[PATCH 09/78] numa: properly check if numa is supported

[Michael Roth]

From: Igor Mammedov 

Commit aa57020774b, by mistake used MachineClass::numa_mem_supported
to check if NUMA is supported by machine and also as unrelated change
set it to true for sbsa-ref board.

Luckily change didn't break machines that support NUMA, as the field
is set to true for them.

But the field is not intended for checking if NUMA is supported and
will be flipped to false within this release for new machine types.

Fix it:
 - by using previously used condition
  !mc->cpu_index_to_instance_props || !mc->get_default_cpu_node_id
   the first time and then use MachineState::numa_state down the road
   to check if NUMA is supported
 - dropping stray sbsa-ref chunk

Fixes: aa57020774b690a22be72453b8e91c9b5a68c516
Signed-off-by: Igor Mammedov 
Message-Id: <1576154936-178362-3-git-send-email-imamm...@redhat.com>
Signed-off-by: Eduardo Habkost 
(cherry picked from commit fcd3f2cc124600385dba46c69a80626985c15b50)
Signed-off-by: Michael Roth 
---
 hw/arm/sbsa-ref.c | 1 -
 hw/core/machine.c | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
index 27046cc284..c6261d44a4 100644
--- a/hw/arm/sbsa-ref.c
+++ b/hw/arm/sbsa-ref.c
@@ -791,7 +791,6 @@ static void sbsa_ref_class_init(ObjectClass *oc, void *data)
 mc->possible_cpu_arch_ids = sbsa_ref_possible_cpu_arch_ids;
 mc->cpu_index_to_instance_props = sbsa_ref_cpu_index_to_props;
 mc->get_default_cpu_node_id = sbsa_ref_get_default_cpu_node_id;
-mc->numa_mem_supported = true;
 }
 
 static const TypeInfo sbsa_ref_info = {
diff --git a/hw/core/machine.c b/hw/core/machine.c
index 1689ad3bf8..aa63231f31 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -958,7 +958,7 @@ static void machine_initfn(Object *obj)
 NULL);
 }
 
-if (mc->numa_mem_supported) {
+if (mc->cpu_index_to_instance_props && mc->get_default_cpu_node_id) {
 ms->numa_state = g_new0(NumaState, 1);
 }
 
@@ -1102,7 +1102,7 @@ void machine_run_board_init(MachineState *machine)
 {
 MachineClass *machine_class = MACHINE_GET_CLASS(machine);
 
-if (machine_class->numa_mem_supported) {
+if (machine->numa_state) {
 numa_complete_configuration(machine);
 if (machine->numa_state->num_nodes) {
 machine_numa_finish_cpu_init(machine);
-- 
2.17.1

Re: [RFC v5 4/4] cpus: extract out accel-specific code to each accel

[Alex Bennée]

Claudio Fontana  writes:

> each accelerator registers a new "CpusAccel" interface
> implementation on initialization, providing functions for
> starting a vcpu, kicking a vcpu, and sychronizing state.
>
> This way the code in cpus.c is now all general softmmu code,
> nothing accelerator-specific anymore.
>
> There is still some ifdeffery for WIN32 though.
>
> Signed-off-by: Claudio Fontana 
> ---
>  MAINTAINERS   |   1 +
>  accel/Makefile.objs   |   2 +-
>  accel/kvm/Makefile.objs   |   2 +
>  accel/kvm/kvm-all.c   |  15 +-
>  accel/kvm/kvm-cpus.c  |  94 +
>  accel/kvm/kvm-cpus.h  |  17 +
>  accel/qtest/Makefile.objs |   2 +
>  accel/qtest/qtest-cpus.c  | 105 +
>  accel/qtest/qtest-cpus.h  |  17 +
>  accel/{ => qtest}/qtest.c |   7 +
>  accel/stubs/kvm-stub.c|   3 +-
>  accel/tcg/Makefile.objs   |   1 +
>  accel/tcg/tcg-all.c   |  12 +-
>  accel/tcg/tcg-cpus.c  | 523 
>  accel/tcg/tcg-cpus.h  |  17 +
>  hw/core/cpu.c |   1 +
>  include/sysemu/cpus.h |  32 ++
>  include/sysemu/hw_accel.h |  57 +--
>  include/sysemu/kvm.h  |   2 +-
>  softmmu/cpus.c| 911 
> --
>  stubs/Makefile.objs   |   1 +
>  stubs/cpu-synchronize-state.c |  15 +
>  target/i386/Makefile.objs |   7 +-
>  target/i386/hax-all.c |   6 +-
>  target/i386/hax-cpus.c|  85 
>  target/i386/hax-cpus.h|  17 +
>  target/i386/hax-i386.h|   2 +
>  target/i386/hax-posix.c   |  12 +
>  target/i386/hax-windows.c |  20 +
>  target/i386/hvf/Makefile.objs |   2 +-
>  target/i386/hvf/hvf-cpus.c| 141 +++
>  target/i386/hvf/hvf-cpus.h|  17 +
>  target/i386/hvf/hvf.c |   3 +
>  target/i386/whpx-all.c|   3 +
>  target/i386/whpx-cpus.c   |  96 +
>  target/i386/whpx-cpus.h   |  17 +
>  36 files changed, 1362 insertions(+), 903 deletions(-)
>  create mode 100644 accel/kvm/kvm-cpus.c
>  create mode 100644 accel/kvm/kvm-cpus.h
>  create mode 100644 accel/qtest/Makefile.objs
>  create mode 100644 accel/qtest/qtest-cpus.c
>  create mode 100644 accel/qtest/qtest-cpus.h
>  rename accel/{ => qtest}/qtest.c (86%)
>  create mode 100644 accel/tcg/tcg-cpus.c
>  create mode 100644 accel/tcg/tcg-cpus.h
>  create mode 100644 stubs/cpu-synchronize-state.c
>  create mode 100644 target/i386/hax-cpus.c
>  create mode 100644 target/i386/hax-cpus.h
>  create mode 100644 target/i386/hvf/hvf-cpus.c
>  create mode 100644 target/i386/hvf/hvf-cpus.h
>  create mode 100644 target/i386/whpx-cpus.c
>  create mode 100644 target/i386/whpx-cpus.h

Predictably for such a spider patch I got a bunch of conflicts
attempting to merge on my testing branch so only a few comments.

>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index f308537d42..ef8cbb2680 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -427,6 +427,7 @@ WHPX CPUs
>  M: Sunil Muthuswamy 
>  S: Supported
>  F: target/i386/whpx-all.c
> +F: target/i386/whpx-cpus.c
>  F: target/i386/whp-dispatch.h
>  F: accel/stubs/whpx-stub.c
>  F: include/sysemu/whpx.h
> diff --git a/accel/Makefile.objs b/accel/Makefile.objs
> index ff72f0d030..c5e58eb53d 100644
> --- a/accel/Makefile.objs
> +++ b/accel/Makefile.objs
> @@ -1,5 +1,5 @@
>  common-obj-$(CONFIG_SOFTMMU) += accel.o
> -obj-$(call land,$(CONFIG_SOFTMMU),$(CONFIG_POSIX)) += qtest.o
> +obj-$(call land,$(CONFIG_SOFTMMU),$(CONFIG_POSIX)) += qtest/

This does raise the question if qtest is "just another" accelerator then
should we not be creating a CONFIG_QTEST symbol for explicitness?

>  obj-$(CONFIG_KVM) += kvm/
>  obj-$(CONFIG_TCG) += tcg/
>  obj-$(CONFIG_XEN) += xen/

> +static void *qtest_cpu_thread_fn(void *arg)
> +{
> +#ifdef _WIN32
> +error_report("qtest is not supported under Windows");
> +exit(1);
> +#else

This is literally impossible to build isn't it?
>  
>  static int qtest_init_accel(MachineState *ms)
>  {
> +cpus_register_accel(_cpus);
>  return 0;
>  }

I wonder if these register functions could be moved to initfns like we
use for our hardware models?


>  
> +/*
> + * every accelerator is supposed to register this.
> + * Could be in the AccelClass instead, but ends up being too complicated
> + * to access in practice, and inefficient for each call of each method.
> + */
> +static CpusAccel cpus_accel;
> +

wait what? Does an indirection cause that much trouble? I'm surprised
given how often we use it elsewhere in the code. I guess others might
argue for a full QOM-ification of the accelerator but I think we can at
least have an indirection rather than a copy of the structure.


-- 
Alex Bennée

Re: [PULL 00/23] target-arm queue

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20200616095702.25848-1-peter.mayd...@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PULL 00/23] target-arm queue
Type: series
Message-id: 20200616095702.25848-1-peter.mayd...@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
   6675a65..cb8278c  master -> master
 - [tag update]  
patchew/1592310699-58916-1-git-send-email-ani.si...@nutanix.com -> 
patchew/1592310699-58916-1-git-send-email-ani.si...@nutanix.com
 - [tag update]  patchew/20200615180346.3992-1-cfont...@suse.de -> 
patchew/20200615180346.3992-1-cfont...@suse.de
 * [new tag] patchew/20200616131756.1073438-1-mre...@redhat.com -> 
patchew/20200616131756.1073438-1-mre...@redhat.com
 * [new tag] patchew/cover.1592315226.git.bala...@eik.bme.hu -> 
patchew/cover.1592315226.git.bala...@eik.bme.hu
Switched to a new branch 'test'
b10a66e hw: arm: Set vendor property for IMX SDHCI emulations
5434a8f sd: sdhci: Implement basic vendor specific register support
23b105e hw/net/imx_fec: Convert debug fprintf() to trace events
d4fdcd5 target/arm/cpu: adjust virtual time for all KVM arm cpus
b120ecc Implement configurable descriptor size in ftgmac100
3ee9db4 hw/misc/imx6ul_ccm: Implement non writable bits in CCM registers
2abd0f4 target/arm: Convert Neon VDUP (scalar) to decodetree
d206569 target/arm: Convert Neon VTBL, VTBX to decodetree
d539502 target/arm: Convert Neon VEXT to decodetree
dc3fa32 target/arm: Convert Neon 2-reg-scalar long multiplies to decodetree
9c55dbb target/arm: Convert Neon 2-reg-scalar VQRDMLAH, VQRDMLSH to decodetree
1fe8012 target/arm: Convert Neon 2-reg-scalar VQDMULH, VQRDMULH to decodetree
f65be1e target/arm: Convert Neon 2-reg-scalar float multiplies to decodetree
90f2d89 target/arm: Convert Neon 2-reg-scalar integer multiplies to decodetree
c5586e0 target/arm: Add missing TCG temp free in do_2shift_env_64()
9d49fd6 target/arm: Add 'static' and 'const' annotations to VSHLL function 
arrays
44f7ad3 target/arm: Convert Neon 3-reg-diff polynomial VMULL
b1d42f1 target/arm: Convert Neon 3-reg-diff saturating doubling multiplies
0c54f33 target/arm: Convert Neon 3-reg-diff long multiplies
2e63060 target/arm: Convert Neon 3-reg-diff VABAL, VABDL to decodetree
48849e2 target/arm: Convert Neon 3-reg-diff narrowing ops to decodetree
437030b target/arm: Convert Neon 3-reg-diff prewidening ops to decodetree
17f754e target/arm: Fix missing temp frees in do_vshll_2sh

=== OUTPUT BEGIN ===
1/23 Checking commit 17f754e375b2 (target/arm: Fix missing temp frees in 
do_vshll_2sh)
2/23 Checking commit 437030bc3cb0 (target/arm: Convert Neon 3-reg-diff 
prewidening ops to decodetree)
3/23 Checking commit 48849e2bec62 (target/arm: Convert Neon 3-reg-diff 
narrowing ops to decodetree)
4/23 Checking commit 2e630605a940 (target/arm: Convert Neon 3-reg-diff VABAL, 
VABDL to decodetree)
5/23 Checking commit 0c54f3379838 (target/arm: Convert Neon 3-reg-diff long 
multiplies)
ERROR: space required after that ',' (ctx:VxV)
#93: FILE: target/arm/translate-neon.inc.c:2203:
+#define DO_VMLAL(INSN,MULL,ACC) \
  ^

ERROR: space required after that ',' (ctx:VxV)
#93: FILE: target/arm/translate-neon.inc.c:2203:
+#define DO_VMLAL(INSN,MULL,ACC) \
   ^

ERROR: space required after that ',' (ctx:VxV)
#111: FILE: target/arm/translate-neon.inc.c:2221:
+DO_VMLAL(VMLAL_S,mull_s,add)
 ^

ERROR: space required after that ',' (ctx:VxV)
#111: FILE: target/arm/translate-neon.inc.c:2221:
+DO_VMLAL(VMLAL_S,mull_s,add)
^

ERROR: space required after that ',' (ctx:VxV)
#112: FILE: target/arm/translate-neon.inc.c::
+DO_VMLAL(VMLAL_U,mull_u,add)
 ^

ERROR: space required after that ',' (ctx:VxV)
#112: FILE: target/arm/translate-neon.inc.c::
+DO_VMLAL(VMLAL_U,mull_u,add)
^

ERROR: space required after that ',' (ctx:VxV)
#113: FILE: target/arm/translate-neon.inc.c:2223:
+DO_VMLAL(VMLSL_S,mull_s,sub)
 ^

ERROR: space required after that ',' (ctx:VxV)
#113: FILE: target/arm/translate-neon.inc.c:2223:
+DO_VMLAL(VMLSL_S,mull_s,sub)
^

ERROR: space required after that ',' (ctx:VxV)
#114: FILE: target/arm/translate-neon.inc.c:2224:
+DO_VMLAL(VMLSL_U,mull_u,sub)
 ^

ERROR: space required after that ',' (ctx:VxV)
#114: FILE: target/arm/translate-neon.inc.c:2224:
+DO_VMLAL(VMLSL_U,mull_u,sub)
^

total: 10 errors, 0 warnings, 138 lines checked

Patch 5/23 

Re: [PATCH v4 1/5] acpi: Convert build_tpm2() to build_append* API

[Stefan Berger]

On 6/16/20 8:33 AM, Igor Mammedov wrote:


nevertheless looks like faithfull conversion,
btw why you didn't drop Acpi20TPM2 structure definition?

If we get rid of the table we should keep a reference to this document, 
table 7: "TCG ACPI Specification; Family 1.2 and 2.0; Level 00 Revision 
00.37, December 19, 2014"


https://trustedcomputinggroup.org/wp-content/uploads/TCG_ACPIGeneralSpecification_1-10_0-37-Published.pdf

[PATCH] hw/arm/virt: Add 5.0 HW compat props

[Andrew Jones]

Cc: Cornelia Huck 
Signed-off-by: Andrew Jones 
---
 hw/arm/virt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index caceb1e4a05f..8b6e6aa7b138 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -2375,6 +2375,7 @@ DEFINE_VIRT_MACHINE_AS_LATEST(5, 1)
 static void virt_machine_5_0_options(MachineClass *mc)
 {
 virt_machine_5_1_options(mc);
+compat_props_add(mc->compat_props, hw_compat_5_0, hw_compat_5_0_len);
 }
 DEFINE_VIRT_MACHINE(5, 0)
 
-- 
2.25.4

Re: [PATCH v2 4/5] acpi: Enable TPM IRQ

[Stefan Berger]

On 6/16/20 9:01 AM, Auger Eric wrote:

Hi Stefan,

On 6/15/20 7:11 PM, Stefan Berger wrote:

On 6/15/20 11:13 AM, Marc-André Lureau wrote:

diff --git a/include/hw/acpi/tpm.h b/include/hw/acpi/tpm.h
index 1a2a57a21f..063a9eb42a 100644
--- a/include/hw/acpi/tpm.h
+++ b/include/hw/acpi/tpm.h
@@ -24,7 +24,7 @@
   #define TPM_TIS_ADDR_BASE   0xFED4
   #define TPM_TIS_ADDR_SIZE   0x5000

-#define TPM_TIS_IRQ 5
+#define TPM_TIS_IRQ 13


Eric,

  does this change have any negative side effects on ARM? If you prefer,
we can split this part here up into TPM_TIS_ISA_IRQ and TPM_TIS_SYSBUS
IRQ and leave the latter at '5' because we know that this is working.

The IRQ is not advertised in dt nor ACPI on ARM. However it is
advertised in the capability reg and in the vector. reg So I think this
should be fixed? I guess on ARM we will pick up a completely different
IRQ num, allocated from the platform bus slot.



The specification

https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2p0-v1p04_r0p37_pub-1.pdf

declares several fields in the Interface Capability Register (table 23, 
pdf page 89) to be mandatory and they must be set to '1'. So I would not 
want to touch those. We can set the interrupt vector register to '0' in 
case interrupts are not supported. Following the spec 0 means that no 
interrupts are supported. I will now split TPM_TIS_IRQ into 
TPM_TIS_ISA_IRQ and TPM_TIS_SYSBUS_IRQ and will in the end set 
TPM_TIS_SYSBUS_IRQ to 'disabled', indicating that IRQs are not 
supported, though they should work even though on ARM there may not be a 
driver to test this with. Does this sound ok?



   Stefan




Thanks

Eric

    Stefan



   #define TPM_TIS_NUM_LOCALITIES  5 /* per spec */
   #define TPM_TIS_LOCALITY_SHIFT  12
--
2.24.1

Re: [PATCH v4 1/5] acpi: Convert build_tpm2() to build_append* API

[Auger Eric]

Hi Igor,
On 6/16/20 2:33 PM, Igor Mammedov wrote:
> On Thu, 11 Jun 2020 15:59:13 +0200
> Eric Auger  wrote:
> 
>> In preparation of its move to the generic acpi code,
>> let's convert build_tpm2() to use build_append API. This
>> latter now is prefered in place of direct ACPI struct field
>> settings with manual endianness conversion.
>>
>> Signed-off-by: Eric Auger 
>>
>> ---
>>
>> v3 -> v4:
>> - Don't use Acpi20TPM2 *tpm2_ptr anymore
>> - Use variables for control area start address and start method
>> - Simplified arg values passed to bios_linker_loader_add_pointer
>> - use g_assert_not_reached()
>> ---
>>  hw/i386/acpi-build.c | 49 +---
>>  1 file changed, 33 insertions(+), 16 deletions(-)
>>
>> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
>> index b5669d6c65..f150d95ecc 100644
>> --- a/hw/i386/acpi-build.c
>> +++ b/hw/i386/acpi-build.c
>> @@ -2298,35 +2298,52 @@ build_tpm_tcpa(GArray *table_data, BIOSLinker 
>> *linker, GArray *tcpalog)
>>  static void
>>  build_tpm2(GArray *table_data, BIOSLinker *linker, GArray *tcpalog)
>>  {
>> -Acpi20TPM2 *tpm2_ptr = acpi_data_push(table_data, sizeof *tpm2_ptr);
>> -unsigned log_addr_size = sizeof(tpm2_ptr->log_area_start_address);
>> -unsigned log_addr_offset =
>> -(char *)_ptr->log_area_start_address - table_data->data;
>> +uint8_t start_method_params[12] = {};
>> +unsigned log_addr_offset, tpm2_start;
>> +uint64_t control_area_start_address;
>> +uint32_t start_method;
>> +void *tpm2_ptr;
>>  
>> -tpm2_ptr->platform_class = cpu_to_le16(TPM2_ACPI_CLASS_CLIENT);
>> +tpm2_start = table_data->len;
>> +tpm2_ptr = acpi_data_push(table_data, sizeof(AcpiTableHeader));
>> +
>> +/* Platform Class */
>> +build_append_int_noprefix(table_data, TPM2_ACPI_CLASS_CLIENT, 2);
>> +/* Reserved */
>> +build_append_int_noprefix(table_data, 0, 2);
>>  if (TPM_IS_TIS_ISA(tpm_find())) {
>> -tpm2_ptr->control_area_address = cpu_to_le64(0);
>> -tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_MMIO);
>> +control_area_start_address = 0;
>> +start_method = TPM2_START_METHOD_MMIO;
>>  } else if (TPM_IS_CRB(tpm_find())) {
>> -tpm2_ptr->control_area_address = cpu_to_le64(TPM_CRB_ADDR_CTRL);
>> -tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_CRB);
>> +control_area_start_address = TPM_CRB_ADDR_CTRL;
>> +start_method = TPM2_START_METHOD_CRB;
>>  } else {
>> -g_warn_if_reached();
>> +g_assert_not_reached();
>>  }
>> +/* Address of Control Area */
>> +build_append_int_noprefix(table_data, control_area_start_address, 8);
>> +/* Start Method */
>> +build_append_int_noprefix(table_data, start_method, 4);
>>  
>> -tpm2_ptr->log_area_minimum_length =
>> -cpu_to_le32(TPM_LOG_AREA_MINIMUM_SIZE);
>> +/* Platform Specific Parameters */
>> +g_array_append_vals(table_data, _method_params,
>> +ARRAY_SIZE(start_method_params));
>>  
>> -acpi_data_push(tcpalog, le32_to_cpu(tpm2_ptr->log_area_minimum_length));
>> +/* Log Area Minimum Length */
>> +build_append_int_noprefix(table_data, TPM_LOG_AREA_MINIMUM_SIZE, 4);
> 
> question not related to conversion:
> Is it a part of 'Platform Specific Parameters'?
no I don't think so.
> (as per spec table ends with it. if yes, then probably add pointer to place 
> in spec
> wher its documented.
Actually I failed to identify the place in the documentation. I looked
at the Acpi20TPM2 struct instead :-)
> 
>> +
>> +acpi_data_push(tcpalog, TPM_LOG_AREA_MINIMUM_SIZE);
>>  bios_linker_loader_alloc(linker, ACPI_BUILD_TPMLOG_FILE, tcpalog, 1,
>>   false);
>>  
>> -/* log area start address to be filled by Guest linker */
>> +log_addr_offset = table_data->len;
>> +build_append_int_noprefix(table_data, 0, 8);
>> +/* Log Area Start Address to be filled by Guest linker */
> move this line to where it used to be or at least above 
> build_append_int_noprefix()
ok
> 
>>  bios_linker_loader_add_pointer(linker, ACPI_BUILD_TABLE_FILE,
>> -   log_addr_offset, log_addr_size,
>> +   log_addr_offset, 8,
>> ACPI_BUILD_TPMLOG_FILE, 0);
>>  build_header(linker, table_data,
>> - (void *)tpm2_ptr, "TPM2", sizeof(*tpm2_ptr), 4, NULL, 
>> NULL);
>> + tpm2_ptr, "TPM2", table_data->len - tpm2_start, 4, NULL, 
>> NULL);
>>  }
>>  
>>  #define HOLE_640K_START  (640 * KiB)
> 
> nevertheless looks like faithfull conversion,
> btw why you didn't drop Acpi20TPM2 structure definition?
I did not look if it were used elsewhere and also it reflects a state of
the spec. As I mentioned above, I was not able to find some info in the
spec.

Please note that the conversion was already pulled upstream but Michael
took an ancient 

Re: [PATCH v8 07/14] block/crypto: implement the encryption key management

[Maxim Levitsky]

On Mon, 2020-06-08 at 14:14 +0200, Max Reitz wrote:
> On 08.06.20 11:40, Maxim Levitsky wrote:
> > This implements the encryption key management using the generic code in
> > qcrypto layer and exposes it to the user via qemu-img
> > 
> > This code adds another 'write_func' because the initialization
> > write_func works directly on the underlying file, and amend
> > works on instance of luks device.
> > 
> > This commit also adds a 'hack/workaround' I and Kevin Wolf (thanks)
> > made to make the driver both support write sharing (to avoid breaking the 
> > users),
> > and be safe against concurrent  metadata update (the keyslots)
> > 
> > Eventually the write sharing for luks driver will be deprecated
> > and removed together with this hack.
> > 
> > The hack is that we ask (as a format driver) for BLK_PERM_CONSISTENT_READ
> > and then when we want to update the keys, we unshare that permission.
> > So if someone else has the image open, even readonly, encryption
> > key update will fail gracefully.
> > 
> > Also thanks to Daniel Berrange for the idea of
> > unsharing read, rather that write permission which allows
> > to avoid cases when the other user had opened the image read-only.
> > 
> > Signed-off-by: Maxim Levitsky 
> > Reviewed-by: Daniel P. Berrangé 
> > Reviewed-by: Max Reitz 
> > ---
> >  block/crypto.c | 130 +++--
> >  block/crypto.h |  34 +
> >  2 files changed, 161 insertions(+), 3 deletions(-)
> > 
> > diff --git a/block/crypto.c b/block/crypto.c
> > index 1960b47ceb..b9c40e6922 100644
> > --- a/block/crypto.c
> > +++ b/block/crypto.c
> 
> [...]
> 
> > +static void
> > +block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c,
> > + const BdrvChildRole role,
> 
> Well, it isn’t wrong to have this be a const, nor is it against any
> coding guidelines.  While I do believe this was an accident, I also
> think that in fact, maybe being strict about const-ness is what we
> should’ve done everywhere from the start.
> 
> So this is not a complaint, quite the contrary.
> 
> (I felt it was interesting enough to warrant this mail.  *shrug*)

Yep, that was 100% accident I confess.

Best regards,
Maxim Levitsky

> 
> > + BlockReopenQueue *reopen_queue,
> > + uint64_t perm, uint64_t shared,
> > + uint64_t *nperm, uint64_t *nshared)
> > +{
> > +
> > +BlockCrypto *crypto = bs->opaque;
> > +
> > +bdrv_default_perms(bs, c, role, reopen_queue, perm, shared, nperm, 
> > nshared);
> > +
> > +/*
> > + * For backward compatibility, manually share the write
> > + * and resize permission
> > + */
> > +*nshared |= (BLK_PERM_WRITE | BLK_PERM_RESIZE);
> > +/*
> > + * Since we are not fully a format driver, don't always request
> > + * the read/resize permission but only when explicitly
> > + * requested
> > + */
> > +*nperm &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
> > +*nperm |= perm & (BLK_PERM_WRITE | BLK_PERM_RESIZE);
> 
> Looks good, thanks!
> 
> Max
> 

Re: [RFC v5 3/4] cpu-timers, icount: new modules

[Alex Bennée]

Claudio Fontana  writes:

> refactoring of cpus.c continues with cpu timer state extraction.
>
> cpu-timers: responsible for the cpu timers state, and for access to
> cpu clocks and ticks.
>
> icount: counts the TCG instructions executed. As such it is specific to
> the TCG accelerator. Therefore, it is built only under CONFIG_TCG.
>
> One complication is due to qtest, which misuses icount to warp time
> (qtest_clock_warp). In order to solve this problem, detach instead qtest
> from icount, and use a trivial separate counter for it.
>
> This requires fixing assumptions scattered in the code that
> qtest_enabled() implies icount_enabled().
>
> No functionality change.
>
> Signed-off-by: Claudio Fontana 
> ---
>  MAINTAINERS  |   2 +
>  accel/qtest.c|   6 +-
>  accel/tcg/cpu-exec.c |  43 ++-
>  accel/tcg/tcg-all.c  |   7 +-
>  accel/tcg/translate-all.c|   3 +-
>  docs/replay.txt  |   6 +-
>  exec.c   |   4 -
>  hw/core/ptimer.c |   8 +-
>  hw/i386/x86.c|   1 +
>  include/exec/cpu-all.h   |   4 +
>  include/exec/exec-all.h  |   4 +-
>  include/qemu/timer.h |  22 +-
>  include/sysemu/cpu-timers.h  |  81 +
>  include/sysemu/cpus.h|  12 +-
>  include/sysemu/qtest.h   |   2 +
>  include/sysemu/replay.h  |   4 +-
>  replay/replay.c  |   6 +-
>  softmmu/Makefile.objs|   2 +
>  softmmu/cpu-timers.c | 284 
>  softmmu/cpus.c   | 750 
> +--
>  softmmu/icount.c | 499 
>  softmmu/qtest.c  |  34 +-
>  softmmu/timers-state.h   |  69 
>  softmmu/vl.c |   8 +-
>  stubs/Makefile.objs  |   3 +-
>  stubs/clock-warp.c   |   4 +-
>  stubs/cpu-get-clock.c|   3 +-
>  stubs/cpu-get-icount.c   |  21 --
>  stubs/icount.c   |  22 ++
>  stubs/qemu-timer-notify-cb.c |   8 +
>  stubs/qtest.c|   5 +
>  target/alpha/translate.c |   3 +-
>  target/arm/helper.c  |   7 +-
>  target/riscv/csr.c   |   8 +-
>  tests/ptimer-test-stubs.c|   7 +-
>  tests/test-timed-average.c   |   2 +-
>  util/main-loop.c |   4 +-
>  util/qemu-timer.c|  12 +-
>  38 files changed, 1119 insertions(+), 851 deletions(-)

Ooof this seems a little big for comfort but maybe that can't be
avoided. Certainly doesn't seem to break anything:

Reviewed-by: Alex Bennée 

-- 
Alex Bennée

[PATCH v5 09/11] macio: Add dummy screamer register area

[BALATON Zoltan]

The only thing this returns is an idle status so the firmware
continues, otherwise just ignores and logs access for debugging. This
is a stop gap until proper implementation of this device lands.

Signed-off-by: BALATON Zoltan 
---
 hw/misc/macio/macio.c | 34 ++
 1 file changed, 34 insertions(+)

diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index 8ba7af073c..c7e8556ca6 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -26,6 +26,7 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qemu/module.h"
+#include "qemu/log.h"
 #include "hw/ppc/mac.h"
 #include "hw/misc/macio/cuda.h"
 #include "hw/pci/pci.h"
@@ -94,6 +95,33 @@ static void macio_bar_setup(MacIOState *s)
 macio_escc_legacy_setup(s);
 }
 
+#define AWAC_CODEC_STATUS_REG 0x20
+
+#define AWAC_MAKER_CRYSTAL 1
+#define AWAC_REV_SCREAMER 3
+#define AWAC_VALID_DATA 0x40
+
+static uint64_t screamer_read(void *opaque, hwaddr addr, unsigned size)
+{
+qemu_log_mask(LOG_UNIMP,
+  "macio: screamer read %" HWADDR_PRIx "  %d\n", addr, size);
+return (addr == AWAC_CODEC_STATUS_REG ? AWAC_VALID_DATA << 8 |
+AWAC_MAKER_CRYSTAL << 16 | AWAC_REV_SCREAMER << 20 : 0);
+}
+
+static void screamer_write(void *opaque, hwaddr addr,
+   uint64_t val, unsigned size)
+{
+qemu_log_mask(LOG_UNIMP,
+  "macio: screamer write %" HWADDR_PRIx "  %d = %"PRIx64"\n",
+  addr, size, val);
+}
+
+const MemoryRegionOps screamer_ops = {
+.read = screamer_read,
+.write = screamer_write,
+};
+
 static void macio_common_realize(PCIDevice *d, Error **errp)
 {
 MacIOState *s = MACIO(d);
@@ -149,6 +177,7 @@ static void macio_oldworld_realize(PCIDevice *d, Error 
**errp)
 DeviceState *pic_dev = DEVICE(os->pic);
 Error *err = NULL;
 SysBusDevice *sysbus_dev;
+MemoryRegion *screamer = g_new(MemoryRegion, 1);
 
 macio_common_realize(d, );
 if (err) {
@@ -208,6 +237,11 @@ static void macio_oldworld_realize(PCIDevice *d, Error 
**errp)
 error_propagate(errp, err);
 return;
 }
+
+/* Dummy screamer sound device */
+memory_region_init_io(screamer, OBJECT(d), _ops, NULL,
+  "screamer", 0x2000);
+memory_region_add_subregion(>bar, 0x14000, screamer);
 }
 
 static void macio_init_ide(MacIOState *s, MACIOIDEState *ide, int index)
-- 
2.21.3

[PATCH v5 10/11] WIP macio/cuda: Attempt to add i2c support

[BALATON Zoltan]

This is a non-working RFC patch attempt to implement i2c bus in CUDA
needed for firmware to access SPD data of installed RAM. The skeleton
is there but actual operation fails because I don't know how this is
supposed to work and the i2c bus state becomes invalid quickly. Also
sending back results may be missing or wrong. Help fixing and
finishing this is welcome, I don't plan to spend more time with this
so just submitted it for whoever picks this up.

Signed-off-by: BALATON Zoltan 
---
 hw/misc/macio/cuda.c | 62 +++-
 include/hw/misc/macio/cuda.h |  1 +
 2 files changed, 62 insertions(+), 1 deletion(-)

diff --git a/hw/misc/macio/cuda.c b/hw/misc/macio/cuda.c
index 47aa3b0552..cfe4713527 100644
--- a/hw/misc/macio/cuda.c
+++ b/hw/misc/macio/cuda.c
@@ -28,6 +28,7 @@
 #include "hw/ppc/mac.h"
 #include "hw/qdev-properties.h"
 #include "migration/vmstate.h"
+#include "hw/i2c/i2c.h"
 #include "hw/input/adb.h"
 #include "hw/misc/mos6522.h"
 #include "hw/misc/macio/cuda.h"
@@ -371,6 +372,61 @@ static bool cuda_cmd_set_time(CUDAState *s,
 return true;
 }
 
+static bool cuda_cmd_get_set_iic(CUDAState *s,
+ const uint8_t *in_data, int in_len,
+ uint8_t *out_data, int *out_len)
+{
+int i;
+
+qemu_log_mask(LOG_UNIMP, "CUDA: unimplemented GET_SET_IIC %s 0x%x %d\n",
+  (in_data[0] & 1 ? "read" : "write"), in_data[0] >> 1,
+  in_len);
+if (i2c_start_transfer(s->i2c_bus, in_data[0] >> 1, in_data[0] & 1)) {
+return false;
+}
+for (i = 0; i < in_len - 3; i++) {
+if (i2c_send(s->i2c_bus, in_data[i])) {
+i2c_end_transfer(s->i2c_bus);
+return false;
+}
+}
+return true;
+}
+
+static bool cuda_cmd_combined_iic(CUDAState *s,
+  const uint8_t *in_data, int in_len,
+  uint8_t *out_data, int *out_len)
+{
+int i;
+
+if (in_len < 3) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "CUDA: COMBINED_FORMAT_IIC too few input bytes\n");
+return false;
+}
+if ((in_data[0] & 0xfe) != (in_data[2] & 0xfe)) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "CUDA: COMBINED_FORMAT_IIC address mismatch\n");
+return false;
+}
+
+uint8_t data = in_data[1];
+if (i2c_start_transfer(s->i2c_bus, in_data[0] >> 1, in_data[0] & 1) ||
+i2c_send_recv(s->i2c_bus, , in_data[0] & 1)) {
+return false;
+} else {
+for (i = 0; i < in_len - 3; i++) {
+data = in_data[3 + i];
+if (i2c_send_recv(s->i2c_bus, (in_data[2] & 1 ? _data[i] :
+  ), in_data[2] & 1)) {
+i2c_end_transfer(s->i2c_bus);
+return false;
+}
+}
+}
+return true;
+}
+
 static const CudaCommand handlers[] = {
 { CUDA_AUTOPOLL, "AUTOPOLL", cuda_cmd_autopoll },
 { CUDA_SET_AUTO_RATE, "SET_AUTO_RATE",  cuda_cmd_set_autorate },
@@ -383,6 +439,8 @@ static const CudaCommand handlers[] = {
   cuda_cmd_set_power_message },
 { CUDA_GET_TIME, "GET_TIME", cuda_cmd_get_time },
 { CUDA_SET_TIME, "SET_TIME", cuda_cmd_set_time },
+{ CUDA_GET_SET_IIC, "GET_SET_IIC", cuda_cmd_get_set_iic },
+{ CUDA_COMBINED_FORMAT_IIC, "COMBINED_FORMAT_IIC", cuda_cmd_combined_iic },
 };
 
 static void cuda_receive_packet(CUDAState *s,
@@ -553,6 +611,7 @@ static void cuda_init(Object *obj)
 {
 CUDAState *s = CUDA(obj);
 SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+DeviceState *dev = DEVICE(obj);
 
 object_initialize_child(obj, "mos6522-cuda", >mos6522_cuda,
 TYPE_MOS6522_CUDA);
@@ -561,7 +620,8 @@ static void cuda_init(Object *obj)
 sysbus_init_mmio(sbd, >mem);
 
 qbus_create_inplace(>adb_bus, sizeof(s->adb_bus), TYPE_ADB_BUS,
-DEVICE(obj), "adb.0");
+dev, "adb.0");
+s->i2c_bus = i2c_init_bus(dev, "i2c");
 }
 
 static Property cuda_properties[] = {
diff --git a/include/hw/misc/macio/cuda.h b/include/hw/misc/macio/cuda.h
index 5768075ac5..0c798100dc 100644
--- a/include/hw/misc/macio/cuda.h
+++ b/include/hw/misc/macio/cuda.h
@@ -79,6 +79,7 @@ typedef struct CUDAState {
 
 ADBBusState adb_bus;
 MOS6522CUDAState mos6522_cuda;
+I2CBus *i2c_bus;
 
 uint32_t tick_offset;
 uint64_t tb_frequency;
-- 
2.21.3

[PATCH v5 06/11] mac_oldworld: Rename ppc_heathrow_reset to ppc_heathrow_cpu_reset

[BALATON Zoltan]

This function resets a CPU not the whole machine so reflect that in
its name.

Signed-off-by: BALATON Zoltan 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/ppc/mac_oldworld.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 428851..f97f241e0c 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -73,7 +73,7 @@ static uint64_t translate_kernel_address(void *opaque, 
uint64_t addr)
 return (addr & 0x0fff) + KERNEL_LOAD_ADDR;
 }
 
-static void ppc_heathrow_reset(void *opaque)
+static void ppc_heathrow_cpu_reset(void *opaque)
 {
 PowerPCCPU *cpu = opaque;
 
@@ -112,7 +112,7 @@ static void ppc_heathrow_init(MachineState *machine)
 
 /* Set time-base frequency to 16.6 Mhz */
 cpu_ppc_tb_init(env,  TBFREQ);
-qemu_register_reset(ppc_heathrow_reset, cpu);
+qemu_register_reset(ppc_heathrow_cpu_reset, cpu);
 }
 
 /* allocate RAM */
-- 
2.21.3

[PATCH v5 11/11] mac_oldworld: Add SPD data to cover RAM

[BALATON Zoltan]

OpenBIOS gets RAM size via fw_cfg but rhe original board firmware
detects RAM using SPD data so generate and add SDP eeproms to cover as
much RAM as possible to describe with SPD (this may be less than the
actual ram_size due to SDRAM size constraints).

Signed-off-by: BALATON Zoltan 
---
 hw/ppc/mac_oldworld.c | 19 ++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 14a191ff88..fcc0d6d933 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -34,6 +34,7 @@
 #include "hw/input/adb.h"
 #include "sysemu/sysemu.h"
 #include "net/net.h"
+#include "hw/i2c/smbus_eeprom.h"
 #include "hw/isa/isa.h"
 #include "hw/pci/pci.h"
 #include "hw/pci/pci_host.h"
@@ -133,6 +134,8 @@ static void ppc_heathrow_init(MachineState *machine)
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
 void *fw_cfg;
 uint64_t tbfreq;
+uint8_t *spd_data[3] = {};
+I2CBus *i2c_bus;
 
 /* init CPUs */
 for (i = 0; i < smp_cpus; i++) {
@@ -150,8 +153,16 @@ static void ppc_heathrow_init(MachineState *machine)
  "maximum 2047 MB", ram_size / MiB);
 exit(1);
 }
-
 memory_region_add_subregion(get_system_memory(), 0, machine->ram);
+for (i = 0; i < 3; i++) {
+int size_left = ram_size - i * 512 * MiB;
+if (size_left > 0) {
+uint32_t s = size_left / MiB;
+s = (s > 512 ? 512 : s);
+s = 1U << (31 - clz32(s));
+spd_data[i] = spd_data_generate(SDR, s * MiB);
+}
+}
 
 /* allocate and load firmware ROM */
 memory_region_init_rom(bios, NULL, "ppc_heathrow.bios", PROM_SIZE,
@@ -337,6 +348,12 @@ static void ppc_heathrow_init(MachineState *machine)
 macio_ide_init_drives(macio_ide, [MAX_IDE_DEVS]);
 
 dev = DEVICE(object_resolve_path_component(OBJECT(macio), "cuda"));
+i2c_bus = I2C_BUS(qdev_get_child_bus(dev, "i2c"));
+for (i = 0; i < 3; i++) {
+if (spd_data[i]) {
+smbus_eeprom_init_one(i2c_bus, 0x50 + i, spd_data[i]);
+}
+}
 adb_bus = qdev_get_child_bus(dev, "adb.0");
 dev = qdev_new(TYPE_ADB_KEYBOARD);
 qdev_realize_and_unref(dev, adb_bus, _fatal);
-- 
2.21.3

[PATCH v5 05/11] grackle: Set revision in PCI config to match hardware

[BALATON Zoltan]

Signed-off-by: BALATON Zoltan 
---
 hw/pci-host/grackle.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/pci-host/grackle.c b/hw/pci-host/grackle.c
index 4b3af0c704..48d11f13ab 100644
--- a/hw/pci-host/grackle.c
+++ b/hw/pci-host/grackle.c
@@ -130,7 +130,7 @@ static void grackle_pci_class_init(ObjectClass *klass, void 
*data)
 k->realize   = grackle_pci_realize;
 k->vendor_id = PCI_VENDOR_ID_MOTOROLA;
 k->device_id = PCI_DEVICE_ID_MOTOROLA_MPC106;
-k->revision  = 0x00;
+k->revision  = 0x40;
 k->class_id  = PCI_CLASS_BRIDGE_HOST;
 /*
  * PCI-facing part of the host bridge, not usable without the
-- 
2.21.3

[PATCH v5 03/11] mac_oldworld: Drop a variable, use get_system_memory() directly

[BALATON Zoltan]

Half of the occurances already use get_system_memory() directly
instead of sysmem variable, convert the two other uses to
get_system_memory() tii which seems to be more common and drop the
variable.

Signed-off-by: BALATON Zoltan 
---
 hw/ppc/mac_oldworld.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index baf3da6f90..d1c4244b1e 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -87,7 +87,6 @@ static void ppc_heathrow_init(MachineState *machine)
 const char *kernel_cmdline = machine->kernel_cmdline;
 const char *initrd_filename = machine->initrd_filename;
 const char *boot_device = machine->boot_order;
-MemoryRegion *sysmem = get_system_memory();
 PowerPCCPU *cpu = NULL;
 CPUPPCState *env = NULL;
 char *filename;
@@ -128,12 +127,12 @@ static void ppc_heathrow_init(MachineState *machine)
 exit(1);
 }
 
-memory_region_add_subregion(sysmem, 0, machine->ram);
+memory_region_add_subregion(get_system_memory(), 0, machine->ram);
 
 /* allocate and load firmware ROM */
 memory_region_init_rom(bios, NULL, "ppc_heathrow.bios", PROM_SIZE,
_fatal);
-memory_region_add_subregion(sysmem, PROM_BASE, bios);
+memory_region_add_subregion(get_system_memory(), PROM_BASE, bios);
 
 if (!bios_name) {
 bios_name = PROM_FILENAME;
-- 
2.21.3

[PATCH v5 07/11] mac_oldworld: Map macio to expected address at reset

[BALATON Zoltan]

Add a reset function that maps macio to the address expected by the
firmware of the board at startup.

Signed-off-by: BALATON Zoltan 
---
 hw/ppc/mac.h  | 12 
 hw/ppc/mac_oldworld.c | 15 ++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/mac.h b/hw/ppc/mac.h
index a0d9e47031..79ccf8775d 100644
--- a/hw/ppc/mac.h
+++ b/hw/ppc/mac.h
@@ -55,6 +55,18 @@
 #define OLDWORLD_IDE1_IRQ  0xe
 #define OLDWORLD_IDE1_DMA_IRQ  0x3
 
+/* g3beige machine */
+#define TYPE_HEATHROW_MACHINE MACHINE_TYPE_NAME("g3beige")
+#define HEATHROW_MACHINE(obj) OBJECT_CHECK(HeathrowMachineState, (obj), \
+   TYPE_HEATHROW_MACHINE)
+
+typedef struct HeathrowMachineState {
+/*< private >*/
+MachineState parent;
+
+PCIDevice *macio;
+} HeathrowMachineState;
+
 /* New World IRQs */
 #define NEWWORLD_CUDA_IRQ  0x19
 #define NEWWORLD_PMU_IRQ   0x19
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index f97f241e0c..13562e26e6 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -73,6 +73,15 @@ static uint64_t translate_kernel_address(void *opaque, 
uint64_t addr)
 return (addr & 0x0fff) + KERNEL_LOAD_ADDR;
 }
 
+static void ppc_heathrow_reset(MachineState *machine)
+{
+HeathrowMachineState *m = HEATHROW_MACHINE(machine);
+
+qemu_devices_reset();
+pci_default_write_config(m->macio, PCI_COMMAND, PCI_COMMAND_MEMORY, 2);
+pci_default_write_config(m->macio, PCI_BASE_ADDRESS_0, 0xf300, 4);
+}
+
 static void ppc_heathrow_cpu_reset(void *opaque)
 {
 PowerPCCPU *cpu = opaque;
@@ -82,6 +91,7 @@ static void ppc_heathrow_cpu_reset(void *opaque)
 
 static void ppc_heathrow_init(MachineState *machine)
 {
+HeathrowMachineState *hm = HEATHROW_MACHINE(machine);
 ram_addr_t ram_size = machine->ram_size;
 const char *boot_device = machine->boot_order;
 PowerPCCPU *cpu = NULL;
@@ -287,6 +297,7 @@ static void ppc_heathrow_init(MachineState *machine)
 
 /* MacIO */
 macio = pci_new(-1, TYPE_OLDWORLD_MACIO);
+hm->macio = macio;
 dev = DEVICE(macio);
 qdev_prop_set_uint64(dev, "frequency", tbfreq);
 object_property_set_link(OBJECT(macio), OBJECT(pic_dev), "pic",
@@ -439,6 +450,7 @@ static void heathrow_class_init(ObjectClass *oc, void *data)
 
 mc->desc = "Heathrow based PowerMAC";
 mc->init = ppc_heathrow_init;
+mc->reset = ppc_heathrow_reset;
 mc->block_default_type = IF_IDE;
 mc->max_cpus = MAX_CPUS;
 #ifndef TARGET_PPC64
@@ -455,9 +467,10 @@ static void heathrow_class_init(ObjectClass *oc, void 
*data)
 }
 
 static const TypeInfo ppc_heathrow_machine_info = {
-.name  = MACHINE_TYPE_NAME("g3beige"),
+.name  = TYPE_HEATHROW_MACHINE,
 .parent= TYPE_MACHINE,
 .class_init= heathrow_class_init,
+.instance_size = sizeof(HeathrowMachineState),
 .interfaces = (InterfaceInfo[]) {
 { TYPE_FW_PATH_PROVIDER },
 { }
-- 
2.21.3

[PATCH v5 08/11] mac_oldworld: Add machine ID register

[BALATON Zoltan]

The G3 beige machine has a machine ID register that is accessed by the
firmware to deternine the board config. Add basic emulation of it.

Signed-off-by: BALATON Zoltan 
---
v4: Move MermoryRegion to MachineState, use constants

 hw/ppc/mac.h  |  1 +
 hw/ppc/mac_oldworld.c | 24 
 2 files changed, 25 insertions(+)

diff --git a/hw/ppc/mac.h b/hw/ppc/mac.h
index 79ccf8775d..32b7928a96 100644
--- a/hw/ppc/mac.h
+++ b/hw/ppc/mac.h
@@ -64,6 +64,7 @@ typedef struct HeathrowMachineState {
 /*< private >*/
 MachineState parent;
 
+MemoryRegion machine_id;
 PCIDevice *macio;
 } HeathrowMachineState;
 
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 13562e26e6..14a191ff88 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -52,6 +52,9 @@
 
 #define MAX_IDE_BUS 2
 #define CFG_ADDR 0xf510
+#define MACHINE_ID_ADDR 0xff04
+#define MACHINE_ID_VAL 0x3d8c
+
 #define TBFREQ 1660UL
 #define CLOCKFREQ 26600UL
 #define BUSFREQ 6600UL
@@ -89,6 +92,22 @@ static void ppc_heathrow_cpu_reset(void *opaque)
 cpu_reset(CPU(cpu));
 }
 
+static uint64_t machine_id_read(void *opaque, hwaddr addr, unsigned size)
+{
+return (addr == 0 && size == 2 ? MACHINE_ID_VAL : 0);
+}
+
+static void machine_id_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+return;
+}
+
+const MemoryRegionOps machine_id_reg_ops = {
+.read = machine_id_read,
+.write = machine_id_write,
+};
+
 static void ppc_heathrow_init(MachineState *machine)
 {
 HeathrowMachineState *hm = HEATHROW_MACHINE(machine);
@@ -239,6 +258,11 @@ static void ppc_heathrow_init(MachineState *machine)
 }
 }
 
+memory_region_init_io(>machine_id, OBJECT(machine),
+  _id_reg_ops, NULL, "machine_id", 2);
+memory_region_add_subregion(get_system_memory(), MACHINE_ID_ADDR,
+>machine_id);
+
 /* XXX: we register only 1 output pin for heathrow PIC */
 pic_dev = qdev_new(TYPE_HEATHROW);
 sysbus_realize_and_unref(SYS_BUS_DEVICE(pic_dev), _fatal);
-- 
2.21.3

[PATCH v5 04/11] mac_oldworld: Drop some variables

[BALATON Zoltan]

Values not used frequently enough may not worth putting in a local
variable, especially with names almost as long as the original value
because that does not improve readability, to the contrary it makes it
harder to see what value is used. Drop a few such variables.

Signed-off-by: BALATON Zoltan 
---
 hw/ppc/mac_oldworld.c | 33 -
 1 file changed, 16 insertions(+), 17 deletions(-)

diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index d1c4244b1e..428851 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -83,14 +83,11 @@ static void ppc_heathrow_reset(void *opaque)
 static void ppc_heathrow_init(MachineState *machine)
 {
 ram_addr_t ram_size = machine->ram_size;
-const char *kernel_filename = machine->kernel_filename;
-const char *kernel_cmdline = machine->kernel_cmdline;
-const char *initrd_filename = machine->initrd_filename;
 const char *boot_device = machine->boot_order;
 PowerPCCPU *cpu = NULL;
 CPUPPCState *env = NULL;
 char *filename;
-int linux_boot, i;
+int i;
 MemoryRegion *bios = g_new(MemoryRegion, 1);
 uint32_t kernel_base, initrd_base, cmdline_base = 0;
 int32_t kernel_size, initrd_size;
@@ -108,8 +105,6 @@ static void ppc_heathrow_init(MachineState *machine)
 void *fw_cfg;
 uint64_t tbfreq;
 
-linux_boot = (kernel_filename != NULL);
-
 /* init CPUs */
 for (i = 0; i < smp_cpus; i++) {
 cpu = POWERPC_CPU(cpu_create(machine->cpu_type));
@@ -159,7 +154,7 @@ static void ppc_heathrow_init(MachineState *machine)
 exit(1);
 }
 
-if (linux_boot) {
+if (machine->kernel_filename) {
 uint64_t lowaddr = 0;
 int bswap_needed;
 
@@ -169,30 +164,33 @@ static void ppc_heathrow_init(MachineState *machine)
 bswap_needed = 0;
 #endif
 kernel_base = KERNEL_LOAD_ADDR;
-kernel_size = load_elf(kernel_filename, NULL,
+kernel_size = load_elf(machine->kernel_filename, NULL,
translate_kernel_address, NULL,
NULL, , NULL, NULL, 1, PPC_ELF_MACHINE,
0, 0);
 if (kernel_size < 0)
-kernel_size = load_aout(kernel_filename, kernel_base,
+kernel_size = load_aout(machine->kernel_filename, kernel_base,
 ram_size - kernel_base, bswap_needed,
 TARGET_PAGE_SIZE);
 if (kernel_size < 0)
-kernel_size = load_image_targphys(kernel_filename,
+kernel_size = load_image_targphys(machine->kernel_filename,
   kernel_base,
   ram_size - kernel_base);
 if (kernel_size < 0) {
-error_report("could not load kernel '%s'", kernel_filename);
+error_report("could not load kernel '%s'",
+ machine->kernel_filename);
 exit(1);
 }
 /* load initrd */
-if (initrd_filename) {
-initrd_base = TARGET_PAGE_ALIGN(kernel_base + kernel_size + 
KERNEL_GAP);
-initrd_size = load_image_targphys(initrd_filename, initrd_base,
+if (machine->initrd_filename) {
+initrd_base = TARGET_PAGE_ALIGN(kernel_base + kernel_size +
+KERNEL_GAP);
+initrd_size = load_image_targphys(machine->initrd_filename,
+  initrd_base,
   ram_size - initrd_base);
 if (initrd_size < 0) {
 error_report("could not load initial ram disk '%s'",
- initrd_filename);
+ machine->initrd_filename);
 exit(1);
 }
 cmdline_base = TARGET_PAGE_ALIGN(initrd_base + initrd_size);
@@ -336,9 +334,10 @@ static void ppc_heathrow_init(MachineState *machine)
 fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, ARCH_HEATHROW);
 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, kernel_base);
 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
-if (kernel_cmdline) {
+if (machine->kernel_cmdline) {
 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, cmdline_base);
-pstrcpy_targphys("cmdline", cmdline_base, TARGET_PAGE_SIZE, 
kernel_cmdline);
+pstrcpy_targphys("cmdline", cmdline_base, TARGET_PAGE_SIZE,
+ machine->kernel_cmdline);
 } else {
 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, 0);
 }
-- 
2.21.3

[PATCH v5 01/11] mac_oldworld: Allow loading binary ROM image

[BALATON Zoltan]

The beige G3 Power Macintosh has a 4MB firmware ROM. Fix the size of
the rom region and fall back to loading a binary image with -bios if
loading ELF image failed. This allows testing emulation with a ROM
image from real hardware as well as using an ELF OpenBIOS image.

Signed-off-by: BALATON Zoltan 
---
v4: use load address from ELF to check if ROM is too big

 hw/ppc/mac_oldworld.c | 29 -
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index f8c204ead7..baf3da6f90 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -59,6 +59,8 @@
 #define NDRV_VGA_FILENAME "qemu_vga.ndrv"
 
 #define GRACKLE_BASE 0xfec0
+#define PROM_BASE 0xffc0
+#define PROM_SIZE (4 * MiB)
 
 static void fw_cfg_boot_set(void *opaque, const char *boot_device,
 Error **errp)
@@ -99,6 +101,7 @@ static void ppc_heathrow_init(MachineState *machine)
 SysBusDevice *s;
 DeviceState *dev, *pic_dev;
 BusState *adb_bus;
+uint64_t bios_addr;
 int bios_size;
 unsigned int smp_cpus = machine->smp.cpus;
 uint16_t ppc_boot_device;
@@ -127,24 +130,32 @@ static void ppc_heathrow_init(MachineState *machine)
 
 memory_region_add_subregion(sysmem, 0, machine->ram);
 
-/* allocate and load BIOS */
-memory_region_init_rom(bios, NULL, "ppc_heathrow.bios", BIOS_SIZE,
+/* allocate and load firmware ROM */
+memory_region_init_rom(bios, NULL, "ppc_heathrow.bios", PROM_SIZE,
_fatal);
+memory_region_add_subregion(sysmem, PROM_BASE, bios);
 
-if (bios_name == NULL)
+if (!bios_name) {
 bios_name = PROM_FILENAME;
+}
 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
-memory_region_add_subregion(sysmem, PROM_ADDR, bios);
-
-/* Load OpenBIOS (ELF) */
 if (filename) {
-bios_size = load_elf(filename, NULL, 0, NULL, NULL, NULL, NULL, NULL,
- 1, PPC_ELF_MACHINE, 0, 0);
+/* Load OpenBIOS (ELF) */
+bios_size = load_elf(filename, NULL, NULL, NULL, NULL, _addr,
+ NULL, NULL, 1, PPC_ELF_MACHINE, 0, 0);
+if (bios_size <= 0) {
+/* or load binary ROM image */
+bios_size = load_image_targphys(filename, PROM_BASE, PROM_SIZE);
+bios_addr = PROM_BASE;
+} else {
+/* load_elf sets high 32 bits for some reason, strip those */
+bios_addr &= 0xULL;
+}
 g_free(filename);
 } else {
 bios_size = -1;
 }
-if (bios_size < 0 || bios_size > BIOS_SIZE) {
+if (bios_size < 0 || bios_addr - PROM_BASE + bios_size > PROM_SIZE) {
 error_report("could not load PowerPC bios '%s'", bios_name);
 exit(1);
 }
-- 
2.21.3

[PATCH v5 00/11] Mac Old World ROM experiment

[BALATON Zoltan]

v5: Rebased on master, added some more clean ups, CUDA i2c is still to
be sorted out, help with that is welcome.

Regards,
BALATON Zoltan

BALATON Zoltan (11):
  mac_oldworld: Allow loading binary ROM image
  mac_newworld: Allow loading binary ROM image
  mac_oldworld: Drop a variable, use get_system_memory() directly
  mac_oldworld: Drop some variables
  grackle: Set revision in PCI config to match hardware
  mac_oldworld: Rename ppc_heathrow_reset to ppc_heathrow_cpu_reset
  mac_oldworld: Map macio to expected address at reset
  mac_oldworld: Add machine ID register
  macio: Add dummy screamer register area
  WIP macio/cuda: Attempt to add i2c support
  mac_oldworld: Add SPD data to cover RAM

 hw/misc/macio/cuda.c |  62 -
 hw/misc/macio/macio.c|  34 ++
 hw/pci-host/grackle.c|   2 +-
 hw/ppc/mac.h |  15 -
 hw/ppc/mac_newworld.c|  22 +++---
 hw/ppc/mac_oldworld.c| 127 ++-
 include/hw/misc/macio/cuda.h |   1 +
 7 files changed, 219 insertions(+), 44 deletions(-)

-- 
2.21.3

[PATCH v5 02/11] mac_newworld: Allow loading binary ROM image

[BALATON Zoltan]

Fall back to load binary ROM image if loading ELF fails. This also
moves PROM_BASE and PROM_SIZE defines to board as these are matching
the ROM size and address on this board.

Signed-off-by: BALATON Zoltan 
---
Notes:
Unlike mac_oldworld where the openbios-ppc image loads at end of ROM
region here we only check size and assume ELF image is loaded from
PROM_BASE, Checking the load addr here is tricky because this board is
also be compiled both 64 and 32 bit and load_elf seems to always
return 64 bit value so handling that could become a mess. If this is a
problem then it's a preexisting one so should be fixed in a separate
patch. This one just allows loading ROM binary too otherwise
preserving previous behaviour.

 hw/ppc/mac.h  |  2 --
 hw/ppc/mac_newworld.c | 22 ++
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/hw/ppc/mac.h b/hw/ppc/mac.h
index 6af87d1fa0..a0d9e47031 100644
--- a/hw/ppc/mac.h
+++ b/hw/ppc/mac.h
@@ -38,10 +38,8 @@
 /* SMP is not enabled, for now */
 #define MAX_CPUS 1
 
-#define BIOS_SIZE(1 * MiB)
 #define NVRAM_SIZE0x2000
 #define PROM_FILENAME"openbios-ppc"
-#define PROM_ADDR 0xfff0
 
 #define KERNEL_LOAD_ADDR 0x0100
 #define KERNEL_GAP   0x0010
diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index 5f3a028e6a..eec62d1e90 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -82,6 +82,8 @@
 
 #define NDRV_VGA_FILENAME "qemu_vga.ndrv"
 
+#define PROM_BASE 0xfff0
+#define PROM_SIZE (1 * MiB)
 
 static void fw_cfg_boot_set(void *opaque, const char *boot_device,
 Error **errp)
@@ -100,7 +102,7 @@ static void ppc_core99_reset(void *opaque)
 
 cpu_reset(CPU(cpu));
 /* 970 CPUs want to get their initial IP as part of their boot protocol */
-cpu->env.nip = PROM_ADDR + 0x100;
+cpu->env.nip = PROM_BASE + 0x100;
 }
 
 /* PowerPC Mac99 hardware initialisation */
@@ -153,25 +155,29 @@ static void ppc_core99_init(MachineState *machine)
 /* allocate RAM */
 memory_region_add_subregion(get_system_memory(), 0, machine->ram);
 
-/* allocate and load BIOS */
-memory_region_init_rom(bios, NULL, "ppc_core99.bios", BIOS_SIZE,
+/* allocate and load firmware ROM */
+memory_region_init_rom(bios, NULL, "ppc_core99.bios", PROM_SIZE,
_fatal);
+memory_region_add_subregion(get_system_memory(), PROM_BASE, bios);
 
-if (bios_name == NULL)
+if (!bios_name) {
 bios_name = PROM_FILENAME;
+}
 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
-memory_region_add_subregion(get_system_memory(), PROM_ADDR, bios);
-
-/* Load OpenBIOS (ELF) */
 if (filename) {
+/* Load OpenBIOS (ELF) */
 bios_size = load_elf(filename, NULL, NULL, NULL, NULL,
  NULL, NULL, NULL, 1, PPC_ELF_MACHINE, 0, 0);
 
+if (bios_size <= 0) {
+/* or load binary ROM image */
+bios_size = load_image_targphys(filename, PROM_BASE, PROM_SIZE);
+}
 g_free(filename);
 } else {
 bios_size = -1;
 }
-if (bios_size < 0 || bios_size > BIOS_SIZE) {
+if (bios_size < 0 || bios_size > PROM_SIZE) {
 error_report("could not load PowerPC bios '%s'", bios_name);
 exit(1);
 }
-- 
2.21.3

Re: [PULL 01/21] tests/docker: bump fedora to 32

[Alex Bennée]

Philippe Mathieu-Daudé  writes:

> On 6/16/20 2:53 PM, Alex Bennée wrote:
>> We should be keeping this up to date as Fedora goes out of support
>> quite quickly.
>> 
>> Signed-off-by: Alex Bennée 
>
> FWIW this one had:
> Reviewed-by: Richard Henderson 

Thanks, I've issued a v2 of the tag:

  pull-testing-and-plugin-160620-2
  
>
> https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg06556.html
>
>> Message-Id: <20200612190237.30436-2-alex.ben...@linaro.org>
>> 
>> diff --git a/tests/docker/dockerfiles/fedora.docker 
>> b/tests/docker/dockerfiles/fedora.docker
>> index 92b6e11c8a8..798ddd2c3e0 100644
>> --- a/tests/docker/dockerfiles/fedora.docker
>> +++ b/tests/docker/dockerfiles/fedora.docker
>> @@ -1,4 +1,4 @@
>> -FROM fedora:30
>> +FROM fedora:32
>>  
>>  # Please keep this list sorted alphabetically
>>  ENV PACKAGES \
>> 


-- 
Alex Bennée

[PULL v2 00/21] testing and plugin updates (tsan, pluginsm cross-builds)

[Alex Bennée]

The following changes since commit f5e34624f28f37ec3c8a93bdee348effee966a78:

  Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-jun-15-2020' 
into staging (2020-06-16 11:00:28 +0100)

are available in the Git repository at:

  https://github.com/stsquad/qemu.git tags/pull-testing-and-plugin-160620-2

for you to fetch changes up to c81950a2f1923dec3f6b952ec6bb9b921be58a70:

  plugins: new lockstep plugin for debugging TCG changes (2020-06-16 14:49:05 
+0100)


Testing and plugin updates

  - clear up dtc warnings
  - add support for --enable-tsan builds
  - re-enable shippable cross builds
  - serialise cirrus check steps
  - fix check-tcg plugin issues
  - add lockstep plugin


Alex Bennée (6):
  tests/docker: bump fedora to 32
  Revert ".shippable: temporaily disable some cross builds"
  cirrus.yml: serialise make check
  tests/tcg: build plugin list from contents of src directory
  tests/tcg: ensure -cpu max also used for plugin run
  plugins: new lockstep plugin for debugging TCG changes

Claudio Fontana (2):
  Makefile: dtc: update, build the libfdt target
  Makefile: remove old compatibility gunks

Emilio G. Cota (7):
  cpu: convert queued work to a QSIMPLEQ
  thread: add qemu_spin_destroy
  cputlb: destroy CPUTLB with tlb_destroy
  qht: call qemu_spin_destroy for head buckets
  tcg: call qemu_spin_destroy for tb->jmp_lock
  translate-all: call qemu_spin_destroy for PageDesc
  thread: add tsan annotations to QemuSpin

Lingfeng Yang (1):
  configure: add --enable-tsan flag + fiber annotations for 
coroutine-ucontext

Robert Foley (5):
  tests/docker: Added docker build support for TSan.
  include/qemu: Added tsan.h for annotations.
  util: Added tsan annotate for thread name.
  docs: Added details on TSan to testing.rst
  tests: Disable select tests under TSan, which hit TSan issue.

 docs/devel/testing.rst | 107 +
 configure  |  48 +++-
 Makefile   |  16 +-
 include/exec/exec-all.h|   8 +
 include/hw/core/cpu.h  |   6 +-
 include/qemu/thread.h  |  38 +++-
 include/qemu/tsan.h|  71 ++
 include/tcg/tcg.h  |   1 +
 accel/tcg/cputlb.c |  15 ++
 accel/tcg/translate-all.c  |  17 ++
 cpus-common.c  |  25 +--
 cpus.c |  14 +-
 exec.c |   1 +
 hw/core/cpu.c  |   1 +
 tcg/tcg.c  |   9 +
 tests/plugin/lockstep.c| 340 +
 util/coroutine-ucontext.c  |  66 +-
 util/qemu-thread-posix.c   |   2 +
 util/qht.c |   1 +
 .cirrus.yml|   6 +-
 .shippable.yml |  12 +-
 dtc|   2 +-
 tests/Makefile.include |   9 +-
 tests/docker/dockerfiles/fedora.docker |   2 +-
 tests/docker/dockerfiles/ubuntu2004.docker |  65 ++
 tests/docker/test-tsan |  44 
 tests/plugin/Makefile  |   1 +
 tests/qtest/Makefile.include   |   7 +-
 tests/tcg/Makefile.target  |  12 +-
 tests/tcg/aarch64/Makefile.target  |   5 +-
 tests/tcg/arm/Makefile.target  |   2 +-
 tests/tcg/i386/Makefile.target |   1 +
 tests/tsan/blacklist.tsan  |  10 +
 tests/tsan/suppressions.tsan   |  14 ++
 34 files changed, 910 insertions(+), 68 deletions(-)
 create mode 100644 include/qemu/tsan.h
 create mode 100644 tests/plugin/lockstep.c
 create mode 100644 tests/docker/dockerfiles/ubuntu2004.docker
 create mode 100755 tests/docker/test-tsan
 create mode 100644 tests/tsan/blacklist.tsan
 create mode 100644 tests/tsan/suppressions.tsan

-- 
2.20.1

Re: [PATCH V3] Rename use_acpi_pci_hotplug to more appropriate use_acpi_hotplug_bridge

[Ani Sinha]

> On Jun 16, 2020, at 7:09 PM, Igor Mammedov  wrote:
> 
> I've meant something like:
> 
> Signed-off-by: Ani Sinha 
> ---
> vX: - I might be blind and don't see changelog .

Ah right. I was thinking you were referring to diff stat.

I will add changeling next time.

ani

Re: [PATCH V3] Rename use_acpi_pci_hotplug to more appropriate use_acpi_hotplug_bridge

[Igor Mammedov]

On Tue, 16 Jun 2020 18:50:13 +0530
Ani Sinha  wrote:

> On Tue, Jun 16, 2020 at 6:47 PM Igor Mammedov  wrote:
> 
> > On Tue, 16 Jun 2020 12:31:39 +
> > Ani Sinha  wrote:
> >  
> > > Currently, the option use_acpi_pci_hotplug is being used to control  
> > device  
> > > hotplug capability using ACPI for slots of cold plugged bridges. Hence,  
> > we  
> > > are renaming this option to better reflect what it actually does.
> > >
> > > Signed-off-by: Ani Sinha 
> > > ---  
> >
> > what was wrong with v2?  
> 
> 
> i removed the change-id string.
ok, usually we cary on ACK on resping if changes were trivial
and drop them if there was a non trivial change so it could be reviewed again.
Anyways, patch looks good so:

Reviewed-by: Igor Mammedov 


> 
> 
> > Also for the future,
> > can you add under --- line change log please?
> >  
> > >  hw/acpi/piix4.c | 21 +++--
> > >  1 file changed, 11 insertions(+), 10 deletions(-)  
> 
> 
> It's already here.

I've meant something like:

Signed-off-by: Ani Sinha 
---
 vX: - I might be blind and don't see changelog ...

> 
> 
> > >
> > > diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
> > > index 85c199b..7de44bc 100644
> > > --- a/hw/acpi/piix4.c
> > > +++ b/hw/acpi/piix4.c
> > > @@ -77,7 +77,7 @@ typedef struct PIIX4PMState {
> > >  Notifier powerdown_notifier;
> > >
> > >  AcpiPciHpState acpi_pci_hotplug;
> > > -bool use_acpi_pci_hotplug;
> > > +bool use_acpi_hotplug_bridge;
> > >
> > >  uint8_t disable_s3;
> > >  uint8_t disable_s4;
> > > @@ -204,16 +204,17 @@ static const VMStateDescription vmstate_pci_status  
> > = {  
> > >  }
> > >  };
> > >
> > > -static bool vmstate_test_use_acpi_pci_hotplug(void *opaque, int  
> > version_id)  
> > > +static bool vmstate_test_use_acpi_hotplug_bridge(void *opaque, int  
> > version_id)  
> > >  {
> > >  PIIX4PMState *s = opaque;
> > > -return s->use_acpi_pci_hotplug;
> > > +return s->use_acpi_hotplug_bridge;
> > >  }
> > >
> > > -static bool vmstate_test_no_use_acpi_pci_hotplug(void *opaque, int  
> > version_id)  
> > > +static bool vmstate_test_no_use_acpi_hotplug_bridge(void *opaque,
> > > +int version_id)
> > >  {
> > >  PIIX4PMState *s = opaque;
> > > -return !s->use_acpi_pci_hotplug;
> > > +return !s->use_acpi_hotplug_bridge;
> > >  }
> > >
> > >  static bool vmstate_test_use_memhp(void *opaque)
> > > @@ -290,11 +291,11 @@ static const VMStateDescription vmstate_acpi = {
> > >  VMSTATE_STRUCT_TEST(
> > >  
> > acpi_pci_hotplug.acpi_pcihp_pci_status[ACPI_PCIHP_BSEL_DEFAULT],  
> > >  PIIX4PMState,
> > > -vmstate_test_no_use_acpi_pci_hotplug,
> > > +vmstate_test_no_use_acpi_hotplug_bridge,
> > >  2, vmstate_pci_status,
> > >  struct AcpiPciHpPciStatus),
> > >  VMSTATE_PCI_HOTPLUG(acpi_pci_hotplug, PIIX4PMState,
> > > -vmstate_test_use_acpi_pci_hotplug),
> > > +vmstate_test_use_acpi_hotplug_bridge),
> > >  VMSTATE_END_OF_LIST()
> > >  },
> > >  .subsections = (const VMStateDescription*[]) {
> > > @@ -528,7 +529,7 @@ I2CBus *piix4_pm_init(PCIBus *bus, int devfn,  
> > uint32_t smb_io_base,  
> > >  s->smi_irq = smi_irq;
> > >  s->smm_enabled = smm_enabled;
> > >  if (xen_enabled()) {
> > > -s->use_acpi_pci_hotplug = false;
> > > +s->use_acpi_hotplug_bridge = false;
> > >  }
> > >
> > >  qdev_init_nofail(dev);
> > > @@ -593,7 +594,7 @@ static void  
> > piix4_acpi_system_hot_add_init(MemoryRegion *parent,  
> > >  memory_region_add_subregion(parent, GPE_BASE, >io_gpe);
> > >
> > >  acpi_pcihp_init(OBJECT(s), >acpi_pci_hotplug, bus, parent,
> > > -s->use_acpi_pci_hotplug);
> > > +s->use_acpi_hotplug_bridge);
> > >
> > >  s->cpu_hotplug_legacy = true;
> > >  object_property_add_bool(OBJECT(s), "cpu-hotplug-legacy",
> > > @@ -631,7 +632,7 @@ static Property piix4_pm_properties[] = {
> > >  DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_DISABLED, PIIX4PMState,  
> > disable_s4, 0),  
> > >  DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_VAL, PIIX4PMState, s4_val, 2),
> > >  DEFINE_PROP_BOOL("acpi-pci-hotplug-with-bridge-support",  
> > PIIX4PMState,  
> > > - use_acpi_pci_hotplug, true),
> > > + use_acpi_hotplug_bridge, true),
> > >  DEFINE_PROP_BOOL("memory-hotplug-support", PIIX4PMState,
> > >   acpi_memory_hotplug.is_enabled, true),
> > >  DEFINE_PROP_END_OF_LIST(),  
> >
> >  

Re: [PULL 00/23] target-arm queue

[Peter Maydell]

On Tue, 16 Jun 2020 at 10:57, Peter Maydell  wrote:
>
> Mostly my decodetree stuff, but also some patches for various
> smaller bugs/features from others.
>
> thanks
> -- PMM
>
> The following changes since commit 53550e81e2cafe7c03a39526b95cd21b5194d9b1:
>
>   Merge remote-tracking branch 
> 'remotes/berrange/tags/qcrypto-next-pull-request' into staging (2020-06-15 
> 16:36:34 +0100)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git 
> tags/pull-target-arm-20200616
>
> for you to fetch changes up to 64b397417a26509bcdff44ab94356a35c7901c79:
>
>   hw: arm: Set vendor property for IMX SDHCI emulations (2020-06-16 10:32:29 
> +0100)
>
> 
>  * hw: arm: Set vendor property for IMX SDHCI emulations
>  * sd: sdhci: Implement basic vendor specific register support
>  * hw/net/imx_fec: Convert debug fprintf() to trace events
>  * target/arm/cpu: adjust virtual time for all KVM arm cpus
>  * Implement configurable descriptor size in ftgmac100
>  * hw/misc/imx6ul_ccm: Implement non writable bits in CCM registers
>  * target/arm: More Neon decodetree conversion work


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1
for any user-visible changes.

-- PMM

Re: [PATCH v4 1/7] MAINTAINERS: Cover 'hw/sh4/sh_intc.h' with the R2D machine

[Thomas Huth]

On 11/06/2020 13.43, Philippe Mathieu-Daudé wrote:
> Commit 81527b94ad added hw/intc/sh_intc.c, complete by
> adding its corresponding header.
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  MAINTAINERS | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 13711aafe8..87ceca7ff1 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1257,6 +1257,7 @@ S: Maintained
>  F: hw/sh4/r2d.c
>  F: hw/intc/sh_intc.c
>  F: hw/timer/sh_timer.c
> +F: include/hw/sh4/sh_intc.h
>  
>  Shix
>  M: Yoshinori Sato 

Hmm, sh_intc.h is used by sh7750_init() in sh7750.c ... and that
function is used by both, r2d and shix machines ... so should that maybe
rather be part of both machines or a generic entry?

 Thomas

Re: [PATCH] tests: disassemble-asm.sh: generate AML in readable format

[Igor Mammedov]

On Thu, 11 Jun 2020 12:51:16 -0400
"Michael S. Tsirkin"  wrote:

subj: s/asm/asl/

> On systems where the IASL tool exists, we can convert
> extected ACPI tables to ASL format, which is useful
> for debugging and documentation purposes.
> This script does this for all ACPI tables under tests/data/acpi/. 

for debugging I usually use V=1 env var with test/make check,
as it gives me all diffs vs current blobs.
And it's on rare occasion that I go and decompile ASL file myself,
since test already did that for tables that didn't match. 

> 
> Signed-off-by: Michael S. Tsirkin 
> ---
>  tests/data/acpi/disassemle-aml.sh | 52 +++
>  1 file changed, 52 insertions(+)
>  create mode 100755 tests/data/acpi/disassemle-aml.sh
> 
> diff --git a/tests/data/acpi/disassemle-aml.sh 
> b/tests/data/acpi/disassemle-aml.sh
> new file mode 100755
> index 00..42a1b51df0
> --- /dev/null
> +++ b/tests/data/acpi/disassemle-aml.sh
> @@ -0,0 +1,52 @@
> +#!/usr/bin/bash
> +
> +outdir=
> +while getopts "o:" arg; do
> +  case ${arg} in
> +o )
> +outdir=$OPTARG
> +;;
> +\? )
> +echo "Usage: ./tests/data/acpi/disassemle-aml.sh [-o 
> ]"
> +exit 1
> +;;
> +
> +  esac
> +done
> +
> +for machine in tests/data/acpi/*
> +do
> +if [[ ! -d "$machine" ]];
> +then
> +continue
> +fi
> +
> +if [[ "${outdir}" ]];
> +then
> +mkdir -p "${outdir}"/${machine} || exit $?
> +fi
> +for aml in $machine/*
> +do
> +if [[ "$aml" == $machine/*.dsl ]];
> +then
> +continue
> +fi
> +if [[ "$aml" == $machine/SSDT*.* ]];
> +then
> +dsdt=${aml/SSDT*./DSDT.}
> +extra="-e ${dsdt}"
> +elif [[ "$aml" == $machine/SSDT* ]];
> +then
> +dsdt=${aml/SSDT*/DSDT};
> +extra="-e ${dsdt}"
> +else
> +extra=""
> +fi
> +asl=${aml}.dsl
> +if [[ "${outdir}" ]];
> +then
> +asl="${outdir}"/${machine}/${asl}
> +fi
> +iasl -d -p ${asl} ${extra} ${aml} 
> +done
> +done

Re: [PATCH v8 05/14] block/amend: refactor qcow2 amend options

[Max Reitz]

On 08.06.20 11:40, Maxim Levitsky wrote:
> Some qcow2 create options can't be used for amend.
> Remove them from the qcow2 create options and add generic logic to detect
> such options in qemu-img
> 
> Signed-off-by: Maxim Levitsky 
> Reviewed-by: Daniel P. Berrangé 

Last week (when I was about to prepare a pull request), I noticed that
this patch breaks the iotests 134 and 158 for qcow (v1).  That’s because
as of this patch, qcow2 has a different order of creation options than qcow.

We could easily fix this by moving HEAD^:134.out and HEAD^:158.out to
134.out.qcow and 158.out.qcow, respectively, and HEAD:134.out and
HEAD:158.out to 134.out.qcow2 and 158.out.qcow2, respectively.

But the underlying problem is a greater one: The order of creation
options isn’t fixed between different formats, so I think
_filter_img_create should sort it so it’s the same for all.

To do so, I just sent the “iotests: Make _filter_img_create more active”
series.  We could put that underneath your series and then the problem
would be fixed, too (and we could drop some of the hunks from this
patch, because the option order wouldn’t change for any test that uses
_filter_img_create).

Max



signature.asc
Description: OpenPGP digital signature

Re: [PULL 01/21] tests/docker: bump fedora to 32

[Philippe Mathieu-Daudé]

On 6/16/20 2:53 PM, Alex Bennée wrote:
> We should be keeping this up to date as Fedora goes out of support
> quite quickly.
> 
> Signed-off-by: Alex Bennée 

FWIW this one had:
Reviewed-by: Richard Henderson 

https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg06556.html

> Message-Id: <20200612190237.30436-2-alex.ben...@linaro.org>
> 
> diff --git a/tests/docker/dockerfiles/fedora.docker 
> b/tests/docker/dockerfiles/fedora.docker
> index 92b6e11c8a8..798ddd2c3e0 100644
> --- a/tests/docker/dockerfiles/fedora.docker
> +++ b/tests/docker/dockerfiles/fedora.docker
> @@ -1,4 +1,4 @@
> -FROM fedora:30
> +FROM fedora:32
>  
>  # Please keep this list sorted alphabetically
>  ENV PACKAGES \
> 

Re: [PATCH V3] Rename use_acpi_pci_hotplug to more appropriate use_acpi_hotplug_bridge

[Ani Sinha]

On Tue, Jun 16, 2020 at 6:47 PM Igor Mammedov  wrote:

> On Tue, 16 Jun 2020 12:31:39 +
> Ani Sinha  wrote:
>
> > Currently, the option use_acpi_pci_hotplug is being used to control
> device
> > hotplug capability using ACPI for slots of cold plugged bridges. Hence,
> we
> > are renaming this option to better reflect what it actually does.
> >
> > Signed-off-by: Ani Sinha 
> > ---
>
> what was wrong with v2?


i removed the change-id string.


> Also for the future,
> can you add under --- line change log please?
>
> >  hw/acpi/piix4.c | 21 +++--
> >  1 file changed, 11 insertions(+), 10 deletions(-)


It's already here.


> >
> > diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
> > index 85c199b..7de44bc 100644
> > --- a/hw/acpi/piix4.c
> > +++ b/hw/acpi/piix4.c
> > @@ -77,7 +77,7 @@ typedef struct PIIX4PMState {
> >  Notifier powerdown_notifier;
> >
> >  AcpiPciHpState acpi_pci_hotplug;
> > -bool use_acpi_pci_hotplug;
> > +bool use_acpi_hotplug_bridge;
> >
> >  uint8_t disable_s3;
> >  uint8_t disable_s4;
> > @@ -204,16 +204,17 @@ static const VMStateDescription vmstate_pci_status
> = {
> >  }
> >  };
> >
> > -static bool vmstate_test_use_acpi_pci_hotplug(void *opaque, int
> version_id)
> > +static bool vmstate_test_use_acpi_hotplug_bridge(void *opaque, int
> version_id)
> >  {
> >  PIIX4PMState *s = opaque;
> > -return s->use_acpi_pci_hotplug;
> > +return s->use_acpi_hotplug_bridge;
> >  }
> >
> > -static bool vmstate_test_no_use_acpi_pci_hotplug(void *opaque, int
> version_id)
> > +static bool vmstate_test_no_use_acpi_hotplug_bridge(void *opaque,
> > +int version_id)
> >  {
> >  PIIX4PMState *s = opaque;
> > -return !s->use_acpi_pci_hotplug;
> > +return !s->use_acpi_hotplug_bridge;
> >  }
> >
> >  static bool vmstate_test_use_memhp(void *opaque)
> > @@ -290,11 +291,11 @@ static const VMStateDescription vmstate_acpi = {
> >  VMSTATE_STRUCT_TEST(
> >
> acpi_pci_hotplug.acpi_pcihp_pci_status[ACPI_PCIHP_BSEL_DEFAULT],
> >  PIIX4PMState,
> > -vmstate_test_no_use_acpi_pci_hotplug,
> > +vmstate_test_no_use_acpi_hotplug_bridge,
> >  2, vmstate_pci_status,
> >  struct AcpiPciHpPciStatus),
> >  VMSTATE_PCI_HOTPLUG(acpi_pci_hotplug, PIIX4PMState,
> > -vmstate_test_use_acpi_pci_hotplug),
> > +vmstate_test_use_acpi_hotplug_bridge),
> >  VMSTATE_END_OF_LIST()
> >  },
> >  .subsections = (const VMStateDescription*[]) {
> > @@ -528,7 +529,7 @@ I2CBus *piix4_pm_init(PCIBus *bus, int devfn,
> uint32_t smb_io_base,
> >  s->smi_irq = smi_irq;
> >  s->smm_enabled = smm_enabled;
> >  if (xen_enabled()) {
> > -s->use_acpi_pci_hotplug = false;
> > +s->use_acpi_hotplug_bridge = false;
> >  }
> >
> >  qdev_init_nofail(dev);
> > @@ -593,7 +594,7 @@ static void
> piix4_acpi_system_hot_add_init(MemoryRegion *parent,
> >  memory_region_add_subregion(parent, GPE_BASE, >io_gpe);
> >
> >  acpi_pcihp_init(OBJECT(s), >acpi_pci_hotplug, bus, parent,
> > -s->use_acpi_pci_hotplug);
> > +s->use_acpi_hotplug_bridge);
> >
> >  s->cpu_hotplug_legacy = true;
> >  object_property_add_bool(OBJECT(s), "cpu-hotplug-legacy",
> > @@ -631,7 +632,7 @@ static Property piix4_pm_properties[] = {
> >  DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_DISABLED, PIIX4PMState,
> disable_s4, 0),
> >  DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_VAL, PIIX4PMState, s4_val, 2),
> >  DEFINE_PROP_BOOL("acpi-pci-hotplug-with-bridge-support",
> PIIX4PMState,
> > - use_acpi_pci_hotplug, true),
> > + use_acpi_hotplug_bridge, true),
> >  DEFINE_PROP_BOOL("memory-hotplug-support", PIIX4PMState,
> >   acpi_memory_hotplug.is_enabled, true),
> >  DEFINE_PROP_END_OF_LIST(),
>
>

[PATCH 2/2] iotests: filter few more luks specific create options

[Max Reitz]

From: Maxim Levitsky 

This allows more tests to be able to have same output on both qcow2 luks 
encrypted images
and raw luks images

Signed-off-by: Maxim Levitsky 
Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/087.out   | 6 +++---
 tests/qemu-iotests/134.out   | 2 +-
 tests/qemu-iotests/158.out   | 4 ++--
 tests/qemu-iotests/188.out   | 2 +-
 tests/qemu-iotests/189.out   | 4 ++--
 tests/qemu-iotests/198.out   | 4 ++--
 tests/qemu-iotests/263.out   | 4 ++--
 tests/qemu-iotests/284.out   | 6 +++---
 tests/qemu-iotests/common.filter | 5 +
 9 files changed, 17 insertions(+), 20 deletions(-)

diff --git a/tests/qemu-iotests/087.out b/tests/qemu-iotests/087.out
index 2d92ea847b..b61ba638af 100644
--- a/tests/qemu-iotests/087.out
+++ b/tests/qemu-iotests/087.out
@@ -34,7 +34,7 @@ QMP_VERSION
 
 === Encrypted image QCow ===
 
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on 
encrypt.key-secret=sec0
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on
 Testing:
 QMP_VERSION
 {"return": {}}
@@ -46,7 +46,7 @@ QMP_VERSION
 
 === Encrypted image LUKS ===
 
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encrypt.format=luks 
encrypt.key-secret=sec0
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728
 Testing:
 QMP_VERSION
 {"return": {}}
@@ -58,7 +58,7 @@ QMP_VERSION
 
 === Missing driver ===
 
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on 
encrypt.key-secret=sec0
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on
 Testing: -S
 QMP_VERSION
 {"return": {}}
diff --git a/tests/qemu-iotests/134.out b/tests/qemu-iotests/134.out
index 09d46f6b17..4abc5b5f7d 100644
--- a/tests/qemu-iotests/134.out
+++ b/tests/qemu-iotests/134.out
@@ -1,5 +1,5 @@
 QA output created by 134
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on 
encrypt.key-secret=sec0
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on
 
 == reading whole image ==
 read 134217728/134217728 bytes at offset 0
diff --git a/tests/qemu-iotests/158.out b/tests/qemu-iotests/158.out
index 6def216e55..f28a17626b 100644
--- a/tests/qemu-iotests/158.out
+++ b/tests/qemu-iotests/158.out
@@ -1,6 +1,6 @@
 QA output created by 158
 == create base ==
-Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=134217728 encryption=on 
encrypt.key-secret=sec0
+Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=134217728 encryption=on
 
 == writing whole image ==
 wrote 134217728/134217728 bytes at offset 0
@@ -10,7 +10,7 @@ wrote 134217728/134217728 bytes at offset 0
 read 134217728/134217728 bytes at offset 0
 128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 == create overlay ==
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 
backing_file=TEST_DIR/t.IMGFMT.base encryption=on encrypt.key-secret=sec0
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 
backing_file=TEST_DIR/t.IMGFMT.base encryption=on
 
 == writing part of a cluster ==
 wrote 1024/1024 bytes at offset 0
diff --git a/tests/qemu-iotests/188.out b/tests/qemu-iotests/188.out
index c568ef3701..5426861b18 100644
--- a/tests/qemu-iotests/188.out
+++ b/tests/qemu-iotests/188.out
@@ -1,5 +1,5 @@
 QA output created by 188
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 encrypt.format=luks 
encrypt.key-secret=sec0 encrypt.iter-time=10
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216
 
 == reading whole image ==
 read 16777216/16777216 bytes at offset 0
diff --git a/tests/qemu-iotests/189.out b/tests/qemu-iotests/189.out
index a0b7c9c24c..bc213cbe14 100644
--- a/tests/qemu-iotests/189.out
+++ b/tests/qemu-iotests/189.out
@@ -1,6 +1,6 @@
 QA output created by 189
 == create base ==
-Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=16777216 
encrypt.format=luks encrypt.key-secret=sec0 encrypt.iter-time=10
+Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=16777216
 
 == writing whole image ==
 wrote 16777216/16777216 bytes at offset 0
@@ -10,7 +10,7 @@ wrote 16777216/16777216 bytes at offset 0
 read 16777216/16777216 bytes at offset 0
 16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 == create overlay ==
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 
backing_file=TEST_DIR/t.IMGFMT.base encrypt.format=luks encrypt.key-secret=sec1 
encrypt.iter-time=10
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 
backing_file=TEST_DIR/t.IMGFMT.base
 
 == writing part of a cluster ==
 wrote 1024/1024 bytes at offset 0
diff --git a/tests/qemu-iotests/198.out b/tests/qemu-iotests/198.out
index 6280ae6eed..4b800e70db 100644
--- a/tests/qemu-iotests/198.out
+++ b/tests/qemu-iotests/198.out
@@ -1,12 +1,12 @@
 QA output created by 198
 == create base ==
-Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=16777216 
encrypt.format=luks encrypt.key-secret=sec0 encrypt.iter-time=10
+Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=16777216
 
 == writing whole image base ==
 wrote 

Re: [RFC v5 2/4] cpu-throttle: new module, extracted from cpus.c

[Alex Bennée]

Claudio Fontana  writes:

> move the vcpu throttling functionality into its own module.
>
> This functionality is not specific to any accelerator,
> and it is used currently by migration to slow down guests to try to
> have migrations converge, and by the cocoa MacOS UI to throttle speed.
>
> cpu-throttle contains the controls to adjust and inspect throttle
> settings, start (set) and stop vcpu throttling, and the throttling
> function itself that is run periodically on vcpus to make them take a nap.
>
> Execution of the throttling function on all vcpus is triggered by a timer,
> registered at module initialization.
>
> No functionality change.
>
> Signed-off-by: Claudio Fontana 

Reviewed-by: Alex Bennée 

-- 
Alex Bennée

[PATCH 1/2] iotests: Make _filter_img_create more active

[Max Reitz]

Right now, _filter_img_create just filters out everything that looks
format-dependent, and applies some filename filters.  That means that we
have to add another filter line every time some format gets a new
creation option.  This can be avoided by instead discarding everything
and just keeping what we know is format-independent (format, size,
backing file, encryption information[1], preallocation) or just
interesting to have in the reference output (external data file path).

Furthermore, we probably want to sort these options.  Format drivers are
not required to define them in any specific order, so the output is
effectively random (although this has never bothered us until now).  We
need a specific order for our reference outputs, though.  Unfortunately,
just using a plain "sort" would change a lot of existing reference
outputs, so we have to pre-filter the option keys to keep our existing
order (fmt, size, backing*, data, encryption info, preallocation).

[1] Actually, the only thing that is really important is whether
encryption is enabled or not.  A patch by Maxim thus removes all
other "encrypt.*" options from the output:
https://lists.nongnu.org/archive/html/qemu-block/2020-06/msg00339.html
But that patch needs to come later so we can get away with changing
as few reference outputs in this patch here as possible.

Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/112.out   |   2 +-
 tests/qemu-iotests/153   |   9 ++-
 tests/qemu-iotests/common.filter | 100 +++
 3 files changed, 81 insertions(+), 30 deletions(-)

diff --git a/tests/qemu-iotests/112.out b/tests/qemu-iotests/112.out
index ae0318cabe..182655dbf6 100644
--- a/tests/qemu-iotests/112.out
+++ b/tests/qemu-iotests/112.out
@@ -5,7 +5,7 @@ QA output created by 112
 qemu-img: TEST_DIR/t.IMGFMT: Refcount width must be a power of two and may not 
exceed 64 bits
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
 qemu-img: TEST_DIR/t.IMGFMT: Refcount width must be a power of two and may not 
exceed 64 bits
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 refcount_bits=-1
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
 qemu-img: TEST_DIR/t.IMGFMT: Refcount width must be a power of two and may not 
exceed 64 bits
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
 qemu-img: TEST_DIR/t.IMGFMT: Refcount width must be a power of two and may not 
exceed 64 bits
diff --git a/tests/qemu-iotests/153 b/tests/qemu-iotests/153
index cf961d3609..11e3d28841 100755
--- a/tests/qemu-iotests/153
+++ b/tests/qemu-iotests/153
@@ -167,11 +167,10 @@ done
 
 echo
 echo "== Creating ${TEST_IMG}.[abc] ==" | _filter_testdir
-(
-$QEMU_IMG create -f qcow2 "${TEST_IMG}.a" -b "${TEST_IMG}"
-$QEMU_IMG create -f qcow2 "${TEST_IMG}.b" -b "${TEST_IMG}"
-$QEMU_IMG create -f qcow2 "${TEST_IMG}.c" -b "${TEST_IMG}.b"
-) | _filter_img_create
+$QEMU_IMG create -f qcow2 "${TEST_IMG}.a" -b "${TEST_IMG}" | _filter_img_create
+$QEMU_IMG create -f qcow2 "${TEST_IMG}.b" -b "${TEST_IMG}" | _filter_img_create
+$QEMU_IMG create -f qcow2 "${TEST_IMG}.c" -b "${TEST_IMG}.b" \
+| _filter_img_create
 
 echo
 echo "== Two devices sharing the same file in backing chain =="
diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
index 03e4f71808..f104ad7a9b 100644
--- a/tests/qemu-iotests/common.filter
+++ b/tests/qemu-iotests/common.filter
@@ -122,38 +122,90 @@ _filter_actual_image_size()
 # replace driver-specific options in the "Formatting..." line
 _filter_img_create()
 {
-data_file_filter=()
-if data_file=$(_get_data_file "$TEST_IMG"); then
-data_file_filter=(-e "s# data_file=$data_file##")
+# Keep QMP output unchanged
+qmp_pre=''
+qmp_post=''
+to_filter=''
+
+while read -r line; do
+if echo "$line" | grep -q '^{.*}$'; then
+if [ -z "$to_filter" ]; then
+# Use $'\n' so the newline is not dropped on variable
+# expansion
+qmp_pre="$qmp_pre$line"$'\n'
+else
+qmp_post="$qmp_post$line"$'\n'
+fi
+else
+to_filter="$to_filter$line"$'\n'
+fi
+done
+
+readarray -td '' formatting_line < \
+<(echo "$to_filter" | sed -e 's/, fmt=/\x0/')
+
+filename_part=${formatting_line[0]}
+if [ -n "${formatting_line[1]}" ]; then
+options="fmt=${formatting_line[1]}"
+else
+options=''
 fi
 
-$SED "${data_file_filter[@]}" \
+# Set grep_data_file to '\|data_file' to keep it; make it empty
+# to drop it.
+# We want to drop it if it is part of the global $IMGOPTS, and we
+# want to keep it otherwise (if the test specifically wants to
+# test data files).
+grep_data_file='\|data_file'
+if _get_data_file "$TEST_IMG" > /dev/null; then
+grep_data_file=''
+fi
+
+filename_filters=(
 -e "s#$REMOTE_TEST_DIR#TEST_DIR#g" \
 

[PATCH 0/2] iotests: Make _filter_img_create more active

[Max Reitz]

Hi,

Applying Maxim’s series for LUKS encryption slot management through
qemu-img amend / blockdev-amend has brought a – on the first glance –
rather minor problem: It changes the order of qcow2’s creation options,
which results in some reference output changes (patch 5:
https://lists.nongnu.org/archive/html/qemu-block/2020-06/msg00335.html
).  This affects some tests that can also run with other image formats,
such as qcow, whose order does not change.  So this patch breaks those
tests (I’ve seen it for 134 and 158) when run with a different format
than qcow2 (e.g. qcow).

Now we could just create a difference reference output for qcow2, as is
done e.g. for test 150.  But that would not only be boring, but also not
really sustainable: The actual problem is that the order of creation
options simply does not have to be the same between different image
formats, and so we should not just dump qemu-img create’s output to a
reference output, drop some format-specific options and expect it to
work independent of the format for which the test is run.

So patch 1 in this series makes _filter_img_create sort the creation
options as they appear in the “Formatting” line, so it’s always the same
order between formats.  (And I took this opportunity to also reverse the
filtering implementation from denylisting to allowlisting.)

Patch 2 is taken from Maxim’s series and modified to fit the new
implementation.

I propose putting this series underneath Maxim’s series (in my block
branch) so the latter won’t break 134 and 158 for qcow.  (Doing so will
require dropping some hunks from the patch linked above, but that should
be fine.)


Max Reitz (1):
  iotests: Make _filter_img_create more active

Maxim Levitsky (1):
  iotests: filter few more luks specific create options

 tests/qemu-iotests/087.out   |  6 +-
 tests/qemu-iotests/112.out   |  2 +-
 tests/qemu-iotests/134.out   |  2 +-
 tests/qemu-iotests/153   |  9 ++-
 tests/qemu-iotests/158.out   |  4 +-
 tests/qemu-iotests/188.out   |  2 +-
 tests/qemu-iotests/189.out   |  4 +-
 tests/qemu-iotests/198.out   |  4 +-
 tests/qemu-iotests/263.out   |  4 +-
 tests/qemu-iotests/284.out   |  6 +-
 tests/qemu-iotests/common.filter | 97 
 11 files changed, 94 insertions(+), 46 deletions(-)

-- 
2.26.2

Re: [PATCH V3] Rename use_acpi_pci_hotplug to more appropriate use_acpi_hotplug_bridge

[Igor Mammedov]

On Tue, 16 Jun 2020 12:31:39 +
Ani Sinha  wrote:

> Currently, the option use_acpi_pci_hotplug is being used to control device
> hotplug capability using ACPI for slots of cold plugged bridges. Hence, we
> are renaming this option to better reflect what it actually does.
> 
> Signed-off-by: Ani Sinha 
> ---

what was wrong with v2?
Also for the future,
can you add under --- line change log please?

>  hw/acpi/piix4.c | 21 +++--
>  1 file changed, 11 insertions(+), 10 deletions(-)
> 
> diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
> index 85c199b..7de44bc 100644
> --- a/hw/acpi/piix4.c
> +++ b/hw/acpi/piix4.c
> @@ -77,7 +77,7 @@ typedef struct PIIX4PMState {
>  Notifier powerdown_notifier;
>  
>  AcpiPciHpState acpi_pci_hotplug;
> -bool use_acpi_pci_hotplug;
> +bool use_acpi_hotplug_bridge;
>  
>  uint8_t disable_s3;
>  uint8_t disable_s4;
> @@ -204,16 +204,17 @@ static const VMStateDescription vmstate_pci_status = {
>  }
>  };
>  
> -static bool vmstate_test_use_acpi_pci_hotplug(void *opaque, int version_id)
> +static bool vmstate_test_use_acpi_hotplug_bridge(void *opaque, int 
> version_id)
>  {
>  PIIX4PMState *s = opaque;
> -return s->use_acpi_pci_hotplug;
> +return s->use_acpi_hotplug_bridge;
>  }
>  
> -static bool vmstate_test_no_use_acpi_pci_hotplug(void *opaque, int 
> version_id)
> +static bool vmstate_test_no_use_acpi_hotplug_bridge(void *opaque,
> +int version_id)
>  {
>  PIIX4PMState *s = opaque;
> -return !s->use_acpi_pci_hotplug;
> +return !s->use_acpi_hotplug_bridge;
>  }
>  
>  static bool vmstate_test_use_memhp(void *opaque)
> @@ -290,11 +291,11 @@ static const VMStateDescription vmstate_acpi = {
>  VMSTATE_STRUCT_TEST(
>  acpi_pci_hotplug.acpi_pcihp_pci_status[ACPI_PCIHP_BSEL_DEFAULT],
>  PIIX4PMState,
> -vmstate_test_no_use_acpi_pci_hotplug,
> +vmstate_test_no_use_acpi_hotplug_bridge,
>  2, vmstate_pci_status,
>  struct AcpiPciHpPciStatus),
>  VMSTATE_PCI_HOTPLUG(acpi_pci_hotplug, PIIX4PMState,
> -vmstate_test_use_acpi_pci_hotplug),
> +vmstate_test_use_acpi_hotplug_bridge),
>  VMSTATE_END_OF_LIST()
>  },
>  .subsections = (const VMStateDescription*[]) {
> @@ -528,7 +529,7 @@ I2CBus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t 
> smb_io_base,
>  s->smi_irq = smi_irq;
>  s->smm_enabled = smm_enabled;
>  if (xen_enabled()) {
> -s->use_acpi_pci_hotplug = false;
> +s->use_acpi_hotplug_bridge = false;
>  }
>  
>  qdev_init_nofail(dev);
> @@ -593,7 +594,7 @@ static void piix4_acpi_system_hot_add_init(MemoryRegion 
> *parent,
>  memory_region_add_subregion(parent, GPE_BASE, >io_gpe);
>  
>  acpi_pcihp_init(OBJECT(s), >acpi_pci_hotplug, bus, parent,
> -s->use_acpi_pci_hotplug);
> +s->use_acpi_hotplug_bridge);
>  
>  s->cpu_hotplug_legacy = true;
>  object_property_add_bool(OBJECT(s), "cpu-hotplug-legacy",
> @@ -631,7 +632,7 @@ static Property piix4_pm_properties[] = {
>  DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_DISABLED, PIIX4PMState, disable_s4, 0),
>  DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_VAL, PIIX4PMState, s4_val, 2),
>  DEFINE_PROP_BOOL("acpi-pci-hotplug-with-bridge-support", PIIX4PMState,
> - use_acpi_pci_hotplug, true),
> + use_acpi_hotplug_bridge, true),
>  DEFINE_PROP_BOOL("memory-hotplug-support", PIIX4PMState,
>   acpi_memory_hotplug.is_enabled, true),
>  DEFINE_PROP_END_OF_LIST(),

QEMU | Pipeline #156667089 has failed for master | 53550e81

[GitLab via]

Your pipeline has failed.

Project: QEMU ( https://gitlab.com/qemu-project/qemu )
Branch: master ( https://gitlab.com/qemu-project/qemu/-/commits/master )

Commit: 53550e81 ( 
https://gitlab.com/qemu-project/qemu/-/commit/53550e81e2cafe7c03a39526b95cd21b5194d9b1
 )
Commit Message: Merge remote-tracking branch 'remotes/berrange/...
Commit Author: Peter Maydell ( https://gitlab.com/pm215 )

Pipeline #156667089 ( 
https://gitlab.com/qemu-project/qemu/-/pipelines/156667089 ) triggered by Alex 
Bennée ( https://gitlab.com/stsquad )
had 1 failed build.

Job #596963832 ( https://gitlab.com/qemu-project/qemu/-/jobs/596963832/raw )

Stage: test
Name: build-disabled
Trace:   TESTcheck-qtest-ppc64: tests/qtest/usb-hcd-uhci-test
  TESTcheck-qtest-ppc64: tests/qtest/usb-hcd-xhci-test
  TESTcheck-qtest-ppc64: tests/qtest/test-filter-mirror
  TESTcheck-qtest-ppc64: tests/qtest/test-filter-redirector
  TESTcheck-qtest-ppc64: tests/qtest/display-vga-test
  TESTcheck-qtest-ppc64: tests/qtest/numa-test
  TESTcheck-qtest-ppc64: tests/qtest/ivshmem-test
  TESTcheck-qtest-ppc64: tests/qtest/cpu-plug-test
  TESTcheck-qtest-ppc64: tests/qtest/cdrom-test
  TESTcheck-qtest-ppc64: tests/qtest/device-introspect-test
socket_accept failed: Resource temporarily unavailable
**
ERROR:/builds/qemu-project/qemu/tests/qtest/libqtest.c:301:qtest_init_without_qmp_handshake:
 assertion failed: (s->fd >= 0 && s->qmp_fd >= 0)
ERROR - Bail out! 
ERROR:/builds/qemu-project/qemu/tests/qtest/libqtest.c:301:qtest_init_without_qmp_handshake:
 assertion failed: (s->fd >= 0 && s->qmp_fd >= 0)
/builds/qemu-project/qemu/tests/qtest/libqtest.c:166: kill_qemu() tried to 
terminate QEMU process but encountered exit status 1 (expected 0)
make: *** [/builds/qemu-project/qemu/tests/Makefile.include:643: 
check-qtest-i386] Error 1
make: *** Waiting for unfinished jobs
qemu-system-ppc64: warning: machine has no BMC device. Use '-device 
ipmi-bmc-sim,id=bmc0 -device isa-ipmi-bt,bmc=bmc0,irq=10' to define one
qemu-system-ppc64: warning: machine has no BMC device. Use '-device 
ipmi-bmc-sim,id=bmc0 -device isa-ipmi-bt,bmc=bmc0,irq=10' to define one
qemu-system-ppc64: warning: machine has no BMC device. Use '-device 
ipmi-bmc-sim,id=bmc0 -device isa-ipmi-bt,bmc=bmc0,irq=10' to define one
  TESTcheck-qtest-ppc64: tests/qtest/machine-none-test
  TESTcheck-qtest-ppc64: tests/qtest/qmp-test
  TESTcheck-qtest-ppc64: tests/qtest/qmp-cmd-test
  TESTcheck-qtest-ppc64: tests/qtest/qom-test
  TESTcheck-qtest-ppc64: tests/qtest/test-hmp
  TESTcheck-qtest-ppc64: tests/qtest/qos-test
section_end:1592300188:build_script
section_start:1592300188:after_script
Running after_script
section_end:1592300189:after_script
section_start:1592300189:upload_artifacts_on_failure
Uploading artifacts for failed job
section_end:1592300191:upload_artifacts_on_failure
ERROR: Job failed: exit code 1



-- 
You're receiving this email because of your account on gitlab.com.

Re: [RFC v5 1/4] softmmu: move softmmu only files from root

[Alex Bennée]

Claudio Fontana  writes:

> move arch_init, balloon, cpus, ioport, memory, memory_mapping, qtest.
>
> They are all specific to CONFIG_SOFTMMU.
>
> Signed-off-by: Claudio Fontana 

Reviewed-by: Alex Bennée 

> ---
>  MAINTAINERS  | 12 ++--
>  Makefile.target  |  7 ++-
>  softmmu/Makefile.objs| 10 ++
>  arch_init.c => softmmu/arch_init.c   |  0
>  balloon.c => softmmu/balloon.c   |  0
>  cpus.c => softmmu/cpus.c |  0
>  ioport.c => softmmu/ioport.c |  0
>  memory.c => softmmu/memory.c |  0
>  memory_mapping.c => softmmu/memory_mapping.c |  0
>  qtest.c => softmmu/qtest.c   |  0
>  10 files changed, 18 insertions(+), 11 deletions(-)
>  rename arch_init.c => softmmu/arch_init.c (100%)
>  rename balloon.c => softmmu/balloon.c (100%)
>  rename cpus.c => softmmu/cpus.c (100%)
>  rename ioport.c => softmmu/ioport.c (100%)
>  rename memory.c => softmmu/memory.c (100%)
>  rename memory_mapping.c => softmmu/memory_mapping.c (100%)
>  rename qtest.c => softmmu/qtest.c (100%)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index a922775e45..1b4d2e0285 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -115,7 +115,7 @@ Overall TCG CPUs
>  M: Richard Henderson 
>  R: Paolo Bonzini 
>  S: Maintained
> -F: cpus.c
> +F: softmmu/cpus.c
>  F: cpus-common.c
>  F: exec.c
>  F: accel/tcg/
> @@ -1682,7 +1682,7 @@ M: David Hildenbrand 
>  S: Maintained
>  F: hw/virtio/virtio-balloon*.c
>  F: include/hw/virtio/virtio-balloon.h
> -F: balloon.c
> +F: softmmu/balloon.c
>  F: include/sysemu/balloon.h
>  
>  virtio-9p
> @@ -2131,12 +2131,12 @@ Memory API
>  M: Paolo Bonzini 
>  S: Supported
>  F: include/exec/ioport.h
> -F: ioport.c
>  F: include/exec/memop.h
>  F: include/exec/memory.h
>  F: include/exec/ram_addr.h
>  F: include/exec/ramblock.h
> -F: memory.c
> +F: softmmu/ioport.c
> +F: softmmu/memory.c
>  F: include/exec/memory-internal.h
>  F: exec.c
>  F: scripts/coccinelle/memory-region-housekeeping.cocci
> @@ -2168,13 +2168,13 @@ F: ui/cocoa.m
>  Main loop
>  M: Paolo Bonzini 
>  S: Maintained
> -F: cpus.c
>  F: include/qemu/main-loop.h
>  F: include/sysemu/runstate.h
>  F: util/main-loop.c
>  F: util/qemu-timer.c
>  F: softmmu/vl.c
>  F: softmmu/main.c
> +F: softmmu/cpus.c
>  F: qapi/run-state.json
>  
>  Human Monitor (HMP)
> @@ -2327,7 +2327,7 @@ M: Thomas Huth 
>  M: Laurent Vivier 
>  R: Paolo Bonzini 
>  S: Maintained
> -F: qtest.c
> +F: softmmu/qtest.c
>  F: accel/qtest.c
>  F: tests/qtest/
>  X: tests/qtest/bios-tables-test-allowed-diff.h
> diff --git a/Makefile.target b/Makefile.target
> index 8ed1eba95b..7fbf5d8b92 100644
> --- a/Makefile.target
> +++ b/Makefile.target
> @@ -152,16 +152,13 @@ endif #CONFIG_BSD_USER
>  #
>  # System emulator target
>  ifdef CONFIG_SOFTMMU
> -obj-y += arch_init.o cpus.o gdbstub.o balloon.o ioport.o
> -obj-y += qtest.o
> +obj-y += softmmu/
> +obj-y += gdbstub.o
>  obj-y += dump/
>  obj-y += hw/
>  obj-y += monitor/
>  obj-y += qapi/
> -obj-y += memory.o
> -obj-y += memory_mapping.o
>  obj-y += migration/ram.o
> -obj-y += softmmu/
>  LIBS := $(libs_softmmu) $(LIBS)
>  
>  # Hardware support
> diff --git a/softmmu/Makefile.objs b/softmmu/Makefile.objs
> index dd15c24346..a4bd9f2f52 100644
> --- a/softmmu/Makefile.objs
> +++ b/softmmu/Makefile.objs
> @@ -1,3 +1,13 @@
>  softmmu-main-y = softmmu/main.o
> +
> +obj-y += arch_init.o
> +obj-y += cpus.o
> +obj-y += balloon.o
> +obj-y += ioport.o
> +obj-y += memory.o
> +obj-y += memory_mapping.o
> +
> +obj-y += qtest.o
> +
>  obj-y += vl.o
>  vl.o-cflags := $(GPROF_CFLAGS) $(SDL_CFLAGS)
> diff --git a/arch_init.c b/softmmu/arch_init.c
> similarity index 100%
> rename from arch_init.c
> rename to softmmu/arch_init.c
> diff --git a/balloon.c b/softmmu/balloon.c
> similarity index 100%
> rename from balloon.c
> rename to softmmu/balloon.c
> diff --git a/cpus.c b/softmmu/cpus.c
> similarity index 100%
> rename from cpus.c
> rename to softmmu/cpus.c
> diff --git a/ioport.c b/softmmu/ioport.c
> similarity index 100%
> rename from ioport.c
> rename to softmmu/ioport.c
> diff --git a/memory.c b/softmmu/memory.c
> similarity index 100%
> rename from memory.c
> rename to softmmu/memory.c
> diff --git a/memory_mapping.c b/softmmu/memory_mapping.c
> similarity index 100%
> rename from memory_mapping.c
> rename to softmmu/memory_mapping.c
> diff --git a/qtest.c b/softmmu/qtest.c
> similarity index 100%
> rename from qtest.c
> rename to softmmu/qtest.c


-- 
Alex Bennée

[PULL 17/21] Revert ".shippable: temporaily disable some cross builds"

[Alex Bennée]

This reverts commit 12d43b5ae916809aad9ccf8aa2a0a06260527340.

Signed-off-by: Alex Bennée 
Message-Id: <20200612190237.30436-18-alex.ben...@linaro.org>

diff --git a/.shippable.yml b/.shippable.yml
index 10cf219bff4..2cce7b56890 100644
--- a/.shippable.yml
+++ b/.shippable.yml
@@ -5,8 +5,8 @@ env:
   global:
 - LC_ALL=C
   matrix:
-# - IMAGE=debian-amd64
-#   TARGET_LIST=x86_64-softmmu,x86_64-linux-user
+- IMAGE=debian-amd64
+  TARGET_LIST=x86_64-softmmu,x86_64-linux-user
 - IMAGE=debian-win32-cross
   TARGET_LIST=arm-softmmu,i386-softmmu,lm32-softmmu
 - IMAGE=debian-win64-cross
@@ -19,10 +19,10 @@ env:
   TARGET_LIST=aarch64-softmmu,aarch64-linux-user
 - IMAGE=debian-s390x-cross
   TARGET_LIST=s390x-softmmu,s390x-linux-user
-# - IMAGE=debian-mips-cross
-#   TARGET_LIST=mips-softmmu,mipsel-linux-user
-# - IMAGE=debian-mips64el-cross
-#   TARGET_LIST=mips64el-softmmu,mips64el-linux-user
+- IMAGE=debian-mips-cross
+  TARGET_LIST=mips-softmmu,mipsel-linux-user
+- IMAGE=debian-mips64el-cross
+  TARGET_LIST=mips64el-softmmu,mips64el-linux-user
 - IMAGE=debian-ppc64el-cross
   TARGET_LIST=ppc64-softmmu,ppc64-linux-user,ppc64abi32-linux-user
 build:
-- 
2.20.1

[PULL 18/21] cirrus.yml: serialise make check

[Alex Bennée]

We do this on our other platforms to make it easier to see what has
broken.

Signed-off-by: Alex Bennée 
Reviewed-by: Li-Wen Hsu 
Message-Id: <20200612190237.30436-19-alex.ben...@linaro.org>

diff --git a/.cirrus.yml b/.cirrus.yml
index ce7850a320e..69342ae031b 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -14,7 +14,7 @@ freebsd_12_task:
 - cd build
 - ../configure || { cat config.log; exit 1; }
 - gmake -j8
-- gmake -j8 V=1 check
+- gmake V=1 check
 
 macos_task:
   osx_instance:
@@ -26,7 +26,7 @@ macos_task:
 - cd build
 - ../configure --python=/usr/local/bin/python3 || { cat config.log; exit 
1; }
 - gmake -j$(sysctl -n hw.ncpu)
-- gmake check -j$(sysctl -n hw.ncpu)
+- gmake check
 
 macos_xcode_task:
   osx_instance:
@@ -39,4 +39,4 @@ macos_xcode_task:
 - cd build
 - ../configure --cc=clang || { cat config.log; exit 1; }
 - gmake -j$(sysctl -n hw.ncpu)
-- gmake check -j$(sysctl -n hw.ncpu)
+- gmake check
-- 
2.20.1

Re: [PATCH v2 4/5] acpi: Enable TPM IRQ

[Auger Eric]

Hi Stefan,

On 6/15/20 7:11 PM, Stefan Berger wrote:
> On 6/15/20 11:13 AM, Marc-André Lureau wrote:
>>
>>> diff --git a/include/hw/acpi/tpm.h b/include/hw/acpi/tpm.h
>>> index 1a2a57a21f..063a9eb42a 100644
>>> --- a/include/hw/acpi/tpm.h
>>> +++ b/include/hw/acpi/tpm.h
>>> @@ -24,7 +24,7 @@
>>>   #define TPM_TIS_ADDR_BASE   0xFED4
>>>   #define TPM_TIS_ADDR_SIZE   0x5000
>>>
>>> -#define TPM_TIS_IRQ 5
>>> +#define TPM_TIS_IRQ 13
> 
> 
> Eric,
> 
>  does this change have any negative side effects on ARM? If you prefer,
> we can split this part here up into TPM_TIS_ISA_IRQ and TPM_TIS_SYSBUS
> IRQ and leave the latter at '5' because we know that this is working.
The IRQ is not advertised in dt nor ACPI on ARM. However it is
advertised in the capability reg and in the vector. reg So I think this
should be fixed? I guess on ARM we will pick up a completely different
IRQ num, allocated from the platform bus slot.

Thanks

Eric
> 
>    Stefan
> 
> 
>>>
>>>   #define TPM_TIS_NUM_LOCALITIES  5 /* per spec */
>>>   #define TPM_TIS_LOCALITY_SHIFT  12
>>> -- 
>>> 2.24.1
>>>
> 

[PULL 13/21] include/qemu: Added tsan.h for annotations.

[Alex Bennée]

From: Robert Foley 

These annotations will allow us to give tsan
additional hints.  For example, we can inform
tsan about reads/writes to ignore to silence certain
classes of warnings.
We can also annotate threads so that the proper thread
naming shows up in tsan warning results.

Signed-off-by: Robert Foley 
Reviewed-by: Emilio G. Cota 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-11-robert.fo...@linaro.org>
Message-Id: <20200612190237.30436-14-alex.ben...@linaro.org>

diff --git a/include/qemu/tsan.h b/include/qemu/tsan.h
new file mode 100644
index 000..09cc665f91d
--- /dev/null
+++ b/include/qemu/tsan.h
@@ -0,0 +1,71 @@
+#ifndef QEMU_TSAN_H
+#define QEMU_TSAN_H
+/*
+ * tsan.h
+ *
+ * This file defines macros used to give ThreadSanitizer
+ * additional information to help suppress warnings.
+ * This is necessary since TSan does not provide a header file
+ * for these annotations.  The standard way to include these
+ * is via the below macros.
+ *
+ * Annotation examples can be found here:
+ *  https://github.com/llvm/llvm-project/tree/master/compiler-rt/test/tsan
+ * annotate_happens_before.cpp or ignore_race.cpp are good places to start.
+ *
+ * The full set of annotations can be found here in tsan_interface_ann.cpp.
+ *  https://github.com/llvm/llvm-project/blob/master/compiler-rt/lib/tsan/rtl/
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifdef CONFIG_TSAN
+/*
+ * Informs TSan of a happens before/after relationship.
+ */
+#define QEMU_TSAN_ANNOTATE_HAPPENS_BEFORE(addr) \
+AnnotateHappensBefore(__FILE__, __LINE__, (void *)(addr))
+#define QEMU_TSAN_ANNOTATE_HAPPENS_AFTER(addr) \
+AnnotateHappensAfter(__FILE__, __LINE__, (void *)(addr))
+/*
+ * Gives TSan more information about thread names it can report the
+ * name of the thread in the warning report.
+ */
+#define QEMU_TSAN_ANNOTATE_THREAD_NAME(name) \
+AnnotateThreadName(__FILE__, __LINE__, (void *)(name))
+/*
+ * Allows defining a region of code on which TSan will not record memory READS.
+ * This has the effect of disabling race detection for this section of code.
+ */
+#define QEMU_TSAN_ANNOTATE_IGNORE_READS_BEGIN() \
+AnnotateIgnoreReadsBegin(__FILE__, __LINE__)
+#define QEMU_TSAN_ANNOTATE_IGNORE_READS_END() \
+AnnotateIgnoreReadsEnd(__FILE__, __LINE__)
+/*
+ * Allows defining a region of code on which TSan will not record memory
+ * WRITES.  This has the effect of disabling race detection for this
+ * section of code.
+ */
+#define QEMU_TSAN_ANNOTATE_IGNORE_WRITES_BEGIN() \
+AnnotateIgnoreWritesBegin(__FILE__, __LINE__)
+#define QEMU_TSAN_ANNOTATE_IGNORE_WRITES_END() \
+AnnotateIgnoreWritesEnd(__FILE__, __LINE__)
+#else
+#define QEMU_TSAN_ANNOTATE_HAPPENS_BEFORE(addr)
+#define QEMU_TSAN_ANNOTATE_HAPPENS_AFTER(addr)
+#define QEMU_TSAN_ANNOTATE_THREAD_NAME(name)
+#define QEMU_TSAN_ANNOTATE_IGNORE_READS_BEGIN()
+#define QEMU_TSAN_ANNOTATE_IGNORE_READS_END()
+#define QEMU_TSAN_ANNOTATE_IGNORE_WRITES_BEGIN()
+#define QEMU_TSAN_ANNOTATE_IGNORE_WRITES_END()
+#endif
+
+void AnnotateHappensBefore(const char *f, int l, void *addr);
+void AnnotateHappensAfter(const char *f, int l, void *addr);
+void AnnotateThreadName(const char *f, int l, char *name);
+void AnnotateIgnoreReadsBegin(const char *f, int l);
+void AnnotateIgnoreReadsEnd(const char *f, int l);
+void AnnotateIgnoreWritesBegin(const char *f, int l);
+void AnnotateIgnoreWritesEnd(const char *f, int l);
+#endif
-- 
2.20.1

[PULL 20/21] tests/tcg: ensure -cpu max also used for plugin run

[Alex Bennée]

The check-tcg plugins build was failing because some special case
tests that needed -cpu max failed because the plugin variant hadn't
carried across the QEMU_OPTS tweak.

Guests which globally set QEMU_OPTS=-cpu FOO where unaffected.

Signed-off-by: Alex Bennée 
Message-Id: <20200615141922.18829-3-alex.ben...@linaro.org>

diff --git a/tests/tcg/aarch64/Makefile.target 
b/tests/tcg/aarch64/Makefile.target
index 6d60a2f2eed..b617f2ac7e0 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -20,8 +20,9 @@ run-fcvt: fcvt
 # Pauth Tests
 ifneq ($(DOCKER_IMAGE)$(CROSS_CC_HAS_ARMV8_3),)
 AARCH64_TESTS += pauth-1 pauth-2 pauth-4
-run-pauth-%: QEMU_OPTS += -cpu max
 pauth-%: CFLAGS += -march=armv8.3-a
+run-pauth-%: QEMU_OPTS += -cpu max
+run-plugin-pauth-%: QEMU_OPTS += -cpu max
 endif
 
 # Semihosting smoke test for linux-user
diff --git a/tests/tcg/i386/Makefile.target b/tests/tcg/i386/Makefile.target
index 53efec06683..1a6463a7dc1 100644
--- a/tests/tcg/i386/Makefile.target
+++ b/tests/tcg/i386/Makefile.target
@@ -12,6 +12,7 @@ X86_64_TESTS:=$(filter test-i386-ssse3, $(ALL_X86_TESTS))
 
 test-i386-pcmpistri: CFLAGS += -msse4.2
 run-test-i386-pcmpistri: QEMU_OPTS += -cpu max
+run-plugin-test-i386-pcmpistri-%: QEMU_OPTS += -cpu max
 
 #
 # hello-i386 is a barebones app
-- 
2.20.1

[PULL 15/21] docs: Added details on TSan to testing.rst

[Alex Bennée]

From: Robert Foley 

Adds TSan details to testing.rst.
This includes background and reference details on TSan,
and details on how to build and test with TSan
both with and without docker.

Signed-off-by: Robert Foley 
Reviewed-by: Emilio G. Cota 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-13-robert.fo...@linaro.org>
Message-Id: <20200612190237.30436-16-alex.ben...@linaro.org>

diff --git a/docs/devel/testing.rst b/docs/devel/testing.rst
index 770a987ea42..c1ff24370bf 100644
--- a/docs/devel/testing.rst
+++ b/docs/devel/testing.rst
@@ -397,6 +397,113 @@ list is in the ``make docker`` help text. The frequently 
used ones are:
 * ``DEBUG=1``: enables debug. See the previous "Debugging a Docker test
   failure" section.
 
+Thread Sanitizer
+
+
+Thread Sanitizer (TSan) is a tool which can detect data races.  QEMU supports
+building and testing with this tool.
+
+For more information on TSan:
+
+https://github.com/google/sanitizers/wiki/ThreadSanitizerCppManual
+
+Thread Sanitizer in Docker
+---
+TSan is currently supported in the ubuntu2004 docker.
+
+The test-tsan test will build using TSan and then run make check.
+
+.. code::
+
+  make docker-test-tsan@ubuntu2004
+
+TSan warnings under docker are placed in files located at build/tsan/.
+
+We recommend using DEBUG=1 to allow launching the test from inside the docker,
+and to allow review of the warnings generated by TSan.
+
+Building and Testing with TSan
+--
+
+It is possible to build and test with TSan, with a few additional steps.
+These steps are normally done automatically in the docker.
+
+There is a one time patch needed in clang-9 or clang-10 at this time:
+
+.. code::
+
+  sed -i 's/^const/static const/g' \
+  /usr/lib/llvm-10/lib/clang/10.0.0/include/sanitizer/tsan_interface.h
+
+To configure the build for TSan:
+
+.. code::
+
+  ../configure --enable-tsan --cc=clang-10 --cxx=clang++-10 \
+   --disable-werror --extra-cflags="-O0"
+
+The runtime behavior of TSAN is controlled by the TSAN_OPTIONS environment
+variable.
+
+More information on the TSAN_OPTIONS can be found here:
+
+https://github.com/google/sanitizers/wiki/ThreadSanitizerFlags
+
+For example:
+
+.. code::
+
+  export TSAN_OPTIONS=suppressions=/tests/tsan/suppressions.tsan 
\
+  detect_deadlocks=false history_size=7 exitcode=0 \
+  log_path=/tsan/tsan_warning
+
+The above exitcode=0 has TSan continue without error if any warnings are found.
+This allows for running the test and then checking the warnings afterwards.
+If you want TSan to stop and exit with error on warnings, use exitcode=66.
+
+TSan Suppressions
+-
+Keep in mind that for any data race warning, although there might be a data 
race
+detected by TSan, there might be no actual bug here.  TSan provides several
+different mechanisms for suppressing warnings.  In general it is recommended
+to fix the code if possible to eliminate the data race rather than suppress
+the warning.
+
+A few important files for suppressing warnings are:
+
+tests/tsan/suppressions.tsan - Has TSan warnings we wish to suppress at 
runtime.
+The comment on each supression will typically indicate why we are
+suppressing it.  More information on the file format can be found here:
+
+https://github.com/google/sanitizers/wiki/ThreadSanitizerSuppressions
+
+tests/tsan/blacklist.tsan - Has TSan warnings we wish to disable
+at compile time for test or debug.
+Add flags to configure to enable:
+
+"--extra-cflags=-fsanitize-blacklist=/tests/tsan/blacklist.tsan"
+
+More information on the file format can be found here under "Blacklist Format":
+
+https://github.com/google/sanitizers/wiki/ThreadSanitizerFlags
+
+TSan Annotations
+
+include/qemu/tsan.h defines annotations.  See this file for more descriptions
+of the annotations themselves.  Annotations can be used to suppress
+TSan warnings or give TSan more information so that it can detect proper
+relationships between accesses of data.
+
+Annotation examples can be found here:
+
+https://github.com/llvm/llvm-project/tree/master/compiler-rt/test/tsan/
+
+Good files to start with are: annotate_happens_before.cpp and ignore_race.cpp
+
+The full set of annotations can be found here:
+
+https://github.com/llvm/llvm-project/blob/master/compiler-rt/lib/tsan/rtl/tsan_interface_ann.cpp
+
 VM testing
 ==
 
-- 
2.20.1

[PULL 09/21] tcg: call qemu_spin_destroy for tb->jmp_lock

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
Signed-off-by: Robert Foley 
Signed-off-by: Alex Bennée 
[RF: minor changes + remove tb_destroy_func]
Message-Id: <20200609200738.445-7-robert.fo...@linaro.org>
Message-Id: <20200612190237.30436-10-alex.ben...@linaro.org>

diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index 380014ed805..e63450a8936 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -819,6 +819,7 @@ void tcg_pool_reset(TCGContext *s);
 TranslationBlock *tcg_tb_alloc(TCGContext *s);
 
 void tcg_region_init(void);
+void tb_destroy(TranslationBlock *tb);
 void tcg_region_reset_all(void);
 
 size_t tcg_code_size(void);
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 42ce1dfcff7..c937210e217 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -384,6 +384,11 @@ static int cpu_restore_state_from_tb(CPUState *cpu, 
TranslationBlock *tb,
 return 0;
 }
 
+void tb_destroy(TranslationBlock *tb)
+{
+qemu_spin_destroy(>jmp_lock);
+}
+
 bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
 {
 TranslationBlock *tb;
@@ -413,6 +418,7 @@ bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, 
bool will_exit)
 /* one-shot translation, invalidate it immediately */
 tb_phys_invalidate(tb, -1);
 tcg_tb_remove(tb);
+tb_destroy(tb);
 }
 r = true;
 }
@@ -1886,6 +1892,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
 
 orig_aligned -= ROUND_UP(sizeof(*tb), qemu_icache_linesize);
 atomic_set(_ctx->code_gen_ptr, (void *)orig_aligned);
+tb_destroy(tb);
 return existing_tb;
 }
 tcg_tb_insert(tb);
@@ -2235,6 +2242,7 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
 tb_phys_invalidate(tb->orig_tb, -1);
 }
 tcg_tb_remove(tb);
+tb_destroy(tb);
 }
 
 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 1aa6cb47f29..1362bc61017 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -502,6 +502,14 @@ size_t tcg_nb_tbs(void)
 return nb_tbs;
 }
 
+static gboolean tcg_region_tree_traverse(gpointer k, gpointer v, gpointer data)
+{
+TranslationBlock *tb = v;
+
+tb_destroy(tb);
+return FALSE;
+}
+
 static void tcg_region_tree_reset_all(void)
 {
 size_t i;
@@ -510,6 +518,7 @@ static void tcg_region_tree_reset_all(void)
 for (i = 0; i < region.n; i++) {
 struct tcg_region_tree *rt = region_trees + i * tree_size;
 
+g_tree_foreach(rt->tree, tcg_region_tree_traverse, NULL);
 /* Increment the refcount first so that destroy acts as a reset */
 g_tree_ref(rt->tree);
 g_tree_destroy(rt->tree);
-- 
2.20.1

[PULL 16/21] tests: Disable select tests under TSan, which hit TSan issue.

[Alex Bennée]

From: Robert Foley 

Disable a few tests under CONFIG_TSAN, which
run into a known TSan issue that results in a hang.
https://github.com/google/sanitizers/issues/1116

The disabled tests under TSan include all the qtests as well as
the test-char, test-qga, and test-qdev-global-props.

Signed-off-by: Robert Foley 
Reviewed-by: Emilio G. Cota 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-14-robert.fo...@linaro.org>
Message-Id: <20200612190237.30436-17-alex.ben...@linaro.org>

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 5607c7290d8..3f4448a20bc 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -55,7 +55,6 @@ SYSEMU_TARGET_LIST := $(subst -softmmu.mak,,$(notdir \
 
 check-unit-y += tests/check-qdict$(EXESUF)
 check-unit-y += tests/check-block-qdict$(EXESUF)
-check-unit-$(CONFIG_SOFTMMU) += tests/test-char$(EXESUF)
 check-unit-y += tests/check-qnum$(EXESUF)
 check-unit-y += tests/check-qstring$(EXESUF)
 check-unit-y += tests/check-qlist$(EXESUF)
@@ -108,7 +107,6 @@ check-unit-y += tests/test-qht$(EXESUF)
 check-unit-y += tests/test-qht-par$(EXESUF)
 check-unit-y += tests/test-bitops$(EXESUF)
 check-unit-y += tests/test-bitcnt$(EXESUF)
-check-unit-$(CONFIG_SOFTMMU) += tests/test-qdev-global-props$(EXESUF)
 check-unit-y += tests/check-qom-interface$(EXESUF)
 check-unit-y += tests/check-qom-proplist$(EXESUF)
 check-unit-y += tests/test-qemu-opts$(EXESUF)
@@ -123,9 +121,16 @@ check-speed-$(CONFIG_BLOCK) += 
tests/benchmark-crypto-cipher$(EXESUF)
 check-unit-$(CONFIG_BLOCK) += tests/test-crypto-secret$(EXESUF)
 check-unit-$(call land,$(CONFIG_BLOCK),$(CONFIG_GNUTLS)) += 
tests/test-crypto-tlscredsx509$(EXESUF)
 check-unit-$(call land,$(CONFIG_BLOCK),$(CONFIG_GNUTLS)) += 
tests/test-crypto-tlssession$(EXESUF)
+ifndef CONFIG_TSAN
+# Some tests: test-char, test-qdev-global-props, and test-qga,
+# are not runnable under TSan due to a known issue.
+# https://github.com/google/sanitizers/issues/1116
+check-unit-$(CONFIG_SOFTMMU) += tests/test-char$(EXESUF)
+check-unit-$(CONFIG_SOFTMMU) += tests/test-qdev-global-props$(EXESUF)
 ifneq (,$(findstring qemu-ga,$(TOOLS)))
 check-unit-$(call land,$(CONFIG_LINUX),$(CONFIG_VIRTIO_SERIAL)) += 
tests/test-qga$(EXESUF)
 endif
+endif
 check-unit-$(CONFIG_SOFTMMU) += tests/test-timed-average$(EXESUF)
 check-unit-$(call land,$(CONFIG_SOFTMMU),$(CONFIG_INOTIFY1)) += 
tests/test-util-filemonitor$(EXESUF)
 check-unit-$(CONFIG_SOFTMMU) += tests/test-util-sockets$(EXESUF)
diff --git a/tests/qtest/Makefile.include b/tests/qtest/Makefile.include
index 5023fa413d1..98af2c2d933 100644
--- a/tests/qtest/Makefile.include
+++ b/tests/qtest/Makefile.include
@@ -314,12 +314,15 @@ tests/qtest/tpm-tis-device-test$(EXESUF): 
tests/qtest/tpm-tis-device-test.o test
 # QTest rules
 
 TARGETS=$(patsubst %-softmmu,%, $(filter %-softmmu,$(TARGET_DIRS)))
+QTEST_TARGETS =
+# The qtests are not runnable (yet) under TSan due to a known issue.
+# https://github.com/google/sanitizers/issues/1116
+ifndef CONFIG_TSAN
 ifeq ($(CONFIG_POSIX),y)
 QTEST_TARGETS = $(TARGETS)
 check-qtest-y=$(foreach TARGET,$(TARGETS), 
$(check-qtest-$(TARGET)-y:%=tests/qtest/%$(EXESUF)))
 check-qtest-y += $(check-qtest-generic-y:%=tests/qtest/%$(EXESUF))
-else
-QTEST_TARGETS =
+endif
 endif
 
 qtest-obj-y = tests/qtest/libqtest.o $(test-util-obj-y)
-- 
2.20.1

[PULL 19/21] tests/tcg: build plugin list from contents of src directory

[Alex Bennée]

If you jump back and forth between branches while developing plugins
you end up debugging failures caused by plugins left in the build
directory. Fix this by basing plugins on the source tree instead.

Signed-off-by: Alex Bennée 
Message-Id: <20200615141922.18829-2-alex.ben...@linaro.org>

diff --git a/tests/tcg/Makefile.target b/tests/tcg/Makefile.target
index b3cff3cad1a..2ae86776cdc 100644
--- a/tests/tcg/Makefile.target
+++ b/tests/tcg/Makefile.target
@@ -126,9 +126,10 @@ RUN_TESTS=$(patsubst %,run-%, $(TESTS))
 
 # If plugins exist also include those in the tests
 ifeq ($(CONFIG_PLUGIN),y)
-PLUGIN_DIR=../../plugin
-VPATH+=$(PLUGIN_DIR)
-PLUGINS=$(notdir $(wildcard $(PLUGIN_DIR)/*.so))
+PLUGIN_SRC=$(SRC_PATH)/tests/plugin
+PLUGIN_LIB=../../plugin
+VPATH+=$(PLUGIN_LIB)
+PLUGINS=$(patsubst %.c, lib%.so, $(notdir $(wildcard $(PLUGIN_SRC)/*.c)))
 
 # We need to ensure expand the run-plugin-TEST-with-PLUGIN
 # pre-requistes manually here as we can't use stems to handle it. We
@@ -152,7 +153,7 @@ run-%: %
 
 run-plugin-%:
$(call run-test, $@, $(QEMU) $(QEMU_OPTS) \
-   -plugin $(PLUGIN_DIR)/$(call extract-plugin,$@) \
+   -plugin $(PLUGIN_LIB)/$(call extract-plugin,$@) \
-d plugin -D $*.pout \
 $(call strip-plugin,$<), \
"$* on $(TARGET_NAME)")
@@ -168,7 +169,7 @@ run-plugin-%:
$(call run-test, $@, \
  $(QEMU) -monitor none -display none \
  -chardev file$(COMMA)path=$@.out$(COMMA)id=output \
- -plugin $(PLUGIN_DIR)/$(call extract-plugin,$@) \
+ -plugin $(PLUGIN_LIB)/$(call extract-plugin,$@) \
  -d plugin -D $*.pout \
  $(QEMU_OPTS) $(call strip-plugin,$<), \
  "$* on $(TARGET_NAME)")
diff --git a/tests/tcg/aarch64/Makefile.target 
b/tests/tcg/aarch64/Makefile.target
index 312f36cde5f..6d60a2f2eed 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -31,7 +31,7 @@ run-semihosting: semihosting
 
 run-plugin-semihosting-with-%:
$(call run-test, $@, $(QEMU) $(QEMU_OPTS) \
-   -plugin $(PLUGIN_DIR)/$(call extract-plugin,$@) \
+   -plugin $(PLUGIN_LIB)/$(call extract-plugin,$@) \
 $(call strip-plugin,$<) 2> $<.err, \
"$< on $(TARGET_NAME) with $*")
 
diff --git a/tests/tcg/arm/Makefile.target b/tests/tcg/arm/Makefile.target
index 3da09a38be7..ec951565626 100644
--- a/tests/tcg/arm/Makefile.target
+++ b/tests/tcg/arm/Makefile.target
@@ -45,7 +45,7 @@ run-semihosting-arm: semihosting-arm
 
 run-plugin-semihosting-with-%:
$(call run-test, $@, $(QEMU) $(QEMU_OPTS) \
-   -plugin $(PLUGIN_DIR)/$(call extract-plugin,$@) \
+   -plugin $(PLUGIN_LIB)/$(call extract-plugin,$@) \
 $(call strip-plugin,$<) 2> $<.err, \
"$< on $(TARGET_NAME) with $*")
 
-- 
2.20.1

[PULL 08/21] qht: call qemu_spin_destroy for head buckets

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
[AJB: add implied cota s-o-b c.f. github.com/cota/qemu/tree/tsan @ 1bd1209]
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-6-robert.fo...@linaro.org>
Message-Id: <20200612190237.30436-9-alex.ben...@linaro.org>

diff --git a/util/qht.c b/util/qht.c
index aa51be3c52f..67e5d5b9163 100644
--- a/util/qht.c
+++ b/util/qht.c
@@ -348,6 +348,7 @@ static inline void qht_chain_destroy(const struct 
qht_bucket *head)
 struct qht_bucket *curr = head->next;
 struct qht_bucket *prev;
 
+qemu_spin_destroy(>lock);
 while (curr) {
 prev = curr;
 curr = curr->next;
-- 
2.20.1

[PULL 14/21] util: Added tsan annotate for thread name.

[Alex Bennée]

From: Robert Foley 

This allows us to see the name of the thread in tsan
warning reports such as this:

  Thread T7 'CPU 1/TCG' (tid=24317, running) created by main thread at:

Signed-off-by: Robert Foley 
Reviewed-by: Emilio G. Cota 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-12-robert.fo...@linaro.org>
Message-Id: <20200612190237.30436-15-alex.ben...@linaro.org>

diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c
index 838980aaa55..b4c2359272a 100644
--- a/util/qemu-thread-posix.c
+++ b/util/qemu-thread-posix.c
@@ -15,6 +15,7 @@
 #include "qemu/atomic.h"
 #include "qemu/notify.h"
 #include "qemu-thread-common.h"
+#include "qemu/tsan.h"
 
 static bool name_threads;
 
@@ -513,6 +514,7 @@ static void *qemu_thread_start(void *args)
 # endif
 }
 #endif
+QEMU_TSAN_ANNOTATE_THREAD_NAME(qemu_thread_args->name);
 g_free(qemu_thread_args->name);
 g_free(qemu_thread_args);
 pthread_cleanup_push(qemu_thread_atexit_notify, NULL);
-- 
2.20.1

[PULL 07/21] cputlb: destroy CPUTLB with tlb_destroy

[Alex Bennée]

From: "Emilio G. Cota" 

I was after adding qemu_spin_destroy calls, but while at
it I noticed that we are leaking some memory.

Signed-off-by: Emilio G. Cota 
Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-5-robert.fo...@linaro.org>
Message-Id: <20200612190237.30436-8-alex.ben...@linaro.org>

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 8792bea07ab..3cf88272df9 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -124,6 +124,11 @@ void cpu_address_space_init(CPUState *cpu, int asidx,
  * @cpu: CPU whose TLB should be initialized
  */
 void tlb_init(CPUState *cpu);
+/**
+ * tlb_destroy - destroy a CPU's TLB
+ * @cpu: CPU whose TLB should be destroyed
+ */
+void tlb_destroy(CPUState *cpu);
 /**
  * tlb_flush_page:
  * @cpu: CPU whose TLB should be flushed
@@ -284,6 +289,9 @@ void tlb_set_page(CPUState *cpu, target_ulong vaddr,
 static inline void tlb_init(CPUState *cpu)
 {
 }
+static inline void tlb_destroy(CPUState *cpu)
+{
+}
 static inline void tlb_flush_page(CPUState *cpu, target_ulong addr)
 {
 }
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index eb2cf9de5e6..1e815357c70 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -270,6 +270,21 @@ void tlb_init(CPUState *cpu)
 }
 }
 
+void tlb_destroy(CPUState *cpu)
+{
+CPUArchState *env = cpu->env_ptr;
+int i;
+
+qemu_spin_destroy(_tlb(env)->c.lock);
+for (i = 0; i < NB_MMU_MODES; i++) {
+CPUTLBDesc *desc = _tlb(env)->d[i];
+CPUTLBDescFast *fast = _tlb(env)->f[i];
+
+g_free(fast->table);
+g_free(desc->iotlb);
+}
+}
+
 /* flush_all_helper: run fn across all cpus
  *
  * If the wait flag is set then the src cpu's helper will be queued as
diff --git a/exec.c b/exec.c
index 9c8f558590d..d6712fba7eb 100644
--- a/exec.c
+++ b/exec.c
@@ -892,6 +892,7 @@ void cpu_exec_unrealizefn(CPUState *cpu)
 {
 CPUClass *cc = CPU_GET_CLASS(cpu);
 
+tlb_destroy(cpu);
 cpu_list_remove(cpu);
 
 if (cc->vmsd != NULL) {
-- 
2.20.1

[PULL 11/21] thread: add tsan annotations to QemuSpin

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-9-robert.fo...@linaro.org>
Message-Id: <20200612190237.30436-12-alex.ben...@linaro.org>

diff --git a/include/qemu/thread.h b/include/qemu/thread.h
index 9479facdcc5..4baf4d17157 100644
--- a/include/qemu/thread.h
+++ b/include/qemu/thread.h
@@ -206,6 +206,10 @@ void qemu_thread_atexit_add(struct Notifier *notifier);
  */
 void qemu_thread_atexit_remove(struct Notifier *notifier);
 
+#ifdef CONFIG_TSAN
+#include 
+#endif
+
 struct QemuSpin {
 int value;
 };
@@ -213,23 +217,46 @@ struct QemuSpin {
 static inline void qemu_spin_init(QemuSpin *spin)
 {
 __sync_lock_release(>value);
+#ifdef CONFIG_TSAN
+__tsan_mutex_create(spin, __tsan_mutex_not_static);
+#endif
 }
 
-static inline void qemu_spin_destroy(QemuSpin *spin)
-{ }
+/* const parameter because the only purpose here is the TSAN annotation */
+static inline void qemu_spin_destroy(const QemuSpin *spin)
+{
+#ifdef CONFIG_TSAN
+__tsan_mutex_destroy((void *)spin, __tsan_mutex_not_static);
+#endif
+}
 
 static inline void qemu_spin_lock(QemuSpin *spin)
 {
+#ifdef CONFIG_TSAN
+__tsan_mutex_pre_lock(spin, 0);
+#endif
 while (unlikely(__sync_lock_test_and_set(>value, true))) {
 while (atomic_read(>value)) {
 cpu_relax();
 }
 }
+#ifdef CONFIG_TSAN
+__tsan_mutex_post_lock(spin, 0, 0);
+#endif
 }
 
 static inline bool qemu_spin_trylock(QemuSpin *spin)
 {
-return __sync_lock_test_and_set(>value, true);
+#ifdef CONFIG_TSAN
+__tsan_mutex_pre_lock(spin, __tsan_mutex_try_lock);
+#endif
+bool busy = __sync_lock_test_and_set(>value, true);
+#ifdef CONFIG_TSAN
+unsigned flags = __tsan_mutex_try_lock;
+flags |= busy ? __tsan_mutex_try_lock_failed : 0;
+__tsan_mutex_post_lock(spin, flags, 0);
+#endif
+return busy;
 }
 
 static inline bool qemu_spin_locked(QemuSpin *spin)
@@ -239,7 +266,13 @@ static inline bool qemu_spin_locked(QemuSpin *spin)
 
 static inline void qemu_spin_unlock(QemuSpin *spin)
 {
+#ifdef CONFIG_TSAN
+__tsan_mutex_pre_unlock(spin, 0);
+#endif
 __sync_lock_release(>value);
+#ifdef CONFIG_TSAN
+__tsan_mutex_post_unlock(spin, 0);
+#endif
 }
 
 struct QemuLockCnt {
-- 
2.20.1

[PULL 02/21] Makefile: dtc: update, build the libfdt target

[Alex Bennée]

From: Claudio Fontana 

dtc submodule update, now call the libfdt target from the new
dtc Makefile, which has been changed to not require bison, flex, etc.
This removes warnings during the build.

scripts/ symlink and tests directory creation are not necessary,
and neither is calling the clean rule explicitly.

Signed-off-by: Claudio Fontana 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
Message-Id: <20200518160319.18861-2-cfont...@suse.de>
Message-Id: <20200612190237.30436-3-alex.ben...@linaro.org>

diff --git a/configure b/configure
index 89867a17208..8a9f544b0b7 100755
--- a/configure
+++ b/configure
@@ -4312,7 +4312,6 @@ EOF
   mkdir -p dtc
   if [ "$pwd_is_source_path" != "y" ] ; then
   symlink "$source_path/dtc/Makefile" "dtc/Makefile"
-  symlink "$source_path/dtc/scripts" "dtc/scripts"
   fi
   fdt_cflags="-I\$(SRC_PATH)/dtc/libfdt"
   fdt_ldflags="-L\$(BUILD_DIR)/dtc/libfdt"
diff --git a/Makefile b/Makefile
index ed0ed93b2d6..895410fbf9c 100644
--- a/Makefile
+++ b/Makefile
@@ -526,13 +526,14 @@ $(SOFTMMU_FUZZ_RULES): $(edk2-decompressed)
 $(TARGET_DIRS_RULES):
$(call quiet-command,$(MAKE) $(SUBDIR_MAKEFLAGS) -C $(dir $@) V="$(V)" 
TARGET_DIR="$(dir $@)" $(notdir $@),)
 
-DTC_MAKE_ARGS=-I$(SRC_PATH)/dtc VPATH=$(SRC_PATH)/dtc -C dtc V="$(V)" 
LIBFDT_srcdir=$(SRC_PATH)/dtc/libfdt
+# LIBFDT_lib="": avoid breaking existing trees with objects requiring -fPIC
+DTC_MAKE_ARGS=-I$(SRC_PATH)/dtc VPATH=$(SRC_PATH)/dtc -C dtc V="$(V)" 
LIBFDT_lib=""
 DTC_CFLAGS=$(CFLAGS) $(QEMU_CFLAGS)
-DTC_CPPFLAGS=-I$(BUILD_DIR)/dtc -I$(SRC_PATH)/dtc -I$(SRC_PATH)/dtc/libfdt
+DTC_CPPFLAGS=-I$(SRC_PATH)/dtc/libfdt
 
 .PHONY: dtc/all
-dtc/all: .git-submodule-status dtc/libfdt dtc/tests
-   $(call quiet-command,$(MAKE) $(DTC_MAKE_ARGS) 
CPPFLAGS="$(DTC_CPPFLAGS)" CFLAGS="$(DTC_CFLAGS)" LDFLAGS="$(QEMU_LDFLAGS)" 
ARFLAGS="$(ARFLAGS)" CC="$(CC)" AR="$(AR)" LD="$(LD)" $(SUBDIR_MAKEFLAGS) 
libfdt/libfdt.a,)
+dtc/all: .git-submodule-status dtc/libfdt
+   $(call quiet-command,$(MAKE) $(DTC_MAKE_ARGS) 
CPPFLAGS="$(DTC_CPPFLAGS)" CFLAGS="$(DTC_CFLAGS)" LDFLAGS="$(QEMU_LDFLAGS)" 
ARFLAGS="$(ARFLAGS)" CC="$(CC)" AR="$(AR)" LD="$(LD)" $(SUBDIR_MAKEFLAGS) 
libfdt,)
 
 dtc/%: .git-submodule-status
@mkdir -p $@
@@ -820,7 +821,6 @@ distclean: clean
rm -rf $$d || exit 1 ; \
 done
rm -Rf .sdk
-   if test -f dtc/version_gen.h; then $(MAKE) $(DTC_MAKE_ARGS) clean; fi
 
 KEYMAPS=da en-gb  et  fr fr-ch  is  lt  no  pt-br  sv \
 ar  de en-us  fi  fr-be  hr it  lv  nl pl  ru th \
diff --git a/dtc b/dtc
index 88f18909db7..85e5d839847 16
--- a/dtc
+++ b/dtc
@@ -1 +1 @@
-Subproject commit 88f18909db731a627456f26d779445f84e449536
+Subproject commit 85e5d839847af54efab170f2b1331b2a6421e647
-- 
2.20.1

[PULL 21/21] plugins: new lockstep plugin for debugging TCG changes

[Alex Bennée]

When we make changes to the TCG we sometimes cause regressions that
are deep into the execution cycle of the guest. Debugging this often
requires comparing large volumes of trace information to figure out
where behaviour has diverged.

The lockstep plugin utilises a shared socket so two QEMU's running
with the plugin will write their current execution position and wait
to receive the position of their partner process. When execution
diverges the plugins output where they were and the previous few
blocks before unloading themselves and letting execution continue.

Originally I planned for this to be most useful with -icount but it
turns out you can get divergence pretty quickly due to asynchronous
qemu_cpu_kick_rr_cpus() events causing one side to eventually run into
a short block a few cycles before the other side. For this reason I've
added a bit of tracking and I think the divergence reporting could be
finessed to report only if we really start to diverge in execution.

An example run would be:

  qemu-system-sparc -monitor none -parallel none -net none \
-M SS-20 -m 256 -kernel day11/zImage.elf \
-plugin ./tests/plugin/liblockstep.so,arg=lockstep-sparc.sock \
-d plugin,nochain

with an identical command in another window in the same working
directory.

Signed-off-by: Alex Bennée 
Reviewed-by: Robert Foley 
Tested-by: Robert Foley 
Cc: Richard Henderson 
Cc: Mark Cave-Ayland 
Message-Id: <20200610155509.12850-3-alex.ben...@linaro.org>

diff --git a/tests/plugin/lockstep.c b/tests/plugin/lockstep.c
new file mode 100644
index 000..a696673dff3
--- /dev/null
+++ b/tests/plugin/lockstep.c
@@ -0,0 +1,340 @@
+/*
+ * Lockstep Execution Plugin
+ *
+ * Allows you to execute two QEMU instances in lockstep and report
+ * when their execution diverges. This is mainly useful for developers
+ * who want to see where a change to TCG code generation has
+ * introduced a subtle and hard to find bug.
+ *
+ * Caveats:
+ *   - single-threaded linux-user apps only with non-deterministic syscalls
+ *   - no MTTCG enabled system emulation (icount may help)
+ *
+ * While icount makes things more deterministic it doesn't mean a
+ * particular run may execute the exact same sequence of blocks. An
+ * asynchronous event (for example X11 graphics update) may cause a
+ * block to end early and a new partial block to start. This means
+ * serial only test cases are a better bet. -d nochain may also help.
+ *
+ * This code is not thread safe!
+ *
+ * Copyright (c) 2020 Linaro Ltd
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION;
+
+/* saved so we can uninstall later */
+static qemu_plugin_id_t our_id;
+
+static unsigned long bb_count;
+static unsigned long insn_count;
+
+/* Information about a translated block */
+typedef struct {
+uint64_t pc;
+uint64_t insns;
+} BlockInfo;
+
+/* Information about an execution state in the log */
+typedef struct {
+BlockInfo *block;
+unsigned long insn_count;
+unsigned long block_count;
+} ExecInfo;
+
+/* The execution state we compare */
+typedef struct {
+uint64_t pc;
+unsigned long insn_count;
+} ExecState;
+
+typedef struct {
+GSList *log_pos;
+int distance;
+} DivergeState;
+
+/* list of translated block info */
+static GSList *blocks;
+
+/* execution log and points of divergence */
+static GSList *log, *divergence_log;
+
+static int socket_fd;
+static char *path_to_unlink;
+
+static bool verbose;
+
+static void plugin_cleanup(qemu_plugin_id_t id)
+{
+/* Free our block data */
+g_slist_free_full(blocks, _free);
+g_slist_free_full(log, _free);
+g_slist_free(divergence_log);
+
+close(socket_fd);
+if (path_to_unlink) {
+unlink(path_to_unlink);
+}
+}
+
+static void plugin_exit(qemu_plugin_id_t id, void *p)
+{
+g_autoptr(GString) out = g_string_new("No divergence :-)\n");
+g_string_append_printf(out, "Executed %ld/%d blocks\n",
+   bb_count, g_slist_length(log));
+g_string_append_printf(out, "Executed ~%ld instructions\n", insn_count);
+qemu_plugin_outs(out->str);
+
+plugin_cleanup(id);
+}
+
+static void report_divergance(ExecState *us, ExecState *them)
+{
+DivergeState divrec = { log, 0 };
+g_autoptr(GString) out = g_string_new("");
+bool diverged = false;
+
+/*
+ * If we have diverged before did we get back on track or are we
+ * totally loosing it?
+ */
+if (divergence_log) {
+DivergeState *last = (DivergeState *) divergence_log->data;
+GSList *entry;
+
+for (entry = log; g_slist_next(entry); entry = g_slist_next(entry)) {
+if (entry == last->log_pos) {
+break;
+}
+divrec.distance++;
+}
+
+/*
+ * If the last two records are so close it is likely we will
+ * not 

[PULL 12/21] tests/docker: Added docker build support for TSan.

[Alex Bennée]

From: Robert Foley 

Added a new docker for ubuntu 20.04.
This docker has support for Thread Sanitizer
including one patch we need in one of the header files.
https://github.com/llvm/llvm-project/commit/a72dc86cd

This command will build with tsan enabled:
make docker-test-tsan-ubuntu2004 V=1

Also added the TSAN suppresion file to disable certain
cases of TSAN warnings.

Cc: Fam Zheng 
Cc: Philippe Mathieu-Daudé 
Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-10-robert.fo...@linaro.org>
Message-Id: <20200612190237.30436-13-alex.ben...@linaro.org>

diff --git a/tests/docker/dockerfiles/ubuntu2004.docker 
b/tests/docker/dockerfiles/ubuntu2004.docker
new file mode 100644
index 000..6050ce7e8a8
--- /dev/null
+++ b/tests/docker/dockerfiles/ubuntu2004.docker
@@ -0,0 +1,65 @@
+FROM ubuntu:20.04
+ENV PACKAGES flex bison \
+ccache \
+clang-10\
+gcc \
+gettext \
+git \
+glusterfs-common \
+libaio-dev \
+libattr1-dev \
+libbrlapi-dev \
+libbz2-dev \
+libcacard-dev \
+libcap-ng-dev \
+libcurl4-gnutls-dev \
+libdrm-dev \
+libepoxy-dev \
+libfdt-dev \
+libgbm-dev \
+libgtk-3-dev \
+libibverbs-dev \
+libiscsi-dev \
+libjemalloc-dev \
+libjpeg-turbo8-dev \
+liblzo2-dev \
+libncurses5-dev \
+libncursesw5-dev \
+libnfs-dev \
+libnss3-dev \
+libnuma-dev \
+libpixman-1-dev \
+librados-dev \
+librbd-dev \
+librdmacm-dev \
+libsasl2-dev \
+libsdl2-dev \
+libseccomp-dev \
+libsnappy-dev \
+libspice-protocol-dev \
+libspice-server-dev \
+libssh-dev \
+libusb-1.0-0-dev \
+libusbredirhost-dev \
+libvdeplug-dev \
+libvte-2.91-dev \
+libxen-dev \
+libzstd-dev \
+make \
+python3-yaml \
+python3-sphinx \
+sparse \
+texinfo \
+xfslibs-dev\
+vim
+RUN apt-get update && \
+DEBIAN_FRONTEND=noninteractive apt-get -y install $PACKAGES
+RUN dpkg -l $PACKAGES | sort > /packages.txt
+ENV FEATURES clang tsan pyyaml sdl2
+
+# https://bugs.launchpad.net/qemu/+bug/1838763
+ENV QEMU_CONFIGURE_OPTS --disable-libssh
+
+# Apply patch https://reviews.llvm.org/D75820
+# This is required for TSan in clang-10 to compile with QEMU.
+RUN sed -i 's/^const/static const/g' 
/usr/lib/llvm-10/lib/clang/10.0.0/include/sanitizer/tsan_interface.h
diff --git a/tests/docker/test-tsan b/tests/docker/test-tsan
new file mode 100755
index 000..eb40ac45b7a
--- /dev/null
+++ b/tests/docker/test-tsan
@@ -0,0 +1,44 @@
+#!/bin/bash -e
+#
+# This test will use TSan as part of a build and a make check.
+#
+# Copyright (c) 2020 Linaro
+# Copyright (c) 2016 Red Hat Inc.
+#
+# Authors:
+#  Robert Foley 
+#  Originally based on test-quick from Fam Zheng 
+#
+# This work is licensed under the terms of the GNU GPL, version 2
+# or (at your option) any later version. See the COPYING file in
+# the top-level directory.
+
+. common.rc
+
+setup_tsan()
+{
+requires clang tsan
+tsan_log_dir="/tmp/qemu-test/build/tsan"
+mkdir -p $tsan_log_dir > /dev/null || true
+EXTRA_CONFIGURE_OPTS="${EXTRA_CONFIGURE_OPTS} --enable-tsan \
+  --cc=clang-10 --cxx=clang++-10 \
+  --disable-werror --extra-cflags=-O0"
+# detect deadlocks is false currently simply because
+# TSan crashes immediately with deadlock detector enabled.
+# We have maxed out the history size to get the best chance of finding
+# warnings during testing.
+# Note, to get TSan to fail on warning, use exitcode=66 below.
+tsan_opts="suppressions=/tmp/qemu-test/src/tests/tsan/suppressions.tsan\
+   detect_deadlocks=false history_size=7\
+   halt_on_error=0 exitcode=0 verbose=5\
+   log_path=$tsan_log_dir/tsan_warning"
+export TSAN_OPTIONS="$tsan_opts"
+}
+
+cd "$BUILD_DIR"
+
+TARGET_LIST=${TARGET_LIST:-$DEF_TARGET_LIST} \
+setup_tsan
+build_qemu
+check_qemu
+install_qemu
diff --git a/tests/tsan/blacklist.tsan b/tests/tsan/blacklist.tsan
new file mode 100644
index 000..75e444f5dc6
--- /dev/null
+++ b/tests/tsan/blacklist.tsan
@@ -0,0 +1,10 @@
+# This is an example blacklist.
+# To enable use of the blacklist add this to configure:
+# "--extra-cflags=-fsanitize-blacklist=/tests/tsan/blacklist.tsan"
+# The eventual goal would be to fix these warnings.
+
+# TSan is not happy about setting/getting of dirty bits,
+# for example, cpu_physical_memory_set_dirty_range,
+# and cpu_physical_memory_get_dirty.
+src:bitops.c
+src:bitmap.c
diff --git a/tests/tsan/suppressions.tsan b/tests/tsan/suppressions.tsan
new file mode 100644
index 000..73414b9ebd9
--- /dev/null
+++ b/tests/tsan/suppressions.tsan
@@ -0,0 +1,14 @@
+# This is the set of runtime suppressions of TSan warnings.
+# The goal would be to have here only items we do not
+# plan to fix, and to explain why for each item.
+
+# TSan reports a double lock on RECURSIVE 

[PULL 05/21] cpu: convert queued work to a QSIMPLEQ

[Alex Bennée]

From: "Emilio G. Cota" 

We convert queued work to a QSIMPLEQ, instead of
open-coding it.

While at it, make sure that all accesses to the list are
performed while holding the list's lock.

Reviewed-by: Richard Henderson 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Emilio G. Cota 
Signed-off-by: Robert Foley 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-3-robert.fo...@linaro.org>
Message-Id: <20200612190237.30436-6-alex.ben...@linaro.org>

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 497600c49ef..b3f4b793182 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -331,8 +331,8 @@ struct qemu_work_item;
  * @opaque: User data.
  * @mem_io_pc: Host Program Counter at which the memory was accessed.
  * @kvm_fd: vCPU file descriptor for KVM.
- * @work_mutex: Lock to prevent multiple access to queued_work_*.
- * @queued_work_first: First asynchronous work pending.
+ * @work_mutex: Lock to prevent multiple access to @work_list.
+ * @work_list: List of pending asynchronous work.
  * @trace_dstate_delayed: Delayed changes to trace_dstate (includes all changes
  *to @trace_dstate).
  * @trace_dstate: Dynamic tracing state of events for this vCPU (bitmask).
@@ -376,7 +376,7 @@ struct CPUState {
 sigjmp_buf jmp_env;
 
 QemuMutex work_mutex;
-struct qemu_work_item *queued_work_first, *queued_work_last;
+QSIMPLEQ_HEAD(, qemu_work_item) work_list;
 
 CPUAddressSpace *cpu_ases;
 int num_ases;
diff --git a/cpus-common.c b/cpus-common.c
index 70a9d12981a..8f5512b3d78 100644
--- a/cpus-common.c
+++ b/cpus-common.c
@@ -97,7 +97,7 @@ void cpu_list_remove(CPUState *cpu)
 }
 
 struct qemu_work_item {
-struct qemu_work_item *next;
+QSIMPLEQ_ENTRY(qemu_work_item) node;
 run_on_cpu_func func;
 run_on_cpu_data data;
 bool free, exclusive, done;
@@ -106,13 +106,7 @@ struct qemu_work_item {
 static void queue_work_on_cpu(CPUState *cpu, struct qemu_work_item *wi)
 {
 qemu_mutex_lock(>work_mutex);
-if (cpu->queued_work_first == NULL) {
-cpu->queued_work_first = wi;
-} else {
-cpu->queued_work_last->next = wi;
-}
-cpu->queued_work_last = wi;
-wi->next = NULL;
+QSIMPLEQ_INSERT_TAIL(>work_list, wi, node);
 wi->done = false;
 qemu_mutex_unlock(>work_mutex);
 
@@ -306,17 +300,14 @@ void process_queued_cpu_work(CPUState *cpu)
 {
 struct qemu_work_item *wi;
 
-if (cpu->queued_work_first == NULL) {
+qemu_mutex_lock(>work_mutex);
+if (QSIMPLEQ_EMPTY(>work_list)) {
+qemu_mutex_unlock(>work_mutex);
 return;
 }
-
-qemu_mutex_lock(>work_mutex);
-while (cpu->queued_work_first != NULL) {
-wi = cpu->queued_work_first;
-cpu->queued_work_first = wi->next;
-if (!cpu->queued_work_first) {
-cpu->queued_work_last = NULL;
-}
+while (!QSIMPLEQ_EMPTY(>work_list)) {
+wi = QSIMPLEQ_FIRST(>work_list);
+QSIMPLEQ_REMOVE_HEAD(>work_list, node);
 qemu_mutex_unlock(>work_mutex);
 if (wi->exclusive) {
 /* Running work items outside the BQL avoids the following 
deadlock:
diff --git a/cpus.c b/cpus.c
index 34fc2038084..7317ae06b9e 100644
--- a/cpus.c
+++ b/cpus.c
@@ -97,9 +97,19 @@ bool cpu_is_stopped(CPUState *cpu)
 return cpu->stopped || !runstate_is_running();
 }
 
+static inline bool cpu_work_list_empty(CPUState *cpu)
+{
+bool ret;
+
+qemu_mutex_lock(>work_mutex);
+ret = QSIMPLEQ_EMPTY(>work_list);
+qemu_mutex_unlock(>work_mutex);
+return ret;
+}
+
 static bool cpu_thread_is_idle(CPUState *cpu)
 {
-if (cpu->stop || cpu->queued_work_first) {
+if (cpu->stop || !cpu_work_list_empty(cpu)) {
 return false;
 }
 if (cpu_is_stopped(cpu)) {
@@ -1518,7 +1528,7 @@ static void *qemu_tcg_rr_cpu_thread_fn(void *arg)
 cpu = first_cpu;
 }
 
-while (cpu && !cpu->queued_work_first && !cpu->exit_request) {
+while (cpu && cpu_work_list_empty(cpu) && !cpu->exit_request) {
 
 atomic_mb_set(_current_rr_cpu, cpu);
 current_cpu = cpu;
diff --git a/hw/core/cpu.c b/hw/core/cpu.c
index f31ec48ee61..80d51c24dd2 100644
--- a/hw/core/cpu.c
+++ b/hw/core/cpu.c
@@ -370,6 +370,7 @@ static void cpu_common_initfn(Object *obj)
 cpu->nr_threads = 1;
 
 qemu_mutex_init(>work_mutex);
+QSIMPLEQ_INIT(>work_list);
 QTAILQ_INIT(>breakpoints);
 QTAILQ_INIT(>watchpoints);
 
-- 
2.20.1

[PULL 01/21] tests/docker: bump fedora to 32

[Alex Bennée]

We should be keeping this up to date as Fedora goes out of support
quite quickly.

Signed-off-by: Alex Bennée 
Message-Id: <20200612190237.30436-2-alex.ben...@linaro.org>

diff --git a/tests/docker/dockerfiles/fedora.docker 
b/tests/docker/dockerfiles/fedora.docker
index 92b6e11c8a8..798ddd2c3e0 100644
--- a/tests/docker/dockerfiles/fedora.docker
+++ b/tests/docker/dockerfiles/fedora.docker
@@ -1,4 +1,4 @@
-FROM fedora:30
+FROM fedora:32
 
 # Please keep this list sorted alphabetically
 ENV PACKAGES \
-- 
2.20.1

[PULL 10/21] translate-all: call qemu_spin_destroy for PageDesc

[Alex Bennée]

From: "Emilio G. Cota" 

The radix tree is append-only, but we can fail to insert
a PageDesc if the insertion races with another thread.

Signed-off-by: Emilio G. Cota 
Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-8-robert.fo...@linaro.org>
Message-Id: <20200612190237.30436-11-alex.ben...@linaro.org>

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index c937210e217..c3d37058a17 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -547,6 +547,15 @@ static PageDesc *page_find_alloc(tb_page_addr_t index, int 
alloc)
 #endif
 existing = atomic_cmpxchg(lp, NULL, pd);
 if (unlikely(existing)) {
+#ifndef CONFIG_USER_ONLY
+{
+int i;
+
+for (i = 0; i < V_L2_SIZE; i++) {
+qemu_spin_destroy([i].lock);
+}
+}
+#endif
 g_free(pd);
 pd = existing;
 }
-- 
2.20.1

[PULL 00/21] testing and plugin updates (tsan, plugins, cross-builds)

[Alex Bennée]

The following changes since commit f5e34624f28f37ec3c8a93bdee348effee966a78:

  Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-jun-15-2020' 
into staging (2020-06-16 11:00:28 +0100)

are available in the Git repository at:

  https://github.com/stsquad/qemu.git tags/pull-testing-and-plugin-160620-1

for you to fetch changes up to 99c5f1ccb9ad9fe42466df292a9e4c9b863eafe6:

  plugins: new lockstep plugin for debugging TCG changes (2020-06-16 13:25:00 
+0100)


Testing and plugin updates

  - clear up dtc warnings
  - add support for --enable-tsan builds
  - re-enable shippable cross builds
  - serialise cirrus check steps
  - fix check-tcg plugin issues
  - add lockstep plugin


Alex Bennée (6):
  tests/docker: bump fedora to 32
  Revert ".shippable: temporaily disable some cross builds"
  cirrus.yml: serialise make check
  tests/tcg: build plugin list from contents of src directory
  tests/tcg: ensure -cpu max also used for plugin run
  plugins: new lockstep plugin for debugging TCG changes

Claudio Fontana (2):
  Makefile: dtc: update, build the libfdt target
  Makefile: remove old compatibility gunks

Emilio G. Cota (7):
  cpu: convert queued work to a QSIMPLEQ
  thread: add qemu_spin_destroy
  cputlb: destroy CPUTLB with tlb_destroy
  qht: call qemu_spin_destroy for head buckets
  tcg: call qemu_spin_destroy for tb->jmp_lock
  translate-all: call qemu_spin_destroy for PageDesc
  thread: add tsan annotations to QemuSpin

Lingfeng Yang (1):
  configure: add --enable-tsan flag + fiber annotations for 
coroutine-ucontext

Robert Foley (5):
  tests/docker: Added docker build support for TSan.
  include/qemu: Added tsan.h for annotations.
  util: Added tsan annotate for thread name.
  docs: Added details on TSan to testing.rst
  tests: Disable select tests under TSan, which hit TSan issue.

 docs/devel/testing.rst | 107 +
 configure  |  48 +++-
 Makefile   |  16 +-
 include/exec/exec-all.h|   8 +
 include/hw/core/cpu.h  |   6 +-
 include/qemu/thread.h  |  38 +++-
 include/qemu/tsan.h|  71 ++
 include/tcg/tcg.h  |   1 +
 accel/tcg/cputlb.c |  15 ++
 accel/tcg/translate-all.c  |  17 ++
 cpus-common.c  |  25 +--
 cpus.c |  14 +-
 exec.c |   1 +
 hw/core/cpu.c  |   1 +
 tcg/tcg.c  |   9 +
 tests/plugin/lockstep.c| 340 +
 util/coroutine-ucontext.c  |  66 +-
 util/qemu-thread-posix.c   |   2 +
 util/qht.c |   1 +
 .cirrus.yml|   6 +-
 .shippable.yml |  12 +-
 dtc|   2 +-
 tests/Makefile.include |   9 +-
 tests/docker/dockerfiles/fedora.docker |   2 +-
 tests/docker/dockerfiles/ubuntu2004.docker |  65 ++
 tests/docker/test-tsan |  44 
 tests/plugin/Makefile  |   1 +
 tests/qtest/Makefile.include   |   7 +-
 tests/tcg/Makefile.target  |  12 +-
 tests/tcg/aarch64/Makefile.target  |   5 +-
 tests/tcg/arm/Makefile.target  |   2 +-
 tests/tcg/i386/Makefile.target |   1 +
 tests/tsan/blacklist.tsan  |  10 +
 tests/tsan/suppressions.tsan   |  14 ++
 34 files changed, 910 insertions(+), 68 deletions(-)
 create mode 100644 include/qemu/tsan.h
 create mode 100644 tests/plugin/lockstep.c
 create mode 100644 tests/docker/dockerfiles/ubuntu2004.docker
 create mode 100755 tests/docker/test-tsan
 create mode 100644 tests/tsan/blacklist.tsan
 create mode 100644 tests/tsan/suppressions.tsan

-- 
2.20.1

[PULL 04/21] configure: add --enable-tsan flag + fiber annotations for coroutine-ucontext

[Alex Bennée]

From: Lingfeng Yang 

We tried running QEMU under tsan in 2016, but tsan's lack of support for
longjmp-based fibers was a blocker:
  https://groups.google.com/forum/#!topic/thread-sanitizer/se0YuzfWazw

Fortunately, thread sanitizer gained fiber support in early 2019:
  https://reviews.llvm.org/D54889

This patch brings tsan support upstream by importing the patch that annotated
QEMU's coroutines as tsan fibers in Android's QEMU fork:
  https://android-review.googlesource.com/c/platform/external/qemu/+/844675

Tested with '--enable-tsan --cc=clang-9 --cxx=clang++-9 --disable-werror'
configure flags.

Signed-off-by: Lingfeng Yang 
Signed-off-by: Emilio G. Cota 
[cota: minor modifications + configure changes]
Signed-off-by: Robert Foley 
[RF: configure changes, coroutine fix + minor modifications]
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-2-robert.fo...@linaro.org>
Message-Id: <20200612190237.30436-5-alex.ben...@linaro.org>

diff --git a/configure b/configure
index 8a9f544b0b7..b01b5e3bed0 100755
--- a/configure
+++ b/configure
@@ -395,6 +395,7 @@ gprof="no"
 debug_tcg="no"
 debug="no"
 sanitizers="no"
+tsan="no"
 fortify_source=""
 strip_opt="yes"
 tcg_interpreter="no"
@@ -1152,6 +1153,10 @@ for opt do
   ;;
   --disable-sanitizers) sanitizers="no"
   ;;
+  --enable-tsan) tsan="yes"
+  ;;
+  --disable-tsan) tsan="no"
+  ;;
   --enable-sparse) sparse="yes"
   ;;
   --disable-sparse) sparse="no"
@@ -1764,6 +1769,7 @@ Advanced options (experts only):
   --with-pkgversion=VERS   use specified string as sub-version of the package
   --enable-debug   enable common debug build options
   --enable-sanitizers  enable default sanitizers
+  --enable-tsanenable thread sanitizer
   --disable-strip  disable stripping binaries
   --disable-werror disable compilation abort on warning
   --disable-stack-protector disable compiler-provided stack protection
@@ -6220,6 +6226,30 @@ if test "$fuzzing" = "yes" ; then
   fi
 fi
 
+# Thread sanitizer is, for now, much noisier than the other sanitizers;
+# keep it separate until that is not the case.
+if test "$tsan" = "yes" && test "$sanitizers" = "yes"; then
+  error_exit "TSAN is not supported with other sanitiziers."
+fi
+have_tsan=no
+have_tsan_iface_fiber=no
+if test "$tsan" = "yes" ; then
+  write_c_skeleton
+  if compile_prog "$CPU_CFLAGS -Werror -fsanitize=thread" "" ; then
+  have_tsan=yes
+  fi
+  cat > $TMPC << EOF
+#include 
+int main(void) {
+  __tsan_create_fiber(0);
+  return 0;
+}
+EOF
+  if compile_prog "$CPU_CFLAGS -Werror -fsanitize=thread" "" ; then
+  have_tsan_iface_fiber=yes
+  fi
+fi
+
 ##
 # check for libpmem
 
@@ -6377,6 +6407,16 @@ if test "$have_asan" = "yes"; then
"Without code annotation, the report may be inferior."
   fi
 fi
+if test "$have_tsan" = "yes" ; then
+  if test "$have_tsan_iface_fiber" = "yes" ; then
+QEMU_CFLAGS="-fsanitize=thread $QEMU_CFLAGS"
+QEMU_LDFLAGS="-fsanitize=thread $QEMU_LDFLAGS"
+  else
+error_exit "Cannot enable TSAN due to missing fiber annotation interface."
+  fi
+elif test "$tsan" = "yes" ; then
+  error_exit "Cannot enable TSAN due to missing sanitize thread interface."
+fi
 if test "$have_ubsan" = "yes"; then
   QEMU_CFLAGS="-fsanitize=undefined $QEMU_CFLAGS"
   QEMU_LDFLAGS="-fsanitize=undefined $QEMU_LDFLAGS"
@@ -6412,7 +6452,8 @@ if test "$werror" = "yes"; then
 QEMU_CFLAGS="-Werror $QEMU_CFLAGS"
 fi
 
-if test "$solaris" = "no" ; then
+# Exclude --warn-common with TSan to suppress warnings from the TSan libraries.
+if test "$solaris" = "no" && test "$tsan" = "no"; then
 if $ld --version 2>/dev/null | grep "GNU ld" >/dev/null 2>/dev/null ; then
 QEMU_LDFLAGS="-Wl,--warn-common $QEMU_LDFLAGS"
 fi
@@ -7476,6 +7517,10 @@ if test "$have_asan_iface_fiber" = "yes" ; then
 echo "CONFIG_ASAN_IFACE_FIBER=y" >> $config_host_mak
 fi
 
+if test "$have_tsan" = "yes" && test "$have_tsan_iface_fiber" = "yes" ; then
+echo "CONFIG_TSAN=y" >> $config_host_mak
+fi
+
 if test "$has_environ" = "yes" ; then
   echo "CONFIG_HAS_ENVIRON=y" >> $config_host_mak
 fi
diff --git a/util/coroutine-ucontext.c b/util/coroutine-ucontext.c
index bd593e61bc0..613f4c118e4 100644
--- a/util/coroutine-ucontext.c
+++ b/util/coroutine-ucontext.c
@@ -37,12 +37,19 @@
 #endif
 #endif
 
+#ifdef CONFIG_TSAN
+#include 
+#endif
+
 typedef struct {
 Coroutine base;
 void *stack;
 size_t stack_size;
 sigjmp_buf env;
 
+void *tsan_co_fiber;
+void *tsan_caller_fiber;
+
 #ifdef CONFIG_VALGRIND_H
 unsigned int valgrind_stack_id;
 #endif
@@ -65,7 +72,18 @@ union cc_arg {
 int i[2];
 };
 
-static void finish_switch_fiber(void *fake_stack_save)
+/* QEMU_ALWAYS_INLINE only does so if __OPTIMIZE__, so we cannot use it. */
+static inline __attribute__((always_inline))
+void on_new_fiber(CoroutineUContext *co)
+{
+#ifdef CONFIG_TSAN
+co->tsan_co_fiber = 

[PULL 03/21] Makefile: remove old compatibility gunks

[Alex Bennée]

From: Claudio Fontana 

Signed-off-by: Claudio Fontana 
Reviewed-by: Markus Armbruster 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
Message-Id: <20200518160319.18861-3-cfont...@suse.de>
Message-Id: <20200612190237.30436-4-alex.ben...@linaro.org>

diff --git a/Makefile b/Makefile
index 895410fbf9c..48f23aa9786 100644
--- a/Makefile
+++ b/Makefile
@@ -562,12 +562,6 @@ slirp/all: .git-submodule-status
CC="$(CC)" AR="$(AR)"   LD="$(LD)" RANLIB="$(RANLIB)"   \
CFLAGS="$(QEMU_CFLAGS) $(CFLAGS)" LDFLAGS="$(QEMU_LDFLAGS)")
 
-# Compatibility gunk to keep make working across the rename of targets
-# for recursion, to be removed some time after 4.1.
-subdir-dtc: dtc/all
-subdir-capstone: capstone/all
-subdir-slirp: slirp/all
-
 $(filter %/all, $(TARGET_DIRS_RULES)): libqemuutil.a $(common-obj-y) \
$(qom-obj-y)
 
-- 
2.20.1

[PULL 06/21] thread: add qemu_spin_destroy

[Alex Bennée]

From: "Emilio G. Cota" 

It will be used for TSAN annotations.

Signed-off-by: Emilio G. Cota 
Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-4-robert.fo...@linaro.org>
Message-Id: <20200612190237.30436-7-alex.ben...@linaro.org>

diff --git a/include/qemu/thread.h b/include/qemu/thread.h
index 06c058fb58b..9479facdcc5 100644
--- a/include/qemu/thread.h
+++ b/include/qemu/thread.h
@@ -215,6 +215,9 @@ static inline void qemu_spin_init(QemuSpin *spin)
 __sync_lock_release(>value);
 }
 
+static inline void qemu_spin_destroy(QemuSpin *spin)
+{ }
+
 static inline void qemu_spin_lock(QemuSpin *spin)
 {
 while (unlikely(__sync_lock_test_and_set(>value, true))) {
-- 
2.20.1

Re: [PATCH v2 3/5] tests: Temporarily ignore DSDT table differences

[Auger Eric]

On 6/15/20 4:23 PM, Stefan Berger wrote:
> Ignore DSDT table differences before enabling IRQ support for TPM.
> 
> Signed-off-by: Stefan Berger 
> CC: Michael S. Tsirkin 
Reviewed-by: Eric Auger 

Thanks

Eric
> ---

>  tests/qtest/bios-tables-test-allowed-diff.h | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/tests/qtest/bios-tables-test-allowed-diff.h 
> b/tests/qtest/bios-tables-test-allowed-diff.h
> index dfb8523c8b..bb4ce8967b 100644
> --- a/tests/qtest/bios-tables-test-allowed-diff.h
> +++ b/tests/qtest/bios-tables-test-allowed-diff.h
> @@ -1 +1,2 @@
>  /* List of comma-separated changed AML files to ignore */
> +"tests/data/acpi/q35/DSDT.tis",
> 

Re: [PATCH v2 2/5] tpm: Extend TPMIfClass with get_irqnum() function

[Auger Eric]

Hi Stefan,

On 6/15/20 5:44 PM, Stefan Berger wrote:
> On 6/15/20 11:11 AM, Marc-André Lureau wrote:
>> Hi
>>
>> On Mon, Jun 15, 2020 at 6:23 PM Stefan Berger
>>  wrote:
>>> From: Stefan Berger 
>>>
>>> Implement get_irqnum() as part of the TPMIfClass to be get the assigned
>> ^^ to get
>>
>>> IRQ number.
>>>
>> Since it is TIS ISA specific (at least for now), perhaps a dedicated
>> tpm_tis_get_irq_num() is more appropriate?
> 
> 
> There's no caller from ARM at the moment but at least it is preparing it
> to support getting the IRQ number since it also allows passing it in via
> command lie. So it wouldn't have any side-effects on ARM for as long as
> no extra code was added there. And once sysbus was to use it, it would
> funnel through the same tpm_get_irqnum code. Other option is to drop the
> parts for sysbus entirely.

As there is no caller on ARM side, I think I would leave the ops
undefined for the sysbus device. But as already reported it does not
break anything on ARM side.

Thanks

Eric
> 
> 
>>
>>> Signed-off-by: Stefan Berger 
>>> ---
>>>   hw/tpm/tpm_tis_isa.c    |  9 +
>>>   hw/tpm/tpm_tis_sysbus.c |  9 +
>>>   include/sysemu/tpm.h    | 10 ++
>>>   3 files changed, 28 insertions(+)
>>>
>>> diff --git a/hw/tpm/tpm_tis_isa.c b/hw/tpm/tpm_tis_isa.c
>>> index 30ba37079d..63b62f4c21 100644
>>> --- a/hw/tpm/tpm_tis_isa.c
>>> +++ b/hw/tpm/tpm_tis_isa.c
>>> @@ -80,6 +80,14 @@ static enum TPMVersion
>>> tpm_tis_isa_get_tpm_version(TPMIf *ti)
>>>   return tpm_tis_get_tpm_version(s);
>>>   }
>>>
>>> +static uint8_t tpm_tis_isa_get_irqnum(TPMIf *ti)
>>> +{
>>> +    TPMStateISA *isadev = TPM_TIS_ISA(ti);
>>> +    TPMState *s = >state;
>>> +
>>> +    return s->irq_num;
>>> +}
>>> +
>>>   static void tpm_tis_isa_reset(DeviceState *dev)
>>>   {
>>>   TPMStateISA *isadev = TPM_TIS_ISA(dev);
>>> @@ -148,6 +156,7 @@ static void tpm_tis_isa_class_init(ObjectClass
>>> *klass, void *data)
>>>   dc->reset = tpm_tis_isa_reset;
>>>   tc->request_completed = tpm_tis_isa_request_completed;
>>>   tc->get_version = tpm_tis_isa_get_tpm_version;
>>> +    tc->get_irqnum = tpm_tis_isa_get_irqnum;
>>>   }
>>>
>>>   static const TypeInfo tpm_tis_isa_info = {
>>> diff --git a/hw/tpm/tpm_tis_sysbus.c b/hw/tpm/tpm_tis_sysbus.c
>>> index eced1fc843..6cf45e5057 100644
>>> --- a/hw/tpm/tpm_tis_sysbus.c
>>> +++ b/hw/tpm/tpm_tis_sysbus.c
>>> @@ -80,6 +80,14 @@ static enum TPMVersion
>>> tpm_tis_sysbus_get_tpm_version(TPMIf *ti)
>>>   return tpm_tis_get_tpm_version(s);
>>>   }
>>>
>>> +static uint8_t tpm_tis_sysbus_get_irqnum(TPMIf *ti)
>>> +{
>>> +    TPMStateSysBus *sbdev = TPM_TIS_SYSBUS(ti);
>>> +    TPMState *s = >state;
>>> +
>>> +    return s->irq_num;
>>> +}
>>> +
>>>   static void tpm_tis_sysbus_reset(DeviceState *dev)
>>>   {
>>>   TPMStateSysBus *sbdev = TPM_TIS_SYSBUS(dev);
>>> @@ -137,6 +145,7 @@ static void tpm_tis_sysbus_class_init(ObjectClass
>>> *klass, void *data)
>>>   dc->reset = tpm_tis_sysbus_reset;
>>>   tc->request_completed = tpm_tis_sysbus_request_completed;
>>>   tc->get_version = tpm_tis_sysbus_get_tpm_version;
>>> +    tc->get_irqnum = tpm_tis_sysbus_get_irqnum;
>>>   }
>>>
>>>   static const TypeInfo tpm_tis_sysbus_info = {
>>> diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
>>> index 03fb25941c..b94a8a2b16 100644
>>> --- a/include/sysemu/tpm.h
>>> +++ b/include/sysemu/tpm.h
>>> @@ -41,6 +41,7 @@ typedef struct TPMIfClass {
>>>   enum TpmModel model;
>>>   void (*request_completed)(TPMIf *obj, int ret);
>>>   enum TPMVersion (*get_version)(TPMIf *obj);
>>> +    uint8_t (*get_irqnum)(TPMIf *obj);
>>>   } TPMIfClass;
>>>
>>>   #define TYPE_TPM_TIS_ISA    "tpm-tis"
>>> @@ -74,4 +75,13 @@ static inline TPMVersion tpm_get_version(TPMIf *ti)
>>>   return TPM_IF_GET_CLASS(ti)->get_version(ti);
>>>   }
>>>
>>> +static inline uint8_t tpm_get_irqnum(TPMIf *ti)
>>> +{
>>> +    if (!ti || !TPM_IF_GET_CLASS(ti)->get_irqnum) {
>>> +    return 0;
>>> +    }
>>> +
>>> +    return TPM_IF_GET_CLASS(ti)->get_irqnum(ti);
>>> +}
>>> +
>>>   #endif /* QEMU_TPM_H */
>>> -- 
>>> 2.24.1
>>>
> 

Re: [PATCH v4 1/5] acpi: Convert build_tpm2() to build_append* API

[Igor Mammedov]

On Thu, 11 Jun 2020 15:59:13 +0200
Eric Auger  wrote:

> In preparation of its move to the generic acpi code,
> let's convert build_tpm2() to use build_append API. This
> latter now is prefered in place of direct ACPI struct field
> settings with manual endianness conversion.
> 
> Signed-off-by: Eric Auger 
> 
> ---
> 
> v3 -> v4:
> - Don't use Acpi20TPM2 *tpm2_ptr anymore
> - Use variables for control area start address and start method
> - Simplified arg values passed to bios_linker_loader_add_pointer
> - use g_assert_not_reached()
> ---
>  hw/i386/acpi-build.c | 49 +---
>  1 file changed, 33 insertions(+), 16 deletions(-)
> 
> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> index b5669d6c65..f150d95ecc 100644
> --- a/hw/i386/acpi-build.c
> +++ b/hw/i386/acpi-build.c
> @@ -2298,35 +2298,52 @@ build_tpm_tcpa(GArray *table_data, BIOSLinker 
> *linker, GArray *tcpalog)
>  static void
>  build_tpm2(GArray *table_data, BIOSLinker *linker, GArray *tcpalog)
>  {
> -Acpi20TPM2 *tpm2_ptr = acpi_data_push(table_data, sizeof *tpm2_ptr);
> -unsigned log_addr_size = sizeof(tpm2_ptr->log_area_start_address);
> -unsigned log_addr_offset =
> -(char *)_ptr->log_area_start_address - table_data->data;
> +uint8_t start_method_params[12] = {};
> +unsigned log_addr_offset, tpm2_start;
> +uint64_t control_area_start_address;
> +uint32_t start_method;
> +void *tpm2_ptr;
>  
> -tpm2_ptr->platform_class = cpu_to_le16(TPM2_ACPI_CLASS_CLIENT);
> +tpm2_start = table_data->len;
> +tpm2_ptr = acpi_data_push(table_data, sizeof(AcpiTableHeader));
> +
> +/* Platform Class */
> +build_append_int_noprefix(table_data, TPM2_ACPI_CLASS_CLIENT, 2);
> +/* Reserved */
> +build_append_int_noprefix(table_data, 0, 2);
>  if (TPM_IS_TIS_ISA(tpm_find())) {
> -tpm2_ptr->control_area_address = cpu_to_le64(0);
> -tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_MMIO);
> +control_area_start_address = 0;
> +start_method = TPM2_START_METHOD_MMIO;
>  } else if (TPM_IS_CRB(tpm_find())) {
> -tpm2_ptr->control_area_address = cpu_to_le64(TPM_CRB_ADDR_CTRL);
> -tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_CRB);
> +control_area_start_address = TPM_CRB_ADDR_CTRL;
> +start_method = TPM2_START_METHOD_CRB;
>  } else {
> -g_warn_if_reached();
> +g_assert_not_reached();
>  }
> +/* Address of Control Area */
> +build_append_int_noprefix(table_data, control_area_start_address, 8);
> +/* Start Method */
> +build_append_int_noprefix(table_data, start_method, 4);
>  
> -tpm2_ptr->log_area_minimum_length =
> -cpu_to_le32(TPM_LOG_AREA_MINIMUM_SIZE);
> +/* Platform Specific Parameters */
> +g_array_append_vals(table_data, _method_params,
> +ARRAY_SIZE(start_method_params));
>  
> -acpi_data_push(tcpalog, le32_to_cpu(tpm2_ptr->log_area_minimum_length));
> +/* Log Area Minimum Length */
> +build_append_int_noprefix(table_data, TPM_LOG_AREA_MINIMUM_SIZE, 4);

question not related to conversion:
Is it a part of 'Platform Specific Parameters'?
(as per spec table ends with it. if yes, then probably add pointer to place in 
spec
wher its documented.

> +
> +acpi_data_push(tcpalog, TPM_LOG_AREA_MINIMUM_SIZE);
>  bios_linker_loader_alloc(linker, ACPI_BUILD_TPMLOG_FILE, tcpalog, 1,
>   false);
>  
> -/* log area start address to be filled by Guest linker */
> +log_addr_offset = table_data->len;
> +build_append_int_noprefix(table_data, 0, 8);
> +/* Log Area Start Address to be filled by Guest linker */
move this line to where it used to be or at least above 
build_append_int_noprefix()

>  bios_linker_loader_add_pointer(linker, ACPI_BUILD_TABLE_FILE,
> -   log_addr_offset, log_addr_size,
> +   log_addr_offset, 8,
> ACPI_BUILD_TPMLOG_FILE, 0);
>  build_header(linker, table_data,
> - (void *)tpm2_ptr, "TPM2", sizeof(*tpm2_ptr), 4, NULL, NULL);
> + tpm2_ptr, "TPM2", table_data->len - tpm2_start, 4, NULL, 
> NULL);
>  }
>  
>  #define HOLE_640K_START  (640 * KiB)

nevertheless looks like faithfull conversion,
btw why you didn't drop Acpi20TPM2 structure definition?

Re: [PATCH V2] Rename use_acpi_pci_hotplug to more appropriate use_acpi_hotplug_bridge

[Ani Sinha]

> On Jun 16, 2020, at 5:29 PM, Igor Mammedov  wrote:
> 
>> Change-Id: I2a6ab47e80fa2bc9504ce88e063d710efaceb842
> what is this id, prehaps drop it?

Sent V3 with this dropped.

Ani

Re: [PATCH 7/7] hw/misc/mps2-fpgaio: Implement push-buttons

[Philippe Mathieu-Daudé]

On 6/16/20 2:29 PM, Peter Maydell wrote:
> On Tue, 16 Jun 2020 at 11:40, Philippe Mathieu-Daudé  wrote:
>> On 6/16/20 12:27 PM, Peter Maydell wrote:
>>> This change seems kind of pointless unless these GPIO lines are
>>> actually wired up to something.
>>
>> Yes, I should have kept it out of this series, or documented
>> better the goal in the cover.
>>
>> I'm setting the roots to motivate a team of developers to
>> work on a visualization of the MPS2 board. The push-button is
>> supported by Zephyr, so the the idea is the visualizer generates
>> QMP GPIO event to be processed such in pca9552_set_led(), and
>> interact with the guest firmware.
> 
> I think that having a framework so we can better model this kind
> of push button / LED / similar thing is definitely good. I just
> think we need to review it at the framework level first -- it
> might turn out that actually the right way to wire up the push
> button to the UI framework isn't with a GPIO wire at all.
> Similarly with the other patchset that sends QMP events for
> LEDs -- that also seems like it's half of a design and a bit
> awkward to review without the context for what it connects to.

On my side feedback are helpful, but I understand.
I'll see if there are still any motivated soul left,
else wait for next GSoC.

> 
> thanks
> -- PMM
> 

Re: [PATCH v2 1/5] tpm_tis: Allow lowering of IRQ also when locality is not active

[Auger Eric]

Hi Stefan,

On 6/15/20 4:23 PM, Stefan Berger wrote:
> From: Stefan Berger 
> 
> This patch fixes a bug that occurs when using interrupts. It
> allows to lower the IRQ also when a locality is not active.
> 
> Signed-off-by: Stefan Berger 
Reviewed-by: Eric Auger 

Thanks

Eric
> ---

>  hw/tpm/tpm_tis_common.c | 4 
>  1 file changed, 4 deletions(-)
> 
> diff --git a/hw/tpm/tpm_tis_common.c b/hw/tpm/tpm_tis_common.c
> index 1af4bce139..0f42696f1f 100644
> --- a/hw/tpm/tpm_tis_common.c
> +++ b/hw/tpm/tpm_tis_common.c
> @@ -601,10 +601,6 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>  /* hard wired -- ignore */
>  break;
>  case TPM_TIS_REG_INT_STATUS:
> -if (s->active_locty != locty) {
> -break;
> -}
> -
>  /* clearing of interrupt flags */
>  if (((val & TPM_TIS_INTERRUPTS_SUPPORTED)) &&
>  (s->loc[locty].ints & TPM_TIS_INTERRUPTS_SUPPORTED)) {
> 

Re: [PULL 00/33] Net patches

[Peter Maydell]

On Tue, 16 Jun 2020 at 07:45, Jason Wang  wrote:
>
> The following changes since commit 7d3660e79830a069f1848bb4fa1cdf8f666424fb:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
> staging (2020-06-12 23:06:22 +0100)
>
> are available in the git repository at:
>
>   https://github.com/jasowang/qemu.git tags/net-pull-request
>
> for you to fetch changes up to 955aab203f932b8a7c23ff9c58ba036997cb3ed8:
>
>   net: Drop the NetLegacy structure, always use Netdev instead (2020-06-16 
> 14:40:40 +0800)
>
> 
>
> 

Hi; I'm afraid this fails to build (all hosts):

hw/net/virtio-net.o: In function `virtio_net_device_realize':
/home/pm215/qemu/hw/net/virtio-net.c:3380: undefined reference to
`net_rx_pkt_init'
hw/net/virtio-net.o: In function `virtio_net_device_unrealize':
/home/pm215/qemu/hw/net/virtio-net.c:3418: undefined reference to
`net_rx_pkt_uninit'
hw/net/virtio-net.o: In function `virtio_net_process_rss':
/home/pm215/qemu/hw/net/virtio-net.c:1607: undefined reference to
`net_rx_pkt_set_protocols'
/home/pm215/qemu/hw/net/virtio-net.c:1609: undefined reference to
`net_rx_pkt_get_protocols'
/home/pm215/qemu/hw/net/virtio-net.c:1625: undefined reference to
`net_rx_pkt_calc_rss_hash'
/home/pm215/qemu/hw/net/virtio-net.c:1613: undefined reference to
`net_rx_pkt_get_ip6_info'
/home/pm215/qemu/hw/net/virtio-net.c:1610: undefined reference to
`net_rx_pkt_get_ip4_info'
collect2: error: ld returned 1 exit status

thanks
-- PMM

[PATCH V3] Rename use_acpi_pci_hotplug to more appropriate use_acpi_hotplug_bridge

[Ani Sinha]

Currently, the option use_acpi_pci_hotplug is being used to control device
hotplug capability using ACPI for slots of cold plugged bridges. Hence, we
are renaming this option to better reflect what it actually does.

Signed-off-by: Ani Sinha 
---
 hw/acpi/piix4.c | 21 +++--
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 85c199b..7de44bc 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -77,7 +77,7 @@ typedef struct PIIX4PMState {
 Notifier powerdown_notifier;
 
 AcpiPciHpState acpi_pci_hotplug;
-bool use_acpi_pci_hotplug;
+bool use_acpi_hotplug_bridge;
 
 uint8_t disable_s3;
 uint8_t disable_s4;
@@ -204,16 +204,17 @@ static const VMStateDescription vmstate_pci_status = {
 }
 };
 
-static bool vmstate_test_use_acpi_pci_hotplug(void *opaque, int version_id)
+static bool vmstate_test_use_acpi_hotplug_bridge(void *opaque, int version_id)
 {
 PIIX4PMState *s = opaque;
-return s->use_acpi_pci_hotplug;
+return s->use_acpi_hotplug_bridge;
 }
 
-static bool vmstate_test_no_use_acpi_pci_hotplug(void *opaque, int version_id)
+static bool vmstate_test_no_use_acpi_hotplug_bridge(void *opaque,
+int version_id)
 {
 PIIX4PMState *s = opaque;
-return !s->use_acpi_pci_hotplug;
+return !s->use_acpi_hotplug_bridge;
 }
 
 static bool vmstate_test_use_memhp(void *opaque)
@@ -290,11 +291,11 @@ static const VMStateDescription vmstate_acpi = {
 VMSTATE_STRUCT_TEST(
 acpi_pci_hotplug.acpi_pcihp_pci_status[ACPI_PCIHP_BSEL_DEFAULT],
 PIIX4PMState,
-vmstate_test_no_use_acpi_pci_hotplug,
+vmstate_test_no_use_acpi_hotplug_bridge,
 2, vmstate_pci_status,
 struct AcpiPciHpPciStatus),
 VMSTATE_PCI_HOTPLUG(acpi_pci_hotplug, PIIX4PMState,
-vmstate_test_use_acpi_pci_hotplug),
+vmstate_test_use_acpi_hotplug_bridge),
 VMSTATE_END_OF_LIST()
 },
 .subsections = (const VMStateDescription*[]) {
@@ -528,7 +529,7 @@ I2CBus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t 
smb_io_base,
 s->smi_irq = smi_irq;
 s->smm_enabled = smm_enabled;
 if (xen_enabled()) {
-s->use_acpi_pci_hotplug = false;
+s->use_acpi_hotplug_bridge = false;
 }
 
 qdev_init_nofail(dev);
@@ -593,7 +594,7 @@ static void piix4_acpi_system_hot_add_init(MemoryRegion 
*parent,
 memory_region_add_subregion(parent, GPE_BASE, >io_gpe);
 
 acpi_pcihp_init(OBJECT(s), >acpi_pci_hotplug, bus, parent,
-s->use_acpi_pci_hotplug);
+s->use_acpi_hotplug_bridge);
 
 s->cpu_hotplug_legacy = true;
 object_property_add_bool(OBJECT(s), "cpu-hotplug-legacy",
@@ -631,7 +632,7 @@ static Property piix4_pm_properties[] = {
 DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_DISABLED, PIIX4PMState, disable_s4, 0),
 DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_VAL, PIIX4PMState, s4_val, 2),
 DEFINE_PROP_BOOL("acpi-pci-hotplug-with-bridge-support", PIIX4PMState,
- use_acpi_pci_hotplug, true),
+ use_acpi_hotplug_bridge, true),
 DEFINE_PROP_BOOL("memory-hotplug-support", PIIX4PMState,
  acpi_memory_hotplug.is_enabled, true),
 DEFINE_PROP_END_OF_LIST(),
-- 
1.9.4

Re: [PATCH 7/7] hw/misc/mps2-fpgaio: Implement push-buttons

[Peter Maydell]

On Tue, 16 Jun 2020 at 11:40, Philippe Mathieu-Daudé  wrote:
> On 6/16/20 12:27 PM, Peter Maydell wrote:
> > This change seems kind of pointless unless these GPIO lines are
> > actually wired up to something.
>
> Yes, I should have kept it out of this series, or documented
> better the goal in the cover.
>
> I'm setting the roots to motivate a team of developers to
> work on a visualization of the MPS2 board. The push-button is
> supported by Zephyr, so the the idea is the visualizer generates
> QMP GPIO event to be processed such in pca9552_set_led(), and
> interact with the guest firmware.

I think that having a framework so we can better model this kind
of push button / LED / similar thing is definitely good. I just
think we need to review it at the framework level first -- it
might turn out that actually the right way to wire up the push
button to the UI framework isn't with a GPIO wire at all.
Similarly with the other patchset that sends QMP events for
LEDs -- that also seems like it's half of a design and a bit
awkward to review without the context for what it connects to.

thanks
-- PMM

Re: [PULL 00/84] QOM patches for 2020-06-15

[Peter Maydell]

On Mon, 15 Jun 2020 at 21:43, Markus Armbruster  wrote:
>
> The following changes since commit 7d3660e79830a069f1848bb4fa1cdf8f666424fb:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
> staging (2020-06-12 23:06:22 +0100)
>
> are available in the Git repository at:
>
>   git://repo.or.cz/qemu/armbru.git tags/pull-qom-2020-06-15
>
> for you to fetch changes up to b77b5b3dc7a4730d804090d359c57d33573cf85a:
>
>   MAINTAINERS: Make section QOM cover hw/core/*bus.c as well (2020-06-15 
> 22:06:04 +0200)
>
> 
> QOM patches for 2020-06-15
>
> * Make "info qom-tree" show children sorted
> * Fixes around device realization
> * Rework how we plug into devices into their parent bus


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1
for any user-visible changes.

-- PMM

Re: [RFC v3 3/8] virtio-bus: introduce queue_enabled method

[Cindy Lu]

On Tue, Jun 16, 2020 at 3:50 PM Laurent Vivier  wrote:
>
> On 29/05/2020 16:06, Cindy Lu wrote:
> > From: Jason Wang 
> >
> > This patch introduces queue_enabled() method which allows the
> > transport to implement its own way to report whether or not a queue is
> > enabled.
> >
> > Signed-off-by: Jason Wang 
>
> Cindy, you must add your signed-off-by on all the patch you send, after
> all the existing S-o-b.
>
sure will fix this
> >
> > 0005-virtio-bus-introduce-queue_enabled-method.patch
>
will remove this part

> bad cut?
>
> Thanks,
> Laurent
>

Re: [RFC v3 5/8] vhost: introduce vhost_set_vring_ready method

[Cindy Lu]

On Tue, Jun 16, 2020 at 4:04 PM Laurent Vivier  wrote:
>
> On 29/05/2020 16:06, Cindy Lu wrote:
> > From: Jason Wang 
> >
> > Vhost-vdpa introduces VHOST_VDPA_SET_VRING_ENABLE which complies the
> > semantic of queue_enable defined in virtio spec. This method can be
> > used for preventing device from executing request for a specific
> > virtqueue. This patch introduces the vhost_ops for this.
> >
> > Note that, we've already had vhost_set_vring_enable which has different
> > semantic which allows to enable or disable a specific virtqueue for
> > some kinds of vhost backends. E.g vhost-user use this to changes the
> > number of active queue pairs.
> >
> > Signed-off-by: Jason Wang 
>
> Add your S-o-b.
>
will fix this
> > ---
> >  hw/net/vhost_net-stub.c |  4 
> >  hw/net/vhost_net.c  | 11 ++-
> >  include/net/vhost_net.h |  1 +
> >  3 files changed, 15 insertions(+), 1 deletion(-)
> >
> > diff --git a/hw/net/vhost_net-stub.c b/hw/net/vhost_net-stub.c
> > index aac0e98228..43e93e1a9a 100644
> > --- a/hw/net/vhost_net-stub.c
> > +++ b/hw/net/vhost_net-stub.c
> > @@ -86,6 +86,10 @@ int vhost_set_vring_enable(NetClientState *nc, int 
> > enable)
> >  return 0;
> >  }
> >
> > +int vhost_set_vring_ready(NetClientState *nc)
> > +{
> > +return 0;
> > +}
>
> Add a blank line here.
>
will fix this
> >  int vhost_net_set_mtu(struct vhost_net *net, uint16_t mtu)
> >  {
> >  return 0;
> > diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
> > index d1d421e3d9..e2bc7de2eb 100644
> > --- a/hw/net/vhost_net.c
> > +++ b/hw/net/vhost_net.c
> > @@ -344,7 +344,7 @@ int vhost_net_start(VirtIODevice *dev, NetClientState 
> > *ncs,
> >  goto err_start;
> >  }
> >
> > -if (ncs[i].peer->vring_enable) {
> > +if (peer->vring_enable) {
> >  /* restore vring enable state */
> >  r = vhost_set_vring_enable(peer, peer->vring_enable);
>
> Move this part to PATCH 2/8
>
will fix this
> > @@ -455,6 +455,15 @@ int vhost_set_vring_enable(NetClientState *nc, int 
> > enable)
> >  return 0;
> >  }
> >
> > +int vhost_set_vring_ready(NetClientState *nc)
> > +{
> > +VHostNetState *net = get_vhost_net(nc);
> > +const VhostOps *vhost_ops = net->dev.vhost_ops;
> > +if (vhost_ops && vhost_ops->vhost_set_vring_ready) {
>
> The structure VhostOps doesn't declare the vhost_set_vring_ready field.
> Your patch is missing something and it could be not built.
>
> It is defined in PATCH 7/8. If you want to keep this patch you should
> move the declaration of "vhost_set_vring_ready_op vhost_set_vring_ready"
> (and related) to this patch.
>
Thanks  Laurent,  I will fix this

> > +return vhost_ops->vhost_set_vring_ready(>dev);
> > +}
> > +return 0;
> > +}
>
> Add a blank line.
>
sure will fix this
> >  int vhost_net_set_mtu(struct vhost_net *net, uint16_t mtu)
> >  {
> >  const VhostOps *vhost_ops = net->dev.vhost_ops;
> > diff --git a/include/net/vhost_net.h b/include/net/vhost_net.h
> > index 77e47398c4..8a6f208189 100644
> > --- a/include/net/vhost_net.h
> > +++ b/include/net/vhost_net.h
> > @@ -35,6 +35,7 @@ int vhost_net_notify_migration_done(VHostNetState *net, 
> > char* mac_addr);
> >  VHostNetState *get_vhost_net(NetClientState *nc);
> >
> >  int vhost_set_vring_enable(NetClientState * nc, int enable);
> > +int vhost_set_vring_ready(NetClientState *nc);
> >
> >  uint64_t vhost_net_get_acked_features(VHostNetState *net);
> >
> >
>
> Thanks,
> Laurent
>

Re: [PATCH v4 1/5] acpi: Convert build_tpm2() to build_append* API

[Igor Mammedov]

On Thu, 11 Jun 2020 10:25:38 -0400
Stefan Berger  wrote:

> On 6/11/20 9:59 AM, Eric Auger wrote:
[...]
> > -tpm2_ptr->log_area_minimum_length =
> > -cpu_to_le32(TPM_LOG_AREA_MINIMUM_SIZE);
> > +/* Platform Specific Parameters */
> > +g_array_append_vals(table_data, _method_params,
> > +ARRAY_SIZE(start_method_params));
> >   
> > -acpi_data_push(tcpalog, 
> > le32_to_cpu(tpm2_ptr->log_area_minimum_length));
> > +/* Log Area Minimum Length */
> > +build_append_int_noprefix(table_data, TPM_LOG_AREA_MINIMUM_SIZE, 4);  
> 
> Here you push data related to TPM2 table...
> 
> 
> > +
> > +acpi_data_push(tcpalog, TPM_LOG_AREA_MINIMUM_SIZE);  
> 
> ... here you push log area memory ...
> 
> 
> >   bios_linker_loader_alloc(linker, ACPI_BUILD_TPMLOG_FILE, tcpalog, 1,
> >false);
> >   
> > -/* log area start address to be filled by Guest linker */
> > +log_addr_offset = table_data->len;
> > +build_append_int_noprefix(table_data, 0, 8);  
> 
> 
> ... here you push TPM2 table related data again. Is this right or did we 
> just mess up the TPM 2 table?

it's 2 differnt blobs tcpalog and table_data

> 
> 
> > +/* Log Area Start Address to be filled by Guest linker */
> >   bios_linker_loader_add_pointer(linker, ACPI_BUILD_TABLE_FILE,
> > -   log_addr_offset, log_addr_size,
> > +   log_addr_offset, 8,
> >  ACPI_BUILD_TPMLOG_FILE, 0);
> >   build_header(linker, table_data,
> > - (void *)tpm2_ptr, "TPM2", sizeof(*tpm2_ptr), 4, NULL, 
> > NULL);
> > + tpm2_ptr, "TPM2", table_data->len - tpm2_start, 4, NULL, 
> > NULL);
> >   }
> >   
> >   #define HOLE_640K_START  (640 * KiB)  
> 
> 

Re: [PATCH v2 2/2] qemu-options.hx: Document hmat-lb and hmat-cache order

[Igor Mammedov]

On Wed, 10 Jun 2020 15:17:35 +0200
Michal Privoznik  wrote:

> To simplify internal implementation the hmat-cache parsing code
> expects hmat-lb to be already parsed. This means, that hmat-lb
> arguments must come before hmat-cache. Document this restriction
> so that management applications can follow it.
> 
> Signed-off-by: Michal Privoznik 

Reviewed-by: Igor Mammedov 

> ---
>  qemu-options.hx | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/qemu-options.hx b/qemu-options.hx
> index b1a399079a..3fe9e6d6a0 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -319,6 +319,9 @@ SRST
>  'none/direct(direct-mapped)/complex(complex cache indexing)'. policy
>  is the write policy. line is the cache Line size in bytes.
>  
> +Please note, that due to internal implementation, '\ ``hmat-cache``\ '
> +must be configured only after '\ ``hmat-lb``\ ' option.
> +
>  For example, the following options describe 2 NUMA nodes. Node 0 has
>  2 cpus and a ram, node 1 has only a ram. The processors in node 0
>  access memory in node 0 with access-latency 5 nanoseconds,

Re: [PATCH v2 1/2] qemu-options.hx: Mark all hmat-cache attributes required

[Igor Mammedov]

On Wed, 10 Jun 2020 15:17:34 +0200
Michal Privoznik  wrote:

> The documentation to `-numa hmat-cache` says that @node-id, @size
> and @level are the only required attributes. The rest
> (@associativity, @policy and @line) is optional. Well, not quite
> - if I try to start QEMU with only the three required attributes
> defined the QAPI code is complaining about associativity missing.
> 
> According to QAPI all attributes are required. Make the docs
> reflect that.
> 
> Signed-off-by: Michal Privoznik 

Reviewed-by: Igor Mammedov 

> ---
>  qemu-options.hx | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 93bde2bbc8..b1a399079a 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -188,7 +188,7 @@ DEF("numa", HAS_ARG, QEMU_OPTION_numa,
>  "-numa dist,src=source,dst=destination,val=distance\n"
>  "-numa cpu,node-id=node[,socket-id=x][,core-id=y][,thread-id=z]\n"
>  "-numa 
> hmat-lb,initiator=node,target=node,hierarchy=memory|first-level|second-level|third-level,data-type=access-latency|read-latency|write-latency[,latency=lat][,bandwidth=bw]\n"
> -"-numa 
> hmat-cache,node-id=node,size=size,level=level[,associativity=none|direct|complex][,policy=none|write-back|write-through][,line=size]\n",
> +"-numa 
> hmat-cache,node-id=node,size=size,level=level,associativity=none|direct|complex,policy=none|write-back|write-through,line=size\n",
>  QEMU_ARCH_ALL)
>  SRST
>  ``-numa 
> node[,mem=size][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=initiator]``
> @@ -201,7 +201,7 @@ SRST
>\ 
>  ``-numa 
> hmat-lb,initiator=node,target=node,hierarchy=hierarchy,data-type=tpye[,latency=lat][,bandwidth=bw]``
>\ 
> -``-numa 
> hmat-cache,node-id=node,size=size,level=level[,associativity=str][,policy=str][,line=size]``
> +``-numa 
> hmat-cache,node-id=node,size=size,level=level,associativity=str,policy=str,line=size``
>  Define a NUMA node and assign RAM and VCPUs to it. Set the NUMA
>  distance from a source node to a destination node. Set the ACPI
>  Heterogeneous Memory Attributes for the given nodes.

Re: [PATCH V2] Rename use_acpi_pci_hotplug to more appropriate use_acpi_hotplug_bridge

[Igor Mammedov]

On Wed, 10 Jun 2020 13:40:51 +
Ani Sinha  wrote:

> Currently, the option use_acpi_pci_hotplug is being used to control device
> hotplug capability using ACPI for slots of cold plugged bridges. Hence, we
> are renaming this option to better reflect what it actually does.
> 
> Change-Id: I2a6ab47e80fa2bc9504ce88e063d710efaceb842
what is this id, prehaps drop it?

> Signed-off-by: Ani Sinha 

otherwise looks good, so

Reviewed-by: Igor Mammedov 

> ---
>  hw/acpi/piix4.c | 21 +++--
>  1 file changed, 11 insertions(+), 10 deletions(-)
> 
> diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
> index 85c199b..7de44bc 100644
> --- a/hw/acpi/piix4.c
> +++ b/hw/acpi/piix4.c
> @@ -77,7 +77,7 @@ typedef struct PIIX4PMState {
>  Notifier powerdown_notifier;
>  
>  AcpiPciHpState acpi_pci_hotplug;
> -bool use_acpi_pci_hotplug;
> +bool use_acpi_hotplug_bridge;
>  
>  uint8_t disable_s3;
>  uint8_t disable_s4;
> @@ -204,16 +204,17 @@ static const VMStateDescription vmstate_pci_status = {
>  }
>  };
>  
> -static bool vmstate_test_use_acpi_pci_hotplug(void *opaque, int version_id)
> +static bool vmstate_test_use_acpi_hotplug_bridge(void *opaque, int 
> version_id)
>  {
>  PIIX4PMState *s = opaque;
> -return s->use_acpi_pci_hotplug;
> +return s->use_acpi_hotplug_bridge;
>  }
>  
> -static bool vmstate_test_no_use_acpi_pci_hotplug(void *opaque, int 
> version_id)
> +static bool vmstate_test_no_use_acpi_hotplug_bridge(void *opaque,
> +int version_id)
>  {
>  PIIX4PMState *s = opaque;
> -return !s->use_acpi_pci_hotplug;
> +return !s->use_acpi_hotplug_bridge;
>  }
>  
>  static bool vmstate_test_use_memhp(void *opaque)
> @@ -290,11 +291,11 @@ static const VMStateDescription vmstate_acpi = {
>  VMSTATE_STRUCT_TEST(
>  acpi_pci_hotplug.acpi_pcihp_pci_status[ACPI_PCIHP_BSEL_DEFAULT],
>  PIIX4PMState,
> -vmstate_test_no_use_acpi_pci_hotplug,
> +vmstate_test_no_use_acpi_hotplug_bridge,
>  2, vmstate_pci_status,
>  struct AcpiPciHpPciStatus),
>  VMSTATE_PCI_HOTPLUG(acpi_pci_hotplug, PIIX4PMState,
> -vmstate_test_use_acpi_pci_hotplug),
> +vmstate_test_use_acpi_hotplug_bridge),
>  VMSTATE_END_OF_LIST()
>  },
>  .subsections = (const VMStateDescription*[]) {
> @@ -528,7 +529,7 @@ I2CBus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t 
> smb_io_base,
>  s->smi_irq = smi_irq;
>  s->smm_enabled = smm_enabled;
>  if (xen_enabled()) {
> -s->use_acpi_pci_hotplug = false;
> +s->use_acpi_hotplug_bridge = false;
>  }
>  
>  qdev_init_nofail(dev);
> @@ -593,7 +594,7 @@ static void piix4_acpi_system_hot_add_init(MemoryRegion 
> *parent,
>  memory_region_add_subregion(parent, GPE_BASE, >io_gpe);
>  
>  acpi_pcihp_init(OBJECT(s), >acpi_pci_hotplug, bus, parent,
> -s->use_acpi_pci_hotplug);
> +s->use_acpi_hotplug_bridge);
>  
>  s->cpu_hotplug_legacy = true;
>  object_property_add_bool(OBJECT(s), "cpu-hotplug-legacy",
> @@ -631,7 +632,7 @@ static Property piix4_pm_properties[] = {
>  DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_DISABLED, PIIX4PMState, disable_s4, 0),
>  DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_VAL, PIIX4PMState, s4_val, 2),
>  DEFINE_PROP_BOOL("acpi-pci-hotplug-with-bridge-support", PIIX4PMState,
> - use_acpi_pci_hotplug, true),
> + use_acpi_hotplug_bridge, true),
>  DEFINE_PROP_BOOL("memory-hotplug-support", PIIX4PMState,
>   acpi_memory_hotplug.is_enabled, true),
>  DEFINE_PROP_END_OF_LIST(),

Re: [PATCH v2 0/2] target/mips: Add two groups of loongson-ext instructions

[Jiaxun Yang]

在 2020/6/16 18:38, Aleksandar Markovic 写道:



уторак, 16. јун 2020., Jiaxun Yang > је написао/ла:


This is the sucessor of:
"Basic TCG Loongson-3A1000 Support"

Thanks!


Hi, Jiaxun.

Thanks for providing updated version of the series.

I wonder, given so many "#if defined(TARGET_MIPS64)" lines in this 
series, what would be the 32-bit processors that support Loongson EXT ASE?


Loongson GS232 core which can be found in Loongson-1A/B/C should support it.
Although I have no intension to work on QEMU support of these processors.



Thanks,
Aleksandar

Jiaxun Yang (2):
   target/mips: Add loongson-ext lsdc2 group of instructions
   target/mips: Add loongson-ext lswc2 group of instrustions


Also, a spelling mistake in the second title.


Ahh, My bad



  target/mips/translate.c | 437 
  1 file changed, 437 insertions(+)

-- 
2.27.0.rc2




--
- Jiaxun

Re: [PATCH v2] migration: Count new_dirty instead of real_dirty

[zhukeqian]

Hi Dave,

On 2020/6/16 17:58, Dr. David Alan Gilbert wrote:
> * zhukeqian (zhukeqi...@huawei.com) wrote:
>> Hi Dave,
>>
>> On 2020/6/16 17:35, Dr. David Alan Gilbert wrote:
>>> * Keqian Zhu (zhukeqi...@huawei.com) wrote:
 real_dirty_pages becomes equal to total ram size after dirty log sync
 in ram_init_bitmaps, the reason is that the bitmap of ramblock is
 initialized to be all set, so old path counts them as "real dirty" at
 beginning.

 This causes wrong dirty rate and false positive throttling at the end
 of first ram save iteration.

 Signed-off-by: Keqian Zhu 
>>>
>>> Since this function already returns num_dirty, why not just change the
>>> caller to increment a counter based off the return value?
>> Yes, that would be better :-) .
>>
>>>
>>> Can you point to the code which is using this value that triggers the
>>> throttle?
>>>
>> In migration_trigger_throttle(), rs->num_dirty_pages_period is used.
>> And it corresponds to real_dirty_pages here.
> 
> OK; so is the problem not the same as the check that's in there for
> blk_mig_bulk_activate - don't we need to do the same trick for ram bulk
> migration (i.e. the first pass).
> 
Sorry that I do not get your idea clearly. Could you give some sample
code?

> Dave
> 
>> Thanks,
>> Keqian
>>
>>> Dave
>>>
>>>
>> [...]


>>> --
>>> Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
>>>
>>> .
>>>
>>
> --
> Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
> 
> .
> 

Re: [PATCH v4 04/21] s390x/pv: Convert to ram_block_discard_disable()

[Cornelia Huck]

On Wed, 10 Jun 2020 13:54:02 +0200
David Hildenbrand  wrote:

> Discarding RAM does not work as expected with protected VMs. Let's
> switch to ram_block_discard_disable() for now, as we want to get rid
> of qemu_balloon_inhibit(). Note that it will currently never fail, but
> might fail in the future with new technologies (e.g., virtio-mem).
> 
> Cc: Richard Henderson 
> Cc: Cornelia Huck 
> Cc: Halil Pasic 
> Cc: Christian Borntraeger 
> Cc: Janosch Frank 
> Signed-off-by: David Hildenbrand 
> ---
>  hw/s390x/s390-virtio-ccw.c | 22 +-
>  1 file changed, 13 insertions(+), 9 deletions(-)

Did not review in detail, but looks sane. Would like to see a sanity
check and ack from folks with access to a PV setup.

Acked-by: Cornelia Huck 

Re: [PATCH v4 02/21] vfio: Convert to ram_block_discard_disable()

[Cornelia Huck]

On Wed, 10 Jun 2020 13:54:00 +0200
David Hildenbrand  wrote:

> VFIO is (except devices without a physical IOMMU or some mediated devices)
> incompatible with discarding of RAM. The kernel will pin basically all VM
> memory. Let's convert to ram_block_discard_disable(), which can now
> fail, in contrast to qemu_balloon_inhibit().
> 
> Leave "x-balloon-allowed" named as it is for now.
> 
> Cc: Cornelia Huck 
> Cc: Alex Williamson 
> Cc: Christian Borntraeger 
> Cc: Tony Krowiak 
> Cc: Halil Pasic 
> Cc: Pierre Morel 
> Cc: Eric Farman 
> Signed-off-by: David Hildenbrand 
> ---
>  hw/vfio/ap.c  | 10 +++
>  hw/vfio/ccw.c | 11 
>  hw/vfio/common.c  | 53 +++
>  hw/vfio/pci.c |  6 ++--
>  include/hw/vfio/vfio-common.h |  4 +--
>  5 files changed, 45 insertions(+), 39 deletions(-)

Did not have time to review in detail, but looks sane.

Acked-by: Cornelia Huck 

Re: [PATCH 1/2] hw/386: Fix uninitialized memory with -device and CPU hotplug

[Igor Mammedov]

On Mon, 08 Jun 2020 15:18:50 -0500
Babu Moger  wrote:

> Noticed the following command failure while testing CPU hotplug.
> 
> $ qemu-system-x86_64 -machine q35,accel=kvm -smp 1,maxcpus=2,
>   cores=1, threads=1,sockets=2 -cpu EPYC -device EPYC-x86_64-
>   cpu,core-id=0,socket-id=1,thread-id=0
> 
>   qemu-system-x86_64: -device EPYC-x86_64-cpu,core-id=0,socket-id=1,
>   thread-id=0: Invalid CPU [socket: 21855, die: 0, core: 0, thread: 0]
>   with APIC ID 21855, valid index range 0:1
> 
> This happens because APIC ID is calculated using uninitialized memory.
> This is happening after the addition of new field node_id in X86CPUTopoIDs
> structure. The node_id field is uninitialized while calling
> apicid_from_topo_ids. The problem is discussed in the thread below.
> https://lore.kernel.org/qemu-devel/20200602171838.gg577...@habkost.net/
> 
> Fix the problem by initializing the node_id properly.
> 
> Signed-off-by: Babu Moger 
> ---
>  hw/i386/pc.c   |2 ++
>  include/hw/i386/topology.h |   11 +++
>  2 files changed, 13 insertions(+)
> 
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index 2128f3d6fe..974cc30891 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -1585,6 +1585,8 @@ static void pc_cpu_pre_plug(HotplugHandler *hotplug_dev,
>  topo_ids.die_id = cpu->die_id;
>  topo_ids.core_id = cpu->core_id;
>  topo_ids.smt_id = cpu->thread_id;
> +topo_ids.node_id = cpu_x86_use_epyc_apic_id_encoding(ms->cpu_type) ?
> +   x86_node_id_for_epyc(_info, _ids) : 0;

I'd rather not calculate some default value here,
this is the branch where we check user provided topology info and error out 
asking
to provide missing bits.

I also wonder if we should force user to specify numa nodes on CLI if EPYC cpu 
is used.
(i.e. I'm assuming that EPYC always requires numa)

>  cpu->apic_id = x86ms->apicid_from_topo_ids(_info, _ids);
>  }
>  
> diff --git a/include/hw/i386/topology.h b/include/hw/i386/topology.h
> index 07239f95f4..ee4deb84c4 100644
> --- a/include/hw/i386/topology.h
> +++ b/include/hw/i386/topology.h
> @@ -140,6 +140,17 @@ static inline unsigned 
> apicid_pkg_offset_epyc(X86CPUTopoInfo *topo_info)
> apicid_node_width_epyc(topo_info);
>  }
>  
> +static inline unsigned x86_node_id_for_epyc(X86CPUTopoInfo *topo_info,
> +const X86CPUTopoIDs *topo_ids)
> +{
> +unsigned nr_nodes = MAX(topo_info->nodes_per_pkg, 1);
> +unsigned cores_per_node = DIV_ROUND_UP((topo_info->dies_per_pkg *
> +topo_info->cores_per_die *
> +topo_info->threads_per_core),
> +nr_nodes);
> +
> +return (topo_ids->core_id / cores_per_node) % nr_nodes;
what if nr_nodes == 0?

> +}
>  /*
>   * Make APIC ID for the CPU based on Pkg_ID, Core_ID, SMT_ID
>   *
> 
> 

Re: [PATCH v4 05/21] virtio-balloon: Rip out qemu_balloon_inhibit()

[Dr. David Alan Gilbert]

* David Hildenbrand (da...@redhat.com) wrote:
> The only remaining special case is postcopy. It cannot handle
> concurrent discards yet, which would result in requesting already sent
> pages from the source. Special-case it in virtio-balloon instead.
> 
> Introduce migration_in_incoming_postcopy(), to find out if incoming
> postcopy is active.
> 
> Cc: "Michael S. Tsirkin" 
> Cc: Juan Quintela 
> Cc: "Dr. David Alan Gilbert" 
> Signed-off-by: David Hildenbrand 

Reviewed-by: Dr. David Alan Gilbert 

> ---
>  balloon.c  | 18 --
>  hw/virtio/virtio-balloon.c |  8 +++-
>  include/migration/misc.h   |  2 ++
>  include/sysemu/balloon.h   |  2 --
>  migration/migration.c  |  7 +++
>  migration/postcopy-ram.c   | 23 ---
>  6 files changed, 16 insertions(+), 44 deletions(-)
> 
> diff --git a/balloon.c b/balloon.c
> index 5fff79523a..354408c6ea 100644
> --- a/balloon.c
> +++ b/balloon.c
> @@ -36,24 +36,6 @@
>  static QEMUBalloonEvent *balloon_event_fn;
>  static QEMUBalloonStatus *balloon_stat_fn;
>  static void *balloon_opaque;
> -static int balloon_inhibit_count;
> -
> -bool qemu_balloon_is_inhibited(void)
> -{
> -return atomic_read(_inhibit_count) > 0 ||
> -   ram_block_discard_is_disabled();
> -}
> -
> -void qemu_balloon_inhibit(bool state)
> -{
> -if (state) {
> -atomic_inc(_inhibit_count);
> -} else {
> -atomic_dec(_inhibit_count);
> -}
> -
> -assert(atomic_read(_inhibit_count) >= 0);
> -}
>  
>  static bool have_balloon(Error **errp)
>  {
> diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
> index 065cd450f1..5ce2f956df 100644
> --- a/hw/virtio/virtio-balloon.c
> +++ b/hw/virtio/virtio-balloon.c
> @@ -63,6 +63,12 @@ static bool 
> virtio_balloon_pbp_matches(PartiallyBalloonedPage *pbp,
>  return pbp->base_gpa == base_gpa;
>  }
>  
> +static bool virtio_balloon_inhibited(void)
> +{
> +/* Postcopy cannot deal with concurrent discards, so it's special. */
> +return ram_block_discard_is_disabled() || 
> migration_in_incoming_postcopy();
> +}
> +
>  static void balloon_inflate_page(VirtIOBalloon *balloon,
>   MemoryRegion *mr, hwaddr mr_offset,
>   PartiallyBalloonedPage *pbp)
> @@ -360,7 +366,7 @@ static void virtio_balloon_handle_output(VirtIODevice 
> *vdev, VirtQueue *vq)
>  
>  
> trace_virtio_balloon_handle_output(memory_region_name(section.mr),
> pa);
> -if (!qemu_balloon_is_inhibited()) {
> +if (!virtio_balloon_inhibited()) {
>  if (vq == s->ivq) {
>  balloon_inflate_page(s, section.mr,
>   section.offset_within_region, );
> diff --git a/include/migration/misc.h b/include/migration/misc.h
> index d2762257aa..34e7d75713 100644
> --- a/include/migration/misc.h
> +++ b/include/migration/misc.h
> @@ -69,6 +69,8 @@ bool migration_has_failed(MigrationState *);
>  /* ...and after the device transmission */
>  bool migration_in_postcopy_after_devices(MigrationState *);
>  void migration_global_dump(Monitor *mon);
> +/* True if incomming migration entered POSTCOPY_INCOMING_DISCARD */
> +bool migration_in_incoming_postcopy(void);
>  
>  /* migration/block-dirty-bitmap.c */
>  void dirty_bitmap_mig_init(void);
> diff --git a/include/sysemu/balloon.h b/include/sysemu/balloon.h
> index aea0c44985..20a2defe3a 100644
> --- a/include/sysemu/balloon.h
> +++ b/include/sysemu/balloon.h
> @@ -23,7 +23,5 @@ typedef void (QEMUBalloonStatus)(void *opaque, BalloonInfo 
> *info);
>  int qemu_add_balloon_handler(QEMUBalloonEvent *event_func,
>   QEMUBalloonStatus *stat_func, void *opaque);
>  void qemu_remove_balloon_handler(void *opaque);
> -bool qemu_balloon_is_inhibited(void);
> -void qemu_balloon_inhibit(bool state);
>  
>  #endif
> diff --git a/migration/migration.c b/migration/migration.c
> index b63ad91d34..14856cc930 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -1772,6 +1772,13 @@ bool 
> migration_in_postcopy_after_devices(MigrationState *s)
>  return migration_in_postcopy() && s->postcopy_after_devices;
>  }
>  
> +bool migration_in_incoming_postcopy(void)
> +{
> +PostcopyState ps = postcopy_state_get();
> +
> +return ps >= POSTCOPY_INCOMING_DISCARD && ps < POSTCOPY_INCOMING_END;
> +}
> +
>  bool migration_is_idle(void)
>  {
>  MigrationState *s = current_migration;
> diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
> index a36402722b..b41a9fe2fd 100644
> --- a/migration/postcopy-ram.c
> +++ b/migration/postcopy-ram.c
> @@ -27,7 +27,6 @@
>  #include "qemu/notify.h"
>  #include "qemu/rcu.h"
>  #include "sysemu/sysemu.h"
> -#include "sysemu/balloon.h"
>  #include "qemu/error-report.h"
>  #include "trace.h"
>  #include "hw/boards.h"
> @@ -520,20 +519,6 @@ int 

[PATCH v2 0/2] Add strace support for printing arguments for ioctls

[Filip Bozuta]

From: Filip Bozuta 

This series introduces the functionality in strace to print arguments for
ioctls. This is gonna be a useful adittion as it indroduces a good debugging
and diagnostic mechanism for user programs cross compiled for different
architectures.

The first patch in the series introduces missing thunk argument types for ioctls
SIOCGSTAMP and SIOCGSTAMPNS needed for strace argument printing. The second 
patch
introduces the argument printing functionality. The implementation details are
described in the patch commit messages.

Testing method:

Mini test programs were written that run ioctls that are implemented in 
qemu.
These programs covered different varieties of ioctls. Some covered rtc 
ioctls
with both basic argument types (like RTC_IRQP_SET and RTC_IRQP_READ) and
structure types (like RTC_RD_TIME and RTC_SET_TIME). Some covered loop 
ioctls
LOOP_SET_STATUS and LOOP_GET_STATUS that use "struct loop_info" which 
contain
special types olddev_t (in qemu presented as OLDDEV_T). Some covered alsa 
timer
ioctls like SNDRV_TIMER_IOCTL_GSTATUS, SDNRV_TIMER_IOCTL_STATUS which 
contain
complex third argument types (structures that contain other structures and 
strings
as fields).

Programs were compiled (sometimes using cross-compilers) for the following
architectures:

* Intel 64-bit (little endian) (gcc)
* Power pc 32-bit (big endian) (powerpc-linux-gnu-gcc)
* Power pc 64-bit (big endian) (powerpc64-linux-gnu-gcc)
* Mips 32-bit (little endian) (mipsel-linux-gnu-gcc)
* Mips 64-bit (little endian) (mips64el-linux-gnuabi64-gcc)

All applicable compiled programs were in turn executed with "-strace"
through QEMU and the strace printing results obtained were the same
ones gotten for native execution.

v2:
* Removed case TYPE_LONGLONG, TYPE_ULONGLONG from print_ioctl()
* Changed error printing in print_syscall_ret_ioctl() to use
  error printing function from another series
* Added and #ifdef directive in "syscall.types.h" to manage the
  case when the "u_sec" filed in timeval structure is of type int

Filip Bozuta (2):
  linux-user: Add thunk argument types for SIOCGSTAMP and SIOCGSTAMPNS
  linux-user: Add strace support for printing arguments of ioctl()

 include/exec/user/thunk.h  |   1 +
 linux-user/ioctls.h|  12 ++-
 linux-user/qemu.h  |  20 +
 linux-user/strace.c| 107 ++
 linux-user/strace.list |   3 +-
 linux-user/syscall.c   |  20 +
 linux-user/syscall_types.h |  22 ++
 thunk.c| 154 +
 8 files changed, 315 insertions(+), 24 deletions(-)

-- 
2.17.1

[PATCH v2 1/2] linux-user: Add thunk argument types for SIOCGSTAMP and SIOCGSTAMPNS

[Filip Bozuta]

From: Filip Bozuta 

Socket ioctls SIOCGSTAMP and SIOCGSTAMPNS, used for timestamping the socket
connection, are defined in file "ioctls.h" differently from other ioctls.
The reason for this difference is explained in the comments above their 
definition.
These ioctls didn't have defined thunk argument types before changes from this
patch. They have special handling functions ("do_ioctl_SIOCGSTAMP" and
"do_ioctl_SIOCGSTAMPNS") that take care of setting values for approppriate 
argument
types (struct timeval and struct timespec) and thus no thunk argument types were
needed for their implementation. But this patch adds those argument type 
definitions
in file "syscall_types.h" and "ioctls.h" as it is needed for printing arguments
of these ioctls with strace.

Implementation notes:

There are two variants of these ioctls: SIOCGSTAMP_OLD/SIOCGSTAM_NEW and
SIOCGSTAMPNS_OLD/SIOCGSTAMPNS_NEW. One is the old existing definition and 
the
other is the 2038 safe variant used for 32-bit architectures. Corresponding
structure definitions STRUCT_timespec/STRUCT__kernel_timespec and
STRUCT_timeval/STRUCT__kernel_sock_timeval were added for these variants.
STRUCT_timeval definition was already inside the file as it is used by
another implemented ioctl. Two cases were added for definitions
STRUCT_timeval/STRUCT__kernel_sock_timeval to manage the case when the
"u_sec" field of the timeval structure is of type int.

Signed-off-by: Filip Bozuta 
---
 linux-user/ioctls.h| 12 
 linux-user/syscall_types.h | 22 ++
 2 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index 0defa1d8c1..edb7172207 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -279,13 +279,17 @@
* FIXME: create a macro to define this kind of entry
*/
   { TARGET_SIOCGSTAMP_OLD, TARGET_SIOCGSTAMP_OLD,
-"SIOCGSTAMP_OLD", IOC_R, do_ioctl_SIOCGSTAMP },
+"SIOCGSTAMP_OLD", IOC_R, do_ioctl_SIOCGSTAMP,
+{ MK_PTR(MK_STRUCT(STRUCT_timeval)) } },
   { TARGET_SIOCGSTAMPNS_OLD, TARGET_SIOCGSTAMPNS_OLD,
-"SIOCGSTAMPNS_OLD", IOC_R, do_ioctl_SIOCGSTAMPNS },
+"SIOCGSTAMPNS_OLD", IOC_R, do_ioctl_SIOCGSTAMPNS,
+{ MK_PTR(MK_STRUCT(STRUCT_timespec)) } },
   { TARGET_SIOCGSTAMP_NEW, TARGET_SIOCGSTAMP_NEW,
-"SIOCGSTAMP_NEW", IOC_R, do_ioctl_SIOCGSTAMP },
+"SIOCGSTAMP_NEW", IOC_R, do_ioctl_SIOCGSTAMP,
+{ MK_PTR(MK_STRUCT(STRUCT__kernel_sock_timeval)) } },
   { TARGET_SIOCGSTAMPNS_NEW, TARGET_SIOCGSTAMPNS_NEW,
-"SIOCGSTAMPNS_NEW", IOC_R, do_ioctl_SIOCGSTAMPNS },
+"SIOCGSTAMPNS_NEW", IOC_R, do_ioctl_SIOCGSTAMPNS,
+{ MK_PTR(MK_STRUCT(STRUCT__kernel_timespec)) } },
 
   IOCTL(RNDGETENTCNT, IOC_R, MK_PTR(TYPE_INT))
   IOCTL(RNDADDTOENTCNT, IOC_W, MK_PTR(TYPE_INT))
diff --git a/linux-user/syscall_types.h b/linux-user/syscall_types.h
index 4e12c1661e..d636561bf4 100644
--- a/linux-user/syscall_types.h
+++ b/linux-user/syscall_types.h
@@ -137,10 +137,32 @@ STRUCT(snd_timer_params,
TYPE_INT, /* filter */
MK_ARRAY(TYPE_CHAR, 60)) /* reserved */
 
+#if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
+STRUCT(timeval,
+   TYPE_LONG, /* tv_sec */
+   TYPE_INT) /* tv_usec */
+
+STRUCT(_kernel_sock_timeval,
+   TYPE_LONG, /* tv_sec */
+   TYPE_INT) /* tv_usec */
+#else
+STRUCT(timeval,
+   TYPE_LONG, /* tv_sec */
+   TYPE_LONG) /* tv_usec */
+
+STRUCT(_kernel_sock_timeval,
+   TYPE_LONGLONG, /* tv_sec */
+   TYPE_LONGLONG) /* tv_usec */
+#endif
+
 STRUCT(timespec,
TYPE_LONG, /* tv_sec */
TYPE_LONG) /* tv_nsec */
 
+STRUCT(_kernel_timespec,
+   TYPE_LONGLONG, /* tv_sec */
+   TYPE_LONGLONG) /* tv_nsec */
+
 STRUCT(snd_timer_status,
MK_STRUCT(STRUCT_timespec), /* tstamp */
TYPE_INT, /* resolution */
-- 
2.17.1

[PATCH v2 2/2] linux-user: Add strace support for printing arguments of ioctl()

[Filip Bozuta]

From: Filip Bozuta 

This patch implements functionality for strace argument printing for ioctls.
When running ioctls through qemu with "-strace", they get printed in format:

"ioctl(fd_num,0x*,0x*) = ret_value"

where the request code an the ioctl's third argument get printed in a 
hexadicemal
format. This patch changes that by enabling strace to print both the request 
code
name and the contents of the third argument. For example, when running ioctl
RTC_SET_TIME with "-strace", with changes from this patch, it gets printed in
this way:

"ioctl(3,RTC_SET_TIME,{12,13,15,20,10,119,0,0,0}) = 0"

In case of IOC_R type ioctls, the contents of the third argument get printed
after the return value, and the argument inside the ioctl call gets printed
as pointer in hexadecimal format. For example, when running RTC_RD_TIME with
"-strace", with changes from this patch, it gets printed in this way:

"ioctl(3,RTC_RD_TIME,0x40800374) = 0 ({22,9,13,11,5,120,0,0,0})"

In case of IOC_RW type ioctls, the contents of the third argument get printed
both inside the ioctl call and after the return value.

Implementation notes:

Functions "print_ioctl()" and "print_syscall_ret_ioctl()", that are defined
in "strace.c", are listed in file "strace.list" as "call" and "result"
value for ioctl. Structure definition "IOCTLEntry" as well as predefined
values for IOC_R, IOC_W and IOC_RW were cut and pasted from file "syscall.c"
to file "qemu.h" so that they can be used by these functions to print the
contents of the third ioctl argument. Also, the "static" identifier for 
array
"ioctl_entries[]" was removed and this array was declared as "extern" in 
"qemu.h"
so that it can also be used by these functions. To decode the structure type
of the ioctl third argument, function "thunk_print()" was defined in file
"thunk.c" and its definition is somewhat simillar to that of function
"thunk_convert()".

Signed-off-by: Filip Bozuta 
Based-on: <20200616103927.20222-1-filip.boz...@syrmia.com>
---
 include/exec/user/thunk.h |   1 +
 linux-user/qemu.h |  20 +
 linux-user/strace.c   | 107 ++
 linux-user/strace.list|   3 +-
 linux-user/syscall.c  |  20 +
 thunk.c   | 154 ++
 6 files changed, 285 insertions(+), 20 deletions(-)

diff --git a/include/exec/user/thunk.h b/include/exec/user/thunk.h
index eae2c27f99..7992475c9f 100644
--- a/include/exec/user/thunk.h
+++ b/include/exec/user/thunk.h
@@ -73,6 +73,7 @@ void thunk_register_struct_direct(int id, const char *name,
   const StructEntry *se1);
 const argtype *thunk_convert(void *dst, const void *src,
  const argtype *type_ptr, int to_host);
+const argtype *thunk_print(void *arg, const argtype *type_ptr);
 
 extern StructEntry *struct_entries;
 
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index be67391ba4..5c964389c1 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -184,6 +184,26 @@ struct linux_binprm {
 int (*core_dump)(int, const CPUArchState *); /* coredump routine */
 };
 
+typedef struct IOCTLEntry IOCTLEntry;
+
+typedef abi_long do_ioctl_fn(const IOCTLEntry *ie, uint8_t *buf_temp,
+ int fd, int cmd, abi_long arg);
+
+struct IOCTLEntry {
+int target_cmd;
+unsigned int host_cmd;
+const char *name;
+int access;
+do_ioctl_fn *do_ioctl;
+const argtype arg_type[5];
+};
+
+extern IOCTLEntry ioctl_entries[];
+
+#define IOC_R 0x0001
+#define IOC_W 0x0002
+#define IOC_RW (IOC_R | IOC_W)
+
 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop);
 abi_ulong loader_build_argptr(int envc, int argc, abi_ulong sp,
   abi_ulong stringp, int push_ptr);
diff --git a/linux-user/strace.c b/linux-user/strace.c
index 6044c66954..6671711e7b 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -866,6 +866,44 @@ print_syscall_ret_listxattr(const struct syscallname 
*name, abi_long ret,
 #define print_syscall_ret_flistxattr print_syscall_ret_listxattr
 #endif
 
+#ifdef TARGET_NR_ioctl
+static void
+print_syscall_ret_ioctl(const struct syscallname *name, abi_long ret,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_err(ret);
+
+if (ret >= 0) {
+qemu_log(TARGET_ABI_FMT_ld, ret);
+
+const IOCTLEntry *ie;
+const argtype *arg_type;
+void *argptr;
+int target_size;
+
+for (ie = ioctl_entries; ie->target_cmd != 0; ie++) {
+if (ie->target_cmd == arg1) {
+break;
+}
+}
+
+if (ie->target_cmd == arg1 &&
+   (ie->access == IOC_R || ie->access == IOC_RW)) {
+arg_type = ie->arg_type;
+qemu_log(" (");
+arg_type++;
+ 

Re: [PULL v2 00/18] MIPS + misc queue for June 15th, 2020

[Peter Maydell]

On Mon, 15 Jun 2020 at 20:29, Aleksandar Markovic
 wrote:
>
> The following changes since commit 7d3660e79830a069f1848bb4fa1cdf8f666424fb:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
> staging (2020-06-12 23:06:22 +0100)
>
> are available in the git repository at:
>
>   https://github.com/AMarkovic/qemu tags/mips-queue-jun-15-2020
>
> for you to fetch changes up to 250bc43a406f7d46e319abe87c19548d4f027828:
>
>   translations: Add Swedish language (2020-06-15 20:51:10 +0200)
>
> 
>
> MIPS + misc queue for June 15th, 2020
>
>   Highlights:
>
> This pull request, just exceptionally, contains two non-MIPS patches:
>
>   - adjust sh4 maintainership
>   - add Swedish translations
>
> The rest are MIPS patches:
>
>   - refactor emulation of a number of MSA instructions
>   - activate Loongson-related insn_flags
>
> Notes:
>
>   - one checkpatch warning is benign
>   - some of make check iotest-qcow2 tests fail on my system, both before
> and after applying the patches from this pull request


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1
for any user-visible changes.

-- PMM

Re: [PATCH 7/7] hw/misc/mps2-fpgaio: Implement push-buttons

[Philippe Mathieu-Daudé]

On 6/16/20 12:27 PM, Peter Maydell wrote:
> On Tue, 16 Jun 2020 at 07:32, Philippe Mathieu-Daudé  wrote:
>>
>> The FPGA system control block has 2 push-buttons labelled PB0/PB1.
>>
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
> 
>> @@ -249,6 +258,8 @@ static void mps2_fpgaio_init(Object *obj)
>>  memory_region_init_io(>iomem, obj, _fpgaio_ops, s,
>>"mps2-fpgaio", 0x1000);
>>  sysbus_init_mmio(sbd, >iomem);
>> +
>> +qdev_init_gpio_in_named(DEVICE(s), mps2_fpgaio_push_button, "PB", 2);
>>  }
> 
> This change seems kind of pointless unless these GPIO lines are
> actually wired up to something.

Yes, I should have kept it out of this series, or documented
better the goal in the cover.

I'm setting the roots to motivate a team of developers to
work on a visualization of the MPS2 board. The push-button is
supported by Zephyr, so the the idea is the visualizer generates
QMP GPIO event to be processed such in pca9552_set_led(), and
interact with the guest firmware.

> 
> thanks
> -- PMM
> 

[PATCH v4 6/6] linux-user: Add strace support for printing arguments of fallocate()

[Filip Bozuta]

From: Filip Bozuta 

This patch implements strace argument printing functionality for following 
syscall:

*fallocate - manipulate file space

int fallocate(int fd, int mode, off_t offset, off_t len)
man page: https://www.man7.org/linux/man-pages/man2/fallocate.2.html

Implementation notes:

This syscall's second argument "mode" is composed of predefined values
which represent flags that determine the type of operation that is
to be performed on the file space. For that reason, a printing
function "print_fallocate" was stated in file "strace.list". This printing
function uses an already existing function "print_flags()" to print flags of
the "mode" argument. These flags are stated inside an array "falloc_flags"
that contains values of type "struct flags". These values are instantiated
using an existing macro "FLAG_GENERIC()". Most of these flags are defined
after kernel version 3.0 which is why they are enwrapped in an #ifdef
directive.
The syscall's third ant fourth argument are of type "off_t" which can
cause variations between 32/64-bit architectures. To handle this variation,
function "target_offset64()" was copied from file "strace.c" and used in
"print_fallocate" to print "off_t" arguments for 32-bit architectures.

Signed-off-by: Filip Bozuta 
---
 linux-user/qemu.h  | 16 
 linux-user/strace.c| 40 
 linux-user/strace.list |  2 +-
 linux-user/syscall.c   | 16 
 4 files changed, 57 insertions(+), 17 deletions(-)

diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 8f938b8105..be67391ba4 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -670,6 +670,22 @@ static inline int is_error(abi_long ret)
 return (abi_ulong)ret >= (abi_ulong)(-4096);
 }
 
+#if TARGET_ABI_BITS == 32
+static inline uint64_t target_offset64(uint32_t word0, uint32_t word1)
+{
+#ifdef TARGET_WORDS_BIGENDIAN
+return ((uint64_t)word0 << 32) | word1;
+#else
+return ((uint64_t)word1 << 32) | word0;
+#endif
+}
+#else /* TARGET_ABI_BITS == 32 */
+static inline uint64_t target_offset64(uint64_t word0, uint64_t word1)
+{
+return word0;
+}
+#endif /* TARGET_ABI_BITS != 32 */
+
 /**
  * preexit_cleanup: housekeeping before the guest exits
  *
diff --git a/linux-user/strace.c b/linux-user/strace.c
index f44ab0ab84..4dbed81a55 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -1143,6 +1143,26 @@ UNUSED static struct flags statx_mask[] = {
 FLAG_END,
 };
 
+UNUSED static struct flags falloc_flags[] = {
+FLAG_GENERIC(FALLOC_FL_KEEP_SIZE),
+FLAG_GENERIC(FALLOC_FL_PUNCH_HOLE),
+#ifdef FALLOC_FL_NO_HIDE_STALE
+FLAG_GENERIC(FALLOC_FL_NO_HIDE_STALE),
+#endif
+#ifdef FALLOC_FL_COLLAPSE_RANGE
+FLAG_GENERIC(FALLOC_FL_COLLAPSE_RANGE),
+#endif
+#ifdef FALLOC_FL_ZERO_RANGE
+FLAG_GENERIC(FALLOC_FL_ZERO_RANGE),
+#endif
+#ifdef FALLOC_FL_INSERT_RANGE
+FLAG_GENERIC(FALLOC_FL_INSERT_RANGE),
+#endif
+#ifdef FALLOC_FL_UNSHARE_RANGE
+FLAG_GENERIC(FALLOC_FL_UNSHARE_RANGE),
+#endif
+};
+
 /*
  * print_xxx utility functions.  These are used to print syscall
  * parameters in certain format.  All of these have parameter
@@ -1560,6 +1580,26 @@ print_faccessat(const struct syscallname *name,
 }
 #endif
 
+#ifdef TARGET_NR_fallocate
+static void
+print_fallocate(const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_prologue(name);
+print_raw_param("%d", arg0, 0);
+print_flags(falloc_flags, arg1, 0);
+#if TARGET_ABI_BITS == 32
+print_raw_param("%" PRIu64, target_offset64(arg2, arg3), 0);
+print_raw_param("%" PRIu64, target_offset64(arg4, arg5), 1);
+#else
+print_raw_param(TARGET_ABI_FMT_ld, arg2, 0);
+print_raw_param(TARGET_ABI_FMT_ld, arg3, 1);
+#endif
+print_syscall_epilogue(name);
+}
+#endif
+
 #ifdef TARGET_NR_fchmodat
 static void
 print_fchmodat(const struct syscallname *name,
diff --git a/linux-user/strace.list b/linux-user/strace.list
index 633f43f490..10e3e4a814 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -182,7 +182,7 @@
 { TARGET_NR_fadvise64_64, "fadvise64_64" , NULL, NULL, NULL },
 #endif
 #ifdef TARGET_NR_fallocate
-{ TARGET_NR_fallocate, "fallocate" , NULL, NULL, NULL },
+{ TARGET_NR_fallocate, "fallocate" , NULL, print_fallocate, NULL },
 #endif
 #ifdef TARGET_NR_fanotify_init
 { TARGET_NR_fanotify_init, "fanotify_init" , NULL, NULL, NULL },
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 009bb67422..7cc5a65b4f 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6608,22 +6608,6 @@ void syscall_init(void)
 }
 }
 
-#if TARGET_ABI_BITS == 32
-static inline uint64_t target_offset64(uint32_t word0, uint32_t word1)
-{
-#ifdef TARGET_WORDS_BIGENDIAN
-return ((uint64_t)word0 << 32) | word1;
-#else
-return ((uint64_t)word1 << 32) | word0;
-#endif
-}

[PATCH v4 5/6] linux-user: Add strace support for printing arguments of chown()/lchown()

[Filip Bozuta]

From: Filip Bozuta 

This patch implements strace argument printing functionality for syscalls:

*chown, lchown - change ownership of a file

int chown(const char *pathname, uid_t owner, gid_t group)
int lchown(const char *pathname, uid_t owner, gid_t group)
man page: https://www.man7.org/linux/man-pages/man2/lchown.2.html

Implementation notes:

Both syscalls use strings as arguments and thus a separate
printing function was stated in "strace.list" for them.
Both syscalls share the same number and types of arguments
and thus share a same definition in file "syscall.c".
This defintion uses existing functions "print_string()" to
print the string argument and "print_raw_param()" to print
other two arguments that are of basic types.

Signed-off-by: Filip Bozuta 
Reviewed-by: Laurent Vivier 
---
 linux-user/strace.c| 15 +++
 linux-user/strace.list |  4 ++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index db561dc4c9..f44ab0ab84 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -1460,6 +1460,21 @@ print_chmod(const struct syscallname *name,
 }
 #endif
 
+#if defined(TARGET_NR_chown) || defined(TARGET_NR_lchown)
+static void
+print_chown(const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_prologue(name);
+print_string(arg0, 0);
+print_raw_param("%d", arg1, 0);
+print_raw_param("%d", arg2, 1);
+print_syscall_epilogue(name);
+}
+#define print_lchown print_chown
+#endif
+
 #ifdef TARGET_NR_clock_adjtime
 static void
 print_clock_adjtime(const struct syscallname *name,
diff --git a/linux-user/strace.list b/linux-user/strace.list
index 905a9c395c..633f43f490 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -71,7 +71,7 @@
 { TARGET_NR_chmod, "chmod" , NULL, print_chmod, NULL },
 #endif
 #ifdef TARGET_NR_chown
-{ TARGET_NR_chown, "chown" , NULL, NULL, NULL },
+{ TARGET_NR_chown, "chown" , NULL, print_chown, NULL },
 #endif
 #ifdef TARGET_NR_chown32
 { TARGET_NR_chown32, "chown32" , NULL, NULL, NULL },
@@ -475,7 +475,7 @@
 { TARGET_NR_kill, "kill", NULL, print_kill, NULL },
 #endif
 #ifdef TARGET_NR_lchown
-{ TARGET_NR_lchown, "lchown" , NULL, NULL, NULL },
+{ TARGET_NR_lchown, "lchown" , NULL, print_lchown, NULL },
 #endif
 #ifdef TARGET_NR_lchown32
 { TARGET_NR_lchown32, "lchown32" , NULL, NULL, NULL },
-- 
2.17.1

[PATCH v4 4/6] linux-user: Add strace support for printing arguments of lseek()

[Filip Bozuta]

From: Filip Bozuta 

This patch implements strace argument printing functionality for syscall:

*lseek - reposition read/write file offset

 off_t lseek(int fd, off_t offset, int whence)
 man page: https://www.man7.org/linux/man-pages/man2/lseek.2.html

Implementation notes:

The syscall's third argument "whence" has predefined values:
"SEEK_SET","SEEK_CUR","SEEK_END","SEEK_DATA","SEEK_HOLE"
and thus a separate printing function "print_lseek" was stated
in file "strace.list". This function is defined in "strace.c"
by using an existing function "print_raw_param()" to print
the first and second argument and a switch(case) statement
for the predefined values of the third argument.
Values "SEEK_DATA" and "SEEK_HOLE" are defined in kernel version 3.1.
That is the reason why case statements for these values are
enwrapped in #ifdef directive.

Signed-off-by: Filip Bozuta 
Reviewed-by: Laurent Vivier 
---
 linux-user/strace.c| 31 +++
 linux-user/strace.list |  2 +-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index f76bbbc1ff..db561dc4c9 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -1841,6 +1841,37 @@ print__llseek(const struct syscallname *name,
 }
 #endif
 
+#ifdef TARGET_NR_lseek
+static void
+print_lseek(const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_prologue(name);
+print_raw_param("%d", arg0, 0);
+print_raw_param(TARGET_ABI_FMT_ld, arg1, 0);
+switch (arg2) {
+case SEEK_SET:
+qemu_log("SEEK_SET"); break;
+case SEEK_CUR:
+qemu_log("SEEK_CUR"); break;
+case SEEK_END:
+qemu_log("SEEK_END"); break;
+#ifdef SEEK_DATA
+case SEEK_DATA:
+qemu_log("SEEK_DATA"); break;
+#endif
+#ifdef SEEK_HOLE
+case SEEK_HOLE:
+qemu_log("SEEK_HOLE"); break;
+#endif
+default:
+print_raw_param("%#x", arg2, 1);
+}
+print_syscall_epilogue(name);
+}
+#endif
+
 #if defined(TARGET_NR_socket)
 static void
 print_socket(const struct syscallname *name,
diff --git a/linux-user/strace.list b/linux-user/strace.list
index af12b23276..905a9c395c 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -516,7 +516,7 @@
 { TARGET_NR_lremovexattr, "lremovexattr" , NULL, print_lremovexattr, NULL },
 #endif
 #ifdef TARGET_NR_lseek
-{ TARGET_NR_lseek, "lseek" , NULL, NULL, NULL },
+{ TARGET_NR_lseek, "lseek" , NULL, print_lseek, NULL },
 #endif
 #ifdef TARGET_NR_lsetxattr
 { TARGET_NR_lsetxattr, "lsetxattr" , NULL, NULL, NULL },
-- 
2.17.1

[PATCH v4 1/6] linux-user: Extend strace support to enable argument printing after syscall execution

[Filip Bozuta]

From: Filip Bozuta 

Structure "struct syscallname" in file "strace.c" is used for "-strace"
to print arguments and return values of syscalls. The last field of
this structure "result" represents the calling function that prints the
return values. This field was extended in this patch so that this function
takes all syscalls arguments beside the return value. In this way, it 
enables
"-strace" to print arguments of syscalls that have changed after the syscall
execution. This extension will be useful as there are many syscalls that
return values inside their arguments (i.e. listxattr() that returns the list
of extended attributes inside the "list" argument).

Implementation notes:

Since there are already three existing "print_syscall_ret*" functions inside
"strace.c" ("print_syscall_ret_addr()", "print_syscall_ret_adjtimex()",
"print_syscall_ret_newselect()"), they were changed to have all syscall 
arguments
beside the return value. This was done so that these functions don't cause 
build
errors (even though syscall arguments are not used in these functions).
There is code repetition in these functions for checking the return value
and printing the approppriate error message (this code is also located in
print_syscall_ret() at the end of "strace.c"). That is the reason why a
function "syscall_print_err()" was added for this code and put inside these
functions.

Signed-off-by: Filip Bozuta 
---
 linux-user/qemu.h|  4 ++-
 linux-user/strace.c  | 67 ++--
 linux-user/syscall.c |  2 +-
 3 files changed, 43 insertions(+), 30 deletions(-)

diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index ce902f5132..8f938b8105 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -383,7 +383,9 @@ int host_to_target_waitstatus(int status);
 void print_syscall(int num,
abi_long arg1, abi_long arg2, abi_long arg3,
abi_long arg4, abi_long arg5, abi_long arg6);
-void print_syscall_ret(int num, abi_long arg1);
+void print_syscall_ret(int num, abi_long ret,
+   abi_long arg1, abi_long arg2, abi_long arg3,
+   abi_long arg4, abi_long arg5, abi_long arg6);
 /**
  * print_taken_signal:
  * @target_signum: target signal being taken
diff --git a/linux-user/strace.c b/linux-user/strace.c
index 0d9095c674..805fcb9fd1 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -19,7 +19,9 @@ struct syscallname {
 void (*call)(const struct syscallname *,
  abi_long, abi_long, abi_long,
  abi_long, abi_long, abi_long);
-void (*result)(const struct syscallname *, abi_long);
+void (*result)(const struct syscallname *, abi_long,
+   abi_long, abi_long, abi_long,
+   abi_long, abi_long, abi_long);
 };
 
 #ifdef __GNUC__
@@ -736,17 +738,29 @@ print_ipc(const struct syscallname *name,
  */
 
 static void
-print_syscall_ret_addr(const struct syscallname *name, abi_long ret)
+print_syscall_err(abi_long ret)
 {
 const char *errstr = NULL;
 
+qemu_log(" = ");
 if (ret < 0) {
+qemu_log("-1 errno=%d", errno);
 errstr = target_strerror(-ret);
+if (errstr) {
+qemu_log(" (%s)", errstr);
+}
 }
-if (errstr) {
-qemu_log(" = -1 errno=%d (%s)\n", (int)-ret, errstr);
-} else {
-qemu_log(" = 0x" TARGET_ABI_FMT_lx "\n", ret);
+}
+
+static void
+print_syscall_ret_addr(const struct syscallname *name, abi_long ret,
+   abi_long arg0, abi_long arg1, abi_long arg2,
+   abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_err(ret);
+
+if (ret >= 0) {
+qemu_log("0x" TARGET_ABI_FMT_lx "\n", ret);
 }
 }
 
@@ -760,7 +774,9 @@ print_syscall_ret_raw(struct syscallname *name, abi_long 
ret)
 
 #ifdef TARGET_NR__newselect
 static void
-print_syscall_ret_newselect(const struct syscallname *name, abi_long ret)
+print_syscall_ret_newselect(const struct syscallname *name, abi_long ret,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
 {
 qemu_log(" = 0x" TARGET_ABI_FMT_lx " (", ret);
 print_fdset(newselect_arg1,newselect_arg2);
@@ -783,18 +799,13 @@ print_syscall_ret_newselect(const struct syscallname 
*name, abi_long ret)
 #define TARGET_TIME_ERROR5   /* clock not synchronized */
 #ifdef TARGET_NR_adjtimex
 static void
-print_syscall_ret_adjtimex(const struct syscallname *name, abi_long ret)
+print_syscall_ret_adjtimex(const struct syscallname *name, abi_long ret,
+   abi_long arg0, abi_long arg1, abi_long arg2,
+   abi_long arg3, abi_long arg4, abi_long arg5)
 {
-const char *errstr = NULL;
+print_syscall_err(ret);
 
-qemu_log(" = ");
-if (ret < 0) {
-qemu_log("-1 

[PATCH v4 0/6] Add strace support for printing arguments of selected syscalls

[Filip Bozuta]

From: Filip Bozuta 

This series covers strace support for printing arguments of following syscalls:

*acct()   *lgetxattr()   *removexattr()   *lchown()
*fsync()  *fgetxattr()   *lremovexattr()  *fallocate()
*fdatasync()  *listxattr()   *fremovexattr()
*listen() *llistxattr()  *lseek()
*getxattr()   *flistxattr()  *chown()

The implementation details for strace support is described in this series patch
commit messages.

Testing method:

Mini test programs were written that run these syscalls for different 
arguments.
Those programs were compiled (sometimes using cross-compilers) for the 
following
architectures:

* Intel 64-bit (little endian) (gcc)
* Power pc 32-bit (big endian) (powerpc-linux-gnu-gcc)
* Power pc 64-bit (big endian) (powerpc64-linux-gnu-gcc)
* Mips 32-bit (little endian) (mipsel-linux-gnu-gcc)
* Mips 64-bit (little endian) (mips64el-linux-gnuabi64-gcc)

The corresponding native programs were executed with strace, without using
QEMU, on Intel Core i7-4790K (x86_64) host.

All applicable compiled programs were in turn executed with "-strace"
through QEMU and the strace printing results obtained were the same 
ones gotten for native execution.

v2:

* Added patch that extends strace support by enabling argument printing
  after syscall execution
* Added strace support for argument printing for syscalls:
  removexattr(), lremovexattr(), fremovexattr()
* Added "print_syscall_ret_listxattr()" that prints list of extended
  attributes after execution of syscalls: listxattr(), llistxattr(),
  flistxattr()
* Corrected formats in some printing functions
* Moved target_offset64() function definition from "syscall.c" to
  "qemu.h"

v3:

* Added generic function SYSCALL_RET_ERR() that checks the return value
  and prints the approppriate error message
* Added "print_syscall_ret_llistxattr" and "print_syscall_ret_flistxattr"
  in strace.list for "llistxattr()" and "flistxattr()" that have same
  definition as "print_syscall_ret_listxattr"

v4:

* Changed error printing from macro SYSCALL_RET_ERR() to function
  print_syscall_err()
* Changed while loop in print_syscall_ret_listxattr() to check printed
  bytes against size of the return value


Filip Bozuta (6):
  linux-user: Extend strace support to enable argument printing after
syscall execution
  linux-user: Add strace support for a group of syscalls
  linux-user: Add strace support for printing argument of syscalls used
for extended attributes
  linux-user: Add strace support for printing arguments of lseek()
  linux-user: Add strace support for printing arguments of
chown()/lchown()
  linux-user: Add strace support for printing arguments of fallocate()

 linux-user/qemu.h  |  20 ++-
 linux-user/strace.c| 286 +
 linux-user/strace.list |  37 +++---
 linux-user/syscall.c   |  18 +--
 4 files changed, 298 insertions(+), 63 deletions(-)

-- 
2.17.1

[PATCH v4 2/6] linux-user: Add strace support for a group of syscalls

[Filip Bozuta]

From: Filip Bozuta 

This patch implements strace argument printing functionality for following 
syscalls:

*acct - switch process accounting on or off

int acct(const char *filename)
man page: https://www.man7.org/linux/man-pages/man2/acct.2.html

*fsync, fdatasync - synchronize a file's in-core state with storage device

int fsync(int fd)
int fdatasync(int fd)
man page: https://www.man7.org/linux/man-pages/man2/fsync.2.html

*listen - listen for connections on a socket

int listen(int sockfd, int backlog)
man page: https://www.man7.org/linux/man-pages/man2/listen.2.html

Implementation notes:

Syscall acct() takes string as its only argument and thus a separate
print function "print_acct" is stated in file "strace.list". This
function is defined and implemented in "strace.c" by using an
existing function used to print string arguments: "print_string()".
All the other syscalls have only primitive argument types, so the
rest of the implementation was handled by stating an appropriate
printing format in file "strace.list".

Signed-off-by: Filip Bozuta 
Reviewed-by: Laurent Vivier 
---
 linux-user/strace.c| 13 -
 linux-user/strace.list |  8 
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index 805fcb9fd1..6d7accaa4c 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -1364,6 +1364,18 @@ print_access(const struct syscallname *name,
 }
 #endif
 
+#ifdef TARGET_NR_acct
+static void
+print_acct(const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_prologue(name);
+print_string(arg0, 1);
+print_syscall_epilogue(name);
+}
+#endif
+
 #ifdef TARGET_NR_brk
 static void
 print_brk(const struct syscallname *name,
@@ -1628,7 +1640,6 @@ print_fcntl(const struct syscallname *name,
 #define print_fcntl64   print_fcntl
 #endif
 
-
 #ifdef TARGET_NR_futimesat
 static void
 print_futimesat(const struct syscallname *name,
diff --git a/linux-user/strace.list b/linux-user/strace.list
index d49a1e92a8..fb9799e7e6 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -13,7 +13,7 @@
 { TARGET_NR_access, "access" , NULL, print_access, NULL },
 #endif
 #ifdef TARGET_NR_acct
-{ TARGET_NR_acct, "acct" , NULL, NULL, NULL },
+{ TARGET_NR_acct, "acct" , NULL, print_acct, NULL },
 #endif
 #ifdef TARGET_NR_add_key
 { TARGET_NR_add_key, "add_key" , NULL, NULL, NULL },
@@ -215,7 +215,7 @@
 { TARGET_NR_fcntl64, "fcntl64" , NULL, print_fcntl64, NULL },
 #endif
 #ifdef TARGET_NR_fdatasync
-{ TARGET_NR_fdatasync, "fdatasync" , NULL, NULL, NULL },
+{ TARGET_NR_fdatasync, "fdatasync" , "%s(%d)", NULL, NULL },
 #endif
 #ifdef TARGET_NR_fgetxattr
 { TARGET_NR_fgetxattr, "fgetxattr" , NULL, NULL, NULL },
@@ -251,7 +251,7 @@
 { TARGET_NR_fstatfs64, "fstatfs64" , "%s(%d,%p)", NULL, NULL },
 #endif
 #ifdef TARGET_NR_fsync
-{ TARGET_NR_fsync, "fsync" , NULL, NULL, NULL },
+{ TARGET_NR_fsync, "fsync" , "%s(%d)", NULL, NULL },
 #endif
 #ifdef TARGET_NR_ftime
 { TARGET_NR_ftime, "ftime" , NULL, NULL, NULL },
@@ -492,7 +492,7 @@
 { TARGET_NR_Linux, "Linux" , NULL, NULL, NULL },
 #endif
 #ifdef TARGET_NR_listen
-{ TARGET_NR_listen, "listen" , NULL, NULL, NULL },
+{ TARGET_NR_listen, "listen" , "%s(%d,%d)", NULL, NULL },
 #endif
 #ifdef TARGET_NR_listxattr
 { TARGET_NR_listxattr, "listxattr" , NULL, NULL, NULL },
-- 
2.17.1

[PATCH v4 3/6] linux-user: Add strace support for printing argument of syscalls used for extended attributes

[Filip Bozuta]

From: Filip Bozuta 

This patch implements strace argument printing functionality for following 
syscalls:

*getxattr, lgetxattr, fgetxattr - retrieve an extended attribute value

ssize_t getxattr(const char *path, const char *name, void *value, 
size_t size)
ssize_t lgetxattr(const char *path, const char *name, void *value, 
size_t size)
ssize_t fgetxattr(int fd, const char *name, void *value, size_t size)
man page: https://www.man7.org/linux/man-pages/man2/getxattr.2.html

*listxattr, llistxattr, flistxattr - list extended attribute names

ssize_t listxattr(const char *path, char *list, size_t size)
ssize_t llistxattr(const char *path, char *list, size_t size)
ssize_t flistxattr(int fd, char *list, size_t size)
man page: https://www.man7.org/linux/man-pages/man2/listxattr.2.html

*removexattr, lremovexattr, fremovexattr - remove an extended attribute

 int removexattr(const char *path, const char *name)
 int lremovexattr(const char *path, const char *name)
 int fremovexattr(int fd, const char *name)
 man page: https://www.man7.org/linux/man-pages/man2/removexattr.2.html

Implementation notes:

All of the syscalls have strings as argument types and thus a separate
printing function was stated in file "strace.list" for every one of them.
All of these printing functions were defined in "strace.c" using existing
printing functions for appropriate argument types:
   "print_string()" - for (const char*) type
   "print_pointer()" - for (char*) and (void *) type
   "print_raw_param()" for (int) and (size_t) type
Syscalls "getxattr()" and "lgetxattr()" have the same number and type of
arguments and thus their print functions ("print_getxattr", 
"print_lgetxattr")
share a same definition. The same statement applies to syscalls 
"listxattr()"
and "llistxattr()".
Function "print_syscall_ret_listxattr()" was added to print the returned 
list
of extended attributes for syscalls "print_listxattr(), print_llistxattr() 
and
print_flistxattr()".

Signed-off-by: Filip Bozuta 
---
 linux-user/strace.c| 122 +
 linux-user/strace.list |  21 ---
 2 files changed, 134 insertions(+), 9 deletions(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index 6d7accaa4c..f76bbbc1ff 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -833,6 +833,41 @@ print_syscall_ret_adjtimex(const struct syscallname *name, 
abi_long ret,
 }
 #endif
 
+#if defined(TARGET_NR_listxattr) || defined(TARGET_NR_llistxattr) \
+ || defined(TARGGET_NR_flistxattr)
+static void
+print_syscall_ret_listxattr(const struct syscallname *name, abi_long ret,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_err(ret);
+
+if (ret >= 0) {
+qemu_log(TARGET_ABI_FMT_ld, ret);
+qemu_log(" (list = ");
+if (arg1 != 0) {
+abi_long bts_printed = 0;
+abi_long attr = arg1;
+while (bts_printed < ret) {
+if (attr != arg1) {
+qemu_log(",");
+}
+print_string(attr, 1);
+bts_printed += target_strlen(attr) + 1;
+attr += target_strlen(attr) + 1;
+}
+} else {
+qemu_log("NULL");
+}
+qemu_log(")");
+}
+
+qemu_log("\n");
+}
+#define print_syscall_ret_llistxattr print_syscall_ret_listxattr
+#define print_syscall_ret_flistxattr print_syscall_ret_listxattr
+#endif
+
 UNUSED static struct flags access_flags[] = {
 FLAG_GENERIC(F_OK),
 FLAG_GENERIC(R_OK),
@@ -1640,6 +1675,93 @@ print_fcntl(const struct syscallname *name,
 #define print_fcntl64   print_fcntl
 #endif
 
+#ifdef TARGET_NR_fgetxattr
+static void
+print_fgetxattr(const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_prologue(name);
+print_raw_param("%d", arg0, 0);
+print_string(arg1, 0);
+print_pointer(arg2, 0);
+print_raw_param(TARGET_FMT_lu, arg3, 1);
+print_syscall_epilogue(name);
+}
+#endif
+
+#ifdef TARGET_NR_flistxattr
+static void
+print_flistxattr(const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_prologue(name);
+print_raw_param("%d", arg0, 0);
+print_pointer(arg1, 0);
+print_raw_param(TARGET_FMT_lu, arg2, 1);
+print_syscall_epilogue(name);
+}
+#endif
+
+#if defined(TARGET_NR_getxattr) || defined(TARGET_NR_lgetxattr)
+static void
+print_getxattr(const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_prologue(name);
+

[PATCH v2 0/2] target/mips: Add two groups of loongson-ext instructions

[Aleksandar Markovic]

уторак, 16. јун 2020., Jiaxun Yang  је написао/ла:

> This is the sucessor of:
> "Basic TCG Loongson-3A1000 Support"
>
> Thanks!
>
>
Hi, Jiaxun.

Thanks for providing updated version of the series.

I wonder, given so many "#if defined(TARGET_MIPS64)" lines in this series,
what would be the 32-bit processors that support Loongson EXT ASE?

Thanks,
Aleksandar



> Jiaxun Yang (2):
>   target/mips: Add loongson-ext lsdc2 group of instructions
>   target/mips: Add loongson-ext lswc2 group of instrustions
>
>
Also, a spelling mistake in the second title.


>  target/mips/translate.c | 437 
>  1 file changed, 437 insertions(+)
>
> --
> 2.27.0.rc2
>
>

Re: [PATCH 6/7] hw/arm/mps2: Map the FPGA I/O block

[Philippe Mathieu-Daudé]

On 6/16/20 12:26 PM, Peter Maydell wrote:
> On Tue, 16 Jun 2020 at 07:32, Philippe Mathieu-Daudé  wrote:
>>
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
> 
>> @@ -337,6 +339,11 @@ static void mps2_common_init(MachineState *machine)
>>
>>  sysbus_create_simple("versatile_i2c", i2cbase[i], NULL);
>>  }
>> +sysbus_init_child_obj(OBJECT(mms), "fpgaio", >fpgaio,
>> +  sizeof(mms->fpgaio), TYPE_MPS2_FPGAIO);
>> +object_property_set_bool(OBJECT(>fpgaio), true, "realized",
>> + _fatal);
>> +sysbus_mmio_map(SYS_BUS_DEVICE(>fpgaio), 0, 0x40028000);
> 
> AN385 TRM isn't entirely clear but I suspect that you need to set
> the FPGAIO's prescale-clk property because the default of 20MHz
> isn't what the AN385 runs at. The FPGAIO model's default is written
> to match the AN505, which is 20MHz, but AN385 and AN511 are both
> 25MHz:
> https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/mps2

Ah I only checked for the I/O register. I'll check the clocks.

> 
> thanks
> -- PMM
> 

Re: [PATCH 3/7] hw/arm/mps2: Add CMSDK APB watchdog as unimplemented device

[Philippe Mathieu-Daudé]

On 6/16/20 12:17 PM, Peter Maydell wrote:
> On Tue, 16 Jun 2020 at 07:32, Philippe Mathieu-Daudé  wrote:
>>
>> Register the watchdog peripheral as unimplemented to better
>> follow its accesses, for example booting Zephyr:
> 
> We have a TYPE_CMSDK_APB_WATCHDOG device; so we could use
> that, I think ?

Oh I missed it, excellent! Thanks :)

> 
> thanks
> -- PMM
> 

Re: [PATCH 00/22] ADB: fix autopoll issues and rework mac_via state machine

[Finn Thain]

Tested-by: Finn Thain 

Thanks for all your work on this.

I've just noticed a discrepancy between the traces from an ADB bus scan on 
Laurent's Apple Quadra and an ADB bus scan on your patched QEMU machine.

Apple Q800:

[C1f][s   ][Rff-][Rff ][rff-]
[C2f][s   ][R61 ][R05 ][r00-]
[C3f][s   ][R79 ][R01 ][r00-]
[C4f][s   ][Rff-][Rff ][rff-]
[C5f][s   ][Rff-][Rff ][rff-]
[C6f][s   ][Rff-][Rff ][rff-]
[C7f][s   ][Rff-][Rff ][rff-]
[C8f][s   ][Rff-][Rff ][rff-]
[C9f][s   ][Rff-][Rff ][rff-]
[Caf][s   ][Rff-][Rff ][rff-]
[Cbf][s   ][Rff-][Rff ][rff-]
[Ccf][s   ][Rff-][Rff ][rff-]
[Cdf][s   ][Rff-][Rff ][rff-]
[Cef][s   ][Rff-][Rff ][rff-]
[Cff][s   ][Rff-][Rff ][rff-]

QEMU Q800:

[C1f][s   ][Rff-][Rff ][rff-]
[C2f][s   ][R02 ][R01 ][r00-]
[C3f][s   ][R03 ][R02 ][r00-]
[C4f][s   ][R03-][R02 ][rff-]
[C5f][s   ][R03-][R02 ][rff-]
[C6f][s   ][R03-][R02 ][rff-]
[C7f][s   ][R03-][R02 ][rff-]
[C8f][s   ][R03-][R02 ][rff-]
[C9f][s   ][R03-][R02 ][rff-]
[Caf][s   ][R03-][R02 ][rff-]
[Cbf][s   ][R03-][R02 ][rff-]
[Ccf][s   ][R03-][R02 ][rff-]
[Cdf][s   ][R03-][R02 ][rff-]
[Cef][s   ][R03-][R02 ][rff-]
[Cff][s   ][R03-][R02 ][rff-]

I think this could be easy to fix; it's probably just an uninitialized 
packet buffer. When you come to submit v2, you may want to look into this.

Re: [PATCH 7/7] hw/misc/mps2-fpgaio: Implement push-buttons

[Peter Maydell]

On Tue, 16 Jun 2020 at 07:32, Philippe Mathieu-Daudé  wrote:
>
> The FPGA system control block has 2 push-buttons labelled PB0/PB1.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---

> @@ -249,6 +258,8 @@ static void mps2_fpgaio_init(Object *obj)
>  memory_region_init_io(>iomem, obj, _fpgaio_ops, s,
>"mps2-fpgaio", 0x1000);
>  sysbus_init_mmio(sbd, >iomem);
> +
> +qdev_init_gpio_in_named(DEVICE(s), mps2_fpgaio_push_button, "PB", 2);
>  }

This change seems kind of pointless unless these GPIO lines are
actually wired up to something.

thanks
-- PMM