/tcg/config-*.mak
rm -f config-all-devices.mak config-all-disas.mak config.status
rm -f $(SUBDIR_DEVICES_MAK)
diff --git a/configure b/configure
index e0c66ee9b6..30e3875c6b 100755
--- a/configure
+++ b/configure
@@ -6298,49 +6298,6 @@ if test "$cpu" = "s390x" ; then
   fi
 fi
 
-# Probe for the need for relocating the user-only binary.
-if ( [ "$linux_user" = yes ] || [ "$bsd_user" = yes ] ) && [ "$pie" = no ]; 
then
-  textseg_addr=
-  case "$cpu" in
-arm | i386 | ppc* | s390* | sparc* | x86_64 | x32)
-  # ??? Rationale for choosing this address
-  textseg_addr=0x6000
-  ;;
-mips)
-  # A 256M aligned address, high in the address space, with enough
-  # room for the code_gen_buffer above it before the stack.
-  textseg_addr=0x6000
-  ;;
-  esac
-  if [ -n "$textseg_addr" ]; then
-cat > $TMPC &1; then
-error_exit \
-"We need to link the QEMU user mode binaries at a" \
-"specific text address. Unfortunately your linker" \
-"doesn't support either the -Ttext-segment option or" \
-"printing the default linker script with --verbose." \
-"If you don't want the user mode binaries, pass the" \
-"--disable-user option to configure."
-  fi
-
-  $ld --verbose | sed \
--e '1,/==/d' \
--e '/==/,$d' \
--e "s/[.] = [0-9a-fx]* [+] SIZEOF_HEADERS/. = $textseg_addr + 
SIZEOF_HEADERS/" \
--e "s/__executable_start = [0-9a-fx]*/__executable_start = 
$textseg_addr/" > config-host.ld
-  textseg_ldflags="-Wl,-T../config-host.ld"
-fi
-  fi
-fi
-
 # Check that the C++ compiler exists and works with the C compiler.
 # All the QEMU_CXXFLAGS are based on QEMU_CFLAGS. Keep this at the end to 
don't miss any other that could be added.
 if has $cxx; then
@@ -7903,10 +7860,6 @@ if test "$gprof" = "yes" ; then
   fi
 fi
 
-if test "$target_linux_user" = "yes" || test "$target_bsd_user" = "yes" ; then
-  ldflags="$ldflags $textseg_ldflags"
-fi
-
 # Newer kernels on s390 check for an S390_PGSTE program header and
 # enable the pgste page table extensions in that case. This makes
 # the vm.allocate_pgste sysctl unnecessary. We enable this program
-- 
2.20.1

[PATCH v2 2/7] tcg: Remove softmmu code_gen_buffer fixed address

[Richard Henderson]

The commentary talks about "in concert with the addresses
assigned in the relevant linker script", except there is no
linker script for softmmu, nor has there been for some time.

(Do not confuse the user-only linker script editing that was
removed in the previous patch, because user-only does not
use this code_gen_buffer allocation method.)

Reviewed-by: Thomas Huth 
Signed-off-by: Richard Henderson 
---
 accel/tcg/translate-all.c | 37 +
 1 file changed, 5 insertions(+), 32 deletions(-)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 9f48da9472..88468a1c08 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -1032,47 +1032,20 @@ static inline void *alloc_code_gen_buffer(void)
 {
 int prot = PROT_WRITE | PROT_READ | PROT_EXEC;
 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
-uintptr_t start = 0;
 size_t size = tcg_ctx->code_gen_buffer_size;
 void *buf;
 
-/* Constrain the position of the buffer based on the host cpu.
-   Note that these addresses are chosen in concert with the
-   addresses assigned in the relevant linker script file.  */
-# if defined(__PIE__) || defined(__PIC__)
-/* Don't bother setting a preferred location if we're building
-   a position-independent executable.  We're more likely to get
-   an address near the main executable if we let the kernel
-   choose the address.  */
-# elif defined(__x86_64__) && defined(MAP_32BIT)
-/* Force the memory down into low memory with the executable.
-   Leave the choice of exact location with the kernel.  */
-flags |= MAP_32BIT;
-/* Cannot expect to map more than 800MB in low memory.  */
-if (size > 800u * 1024 * 1024) {
-tcg_ctx->code_gen_buffer_size = size = 800u * 1024 * 1024;
-}
-# elif defined(__sparc__)
-start = 0x4000ul;
-# elif defined(__s390x__)
-start = 0x9000ul;
-# elif defined(__mips__)
-#  if _MIPS_SIM == _ABI64
-start = 0x12800ul;
-#  else
-start = 0x0800ul;
-#  endif
-# endif
-
-buf = mmap((void *)start, size, prot, flags, -1, 0);
+buf = mmap(NULL, size, prot, flags, -1, 0);
 if (buf == MAP_FAILED) {
 return NULL;
 }
 
 #ifdef __mips__
 if (cross_256mb(buf, size)) {
-/* Try again, with the original still mapped, to avoid re-acquiring
-   that 256mb crossing.  This time don't specify an address.  */
+/*
+ * Try again, with the original still mapped, to avoid re-acquiring
+ * the same 256mb crossing.
+ */
 size_t size2;
 void *buf2 = mmap(NULL, size, prot, flags, -1, 0);
 switch ((int)(buf2 != MAP_FAILED)) {
-- 
2.20.1

[PATCH v2 0/7] configure: Improve PIE and other linkage

[Richard Henderson]

This begins by dropping the -Ttext-segment stuff, which Fangrui Song
correctly points out does not work with lld.  But it's also obsolete,
so instead of adding support for lld's --image-base, remove it all.

Then, remove some other legacy random addresses that were supposed
to apply to softmmu, but didn't really make any sense, and aren't
used anyway when PIE is used, which is the default with a modern
linux distribution.

Then, clean up some of the configure logic surrounding PIE, and its
current non-application to non-x86.

Finally, add support for static-pie linking.

Changes in v2:
 - Remove mention of config-host.ld from make distclean
 - Do not split -z,rodata/-z,now into two tests
 - Fix --disable-pie --static

Tested in conjunction with AJB's 
  configure: allow disable of cross compilation container
  https://lists.gnu.org/archive/html/qemu-devel/2019-12/msg02943.html

as otherwise check-tcg simply doesn't work on aarch64 if you happen
to have docker installed.


r~


Richard Henderson (7):
  configure: Drop adjustment of textseg
  tcg: Remove softmmu code_gen_buffer fixed address
  configure: Do not force pie=no for non-x86
  configure: Always detect -no-pie toolchain support
  configure: Unnest detection of -z,relro and -z,now
  configure: Override the os default with --disable-pie
  configure: Support -static-pie if requested

 Makefile  |   2 +-
 accel/tcg/translate-all.c |  37 ++--
 configure | 116 +++---
 3 files changed, 38 insertions(+), 117 deletions(-)

-- 
2.20.1

[PATCH v2 5/7] configure: Unnest detection of -z,relro and -z,now

[Richard Henderson]

There is nothing about these options that is related to PIE.
Use them unconditionally.

Signed-off-by: Richard Henderson 
---
v2: Do not split into two tests.
---
 configure | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index 7a646ec007..2503288654 100755
--- a/configure
+++ b/configure
@@ -2040,9 +2040,6 @@ if test "$pie" != "no" ; then
 QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
 LDFLAGS="-pie $LDFLAGS"
 pie="yes"
-if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
-  LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
-fi
   else
 if test "$pie" = "yes"; then
   error_exit "PIE not available due to missing toolchain support"
@@ -2053,6 +2050,12 @@ if test "$pie" != "no" ; then
   fi
 fi
 
+# Detect support for PT_GNU_RELRO + DT_BIND_NOW.
+# The combination is known as "full relro", because .got is read-only too.
+if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
+  LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
+fi
+
 ##
 # __sync_fetch_and_and requires at least -march=i486. Many toolchains
 # use i686 as default anyway, but for those that don't, an explicit
-- 
2.20.1

Re: [PATCH 0/7] configure: Improve PIE and other linkage

[Richard Henderson]

On 12/17/19 9:28 PM, Fangrui Song wrote:
> How will this patch set affect statically linked user mode binaries?
> (qemu-user-static packages on Debian, CentOS, ...)

The statically linked user mode binaries will still build, and should still be
able to run any guest binary that could be run before.

If the distribution is new enough to support -static-pie, then that will be
automatically used.

r~

Re: [PATCH v1 0/4] semihosting read console support

[Keith Packard]

Alex Bennée  writes:

> Hi,
>
> This series introduces a new "blocking" console read function for
> semihosting and plumbs it in to the ARM semihosting code. The main bit
> of work is Keith's patch (with a few tweaks by me). The other
> preparatory patches make sure the PC is updated after semihosting
> succeeds and a little bit of clean-up.
>
> The following patches need review
>01 - target arm remove unused EXCP_SEMIHOST leg
>02 - target arm only update pc after semihosting compl
>04 - tests tcg add a dumb as bricks semihosting consol

I've reviewed all four of these patches to the best of my (limited)
ability. I've also tested this with picolibc's semihosting support for
cortex-m3

Reviewed-by: Keith Packard 
Tested-by: Keith Packard 

Thanks much for the rework, definitely beyond my understanding of QEMU
internals.

-- 
-keith


signature.asc
Description: PGP signature

[PATCH v39 01/22] target/avr: Add outward facing interfaces and core CPU logic

[Michael Rolnik]

This includes:
- CPU data structures
- object model classes and functions
- migration functions
- GDB hooks

Co-developed-by: Michael Rolnik 
Co-developed-by: Sarah Harris 
Signed-off-by: Michael Rolnik 
Signed-off-by: Sarah Harris 
Signed-off-by: Michael Rolnik 
Acked-by: Igor Mammedov 
Tested-by: Philippe Mathieu-Daudé 
---
 target/avr/cpu-param.h |  37 +++
 target/avr/cpu-qom.h   |  54 
 target/avr/cpu.h   | 258 
 target/avr/cpu.c   | 654 +
 target/avr/gdbstub.c   |  84 ++
 target/avr/machine.c   | 121 
 gdb-xml/avr-cpu.xml|  49 +++
 7 files changed, 1257 insertions(+)
 create mode 100644 target/avr/cpu-param.h
 create mode 100644 target/avr/cpu-qom.h
 create mode 100644 target/avr/cpu.h
 create mode 100644 target/avr/cpu.c
 create mode 100644 target/avr/gdbstub.c
 create mode 100644 target/avr/machine.c
 create mode 100644 gdb-xml/avr-cpu.xml

diff --git a/target/avr/cpu-param.h b/target/avr/cpu-param.h
new file mode 100644
index 00..0c29ce4223
--- /dev/null
+++ b/target/avr/cpu-param.h
@@ -0,0 +1,37 @@
+/*
+ * QEMU AVR CPU
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#ifndef AVR_CPU_PARAM_H
+#define AVR_CPU_PARAM_H
+
+#define TARGET_LONG_BITS 32
+/*
+ * TARGET_PAGE_BITS cannot be more than 8 bits because
+ * 1.  all IO registers occupy [0x .. 0x00ff] address range, and they
+ * should be implemented as a device and not memory
+ * 2.  SRAM starts at the address 0x0100
+ */
+#define TARGET_PAGE_BITS 8
+#define TARGET_PHYS_ADDR_SPACE_BITS 24
+#define TARGET_VIRT_ADDR_SPACE_BITS 24
+#define NB_MMU_MODES 2
+
+
+#endif
diff --git a/target/avr/cpu-qom.h b/target/avr/cpu-qom.h
new file mode 100644
index 00..e28b58c897
--- /dev/null
+++ b/target/avr/cpu-qom.h
@@ -0,0 +1,54 @@
+/*
+ * QEMU AVR CPU
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#ifndef QEMU_AVR_QOM_H
+#define QEMU_AVR_QOM_H
+
+#include "hw/core/cpu.h"
+
+#define TYPE_AVR_CPU "avr-cpu"
+
+#define AVR_CPU_CLASS(klass) \
+OBJECT_CLASS_CHECK(AVRCPUClass, (klass), TYPE_AVR_CPU)
+#define AVR_CPU(obj) \
+OBJECT_CHECK(AVRCPU, (obj), TYPE_AVR_CPU)
+#define AVR_CPU_GET_CLASS(obj) \
+OBJECT_GET_CLASS(AVRCPUClass, (obj), TYPE_AVR_CPU)
+
+/**
+ *  AVRCPUClass:
+ *  @parent_realize: The parent class' realize handler.
+ *  @parent_reset: The parent class' reset handler.
+ *  @vr: Version Register value.
+ *
+ *  A AVR CPU model.
+ */
+typedef struct AVRCPUClass {
+/*< private >*/
+CPUClass parent_class;
+/*< public >*/
+DeviceRealize parent_realize;
+void (*parent_reset)(CPUState *cpu);
+} AVRCPUClass;
+
+typedef struct AVRCPU AVRCPU;
+
+
+#endif /* !defined (QEMU_AVR_CPU_QOM_H) */
diff --git a/target/avr/cpu.h b/target/avr/cpu.h
new file mode 100644
index 00..b74bcf01ae
--- /dev/null
+++ b/target/avr/cpu.h
@@ -0,0 +1,258 @@
+/*
+ * QEMU AVR CPU
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 

[Bug 1596832] Re: e500 -bios/-kernel broken with big images

[ecsdn]

Curious: Is your guest kernel >=3.6 with qemu-ppce500 config ie qemu_ppce500 
defined etc? 
In case u-boot loads/maps uImage format kernel differently have you tried 
uImage vs vmlinux?

And are you able to boot ok with an mpc... machine instead of ppce500 by
specifying a dtb file or dtb compatibility? Do you know if more recent
qemu (2.8 or 3 or 4.2) has same issue for you?

Oh wow I just noticed this is from 2016! It would be nice for such bugs
to have follow-up, closure, or summary of
solution/circumvention/workaround taken by those who posted them :)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1596832

Title:
  e500 -bios/-kernel broken with big images

Status in QEMU:
  New

Bug description:
  This is tested using qemu 2.4.1, but it looks like the code
  qemu/hw/ppc/e500.c has not changed since. This looks like the source
  of the problem:
  
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3812c71ffaa2cf733c3087792b859fef30b7545f

  
  What works:
  --

  Basic invocation qemu-system-ppc -machine ppce500  -monitor stdio
  -bios u-boot.e500 works, I get the uboot prompt and this:

  (qemu) info roms
  addr=00f0 size=0x044b8c mem=ram name="phdr #0: 
.../qemu/share/qemu/u-boot.e500"
  addr=00f81000 size=0x006b00 mem=ram name="phdr #1: 
.../qemu/share/qemu/u-boot.e500"

  
  Passing u-boot.e500 image as kernel (-bios u-boot.e500 -kernel u-boot.e500) 
appears to work, $qemu_kernel_addr is filled in, though (as expected) uboot 
complains about the image format.

  (qemu) info roms
  addr=00f0 size=0x044b8c mem=ram name="phdr #0: 
.../qemu/share/qemu/u-boot.e500"
  addr=00f81000 size=0x006b00 mem=ram name="phdr #1: 
.../qemu/share/qemu/u-boot.e500"
  addr=0200 size=0x054e8c mem=ram 
name=".../qemu/share/qemu/u-boot.e500


  What doesn't work:
  -

  However, once I try to load a big image (>=32 MiB), uboot doesn't even
  show anything:

  qemu-system-ppc -machine ppce500  -monitor stdio -bios u-boot.e500
  -kernel boot/vmlinux -m 1024

  (qemu) info roms
  addr=00f0 size=0x044b8c mem=ram name="phdr #0: 
.../qemu/share/qemu/u-boot.e500"
  addr=00f81000 size=0x006b00 mem=ram name="phdr #1: 
.../qemu/share/qemu/u-boot.e500"
  addr=0200 size=0x27aeedc mem=ram name="boot/vmlinux"

  ...
  (gdb) bt
  #0  0x00f2efcc in ?? ()
  #1  0x00f31554 in ?? ()
  #2  0x00f03f4c in ?? ()
  #3  0x00f04458 in ?? ()
  #4  0x00f028dc in ?? ()
  #5  0x00f01080 in ?? ()


  The thing is, this used to work +- before the commit, where I'd just
  pass the image as -kernel option, and it booted.

  
  If I do that now (w/o the -bios option, using the exact same image), the 
kernel gets loaded twice, only at different addresses (the cause is obvious 
from the commit), causing overlap error:

  qemu-system-ppc -machine ppce500  -monitor stdio  -kernel boot/vmlinux -m 1024
  QEMU 2.4.1 monitor - type 'help' for more information
  (qemu) rom: requested regions overlap (rom boot/vmlinux. 
free=0x027492fc, addr=0x0200)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1596832/+subscriptions

Re: [PATCH] util/cutils: Expand do_strtosz parsing precision to 64 bits

[Eric Blake]

On 12/17/19 7:33 PM, Tao Xu wrote:


Also fun: for "0123", we use uint64_t 83, not double 123.0.  But for
"0123.", we use 123.0, not 83.

Do we really want to accept octal and hexadecimal integers?



Thank you for reminding me. Octal and hexadecimal may bring more 
confusion. I will use qemu_strtou64(nptr, , 10, ) and add 
test for input like "0123".


Note that JSON does not permit octal numbers, but ALSO does not permit 
'0123' as a valid JSON number.  Of course, this parser is intended for 
human users rather than a JSON parser, so silently accepting it as 
decimal 123 is probably okay, but it is worth remembering that decisions 
are not trivial here.


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [PATCH v10 Kernel 4/5] vfio iommu: Implementation of ioctl to for dirty pages tracking.

[Alex Williamson]

On Tue, 17 Dec 2019 14:54:14 +0530
Kirti Wankhede  wrote:

> On 12/17/2019 10:45 AM, Yan Zhao wrote:
> > On Tue, Dec 17, 2019 at 04:21:39AM +0800, Kirti Wankhede wrote:  
> >> +  } else if (range.flags &
> >> +   VFIO_IOMMU_DIRTY_PAGES_FLAG_GET_BITMAP) {
> >> +  uint64_t iommu_pgmask;
> >> +  unsigned long pgshift = __ffs(range.pgsize);
> >> +  unsigned long *bitmap;
> >> +  long bsize;
> >> +
> >> +  iommu_pgmask =
> >> +   ((uint64_t)1 << __ffs(vfio_pgsize_bitmap(iommu))) - 1;
> >> +
> >> +  if (((range.pgsize - 1) & iommu_pgmask) !=
> >> +  (range.pgsize - 1))
> >> +  return -EINVAL;
> >> +
> >> +  if (range.iova & iommu_pgmask)
> >> +  return -EINVAL;
> >> +  if (!range.size || range.size > SIZE_MAX)
> >> +  return -EINVAL;
> >> +  if (range.iova + range.size < range.iova)
> >> +  return -EINVAL;
> >> +
> >> +  bsize = verify_bitmap_size(range.size >> pgshift,
> >> + range.bitmap_size);
> >> +  if (bsize)
> >> +  return ret;
> >> +
> >> +  bitmap = kmalloc(bsize, GFP_KERNEL);
> >> +  if (!bitmap)
> >> +  return -ENOMEM;
> >> +
> >> +  ret = copy_from_user(bitmap,
> >> +   (void __user *)range.bitmap, bsize) ? -EFAULT : 0;
> >> +  if (ret)
> >> +  goto bitmap_exit;
> >> +
> >> +  iommu->dirty_page_tracking = false;  
> > why iommu->dirty_page_tracking is false here?
> > suppose this ioctl can be called several times.
> >   
> 
> This ioctl can be called several times, but once this ioctl is called 
> that means vCPUs are stopped and VFIO devices are stopped (i.e. in 
> stop-and-copy phase) and dirty pages bitmap are being queried by user.

Do not assume how userspace works or its intent.  If dirty tracking is
on, it should remain on until the user turns it off.  We cannot assume
userspace uses a one-shot approach.  Thanks,

Alex

[Bug 1856834] Re: Virtio broken in qemu ppc in 4.2.0 and other versions

[ecsdn]

** Tags added: ppc

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1856834

Title:
  Virtio broken in qemu ppc in 4.2.0 and other versions

Status in QEMU:
  New

Bug description:
  The same qemu -M mpc... command that works on qemu-system-ppc version
  2.8.0 freezes guest on bootup and shows error for qemu-system-ppc
  version 4.2.0release and 4.19dirtygit:

  qemu-system-ppc: virtio-blk failed to set guest notifier (-24), ensure -accel 
kvm is set.
  qemu-system-ppc: virtio_bus_start_ioeventfd: failed. Fallback to userspace 
(slower).

  ends/freezes at:
  nbd: registered device at major 43
   vda:

  I'm using -drive file=/home/me/rawimage.dd,if=virtio and works fine in
  version 2.8.0 installed with apt-get install (Ubuntu 17.04) and also
  with 2.8.0 official release from git/github that I compiled/built
  myself. But both of the newer releases fail on the same exact machine
  same config.

  I also noticed that qemu-2.8.0 was fine with mtd but the newer ones I tried 
weren't, ie gave
  qemu-system-ppc: -drive if=mtd: machine type does not support 
if=mtd,bus=0,unit=0
  (but I removed -drive if=mtd since wasn't using it anyway)

  I also tried on windows but I think virtio doesn't work on windows
  hosts at all? On windows host it fails the same way, even version 2.12
  as well as 4.1.10...

  used:
  ./configure --prefix=/opt/... --enable-fdt --enable-kvm --enable-debug

  (basically all steps the same on same exact system same config, yet
  2.8.0 works fine whether apt-get installed or built from source while
  the others I built, 4.19/4.2.0 or 2.12/4.1.10(win) don't.)

  In case newer qemu versions act weird on various kernels, I did try with both 
vmlinuz-4.10.0-19-generic and vmlinuz-4.13.12-041312-generic (I didn't compile 
them but I can provide config-..files. This is on Ubuntu 17.04 x86_64 host 
emulating e500v2 cpm guest, ie -M mpc... GUEST kernel 2.6.32.44 which is why I 
can't use -M ppce500 instead..)
  tx
   ecs

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1856834/+subscriptions

[Bug 1856834] Re: Virtio broken in qemu ppc in 4.2.0 and other versions

[ecsdn]

** Summary changed:

- softmmu qemu-system-ppc freezes at virtio vda
+ Virtio broken in qemu ppc in 4.2.0 and other versions

** Tags added: virtio

** Tags added: powerpc softmmu

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1856834

Title:
  Virtio broken in qemu ppc in 4.2.0 and other versions

Status in QEMU:
  New

Bug description:
  The same qemu -M mpc... command that works on qemu-system-ppc version
  2.8.0 freezes guest on bootup and shows error for qemu-system-ppc
  version 4.2.0release and 4.19dirtygit:

  qemu-system-ppc: virtio-blk failed to set guest notifier (-24), ensure -accel 
kvm is set.
  qemu-system-ppc: virtio_bus_start_ioeventfd: failed. Fallback to userspace 
(slower).

  ends/freezes at:
  nbd: registered device at major 43
   vda:

  I'm using -drive file=/home/me/rawimage.dd,if=virtio and works fine in
  version 2.8.0 installed with apt-get install (Ubuntu 17.04) and also
  with 2.8.0 official release from git/github that I compiled/built
  myself. But both of the newer releases fail on the same exact machine
  same config.

  I also noticed that qemu-2.8.0 was fine with mtd but the newer ones I tried 
weren't, ie gave
  qemu-system-ppc: -drive if=mtd: machine type does not support 
if=mtd,bus=0,unit=0
  (but I removed -drive if=mtd since wasn't using it anyway)

  I also tried on windows but I think virtio doesn't work on windows
  hosts at all? On windows host it fails the same way, even version 2.12
  as well as 4.1.10...

  used:
  ./configure --prefix=/opt/... --enable-fdt --enable-kvm --enable-debug

  (basically all steps the same on same exact system same config, yet
  2.8.0 works fine whether apt-get installed or built from source while
  the others I built, 4.19/4.2.0 or 2.12/4.1.10(win) don't.)

  In case newer qemu versions act weird on various kernels, I did try with both 
vmlinuz-4.10.0-19-generic and vmlinuz-4.13.12-041312-generic (I didn't compile 
them but I can provide config-..files. This is on Ubuntu 17.04 x86_64 host 
emulating e500v2 cpm guest, ie -M mpc... GUEST kernel 2.6.32.44 which is why I 
can't use -M ppce500 instead..)
  tx
   ecs

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1856834/+subscriptions

Re: [RFC PATCH v2 6/6] hw/pci-host/designware: Remove unuseful FALLTHROUGH comment

[Aleksandar Markovic]

On Wed, Dec 18, 2019 at 8:29 PM Philippe Mathieu-Daudé
 wrote:
>
> We don't need to explicit this obvious switch fall through.
> Stay consistent with the rest of the codebase.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---

I see you covered two cases of such comment (in patches 5 and 6).

But why didn't you than cover the following cases:

block/vhdx.c:case PAYLOAD_BLOCK_NOT_PRESENT: /* fall through */
block/vhdx.c:case PAYLOAD_BLOCK_NOT_PRESENT: /* fall through */

hw/net/rtl8139.c:case 1: /* fall through */
hw/net/rtl8139.c:case 2: /* fall through */

contrib/vhost-user-scsi/vhost-user-scsi.c:case 1: /* fall through */
(this one needs full switch block reformatting, but can this be
changed, since it is in "contrib"?)

?

Thanks,
Aleksandar



> Cc: Peter Chubb 
> Cc: Markus Armbruster 
> Cc: Peter Maydell 
> Cc: Andrey Smirnov 
> Cc: qemu-...@nongnu.org
> ---
>  hw/pci-host/designware.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/pci-host/designware.c b/hw/pci-host/designware.c
> index 71e9b0d9b5..dd245516dd 100644
> --- a/hw/pci-host/designware.c
> +++ b/hw/pci-host/designware.c
> @@ -182,7 +182,7 @@ designware_pcie_root_config_read(PCIDevice *d, uint32_t 
> address, int len)
>  break;
>
>  case DESIGNWARE_PCIE_ATU_CR1:
> -case DESIGNWARE_PCIE_ATU_CR2:  /* FALLTHROUGH */
> +case DESIGNWARE_PCIE_ATU_CR2:
>  val = viewport->cr[(address - DESIGNWARE_PCIE_ATU_CR1) /
> sizeof(uint32_t)];
>  break;
> --
> 2.21.0
>
>

Re: [RFC PATCH 5/5] tests/boot_linux_console: Add a SLOW test booting Ubuntu on OrangePi PC

[Niek Linnenbank]

Hi Philippe,

This test has some problems on my host (Ubuntu 18.04.3 LTS, avocado 73.0,
python 3.6.9):

 (4/4) 
tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_arm_orangepi_bionic:
ERROR: Input format not supported by decoder (3.25 s)
RESULTS: PASS 3 | ERROR 1 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0
| CANCEL 0
JOB TIME   : 46.22 s

I suspect it didn't download the image correctly.

Regards,
Niek

On Tue, Dec 17, 2019 at 7:27 PM Philippe Mathieu-Daudé 
wrote:

> This test boots Ubuntu Bionic on a OrangePi PC board.
>
> As it requires 1GB of storage, and is slow, this test is disabled
> on automatic CI testing.
>
> It is useful for workstation testing. Currently Avocado timeouts too
> quickly, so we can't run userland commands.
>
> The kernel image and DeviceTree blob are built by the Raspbian
> project (based on Debian):
> https://www.raspbian.org/RaspbianImages
>
> The Ubuntu image is downloaded from:
> https://dl.armbian.com/orangepipc/Bionic_current
>
> This test can be run using:
>
>   $ AVOCADO_ALLOW_LARGE_STORAGE=yes \
> avocado --show=app,console run -t machine:orangepi-pc \
>   tests/acceptance/boot_linux_console.py
>   console: Uncompressing Linux... done, booting the kernel.
>   console: Booting Linux on physical CPU 0x0
>   console: Linux version 4.20.7-sunxi (r...@armbian.com) (gcc version
> 7.2.1 20171011 (Linaro GCC 7.2-2017.11)) #5.75 SMP Fri Feb 8 09:02:10 CET
> 2019
>   console: CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=50c5387d
>   console: CPU: div instructions available: patching division code
>   console: CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing
> instruction cache
>   console: OF: fdt: Machine model: Xunlong Orange Pi PC
>   [...]
>   console: sunxi-mmc 1c0f000.mmc: initialized, max. request size: 16384 KB
>   console: NET: Registered protocol family 10
>   console: mmc0: host does not support reading read-only switch, assuming
> write-enable
>   console: mmc0: Problem switching card into high-speed mode!
>   console: mmc0: new SD card at address 4567
>   console: mmcblk0: mmc0:4567 QEMU! 932 MiB
>   console: Segment Routing with IPv6
>   console: NET: Registered protocol family 17
>   console: NET: Registered protocol family 15
>   console: bridge: filtering via arp/ip/ip6tables is no longer available
> by default. Update your scripts to load br_netfilter if you need this.
>   console: 8021q: 802.1Q VLAN Support v1.8
>   console: Key type dns_resolver registered
>   console: Registering SWP/SWPB emulation handler
>   console: mmcblk0: p1
>   [...]
>   console: Freeing unused kernel memory: 1024K
>   console: Run /sbin/init as init process
>   console: random: fast init done
>   console: systemd[1]: System time before build time, advancing clock.
>   console: systemd[1]: systemd 237 running in system mode. (+PAM +AUDIT
> +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT
> +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2
> default-hierarchy=hybrid)
>   console: systemd[1]: Detected architecture arm.
>   console: Welcome to Ubuntu 18.04.3 LTS!
>   console: systemd[1]: Set hostname to .
>   console: random: systemd: uninitialized urandom read (16 bytes read)
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
> RFC because this is not the definitive test, but it is helpful so
> for for testing Niek work.
> ---
>  tests/acceptance/boot_linux_console.py | 41 ++
>  1 file changed, 41 insertions(+)
>
> diff --git a/tests/acceptance/boot_linux_console.py
> b/tests/acceptance/boot_linux_console.py
> index 8179b45910..663290e0c7 100644
> --- a/tests/acceptance/boot_linux_console.py
> +++ b/tests/acceptance/boot_linux_console.py
> @@ -520,6 +520,47 @@ class BootLinuxConsole(Test):
>  exec_command_and_wait_for_pattern(self, 'reboot',
>  'reboot: Restarting
> system')
>
> +@skipUnless(os.getenv('AVOCADO_ALLOW_LARGE_STORAGE'), 'storage
> limited')
> +def test_arm_orangepi_bionic(self):
> +"""
> +:avocado: tags=arch:arm
> +:avocado: tags=machine:orangepi-pc
> +"""
> +# This test download a 196MB compressed image and expand it to
> 932MB...
> +deb_url = ('https://apt.armbian.com/pool/main/l/'
> +
>  'linux-4.20.7-sunxi/linux-image-dev-sunxi_5.75_armhf.deb')
> +deb_hash = '1334c29c44d984ffa05ed10de8c3361f33d78315'
> +deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
> +kernel_path = self.extract_from_deb(deb_path,
> +'/boot/vmlinuz-4.20.7-sunxi')
> +dtb_path =
> '/usr/lib/linux-image-dev-sunxi/sun8i-h3-orangepi-pc.dtb'
> +dtb_path = self.extract_from_deb(deb_path, dtb_path)
> +image_url = ('https://dl.armbian.com/orangepipc/archive/'
> + 'Armbian_19.11.3_Orangepipc_bionic_current_5.3.9.7z')
> +image_hash = '196a8ffb72b0123d92cea4a070894813d305c71e'
> 

Re: [RFC PATCH] semihosting: suspend recieving CPU when blocked (HACK, WIP)

[Paolo Bonzini]

Il mer 18 dic 2019, 18:36 Alex Bennée  ha scritto:

>
> Paolo Bonzini  writes:
>
> > On 17/12/19 15:18, Alex Bennée wrote:
> >> cpu_has_work is a guest function though and semihosting_console is a
> >> common hw module. It can't peek into the guests internal state.
> >
> > semihosting_console only needs to something like
> > cpu_interrupt(cpu->stopped_cpu, CPU_INTERRUPT_SEMIHOST).
>
> As an exception is being delivered we just end up re-executing the
> EXCP_SEMIHOST. I still don't see why using cpu_interrupt is an
> improvement seeing as it is secondary to exception processing.
>

FWIW I skimmed your patch and yes an interrupt is not needed since you are
delaying the update of the program counter; that's nicer.

Paolo

Re: [RFC PATCH 4/5] !fixup "hw: arm: add Xunlong Orange Pi PC machine"

[Niek Linnenbank]

Hi Philippe,

Noted. I'll make sure mc->default_ram_size = 1 * GiB is added for the next
reworked patch set v3.

Regards,
Niek

On Tue, Dec 17, 2019 at 7:27 PM Philippe Mathieu-Daudé 
wrote:

> Without this, the machine starts with default 128MB, and Ubuntu Bionic
> fails:
>
> [ ***  ] (2 of 4) A start job is running for…Persistent Storage (37s /
> 2min 1s)
> [  *** ] (2 of 4) A start job is running for…Persistent Storage (38s /
> 2min 1s)
> [  OK  ] Started Flush Journal to Persistent Storage.
> Starting Create Volatile Files and Directories...
> Starting Armbian ZRAM config...
> [**] (3 of 6) A start job is running for…s and Directories (55s / no
> limit)
> [ *] (3 of 6) A start job is running for…s and Directories (55s / no
> limit)
> [**] (3 of 6) A start job is running for…s and Directories (56s / no
> limit)
> [  OK  ] Started Create Volatile Files and Directories.
> [***   ] (5 of 6) A start job is running for… ZRAM config (1min 10s / 1min
> 19s)
> [**] (5 of 6) A start job is running for… ZRAM config (1min 12s / 1min
> 19s)
> [* ] (5 of 6) A start job is running for… ZRAM config (1min 13s / 1min
> 19s)
> [FAILED] Failed to start Armbian ZRAM config.
> See 'systemctl status armbian-zram-config.service' for details.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/arm/orangepi.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/hw/arm/orangepi.c b/hw/arm/orangepi.c
> index 119f370924..da758d7eba 100644
> --- a/hw/arm/orangepi.c
> +++ b/hw/arm/orangepi.c
> @@ -122,6 +122,7 @@ static void orangepi_machine_init(MachineClass *mc)
>  mc->max_cpus = AW_H3_NUM_CPUS;
>  mc->default_cpus = AW_H3_NUM_CPUS;
>  mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a7");
> +mc->default_ram_size = 1 * GiB;
>  }
>
>  DEFINE_MACHINE("orangepi-pc", orangepi_machine_init)
> --
> 2.21.0
>
>

-- 
Niek Linnenbank

Re: [PATCH 2/5] tests/boot_linux_console: Add initrd test for the Orange Pi PC board

[Niek Linnenbank]

This one also works fine on my host (Ubuntu 18.04 LTS):

  Tested-by: Niek Linnenbank 

On Tue, Dec 17, 2019 at 7:27 PM Philippe Mathieu-Daudé 
wrote:

> This test boots a Linux kernel on a OrangePi PC board and verify
> the serial output is working.
>
> The kernel image and DeviceTree blob are built by the Raspbian
> project (based on Debian):
> https://www.raspbian.org/RaspbianImages
>
> The cpio image used comes from the linux-build-test project:
> https://github.com/groeck/linux-build-test
>
> If ARM is a target being built, "make check-acceptance" will
> automatically include this test by the use of the "arch:arm" tags.
>
> Alternatively, this test can be run using:
>
>   $ avocado --show=console run -t machine:orangepi-pc
> tests/acceptance/boot_linux_console.py
>   console: Uncompressing Linux... done, booting the kernel.
>   console: Booting Linux on physical CPU 0x0
>   console: Linux version 4.20.7-sunxi (r...@armbian.com) (gcc version
> 7.2.1 20171011 (Linaro GCC 7.2-2017.11)) #5.75 SMP Fri Feb 8 09:02:10 CET
> 2019
>   console: CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=50c5387d
>   console: CPU: div instructions available: patching division code
>   console: CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing
> instruction cache
>   console: OF: fdt: Machine model: Xunlong Orange Pi PC
>   [...]
>   console: Trying to unpack rootfs image as initramfs...
>   console: Freeing initrd memory: 3256K
>   console: Freeing unused kernel memory: 1024K
>   console: Run /init as init process
>   console: mount: mounting devtmpfs on /dev failed: Device or resource busy
>   console: Starting logging: OK
>   console: Initializing random number generator... random: dd:
> uninitialized urandom read (512 bytes read)
>   console: done.
>   console: Starting network: OK
>   console: Found console ttyS0
>   console: Linux version 4.20.7-sunxi (r...@armbian.com) (gcc version
> 7.2.1 20171011 (Linaro GCC 7.2-2017.11)) #5.75 SMP Fri Feb 8 09:02:10 CET
> 2019
>   console: Boot successful.
>   console: cat /proc/cpuinfo
>   console: / # cat /proc/cpuinfo
>   console: processor  : 0
>   console: model name : ARMv7 Processor rev 5 (v7l)
>   console: BogoMIPS   : 125.00
>   console: Features   : half thumb fastmult vfp edsp neon vfpv3 tls
> vfpv4 idiva idivt vfpd32 lpae evtstrm
>   console: CPU implementer: 0x41
>   console: CPU architecture: 7
>   console: CPU variant: 0x0
>   console: CPU part   : 0xc07
>   console: CPU revision   : 5
>   [...]
>   console: processor  : 3
>   console: model name : ARMv7 Processor rev 5 (v7l)
>   console: BogoMIPS   : 125.00
>   console: Features   : half thumb fastmult vfp edsp neon vfpv3 tls
> vfpv4 idiva idivt vfpd32 lpae evtstrm
>   console: CPU implementer: 0x41
>   console: CPU architecture: 7
>   console: CPU variant: 0x0
>   console: CPU part   : 0xc07
>   console: CPU revision   : 5
>   console: Hardware   : Allwinner sun8i Family
>   console: Revision   : 
>   console: Serial : 
>   console: cat /proc/iomem
>   console: / # cat /proc/iomem
>   console: 0100-010f : clock@100
>   console: 01c0-01c00fff : system-control@1c0
>   console: 01c02000-01c02fff : dma-controller@1c02000
>   [...]
>   console: reboot
>   console: / # reboot
>   console: / # Found console ttyS0
>   console: Stopping network: OK
>   console: hrtimer: interrupt took 21852064 ns
>   console: Saving random seed... random: dd: uninitialized urandom read
> (512 bytes read)
>   console: done.
>   console: Stopping logging: OK
>   console: umount: devtmpfs busy - remounted read-only
>   console: umount: can't unmount /: Invalid argument
>   console: The system is going down NOW!
>   console: Sent SIGTERM to all processes
>   console: Sent SIGKILL to all processes
>   console: Requesting system reboot
>   console: reboot: Restarting system
>   PASS (48.32 s)
>   JOB TIME   : 49.16 s
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  tests/acceptance/boot_linux_console.py | 41 ++
>  1 file changed, 41 insertions(+)
>
> diff --git a/tests/acceptance/boot_linux_console.py
> b/tests/acceptance/boot_linux_console.py
> index 820239e439..daabd47404 100644
> --- a/tests/acceptance/boot_linux_console.py
> +++ b/tests/acceptance/boot_linux_console.py
> @@ -437,6 +437,47 @@ class BootLinuxConsole(Test):
>  console_pattern = 'Kernel command line: %s' % kernel_command_line
>  self.wait_for_console_pattern(console_pattern)
>
> +def test_arm_orangepi_initrd(self):
> +"""
> +:avocado: tags=arch:arm
> +:avocado: tags=machine:orangepi-pc
> +"""
> +deb_url = ('https://apt.armbian.com/pool/main/l/'
> +
>  'linux-4.20.7-sunxi/linux-image-dev-sunxi_5.75_armhf.deb')
> +deb_hash = '1334c29c44d984ffa05ed10de8c3361f33d78315'
> +deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
> +kernel_path 

Re: [PATCH 3/5] tests/boot_linux_console: Add a SD card test for the OrangePi PC board

[Niek Linnenbank]

Same, this one also runs fine for me:

  Tested-by: Niek Linnenbank 

On Tue, Dec 17, 2019 at 7:27 PM Philippe Mathieu-Daudé 
wrote:

> The kernel image and DeviceTree blob are built by the Raspbian
> project (based on Debian):
> https://www.raspbian.org/RaspbianImages
>
> The SD image is from the kernelci.org project:
> https://kernelci.org/faq/#the-code
>
> If ARM is a target being built, "make check-acceptance" will
> automatically include this test by the use of the "arch:arm" tags.
>
> Alternatively, this test can be run using:
>
>   $ avocado --show=console run -t machine:orangepi-pc
> tests/acceptance/boot_linux_console.py
>   console: Uncompressing Linux... done, booting the kernel.
>   console: Booting Linux on physical CPU 0x0
>   console: Linux version 4.20.7-sunxi (r...@armbian.com) (gcc version
> 7.2.1 20171011 (Linaro GCC 7.2-2017.11)) #5.75 SMP Fri Feb 8 09:02:10 CET
> 2019
>   console: CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=50c5387d
>   [...]
>   console: sunxi-wdt 1c20ca0.watchdog: Watchdog enabled (timeout=16 sec,
> nowayout=0)
>   console: sunxi-mmc 1c0f000.mmc: Linked as a consumer to regulator.2
>   console: sunxi-mmc 1c0f000.mmc: Got CD GPIO
>   console: ledtrig-cpu: registered to indicate activity on CPUs
>   console: hidraw: raw HID events driver (C) Jiri Kosina
>   console: usbcore: registered new interface driver usbhid
>   console: usbhid: USB HID core driver
>   console: Initializing XFRM netlink socket
>   console: sunxi-mmc 1c0f000.mmc: initialized, max. request size: 16384 KB
>   console: NET: Registered protocol family 10
>   console: mmc0: host does not support reading read-only switch, assuming
> write-enable
>   console: mmc0: Problem switching card into high-speed mode!
>   console: mmc0: new SD card at address 4567
>   console: mmcblk0: mmc0:4567 QEMU! 60.0 MiB
>   [...]
>   console: EXT4-fs (mmcblk0): mounting ext2 file system using the ext4
> subsystem
>   console: EXT4-fs (mmcblk0): mounted filesystem without journal. Opts:
> (null)
>   console: VFS: Mounted root (ext2 filesystem) on device 179:0.
>   console: Run /sbin/init as init process
>   console: EXT4-fs (mmcblk0): re-mounted. Opts:
> block_validity,barrier,user_xattr,acl
>   console: Starting syslogd: OK
>   console: Starting klogd: OK
>   console: Populating /dev using udev: udevd[203]: starting version 3.2.7
>   console: /bin/sh: can't access tty; job control turned off
>   console: cat /proc/partitions
>   console: / # cat /proc/partitions
>   console: major minor  #blocks  name
>   console: 10   4096 ram0
>   console: 11   4096 ram1
>   console: 12   4096 ram2
>   console: 13   4096 ram3
>   console: 1790  61440 mmcblk0
>   console: reboot
>   console: / # reboot
>   console: umount: devtmpfs busy - remounted read-only
>   console: EXT4-fs (mmcblk0): re-mounted. Opts: (null)
>   console: The system is going down NOW!
>   console: Sent SIGTERM to all processes
>   console: Sent SIGKILL to all processes
>   console: Requesting system reboot
>   console: reboot: Restarting system
>   JOB TIME   : 68.64 s
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  tests/acceptance/boot_linux_console.py | 42 ++
>  1 file changed, 42 insertions(+)
>
> diff --git a/tests/acceptance/boot_linux_console.py
> b/tests/acceptance/boot_linux_console.py
> index daabd47404..8179b45910 100644
> --- a/tests/acceptance/boot_linux_console.py
> +++ b/tests/acceptance/boot_linux_console.py
> @@ -478,6 +478,48 @@ class BootLinuxConsole(Test):
>  exec_command_and_wait_for_pattern(self, 'reboot',
>  'reboot: Restarting
> system')
>
> +def test_arm_orangepi_sd(self):
> +"""
> +:avocado: tags=arch:arm
> +:avocado: tags=machine:orangepi-pc
> +"""
> +deb_url = ('https://apt.armbian.com/pool/main/l/'
> +
>  'linux-4.20.7-sunxi/linux-image-dev-sunxi_5.75_armhf.deb')
> +deb_hash = '1334c29c44d984ffa05ed10de8c3361f33d78315'
> +deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
> +kernel_path = self.extract_from_deb(deb_path,
> +'/boot/vmlinuz-4.20.7-sunxi')
> +dtb_path =
> '/usr/lib/linux-image-dev-sunxi/sun8i-h3-orangepi-pc.dtb'
> +dtb_path = self.extract_from_deb(deb_path, dtb_path)
> +rootfs_url = ('
> http://storage.kernelci.org/images/rootfs/buildroot/'
> +  'kci-2019.02/armel/base/rootfs.ext2.xz')
> +rootfs_hash = '692510cb625efda31640d1de0a8d60e26040f061'
> +rootfs_path_xz = self.fetch_asset(rootfs_url,
> asset_hash=rootfs_hash)
> +rootfs_path = os.path.join(self.workdir, 'rootfs.cpio')
> +archive.lzma_uncompress(rootfs_path_xz, rootfs_path)
> +
> +self.vm.set_machine('orangepi-pc')
> +self.vm.set_console()
> +kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE +
> + 

Re: [PATCH 1/5] tests/boot_linux_console: Add a quick test for the OrangePi PC board

[Niek Linnenbank]

Hey Philippe,

Super!! Fantastic, now we can automatically test the H3 based boards
and use that to verify they keep working as expected when changing the code.

Great, I'm going to use these tests also from now on (previously I had some
small
bash scripts).

This quick test is working fine for me, so:

Tested-by: Niek Linnenbank 

Regards,
Niek



On Tue, Dec 17, 2019 at 7:27 PM Philippe Mathieu-Daudé 
wrote:

> This test boots a Linux kernel on a OrangePi PC board and verify
> the serial output is working.
>
> The kernel image and DeviceTree blob are built by the Raspbian
> project (based on Debian):
> https://www.raspbian.org/RaspbianImages
>
> If ARM is a target being built, "make check-acceptance" will
> automatically include this test by the use of the "arch:arm" tags.
>
> Alternatively, this test can be run using:
>
>   $ make check-venv
>   $ ./tests/venv/bin/avocado --show=console,app run -t machine:orangepi-pc
> tests/acceptance/boot_linux_console.py
>   JOB ID : 2e4d15eceb13c33672af406f08171e6e9de1414a
>   JOB LOG: ~/job-results/job-2019-12-17T05.46-2e4d15e/job.log
>   (1/1)
> tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_arm_orangepi:
>   console: Uncompressing Linux... done, booting the kernel.
>   console: Booting Linux on physical CPU 0x0
>   console: Linux version 4.20.7-sunxi (r...@armbian.com) (gcc version
> 7.2.1 20171011 (Linaro GCC 7.2-2017.11)) #5.75 SMP Fri Feb 8 09:02:10 CET
> 2019
>   console: CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=50c5387d
>   console: CPU: div instructions available: patching division code
>   console: CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing
> instruction cache
>   console: OF: fdt: Machine model: Xunlong Orange Pi PC
>   console: Memory policy: Data cache writealloc
>   console: OF: reserved mem: failed to allocate memory for node
> 'cma@4a00'
>   console: cma: Failed to reserve 128 MiB
>   console: psci: probing for conduit method from DT.
>   console: psci: PSCIv0.2 detected in firmware.
>   console: psci: Using standard PSCI v0.2 function IDs
>   console: psci: Trusted OS migration not required
>   console: random: get_random_bytes called from start_kernel+0x8d/0x3c2
> with crng_init=0
>   console: percpu: Embedded 18 pages/cpu @(ptrval) s41228 r8192 d24308
> u73728
>   console: Built 1 zonelists, mobility grouping on.  Total pages: 32480
>   console: Kernel command line: printk.time=0 console=ttyS0,115200
>   PASS (8.59 s)
>   JOB TIME   : 8.81 s
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  tests/acceptance/boot_linux_console.py | 26 ++
>  1 file changed, 26 insertions(+)
>
> diff --git a/tests/acceptance/boot_linux_console.py
> b/tests/acceptance/boot_linux_console.py
> index 7e41cebd47..820239e439 100644
> --- a/tests/acceptance/boot_linux_console.py
> +++ b/tests/acceptance/boot_linux_console.py
> @@ -411,6 +411,32 @@ class BootLinuxConsole(Test):
>  self.wait_for_console_pattern('Boot successful.')
>  # TODO user command, for now the uart is stuck
>
> +def test_arm_orangepi(self):
> +"""
> +:avocado: tags=arch:arm
> +:avocado: tags=machine:orangepi-pc
> +"""
> +deb_url = ('https://apt.armbian.com/pool/main/l/'
> +
>  'linux-4.20.7-sunxi/linux-image-dev-sunxi_5.75_armhf.deb')
> +deb_hash = '1334c29c44d984ffa05ed10de8c3361f33d78315'
> +deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
> +kernel_path = self.extract_from_deb(deb_path,
> +'/boot/vmlinuz-4.20.7-sunxi')
> +dtb_path =
> '/usr/lib/linux-image-dev-sunxi/sun8i-h3-orangepi-pc.dtb'
> +dtb_path = self.extract_from_deb(deb_path, dtb_path)
> +
> +self.vm.set_machine('orangepi-pc')
> +self.vm.set_console()
> +kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE +
> +   'console=ttyS0,115200n8 '
> +   'earlycon=uart,mmio32,0x1c28000')
> +self.vm.add_args('-kernel', kernel_path,
> + '-dtb', dtb_path,
> + '-append', kernel_command_line)
> +self.vm.launch()
> +console_pattern = 'Kernel command line: %s' % kernel_command_line
> +self.wait_for_console_pattern(console_pattern)
> +
>  def test_s390x_s390_ccw_virtio(self):
>  """
>  :avocado: tags=arch:s390x
> --
> 2.21.0
>
>

-- 
Niek Linnenbank

[PATCH v39 22/22] target/avr: Update MAINTAINERS file

[Michael Rolnik]

Include AVR maintaners in MAINTAINERS file

Signed-off-by: Michael Rolnik 
---
 MAINTAINERS | 21 +
 1 file changed, 21 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 740401bcbb..9ed886106a 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -163,6 +163,27 @@ S: Maintained
 F: hw/arm/smmu*
 F: include/hw/arm/smmu*
 
+AVR TCG CPUs
+M: Michael Rolnik 
+R: Sarah Harris 
+S: Maintained
+F: target/avr/
+F: tests/acceptance/machine_avr6.py
+F: default-configs/avr-softmmu.mak
+F: gdb-xml/avr-cpu.xml
+
+AVR Machines
+M: Michael Rolnik 
+R: Sarah Harris 
+S: Maintained
+F: hw/avr/
+F: hw/char/avr_usart.c
+F: include/hw/char/avr_usart.h
+F: hw/timer/avr_timer16.c
+F: include/hw/timer/avr_timer16.h
+F: hw/misc/avr_mask.c
+F: include/hw/misc/avr_mask.h
+
 CRIS TCG CPUs
 M: Edgar E. Iglesias 
 S: Maintained
-- 
2.17.2 (Apple Git-113)

[PATCH v39 16/22] target/avr: Add section about AVR into QEMU documentation

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
---
 qemu-doc.texi | 51 +++
 1 file changed, 51 insertions(+)

diff --git a/qemu-doc.texi b/qemu-doc.texi
index eea91a2d1e..c169ab9357 100644
--- a/qemu-doc.texi
+++ b/qemu-doc.texi
@@ -1742,6 +1742,7 @@ differences are mentioned in the following sections.
 * Microblaze System emulator::
 * SH4 System emulator::
 * Xtensa System emulator::
+* AVR System emulator::
 @end menu
 
 @node PowerPC System emulator
@@ -2515,6 +2516,56 @@ so should only be used with trusted guest OS.
 
 @c man end
 
+@node AVR System emulator
+@section AVR System emulator
+@cindex system emulation (AVR)
+
+Use the executable @file{qemu-system-avr} to emulates a AVR 8 bit based 
machine having one for the following cores: avr1, avr2, avr25, avr3, avr31, 
avr35, avr4, avr5, avr51, avr6, avrtiny, xmega2, xmega3, xmega4, xmega5, xmega6 
and xmega7.
+
+As for now it does not support any real MCUs. However, it does support a 
"sample" board for educational and testing purposes. This "sample" board hosts 
USART & 16 bit timer devices and it's enought to run FreeRTOS based applicaton 
(like this 
@url{https://github.com/seharris/qemu-avr-tests/blob/master/free-rtos/Demo/AVR_ATMega2560_GCC/demo.elf,,demo})
+
+Following are examples of possible usages, assuming program.elf is compiled 
for AVR cpu
+@itemize
+
+@item Continious non interrupted execution
+@example
+qemu-system-avr -kernel program.elf
+@end example
+
+@item Continious non interrupted execution with serial output into telnet 
window
+@example
+qemu-system-avr -kernel program.elf -serial tcp::5678,server,nowait -nographic
+@end example
+and then in another shell
+@example
+telent localhost 5678
+@end example
+
+@item Continious non interrupted execution with serial output into stdout
+@example
+qemu-system-avr -kernel program.elf -serial stdio
+@end example
+
+@item Debugging wit GDB debugger
+@example
+qemu-system-avr -kernel program.elf -s -S
+@end example
+and then in another shell
+@example
+avr-gdb program.elf
+@end example
+and then within GDB shell
+@example
+target remote :1234
+@end example
+
+@item Print out executed instructions
+@example
+qemu-system-avr -kernel program.elf -d in_asm
+@end example
+
+@end itemize
+
 @node QEMU User space emulator
 @chapter QEMU User space emulator
 
-- 
2.17.2 (Apple Git-113)

[PATCH v39 21/22] target/avr: Add Avocado test

[Michael Rolnik]

The test is based on
https://github.com/seharris/qemu-avr-tests/tree/master/free-rtos/Demo
demo which. If working correctly, prints 'ABCDEFGHIJKLMNOPQRSTUVWX' out.
it also demostrates that timer and IRQ are working

Signed-off-by: Michael Rolnik 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Acked-by: Thomas Huth 
---
 tests/acceptance/machine_avr6.py | 58 
 1 file changed, 58 insertions(+)
 create mode 100644 tests/acceptance/machine_avr6.py

diff --git a/tests/acceptance/machine_avr6.py b/tests/acceptance/machine_avr6.py
new file mode 100644
index 00..7a7d8afc29
--- /dev/null
+++ b/tests/acceptance/machine_avr6.py
@@ -0,0 +1,58 @@
+#
+# QEMU AVR
+#
+# Copyright (c) 2019 Michael Rolnik 
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import logging
+import time
+import distutils.spawn
+
+from avocado import skipUnless
+from avocado_qemu import Test
+from avocado.utils import process
+
+class AVR6Machine(Test):
+timeout = 5
+
+def test_freertos(self):
+"""
+:avocado: tags=arch:avr
+:avocado: tags=machine:sample
+"""
+"""
+
https://github.com/seharris/qemu-avr-tests/raw/master/free-rtos/Demo/AVR_ATMega2560_GCC/demo.elf
+constantly prints out 
'ABCDEFGHIJKLMNOPQRSTUVWXABCDEFGHIJKLMNOPQRSTUVWX'
+"""
+rom_url = 'https://github.com/seharris/qemu-avr-tests'
+rom_sha1= '36c3e67b8755dcf37e06af6730ef5d477b8ed16d'
+rom_url += '/raw/'
+rom_url += rom_sha1
+rom_url += '/free-rtos/Demo/AVR_ATMega2560_GCC/demo.elf'
+rom_hash = '7eb521f511ca8f2622e0a3c5e8dd686efbb911d4'
+rom_path = self.fetch_asset(rom_url, asset_hash=rom_hash)
+
+self.vm.set_machine('sample')
+self.vm.add_args('-bios', rom_path)
+self.vm.add_args('-nographic')
+self.vm.launch()
+
+time.sleep(2)
+self.vm.shutdown()
+
+match = 'ABCDEFGHIJKLMNOPQRSTUVWXABCDEFGHIJKLMNOPQRSTUVWX'
+
+self.assertIn(match, self.vm.get_log())
-- 
2.17.2 (Apple Git-113)

[PATCH v39 15/22] target/avr: Add example board configuration

[Michael Rolnik]

A simple board setup that configures an AVR CPU to run a given firmware image.
This is all that's useful to implement without peripheral emulation as AVR CPUs 
include a lot of on-board peripherals.

NOTE: this is not a real board 
NOTE: it's used for CPU testing

Signed-off-by: Michael Rolnik 
Reviewed-by: Aleksandar Markovic 
Nacked-by: Philippe Mathieu-Daudé 
---
 include/elf.h|   2 +
 include/hw/elf_ops.h |   6 +-
 include/hw/loader.h  |   6 +-
 hw/avr/sample.c  | 293 +++
 hw/core/loader.c |  15 +--
 hw/riscv/boot.c  |   2 +-
 hw/Kconfig   |   1 +
 hw/avr/Kconfig   |   6 +
 hw/avr/Makefile.objs |   1 +
 9 files changed, 321 insertions(+), 11 deletions(-)
 create mode 100644 hw/avr/sample.c
 create mode 100644 hw/avr/Kconfig
 create mode 100644 hw/avr/Makefile.objs

diff --git a/include/elf.h b/include/elf.h
index 3501e0c8d0..53cdfa23b7 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -202,6 +202,8 @@ typedef struct mips_elf_abiflags_v0 {
 #define EM_MOXIE   223 /* Moxie processor family */
 #define EM_MOXIE_OLD   0xFEED
 
+#define EM_AVR 83 /* AVR 8-bit microcontroller */
+
 /* This is the info that is needed to parse the dynamic section of the file */
 #define DT_NULL0
 #define DT_NEEDED  1
diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h
index e07d276df7..70de85fa72 100644
--- a/include/hw/elf_ops.h
+++ b/include/hw/elf_ops.h
@@ -316,7 +316,8 @@ static int glue(load_elf, SZ)(const char *name, int fd,
   void *translate_opaque,
   int must_swab, uint64_t *pentry,
   uint64_t *lowaddr, uint64_t *highaddr,
-  int elf_machine, int clear_lsb, int data_swab,
+  uint32_t *pe_flags, int elf_machine,
+  int clear_lsb, int data_swab,
   AddressSpace *as, bool load_rom,
   symbol_fn_t sym_cb)
 {
@@ -594,6 +595,9 @@ static int glue(load_elf, SZ)(const char *name, int fd,
 }
 }
 
+if (pe_flags) {
+*pe_flags = (uint32_t)(elf_sword)ehdr.e_flags;
+}
 if (lowaddr)
 *lowaddr = (uint64_t)(elf_sword)low;
 if (highaddr)
diff --git a/include/hw/loader.h b/include/hw/loader.h
index 48a96cd559..22b59e15ba 100644
--- a/include/hw/loader.h
+++ b/include/hw/loader.h
@@ -101,6 +101,7 @@ const char *load_elf_strerror(int error);
  * @pentry: Populated with program entry point. Ignored if NULL.
  * @lowaddr: Populated with lowest loaded address. Ignored if NULL.
  * @highaddr: Populated with highest loaded address. Ignored if NULL.
+ * @pe_flags: Populated with e_flags. Ignore if NULL.
  * @bigendian: Expected ELF endianness. 0 for LE otherwise BE
  * @elf_machine: Expected ELF machine type
  * @clear_lsb: Set to mask off LSB of addresses (Some architectures use
@@ -131,8 +132,9 @@ int load_elf_ram_sym(const char *filename,
  uint64_t (*elf_note_fn)(void *, void *, bool),
  uint64_t (*translate_fn)(void *, uint64_t),
  void *translate_opaque, uint64_t *pentry,
- uint64_t *lowaddr, uint64_t *highaddr, int big_endian,
- int elf_machine, int clear_lsb, int data_swab,
+ uint64_t *lowaddr, uint64_t *highaddr, uint32_t *pe_flags,
+ int big_endian, int elf_machine,
+ int clear_lsb, int data_swab,
  AddressSpace *as, bool load_rom, symbol_fn_t sym_cb);
 
 /** load_elf_ram:
diff --git a/hw/avr/sample.c b/hw/avr/sample.c
new file mode 100644
index 00..4fdbc17f1c
--- /dev/null
+++ b/hw/avr/sample.c
@@ -0,0 +1,293 @@
+/*
+ * QEMU AVR CPU
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+/*
+ *  NOTE:
+ *  This is not a real AVR board, this is an example!
+ *  The CPU is an approximation of an ATmega2560, but is missing various
+ *  built-in peripherals.
+ *
+ *  This example board loads provided binary file into flash memory and
+ *  executes it from 0x address in the code memory space.
+ *
+ *  Currently used for AVR CPU validation
+ *
+ */
+
+#include 

[PATCH v39 19/22] target/avr: Update build system

[Michael Rolnik]

Make AVR support buildable

Signed-off-by: Michael Rolnik 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Aleksandar Markovic 
---
 configure   |  7 +++
 default-configs/avr-softmmu.mak |  5 +
 target/avr/Makefile.objs| 34 +
 3 files changed, 46 insertions(+)
 create mode 100644 default-configs/avr-softmmu.mak
 create mode 100644 target/avr/Makefile.objs

diff --git a/configure b/configure
index 84b413dbfc..fb1823208f 100755
--- a/configure
+++ b/configure
@@ -7602,6 +7602,10 @@ case "$target_name" in
 mttcg="yes"
 gdb_xml_files="aarch64-core.xml aarch64-fpu.xml arm-core.xml arm-vfp.xml 
arm-vfp3.xml arm-neon.xml"
   ;;
+  avr)
+gdb_xml_files="avr-cpu.xml"
+target_compiler=$cross_cc_avr
+  ;;
   cris)
   ;;
   hppa)
@@ -7821,6 +7825,9 @@ for i in $ARCH $TARGET_BASE_ARCH ; do
   disas_config "ARM_A64"
 fi
   ;;
+  avr)
+disas_config "AVR"
+  ;;
   cris)
 disas_config "CRIS"
   ;;
diff --git a/default-configs/avr-softmmu.mak b/default-configs/avr-softmmu.mak
new file mode 100644
index 00..d1e1c28118
--- /dev/null
+++ b/default-configs/avr-softmmu.mak
@@ -0,0 +1,5 @@
+# Default configuration for avr-softmmu
+
+# Boards:
+#
+CONFIG_AVR_SAMPLE=y
diff --git a/target/avr/Makefile.objs b/target/avr/Makefile.objs
new file mode 100644
index 00..7523e0c6e2
--- /dev/null
+++ b/target/avr/Makefile.objs
@@ -0,0 +1,34 @@
+#
+#  QEMU AVR CPU
+#
+#  Copyright (c) 2019 Michael Rolnik
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation; either
+#  version 2.1 of the License, or (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, see
+#  
+#
+
+DECODETREE = $(SRC_PATH)/scripts/decodetree.py
+decode-y = $(SRC_PATH)/target/avr/insn.decode
+
+target/avr/decode_insn.inc.c: $(decode-y) $(DECODETREE)
+   $(call quiet-command, \
+ $(PYTHON) $(DECODETREE) -o $@ --decode decode_insn --insnwidth 16 $<, 
\
+ "GEN", $(TARGET_DIR)$@)
+
+target/avr/translate.o: target/avr/decode_insn.inc.c
+
+obj-y += translate.o cpu.o helper.o
+obj-y += gdbstub.o
+obj-y += disas.o
+obj-$(CONFIG_SOFTMMU) += machine.o
-- 
2.17.2 (Apple Git-113)

[PATCH v39 20/22] target/avr: Add boot serial test

[Michael Rolnik]

Print out 'T' through serial port

Signed-off-by: Michael Rolnik 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Acked-by: Thomas Huth 
---
 tests/boot-serial-test.c | 10 ++
 tests/Makefile.include   |  2 ++
 2 files changed, 12 insertions(+)

diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index d3a54a0ba5..1121ed0db2 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -16,6 +16,15 @@
 #include "qemu/osdep.h"
 #include "libqtest.h"
 
+static const uint8_t bios_avr[] = {
+0x88, 0xe0, /* ldi r24, 0x08   */
+0x80, 0x93, 0xc1, 0x00, /* sts 0x00C1, r24 ; Enable tx */
+0x86, 0xe0, /* ldi r24, 0x06   */
+0x80, 0x93, 0xc2, 0x00, /* sts 0x00C2, r24 ; Set the data bits to 8 */
+0x84, 0xe5, /* ldi r24, 0x54   */
+0x80, 0x93, 0xc6, 0x00, /* sts 0x00C6, r24 ; Output 'T' */
+};
+
 static const uint8_t kernel_mcf5208[] = {
 0x41, 0xf9, 0xfc, 0x06, 0x00, 0x00, /* lea 0xfc06,%a0 */
 0x10, 0x3c, 0x00, 0x54, /* move.b #'T',%d0 */
@@ -103,6 +112,7 @@ typedef struct testdef {
 
 static testdef_t tests[] = {
 { "alpha", "clipper", "", "PCI:" },
+{ "avr", "sample", "", "T", sizeof(bios_avr), NULL, bios_avr },
 { "ppc", "ppce500", "", "U-Boot" },
 { "ppc", "40p", "-vga none -boot d", "Trying cd:," },
 { "ppc", "g3beige", "", "PowerPC,750" },
diff --git a/tests/Makefile.include b/tests/Makefile.include
index b381387048..86ace719dc 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -206,6 +206,8 @@ check-qtest-i386-y += tests/test-x86-cpuid-compat$(EXESUF)
 check-qtest-i386-y += tests/numa-test$(EXESUF)
 check-qtest-x86_64-y += $(check-qtest-i386-y)
 
+check-qtest-avr-y += tests/boot-serial-test$(EXESUF)
+
 check-qtest-alpha-y += tests/boot-serial-test$(EXESUF)
 check-qtest-alpha-$(CONFIG_VGA) += tests/display-vga-test$(EXESUF)
 
-- 
2.17.2 (Apple Git-113)

[PATCH v39 11/22] target/avr: Add instruction disassembly function

[Michael Rolnik]

Provide function disassembles executed instruction when `-d in_asm` is
provided

Example:
`./avr-softmmu/qemu-system-avr -bios free-rtos/Demo/AVR_ATMega2560_GCC/demo.elf 
-d in_asm` will produce something like the following

```
...
IN:
0x014a:  CALL  0x3808

IN: main
0x3808:  CALL  0x4b4

IN: vParTestInitialise
0x04b4:  LDI   r24, 255
0x04b6:  STS   r24, 0
0x04b8:  MULS  r16, r20
0x04ba:  OUT   $1, r24
0x04bc:  LDS   r24, 0
0x04be:  MULS  r16, r20
0x04c0:  OUT   $2, r24
0x04c2:  RET
...
```

Signed-off-by: Michael Rolnik 
Suggested-by: Richard Henderson 
Suggested-by: Philippe Mathieu-Daudé 
Suggested-by: Aleksandar Markovic 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 target/avr/cpu.h   |   1 +
 target/avr/cpu.c   |   2 +-
 target/avr/disas.c | 245 +
 target/avr/translate.c |  11 ++
 4 files changed, 258 insertions(+), 1 deletion(-)
 create mode 100644 target/avr/disas.c

diff --git a/target/avr/cpu.h b/target/avr/cpu.h
index b74bcf01ae..af89b6611e 100644
--- a/target/avr/cpu.h
+++ b/target/avr/cpu.h
@@ -160,6 +160,7 @@ bool avr_cpu_exec_interrupt(CPUState *cpu, int int_req);
 hwaddr avr_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
 int avr_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
 int avr_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
+int avr_print_insn(bfd_vma addr, disassemble_info *info);
 
 static inline int avr_feature(CPUAVRState *env, AVRFeature feature)
 {
diff --git a/target/avr/cpu.c b/target/avr/cpu.c
index 49aa304d4e..08ad21e38e 100644
--- a/target/avr/cpu.c
+++ b/target/avr/cpu.c
@@ -84,7 +84,7 @@ static void avr_cpu_reset(CPUState *cs)
 static void avr_cpu_disas_set_info(CPUState *cpu, disassemble_info *info)
 {
 info->mach = bfd_arch_avr;
-info->print_insn = NULL;
+info->print_insn = avr_print_insn;
 }
 
 static void avr_cpu_realizefn(DeviceState *dev, Error **errp)
diff --git a/target/avr/disas.c b/target/avr/disas.c
new file mode 100644
index 00..f3fa3d6bef
--- /dev/null
+++ b/target/avr/disas.c
@@ -0,0 +1,245 @@
+/*
+ * AVR disassembler
+ *
+ * Copyright (c) 2019 Richard Henderson 
+ * Copyright (c) 2019 Michael Rolnik 
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+
+typedef struct {
+disassemble_info *info;
+uint16_t next_word;
+bool next_word_used;
+} DisasContext;
+
+static int to_regs_16_31_by_one(DisasContext *ctx, int indx)
+{
+return 16 + (indx % 16);
+}
+
+static int to_regs_16_23_by_one(DisasContext *ctx, int indx)
+{
+return 16 + (indx % 8);
+}
+static int to_regs_24_30_by_two(DisasContext *ctx, int indx)
+{
+return 24 + (indx % 4) * 2;
+}
+static int to_regs_00_30_by_two(DisasContext *ctx, int indx)
+{
+return (indx % 16) * 2;
+}
+
+static uint16_t next_word(DisasContext *ctx)
+{
+ctx->next_word_used = true;
+return ctx->next_word;
+}
+
+static int append_16(DisasContext *ctx, int x)
+{
+return x << 16 | next_word(ctx);
+}
+
+
+/* Include the auto-generated decoder.  */
+static bool decode_insn(DisasContext *ctx, uint16_t insn);
+#include "decode_insn.inc.c"
+
+#define output(mnemonic, format, ...) \
+(pctx->info->fprintf_func(pctx->info->stream, "%-9s " format, \
+mnemonic, ##__VA_ARGS__))
+
+int avr_print_insn(bfd_vma addr, disassemble_info *info)
+{
+DisasContext ctx;
+DisasContext *pctx = 
+bfd_byte buffer[4];
+uint16_t insn;
+int status;
+
+ctx.info = info;
+
+status = info->read_memory_func(addr, buffer, 4, info);
+if (status != 0) {
+info->memory_error_func(status, addr, info);
+return -1;
+}
+insn = bfd_getl16(buffer);
+ctx.next_word = bfd_getl16(buffer + 2);
+ctx.next_word_used = false;
+
+if (!decode_insn(, insn)) {
+output(".db", "0x%02x, 0x%02x", buffer[0], buffer[1]);
+}
+
+return ctx.next_word_used ? 4 : 2;
+}
+
+
+#define INSN(opcode, format, ...)   \
+static bool trans_##opcode(DisasContext *pctx, arg_##opcode * a)\
+{   \
+output(#opcode, format, ##__VA_ARGS__); 

[PATCH v39 14/22] target/avr: Add dummy mask device

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
---
 include/hw/misc/avr_mask.h |  47 
 hw/misc/avr_mask.c | 112 +
 hw/misc/Kconfig|   3 +
 hw/misc/Makefile.objs  |   2 +
 4 files changed, 164 insertions(+)
 create mode 100644 include/hw/misc/avr_mask.h
 create mode 100644 hw/misc/avr_mask.c

diff --git a/include/hw/misc/avr_mask.h b/include/hw/misc/avr_mask.h
new file mode 100644
index 00..d3e21972d8
--- /dev/null
+++ b/include/hw/misc/avr_mask.h
@@ -0,0 +1,47 @@
+/*
+ * AVR Power Reduction
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef HW_avr_mask_H
+#define HW_avr_mask_H
+
+#include "hw/sysbus.h"
+#include "chardev/char-fe.h"
+#include "hw/hw.h"
+
+
+#define TYPE_AVR_MASK "avr-mask"
+#define AVR_MASK(obj) OBJECT_CHECK(AVRMaskState, (obj), TYPE_AVR_MASK)
+
+typedef struct {
+/*  */
+SysBusDevice parent_obj;
+
+/*  */
+MemoryRegion iomem;
+
+uint8_t val;
+qemu_irq irq[8];
+} AVRMaskState;
+
+#endif /* HW_avr_mask_H */
diff --git a/hw/misc/avr_mask.c b/hw/misc/avr_mask.c
new file mode 100644
index 00..3af82ed9c1
--- /dev/null
+++ b/hw/misc/avr_mask.c
@@ -0,0 +1,112 @@
+/*
+ * AVR Power Reduction
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/misc/avr_mask.h"
+#include "qemu/log.h"
+#include "hw/qdev-properties.h"
+#include "hw/irq.h"
+
+#define DB_PRINT(fmt, args...) /* Nothing */
+/*#define DB_PRINT(fmt, args...) printf("%s: " fmt "\n", __func__, ## args)*/
+
+static void avr_mask_reset(DeviceState *dev)
+{
+AVRMaskState *s = AVR_MASK(dev);
+
+s->val = 0x00;
+
+for (int i = 0; i < 8; i++) {
+qemu_set_irq(s->irq[i], 0);
+}
+}
+
+static uint64_t avr_mask_read(void *opaque, hwaddr offset, unsigned size)
+{
+assert(size == 1);
+assert(offset == 0);
+AVRMaskState *s = opaque;
+
+return (uint64_t)s->val;
+}
+
+static void avr_mask_write(void *opaque, hwaddr offset,
+  uint64_t val64, unsigned size)
+{
+assert(size == 1);
+assert(offset == 0);
+AVRMaskState *s = opaque;
+uint8_t val8 = val64;
+
+DB_PRINT("write %d to offset %d", val8, (uint8_t)offset);
+
+s->val = val8;
+for (int i = 0; i < 8; i++) {
+qemu_set_irq(s->irq[i], (val8 & (1 << i)) != 0);
+}
+}
+
+static const MemoryRegionOps avr_mask_ops = {
+.read = avr_mask_read,
+.write = avr_mask_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.impl = {.max_access_size = 1}
+};
+
+static void avr_mask_init(Object *dev)
+{
+AVRMaskState *s = AVR_MASK(dev);
+SysBusDevice *busdev = SYS_BUS_DEVICE(dev);
+
+memory_region_init_io(>iomem, dev, _mask_ops, s, TYPE_AVR_MASK,
+0x01);
+sysbus_init_mmio(busdev, >iomem);
+
+for 

[PATCH v39 18/22] target/avr: Add machine none test

[Michael Rolnik]

Signed-off-by: Michael Rolnik 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Aleksandar Markovic 
---
 tests/machine-none-test.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/machine-none-test.c b/tests/machine-none-test.c
index 5953d31755..3e5c74e73e 100644
--- a/tests/machine-none-test.c
+++ b/tests/machine-none-test.c
@@ -27,6 +27,7 @@ static struct arch2cpu cpus_map[] = {
 /* tested targets list */
 { "arm", "cortex-a15" },
 { "aarch64", "cortex-a57" },
+{ "avr", "avr6-avr-cpu" },
 { "x86_64", "qemu64,apic-id=0" },
 { "i386", "qemu32,apic-id=0" },
 { "alpha", "ev67" },
-- 
2.17.2 (Apple Git-113)

[PATCH v39 12/22] target/avr: Add limited support for USART peripheral

[Michael Rolnik]

These were designed to facilitate testing but should provide enough function to 
be useful in other contexts.
Only a subset of the functions of each peripheral is implemented, mainly due to 
the lack of a standard way to handle electrical connections (like GPIO pins).

Signed-off-by: Sarah Harris 
---
 include/hw/char/avr_usart.h |  93 +++
 hw/char/avr_usart.c | 320 
 hw/char/Kconfig |   3 +
 hw/char/Makefile.objs   |   1 +
 4 files changed, 417 insertions(+)
 create mode 100644 include/hw/char/avr_usart.h
 create mode 100644 hw/char/avr_usart.c

diff --git a/include/hw/char/avr_usart.h b/include/hw/char/avr_usart.h
new file mode 100644
index 00..467e97e8c0
--- /dev/null
+++ b/include/hw/char/avr_usart.h
@@ -0,0 +1,93 @@
+/*
+ * AVR USART
+ *
+ * Copyright (c) 2018 University of Kent
+ * Author: Sarah Harris
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#ifndef HW_AVR_USART_H
+#define HW_AVR_USART_H
+
+#include "hw/sysbus.h"
+#include "chardev/char-fe.h"
+#include "hw/hw.h"
+
+/* Offsets of registers. */
+#define USART_DR   0x06
+#define USART_CSRA  0x00
+#define USART_CSRB  0x01
+#define USART_CSRC  0x02
+#define USART_BRRH 0x05
+#define USART_BRRL 0x04
+
+/* Relevant bits in regiters. */
+#define USART_CSRA_RXC(1 << 7)
+#define USART_CSRA_TXC(1 << 6)
+#define USART_CSRA_DRE(1 << 5)
+#define USART_CSRA_MPCM   (1 << 0)
+
+#define USART_CSRB_RXCIE  (1 << 7)
+#define USART_CSRB_TXCIE  (1 << 6)
+#define USART_CSRB_DREIE  (1 << 5)
+#define USART_CSRB_RXEN   (1 << 4)
+#define USART_CSRB_TXEN   (1 << 3)
+#define USART_CSRB_CSZ2   (1 << 2)
+#define USART_CSRB_RXB8   (1 << 1)
+#define USART_CSRB_TXB8   (1 << 0)
+
+#define USART_CSRC_MSEL1  (1 << 7)
+#define USART_CSRC_MSEL0  (1 << 6)
+#define USART_CSRC_PM1(1 << 5)
+#define USART_CSRC_PM0(1 << 4)
+#define USART_CSRC_CSZ1   (1 << 2)
+#define USART_CSRC_CSZ0   (1 << 1)
+
+#define TYPE_AVR_USART "avr-usart"
+#define AVR_USART(obj) \
+OBJECT_CHECK(AVRUsartState, (obj), TYPE_AVR_USART)
+
+typedef struct {
+/*  */
+SysBusDevice parent_obj;
+
+/*  */
+MemoryRegion mmio;
+
+CharBackend chr;
+
+bool enabled;
+
+uint8_t data;
+bool data_valid;
+uint8_t char_mask;
+/* Control and Status Registers */
+uint8_t csra;
+uint8_t csrb;
+uint8_t csrc;
+/* Baud Rate Registers (low/high byte) */
+uint8_t brrh;
+uint8_t brrl;
+
+/* Receive Complete */
+qemu_irq rxc_irq;
+/* Transmit Complete */
+qemu_irq txc_irq;
+/* Data Register Empty */
+qemu_irq dre_irq;
+} AVRUsartState;
+
+#endif /* HW_AVR_USART_H */
diff --git a/hw/char/avr_usart.c b/hw/char/avr_usart.c
new file mode 100644
index 00..cb307fe23d
--- /dev/null
+++ b/hw/char/avr_usart.c
@@ -0,0 +1,320 @@
+/*
+ * AVR USART
+ *
+ * Copyright (c) 2018 University of Kent
+ * Author: Sarah Harris
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "hw/char/avr_usart.h"
+#include "qemu/log.h"
+#include "hw/irq.h"
+#include "hw/qdev-properties.h"
+
+static int avr_usart_can_receive(void *opaque)
+{
+AVRUsartState *usart = opaque;
+
+if (usart->data_valid || !(usart->csrb & USART_CSRB_RXEN)) {
+return 0;
+}
+return 1;
+}
+
+static void avr_usart_receive(void *opaque, const uint8_t *buffer, int size)
+{
+AVRUsartState *usart = opaque;
+assert(size == 1);
+assert(!usart->data_valid);
+usart->data = buffer[0];
+usart->data_valid = true;
+usart->csra |= USART_CSRA_RXC;
+if (usart->csrb & USART_CSRB_RXCIE) {
+qemu_set_irq(usart->rxc_irq, 1);
+}
+}
+
+static void 

[PATCH v39 07/22] target/avr: Add instruction translation - Data Transfer Instructions

[Michael Rolnik]

This includes:
- MOV, MOVW
- LDI, LDS LDX LDY LDZ
- LDDY, LDDZ
- STS, STX STY STZ
- STDY, STDZ
- LPM, LPMX
- ELPM, ELPMX
- SPM, SPMX
- IN, OUT
- PUSH, POP
- XCH
- LAS, LAC LAT

Signed-off-by: Michael Rolnik 
---
 target/avr/translate.c | 986 +
 1 file changed, 986 insertions(+)

diff --git a/target/avr/translate.c b/target/avr/translate.c
index 661b8ab251..950504f7d0 100644
--- a/target/avr/translate.c
+++ b/target/avr/translate.c
@@ -1385,3 +1385,989 @@ static bool trans_BRBS(DisasContext *ctx, arg_BRBS *a)
 return true;
 }
 
+/*
+ * Data Transfer Instructions
+ */
+
+/*
+ *  in the gen_set_addr & gen_get_addr functions
+ *  H assumed to be in 0x00ff format
+ *  M assumed to be in 0x00ff format
+ *  L assumed to be in 0x00ff format
+ */
+static void gen_set_addr(TCGv addr, TCGv H, TCGv M, TCGv L)
+{
+
+tcg_gen_andi_tl(L, addr, 0x00ff);
+
+tcg_gen_andi_tl(M, addr, 0xff00);
+tcg_gen_shri_tl(M, M, 8);
+
+tcg_gen_andi_tl(H, addr, 0x00ff);
+}
+
+static void gen_set_xaddr(TCGv addr)
+{
+gen_set_addr(addr, cpu_rampX, cpu_r[27], cpu_r[26]);
+}
+
+static void gen_set_yaddr(TCGv addr)
+{
+gen_set_addr(addr, cpu_rampY, cpu_r[29], cpu_r[28]);
+}
+
+static void gen_set_zaddr(TCGv addr)
+{
+gen_set_addr(addr, cpu_rampZ, cpu_r[31], cpu_r[30]);
+}
+
+static TCGv gen_get_addr(TCGv H, TCGv M, TCGv L)
+{
+TCGv addr = tcg_temp_new_i32();
+
+tcg_gen_deposit_tl(addr, M, H, 8, 8);
+tcg_gen_deposit_tl(addr, L, addr, 8, 16);
+
+return addr;
+}
+
+static TCGv gen_get_xaddr(void)
+{
+return gen_get_addr(cpu_rampX, cpu_r[27], cpu_r[26]);
+}
+
+static TCGv gen_get_yaddr(void)
+{
+return gen_get_addr(cpu_rampY, cpu_r[29], cpu_r[28]);
+}
+
+static TCGv gen_get_zaddr(void)
+{
+return gen_get_addr(cpu_rampZ, cpu_r[31], cpu_r[30]);
+}
+
+/*
+ *  Load one byte indirect from data space to register and stores an clear
+ *  the bits in data space specified by the register. The instruction can only
+ *  be used towards internal SRAM.  The data location is pointed to by the Z 
(16
+ *  bits) Pointer Register in the Register File. Memory access is limited to 
the
+ *  current data segment of 64KB. To access another data segment in devices 
with
+ *  more than 64KB data space, the RAMPZ in register in the I/O area has to be
+ *  changed.  The Z-pointer Register is left unchanged by the operation. This
+ *  instruction is especially suited for clearing status bits stored in SRAM.
+ */
+static void gen_data_store(DisasContext *ctx, TCGv data, TCGv addr)
+{
+if (ctx->tb->flags & TB_FLAGS_FULL_ACCESS) {
+gen_helper_fullwr(cpu_env, data, addr);
+} else {
+tcg_gen_qemu_st8(data, addr, MMU_DATA_IDX); /* mem[addr] = data */
+}
+}
+
+static void gen_data_load(DisasContext *ctx, TCGv data, TCGv addr)
+{
+if (ctx->tb->flags & TB_FLAGS_FULL_ACCESS) {
+gen_helper_fullrd(data, cpu_env, addr);
+} else {
+tcg_gen_qemu_ld8u(data, addr, MMU_DATA_IDX); /* data = mem[addr] */
+}
+}
+
+/*
+ *  This instruction makes a copy of one register into another. The source
+ *  register Rr is left unchanged, while the destination register Rd is loaded
+ *  with a copy of Rr.
+ */
+static bool trans_MOV(DisasContext *ctx, arg_MOV *a)
+{
+TCGv Rd = cpu_r[a->rd];
+TCGv Rr = cpu_r[a->rr];
+
+tcg_gen_mov_tl(Rd, Rr);
+
+return true;
+}
+
+/*
+ *  This instruction makes a copy of one register pair into another register
+ *  pair. The source register pair Rr+1:Rr is left unchanged, while the
+ *  destination register pair Rd+1:Rd is loaded with a copy of Rr + 1:Rr.  This
+ *  instruction is not available in all devices. Refer to the device specific
+ *  instruction set summary.
+ */
+static bool trans_MOVW(DisasContext *ctx, arg_MOVW *a)
+{
+if (!avr_have_feature(ctx, AVR_FEATURE_MOVW)) {
+return true;
+}
+
+TCGv RdL = cpu_r[a->rd];
+TCGv RdH = cpu_r[a->rd + 1];
+TCGv RrL = cpu_r[a->rr];
+TCGv RrH = cpu_r[a->rr + 1];
+
+tcg_gen_mov_tl(RdH, RrH);
+tcg_gen_mov_tl(RdL, RrL);
+
+return true;
+}
+
+/*
+ * Loads an 8 bit constant directly to register 16 to 31.
+ */
+static bool trans_LDI(DisasContext *ctx, arg_LDI *a)
+{
+TCGv Rd = cpu_r[a->rd];
+int imm = a->imm;
+
+tcg_gen_movi_tl(Rd, imm);
+
+return true;
+}
+
+/*
+ *  Loads one byte from the data space to a register. For parts with SRAM,
+ *  the data space consists of the Register File, I/O memory and internal SRAM
+ *  (and external SRAM if applicable). For parts without SRAM, the data space
+ *  consists of the register file only. The EEPROM has a separate address 
space.
+ *  A 16-bit address must be supplied. Memory access is limited to the current
+ *  data segment of 64KB. The LDS instruction uses the RAMPD Register to access
+ *  memory above 64KB. To access another data segment in devices with more than
+ *  64KB data space, the 

[PATCH v39 10/22] target/avr: Add instruction translation - CPU main translation function

[Michael Rolnik]

Co-developed-by: Richard Henderson 
Co-developed-by: Michael Rolnik 

Signed-off-by: Michael Rolnik 
Tested-by: Philippe Mathieu-Daudé 
---
 target/avr/translate.c | 234 +
 1 file changed, 234 insertions(+)

diff --git a/target/avr/translate.c b/target/avr/translate.c
index 46cbcc9305..302d643068 100644
--- a/target/avr/translate.c
+++ b/target/avr/translate.c
@@ -2674,3 +2674,237 @@ static bool trans_WDR(DisasContext *ctx, arg_WDR *a)
 
 return true;
 }
+
+
+void avr_cpu_tcg_init(void)
+{
+int i;
+
+#define AVR_REG_OFFS(x) offsetof(CPUAVRState, x)
+cpu_pc = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(pc_w), "pc");
+cpu_Cf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregC), "Cf");
+cpu_Zf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregZ), "Zf");
+cpu_Nf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregN), "Nf");
+cpu_Vf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregV), "Vf");
+cpu_Sf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregS), "Sf");
+cpu_Hf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregH), "Hf");
+cpu_Tf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregT), "Tf");
+cpu_If = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregI), "If");
+cpu_rampD = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampD), "rampD");
+cpu_rampX = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampX), "rampX");
+cpu_rampY = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampY), "rampY");
+cpu_rampZ = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampZ), "rampZ");
+cpu_eind = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(eind), "eind");
+cpu_sp = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sp), "sp");
+cpu_skip = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(skip), "skip");
+
+for (i = 0; i < NUMBER_OF_CPU_REGISTERS; i++) {
+cpu_r[i] = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(r[i]),
+  reg_names[i]);
+}
+#undef AVR_REG_OFFS
+}
+
+static void translate(DisasContext *ctx)
+{
+uint32_t opcode = next_word(ctx);
+
+if (!decode_insn(ctx, opcode)) {
+gen_helper_unsupported(cpu_env);
+ctx->bstate = DISAS_NORETURN;
+}
+}
+
+/* Standardize the cpu_skip condition to NE.  */
+static bool canonicalize_skip(DisasContext *ctx)
+{
+switch (ctx->skip_cond) {
+case TCG_COND_NEVER:
+/* Normal case: cpu_skip is known to be false.  */
+return false;
+
+case TCG_COND_ALWAYS:
+/*
+ * Breakpoint case: cpu_skip is known to be true, via TB_FLAGS_SKIP.
+ * The breakpoint is on the instruction being skipped, at the start
+ * of the TranslationBlock.  No need to update.
+ */
+return false;
+
+case TCG_COND_NE:
+if (ctx->skip_var1 == NULL) {
+tcg_gen_mov_tl(cpu_skip, ctx->skip_var0);
+} else {
+tcg_gen_xor_tl(cpu_skip, ctx->skip_var0, ctx->skip_var1);
+ctx->skip_var1 = NULL;
+}
+break;
+
+default:
+/* Convert to a NE condition vs 0. */
+if (ctx->skip_var1 == NULL) {
+tcg_gen_setcondi_tl(ctx->skip_cond, cpu_skip, ctx->skip_var0, 0);
+} else {
+tcg_gen_setcond_tl(ctx->skip_cond, cpu_skip,
+   ctx->skip_var0, ctx->skip_var1);
+ctx->skip_var1 = NULL;
+}
+ctx->skip_cond = TCG_COND_NE;
+break;
+}
+if (ctx->free_skip_var0) {
+tcg_temp_free(ctx->skip_var0);
+ctx->free_skip_var0 = false;
+}
+ctx->skip_var0 = cpu_skip;
+return true;
+}
+
+void gen_intermediate_code(CPUState *cs, TranslationBlock *tb, int max_insns)
+{
+CPUAVRState *env = cs->env_ptr;
+DisasContext ctx = {
+.tb = tb,
+.cs = cs,
+.env = env,
+.memidx = 0,
+.bstate = DISAS_NEXT,
+.skip_cond = TCG_COND_NEVER,
+.singlestep = cs->singlestep_enabled,
+};
+target_ulong pc_start = tb->pc / 2;
+int num_insns = 0;
+
+if (tb->flags & TB_FLAGS_FULL_ACCESS) {
+/*
+ * This flag is set by ST/LD instruction we will regenerate it ONLY
+ * with mem/cpu memory access instead of mem access
+ */
+max_insns = 1;
+}
+if (ctx.singlestep) {
+max_insns = 1;
+}
+
+gen_tb_start(tb);
+
+ctx.npc = pc_start;
+if (tb->flags & TB_FLAGS_SKIP) {
+ctx.skip_cond = TCG_COND_ALWAYS;
+ctx.skip_var0 = cpu_skip;
+}
+
+do {
+TCGLabel *skip_label = NULL;
+
+/* translate current instruction */
+tcg_gen_insn_start(ctx.npc);
+num_insns++;
+
+/*
+ * this is due to some strange GDB behavior
+ * let's assume main has address 0x100
+ * b main   - sets breakpoint at address 0x0100 (code)
+ * b *0x100 - sets breakpoint at address 0x00800100 (data)
+ */
+if