Re: [PATCH] target/riscv: Fix orc.b implementation

[Vincent Palatin]

On Wed, Oct 13, 2021 at 8:41 PM Philipp Tomsich
 wrote:
>
> The earlier implementation fell into a corner case for bytes that were
> 0x01, giving a wrong result (but not affecting our application test
> cases for strings, as an ASCII value 0x01 is rare in those...).
>
> This changes the algorithm to:
>  1. Mask out the high-bit of each bytes (so that each byte is <= 127).
>  2. Add 127 to each byte (i.e. if the low 7 bits are not 0, this will overflow
> into the highest bit of each byte).
>  3. Bitwise-or the original value back in (to cover those cases where the
> source byte was exactly 128) to saturate the high-bit.
>  4. Shift-and-mask (implemented as a mask-and-shift) to extract the MSB of
> each byte into its LSB.
>  5. Multiply with 0xff to fan out the LSB to all bits of each byte.
>
> Fixes: d7a4fcb034 ("target/riscv: Add orc.b instruction for Zbb, removing 
> gorc/gorci")
>
> Signed-off-by: Philipp Tomsich 
> Reported-by: Vincent Palatin 
>


Tested-by: Vincent Palatin 


> ---
>
>  target/riscv/insn_trans/trans_rvb.c.inc | 13 -
>  1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/target/riscv/insn_trans/trans_rvb.c.inc 
> b/target/riscv/insn_trans/trans_rvb.c.inc
> index 185c3e9a60..3095624f32 100644
> --- a/target/riscv/insn_trans/trans_rvb.c.inc
> +++ b/target/riscv/insn_trans/trans_rvb.c.inc
> @@ -249,13 +249,16 @@ static bool trans_rev8_64(DisasContext *ctx, 
> arg_rev8_64 *a)
>  static void gen_orc_b(TCGv ret, TCGv source1)
>  {
>  TCGv  tmp = tcg_temp_new();
> -TCGv  ones = tcg_constant_tl(dup_const_tl(MO_8, 0x01));
> +TCGv  low7 = tcg_constant_tl(dup_const_tl(MO_8, 0x7f));
>
> -/* Set lsb in each byte if the byte was zero. */
> -tcg_gen_sub_tl(tmp, source1, ones);
> -tcg_gen_andc_tl(tmp, tmp, source1);
> +/* Set msb in each byte if the byte was non-zero. */
> +tcg_gen_and_tl(tmp, source1, low7);
> +tcg_gen_add_tl(tmp, tmp, low7);
> +tcg_gen_or_tl(tmp, tmp, source1);
> +
> +/* Extract the msb to the lsb in each byte */
> +tcg_gen_andc_tl(tmp, tmp, low7);
>  tcg_gen_shri_tl(tmp, tmp, 7);
> -tcg_gen_andc_tl(tmp, ones, tmp);
>
>  /* Replicate the lsb of each byte across the byte. */
>  tcg_gen_muli_tl(ret, tmp, 0xff);
> --
> 2.25.1
>

Re: [PULL 11/26] target/riscv: Add orc.b instruction for Zbb, removing gorc/gorci

[Vincent Palatin]

On Wed, Oct 13, 2021 at 3:13 PM Philipp Tomsich
 wrote:
>
> I had a much simpler version initially (using 3 x mask/shift/or, for
> 12 instructions after setup of constants), but took up the suggestion
> to optimize based on haszero(v)...
> Indeed this appears to not do what we expect, when there's only 0x01
> set in a byte.
>
> The less optimized form, with a single constant, that would still do
> what we want is:
>/* set high-bit for non-zero bytes */
>constant = dup_const_tl(MO_8, 0x7f);
>tmp = v & constant;   // AND
>tmp += constant;   // ADD
>tmp |= v;// OR
>/* extract high-bit to low-bit, for each word */
>tmp &= ~constant; // ANDC
>tmp >>= 7; // SHR
>/* multiply with 0xff to populate entire byte where the low-bit is set */
>tmp *= 0xff;// MUL
>
> I'll submit a patch with this one later today, once I had a chance to
> pass this through a full test.


Thanks for the insight.

I have tried it, implemented as:
```
static void gen_orc_b(TCGv ret, TCGv source1)
{
TCGv  tmp = tcg_temp_new();
TCGv  constant = tcg_constant_tl(dup_const_tl(MO_8, 0x7f));

/* set high-bit for non-zero bytes */
tcg_gen_and_tl(tmp, source1, constant);
tcg_gen_add_tl(tmp, tmp, constant);
tcg_gen_or_tl(tmp, tmp, source1);
/* extract high-bit to low-bit, for each word */
tcg_gen_andc_tl(tmp, tmp, constant);
tcg_gen_shri_tl(tmp, tmp, 7);

/* Replicate the lsb of each byte across the byte. */
tcg_gen_muli_tl(ret, tmp, 0xff);

tcg_temp_free(tmp);
}
```

It does pass my own test sequences.


>
> On Wed, 13 Oct 2021 at 11:36, Vincent Palatin  wrote:
> >
> > On Thu, Oct 7, 2021 at 8:58 AM Alistair Francis
> >  wrote:
> > >
> > > From: Philipp Tomsich 
> > >
> > > The 1.0.0 version of Zbb does not contain gorc/gorci.  Instead, a
> > > orc.b instruction (equivalent to the orc.b pseudo-instruction built on
> > > gorci from pre-0.93 draft-B) is available, mainly targeting
> > > string-processing workloads.
> > >
> > > This commit adds the new orc.b instruction and removed gorc/gorci.
> > >
> > > Signed-off-by: Philipp Tomsich 
> > > Reviewed-by: Richard Henderson 
> > > Reviewed-by: Alistair Francis 
> > > Message-id: 20210911140016.834071-12-philipp.toms...@vrull.eu
> > > Signed-off-by: Alistair Francis 
> > > ---
> > >  target/riscv/helper.h   |  2 --
> > >  target/riscv/insn32.decode  |  6 +---
> > >  target/riscv/bitmanip_helper.c  | 26 -
> > >  target/riscv/insn_trans/trans_rvb.c.inc | 39 +++--
> > >  4 files changed, 18 insertions(+), 55 deletions(-)
> > >
> > > diff --git a/target/riscv/helper.h b/target/riscv/helper.h
> > > index 8a318a2dbc..a9bda2c8ac 100644
> > > --- a/target/riscv/helper.h
> > > +++ b/target/riscv/helper.h
> > > @@ -61,8 +61,6 @@ DEF_HELPER_FLAGS_1(fclass_d, TCG_CALL_NO_RWG_SE, tl, 
> > > i64)
> > >  /* Bitmanip */
> > >  DEF_HELPER_FLAGS_2(grev, TCG_CALL_NO_RWG_SE, tl, tl, tl)
> > >  DEF_HELPER_FLAGS_2(grevw, TCG_CALL_NO_RWG_SE, tl, tl, tl)
> > > -DEF_HELPER_FLAGS_2(gorc, TCG_CALL_NO_RWG_SE, tl, tl, tl)
> > > -DEF_HELPER_FLAGS_2(gorcw, TCG_CALL_NO_RWG_SE, tl, tl, tl)
> > >  DEF_HELPER_FLAGS_2(clmul, TCG_CALL_NO_RWG_SE, tl, tl, tl)
> > >  DEF_HELPER_FLAGS_2(clmulr, TCG_CALL_NO_RWG_SE, tl, tl, tl)
> > >
> > > diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
> > > index a509cfee11..59202196dc 100644
> > > --- a/target/riscv/insn32.decode
> > > +++ b/target/riscv/insn32.decode
> > > @@ -681,6 +681,7 @@ max101 .. 110 . 0110011 @r
> > >  maxu   101 .. 111 . 0110011 @r
> > >  min101 .. 100 . 0110011 @r
> > >  minu   101 .. 101 . 0110011 @r
> > > +orc_b  001010 000111 . 101 . 0010011 @r2
> > >  orn010 .. 110 . 0110011 @r
> > >  rol011 .. 001 . 0110011 @r
> > >  ror011 .. 101 . 0110011 @r
> > > @@ -702,19 +703,14 @@ pack   100 .. 100 . 0110011 @r
> > >  packu  0100100 .. 100 . 0110011 @r
> > >  packh  100 .. 111 . 0110011 @r
> > >  grev   0110100 .. 101 . 0110011 @r
> > > -gorc   0010100 .. 101 . 0110011 @r
> > > -
> > >  grevi  01101.

Re: [PULL 11/26] target/riscv: Add orc.b instruction for Zbb, removing gorc/gorci

[Vincent Palatin]

On Thu, Oct 7, 2021 at 8:58 AM Alistair Francis
 wrote:
>
> From: Philipp Tomsich 
>
> The 1.0.0 version of Zbb does not contain gorc/gorci.  Instead, a
> orc.b instruction (equivalent to the orc.b pseudo-instruction built on
> gorci from pre-0.93 draft-B) is available, mainly targeting
> string-processing workloads.
>
> This commit adds the new orc.b instruction and removed gorc/gorci.
>
> Signed-off-by: Philipp Tomsich 
> Reviewed-by: Richard Henderson 
> Reviewed-by: Alistair Francis 
> Message-id: 20210911140016.834071-12-philipp.toms...@vrull.eu
> Signed-off-by: Alistair Francis 
> ---
>  target/riscv/helper.h   |  2 --
>  target/riscv/insn32.decode  |  6 +---
>  target/riscv/bitmanip_helper.c  | 26 -
>  target/riscv/insn_trans/trans_rvb.c.inc | 39 +++--
>  4 files changed, 18 insertions(+), 55 deletions(-)
>
> diff --git a/target/riscv/helper.h b/target/riscv/helper.h
> index 8a318a2dbc..a9bda2c8ac 100644
> --- a/target/riscv/helper.h
> +++ b/target/riscv/helper.h
> @@ -61,8 +61,6 @@ DEF_HELPER_FLAGS_1(fclass_d, TCG_CALL_NO_RWG_SE, tl, i64)
>  /* Bitmanip */
>  DEF_HELPER_FLAGS_2(grev, TCG_CALL_NO_RWG_SE, tl, tl, tl)
>  DEF_HELPER_FLAGS_2(grevw, TCG_CALL_NO_RWG_SE, tl, tl, tl)
> -DEF_HELPER_FLAGS_2(gorc, TCG_CALL_NO_RWG_SE, tl, tl, tl)
> -DEF_HELPER_FLAGS_2(gorcw, TCG_CALL_NO_RWG_SE, tl, tl, tl)
>  DEF_HELPER_FLAGS_2(clmul, TCG_CALL_NO_RWG_SE, tl, tl, tl)
>  DEF_HELPER_FLAGS_2(clmulr, TCG_CALL_NO_RWG_SE, tl, tl, tl)
>
> diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
> index a509cfee11..59202196dc 100644
> --- a/target/riscv/insn32.decode
> +++ b/target/riscv/insn32.decode
> @@ -681,6 +681,7 @@ max101 .. 110 . 0110011 @r
>  maxu   101 .. 111 . 0110011 @r
>  min101 .. 100 . 0110011 @r
>  minu   101 .. 101 . 0110011 @r
> +orc_b  001010 000111 . 101 . 0010011 @r2
>  orn010 .. 110 . 0110011 @r
>  rol011 .. 001 . 0110011 @r
>  ror011 .. 101 . 0110011 @r
> @@ -702,19 +703,14 @@ pack   100 .. 100 . 0110011 @r
>  packu  0100100 .. 100 . 0110011 @r
>  packh  100 .. 111 . 0110011 @r
>  grev   0110100 .. 101 . 0110011 @r
> -gorc   0010100 .. 101 . 0110011 @r
> -
>  grevi  01101. ... 101 . 0010011 @sh
> -gorci  00101. ... 101 . 0010011 @sh
>
>  # *** RV64B Standard Extension (in addition to RV32B) ***
>  packw  100 .. 100 . 0111011 @r
>  packuw 0100100 .. 100 . 0111011 @r
>  grevw  0110100 .. 101 . 0111011 @r
> -gorcw  0010100 .. 101 . 0111011 @r
>
>  greviw 0110100 .. 101 . 0011011 @sh5
> -gorciw 0010100 .. 101 . 0011011 @sh5
>
>  # *** RV32 Zbc Standard Extension ***
>  clmul  101 .. 001 . 0110011 @r
> diff --git a/target/riscv/bitmanip_helper.c b/target/riscv/bitmanip_helper.c
> index 73be5a81c7..bb48388fcd 100644
> --- a/target/riscv/bitmanip_helper.c
> +++ b/target/riscv/bitmanip_helper.c
> @@ -64,32 +64,6 @@ target_ulong HELPER(grevw)(target_ulong rs1, target_ulong 
> rs2)
>  return do_grev(rs1, rs2, 32);
>  }
>
> -static target_ulong do_gorc(target_ulong rs1,
> -target_ulong rs2,
> -int bits)
> -{
> -target_ulong x = rs1;
> -int i, shift;
> -
> -for (i = 0, shift = 1; shift < bits; i++, shift <<= 1) {
> -if (rs2 & shift) {
> -x |= do_swap(x, adjacent_masks[i], shift);
> -}
> -}
> -
> -return x;
> -}
> -
> -target_ulong HELPER(gorc)(target_ulong rs1, target_ulong rs2)
> -{
> -return do_gorc(rs1, rs2, TARGET_LONG_BITS);
> -}
> -
> -target_ulong HELPER(gorcw)(target_ulong rs1, target_ulong rs2)
> -{
> -return do_gorc(rs1, rs2, 32);
> -}
> -
>  target_ulong HELPER(clmul)(target_ulong rs1, target_ulong rs2)
>  {
>  target_ulong result = 0;
> diff --git a/target/riscv/insn_trans/trans_rvb.c.inc 
> b/target/riscv/insn_trans/trans_rvb.c.inc
> index bdfb495f24..d32af5915a 100644
> --- a/target/riscv/insn_trans/trans_rvb.c.inc
> +++ b/target/riscv/insn_trans/trans_rvb.c.inc
> @@ -295,16 +295,27 @@ static bool trans_grevi(DisasContext *ctx, arg_grevi *a)
>  return gen_shift_imm_fn(ctx, a, EXT_NONE, gen_grevi);
>  }
>
> -static bool trans_gorc(DisasContext *ctx, arg_gorc *a)
> +static void gen_orc_b(TCGv ret, TCGv source1)
>  {
> -REQUIRE_EXT(ctx, RVB);
> -return gen_shift(ctx, a, EXT_ZERO, gen_helper_gorc);
> +TCGv  tmp = tcg_temp_new();
> +TCGv  ones = tcg_constant_tl(dup_const_tl(MO_8, 0x01));
> +
> +/* Set lsb in each byte if the byte was zero. */
> +tcg_gen_sub_tl(tmp, source1, ones);
> +tcg_gen_andc_tl(tmp, tmp, source1);
> +tcg_gen_shri_tl(tmp, tmp, 7);
> +

[PATCH v1B] target/riscv: fix orc.b instruction in the Zbb extension

[Vincent Palatin]

The implementation was failing for the following 7 hexadecimal patterns
which return one wrong byte (0x00 instead of 0xff):
orc.b(0x01..) = 0x00.. (instead of 0xff..)
orc.b(0x..01) = 0x..00 (instead of 0x..ff)
orc.b(0x01..) = 0x00.. (instead of 0xff..)
orc.b(0x..01) = 0x..00 (instead of 0x..ff)
orc.b(0x01..) = 0x00.. (instead of 0xff..)
orc.b(0x..01) = 0x..00 (instead of 0x..ff)
orc.b(0x01..) = 0x00.. (instead of 0xff..)

Implement a simpler but less astute/optimized 'divide and conquer' method
where bits are or'ed by pairs, then the pairs are or'ed by pair ...

Signed-off-by: Vincent Palatin 
---
 target/riscv/insn_trans/trans_rvb.c.inc | 18 +-
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvb.c.inc 
b/target/riscv/insn_trans/trans_rvb.c.inc
index 185c3e9a60..04f795652d 100644
--- a/target/riscv/insn_trans/trans_rvb.c.inc
+++ b/target/riscv/insn_trans/trans_rvb.c.inc
@@ -249,18 +249,26 @@ static bool trans_rev8_64(DisasContext *ctx, arg_rev8_64 
*a)
 static void gen_orc_b(TCGv ret, TCGv source1)
 {
 TCGv  tmp = tcg_temp_new();
+TCGv  shifted = tcg_temp_new();
 TCGv  ones = tcg_constant_tl(dup_const_tl(MO_8, 0x01));
 
-/* Set lsb in each byte if the byte was zero. */
-tcg_gen_sub_tl(tmp, source1, ones);
-tcg_gen_andc_tl(tmp, tmp, source1);
-tcg_gen_shri_tl(tmp, tmp, 7);
-tcg_gen_andc_tl(tmp, ones, tmp);
+/*
+ * Divide and conquer: show one byte of the word in the comments,
+ * with U meaning Useful or'ed bit, X Junk content bit, . don't care.
+ */
+tcg_gen_shri_tl(shifted, source1, 1);
+tcg_gen_or_tl(tmp, source1, shifted); /* tmp[15:8] = XU.U.U.U */
+tcg_gen_shri_tl(shifted, tmp, 2);
+tcg_gen_or_tl(tmp, shifted, tmp); /* tmp[15:8] = XXXU...U */
+tcg_gen_shri_tl(shifted, tmp, 4);
+tcg_gen_or_tl(tmp, shifted, tmp); /* tmp[15:8] = XXXU */
+tcg_gen_and_tl(tmp, ones, tmp);   /* tmp[15:8] = 000U */
 
 /* Replicate the lsb of each byte across the byte. */
 tcg_gen_muli_tl(ret, tmp, 0xff);
 
 tcg_temp_free(tmp);
+tcg_temp_free(shifted);
 }
 
 static bool trans_orc_b(DisasContext *ctx, arg_orc_b *a)
-- 
2.25.1

[PATCH v1A] target/riscv: fix orc.b instruction in the Zbb extension

[Vincent Palatin]

The implementation was failing for the following 7 hexadecimal patterns
which return one wrong byte (0x00 instead of 0xff):
orc.b(0x01..) = 0x00.. (instead of 0xff..)
orc.b(0x..01) = 0x..00 (instead of 0x..ff)
orc.b(0x01..) = 0x00.. (instead of 0xff..)
orc.b(0x..01) = 0x..00 (instead of 0x..ff)
orc.b(0x01..) = 0x00.. (instead of 0xff..)
orc.b(0x..01) = 0x..00 (instead of 0x..ff)
orc.b(0x01..) = 0x00.. (instead of 0xff..)

Try to keep the carry from propagating and triggering the incorrect
results.

Signed-off-by: Vincent Palatin 
---
 target/riscv/insn_trans/trans_rvb.c.inc | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvb.c.inc 
b/target/riscv/insn_trans/trans_rvb.c.inc
index 185c3e9a60..b9fc272789 100644
--- a/target/riscv/insn_trans/trans_rvb.c.inc
+++ b/target/riscv/insn_trans/trans_rvb.c.inc
@@ -249,11 +249,17 @@ static bool trans_rev8_64(DisasContext *ctx, arg_rev8_64 
*a)
 static void gen_orc_b(TCGv ret, TCGv source1)
 {
 TCGv  tmp = tcg_temp_new();
+TCGv  tmp2 = tcg_temp_new();
 TCGv  ones = tcg_constant_tl(dup_const_tl(MO_8, 0x01));
 
+/* avoid carry propagation */
+tcg_gen_shli_tl(tmp, source1, 1);
+tcg_gen_or_tl(tmp, source1, tmp);
+tcg_gen_andc_tl(tmp2, tmp, ones);
+
 /* Set lsb in each byte if the byte was zero. */
-tcg_gen_sub_tl(tmp, source1, ones);
-tcg_gen_andc_tl(tmp, tmp, source1);
+tcg_gen_sub_tl(tmp, tmp2, ones);
+tcg_gen_andc_tl(tmp, tmp, tmp2);
 tcg_gen_shri_tl(tmp, tmp, 7);
 tcg_gen_andc_tl(tmp, ones, tmp);
 
@@ -261,6 +267,7 @@ static void gen_orc_b(TCGv ret, TCGv source1)
 tcg_gen_muli_tl(ret, tmp, 0xff);
 
 tcg_temp_free(tmp);
+tcg_temp_free(tmp2);
 }
 
 static bool trans_orc_b(DisasContext *ctx, arg_orc_b *a)
-- 
2.25.1

[Qemu-devel] [PATCH] hax: fix breakage in locking

[Vincent Palatin]

use qemu_mutex_lock_iothread consistently in qemu_hax_cpu_thread_fn() as
done in other _thread_fn functions, instead of grabbing directly the
BQL. This way we ensure that iothread_locked is properly set.

On v2.9.0-rc0, QEMU was dying in an assertion in the mutex code when
running with '--enable-hax' either on OSX or Windows. This bug was triggered
since the code modification for multithreading added new usages of
qemu_mutex_iothread_locked.
This fixes the breakage on both platforms, I can now run again a full
Chromium OS image with HAX kernel acceleration.

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 cpus.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cpus.c b/cpus.c
index b84a392dda..167d9615e1 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1344,8 +1344,9 @@ static void *qemu_hax_cpu_thread_fn(void *arg)
 {
 CPUState *cpu = arg;
 int r;
+
+qemu_mutex_lock_iothread();
 qemu_thread_get_self(cpu->thread);
-qemu_mutex_lock(_global_mutex);
 
 cpu->thread_id = qemu_get_thread_id();
 cpu->created = true;
-- 
2.12.0.367.g23dc2f6d3c-goog

Re: [Qemu-devel] [PATCH] s390x/kvm: include hw_accel.h instead of kvm.h

[Vincent Palatin]

On Tue, Jan 24, 2017 at 10:28 AM, Cornelia Huck
<cornelia.h...@de.ibm.com> wrote:
>
> Commit b394662 ("kvm: move cpu synchronization code") switched
> to hw_accel.h instead of kvm.h, but missed s390x, resulting in
>
>   CC  s390x-softmmu/target/s390x/kvm.o
> /home/cohuck/git/qemu/target/s390x/kvm.c: In function ‘kvm_sclp_service_call’:
> /home/cohuck/git/qemu/target/s390x/kvm.c:1034:5: error: implicit declaration 
> of function ‘cpu_synchronize_state’ [-Werror=implicit-function-declaration]
>  cpu_synchronize_state(CPU(cpu));
>  ^
> /home/cohuck/git/qemu/target/s390x/kvm.c:1034:5: error: nested extern 
> declaration of ‘cpu_synchronize_state’ [-Werror=nested-externs]
> /home/cohuck/git/qemu/target/s390x/kvm.c: In function 
> ‘sigp_initial_cpu_reset’:
> /home/cohuck/git/qemu/target/s390x/kvm.c:1628:5: error: implicit declaration 
> of function ‘cpu_synchronize_post_reset’ 
> [-Werror=implicit-function-declaration]
>  cpu_synchronize_post_reset(cs);
>  ^
> /home/cohuck/git/qemu/target/s390x/kvm.c:1628:5: error: nested extern 
> declaration of ‘cpu_synchronize_post_reset’ [-Werror=nested-externs]
> /home/cohuck/git/qemu/target/s390x/kvm.c: In function ‘sigp_set_prefix’:
> /home/cohuck/git/qemu/target/s390x/kvm.c:1665:5: error: implicit declaration 
> of function ‘cpu_synchronize_post_init’ 
> [-Werror=implicit-function-declaration]
>  cpu_synchronize_post_init(cs);
>  ^
> /home/cohuck/git/qemu/target/s390x/kvm.c:1665:5: error: nested extern 
> declaration of ‘cpu_synchronize_post_init’ [-Werror=nested-externs]
> cc1: all warnings being treated as errors
> /home/cohuck/git/qemu/rules.mak:64: recipe for target 'target/s390x/kvm.o' 
> failed
>
> Fix this.
>
> Fixes: b394662 ("kvm: move cpu synchronization code")
> Signed-off-by: Cornelia Huck <cornelia.h...@de.ibm.com>


Acked-by: Vincent Palatin <vpala...@chromium.org>

Sorry for the miss.


>
> ---
>  target/s390x/kvm.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
> index 3ac29f92b3..5ad0acbc82 100644
> --- a/target/s390x/kvm.c
> +++ b/target/s390x/kvm.c
> @@ -32,7 +32,7 @@
>  #include "qemu/error-report.h"
>  #include "qemu/timer.h"
>  #include "sysemu/sysemu.h"
> -#include "sysemu/kvm.h"
> +#include "sysemu/hw_accel.h"
>  #include "hw/hw.h"
>  #include "sysemu/device_tree.h"
>  #include "qapi/qmp/qjson.h"
> --
> 2.11.0
>

Re: [Qemu-devel] [PATCH] Revert "win32: don't run subprocess tests on Mingw32 platform"

[Vincent Palatin]

On Thu, Jan 12, 2017 at 2:25 PM, Eduardo Habkost <ehabk...@redhat.com> wrote:
> On Wed, Jan 04, 2017 at 09:57:22PM +0100, Marc-André Lureau wrote:
>> This reverts commit 7ad9339e372fcd12d584684d7f52ac259604a4f4.
>>
>> The error "Failed to execute helper program (No such file or directory)"
>> is due to broken glib installation, missing windows gspawn helpers.
>>
>> Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
>
> Daniel, are you still unable to run subprocess tests on Migw32?
>
> Anybody else able to test this and send a Tested-by line?

Works on my setup (mingw32-w64 build on Windows 10, with glib-2.46.2)

Tested-by: Vincent Palatin <vpala...@chromium.org>

>
>
>> ---
>>  configure | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/configure b/configure
>> index 218df87d21..54a222d5e7 100755
>> --- a/configure
>> +++ b/configure
>> @@ -3077,7 +3077,7 @@ fi
>>
>>  # g_test_trap_subprocess added in 2.38. Used by some tests.
>>  glib_subprocess=yes
>> -if test "$mingw32" = "yes" || ! $pkg_config --atleast-version=2.38 
>> glib-2.0; then
>> +if ! $pkg_config --atleast-version=2.38 glib-2.0; then
>>  glib_subprocess=no
>>  fi
>>
>> --
>> 2.11.0
>>
>
> --
> Eduardo
>

Re: [Qemu-devel] [PATCH v6 0/4] Add HAX support

[Vincent Palatin]

On Tue, Jan 10, 2017 at 12:20 PM,   wrote:
> Hi,
>
> Your series failed automatic build test. Please find the testing commands and
> their output below. If you have docker installed, you can probably reproduce 
> it
> locally.
[...]
> /tmp/qemu-test/src/target/i386/hax-mem.c:268:33: error: unknown type name 
> 'RAMBlockNotifier'
>  static void hax_ram_block_added(RAMBlockNotifier *n, void *host, size_t size)
>  ^~~~
> /tmp/qemu-test/src/target/i386/hax-mem.c:281:15: error: variable 
> 'hax_ram_notifier' has initializer but incomplete type
>  static struct RAMBlockNotifier hax_ram_notifier = {
>^~~~
> /tmp/qemu-test/src/target/i386/hax-mem.c:282:5: error: unknown field 
> 'ram_block_added' specified in initializer
>  .ram_block_added = hax_ram_block_added,
>  ^
> /tmp/qemu-test/src/target/i386/hax-mem.c:282:24: error: 'hax_ram_block_added' 
> undeclared here (not in a function)
>  .ram_block_added = hax_ram_block_added,
> ^~~
> /tmp/qemu-test/src/target/i386/hax-mem.c:282:24: error: excess elements in 
> struct initializer [-Werror]
> /tmp/qemu-test/src/target/i386/hax-mem.c:282:24: note: (near initialization 
> for 'hax_ram_notifier')
> /tmp/qemu-test/src/target/i386/hax-mem.c: In function 'hax_memory_init':
> /tmp/qemu-test/src/target/i386/hax-mem.c:287:5: error: implicit declaration 
> of function 'ram_block_notifier_add' [-Werror=implicit-function-declaration]
>  ram_block_notifier_add(_ram_notifier);
>  ^~
> /tmp/qemu-test/src/target/i386/hax-mem.c:287:5: error: nested extern 
> declaration of 'ram_block_notifier_add' [-Werror=nested-externs]
> /tmp/qemu-test/src/target/i386/hax-mem.c: At top level:
> /tmp/qemu-test/src/target/i386/hax-mem.c:281:32: error: storage size of 
> 'hax_ram_notifier' isn't known
>  static struct RAMBlockNotifier hax_ram_notifier = {
> ^~~~
> cc1: all warnings being treated as errors
> /tmp/qemu-test/src/rules.mak:64: recipe for target 'target/i386/hax-mem.o' 
> failed

it failed on the dependency to the unsubmitted Paolo's ramblock-notifier patch.

-- 
Vincent

[Qemu-devel] [PATCH v6 2/4] target/i386: Add Intel HAX files

[Vincent Palatin]

That's a forward port of the core HAX interface code from the
emu-2.2-release branch in the external/qemu-android repository as used by
the Android emulator.

The original commit was "target/i386: Add Intel HAX to android emulator"
saying:
"""
  Backport of 2b3098ff27bab079caab9b46b58546b5036f5c0c
  from studio-1.4-dev into emu-master-dev

Intel HAX (harware acceleration) will enhance android emulator performance
in Windows and Mac OS X in the systems powered by Intel processors with
"Intel Hardware Accelerated Execution Manager" package installed when
user runs android emulator with Intel target.

Signed-off-by: David Chou <david.j.c...@intel.com>
"""

It has been modified to build and run along with the current code base.
The formatting has been fixed to go through scripts/checkpatch.pl,
and the DPRINTF macros have been updated to get the instanciations checked by
the compiler.

The FPU registers saving/restoring has been updated to match the current
QEMU registers layout.

The implementation has been simplified by doing the following modifications:
- removing the code for supporting the hardware without Unrestricted Guest (UG)
  mode (including all the code to fallback on TCG emulation).
- not including the Darwin support (which is not yet debugged/tested).
- simplifying the initialization by removing the leftovers from the Android
  specific code, then trimming down the remaining logic.
- removing the unused MemoryListener callbacks.

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 hax-stub.c  |   39 ++
 include/sysemu/hax.h|   56 +++
 target/i386/hax-all.c   | 1155 +++
 target/i386/hax-i386.h  |   86 
 target/i386/hax-interface.h |  361 ++
 target/i386/hax-mem.c   |  289 +++
 target/i386/hax-windows.c   |  479 ++
 target/i386/hax-windows.h   |   89 
 8 files changed, 2554 insertions(+)
 create mode 100644 hax-stub.c
 create mode 100644 include/sysemu/hax.h
 create mode 100644 target/i386/hax-all.c
 create mode 100644 target/i386/hax-i386.h
 create mode 100644 target/i386/hax-interface.h
 create mode 100644 target/i386/hax-mem.c
 create mode 100644 target/i386/hax-windows.c
 create mode 100644 target/i386/hax-windows.h

diff --git a/hax-stub.c b/hax-stub.c
new file mode 100644
index 00..a532dbae81
--- /dev/null
+++ b/hax-stub.c
@@ -0,0 +1,39 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright (c) 2015, Intel Corporation
+ *
+ * Copyright 2016 Google, Inc.
+ *
+ * This software is licensed under the terms of the GNU General Public
+ * License version 2, as published by the Free Software Foundation, and
+ * may be copied, distributed, and modified under those terms.
+ *
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "sysemu/hax.h"
+
+int hax_sync_vcpus(void)
+{
+return 0;
+}
+
+int hax_populate_ram(uint64_t va, uint32_t size)
+{
+return -ENOSYS;
+}
+
+int hax_init_vcpu(CPUState *cpu)
+{
+return -ENOSYS;
+}
+
+int hax_smp_cpu_exec(CPUState *cpu)
+{
+return -ENOSYS;
+}
diff --git a/include/sysemu/hax.h b/include/sysemu/hax.h
new file mode 100644
index 00..d9f023918e
--- /dev/null
+++ b/include/sysemu/hax.h
@@ -0,0 +1,56 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright IBM, Corp. 2008
+ *
+ * Authors:
+ *  Anthony Liguori   <aligu...@us.ibm.com>
+ *
+ * Copyright (c) 2011 Intel Corporation
+ *  Written by:
+ *  Jiang Yunhong<yunhong.ji...@intel.com>
+ *  Xin Xiaohui<xiaohui@intel.com>
+ *  Zhang Xiantao<xiantao.zh...@intel.com>
+ *
+ * Copyright 2016 Google, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_HAX_H
+#define QEMU_HAX_H
+
+#include "config-host.h"
+#include "qemu-common.h"
+
+int hax_sync_vcpus(void);
+int hax_init_vcpu(CPUState *cpu);
+int hax_smp_cpu_exec(CPUState *cpu);
+int hax_populate_ram(uint64_t va, uint32_t size);
+
+void hax_cpu_synchronize_state(CPUState *cpu);
+void hax_cpu_synchronize_post_reset(CPUState *cpu);
+void hax_cpu_synchronize_post_init(CPUState *cpu);
+
+#ifdef CONFIG_HAX
+
+int hax_enabled(void);
+
+#include "hw/hw.h"
+#include "qemu/bitops.h"
+#include "exec/memory.h"
+int hax_vcpu_destroy(CPUState *cpu);
+void hax_raise_event(CPUState *cpu);
+void hax_reset_vcpu_state(void *opaque);
+#include "target/i386/hax-interface.h"
+#include "target/i386/hax-i386.h"
+
+#else /* CONFIG_HAX */
+
+#define hax_enabled() (0)
+
+#endif /* CONFIG_HAX */
+
+#endif /* QEMU_HAX_H */
diff --git a/target/i386/hax-all.c b/target/i386/hax-all.c
new file mode 100644
index 00..ef13015215
--- /dev/null
+++

[Qemu-devel] [PATCH v6 1/4] kvm: move cpu synchronization code

[Vincent Palatin]

Move the generic cpu_synchronize_ functions to the common hw_accel.h header,
in order to prepare for the addition of a second hardware accelerator.

Signed-off-by: Stefan Weil <s...@weilnetz.de>
Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 cpus.c  |  1 +
 gdbstub.c   |  1 +
 hw/i386/kvm/apic.c  |  1 +
 hw/i386/kvmvapic.c  |  1 +
 hw/misc/vmport.c|  2 +-
 hw/ppc/pnv_xscom.c  |  2 +-
 hw/ppc/ppce500_spin.c   |  4 ++--
 hw/ppc/spapr.c  |  2 +-
 hw/ppc/spapr_hcall.c|  2 +-
 hw/s390x/s390-pci-inst.c|  1 +
 include/sysemu/hw_accel.h   | 39 +++
 include/sysemu/kvm.h| 23 ---
 monitor.c   |  2 +-
 qom/cpu.c   |  2 +-
 target/arm/cpu.c|  2 +-
 target/i386/helper.c|  1 +
 target/i386/kvm.c   |  1 +
 target/ppc/mmu-hash64.c |  2 +-
 target/ppc/translate_init.c |  2 +-
 target/s390x/gdbstub.c  |  1 +
 20 files changed, 58 insertions(+), 34 deletions(-)
 create mode 100644 include/sysemu/hw_accel.h

diff --git a/cpus.c b/cpus.c
index 5213351c6d..fc78502ce5 100644
--- a/cpus.c
+++ b/cpus.c
@@ -33,6 +33,7 @@
 #include "sysemu/block-backend.h"
 #include "exec/gdbstub.h"
 #include "sysemu/dma.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "qmp-commands.h"
 #include "exec/exec-all.h"
diff --git a/gdbstub.c b/gdbstub.c
index de62d26096..de9b62b8f8 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -32,6 +32,7 @@
 #define MAX_PACKET_LENGTH 4096
 
 #include "qemu/sockets.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "exec/semihost.h"
 #include "exec/exec-all.h"
diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
index df5180b1e0..1df6d26816 100644
--- a/hw/i386/kvm/apic.c
+++ b/hw/i386/kvm/apic.c
@@ -14,6 +14,7 @@
 #include "cpu.h"
 #include "hw/i386/apic_internal.h"
 #include "hw/pci/msi.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "target/i386/kvm_i386.h"
 
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index b30d1b90c6..2f767b620e 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -14,6 +14,7 @@
 #include "exec/exec-all.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/cpus.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "hw/i386/apic_internal.h"
 #include "hw/sysbus.h"
diff --git a/hw/misc/vmport.c b/hw/misc/vmport.c
index c763811a9f..be40930b8b 100644
--- a/hw/misc/vmport.c
+++ b/hw/misc/vmport.c
@@ -25,7 +25,7 @@
 #include "hw/hw.h"
 #include "hw/isa/isa.h"
 #include "hw/i386/pc.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "hw/qdev.h"
 
 //#define VMPORT_DEBUG
diff --git a/hw/ppc/pnv_xscom.c b/hw/ppc/pnv_xscom.c
index b82af4f086..38bc85f117 100644
--- a/hw/ppc/pnv_xscom.c
+++ b/hw/ppc/pnv_xscom.c
@@ -20,7 +20,7 @@
 #include "qapi/error.h"
 #include "hw/hw.h"
 #include "qemu/log.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "target/ppc/cpu.h"
 #include "hw/sysbus.h"
 
diff --git a/hw/ppc/ppce500_spin.c b/hw/ppc/ppce500_spin.c
index cf958a9e00..eb219abdff 100644
--- a/hw/ppc/ppce500_spin.c
+++ b/hw/ppc/ppce500_spin.c
@@ -29,9 +29,9 @@
 
 #include "qemu/osdep.h"
 #include "hw/hw.h"
-#include "sysemu/sysemu.h"
 #include "hw/sysbus.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
+#include "sysemu/sysemu.h"
 #include "e500.h"
 
 #define MAX_CPUS 32
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 208ef7b110..a642e663d4 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -36,7 +36,7 @@
 #include "sysemu/device_tree.h"
 #include "sysemu/block-backend.h"
 #include "sysemu/cpus.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "kvm_ppc.h"
 #include "migration/migration.h"
 #include "mmu-hash64.h"
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 9a9bedf1bd..b2a8e48569 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1,5 +1,6 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/sysemu.h"
 #include "qemu/log.h"
 #include "cpu.h"
@@ -9,7 +10,6 @@
 #include "mmu-hash64.h"
 #include "cpu-models.h"
 #include "trace.h"
-#include "sysemu/kvm.h"
 #include "kvm_ppc.h"
 #include "hw/ppc/spapr_ovec

[Qemu-devel] [PATCH v6 4/4] hax: add Darwin support

[Vincent Palatin]

Re-add the MacOSX/Darwin support:
Use the Intel HAX is kernel-based hardware acceleration module
(similar to KVM on Linux).

Based on the original "target/i386: Add Intel HAX to android emulator" patch
from David Chou <david.j.c...@intel.com> from  emu-2.2-release branch in
the external/qemu-android repository.

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 target/i386/Makefile.objs |   3 +
 target/i386/hax-darwin.c  | 316 ++
 target/i386/hax-darwin.h  |  63 +
 target/i386/hax-i386.h|   8 ++
 4 files changed, 390 insertions(+)
 create mode 100644 target/i386/hax-darwin.c
 create mode 100644 target/i386/hax-darwin.h

diff --git a/target/i386/Makefile.objs b/target/i386/Makefile.objs
index acbe7b0752..4fcb7f3df0 100644
--- a/target/i386/Makefile.objs
+++ b/target/i386/Makefile.objs
@@ -9,3 +9,6 @@ obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
 ifdef CONFIG_WIN32
 obj-$(CONFIG_HAX) += hax-all.o hax-mem.o hax-windows.o
 endif
+ifdef CONFIG_DARWIN
+obj-$(CONFIG_HAX) += hax-all.o hax-mem.o hax-darwin.o
+endif
diff --git a/target/i386/hax-darwin.c b/target/i386/hax-darwin.c
new file mode 100644
index 00..1c5bbd0a2d
--- /dev/null
+++ b/target/i386/hax-darwin.c
@@ -0,0 +1,316 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright (c) 2011 Intel Corporation
+ *  Written by:
+ *  Jiang Yunhong<yunhong.ji...@intel.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+/* HAX module interface - darwin version */
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "qemu/osdep.h"
+#include "target/i386/hax-i386.h"
+
+hax_fd hax_mod_open(void)
+{
+int fd = open("/dev/HAX", O_RDWR);
+if (fd == -1) {
+fprintf(stderr, "Failed to open the hax module\n");
+}
+
+fcntl(fd, F_SETFD, FD_CLOEXEC);
+
+return fd;
+}
+
+int hax_populate_ram(uint64_t va, uint32_t size)
+{
+int ret;
+struct hax_alloc_ram_info info;
+
+if (!hax_global.vm || !hax_global.vm->fd) {
+fprintf(stderr, "Allocate memory before vm create?\n");
+return -EINVAL;
+}
+
+info.size = size;
+info.va = va;
+ret = ioctl(hax_global.vm->fd, HAX_VM_IOCTL_ALLOC_RAM, );
+if (ret < 0) {
+fprintf(stderr, "Failed to allocate %x memory\n", size);
+return ret;
+}
+return 0;
+}
+
+int hax_set_ram(uint64_t start_pa, uint32_t size, uint64_t host_va, int flags)
+{
+struct hax_set_ram_info info;
+int ret;
+
+info.pa_start = start_pa;
+info.size = size;
+info.va = host_va;
+info.flags = (uint8_t) flags;
+
+ret = ioctl(hax_global.vm->fd, HAX_VM_IOCTL_SET_RAM, );
+if (ret < 0) {
+return -errno;
+}
+return 0;
+}
+
+int hax_capability(struct hax_state *hax, struct hax_capabilityinfo *cap)
+{
+int ret;
+
+ret = ioctl(hax->fd, HAX_IOCTL_CAPABILITY, cap);
+if (ret == -1) {
+fprintf(stderr, "Failed to get HAX capability\n");
+return -errno;
+}
+
+return 0;
+}
+
+int hax_mod_version(struct hax_state *hax, struct hax_module_version *version)
+{
+int ret;
+
+ret = ioctl(hax->fd, HAX_IOCTL_VERSION, version);
+if (ret == -1) {
+fprintf(stderr, "Failed to get HAX version\n");
+return -errno;
+}
+
+return 0;
+}
+
+static char *hax_vm_devfs_string(int vm_id)
+{
+char *name;
+
+if (vm_id > MAX_VM_ID) {
+fprintf(stderr, "Too big VM id\n");
+return NULL;
+}
+
+#define HAX_VM_DEVFS "/dev/hax_vm/vmxx"
+name = g_strdup(HAX_VM_DEVFS);
+if (!name) {
+return NULL;
+}
+
+snprintf(name, sizeof HAX_VM_DEVFS, "/dev/hax_vm/vm%02d", vm_id);
+return name;
+}
+
+static char *hax_vcpu_devfs_string(int vm_id, int vcpu_id)
+{
+char *name;
+
+if (vm_id > MAX_VM_ID || vcpu_id > MAX_VCPU_ID) {
+fprintf(stderr, "Too big vm id %x or vcpu id %x\n", vm_id, vcpu_id);
+return NULL;
+}
+
+#define HAX_VCPU_DEVFS "/dev/hax_vmxx/vcpuxx"
+name = g_strdup(HAX_VCPU_DEVFS);
+if (!name) {
+return NULL;
+}
+
+snprintf(name, sizeof HAX_VCPU_DEVFS, "/dev/hax_vm%02d/vcpu%02d",
+ vm_id, vcpu_id);
+return name;
+}
+
+int hax_host_create_vm(struct hax_state *hax, int *vmid)
+{
+int ret;
+int vm_id = 0;
+
+if (hax_invalid_fd(hax->fd)) {
+return -EINVAL;
+}
+
+if (hax->vm) {
+return 0;
+}
+
+ret = ioctl(hax->fd, HAX_IOCTL_CREATE_VM, _id);
+*vmid = vm_id;
+return ret;
+}
+
+hax_fd hax_host_open_vm(struct hax_state *hax, int vm_id)
+{
+hax_fd fd;
+char *vm_name = NULL;
+
+vm_name = hax_vm_devfs_string(vm_id);
+if (!vm_name) {
+return -1;
+}
+
+  

[Qemu-devel] [PATCH v6 3/4] Plumb the HAXM-based hardware acceleration support

[Vincent Palatin]

Use the Intel HAX is kernel-based hardware acceleration module for
Windows (similar to KVM on Linux).

Based on the "target/i386: Add Intel HAX to android emulator" patch
from David Chou <david.j.c...@intel.com>

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 Makefile.target   |  1 +
 configure | 18 +++
 cpus.c| 78 ++-
 hw/intc/apic_common.c |  3 +-
 include/qom/cpu.h |  5 +++
 include/sysemu/hw_accel.h |  9 ++
 qemu-options.hx   | 11 +++
 target/i386/Makefile.objs |  4 +++
 util/qemu-thread-win32.c  |  4 +--
 vl.c  | 15 +++--
 10 files changed, 141 insertions(+), 7 deletions(-)

diff --git a/Makefile.target b/Makefile.target
index 8ae82cb311..c62e2acee3 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -97,6 +97,7 @@ obj-y += target/$(TARGET_BASE_ARCH)/
 obj-y += disas.o
 obj-y += tcg-runtime.o
 obj-$(call notempty,$(TARGET_XML_FILES)) += gdbstub-xml.o
+obj-$(call lnot,$(CONFIG_HAX)) += hax-stub.o
 obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
 
 obj-$(CONFIG_LIBDECNUMBER) += libdecnumber/decContext.o
diff --git a/configure b/configure
index 86f5214dd0..249faa164d 100755
--- a/configure
+++ b/configure
@@ -228,6 +228,7 @@ vhost_net="no"
 vhost_scsi="no"
 vhost_vsock="no"
 kvm="no"
+hax="no"
 colo="yes"
 rdma=""
 gprof="no"
@@ -562,6 +563,7 @@ CYGWIN*)
 ;;
 MINGW32*)
   mingw32="yes"
+  hax="yes"
   audio_possible_drivers="dsound sdl"
   if check_include dsound.h; then
 audio_drv_list="dsound"
@@ -611,6 +613,7 @@ OpenBSD)
 Darwin)
   bsd="yes"
   darwin="yes"
+  hax="yes"
   LDFLAGS_SHARED="-bundle -undefined dynamic_lookup"
   if [ "$cpu" = "x86_64" ] ; then
 QEMU_CFLAGS="-arch x86_64 $QEMU_CFLAGS"
@@ -920,6 +923,10 @@ for opt do
   ;;
   --enable-kvm) kvm="yes"
   ;;
+  --disable-hax) hax="no"
+  ;;
+  --enable-hax) hax="yes"
+  ;;
   --disable-colo) colo="no"
   ;;
   --enable-colo) colo="yes"
@@ -1372,6 +1379,7 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   fdt fdt device tree
   bluez   bluez stack connectivity
   kvm KVM acceleration support
+  hax HAX acceleration support
   coloCOarse-grain LOck-stepping VM for Non-stop Service
   rdmaRDMA-based migration support
   vde support for vde network
@@ -5063,6 +5071,7 @@ echo "ATTR/XATTR support $attr"
 echo "Install blobs $blobs"
 echo "KVM support   $kvm"
 echo "COLO support  $colo"
+echo "HAX support   $hax"
 echo "RDMA support  $rdma"
 echo "TCG interpreter   $tcg_interpreter"
 echo "fdt support   $fdt"
@@ -6050,6 +6059,15 @@ case "$target_name" in
   fi
 fi
 esac
+if test "$hax" = "yes" ; then
+  if test "$target_softmmu" = "yes" ; then
+case "$target_name" in
+i386|x86_64)
+  echo "CONFIG_HAX=y" >> $config_target_mak
+;;
+esac
+  fi
+fi
 if test "$target_bigendian" = "yes" ; then
   echo "TARGET_WORDS_BIGENDIAN=y" >> $config_target_mak
 fi
diff --git a/cpus.c b/cpus.c
index fc78502ce5..71a82e5004 100644
--- a/cpus.c
+++ b/cpus.c
@@ -35,6 +35,7 @@
 #include "sysemu/dma.h"
 #include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
+#include "sysemu/hax.h"
 #include "qmp-commands.h"
 #include "exec/exec-all.h"
 
@@ -1221,6 +1222,46 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
 return NULL;
 }
 
+static void *qemu_hax_cpu_thread_fn(void *arg)
+{
+CPUState *cpu = arg;
+int r;
+qemu_thread_get_self(cpu->thread);
+qemu_mutex_lock(_global_mutex);
+
+cpu->thread_id = qemu_get_thread_id();
+cpu->created = true;
+cpu->halted = 0;
+current_cpu = cpu;
+
+hax_init_vcpu(cpu);
+qemu_cond_signal(_cpu_cond);
+
+while (1) {
+if (cpu_can_run(cpu)) {
+r = hax_smp_cpu_exec(cpu);
+if (r == EXCP_DEBUG) {
+cpu_handle_guest_debug(cpu);
+}
+}
+
+while (cpu_thread_is_idle(cpu)) {
+qemu_cond_wait(cpu->halt_cond, _global_mutex);
+}
+#ifdef _WIN32
+SleepEx(0, TRUE);
+#endif
+qemu_wait_io_event_common(cpu);
+}
+return NULL;
+}
+
+#ifdef _WIN32
+static void CALLBACK dummy_apc_func(ULONG_PTR unused)
+{
+}
+#endif
+
 static void qemu_cpu_kick_thread(CPUState *cpu)
 {
 #ifndef _WIN32
@@ -1236,7 +1277,13 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
 exit(1)

[Qemu-devel] [PATCH v6 0/4] Add HAX support

[Vincent Palatin]

I took a stab at trying to rebase/upstream the support for Intel HAXM.
(Hardware Accelerated Execution Manager).
Intel HAX is kernel-based hardware acceleration module for Windows and MacOSX.

Another copy of this patchset is available at:
I have made another public copy there:
git://github.com/vpalatin/qemu.git tags/hax-v6-pull-request

https://github.com/vpalatin/qemu/tree/hax-v6-pull-request

I have based my work on the last version of the source code I found:
the emu-2.2-release branch in the external/qemu-android repository as used by
the Android emulator.
In patch 2/4, I have forward-ported the core HAX code from there.
It has been modified to build and run along with the current code base.
It has been simplifying by removing non-UG hardware support / Darwin support /
Android-specific leftovers.

This code depends on the new unmapping mechanism and fixes in Intel HAX kernel
module. They will publish soon a new version 6.1.0 of the HAX kernel module
including the fixes once their QA cycle is completed.
Thanks Yu Ning for making this happen.

In patch 3/4, I have put the plumbing into the QEMU code base, I did some clean
up there and it is reasonably intrusive: i.e.
 Makefile.target   |  1 +
 configure | 18 
 cpus.c| 74 ++-
 hw/intc/apic_common.c |  3 +-
 include/qom/cpu.h |  5 
 include/sysemu/hw_accel.h |  9 ++
 qemu-options.hx   | 11 +++
 target/i386/Makefile.objs |  4 +++
 util/qemu-thread-win32.c  |  4 +--
 vl.c  | 15 --
 10 files changed, 137 insertions(+), 7 deletions(-)

The patch 1/4 just extracts from KVM specific header the cpu_synchronize_
functions that HAX is also using.

The patch 4/4 is the Darwin support. This part is only lightly tested for now,
so it can be considered as 'experimental'.

I have tested the end result on a Windows 10 Pro machine (with UG support)
with the Intel HAXM module dev version and a large ChromiumOS x86_64 image to
exercise various code paths. It looks stable.
I also did a quick regression testing of the integration by running a Linux
build with KVM enabled.

Changes from v5 to v6:
- rebase against new upstream target directories changes
- rebase on top of Paolo's ramblock-notifier patch and use the new API.
- adjust qemu_cpu_kick according to Paolo's suggestions / use QueueUserApc.

Changes from v4 to v5:
- update HAX fastmmio API with the new MMIO to MMIO transfer.

Changes from v3 to v4:
- add RAM unmapping in the MemoryListener thanks to new API in HAX module 6.1.0
  and re-wrote the memory mappings management to deal with this.
- marked no longer used MMIO emulation as unsupported.
- clean-up a few left-overs from removed code.
- re-add an experimental version of the Darwin support.

Changes from v2 to v3:
- fix saving/restoring FPU registers as suggested by Paolo.
- fix Windows build on all targets as contributed by Stefan Weil.
- clean-up IO / MMIO emulation.
- more clean-up of emulation leftovers.

Changes from v1 to v2:
- fix all style issues in the original code to get it through checkpatch.pl.
- remove Darwin support, it was barely tested and not fully functional.
- remove the support for CPU without UG mode.
- fix most review comments

Vincent Palatin (4):
  kvm: move cpu synchronization code
  target/i386: Add Intel HAX files
  Plumb the HAXM-based hardware acceleration support
  hax: add Darwin support

 Makefile.target |1 +
 configure   |   18 +
 cpus.c  |   79 ++-
 gdbstub.c   |1 +
 hax-stub.c  |   39 ++
 hw/i386/kvm/apic.c  |1 +
 hw/i386/kvmvapic.c  |1 +
 hw/intc/apic_common.c   |3 +-
 hw/misc/vmport.c|2 +-
 hw/ppc/pnv_xscom.c  |2 +-
 hw/ppc/ppce500_spin.c   |4 +-
 hw/ppc/spapr.c  |2 +-
 hw/ppc/spapr_hcall.c|2 +-
 hw/s390x/s390-pci-inst.c|1 +
 include/qom/cpu.h   |5 +
 include/sysemu/hax.h|   56 +++
 include/sysemu/hw_accel.h   |   48 ++
 include/sysemu/kvm.h|   23 -
 monitor.c   |2 +-
 qemu-options.hx |   11 +
 qom/cpu.c   |2 +-
 target/arm/cpu.c|2 +-
 target/i386/Makefile.objs   |7 +
 target/i386/hax-all.c   | 1155 +++
 target/i386/hax-darwin.c|  316 
 target/i386/hax-darwin.h|   63 +++
 target/i386/hax-i386.h  |   94 
 target/i386/hax-interface.h |  361 ++
 target/i386/hax-mem.c   |  289 +++
 target/i386/hax-windows.c   |  479 ++
 target/i386/hax-windows.h   |   89 
 target/i386/helper.c|1 +
 target/i386/kvm.c   |1 +
 target/ppc/mmu-hash64.c |2 +-
 target/ppc/translate_init.c |2 +-
 target/s390x/gdbstub.c  |1 +
 util/qemu-thread-win32.c

Re: [Qemu-devel] [PATCH v5 3/4] Plumb the HAXM-based hardware acceleration support

[Vincent Palatin]

On Mon, Jan 9, 2017 at 2:03 PM, Paolo Bonzini <pbonz...@redhat.com> wrote:
>
>
> On 06/01/2017 15:08, Vincent Palatin wrote:
>>>>>> Apart from the above change, can you check if there are some less
>>>>>> heavyeight methods to force an exit?  I can think of QueueUserAPC with
>>>>>> an empty pfnAPC here, and SleepEx(0, TRUE) in qemu_hax_cpu_thread_fn
>>>>>> before qemu_wait_io_event_common.
>>>>> Actually I don't know a good test case to verify such a change, any 
>>>>> advice ?
>>> In fact there is a race anyway:
>> Thanks for the detailed examples and thoughts.
>> The timing/benchmarking code might actually need some kind of per-vcpu
>> time storage, but that's a detail.
>> I have experimented with it and so far, I have mainly generated random
>> numbers ...
>> I have yet to find a use-case where the current code (with
>> SuspendThread/ResumeThread) yields a better latency than just nothing
>> instead :(
>
> :)  Does QueueUserAPC generate better latency?


The same kind of random numbers so far.

By the way I have added  the THREAD_SET_CONTEXT  flag to the
OpenThread call in qemu_thread_get_handle() function, as I was getting
ACCESS_DENIED on the QueueUserApc call. Probably not terribly harmful.
I will publish the v6 series with this and continue my benchmarking quest.

>
> Windows delivers the scheduler tick to the first physical CPU.  Try
> pinning QEMU away from the first CPU.

Ok interesting, I will give it a try.

-- 
Vincent

Re: [Qemu-devel] [PATCH v5 3/4] Plumb the HAXM-based hardware acceleration support

[Vincent Palatin]

On Thu, Jan 5, 2017 at 10:38 PM, Paolo Bonzini <pbonz...@redhat.com> wrote:
>
>
> On 05/01/2017 15:01, Paolo Bonzini wrote:
>>
>>
>> On 05/01/2017 14:50, Vincent Palatin wrote:
>>> Sorry I missed it.
>>> I move it to qemu_cpu_kick() as asked in the Darwin patch.
>>>
>>>> Apart from the above change, can you check if there are some less
>>>> heavyeight methods to force an exit?  I can think of QueueUserAPC with
>>>> an empty pfnAPC here, and SleepEx(0, TRUE) in qemu_hax_cpu_thread_fn
>>>> before qemu_wait_io_event_common.
>>>
>>> Actually I don't know a good test case to verify such a change, any advice ?
>
> In fact there is a race anyway:

Thanks for the detailed examples and thoughts.
The timing/benchmarking code might actually need some kind of per-vcpu
time storage, but that's a detail.
I have experimented with it and so far, I have mainly generated random
numbers ...
I have yet to find a use-case where the current code (with
SuspendThread/ResumeThread) yields a better latency than just nothing
instead :(



>
> if (cpu->exit_request) {
> ret = 1;
> break;
> }
> cpu->exit_request
> SuspendThread
> ResumeThread
> hax_vcpu_interrupt(env);
> qemu_mutex_unlock_iothread();
> hax_ret = hax_vcpu_run(vcpu);
>
> and the same race is true for QueueUserAPC.  It's rare enough that I
> guess we can accept the patches with just a FIXME comment, but...  Yu
> Ning, can you tell us what user_event_pending is for? :)  My hunch is
> that we should call hax_raise_event after setting cpu->exit_request, like
>
> hax_raise_event();
> /* write user_event_pending before exit_request */
> smp_wmb();
> cpu->exit_request = 1;
> SuspendThread/ResumeThread
> (or QueueUserAPC)
>
> and in the hax thread:
>
> if (cpu->exit_request) {
> cpu->hax_vcpu->tunnel->user_event_pending = 0;
> ret = 1;
> break;
> }
>
> hax_vcpu_interrupt(env);
> qemu_mutex_unlock_iothread();
>
> /* read exit_request before user_event_pending */
> smp_rmb();
> hax_ret = hax_vcpu_run(vcpu);
>
> but I would like some more official documentation than my own reverse
> engineering of the brain of whoever wrote the interface (I have not
> looked at the HAXM driver binary).
>
> Paolo

Re: [Qemu-devel] [PATCH v5 4/4] hax: add Darwin support

[Vincent Palatin]

On Thu, Dec 22, 2016 at 10:49 AM, Paolo Bonzini <pbonz...@redhat.com> wrote:
>
>
> On 19/12/2016 17:24, Vincent Palatin wrote:
>> diff --git a/cpus.c b/cpus.c
>> index 0e01791..b8db313 100644
>> --- a/cpus.c
>> +++ b/cpus.c
>> @@ -1264,6 +1264,11 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
>>  return;
>>  }
>>  cpu->thread_kicked = true;
>> +#ifdef CONFIG_DARWIN
>> +if (hax_enabled()) {
>> +cpu->exit_request = 1;
>> +}
>> +#endif
>>  err = pthread_kill(cpu->thread->thread, SIG_IPI);
>>  if (err) {
>>  fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
>
> Instead of this, please place the "if" in qemu_cpu_kick before the call
> to qemu_cpu_kick_thread.  This way, it will be common to Win32 and Darwin.

Done in v6

Re: [Qemu-devel] [PATCH v5 3/4] Plumb the HAXM-based hardware acceleration support

[Vincent Palatin]

On Thu, Dec 22, 2016 at 10:57 AM, Paolo Bonzini <pbonz...@redhat.com> wrote:
>
>
> On 19/12/2016 17:24, Vincent Palatin wrote:
>>  #else /* _WIN32 */
>> -abort();
>> +if (!qemu_cpu_is_self(cpu)) {
>> +CONTEXT context;
>> +if (SuspendThread(cpu->hThread) == (DWORD)(-1)) {
>> +fprintf(stderr, "qemu:%s: GetLastError:%lu\n", __func__,
>> +GetLastError());
>> +exit(1);
>> +}
>> +
>> +/* On multi-core systems, we are not sure that the thread is 
>> actually
>> + * suspended until we can get the context.
>> + */
>> +context.ContextFlags = CONTEXT_CONTROL;
>> +while (GetThreadContext(cpu->hThread, ) != 0) {
>> +continue;
>> +}
>> +
>> +if (hax_enabled()) {
>> +cpu->exit_request = 1;
>> +}
>
> As mentioned in the reply to patch 4, please leave the cpu->exit_request
> = 1 assignment to the caller.

Sorry I missed it.
I move it to qemu_cpu_kick() as asked in the Darwin patch.

>
> Apart from the above change, can you check if there are some less
> heavyeight methods to force an exit?  I can think of QueueUserAPC with
> an empty pfnAPC here, and SleepEx(0, TRUE) in qemu_hax_cpu_thread_fn
> before qemu_wait_io_event_common.


Actually I don't know a good test case to verify such a change, any advice ?


>
>> +if (ResumeThread(cpu->hThread) == (DWORD)(-1)) {
>> +fprintf(stderr, "qemu:%s: GetLastError:%lu\n", __func__,
>> +GetLastError());
>> +exit(1);
>> +}
>> +}
>
> [...]
>
>>
>> +/*
>> + * In Hax, the qemu allocate the virtual address, and HAX kernel
>> + * populate the memory with physical memory. Currently we have 
>> no
>> + * paging, so user should make sure enough free memory in 
>> advance
>> + */
>> +if (hax_enabled()) {
>> +int ret;
>> +ret = hax_populate_ram((uint64_t)(uintptr_t)new_block->host,
>> +   new_block->max_length);
>> +if (ret < 0) {
>> +error_setg(errp, "Hax failed to populate ram");
>> +return;
>> +}
>> +}
>> +
>
> Can you check if the interface at
> http://marc.info/?l=qemu-devel=148225154320642=raw would be good for
> your purposes, and if so include that patch in your v6?

Seems to work, updated for v6.

-- 
Vincent

[Qemu-devel] [PATCH v5 4/4] hax: add Darwin support

[Vincent Palatin]

Re-add the MacOSX/Darwin support:
Use the Intel HAX is kernel-based hardware acceleration module
(similar to KVM on Linux).

Based on the original "target-i386: Add Intel HAX to android emulator" patch
from David Chou <david.j.c...@intel.com> from  emu-2.2-release branch in
the external/qemu-android repository.

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 cpus.c|   5 +
 target-i386/Makefile.objs |   3 +
 target-i386/hax-darwin.c  | 316 ++
 target-i386/hax-darwin.h  |  63 +
 target-i386/hax-i386.h|   8 ++
 5 files changed, 395 insertions(+)
 create mode 100644 target-i386/hax-darwin.c
 create mode 100644 target-i386/hax-darwin.h

diff --git a/cpus.c b/cpus.c
index 0e01791..b8db313 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1264,6 +1264,11 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
 return;
 }
 cpu->thread_kicked = true;
+#ifdef CONFIG_DARWIN
+if (hax_enabled()) {
+cpu->exit_request = 1;
+}
+#endif
 err = pthread_kill(cpu->thread->thread, SIG_IPI);
 if (err) {
 fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
diff --git a/target-i386/Makefile.objs b/target-i386/Makefile.objs
index acbe7b0..4fcb7f3 100644
--- a/target-i386/Makefile.objs
+++ b/target-i386/Makefile.objs
@@ -9,3 +9,6 @@ obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
 ifdef CONFIG_WIN32
 obj-$(CONFIG_HAX) += hax-all.o hax-mem.o hax-windows.o
 endif
+ifdef CONFIG_DARWIN
+obj-$(CONFIG_HAX) += hax-all.o hax-mem.o hax-darwin.o
+endif
diff --git a/target-i386/hax-darwin.c b/target-i386/hax-darwin.c
new file mode 100644
index 000..240d8d3
--- /dev/null
+++ b/target-i386/hax-darwin.c
@@ -0,0 +1,316 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright (c) 2011 Intel Corporation
+ *  Written by:
+ *  Jiang Yunhong<yunhong.ji...@intel.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+/* HAX module interface - darwin version */
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "qemu/osdep.h"
+#include "target-i386/hax-i386.h"
+
+hax_fd hax_mod_open(void)
+{
+int fd = open("/dev/HAX", O_RDWR);
+if (fd == -1) {
+fprintf(stderr, "Failed to open the hax module\n");
+}
+
+fcntl(fd, F_SETFD, FD_CLOEXEC);
+
+return fd;
+}
+
+int hax_populate_ram(uint64_t va, uint32_t size)
+{
+int ret;
+struct hax_alloc_ram_info info;
+
+if (!hax_global.vm || !hax_global.vm->fd) {
+fprintf(stderr, "Allocate memory before vm create?\n");
+return -EINVAL;
+}
+
+info.size = size;
+info.va = va;
+ret = ioctl(hax_global.vm->fd, HAX_VM_IOCTL_ALLOC_RAM, );
+if (ret < 0) {
+fprintf(stderr, "Failed to allocate %x memory\n", size);
+return ret;
+}
+return 0;
+}
+
+int hax_set_ram(uint64_t start_pa, uint32_t size, uint64_t host_va, int flags)
+{
+struct hax_set_ram_info info;
+int ret;
+
+info.pa_start = start_pa;
+info.size = size;
+info.va = host_va;
+info.flags = (uint8_t) flags;
+
+ret = ioctl(hax_global.vm->fd, HAX_VM_IOCTL_SET_RAM, );
+if (ret < 0) {
+return -errno;
+}
+return 0;
+}
+
+int hax_capability(struct hax_state *hax, struct hax_capabilityinfo *cap)
+{
+int ret;
+
+ret = ioctl(hax->fd, HAX_IOCTL_CAPABILITY, cap);
+if (ret == -1) {
+fprintf(stderr, "Failed to get HAX capability\n");
+return -errno;
+}
+
+return 0;
+}
+
+int hax_mod_version(struct hax_state *hax, struct hax_module_version *version)
+{
+int ret;
+
+ret = ioctl(hax->fd, HAX_IOCTL_VERSION, version);
+if (ret == -1) {
+fprintf(stderr, "Failed to get HAX version\n");
+return -errno;
+}
+
+return 0;
+}
+
+static char *hax_vm_devfs_string(int vm_id)
+{
+char *name;
+
+if (vm_id > MAX_VM_ID) {
+fprintf(stderr, "Too big VM id\n");
+return NULL;
+}
+
+#define HAX_VM_DEVFS "/dev/hax_vm/vmxx"
+name = g_strdup(HAX_VM_DEVFS);
+if (!name) {
+return NULL;
+}
+
+snprintf(name, sizeof HAX_VM_DEVFS, "/dev/hax_vm/vm%02d", vm_id);
+return name;
+}
+
+static char *hax_vcpu_devfs_string(int vm_id, int vcpu_id)
+{
+char *name;
+
+if (vm_id > MAX_VM_ID || vcpu_id > MAX_VCPU_ID) {
+fprintf(stderr, "Too big vm id %x or vcpu id %x\n", vm_id, vcpu_id);
+return NULL;
+}
+
+#define HAX_VCPU_DEVFS "/dev/hax_vmxx/vcpuxx"
+name = g_strdup(HAX_VCPU_DEVFS);
+if (!name) {
+return NULL;
+}
+
+snprintf(name, sizeof HAX_VCPU_DEVFS, "/dev/hax_vm%02d/vcpu%02d",
+ vm_id, vcpu_id);
+return name;
+}
+
+int hax_host_create_vm(struct hax_state

[Qemu-devel] [PATCH v5 2/4] target-i386: Add Intel HAX files

[Vincent Palatin]

That's a forward port of the core HAX interface code from the
emu-2.2-release branch in the external/qemu-android repository as used by
the Android emulator.

The original commit was "target-i386: Add Intel HAX to android emulator"
saying:
"""
  Backport of 2b3098ff27bab079caab9b46b58546b5036f5c0c
  from studio-1.4-dev into emu-master-dev

Intel HAX (harware acceleration) will enhance android emulator performance
in Windows and Mac OS X in the systems powered by Intel processors with
"Intel Hardware Accelerated Execution Manager" package installed when
user runs android emulator with Intel target.

Signed-off-by: David Chou <david.j.c...@intel.com>
"""

It has been modified to build and run along with the current code base.
The formatting has been fixed to go through scripts/checkpatch.pl,
and the DPRINTF macros have been updated to get the instanciations checked by
the compiler.

The FPU registers saving/restoring has been updated to match the current
QEMU registers layout.

The implementation has been simplified by doing the following modifications:
- removing the code for supporting the hardware without Unrestricted Guest (UG)
  mode (including all the code to fallback on TCG emulation).
- not including the Darwin support (which is not yet debugged/tested).
- simplifying the initialization by removing the leftovers from the Android
  specific code, then trimming down the remaining logic.
- removing the unused MemoryListener callbacks.

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 hax-stub.c  |   39 ++
 include/sysemu/hax.h|   56 +++
 target-i386/hax-all.c   | 1155 +++
 target-i386/hax-i386.h  |   86 
 target-i386/hax-interface.h |  361 ++
 target-i386/hax-mem.c   |  271 ++
 target-i386/hax-windows.c   |  479 ++
 target-i386/hax-windows.h   |   89 
 8 files changed, 2536 insertions(+)
 create mode 100644 hax-stub.c
 create mode 100644 include/sysemu/hax.h
 create mode 100644 target-i386/hax-all.c
 create mode 100644 target-i386/hax-i386.h
 create mode 100644 target-i386/hax-interface.h
 create mode 100644 target-i386/hax-mem.c
 create mode 100644 target-i386/hax-windows.c
 create mode 100644 target-i386/hax-windows.h

diff --git a/hax-stub.c b/hax-stub.c
new file mode 100644
index 000..a532dba
--- /dev/null
+++ b/hax-stub.c
@@ -0,0 +1,39 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright (c) 2015, Intel Corporation
+ *
+ * Copyright 2016 Google, Inc.
+ *
+ * This software is licensed under the terms of the GNU General Public
+ * License version 2, as published by the Free Software Foundation, and
+ * may be copied, distributed, and modified under those terms.
+ *
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "sysemu/hax.h"
+
+int hax_sync_vcpus(void)
+{
+return 0;
+}
+
+int hax_populate_ram(uint64_t va, uint32_t size)
+{
+return -ENOSYS;
+}
+
+int hax_init_vcpu(CPUState *cpu)
+{
+return -ENOSYS;
+}
+
+int hax_smp_cpu_exec(CPUState *cpu)
+{
+return -ENOSYS;
+}
diff --git a/include/sysemu/hax.h b/include/sysemu/hax.h
new file mode 100644
index 000..51c8fd5
--- /dev/null
+++ b/include/sysemu/hax.h
@@ -0,0 +1,56 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright IBM, Corp. 2008
+ *
+ * Authors:
+ *  Anthony Liguori   <aligu...@us.ibm.com>
+ *
+ * Copyright (c) 2011 Intel Corporation
+ *  Written by:
+ *  Jiang Yunhong<yunhong.ji...@intel.com>
+ *  Xin Xiaohui<xiaohui@intel.com>
+ *  Zhang Xiantao<xiantao.zh...@intel.com>
+ *
+ * Copyright 2016 Google, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_HAX_H
+#define QEMU_HAX_H
+
+#include "config-host.h"
+#include "qemu-common.h"
+
+int hax_sync_vcpus(void);
+int hax_init_vcpu(CPUState *cpu);
+int hax_smp_cpu_exec(CPUState *cpu);
+int hax_populate_ram(uint64_t va, uint32_t size);
+
+void hax_cpu_synchronize_state(CPUState *cpu);
+void hax_cpu_synchronize_post_reset(CPUState *cpu);
+void hax_cpu_synchronize_post_init(CPUState *cpu);
+
+#ifdef CONFIG_HAX
+
+int hax_enabled(void);
+
+#include "hw/hw.h"
+#include "qemu/bitops.h"
+#include "exec/memory.h"
+int hax_vcpu_destroy(CPUState *cpu);
+void hax_raise_event(CPUState *cpu);
+void hax_reset_vcpu_state(void *opaque);
+#include "target-i386/hax-interface.h"
+#include "target-i386/hax-i386.h"
+
+#else /* CONFIG_HAX */
+
+#define hax_enabled() (0)
+
+#endif /* CONFIG_HAX */
+
+#endif /* QEMU_HAX_H */
diff --git a/target-i386/hax-all.c b/target-i386/hax-all.c
new file mode 100644
index 000..8892323
--- /dev/null
+++ b/target-i386/hax-a

[Qemu-devel] [PATCH v5 1/4] kvm: move cpu synchronization code

[Vincent Palatin]

Move the generic cpu_synchronize_ functions to the common hw_accel.h header,
in order to prepare for the addition of a second hardware accelerator.

Signed-off-by: Stefan Weil <s...@weilnetz.de>
Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 cpus.c  |  1 +
 gdbstub.c   |  1 +
 hw/i386/kvm/apic.c  |  1 +
 hw/i386/kvmvapic.c  |  1 +
 hw/misc/vmport.c|  2 +-
 hw/ppc/pnv_xscom.c  |  2 +-
 hw/ppc/ppce500_spin.c   |  4 ++--
 hw/ppc/spapr.c  |  2 +-
 hw/ppc/spapr_hcall.c|  2 +-
 hw/s390x/s390-pci-inst.c|  1 +
 include/sysemu/hw_accel.h   | 39 +++
 include/sysemu/kvm.h| 23 ---
 monitor.c   |  2 +-
 qom/cpu.c   |  2 +-
 target-arm/cpu.c|  2 +-
 target-i386/helper.c|  1 +
 target-i386/kvm.c   |  1 +
 target-ppc/mmu-hash64.c |  2 +-
 target-ppc/translate_init.c |  2 +-
 target-s390x/gdbstub.c  |  1 +
 20 files changed, 58 insertions(+), 34 deletions(-)
 create mode 100644 include/sysemu/hw_accel.h

diff --git a/cpus.c b/cpus.c
index 5213351..fc78502 100644
--- a/cpus.c
+++ b/cpus.c
@@ -33,6 +33,7 @@
 #include "sysemu/block-backend.h"
 #include "exec/gdbstub.h"
 #include "sysemu/dma.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "qmp-commands.h"
 #include "exec/exec-all.h"
diff --git a/gdbstub.c b/gdbstub.c
index de62d26..de9b62b 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -32,6 +32,7 @@
 #define MAX_PACKET_LENGTH 4096
 
 #include "qemu/sockets.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "exec/semihost.h"
 #include "exec/exec-all.h"
diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
index 01cbaa8..328f80c 100644
--- a/hw/i386/kvm/apic.c
+++ b/hw/i386/kvm/apic.c
@@ -14,6 +14,7 @@
 #include "cpu.h"
 #include "hw/i386/apic_internal.h"
 #include "hw/pci/msi.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "target-i386/kvm_i386.h"
 
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index b30d1b9..2f767b6 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -14,6 +14,7 @@
 #include "exec/exec-all.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/cpus.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "hw/i386/apic_internal.h"
 #include "hw/sysbus.h"
diff --git a/hw/misc/vmport.c b/hw/misc/vmport.c
index c763811..be40930 100644
--- a/hw/misc/vmport.c
+++ b/hw/misc/vmport.c
@@ -25,7 +25,7 @@
 #include "hw/hw.h"
 #include "hw/isa/isa.h"
 #include "hw/i386/pc.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "hw/qdev.h"
 
 //#define VMPORT_DEBUG
diff --git a/hw/ppc/pnv_xscom.c b/hw/ppc/pnv_xscom.c
index 8da2718..cd5c2b8 100644
--- a/hw/ppc/pnv_xscom.c
+++ b/hw/ppc/pnv_xscom.c
@@ -20,7 +20,7 @@
 #include "qapi/error.h"
 #include "hw/hw.h"
 #include "qemu/log.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "target-ppc/cpu.h"
 #include "hw/sysbus.h"
 
diff --git a/hw/ppc/ppce500_spin.c b/hw/ppc/ppce500_spin.c
index cf958a9..eb219ab 100644
--- a/hw/ppc/ppce500_spin.c
+++ b/hw/ppc/ppce500_spin.c
@@ -29,9 +29,9 @@
 
 #include "qemu/osdep.h"
 #include "hw/hw.h"
-#include "sysemu/sysemu.h"
 #include "hw/sysbus.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
+#include "sysemu/sysemu.h"
 #include "e500.h"
 
 #define MAX_CPUS 32
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 208ef7b..a642e66 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -36,7 +36,7 @@
 #include "sysemu/device_tree.h"
 #include "sysemu/block-backend.h"
 #include "sysemu/cpus.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "kvm_ppc.h"
 #include "migration/migration.h"
 #include "mmu-hash64.h"
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 9a9bedf..b2a8e48 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1,5 +1,6 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/sysemu.h"
 #include "qemu/log.h"
 #include "cpu.h"
@@ -9,7 +10,6 @@
 #include "mmu-hash64.h"
 #include "cpu-models.h"
 #include "trace.h"
-#include "sysemu/kvm.h"
 #include "kvm_ppc.h"
 #include "hw/ppc/spapr_ovec.h"
 
diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x

[Qemu-devel] [PATCH v5 3/4] Plumb the HAXM-based hardware acceleration support

[Vincent Palatin]

Use the Intel HAX is kernel-based hardware acceleration module for
Windows (similar to KVM on Linux).

Based on the "target-i386: Add Intel HAX to android emulator" patch
from David Chou <david.j.c...@intel.com>

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 Makefile.target   |  1 +
 configure | 18 ++
 cpus.c| 87 ++-
 exec.c| 16 +
 hw/intc/apic_common.c |  3 +-
 include/qom/cpu.h |  5 +++
 include/sysemu/hw_accel.h |  9 +
 qemu-options.hx   | 11 ++
 target-i386/Makefile.objs |  4 +++
 vl.c  | 15 ++--
 10 files changed, 164 insertions(+), 5 deletions(-)

diff --git a/Makefile.target b/Makefile.target
index 7a5080e..dab81e7 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -96,6 +96,7 @@ obj-y += target-$(TARGET_BASE_ARCH)/
 obj-y += disas.o
 obj-y += tcg-runtime.o
 obj-$(call notempty,$(TARGET_XML_FILES)) += gdbstub-xml.o
+obj-$(call lnot,$(CONFIG_HAX)) += hax-stub.o
 obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
 
 obj-$(CONFIG_LIBDECNUMBER) += libdecnumber/decContext.o
diff --git a/configure b/configure
index 3770d7c..ba32bea 100755
--- a/configure
+++ b/configure
@@ -230,6 +230,7 @@ vhost_net="no"
 vhost_scsi="no"
 vhost_vsock="no"
 kvm="no"
+hax="no"
 colo="yes"
 rdma=""
 gprof="no"
@@ -563,6 +564,7 @@ CYGWIN*)
 ;;
 MINGW32*)
   mingw32="yes"
+  hax="yes"
   audio_possible_drivers="dsound sdl"
   if check_include dsound.h; then
 audio_drv_list="dsound"
@@ -612,6 +614,7 @@ OpenBSD)
 Darwin)
   bsd="yes"
   darwin="yes"
+  hax="yes"
   LDFLAGS_SHARED="-bundle -undefined dynamic_lookup"
   if [ "$cpu" = "x86_64" ] ; then
 QEMU_CFLAGS="-arch x86_64 $QEMU_CFLAGS"
@@ -921,6 +924,10 @@ for opt do
   ;;
   --enable-kvm) kvm="yes"
   ;;
+  --disable-hax) hax="no"
+  ;;
+  --enable-hax) hax="yes"
+  ;;
   --disable-colo) colo="no"
   ;;
   --enable-colo) colo="yes"
@@ -1373,6 +1380,7 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   fdt fdt device tree
   bluez   bluez stack connectivity
   kvm KVM acceleration support
+  hax HAX acceleration support
   coloCOarse-grain LOck-stepping VM for Non-stop Service
   rdmaRDMA-based migration support
   vde support for vde network
@@ -5051,6 +5059,7 @@ echo "ATTR/XATTR support $attr"
 echo "Install blobs $blobs"
 echo "KVM support   $kvm"
 echo "COLO support  $colo"
+echo "HAX support   $hax"
 echo "RDMA support  $rdma"
 echo "TCG interpreter   $tcg_interpreter"
 echo "fdt support   $fdt"
@@ -6035,6 +6044,15 @@ case "$target_name" in
   fi
 fi
 esac
+if test "$hax" = "yes" ; then
+  if test "$target_softmmu" = "yes" ; then
+case "$target_name" in
+i386|x86_64)
+  echo "CONFIG_HAX=y" >> $config_target_mak
+;;
+esac
+  fi
+fi
 if test "$target_bigendian" = "yes" ; then
   echo "TARGET_WORDS_BIGENDIAN=y" >> $config_target_mak
 fi
diff --git a/cpus.c b/cpus.c
index fc78502..0e01791 100644
--- a/cpus.c
+++ b/cpus.c
@@ -35,6 +35,7 @@
 #include "sysemu/dma.h"
 #include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
+#include "sysemu/hax.h"
 #include "qmp-commands.h"
 #include "exec/exec-all.h"
 
@@ -1221,6 +1222,39 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
 return NULL;
 }
 
+static void *qemu_hax_cpu_thread_fn(void *arg)
+{
+CPUState *cpu = arg;
+int r;
+qemu_thread_get_self(cpu->thread);
+qemu_mutex_lock(_global_mutex);
+
+cpu->thread_id = qemu_get_thread_id();
+cpu->created = true;
+cpu->halted = 0;
+current_cpu = cpu;
+
+hax_init_vcpu(cpu);
+qemu_cond_signal(_cpu_cond);
+
+while (1) {
+if (cpu_can_run(cpu)) {
+r = hax_smp_cpu_exec(cpu);
+if (r == EXCP_DEBUG) {
+cpu_handle_guest_debug(cpu);
+}
+}
+
+while (cpu_thread_is_idle(cpu)) {
+qemu_cond_wait(cpu->halt_cond, _global_mutex);
+}
+
+qemu_wait_io_event_common(cpu);
+}
+return NULL;
+}
+
+
 static void qemu_cpu_kick_thread(CPUState *cpu)
 {
 #ifndef _WIN32
@@ -1236,7 +1270,33 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
 exit(1);
 }
 #else /* _WIN32 */
-abort();
+if (!qemu_cpu_is_self(cpu)) {
+CONTEXT context;
+
+if (SuspendThr

[Qemu-devel] [PATCH v5 0/4] Add HAX support

[Vincent Palatin]

I took a stab at trying to rebase/upstream the support for Intel HAXM.
(Hardware Accelerated Execution Manager).
Intel HAX is kernel-based hardware acceleration module for Windows and MacOSX.

I have based my work on the last version of the source code I found:
the emu-2.2-release branch in the external/qemu-android repository as used by
the Android emulator.
In patch 2/4, I have forward-ported the core HAX code from there.
It has been modified to build and run along with the current code base.
It has been simplifying by removing non-UG hardware support / Darwin support /
Android-specific leftovers.

Intel nicely fixed the 2 remaining issues on the kernel side:
- the spurious request  to emulate MMIO access in un-paged mode is no longer
  happening (as seen in iPXE).
- the kernel API now provides a way to remove a memory mapping, so we can
  do a proper MemoryListener implementation.
They will publish soon a new version 6.1.0 of the HAX kernel module including
the fixes once their QA cycle is completed.
Thanks Yu Ning for making this happen.

In patch 3/4, I have put the plumbing into the QEMU code base, I did some clean
up there and it is reasonably intrusive: i.e.
 Makefile.target   |  1 +
 configure | 18 ++
 cpus.c| 87 ++-
 exec.c| 16 +
 hw/intc/apic_common.c |  3 +-
 include/qom/cpu.h |  5 +++
 include/sysemu/hw_accel.h |  9 +
 qemu-options.hx   | 11 ++
 target-i386/Makefile.objs |  4 +++
 vl.c  | 15 ++--
 10 files changed, 164 insertions(+), 5 deletions(-)

The patch 1/4 just extracts from KVM specific header the cpu_synchronize_
functions that HAX is also using.

The patch 4/4 is the Darwin support. This part is only lightly tested for now,
so it can be considered as 'experimental'.

I have tested the end result on a Windows 10 Pro machine (with UG support)
with the Intel HAXM module dev version and a large ChromiumOS x86_64 image to
exercise various code paths. It looks stable.
I also did a quick regression testing of the integration by running a Linux
build with KVM enabled.

Changes from v4 to v5:
- update HAX fastmmio API with the new MMIO to MMIO transfer.

Changes from v3 to v4:
- add RAM unmapping in the MemoryListener thanks to new API in HAX module 6.1.0
  and re-wrote the memory mappings management to deal with this.
- marked no longer used MMIO emulation as unsupported.
- clean-up a few left-overs from removed code.
- re-add an experimental version of the Darwin support.

Changes from v2 to v3:
- fix saving/restoring FPU registers as suggested by Paolo.
- fix Windows build on all targets as contributed by Stefan Weil.
- clean-up IO / MMIO emulation.
- more clean-up of emulation leftovers.

Changes from v1 to v2:
- fix all style issues in the original code to get it through checkpatch.pl.
- remove Darwin support, it was barely tested and not fully functional.
- remove the support for CPU without UG mode.
- fix most review comments

Vincent Palatin (4):
  kvm: move cpu synchronization code
  target-i386: Add Intel HAX files
  Plumb the HAXM-based hardware acceleration support
  hax: add Darwin support

 Makefile.target |1 +
 configure   |   18 +
 cpus.c  |   93 +++-
 exec.c  |   16 +
 gdbstub.c   |1 +
 hax-stub.c  |   39 ++
 hw/i386/kvm/apic.c  |1 +
 hw/i386/kvmvapic.c  |1 +
 hw/intc/apic_common.c   |3 +-
 hw/misc/vmport.c|2 +-
 hw/ppc/pnv_xscom.c  |2 +-
 hw/ppc/ppce500_spin.c   |4 +-
 hw/ppc/spapr.c  |2 +-
 hw/ppc/spapr_hcall.c|2 +-
 hw/s390x/s390-pci-inst.c|1 +
 include/qom/cpu.h   |5 +
 include/sysemu/hax.h|   56 +++
 include/sysemu/hw_accel.h   |   48 ++
 include/sysemu/kvm.h|   23 -
 monitor.c   |2 +-
 qemu-options.hx |   11 +
 qom/cpu.c   |2 +-
 target-arm/cpu.c|2 +-
 target-i386/Makefile.objs   |7 +
 target-i386/hax-all.c   | 1155 +++
 target-i386/hax-darwin.c|  316 
 target-i386/hax-darwin.h|   63 +++
 target-i386/hax-i386.h  |   94 
 target-i386/hax-interface.h |  361 ++
 target-i386/hax-mem.c   |  271 ++
 target-i386/hax-windows.c   |  479 ++
 target-i386/hax-windows.h   |   89 
 target-i386/helper.c|1 +
 target-i386/kvm.c   |1 +
 target-ppc/mmu-hash64.c |2 +-
 target-ppc/translate_init.c |2 +-
 target-s390x/gdbstub.c  |1 +
 vl.c|   15 +-
 38 files changed, 3153 insertions(+), 39 deletions(-)
 create mode 100644 hax-stub.c
 create mode 100644 include/sysemu/hax.h
 create mode 100644 include/sysemu/hw_accel.h
 create mode

Re: [Qemu-devel] [PATCH v4 2/4] target-i386: Add Intel HAX files

[Vincent Palatin]

On Mon, Dec 19, 2016 at 11:29 AM, Vincent Palatin <vpala...@chromium.org> wrote:
> That's a forward port of the core HAX interface code from the
> emu-2.2-release branch in the external/qemu-android repository as used by
> the Android emulator.
>
> The original commit was "target-i386: Add Intel HAX to android emulator"
> saying:
> """
>   Backport of 2b3098ff27bab079caab9b46b58546b5036f5c0c
>   from studio-1.4-dev into emu-master-dev
>
> Intel HAX (harware acceleration) will enhance android emulator performance
> in Windows and Mac OS X in the systems powered by Intel processors with
> "Intel Hardware Accelerated Execution Manager" package installed when
> user runs android emulator with Intel target.
>
> Signed-off-by: David Chou <david.j.c...@intel.com>
> """
>
> It has been modified to build and run along with the current code base.
> The formatting has been fixed to go through scripts/checkpatch.pl,
> and the DPRINTF macros have been updated to get the instanciations checked by
> the compiler.
>
> The FPU registers saving/restoring has been updated to match the current
> QEMU registers layout.
>
> The implementation has been simplified by doing the following modifications:
> - removing the code for supporting the hardware without Unrestricted Guest 
> (UG)
>   mode (including all the code to fallback on TCG emulation).
> - not including the Darwin support (which is not yet debugged/tested).
> - simplifying the initialization by removing the leftovers from the Android
>   specific code, then trimming down the remaining logic.
> - removing the unused MemoryListener callbacks.
>
> Signed-off-by: Vincent Palatin <vpala...@chromium.org>
> ---
>  hax-stub.c  |   39 ++
>  include/sysemu/hax.h|   56 +++
>  target-i386/hax-all.c   | 1138 
> +++
>  target-i386/hax-i386.h  |   86 
>  target-i386/hax-interface.h |  358 ++
>  target-i386/hax-mem.c   |  271 +++
>  target-i386/hax-windows.c   |  479 ++
>  target-i386/hax-windows.h   |   89 
>  8 files changed, 2516 insertions(+)
>  create mode 100644 hax-stub.c
>  create mode 100644 include/sysemu/hax.h
>  create mode 100644 target-i386/hax-all.c
>  create mode 100644 target-i386/hax-i386.h
>  create mode 100644 target-i386/hax-interface.h
>  create mode 100644 target-i386/hax-mem.c
>  create mode 100644 target-i386/hax-windows.c
>  create mode 100644 target-i386/hax-windows.h
>
> diff --git a/hax-stub.c b/hax-stub.c
> new file mode 100644
> index 000..a532dba
> --- /dev/null
> +++ b/hax-stub.c
> @@ -0,0 +1,39 @@
> +/*
> + * QEMU HAXM support
> + *
> + * Copyright (c) 2015, Intel Corporation
> + *
> + * Copyright 2016 Google, Inc.
> + *
> + * This software is licensed under the terms of the GNU General Public
> + * License version 2, as published by the Free Software Foundation, and
> + * may be copied, distributed, and modified under those terms.
> + *
> + * See the COPYING file in the top-level directory.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu-common.h"
> +#include "cpu.h"
> +#include "sysemu/hax.h"
> +
> +int hax_sync_vcpus(void)
> +{
> +return 0;
> +}
> +
> +int hax_populate_ram(uint64_t va, uint32_t size)
> +{
> +return -ENOSYS;
> +}
> +
> +int hax_init_vcpu(CPUState *cpu)
> +{
> +return -ENOSYS;
> +}
> +
> +int hax_smp_cpu_exec(CPUState *cpu)
> +{
> +return -ENOSYS;
> +}
> diff --git a/include/sysemu/hax.h b/include/sysemu/hax.h
> new file mode 100644
> index 000..51c8fd5
> --- /dev/null
> +++ b/include/sysemu/hax.h
> @@ -0,0 +1,56 @@
> +/*
> + * QEMU HAXM support
> + *
> + * Copyright IBM, Corp. 2008
> + *
> + * Authors:
> + *  Anthony Liguori   <aligu...@us.ibm.com>
> + *
> + * Copyright (c) 2011 Intel Corporation
> + *  Written by:
> + *  Jiang Yunhong<yunhong.ji...@intel.com>
> + *  Xin Xiaohui<xiaohui@intel.com>
> + *  Zhang Xiantao<xiantao.zh...@intel.com>
> + *
> + * Copyright 2016 Google, Inc.
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + *
> + */
> +
> +#ifndef QEMU_HAX_H
> +#define QEMU_HAX_H
> +
> +#include "config-host.h"
> +#include "qemu-common.h"
> +
> +int hax_sync_vcpus(void);
> +int hax_init_vcpu(CPUState *cpu);
> +int hax_smp_cpu_exec(CPUState *cpu);
> +int hax_populate_ram(uint64_t va, uint32_t size)

[Qemu-devel] [PATCH v4 2/4] target-i386: Add Intel HAX files

[Vincent Palatin]

That's a forward port of the core HAX interface code from the
emu-2.2-release branch in the external/qemu-android repository as used by
the Android emulator.

The original commit was "target-i386: Add Intel HAX to android emulator"
saying:
"""
  Backport of 2b3098ff27bab079caab9b46b58546b5036f5c0c
  from studio-1.4-dev into emu-master-dev

Intel HAX (harware acceleration) will enhance android emulator performance
in Windows and Mac OS X in the systems powered by Intel processors with
"Intel Hardware Accelerated Execution Manager" package installed when
user runs android emulator with Intel target.

Signed-off-by: David Chou <david.j.c...@intel.com>
"""

It has been modified to build and run along with the current code base.
The formatting has been fixed to go through scripts/checkpatch.pl,
and the DPRINTF macros have been updated to get the instanciations checked by
the compiler.

The FPU registers saving/restoring has been updated to match the current
QEMU registers layout.

The implementation has been simplified by doing the following modifications:
- removing the code for supporting the hardware without Unrestricted Guest (UG)
  mode (including all the code to fallback on TCG emulation).
- not including the Darwin support (which is not yet debugged/tested).
- simplifying the initialization by removing the leftovers from the Android
  specific code, then trimming down the remaining logic.
- removing the unused MemoryListener callbacks.

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 hax-stub.c  |   39 ++
 include/sysemu/hax.h|   56 +++
 target-i386/hax-all.c   | 1138 +++
 target-i386/hax-i386.h  |   86 
 target-i386/hax-interface.h |  358 ++
 target-i386/hax-mem.c   |  271 +++
 target-i386/hax-windows.c   |  479 ++
 target-i386/hax-windows.h   |   89 
 8 files changed, 2516 insertions(+)
 create mode 100644 hax-stub.c
 create mode 100644 include/sysemu/hax.h
 create mode 100644 target-i386/hax-all.c
 create mode 100644 target-i386/hax-i386.h
 create mode 100644 target-i386/hax-interface.h
 create mode 100644 target-i386/hax-mem.c
 create mode 100644 target-i386/hax-windows.c
 create mode 100644 target-i386/hax-windows.h

diff --git a/hax-stub.c b/hax-stub.c
new file mode 100644
index 000..a532dba
--- /dev/null
+++ b/hax-stub.c
@@ -0,0 +1,39 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright (c) 2015, Intel Corporation
+ *
+ * Copyright 2016 Google, Inc.
+ *
+ * This software is licensed under the terms of the GNU General Public
+ * License version 2, as published by the Free Software Foundation, and
+ * may be copied, distributed, and modified under those terms.
+ *
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "sysemu/hax.h"
+
+int hax_sync_vcpus(void)
+{
+return 0;
+}
+
+int hax_populate_ram(uint64_t va, uint32_t size)
+{
+return -ENOSYS;
+}
+
+int hax_init_vcpu(CPUState *cpu)
+{
+return -ENOSYS;
+}
+
+int hax_smp_cpu_exec(CPUState *cpu)
+{
+return -ENOSYS;
+}
diff --git a/include/sysemu/hax.h b/include/sysemu/hax.h
new file mode 100644
index 000..51c8fd5
--- /dev/null
+++ b/include/sysemu/hax.h
@@ -0,0 +1,56 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright IBM, Corp. 2008
+ *
+ * Authors:
+ *  Anthony Liguori   <aligu...@us.ibm.com>
+ *
+ * Copyright (c) 2011 Intel Corporation
+ *  Written by:
+ *  Jiang Yunhong<yunhong.ji...@intel.com>
+ *  Xin Xiaohui<xiaohui@intel.com>
+ *  Zhang Xiantao<xiantao.zh...@intel.com>
+ *
+ * Copyright 2016 Google, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_HAX_H
+#define QEMU_HAX_H
+
+#include "config-host.h"
+#include "qemu-common.h"
+
+int hax_sync_vcpus(void);
+int hax_init_vcpu(CPUState *cpu);
+int hax_smp_cpu_exec(CPUState *cpu);
+int hax_populate_ram(uint64_t va, uint32_t size);
+
+void hax_cpu_synchronize_state(CPUState *cpu);
+void hax_cpu_synchronize_post_reset(CPUState *cpu);
+void hax_cpu_synchronize_post_init(CPUState *cpu);
+
+#ifdef CONFIG_HAX
+
+int hax_enabled(void);
+
+#include "hw/hw.h"
+#include "qemu/bitops.h"
+#include "exec/memory.h"
+int hax_vcpu_destroy(CPUState *cpu);
+void hax_raise_event(CPUState *cpu);
+void hax_reset_vcpu_state(void *opaque);
+#include "target-i386/hax-interface.h"
+#include "target-i386/hax-i386.h"
+
+#else /* CONFIG_HAX */
+
+#define hax_enabled() (0)
+
+#endif /* CONFIG_HAX */
+
+#endif /* QEMU_HAX_H */
diff --git a/target-i386/hax-all.c b/target-i386/hax-all.c
new file mode 100644
index 000..1f0ef7c
--- /dev/null
+++ b/target-i386/hax-a

[Qemu-devel] [PATCH v4 3/4] Plumb the HAXM-based hardware acceleration support

[Vincent Palatin]

Use the Intel HAX is kernel-based hardware acceleration module for
Windows (similar to KVM on Linux).

Based on the "target-i386: Add Intel HAX to android emulator" patch
from David Chou <david.j.c...@intel.com>

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 Makefile.target   |  1 +
 configure | 18 ++
 cpus.c| 87 ++-
 exec.c| 16 +
 hw/intc/apic_common.c |  3 +-
 include/qom/cpu.h |  5 +++
 include/sysemu/hw_accel.h |  9 +
 qemu-options.hx   | 11 ++
 target-i386/Makefile.objs |  4 +++
 vl.c  | 15 ++--
 10 files changed, 164 insertions(+), 5 deletions(-)

diff --git a/Makefile.target b/Makefile.target
index 7a5080e..dab81e7 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -96,6 +96,7 @@ obj-y += target-$(TARGET_BASE_ARCH)/
 obj-y += disas.o
 obj-y += tcg-runtime.o
 obj-$(call notempty,$(TARGET_XML_FILES)) += gdbstub-xml.o
+obj-$(call lnot,$(CONFIG_HAX)) += hax-stub.o
 obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
 
 obj-$(CONFIG_LIBDECNUMBER) += libdecnumber/decContext.o
diff --git a/configure b/configure
index 3770d7c..ba32bea 100755
--- a/configure
+++ b/configure
@@ -230,6 +230,7 @@ vhost_net="no"
 vhost_scsi="no"
 vhost_vsock="no"
 kvm="no"
+hax="no"
 colo="yes"
 rdma=""
 gprof="no"
@@ -563,6 +564,7 @@ CYGWIN*)
 ;;
 MINGW32*)
   mingw32="yes"
+  hax="yes"
   audio_possible_drivers="dsound sdl"
   if check_include dsound.h; then
 audio_drv_list="dsound"
@@ -612,6 +614,7 @@ OpenBSD)
 Darwin)
   bsd="yes"
   darwin="yes"
+  hax="yes"
   LDFLAGS_SHARED="-bundle -undefined dynamic_lookup"
   if [ "$cpu" = "x86_64" ] ; then
 QEMU_CFLAGS="-arch x86_64 $QEMU_CFLAGS"
@@ -921,6 +924,10 @@ for opt do
   ;;
   --enable-kvm) kvm="yes"
   ;;
+  --disable-hax) hax="no"
+  ;;
+  --enable-hax) hax="yes"
+  ;;
   --disable-colo) colo="no"
   ;;
   --enable-colo) colo="yes"
@@ -1373,6 +1380,7 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   fdt fdt device tree
   bluez   bluez stack connectivity
   kvm KVM acceleration support
+  hax HAX acceleration support
   coloCOarse-grain LOck-stepping VM for Non-stop Service
   rdmaRDMA-based migration support
   vde support for vde network
@@ -5051,6 +5059,7 @@ echo "ATTR/XATTR support $attr"
 echo "Install blobs $blobs"
 echo "KVM support   $kvm"
 echo "COLO support  $colo"
+echo "HAX support   $hax"
 echo "RDMA support  $rdma"
 echo "TCG interpreter   $tcg_interpreter"
 echo "fdt support   $fdt"
@@ -6035,6 +6044,15 @@ case "$target_name" in
   fi
 fi
 esac
+if test "$hax" = "yes" ; then
+  if test "$target_softmmu" = "yes" ; then
+case "$target_name" in
+i386|x86_64)
+  echo "CONFIG_HAX=y" >> $config_target_mak
+;;
+esac
+  fi
+fi
 if test "$target_bigendian" = "yes" ; then
   echo "TARGET_WORDS_BIGENDIAN=y" >> $config_target_mak
 fi
diff --git a/cpus.c b/cpus.c
index fc78502..0e01791 100644
--- a/cpus.c
+++ b/cpus.c
@@ -35,6 +35,7 @@
 #include "sysemu/dma.h"
 #include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
+#include "sysemu/hax.h"
 #include "qmp-commands.h"
 #include "exec/exec-all.h"
 
@@ -1221,6 +1222,39 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
 return NULL;
 }
 
+static void *qemu_hax_cpu_thread_fn(void *arg)
+{
+CPUState *cpu = arg;
+int r;
+qemu_thread_get_self(cpu->thread);
+qemu_mutex_lock(_global_mutex);
+
+cpu->thread_id = qemu_get_thread_id();
+cpu->created = true;
+cpu->halted = 0;
+current_cpu = cpu;
+
+hax_init_vcpu(cpu);
+qemu_cond_signal(_cpu_cond);
+
+while (1) {
+if (cpu_can_run(cpu)) {
+r = hax_smp_cpu_exec(cpu);
+if (r == EXCP_DEBUG) {
+cpu_handle_guest_debug(cpu);
+}
+}
+
+while (cpu_thread_is_idle(cpu)) {
+qemu_cond_wait(cpu->halt_cond, _global_mutex);
+}
+
+qemu_wait_io_event_common(cpu);
+}
+return NULL;
+}
+
+
 static void qemu_cpu_kick_thread(CPUState *cpu)
 {
 #ifndef _WIN32
@@ -1236,7 +1270,33 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
 exit(1);
 }
 #else /* _WIN32 */
-abort();
+if (!qemu_cpu_is_self(cpu)) {
+CONTEXT context;
+
+if (SuspendThr

[Qemu-devel] [PATCH v4 4/4] hax: add Darwin support

[Vincent Palatin]

Re-add the MacOSX/Darwin support:
Use the Intel HAX is kernel-based hardware acceleration module
(similar to KVM on Linux).

Based on the original "target-i386: Add Intel HAX to android emulator" patch
from David Chou <david.j.c...@intel.com> from  emu-2.2-release branch in
the external/qemu-android repository.

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 cpus.c|   5 +
 target-i386/Makefile.objs |   3 +
 target-i386/hax-darwin.c  | 316 ++
 target-i386/hax-darwin.h  |  63 +
 target-i386/hax-i386.h|   8 ++
 5 files changed, 395 insertions(+)
 create mode 100644 target-i386/hax-darwin.c
 create mode 100644 target-i386/hax-darwin.h

diff --git a/cpus.c b/cpus.c
index 0e01791..b8db313 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1264,6 +1264,11 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
 return;
 }
 cpu->thread_kicked = true;
+#ifdef CONFIG_DARWIN
+if (hax_enabled()) {
+cpu->exit_request = 1;
+}
+#endif
 err = pthread_kill(cpu->thread->thread, SIG_IPI);
 if (err) {
 fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
diff --git a/target-i386/Makefile.objs b/target-i386/Makefile.objs
index acbe7b0..4fcb7f3 100644
--- a/target-i386/Makefile.objs
+++ b/target-i386/Makefile.objs
@@ -9,3 +9,6 @@ obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
 ifdef CONFIG_WIN32
 obj-$(CONFIG_HAX) += hax-all.o hax-mem.o hax-windows.o
 endif
+ifdef CONFIG_DARWIN
+obj-$(CONFIG_HAX) += hax-all.o hax-mem.o hax-darwin.o
+endif
diff --git a/target-i386/hax-darwin.c b/target-i386/hax-darwin.c
new file mode 100644
index 000..240d8d3
--- /dev/null
+++ b/target-i386/hax-darwin.c
@@ -0,0 +1,316 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright (c) 2011 Intel Corporation
+ *  Written by:
+ *  Jiang Yunhong<yunhong.ji...@intel.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+/* HAX module interface - darwin version */
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "qemu/osdep.h"
+#include "target-i386/hax-i386.h"
+
+hax_fd hax_mod_open(void)
+{
+int fd = open("/dev/HAX", O_RDWR);
+if (fd == -1) {
+fprintf(stderr, "Failed to open the hax module\n");
+}
+
+fcntl(fd, F_SETFD, FD_CLOEXEC);
+
+return fd;
+}
+
+int hax_populate_ram(uint64_t va, uint32_t size)
+{
+int ret;
+struct hax_alloc_ram_info info;
+
+if (!hax_global.vm || !hax_global.vm->fd) {
+fprintf(stderr, "Allocate memory before vm create?\n");
+return -EINVAL;
+}
+
+info.size = size;
+info.va = va;
+ret = ioctl(hax_global.vm->fd, HAX_VM_IOCTL_ALLOC_RAM, );
+if (ret < 0) {
+fprintf(stderr, "Failed to allocate %x memory\n", size);
+return ret;
+}
+return 0;
+}
+
+int hax_set_ram(uint64_t start_pa, uint32_t size, uint64_t host_va, int flags)
+{
+struct hax_set_ram_info info;
+int ret;
+
+info.pa_start = start_pa;
+info.size = size;
+info.va = host_va;
+info.flags = (uint8_t) flags;
+
+ret = ioctl(hax_global.vm->fd, HAX_VM_IOCTL_SET_RAM, );
+if (ret < 0) {
+return -errno;
+}
+return 0;
+}
+
+int hax_capability(struct hax_state *hax, struct hax_capabilityinfo *cap)
+{
+int ret;
+
+ret = ioctl(hax->fd, HAX_IOCTL_CAPABILITY, cap);
+if (ret == -1) {
+fprintf(stderr, "Failed to get HAX capability\n");
+return -errno;
+}
+
+return 0;
+}
+
+int hax_mod_version(struct hax_state *hax, struct hax_module_version *version)
+{
+int ret;
+
+ret = ioctl(hax->fd, HAX_IOCTL_VERSION, version);
+if (ret == -1) {
+fprintf(stderr, "Failed to get HAX version\n");
+return -errno;
+}
+
+return 0;
+}
+
+static char *hax_vm_devfs_string(int vm_id)
+{
+char *name;
+
+if (vm_id > MAX_VM_ID) {
+fprintf(stderr, "Too big VM id\n");
+return NULL;
+}
+
+#define HAX_VM_DEVFS "/dev/hax_vm/vmxx"
+name = g_strdup(HAX_VM_DEVFS);
+if (!name) {
+return NULL;
+}
+
+snprintf(name, sizeof HAX_VM_DEVFS, "/dev/hax_vm/vm%02d", vm_id);
+return name;
+}
+
+static char *hax_vcpu_devfs_string(int vm_id, int vcpu_id)
+{
+char *name;
+
+if (vm_id > MAX_VM_ID || vcpu_id > MAX_VCPU_ID) {
+fprintf(stderr, "Too big vm id %x or vcpu id %x\n", vm_id, vcpu_id);
+return NULL;
+}
+
+#define HAX_VCPU_DEVFS "/dev/hax_vmxx/vcpuxx"
+name = g_strdup(HAX_VCPU_DEVFS);
+if (!name) {
+return NULL;
+}
+
+snprintf(name, sizeof HAX_VCPU_DEVFS, "/dev/hax_vm%02d/vcpu%02d",
+ vm_id, vcpu_id);
+return name;
+}
+
+int hax_host_create_vm(struct hax_state

[Qemu-devel] [PATCH v4 1/4] kvm: move cpu synchronization code

[Vincent Palatin]

Move the generic cpu_synchronize_ functions to the common hw_accel.h header,
in order to prepare for the addition of a second hardware accelerator.

Signed-off-by: Stefan Weil <s...@weilnetz.de>
Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 cpus.c  |  1 +
 gdbstub.c   |  1 +
 hw/i386/kvm/apic.c  |  1 +
 hw/i386/kvmvapic.c  |  1 +
 hw/misc/vmport.c|  2 +-
 hw/ppc/pnv_xscom.c  |  2 +-
 hw/ppc/ppce500_spin.c   |  4 ++--
 hw/ppc/spapr.c  |  2 +-
 hw/ppc/spapr_hcall.c|  2 +-
 hw/s390x/s390-pci-inst.c|  1 +
 include/sysemu/hw_accel.h   | 39 +++
 include/sysemu/kvm.h| 23 ---
 monitor.c   |  2 +-
 qom/cpu.c   |  2 +-
 target-arm/cpu.c|  2 +-
 target-i386/helper.c|  1 +
 target-i386/kvm.c   |  1 +
 target-ppc/mmu-hash64.c |  2 +-
 target-ppc/translate_init.c |  2 +-
 target-s390x/gdbstub.c  |  1 +
 20 files changed, 58 insertions(+), 34 deletions(-)
 create mode 100644 include/sysemu/hw_accel.h

diff --git a/cpus.c b/cpus.c
index 5213351..fc78502 100644
--- a/cpus.c
+++ b/cpus.c
@@ -33,6 +33,7 @@
 #include "sysemu/block-backend.h"
 #include "exec/gdbstub.h"
 #include "sysemu/dma.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "qmp-commands.h"
 #include "exec/exec-all.h"
diff --git a/gdbstub.c b/gdbstub.c
index de62d26..de9b62b 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -32,6 +32,7 @@
 #define MAX_PACKET_LENGTH 4096
 
 #include "qemu/sockets.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "exec/semihost.h"
 #include "exec/exec-all.h"
diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
index 01cbaa8..328f80c 100644
--- a/hw/i386/kvm/apic.c
+++ b/hw/i386/kvm/apic.c
@@ -14,6 +14,7 @@
 #include "cpu.h"
 #include "hw/i386/apic_internal.h"
 #include "hw/pci/msi.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "target-i386/kvm_i386.h"
 
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index b30d1b9..2f767b6 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -14,6 +14,7 @@
 #include "exec/exec-all.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/cpus.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "hw/i386/apic_internal.h"
 #include "hw/sysbus.h"
diff --git a/hw/misc/vmport.c b/hw/misc/vmport.c
index c763811..be40930 100644
--- a/hw/misc/vmport.c
+++ b/hw/misc/vmport.c
@@ -25,7 +25,7 @@
 #include "hw/hw.h"
 #include "hw/isa/isa.h"
 #include "hw/i386/pc.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "hw/qdev.h"
 
 //#define VMPORT_DEBUG
diff --git a/hw/ppc/pnv_xscom.c b/hw/ppc/pnv_xscom.c
index 8da2718..cd5c2b8 100644
--- a/hw/ppc/pnv_xscom.c
+++ b/hw/ppc/pnv_xscom.c
@@ -20,7 +20,7 @@
 #include "qapi/error.h"
 #include "hw/hw.h"
 #include "qemu/log.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "target-ppc/cpu.h"
 #include "hw/sysbus.h"
 
diff --git a/hw/ppc/ppce500_spin.c b/hw/ppc/ppce500_spin.c
index cf958a9..eb219ab 100644
--- a/hw/ppc/ppce500_spin.c
+++ b/hw/ppc/ppce500_spin.c
@@ -29,9 +29,9 @@
 
 #include "qemu/osdep.h"
 #include "hw/hw.h"
-#include "sysemu/sysemu.h"
 #include "hw/sysbus.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
+#include "sysemu/sysemu.h"
 #include "e500.h"
 
 #define MAX_CPUS 32
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 208ef7b..a642e66 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -36,7 +36,7 @@
 #include "sysemu/device_tree.h"
 #include "sysemu/block-backend.h"
 #include "sysemu/cpus.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "kvm_ppc.h"
 #include "migration/migration.h"
 #include "mmu-hash64.h"
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 9a9bedf..b2a8e48 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1,5 +1,6 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/sysemu.h"
 #include "qemu/log.h"
 #include "cpu.h"
@@ -9,7 +10,6 @@
 #include "mmu-hash64.h"
 #include "cpu-models.h"
 #include "trace.h"
-#include "sysemu/kvm.h"
 #include "kvm_ppc.h"
 #include "hw/ppc/spapr_ovec.h"
 
diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x

[Qemu-devel] [PATCH v4 0/4] Add HAX support

[Vincent Palatin]

I took a stab at trying to rebase/upstream the support for Intel HAXM.
(Hardware Accelerated Execution Manager).
Intel HAX is kernel-based hardware acceleration module for Windows and MacOSX.

I have based my work on the last version of the source code I found:
the emu-2.2-release branch in the external/qemu-android repository as used by
the Android emulator.
In patch 2/4, I have forward-ported the core HAX code from there.
It has been modified to build and run along with the current code base.
It has been simplifying by removing non-UG hardware support / Darwin support /
Android-specific leftovers.

Intel nicely fixed the 2 remaining issues on the kernel side:
- the spurious request  to emulate MMIO access in un-paged mode is no longer
  happening (as seen in iPXE).
- the kernel API now provides a way to remove a memory mapping, so we can
  do a proper MemoryListener implementation.
They will publish soon a new version 6.1.0 of the HAX kernel module including
the fixes (once their QA cycle is completed).
Thanks Yu Ning for making this happen.

In patch 3/4, I have put the plumbing into the QEMU code base, I did some clean
up there and it is reasonably intrusive: i.e.
 Makefile.target   |  1 +
 configure | 18 ++
 cpus.c| 87 ++-
 exec.c| 16 +
 hw/intc/apic_common.c |  3 +-
 include/qom/cpu.h |  5 +++
 include/sysemu/hw_accel.h |  9 +
 qemu-options.hx   | 11 ++
 target-i386/Makefile.objs |  4 +++
 vl.c  | 15 ++--
 10 files changed, 164 insertions(+), 5 deletions(-)

The patch 1/4 just extracts from KVM specific header the cpu_synchronize_
functions that HAX is also using.

The patch 4/4 is the Darwin support. This part is only lightly tested for now,
so it can be considered as 'experimental'.

I have tested the end result on a Windows 10 Pro machine (with UG support)
with the Intel HAXM module dev version and a large ChromiumOS x86_64 image to
exercise various code paths. It looks stable.
I also did a quick regression testing of the integration by running a Linux
build with KVM enabled.

Changes from v3 to v4:
- add RAM unmapping in the MemoryListener thanks to new API in HAX module 6.1.0
  and re-wrote the memory mappings management to deal with this.
- marked no longer used MMIO emulation as unsupported.
- clean-up a few left-overs from removed code.
- re-add an experimental version of the Darwin support.

Changes from v2 to v3:
- fix saving/restoring FPU registers as suggested by Paolo.
- fix Windows build on all targets as contributed by Stefan Weil.
- clean-up IO / MMIO emulation.
- more clean-up of emulation leftovers.

Changes from v1 to v2:
- fix all style issues in the original code to get it through checkpatch.pl.
- remove Darwin support, it was barely tested and not fully functional.
- remove the support for CPU without UG mode.
- fix most review comments

Vincent Palatin (4):
  kvm: move cpu synchronization code
  target-i386: Add Intel HAX files
  Plumb the HAXM-based hardware acceleration support
  hax: add Darwin support

 Makefile.target |1 +
 configure   |   18 +
 cpus.c  |   93 +++-
 exec.c  |   16 +
 gdbstub.c   |1 +
 hax-stub.c  |   39 ++
 hw/i386/kvm/apic.c  |1 +
 hw/i386/kvmvapic.c  |1 +
 hw/intc/apic_common.c   |3 +-
 hw/misc/vmport.c|2 +-
 hw/ppc/pnv_xscom.c  |2 +-
 hw/ppc/ppce500_spin.c   |4 +-
 hw/ppc/spapr.c  |2 +-
 hw/ppc/spapr_hcall.c|2 +-
 hw/s390x/s390-pci-inst.c|1 +
 include/qom/cpu.h   |5 +
 include/sysemu/hax.h|   56 +++
 include/sysemu/hw_accel.h   |   48 ++
 include/sysemu/kvm.h|   23 -
 monitor.c   |2 +-
 qemu-options.hx |   11 +
 qom/cpu.c   |2 +-
 target-arm/cpu.c|2 +-
 target-i386/Makefile.objs   |7 +
 target-i386/hax-all.c   | 1138 +++
 target-i386/hax-darwin.c|  316 
 target-i386/hax-darwin.h|   63 +++
 target-i386/hax-i386.h  |   94 
 target-i386/hax-interface.h |  358 ++
 target-i386/hax-mem.c   |  271 +++
 target-i386/hax-windows.c   |  479 ++
 target-i386/hax-windows.h   |   89 
 target-i386/helper.c|1 +
 target-i386/kvm.c   |1 +
 target-ppc/mmu-hash64.c |2 +-
 target-ppc/translate_init.c |2 +-
 target-s390x/gdbstub.c  |1 +
 vl.c|   15 +-
 38 files changed, 3133 insertions(+), 39 deletions(-)
 create mode 100644 hax-stub.c
 create mode 100644 include/sysemu/hax.h
 create mode 100644 include/sysemu/hw_accel.h
 create mode 100644 target-i386/hax-all.c
 create mode 100644 target-i386/hax-darwin.c
 create

Re: [Qemu-devel] [PATCH v3 0/3] Add HAX support

[Vincent Palatin]

On Thu, Dec 8, 2016 at 4:31 PM, Stefan Weil  wrote:
>
> Am 08.12.2016 um 10:34 schrieb Yu Ning:
> > As a HAXM developer at Intel, I just want to come out and show our
> > support for Vincent's upstreaming effort. We'd love to see HAXM support
> > code land in upstream QEMU, and will do what is necessary to make that
> > happen.
> >
> > We've been working on the issues that Vincent raised and have made some
> > progress - see below.
> >
> > Regards,
> > Yu
>
> Thanks a lot - I think that HAXM integration will make fast progress then.
>
> AFAIK, there remain at least two other features which need to be addressed:
>
> * support for real mode (e. g. BIOS code)


It does support it actually, it was failing early due to a bug in the
kernel module.
Thanks to the diligent work by Yu Ning on Intel side, this part is
solved (as soon as they release the new kernel module version).


> * support for macOS

I have a patch for it, it is mainly lacking bake/test time.

-- 
Vincent

Re: [Qemu-devel] [PATCH v2 0/5] [RFC] Add HAX support

[Vincent Palatin]

On Thu, Nov 17, 2016 at 12:09 PM, Vincent Palatin <vpala...@chromium.org> wrote:
> On Mon, Nov 14, 2016 at 2:09 PM, Vincent Palatin <vpala...@chromium.org> 
> wrote:
>> On Mon, Nov 14, 2016 at 1:36 PM, Stefan Weil <s...@weilnetz.de> wrote:
>>> Am 11.11.2016 um 12:28 schrieb Vincent Palatin:
>>> [...]
>>>> I have tested the end result on a Windows 10 Pro machine (with UG support)
>>>> with the Intel HAXM module 6.0.4 and a large ChromiumOS x86_64 image to
>>>> exercise various code paths. It looks stable.
>>>> I also did a quick regression testing of the integration by running a Linux
>>>> build with KVM enabled.
>>>
>>> My test on Windows 7 with HAXM 6.0.4 fails:
>>>
>>> $ test/qemu-system-x86_64.exe --enable-hax
>>> HAX is working and emulator runs in fast virt mode.
>>> Unknown hax vcpu return 1
>>
>> Sorry about this.
>> I did notice that just running the default Seabios/iPXE was triggering
>> an issue and forgot to debug it (as I'm mostly running Chromium OS
>> images).
>> I will have a look and try to sort this out..
>
> I did more debugging on this and opened a whole new can of worms...
> The actual crash was the first MMIO access in the iPXE option ROM. The
> intel network driver there is triggering the MMIO emulation path (ie
> the HAX kernel module is asking us to emulate the MMIO instruction
> rather than using the 'fast MMIO' path as all other MMIOs),
> this path was never correctly plumbed for the UG case in the original
> Intel patchset, and still is not We can run a full linux image
> without triggering it showing how unlikely it is, but it is not
> documented why it is not using the normal fast MMIO in some rare case
> even in UG mode

It seems I mis-read my earlier traces, this is likely due to the fact
that the option ROM is doing those MMIO in 'real mode'.

> Adding back a whole TCG emulation fall-back just for this is somewhat
> large and complex, I will try to find first why it's not using the
> normal path.
> For what it worth '-net nic,model=pcnet' works as a workaround (by not
> triggering the MMIO of death)
>
> In addition to this, as you might have noticed, there is no character
> on the (virtual) screen.
> The VGA emulation is not triggered because the VGA hole is badly mapped.
> Digging into this, that's due to the fact that the .region_del()
> callback of the MemoryListener is missing a proper implementation, so
> the system cannot remove the initial large mapping of memory on top of
> those MMIO holes.
> But there is a deeper issue to solve this: I'm not seeing in their
> current kernel module API (aka the hax-interface.h header) a
> (documented) way of removing a mapping...
>
> So I will probably send the v3 patchset with those caveats still
> opened to be sure the other changes are not lost,
> then I will work further on this and maybe try to get Intel inputs on
> those API behaviors.
>
>>
>>>
>>> This application has requested the Runtime to terminate it in an unusual
>>> way.
>>> Please contact the application's support team for more information.
>>>
>>> $ test/qemu-system-i386.exe --enable-hax
>>> HAX is working and emulator runs in fast virt mode.
>>> Unknown hax vcpu return 1
>>>
>>> This application has requested the Runtime to terminate it in an unusual
>>> way.
>>> Please contact the application's support team for more information.
>>>
>>> I tested debug code (configure --enable-debug && make) based on
>>> latest QEMU from git, this patch series and my include fixes.
>>>
>>> Stefan
>>>

[Qemu-devel] [PATCH v3 2/3] target-i386: Add Intel HAX files

[Vincent Palatin]

That's a forward port of the core HAX interface code from the
emu-2.2-release branch in the external/qemu-android repository as used by
the Android emulator.

The original commit was "target-i386: Add Intel HAX to android emulator"
saying:
"""
  Backport of 2b3098ff27bab079caab9b46b58546b5036f5c0c
  from studio-1.4-dev into emu-master-dev

Intel HAX (harware acceleration) will enhance android emulator performance
in Windows and Mac OS X in the systems powered by Intel processors with
"Intel Hardware Accelerated Execution Manager" package installed when
user runs android emulator with Intel target.

Signed-off-by: David Chou <david.j.c...@intel.com>
"""

It has been modified to build and run along with the current code base.
The formatting has been fixed to go through scripts/checkpatch.pl,
and the DPRINTF macros have been updated to get the instanciations checked by
the compiler.

The FPU registers saving/restoring has been updated to match the current
QEMU registers layout.

The implementation has been simplified by doing the following modifications:
- removing the code for supporting the hardware without Unrestricted Guest (UG)
  mode (including all the code to fallback on TCG emulation).
- not including the Darwin support (which is not yet debugged/tested).
- simplifying the initialization by removing the leftovers from the Android
  specific code, then trimming down the remaining logic.
- removing the unused MemoryListener callbacks.

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 hax-stub.c  |   39 ++
 include/sysemu/hax.h|   56 ++
 target-i386/hax-all.c   | 1250 +++
 target-i386/hax-i386.h  |   85 +++
 target-i386/hax-interface.h |  357 
 target-i386/hax-slot.c  |  333 
 target-i386/hax-slot.h  |   58 ++
 target-i386/hax-windows.c   |  489 +
 target-i386/hax-windows.h   |   89 +++
 9 files changed, 2756 insertions(+)
 create mode 100644 hax-stub.c
 create mode 100644 include/sysemu/hax.h
 create mode 100644 target-i386/hax-all.c
 create mode 100644 target-i386/hax-i386.h
 create mode 100644 target-i386/hax-interface.h
 create mode 100644 target-i386/hax-slot.c
 create mode 100644 target-i386/hax-slot.h
 create mode 100644 target-i386/hax-windows.c
 create mode 100644 target-i386/hax-windows.h

diff --git a/hax-stub.c b/hax-stub.c
new file mode 100644
index 000..a532dba
--- /dev/null
+++ b/hax-stub.c
@@ -0,0 +1,39 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright (c) 2015, Intel Corporation
+ *
+ * Copyright 2016 Google, Inc.
+ *
+ * This software is licensed under the terms of the GNU General Public
+ * License version 2, as published by the Free Software Foundation, and
+ * may be copied, distributed, and modified under those terms.
+ *
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "sysemu/hax.h"
+
+int hax_sync_vcpus(void)
+{
+return 0;
+}
+
+int hax_populate_ram(uint64_t va, uint32_t size)
+{
+return -ENOSYS;
+}
+
+int hax_init_vcpu(CPUState *cpu)
+{
+return -ENOSYS;
+}
+
+int hax_smp_cpu_exec(CPUState *cpu)
+{
+return -ENOSYS;
+}
diff --git a/include/sysemu/hax.h b/include/sysemu/hax.h
new file mode 100644
index 000..51c8fd5
--- /dev/null
+++ b/include/sysemu/hax.h
@@ -0,0 +1,56 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright IBM, Corp. 2008
+ *
+ * Authors:
+ *  Anthony Liguori   <aligu...@us.ibm.com>
+ *
+ * Copyright (c) 2011 Intel Corporation
+ *  Written by:
+ *  Jiang Yunhong<yunhong.ji...@intel.com>
+ *  Xin Xiaohui<xiaohui@intel.com>
+ *  Zhang Xiantao<xiantao.zh...@intel.com>
+ *
+ * Copyright 2016 Google, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_HAX_H
+#define QEMU_HAX_H
+
+#include "config-host.h"
+#include "qemu-common.h"
+
+int hax_sync_vcpus(void);
+int hax_init_vcpu(CPUState *cpu);
+int hax_smp_cpu_exec(CPUState *cpu);
+int hax_populate_ram(uint64_t va, uint32_t size);
+
+void hax_cpu_synchronize_state(CPUState *cpu);
+void hax_cpu_synchronize_post_reset(CPUState *cpu);
+void hax_cpu_synchronize_post_init(CPUState *cpu);
+
+#ifdef CONFIG_HAX
+
+int hax_enabled(void);
+
+#include "hw/hw.h"
+#include "qemu/bitops.h"
+#include "exec/memory.h"
+int hax_vcpu_destroy(CPUState *cpu);
+void hax_raise_event(CPUState *cpu);
+void hax_reset_vcpu_state(void *opaque);
+#include "target-i386/hax-interface.h"
+#include "target-i386/hax-i386.h"
+
+#else /* CONFIG_HAX */
+
+#define hax_enabled() (0)
+
+#endif /* CONFIG_HAX */
+
+#endif /* QEMU_HAX_H */
diff --git a/target-i386/hax-all.c b/target-i386/hax-all.c

[Qemu-devel] [PATCH v3 3/3] Plumb the HAXM-based hardware acceleration support

[Vincent Palatin]

Use the Intel HAX is kernel-based hardware acceleration module for
Windows (similar to KVM on Linux).

Based on the "target-i386: Add Intel HAX to android emulator" patch
from David Chou <david.j.c...@intel.com>

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 Makefile.target   |  1 +
 configure | 18 ++
 cpus.c| 87 ++-
 exec.c| 16 +
 hw/intc/apic_common.c |  3 +-
 include/qom/cpu.h |  5 +++
 include/sysemu/hw_accel.h |  9 +
 qemu-options.hx   | 11 ++
 target-i386/Makefile.objs |  4 +++
 vl.c  | 15 ++--
 10 files changed, 164 insertions(+), 5 deletions(-)

diff --git a/Makefile.target b/Makefile.target
index 7a5080e..dab81e7 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -96,6 +96,7 @@ obj-y += target-$(TARGET_BASE_ARCH)/
 obj-y += disas.o
 obj-y += tcg-runtime.o
 obj-$(call notempty,$(TARGET_XML_FILES)) += gdbstub-xml.o
+obj-$(call lnot,$(CONFIG_HAX)) += hax-stub.o
 obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
 
 obj-$(CONFIG_LIBDECNUMBER) += libdecnumber/decContext.o
diff --git a/configure b/configure
index 7d2a34e..236a7b7 100755
--- a/configure
+++ b/configure
@@ -230,6 +230,7 @@ vhost_net="no"
 vhost_scsi="no"
 vhost_vsock="no"
 kvm="no"
+hax="no"
 colo="yes"
 rdma=""
 gprof="no"
@@ -563,6 +564,7 @@ CYGWIN*)
 ;;
 MINGW32*)
   mingw32="yes"
+  hax="yes"
   audio_possible_drivers="dsound sdl"
   if check_include dsound.h; then
 audio_drv_list="dsound"
@@ -610,6 +612,7 @@ OpenBSD)
 Darwin)
   bsd="yes"
   darwin="yes"
+  hax="yes"
   LDFLAGS_SHARED="-bundle -undefined dynamic_lookup"
   if [ "$cpu" = "x86_64" ] ; then
 QEMU_CFLAGS="-arch x86_64 $QEMU_CFLAGS"
@@ -919,6 +922,10 @@ for opt do
   ;;
   --enable-kvm) kvm="yes"
   ;;
+  --disable-hax) hax="no"
+  ;;
+  --enable-hax) hax="yes"
+  ;;
   --disable-colo) colo="no"
   ;;
   --enable-colo) colo="yes"
@@ -1371,6 +1378,7 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   fdt fdt device tree
   bluez   bluez stack connectivity
   kvm KVM acceleration support
+  hax HAX acceleration support
   coloCOarse-grain LOck-stepping VM for Non-stop Service
   rdmaRDMA-based migration support
   vde support for vde network
@@ -5043,6 +5051,7 @@ echo "ATTR/XATTR support $attr"
 echo "Install blobs $blobs"
 echo "KVM support   $kvm"
 echo "COLO support  $colo"
+echo "HAX support   $hax"
 echo "RDMA support  $rdma"
 echo "TCG interpreter   $tcg_interpreter"
 echo "fdt support   $fdt"
@@ -6027,6 +6036,15 @@ case "$target_name" in
   fi
 fi
 esac
+if test "$hax" = "yes" ; then
+  if test "$target_softmmu" = "yes" ; then
+case "$target_name" in
+i386|x86_64)
+  echo "CONFIG_HAX=y" >> $config_target_mak
+;;
+esac
+  fi
+fi
 if test "$target_bigendian" = "yes" ; then
   echo "TARGET_WORDS_BIGENDIAN=y" >> $config_target_mak
 fi
diff --git a/cpus.c b/cpus.c
index fc78502..0e01791 100644
--- a/cpus.c
+++ b/cpus.c
@@ -35,6 +35,7 @@
 #include "sysemu/dma.h"
 #include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
+#include "sysemu/hax.h"
 #include "qmp-commands.h"
 #include "exec/exec-all.h"
 
@@ -1221,6 +1222,39 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
 return NULL;
 }
 
+static void *qemu_hax_cpu_thread_fn(void *arg)
+{
+CPUState *cpu = arg;
+int r;
+qemu_thread_get_self(cpu->thread);
+qemu_mutex_lock(_global_mutex);
+
+cpu->thread_id = qemu_get_thread_id();
+cpu->created = true;
+cpu->halted = 0;
+current_cpu = cpu;
+
+hax_init_vcpu(cpu);
+qemu_cond_signal(_cpu_cond);
+
+while (1) {
+if (cpu_can_run(cpu)) {
+r = hax_smp_cpu_exec(cpu);
+if (r == EXCP_DEBUG) {
+cpu_handle_guest_debug(cpu);
+}
+}
+
+while (cpu_thread_is_idle(cpu)) {
+qemu_cond_wait(cpu->halt_cond, _global_mutex);
+}
+
+qemu_wait_io_event_common(cpu);
+}
+return NULL;
+}
+
+
 static void qemu_cpu_kick_thread(CPUState *cpu)
 {
 #ifndef _WIN32
@@ -1236,7 +1270,33 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
 exit(1);
 }
 #else /* _WIN32 */
-abort();
+if (!qemu_cpu_is_self(cpu)) {
+CONTEXT context;
+
+if (SuspendThr

[Qemu-devel] [PATCH v3 0/3] Add HAX support

[Vincent Palatin]

I took a stab at trying to rebase/upstream the support for Intel HAXM.
(Hardware Accelerated Execution Manager).
Intel HAX is kernel-based hardware acceleration module for Windows and MacOSX.

I have based my work on the last version of the source code I found:
the emu-2.2-release branch in the external/qemu-android repository as used by
the Android emulator.
In patch 2/3, I have forward-ported the core HAX code from there.
It has been modified to build and run along with the current code base.
It has been simplifying by removing non-UG hardware support / Darwin support /
Android-specific leftovers.

CAVEAT: this patchset is still RFC because in addition of potentially containing
a few outdated constructs and a questionable mess in qemu_cpu_kick_thread(),
there are 2 unsolved issues:
- in rare cases, the HAX kernel module asks us to emulate a MMIO access rather
  than just using the 'fast MMIO' path. This path is still not implemented (as
  it was in the original patch). It's unclear why/when this is happening
  (eg you can run a full linux image without hitting it but the default iPXE
  option ROM is hitting it in the Intel network driver).
- the MemoryListener implementation cannot remove a memory mapping (e.g. for
  digging the VGA 'hole' in the lowmem). This shortcoming breaks the std vga
  implementation but in the current HAX module API, I don't see any (documented)
  way of implementing this.

In patch 3/3, I have put the plumbing into the QEMU code base, I did some clean
up there and it is reasonably intrusive: i.e.
 Makefile.target   |  1 +
 configure | 18 ++
 cpus.c| 87 ++-
 exec.c| 16 +
 hw/intc/apic_common.c |  3 +-
 include/qom/cpu.h |  5 +++
 include/sysemu/hw_accel.h |  9 +
 qemu-options.hx   | 11 ++
 target-i386/Makefile.objs |  4 +++
 vl.c  | 15 ++--
 10 files changed, 164 insertions(+), 5 deletions(-)

The patch 1/3 just extracts from KVM specific header the cpu_synchronize_
functions that HAX is also using.

I have tested the end result on a Windows 10 Pro machine (with UG support)
with the Intel HAXM module 6.0.4 and a large ChromiumOS x86_64 image to
exercise various code paths. It looks stable.
I also did a quick regression testing of the integration by running a Linux
build with KVM enabled.
Just running 'qemu-system-x86_64 -enable-hax' is broken due to the caveats
described above.

Changes from v2 to v3:
- fix saving/restoring FPU registers as suggested by Paolo.
- fix Windows build on all targets as contributed by Stefan Weil.
- clean-up IO / MMIO emulation.
- more clean-up of emulation leftovers.

Changes from v1 to v2:
- fix all style issues in the original code to get it through checkpatch.pl.
- remove Darwin support, it was barely tested and not fully functional.
- remove the support for CPU without UG mode.
- fix most review comments

Vincent Palatin (3):
  kvm: move cpu synchronization code
  target-i386: Add Intel HAX files
  Plumb the HAXM-based hardware acceleration support

 Makefile.target |1 +
 configure   |   18 +
 cpus.c  |   88 ++-
 exec.c  |   16 +
 gdbstub.c   |1 +
 hax-stub.c  |   39 ++
 hw/i386/kvm/apic.c  |1 +
 hw/i386/kvmvapic.c  |1 +
 hw/intc/apic_common.c   |3 +-
 hw/misc/vmport.c|2 +-
 hw/ppc/pnv_xscom.c  |2 +-
 hw/ppc/ppce500_spin.c   |4 +-
 hw/ppc/spapr.c  |2 +-
 hw/ppc/spapr_hcall.c|2 +-
 hw/s390x/s390-pci-inst.c|1 +
 include/qom/cpu.h   |5 +
 include/sysemu/hax.h|   56 ++
 include/sysemu/hw_accel.h   |   48 ++
 include/sysemu/kvm.h|   23 -
 monitor.c   |2 +-
 qemu-options.hx |   11 +
 qom/cpu.c   |2 +-
 target-arm/cpu.c|2 +-
 target-i386/Makefile.objs   |4 +
 target-i386/hax-all.c   | 1250 +++
 target-i386/hax-i386.h  |   85 +++
 target-i386/hax-interface.h |  357 
 target-i386/hax-slot.c  |  333 
 target-i386/hax-slot.h  |   58 ++
 target-i386/hax-windows.c   |  489 +
 target-i386/hax-windows.h   |   89 +++
 target-i386/helper.c|1 +
 target-i386/kvm.c   |1 +
 target-ppc/mmu-hash64.c |2 +-
 target-ppc/translate_init.c |2 +-
 target-s390x/gdbstub.c  |1 +
 vl.c|   15 +-
 37 files changed, 2978 insertions(+), 39 deletions(-)
 create mode 100644 hax-stub.c
 create mode 100644 include/sysemu/hax.h
 create mode 100644 include/sysemu/hw_accel.h
 create mode 100644 target-i386/hax-all.c
 create mode 100644 target-i386/hax-i386.h
 create mode 100644 target-i386/hax-interface.h
 create mode 100644 target-i386/hax-slot.c

[Qemu-devel] [PATCH v3 1/3] kvm: move cpu synchronization code

[Vincent Palatin]

Move the generic cpu_synchronize_ functions to the common hw_accel.h header,
in order to prepare for the addition of a second hardware accelerator.

Signed-off-by: Stefan Weil <s...@weilnetz.de>
Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 cpus.c  |  1 +
 gdbstub.c   |  1 +
 hw/i386/kvm/apic.c  |  1 +
 hw/i386/kvmvapic.c  |  1 +
 hw/misc/vmport.c|  2 +-
 hw/ppc/pnv_xscom.c  |  2 +-
 hw/ppc/ppce500_spin.c   |  4 ++--
 hw/ppc/spapr.c  |  2 +-
 hw/ppc/spapr_hcall.c|  2 +-
 hw/s390x/s390-pci-inst.c|  1 +
 include/sysemu/hw_accel.h   | 39 +++
 include/sysemu/kvm.h| 23 ---
 monitor.c   |  2 +-
 qom/cpu.c   |  2 +-
 target-arm/cpu.c|  2 +-
 target-i386/helper.c|  1 +
 target-i386/kvm.c   |  1 +
 target-ppc/mmu-hash64.c |  2 +-
 target-ppc/translate_init.c |  2 +-
 target-s390x/gdbstub.c  |  1 +
 20 files changed, 58 insertions(+), 34 deletions(-)
 create mode 100644 include/sysemu/hw_accel.h

diff --git a/cpus.c b/cpus.c
index 5213351..fc78502 100644
--- a/cpus.c
+++ b/cpus.c
@@ -33,6 +33,7 @@
 #include "sysemu/block-backend.h"
 #include "exec/gdbstub.h"
 #include "sysemu/dma.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "qmp-commands.h"
 #include "exec/exec-all.h"
diff --git a/gdbstub.c b/gdbstub.c
index de62d26..de9b62b 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -32,6 +32,7 @@
 #define MAX_PACKET_LENGTH 4096
 
 #include "qemu/sockets.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "exec/semihost.h"
 #include "exec/exec-all.h"
diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
index 01cbaa8..328f80c 100644
--- a/hw/i386/kvm/apic.c
+++ b/hw/i386/kvm/apic.c
@@ -14,6 +14,7 @@
 #include "cpu.h"
 #include "hw/i386/apic_internal.h"
 #include "hw/pci/msi.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "target-i386/kvm_i386.h"
 
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index b30d1b9..2f767b6 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -14,6 +14,7 @@
 #include "exec/exec-all.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/cpus.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "hw/i386/apic_internal.h"
 #include "hw/sysbus.h"
diff --git a/hw/misc/vmport.c b/hw/misc/vmport.c
index c763811..be40930 100644
--- a/hw/misc/vmport.c
+++ b/hw/misc/vmport.c
@@ -25,7 +25,7 @@
 #include "hw/hw.h"
 #include "hw/isa/isa.h"
 #include "hw/i386/pc.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "hw/qdev.h"
 
 //#define VMPORT_DEBUG
diff --git a/hw/ppc/pnv_xscom.c b/hw/ppc/pnv_xscom.c
index 5aaa264..abcb85d 100644
--- a/hw/ppc/pnv_xscom.c
+++ b/hw/ppc/pnv_xscom.c
@@ -20,7 +20,7 @@
 #include "qapi/error.h"
 #include "hw/hw.h"
 #include "qemu/log.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "target-ppc/cpu.h"
 #include "hw/sysbus.h"
 
diff --git a/hw/ppc/ppce500_spin.c b/hw/ppc/ppce500_spin.c
index cf958a9..eb219ab 100644
--- a/hw/ppc/ppce500_spin.c
+++ b/hw/ppc/ppce500_spin.c
@@ -29,9 +29,9 @@
 
 #include "qemu/osdep.h"
 #include "hw/hw.h"
-#include "sysemu/sysemu.h"
 #include "hw/sysbus.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
+#include "sysemu/sysemu.h"
 #include "e500.h"
 
 #define MAX_CPUS 32
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 0cbab24..174f4d3 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -36,7 +36,7 @@
 #include "sysemu/device_tree.h"
 #include "sysemu/block-backend.h"
 #include "sysemu/cpus.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "kvm_ppc.h"
 #include "migration/migration.h"
 #include "mmu-hash64.h"
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 9a9bedf..b2a8e48 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1,5 +1,6 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/sysemu.h"
 #include "qemu/log.h"
 #include "cpu.h"
@@ -9,7 +10,6 @@
 #include "mmu-hash64.h"
 #include "cpu-models.h"
 #include "trace.h"
-#include "sysemu/kvm.h"
 #include "kvm_ppc.h"
 #include "hw/ppc/spapr_ovec.h"
 
diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x

Re: [Qemu-devel] [PATCH v2 0/5] [RFC] Add HAX support

[Vincent Palatin]

On Mon, Nov 14, 2016 at 2:09 PM, Vincent Palatin <vpala...@chromium.org> wrote:
> On Mon, Nov 14, 2016 at 1:36 PM, Stefan Weil <s...@weilnetz.de> wrote:
>> Am 11.11.2016 um 12:28 schrieb Vincent Palatin:
>> [...]
>>> I have tested the end result on a Windows 10 Pro machine (with UG support)
>>> with the Intel HAXM module 6.0.4 and a large ChromiumOS x86_64 image to
>>> exercise various code paths. It looks stable.
>>> I also did a quick regression testing of the integration by running a Linux
>>> build with KVM enabled.
>>
>> My test on Windows 7 with HAXM 6.0.4 fails:
>>
>> $ test/qemu-system-x86_64.exe --enable-hax
>> HAX is working and emulator runs in fast virt mode.
>> Unknown hax vcpu return 1
>
> Sorry about this.
> I did notice that just running the default Seabios/iPXE was triggering
> an issue and forgot to debug it (as I'm mostly running Chromium OS
> images).
> I will have a look and try to sort this out..

I did more debugging on this and opened a whole new can of worms...
The actual crash was the first MMIO access in the iPXE option ROM. The
intel network driver there is triggering the MMIO emulation path (ie
the HAX kernel module is asking us to emulate the MMIO instruction
rather than using the 'fast MMIO' path as all other MMIOs),
this path was never correctly plumbed for the UG case in the original
Intel patchset, and still is not We can run a full linux image
without triggering it showing how unlikely it is, but it is not
documented why it is not using the normal fast MMIO in some rare case
even in UG mode (and I don't have much clues, maybe related to the
second bug described below ?).
Adding back a whole TCG emulation fall-back just for this is somewhat
large and complex, I will try to find first why it's not using the
normal path.
For what it worth '-net nic,model=pcnet' works as a workaround (by not
triggering the MMIO of death)

In addition to this, as you might have noticed, there is no character
on the (virtual) screen.
The VGA emulation is not triggered because the VGA hole is badly mapped.
Digging into this, that's due to the fact that the .region_del()
callback of the MemoryListener is missing a proper implementation, so
the system cannot remove the initial large mapping of memory on top of
those MMIO holes.
But there is a deeper issue to solve this: I'm not seeing in their
current kernel module API (aka the hax-interface.h header) a
(documented) way of removing a mapping...

So I will probably send the v3 patchset with those caveats still
opened to be sure the other changes are not lost,
then I will work further on this and maybe try to get Intel inputs on
those API behaviors.

>
>>
>> This application has requested the Runtime to terminate it in an unusual
>> way.
>> Please contact the application's support team for more information.
>>
>> $ test/qemu-system-i386.exe --enable-hax
>> HAX is working and emulator runs in fast virt mode.
>> Unknown hax vcpu return 1
>>
>> This application has requested the Runtime to terminate it in an unusual
>> way.
>> Please contact the application's support team for more information.
>>
>> I tested debug code (configure --enable-debug && make) based on
>> latest QEMU from git, this patch series and my include fixes.
>>
>> Stefan
>>

Re: [Qemu-devel] [PATCH v2 0/5] [RFC] Add HAX support

[Vincent Palatin]

On Mon, Nov 14, 2016 at 1:36 PM, Stefan Weil <s...@weilnetz.de> wrote:
> Am 11.11.2016 um 12:28 schrieb Vincent Palatin:
> [...]
>> I have tested the end result on a Windows 10 Pro machine (with UG support)
>> with the Intel HAXM module 6.0.4 and a large ChromiumOS x86_64 image to
>> exercise various code paths. It looks stable.
>> I also did a quick regression testing of the integration by running a Linux
>> build with KVM enabled.
>
> My test on Windows 7 with HAXM 6.0.4 fails:
>
> $ test/qemu-system-x86_64.exe --enable-hax
> HAX is working and emulator runs in fast virt mode.
> Unknown hax vcpu return 1

Sorry about this.
I did notice that just running the default Seabios/iPXE was triggering
an issue and forgot to debug it (as I'm mostly running Chromium OS
images).
I will have a look and try to sort this out..

>
> This application has requested the Runtime to terminate it in an unusual
> way.
> Please contact the application's support team for more information.
>
> $ test/qemu-system-i386.exe --enable-hax
> HAX is working and emulator runs in fast virt mode.
> Unknown hax vcpu return 1
>
> This application has requested the Runtime to terminate it in an unusual
> way.
> Please contact the application's support team for more information.
>
> I tested debug code (configure --enable-debug && make) based on
> latest QEMU from git, this patch series and my include fixes.
>
> Stefan
>

Re: [Qemu-devel] [PATCH v2 0/5] [RFC] Add HAX support

[Vincent Palatin]

On Mon, Nov 14, 2016 at 1:21 PM, Stefan Weil <s...@weilnetz.de> wrote:
> Am 11.11.2016 um 12:28 schrieb Vincent Palatin:
>> I took a stab at trying to rebase/upstream the support for Intel HAXM.
>> (Hardware Accelerated Execution Manager).
>> Intel HAX is kernel-based hardware acceleration module for Windows and 
>> MacOSX.
>>
>> I have based my work on the last version of the source code I found:
>> the emu-2.2-release branch in the external/qemu-android repository as used by
>> the Android emulator.
>> In patch 2/5, I have forward-ported the core HAX code mostly unmodified from
>> there, I just did some minor touch up to make it build and run properly,
>> and fixed the style issues to go through checkpatch.pl.
>> I have not included the Darwin support.
>> It might contain some outdated constructs and probably requires more
>> attention (thus the 'RFC' for this patchset).
>>
>> In patch 3/5, I'm removing a good chunk of the support for CPUs without UG 
>> mode
>> as advised by Paolo to simplify the initial version.
>>
>> In patch 5/5, I have put the plumbing into the QEMU code base, I did some 
>> clean
>> up there and it is reasonably intrusive: i.e.
>>  Makefile.target   |  1 +
>>  configure | 18 ++
>>  cpus.c| 87 
>> ++-
>>  exec.c| 16 +
>>  hw/intc/apic_common.c |  3 +-
>>  include/qom/cpu.h |  5 +++
>>  include/sysemu/hw_accel.h |  9 +
>>  qemu-options.hx   | 11 ++
>>  target-i386/Makefile.objs |  7 
>>  vl.c  | 15 ++--
>>  10 files changed, 167 insertions(+), 5 deletions(-)
>>
>> The qemu_cpu_kick_thread mess in cpus.c is probably still not perfact though.
>>
>> The patch 1/5 just extracts from KVM specific header the cpu_synchronize_
>> functions that HAX is also using.
>>
>> I have tested the end result on a Windows 10 Pro machine (with UG support)
>> with the Intel HAXM module 6.0.4 and a large ChromiumOS x86_64 image to
>> exercise various code paths. It looks stable.
>> I also did a quick regression testing of the integration by running a Linux
>> build with KVM enabled.
>
>
> A full build for Windows needs the patch below to
> fix missing declarations, otherwise it fails with
> compiler warnings and linker errors.

Thanks for filing the gaps. That's very helpful !
Do you mind if I merge it with your SoB into Patch 1/5 where it belongs ?
or do you prefer keeping it as a separate patch ?


> From 91481639a1005ed3278eb55c77c99bb1bcc135ce Mon Sep 17 00:00:00 2001
> From: Stefan Weil <s...@weilnetz.de>
> Date: Mon, 14 Nov 2016 13:09:53 +0100
> Subject: [PATCH] Fix include statements for HAXM support
>
> We need sysemu/hw_accel.h. As sysemu/hw_accel.h already includes
> sysemu/kvm.h, that one can be removed.
>
> Signed-off-by: Stefan Weil <s...@weilnetz.de>
> ---
>  hw/ppc/pnv_xscom.c  | 2 +-
>  hw/ppc/ppce500_spin.c   | 4 ++--
>  hw/ppc/spapr.c  | 2 +-
>  hw/ppc/spapr_hcall.c| 2 +-
>  hw/s390x/s390-pci-inst.c| 1 +
>  target-ppc/mmu-hash64.c | 2 +-
>  target-ppc/translate_init.c | 2 +-
>  target-s390x/gdbstub.c  | 1 +
>  8 files changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/hw/ppc/pnv_xscom.c b/hw/ppc/pnv_xscom.c
> index 5aaa264..abcb85d 100644
> --- a/hw/ppc/pnv_xscom.c
> +++ b/hw/ppc/pnv_xscom.c
> @@ -20,7 +20,7 @@
>  #include "qapi/error.h"
>  #include "hw/hw.h"
>  #include "qemu/log.h"
> -#include "sysemu/kvm.h"
> +#include "sysemu/hw_accel.h"
>  #include "target-ppc/cpu.h"
>  #include "hw/sysbus.h"
>
> diff --git a/hw/ppc/ppce500_spin.c b/hw/ppc/ppce500_spin.c
> index cf958a9..eb219ab 100644
> --- a/hw/ppc/ppce500_spin.c
> +++ b/hw/ppc/ppce500_spin.c
> @@ -29,9 +29,9 @@
>
>  #include "qemu/osdep.h"
>  #include "hw/hw.h"
> -#include "sysemu/sysemu.h"
>  #include "hw/sysbus.h"
> -#include "sysemu/kvm.h"
> +#include "sysemu/hw_accel.h"
> +#include "sysemu/sysemu.h"
>  #include "e500.h"
>
>  #define MAX_CPUS 32
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 0cbab24..174f4d3 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -36,7 +36,7 @@
>  #include "sysemu/device_tree.h"
>  #include "sysemu/block-backend.h"
>  #include "sysemu/cpus.h"
> -#include "sysemu/kvm.h"
> +#include "syse

Re: [Qemu-devel] [PATCH v2 5/5] Plumb the HAXM-based hardware acceleration support

[Vincent Palatin]

On Mon, Nov 14, 2016 at 12:56 PM, Paolo Bonzini <pbonz...@redhat.com> wrote:
>
>
> On 11/11/2016 12:28, Vincent Palatin wrote:
>> +/*
>> + * In Hax, the qemu allocate the virtual address, and HAX kernel
>> + * populate the memory with physical memory. Currently we have 
>> no
>> + * paging, so user should make sure enough free memory in 
>> advance
>> + */
>> +if (hax_enabled()) {
>> +int ret;
>> +ret = hax_populate_ram((uint64_t)(uintptr_t)new_block->host,
>> +   new_block->max_length);
>> +if (ret < 0) {
>> +error_setg(errp, "Hax failed to populate ram");
>> +return;
>> +}
>> +}
>> +
>>  if (!new_block->host) {
>>  error_setg_errno(errp, errno,
>>   "cannot set up guest memory '%s'",
>
> The hax_enabled() check should be after the "if (!new_block->host)" block.

Indeed, fixed in v3 series.

Thansk !

-- 
Vincent

Re: [Qemu-devel] [PATCH v2 2/5] target-i386: Add Intel HAX files

[Vincent Palatin]

On Mon, Nov 14, 2016 at 11:15 AM, Paolo Bonzini <pbonz...@redhat.com> wrote:
>
>
> On 11/11/2016 12:28, Vincent Palatin wrote:
>> +
>> +memcpy(env->xmm_regs, fpu.mmx_1, sizeof(fpu.mmx_1));
>> +memcpy((ZMMReg *) (env->xmm_regs) + 8, fpu.mmx_2, sizeof(fpu.mmx_2));
>
> HAX will only support SSE (128-bit) registers, while env->xmm_regs
> supports AVX512 (512-bit) so you have to copy registers one by one.


Good point,
I will fix this


>
> Is there documentation for HAX?

No developer doc I know of,
both Intel website and the download packages contain only installation
documentations as far as I can tell.
I will ask Intel when I have the chance.

>  In particular I'm curious as to what
> the CPUID information looks like in the guest, and whether there are
> ioctls to change it.

No idea for the interface, but I have put an example below if you are
interested.

> In particular I would expect XSAVE to be disabled.

For EAX=1  I'm seeing ECX = 00d82201 => [26] = 0 && [27] = 0.
We should be fine for XSAVE.


On the Intel Core i5-6200U CPU I was running my tests on, I have
dumped the CPUID inside the emulator with HAX and on the Windows host:

== emulation with HAX ==
 eax ineax  ebx  ecx  edx
 0004 756e6547 6c65746e 49656e69
0001 000106f1 00010400 00d82201 1f88fbff
0002 03020101   0c040844
0003    
0004    
0005 0040 0040 0003 11142120
0006 27f7 0002 0009 
0007  029c67af  
0008    
0009    
000a 07300404   0603
000b 0001 0002 0100 0001
000c    
000d 001f 0440 0440 
000e    
000f    
0010    
0011    
0012    
0013    
0014 0001 000f 0007 
0015 0002 00c8  
0016 0960 0af0 0064 
8000 8008   
8001    2800
8002 74726956 206c6175 20555043 
8003    
8004    
8005    
8006   04008040 
8007    
8008 3027   

== Windows host  ==
 eax ineax  ebx  ecx  edx
 0016 756e6547 6c65746e 49656e69
0001 000406e3 00100800 7ffafbbf bfebfbff
0002 76036301 00f0b5ff  00c3
0003    
0004    
0005 0040 0040 0003 11142120
0006 27f7 0002 0009 
0007    
0008    
0009    
000a 07300404   0603
000b   00c3 
000c    
000d    
000e    
000f    
0010    
0011    
0012    
0013    
0014    
0015 0002 00c8  
0016 0960 0af0 0064 
8000 8008   
8001   0121 2c10
8002 65746e49 2952286c 726f4320 4d542865
8003 35692029 3032362d 43205530 40205550
8004 332e3220 7a484730  
8005    
8006   01006040 
8007    0100
8008 3027   

>
>> +
>> +static int hax_handle_fastmmio(CPUArchState *env, struct hax_fastmmio *hft)
>> +{
>> +uint64_t buf = 0;
>> +/*
>> + * With fast MMIO, QEMU need not sync vCPU state with HAXM
>> + * driver because it will only invoke MMIO handler
>> + * However, some MMIO operations utilize virtual address like qemu_pipe
>> + * Thus we need to sync the CR0, CR3 and CR4 so that QEMU
>> + * can translate the guest virtual address to guest physical
>> + * address
>> + */
>> +env->cr[0] = hft->_cr0;
>> +env->cr[2] = hft->_cr2;
>> +env->cr[3] = hft->_cr3;
>&

Re: [Qemu-devel] [PATCH v2 2/5] target-i386: Add Intel HAX files

[Vincent Palatin]

On Mon, Nov 14, 2016 at 10:29 AM, Stefan Weil <s...@weilnetz.de> wrote:
> Am 11.11.2016 um 12:28 schrieb Vincent Palatin:
> [...]
>>
>> Signed-off-by: Vincent Palatin <vpala...@chromium.org>
>> ---
>>  hax-stub.c  |   74 +++
>>  include/sysemu/hax.h|   66 ++
>>  target-i386/hax-all.c   | 1490 
>> +++
>
> Git warns about a whitespace issue:
> The empty last line of target-i386/hax-all.c should be removed.

Done, I will send it with the v3 series.

-- 
Vincent

Re: [Qemu-devel] [PATCH v2 0/5] [RFC] Add HAX support

[Vincent Palatin]

On Mon, Nov 14, 2016 at 9:55 AM, Stefan Weil <stefan.w...@weilnetz.de> wrote:
> On 11/14/16 09:21, Vincent Palatin wrote:
>>
>> On Sun, Nov 13, 2016 at 4:20 AM,  <no-re...@patchew.org> wrote:
>>>
>>>
>>> === OUTPUT BEGIN ===
>>> fatal: unrecognized argument: --no-patch
>>> Checking PATCH 1/5: ...
>>> fatal: unrecognized argument: --no-patch
>>> Checking PATCH 2/5: ...
>>> fatal: unrecognized argument: --no-patch
>>> Checking PATCH 3/5: ...
>>> fatal: unrecognized argument: --no-patch
>>> Checking PATCH 4/5: ...
>>> fatal: unrecognized argument: --no-patch
>>> Checking PATCH 5/5: ...
>>> ERROR: spaces required around that '-' (ctx:WxV)
>>> #158: FILE: cpus.c:1276:
>>> +if (SuspendThread(cpu->hThread) == (DWORD) -1) {
>>> ^
>>>
>>> ERROR: spaces required around that '-' (ctx:WxV)
>>> #176: FILE: cpus.c:1294:
>>> +if (ResumeThread(cpu->hThread) == (DWORD) -1) {
>>>^
>>>
>>
>> Apparently I missed this couple of warnings when I did my final checkpatch
>> pass.
>> At the same time, I have no idea how to solve this one, can anybody
>> enlighten me ?
>> Having a space on both sides of a unary minus doesn't seem what we want,
>> so I imagine something else is wrong and confuse a bit checkpatch.pl.
>
>
>
> (DWORK)(-1) works for checkpatch.pl.

Yes, thanks. This should be an acceptable workaround, I will update my
next series.

>
> I noticed a strange behaviour of checkpatch.pl:
>
> If I run it on all of your five commits, it does not find any error.
> If I run it only on the 5th commit, it shows the two errors like above.

Interesting, that's why I missed it in first place ... I was a bit confused.

-- 
Vincent

Re: [Qemu-devel] [PATCH v2 0/5] [RFC] Add HAX support

[Vincent Palatin]

On Sun, Nov 13, 2016 at 4:20 AM,   wrote:
> Hi,
>
> Your series seems to have some coding style problems. See output below for
> more information:
>
> Type: series
> Subject: [Qemu-devel] [PATCH v2 0/5] [RFC] Add HAX support
> Message-id: cover.1478863621.git.vpala...@chromium.org
>
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
>
> BASE=base
> n=1
> total=$(git log --oneline $BASE.. | wc -l)
> failed=0
>
> # Useful git options
> git config --local diff.renamelimit 0
> git config --local diff.renames True
>
> commits="$(git log --format=%H --reverse $BASE..)"
> for c in $commits; do
> echo "Checking PATCH $n/$total: $(git show --no-patch --format=%s $c)..."
> if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; 
> then
> failed=1
> echo
> fi
> n=$((n+1))
> done
>
> exit $failed
> === TEST SCRIPT END ===
>
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> Switched to a new branch 'test'
> b9d801a Plumb the HAXM-based hardware acceleration support
> c855846 hax: simplify init
> 577d188 hax: remove non UG code
> edf12f7 target-i386: Add Intel HAX files
> cfebedf kvm: move cpu synchronization code
>
> === OUTPUT BEGIN ===
> fatal: unrecognized argument: --no-patch
> Checking PATCH 1/5: ...
> fatal: unrecognized argument: --no-patch
> Checking PATCH 2/5: ...
> fatal: unrecognized argument: --no-patch
> Checking PATCH 3/5: ...
> fatal: unrecognized argument: --no-patch
> Checking PATCH 4/5: ...
> fatal: unrecognized argument: --no-patch
> Checking PATCH 5/5: ...
> ERROR: spaces required around that '-' (ctx:WxV)
> #158: FILE: cpus.c:1276:
> +if (SuspendThread(cpu->hThread) == (DWORD) -1) {
> ^
>
> ERROR: spaces required around that '-' (ctx:WxV)
> #176: FILE: cpus.c:1294:
> +if (ResumeThread(cpu->hThread) == (DWORD) -1) {
>^
>

Apparently I missed this couple of warnings when I did my final checkpatch pass.
At the same time, I have no idea how to solve this one, can anybody
enlighten me ?
Having a space on both sides of a unary minus doesn't seem what we want,
so I imagine something else is wrong and confuse a bit checkpatch.pl.


> total: 2 errors, 0 warnings, 349 lines checked
>
> Your patch has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
>
> === OUTPUT END ===
>
> Test command exited with code: 1
>
>
> ---
> Email generated automatically by Patchew [http://patchew.org/].
> Please send your feedback to patchew-de...@freelists.org

[Qemu-devel] [PATCH v2 2/5] target-i386: Add Intel HAX files

[Vincent Palatin]

That's a forward port of the core HAX interface code mostly unmodified from
emu-2.2-release branch in the external/qemu-android repository as used by
the Android emulator.

The original commit was "target-i386: Add Intel HAX to android emulator"
saying:
"""
  Backport of 2b3098ff27bab079caab9b46b58546b5036f5c0c
  from studio-1.4-dev into emu-master-dev

Intel HAX (harware acceleration) will enhance android emulator performance
in Windows and Mac OS X in the systems powered by Intel processors with
"Intel Hardware Accelerated Execution Manager" package installed when
user runs android emulator with Intel target.

Signed-off-by: David Chou <david.j.c...@intel.com>
"""

It has minor modifications to build and run along with the current
code base.
The formatting has been fixed to go through scripts/checkpatch.pl.
Update the DPRINTF macros to get the instanciations checked by the
compiler.
Does not include the Darwin support.

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 hax-stub.c  |   74 +++
 include/sysemu/hax.h|   66 ++
 target-i386/hax-all.c   | 1490 +++
 target-i386/hax-i386.h  |   91 +++
 target-i386/hax-interface.h |  357 +++
 target-i386/hax-slot.c  |  333 ++
 target-i386/hax-slot.h  |   58 ++
 target-i386/hax-windows.c   |  509 +++
 target-i386/hax-windows.h   |   89 +++
 9 files changed, 3067 insertions(+)
 create mode 100644 hax-stub.c
 create mode 100644 include/sysemu/hax.h
 create mode 100644 target-i386/hax-all.c
 create mode 100644 target-i386/hax-i386.h
 create mode 100644 target-i386/hax-interface.h
 create mode 100644 target-i386/hax-slot.c
 create mode 100644 target-i386/hax-slot.h
 create mode 100644 target-i386/hax-windows.c
 create mode 100644 target-i386/hax-windows.h

diff --git a/hax-stub.c b/hax-stub.c
new file mode 100644
index 000..11cd626
--- /dev/null
+++ b/hax-stub.c
@@ -0,0 +1,74 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright (c) 2015, Intel Corporation
+ *
+ * Copyright 2016 Google, Inc.
+ *
+ * This software is licensed under the terms of the GNU General Public
+ * License version 2, as published by the Free Software Foundation, and
+ * may be copied, distributed, and modified under those terms.
+ *
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "sysemu/hax.h"
+
+int hax_sync_vcpus(void)
+{
+return 0;
+}
+
+void hax_disable(int disable)
+{
+   return;
+}
+
+int hax_pre_init(uint64_t ram_size)
+{
+   return 0;
+}
+
+int hax_get_max_ram(uint64_t *max_ram)
+{
+return 0;
+}
+
+int hax_populate_ram(uint64_t va, uint32_t size)
+{
+return -ENOSYS;
+}
+
+int hax_init_vcpu(CPUState *cpu)
+{
+return -ENOSYS;
+}
+
+int hax_smp_cpu_exec(CPUState *cpu)
+{
+return -ENOSYS;
+}
+
+int hax_vcpu_exec(CPUState *cpu)
+{
+return -ENOSYS;
+}
+
+int hax_vcpu_emulation_mode(CPUState *cpu)
+{
+return 0;
+}
+
+int hax_stop_emulation(CPUState *cpu)
+{
+return 0;
+}
+
+int hax_stop_translate(CPUState *cpu)
+{
+return 0;
+}
diff --git a/include/sysemu/hax.h b/include/sysemu/hax.h
new file mode 100644
index 000..159e20f
--- /dev/null
+++ b/include/sysemu/hax.h
@@ -0,0 +1,66 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright IBM, Corp. 2008
+ *
+ * Authors:
+ *  Anthony Liguori   <aligu...@us.ibm.com>
+ *
+ * Copyright (c) 2011 Intel Corporation
+ *  Written by:
+ *  Jiang Yunhong<yunhong.ji...@intel.com>
+ *  Xin Xiaohui<xiaohui@intel.com>
+ *  Zhang Xiantao<xiantao.zh...@intel.com>
+ *
+ * Copyright 2016 Google, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_HAX_H
+#define QEMU_HAX_H
+
+#include "config-host.h"
+#include "qemu-common.h"
+
+int hax_pre_init(uint64_t ram_size);
+int hax_sync_vcpus(void);
+void hax_disable(int disable);
+int hax_init_vcpu(CPUState *cpu);
+int hax_smp_cpu_exec(CPUState *cpu);
+int hax_vcpu_exec(CPUState *cpu);
+int hax_vcpu_emulation_mode(CPUState *cpu);
+int hax_stop_emulation(CPUState *cpu);
+int hax_stop_translate(CPUState *cpu);
+/* get the max haxm ram even before haxm library is initialized */
+int hax_get_max_ram(uint64_t *max_ram);
+int hax_populate_ram(uint64_t va, uint32_t size);
+
+void hax_cpu_synchronize_state(CPUState *cpu);
+void hax_cpu_synchronize_post_reset(CPUState *cpu);
+void hax_cpu_synchronize_post_init(CPUState *cpu);
+
+#ifdef CONFIG_HAX
+
+int hax_enabled(void);
+int hax_ug_platform(void);
+
+#include "hw/hw.h"
+#include "qemu/bitops.h"
+#include "exec/memory.h"
+int hax_vcpu_destroy(CPUState *cpu);
+void hax_raise_event(CPUState *cpu);
+void hax_reset_vcpu_state(void *opa

[Qemu-devel] [PATCH v2 3/5] hax: remove non UG code

[Vincent Palatin]

Simplify the implementation by removing the code for supporting the hardware
without Unrestricted Guest (UG) mode.

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 hax-stub.c |  20 -
 include/sysemu/hax.h   |   6 --
 target-i386/hax-all.c  | 200 -
 target-i386/hax-i386.h |   1 -
 4 files changed, 31 insertions(+), 196 deletions(-)

diff --git a/hax-stub.c b/hax-stub.c
index 11cd626..0e756a3 100644
--- a/hax-stub.c
+++ b/hax-stub.c
@@ -52,23 +52,3 @@ int hax_smp_cpu_exec(CPUState *cpu)
 {
 return -ENOSYS;
 }
-
-int hax_vcpu_exec(CPUState *cpu)
-{
-return -ENOSYS;
-}
-
-int hax_vcpu_emulation_mode(CPUState *cpu)
-{
-return 0;
-}
-
-int hax_stop_emulation(CPUState *cpu)
-{
-return 0;
-}
-
-int hax_stop_translate(CPUState *cpu)
-{
-return 0;
-}
diff --git a/include/sysemu/hax.h b/include/sysemu/hax.h
index 159e20f..50b3fc4 100644
--- a/include/sysemu/hax.h
+++ b/include/sysemu/hax.h
@@ -30,10 +30,6 @@ int hax_sync_vcpus(void);
 void hax_disable(int disable);
 int hax_init_vcpu(CPUState *cpu);
 int hax_smp_cpu_exec(CPUState *cpu);
-int hax_vcpu_exec(CPUState *cpu);
-int hax_vcpu_emulation_mode(CPUState *cpu);
-int hax_stop_emulation(CPUState *cpu);
-int hax_stop_translate(CPUState *cpu);
 /* get the max haxm ram even before haxm library is initialized */
 int hax_get_max_ram(uint64_t *max_ram);
 int hax_populate_ram(uint64_t va, uint32_t size);
@@ -45,7 +41,6 @@ void hax_cpu_synchronize_post_init(CPUState *cpu);
 #ifdef CONFIG_HAX
 
 int hax_enabled(void);
-int hax_ug_platform(void);
 
 #include "hw/hw.h"
 #include "qemu/bitops.h"
@@ -59,7 +54,6 @@ void hax_reset_vcpu_state(void *opaque);
 #else /* CONFIG_HAX */
 
 #define hax_enabled() (0)
-#define hax_ug_platform() (0)
 
 #endif /* CONFIG_HAX */
 
diff --git a/target-i386/hax-all.c b/target-i386/hax-all.c
index 86d16ae..ad5414c 100644
--- a/target-i386/hax-all.c
+++ b/target-i386/hax-all.c
@@ -66,9 +66,6 @@ const uint32_t hax_min_version = 0x3;
 #define HAX_EMULATE_STATE_NONE  0x3
 #define HAX_EMULATE_STATE_INITIAL   0x4
 
-#define HAX_NON_UG_PLATFORM 0x0
-#define HAX_UG_PLATFORM 0x1
-
 bool hax_allowed;
 
 static void hax_vcpu_sync_state(CPUArchState *env, int modified);
@@ -82,7 +79,6 @@ int ret_hax_init;
 static int hax_disabled = 1;
 
 int hax_support = -1;
-int ug_support;
 
 /* Called after hax_init */
 int hax_enabled(void)
@@ -95,19 +91,6 @@ void hax_disable(int disable)
 hax_disabled = disable;
 }
 
-/* Called after hax_init */
-int hax_ug_platform(void)
-{
-return ug_support;
-}
-
-/* Currently non-PG modes are emulated by QEMU */
-int hax_vcpu_emulation_mode(CPUState *cpu)
-{
-CPUArchState *env = (CPUArchState *) (cpu->env_ptr);
-return !(env->cr[0] & CR0_PG_MASK);
-}
-
 static int hax_prepare_emulation(CPUArchState *env)
 {
 /* Flush all emulation states */
@@ -118,66 +101,6 @@ static int hax_prepare_emulation(CPUArchState *env)
 return 0;
 }
 
-/*
- * Check whether to break the translation block loop
- * break tbloop after one MMIO emulation, or after finish emulation mode
- */
-static int hax_stop_tbloop(CPUArchState *env)
-{
-CPUState *cpu = ENV_GET_CPU(env);
-switch (cpu->hax_vcpu->emulation_state) {
-case HAX_EMULATE_STATE_MMIO:
-if (cpu->hax_vcpu->resync) {
-hax_prepare_emulation(env);
-cpu->hax_vcpu->resync = 0;
-return 0;
-}
-return 1;
-break;
-case HAX_EMULATE_STATE_INITIAL:
-case HAX_EMULATE_STATE_REAL:
-if (!hax_vcpu_emulation_mode(cpu)) {
-return 1;
-}
-break;
-default:
-fprintf(stderr, "Invalid emulation state in hax_sto_tbloop state %x\n",
-cpu->hax_vcpu->emulation_state);
-break;
-}
-
-return 0;
-}
-
-int hax_stop_emulation(CPUState *cpu)
-{
-CPUArchState *env = (CPUArchState *) (cpu->env_ptr);
-
-if (hax_stop_tbloop(env)) {
-cpu->hax_vcpu->emulation_state = HAX_EMULATE_STATE_NONE;
-/*
- * QEMU emulation changes vcpu state,
- * Sync the vcpu state to HAX kernel module
- */
-hax_vcpu_sync_state(env, 1);
-return 1;
-}
-
-return 0;
-}
-
-int hax_stop_translate(CPUState *cpu)
-{
-struct hax_vcpu_state *vstate = cpu->hax_vcpu;
-
-assert(vstate->emulation_state);
-if (vstate->emulation_state == HAX_EMULATE_STATE_MMIO) {
-return 1;
-}
-
-return 0;
-}
-
 int valid_hax_tunnel_size(uint16_t size)
 {
 return size >= sizeof(struct hax_tunnel);
@@ -214,8 +137,9 @@ static int hax_get_capability(struct hax_state *hax)
 
 }
 
-if ((cap->winfo & HAX_CAP_UG)) {
-ug_support = 1;
+if (!(cap->winfo & HAX_CAP_UG)) {
+fprintf(stderr, "UG mode is not supported by the hardware.\n");
+return -ENOTSUP;
 

[Qemu-devel] [PATCH v2 4/5] hax: simplify init

[Vincent Palatin]

remove the leftovers from the Android specific code,
and use the AccelClass allowed field as expected.
then we can simplify the remaining logic and remove the hax_pre_init
callback.

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 hax-stub.c| 15 ---
 include/sysemu/hax.h  |  4 
 target-i386/hax-all.c | 49 ---
 target-i386/hax-windows.c | 20 ---
 4 files changed, 12 insertions(+), 76 deletions(-)

diff --git a/hax-stub.c b/hax-stub.c
index 0e756a3..a532dba 100644
--- a/hax-stub.c
+++ b/hax-stub.c
@@ -23,21 +23,6 @@ int hax_sync_vcpus(void)
 return 0;
 }
 
-void hax_disable(int disable)
-{
-   return;
-}
-
-int hax_pre_init(uint64_t ram_size)
-{
-   return 0;
-}
-
-int hax_get_max_ram(uint64_t *max_ram)
-{
-return 0;
-}
-
 int hax_populate_ram(uint64_t va, uint32_t size)
 {
 return -ENOSYS;
diff --git a/include/sysemu/hax.h b/include/sysemu/hax.h
index 50b3fc4..51c8fd5 100644
--- a/include/sysemu/hax.h
+++ b/include/sysemu/hax.h
@@ -25,13 +25,9 @@
 #include "config-host.h"
 #include "qemu-common.h"
 
-int hax_pre_init(uint64_t ram_size);
 int hax_sync_vcpus(void);
-void hax_disable(int disable);
 int hax_init_vcpu(CPUState *cpu);
 int hax_smp_cpu_exec(CPUState *cpu);
-/* get the max haxm ram even before haxm library is initialized */
-int hax_get_max_ram(uint64_t *max_ram);
 int hax_populate_ram(uint64_t va, uint32_t size);
 
 void hax_cpu_synchronize_state(CPUState *cpu);
diff --git a/target-i386/hax-all.c b/target-i386/hax-all.c
index ad5414c..007178d 100644
--- a/target-i386/hax-all.c
+++ b/target-i386/hax-all.c
@@ -36,6 +36,7 @@
 #include "exec/address-spaces.h"
 #include "qemu/main-loop.h"
 #include "hax-slot.h"
+#include "hw/boards.h"
 
 static const char kHaxVcpuSyncFailed[] = "Failed to sync HAX vcpu context";
 #define derror(msg) do { fprintf(stderr, (msg)); } while (0)
@@ -66,7 +67,7 @@ const uint32_t hax_min_version = 0x3;
 #define HAX_EMULATE_STATE_NONE  0x3
 #define HAX_EMULATE_STATE_INITIAL   0x4
 
-bool hax_allowed;
+static bool hax_allowed;
 
 static void hax_vcpu_sync_state(CPUArchState *env, int modified);
 static int hax_arch_get_registers(CPUArchState *env);
@@ -75,20 +76,11 @@ static int hax_handle_io(CPUArchState *env, uint32_t df, 
uint16_t port,
 static int hax_handle_fastmmio(CPUArchState *env, struct hax_fastmmio *hft);
 
 struct hax_state hax_global;
-int ret_hax_init;
-static int hax_disabled = 1;
-
-int hax_support = -1;
 
 /* Called after hax_init */
 int hax_enabled(void)
 {
-return !hax_disabled && hax_support;
-}
-
-void hax_disable(int disable)
-{
-hax_disabled = disable;
+return hax_allowed;
 }
 
 static int hax_prepare_emulation(CPUArchState *env)
@@ -456,32 +448,17 @@ static void hax_handle_interrupt(CPUState *cpu, int mask)
 }
 }
 
-int hax_pre_init(uint64_t ram_size)
-{
-struct hax_state *hax = NULL;
-
-fprintf(stdout, "Hax is %s\n", hax_disabled ? "disabled" : "enabled");
-if (hax_disabled) {
-return 0;
-}
-hax = _global;
-memset(hax, 0, sizeof(struct hax_state));
-hax->mem_quota = ram_size;
-fprintf(stdout, "Hax ram_size 0x%llx\n", ram_size);
-
-return 0;
-}
-
-static int hax_init(void)
+static int hax_init(ram_addr_t ram_size)
 {
 struct hax_state *hax = NULL;
 struct hax_qemu_version qversion;
 int ret;
 
-hax_support = 0;
-
 hax = _global;
 
+memset(hax, 0, sizeof(struct hax_state));
+hax->mem_quota = ram_size;
+
 hax->fd = hax_mod_open();
 if (hax_invalid_fd(hax->fd)) {
 hax->fd = 0;
@@ -519,7 +496,6 @@ static int hax_init(void)
 qversion.min_version = hax_min_version;
 hax_notify_qemu_version(hax->vm->fd, );
 cpu_interrupt_handler = hax_handle_interrupt;
-hax_support = 1;
 
 return ret;
   error:
@@ -535,17 +511,16 @@ static int hax_init(void)
 
 static int hax_accel_init(MachineState *ms)
 {
-ret_hax_init = hax_init();
+int ret = hax_init(ms->ram_size);
 
-if (ret_hax_init && (ret_hax_init != -ENOSPC)) {
+if (ret && (ret != -ENOSPC)) {
 fprintf(stderr, "No accelerator found.\n");
-return ret_hax_init;
 } else {
 fprintf(stdout, "HAX is %s and emulator runs in %s mode.\n",
-!ret_hax_init ? "working" : "not working",
-!ret_hax_init ? "fast virt" : "emulation");
-return 0;
+!ret ? "working" : "not working",
+!ret ? "fast virt" : "emulation");
 }
+return ret;
 }
 
 static int hax_handle_fastmmio(CPUArchState *env, struct hax_fastmmio *hft)
diff --git a/target-i386/hax-windows.c b/target-i386/hax-windows.c
index 194ac1c..71c230d 

[Qemu-devel] [PATCH v2 5/5] Plumb the HAXM-based hardware acceleration support

[Vincent Palatin]

Use the Intel HAX is kernel-based hardware acceleration module for
Windows and MacOSX (similar to KVM on Linux).

Based on the "target-i386: Add Intel HAX to android emulator" patch
from David Chou <david.j.c...@intel.com>

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 Makefile.target   |  1 +
 configure | 18 ++
 cpus.c| 87 ++-
 exec.c| 16 +
 hw/intc/apic_common.c |  3 +-
 include/qom/cpu.h |  5 +++
 include/sysemu/hw_accel.h |  9 +
 qemu-options.hx   | 11 ++
 target-i386/Makefile.objs |  7 
 vl.c  | 15 ++--
 10 files changed, 167 insertions(+), 5 deletions(-)

diff --git a/Makefile.target b/Makefile.target
index 7a5080e..dab81e7 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -96,6 +96,7 @@ obj-y += target-$(TARGET_BASE_ARCH)/
 obj-y += disas.o
 obj-y += tcg-runtime.o
 obj-$(call notempty,$(TARGET_XML_FILES)) += gdbstub-xml.o
+obj-$(call lnot,$(CONFIG_HAX)) += hax-stub.o
 obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
 
 obj-$(CONFIG_LIBDECNUMBER) += libdecnumber/decContext.o
diff --git a/configure b/configure
index 7d2a34e..236a7b7 100755
--- a/configure
+++ b/configure
@@ -230,6 +230,7 @@ vhost_net="no"
 vhost_scsi="no"
 vhost_vsock="no"
 kvm="no"
+hax="no"
 colo="yes"
 rdma=""
 gprof="no"
@@ -563,6 +564,7 @@ CYGWIN*)
 ;;
 MINGW32*)
   mingw32="yes"
+  hax="yes"
   audio_possible_drivers="dsound sdl"
   if check_include dsound.h; then
 audio_drv_list="dsound"
@@ -610,6 +612,7 @@ OpenBSD)
 Darwin)
   bsd="yes"
   darwin="yes"
+  hax="yes"
   LDFLAGS_SHARED="-bundle -undefined dynamic_lookup"
   if [ "$cpu" = "x86_64" ] ; then
 QEMU_CFLAGS="-arch x86_64 $QEMU_CFLAGS"
@@ -919,6 +922,10 @@ for opt do
   ;;
   --enable-kvm) kvm="yes"
   ;;
+  --disable-hax) hax="no"
+  ;;
+  --enable-hax) hax="yes"
+  ;;
   --disable-colo) colo="no"
   ;;
   --enable-colo) colo="yes"
@@ -1371,6 +1378,7 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   fdt fdt device tree
   bluez   bluez stack connectivity
   kvm KVM acceleration support
+  hax HAX acceleration support
   coloCOarse-grain LOck-stepping VM for Non-stop Service
   rdmaRDMA-based migration support
   vde support for vde network
@@ -5043,6 +5051,7 @@ echo "ATTR/XATTR support $attr"
 echo "Install blobs $blobs"
 echo "KVM support   $kvm"
 echo "COLO support  $colo"
+echo "HAX support   $hax"
 echo "RDMA support  $rdma"
 echo "TCG interpreter   $tcg_interpreter"
 echo "fdt support   $fdt"
@@ -6027,6 +6036,15 @@ case "$target_name" in
   fi
 fi
 esac
+if test "$hax" = "yes" ; then
+  if test "$target_softmmu" = "yes" ; then
+case "$target_name" in
+i386|x86_64)
+  echo "CONFIG_HAX=y" >> $config_target_mak
+;;
+esac
+  fi
+fi
 if test "$target_bigendian" = "yes" ; then
   echo "TARGET_WORDS_BIGENDIAN=y" >> $config_target_mak
 fi
diff --git a/cpus.c b/cpus.c
index fc78502..ae4f69f 100644
--- a/cpus.c
+++ b/cpus.c
@@ -35,6 +35,7 @@
 #include "sysemu/dma.h"
 #include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
+#include "sysemu/hax.h"
 #include "qmp-commands.h"
 #include "exec/exec-all.h"
 
@@ -1221,6 +1222,39 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
 return NULL;
 }
 
+static void *qemu_hax_cpu_thread_fn(void *arg)
+{
+CPUState *cpu = arg;
+int r;
+qemu_thread_get_self(cpu->thread);
+qemu_mutex_lock(_global_mutex);
+
+cpu->thread_id = qemu_get_thread_id();
+cpu->created = true;
+cpu->halted = 0;
+current_cpu = cpu;
+
+hax_init_vcpu(cpu);
+qemu_cond_signal(_cpu_cond);
+
+while (1) {
+if (cpu_can_run(cpu)) {
+r = hax_smp_cpu_exec(cpu);
+if (r == EXCP_DEBUG) {
+cpu_handle_guest_debug(cpu);
+}
+}
+
+while (cpu_thread_is_idle(cpu)) {
+qemu_cond_wait(cpu->halt_cond, _global_mutex);
+}
+
+qemu_wait_io_event_common(cpu);
+}
+return NULL;
+}
+
+
 static void qemu_cpu_kick_thread(CPUState *cpu)
 {
 #ifndef _WIN32
@@ -1236,7 +1270,33 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
 exit(1);
 }
 #else /* _WIN32 */
-abort();
+if (!qemu_cpu_is_self(cpu)) {
+CONTEXT context;
+
+if (SuspendTh

[Qemu-devel] [PATCH v2 0/5] [RFC] Add HAX support

[Vincent Palatin]

I took a stab at trying to rebase/upstream the support for Intel HAXM.
(Hardware Accelerated Execution Manager).
Intel HAX is kernel-based hardware acceleration module for Windows and MacOSX.

I have based my work on the last version of the source code I found:
the emu-2.2-release branch in the external/qemu-android repository as used by
the Android emulator.
In patch 2/5, I have forward-ported the core HAX code mostly unmodified from
there, I just did some minor touch up to make it build and run properly,
and fixed the style issues to go through checkpatch.pl.
I have not included the Darwin support.
It might contain some outdated constructs and probably requires more
attention (thus the 'RFC' for this patchset).

In patch 3/5, I'm removing a good chunk of the support for CPUs without UG mode
as advised by Paolo to simplify the initial version.

In patch 5/5, I have put the plumbing into the QEMU code base, I did some clean
up there and it is reasonably intrusive: i.e.
 Makefile.target   |  1 +
 configure | 18 ++
 cpus.c| 87 ++-
 exec.c| 16 +
 hw/intc/apic_common.c |  3 +-
 include/qom/cpu.h |  5 +++
 include/sysemu/hw_accel.h |  9 +
 qemu-options.hx   | 11 ++
 target-i386/Makefile.objs |  7 
 vl.c  | 15 ++--
 10 files changed, 167 insertions(+), 5 deletions(-)

The qemu_cpu_kick_thread mess in cpus.c is probably still not perfact though.

The patch 1/5 just extracts from KVM specific header the cpu_synchronize_
functions that HAX is also using.

I have tested the end result on a Windows 10 Pro machine (with UG support)
with the Intel HAXM module 6.0.4 and a large ChromiumOS x86_64 image to
exercise various code paths. It looks stable.
I also did a quick regression testing of the integration by running a Linux
build with KVM enabled.

Changes from v1 to v2:
- fix all style issues in the original code to get it through checkpatch.pl.
- remove Darwin support, it was barely tested and not fully functional.
- remove the support for CPU without UG mode.
- fix most review comments

Vincent Palatin (5):
  kvm: move cpu synchronization code
  target-i386: Add Intel HAX files
  hax: remove non UG code
  hax: simplify init
  Plumb the HAXM-based hardware acceleration support

 Makefile.target |1 +
 configure   |   18 +
 cpus.c  |   88 ++-
 exec.c  |   16 +
 gdbstub.c   |1 +
 hax-stub.c  |   39 ++
 hw/i386/kvm/apic.c  |1 +
 hw/i386/kvmvapic.c  |1 +
 hw/intc/apic_common.c   |3 +-
 hw/misc/vmport.c|2 +-
 include/qom/cpu.h   |5 +
 include/sysemu/hax.h|   56 ++
 include/sysemu/hw_accel.h   |   48 ++
 include/sysemu/kvm.h|   23 -
 monitor.c   |2 +-
 qemu-options.hx |   11 +
 qom/cpu.c   |2 +-
 target-arm/cpu.c|2 +-
 target-i386/Makefile.objs   |7 +
 target-i386/hax-all.c   | 1327 +++
 target-i386/hax-i386.h  |   90 +++
 target-i386/hax-interface.h |  357 
 target-i386/hax-slot.c  |  333 +++
 target-i386/hax-slot.h  |   58 ++
 target-i386/hax-windows.c   |  489 
 target-i386/hax-windows.h   |   89 +++
 target-i386/helper.c|1 +
 target-i386/kvm.c   |1 +
 vl.c|   15 +-
 29 files changed, 3054 insertions(+), 32 deletions(-)
 create mode 100644 hax-stub.c
 create mode 100644 include/sysemu/hax.h
 create mode 100644 include/sysemu/hw_accel.h
 create mode 100644 target-i386/hax-all.c
 create mode 100644 target-i386/hax-i386.h
 create mode 100644 target-i386/hax-interface.h
 create mode 100644 target-i386/hax-slot.c
 create mode 100644 target-i386/hax-slot.h
 create mode 100644 target-i386/hax-windows.c
 create mode 100644 target-i386/hax-windows.h

-- 
2.8.0.rc3.226.g39d4020

[Qemu-devel] [PATCH v2 1/5] kvm: move cpu synchronization code

[Vincent Palatin]

Move the generic cpu_synchronize_ functions to the common hw_accel.h header,
in order to prepare for the addition of a second hardware accelerator.

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 cpus.c|  1 +
 gdbstub.c |  1 +
 hw/i386/kvm/apic.c|  1 +
 hw/i386/kvmvapic.c|  1 +
 hw/misc/vmport.c  |  2 +-
 include/sysemu/hw_accel.h | 39 +++
 include/sysemu/kvm.h  | 23 ---
 monitor.c |  2 +-
 qom/cpu.c |  2 +-
 target-arm/cpu.c  |  2 +-
 target-i386/helper.c  |  1 +
 target-i386/kvm.c |  1 +
 12 files changed, 49 insertions(+), 27 deletions(-)
 create mode 100644 include/sysemu/hw_accel.h

diff --git a/cpus.c b/cpus.c
index 5213351..fc78502 100644
--- a/cpus.c
+++ b/cpus.c
@@ -33,6 +33,7 @@
 #include "sysemu/block-backend.h"
 #include "exec/gdbstub.h"
 #include "sysemu/dma.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "qmp-commands.h"
 #include "exec/exec-all.h"
diff --git a/gdbstub.c b/gdbstub.c
index de62d26..de9b62b 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -32,6 +32,7 @@
 #define MAX_PACKET_LENGTH 4096
 
 #include "qemu/sockets.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "exec/semihost.h"
 #include "exec/exec-all.h"
diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
index 01cbaa8..328f80c 100644
--- a/hw/i386/kvm/apic.c
+++ b/hw/i386/kvm/apic.c
@@ -14,6 +14,7 @@
 #include "cpu.h"
 #include "hw/i386/apic_internal.h"
 #include "hw/pci/msi.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "target-i386/kvm_i386.h"
 
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index b30d1b9..2f767b6 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -14,6 +14,7 @@
 #include "exec/exec-all.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/cpus.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "hw/i386/apic_internal.h"
 #include "hw/sysbus.h"
diff --git a/hw/misc/vmport.c b/hw/misc/vmport.c
index c763811..be40930 100644
--- a/hw/misc/vmport.c
+++ b/hw/misc/vmport.c
@@ -25,7 +25,7 @@
 #include "hw/hw.h"
 #include "hw/isa/isa.h"
 #include "hw/i386/pc.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "hw/qdev.h"
 
 //#define VMPORT_DEBUG
diff --git a/include/sysemu/hw_accel.h b/include/sysemu/hw_accel.h
new file mode 100644
index 000..03812cf
--- /dev/null
+++ b/include/sysemu/hw_accel.h
@@ -0,0 +1,39 @@
+/*
+ * QEMU Hardware accelertors support
+ *
+ * Copyright 2016 Google, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_HW_ACCEL_H
+#define QEMU_HW_ACCEL_H
+
+#include "qom/cpu.h"
+#include "sysemu/hax.h"
+#include "sysemu/kvm.h"
+
+static inline void cpu_synchronize_state(CPUState *cpu)
+{
+if (kvm_enabled()) {
+kvm_cpu_synchronize_state(cpu);
+}
+}
+
+static inline void cpu_synchronize_post_reset(CPUState *cpu)
+{
+if (kvm_enabled()) {
+kvm_cpu_synchronize_post_reset(cpu);
+}
+}
+
+static inline void cpu_synchronize_post_init(CPUState *cpu)
+{
+if (kvm_enabled()) {
+kvm_cpu_synchronize_post_init(cpu);
+}
+}
+
+#endif /* QEMU_HW_ACCEL_H */
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index df67cc0..3045ee7 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -461,29 +461,6 @@ void kvm_cpu_synchronize_state(CPUState *cpu);
 void kvm_cpu_synchronize_post_reset(CPUState *cpu);
 void kvm_cpu_synchronize_post_init(CPUState *cpu);
 
-/* generic hooks - to be moved/refactored once there are more users */
-
-static inline void cpu_synchronize_state(CPUState *cpu)
-{
-if (kvm_enabled()) {
-kvm_cpu_synchronize_state(cpu);
-}
-}
-
-static inline void cpu_synchronize_post_reset(CPUState *cpu)
-{
-if (kvm_enabled()) {
-kvm_cpu_synchronize_post_reset(cpu);
-}
-}
-
-static inline void cpu_synchronize_post_init(CPUState *cpu)
-{
-if (kvm_enabled()) {
-kvm_cpu_synchronize_post_init(cpu);
-}
-}
-
 /**
  * kvm_irqchip_add_msi_route - Add MSI route for specific vector
  * @s:  KVM state
diff --git a/monitor.c b/monitor.c
index 0841d43..d38956f 100644
--- a/monitor.c
+++ b/monitor.c
@@ -50,7 +50,7 @@
 #include "sysemu/balloon.h"
 #include "qemu/timer.h"
 #include "migration/migration.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "qemu/acl.h"
 #include "sysemu/tpm.h"
 #inclu

Re: [Qemu-devel] [PATCH 3/3] Plumb the HAXM-based hardware acceleration support

[Vincent Palatin]

On Wed, Nov 9, 2016 at 6:32 PM, Paolo Bonzini <pbonz...@redhat.com> wrote:
>
>
> On 09/11/2016 18:19, Vincent Palatin wrote:
>>> > Please try removing this block and instead starting QEMU with
>>> > -mem-prealloc.  If it works, remove hax_populate_ram and just set
>>> > mem_prealloc to 1 in hax_accel_init.
>> it's not working, later hax_set_ram() is unhappy about what it is
>> finding the mappings.
>> By the way, even if it had worked at startup, under memory pressure,
>> Windows might have evicted the physical pages (which is not supported
>> by the HAXM kernel module)
>>
>> I can try to move this in os_mem_prealloc() if you feel it's cleaner.
>
> Yes, that would work!

Actually, os_mem_prealloc seems mostly no-op in the win32 version,
I have postponed this change for after my v2 patchset.

-- 
Vincent

Re: [Qemu-devel] [PATCH 3/3] Plumb the HAXM-based hardware acceleration support

[Vincent Palatin]

On Tue, Nov 8, 2016 at 9:37 PM, Paolo Bonzini  wrote:
>
>> diff --git a/cpu-exec.c b/cpu-exec.c
>> index 4188fed..4bd238b 100644
>> --- a/cpu-exec.c
>> +++ b/cpu-exec.c
>
> All this should not be needed anymore with unrestricted guest support.

Removed in v2

>
>> diff --git a/cpus.c b/cpus.c
>> index fc78502..6e0f572 100644
>> --- a/cpus.c
>> +++ b/cpus.c
>> @@ -35,6 +35,7 @@
>>  #include "sysemu/dma.h"
>>  #include "sysemu/hw_accel.h"
>>  #include "sysemu/kvm.h"
>> +#include "sysemu/hax.h"
>>  #include "qmp-commands.h"
>>  #include "exec/exec-all.h"
>>
>> @@ -1221,6 +1222,52 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
>>  return NULL;
>>  }
>>
>> +static void *qemu_hax_cpu_thread_fn(void *arg)
>> +{
>> +CPUState *cpu = arg;
>> +int r;
>> +qemu_thread_get_self(cpu->thread);
>> +qemu_mutex_lock(_global_mutex);
>> +
>> +cpu->thread_id = qemu_get_thread_id();
>> +cpu->created = true;
>> +cpu->halted = 0;
>> +current_cpu = cpu;
>> +
>> +hax_init_vcpu(cpu);
>> +qemu_cond_signal(_cpu_cond);
>> +
>> +while (1) {
>> +if (cpu_can_run(cpu)) {
>> +r = hax_smp_cpu_exec(cpu);
>> +if (r == EXCP_DEBUG) {
>> +cpu_handle_guest_debug(cpu);
>> +}
>> +}
>> +
>> +while (cpu_thread_is_idle(cpu)) {
>> +qemu_cond_wait(cpu->halt_cond, _global_mutex);
>> +}
>> +
>> +qemu_wait_io_event_common(cpu);
>> +}
>> +return NULL;
>> +}
>> +
>> +
>> +static void qemu_cpu_kick_no_halt(void)
>> +{
>> +CPUState *cpu;
>> +/* Ensure whatever caused the exit has reached the CPU threads before
>> + * writing exit_request.
>> + */
>> +atomic_mb_set(_request, 1);
>> +cpu = atomic_mb_read(_current_cpu);
>> +if (cpu) {
>> +cpu_exit(cpu);
>> +}
>> +}
>> +
>>  static void qemu_cpu_kick_thread(CPUState *cpu)
>>  {
>>  #ifndef _WIN32
>> @@ -1235,28 +1282,52 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
>>  fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
>>  exit(1);
>>  }
>> -#else /* _WIN32 */
>> -abort();
>> -#endif
>> -}
>>
>> -static void qemu_cpu_kick_no_halt(void)
>> -{
>> -CPUState *cpu;
>> -/* Ensure whatever caused the exit has reached the CPU threads before
>> - * writing exit_request.
>> +#ifdef CONFIG_DARWIN
>> +/* The cpu thread cannot catch it reliably when shutdown the guest on 
>> Mac.
>> + * We can double check it and resend it
>>   */
>> -atomic_mb_set(_request, 1);
>> -cpu = atomic_mb_read(_current_cpu);
>> -if (cpu) {
>> -cpu_exit(cpu);
>> +if (!exit_request)
>> +qemu_cpu_kick_no_halt();
>
> This must be a conflict resolved wrong.  exit_request is never read by
> the HAX code.

Maybe, it already exists in the predating Android branch.
I will need to sort out this.

>
>> +if (hax_enabled() && hax_ug_platform())
>> +cpu->exit_request = 1;
>> +#endif
>> +#else /* _WIN32 */
>> +if (!qemu_cpu_is_self(cpu)) {
>> +CONTEXT tcgContext;
>> +
>> +if (SuspendThread(cpu->hThread) == (DWORD)-1) {
>> +fprintf(stderr, "qemu:%s: GetLastError:%lu\n", __func__,
>> +GetLastError());
>> +exit(1);
>> +}
>> +
>> +/* On multi-core systems, we are not sure that the thread is 
>> actually
>> + * suspended until we can get the context.
>> + */
>> +tcgContext.ContextFlags = CONTEXT_CONTROL;
>> +while (GetThreadContext(cpu->hThread, ) != 0) {
>> +continue;
>> +}
>> +
>> +qemu_cpu_kick_no_halt();
>> +if (hax_enabled() && hax_ug_platform())
>> +cpu->exit_request = 1;
>> +
>> +if (ResumeThread(cpu->hThread) == (DWORD)-1) {
>> +fprintf(stderr, "qemu:%s: GetLastError:%lu\n", __func__,
>> +GetLastError());
>> +exit(1);
>> +}
>
> This is weird too.  The SuspendThread/ResumeThread dance comes from an
> old version of QEMU.  It is not needed anymore and,

Yes I knew I was re-introducing removed code, that's why my original
message was reading "I'm not so happy with the qemu_cpu_kick_thread
mess in cpus.c, if somebody can help/advise."
To be fair, your original commit message removing it was saying that
this code was no longer useful for TCG, as there is no working support
for KVM on Windows, I was not sure whether it might be useful in this
case.

> again,
> qemu_cpu_kick_no_halt would only be useful if hax_ug_platform() is false.
>
> Here, Linux/KVM uses a signal and pthread_kill.  It's probably good for
> HAX on Darwin too, but not on Windows.  It's possible that
> SuspendThread/ResumeThread just does the right thing (sort of by
> chance), in which case you can just keep it (removing
> qemu_cpu_kick_no_halt).  However, there is a hax_raise_event in patch 2
> that is unused.  If you can figure out how to use it it would be 

Re: [Qemu-devel] [PATCH 2/3] target-i386: Add Intel HAX files

[Vincent Palatin]

On Wed, Nov 9, 2016 at 1:30 PM, Stefan Hajnoczi <stefa...@gmail.com> wrote:
> On Tue, Nov 08, 2016 at 04:39:28PM +0100, Vincent Palatin wrote:
>
> Please run scripts/checkpatch.pl to verify that the code follows the
> QEMU coding style.

My original plan was to import those files unmodified but this ship
has probably long-sailed.
Fixed in the v2 of this patch.

>
>> +hax_fd hax_host_open_vcpu(int vmid, int vcpuid)
>> +{
>> +char *devfs_path = NULL;
>> +hax_fd fd;
>> +
>> +devfs_path = hax_vcpu_devfs_string(vmid, vcpuid);
>> +if (!devfs_path) {
>> +fprintf(stderr, "Failed to get the devfs\n");
>> +return -EINVAL;
>> +}
>> +
>> +fd = open(devfs_path, O_RDWR);
>> +qemu_vfree(devfs_path);
>
> g_malloc(), g_new(), g_strdup(), etc must be matched with g_free(), not
> qemu_vfree().  There are probably other instances of this issue in the
> patches.

Found 2 instances by grepping and fixed them.

>
>> +//#define DEBUG_HAX_SLOT
>> +
>> +#ifdef DEBUG_HAX_SLOT
>> +#define DPRINTF(fmt, ...) \
>> +do { fprintf(stdout, fmt, ## __VA_ARGS__); } while (0)
>> +#else
>> +#define DPRINTF(fmt, ...) \
>> +do { } while (0)
>> +#endif
>
> Please consider using tracing instead of debug printfs.  See docs/tracing.txt.
>
> If you really want to keep macros, please use:
>
> #define DEBUG_HAX_SLOT 0
> #define DPRINTF(fmt, ...) \
> do { \
> if (DEBUG_HAX_SLOT) { \
> fprintf(stdout, fmt, ## __VA_ARGS__); \
> } \
> } while (0)
>
> This approach prevents bitrot because it allows the compiler to syntax
> check the format string and arguments even when the printf is compiled
> out.

For the v2 of this patch, I will keep the macros and do your approach.
Then I will review all the debug print statements, see what I should
do with them in another patch (convert to tracing / remove).

Re: [Qemu-devel] [PATCH 2/3] target-i386: Add Intel HAX files

[Vincent Palatin]

On Tue, Nov 8, 2016 at 6:46 PM, Paolo Bonzini <pbonz...@redhat.com> wrote:
>
>
> On 08/11/2016 16:39, Vincent Palatin wrote:
>> +/* need tcg for non-UG platform in real mode */
>> +if (!hax_ug_platform())
>> +   tcg_exec_init(tcg_tb_size * 1024 * 1024);
>> +
>
> Oh, it does support unrestricted guest, and in fact without unrestricted
> guest you don't even have SMP!
>
> Would you post a v2 that removes (after this patch 2) as much code as
> possible related to non-UG platforms?

I have prepared this, I will post it soon as part of my v2 series.

-- 
Vincent

Re: [Qemu-devel] [PATCH 2/3] target-i386: Add Intel HAX files

[Vincent Palatin]

On Tue, Nov 8, 2016 at 6:46 PM, Paolo Bonzini <pbonz...@redhat.com> wrote:
>
>
> On 08/11/2016 16:39, Vincent Palatin wrote:
>> +/* need tcg for non-UG platform in real mode */
>> +if (!hax_ug_platform())
>> +   tcg_exec_init(tcg_tb_size * 1024 * 1024);
>> +
>
> Oh, it does support unrestricted guest, and in fact without unrestricted
> guest you don't even have SMP!
>
> Would you post a v2 that removes (after this patch 2) as much code as
> possible related to non-UG platforms?

Yes I can do this.

-- 
Vincent

Re: [Qemu-devel] [PATCH 0/3] [RFC] Add HAX support

[Vincent Palatin]

On Tue, Nov 8, 2016 at 6:43 PM, Paolo Bonzini <pbonz...@redhat.com> wrote:
>
>
>
> On 08/11/2016 16:39, Vincent Palatin wrote:
> > I took a stab at trying to rebase/upstream the support for Intel HAXM.
> > (Hardware Accelerated Execution Manager).
> > Intel HAX is kernel-based hardware acceleration module for Windows and 
> > MacOSX.
> >
> > I have based my work on the last version of the source code I found:
> > the emu-2.2-release branch in the external/qemu-android repository as used 
> > by
> > the Android emulator.
> > In patch 2/3, I have forward-ported the core HAX code mostly unmodified from
> > there, I just did some minor touch up to make it build and run properly.
> > So it might contain some outdated constructs and probably requires more
> > attention (thus the 'RFC' for this patchset).
>
> Does HAXM support the "unrestricted guest" feature in Westmere and more
> recent processors?


Yes it does, as mentioned in the last paragraph of my message, I have
actually done a fair chunk of my testing in UG mode.

>
>   If so, I think we should only support those
> processors and slash all the part related to HAX_EMULATE_STATE_INITIAL
> and HAX_EMULATE_STATE_REAL.  This would probably let us make patch 3
> much less intrusive.

Sure the whole patchset would be lighter, not sure which proportion of
user have VT machines without UG support though.

>
> That said, patch 3's cpu-exec.c surgery is much nicer on the surface
> than if you look in depth, :) and since you don't look in depth if you
> steer clear of target-i386/hax*, I think it's okay to start with your
> patches and clean up progressively.  Others may disagree...  Also, we're
> now in soft freeze so the patches wouldn't be merged anyway for a few weeks.
>
> Paolo

[Qemu-devel] [PATCH 3/3] Plumb the HAXM-based hardware acceleration support

[Vincent Palatin]

Use the Intel HAX is kernel-based hardware acceleration module for
Windows and MacOSX (similar to KVM on Linux).

Based on the "target-i386: Add Intel HAX to android emulator" patch
from David Chou <david.j.c...@intel.com>

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 Makefile.target   |   1 +
 configure |  18 +++
 cpu-exec.c|  23 -
 cpus.c| 125 --
 exec.c|  16 ++
 hw/intc/apic_common.c |   3 +-
 include/qom/cpu.h |   5 ++
 include/sysemu/hw_accel.h |   9 
 qemu-options.hx   |  11 
 target-i386/Makefile.objs |   7 +++
 target-i386/seg_helper.c  |   5 ++
 target-i386/translate.c   |   8 +++
 vl.c  |  17 +--
 13 files changed, 229 insertions(+), 19 deletions(-)

diff --git a/Makefile.target b/Makefile.target
index 7a5080e..dab81e7 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -96,6 +96,7 @@ obj-y += target-$(TARGET_BASE_ARCH)/
 obj-y += disas.o
 obj-y += tcg-runtime.o
 obj-$(call notempty,$(TARGET_XML_FILES)) += gdbstub-xml.o
+obj-$(call lnot,$(CONFIG_HAX)) += hax-stub.o
 obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
 
 obj-$(CONFIG_LIBDECNUMBER) += libdecnumber/decContext.o
diff --git a/configure b/configure
index fd6f898..424453b 100755
--- a/configure
+++ b/configure
@@ -230,6 +230,7 @@ vhost_net="no"
 vhost_scsi="no"
 vhost_vsock="no"
 kvm="no"
+hax="no"
 colo="yes"
 rdma=""
 gprof="no"
@@ -563,6 +564,7 @@ CYGWIN*)
 ;;
 MINGW32*)
   mingw32="yes"
+  hax="yes"
   audio_possible_drivers="dsound sdl"
   if check_include dsound.h; then
 audio_drv_list="dsound"
@@ -610,6 +612,7 @@ OpenBSD)
 Darwin)
   bsd="yes"
   darwin="yes"
+  hax="yes"
   LDFLAGS_SHARED="-bundle -undefined dynamic_lookup"
   if [ "$cpu" = "x86_64" ] ; then
 QEMU_CFLAGS="-arch x86_64 $QEMU_CFLAGS"
@@ -919,6 +922,10 @@ for opt do
   ;;
   --enable-kvm) kvm="yes"
   ;;
+  --disable-hax) hax="no"
+  ;;
+  --enable-hax) hax="yes"
+  ;;
   --disable-colo) colo="no"
   ;;
   --enable-colo) colo="yes"
@@ -1371,6 +1378,7 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   fdt fdt device tree
   bluez   bluez stack connectivity
   kvm KVM acceleration support
+  hax HAX acceleration support
   coloCOarse-grain LOck-stepping VM for Non-stop Service
   rdmaRDMA-based migration support
   vde support for vde network
@@ -5038,6 +5046,7 @@ echo "ATTR/XATTR support $attr"
 echo "Install blobs $blobs"
 echo "KVM support   $kvm"
 echo "COLO support  $colo"
+echo "HAX support   $hax"
 echo "RDMA support  $rdma"
 echo "TCG interpreter   $tcg_interpreter"
 echo "fdt support   $fdt"
@@ -6022,6 +6031,15 @@ case "$target_name" in
   fi
 fi
 esac
+if test "$hax" = "yes" ; then
+  if test "$target_softmmu" = "yes" ; then
+case "$target_name" in
+i386|x86_64)
+  echo "CONFIG_HAX=y" >> $config_target_mak
+;;
+esac
+  fi
+fi
 if test "$target_bigendian" = "yes" ; then
   echo "TARGET_WORDS_BIGENDIAN=y" >> $config_target_mak
 fi
diff --git a/cpu-exec.c b/cpu-exec.c
index 4188fed..4bd238b 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -25,6 +25,7 @@
 #include "qemu/atomic.h"
 #include "sysemu/qtest.h"
 #include "qemu/timer.h"
+#include "sysemu/hax.h"
 #include "exec/address-spaces.h"
 #include "qemu/rcu.h"
 #include "exec/tb-hash.h"
@@ -461,11 +462,24 @@ static inline bool cpu_handle_exception(CPUState *cpu, 
int *ret)
 return false;
 }
 
+/*
+ * QEMU emulate can happens because of MMIO or emulation mode, i.e. non-PG 
mode,
+ * when it's because of MMIO, the MMIO, the interrupt should not be emulated,
+ * because MMIO is emulated for only one instruction now and then back to
+ * HAX kernel
+ */
+static int need_handle_intr_request(CPUState *cpu)
+{
+if (!hax_enabled() || hax_vcpu_emulation_mode(cpu))
+return cpu->interrupt_request;
+return 0;
+}
+
 static inline void cpu_handle_interrupt(CPUState *cpu,
 TranslationBlock **last_tb)
 {
 CPUClass *cc = CPU_GET_CLASS(cpu);
-int interrupt_request = cpu->interrupt_request;
+int interrupt_request = need_handle_intr_request(cpu);
 
 if (unlikely(interrupt_request)) {
 if (unlikely(cpu->singlestep_enabled & SSTEP_NOIRQ)) {
@@ -63

[Qemu-devel] [PATCH 0/3] [RFC] Add HAX support

[Vincent Palatin]

I took a stab at trying to rebase/upstream the support for Intel HAXM.
(Hardware Accelerated Execution Manager).
Intel HAX is kernel-based hardware acceleration module for Windows and MacOSX.

I have based my work on the last version of the source code I found:
the emu-2.2-release branch in the external/qemu-android repository as used by
the Android emulator.
In patch 2/3, I have forward-ported the core HAX code mostly unmodified from
there, I just did some minor touch up to make it build and run properly.
So it might contain some outdated constructs and probably requires more
attention (thus the 'RFC' for this patchset).

In patch 3/3, I have put the plumbing into the QEMU code base, I did some clean
up there and it is reasonably intrusive: i.e.
 Makefile.target   |   1 +
 configure |  18 +++
 cpu-exec.c|  23 -
 cpus.c| 125 --
 exec.c|  16 ++
 hw/intc/apic_common.c |   3 +-
 include/qom/cpu.h |   5 ++
 include/sysemu/hw_accel.h |   9 
 qemu-options.hx   |  11 
 target-i386/Makefile.objs |   7 +++
 target-i386/seg_helper.c  |   5 ++
 target-i386/translate.c   |   8 +++
 vl.c  |  17 +--
 13 files changed, 229 insertions(+), 19 deletions(-)

I'm not so happy with the qemu_cpu_kick_thread mess in cpus.c,
if somebody can help/advise.

The patch 1/3 just extracts from KVM specific header the cpu_synchronize_
functions that HAX is also using.

I have tested the end result on a Windows 10 Pro machine (with UG support)
with the Intel HAXM module 6.0.4 and a large ChromiumOS x86_64 image to
exercise various code paths. It looks stable.
I also did a quick regression testing of the integration by running a Linux
build with KVM enabled.


Vincent Palatin (3):
  kvm: move cpu synchronization code
  target-i386: Add Intel HAX files
  Plumb the HAXM-based hardware acceleration support

 Makefile.target |1 +
 configure   |   18 +
 cpu-exec.c  |   23 +-
 cpus.c  |  126 +++-
 exec.c  |   16 +
 gdbstub.c   |1 +
 hax-stub.c  |   66 ++
 hw/i386/kvm/apic.c  |1 +
 hw/i386/kvmvapic.c  |1 +
 hw/intc/apic_common.c   |3 +-
 hw/misc/vmport.c|2 +-
 include/qom/cpu.h   |5 +
 include/sysemu/hax.h|   66 ++
 include/sysemu/hw_accel.h   |   48 ++
 include/sysemu/kvm.h|   23 -
 monitor.c   |2 +-
 qemu-options.hx |   11 +
 qom/cpu.c   |2 +-
 target-arm/cpu.c|2 +-
 target-i386/Makefile.objs   |7 +
 target-i386/hax-all.c   | 1449 +++
 target-i386/hax-darwin.c|  315 ++
 target-i386/hax-darwin.h|   63 ++
 target-i386/hax-i386.h  |   94 +++
 target-i386/hax-interface.h |  357 +++
 target-i386/hax-slot.c  |  332 ++
 target-i386/hax-slot.h  |   58 ++
 target-i386/hax-windows.c   |  478 ++
 target-i386/hax-windows.h   |   89 +++
 target-i386/helper.c|1 +
 target-i386/kvm.c   |1 +
 target-i386/seg_helper.c|5 +
 target-i386/translate.c |8 +
 vl.c|   17 +-
 34 files changed, 3645 insertions(+), 46 deletions(-)
 create mode 100644 hax-stub.c
 create mode 100644 include/sysemu/hax.h
 create mode 100644 include/sysemu/hw_accel.h
 create mode 100644 target-i386/hax-all.c
 create mode 100644 target-i386/hax-darwin.c
 create mode 100644 target-i386/hax-darwin.h
 create mode 100644 target-i386/hax-i386.h
 create mode 100644 target-i386/hax-interface.h
 create mode 100644 target-i386/hax-slot.c
 create mode 100644 target-i386/hax-slot.h
 create mode 100644 target-i386/hax-windows.c
 create mode 100644 target-i386/hax-windows.h

-- 
2.8.0.rc3.226.g39d4020

[Qemu-devel] [PATCH 2/3] target-i386: Add Intel HAX files

[Vincent Palatin]

That's a forward port of the core HAX interface code mostly unmodified from
emu-2.2-release branch in the external/qemu-android repository as used by
the Android emulator.

The original commit was "target-i386: Add Intel HAX to android emulator"
saying:
"""
  Backport of 2b3098ff27bab079caab9b46b58546b5036f5c0c
  from studio-1.4-dev into emu-master-dev

Intel HAX (harware acceleration) will enhance android emulator performance
in Windows and Mac OS X in the systems powered by Intel processors with
"Intel Hardware Accelerated Execution Manager" package installed when
user runs android emulator with Intel target.

Signed-off-by: David Chou <david.j.c...@intel.com>
"""

It has minor modifications to build and run along with the current
code base.

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 hax-stub.c  |   66 ++
 include/sysemu/hax.h|   66 ++
 target-i386/hax-all.c   | 1449 +++
 target-i386/hax-darwin.c|  315 ++
 target-i386/hax-darwin.h|   63 ++
 target-i386/hax-i386.h  |   94 +++
 target-i386/hax-interface.h |  357 +++
 target-i386/hax-slot.c  |  332 ++
 target-i386/hax-slot.h  |   58 ++
 target-i386/hax-windows.c   |  478 ++
 target-i386/hax-windows.h   |   89 +++
 11 files changed, 3367 insertions(+)
 create mode 100644 hax-stub.c
 create mode 100644 include/sysemu/hax.h
 create mode 100644 target-i386/hax-all.c
 create mode 100644 target-i386/hax-darwin.c
 create mode 100644 target-i386/hax-darwin.h
 create mode 100644 target-i386/hax-i386.h
 create mode 100644 target-i386/hax-interface.h
 create mode 100644 target-i386/hax-slot.c
 create mode 100644 target-i386/hax-slot.h
 create mode 100644 target-i386/hax-windows.c
 create mode 100644 target-i386/hax-windows.h

diff --git a/hax-stub.c b/hax-stub.c
new file mode 100644
index 000..cbdf791
--- /dev/null
+++ b/hax-stub.c
@@ -0,0 +1,66 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright (c) 2015, Intel Corporation
+ *
+ * Copyright 2016 Google, Inc.
+ *
+ * This software is licensed under the terms of the GNU General Public
+ * License version 2, as published by the Free Software Foundation, and
+ * may be copied, distributed, and modified under those terms.
+ *
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "sysemu/hax.h"
+
+int hax_sync_vcpus(void)
+{
+return 0;
+}
+
+void hax_disable(int disable)
+{
+   return;
+}
+
+int hax_pre_init(uint64_t ram_size)
+{
+   return 0;
+}
+
+int hax_get_max_ram(uint64_t *max_ram) {
+return 0;
+}
+
+int hax_populate_ram(uint64_t va, uint32_t size) {
+return -ENOSYS;
+}
+
+int hax_init_vcpu(CPUState *cpu) {
+return -ENOSYS;
+}
+
+int hax_smp_cpu_exec(CPUState *cpu) {
+return -ENOSYS;
+}
+
+int hax_vcpu_exec(CPUState *cpu) {
+return -ENOSYS;
+}
+
+int hax_vcpu_emulation_mode(CPUState *cpu) {
+return 0;
+}
+
+int hax_stop_emulation(CPUState *cpu) {
+return 0;
+}
+
+int hax_stop_translate(CPUState *cpu) {
+return 0;
+}
diff --git a/include/sysemu/hax.h b/include/sysemu/hax.h
new file mode 100644
index 000..159e20f
--- /dev/null
+++ b/include/sysemu/hax.h
@@ -0,0 +1,66 @@
+/*
+ * QEMU HAXM support
+ *
+ * Copyright IBM, Corp. 2008
+ *
+ * Authors:
+ *  Anthony Liguori   <aligu...@us.ibm.com>
+ *
+ * Copyright (c) 2011 Intel Corporation
+ *  Written by:
+ *  Jiang Yunhong<yunhong.ji...@intel.com>
+ *  Xin Xiaohui<xiaohui@intel.com>
+ *  Zhang Xiantao<xiantao.zh...@intel.com>
+ *
+ * Copyright 2016 Google, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_HAX_H
+#define QEMU_HAX_H
+
+#include "config-host.h"
+#include "qemu-common.h"
+
+int hax_pre_init(uint64_t ram_size);
+int hax_sync_vcpus(void);
+void hax_disable(int disable);
+int hax_init_vcpu(CPUState *cpu);
+int hax_smp_cpu_exec(CPUState *cpu);
+int hax_vcpu_exec(CPUState *cpu);
+int hax_vcpu_emulation_mode(CPUState *cpu);
+int hax_stop_emulation(CPUState *cpu);
+int hax_stop_translate(CPUState *cpu);
+/* get the max haxm ram even before haxm library is initialized */
+int hax_get_max_ram(uint64_t *max_ram);
+int hax_populate_ram(uint64_t va, uint32_t size);
+
+void hax_cpu_synchronize_state(CPUState *cpu);
+void hax_cpu_synchronize_post_reset(CPUState *cpu);
+void hax_cpu_synchronize_post_init(CPUState *cpu);
+
+#ifdef CONFIG_HAX
+
+int hax_enabled(void);
+int hax_ug_platform(void);
+
+#include "hw/hw.h"
+#include "qemu/bitops.h"
+#include "exec/memory.h"
+int hax_vcpu_destroy(CPUState *cpu);
+void hax_raise_event(CPUState *cpu);
+void hax_reset_vcpu_state(void *opaque);
+#includ

[Qemu-devel] [PATCH 1/3] kvm: move cpu synchronization code

[Vincent Palatin]

Move the generic cpu_synchronize_ functions to the common hw_accel.h header,
in order to prepare for the addition of a second hardware accelerator.

Signed-off-by: Vincent Palatin <vpala...@chromium.org>
---
 cpus.c|  1 +
 gdbstub.c |  1 +
 hw/i386/kvm/apic.c|  1 +
 hw/i386/kvmvapic.c|  1 +
 hw/misc/vmport.c  |  2 +-
 include/sysemu/hw_accel.h | 39 +++
 include/sysemu/kvm.h  | 23 ---
 monitor.c |  2 +-
 qom/cpu.c |  2 +-
 target-arm/cpu.c  |  2 +-
 target-i386/helper.c  |  1 +
 target-i386/kvm.c |  1 +
 12 files changed, 49 insertions(+), 27 deletions(-)
 create mode 100644 include/sysemu/hw_accel.h

diff --git a/cpus.c b/cpus.c
index 5213351..fc78502 100644
--- a/cpus.c
+++ b/cpus.c
@@ -33,6 +33,7 @@
 #include "sysemu/block-backend.h"
 #include "exec/gdbstub.h"
 #include "sysemu/dma.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "qmp-commands.h"
 #include "exec/exec-all.h"
diff --git a/gdbstub.c b/gdbstub.c
index de62d26..de9b62b 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -32,6 +32,7 @@
 #define MAX_PACKET_LENGTH 4096
 
 #include "qemu/sockets.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "exec/semihost.h"
 #include "exec/exec-all.h"
diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
index 01cbaa8..328f80c 100644
--- a/hw/i386/kvm/apic.c
+++ b/hw/i386/kvm/apic.c
@@ -14,6 +14,7 @@
 #include "cpu.h"
 #include "hw/i386/apic_internal.h"
 #include "hw/pci/msi.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "target-i386/kvm_i386.h"
 
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index b30d1b9..2f767b6 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -14,6 +14,7 @@
 #include "exec/exec-all.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/cpus.h"
+#include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "hw/i386/apic_internal.h"
 #include "hw/sysbus.h"
diff --git a/hw/misc/vmport.c b/hw/misc/vmport.c
index c763811..be40930 100644
--- a/hw/misc/vmport.c
+++ b/hw/misc/vmport.c
@@ -25,7 +25,7 @@
 #include "hw/hw.h"
 #include "hw/isa/isa.h"
 #include "hw/i386/pc.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "hw/qdev.h"
 
 //#define VMPORT_DEBUG
diff --git a/include/sysemu/hw_accel.h b/include/sysemu/hw_accel.h
new file mode 100644
index 000..03812cf
--- /dev/null
+++ b/include/sysemu/hw_accel.h
@@ -0,0 +1,39 @@
+/*
+ * QEMU Hardware accelertors support
+ *
+ * Copyright 2016 Google, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_HW_ACCEL_H
+#define QEMU_HW_ACCEL_H
+
+#include "qom/cpu.h"
+#include "sysemu/hax.h"
+#include "sysemu/kvm.h"
+
+static inline void cpu_synchronize_state(CPUState *cpu)
+{
+if (kvm_enabled()) {
+kvm_cpu_synchronize_state(cpu);
+}
+}
+
+static inline void cpu_synchronize_post_reset(CPUState *cpu)
+{
+if (kvm_enabled()) {
+kvm_cpu_synchronize_post_reset(cpu);
+}
+}
+
+static inline void cpu_synchronize_post_init(CPUState *cpu)
+{
+if (kvm_enabled()) {
+kvm_cpu_synchronize_post_init(cpu);
+}
+}
+
+#endif /* QEMU_HW_ACCEL_H */
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index df67cc0..3045ee7 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -461,29 +461,6 @@ void kvm_cpu_synchronize_state(CPUState *cpu);
 void kvm_cpu_synchronize_post_reset(CPUState *cpu);
 void kvm_cpu_synchronize_post_init(CPUState *cpu);
 
-/* generic hooks - to be moved/refactored once there are more users */
-
-static inline void cpu_synchronize_state(CPUState *cpu)
-{
-if (kvm_enabled()) {
-kvm_cpu_synchronize_state(cpu);
-}
-}
-
-static inline void cpu_synchronize_post_reset(CPUState *cpu)
-{
-if (kvm_enabled()) {
-kvm_cpu_synchronize_post_reset(cpu);
-}
-}
-
-static inline void cpu_synchronize_post_init(CPUState *cpu)
-{
-if (kvm_enabled()) {
-kvm_cpu_synchronize_post_init(cpu);
-}
-}
-
 /**
  * kvm_irqchip_add_msi_route - Add MSI route for specific vector
  * @s:  KVM state
diff --git a/monitor.c b/monitor.c
index 0841d43..d38956f 100644
--- a/monitor.c
+++ b/monitor.c
@@ -50,7 +50,7 @@
 #include "sysemu/balloon.h"
 #include "qemu/timer.h"
 #include "migration/migration.h"
-#include "sysemu/kvm.h"
+#include "sysemu/hw_accel.h"
 #include "qemu/acl.h"
 #include "sysemu/tpm.h"
 #inclu

[Qemu-devel] sd: add SDHCI and eMMC support

[Vincent Palatin]

Dear Qemu developers,

This patchset adds the support for eMMC as found soldered on many embedded board
in addition to current support for SD/SDHC cards.
It also adds a standard SDHCI controller emulation.
The first patches are a couple of fixes to the current SD code found while
implementing these features.

The SDHCI emulation has both a MMIO interface as found in several ARM SoC and
a PCI interface. The PCI interface allows to test it with the current code base.
I hope to send for review soon the patches for an ARM SoC using the MMIO
interface.

The PCI version of the SDHCI controller can be tested with such a command line :
./i386-softmmu/qemu -hda rootfs.qcow2 -device sdhci_pci -sd sd_image.raw

An eMMC connected to the SDHCI controller can be instantied like this :
./x86_64-softmmu/qemu-system-x86_64 -hda rootfs.qcow2  -device 
sdhci_pci,block=internal_card  -drive id=internal_card,if=emmc,file=emmc4G.raw

The patch series has also been tested with MMC_TEST linux kernel module
and a chromium image booted from eMMC.

-- 
Vincent

[Qemu-devel] [PATCH 3/7] block: add eMMC block device type

[Vincent Palatin]

Signed-off-by: Vincent Palatin vpala...@chromium.org
---
 blockdev.c |2 ++
 blockdev.h |1 +
 2 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/blockdev.c b/blockdev.c
index 7d579d6..c836311 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -29,6 +29,7 @@ static const char *const if_name[IF_COUNT] = {
 [IF_SD] = sd,
 [IF_VIRTIO] = virtio,
 [IF_XEN] = xen,
+[IF_EMMC] = emmc,
 };
 
 static const int if_max_devs[IF_COUNT] = {
@@ -500,6 +501,7 @@ DriveInfo *drive_init(QemuOpts *opts, int default_to_scsi)
 break;
 case IF_PFLASH:
 case IF_MTD:
+case IF_EMMC:
 break;
 case IF_VIRTIO:
 /* add virtio block device */
diff --git a/blockdev.h b/blockdev.h
index 3587786..ef06335 100644
--- a/blockdev.h
+++ b/blockdev.h
@@ -22,6 +22,7 @@ typedef enum {
 IF_DEFAULT = -1,/* for use with drive_add() only */
 IF_NONE,
 IF_IDE, IF_SCSI, IF_FLOPPY, IF_PFLASH, IF_MTD, IF_SD, IF_VIRTIO, IF_XEN,
+IF_EMMC,
 IF_COUNT
 } BlockInterfaceType;
 
-- 
1.7.3.1

[Qemu-devel] [PATCH 7/7] sd: compile SDHCI on PCI platforms

[Vincent Palatin]

Signed-off-by: Vincent Palatin vpala...@chromium.org
---
 Makefile.objs   |4 +++-
 default-configs/pci.mak |1 +
 2 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/Makefile.objs b/Makefile.objs
index cea15e4..5676de7 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -244,6 +244,9 @@ hw-obj-$(CONFIG_SMC91C111) += smc91c111.o
 hw-obj-$(CONFIG_LAN9118) += lan9118.o
 hw-obj-$(CONFIG_NE2000_ISA) += ne2000-isa.o
 
+# PCI card reader
+hw-obj-$(CONFIG_PCI) += sdhci.o
+
 # IDE
 hw-obj-$(CONFIG_IDE_CORE) += ide/core.o ide/atapi.o
 hw-obj-$(CONFIG_IDE_QDEV) += ide/qdev.o
@@ -375,4 +378,3 @@ libcacard-y = cac.o event.o vcard.o vreader.o 
vcard_emul_nss.o vcard_emul_type.o
 vl.o: QEMU_CFLAGS+=$(GPROF_CFLAGS)
 
 vl.o: QEMU_CFLAGS+=$(SDL_CFLAGS)
-
diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index 22bd350..113458e 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -15,3 +15,4 @@ CONFIG_IDE_CORE=y
 CONFIG_IDE_QDEV=y
 CONFIG_IDE_PCI=y
 CONFIG_AHCI=y
+CONFIG_SD=y
-- 
1.7.3.1

[Qemu-devel] [PATCH 6/7] sd: add SD Host Controller (SDHCI) emulation

[Vincent Palatin]

Try to be compliant with SD Specifications Part A2 SD Host Controller
Simplified Specification Version 3.00, but not every feature is
implemented.

Signed-off-by: Vincent Palatin vpala...@chromium.org
---
 hw/sdhci.c |  670 
 1 files changed, 670 insertions(+), 0 deletions(-)
 create mode 100644 hw/sdhci.c

diff --git a/hw/sdhci.c b/hw/sdhci.c
new file mode 100644
index 000..d097f0f
--- /dev/null
+++ b/hw/sdhci.c
@@ -0,0 +1,670 @@
+/*
+ * Copyright 2011 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
+ * USA.
+ *
+ *
+ * SDHCI (SD Host Controler Interface) emulation
+ */
+
+#include blockdev.h
+#include sysbus.h
+#include pci.h
+#include sd.h
+
+/* from Linux sources : drivers/mmc/host/sdhci.h */
+/*
+ * Controller registers
+ */
+
+#define SDHCI_DMA_ADDRESS   0x00
+
+#define SDHCI_BLOCK_SIZE0x04
+
+#define SDHCI_BLOCK_COUNT   0x06
+
+#define SDHCI_ARGUMENT  0x08
+
+#define SDHCI_TRANSFER_MODE 0x0C
+#define  SDHCI_TRNS_DMA 0x01
+#define  SDHCI_TRNS_BLK_CNT_EN  0x02
+#define  SDHCI_TRNS_ACMD12  0x04
+#define  SDHCI_TRNS_READ0x10
+#define  SDHCI_TRNS_MULTI   0x20
+
+#define SDHCI_COMMAND   0x0E
+#define  SDHCI_CMD_RESP_MASK0x03
+#define  SDHCI_CMD_CRC  0x08
+#define  SDHCI_CMD_INDEX0x10
+#define  SDHCI_CMD_DATA 0x20
+
+#define  SDHCI_CMD_RESP_NONE0x00
+#define  SDHCI_CMD_RESP_LONG0x01
+#define  SDHCI_CMD_RESP_SHORT   0x02
+#define  SDHCI_CMD_RESP_SHORT_BUSY 0x03
+
+#define SDHCI_RESPONSE  0x10
+
+#define SDHCI_BUFFER0x20
+
+#define SDHCI_PRESENT_STATE 0x24
+#define  SDHCI_CMD_INHIBIT  0x0001
+#define  SDHCI_DATA_INHIBIT 0x0002
+#define  SDHCI_DOING_WRITE  0x0100
+#define  SDHCI_DOING_READ   0x0200
+#define  SDHCI_SPACE_AVAILABLE  0x0400
+#define  SDHCI_DATA_AVAILABLE   0x0800
+#define  SDHCI_CARD_PRESENT 0x0001
+#define  SDHCI_WRITE_PROTECT0x0008
+
+#define SDHCI_HOST_CONTROL  0x28
+#define  SDHCI_CTRL_LED 0x01
+#define  SDHCI_CTRL_4BITBUS 0x02
+#define  SDHCI_CTRL_HISPD   0x04
+#define  SDHCI_CTRL_DMA_MASK0x18
+#define   SDHCI_CTRL_SDMA   0x00
+#define   SDHCI_CTRL_ADMA1  0x08
+#define   SDHCI_CTRL_ADMA32 0x10
+#define   SDHCI_CTRL_ADMA64 0x18
+#define   SDHCI_CTRL_8BITBUS0x20
+
+#define SDHCI_POWER_CONTROL 0x29
+#define  SDHCI_POWER_ON 0x01
+#define  SDHCI_POWER_1800x0A
+#define  SDHCI_POWER_3000x0C
+#define  SDHCI_POWER_3300x0E
+
+#define SDHCI_BLOCK_GAP_CONTROL 0x2A
+
+#define SDHCI_WAKE_UP_CONTROL   0x2B
+#define  SDHCI_WAKE_ON_INT  0x01
+#define  SDHCI_WAKE_ON_INSERT   0x02
+#define  SDHCI_WAKE_ON_REMOVE   0x04
+
+#define SDHCI_CLOCK_CONTROL 0x2C
+#define  SDHCI_DIVIDER_SHIFT8
+#define  SDHCI_DIVIDER_HI_SHIFT 6
+#define  SDHCI_DIV_MASK 0xFF
+#define  SDHCI_DIV_MASK_LEN 8
+#define  SDHCI_DIV_HI_MASK  0x300
+#define  SDHCI_CLOCK_CARD_EN0x0004
+#define  SDHCI_CLOCK_INT_STABLE 0x0002
+#define  SDHCI_CLOCK_INT_EN 0x0001
+
+#define SDHCI_TIMEOUT_CONTROL   0x2E
+
+#define SDHCI_SOFTWARE_RESET0x2F
+#define  SDHCI_RESET_ALL0x01
+#define  SDHCI_RESET_CMD0x02
+#define  SDHCI_RESET_DATA   0x04
+
+#define SDHCI_INT_STATUS0x30
+#define SDHCI_INT_ENABLE0x34
+#define SDHCI_SIGNAL_ENABLE 0x38
+#define  SDHCI_INT_RESPONSE 0x0001
+#define  SDHCI_INT_DATA_END 0x0002
+#define  SDHCI_INT_DMA_END  0x0008
+#define  SDHCI_INT_SPACE_AVAIL  0x0010
+#define  SDHCI_INT_DATA_AVAIL   0x0020
+#define  SDHCI_INT_CARD_INSERT  0x0040
+#define  SDHCI_INT_CARD_REMOVE  0x0080
+#define  SDHCI_INT_CARD_INT 0x0100
+#define  SDHCI_INT_ERROR0x8000
+#define  SDHCI_INT_TIMEOUT  0x0001
+#define  SDHCI_INT_CRC  0x0002
+#define  SDHCI_INT_END_BIT  0x0004
+#define  SDHCI_INT_INDEX0x0008
+#define  SDHCI_INT_DATA_TIMEOUT 0x0010
+#define  SDHCI_INT_DATA_CRC 0x0020
+#define  SDHCI_INT_DATA_END_BIT 0x0040
+#define  SDHCI_INT_BUS_POWER0x0080
+#define  SDHCI_INT_ACMD12ERR0x0100
+#define  SDHCI_INT_ADMA_ERROR   0x0200
+
+#define  SDHCI_INT_NORMAL_MASK

[Qemu-devel] [PATCH 2/7] sd: fix card size checking on R/W accesses

[Vincent Palatin]

We need to check that we are not crossing the boundaries of the card for
the current access not for the next one which might not happen.

Signed-off-by: Vincent Palatin vpala...@chromium.org
---
 hw/sd.c |   22 --
 1 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/hw/sd.c b/hw/sd.c
index f48d589..de477fe 100644
--- a/hw/sd.c
+++ b/hw/sd.c
@@ -1451,11 +1451,6 @@ void sd_write_data(SDState *sd, uint8_t value)
 sd-data[sd-data_offset ++] = value;
 if (sd-data_offset = sd-blk_len) {
 /* TODO: Check CRC before committing */
-sd-state = sd_programming_state;
-BLK_WRITE_BLOCK(sd-data_start, sd-data_offset);
-sd-blk_written ++;
-sd-data_start += sd-blk_len;
-sd-data_offset = 0;
 if (sd-data_start + sd-blk_len  sd-size) {
 sd-card_status |= ADDRESS_ERROR;
 break;
@@ -1464,6 +1459,11 @@ void sd_write_data(SDState *sd, uint8_t value)
 sd-card_status |= WP_VIOLATION;
 break;
 }
+sd-state = sd_programming_state;
+BLK_WRITE_BLOCK(sd-data_start, sd-data_offset);
+sd-blk_written ++;
+sd-data_start += sd-blk_len;
+sd-data_offset = 0;
 sd-csd[14] |= 0x40;
 
 /* Bzzztt  Operation complete.  */
@@ -1606,17 +1606,19 @@ uint8_t sd_read_data(SDState *sd)
 break;
 
 case 18:   /* CMD18:  READ_MULTIPLE_BLOCK */
-if (sd-data_offset == 0)
+if (sd-data_offset == 0) {
+if (sd-data_start + io_len  sd-size) {
+sd-card_status |= ADDRESS_ERROR;
+ret = 0;
+break;
+}
 BLK_READ_BLOCK(sd-data_start, io_len);
+}
 ret = sd-data[sd-data_offset ++];
 
 if (sd-data_offset = io_len) {
 sd-data_start += io_len;
 sd-data_offset = 0;
-if (sd-data_start + io_len  sd-size) {
-sd-card_status |= ADDRESS_ERROR;
-break;
-}
 }
 break;
 
-- 
1.7.3.1

[Qemu-devel] [PATCH 4/7] sd: add eMMC support

[Vincent Palatin]

The parameters mimick a real 4GB eMMC, but it can be set to various
sizes.

Signed-off-by: Vincent Palatin vpala...@chromium.org
---
 hw/sd.c |  155 +++
 1 files changed, 136 insertions(+), 19 deletions(-)

diff --git a/hw/sd.c b/hw/sd.c
index de477fe..0db8d78 100644
--- a/hw/sd.c
+++ b/hw/sd.c
@@ -91,11 +91,13 @@ struct SDState {
 int function_group[6];
 
 int spi;
+int emmc;
 int current_cmd;
 int blk_written;
 uint64_t data_start;
 uint32_t data_offset;
 uint8_t data[512];
+uint8_t ext_csd[512];
 qemu_irq readonly_cb;
 qemu_irq inserted_cb;
 BlockDriverState *bdrv;
@@ -196,7 +198,7 @@ static uint16_t sd_crc16(void *message, size_t width)
 static void sd_set_ocr(SDState *sd)
 {
 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
-sd-ocr = 0x8000;
+sd-ocr = 0x8080;
 }
 
 static void sd_set_scr(SDState *sd)
@@ -250,13 +252,85 @@ static const uint8_t sd_csd_rw_mask[16] = {
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
 };
 
+static void mmc_set_ext_csd(SDState *sd, uint64_t size)
+{
+uint32_t sectcount = size  HWBLOCK_SHIFT;
+
+memset(sd-ext_csd, 0, 512);
+sd-ext_csd[504] = 0x1; /* supported command sets */
+sd-ext_csd[503] = 0x1; /* HPI features  */
+sd-ext_csd[502] = 0x1; /* Background operations support */
+sd-ext_csd[241] = 0xA; /* 1st initialization time after partitioning */
+sd-ext_csd[232] = 0x1; /* Trim multiplier */
+sd-ext_csd[231] = 0x15; /* Secure feature support */
+sd-ext_csd[230] = 0x96; /* Secure erase support */
+sd-ext_csd[229] = 0x96; /* Secure TRIM multiplier */
+sd-ext_csd[228] = 0x7; /* Boot information */
+sd-ext_csd[226] = 0x8; /* Boot partition size */
+sd-ext_csd[225] = 0x6; /* Access size */
+sd-ext_csd[224] = 0x4; /* HC Erase unit size */
+sd-ext_csd[223] = 0x1; /* HC erase timeout */
+sd-ext_csd[222] = 0x1; /* Reliable write sector count */
+sd-ext_csd[221] = 0x4; /* HC write protect group size */
+sd-ext_csd[220] = 0x8; /* Sleep current VCC  */
+sd-ext_csd[219] = 0x7; /* Sleep current VCCQ */
+sd-ext_csd[217] = 0x11; /* Sleep/Awake timeout */
+sd-ext_csd[215] = (sectcount  24)  0xff; /* Sector count */
+sd-ext_csd[214] = (sectcount  16)  0xff; /* ... */
+sd-ext_csd[213] = (sectcount  8)  0xff;  /* ... */
+sd-ext_csd[212] = (sectcount  0xff);   /* ... */
+sd-ext_csd[210] = 0xa; /* Min write perf for 8bit@52Mhz */
+sd-ext_csd[209] = 0xa; /* Min read perf for 8bit@52Mhz  */
+sd-ext_csd[208] = 0xa; /* Min write perf for 4bit@52Mhz */
+sd-ext_csd[207] = 0xa; /* Min read perf for 4bit@52Mhz */
+sd-ext_csd[206] = 0xa; /* Min write perf for 4bit@26Mhz */
+sd-ext_csd[205] = 0xa; /* Min read perf for 4bit@26Mhz */
+sd-ext_csd[199] = 0x1; /* Partition switching timing */
+sd-ext_csd[198] = 0x1; /* Out-of-interrupt busy timing */
+sd-ext_csd[196] = 0x7; /* Card type */
+sd-ext_csd[194] = 0x2; /* CSD Structure version */
+sd-ext_csd[192] = 0x5; /* Extended CSD revision */
+sd-ext_csd[168] = 0x1; /* RPMB size */
+sd-ext_csd[160] = 0x3; /* Partinioning support */
+sd-ext_csd[159] = 0x00; /* Max enhanced area size */
+sd-ext_csd[158] = 0x00; /* ... */
+sd-ext_csd[157] = 0xEC; /* ... */
+}
+
 static void sd_set_csd(SDState *sd, uint64_t size)
 {
 uint32_t csize = (size  (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
 uint32_t sectsize = (1  (SECTOR_SHIFT + 1)) - 1;
 uint32_t wpsize = (1  (WPGROUP_SHIFT + 1)) - 1;
 
-if (size = 0x4000) {  /* Standard Capacity SD */
+if (sd-emmc) { /* eMMC */
+sd-csd[0] = 0xd0;
+sd-csd[1] = 0x0f;
+sd-csd[2] = 0x00;
+sd-csd[3] = 0x32;
+sd-csd[4] = 0x0f;
+if (size = 0x8000ULL) {
+/* use 1k blocks */
+uint32_t csize1k = (size  (CMULT_SHIFT + 10)) - 1;
+sd-csd[5] = 0x5a;
+sd-csd[6] = 0x80 | ((csize1k  10)  0xf);
+sd-csd[7] = (csize1k  2)  0xff;
+} else { /* = 2GB : size stored in ext CSD, block addressing */
+sd-csd[5] = 0x59;
+sd-csd[6] = 0x8f;
+sd-csd[7] = 0xff;
+sd-ocr |= 1  30;
+}
+sd-csd[8] = 0xff;
+sd-csd[9] = 0xff;
+sd-csd[10] = 0xf7;
+sd-csd[11] = 0xfe;
+sd-csd[12] = 0x49;
+sd-csd[13] = 0x10;
+sd-csd[14] = 0x00;
+sd-csd[15] = (sd_crc7(sd-csd, 15)  1) | 1;
+mmc_set_ext_csd(sd, size);
+} else if (size = 0x4000) { /* Standard Capacity SD */
 sd-csd[0] = 0x00; /* CSD structure */
 sd-csd[1] = 0x26; /* Data read access-time-1 */
 sd-csd[2] = 0x00; /* Data read access-time-2 */
@@ -305,9 +379,13 @@ static void sd_set_csd(SDState *sd, uint64_t size)
 }
 }
 
-static void sd_set_rca(SDState *sd)
+static void sd_set_rca(SDState *sd, uint16_t value

[Qemu-devel] [PATCH 5/7] sd: add PCI ids for SDHCI controller

[Vincent Palatin]

Signed-off-by: Vincent Palatin vpala...@chromium.org
---
 hw/pci.h |1 +
 hw/pci_ids.h |1 +
 2 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/hw/pci.h b/hw/pci.h
index c220745..e0bfbfb 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -51,6 +51,7 @@
 /* QEMU/Bochs VGA (0x1234) */
 #define PCI_VENDOR_ID_QEMU   0x1234
 #define PCI_DEVICE_ID_QEMU_VGA   0x
+#define PCI_DEVICE_ID_SDHCI  0x
 
 /* VMWare (0x15ad) */
 #define PCI_VENDOR_ID_VMWARE 0x15ad
diff --git a/hw/pci_ids.h b/hw/pci_ids.h
index d94578c..6294658 100644
--- a/hw/pci_ids.h
+++ b/hw/pci_ids.h
@@ -27,6 +27,7 @@
 
 #define PCI_CLASS_MEMORY_RAM 0x0500
 
+#define PCI_CLASS_SYSTEM_SDHCI   0x0805
 #define PCI_CLASS_SYSTEM_OTHER   0x0880
 
 #define PCI_CLASS_SERIAL_USB 0x0c03
-- 
1.7.3.1

[Qemu-devel] [PATCH 1/7] sd: do not add one sector to the disk size

[Vincent Palatin]

This leads to random off-by-one error.
When the size of the SD is exactly 1GB, the emulation was returning a
wrong SDHC CSD descriptor.

Signed-off-by: Vincent Palatin vpala...@chromium.org
---
 hw/sd.c |4 +---
 1 files changed, 1 insertions(+), 3 deletions(-)

diff --git a/hw/sd.c b/hw/sd.c
index cedfb20..f48d589 100644
--- a/hw/sd.c
+++ b/hw/sd.c
@@ -393,9 +393,7 @@ static void sd_reset(SDState *sd, BlockDriverState *bdrv)
 } else {
 sect = 0;
 }
-sect = 9;
-
-size = sect + 1;
+size = sect  9;
 
 sect = (size  (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
 
-- 
1.7.3.1

Re: [Qemu-devel] -net interface association behavior change in current -git.

[Vincent Palatin]

Hi,

On Wed, May 11, 2011 at 22:39, Rob Landley r...@landley.net wrote:
 In 1.14.0, if I did this:

  qemu -net nic,blah -net user -net nic,blah -net tun,blah

 Then the first nic would be -net user, and the second nic would be -net
 tun.    In current -git, -net user attaches to the second interface and
 -net tun attaches to the first, I.E. the order is reversed.

 Either way the first -nic becomes eth0 in Linux and the second becomes
 eth1 (I can manually assign mac addresses in order to confirm which is
 which), but eth0 used to be the -net user interface and now eth1 is the
 -net user interface.

 I bisected this to commit 60c07d933c66c4b30a83b but I don't know why it
 changed the behavior, and I can't find _documentation_ on having
 multiple interfaces transports hooked up to the same qemu instance
 anyway.  (It used to work, but possibly that was an accident?)

 Any ideas?

First of all, as you have 2 totally separated subnets in your setup, I
think your command-line should use vlan= parameter to isolate them,
else you will end up with some random routing/broadcasting (and random
tends to change over time).
I'm not using setup with multiple NICs but I would have written something like :
qemu -net nic,vlan=1,blah -net user,vlan=1 -net nic,vlan=2,blah -net
tun,vlan=2,blah

In addition to this, which type of NIC are you using ?
In my understanding, the Linux kernel might assign interface number
depending on the order the interfaces are appearing.
Without my change, when a packet arrives and should be distributed to
multiple interfaces (that seems to be the case in your setup even
though it is not intended) if one of the interface is not ready, the
packet is only forwarded to the ready interface (and the other never
receives it). This produces interesting timing effects where packets
are routed according to obscure race conditions, but in your former
setup, that might cause the packet to be routed to the interface you
want.

-- 
Vincent

Re: [Qemu-devel] -net interface association behavior change in current -git.

[Vincent Palatin]

 First of all, as you have 2 totally separated subnets in your setup, I
 think your command-line should use vlan= parameter to isolate them,
 else you will end up with some random routing/broadcasting (and random
 tends to change over time).

 Does the kernel need some sort of vlan support compiled into it for this
 to work, or can the kernel not care?

You don't need anything in your kernel, this is for Qemu network layer
configuration.

 I'm not using setup with multiple NICs but I would have written something 
 like :
 qemu -net nic,vlan=1,blah -net user,vlan=1 -net nic,vlan=2,blah -net
 tun,vlan=2,blah

 In addition to this, which type of NIC are you using ?

 The actual command line is various permutations of:

 ~/qemu/qemu/x86_64-softmmu/qemu-system-x86_64 -m 512 -kernel
 ~/linux/linux/arch/x86/boot/bzImage -no-reboot -hda squeeze.ext3 -append
 root=/dev/hda rw -net nic,model=e1000,macaddr=52:54:00:11:11:11 -net
 user -redir tcp:9876::22 -net nic,model=e1000,macaddr=52:54:00:22:22:22
 -net tap,ifname=kvm0,script=no,downscript=no

 With the parameters reordered to try to beat some controllable behavior
 out of it.  (It had a deterministic behavior before the above commit,
 going back at least 2 years.  The behavior was changed by the commit.)

 In my understanding, the Linux kernel might assign interface number
 depending on the order the interfaces are appearing.

 It's going in PCI bus order.  And the _interfaces_ are still happily in
 PCI bus order both before and after this commit.  What's changing is the
 association between interface and -net user or -net tap.

 The first one, with macaddr 11:11:11, is always eth0.  But before the
 patch, eth0 is -net user, and after the patch eth0 is -net tap.

So, did you try the vlan parameter which is supposed to associate each
interface with the proper thing (IMO the command line order should not
have anything to do with it) ?

-- 
Vincent

Re: [Qemu-devel] Addming new options to the QEMU monitor

[Vincent Palatin]

On Tue, Mar 15, 2011 at 11:28, Marco Boni mb.b...@gmail.com wrote:
 I would like to have some hints on how to implement new options in the QEMU
 monitor.

 In particular, I would like to add an instruction counter, so that I can
 press CTRL+ALT+2 and type something like instruction_counter, and get the
 number of instructions that have been executed so far.

You should have a look at the -icount command line option and its
implementation.

 Is there any code practice to follow?

Yes, there are some requirements on the Wiki :
http://wiki.qemu.org/Contribute/SubmitAPatch

Which source files should I put my
 hands on?

have a look at monitor.c and the hmp-command.hx to add simply a new command.

-- 
Vincent

[Qemu-devel] [PATCH] Fix performance regression in qemu_get_ram_ptr

[Vincent Palatin]

When the commit f471a17e9d869df3c6573f7ec02c4725676d6f3a converted the
ram_blocks structure to QLIST, it also removed the conditional check before
switching the current block at the beginning of the list.

In the common use case where ram_blocks has a few blocks with only one
frequently accessed (the main RAM), this has a performance impact as it
performs the useless list operations on each call (which are on a really
hot path).

On my machine emulation (ARM on amd64), this patch reduces the
percentage of CPU time spent in qemu_get_ram_ptr from 6.3% to 2.1% in the
profiling of a full boot.

Signed-off-by: Vincent Palatin vpala...@chromium.org
---
 exec.c |7 +--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/exec.c b/exec.c
index d611100..81f08b7 100644
--- a/exec.c
+++ b/exec.c
@@ -2957,8 +2957,11 @@ void *qemu_get_ram_ptr(ram_addr_t addr)
 
 QLIST_FOREACH(block, ram_list.blocks, next) {
 if (addr - block-offset  block-length) {
-QLIST_REMOVE(block, next);
-QLIST_INSERT_HEAD(ram_list.blocks, block, next);
+/* Move this entry to to start of the list.  */
+if (block != QLIST_FIRST(ram_list.blocks)) {
+QLIST_REMOVE(block, next);
+QLIST_INSERT_HEAD(ram_list.blocks, block, next);
+}
 return block-host + (addr - block-offset);
 }
 }
-- 
1.7.3.1

Re: [Qemu-devel] Memory Map

[Vincent Palatin]

Hi,

On Wed, Mar 2, 2011 at 12:11, Salvatore Lionetti
salvatorelione...@yahoo.it wrote:
 Still now, some memory region is called with base+offset.

 So:

 [0x204] = value (write from uP register)
 cause
 read(opaque, offset=204, value)

 while
 [0x504] = value (write from uP register)
 cause
 read(opaque, offset=4, value)

 The two opaque are different as expected.

 Where i am wrong?

If you mean 0x5004 and not 0x504 (as stated in your previous email),
IMO it is a current limitation of the Qemu feature called subpage
(which is used when you are mapping a memory area smaller than the MMU
page size as in your example).

When using subpages in the current code, the offset becomes the
distance to the MMU page boundary instead of the distance to the base
address of the peripheral. This is somewhat impractical and confusing
when you are mapping the same subpage sized MMIO device at different
addresses.
As the emulation I'm working on has a lot of subpage sized
peripherals, I have written a patch to workaround this limitation. I
will send it to the list for comment if you want to try it.

-- 
Vincent

[Qemu-devel] [PATCH] fix offset for MMIO subpage access

[Vincent Palatin]

When using a MMIO subpage not starting on a page boundary, the offset
value given to the access handler is based on the start of the MMU page
not on the subpage base.
As a consequence, if you are mapping the same subpage sized MMIO device
at different addresses, this is somewhat impractical and confusing since
the same register will be called with different offset depending on the
base address.

My proposal is to workaround this by recording the offset in region_offset
field.

Signed-off-by: Vincent Palatin vpala...@chromium.org
---
 exec.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/exec.c b/exec.c
index d611100..b59e7c9 100644
--- a/exec.c
+++ b/exec.c
@@ -2626,6 +2626,7 @@ void 
cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
   need_subpage);
 if (need_subpage) {
+region_offset -= (start_addr  ~TARGET_PAGE_MASK);
 if (!(orig_memory  IO_MEM_SUBPAGE)) {
 subpage = subpage_init((addr  TARGET_PAGE_MASK),
p-phys_offset, orig_memory,
@@ -2658,6 +2659,7 @@ void 
cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
   end_addr2, need_subpage);
 
 if (need_subpage) {
+region_offset -= (start_addr  ~TARGET_PAGE_MASK);
 subpage = subpage_init((addr  TARGET_PAGE_MASK),
p-phys_offset, IO_MEM_UNASSIGNED,
addr  TARGET_PAGE_MASK);
-- 
1.7.3.1

[Qemu-devel] [PATCH 1/2] net: fix trace when debug is activated in slirp

[Vincent Palatin]

make the code compile correctly when DEBUG is activated.

Signed-off-by: Vincent Palatin vpala...@chromium.org
---
 slirp/bootp.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/slirp/bootp.c b/slirp/bootp.c
index 0905c6d..1eb2ed1 100644
--- a/slirp/bootp.c
+++ b/slirp/bootp.c
@@ -284,7 +284,7 @@ static void bootp_reply(Slirp *slirp, const struct bootp_t 
*bp)
 } else {
 static const char nak_msg[] = requested address not available;
 
-DPRINTF(nak'ed addr=%08x\n, ntohl(preq_addr-s_addr));
+DPRINTF(nak'ed addr=%08x\n, ntohl(preq_addr.s_addr));
 
 *q++ = RFC2132_MSG_TYPE;
 *q++ = 1;
-- 
1.7.3.1

[Qemu-devel] net: small fixes

[Vincent Palatin]

Dear Qemu developers,

While debugging a machine emulation using SLIRP based user networking, I ran 
into a couple of issues.
Please find attached the patches for them :
1) fix the SLIRP compilation when the debug traces are activated.
2) avoid packet loss with several receivers on the same vlan.

Regards,
-- 
Vincent

[Qemu-devel] [PATCH 2/2] net: fix qemu_can_send_packet logic

[Vincent Palatin]

If any of the clients is not ready to receive (ie it has a can_receive
callback and can_receive() returns false), we don't want to start
sending, else this client may miss/discard the packet.

I got this behaviour with the following setup :
the emulated machine is using an USB-ethernet adapter, it is connected
to the network using SLIRP and I'm dumping the traffic in a .pcap file.
As per the following command line :
-net nic,model=usb,vlan=1 -net user,vlan=1 -net dump,vlan=1,file=/tmp/pkt.pcap
Every time that two packets are coming in a row from the host, the
usb-net code will receive the first one, then returns 0 to can_receive
call since it has a 1 packet long queue. But as the dump code is always
ready to receive, qemu_can_send_packet will return true and the next
packet will discard the previous one in the usb-net code.

Signed-off-by: Vincent Palatin vpala...@chromium.org
---
 net.c |6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/net.c b/net.c
index ec4745d..72ac4cf 100644
--- a/net.c
+++ b/net.c
@@ -411,11 +411,11 @@ int qemu_can_send_packet(VLANClientState *sender)
 }
 
 /* no can_receive() handler, they can always receive */
-if (!vc-info-can_receive || vc-info-can_receive(vc)) {
-return 1;
+if (vc-info-can_receive  !vc-info-can_receive(vc)) {
+return 0;
 }
 }
-return 0;
+return 1;
 }
 
 static ssize_t qemu_deliver_packet(VLANClientState *sender,
-- 
1.7.3.1

Re: [Qemu-devel] [PATCH 1/3] target-arm: Setup smpboot code in all setups

[Vincent Palatin]

Hi Adam,

 Moving in the right direction, but it would be cleaner if the secondary
 CPU reset was handled inside arm_boot.c, I think (there is a TODO
 in that file to that effect). Then we could get rid of the cpu reset
 hook from realview.c.

 Like the following?

This assumes that all the ARM SMP platforms are booting their
secondary CPU the same way as the emulated Realview.
For example, I'm currently writing a Tegra2 (dual A9) SoC emulation
and the second CPU is halted when the platform starts and I cannot
re-use the current smpboot firmware chunk. My current workaround is to
use info-nb_cpus = 1 and do the init in the board code. Forcing the
reset function will probably not help.

  Subject: [PATCH] target-arm: Integrate secondary CPU reset in arm_boot

 Integrate secondary CPU reset into arm_boot, removing it from realview.c.
 On non-Linux systems secondary CPUs start with the same entry as the boot
 CPU.

 Signed-off-by: Adam Lackorzynski a...@os.inf.tu-dresden.de
 ---
  hw/arm_boot.c |   23 +++
  hw/realview.c |   14 --
  2 files changed, 15 insertions(+), 22 deletions(-)

 diff --git a/hw/arm_boot.c b/hw/arm_boot.c
 index 620550b..41e99d1 100644
 --- a/hw/arm_boot.c
 +++ b/hw/arm_boot.c
 @@ -175,7 +175,7 @@ static void set_kernel_args_old(struct arm_boot_info 
 *info,
     }
  }

 -static void main_cpu_reset(void *opaque)
 +static void do_cpu_reset(void *opaque)
  {
     CPUState *env = opaque;
     struct arm_boot_info *info = env-boot_info;
 @@ -187,16 +187,20 @@ static void main_cpu_reset(void *opaque)
             env-regs[15] = info-entry  0xfffe;
             env-thumb = info-entry  1;
         } else {
 -            env-regs[15] = info-loader_start;
 -            if (old_param) {
 -                set_kernel_args_old(info, info-initrd_size,
 +            if (env == first_cpu) {
 +                env-regs[15] = info-loader_start;
 +                if (old_param) {
 +                    set_kernel_args_old(info, info-initrd_size,
 +                                        info-loader_start);
 +                } else {
 +                    set_kernel_args(info, info-initrd_size,
                                     info-loader_start);
 +                }
             } else {
 -                set_kernel_args(info, info-initrd_size, info-loader_start);
 +                env-regs[15] = info-smp_loader_start;
             }
         }
     }
 -    /* TODO:  Reset secondary CPUs.  */
  }

  void arm_load_kernel(CPUState *env, struct arm_boot_info *info)
 @@ -217,7 +221,6 @@ void arm_load_kernel(CPUState *env, struct arm_boot_info 
 *info)

     if (info-nb_cpus == 0)
         info-nb_cpus = 1;
 -    env-boot_info = info;

  #ifdef TARGET_WORDS_BIGENDIAN
     big_endian = 1;
 @@ -279,5 +282,9 @@ void arm_load_kernel(CPUState *env, struct arm_boot_info 
 *info)
         info-initrd_size = initrd_size;
     }
     info-is_linux = is_linux;
 -    qemu_register_reset(main_cpu_reset, env);
 +
 +    for (; env; env = env-next_cpu) {
 +        env-boot_info = info;
 +        qemu_register_reset(do_cpu_reset, env);
 +    }
  }
 diff --git a/hw/realview.c b/hw/realview.c
 index 6eb6c6a..fae444a 100644
 --- a/hw/realview.c
 +++ b/hw/realview.c
 @@ -104,17 +104,6 @@ static struct arm_boot_info realview_binfo = {
     .smp_loader_start = SMP_BOOT_ADDR,
  };

 -static void secondary_cpu_reset(void *opaque)
 -{
 -  CPUState *env = opaque;
 -
 -  cpu_reset(env);
 -  /* Set entry point for secondary CPUs.  This assumes we're using
 -     the init code from arm_boot.c.  Real hardware resets all CPUs
 -     the same.  */
 -  env-regs[15] = SMP_BOOT_ADDR;
 -}
 -
  /* The following two lists must be consistent.  */
  enum realview_board_type {
     BOARD_EB,
 @@ -176,9 +165,6 @@ static void realview_init(ram_addr_t ram_size,
         }
         irqp = arm_pic_init_cpu(env);
         cpu_irq[n] = irqp[ARM_PIC_CPU_IRQ];
 -        if (n  0) {
 -            qemu_register_reset(secondary_cpu_reset, env);
 -        }
     }
     if (arm_feature(env, ARM_FEATURE_V7)) {
         if (is_mpcore) {
 --
 1.7.2.3


-- 
Vincent

Re: [Qemu-devel] Re: ehci fixes

[Vincent Palatin]

On Sun, 09 May 2010 20:36:03 -0600
David S. Ahern daah...@cisco.com wrote:

  While using the EHCI patchset, I have found 2 minor issues.
  So, I send in this email thread 2 fix proposals.
 
 Changes look good to me.
 
 Are you looking at any particular device or EHCI in general?

I'm just using it to exercise/debug EHCI bootloader code mainly with
mass storage and CDC ACM devices.


-- 
Vincent

[Qemu-devel] [PATCH 1/2] ehci: Fix error detection when registering a new list base address

[Vincent Palatin]

We must check against the current running command not the list address.

Signed-off-by: Vincent Palatin vincent.palatin_q...@m4x.org
---
 hw/usb-ehci.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c
index 8be0780..e724653 100644
--- a/hw/usb-ehci.c
+++ b/hw/usb-ehci.c
@@ -774,7 +774,7 @@ static void ehci_mem_writel(void *ptr, target_phys_addr_t 
addr, uint32_t val)
 break;
 
 case PERIODICLISTBASE:
-if (val  USBCMD_PSE) {
+if (s-usbcmd  USBCMD_PSE) {
 fprintf(stderr, Guest OS should not be setting the periodic
 list base register while periodic schedule is enabled\n);
 return;
@@ -783,7 +783,7 @@ static void ehci_mem_writel(void *ptr, target_phys_addr_t 
addr, uint32_t val)
 break;
 
 case ASYNCLISTADDR:
-if (val  USBCMD_ASE) {
+if (s-usbcmd  USBCMD_ASE) {
 fprintf(stderr, Guest OS should not be setting the async list
 address register while async schedule is enabled\n);
 return;
-- 
1.5.6.5

[Qemu-devel] ehci fixes

[Vincent Palatin]

Dear developers,

While using the EHCI patchset, I have found 2 minor issues.
So, I send in this email thread 2 fix proposals.

Those patches apply on top of the Jan Kiszka's ehci branch.
Thanks to Jan and David for gathering and updating this patchset.

--
Vincent

[Qemu-devel] [PATCH 2/2] ehci: Fix debug traces

[Vincent Palatin]

- fix build error when activating traces
- properly display the config flags register

Signed-off-by: Vincent Palatin vincent.palatin_q...@m4x.org
---
 hw/usb-ehci.c |6 +-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c
index e724653..ab9a23e 100644
--- a/hw/usb-ehci.c
+++ b/hw/usb-ehci.c
@@ -469,6 +469,10 @@ static const char *addr2str(unsigned addr)
 case PORTSC_BEGIN ... PORTSC_END:
 r = PORT STATUS;
 break;
+
+case CONFIGFLAG:
+r = CONFIG FLAG;
+break;
 }
 
 return r;
@@ -1956,7 +1960,7 @@ static void ehci_map(PCIDevice *pci_dev, int region_num,
 {
 EHCIState *s =(EHCIState *)pci_dev;
 
-DPRINTF(ehci_map: region %d, addr %08lX, size %ld, s-mem %08X\n,
+DPRINTF(ehci_map: region %d, addr %08llX, size %lld, s-mem %08X\n,
 region_num, addr, size, s-mem);
 s-mem_base = addr;
 cpu_register_physical_memory(addr, size, s-mem);
-- 
1.5.6.5

Re: [Qemu-devel] debug register implementation of x86?

[Vincent Palatin]

On Tuesday 07 August 2007 06:37, shizheng wrote:
 Hi,all:

 I think memory access monitoring is useful in debugging a target
 running in qemu. There are two ways to do this(or even more):

 1.x86 specific. add debug register emulation in qemu.
 2.hardware independent. such as adding a command in qemu monitor.

 I would like to know if anybody has already done this?
 Or is there any problem that prevents from doing so?

It is already implemented in the GDB stub of Qemu.
Just add a watchpoint  with a GDB connected to QEMU.

-- 
Vincent

Re: [Qemu-devel] QEMU and ddd

[Vincent Palatin]

On Wednesday 28 February 2007 03:11, Gregory Cavelier wrote:
 I'm trying to use ddd (connected to QEMU) to debug my own kernel and it
 works fine.

 The only problem I have is that I'm always interrupted by my IRQ handlers
 (and especially the timer, IRQ 0).

 Is there a way to avoid ddd to jump to my irq handlers functions so I can
 step into my code without being interrupted ?

If you are trying to single-step, you should disable interrupts/timers when 
single stepping in Qemu GDB stub.
Several patches already exist about this topic ...

Check at the following thread :
http://lists.gnu.org/archive/html/qemu-devel/2006-05/msg00374.html
or this one :
http://qemu-forum.ipi.fi/viewtopic.php?p=3281

-- 
Vincent


___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel

Re: [Qemu-devel] Problem with threads in Scratchbox with Qemu for ARM

[Vincent Palatin]

 Does anyone know of known problems under Qemu for ARM and pthreads ?

Yes, it is known ... last occurence in the mailing list archive  is :

On Saturday 20 January 2007 14:43, Paul Brook wrote:
[...]

 Threaded applications don't work reliably under qemu.
 See mailing list archives for discussions of the technical reasons why.

 Paul

-- 
Vincent


___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel

Re: [Qemu-devel] Learning QEmy Virtual Machine

[Vincent Palatin]

On Friday 08 December 2006 05:33, I_am alone wrote:
   I plan to do my undergraduate research on QEMU Virtual machine
 Design , Implementation and operation. Since i dont have much idea about
 virtual machines and there operations i would really appreciate if anyone
 could help me on this.

 If i plan to learn the technology from doing a Code Review of the QEMU
 virtual machine. would it be helpful?? do i need any preliminary
 knowledge.?

You should start by reading Qemu internals docs :
http://www.qemu.org/qemu-tech.html
and Fabrice paper for Usenix conference :
http://www.usenix.org/publications/library/proceedings/usenix05/tech/freenix/full_papers/bellard/bellard.pdf

-- 
Vincent


___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel

Re: [Qemu-devel] Is there a way to install Minix 2.0.4 on my own image file?

[Vincent Palatin]

 But for minix 2.0.4, I cannot map the
 USR.MNX to the fda while the ROOT.MNX is mapped to it.

You can change the floppy disk image later during the boot process by using
qemu monitor.

* enter qemu monitor (probably Ctrl-Alt-1)
* change the floppy using the following command :
change fda USR.MNX


-- 
vincent



___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel

Re: [Qemu-devel] Log I/O from host Parallel Port?

[Vincent Palatin]

On Tuesday 08 August 2006 11:05, Steve Ellenoff wrote:
 Is there any easy way to log all I/O data reads  writes to/from the host
 parallel port, when using the -parallel /dev/parport0 option?

 My host is connected via parallel port to some custom hardware and I'd like
 to be able to diagnose why the hardware's not working, by seeing the data
 stream of the port.

Near the top of the file hw/parallel.c, you can find the following line :
//#define DEBUG_PARALLEL

just uncomment it and rebuilt qemu, all parallel I/O will be written to 
stdout. (or feel free to modify the printf traces)

-- 
Vincent


___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel