Re: [PATCH] hw/block/fdc: do not set SEEK status bit in multi track commands

2024-01-01 Thread Hervé Poussineau 

Ping.

Le 12/08/2023 à 10:59, Hervé Poussineau a écrit :

I don't understand when SEEK must be set or not, but it seems to fix Minix...

Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1522
Signed-off-by: Hervé Poussineau 
---
  hw/block/fdc.c | 1 -
  1 file changed, 1 deletion(-)

diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index d7cc4d3ec19..f627bbaf951 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -1404,7 +1404,6 @@ static int fdctrl_seek_to_next_sect(FDCtrl *fdctrl, 
FDrive *cur_drv)
  } else {
  new_head = 0;
  new_track++;
-fdctrl->status0 |= FD_SR0_SEEK;
  if ((cur_drv->flags & FDISK_DBL_SIDES) == 0) {
  ret = 0;
  }

[PATCH] hw/block/fdc: do not set SEEK status bit in multi track commands

2023-08-12 Thread Hervé Poussineau 
I don't understand when SEEK must be set or not, but it seems to fix Minix...

Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1522
Signed-off-by: Hervé Poussineau 
---
 hw/block/fdc.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index d7cc4d3ec19..f627bbaf951 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -1404,7 +1404,6 @@ static int fdctrl_seek_to_next_sect(FDCtrl *fdctrl, 
FDrive *cur_drv)
 } else {
 new_head = 0;
 new_track++;
-fdctrl->status0 |= FD_SR0_SEEK;
 if ((cur_drv->flags & FDISK_DBL_SIDES) == 0) {
 ret = 0;
 }
-- 
2.40.1

Re: [PATCH] hw/dma/rc4030: Move RC4030 declarations to its own 'rc4030.h' header

2023-01-05 Thread Hervé Poussineau 

Le 05/01/2023 à 14:10, Philippe Mathieu-Daudé a écrit :

RC4030 declarations are not MIPS specific, no need to
have them in all MIPS boards.

Signed-off-by: Philippe Mathieu-Daudé 
---
Based-on: <20230105130710.49264-1-phi...@linaro.org>
   "hw/pci-host/bonito: Housekeeping"
---
  hw/dma/rc4030.c |  2 +-
  hw/mips/jazz.c  |  1 +
  include/hw/dma/rc4030.h | 21 +
  include/hw/mips/mips.h  |  9 -
  4 files changed, 23 insertions(+), 10 deletions(-)
  create mode 100644 include/hw/dma/rc4030.h


Acked-by: Hervé Poussineau 



diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
index aa1d323a36..6dbf6652ab 100644
--- a/hw/dma/rc4030.c
+++ b/hw/dma/rc4030.c
@@ -25,7 +25,7 @@
  #include "qemu/osdep.h"
  #include "qemu/units.h"
  #include "hw/irq.h"
-#include "hw/mips/mips.h"
+#include "hw/dma/rc4030.h"
  #include "hw/sysbus.h"
  #include "migration/vmstate.h"
  #include "qapi/error.h"
diff --git a/hw/mips/jazz.c b/hw/mips/jazz.c
index 6aefe9a61b..03882b5275 100644
--- a/hw/mips/jazz.c
+++ b/hw/mips/jazz.c
@@ -29,6 +29,7 @@
  #include "hw/mips/cpudevs.h"
  #include "hw/intc/i8259.h"
  #include "hw/dma/i8257.h"
+#include "hw/dma/rc4030.h"
  #include "hw/char/serial.h"
  #include "hw/char/parallel.h"
  #include "hw/isa/isa.h"
diff --git a/include/hw/dma/rc4030.h b/include/hw/dma/rc4030.h
new file mode 100644
index 00..e58f94576e
--- /dev/null
+++ b/include/hw/dma/rc4030.h
@@ -0,0 +1,21 @@
+/*
+ * QEMU JAZZ RC4030 chipset
+ *
+ * Copyright (c) 2007-2013 Hervé Poussineau
+ *
+ * SPDX-License-Identifier: MIT
+ */
+
+#ifndef HW_DMA_RC4030_H
+#define HW_DMA_RC4030_H
+
+#include "exec/memory.h"
+
+/* rc4030.c */
+typedef struct rc4030DMAState *rc4030_dma;
+void rc4030_dma_read(void *dma, uint8_t *buf, int len);
+void rc4030_dma_write(void *dma, uint8_t *buf, int len);
+
+DeviceState *rc4030_init(rc4030_dma **dmas, IOMMUMemoryRegion **dma_mr);
+
+#endif
diff --git a/include/hw/mips/mips.h b/include/hw/mips/mips.h
index 4d2db99952..34dd583500 100644
--- a/include/hw/mips/mips.h
+++ b/include/hw/mips/mips.h
@@ -7,13 +7,4 @@
  /* Kernels can be configured with 64KB pages */
  #define INITRD_PAGE_SIZE (64 * KiB)
  
-#include "exec/memory.h"

-
-/* rc4030.c */
-typedef struct rc4030DMAState *rc4030_dma;
-void rc4030_dma_read(void *dma, uint8_t *buf, int len);
-void rc4030_dma_write(void *dma, uint8_t *buf, int len);
-
-DeviceState *rc4030_init(rc4030_dma **dmas, IOMMUMemoryRegion **dma_mr);
-
  #endif

[PATCH v2 2/2] vvfat: allow spaces in file names

2022-10-10 Thread Hervé Poussineau 
In R/W mode, files with spaces were never created on host side.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1176
Fixes: c79e243ed67683d6d06692bd7040f7394da178b0
Signed-off-by: Hervé Poussineau 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Kevin Wolf 
---
 block/vvfat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/vvfat.c b/block/vvfat.c
index ae53f0d7283..392eab5168b 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -499,7 +499,7 @@ static bool valid_filename(const unsigned char *name)
   (c >= 'A' && c <= 'Z') ||
   (c >= 'a' && c <= 'z') ||
   c > 127 ||
-  strchr("$%'-_@~`!(){}^#&.+,;=[]", c) != NULL))
+  strchr(" $%'-_@~`!(){}^#&.+,;=[]", c) != NULL))
 {
 return false;
 }
-- 
2.36.2

[PATCH v2 0/2] Fix some problems with vvfat in R/W mode

2022-10-10 Thread Hervé Poussineau 
Hi,

When testing vvfat in read-write mode, I came across some blocking
problems when using Windows guests.
This patchset is not here to fix all problems of vvfat, but only the
main ones I encountered.

First patch allows setting/resetting the 'volume dirty' flag on
boosector, and the second one allows creating file names with spaces.

Hervé

Changes since v1:
- updated patch 1 with remarks (modify in-memory copy, add comment about
  FAT32)

Hervé Poussineau (2):
  vvfat: allow some writes to bootsector
  vvfat: allow spaces in file names

 block/vvfat.c | 28 ++--
 1 file changed, 26 insertions(+), 2 deletions(-)

-- 
2.36.2

[PATCH v2 1/2] vvfat: allow some writes to bootsector

2022-10-10 Thread Hervé Poussineau 
'reserved1' field in bootsector is used to mark volume dirty, or need to verify.
Allow writes to bootsector which only changes the 'reserved1' field.

This fixes I/O errors on Windows guests.

Resolves: https://bugs.launchpad.net/qemu/+bug/1889421
Signed-off-by: Hervé Poussineau 
---
 block/vvfat.c | 26 +-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/block/vvfat.c b/block/vvfat.c
index d6dd919683d..ae53f0d7283 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -2993,11 +2993,35 @@ DLOG(checkpoint());
 
 vvfat_close_current_file(s);
 
+if (sector_num == s->offset_to_bootsector && nb_sectors == 1) {
+/*
+ * Write on bootsector. Allow only changing the reserved1 field,
+ * used to mark volume dirtiness
+ */
+unsigned char *bootsector = s->first_sectors
++ s->offset_to_bootsector * 0x200;
+/*
+ * LATER TODO: if FAT32, this is wrong (see init_directories(),
+ * which always creates a FAT16 bootsector)
+ */
+const int reserved1_offset = offsetof(bootsector_t, u.fat16.reserved1);
+
+for (i = 0; i < 0x200; i++) {
+if (i != reserved1_offset && bootsector[i] != buf[i]) {
+fprintf(stderr, "Tried to write to protected bootsector\n");
+return -1;
+}
+}
+
+/* Update bootsector with the only updatable byte, and return success 
*/
+bootsector[reserved1_offset] = buf[reserved1_offset];
+return 0;
+}
+
 /*
  * Some sanity checks:
  * - do not allow writing to the boot sector
  */
-
 if (sector_num < s->offset_to_fat)
 return -1;
 
-- 
2.36.2

Re: [PATCH 1/2] vvfat: allow some writes to bootsector

2022-09-29 Thread Hervé Poussineau 

Le 29/09/2022 à 16:10, Kevin Wolf a écrit :

Am 03.09.2022 um 18:23 hat Hervé Poussineau geschrieben:

'reserved1' field in bootsector is used to mark volume dirty, or need to verify.
Allow writes to bootsector which only changes the 'reserved1' field.

This fixes I/O errors on Windows guests.

Resolves: https://bugs.launchpad.net/qemu/+bug/1889421
Signed-off-by: Hervé Poussineau 
---
  block/vvfat.c | 18 +-
  1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/block/vvfat.c b/block/vvfat.c
index d6dd919683d..35057a51c67 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -2993,11 +2993,27 @@ DLOG(checkpoint());
  
  vvfat_close_current_file(s);
  
+if (sector_num == s->offset_to_bootsector && nb_sectors == 1) {

+/*
+ * Write on bootsector. Allow only changing the reserved1 field,
+ * used to mark volume dirtiness
+ */
+const unsigned char *initial = s->first_sectors
+   + s->offset_to_bootsector * 0x200;
+for (i = 0; i < 0x200; i++) {
+if (i != offsetof(bootsector_t, u.fat16.reserved1) &&


I think you need to check the FAT version (s->fat_type) before accessing
u.fat16. For FAT32, the "reserved" field is at a different offset (but
seems to have the same meaning).


I didn't do this, because only fat16 part of bootsector is ever used.
In init_directories(), only fat16 part is initialized, with the comment:
/* LATER TODO: if FAT32, this is wrong */
I wanted to be consistent between init_directories() and the check.




+initial[i] != buf[i]) {
+fprintf(stderr, "Tried to write to protected bootsector\n");
+return -1;
+}
+}
+return 0;
+}


Should we update s->first_sectors with the new value so that the guest
would actually read back what it wrote instead of having the change
disappear magically?


Windows guests don't seem to care if the written value disappears. They only 
want the write to succeed.




  /*
   * Some sanity checks:
   * - do not allow writing to the boot sector
   */
-
  if (sector_num < s->offset_to_fat)
  return -1;


Kevin

[PATCH 2/2] vvfat: allow spaces in file names

2022-09-03 Thread Hervé Poussineau 
In R/W mode, files with spaces were never created on host side.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1176
Fixes: c79e243ed67683d6d06692bd7040f7394da178b0
Signed-off-by: Hervé Poussineau 
---
 block/vvfat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/vvfat.c b/block/vvfat.c
index 35057a51c67..9d877028573 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -499,7 +499,7 @@ static bool valid_filename(const unsigned char *name)
   (c >= 'A' && c <= 'Z') ||
   (c >= 'a' && c <= 'z') ||
   c > 127 ||
-  strchr("$%'-_@~`!(){}^#&.+,;=[]", c) != NULL))
+  strchr(" $%'-_@~`!(){}^#&.+,;=[]", c) != NULL))
 {
 return false;
 }
-- 
2.36.2

[PATCH 0/2] Fix some problems with vvfat in R/W mode

2022-09-03 Thread Hervé Poussineau 
Hi,

When testing vvfat in read-write mode, I came across some blocking
problems when using Windows guests.
This patchset is not here to fix all problems of vvfat, but only the
main ones I encountered.

First patch allows setting/resetting the 'volume dirty' flag on
boosector, and the second one allows creating file names with spaces.

Hervé

Hervé Poussineau (2):
  vvfat: allow some writes to bootsector
  vvfat: allow spaces in file names

 block/vvfat.c | 20 ++--
 1 file changed, 18 insertions(+), 2 deletions(-)

-- 
2.36.2

[PATCH 1/2] vvfat: allow some writes to bootsector

2022-09-03 Thread Hervé Poussineau 
'reserved1' field in bootsector is used to mark volume dirty, or need to verify.
Allow writes to bootsector which only changes the 'reserved1' field.

This fixes I/O errors on Windows guests.

Resolves: https://bugs.launchpad.net/qemu/+bug/1889421
Signed-off-by: Hervé Poussineau 
---
 block/vvfat.c | 18 +-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/block/vvfat.c b/block/vvfat.c
index d6dd919683d..35057a51c67 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -2993,11 +2993,27 @@ DLOG(checkpoint());
 
 vvfat_close_current_file(s);
 
+if (sector_num == s->offset_to_bootsector && nb_sectors == 1) {
+/*
+ * Write on bootsector. Allow only changing the reserved1 field,
+ * used to mark volume dirtiness
+ */
+const unsigned char *initial = s->first_sectors
+   + s->offset_to_bootsector * 0x200;
+for (i = 0; i < 0x200; i++) {
+if (i != offsetof(bootsector_t, u.fat16.reserved1) &&
+initial[i] != buf[i]) {
+fprintf(stderr, "Tried to write to protected bootsector\n");
+return -1;
+}
+}
+return 0;
+}
+
 /*
  * Some sanity checks:
  * - do not allow writing to the boot sector
  */
-
 if (sector_num < s->offset_to_fat)
 return -1;
 
-- 
2.36.2

Re: [PATCH 29/50] pckbd: more vmstate_register() from i8042_mm_init() to i8042_mmio_realize()

2022-05-23 Thread Hervé Poussineau 

Hello,

If you want, you can break migration compatibility. I don't see it as a problem.

Hervé

Le 22/05/2022 à 20:18, Mark Cave-Ayland a écrit :

Note in this case it is not possible to register a (new) VMStateDescription in
the DeviceClass without breaking migration compatibility for the MIPS magnum
machine.

Signed-off-by: Mark Cave-Ayland 
---
  hw/input/pckbd.c | 5 +++--
  1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
index eb77ad193e..7f3578aa4d 100644
--- a/hw/input/pckbd.c
+++ b/hw/input/pckbd.c
@@ -681,6 +681,9 @@ static void i8042_mmio_realize(DeviceState *dev, Error 
**errp)
  
  memory_region_init_io(>region, OBJECT(dev), _mmio_ops, ks,

"i8042", s->size);
+
+/* Note we can't use dc->vmsd without breaking migration compatibility */
+vmstate_register(NULL, 0, _kbd, ks);
  }
  
  static void i8042_mmio_init(Object *obj)

@@ -721,8 +724,6 @@ MMIOKBDState *i8042_mm_init(qemu_irq kbd_irq, qemu_irq 
mouse_irq,
  s->irq_kbd = kbd_irq;
  s->irq_mouse = mouse_irq;
  
-vmstate_register(NULL, 0, _kbd, s);

-
  s->kbd = ps2_kbd_init(kbd_update_kbd_irq, s);
  s->mouse = ps2_mouse_init(kbd_update_aux_irq, s);

Re: [PATCH v4 0/9] hw/block/fdc: Allow Kconfig-selecting ISA bus/SysBus floppy controllers

2021-05-22 Thread Hervé Poussineau 

Le 18/05/2021 à 09:14, Philippe Mathieu-Daudé a écrit :

Cc'ing Hervé, Aleksandar, Markus & Mark.

On 5/17/21 11:11 PM, John Snow wrote:

On 5/17/21 4:50 PM, Philippe Mathieu-Daudé wrote:

On 5/17/21 9:19 PM, John Snow wrote:

On 5/17/21 2:39 PM, Philippe Mathieu-Daudé wrote:



The floppy disc controllers pulls in irrelevant devices (sysbus in
an ISA-only machine, ISA bus + isa devices on a sysbus-only machine).

This series clean that by extracting each device in its own file,
adding the corresponding Kconfig symbols: FDC_ISA and FDC_SYSBUS.



Not good enough:



Yup, I see. Dropping it from the queue for now. Thanks!


The Jazz machines use the sysbus FDC model, but register a DMA channel.

The DMA transfer is done using:

 if (fdctrl->dma_chann != -1 && !(fdctrl->msr & FD_MSR_NONDMA)) {
 IsaDmaClass *k = ISADMA_GET_CLASS(fdctrl->dma);
 k->release_DREQ(fdctrl->dma, fdctrl->dma_chann);
 }

The IsaDmaTransferHandler is ISA specific...

I suppose the Jazz machines should use the ISA FDC model.

>
> Hervé, Aleksandar, do you know?

The Jazz machine uses the standard floppy controller (i82077)
FDC registers are accessible at memory-mapped address 0x80003000-0x80003007
FDC interrupt is using custom Jazz interrupt controller, with interrupt #1.
FDC DMA is using custom Jazz DMA channel controller, with channel #1.

You can find in jazz.c the following code:
/* FIXME: we should enable DMA with a custom IsaDma device */
fdctrl_init_sysbus(qdev_get_gpio_in(rc4030, 1), -1, 0x80003000, fds);

I had in the idea to wrap the custom Jazz interrupt controller in a IsaDma 
structure,
to use it with floppy controller, but I never took the time to do it + test it.

So, floppy drive never worked for me, neither with Windows NT 4, nor with Linux 
kernels.
You can do what you feel the best, as long as you keep the possibility to use 
the floppy
model with something else than a i8259 DMA controller.

Regards,

Hervé

Re: [PATCH] floppy: remove unused function fdctrl_format_sector

2021-03-13 Thread Hervé Poussineau 

Le 12/03/2021 à 07:45, John Snow a écrit :

On 1/8/21 6:01 PM, Alexander Bulekov wrote:

fdctrl_format_sector was added in
baca51faff ("updated floppy driver: formatting code, disk geometry auto detect 
(Jocelyn Mayer)")

The single callsite is guarded by a check:
fdctrl->data_state & FD_STATE_FORMAT

However, the only place where the FD_STATE_FORMAT flag is set (in
fdctrl_handle_format_track) is closely followed by the same flag being
unset, with no possibility to call fdctrl_format_sector in between.



Hm, was this code *ever* used? It's hard to tell when we go back into the old 
SVN history.

Does this mean that fdctrl_handle_format_track is also basically an incomplete 
stub method?

I'm in favor of deleting bitrotted code, but I wonder if we should take a 
bigger bite.

--js


The fdctrl_format_sector has been added in SVN revision 671 
(baca51faff03df59386c95d9478ede18b5be5ec8), along with 
FD_STATE_FORMAT/FD_FORMAT_CMD.
As with current code, the only place where the FD_STATE_FORMAT flag was set (in fdctrl_handle_format_track) is closely followed by the same flag being unset, with no possibility to call 
fdctrl_format_sector in between.


I can however see the following comment:
   /* Bochs BIOS is buggy and don't send format informations
* for each sector. So, pretend all's done right now...
*/
   fdctrl->data_state &= ~FD_STATE_FORMAT;

which was changed in SVN revision 2295 
(b92090309e5ff7154e4c131438ee2d540e233955) to:
   /* TODO: implement format using DMA expected by the Bochs BIOS
* and Linux fdformat (read 3 bytes per sector via DMA and fill
* the sector with the specified fill byte
*/

This probably means that code may have worked without DMA (to be confirmed), 
but was disabled since its introduction due to a problem with Bochs BIOS.
Later, fdformat was also tested and not working.

Since then, lots of work has also been done in DMA handling. I especially think 
at bb8f32c0318cb6c6e13e09ec0f35e21eff246413, which fixed a similar problem with 
floppy drives on IBM 40p machine.
What happens when this flag unsetting is removed? Does fdformat now works?

I think that we should either fix the code, or remove more code (everything 
related to fdctrl_format_sector, FD_STATE_FORMAT, FD_FORMAT_CMD, maybe even 
fdctrl_handle_format_track).

Regards,

Hervé




This removes fdctrl_format_sector and the unncessary setting/unsetting
of the FD_STATE_FORMAT flag.

Signed-off-by: Alexander Bulekov 
---
  hw/block/fdc.c | 68 --
  1 file changed, 68 deletions(-)

diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index 3636874432..837dd819ea 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -1952,67 +1952,6 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
  return retval;
  }
-static void fdctrl_format_sector(FDCtrl *fdctrl)
-{
-    FDrive *cur_drv;
-    uint8_t kh, kt, ks;
-
-    SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
-    cur_drv = get_cur_drv(fdctrl);
-    kt = fdctrl->fifo[6];
-    kh = fdctrl->fifo[7];
-    ks = fdctrl->fifo[8];
-    FLOPPY_DPRINTF("format sector at %d %d %02x %02x (%d)\n",
-   GET_CUR_DRV(fdctrl), kh, kt, ks,
-   fd_sector_calc(kh, kt, ks, cur_drv->last_sect,
-  NUM_SIDES(cur_drv)));
-    switch (fd_seek(cur_drv, kh, kt, ks, fdctrl->config & FD_CONFIG_EIS)) {
-    case 2:
-    /* sect too big */
-    fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
-    fdctrl->fifo[3] = kt;
-    fdctrl->fifo[4] = kh;
-    fdctrl->fifo[5] = ks;
-    return;
-    case 3:
-    /* track too big */
-    fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_EC, 0x00);
-    fdctrl->fifo[3] = kt;
-    fdctrl->fifo[4] = kh;
-    fdctrl->fifo[5] = ks;
-    return;
-    case 4:
-    /* No seek enabled */
-    fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
-    fdctrl->fifo[3] = kt;
-    fdctrl->fifo[4] = kh;
-    fdctrl->fifo[5] = ks;
-    return;
-    case 1:
-    fdctrl->status0 |= FD_SR0_SEEK;
-    break;
-    default:
-    break;
-    }
-    memset(fdctrl->fifo, 0, FD_SECTOR_LEN);
-    if (cur_drv->blk == NULL ||
-    blk_pwrite(cur_drv->blk, fd_offset(cur_drv), fdctrl->fifo,
-   BDRV_SECTOR_SIZE, 0) < 0) {
-    FLOPPY_DPRINTF("error formatting sector %d\n", fd_sector(cur_drv));
-    fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM | FD_SR0_SEEK, 0x00, 0x00);
-    } else {
-    if (cur_drv->sect == cur_drv->last_sect) {
-    fdctrl->data_state &= ~FD_STATE_FORMAT;
-    /* Last sector done */
-    fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
-    } else {
-    /* More to do */
-    fdctrl->data_pos = 0;
-    fdctrl->data_len = 4;
-    }
-    }
-}
-
  static void fdctrl_handle_lock(FDCtrl *fdctrl, int direction)

Re: [PATCH 0/5] m48t59: remove legacy init functions

2020-10-16 Thread Hervé Poussineau 

Le 16/10/2020 à 20:27, Mark Cave-Ayland a écrit :

This patchset is inspired by Philippe's "hw/rtc/m48t59: Simplify m48t59_init()"
patchset at https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg04493.html
but goes further: rather than tidy-up the legacy init functions, convert the
callers to use qdev properties directly so they can simply be removed.

Signed-off-by: Mark Cave-Ayland 


Mark Cave-Ayland (5):
   m48t59-isa: remove legacy m48t59_init_isa() function
   sun4m: use qdev properties instead of legacy m48t59_init() function
   sun4u: use qdev properties instead of legacy m48t59_init() function
   ppc405_boards: use qdev properties instead of legacy m48t59_init()
 function
   m48t59: remove legacy m48t59_init() function

  hw/ppc/ppc405_boards.c  | 10 +-
  hw/rtc/m48t59-isa.c | 25 -
  hw/rtc/m48t59.c | 35 ---
  hw/sparc/sun4m.c|  8 +++-
  hw/sparc64/sun4u.c  |  7 +--
  include/hw/rtc/m48t59.h |  6 --
  6 files changed, 21 insertions(+), 70 deletions(-)



Reviewed-by: Hervé Poussineau

Re: [PATCH 39/63] esp: Rename ESP_STATE to ESP

2020-09-03 Thread Hervé Poussineau 

Le 03/09/2020 à 00:42, Eduardo Habkost a écrit :

Make the type checking macro name consistent with the TYPE_*
constant.

Signed-off-by: Eduardo Habkost 
---
Cc: Mark Cave-Ayland 
Cc: Laurent Vivier 
Cc: "Hervé Poussineau" 
Cc: Aleksandar Rikalo 
Cc: Aleksandar Markovic 
Cc: Aurelien Jarno 
Cc: Jiaxun Yang 
Cc: Paolo Bonzini 
Cc: Fam Zheng 
Cc: Artyom Tarasenko 
Cc: qemu-devel@nongnu.org
---
  include/hw/scsi/esp.h | 2 +-
  hw/dma/sparc32_dma.c  | 2 +-
  hw/m68k/q800.c| 2 +-
  hw/mips/jazz.c| 2 +-
  hw/scsi/esp.c | 6 +++---
  hw/sparc/sun4m.c  | 2 +-
  6 files changed, 8 insertions(+), 8 deletions(-)


Reviewed-by: Hervé Poussineau

Re: [PATCH 47/63] rs6000_mc: Rename RS6000MC_DEVICE to RS6000MC

2020-09-03 Thread Hervé Poussineau 

Le 03/09/2020 à 00:42, Eduardo Habkost a écrit :

Make the type checking macro name consistent with the TYPE_*
constant.

Signed-off-by: Eduardo Habkost 
---
Cc: "Hervé Poussineau" 
Cc: David Gibson 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org
---
  hw/ppc/rs6000_mc.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Hervé Poussineau

Re: [PATCH 20/63] pc87312: Rename TYPE_PC87312_SUPERIO to TYPE_PC87312

2020-09-03 Thread Hervé Poussineau 

Le 03/09/2020 à 00:42, Eduardo Habkost a écrit :

This will make the type name constant consistent with the name of
the type checking macro.

Signed-off-by: Eduardo Habkost 
---
Cc: "Hervé Poussineau" 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org
---
  include/hw/isa/pc87312.h | 4 ++--
  hw/isa/pc87312.c | 2 +-
  2 files changed, 3 insertions(+), 3 deletions(-)


Reviewed-by: Hervé Poussineau

Re: [PATCH v3 0/2] hw/timer/m48t59: Convert to trace events

2020-01-18 Thread Hervé Poussineau 

Le 17/01/2020 à 17:58, Philippe Mathieu-Daudé a écrit :

Another trivial cleanup series.

v2: Rebased on 4.2

Philippe Mathieu-Daudé (2):
   MAINTAINERS: Add missing m48t59 files to the PReP section
   hw/timer/m48t59: Convert debug printf()s to trace events

  hw/rtc/m48t59-internal.h |  5 -
  hw/rtc/m48t59.c  | 11 +--
  MAINTAINERS  |  2 ++
  hw/rtc/trace-events  |  6 ++
  4 files changed, 13 insertions(+), 11 deletions(-)



Reviewed-by: Hervé Poussineau

Re: [PATCH] hw/ppc/prep: Remove the deprecated "prep" machine and the OpenHackware BIOS

2020-01-07 Thread Hervé Poussineau 

Le 07/01/2020 à 10:22, Thomas Huth a écrit :

On 03/12/2019 08.29, Thomas Huth wrote:

It's been deprecated since QEMU v3.1. The 40p machine should be
used nowadays instead.

Signed-off-by: Thomas Huth 
---
  .gitmodules|   3 -
  MAINTAINERS|   1 -
  Makefile   |   2 +-
  docs/interop/firmware.json |   3 +-
  hw/ppc/ppc.c   |  18 --
  hw/ppc/prep.c  | 384 +
  include/hw/ppc/ppc.h   |   1 -
  pc-bios/README |   3 -
  pc-bios/ppc_rom.bin| Bin 1048576 -> 0 bytes
  qemu-deprecated.texi   |   6 -
  qemu-doc.texi  |  15 +-
  roms/openhackware  |   1 -
  tests/boot-order-test.c|  25 ---
  tests/cdrom-test.c |   2 +-
  tests/endianness-test.c|   2 +-
  15 files changed, 10 insertions(+), 456 deletions(-)
  delete mode 100644 pc-bios/ppc_rom.bin
  delete mode 16 roms/openhackware


[...]


Ping ... Hervé, what do you think about the patch?


Hello Thomas,

I completely agree with this welcomed patch!

Acked-by: Hervé Poussineau 

Regards,

Hervé

Re: NetBSD/arc on MIPS Magnum, was Re: [PATCH 00/10] Fixes for DP8393X SONIC device emulation

2019-12-23 Thread Hervé Poussineau 

Le 24/12/2019 à 05:33, Finn Thain a écrit :

On Tue, 24 Dec 2019, Finn Thain wrote:



I know precious little about NetBSD installation and MIPS Magnum. What I
wrote above was guesswork. Hence this could be a NetBSD bug or user
error.



It was bugs and user error.

The user error was not using the serial console. The NetBSD/arc
installation guide says that only serial console is supported for MIPS
Magnum.

The bugs include regressions in NetBSD. (See below.)

The other issue is that the ARC firmware didn't work properly until I
defined one or more 'boot selections', even though none of these will ever
be selected.


Does there exist a known-good combination of NetBSD/arc and
qemu-system-mips64el releases?



The commit log says that Herv? Poussineau used NetBSD 5.1 with dp8393x in
the past, so I tried that.

Here are the steps I used:

./mips64el-softmmu/qemu-system-mips64el -M magnum -L .
-drive if=scsi,unit=2,media=cdrom,format=raw,file=arccd-5.1.iso
-global ds1225y.filename=nvram -global ds1225y.size=8200
-serial stdio -serial null
-nic bridge,model=dp83932,mac=00:00:00:02:03:04

-> Run setup -> Initialize system -> Set default configurations
800x688
3.5 1.44 M
No
7

-> Set default environment
CD-ROM
2

-> Set environment variables
CONSOLEIN
multi()serial(0)term()
CONSOLEOUT
multi()serial(0)term()

-> Exit

Now restart QEMU. The ARC menu should appear on the tty.

-> Run a program

scsi(0)cdrom(2)fdisk(0)boot scsi(0)cdrom(2)fdisk(0)netbsd

That doesn't work. Add a boot selection.

-> Run setup -> Manage startup -> Add a boot selection -> Scsi CD-ROM 0
\os\nt\osloader.exe
Yes
\winnt
Windows NT
No

Somehow, that seems to help. Now restart QEMU.

-> Run a program

 scsi(0)cdrom(2)fdisk(0)boot scsi(0)cdrom(2)fdisk(0)netbsd

NetBSD/arc Bootstrap, Revision 1.1
(bui...@b7.netbsd.org, Sat Nov  6 14:06:36 UTC 2010)
devopen: scsi(0)cdrom(2)fdisk(0) type disk file netbsd
5502064+289092=0x5860e0
Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
 2006, 2007, 2008, 2009, 2010
 The NetBSD Foundation, Inc.  All rights reserved.
Copyright (c) 1982, 1986, 1989, 1991, 1993
 The Regents of the University of California.  All rights reserved.

NetBSD 5.1 (RAMDISK) #0: Sat Nov  6 14:17:36 UTC 2010
 
bui...@b7.netbsd.org:/home/builds/ab/netbsd-5-1-RELEASE/arc/201011061943Z-obj/home/builds/ab/netbsd-5-1-RELEASE/src/sys/arch/arc/compile/RAMDISK
MIPS Magnum
total memory = 128 MB
avail memory = 117 MB
mainbus0 (root)
cpu0 at mainbus0: MIPS R4000 CPU (0x400) Rev. 0.0 with MIPS R4010 FPC Rev. 0.0
cpu0: 8KB/16B direct-mapped L1 Instruction cache, 48 TLB entries
cpu0: 8KB/16B direct-mapped write-back L1 Data cache
jazzio0 at mainbus0
timer0 at jazzio0 addr 0xe228
mcclock0 at jazzio0 addr 0xe0004000: mc146818 compatible time-of-day clock
LPT1 at jazzio0 addr 0xe0008000 intr 0 not configured
fdc0 at jazzio0 addr 0xe0003000 intr 1
fd0 at fdc0 drive 1: 1.44MB, 80 cyl, 2 head, 18 sec
MAGNUM at jazzio0 addr 0xe000c000 intr 2 not configured
VXL at jazzio0 addr 0xe080 intr 3 not configured
sn0 at jazzio0 addr 0xe0001000 intr 4: SONIC Ethernet
sonic: write 0x0015 to reg CR
sonic: write 0x0080 to reg CR
sonic: write 0x to reg IMR
sonic: write 0x7fff to reg ISR
sonic: write 0x to reg CR
sn0: Ethernet address 00:00:00:00:00:00
asc0 at jazzio0 addr 0xe0002000 intr 5: NCR53C94, 25MHz, SCSI ID 7
scsibus0 at asc0: 8 targets, 8 luns per target
pckbc0 at jazzio0 addr 0xe0005000 intr 6
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0 (mux ignored)
pms at jazzio0 addr 0xe0005000 intr 7 not configured
com0 at jazzio0 addr 0xe0006000 intr 8: ns16550a, working fifo
com0: txfifo disabled
com0: console
com1 at jazzio0 addr 0xe0007000 intr 9: ns16550a, working fifo
com1: txfifo disabled
jazzisabr0 at mainbus0
isa0 at jazzisabr0
isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
scsibus0: waiting 2 seconds for devices to settle...
cd0 at scsibus0 target 2 lun 0:  cdrom removable
cd1 at scsibus0 target 4 lun 0:  cdrom removable
boot device: 
root on md0a dumps on md0b
root file system type: ffs
WARNING: preposterous TOD clock time
WARNING: using filesystem time
WARNING: CHECK AND RESET THE DATE!
erase ^H, werase ^W, kill ^U, intr ^C, status ^T
Terminal type? [vt100]
Erase is backspace.
(I)nstall, (S)hell or (H)alt ? s
# ifconfig sn0 10.2.3.4/24
# ping
usage:
ping [-adDfLnoPqQrRv] [-c count] [-g gateway] [-h host] [-i interval] [-I addr]
  [-l preload] [-p pattern] [-s size] [-t tos] [-T ttl] [-w maxwait] host


My initial testing shows that NetBSD 5.1 doesn't like my v2 patch series.
I'll debug that before I send v3.

BTW, there seem to be regressions in NetBSD 8.1 compared to NetBSD 5.1.

The 'boot' program on the 8.1 ISO just hangs.

If I use the 'boot' program from the 5.1 ISO to load the 'netbsd'
binary from the 8.1 ISO, I get a crash:

-> Run a program

[PATCH] dma/rc4030: correctly reset DMA translation table at reset

2019-12-22 Thread Hervé Poussineau 
This fixes a freeze at reboot, introduced in 
c627e7526a902dd5bb1907dbbd5cf961679dfa68

Signed-off-by: Hervé Poussineau 
---
 hw/dma/rc4030.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
index c4cf8236f4..76302fe431 100644
--- a/hw/dma/rc4030.c
+++ b/hw/dma/rc4030.c
@@ -534,6 +534,7 @@ static void rc4030_reset(DeviceState *dev)
 
 memset(s->dma_regs, 0, sizeof(s->dma_regs));
 
+s->dma_tl_base = s->dma_tl_limit = 0;
 s->remote_failed_address = s->memory_failed_address = 0;
 s->cache_maint = 0;
 s->cache_ptag = s->cache_ltag = 0;
-- 
2.19.2

Re: [PATCH v2 4/5] MAINTAINERS: Adjust maintainership for R4000 systems

2019-11-22 Thread Hervé Poussineau 

Le 22/11/2019 à 16:29, Philippe Mathieu-Daudé a écrit :

On 11/22/19 3:14 PM, Aleksandar Markovic wrote:

On Fri, Nov 22, 2019 at 2:58 PM Philippe Mathieu-Daudé
 wrote:


Hi Aleksandar,

On 11/13/19 2:47 PM, Aleksandar Markovic wrote:

From: Aleksandar Markovic 

Change the maintainership for R4000 systems to improve its quality.

Acked-by: Aurelien Jarno 
Signed-off-by: Aleksandar Markovic 
---
   MAINTAINERS | 5 +++--
   1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 6afec32..ba9ca98 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -971,8 +971,9 @@ F: hw/mips/mips_mipssim.c
   F: hw/net/mipsnet.c

   R4000
-M: Aurelien Jarno 
-R: Aleksandar Rikalo 
+M: Hervé Poussineau 


Commit 0c10962a033 from Hervé was part of a bigger refactor series, so I
don't think he is interested.


+R: Aurelien Jarno 
+R: Philippe Mathieu-Daudé 
   S: Maintained
   F: hw/mips/mips_r4k.c


Now back to this board, I am having hard time to understand what it
models. IIUC it predates the Malta board, and was trying to model a
board able to run the first MIPS cpu when the port was added in 2005
(see commit 6af0bf9c7c3a).
The Malta board was added 1 year later (commit 5856de800df) and models a
real hardware.

As Aurelien acked to step down maintaining it, it seems the perfect
timing to start its deprecation process. I'll prepare a patch for 5.0
(unless someone is really using it and willing to maintain it).



Philippe, hi.

Herve told me a while ago that he does care about R4000 being
supported, as it is closely related to Jazz machines, so please
don't start any deprecation process.


I think what Hervé meant to say is he cares about the R4000 CPU (implementing the MIPSIII architecture). The Magnum and Pica boards indeed use a R4000 CPU. I also personally care about this CPU, and 
don't want it to disappear.


Here we are talking about the some Frankenstein board. QEMU aims to model real hardware, with the exception of the 'Virt' boards that have specifications. Here I can't find any. I am not against Hervé 
maintaining this file if he has some interest in it, but I think there are confusion and we are talking about 2 different topics.


Philippe is right.
I care about Magnum/PICA boards (which have a R4000 cpu).
I don't care about this the mips_r4k.c machine, and I think that deprecating 
mips_r4k.c machine is the right thing to do.




Herve is the most familiar of all of us with R4000, and, for that
reason, my suggestion is to keep the patch as it is. Let me know
if you have any objections.

One alternative approach would be to merge "R4000" and
"Jazz" sections. But, let's leave it for future as an option,
if nobody objects.


Jazz and mips_r4k machines have mostly nothing in common, except using a R4000 
CPU and an ISA bus.

Regards,

Hervé

Re: [PATCH 2/3] dp8393x: fix dp8393x_receive()

2019-11-05 Thread Hervé Poussineau 

Le 05/11/2019 à 22:53, Laurent Vivier a écrit :

Le 05/11/2019 à 22:06, Hervé Poussineau a écrit :

Le 02/11/2019 à 18:15, Laurent Vivier a écrit :

address_space_rw() access size must be multiplied by the width.

This fixes DHCP for Q800 guest.

Signed-off-by: Laurent Vivier 
---
   hw/net/dp8393x.c | 2 +-
   1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 85d3f3788e..b8c4473f99 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -833,7 +833,7 @@ static ssize_t dp8393x_receive(NetClientState *nc,
const uint8_t * buf,
   } else {
   dp8393x_put(s, width, 0, 0); /* in_use */
   address_space_rw(>as, dp8393x_crda(s) + sizeof(uint16_t)
* 6 * width,
-    MEMTXATTRS_UNSPECIFIED, (uint8_t *)s->data,
sizeof(uint16_t), 1);
+    MEMTXATTRS_UNSPECIFIED, (uint8_t *)s->data, size, 1);
   s->regs[SONIC_CRDA] = s->regs[SONIC_LLFA];
   s->regs[SONIC_ISR] |= SONIC_ISR_PKTRX;
   s->regs[SONIC_RSC] = (s->regs[SONIC_RSC] & 0xff00) |
(((s->regs[SONIC_RSC] & 0x00ff) + 1) & 0x00ff);



This patch is problematic.
The code was initially created with "size".
It was changed in 409b52bfe199d8106dadf7c5ff3d88d2228e89b5 to fix
networking in NetBSD 5.1.

To test with NetBSD 5.1
- boot the installer (arccd-5.1.iso)
- choose (S)hell option
- "ifconfig sn0 10.0.2.15 netmask 255.255.255.0"
- "route add default 10.0.2.2"
- networking should work (I test with "ftp 212.27.63.3")


I've the firmware from
http://hpoussineau.free.fr/qemu/firmware/magnum-4000/setup.zip
Which file to use? NTPROM.RAW?


Without this patch, I get the FTP banner.
With this patch, connection can't be established.

In datasheet page 17, you can see the "Receive Descriptor Format", which
contains the in_use field.
It is clearly said that RXpkt.in_use is 16 bit wide, and that the bits
16-31 are not used in 32-bit mode.

So, I don't see why you need to clear 32 bits in 32-bit mode. Maybe you
need to clear only the other
16 bits ? Maybe it depends of endianness ?


Thank you for the details. I think the problem should likely come from
the endianness.

The offset must be adjusted according to the access mode (endianness and
size).

The following patch fixes the problem for me, and should not break other
targets:

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 85d3f3788e..3d991af163 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -831,9 +831,15 @@ static ssize_t dp8393x_receive(NetClientState *nc,
const uint8_t * buf,
  /* EOL detected */
  s->regs[SONIC_ISR] |= SONIC_ISR_RDE;
  } else {
-dp8393x_put(s, width, 0, 0); /* in_use */
-address_space_rw(>as, dp8393x_crda(s) + sizeof(uint16_t) * 6
* width,
-MEMTXATTRS_UNSPECIFIED, (uint8_t *)s->data,
sizeof(uint16_t), 1);
+/* Clear in_use, but it is always 16bit wide */
+int offset = dp8393x_crda(s) + sizeof(uint16_t) * 6 * width;
+if (s->big_endian && width == 2) {
+/* we need to adjust the offset of the 16bit field */
+offset += sizeof(uint16_t);
+}
+s->data[0] = 0;
+address_space_rw(>as, offset, MEMTXATTRS_UNSPECIFIED,
+ (uint8_t *)s->data, sizeof(uint16_t), 1);
  s->regs[SONIC_CRDA] = s->regs[SONIC_LLFA];
  s->regs[SONIC_ISR] |= SONIC_ISR_PKTRX;
  s->regs[SONIC_RSC] = (s->regs[SONIC_RSC] & 0xff00) |
(((s->regs[SONIC_RSC] & 0x00ff) + 1) & 0x00ff);

What is your opinion?


This one works for NetBSD.
Tested-by: Hervé Poussineau

Re: [PATCH 2/3] dp8393x: fix dp8393x_receive()

2019-11-05 Thread Hervé Poussineau 

Le 02/11/2019 à 18:15, Laurent Vivier a écrit :

address_space_rw() access size must be multiplied by the width.

This fixes DHCP for Q800 guest.

Signed-off-by: Laurent Vivier 
---
  hw/net/dp8393x.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 85d3f3788e..b8c4473f99 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -833,7 +833,7 @@ static ssize_t dp8393x_receive(NetClientState *nc, const 
uint8_t * buf,
  } else {
  dp8393x_put(s, width, 0, 0); /* in_use */
  address_space_rw(>as, dp8393x_crda(s) + sizeof(uint16_t) * 6 * 
width,
-MEMTXATTRS_UNSPECIFIED, (uint8_t *)s->data, sizeof(uint16_t), 1);
+MEMTXATTRS_UNSPECIFIED, (uint8_t *)s->data, size, 1);
  s->regs[SONIC_CRDA] = s->regs[SONIC_LLFA];
  s->regs[SONIC_ISR] |= SONIC_ISR_PKTRX;
  s->regs[SONIC_RSC] = (s->regs[SONIC_RSC] & 0xff00) | (((s->regs[SONIC_RSC] 
& 0x00ff) + 1) & 0x00ff);



This patch is problematic.
The code was initially created with "size".
It was changed in 409b52bfe199d8106dadf7c5ff3d88d2228e89b5 to fix networking in 
NetBSD 5.1.

To test with NetBSD 5.1
- boot the installer (arccd-5.1.iso)
- choose (S)hell option
- "ifconfig sn0 10.0.2.15 netmask 255.255.255.0"
- "route add default 10.0.2.2"
- networking should work (I test with "ftp 212.27.63.3")

Without this patch, I get the FTP banner.
With this patch, connection can't be established.

In datasheet page 17, you can see the "Receive Descriptor Format", which 
contains the in_use field.
It is clearly said that RXpkt.in_use is 16 bit wide, and that the bits 16-31 
are not used in 32-bit mode.

So, I don't see why you need to clear 32 bits in 32-bit mode. Maybe you need to 
clear only the other
16 bits ? Maybe it depends of endianness ?

Regards,

Hervé

Re: [PATCH 3/3] dp8393x: fix receiving buffer exhaustion

2019-11-05 Thread Hervé Poussineau 

Le 02/11/2019 à 18:15, Laurent Vivier a écrit :

The card is not able to exit from exhaustion state, because
while the drive consumes the buffers, the RRP is incremented
(when the driver clears the ISR RBE bit), so it stays equal
to RWP, and while RRP == RWP, the card thinks it is always
in exhaustion state. So the driver consumes all the buffers,
but the card cannot receive new ones.

This patch fixes the problem by not incrementing RRP when
the driver clears the ISR RBE bit.

Signed-off-by: Laurent Vivier 
---
  hw/net/dp8393x.c | 31 ---
  1 file changed, 16 insertions(+), 15 deletions(-)


I checked the DP83932C specification, available at
https://www.eit.lth.se/fileadmin/eit/courses/datablad/Periphery/Communication/DP83932C.pdf

In the Buffer Resources Exhausted section (page 20):
"To continue reception after the last RBA is used, the system must supply
additional RRA descriptor(s), update the RWP register, and clear the RBE
bit in the ISR. The SONIC rereads the RRA after this bit is cleared."

If I understand correctly, if the OS updates first the RWP and then clear the 
RBE bit,
then RRP should be different of RWP in dp8393x_do_read_rra() ? Or did I miss 
something?



diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index b8c4473f99..21deb32456 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -304,7 +304,7 @@ static void dp8393x_do_load_cam(dp8393xState *s)
  dp8393x_update_irq(s);
  }
  
-static void dp8393x_do_read_rra(dp8393xState *s)

+static void dp8393x_do_read_rra(dp8393xState *s, int next)
  {
  int width, size;
  
@@ -323,19 +323,20 @@ static void dp8393x_do_read_rra(dp8393xState *s)

  s->regs[SONIC_CRBA0], s->regs[SONIC_CRBA1],
  s->regs[SONIC_RBWC0], s->regs[SONIC_RBWC1]);
  
-/* Go to next entry */

-s->regs[SONIC_RRP] += size;
+if (next) {
+/* Go to next entry */
+s->regs[SONIC_RRP] += size;
  
-/* Handle wrap */

-if (s->regs[SONIC_RRP] == s->regs[SONIC_REA]) {
-s->regs[SONIC_RRP] = s->regs[SONIC_RSA];
-}
+/* Handle wrap */
+if (s->regs[SONIC_RRP] == s->regs[SONIC_REA]) {
+s->regs[SONIC_RRP] = s->regs[SONIC_RSA];
+}
  
-/* Check resource exhaustion */

-if (s->regs[SONIC_RRP] == s->regs[SONIC_RWP])
-{
-s->regs[SONIC_ISR] |= SONIC_ISR_RBE;
-dp8393x_update_irq(s);
+/* Check resource exhaustion */
+if (s->regs[SONIC_RRP] == s->regs[SONIC_RWP]) {
+s->regs[SONIC_ISR] |= SONIC_ISR_RBE;
+dp8393x_update_irq(s);
+}
  }
  
  /* Done */

@@ -549,7 +550,7 @@ static void dp8393x_do_command(dp8393xState *s, uint16_t 
command)
  if (command & SONIC_CR_RST)
  dp8393x_do_software_reset(s);
  if (command & SONIC_CR_RRRA)
-dp8393x_do_read_rra(s);
+dp8393x_do_read_rra(s, 1);
  if (command & SONIC_CR_LCAM)
  dp8393x_do_load_cam(s);
  }
@@ -640,7 +641,7 @@ static void dp8393x_write(void *opaque, hwaddr addr, 
uint64_t data,
  data &= s->regs[reg];
  s->regs[reg] &= ~data;
  if (data & SONIC_ISR_RBE) {
-dp8393x_do_read_rra(s);
+dp8393x_do_read_rra(s, 0);
  }
  dp8393x_update_irq(s);
  if (dp8393x_can_receive(s->nic->ncs)) {
@@ -840,7 +841,7 @@ static ssize_t dp8393x_receive(NetClientState *nc, const 
uint8_t * buf,
  
  if (s->regs[SONIC_RCR] & SONIC_RCR_LPKT) {

  /* Read next RRA */
-dp8393x_do_read_rra(s);
+dp8393x_do_read_rra(s, 1);
  }
  }

Re: [PATCH 1/3] dp8393x: put the DMA buffer in the state structure

2019-11-05 Thread Hervé Poussineau 

Le 02/11/2019 à 18:15, Laurent Vivier a écrit :

Move it from the stack.

It's only 24 bytes, and this simplifies the dp8393x_get()/
dp8393x_put() interface.

Signed-off-by: Laurent Vivier 
---
  hw/net/dp8393x.c | 105 ++-
  1 file changed, 50 insertions(+), 55 deletions(-)


Reviewed-by: Hervé Poussineau

Re: [PATCH v3] fdc/i8257: implement verify transfer mode

2019-11-03 Thread Hervé Poussineau 

Le 01/11/2019 à 17:55, Sven Schnelle a écrit :

While working on the Tulip driver i tried to write some Teledisk images to
a floppy image which didn't work. Turned out that Teledisk checks the written
data by issuing a READ command to the FDC but running the DMA controller
in VERIFY mode. As we ignored the DMA request in that case, the DMA transfer
never finished, and Teledisk reported an error.

The i8257 spec says about verify transfers:

3) DMA verify, which does not actually involve the transfer of data. When an
8257 channel is in the DMA verify mode, it will respond the same as described
for transfer operations, except that no memory or I/O read/write control signals
will be generated.

Hervé proposed to remove all the dma_mode_ok stuff from fdc to have a more
clear boundary between DMA and FDC, so this patch also does that.

Suggested-by: Hervé Poussineau 
Signed-off-by: Sven Schnelle 
---
  hw/block/fdc.c   | 61 +---
  hw/dma/i8257.c   | 20 ++-
  include/hw/isa/isa.h |  1 -
  3 files changed, 31 insertions(+), 51 deletions(-)


Reviewed-by: Hervé Poussineau

Re: [PATCH v2] fdc/i8257: implement verify transfer mode

2019-11-01 Thread Hervé Poussineau 

Le 30/10/2019 à 09:28, Sven Schnelle a écrit :

While working on the Tulip driver i tried to write some Teledisk images to
a floppy image which didn't work. Turned out that Teledisk checks the written
data by issuing a READ command to the FDC but running the DMA controller
in VERIFY mode. As we ignored the DMA request in that case, the DMA transfer
never finished, and Teledisk reported an error.

The i8257 spec says about verify transfers:

3) DMA verify, which does not actually involve the transfer of data. When an
8257 channel is in the DMA verify mode, it will respond the same as described
for transfer operations, except that no memory or I/O read/write control signals
will be generated.

Hervé proposed to remove all the dma_mode_ok stuff from fdc to have a more
clear boundary between DMA and FDC, so this patch also does that.

Suggested-by: Hervé Poussineau 
Signed-off-by: Sven Schnelle 
---
  hw/block/fdc.c   | 39 +++
  hw/dma/i8257.c   | 20 +---
  include/hw/isa/isa.h |  1 -
  3 files changed, 28 insertions(+), 32 deletions(-)

diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index ac5d31e8c1..18fd22bfb7 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -1716,9 +1716,8 @@ static void fdctrl_start_transfer(FDCtrl *fdctrl, int 
direction)
  if (fdctrl->dor & FD_DOR_DMAEN) {
  IsaDmaTransferMode dma_mode;


You need to remove this dma_mode variable because you don't set it anymore.


  IsaDmaClass *k = ISADMA_GET_CLASS(fdctrl->dma);
-bool dma_mode_ok;
+
  /* DMA transfer are enabled. Check if DMA channel is well programmed 
*/


Second part of this comment should be removed.


-dma_mode = k->get_transfer_mode(fdctrl->dma, fdctrl->dma_chann);
  FLOPPY_DPRINTF("dma_mode=%d direction=%d (%d - %d)\n",
 dma_mode, direction,
 (128 << fdctrl->fifo[5]) *


You need to remove dma_mode variable from printf statement, as you removed the 
variable.


@@ -1727,40 +1726,32 @@ static void fdctrl_start_transfer(FDCtrl *fdctrl, int 
direction)
  case FD_DIR_SCANE:
  case FD_DIR_SCANL:
  case FD_DIR_SCANH:
-dma_mode_ok = (dma_mode == ISADMA_TRANSFER_VERIFY);
  break;
  case FD_DIR_WRITE:
-dma_mode_ok = (dma_mode == ISADMA_TRANSFER_WRITE);
  break;
  case FD_DIR_READ:
-dma_mode_ok = (dma_mode == ISADMA_TRANSFER_READ);
  break;
  case FD_DIR_VERIFY:
-dma_mode_ok = true;
  break;
  default:
-dma_mode_ok = false;
  break;
  }


Now that you have removed the dma_mode_ok instructions, you have a switch where 
all cases do nothing.
Please completly remove the switch statement.


-if (dma_mode_ok) {
-/* No access is allowed until DMA transfer has completed */
-fdctrl->msr &= ~FD_MSR_RQM;
-if (direction != FD_DIR_VERIFY) {
-/* Now, we just have to wait for the DMA controller to
- * recall us...
- */
-k->hold_DREQ(fdctrl->dma, fdctrl->dma_chann);
-k->schedule(fdctrl->dma);
-} else {
-/* Start transfer */
-fdctrl_transfer_handler(fdctrl, fdctrl->dma_chann, 0,
-fdctrl->data_len);
-}
-return;
+
+/* No access is allowed until DMA transfer has completed */
+fdctrl->msr &= ~FD_MSR_RQM;
+if (direction != FD_DIR_VERIFY) {
+/*
+ * Now, we just have to wait for the DMA controller to
+ * recall us...
+ */
+k->hold_DREQ(fdctrl->dma, fdctrl->dma_chann);
+k->schedule(fdctrl->dma);
  } else {
-FLOPPY_DPRINTF("bad dma_mode=%d direction=%d\n", dma_mode,
-   direction);
+/* Start transfer */
+fdctrl_transfer_handler(fdctrl, fdctrl->dma_chann, 0,
+fdctrl->data_len);
  }
+return;
  }
  FLOPPY_DPRINTF("start non-DMA transfer\n");
  fdctrl->msr |= FD_MSR_NONDMA | FD_MSR_RQM;
diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
index 792f617eb4..85dad3d391 100644
--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -292,12 +292,6 @@ static uint64_t i8257_read_cont(void *opaque, hwaddr 
nport, unsigned size)
  return val;
  }
  
-static IsaDmaTransferMode i8257_dma_get_transfer_mode(IsaDma *obj, int nchan)

-{
-I8257State *d = I8257(obj);
-return (d->regs[nchan & 3].mode >> 2) & 3;
-}
-
  static bool i8257_dma_has_autoinitialization(IsaDma *obj, int nchan)
  {
  I8257State *d = I8257(obj);
@@ -400,6 +394,11 @@ static void i8257_dma_register_channel(

Re: [PATCH] fdc: support READ command with VERIFY DMA mode

2019-10-29 Thread Hervé Poussineau 

Le 29/10/2019 à 12:00, John Snow a écrit :
>
>
> On 10/20/19 2:38 AM, Sven Schnelle wrote:
>> While working on the Tulip driver i tried to write some Teledisk images to
>> a floppy image which didn't work. Turned out that Teledisk checks the written
>> data by issuing a READ command to the FDC but running the DMA controller
>> in VERIFY mode. As we ignored the DMA request in that case, the DMA transfer
>> never finished, and Teledisk reported an error.
>>
>
> CC hpous...@reactos.org, who sometimes submits patches here too.
>
>> Signed-off-by: Sven Schnelle 
>> ---
>>   hw/block/fdc.c | 10 +++---
>>   1 file changed, 7 insertions(+), 3 deletions(-)
>>
>> diff --git a/hw/block/fdc.c b/hw/block/fdc.c
>> index ac5d31e8c1..8a1228df78 100644
>> --- a/hw/block/fdc.c
>> +++ b/hw/block/fdc.c
>> @@ -1733,7 +1733,8 @@ static void fdctrl_start_transfer(FDCtrl *fdctrl, int 
direction)
>>   dma_mode_ok = (dma_mode == ISADMA_TRANSFER_WRITE);
>>   break;
>>   case FD_DIR_READ:
>> -dma_mode_ok = (dma_mode == ISADMA_TRANSFER_READ);
>> +dma_mode_ok = (dma_mode == ISADMA_TRANSFER_READ) ||
>> +  (dma_mode == ISADMA_TRANSFER_VERIFY);
>
> So we're enabling DMA when the command is an FD_DIR_READ command and the
> dma_mode is VERIFY. Those read commands are:
>
> READ
> READ TRACK
> READ DELETED DATA

OK for this part. However, in an ideal emulation world, the floppy drive 
controller shouldn't know
what is the current DMA mode.
I would remove this whole dma_mode_ok thing, and always assume that operating 
system does a sane thing.
Then, get_transfer_mode() callback and the ISADMA_TRANSFER_* defines can also 
be removed.

>
>>   break;
>>   case FD_DIR_VERIFY:
>>   dma_mode_ok = true;
>> @@ -1835,8 +1836,11 @@ static int fdctrl_transfer_handler (void *opaque, int 
nchan,
>>   switch (fdctrl->data_dir) {
>>   case FD_DIR_READ:
>>   /* READ commands */
>> -k->write_memory(fdctrl->dma, nchan, fdctrl->fifo + rel_pos,
>> -fdctrl->data_pos, len);
>> +if (k->get_transfer_mode(fdctrl->dma, fdctrl->dma_chann) !=
>> +ISADMA_TRANSFER_VERIFY) {
>> +k->write_memory(fdctrl->dma, nchan, fdctrl->fifo + rel_pos,
>> +fdctrl->data_pos, len);
>> +}
>
> Would it horrify you to know I don't know how the VERIFY mode should
> work? It's always nice when you google i8257 to look for information and
> the top page of results are all QEMU patches.
>
> The i8257 spec says this:
>
> (3) DMA verify, which does not actually involve the
> transfer of data. When an 8257 channel is in the DMA verify
> mode, it will respond the same as described for transfer
> operations, except that no memory or I/O read/write
> control signals will be generated,
>
> Alright, looks good to me -- my question is if there aren't other
> commands where we want to give this same treatment, but then again...
> we've made it to 2019 without them, so...

It doesn't seem good to me, as it fixes VERIFY mode only for fdc.
Can you try to remove this part, and replace it by the following one (not 
tested) ?

--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -428,6 +428,11 @@ static int i8257_dma_write_memory(IsaDma *obj, int nchan, 
void *buf, int pos,
 I8257Regs *r = >regs[nchan & 3];
 hwaddr addr = ((r->pageh & 0x7f) << 24) | (r->page << 16) | r->now[ADDR];

+if (r->mode & 0xc0 == 0x00) {
+   /* VERIFY mode, do nothing */
+return len;
+}
+
 if (r->mode & 0x20) {
 int i;
 uint8_t *p = buf;

We may also fix i8257_dma_{read,write}_memory to correctly check for mode and 
refuse to
do anything if mode is wrong.

>
>>   break;
>>   case FD_DIR_WRITE:
>>   /* WRITE commands */
>>
>
> Reviewed-by: John Snow 
>
>

Hervé

Re: [Qemu-devel] [PATCH 3/3] hw/mips/mips_jazz: Remove no-longer-necessary override of do_unassigned_access

2019-09-09 Thread Hervé Poussineau 

Le 02/08/2019 à 18:04, Peter Maydell a écrit :

Now that the MIPS CPU implementation uses the new
do_transaction_failed hook, we can remove the old code that handled
the do_unassigned_access hook.

Signed-off-by: Peter Maydell 
---
  hw/mips/mips_jazz.c | 27 ---
  1 file changed, 4 insertions(+), 23 deletions(-)


Tested-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH 2/3] target/mips: Switch to do_transaction_failed() hook

2019-09-09 Thread Hervé Poussineau 

Le 02/08/2019 à 18:04, Peter Maydell a écrit :

Switch the MIPS target from the old unassigned_access hook to the new
do_transaction_failed hook.

Unlike the old hook, do_transaction_failed is only ever called from
the TCG memory access paths, so there is no need for the "ignore this
if we're using KVM" hack that we were previously using to work around
the way unassigned_access was called for all kinds of memory accesses
to unassigned physical addresses.

The MIPS target does not ever do direct memory reads by physical
address (via either ldl_phys etc or address_space_ldl etc), so the
only memory accesses this affects are the 'normal' guest loads and
stores, which will be handled by the new hook; their behaviour is
unchanged.

Signed-off-by: Peter Maydell 
---
  target/mips/internal.h  |  8 +---
  target/mips/cpu.c   |  2 +-
  target/mips/op_helper.c | 24 
  3 files changed, 14 insertions(+), 20 deletions(-)


Tested-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH 1/3] hw/mips/mips_jazz: Override do_transaction_failed hook

2019-09-09 Thread Hervé Poussineau 

Le 02/08/2019 à 18:04, Peter Maydell a écrit :

The MIPS Jazz ('magnum' and 'pica61') boards have some code which
overrides the CPU's do_unassigned_access hook, so they can intercept
it and not raise exceptions on data accesses to invalid addresses,
only for instruction fetches.

We want to switch MIPS over to using the do_transaction_failed
hook instead, so add an intercept for that as well, and make
the board code install whichever hook the CPU is actually using.
Once we've changed the CPU implementation we can remove the
redundant code for the old hook.

Note: I am suspicious that the behaviour as implemented here may not
be what the hardware really does.  It was added in commit
54e755588cf1e90f0b14 to restore the behaviour that was broken by
commit c658b94f6e8c206c59d.  But prior to commit c658b94f6e8c206c59d
every MIPS board generated exceptions for instruction access to
invalid addresses but not for data accesses; and other boards,
notably Malta, were fixed by making all invalid accesses behave as
reads-as-zero (see the call to empty_slot_init() in
mips_malta_init()).  Hardware that raises exceptions for instruction
access and not data access seems to me to be an unlikely design, and
it's possible that the right way to emulate this is to make the Jazz
boards do what we did with Malta (or some variation of that).
Nonetheless, since I don't have access to real hardware to test
against I have taken the approach of "make QEMU continue to behave
the same way it did before this commit".  I have updated the comment
to correct the parts that are no longer accurate and note that
the hardware might behave differently.

The test case for the need for the hook-hijacking is in
https://bugs.launchpad.net/qemu/+bug/1245924 That BIOS will boot OK
either with this overriding of both hooks, or with a simple "global
memory region to ignore bad accesses of all types", so it doesn't
provide evidence either way, unfortunately.

Signed-off-by: Peter Maydell 


Tested-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH 1/2] dma/rc4030: Fix off-by-one error in specified memory region size

2019-07-01 Thread Hervé Poussineau 

Le 25/06/2019 à 16:27, Aleksandar Markovic a écrit :

From: Aleksandar Markovic 

The size is one byte less than it should be:

address-space: rc4030-dma
   -fffe (prio 0, i/o): rc4030.dma

rc4030 is used in MIPS Jazz board context.

Signed-off-by: Aleksandar Markovic 


Reviewed-by: Hervé Poussineau 


---
  hw/dma/rc4030.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
index 6ccafec..88ff271 100644
--- a/hw/dma/rc4030.c
+++ b/hw/dma/rc4030.c
@@ -23,6 +23,7 @@
   */
  
  #include "qemu/osdep.h"

+#include "qemu/units.h"
  #include "hw/hw.h"
  #include "hw/mips/mips.h"
  #include "hw/sysbus.h"
@@ -678,7 +679,7 @@ static void rc4030_realize(DeviceState *dev, Error **errp)
  
  memory_region_init_iommu(>dma_mr, sizeof(s->dma_mr),

   TYPE_RC4030_IOMMU_MEMORY_REGION,
- o, "rc4030.dma", UINT32_MAX);
+ o, "rc4030.dma", 4 * GiB);
  address_space_init(>dma_as, MEMORY_REGION(>dma_mr), "rc4030-dma");
  }

Re: [Qemu-devel] [PATCH 2/2] dma/rc4030: Minor code style cleanup

2019-07-01 Thread Hervé Poussineau 

Le 25/06/2019 à 16:27, Aleksandar Markovic a écrit :

From: Aleksandar Markovic 

Fix some simple checkpatch.pl warnings in rc4030.c.

Signed-off-by: Aleksandar Markovic 


Reviewed-by: Hervé Poussineau 


---
  hw/dma/rc4030.c | 18 +++---
  1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
index 88ff271..155af9b 100644
--- a/hw/dma/rc4030.c
+++ b/hw/dma/rc4030.c
@@ -58,8 +58,8 @@ typedef struct dma_pagetable_entry {
  
  #define TYPE_RC4030_IOMMU_MEMORY_REGION "rc4030-iommu-memory-region"
  
-typedef struct rc4030State

-{
+typedef struct rc4030State {
+
  SysBusDevice parent;
  
  uint32_t config; /* 0x: RC4030 config register */

@@ -152,8 +152,9 @@ static uint64_t rc4030_read(void *opaque, hwaddr addr, 
unsigned int size)
  case 0x0058:
  val = s->cache_bmask;
  /* HACK */
-if (s->cache_bmask == (uint32_t)-1)
+if (s->cache_bmask == (uint32_t)-1) {
  s->cache_bmask = 0;
+}
  break;
  /* Remote Speed Registers */
  case 0x0070:
@@ -538,8 +539,9 @@ static void rc4030_reset(DeviceState *dev)
  
  s->memory_refresh_rate = 0x18186;

  s->nvram_protect = 7;
-for (i = 0; i < 15; i++)
+for (i = 0; i < 15; i++) {
  s->rem_speed[i] = 7;
+}
  s->imr_jazz = 0x10; /* XXX: required by firmware, but why? */
  s->isr_jazz = 0;
  
@@ -551,7 +553,7 @@ static void rc4030_reset(DeviceState *dev)
  
  static int rc4030_post_load(void *opaque, int version_id)

  {
-rc4030State* s = opaque;
+rc4030State *s = opaque;
  
  set_next_tick(s);

  update_jazz_irq(s);
@@ -591,7 +593,8 @@ static void rc4030_do_dma(void *opaque, int n, uint8_t 
*buf, int len, int is_wri
  hwaddr dma_addr;
  int dev_to_mem;
  
-s->dma_regs[n][DMA_REG_ENABLE] &= ~(DMA_FLAG_TC_INTR | DMA_FLAG_MEM_INTR | DMA_FLAG_ADDR_INTR);

+s->dma_regs[n][DMA_REG_ENABLE] &=
+   ~(DMA_FLAG_TC_INTR | DMA_FLAG_MEM_INTR | DMA_FLAG_ADDR_INTR);
  
  /* Check DMA channel consistency */

  dev_to_mem = (s->dma_regs[n][DMA_REG_ENABLE] & DMA_FLAG_MEM_TO_DEV) ? 0 : 
1;
@@ -603,8 +606,9 @@ static void rc4030_do_dma(void *opaque, int n, uint8_t 
*buf, int len, int is_wri
  }
  
  /* Get start address and len */

-if (len > s->dma_regs[n][DMA_REG_COUNT])
+if (len > s->dma_regs[n][DMA_REG_COUNT]) {
  len = s->dma_regs[n][DMA_REG_COUNT];
+}
  dma_addr = s->dma_regs[n][DMA_REG_ADDRESS];
  
  /* Read/write data at right place */

Re: [Qemu-devel] [PATCH 1/5] tests/acceptance: Add test that runs NetBSD installer on PRep/40p

2019-07-01 Thread Hervé Poussineau 

Le 27/06/2019 à 14:00, Philippe Mathieu-Daudé a écrit :

typo "PRep" -> "PReP" in patch subject

On 6/27/19 1:01 PM, Philippe Mathieu-Daudé wrote:

User case from:
http://mail-index.netbsd.org/port-prep/2017/04/11/msg000112.html

Signed-off-by: Philippe Mathieu-Daudé 
---
  tests/acceptance/ppc_prep_40p.py | 63 
  1 file changed, 63 insertions(+)
  create mode 100644 tests/acceptance/ppc_prep_40p.py


Hervé, in v2 I plan to rename it machine_ppc_prep_40p.py and add an
entry in MAINTAINERS:


With the change you want to do:
Reviewed-by: Hervé Poussineau 



-- >8 --
diff --git a/MAINTAINERS b/MAINTAINERS
@@ -1051,6 +1051,7 @@ F: hw/timer/m48t59-isa.c
  F: include/hw/isa/pc87312.h
  F: include/hw/timer/m48t59.h
  F: pc-bios/ppc_rom.bin
+F: tests/acceptance/machine_ppc_prep_40p.py

---



diff --git a/tests/acceptance/ppc_prep_40p.py b/tests/acceptance/ppc_prep_40p.py
new file mode 100644
index 00..53f2d2ecf0
--- /dev/null
+++ b/tests/acceptance/ppc_prep_40p.py
@@ -0,0 +1,63 @@
+# Functional test that boots a PReP/40p machine and checks its serial console.
+#
+# Copyright (c) Philippe Mathieu-Daudé 
+#
+# This work is licensed under the terms of the GNU GPL, version 2 or
+# later. See the COPYING file in the top-level directory.
+
+import os
+import logging
+
+from avocado import skipIf
+from avocado_qemu import Test
+
+
+class IbmPrep40pMachine(Test):
+
+timeout = 60
+
+# TODO refactor to MachineTest
+def wait_for_console_pattern(self, success_message, failure_message=None):
+"""
+Waits for messages to appear on the console, while logging the content
+
+:param success_message: if this message appears, test succeeds
+:param failure_message: if this message appears, test fails
+"""
+console = self.vm.console_socket.makefile()
+console_logger = logging.getLogger('console')
+while True:
+msg = console.readline().strip()
+if not msg:
+continue
+console_logger.debug(msg)
+if success_message in msg:
+break
+if failure_message and failure_message in msg:
+fail = 'Failure message found in console: %s' % failure_message
+self.fail(fail)
+
+@skipIf(os.getenv('CONTINUOUS_INTEGRATION'), 'Running on Travis-CI')
+def test_factory_firmware_and_netbsd(self):
+"""
+:avocado: tags=arch:ppc
+:avocado: tags=machine:40p
+:avocado: tags=slowness:high
+"""
+bios_url = ('ftp://ftp.boulder.ibm.com/rs6000/firmware/'
+'7020-40p/P12H0456.IMG')
+bios_hash = '1775face4e6dc27f3a6ed955ef6eb331bf817f03'
+bios_path = self.fetch_asset(bios_url, asset_hash=bios_hash)
+drive_url = ('https://ftp.netbsd.org/pub/NetBSD/NetBSD-archive/'
+ 'NetBSD-4.0/prep/installation/floppy/generic_com0.fs')
+drive_hash = 'dbcfc09912e71bd5f0d82c7c1ee43082fb596ceb'
+drive_path = self.fetch_asset(drive_url, asset_hash=drive_hash)
+
+self.vm.set_machine('40p')
+self.vm.set_console()
+self.vm.add_args('-bios', bios_path,
+ '-fda', drive_path)
+self.vm.launch()
+os_banner = 'NetBSD 4.0 (GENERIC) #0: Sun Dec 16 00:49:40 PST 2007'
+self.wait_for_console_pattern(os_banner)
+self.wait_for_console_pattern('Model: IBM PPS Model 6015')

Re: [Qemu-devel] [PATCH 4/4] hw/isa/i82378.c: use 1900 as a base year

2019-04-14 Thread Hervé Poussineau 

Le 14/04/2019 à 20:53, Artyom Tarasenko a écrit :

On Sun, Apr 14, 2019 at 7:01 PM Hervé Poussineau  wrote:


Le 12/04/2019 à 23:06, Artyom Tarasenko a écrit :

AIX 5.1 expects the base year to be 1900. Adjust accordingly.

Signed-off-by: Artyom Tarasenko 
---
   hw/isa/i82378.c | 4 +++-
   1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/isa/i82378.c b/hw/isa/i82378.c
index a5d67bc..546c928 100644
--- a/hw/isa/i82378.c
+++ b/hw/isa/i82378.c
@@ -107,7 +107,9 @@ static void i82378_realize(PCIDevice *pci, Error **errp)
   isa = isa_create_simple(isabus, "i82374");

   /* timer */
-isa_create_simple(isabus, TYPE_MC146818_RTC);
+isa = isa_create(isabus, TYPE_MC146818_RTC);
+qdev_prop_set_int32(DEVICE(isa), "base_year", 1900);
+qdev_init_nofail(DEVICE(isa));


I am not sure the base_year should be hardcoded in i82378. I can assume other 
machines with a i82378 can have another base_year.


I doubt it to be honest. How would it work in the hardware? Is there a
pin which would switch a year?
I do believe the different i823xx may have the different base years though.


OK, I don't really know. So, your patch looks fine.

Reviewed-by: Hervé Poussineau 




Maybe you can you add a base_year property to i82378, and forward it to 
mc146818 with object_property_add_alias?
Then, change 40p machine to set it to 1900, without changing it for prep 
machine.


Were you not going to drop the -M prep ? Because I sort of dropped the
support for it in OFW.
I had a branch were I added some registers to -M prep  enough that it
would be able to turn itself out as a PowerStack II Utah,
but then again I couldn't find any advantage of having two PReP machines.
AFAIK, the only OS which can run on Powerstack, but not on 40p is Motorola AIX.
But since we can have IBM AIX, I don't see why would we want to keep -M prep.


I really want to drop support for prep. But, as long as prep is in code base, 
we shouldn't regress it too much.



On the other hand, if you plan to revive it, I'll think about adding
the support for it to OFW.
PowerStack had a Cirrus VGA which we already have.


   }

   static void i82378_init(Object *obj)



Hervé

Re: [Qemu-devel] [PATCH 4/4] hw/isa/i82378.c: use 1900 as a base year

2019-04-14 Thread Hervé Poussineau 

Le 12/04/2019 à 23:06, Artyom Tarasenko a écrit :

AIX 5.1 expects the base year to be 1900. Adjust accordingly.

Signed-off-by: Artyom Tarasenko 
---
  hw/isa/i82378.c | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/isa/i82378.c b/hw/isa/i82378.c
index a5d67bc..546c928 100644
--- a/hw/isa/i82378.c
+++ b/hw/isa/i82378.c
@@ -107,7 +107,9 @@ static void i82378_realize(PCIDevice *pci, Error **errp)
  isa = isa_create_simple(isabus, "i82374");
  
  /* timer */

-isa_create_simple(isabus, TYPE_MC146818_RTC);
+isa = isa_create(isabus, TYPE_MC146818_RTC);
+qdev_prop_set_int32(DEVICE(isa), "base_year", 1900);
+qdev_init_nofail(DEVICE(isa));


I am not sure the base_year should be hardcoded in i82378. I can assume other 
machines with a i82378 can have another base_year.
Maybe you can you add a base_year property to i82378, and forward it to 
mc146818 with object_property_add_alias?
Then, change 40p machine to set it to 1900, without changing it for prep 
machine.


  }
  
  static void i82378_init(Object *obj)




Hervé

Re: [Qemu-devel] [PATCH 3/4] target/ppc: improve performance of large BAT invalidations

2019-04-14 Thread Hervé Poussineau 

Le 12/04/2019 à 23:06, Artyom Tarasenko a écrit :

Performing a complete flush is ~ 100 times faster than flushing
256MiB of 4KiB pages. Set a limit of 1024 pages and perform a complete
flush afterwards.

This patch significantly speeds up AIX 5.1 and NetBSD-ofppc.

Signed-off-by: Artyom Tarasenko 
---
  target/ppc/mmu_helper.c | 7 +++
  1 file changed, 7 insertions(+)


Reviewed-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH 1/4] lsi53c895a: hide 53c895a registers in 53c810

2019-04-14 Thread Hervé Poussineau 

Le 12/04/2019 à 23:06, Artyom Tarasenko a écrit :

AIX/PReP does access to the aliased IO registers of 53810.
Implement aliasing to make the AIX driver work.

Signed-off-by: Artyom Tarasenko 
---
  hw/scsi/lsi53c895a.c | 31 ++-
  1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index da7239d..08841e0 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -2266,11 +2266,13 @@ static const struct SCSIBusInfo lsi_scsi_info = {
  .cancel = lsi_request_cancelled
  };
  
-static void lsi_scsi_realize(PCIDevice *dev, Error **errp)

+static void lsi_scsi_realize_8xx(PCIDevice *dev, Error **errp, uint16_t type)


You can probably remove this change, and replace it by
uint16_t type = PCI_DEVICE_GET_CLASS(dev)->device_id;


  {
  LSIState *s = LSI53C895A(dev);
  DeviceState *d = DEVICE(dev);
  uint8_t *pci_conf;
+uint64_t mmio_size;
+MemoryRegion *mr;
  
  pci_conf = dev->config;
  
@@ -2279,13 +2281,21 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp)

  /* Interrupt pin A */
  pci_conf[PCI_INTERRUPT_PIN] = 0x01;
  
-memory_region_init_io(>mmio_io, OBJECT(s), _mmio_ops, s,

-  "lsi-mmio", 0x400);
  memory_region_init_io(>ram_io, OBJECT(s), _ram_ops, s,
"lsi-ram", 0x2000);
  memory_region_init_io(>io_io, OBJECT(s), _io_ops, s,
"lsi-io", 256);
-
+if (type == PCI_DEVICE_ID_LSI_53C895A) {
+mmio_size = 0x400;
+} else {
+mr = g_new(MemoryRegion, 1);
+memory_region_init_alias(mr, OBJECT(d), "lsi-io-alias", >io_io,
+ 0, 0x80);
+memory_region_add_subregion_overlap(>io_io, 0x80, mr, -1);
+mmio_size = 0x80;
+}
+memory_region_init_io(>mmio_io, OBJECT(s), _mmio_ops, s,
+  "lsi-mmio", mmio_size);
  address_space_init(>pci_io_as, pci_address_space_io(dev), 
"lsi-pci-io");
  qdev_init_gpio_out(d, >ext_irq, 1);
  
@@ -2297,6 +2307,16 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp)

  scsi_bus_new(>bus, sizeof(s->bus), d, _scsi_info, NULL);
  }
  
+static void lsi_scsi_realize_895A(PCIDevice *dev, Error **errp)

+{
+lsi_scsi_realize_8xx(dev, errp, PCI_DEVICE_ID_LSI_53C895A);
+}
+
+static void lsi_scsi_realize_810(PCIDevice *dev, Error **errp)
+{
+lsi_scsi_realize_8xx(dev, errp, PCI_DEVICE_ID_LSI_53C810);
+}


... so you can also remove these functions

+
  static void lsi_scsi_unrealize(DeviceState *dev, Error **errp)
  {
  LSIState *s = LSI53C895A(dev);
@@ -2309,7 +2329,7 @@ static void lsi_class_init(ObjectClass *klass, void *data)
  DeviceClass *dc = DEVICE_CLASS(klass);
  PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
  
-k->realize = lsi_scsi_realize;

+k->realize = lsi_scsi_realize_895A;


... so you can also remove this change

  k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
  k->device_id = PCI_DEVICE_ID_LSI_53C895A;
  k->class_id = PCI_CLASS_STORAGE_SCSI;
@@ -2335,6 +2355,7 @@ static void lsi53c810_class_init(ObjectClass *klass, void 
*data)
  {
  PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
  
+k->realize = lsi_scsi_realize_810;

... and this one.


  k->device_id = PCI_DEVICE_ID_LSI_53C810;
  }
  



Hervé

Re: [Qemu-devel] [PATCH 2/4] 40p and prep: implement PCI bus mastering

2019-04-14 Thread Hervé Poussineau 

Le 12/04/2019 à 23:06, Artyom Tarasenko a écrit :

Signed-off-by: Artyom Tarasenko 
---
  hw/pci-host/prep.c | 16 
  1 file changed, 12 insertions(+), 4 deletions(-)


Reviewed-by: Hervé Poussineau

Re: [Qemu-devel] How to correctly use more than 2 floppy drives?

2019-04-05 Thread Hervé Poussineau 

Le 05/04/2019 à 12:29, Philippe Mathieu-Daudé a écrit :

Hi,

I am trying to understand the possible values for the MAX_FD variable
used by the floppy controller model (hw/block/fdc.c).

Looking at git history:

- 2004-01-05 7138fcfbf7dd + 8977f3c107ef (Jocelyn Mayer):
   FDC introduced with "#define MAX_FD 2"

- 2008-04-29 78ae820cfeb0 (Hervé Poussineau):
   Supports up to 4 floppy drives if MAX_FD is set to 4
   Migration stream knows about runtime value of MAX_FD

- 2009-09-10 d7a6c2703577 (Juan Quintela):
   FDC vmstate-ified
   Migration stream use compile time value of MAX_FD

Since 7138fcfbf7dd MAX_FD has always been defined as 2.

Since d7a6c2703577 MAX_FD can not be different than 2 without breaking
migration.

If I understand correctly migration, first we should change in
vmstate_fdc the user-definable MAX_FD by a constant 2 value.

Then to be able to use >2 floppy disks I have to modify the the
vmstate.version_id, and

1/ add a new field in the vmstate_fdc containing the number of drives
and add code to check >2 and adapt

or

2/ change MAX_FD to 4 for all the codebase, adding some code to migrate
to older FDC with only 2 disks...

Another option I don't like is:

3/ get ride of MAX_FD != 2 and clean the codebase...

$ git grep '#if MAX_FD'
hw/block/fdc.c:744:#if MAX_FD == 4
hw/block/fdc.c:758:#if MAX_FD == 4
hw/block/fdc.c:1317:#if MAX_FD == 4
hw/block/fdc.c:1340:#if MAX_FD == 4
hw/block/fdc.c:2041:#if MAX_FD == 4
hw/block/fdc.c:2079:#if MAX_FD == 4
hw/block/fdc.c:2104:#if MAX_FD == 4

Hervé, what board are/were you using with 4 floppy drives?


That was only an attempt to support 4 drives in code, as controller was able to 
do it.
However, no emulated board took advantage of it, so that's why it kind-of 
regressed.

Feel free to choose the solution you prefer.

Hervé


BTW this link is somehow interesting :)
https://www.seasip.info/VintagePC/floppies.html

Thanks,

Phil.

Re: [Qemu-devel] [PATCH] Categorize devices

2019-03-26 Thread Hervé Poussineau 

Le 24/03/2019 à 19:05, Ernest Esene a écrit :

Categorize devices in "uncategorised devices" section
This patch is based on BiteSizedTask.

Signed-off-by: Ernest Esene 
---
  hw/dma/i82374.c   | 2 ++
  hw/i386/amd_iommu.c   | 2 ++
  hw/i386/intel_iommu.c | 2 ++
  hw/i386/pc_piix.c | 1 +
  hw/ipmi/ipmi_bmc_extern.c | 2 ++
  hw/ipmi/ipmi_bmc_sim.c| 2 ++
  hw/ipmi/isa_ipmi_bt.c | 2 ++
  hw/ipmi/isa_ipmi_kcs.c| 2 ++
  hw/mem/nvdimm.c   | 1 +
  hw/mem/pc-dimm.c  | 1 +
  hw/tpm/tpm_tis.c  | 3 +++
  11 files changed, 20 insertions(+)



i82374 part:

Reviewed-by: Hervé Poussineau 



diff --git a/hw/dma/i82374.c b/hw/dma/i82374.c
index 892f655a..5b42dd1b 100644
--- a/hw/dma/i82374.c
+++ b/hw/dma/i82374.c
@@ -147,6 +147,8 @@ static void i82374_class_init(ObjectClass *klass, void 
*data)
  dc->realize = i82374_realize;
  dc->vmsd = _i82374;
  dc->props = i82374_properties;
+dc->desc = "Intel Enhanced DMA controller";
+set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
  }
  
  static const TypeInfo i82374_info = {

diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 6eabdf99..4a4e2c7f 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -1601,6 +1601,8 @@ static void amdvi_class_init(ObjectClass *klass, void* 
data)
  dc_class->int_remap = amdvi_int_remap;
  /* Supported by the pc-q35-* machine types */
  dc->user_creatable = true;
+set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+dc->desc = "AMD IOMMU (AMD-Vi) DMA Remapping device";
  }
  
  static const TypeInfo amdvi = {

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index b90de6c6..4d0e6042 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -3702,6 +3702,8 @@ static void vtd_class_init(ObjectClass *klass, void *data)
  x86_class->int_remap = vtd_int_remap;
  /* Supported by the pc-q35-* machine types */
  dc->user_creatable = true;
+set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+dc->desc = "Intel IOMMU (VT-d) DMA Remapping device";
  }
  
  static const TypeInfo vtd_info = {

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 8ad8e885..03a9cb8a 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -911,6 +911,7 @@ static void isa_bridge_class_init(ObjectClass *klass, void 
*data)
  PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
  
  dc->desc= "ISA bridge faked to support IGD PT";

+set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
  k->vendor_id= PCI_VENDOR_ID_INTEL;
  k->class_id = PCI_CLASS_BRIDGE_ISA;
  };
diff --git a/hw/ipmi/ipmi_bmc_extern.c b/hw/ipmi/ipmi_bmc_extern.c
index bf0b7ee0..39049c4d 100644
--- a/hw/ipmi/ipmi_bmc_extern.c
+++ b/hw/ipmi/ipmi_bmc_extern.c
@@ -526,6 +526,8 @@ static void ipmi_bmc_extern_class_init(ObjectClass *oc, 
void *data)
  dc->hotpluggable = false;
  dc->realize = ipmi_bmc_extern_realize;
  dc->props = ipmi_bmc_extern_properties;
+set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+dc->desc = "IPMI Baseboard management controller";
  }
  
  static const TypeInfo ipmi_bmc_extern_type = {

diff --git a/hw/ipmi/ipmi_bmc_sim.c b/hw/ipmi/ipmi_bmc_sim.c
index 9b509f82..95a096fa 100644
--- a/hw/ipmi/ipmi_bmc_sim.c
+++ b/hw/ipmi/ipmi_bmc_sim.c
@@ -2016,6 +2016,8 @@ static void ipmi_sim_class_init(ObjectClass *oc, void 
*data)
  dc->realize = ipmi_sim_realize;
  dc->props = ipmi_sim_properties;
  bk->handle_command = ipmi_sim_handle_command;
+set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+dc->desc = "IPMI Baseboard management controller";
  }
  
  static const TypeInfo ipmi_sim_type = {

diff --git a/hw/ipmi/isa_ipmi_bt.c b/hw/ipmi/isa_ipmi_bt.c
index 8bbb1fa7..9ca3402e 100644
--- a/hw/ipmi/isa_ipmi_bt.c
+++ b/hw/ipmi/isa_ipmi_bt.c
@@ -541,6 +541,8 @@ static void isa_ipmi_bt_class_init(ObjectClass *oc, void 
*data)
  
  dc->realize = isa_ipmi_bt_realize;

  dc->props = ipmi_isa_properties;
+set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+dc->desc = "ISA IPMI BT System Interface";
  
  iic->get_backend_data = isa_ipmi_bt_get_backend_data;

  ipmi_bt_class_init(iic);
diff --git a/hw/ipmi/isa_ipmi_kcs.c b/hw/ipmi/isa_ipmi_kcs.c
index a7943155..818d59d1 100644
--- a/hw/ipmi/isa_ipmi_kcs.c
+++ b/hw/ipmi/isa_ipmi_kcs.c
@@ -524,6 +524,8 @@ static void isa_ipmi_kcs_class_init(ObjectClass *oc, void 
*data)
  
  dc->realize = ipmi_isa_realize;

  dc->props = ipmi_isa_properties;
+set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+dc->desc = "ISA IPMI KCS System Interface";
  
  iic->get_backend_data = isa_ipmi_kcs_get_backend_data;

  ipmi_kcs_class_init(iic);
diff --git a/hw/mem/nvdimm.c b/hw/mem/nvdimm.c
index bf2adf5e..a33

Re: [Qemu-devel] [PATCH 3/3] hw/ppc/prep: Drop useless inclusion of "hw/i386/pc.h"

2019-02-04 Thread Hervé Poussineau 

Le 04/02/2019 à 22:04, Philippe Mathieu-Daudé a écrit :

In 47973a2dbf we split the last generic chipset out of the PC
board, but forgot to remove the include of "hw/i386/pc.h".
Since it is now unused, remove it.

Signed-off-by: Philippe Mathieu-Daudé 


Reviewed-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH v2 2/5] ppc: Express dependencies of the 'prep' and '40p' machines with kconfig

2019-02-02 Thread Hervé Poussineau 

Le 31/01/2019 à 14:53, Thomas Huth a écrit :

Select the required devices in hw/ppc/Kconfig instead, so that
ppc-softmmu.mak only contains the user-selectable PREP switch.
Plug-in devices like NE2000_ISA are pulled in automatically by the
Kconfig build system now.

Cc: Hervé Poussineau 
Signed-off-by: Thomas Huth 
---
  default-configs/ppc-softmmu.mak | 8 
  hw/ppc/Kconfig  | 8 
  2 files changed, 8 insertions(+), 8 deletions(-)



Reviewed-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH-for-3.1] [REGRESSION FIX] ps2kbd: default to scan enabled after reset

2018-11-22 Thread Hervé Poussineau 

Ping again.

Le 18/11/2018 à 11:09, Hervé Poussineau a écrit :

Ping again.

v3.0 didn't contain 143c04c7e0639e53086519592ead15d2556bfbf2, so this commit 
fixes a regression.

Le 10/11/2018 à 21:53, Hervé Poussineau a écrit :

Ping.

Le 21/10/2018 à 21:07, Hervé Poussineau a écrit :

A check for scan_enabled has been added to ps2_keyboard_event in commit
143c04c7e0639e53086519592ead15d2556bfbf2 to prevent stream corruption.
This works well as long as operating system is resetting keyboard, or enabling 
it.

This fixes IBM 40p firmware, which doesn't bother sending KBD_CMD_RESET,
KBD_CMD_ENABLE or KBD_CMD_RESET_ENABLE before trying to use the keyboard.

Signed-off-by: Hervé Poussineau 
---
  hw/input/ps2.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index fdfcadf9a1..eded4f0f8d 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -938,7 +938,7 @@ static void ps2_kbd_reset(void *opaque)
  trace_ps2_kbd_reset(opaque);
  ps2_common_reset(>common);
-    s->scan_enabled = 0;
+    s->scan_enabled = 1;
  s->translate = 0;
  s->scancode_set = 2;
  s->modifiers = 0;

Re: [Qemu-devel] [PATCH-for-3.1] ps2kbd: default to scan enabled after reset

2018-11-18 Thread Hervé Poussineau 

Ping again.

v3.0 didn't contain 143c04c7e0639e53086519592ead15d2556bfbf2, so this commit 
fixes a regression.

Le 10/11/2018 à 21:53, Hervé Poussineau a écrit :

Ping.

Le 21/10/2018 à 21:07, Hervé Poussineau a écrit :

A check for scan_enabled has been added to ps2_keyboard_event in commit
143c04c7e0639e53086519592ead15d2556bfbf2 to prevent stream corruption.
This works well as long as operating system is resetting keyboard, or enabling 
it.

This fixes IBM 40p firmware, which doesn't bother sending KBD_CMD_RESET,
KBD_CMD_ENABLE or KBD_CMD_RESET_ENABLE before trying to use the keyboard.

Signed-off-by: Hervé Poussineau 
---
  hw/input/ps2.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index fdfcadf9a1..eded4f0f8d 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -938,7 +938,7 @@ static void ps2_kbd_reset(void *opaque)
  trace_ps2_kbd_reset(opaque);
  ps2_common_reset(>common);
-    s->scan_enabled = 0;
+    s->scan_enabled = 1;
  s->translate = 0;
  s->scancode_set = 2;
  s->modifiers = 0;

Re: [Qemu-devel] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled

2018-11-12 Thread Hervé Poussineau 

Le 11/11/2018 à 10:40, Mark Cave-Ayland a écrit :

Commit c8a35f1cf0f "fdc: use IsaDma interface instead of global DMA_*
functions" accidentally introduced a segfault in fdctrl_stop_transfer() for
non-DMA transfers.

If fdctrl->dma_chann has not been configured then the fdctrl->dma interface
reference isn't initialised during isabus_fdc_realize(). Unfortunately
fdctrl_stop_transfer() unconditionally references the DMA interface when
finishing the transfer causing a NULL pointer dereference.

Fix the issue by adding a check in fdctrl_stop_transfer() so that the DMA
interface reference and release method is only invoked if fdctrl->dma_chann
has been set.

(This issue was discovered by Martin testing a recent change in the NetBSD
installer under qemu-system-sparc)

Reported-by: Martin Husemann 
Signed-off-by: Mark Cave-Ayland 


Reviewed-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH] ps2kbd: default to scan enabled after reset

2018-11-10 Thread Hervé Poussineau 

Ping.

Le 21/10/2018 à 21:07, Hervé Poussineau a écrit :

A check for scan_enabled has been added to ps2_keyboard_event in commit
143c04c7e0639e53086519592ead15d2556bfbf2 to prevent stream corruption.
This works well as long as operating system is resetting keyboard, or enabling 
it.

This fixes IBM 40p firmware, which doesn't bother sending KBD_CMD_RESET,
KBD_CMD_ENABLE or KBD_CMD_RESET_ENABLE before trying to use the keyboard.

Signed-off-by: Hervé Poussineau 
---
  hw/input/ps2.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index fdfcadf9a1..eded4f0f8d 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -938,7 +938,7 @@ static void ps2_kbd_reset(void *opaque)
  
  trace_ps2_kbd_reset(opaque);

  ps2_common_reset(>common);
-s->scan_enabled = 0;
+s->scan_enabled = 1;
  s->translate = 0;
  s->scancode_set = 2;
  s->modifiers = 0;

Re: [Qemu-devel] [PATCH v5 08/11] hw/m68k: add Nubus support for macfb video card

2018-10-30 Thread Hervé Poussineau 

Le 29/10/2018 à 14:39, Mark Cave-Ayland a écrit :

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
---
  hw/display/macfb.c | 56 ++
  include/hw/display/macfb.h | 21 +
  2 files changed, 77 insertions(+)


Reviewed-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH v5 10/11] dp8393x: manage big endian bus

2018-10-30 Thread Hervé Poussineau 

Le 29/10/2018 à 14:39, Mark Cave-Ayland a écrit :

From: Laurent Vivier 

This is needed by Quadra 800, this card can run on little-endian
or big-endian bus.

Signed-off-by: Laurent Vivier 
Tested-by: Hervé Poussineau 
Reviewed-by: Philippe Mathieu-Daudé 


Reviewed-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH v5 06/11] esp: add pseudo-DMA as used by Macintosh

2018-10-30 Thread Hervé Poussineau 

Le 29/10/2018 à 14:39, Mark Cave-Ayland a écrit :

From: Laurent Vivier 

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
---
  hw/scsi/esp.c | 292 +-
  include/hw/scsi/esp.h |   7 ++
  2 files changed, 270 insertions(+), 29 deletions(-)



[...]

  
@@ -409,6 +564,7 @@ uint64_t esp_reg_read(ESPState *s, uint32_t saddr)

  s->ti_size--;
  s->rregs[ESP_FIFO] = s->ti_buf[s->ti_rptr++];
  }
+esp_raise_irq(s);
  if (s->ti_rptr == s->ti_wptr) {
  s->ti_rptr = 0;
  s->ti_wptr = 0;


You're now raising irq (not drq) when reading registers. In my opinion, this 
deserves its own patch with an explanation.

Hervé

Re: [Qemu-devel] [PATCH v5 09/11] hw/m68k: add a dummy SWIM floppy controller

2018-10-30 Thread Hervé Poussineau 

Le 29/10/2018 à 14:39, Mark Cave-Ayland a écrit :

From: Laurent Vivier 

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
---
  hw/block/Makefile.objs  |   1 +
  hw/block/swim.c | 415 
  include/hw/block/swim.h |  76 +
  3 files changed, 492 insertions(+)
  create mode 100644 hw/block/swim.c
  create mode 100644 include/hw/block/swim.h


[...]


diff --git a/include/hw/block/swim.h b/include/hw/block/swim.h
new file mode 100644
index 00..d6fbdc11ac
--- /dev/null
+++ b/include/hw/block/swim.h
@@ -0,0 +1,76 @@
+/*
+ * QEMU Macintosh floppy disk controller emulator (SWIM)
+ *
+ * Copyright (c) 2014-2018 Laurent Vivier 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef SWIM_H
+#define SWIM_H
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+
+#define MAX_FD  2


Maybe rename MAX_FD to SWIM_MAX_FD, to prevent conflicts with MAX_FD in other 
files?
Excepted that:
Reviewed-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH v5 04/11] hw/m68k: add macfb video card

2018-10-30 Thread Hervé Poussineau 

Le 29/10/2018 à 14:39, Mark Cave-Ayland a écrit :

From: Laurent Vivier 

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
---
  arch_init.c|   4 +
  hw/display/Makefile.objs   |   1 +
  hw/display/macfb.c | 419 +
  include/hw/display/macfb.h |  43 +
  qemu-options.hx|   2 +-
  vl.c   |   3 +-
  6 files changed, 470 insertions(+), 2 deletions(-)
  create mode 100644 hw/display/macfb.c
  create mode 100644 include/hw/display/macfb.h


Reviewed-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH v5 07/11] hw/m68k: add Nubus support

2018-10-30 Thread Hervé Poussineau 

Le 29/10/2018 à 14:39, Mark Cave-Ayland a écrit :

From: Laurent Vivier 

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
---
  hw/Makefile.objs|   1 +
  hw/nubus/Makefile.objs  |   4 +
  hw/nubus/mac-nubus-bridge.c |  45 
  hw/nubus/nubus-bridge.c |  34 ++
  hw/nubus/nubus-bus.c| 111 +++
  hw/nubus/nubus-device.c | 214 
  include/hw/nubus/mac-nubus-bridge.h |  24 
  include/hw/nubus/nubus.h|  69 
  8 files changed, 502 insertions(+)
  create mode 100644 hw/nubus/Makefile.objs
  create mode 100644 hw/nubus/mac-nubus-bridge.c
  create mode 100644 hw/nubus/nubus-bridge.c
  create mode 100644 hw/nubus/nubus-bus.c
  create mode 100644 hw/nubus/nubus-device.c
  create mode 100644 include/hw/nubus/mac-nubus-bridge.h
  create mode 100644 include/hw/nubus/nubus.h

diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 39d882af6f..92dc338759 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -36,6 +36,7 @@ devices-dirs-$(CONFIG_SOFTMMU) += watchdog/
  devices-dirs-$(CONFIG_SOFTMMU) += xen/
  devices-dirs-$(CONFIG_MEM_DEVICE) += mem/
  devices-dirs-$(CONFIG_SOFTMMU) += smbios/
+devices-dirs-$(CONFIG_NUBUS) += nubus/
  devices-dirs-y += core/
  common-obj-y += $(devices-dirs-y)
  obj-y += $(devices-dirs-y)
diff --git a/hw/nubus/Makefile.objs b/hw/nubus/Makefile.objs
new file mode 100644
index 00..ebb050a4ad
--- /dev/null
+++ b/hw/nubus/Makefile.objs
@@ -0,0 +1,4 @@
+common-obj-y += nubus-device.o
+common-obj-y += nubus-bus.o
+common-obj-y += nubus-bridge.o
+common-obj-$(CONFIG_MAC) += mac-nubus-bridge.o
diff --git a/hw/nubus/mac-nubus-bridge.c b/hw/nubus/mac-nubus-bridge.c
new file mode 100644
index 00..7c329300b8
--- /dev/null
+++ b/hw/nubus/mac-nubus-bridge.c
@@ -0,0 +1,45 @@
+/*
+ *  Copyright (c) 2013-2018 Laurent Vivier 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/nubus/mac-nubus-bridge.h"
+
+
+static void mac_nubus_bridge_init(Object *obj)
+{
+MacNubusState *s = MAC_NUBUS_BRIDGE(obj);
+SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+
+s->bus = NUBUS_BUS(qbus_create(TYPE_NUBUS_BUS, DEVICE(s), NULL));
+
+sysbus_init_mmio(sbd, >bus->super_slot_io);
+sysbus_init_mmio(sbd, >bus->slot_io);
+}
+
+static void mac_nubus_bridge_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->desc = "Nubus bridge";
+}
+
+static const TypeInfo mac_nubus_bridge_info = {
+.name  = TYPE_MAC_NUBUS_BRIDGE,
+.parent= TYPE_NUBUS_BRIDGE,
+.instance_init = mac_nubus_bridge_init,
+.instance_size = sizeof(MacNubusState),
+.class_init= mac_nubus_bridge_class_init,
+};
+
+static void mac_nubus_bridge_register_types(void)
+{
+type_register_static(_nubus_bridge_info);
+}
+
+type_init(mac_nubus_bridge_register_types)
diff --git a/hw/nubus/nubus-bridge.c b/hw/nubus/nubus-bridge.c
new file mode 100644
index 00..cd8c6a91eb
--- /dev/null
+++ b/hw/nubus/nubus-bridge.c
@@ -0,0 +1,34 @@
+/*
+ * QEMU Macintosh Nubus
+ *
+ * Copyright (c) 2013-2018 Laurent Vivier 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/nubus/nubus.h"
+
+static void nubus_bridge_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->fw_name = "nubus";
+}
+
+static const TypeInfo nubus_bridge_info = {
+.name  = TYPE_NUBUS_BRIDGE,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(SysBusDevice),
+.class_init= nubus_bridge_class_init,
+};
+
+static void nubus_register_types(void)
+{
+type_register_static(_bridge_info);
+}
+
+type_init(nubus_register_types)
diff --git a/hw/nubus/nubus-bus.c b/hw/nubus/nubus-bus.c
new file mode 100644
index 00..448fa95600
--- /dev/null
+++ b/hw/nubus/nubus-bus.c
@@ -0,0 +1,111 @@
+/*
+ * QEMU Macintosh Nubus
+ *
+ * Copyright (c) 2013-2018 Laurent Vivier 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "hw/nubus/nubus.h"
+#include "hw/sysbus.h"
+#include "qapi/error.h"
+
+
+static NubusBus *nubus_find(void)
+{
+/* Returns NULL unless there is exactly one nubus device */
+return NUBUS_BUS(object_resolve_path_type("", TYPE_NUBUS_BUS, NULL));
+}
+
+static void nubus_slot_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned int size)
+{
+return;
+}


Useless return. In some other functions (like nubus_fblock_write),

Re: [Qemu-devel] [PATCH v5 02/11] hw/m68k: implement ADB bus support for via

2018-10-30 Thread Hervé Poussineau 

Le 29/10/2018 à 14:39, Mark Cave-Ayland a écrit :

From: Laurent Vivier 

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
---
  hw/misc/mac_via.c | 190 ++
  include/hw/misc/mac_via.h |   7 ++
  2 files changed, 197 insertions(+)


Reviewed-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH v5 01/11] hw/m68k: add via support

2018-10-30 Thread Hervé Poussineau 

Le 29/10/2018 à 14:39, Mark Cave-Ayland a écrit :

From: Laurent Vivier 

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
---
  hw/misc/Makefile.objs |   1 +
  hw/misc/mac_via.c | 666 ++
  include/hw/misc/mac_via.h | 107 
  3 files changed, 774 insertions(+)
  create mode 100644 hw/misc/mac_via.c
  create mode 100644 include/hw/misc/mac_via.h


Reviewed-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH v5 05/11] hw/m68k: Apple Sound Chip (ASC) emulation

2018-10-30 Thread Hervé Poussineau 

Le 29/10/2018 à 14:39, Mark Cave-Ayland a écrit :

From: Laurent Vivier 

This is broken as the linux driver seems broken too...

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
---
  hw/audio/Makefile.objs |   1 +
  hw/audio/asc.c | 446 +
  include/hw/audio/asc.h |  48 ++
  3 files changed, 495 insertions(+)
  create mode 100644 hw/audio/asc.c
  create mode 100644 include/hw/audio/asc.h


According to above comment, this device is broken.
Is it necessary for Q800 emulation? What happens if you remove it?

Re: [Qemu-devel] [PATCH v5 03/11] escc: introduce a selector for the register bit

2018-10-30 Thread Hervé Poussineau 

Le 29/10/2018 à 14:39, Mark Cave-Ayland a écrit :

From: Laurent Vivier 

On Sparc and PowerMac, the bit 0 of the address
selects the register type (control or data) and
bit 1 selects the channel (B or A).

On m68k Macintosh, the bit 0 selects the channel and
bit 1 the register type.

This patch introduces a new parameter (bit_swap) to
the device interface to indicate bits usage must
be swapped between registers and channels.

For the moment all the machines use the bit 0,
but this change will be needed to emulate Quadra 800.

Signed-off-by: Laurent Vivier 
---
  hw/char/escc.c | 30 --
  include/hw/char/escc.h |  1 +
  2 files changed, 25 insertions(+), 6 deletions(-)


Reviewed-by: Hervé Poussineau

[Qemu-devel] [PATCH] ps2kbd: default to scan enabled after reset

2018-10-21 Thread Hervé Poussineau 
A check for scan_enabled has been added to ps2_keyboard_event in commit
143c04c7e0639e53086519592ead15d2556bfbf2 to prevent stream corruption.
This works well as long as operating system is resetting keyboard, or enabling 
it.

This fixes IBM 40p firmware, which doesn't bother sending KBD_CMD_RESET,
KBD_CMD_ENABLE or KBD_CMD_RESET_ENABLE before trying to use the keyboard.

Signed-off-by: Hervé Poussineau 
---
 hw/input/ps2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index fdfcadf9a1..eded4f0f8d 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -938,7 +938,7 @@ static void ps2_kbd_reset(void *opaque)
 
 trace_ps2_kbd_reset(opaque);
 ps2_common_reset(>common);
-s->scan_enabled = 0;
+s->scan_enabled = 1;
 s->translate = 0;
 s->scancode_set = 2;
 s->modifiers = 0;
-- 
2.11.0

Re: [Qemu-devel] [PATCH v3 0/2] 40p: fix PCI interrupt routing

2018-09-12 Thread Hervé Poussineau 

Le 10/09/2018 à 22:46, Mark Cave-Ayland a écrit :

According to the PReP specification section 6.1.6 "System Interrupt
Assignments", all PCI interrupts are routed via IRQ 15.

In the case of the 40p machine this isn't quite true in that it has a routing
quirk: the LSI SCSI device is always routed to IRQ 13. At least Linux and
NetBSD compare the model name presented by the firmware to "IBM PPS Model
6015", and if it matches will active this quirk.

In order for guest OSs to make use of the fixed IRQ routing, the model name
in the residual data must be changed in OpenBIOS using the diff below:

diff --git a/arch/ppc/qemu/context.c b/arch/ppc/qemu/context.c
index 06e0122..5815895 100644
--- a/arch/ppc/qemu/context.c
+++ b/arch/ppc/qemu/context.c
@@ -111,7 +111,7 @@ static void *
  residual_build(uint32_t memsize, uint32_t load_base, uint32_t load_size)
  {
  residual_t *res;
-const unsigned char model[] = "Qemu\0PPC\0";
+const unsigned char model[] = "IBM PPS Model 6015\0";
  int i;
  
  res = malloc(sizeof(residual_t));


With the above OpenBIOS patch applied as well as this patchset, it is now
possible to boot the sandalfoot zImage all the way through to a working
userspace when using OpenBIOS.

(Note: this patchset requires the changes in my previous patchset "scsi:
replace lsi53c895a_create() and lsi53c810_create() functions)

Signed-off-by: Mark Cave-Ayland 
Based-on: <20180907125653.5010-1-mark.cave-ayl...@ilande.co.uk>

v3:
- Add external IRQ to LSI SCSI device instead of hacking the PCI interrupt
   routing as suggested by David
- Rebase onto the patches from v2 already applied to ppc-for-3.1

v2:
- Add OR gate as recommended by Zoltan and implement routing quirk by hacking
   the raven PCI interrupt routing


Mark Cave-Ayland (2):
   lsi53c895a: add optional external IRQ via qdev
   40p: add fixed IRQ routing for LSI SCSI device

  hw/ppc/prep.c| 11 ++-
  hw/scsi/lsi53c895a.c | 16 ++--
  2 files changed, 20 insertions(+), 7 deletions(-)



Reviewed-by: Hervé Poussineau 
Tested-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH v3] hw/ppc: on 40p machine, change default firmware to OpenBIOS

2018-09-08 Thread Hervé Poussineau 

Le 08/09/2018 à 18:20, Stefan Weil a écrit :

Am 08.09.2018 um 18:14 schrieb Hervé Poussineau:
[...]

diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index f123b15e3e..f865822e32 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -75,12 +75,12 @@ typedef struct testdef {
  static testdef_t tests[] = {
  { "alpha", "clipper", "", "PCI:" },
  { "ppc", "ppce500", "", "U-Boot" },
-{ "ppc", "40p", "-boot d", "Booting from device d" },
+{ "ppc", "40p", "-vga none -boot d", "Trying cd:," },
  { "ppc", "g3beige", "", "PowerPC,750" },
  { "ppc", "mac99", "", "PowerPC,G4" },
  { "ppc", "sam460ex", "-m 256", "DRAM:  256 MiB" },
  { "ppc64", "ppce500", "", "U-Boot" },
-{ "ppc64", "40p", "-m 192", "Memory size: 192 MB" },
+{ "ppc64", "40p", "-m 192", "Memory: 192M" },


I suggest using "Memory: 192 MiB" (like in the code for sam460ex above).


No, because OpenBIOS doesn't print the "iB" letters...

Hervé

[Qemu-devel] [PATCH v3] hw/ppc: on 40p machine, change default firmware to OpenBIOS

2018-09-08 Thread Hervé Poussineau 
OpenBIOS gained 40p support in 5b20e4cacecb62fb2bdc6867c11d44cddd77c4ff
Use it, instead of relying on an unmaintained and very limited firmware.

Signed-off-by: Hervé Poussineau 
---
Changes v2->v3:
- rebased on dgibson/ppc-for-3.1

Changes v1->v2:
- rebased on master
- fixed tests

 hw/ppc/prep.c| 2 +-
 tests/boot-serial-test.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 162b27a3b8..baca1d7c04 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -651,7 +651,7 @@ static void ibm_40p_init(MachineState *machine)
 /* PCI host */
 dev = qdev_create(NULL, "raven-pcihost");
 if (!bios_name) {
-bios_name = BIOS_FILENAME;
+bios_name = "openbios-ppc";
 }
 qdev_prop_set_string(dev, "bios-name", bios_name);
 qdev_prop_set_uint32(dev, "elf-machine", PPC_ELF_MACHINE);
diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index f123b15e3e..f865822e32 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -75,12 +75,12 @@ typedef struct testdef {
 static testdef_t tests[] = {
 { "alpha", "clipper", "", "PCI:" },
 { "ppc", "ppce500", "", "U-Boot" },
-{ "ppc", "40p", "-boot d", "Booting from device d" },
+{ "ppc", "40p", "-vga none -boot d", "Trying cd:," },
 { "ppc", "g3beige", "", "PowerPC,750" },
 { "ppc", "mac99", "", "PowerPC,G4" },
 { "ppc", "sam460ex", "-m 256", "DRAM:  256 MiB" },
 { "ppc64", "ppce500", "", "U-Boot" },
-{ "ppc64", "40p", "-m 192", "Memory size: 192 MB" },
+{ "ppc64", "40p", "-m 192", "Memory: 192M" },
 { "ppc64", "mac99", "", "PowerPC,970FX" },
 { "ppc64", "pseries", "", "Open Firmware" },
 { "ppc64", "powernv", "-cpu POWER8", "OPAL" },
-- 
2.11.0

Re: [Qemu-devel] [PATCH v2 0/3] 40p: fix PCI interrupt routing

2018-09-08 Thread Hervé Poussineau 

Le 08/09/2018 à 11:08, Mark Cave-Ayland a écrit :

According to the PReP specification section 6.1.6 "System Interrupt
Assignments", all PCI interrupts are routed via IRQ 15.

In the case of the 40p machine this isn't quite true in that it has a routing
quirk: the LSI SCSI device is always routed to IRQ 13. At least Linux and
NetBSD compare the model name presented by the firmware to "IBM PPS Model
6015", and if it matches will active this quirk.

There is also a slight issue in that whilst the legacy PReP machine is still
present in the codebase, the old IRQ routing must still be preserved. This is
done by introducing a new "is-legacy-prep" qdev property to the raven PCI host
bridge which preserves the old routing for -M prep until that code is finally
removed.



Reviewed-by: Hervé Poussineau 
Tested-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH v2 0/3] scsi: replace lsi53c895a_create() and lsi53c810_create() functions

2018-09-08 Thread Hervé Poussineau 

Le 07/09/2018 à 14:56, Mark Cave-Ayland a écrit :

As part of an upcoming 40p patchset I have a requirement to change the PCI
configuration of the LSI SCSI. However since commits a64aa5785d "hw: Deprecate 
-drive
if=scsi with non-onboard HBAs" and b891538e81 "hw/ppc/prep: Fix implicit 
creation of
"-drive if=scsi", the lsi53c8*_create() wrapper functions don't return the 
device
state itself.

This patchset replaces the lsi53c895a_create() and lsi53c810_create() functions
with a single lsi53c8xx_handle_legacy_cmdline() function as suggested by Thomas,
which makes the caller responsible for initing the LSI SCSI device and hence
allowing it to be configured as required.

Signed-off-by: Mark Cave-Ayland 

v2:
- Don't split LSIState into separate lsi53c895a.h header but instead use a new
   lsi53c8xx_handle_legacy_cmdline() function as suggested by Thomas


Mark Cave-Ayland (3):
   scsi: add lsi53c8xx_handle_legacy_cmdline() function
   scsi: move lsi53c8xx_create() callers to
 lsi53c8xx_handle_legacy_cmdline()
   scsi: remove unused lsi53c895a_create() and lsi53c810_create()
 functions

  hw/arm/realview.c|  3 ++-
  hw/arm/versatilepb.c |  3 ++-
  hw/hppa/machine.c|  4 +++-
  hw/ppc/prep.c|  4 +++-
  hw/scsi/lsi53c895a.c | 11 ++-
  include/hw/pci/pci.h |  3 +--
  6 files changed, 13 insertions(+), 15 deletions(-)



Reviewed-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH] hw/ppc: on 40p machine, change default firmware to OpenBIOS

2018-09-04 Thread Hervé Poussineau 

Le 31/08/2018 à 16:16, Mark Cave-Ayland a écrit :

On 20/08/18 04:16, David Gibson wrote:


On Fri, Aug 10, 2018 at 04:41:54PM +1000, David Gibson wrote:

On Fri, Aug 10, 2018 at 07:37:12AM +0200, Hervé Poussineau wrote:

OpenBIOS gained 40p support in 5b20e4cacecb62fb2bdc6867c11d44cddd77c4ff
Use it, instead of relying on an unmaintained and very limited firmware.

Signed-off-by: Hervé Poussineau 


Applied to ppc-for-3.1, thanks.


But I'm afraid I've had to pull it out.  This breaks boot-serial-test,
because the new firmware prints different messages than the old one
did and the testcase isn't looking for them.

I tried fixing it, but ran into complications I didn't have time to
debug.  So I'm afraid this will miss my coming-soon pull request.

You should be able to reproduce the problem with "make check
SPEED=slow", can you fix this up and resubmit.




---
  hw/ppc/prep.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 3401570d98..1558855247 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -736,7 +736,7 @@ static void ibm_40p_init(MachineState *machine)
  /* PCI host */
  dev = qdev_create(NULL, "raven-pcihost");
  if (!bios_name) {
-bios_name = BIOS_FILENAME;
+bios_name = "openbios-ppc";
  }
  qdev_prop_set_string(dev, "bios-name", bios_name);
  qdev_prop_set_uint32(dev, "elf-machine", PPC_ELF_MACHINE);


Thanks to Thomas on IRC, I was able come up with the diff below which
fixes boot-serial-test when this patch is applied:

diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index f123b15e3e..f865822e32 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -75,12 +75,12 @@ typedef struct testdef {
  static testdef_t tests[] = {
  { "alpha", "clipper", "", "PCI:" },
  { "ppc", "ppce500", "", "U-Boot" },
-{ "ppc", "40p", "-boot d", "Booting from device d" },
+{ "ppc", "40p", "-vga none -boot d", "Trying cd:," },
  { "ppc", "g3beige", "", "PowerPC,750" },
  { "ppc", "mac99", "", "PowerPC,G4" },
  { "ppc", "sam460ex", "-m 256", "DRAM:  256 MiB" },
  { "ppc64", "ppce500", "", "U-Boot" },
-{ "ppc64", "40p", "-m 192", "Memory size: 192 MB" },
+{ "ppc64", "40p", "-m 192", "Memory: 192M" },
  { "ppc64", "mac99", "", "PowerPC,970FX" },
  { "ppc64", "pseries", "", "Open Firmware" },
  { "ppc64", "powernv", "-cpu POWER8", "OPAL" },

Hervé, can you confirm that this fixes "make check" for you? If so it
should just be a simple case of squashing into the above patch and then
resubmitting a v2.


Yes, this also fixes "make check" for me.
v2 sent at http://lists.gnu.org/archive/html/qemu-devel/2018-09/msg00362.html

Thanks for the help.

Hervé

[Qemu-devel] [PATCH v2] hw/ppc: on 40p machine, change default firmware to OpenBIOS

2018-09-04 Thread Hervé Poussineau 
OpenBIOS gained 40p support in 5b20e4cacecb62fb2bdc6867c11d44cddd77c4ff
Use it, instead of relying on an unmaintained and very limited firmware.

Signed-off-by: Hervé Poussineau 
---
 hw/ppc/prep.c| 2 +-
 tests/boot-serial-test.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 3401570d98..1558855247 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -736,7 +736,7 @@ static void ibm_40p_init(MachineState *machine)
 /* PCI host */
 dev = qdev_create(NULL, "raven-pcihost");
 if (!bios_name) {
-bios_name = BIOS_FILENAME;
+bios_name = "openbios-ppc";
 }
 qdev_prop_set_string(dev, "bios-name", bios_name);
 qdev_prop_set_uint32(dev, "elf-machine", PPC_ELF_MACHINE);
diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index 952a2e7ead..276ca14c97 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -76,13 +76,13 @@ static testdef_t tests[] = {
 { "alpha", "clipper", "", "PCI:" },
 { "ppc", "ppce500", "", "U-Boot" },
 { "ppc", "prep", "-m 96", "Memory size: 96 MB" },
-{ "ppc", "40p", "-boot d", "Booting from device d" },
+{ "ppc", "40p", "-vga none -boot d", "Trying cd:," },
 { "ppc", "g3beige", "", "PowerPC,750" },
 { "ppc", "mac99", "", "PowerPC,G4" },
 { "ppc", "sam460ex", "-m 256", "DRAM:  256 MiB" },
 { "ppc64", "ppce500", "", "U-Boot" },
 { "ppc64", "prep", "-boot e", "Booting from device e" },
-{ "ppc64", "40p", "-m 192", "Memory size: 192 MB" },
+{ "ppc64", "40p", "-m 192", "Memory: 192M" },
 { "ppc64", "mac99", "", "PowerPC,970FX" },
 { "ppc64", "pseries", "", "Open Firmware" },
 { "ppc64", "powernv", "-cpu POWER8", "OPAL" },
-- 
2.11.0

[Qemu-devel] [PATCH] qemu-doc: mark ppc/prep machine as deprecated

2018-08-10 Thread Hervé Poussineau 
40p machine type should be used instead.

Signed-off-by: Hervé Poussineau 
---
 qemu-deprecated.texi | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi
index 9920a85adc..9c7ff3fe2d 100644
--- a/qemu-deprecated.texi
+++ b/qemu-deprecated.texi
@@ -218,6 +218,12 @@ support page sizes < 4096 any longer.
 These machine types are very old and likely can not be used for live migration
 from old QEMU versions anymore. A newer machine type should be used instead.
 
+@subsection prep (PowerPC) (since 3.1)
+
+This machine type uses an unmaintained firmware, broken in lots of ways,
+and unable to start post-2004 operating systems. 40p machine type should be
+used instead.
+
 @section Device options
 
 @subsection Block device options
-- 
2.11.0

Re: [Qemu-devel] [PATCH] 40p: don't use legacy fw_cfg_init_mem() function

2018-08-10 Thread Hervé Poussineau 

Le 10/08/2018 à 14:04, Mark Cave-Ayland a écrit :

Instead initialise the device via qdev to allow us to set device properties
directly as required.

Signed-off-by: Mark Cave-Ayland 
---
  hw/ppc/prep.c | 13 +++--
  1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 3401570d98..9cf4a2adc3 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -706,7 +706,7 @@ static void ibm_40p_init(MachineState *machine)
  uint16_t cmos_checksum;
  PowerPCCPU *cpu;
  DeviceState *dev;
-SysBusDevice *pcihost;
+SysBusDevice *pcihost, *s;
  Nvram *m48t59 = NULL;
  PCIBus *pci_bus;
  ISABus *isa_bus;
@@ -799,7 +799,16 @@ static void ibm_40p_init(MachineState *machine)
  }
  
  /* Prepare firmware configuration for OpenBIOS */

-fw_cfg = fw_cfg_init_mem(CFG_ADDR, CFG_ADDR + 2);
+dev = qdev_create(NULL, TYPE_FW_CFG_MEM);
+fw_cfg = FW_CFG(dev);
+qdev_prop_set_uint32(dev, "data_width", 1);
+qdev_prop_set_bit(dev, "dma_enabled", false);
+object_property_add_child(OBJECT(qdev_get_machine()), TYPE_FW_CFG,
+  OBJECT(fw_cfg), NULL);
+qdev_init_nofail(dev);
+s = SYS_BUS_DEVICE(dev);
+sysbus_mmio_map(s, 0, CFG_ADDR);
+sysbus_mmio_map(s, 1, CFG_ADDR + 2);
  
  if (machine->kernel_filename) {

  /* load kernel */



So, you're inlining fw_cfg_init_mem() and resolving parameters and conditions.
Any reason to do this, as this function is also used in other places?

However,
Acked-by: Hervé Poussineau 

Hervé

Re: [Qemu-devel] [PATCH 2/2] hw/ppc: deprecate the machine type 'prep', replaced by '40p'

2018-08-10 Thread Hervé Poussineau 

Hello,

Le 10/08/2018 à 18:17, Programmingkid a écrit :


Can a real 40p machine boot Windows NT 4.0 PowerPC?




Yes.

A real 40p machine is able to run (at least):
- Windows NT (up to 4.0 SP1)
- AIX (up to 4.3.3)
- the beta of OS/2 PowerPC
- Solaris
- Linux
- NetBSD/PReP

However, Windows NT emulation doesn't work so well. OpenBIOS doesn't support 
(yet)
booting from the floppy drive.

Hervé

Re: [Qemu-devel] [PATCH 1/2] hw/ppc: on 40p machine, change default firmware to OpenBIOS

2018-08-09 Thread Hervé Poussineau 

Le 10/08/2018 à 03:04, David Gibson a écrit :

On Thu, Aug 09, 2018 at 10:40:09PM +0200, Hervé Poussineau wrote:

OpenBIOS gained 40p support in 5b20e4cacecb62fb2bdc6867c11d44cddd77c4ff
Use it, instead of relying on the presence of a proprietary
firmware.


Uh..  openhackware might be, well, a hack, but I don't think it's
propietary.  Replacing it with openbios might well be a good idea, but
we want an accurrate reason for doing so.


Oops, you're right. That's what happens when you try to change/expand
your commit messages just before sending the patch. I will resend.




Signed-off-by: Hervé Poussineau 
---
  hw/ppc/prep.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 3401570d98..1558855247 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -736,7 +736,7 @@ static void ibm_40p_init(MachineState *machine)
  /* PCI host */
  dev = qdev_create(NULL, "raven-pcihost");
  if (!bios_name) {
-bios_name = BIOS_FILENAME;
+bios_name = "openbios-ppc";
  }
  qdev_prop_set_string(dev, "bios-name", bios_name);
  qdev_prop_set_uint32(dev, "elf-machine", PPC_ELF_MACHINE);

[Qemu-devel] [PATCH] hw/ppc: on 40p machine, change default firmware to OpenBIOS

2018-08-09 Thread Hervé Poussineau 
OpenBIOS gained 40p support in 5b20e4cacecb62fb2bdc6867c11d44cddd77c4ff
Use it, instead of relying on an unmaintained and very limited firmware.

Signed-off-by: Hervé Poussineau 
---
 hw/ppc/prep.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 3401570d98..1558855247 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -736,7 +736,7 @@ static void ibm_40p_init(MachineState *machine)
 /* PCI host */
 dev = qdev_create(NULL, "raven-pcihost");
 if (!bios_name) {
-bios_name = BIOS_FILENAME;
+bios_name = "openbios-ppc";
 }
 qdev_prop_set_string(dev, "bios-name", bios_name);
 qdev_prop_set_uint32(dev, "elf-machine", PPC_ELF_MACHINE);
-- 
2.11.0

[Qemu-devel] [PATCH 1/2] hw/ppc: on 40p machine, change default firmware to OpenBIOS

2018-08-09 Thread Hervé Poussineau 
OpenBIOS gained 40p support in 5b20e4cacecb62fb2bdc6867c11d44cddd77c4ff
Use it, instead of relying on the presence of a proprietary firmware.

Signed-off-by: Hervé Poussineau 
---
 hw/ppc/prep.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 3401570d98..1558855247 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -736,7 +736,7 @@ static void ibm_40p_init(MachineState *machine)
 /* PCI host */
 dev = qdev_create(NULL, "raven-pcihost");
 if (!bios_name) {
-bios_name = BIOS_FILENAME;
+bios_name = "openbios-ppc";
 }
 qdev_prop_set_string(dev, "bios-name", bios_name);
 qdev_prop_set_uint32(dev, "elf-machine", PPC_ELF_MACHINE);
-- 
2.11.0

[Qemu-devel] [PATCH 0/2] ppc: deprecate 'prep' machine

2018-08-09 Thread Hervé Poussineau 
Hello,

These two small patches deprecate the PPC 'prep' machine in favor of the
'40p' machine.

This is already flagged as 'Future candidate' for removal in
https://wiki.qemu.org/Features/LegacyRemoval

Herv�

Hervé Poussineau (2):
  hw/ppc: on 40p machine, change default firmware to OpenBIOS
  hw/ppc: deprecate the machine type 'prep', replaced by '40p'

 hw/ppc/prep.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

-- 
2.11.0

[Qemu-devel] [PATCH 2/2] hw/ppc: deprecate the machine type 'prep', replaced by '40p'

2018-08-09 Thread Hervé Poussineau 
- prep machine is a fictional machine, so has no specifications. Which
  devices can be changed/added/removed without impact? Are interrupts
  correctly mapped?
- prep firmware (OHW) has support only for IDE drives (no SCSI).
  Booting from IDE has been broken approximatively 3 years ago, and nobody 
complained.
- OHW is limited on IDE boot to a specific set of OS loaders.
  These operating systems are of the 2004 time frame.
- OHW can use -kernel. Linux kernel freezes a long time after PS/2 mouse
  detection, and then screen becomes garbage. This was already broken in
  QEMU v2.7, 2 years ago, and nobody complained.

On the other side:
- 40p is a real machine, so emulation can be checked against
  hardware specifications
- OpenBIOS has support for SCSI block devices, including 40p LSI adapter
- OpenBIOS can start mostly all Linux kernels (including recent ones)
  and recent operating system (like NetBSD 7.1.2)

Signed-off-by: Hervé Poussineau 
---
 hw/ppc/prep.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 1558855247..fbcaebabc0 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -676,6 +676,7 @@ static void ppc_prep_init(MachineState *machine)
 
 static void prep_machine_init(MachineClass *mc)
 {
+mc->deprecation_reason = "use 40p machine type instead";
 mc->desc = "PowerPC PREP platform";
 mc->init = ppc_prep_init;
 mc->block_default_type = IF_IDE;
-- 
2.11.0

Re: [Qemu-devel] [PATCH 1/2] hw/display/vga-isa-mm: Convert away from old_mmio

2018-08-02 Thread Hervé Poussineau 

Le 02/08/2018 à 17:51, Peter Maydell a écrit :

Convert the vga-isa-mm device away from the old_mmio
MemoryRegion accessors.

This device is only used by the MIPS 'jazz' boards
"magnum" and "pica61".

Signed-off-by: Peter Maydell 
---
  hw/display/vga-isa-mm.c | 60 +
  1 file changed, 13 insertions(+), 47 deletions(-)



Note: this device is only used by the MIPS "pica61" board, not the "magnum" one.
The commit message may be changed accordingly.

Reviewed-by: Hervé Poussineau 
Tested-by: Hervé Poussineau

Re: [Qemu-devel] [PATCH 1/3] hw/ppc/prep: Remove ifdeffed-out stub of XCSR code

2018-08-02 Thread Hervé Poussineau 

Le 02/08/2018 à 16:44, Peter Maydell a écrit :

The prep machine has some code which is stubs of accessors
for XCSR registers. This has been disabled via #if 0
since commit b6b8bd1819ff in 2004, and doesn't have any
actual interesting content. It also uses the deprecated
old_mmio accessor functions. Remove it entirely.

Signed-off-by: Peter Maydell 
---
  hw/ppc/prep.c | 97 +++
  1 file changed, 4 insertions(+), 93 deletions(-)



Reviewed-by: Hervé Poussineau

Re: [Qemu-devel] [RFC v3 09/10] dp8393x: manage big endian bus

2018-07-08 Thread Hervé Poussineau 

Le 08/07/2018 à 23:11, Peter Maydell a écrit :

On 28 June 2018 at 00:29, Laurent Vivier  wrote:

This is needed by Quadra 800, this card can run on little-endian
or big-endian bus.

Signed-off-by: Laurent Vivier 
Tested-by: Hervé Poussineau 
---
  hw/net/dp8393x.c | 88 
  1 file changed, 57 insertions(+), 31 deletions(-)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index f2d2ce344c..62adff9ba3 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -150,6 +150,7 @@ typedef struct dp8393xState {

  /* Hardware */
  uint8_t it_shift;
+bool big_endian;
  qemu_irq irq;
  #ifdef DEBUG_SONIC
  int irq_level;
@@ -220,6 +221,29 @@ static uint32_t dp8393x_wt(dp8393xState *s)
  return s->regs[SONIC_WT1] << 16 | s->regs[SONIC_WT0];
  }

+static uint16_t dp8393x_get(dp8393xState *s, int width, uint16_t *base,
+int offset)
+{
+uint16_t val;
+
+if (s->big_endian) {
+val = be16_to_cpu(base[offset * width + width - 1]);
+} else {
+val = le16_to_cpu(base[offset * width]);
+}
+return val;
+}
+
+static void dp8393x_put(dp8393xState *s, int width, uint16_t *base, int offset,
+uint16_t val)
+{
+if (s->big_endian) {
+base[offset * width + width - 1] = cpu_to_be16(val);
+} else {
+base[offset * width] = cpu_to_le16(val);
+}
+}
+
  static void dp8393x_update_irq(dp8393xState *s)
  {
  int level = (s->regs[SONIC_IMR] & s->regs[SONIC_ISR]) ? 1 : 0;
@@ -251,12 +275,12 @@ static void dp8393x_do_load_cam(dp8393xState *s)
  /* Fill current entry */
  address_space_rw(>as, dp8393x_cdp(s),
  MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
-s->cam[index][0] = data[1 * width] & 0xff;
-s->cam[index][1] = data[1 * width] >> 8;
-s->cam[index][2] = data[2 * width] & 0xff;
-s->cam[index][3] = data[2 * width] >> 8;
-s->cam[index][4] = data[3 * width] & 0xff;
-s->cam[index][5] = data[3 * width] >> 8;
+s->cam[index][0] = dp8393x_get(s, width, data, 1) & 0xff;
+s->cam[index][1] = dp8393x_get(s, width, data, 1) >> 8;
+s->cam[index][2] = dp8393x_get(s, width, data, 2) & 0xff;
+s->cam[index][3] = dp8393x_get(s, width, data, 2) >> 8;
+s->cam[index][4] = dp8393x_get(s, width, data, 3) & 0xff;
+s->cam[index][5] = dp8393x_get(s, width, data, 3) >> 8;


The general pattern with the code in this device seems to be
"load sizeof(uint16_t) * width * N bytes; then look at
data[i * width], possibly with an endianness flip", where
width is either 1 or 2 depending on a config register.

Maybe it would be clearer if the data was loaded by doing a
loop of N iterations of address_space_ldl_le / address_space_ldw_le /
address_space_ldl_be / address_space_ldw_be ? Then you're doing
something more like what the device is doing (ie a series of
bus accesses of a particular width and endianness), and the
handling of width and endianness is in the code doing the data
loads rather than in the code that is manipulating the loaded
data.

Incidentally, the only other use of this device is in
the mips 'jazz' boards. Those seem to be compiled for both
mips64el and mips64 -- does anybody know if it actually
works correctly in both those configurations ?


dp8393x in mips64el works well. mips64 is not testable.

Hervé

Re: [Qemu-devel] [RFC v3 08/10] hw/m68k: add a dummy SWIM floppy controller

2018-06-28 Thread Hervé Poussineau 

Le 28/06/2018 à 01:29, Laurent Vivier a écrit :

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
---
  hw/block/Makefile.objs  |   1 +
  hw/block/swim.c | 284 
  include/hw/block/swim.h |  53 +
  3 files changed, 338 insertions(+)
  create mode 100644 hw/block/swim.c
  create mode 100644 include/hw/block/swim.h

diff --git a/hw/block/Makefile.objs b/hw/block/Makefile.objs
index 53ce5751ae..068de3f0c9 100644
--- a/hw/block/Makefile.objs
+++ b/hw/block/Makefile.objs
@@ -8,6 +8,7 @@ common-obj-$(CONFIG_XEN) += xen_disk.o
  common-obj-$(CONFIG_ECC) += ecc.o
  common-obj-$(CONFIG_ONENAND) += onenand.o
  common-obj-$(CONFIG_NVME_PCI) += nvme.o
+common-obj-$(CONFIG_SWIM) += swim.o
  
  obj-$(CONFIG_SH4) += tc58128.o
  
diff --git a/hw/block/swim.c b/hw/block/swim.c

new file mode 100644
index 00..6b1d0371e8
--- /dev/null
+++ b/hw/block/swim.c
@@ -0,0 +1,284 @@
+/*
+ * QEMU Macintosh floppy disk controller emulator (SWIM)
+ *
+ * Copyright (c) 2014-2018 Laurent Vivier 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/block/swim.h"
+
+/* IWM registers */
+
+#define IWM_PH0L0
+#define IWM_PH0H1
+#define IWM_PH1L2
+#define IWM_PH1H3
+#define IWM_PH2L4
+#define IWM_PH2H5
+#define IWM_PH3L6
+#define IWM_PH3H7
+#define IWM_MTROFF  8
+#define IWM_MTRON   9
+#define IWM_INTDRIVE10
+#define IWM_EXTDRIVE11
+#define IWM_Q6L 12
+#define IWM_Q6H 13
+#define IWM_Q7L 14
+#define IWM_Q7H 15
+
+/* SWIM registers */
+
+#define SWIM_WRITE_DATA 0
+#define SWIM_WRITE_MARK 1
+#define SWIM_WRITE_CRC  2
+#define SWIM_WRITE_PARAMETER3
+#define SWIM_WRITE_PHASE4
+#define SWIM_WRITE_SETUP5
+#define SWIM_WRITE_MODE06
+#define SWIM_WRITE_MODE17
+
+#define SWIM_READ_DATA  8
+#define SWIM_READ_MARK  9
+#define SWIM_READ_ERROR 10
+#define SWIM_READ_PARAMETER 11
+#define SWIM_READ_PHASE 12
+#define SWIM_READ_SETUP 13
+#define SWIM_READ_STATUS14
+#define SWIM_READ_HANDSHAKE 15
+
+#define REG_SHIFT   9
+
+#define SWIM_MODE_IWM  0
+#define SWIM_MODE_SWIM 1
+
+/* bits in phase register */
+
+#define SWIM_SEEK_NEGATIVE   0x074
+#define SWIM_STEP0x071
+#define SWIM_MOTOR_ON0x072
+#define SWIM_MOTOR_OFF   0x076
+#define SWIM_INDEX   0x073
+#define SWIM_EJECT   0x077
+#define SWIM_SETMFM  0x171
+#define SWIM_SETGCR  0x175
+#define SWIM_RELAX   0x033
+#define SWIM_LSTRB   0x008
+#define SWIM_CA_MASK 0x077
+
+/* Select values for swim_select and swim_readbit */
+
+#define SWIM_READ_DATA_0 0x074
+#define SWIM_TWOMEG_DRIVE0x075
+#define SWIM_SINGLE_SIDED0x076
+#define SWIM_DRIVE_PRESENT   0x077
+#define SWIM_DISK_IN 0x170
+#define SWIM_WRITE_PROT  0x171
+#define SWIM_TRACK_ZERO  0x172
+#define SWIM_TACHO   0x173
+#define SWIM_READ_DATA_1 0x174
+#define SWIM_MFM_MODE0x175
+#define SWIM_SEEK_COMPLETE   0x176
+#define SWIM_ONEMEG_MEDIA0x177
+
+/* Bits in handshake register */
+
+#define SWIM_MARK_BYTE   0x01
+#define SWIM_CRC_ZERO0x02
+#define SWIM_RDDATA  0x04
+#define SWIM_SENSE   0x08
+#define SWIM_MOTEN   0x10
+#define SWIM_ERROR   0x20
+#define SWIM_DAT2BYTE0x40
+#define SWIM_DAT1BYTE0x80
+
+/* bits in setup register */
+
+#define SWIM_S_INV_WDATA 0x01
+#define SWIM_S_3_5_SELECT0x02
+#define SWIM_S_GCR   0x04
+#define SWIM_S_FCLK_DIV2 0x08
+#define SWIM_S_ERROR_CORR0x10
+#define SWIM_S_IBM_DRIVE 0x20
+#define SWIM_S_GCR_WRITE 0x40
+#define SWIM_S_TIMEOUT   0x80
+
+/* bits in mode register */
+
+#define SWIM_CLFIFO  0x01
+#define SWIM_ENBL1   0x02
+#define SWIM_ENBL2   0x04
+#define SWIM_ACTION  0x08
+#define SWIM_WRITE_MODE  0x10
+#define SWIM_HEDSEL  0x20
+#define SWIM_MOTON   0x80
+
+
+static void iwmctrl_write(void *opaque, hwaddr reg, uint64_t value,
+  unsigned size)
+{
+SWIMCtrl *swimctrl = opaque;
+
+reg >>= REG_SHIFT;
+
+swimctrl->regs[reg >> 1] = reg & 1;
+
+if (swimctrl->regs[IWM_Q6] &&
+swimctrl->regs[IWM_Q7]) {
+if (swimctrl->regs[IWM_MTR]) {
+/* data register */
+swimctrl->iwm_data = value;
+} else {
+/* mode register */
+swimctrl->iwm_mode = value;
+/* detect sequence to switch from IWM mode to SWIM mode */
+

Re: [Qemu-devel] [PATCH 0/2] scsi: remove legacy esp_init() function

2018-06-27 Thread Hervé Poussineau 

Le 27/06/2018 à 22:01, Mark Cave-Ayland a écrit :

On 13/06/18 10:47, Mark Cave-Ayland wrote:


Something else that came out of reviewing Laurent's q800 patchset: after my
SPARC cleanups last year, MIPS Jazz is the last remaining user of the legacy
esp_init() function.

Patch 1 switches mips_jazz_init() over to create the ESP device directly
via qdev. Please note that I do not have any MIPS jazz images and so this
is compile-tested only (although passes "make check") and needs an ACK from
someone (Hervé?).

Now that the last user of esp_init() is gone, patch 2 removes the legacy
function and its associated header.

Signed-off-by: Mark Cave-Ayland 


Mark Cave-Ayland (2):
   hw/mips/jazz: create ESP device directly via qdev
   esp: remove legacy esp_init() function

  hw/mips/mips_jazz.c   | 19 ---
  hw/scsi/esp.c | 30 --
  include/hw/scsi/esp.h |  5 -
  3 files changed, 16 insertions(+), 38 deletions(-)


Ping? Is anyone able to test the MIPS jazz board with these patches at all?


Tested-by: Hervé Poussineau

Re: [Qemu-devel] [RFC 12/13] dp8393x: put DMA temp buffer in the state, not in the stack

2018-06-09 Thread Hervé Poussineau 

Le 08/06/2018 à 22:05, Laurent Vivier a écrit :

It's only 32 bytes, and this simplifies the dp8393x_get()/
dp8393x_put() interface.

Signed-off-by: Laurent Vivier 
---
  hw/net/dp8393x.c | 107 ++-
  1 file changed, 51 insertions(+), 56 deletions(-)



Works OK on NetBSD 5.1/arc on MIPS Magnum.

Tested-by: Hervé Poussineau

Re: [Qemu-devel] [RFC 06/13] ESP: add pseudo-DMA as used by Macintosh

2018-06-09 Thread Hervé Poussineau 

Le 08/06/2018 à 22:05, Laurent Vivier a écrit :

From: Laurent Vivier 

Signed-off-by: Laurent Vivier 
---
  hw/mips/mips_jazz.c   |   2 +-
  hw/scsi/esp.c | 330 +-
  include/hw/scsi/esp.h |  15 ++-
  3 files changed, 313 insertions(+), 34 deletions(-)


Works OK on NetBSD 5.1/arc on MIPS Magnum.

Tested-by: Hervé Poussineau

Re: [Qemu-devel] [RFC 13/13] dp8393x: fix receiving buffer exhaustion

2018-06-09 Thread Hervé Poussineau 

Le 08/06/2018 à 22:05, Laurent Vivier a écrit :

The card is not able to exit from exhaustion state, because
while the drive consumes the buffers, the RRP is incremented
(when the driver clears the ISR RBE bit), so it stays equal
to RWP, and while RRP == RWP, the card thinks it is always
in exhaustion state. So the driver consumes all the buffers,
but the card cannot receive new ones.

This patch fixes the problem by not incrementing RRP when
the driver clears the ISR RBE bit.

Signed-off-by: Laurent Vivier 
---
  hw/net/dp8393x.c | 31 ---
  1 file changed, 16 insertions(+), 15 deletions(-)



Works OK on NetBSD 5.1/arc on MIPS Magnum.

Tested-by: Hervé Poussineau

Re: [Qemu-devel] [RFC 11/13] dp8393x: manage big endian bus

2018-06-09 Thread Hervé Poussineau 

Le 08/06/2018 à 22:05, Laurent Vivier a écrit :

This is needed by Quadra 800, this card can run on little-endian
or big-endian bus.

Signed-off-by: Laurent Vivier 
---
  hw/net/dp8393x.c | 101 ++-
  1 file changed, 70 insertions(+), 31 deletions(-)



Works OK on NetBSD 5.1/arc on MIPS Magnum.

Tested-by: Hervé Poussineau

Re: [Qemu-devel] [RFC 10/13] dp8393x: fix dp8393x_receive

2018-06-09 Thread Hervé Poussineau 

Le 08/06/2018 à 22:05, Laurent Vivier a écrit :

address_space_rw() access size must be multiplied by width.
dp8393x_receive() must return the number of bytes read, not the length
of the last memory access.

Signed-off-by: Laurent Vivier 
---
  hw/net/dp8393x.c | 8 +---
  1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index f2d2ce344c..ef5f1eb94f 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -808,9 +808,11 @@ static ssize_t dp8393x_receive(NetClientState *nc, const 
uint8_t * buf,
  /* EOL detected */
  s->regs[SONIC_ISR] |= SONIC_ISR_RDE;
  } else {
+size = sizeof(uint16_t) * width;
  data[0 * width] = 0; /* in_use */
-address_space_rw(>as, dp8393x_crda(s) + sizeof(uint16_t) * 6 * 
width,
-MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, sizeof(uint16_t), 1);
+address_space_rw(>as,
+dp8393x_crda(s) + sizeof(uint16_t) * 6 * width,
+MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 1);
  s->regs[SONIC_CRDA] = s->regs[SONIC_LLFA];
  s->regs[SONIC_ISR] |= SONIC_ISR_PKTRX;
  s->regs[SONIC_RSC] = (s->regs[SONIC_RSC] & 0xff00) | (((s->regs[SONIC_RSC] 
& 0x00ff) + 1) & 0x00ff);
@@ -824,7 +826,7 @@ static ssize_t dp8393x_receive(NetClientState *nc, const 
uint8_t * buf,
  /* Done */
  dp8393x_update_irq(s);
  
-return size;

+return rx_len;
  }
  
  static void dp8393x_reset(DeviceState *dev)




NACK. This breaks NetBSD 5.1/arc networking.

This seems to revert the following commit and change the function return value.

commit 409b52bfe199d8106dadf7c5ff3d88d2228e89b5
Author: Hervé Poussineau 
Date:   Wed Jun 3 22:45:48 2015 +0200

net/dp8393x: correctly reset in_use field

Don't write more than the field width, which is always 16 bit.
Fixes network in NetBSD 5.1/arc

Signed-off-by: Hervé Poussineau 
Reviewed-by: Aurelien Jarno 
Signed-off-by: Leon Alrae 

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 4184045145..ff633f76a0 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -764,7 +764,7 @@ static ssize_t dp8393x_receive(NetClientState *nc, const 
uint8_t * buf,
 data[0 * width] = 0; /* in_use */
 address_space_rw(>as,
 ((s->regs[SONIC_URDA] << 16) | s->regs[SONIC_CRDA]) + 
sizeof(uint16_t) * 6 * width,
-MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 1);
+MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, sizeof(uint16_t), 1);
 s->regs[SONIC_CRDA] = s->regs[SONIC_LLFA];
 s->regs[SONIC_ISR] |= SONIC_ISR_PKTRX;
 s->regs[SONIC_RSC] = (s->regs[SONIC_RSC] & 0xff00) | (((s->regs[SONIC_RSC] 
& 0x00ff) + 1) & 0x00ff);

Re: [Qemu-devel] [PATCH] prep: fix keyboard for the 40p machine

2018-05-24 Thread Hervé Poussineau 

Le 24/05/2018 à 07:39, Mark Cave-Ayland a écrit :

Commit 72d3d8f052 "hw/isa/superio: Add a keyboard/mouse controller (8042)"
added an 8042 keyboard device to the PC87312 superio device to replace that
being used by the prep machine.

Unfortunately this commit didn't do the same for the 40p machine which broke
the keyboard by registering two 8042 keyboard devices at the same address.

Resolve this by similarly removing the 8042 keyboard from the 40p machine as
done for the prep machine in commit 72d3d8f052.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayl...@ilande.co.uk>


Reviewed-by: Hervé Poussineau <hpous...@reactos.org>


---
  hw/ppc/prep.c | 1 -
  1 file changed, 1 deletion(-)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index a1e7219db6..be4db6a687 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -770,7 +770,6 @@ static void ibm_40p_init(MachineState *machine)
  
  /* add some more devices */

  if (defaults_enabled()) {
-isa_create_simple(isa_bus, TYPE_I8042);
  m48t59 = NVRAM(isa_create_simple(isa_bus, "isa-m48t59"));
  
  dev = DEVICE(isa_create(isa_bus, "cs4231a"));

Re: [Qemu-devel] [PATCH v2 0/3] Add new CD-ROM related qtests

2018-03-15 Thread Hervé Poussineau 

Le 16/03/2018 à 06:39, Thomas Huth a écrit :

With one of my clean-up patches (see commit 1454509726719e0933c800), I
recently accidentially broke the "-cdrom" parameter (more precisely
"-drive if=scsi") on a couple of boards, since there was no error
detected during the "make check" regression testing. This is clearly an
indication that we are lacking tests in this area.
So this small patch series now introduces some tests for CD-ROM drives:
The first two patches introduce the possibility to check that booting
from CD-ROM drives still works fine for x86 and s390x, and the third
patch adds a test that certain machines can at least still be started
with the "-cdrom" parameter (i.e. that test would have catched the
mistake that I did with my SCSI cleanup patch).


Reviewed-by: Hervé Poussineau <hpous...@reactos.org>



v2:
  - Use g_spawn_sync() instead of execlp() to run genisoimage
  - The "-cdrom" parameter test is now run on all architectures (with
machine "none" for the machines that are not explicitly checked)
  - Some rewordings and improved comments here and there

Thomas Huth (3):
   tests/boot-sector: Add magic bytes to s390x boot code header
   tests/cdrom-test: Test booting from CD-ROM ISO image file
   tests/cdrom-test: Test that -cdrom parameter is working

  tests/Makefile.include |   2 +
  tests/boot-sector.c|   9 +-
  tests/cdrom-test.c | 222 +
  3 files changed, 230 insertions(+), 3 deletions(-)
  create mode 100644 tests/cdrom-test.c

Re: [Qemu-devel] [PATCH] hw/mips/jazz: Fix implicit creation of "-drive if=scsi" devices

2018-03-08 Thread Hervé Poussineau 

Le 07/03/2018 à 10:24, Thomas Huth a écrit :

The global hack for creating SCSI devices has recently been removed,
but this apparently broke SCSI devices on some boards that were not
ready for this change yet. For the pica61 machine you now get:

$ mips64-softmmu/qemu-system-mips64 -M pica61 -cdrom x.iso
qemu-system-mips64: -cdrom x.iso: machine type does not support 
if=scsi,bus=0,unit=2

Fix it by calling scsi_bus_legacy_handle_cmdline() after creating the
corresponding SCSI controller.

Fixes: 1454509726719e0933c800fad00d6999752688ea
Signed-off-by: Thomas Huth <th...@redhat.com>


Reviewed-by: Hervé Poussineau <hpous...@reactos.org>


---
  hw/mips/mips_jazz.c   |  7 ---
  hw/scsi/esp.c | 12 +++-
  include/hw/scsi/esp.h | 10 +-
  3 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index b09871a..bde2c9b 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@@ -147,6 +147,7 @@ static void mips_jazz_init(MachineState *machine,
  MemoryRegion *ram = g_new(MemoryRegion, 1);
  MemoryRegion *bios = g_new(MemoryRegion, 1);
  MemoryRegion *bios2 = g_new(MemoryRegion, 1);
+ESPState *esp;
  
  /* init CPUs */

  cpu = MIPS_CPU(cpu_create(machine->cpu_type));
@@ -278,9 +279,9 @@ static void mips_jazz_init(MachineState *machine,
  }
  
  /* SCSI adapter */

-esp_init(0x80002000, 0,
- rc4030_dma_read, rc4030_dma_write, dmas[0],
- qdev_get_gpio_in(rc4030, 5), _reset, _enable);
+esp = esp_init(0x80002000, 0, rc4030_dma_read, rc4030_dma_write, dmas[0],
+   qdev_get_gpio_in(rc4030, 5), _reset, _enable);
+scsi_bus_legacy_handle_cmdline(>bus);
  
  /* Floppy */

  for (n = 0; n < MAX_FD; n++) {
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index 45975c2..64ec285 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -618,11 +618,11 @@ static const MemoryRegionOps sysbus_esp_mem_ops = {
  .valid.accepts = esp_mem_accepts,
  };
  
-void esp_init(hwaddr espaddr, int it_shift,

-  ESPDMAMemoryReadWriteFunc dma_memory_read,
-  ESPDMAMemoryReadWriteFunc dma_memory_write,
-  void *dma_opaque, qemu_irq irq, qemu_irq *reset,
-  qemu_irq *dma_enable)
+ESPState *esp_init(hwaddr espaddr, int it_shift,
+   ESPDMAMemoryReadWriteFunc dma_memory_read,
+   ESPDMAMemoryReadWriteFunc dma_memory_write,
+   void *dma_opaque, qemu_irq irq, qemu_irq *reset,
+   qemu_irq *dma_enable)
  {
  DeviceState *dev;
  SysBusDevice *s;
@@ -644,6 +644,8 @@ void esp_init(hwaddr espaddr, int it_shift,
  sysbus_mmio_map(s, 0, espaddr);
  *reset = qdev_get_gpio_in(dev, 0);
  *dma_enable = qdev_get_gpio_in(dev, 1);
+
+return esp;
  }
  
  static const struct SCSIBusInfo esp_scsi_info = {

diff --git a/include/hw/scsi/esp.h b/include/hw/scsi/esp.h
index 3b160f8..93fdace 100644
--- a/include/hw/scsi/esp.h
+++ b/include/hw/scsi/esp.h
@@ -7,11 +7,6 @@
  /* esp.c */
  #define ESP_MAX_DEVS 7
  typedef void (*ESPDMAMemoryReadWriteFunc)(void *opaque, uint8_t *buf, int 
len);
-void esp_init(hwaddr espaddr, int it_shift,
-  ESPDMAMemoryReadWriteFunc dma_memory_read,
-  ESPDMAMemoryReadWriteFunc dma_memory_write,
-  void *dma_opaque, qemu_irq irq, qemu_irq *reset,
-  qemu_irq *dma_enable);
  
  #define ESP_REGS 16

  #define TI_BUFSZ 16
@@ -136,6 +131,11 @@ typedef struct {
  #define TCHI_FAS100A 0x4
  #define TCHI_AM53C974 0x12
  
+ESPState *esp_init(hwaddr espaddr, int it_shift,

+   ESPDMAMemoryReadWriteFunc dma_memory_read,
+   ESPDMAMemoryReadWriteFunc dma_memory_write,
+   void *dma_opaque, qemu_irq irq, qemu_irq *reset,
+   qemu_irq *dma_enable);
  void esp_dma_enable(ESPState *s, int irq, int level);
  void esp_request_cancelled(SCSIRequest *req);
  void esp_command_complete(SCSIRequest *req, uint32_t status, size_t resid);

Re: [Qemu-devel] [PATCH] hw/ppc/prep: Fix implicit creation of "-drive if=scsi" devices

2018-03-08 Thread Hervé Poussineau 

Le 07/03/2018 à 10:08, Thomas Huth a écrit :

The global hack for creating SCSI devices has recently been removed,
but this apparently broke SCSI devices on some boards that were not
ready for this change yet. For the 40p machine you now get:

$ ppc64-softmmu/qemu-system-ppc64 -M 40p -cdrom x.iso
qemu-system-ppc64: -cdrom x.iso: machine type does not support 
if=scsi,bus=0,unit=2

Fix it by providing a lsi53c810_create() function that takes care
of calling scsi_bus_legacy_handle_cmdline() after creating the
corresponding SCSI controller.

Fixes: 1454509726719e0933c800fad00d6999752688ea
Signed-off-by: Thomas Huth <th...@redhat.com>


Reviewed-by: Hervé Poussineau <hpous...@reactos.org>


---
  hw/ppc/prep.c| 2 +-
  hw/scsi/lsi53c895a.c | 7 +++
  include/hw/pci/pci.h | 1 +
  3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 096d4d4..3361509 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -788,7 +788,7 @@ static void ibm_40p_init(MachineState *machine)
  qdev_prop_set_uint32(dev, "equipment", 0xc0);
  qdev_init_nofail(dev);
  
-pci_create_simple(pci_bus, PCI_DEVFN(1, 0), "lsi53c810");

+lsi53c810_create(pci_bus, PCI_DEVFN(1, 0));
  
  /* XXX: s3-trio at PCI_DEVFN(2, 0) */

  pci_vga_init(pci_bus);
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index f3d4c4d..160657f 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -2279,3 +2279,10 @@ void lsi53c895a_create(PCIBus *bus)
  
  scsi_bus_legacy_handle_cmdline(>bus);

  }
+
+void lsi53c810_create(PCIBus *bus, int devfn)
+{
+LSIState *s = LSI53C895A(pci_create_simple(bus, devfn, "lsi53c810"));
+
+scsi_bus_legacy_handle_cmdline(>bus);
+}
diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
index d8c18c7..e255941 100644
--- a/include/hw/pci/pci.h
+++ b/include/hw/pci/pci.h
@@ -708,6 +708,7 @@ PCIDevice *pci_create(PCIBus *bus, int devfn, const char 
*name);
  PCIDevice *pci_create_simple(PCIBus *bus, int devfn, const char *name);
  
  void lsi53c895a_create(PCIBus *bus);

+void lsi53c810_create(PCIBus *bus, int devfn);
  
  qemu_irq pci_allocate_irq(PCIDevice *pci_dev);

  void pci_set_irq(PCIDevice *pci_dev, int level);

Re: [Qemu-devel] [PATCH] hw/ppc/prep: Fix implicit creation of "-drive if=scsi" devices

2018-03-07 Thread Hervé Poussineau 

Le 07/03/2018 à 10:08, Thomas Huth a écrit :

The global hack for creating SCSI devices has recently been removed,
but this apparently broke SCSI devices on some boards that were not
ready for this change yet. For the 40p machine you now get:

$ ppc64-softmmu/qemu-system-ppc64 -M 40p -cdrom x.iso
qemu-system-ppc64: -cdrom x.iso: machine type does not support 
if=scsi,bus=0,unit=2

Fix it by providing a lsi53c810_create() function that takes care
of calling scsi_bus_legacy_handle_cmdline() after creating the
corresponding SCSI controller.

Fixes: 1454509726719e0933c800fad00d6999752688ea
Signed-off-by: Thomas Huth 


Why is it required?
- because SCSI adapter is not up to date to QEMU standards (QOM, ...)?
- because board is not up to date to QEMU standards (QOM, ...)?
- because board is using SCSI devices by default? (mc->block_default_type = 
IF_SCSI) ?

In 2 first cases, what is missing?
In third case, maybe it may be better to put it in generic code?
You just fixed 40p and MIPS Jazz machines, but sparc/SS-10 (and other) also 
have the same problem...

Hervé


---
  hw/ppc/prep.c| 2 +-
  hw/scsi/lsi53c895a.c | 7 +++
  include/hw/pci/pci.h | 1 +
  3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 096d4d4..3361509 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -788,7 +788,7 @@ static void ibm_40p_init(MachineState *machine)
  qdev_prop_set_uint32(dev, "equipment", 0xc0);
  qdev_init_nofail(dev);
  
-pci_create_simple(pci_bus, PCI_DEVFN(1, 0), "lsi53c810");

+lsi53c810_create(pci_bus, PCI_DEVFN(1, 0));
  
  /* XXX: s3-trio at PCI_DEVFN(2, 0) */

  pci_vga_init(pci_bus);
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index f3d4c4d..160657f 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -2279,3 +2279,10 @@ void lsi53c895a_create(PCIBus *bus)
  
  scsi_bus_legacy_handle_cmdline(>bus);

  }
+
+void lsi53c810_create(PCIBus *bus, int devfn)
+{
+LSIState *s = LSI53C895A(pci_create_simple(bus, devfn, "lsi53c810"));
+
+scsi_bus_legacy_handle_cmdline(>bus);
+}
diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
index d8c18c7..e255941 100644
--- a/include/hw/pci/pci.h
+++ b/include/hw/pci/pci.h
@@ -708,6 +708,7 @@ PCIDevice *pci_create(PCIBus *bus, int devfn, const char 
*name);
  PCIDevice *pci_create_simple(PCIBus *bus, int devfn, const char *name);
  
  void lsi53c895a_create(PCIBus *bus);

+void lsi53c810_create(PCIBus *bus, int devfn);
  
  qemu_irq pci_allocate_irq(PCIDevice *pci_dev);

  void pci_set_irq(PCIDevice *pci_dev, int level);

Re: [Qemu-devel] [PATCH] tests/boot-serial: Check the 40p machine, too

2018-03-07 Thread Hervé Poussineau 

Le 07/03/2018 à 13:15, Thomas Huth a écrit :

The "40p" machine is using the Open Hack'Ware BIOS, just like the "prep"
machine, so we can test it accordingly with the boot-serial tester, too.
While we're at it, also change the strings that we are using for the
"prep" machine, so that this test now also checks some CLI parameters.

Signed-off-by: Thomas Huth <th...@redhat.com>


Reviewed-by: Hervé Poussineau <hpous...@reactos.org>


---
  NB: The 40p machine is currently broken - when the emulator is quit,
  there is a rcu_read_unlock assertion message printed out. This test
  here succeeds anyway since the qtest framework does not care about
  errors in the shutdown path yet.

  tests/boot-serial-test.c | 6 --
  1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index ece25c6..5b24cd2 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -75,11 +75,13 @@ typedef struct testdef {
  static testdef_t tests[] = {
  { "alpha", "clipper", "", "PCI:" },
  { "ppc", "ppce500", "", "U-Boot" },
-{ "ppc", "prep", "", "Open Hack'Ware BIOS" },
+{ "ppc", "prep", "-m 96", "Memory size: 96 MB" },
+{ "ppc", "40p", "-boot d", "Booting from device d" },
  { "ppc", "g3beige", "", "PowerPC,750" },
  { "ppc", "mac99", "", "PowerPC,G4" },
  { "ppc64", "ppce500", "", "U-Boot" },
-{ "ppc64", "prep", "", "Open Hack'Ware BIOS" },
+{ "ppc64", "prep", "-boot e", "Booting from device e" },
+{ "ppc64", "40p", "-m 192", "Memory size: 192 MB" },
  { "ppc64", "mac99", "", "PowerPC,970FX" },
  { "ppc64", "pseries", "", "Open Firmware" },
  { "ppc64", "powernv", "-cpu POWER8", "OPAL" },

Re: [Qemu-devel] [PATCH] g364fb: switch to using DirtyBitmapSnapshot

2018-02-08 Thread Hervé Poussineau 

Le 08/02/2018 à 19:22, Paolo Bonzini a écrit :

This removes the last user of memory_region_test_and_clear_dirty
outside memory.c.

Cc: Hervé Poussineau <hpous...@reactos.org>
Cc: Aurelien Jarno <aurel...@aurel32.net>
Cc: Yongbok Kim <yongbok@mips.com>
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>


Tested-by: Hervé Poussineau <hpous...@reactos.org>
Tested with Windows NT 4.0


---
 Untested... not sure where to get mips_bios.bin, or a kernel
 that works with -M magnum.  Can anybody help?  I'd like to
 get rid of memory_region_test_and_clear_dirty.

  hw/display/g364fb.c | 10 ++
  1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/hw/display/g364fb.c b/hw/display/g364fb.c
index 86557d14a9..86452de780 100644
--- a/hw/display/g364fb.c
+++ b/hw/display/g364fb.c
@@ -62,15 +62,15 @@ typedef struct G364State {
  
  #define G364_PAGE_SIZE 4096
  
-static inline int check_dirty(G364State *s, ram_addr_t page)

+static inline int check_dirty(G364State *s, DirtyBitmapSnapshot *snap, 
ram_addr_t page)
  {
-return memory_region_test_and_clear_dirty(>mem_vram, page, 
G364_PAGE_SIZE,
-  DIRTY_MEMORY_VGA);
+return memory_region_snapshot_get_dirty(>mem_vram, snap, page, 
G364_PAGE_SIZE);
  }
  
  static void g364fb_draw_graphic8(G364State *s)

  {
  DisplaySurface *surface = qemu_console_surface(s->con);
+DirtyBitmapSnapshot *snap;
  int i, w;
  uint8_t *vram;
  uint8_t *data_display, *dd;
@@ -122,8 +122,10 @@ static void g364fb_draw_graphic8(G364State *s)
  vram = s->vram + s->top_of_screen;
  /* XXX: out of range in vram? */
  data_display = dd = surface_data(surface);
+snap = memory_region_snapshot_and_clear_dirty(>mem_vram, 0, 
s->vram_size,
+  DIRTY_MEMORY_VGA);
  while (y < s->height) {
-if (check_dirty(s, page)) {
+if (check_dirty(s, snap, page)) {
  if (y < ymin)
  ymin = ymax = y;
  if (x < xmin)

Re: [Qemu-devel] [PATCH] Revert "smbus: do not immediately complete commands"

2018-01-21 Thread Hervé Poussineau 

Le 19/01/2018 à 22:15, Corey Minyard a écrit :

On 01/19/2018 08:07 AM, Corey Minyard wrote:

On 01/18/2018 09:17 PM, Michael S. Tsirkin wrote:

On Thu, Jan 18, 2018 at 07:55:41PM -0600, miny...@acm.org wrote:

From: Corey Minyard <cminy...@mvista.com>

This reverts commit 880b1ffe6ec2f0ae25cc4175716227ad275e8b8a.

The commit being reverted says:

 PIIX4 errata says that "immediate polling of the Host Status Register BUSY
 bit may indicate that the SMBus is NOT busy."
 Due to this, some code does the following steps:
 (a) set parameters
 (b) start command
 (c) check for smbus busy bit set (to know that command started)
 (d) check for smbus busy bit not set (to know that command finished)

 Let (c) happen, by immediately setting the busy bit, and really executing
 the command when status register has been read once.

 This fixes a problem with AMIBIOS, which can now properly initialize the
 PIIX4.

Emulating bad hardware so badly written software will work doesn't sound
like a good idea to me.  I have patches that add interrupt capability
to pm_smbus, but this change breaks that because the Linux driver
starts the transaction then waits for interrupts before reading the
status register.  That obviously won't work with these changes.

The right way to fix this in AMIBIOS is to ignore the host busy bit
and use the other bits in the host status register to tell if the
transaction has completed.  Using host busy is racy, anyway, if you
get interrupted or something while processing, you may miss step (c)
in your algorithm and fail.

Cc: Hervé Poussineau <hpous...@reactos.org>
Cc: Philippe Mathieu-Daudé <f4...@amsat.org>
Signed-off-by: Corey Minyard <cminy...@mvista.com>

Would it be possible to limit the change to when guest uses
interrupts?


I did think about that, but it seems rather frail.  What if another piece of 
software
does this but has the interrupt enable bit set?  And AMIBIOS is still broken 
doing
that algorithm on real hardware.  If you get a bus collision, for instance, 
that will
be almost instantaneous and the firmware is likely to miss it.

The 82801 documentation is pretty clear that you should use the INTR and error
bits in the status register to know if a transaction is complete.

If you really want to emulate real hardware, I guess the right way to do this
would be to add a delay between the start bit being set and the transaction
being done.  I'm not sure how timers work with vmstate, I'd have to look at
that.


I realized that the timer is not going to be able to correctly work around the
AMIBIOS.  It would probably work most of the time, but if qemu got switched
out, then switched back and the timer went off before the guest was allowed
to run, then you would have the same issue.

Also, looking at a more complete implementation of the pm_smbus device,
using the host busy bit to know when to start the transaction won't work,
that bit also does other things when doing byte at a time block transfers.
So a separate bool is needed to know when to do this.


AMIBIOS can't be fixed to do the right thing.
My first implementation of this patch was using a timer, and it was working 
quite well.
I don't think that smbus is very latency-sensitive, so I think a timer is a 
valid
solution to this problem. If a timer also works for your use case, I'll be 
happy with it.

See my patch proposal to use a timer instead. Does it fit your needs?

An improvement might be to execute the command either on the timer or when the 
guest
reads the host status register.

Regards,

Hervé
>From a5e13ceebd77b9f813fe1987b73fc8a3498cf7ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20Poussineau?= <hpous...@reactos.org>
Date: Sun, 21 Jan 2018 14:17:27 +0100
Subject: [PATCH] smbus: replace transaction execution at first register read
 by a constant delay
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This execution at first register read was added in 880b1ffe6ec2f0ae25cc4175716227ad275e8b8a
While this is not very correct, it was enough to fix some use cases.

However, this break further developpements of the smbus emulation, especially
related to smbus interrupt (STS_INTR): the OS reads the host status register
only when an interrupt will be raised.
If QEMU executes the command (and raises the interrupt) only when the OS reads
the host status register, we have a dead-lock...

Change emulation to execute the command after a constant delay.

Signed-off-by: Hervé Poussineau <hpous...@reactos.org>
---
 hw/i2c/pm_smbus.c | 15 ---
 include/hw/i2c/pm_smbus.h |  1 +
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/hw/i2c/pm_smbus.c b/hw/i2c/pm_smbus.c
index 0d26e0f6b5..e3ff47ec15 100644
--- a/hw/i2c/pm_smbus.c
+++ b/hw/i2c/pm_smbus.c
@@ -21,6 +21,7 @@
 #include "hw/hw.h"
 #include "hw/i2c/pm_smbus.h"
 #include "hw/i2c

[Qemu-devel] [PATCH v4 13/16] piix4: add a speaker as specified in datasheet

2018-01-06 Thread Hervé Poussineau 
Acked-by: Michael S. Tsirkin <m...@redhat.com>
Acked-by: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Hervé Poussineau <hpous...@reactos.org>
---
 hw/isa/piix4.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 0d68fcb193..b313e4fe73 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -30,6 +30,7 @@
 #include "hw/isa/isa.h"
 #include "hw/char/isa.h"
 #include "hw/sysbus.h"
+#include "hw/audio/pcspk.h"
 #include "hw/timer/i8254.h"
 #include "hw/timer/mc146818rtc.h"
 #include "qapi/error.h"
@@ -148,6 +149,7 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 DeviceState *dev = DEVICE(pci_dev);
 PIIX4State *s = DO_UPCAST(PIIX4State, dev, pci_dev);
 ISABus *isa_bus;
+ISADevice *pit;
 qemu_irq *i8259_out_irq;
 int i;
 Error *err = NULL;
@@ -174,7 +176,10 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 isa_bus_irqs(isa_bus, s->isa);
 
 /* initialize pit */
-i8254_pit_init(isa_bus, 0x40, 0, NULL);
+pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
+
+/* speaker */
+pcspk_init(isa_bus, pit);
 
 /* DMA */
 DMA_init(isa_bus, 0);
-- 
2.11.0

[Qemu-devel] [PATCH v4 15/16] piix4: rename PIIX4 object to piix4-isa

2018-01-06 Thread Hervé Poussineau 
Other piix4 parts are already named piix4-ide and piix4-usb-uhci.

Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Acked-by: Michael S. Tsirkin <m...@redhat.com>
Acked-by: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Hervé Poussineau <hpous...@reactos.org>
---
 hw/isa/piix4.c   | 1 -
 hw/mips/mips_malta.c | 2 +-
 include/hw/isa/isa.h | 3 +++
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 159a27d2d9..1447d41934 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -52,7 +52,6 @@ typedef struct PIIX4State {
 uint8_t rcr;
 } PIIX4State;
 
-#define TYPE_PIIX4_PCI_DEVICE "PIIX4"
 #define PIIX4_PCI_DEVICE(obj) \
 OBJECT_CHECK(PIIX4State, (obj), TYPE_PIIX4_PCI_DEVICE)
 
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 3d304a6e0a..93ec013ea2 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1178,7 +1178,7 @@ void mips_malta_init(MachineState *machine)
 ide_drive_get(hd, ARRAY_SIZE(hd));
 
 pci = pci_create_multifunction(pci_bus, PCI_DEVFN(10, 0),
-   true, "PIIX4");
+   true, TYPE_PIIX4_PCI_DEVICE);
 dev = DEVICE(pci);
 
 /* Floppy */
diff --git a/include/hw/isa/isa.h b/include/hw/isa/isa.h
index 95593408ef..1f47692447 100644
--- a/include/hw/isa/isa.h
+++ b/include/hw/isa/isa.h
@@ -153,4 +153,7 @@ static inline ISABus *isa_bus_from_device(ISADevice *d)
 
 /* i8257.c */
 void DMA_init(ISABus *bus, int high_page_enable);
+
+#define TYPE_PIIX4_PCI_DEVICE "piix4-isa"
+
 #endif
-- 
2.11.0

[Qemu-devel] [PATCH v4 11/16] piix4: add a floppy controller, 1 parallel port and 2 serial ports

2018-01-06 Thread Hervé Poussineau 
Remove their instanciation from malta board, to not have them twice.
Automatically create serial/parallel ports in PIIX4 if not provided.

Acked-by: Michael S. Tsirkin <m...@redhat.com>
Acked-by: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Hervé Poussineau <hpous...@reactos.org>
---
 hw/isa/piix4.c   | 67 
 hw/mips/mips_malta.c | 41 +---
 2 files changed, 89 insertions(+), 19 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 1aab78cdd2..7a13e83270 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -28,8 +28,10 @@
 #include "hw/i386/pc.h"
 #include "hw/pci/pci.h"
 #include "hw/isa/isa.h"
+#include "hw/char/isa.h"
 #include "hw/sysbus.h"
 #include "hw/timer/i8254.h"
+#include "qapi/error.h"
 
 PCIDevice *piix4_dev;
 
@@ -38,6 +40,10 @@ typedef struct PIIX4State {
 qemu_irq cpu_intr;
 qemu_irq *isa;
 
+FDCtrlISABus floppy;
+ISASerialState serial[2];
+ISAParallelState parallel;
+
 /* Reset Control Register */
 MemoryRegion rcr_mem;
 uint8_t rcr;
@@ -141,6 +147,8 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 PIIX4State *s = DO_UPCAST(PIIX4State, dev, pci_dev);
 ISABus *isa_bus;
 qemu_irq *i8259_out_irq;
+int i;
+Error *err = NULL;
 
 isa_bus = isa_bus_new(dev, pci_address_space(pci_dev),
   pci_address_space_io(pci_dev), errp);
@@ -172,10 +180,68 @@ static void piix4_realize(PCIDevice *pci_dev, Error 
**errp)
 /* Super I/O */
 isa_create_simple(isa_bus, "i8042");
 
+/* floppy */
+qdev_set_parent_bus(DEVICE(>floppy), BUS(isa_bus));
+object_property_set_bool(OBJECT(>floppy), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
+/* serial ports */
+for (i = 0; i < 2; i++) {
+qdev_set_parent_bus(DEVICE(>serial[i]), BUS(isa_bus));
+if (!qemu_chr_fe_backend_connected(>serial[i].state.chr)) {
+char prop[] = "serial?";
+char label[] = "piix4.serial?";
+prop[6] = i + '0';
+label[12] = i + '0';
+qdev_prop_set_chr(dev, prop, qemu_chr_new(label, "null"));
+}
+object_property_set_bool(OBJECT(>serial[i]), true, "realized", 
);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+}
+
+/* parallel port */
+qdev_set_parent_bus(DEVICE(>parallel), BUS(isa_bus));
+if (!qemu_chr_fe_backend_connected(>parallel.state.chr)) {
+qdev_prop_set_chr(dev, "parallel",
+  qemu_chr_new("pii4x.parallel", "null"));
+}
+object_property_set_bool(OBJECT(>parallel), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
 piix4_dev = pci_dev;
 qemu_register_reset(piix4_reset, s);
 }
 
+static void piix4_init(Object *obj)
+{
+PIIX4State *s = PIIX4_PCI_DEVICE(obj);
+int i;
+
+object_initialize(>floppy, sizeof(s->floppy), TYPE_ISA_FDC);
+for (i = 0; i < 2; i++) {
+object_initialize(>serial[i], sizeof(s->serial[i]), 
TYPE_ISA_SERIAL);
+}
+object_initialize(>parallel, sizeof(s->parallel), TYPE_ISA_PARALLEL);
+
+object_property_add_alias(obj, "floppy", OBJECT(>floppy), "driveA",
+  _abort);
+object_property_add_alias(obj, "serial0", OBJECT(>serial[0]), "chardev",
+  _abort);
+object_property_add_alias(obj, "serial1", OBJECT(>serial[1]), "chardev",
+  _abort);
+object_property_add_alias(obj, "parallel", OBJECT(>parallel), "chardev",
+  _abort);
+}
+
 static void piix4_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -199,6 +265,7 @@ static const TypeInfo piix4_info = {
 .name  = TYPE_PIIX4_PCI_DEVICE,
 .parent= TYPE_PCI_DEVICE,
 .instance_size = sizeof(PIIX4State),
+.instance_init = piix4_init,
 .class_init= piix4_class_init,
 .interfaces = (InterfaceInfo[]) {
 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 7498fad006..30fb30fc0e 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1003,7 +1003,7 @@ void mips_malta_init(MachineState *machine)
 int i;
 DriveInfo *dinfo;
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
-DriveInfo *fd[MAX_FD];
+DriveInfo *fd;
 int fl_idx = 0;
 int fl_sectors = bios_size >> 16;
 int be;
@@ -1018,15 +1018,6 @@ void mips_malta_init(M

[Qemu-devel] [PATCH v4 14/16] piix4: convert reset function to QOM

2018-01-06 Thread Hervé Poussineau 
Acked-by: Michael S. Tsirkin <m...@redhat.com>
Acked-by: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Hervé Poussineau <hpous...@reactos.org>
---
 hw/isa/piix4.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index b313e4fe73..159a27d2d9 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -56,10 +56,10 @@ typedef struct PIIX4State {
 #define PIIX4_PCI_DEVICE(obj) \
 OBJECT_CHECK(PIIX4State, (obj), TYPE_PIIX4_PCI_DEVICE)
 
-static void piix4_reset(void *opaque)
+static void piix4_reset(DeviceState *dev)
 {
-PIIX4State *d = opaque;
-uint8_t *pci_conf = d->dev.config;
+PIIX4State *s = PIIX4_PCI_DEVICE(dev);
+uint8_t *pci_conf = s->dev.config;
 
 pci_conf[0x04] = 0x07; // master, memory and I/O
 pci_conf[0x05] = 0x00;
@@ -234,7 +234,6 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 isa_init_irq(ISA_DEVICE(>rtc), >rtc.irq, RTC_ISA_IRQ);
 
 piix4_dev = pci_dev;
-qemu_register_reset(piix4_reset, s);
 }
 
 static void piix4_init(Object *obj)
@@ -268,6 +267,7 @@ static void piix4_class_init(ObjectClass *klass, void *data)
 k->vendor_id = PCI_VENDOR_ID_INTEL;
 k->device_id = PCI_DEVICE_ID_INTEL_82371AB_0;
 k->class_id = PCI_CLASS_BRIDGE_ISA;
+dc->reset = piix4_reset;
 dc->desc = "ISA bridge";
 dc->vmsd = _piix4;
 /*
-- 
2.11.0

[Qemu-devel] [PATCH v4 12/16] piix4: add a mc146818rtc controller as specified in datasheet

2018-01-06 Thread Hervé Poussineau 
Remove mc146818rtc instanciated in malta board, to not have it twice.

Acked-by: Michael S. Tsirkin <m...@redhat.com>
Acked-by: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Hervé Poussineau <hpous...@reactos.org>
---
 hw/isa/piix4.c   | 12 
 hw/mips/mips_malta.c |  5 -
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 7a13e83270..0d68fcb193 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -31,6 +31,7 @@
 #include "hw/char/isa.h"
 #include "hw/sysbus.h"
 #include "hw/timer/i8254.h"
+#include "hw/timer/mc146818rtc.h"
 #include "qapi/error.h"
 
 PCIDevice *piix4_dev;
@@ -43,6 +44,7 @@ typedef struct PIIX4State {
 FDCtrlISABus floppy;
 ISASerialState serial[2];
 ISAParallelState parallel;
+RTCState rtc;
 
 /* Reset Control Register */
 MemoryRegion rcr_mem;
@@ -217,6 +219,15 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 return;
 }
 
+/* timer */
+qdev_set_parent_bus(DEVICE(>rtc), BUS(isa_bus));
+object_property_set_bool(OBJECT(>rtc), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+isa_init_irq(ISA_DEVICE(>rtc), >rtc.irq, RTC_ISA_IRQ);
+
 piix4_dev = pci_dev;
 qemu_register_reset(piix4_reset, s);
 }
@@ -231,6 +242,7 @@ static void piix4_init(Object *obj)
 object_initialize(>serial[i], sizeof(s->serial[i]), 
TYPE_ISA_SERIAL);
 }
 object_initialize(>parallel, sizeof(s->parallel), TYPE_ISA_PARALLEL);
+object_initialize(>rtc, sizeof(s->rtc), TYPE_MC146818_RTC);
 
 object_property_add_alias(obj, "floppy", OBJECT(>floppy), "driveA",
   _abort);
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 30fb30fc0e..3d304a6e0a 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -995,7 +995,6 @@ void mips_malta_init(MachineState *machine)
 uint8_t *smbus_eeprom_buf = g_malloc0(smbus_eeprom_size);
 int64_t kernel_entry, bootloader_run_addr;
 PCIBus *pci_bus;
-ISABus *isa_bus;
 qemu_irq cbus_irq, i8259_irq;
 PCIDevice *pci;
 int piix4_devfn;
@@ -1197,7 +1196,6 @@ void mips_malta_init(MachineState *machine)
 qdev_prop_set_chr(dev, "parallel", parallel_hds[0]);
 
 qdev_init_nofail(dev);
-isa_bus = ISA_BUS(qdev_get_child_bus(dev, "isa.0"));
 piix4_devfn = pci->devfn;
 
 /* Interrupt controller */
@@ -1213,9 +1211,6 @@ void mips_malta_init(MachineState *machine)
 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
 g_free(smbus_eeprom_buf);
 
-/* Super I/O */
-mc146818_rtc_init(isa_bus, 2000, NULL);
-
 /* Network card */
 network_init(pci_bus);
 
-- 
2.11.0

[Qemu-devel] [PATCH v4 09/16] piix4: add a i8254 pit controller as specified in datasheet

2018-01-06 Thread Hervé Poussineau 
Remove i8254 instanciated in malta board, to not have it twice.

Acked-by: Michael S. Tsirkin <m...@redhat.com>
Acked-by: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Hervé Poussineau <hpous...@reactos.org>
---
 hw/isa/piix4.c   | 4 
 hw/mips/mips_malta.c | 3 ---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 38757d3ea2..3f59750e5a 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -29,6 +29,7 @@
 #include "hw/pci/pci.h"
 #include "hw/isa/isa.h"
 #include "hw/sysbus.h"
+#include "hw/timer/i8254.h"
 
 PCIDevice *piix4_dev;
 
@@ -162,6 +163,9 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 /* initialize ISA irqs */
 isa_bus_irqs(isa_bus, s->isa);
 
+/* initialize pit */
+i8254_pit_init(isa_bus, 0x40, 0, NULL);
+
 /* DMA */
 DMA_init(isa_bus, 0);
 
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 647688c58a..afe13c684f 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -99,8 +99,6 @@ typedef struct {
 qemu_irq i8259[16];
 } MaltaState;
 
-static ISADevice *pit;
-
 static struct _loaderparams {
 int ram_size, ram_low_size;
 const char *kernel_filename;
@@ -1204,7 +1202,6 @@ void mips_malta_init(MachineState *machine)
   isa_get_irq(NULL, 9), NULL, 0, NULL);
 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
 g_free(smbus_eeprom_buf);
-pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
 
 /* Super I/O */
 isa_create_simple(isa_bus, "i8042");
-- 
2.11.0

[Qemu-devel] [PATCH v4 16/16] piix4: we can now instanciate a PIIX4 with -device

2018-01-06 Thread Hervé Poussineau 
Note that the PIC master can't be connected to CPU using the command line, but
it's not necessary to have a working ISA bus (for I/O, memory and DMA).

Acked-by: Michael S. Tsirkin <m...@redhat.com>
Acked-by: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Hervé Poussineau <hpous...@reactos.org>
---
 hw/isa/piix4.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 1447d41934..f8e43636ab 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -269,12 +269,6 @@ static void piix4_class_init(ObjectClass *klass, void 
*data)
 dc->reset = piix4_reset;
 dc->desc = "ISA bridge";
 dc->vmsd = _piix4;
-/*
- * Reason: part of PIIX4 southbridge, needs to be wired up,
- * e.g. by mips_malta_init()
- */
-dc->user_creatable = false;
-dc->hotpluggable = false;
 }
 
 static const TypeInfo piix4_info = {
-- 
2.11.0

[Qemu-devel] [PATCH v4 10/16] piix4: add a i8042 keyboard/mouse controller as specified in datasheet

2018-01-06 Thread Hervé Poussineau 
Remove i8042 instanciated in malta board, to not have it twice.

Acked-by: Michael S. Tsirkin <m...@redhat.com>
Acked-by: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Hervé Poussineau <hpous...@reactos.org>
---
 hw/isa/piix4.c   | 3 +++
 hw/mips/mips_malta.c | 2 --
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 3f59750e5a..1aab78cdd2 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -169,6 +169,9 @@ static void piix4_realize(PCIDevice *pci_dev, Error **errp)
 /* DMA */
 DMA_init(isa_bus, 0);
 
+/* Super I/O */
+isa_create_simple(isa_bus, "i8042");
+
 piix4_dev = pci_dev;
 qemu_register_reset(piix4_reset, s);
 }
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index afe13c684f..7498fad006 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1204,8 +1204,6 @@ void mips_malta_init(MachineState *machine)
 g_free(smbus_eeprom_buf);
 
 /* Super I/O */
-isa_create_simple(isa_bus, "i8042");
-
 mc146818_rtc_init(isa_bus, 2000, NULL);
 serial_hds_isa_init(isa_bus, 0, 2);
 parallel_hds_isa_init(isa_bus, 1);
-- 
2.11.0

  1   2   3   4   5   6   7   8   9   10   >