Re: [Qemu-devel] [PATCH COLO-Frame (Base) v21 00/17] COarse-grain LOck-stepping(COLO) Virtual Machines for Non-stop Service (FT)

[Hailiang Zhang]

On 2016/10/27 11:52, Amit Shah wrote:

On (Wed) 26 Oct 2016 [23:52:48], Hailiang Zhang wrote:

Hi Amit,

On 2016/10/26 16:26, Amit Shah wrote:

On (Wed) 26 Oct 2016 [14:43:30], Hailiang Zhang wrote:

Hi Amit,

On 2016/10/26 14:09, Amit Shah wrote:

Hello,

On (Tue) 18 Oct 2016 [20:09:56], zhanghailiang wrote:

This is the 21th version of COLO frame series.

Rebase to the latest master.


I've reviewed the patchset, have some minor comments, but overall it
looks good.  The changes are contained, and common code / existing
code paths are not affected much.  We can still target to merge this
for 2.8.



I really appreciate your help ;), I will fix all the issues later
and send v22. Hope we can still catch the deadline of V2.8.


Do you have any tests on how much the VM slows down / downtime
incurred during checkpoints?



Yes, we tested that long time ago, it all depends.
The downtime is determined by the time of transferring the dirty pages
and the time of flushing ram from ram buffer.
But we really have methods to reduce the downtime.

One method is to reduce the amount of data (dirty pages mainly) while do 
checkpoint
by transferring dirty pages asynchronously while PVM and SVM are running (no in
the time of doing checkpoint). Besides we can re-use the capability of 
migration, such
as compressing, etc.
Another method is to reduce the time of flushing ram by using userfaultfd API
to convert copying ram into marking bitmap. We can also flushing the ram buffer
by multiple threads which advised by Dave ...


Yes, I understand that as with any migration numbers, this too depends
on what the guest is doing.  However, can you just pick some standard
workload - kernel compile or something like that - and post a few
observations?



Li Zhijian has sent some test results which based on kernel colo proxy,
After switch to userspace colo proxy, there maybe some degradations.
But for the old scenario, some optimizations are not implemented.
For the new userspace colo proxy scenario, we didn't test it overall,
Because it is still WIP, we will start the work after this frame is merged.


OK.


Also, can you tell how did you arrive at the default checkpoint
interval?



Er, for this value, we referred to Remus in XEN platform. ;)
But after we implement COLO with colo proxy, this interval value will be changed
to a bigger one (10s). And we will make it configuration too. Besides, we will
add another configurable value to control the min interval of checkpointing.


OK - any typical value that is a good mix between COLO keeping the
network too busy / guest paused vs guest making progress?  Again this
is something that's workload-dependent, but I guess you have typical
numbers from a network-bound workload?



Yes, you can refer to Zhijian's email for detail.
I think it is necessary to add some test/performance results into COLO's wiki.
We will do that later.


Yes, please.

Also, in your next iteration, please add the colo files to the
MAINTAINERS entry so you get CC'ed on future patches (and bugs :-)



OK, I will send v23 with it. Thanks.

Hailiang


Amit

.

Re: [Qemu-devel] [PATCH v2 5/6] target-ppc: add vprtyb[w/d/q] instructions

[Richard Henderson]

On 10/26/2016 08:47 PM, David Gibson wrote:

> +void helper_vprtybq(ppc_avr_t *r, ppc_avr_t *b)
> +{
> +int i;
> +uint8_t s = 0;
> +for (i = 0; i < 16; i++) {
> +s ^= (b->u8[i] & 1);
> +}
> +r->u64[LO_IDX] = (!s) ? 0 : 1;
> +r->u64[HI_IDX] = 0;
> +}
> +

I think you can implement these better.  First mask with 0x01010101
(of the appropriate length) to extract the LSB bits of each byte.
Then XOR the two halves together, then quarters and so forth,
ln2(size) times to arrive at the parity.  This is similar to the usual
Hamming weight implementation.



You don't even have to mask with 0x01010101 to start.  Just fold halves til you 
get to the byte level and then mask with 1.



r~

[Qemu-devel] [Bug 588803] Re: Image corruption during snapshot creation/deletion

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/588803

Title:
  Image corruption during snapshot creation/deletion

Status in QEMU:
  Expired

Bug description:
  Hello,

  The creation/deletion of snapshots sometimes crashes and corrupts the
  VM image and provoke a segmentation fault in "strcmp", called from
  "bdrv_snapshot_find".

  Here is a patch that temporarily fixes that (it fixes the segfault but
  not its reason) :

  --- qemu-kvm-0.12.2-old/savevm.c  2010-01-18 19:48:25.0 +0100
  +++ qemu-kvm-0.12.2/savevm.c  2010-02-12 13:45:07.225644169 +0100
  @@ -1624,6 +1624,7 @@
   int nb_sns, i, ret;
   
   ret = -ENOENT;
  + if (!name) return ret;
   nb_sns = bdrv_snapshot_list(bs, _tab);
   if (nb_sns < 0)
   return ret;
  @@ -1649,6 +1650,8 @@
   QEMUSnapshotInfo sn1, *snapshot = 
   int ret;
   
  + if (!name) return 0;
  +
   QTAILQ_FOREACH(dinfo, , next) {
   bs = dinfo->bdrv;
   if (bdrv_can_snapshot(bs) &&
  @@ -1777,6 +1780,11 @@
   QTAILQ_FOREACH(dinfo, , next) {
   bs1 = dinfo->bdrv;
   if (bdrv_has_snapshot(bs1)) {
  + if (!name) {
  + monitor_printf(mon, "Could not find snapshot 
'NULL' on "
  + 
   "device '%s'\n",
  + 
   bdrv_get_device_name(bs1));
  + }
   ret = bdrv_snapshot_goto(bs1, name);
   if (ret < 0) {
   if (bs != bs1)
  @@ -1804,6 +1812,11 @@
   }
   }
   
  + if (!name) {
  + monitor_printf(mon, "VM state name is NULL\n");
  + return -EINVAL;
  + }
  +
   /* Don't even try to load empty VM states */
   ret = bdrv_snapshot_find(bs, , name);
   if ((ret >= 0) && (sn.vm_state_size == 0))
  @@ -1840,6 +1853,11 @@
   QTAILQ_FOREACH(dinfo, , next) {
   bs1 = dinfo->bdrv;
   if (bdrv_has_snapshot(bs1)) {
  + if (!name) {
  + monitor_printf(mon, "Could not find snapshot 
'NULL' on "
  + 
   "device '%s'\n",
  + 
   bdrv_get_device_name(bs1));
  + }
   ret = bdrv_snapshot_delete(bs1, name);
   if (ret < 0) {
   if (ret == -ENOTSUP)

  
  The patch is very simple. Some checks on the variable "name" were missing in 
"savevm.c".

  Regards,

  Nicolas Grandjean
  Conix Security

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/588803/+subscriptions

Re: [Qemu-devel] [PATCH v2 3/6] target-ppc: add vrldnmi and vrlwmi instructions

[David Gibson]

On Wed, Oct 26, 2016 at 11:56:26AM +0530, Nikunj A Dadhania wrote:
> From: "Gautham R. Shenoy" 
> 
> vrldmi: Vector Rotate Left Dword then Mask Insert
> vrlwmi: Vector Rotate Left Word then Mask Insert
> 
> Signed-off-by: Gautham R. Shenoy 
> Signed-off-by: Bharata B Rao 
> ( use extract[32,64] and rol[32,64] )
> Signed-off-by: Nikunj A Dadhania 
> ---
>  disas/ppc.c |  2 ++
>  target-ppc/helper.h |  2 ++
>  target-ppc/int_helper.c | 46 
> +
>  target-ppc/translate/vmx-impl.inc.c |  6 +
>  target-ppc/translate/vmx-ops.inc.c  |  4 ++--
>  5 files changed, 58 insertions(+), 2 deletions(-)
> 
> diff --git a/disas/ppc.c b/disas/ppc.c
> index 052cebe..32f0d8d 100644
> --- a/disas/ppc.c
> +++ b/disas/ppc.c
> @@ -2286,6 +2286,8 @@ const struct powerpc_opcode powerpc_opcodes[] = {
>  { "vrlh",  VX(4,   68), VX_MASK, PPCVEC, { VD, VA, VB } },
>  { "vrlw",  VX(4,  132), VX_MASK, PPCVEC, { VD, VA, VB } },
>  { "vrsqrtefp", VX(4,  330), VX_MASK, PPCVEC, { VD, VB } },
> +{ "vrldmi",VX(4,  197), VX_MASK,PPCVEC, { VD, VA, VB } },
> +{ "vrlwmi",VX(4,  133), VX_MASK,PPCVEC, { VD, VA, VB} },
>  { "vsel",  VXA(4,  42), VXA_MASK,PPCVEC, { VD, VA, VB, 
> VC } },
>  { "vsl",   VX(4,  452), VX_MASK, PPCVEC, { VD, VA, VB } },
>  { "vslb",  VX(4,  260), VX_MASK, PPCVEC, { VD, VA, VB } },
> diff --git a/target-ppc/helper.h b/target-ppc/helper.h
> index 0337292..9fb8f0d 100644
> --- a/target-ppc/helper.h
> +++ b/target-ppc/helper.h
> @@ -325,6 +325,8 @@ DEF_HELPER_4(vmaxfp, void, env, avr, avr, avr)
>  DEF_HELPER_4(vminfp, void, env, avr, avr, avr)
>  DEF_HELPER_3(vrefp, void, env, avr, avr)
>  DEF_HELPER_3(vrsqrtefp, void, env, avr, avr)
> +DEF_HELPER_3(vrlwmi, void, avr, avr, avr)
> +DEF_HELPER_3(vrldmi, void, avr, avr, avr)
>  DEF_HELPER_5(vmaddfp, void, env, avr, avr, avr, avr)
>  DEF_HELPER_5(vnmsubfp, void, env, avr, avr, avr, avr)
>  DEF_HELPER_3(vexptefp, void, env, avr, avr)
> diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
> index dca4798..b54cd7c 100644
> --- a/target-ppc/int_helper.c
> +++ b/target-ppc/int_helper.c
> @@ -1717,6 +1717,52 @@ void helper_vrsqrtefp(CPUPPCState *env, ppc_avr_t *r, 
> ppc_avr_t *b)
>  }
>  }
>  
> +#define MASK(size, max_val) \
> +static inline uint##size##_t mask_u##size(uint##size##_t start, \
> +uint##size##_t end) \
> +{   \
> +uint##size##_t ret, max_bit = size - 1; \
> +\
> +if (likely(start == 0)) {   \
> +ret = max_val << (max_bit - end);   \
> +} else if (likely(end == max_bit)) {\
> +ret = max_val >> start; \
> +} else {\
> +ret = (((uint##size##_t)(-1ULL)) >> (start)) ^  \
> +(((uint##size##_t)(-1ULL) >> (end)) >> 1);  \
> +if (unlikely(start > end)) {\
> +return ~ret;\
> +}   \
> +}   \
> +\
> +return ret; \
> +}
> +
> +MASK(32, UINT32_MAX);
> +MASK(64, UINT64_MAX);

It would be nicer to merge this mask generation with the
implementation in target-ppc/translate.c (called MASK()).

> +
> +#define VRLMI(name, size, element)\
> +void helper_##name(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)  \
> +{ \
> +int i;\
> +for (i = 0; i < ARRAY_SIZE(r->element); i++) {\
> +uint##size##_t src1 = a->element[i];  \
> +uint##size##_t src2 = b->element[i];  \
> +uint##size##_t src3 = r->element[i];  \
> +uint##size##_t begin, end, shift, mask, rot_val;  \
> +  \
> +shift = extract##size(src2, 0, 6);\
> +end   = extract##size(src2, 8, 6);\
> +begin = extract##size(src2, 16, 6);   \
> +rot_val = rol##size(src1, shift);   

[Qemu-devel] [Bug 588731] Re: PXE boot not working

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/588731

Title:
  PXE boot not working

Status in QEMU:
  Expired

Bug description:
  /root/qemu-test/qemu-kvm/x86_64-softmmu/qemu-system-x86_64 -net
  tap,vlan=0,name=tap.0 -boot n -net
  nic,macaddr=$MAC,vlan=0,model=e1000,name=e1000.0 -chardev
  socket,id=monitor,host=0.0.0.0,port=$MONITORPORT,telnet,server,nowait
  -monitor chardev:monitor


  net0: 02:5a:3b:27:00:a1 on PCI00:03.0 (open)  
 
   [Link:up, TX:0 TXE:0 RX:0 RXE:0] 

   DHCP (net0 02:5a:3b:27:00:a1) Connection timed out 
(0x4c106035)
   No more network devices  
  


   
  No bootable device. 


  After doing a system_reset 

  net0: 02:5a:3b:27:00:a1 on PCI00:03.0 (open)  
 
   [Link:up, TX:0 TXE:0 RX:0 RXE:0] 

  DHCP (net0 02:5a:3b:27:00:a1) ok  
 
  net0: 10.201.1.161/255.0.0.0 gw 10.0.0.1  
 
  Booting from filename "boot.pxe"  

  tftp://x.x.x./boot.pxe.. ok  

  
  And it magaically works.

  using HEAD.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/588731/+subscriptions

[Qemu-devel] [Bug 424450] Re: FDC reset should reset the MSR

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/424450

Title:
  FDC reset should reset the MSR

Status in QEMU:
  Expired

Bug description:
  I believe that the MSR resgister should also be reset to zero on a
  software reset.  All of the FDC hardware I have does this. The current
  code leaves the MSR as 0x80, which means that the controller is ready
  for a write.  The controller should not be ready for a write while in
  reset.

  fdc.c Line 899
  /* Reset */
  if (!(value & FD_DOR_nRESET)) {
   +  fdctrl->msr = 0x00;
  if (fdctrl->dor & FD_DOR_nRESET) {
  FLOPPY_DPRINTF("controller enter RESET state\n");
  }
  } else {

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/424450/+subscriptions

[Qemu-devel] [Bug 642304] Re: Solaris/x86 v10 hangs under KVM

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/642304

Title:
  Solaris/x86 v10 hangs under KVM

Status in QEMU:
  Expired

Bug description:
  Solaris/x86 10 guest hangs when running under KVM with the message
  "Running Configuration Assistant".  It runs fine when -enable-kvm
  isn't given as a command option.

  Host OS:  Linux/x86_64
  Guest OS: Solaris/x86
  Command Line: qemu -hda solaris.img -m 192 -boot c -enable-kvm
  Build Configure:  ./configure --enable-linux-aio --enable-io-thread 
--enable-kvm
  GIT commit: 58aebb946acff82c62383f350cab593e55cc13dc

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/642304/+subscriptions

[Qemu-devel] [Bug 602336] Re: bad network performance with 10Gbit

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/602336

Title:
  bad network performance with 10Gbit

Status in QEMU:
  Expired

Bug description:
  Hello,
  I have trouble with the network performance inside my virtual machines. I 
don't know if this is realy a bug, but I didn't find a solution for this 
problem in other forums or maillists.

  My KVM-Host machine is connected to a 10Gbit Network. All interfaces
  are configured to a mtu of 4132. On this host I have no problems and I
  can use the full bandwidth:

  CPU_Info:
  2x Intel Xeon X5570
  flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat 
pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm 
constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf 
pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm dca sse4_1 sse4_2 
popcnt lahf_lm ida tpr_shadow vnmi flexpriority ept vpid

  KVM Version:
  QEMU PC emulator version 0.12.3 (qemu-kvm-0.12.3), Copyright (c) 2003-2008 
Fabrice Bellard
  0.12.3+noroms-0ubuntu9

  KVM Host Kernel:
  2.6.32-22-server #36-Ubuntu SMP Thu Jun 3 20:38:33 UTC 2010 x86_64 GNU/Linux

  KVM Host OS:
  Ubuntu 10.04 LTS
  Codename: lucid

  KVM Guest Kernel:
  2.6.32-22-server #36-Ubuntu SMP Thu Jun 3 20:38:33 UTC 2010 x86_64 GNU/Linux

  KVM Guest OS:
  Ubuntu 10.04 LTS
  Codename: lucid

  
  # iperf -c 10.10.80.100 -w 65536 -p 12345 -t 60 -P4
  [ ID] Interval Transfer Bandwidth
  [ 4] 0.0-60.0 sec 18.8 GBytes 2.69 Gbits/sec
  [ 5] 0.0-60.0 sec 15.0 GBytes 2.14 Gbits/sec
  [ 6] 0.0-60.0 sec 19.3 GBytes 2.76 Gbits/sec
  [ 3] 0.0-60.0 sec 15.1 GBytes 2.16 Gbits/sec
  [SUM] 0.0-60.0 sec 68.1 GBytes 9.75 Gbits/sec

  
  Inside a virtual machine don't reach this result:

  # iperf -c 10.10.80.100 -w 65536 -p 12345 -t 60 -P 4
  [ ID] Interval Transfer Bandwidth
  [ 3] 0.0-60.0 sec 5.65 GBytes 808 Mbits/sec
  [ 4] 0.0-60.0 sec 5.52 GBytes 790 Mbits/sec
  [ 5] 0.0-60.0 sec 5.66 GBytes 811 Mbits/sec
  [ 6] 0.0-60.0 sec 5.70 GBytes 816 Mbits/sec
  [SUM] 0.0-60.0 sec 22.5 GBytes 3.23 Gbits/sec

  I only can use 3,23Gbits of 10Gbits. I use the virtio driver for all
  of my vms, but I have also tried to use the e1000 nic device instead.

  With starting the iperf performance test on multiple vms
  simultaneously I can use the full bandwidth of the kvm host's
  interface. But only one vm can't use the full bandwith. Is this a
  known limitation, or can I improve this performance?

  Does anyone have an idea how I can improve my network performance?
  It's very important, because I want to use the network interface to
  boot all vms via AOE (ATA over Ethernet).

  If I mount a harddisk via AOE inside a vm I get only this results:
  Write |CPU |Rewrite |CPU |Read |CPU
  102440 |10 |51343 |5 |104249 |3

  On the KVM Host I get those results on a mouted AOE Device:
  Write |CPU |Rewrite |CPU |Read |CPU
  205597 |19 |139118 |11 |391316 |11

  If I mount the AOE Device directly on the kvm-host and put a virtual 
harddisk-file in it I got the following results inside a vm using this 
harddisk-file:
  Write |CPU |Rewrite |CPU |Read |CPU
  175140 |12 |136113 |24 |599989 |29

  I have just tested vhost_net, but without success.
  I have upgraded my kernel to 2.6.35-6 with vhost_net support and have
  installed the qemu-kvm version from
  git://git.kernel.org/pub/scm/linux/kernel/git/mst/qemu-kvm.git (0.12.50)
  But I still have the same results as before.

  I had already posted my problem into a few forums, but still got no
  reply.

  I would feel very happy if someone can help me.

  best regards

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/602336/+subscriptions

Re: [Qemu-devel] [PATCH v2 5/6] target-ppc: add vprtyb[w/d/q] instructions

[David Gibson]

On Wed, Oct 26, 2016 at 11:56:28AM +0530, Nikunj A Dadhania wrote:
> From: Ankit Kumar 
> 
> Add following POWER ISA 3.0 instructions.
> vprtybw: Vector Parity Byte Word
> vprtybd: Vector Parity Byte Double Word
> vprtybq: Vector Parity Byte Quad Word
> 
> Signed-off-by: Ankit Kumar 
> Signed-off-by: Nikunj A Dadhania 
> ---
>  target-ppc/helper.h |  3 +++
>  target-ppc/int_helper.c | 31 +++
>  target-ppc/translate/vmx-impl.inc.c |  3 +++
>  target-ppc/translate/vmx-ops.inc.c  |  4 
>  4 files changed, 41 insertions(+)
> 
> diff --git a/target-ppc/helper.h b/target-ppc/helper.h
> index d6ee26e..7d42f99 100644
> --- a/target-ppc/helper.h
> +++ b/target-ppc/helper.h
> @@ -223,6 +223,9 @@ DEF_HELPER_3(vsro, void, avr, avr, avr)
>  DEF_HELPER_3(vsrv, void, avr, avr, avr)
>  DEF_HELPER_3(vslv, void, avr, avr, avr)
>  DEF_HELPER_3(vaddcuw, void, avr, avr, avr)
> +DEF_HELPER_2(vprtybw, void, avr, avr)
> +DEF_HELPER_2(vprtybd, void, avr, avr)
> +DEF_HELPER_2(vprtybq, void, avr, avr)
>  DEF_HELPER_3(vsubcuw, void, avr, avr, avr)
>  DEF_HELPER_2(lvsl, void, avr, tl)
>  DEF_HELPER_2(lvsr, void, avr, tl)
> diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
> index 0fd92ed..358 100644
> --- a/target-ppc/int_helper.c
> +++ b/target-ppc/int_helper.c
> @@ -527,6 +527,37 @@ void helper_vaddcuw(ppc_avr_t *r, ppc_avr_t *a, 
> ppc_avr_t *b)
>  }
>  }
>  
> +/* vprtyb[w/d] */
> +#define VPRTYB(name, element)   \
> +void glue(helper_, name)(ppc_avr_t *r, ppc_avr_t *b)\
> +{   \
> +int i, j;   \
> +uint8_t s;  \
> +int nr_b = sizeof(b->element[0]) / sizeof(b->u8[0]);\
> +for (i = 0; i < ARRAY_SIZE(r->element); i++) {  \
> +s = 0;  \
> +for (j = i * nr_b; j < (i + 1) * nr_b; j++) {   \
> +s ^= (b->u8[j] & 1);\
> +}   \
> +r->element[i] = (!s) ? 0 : 1;   \
> +}   \
> +}
> +VPRTYB(vprtybw, u32)
> +VPRTYB(vprtybd, u64)
> +#undef VPTRYB
> +
> +/* vprtybq */
> +void helper_vprtybq(ppc_avr_t *r, ppc_avr_t *b)
> +{
> +int i;
> +uint8_t s = 0;
> +for (i = 0; i < 16; i++) {
> +s ^= (b->u8[i] & 1);
> +}
> +r->u64[LO_IDX] = (!s) ? 0 : 1;
> +r->u64[HI_IDX] = 0;
> +}
> +

I think you can implement these better.  First mask with 0x01010101
(of the appropriate length) to extract the LSB bits of each byte.
Then XOR the two halves together, then quarters and so forth,
ln2(size) times to arrive at the parity.  This is similar to the usual
Hamming weight implementation.

>  #define VARITH_DO(name, op, element)\
>  void helper_v##name(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)   \
>  {   \
> diff --git a/target-ppc/translate/vmx-impl.inc.c 
> b/target-ppc/translate/vmx-impl.inc.c
> index 500c43f..e1d0897 100644
> --- a/target-ppc/translate/vmx-impl.inc.c
> +++ b/target-ppc/translate/vmx-impl.inc.c
> @@ -705,6 +705,9 @@ GEN_VXFORM_NOA_ENV(vrfim, 5, 11);
>  GEN_VXFORM_NOA_ENV(vrfin, 5, 8);
>  GEN_VXFORM_NOA_ENV(vrfip, 5, 10);
>  GEN_VXFORM_NOA_ENV(vrfiz, 5, 9);
> +GEN_VXFORM_NOA(vprtybw, 1, 24);
> +GEN_VXFORM_NOA(vprtybd, 1, 24);
> +GEN_VXFORM_NOA(vprtybq, 1, 24);
>  
>  #define GEN_VXFORM_SIMM(name, opc2, opc3)   \
>  static void glue(gen_, name)(DisasContext *ctx)  
>\
> diff --git a/target-ppc/translate/vmx-ops.inc.c 
> b/target-ppc/translate/vmx-ops.inc.c
> index a5ad4d4..c631780 100644
> --- a/target-ppc/translate/vmx-ops.inc.c
> +++ b/target-ppc/translate/vmx-ops.inc.c
> @@ -122,6 +122,10 @@ GEN_VXFORM_300(vslv, 2, 29),
>  GEN_VXFORM(vslo, 6, 16),
>  GEN_VXFORM(vsro, 6, 17),
>  GEN_VXFORM(vaddcuw, 0, 6),
> +GEN_HANDLER_E_2(vprtybw, 0x4, 0x1, 0x18, 8, 0, PPC_NONE, PPC2_ISA300),
> +GEN_HANDLER_E_2(vprtybd, 0x4, 0x1, 0x18, 9, 0, PPC_NONE, PPC2_ISA300),
> +GEN_HANDLER_E_2(vprtybq, 0x4, 0x1, 0x18, 10, 0, PPC_NONE, PPC2_ISA300),
> +
>  GEN_VXFORM(vsubcuw, 0, 22),
>  GEN_VXFORM_DUAL(vaddubs, vmul10uq, 0, 8, PPC_ALTIVEC, PPC_NONE),
>  GEN_VXFORM_DUAL(vadduhs, vmul10euq, 0, 9, PPC_ALTIVEC, PPC_NONE),

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [Bug 1315747] Re: Qemu on Windows

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1315747

Title:
  Qemu on Windows

Status in QEMU:
  Expired

Bug description:
  I have a problem with the latest snapshot from
  http://qemu.weilnetz.de/.  Where should I raise it?  Here?  It's not
  clear to me that I should do it since that's probably an unsupported
  build, whereas there is no support forum or e-mail address on that
  website.

  THanks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1315747/+subscriptions

[Qemu-devel] [Bug 1033494] Re: qemu-system-x86_64 segfaults with kernel 3.5.0

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1033494

Title:
  qemu-system-x86_64 segfaults with kernel 3.5.0

Status in QEMU:
  Expired

Bug description:
  qemu-kvm 1.1.1 stable is running fine for me with RHEL 6 2.6.32 based
  kernel.

  But with 3.5.0 kernel qemu-system-x86_64 segfaults while i'm trying to
  install ubuntu 12.04 server reproducable.

  You find three backtraces here:
  http://pastebin.com/raw.php?i=xCy2pEcP

  Stefan

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1033494/+subscriptions

[Qemu-devel] [Bug 588735] Re: Quit command not working

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/588735

Title:
  Quit command not working

Status in QEMU:
  Expired

Bug description:
  Qemu strace


  rt_sigreturn(0x1b)  = 56
  clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, 
child_tidptr=0x7f6fddecbad0) = ? ERESTARTNOINTR (To be restarted)
  --- SIGPROF (Profiling timer expired) @ 0 (0) ---
  rt_sigreturn(0x1b)  = 56

  
  started with :

  [root@virtual-test ~]# /root/qemu-test/qemu-kvm/x86_64-softmmu/qemu-
  system-x86_64 -net tap,vlan=0,name=tap.0 -chardev
  socket,id=serial0,host=0.0.0.0,port=$CONSOLEPORT,telnet,server,nowait
  -serial chardev:serial0 -hda hda -hdb hdb -hdc hdc -hdd hdd -fda fd0
  -fdb fd1 -chardev
  socket,id=monitor,host=0.0.0.0,port=$MONITORPORT,telnet,server,nowait
  -monitor chardev:monitor -net
  nic,macaddr=$MAC,vlan=0,model=e1000,name=e1000.0 -M pc -m 4096

  when removing -m 4096, the quit command works.

  but I think its a combination of different args that causes the
  problem.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/588735/+subscriptions

Re: [Qemu-devel] [PATCH v2 0/6] spapr: dedicated hotplug events and memory unplug support

[David Gibson]

On Wed, Oct 26, 2016 at 04:59:19PM -0500, Michael Roth wrote:
> This series is based on David's ppc-for-2.8 branch, and is also available 
> from:
> 
>   https://github.com/mdroth/qemu/commits/spapr-hotplug-event-update

Applied to ppc-for-2.8.

> 
> Changes since v1:
>   * Rebased on latest ppc-for-2.8
>   * Dropped patches relating to option vector manipulation (now merged)
>   * Moved patch introducing modern-hotplug-events option to come after
> that actual implementation of modern-hotplug-events support. (David)
>   * Removed uneeded source name string from sPAPREventSource in favor of
> manual lookup of the name when creating DT. (David)
>   * Don't split function return signatures across lines (David)
>   * Add comment to clarify hotplug events being enabled regardless
> of CAS-negotiation.
>   * Avoid unecessary initialization of hotplug_ctrl in
> spapr_lmb_release. (David)
> 
> Changes since RFC:
>   * Rebased on latest ppc-for-2.8 (with DT refactoring)
>   * Submitting as v1 now that PAPR Hotplug ACR is committed
>   * address Patchew warnings
>   * add comments to clarify spapr->ov5/ov5_cas usage. (David)
>   * revise comment to clarify intent when setting spapr->ov5
> OV5_HP_EVT bit. (Bharata)
>   * drop internal usage of spapr_ovec_from_bitmap() in favor of
> directly assigning bitmap to sPAPROptionVector instances. (David)
>   * standardize meaning of 'vector_len' variable through spapr_ovec_*
> functions to be the byte-wise length of option vectors entries,
> and not including the preceeding length byte itself. (David)
>   * fix spapr_ovec_populate_dt() to parse up to OV_MAXBITS bits
> rather than OV_MAXBITS - 1. (David)
>   * fix spapr_ovec_populate_dt() encode the minimum of 1 option
> vector byte instead of the max of OV_MAXBYTES in cases where
> no option bits are set. (David)
>   * add some comments to spapr_ovec_populate_dt() to clarify what
> is being encoded into length byte of ibm,architecture-vec-5
>   * switch 'legacy-hotplug-events' option to
> 'modern-hotplug-events' (David)
>   * modify rtas_event_log_to_source() to check for OV5_HP_EVT
> option rather than relying on whether the hotplug source is
> specifically enabled. Assert the latter in cases where
> OV5_HP_EVT is set. (Bharata)
>   * drop global EventSource list in favor of an sPAPREventSource
> list field within sPAPRMachineState (David)
>   * add CPU unplug hook in mc->unplug_request (Bharata)
> 
> 
> Patches 1-4 add support for an updated event format for hotplug events,
> which includes a new way to specify a range of DRCs/LMBs to hotplug/unplug
> using a starting position and count, which is necessary for memory unplug.
> 
> Patches 5-6 add support for memory unplug using the new event format.
> 
> In addition to kernel 4.8 or later, there are a number of patches required
> to enable support on the guest kernel side. I've including the minimum set
> of patches in my branch here:
> 
>https://github.com/mdroth/linux/commits/spapr-hotplug-event-update
> 
>*powerpc/pseries: advertise Hot Plug Event support to firmware
>powerpc/pseries: Implement indexed-count hotplug memory remove
>powerpc/pseries: Implement indexed-count hotplug memory add
> 
> Note that there is currently an issue that arises when attempting to
> offline an LMB that was onlined using a guest kernel's auto-onlining
> mechanism, which can prevent full completion of memory unplug requests.
> This is being investigated, but for the purposes of testing this can
> be worked around currently by disabling auto-onlining in guests via:
> 
>   "echo offline >/sys/devices/system/memory/auto_online_blocks"
> 
> and instead onlining the blocks manually or via udev.
> 
>  docs/specs/ppc-spapr-hotplug.txt |  55 +++--
>  hw/ppc/spapr.c   | 178 
> +-
>  hw/ppc/spapr_drc.c   |  17 +++
>  hw/ppc/spapr_events.c| 278 
> +++---
>  include/hw/ppc/spapr.h   |  10 --
>  include/hw/ppc/spapr_ovec.h  |   1 +
>  6 files changed, 469 insertions(+), 70 deletions(-)
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [Bug 1298442] Re: build problem in qemu-2.0.0-rc0 No rule to make target `trace/generated-events.h'

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1298442

Title:
  build problem in qemu-2.0.0-rc0 No rule to make target `trace
  /generated-events.h'

Status in QEMU:
  Expired

Bug description:
  With qemu-2.0.0-rc0 on CentOS release 5.7 (Final) I get

  make: *** No rule to make target `trace/generated-events.h', needed by
  `Makefile'.  Stop.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1298442/+subscriptions

Re: [Qemu-devel] [PATCH v2 1/6] target-ppc: add xscmp[eq, gt, ge, ne]dp instructions

[David Gibson]

On Wed, Oct 26, 2016 at 11:56:24AM +0530, Nikunj A Dadhania wrote:
> From: Sandipan Das 
> 
> xscmpeqdp: VSX Scalar Compare Equal Double-Precision
> xscmpgedp: VSX Scalar Compare Greater Than or Equal Double-Precision
> xscmpgtdp: VSX Scalar Compare Greater Than Double-Precision
> xscmpnedp: VSX Scalar Compare Not Equal Double-Precision
> 
> Signed-off-by: Sandipan Das 
> Signed-off-by: Nikunj A Dadhania 

Applied to ppc-for-2.8.

> ---
>  target-ppc/fpu_helper.c | 52 
> +
>  target-ppc/helper.h |  4 +++
>  target-ppc/translate/vsx-impl.inc.c |  4 +++
>  target-ppc/translate/vsx-ops.inc.c  |  4 +++
>  4 files changed, 64 insertions(+)
> 
> diff --git a/target-ppc/fpu_helper.c b/target-ppc/fpu_helper.c
> index b0760f0..4906372 100644
> --- a/target-ppc/fpu_helper.c
> +++ b/target-ppc/fpu_helper.c
> @@ -2362,6 +2362,58 @@ VSX_MADD(xvnmaddmsp, 4, float32, VsrW(i), NMADD_FLGS, 
> 0, 0, 0)
>  VSX_MADD(xvnmsubasp, 4, float32, VsrW(i), NMSUB_FLGS, 1, 0, 0)
>  VSX_MADD(xvnmsubmsp, 4, float32, VsrW(i), NMSUB_FLGS, 0, 0, 0)
>  
> +/* VSX_SCALAR_CMP_DP - VSX scalar floating point compare double precision
> + *   op- instruction mnemonic
> + *   cmp   - comparison operation
> + *   exp   - expected result of comparison
> + *   svxvc - set VXVC bit
> + */
> +#define VSX_SCALAR_CMP_DP(op, cmp, exp, svxvc)   
>  \
> +void helper_##op(CPUPPCState *env, uint32_t opcode)  
>  \
> +{
>  \
> +ppc_vsr_t xt, xa, xb;
>  \
> +bool vxsnan_flag = false, vxvc_flag = false, vex_flag = false;   
>  \
> + 
>  \
> +getVSR(xA(opcode), , env);
>  \
> +getVSR(xB(opcode), , env);
>  \
> +getVSR(xT(opcode), , env);
>  \
> + 
>  \
> +if (float64_is_signaling_nan(xa.VsrD(0), >fp_status) || 
>  \
> +float64_is_signaling_nan(xb.VsrD(0), >fp_status)) { 
>  \
> +vxsnan_flag = true;  
>  \
> +if (fpscr_ve == 0 && svxvc) {
>  \
> +vxvc_flag = true;
>  \
> +}
>  \
> +} else if (svxvc) {  
>  \
> +vxvc_flag = float64_is_quiet_nan(xa.VsrD(0), >fp_status) || 
>  \
> +float64_is_quiet_nan(xb.VsrD(0), >fp_status);   
>  \
> +}
>  \
> +if (vxsnan_flag) {   
>  \
> +float_invalid_op_excp(env, POWERPC_EXCP_FP_VXSNAN, 0);   
>  \
> +}
>  \
> +if (vxvc_flag) { 
>  \
> +float_invalid_op_excp(env, POWERPC_EXCP_FP_VXVC, 0); 
>  \
> +}
>  \
> +vex_flag = fpscr_ve && (vxvc_flag || vxsnan_flag);   
>  \
> + 
>  \
> +if (!vex_flag) { 
>  \
> +if (float64_##cmp(xb.VsrD(0), xa.VsrD(0), >fp_status) == exp) { 
>  \
> +xt.VsrD(0) = -1; 
>  \
> +xt.VsrD(1) = 0;  
>  \
> +} else { 
>  \
> +xt.VsrD(0) = 0;  
>  \
> +xt.VsrD(1) = 0;  
>  \
> +}
>  \
> +}
>  \
> +putVSR(xT(opcode), , env);
>  \
> +helper_float_check_status(env);  
>  \
> +}
> +
> +VSX_SCALAR_CMP_DP(xscmpeqdp, eq, 1, 0)
> +VSX_SCALAR_CMP_DP(xscmpgedp, le, 1, 1)
> +VSX_SCALAR_CMP_DP(xscmpgtdp, lt, 1, 1)
> +VSX_SCALAR_CMP_DP(xscmpnedp, eq, 0, 0)
> +
>  #define VSX_SCALAR_CMP(op, ordered)  \
>  void 

Re: [Qemu-devel] [PATCH qemu] configure, ppc64: Copy skiboot.lid to build directory when configuring

[David Gibson]

On Wed, Oct 26, 2016 at 01:18:03PM +1100, Alexey Kardashevskiy wrote:
> When configured to compile out of tree, the configure script
> copies BIOS blobs to the build directory. However since the PPC64 powernv
> machine ROM has .lid extension, it is ignored and "make check" fails
> when trying the powernv machine.
> 
> This adds *.lid to the list of copied blobs.
> 
> Signed-off-by: Alexey Kardashevskiy 

Applied to ppc-for-2.8, thanks.

> ---
>  configure | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/configure b/configure
> index d3dafcb..300b0cb 100755
> --- a/configure
> +++ b/configure
> @@ -6071,6 +6071,7 @@ FILES="$FILES roms/seabios/Makefile 
> roms/vgabios/Makefile"
>  FILES="$FILES pc-bios/qemu-icon.bmp"
>  for bios_file in \
>  $source_path/pc-bios/*.bin \
> +$source_path/pc-bios/*.lid \
>  $source_path/pc-bios/*.aml \
>  $source_path/pc-bios/*.rom \
>  $source_path/pc-bios/*.dtb \

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-ppc] [PATCH 14/15] target-ppc: Use tcg_gen_extract_*

[David Gibson]

On Wed, Oct 26, 2016 at 08:38:06AM -0700, Richard Henderson wrote:
> On 10/25/2016 07:59 PM, David Gibson wrote:
> > On Sat, Oct 15, 2016 at 08:37:49PM -0700, Richard Henderson wrote:
> >> Use the new primitives for RDWINM and RLDICL.
> >>
> >> Cc: qemu-...@nongnu.org
> >> Signed-off-by: Richard Henderson 
> >> ---
> >>  target-ppc/translate.c | 9 -
> >>  1 file changed, 4 insertions(+), 5 deletions(-)
> >>
> >> diff --git a/target-ppc/translate.c b/target-ppc/translate.c
> >> index bfc1301..724d95c 100644
> >> --- a/target-ppc/translate.c
> >> +++ b/target-ppc/translate.c
> >> @@ -1977,9 +1977,8 @@ static void gen_rlwinm(DisasContext *ctx)
> >>  if (mb == 0 && me == (31 - sh)) {
> >>  tcg_gen_shli_tl(t_ra, t_rs, sh);
> >>  tcg_gen_ext32u_tl(t_ra, t_ra);
> >> -} else if (sh != 0 && me == 31 && sh == (32 - mb)) {
> >> -tcg_gen_ext32u_tl(t_ra, t_rs);
> >> -tcg_gen_shri_tl(t_ra, t_ra, mb);
> >> +} else if (me == 31 && (me - mb + 1) + sh <= 32) {
> > 
> > I'm having trouble figuring out what the second part of this condition
> > is supposed to be checking for, and it seems like it's too
> > restrictive.
> > 
> > For example, everything except the LSB of a word would be:
> > rlwnim rT,rA,31,1,31
> > which would fail the test, but it should be fine to implement that
> > with an extract op.
> 
> It was confusing to me too, which is why I rearranged this in the v2 of this
> patchset.  To which thread you also responded yesterday, so...

Ah, sorry.  Because I missed it originally, I only had your ping, not
the actual v2 series in my inbox.  When I went back through my archive
to find it, I accidentally picked up v1 instead of v2.

> 
> Anyway, in v2 this looks like
> 
> if (sh != 0 && len > 0 && me == (31 - sh)) {
> tcg_gen_deposit_z_tl(t_ra, t_rs, sh, len);
> } else if (me == 31 && rsh + len <= 32) {
> tcg_gen_extract_tl(t_ra, t_rs, rsh, len);
> } else {
> 
> Basically, we're trying to match those combinations of rotate+mask that can be
> implemented with shifts instead of real rotations.  That is, the mask doesn't
> follow the rotate around the end of the word.

Ok, that looks correct, the change frm sh to rsh is the fix, I think.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [Bug 1090558] Re: hw/mc146818: error reading RTC_HOURS_ALARM

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1090558

Title:
  hw/mc146818: error reading RTC_HOURS_ALARM

Status in QEMU:
  Expired

Bug description:
  get_next_alarm() doesn't read the RTC_HOURS_ALARM field correctly.

  - Bit 7 must be masked before conversion from BCD.
  - Care must be taken to check the don't care condition before masking.
  - The PM bit must be read from RTC_HOURS_ALARM, not from RTC_HOURS (as is 
done in convert_hour()).

  Seen in commit e376a788ae130454ad5e797f60cb70d0308babb6.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1090558/+subscriptions

Re: [Qemu-devel] [PATCH v5 11/17] ppc/xics: Add "native" XICS subclass

[David Gibson]

On Wed, Oct 26, 2016 at 09:13:18AM +0200, Cédric Le Goater wrote:
> On 10/25/2016 07:08 AM, David Gibson wrote:
> > On Sat, Oct 22, 2016 at 11:46:44AM +0200, Cédric Le Goater wrote:
> >> This provides access to the MMIO based Interrupt Presentation
> >> Controllers (ICP) as found on a POWER8 system.
> >>
> >> A new XICSNative class is introduced to hold the MMIO region of the
> >> ICPs. Each thread of the system has a subregion, indexed by its PIR
> >> number, holding a XIVE (External Interrupt Vector Entry). This
> >> provides a mean to make the link with the ICPState of the CPU.
> >>
> >> Signed-off-by: Cédric Le Goater 
> >> ---
> >>
> >>  Changes since v4:
> >>
> >>  - replaced the pir_table by memory subregions using an ICP. 
> >>  - removed the find_icp() and cpu_setup() handlers which became
> >>useless with the memory regions.
> >>  - removed the superfluous inits done in xics_native_initfn. This is
> >>covered in the parent class init.
> >>  - took ownership of the patch.
> >>
> >>  default-configs/ppc64-softmmu.mak |   3 +-
> >>  hw/intc/Makefile.objs |   1 +
> >>  hw/intc/xics_native.c | 304 
> >> ++
> >>  include/hw/ppc/pnv.h  |  19 +++
> >>  include/hw/ppc/xics.h |  24 +++
> >>  5 files changed, 350 insertions(+), 1 deletion(-)
> >>  create mode 100644 hw/intc/xics_native.c
> >>
> >> diff --git a/default-configs/ppc64-softmmu.mak 
> >> b/default-configs/ppc64-softmmu.mak
> >> index 67a9bcaa67fa..a22c93a48686 100644
> >> --- a/default-configs/ppc64-softmmu.mak
> >> +++ b/default-configs/ppc64-softmmu.mak
> >> @@ -48,8 +48,9 @@ CONFIG_PLATFORM_BUS=y
> >>  CONFIG_ETSEC=y
> >>  CONFIG_LIBDECNUMBER=y
> >>  # For pSeries
> >> -CONFIG_XICS=$(CONFIG_PSERIES)
> >> +CONFIG_XICS=$(or $(CONFIG_PSERIES),$(CONFIG_POWERNV))
> >>  CONFIG_XICS_SPAPR=$(CONFIG_PSERIES)
> >> +CONFIG_XICS_NATIVE=$(CONFIG_POWERNV)
> >>  CONFIG_XICS_KVM=$(and $(CONFIG_PSERIES),$(CONFIG_KVM))
> >>  # For PReP
> >>  CONFIG_MC146818RTC=y
> >> diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs
> >> index 2f44a2da26e9..e44a29d75b32 100644
> >> --- a/hw/intc/Makefile.objs
> >> +++ b/hw/intc/Makefile.objs
> >> @@ -34,6 +34,7 @@ obj-$(CONFIG_RASPI) += bcm2835_ic.o bcm2836_control.o
> >>  obj-$(CONFIG_SH4) += sh_intc.o
> >>  obj-$(CONFIG_XICS) += xics.o
> >>  obj-$(CONFIG_XICS_SPAPR) += xics_spapr.o
> >> +obj-$(CONFIG_XICS_NATIVE) += xics_native.o
> >>  obj-$(CONFIG_XICS_KVM) += xics_kvm.o
> >>  obj-$(CONFIG_ALLWINNER_A10_PIC) += allwinner-a10-pic.o
> >>  obj-$(CONFIG_S390_FLIC) += s390_flic.o
> >> diff --git a/hw/intc/xics_native.c b/hw/intc/xics_native.c
> >> new file mode 100644
> >> index ..bbdd786aeb50
> >> --- /dev/null
> >> +++ b/hw/intc/xics_native.c
> >> @@ -0,0 +1,304 @@
> >> +/*
> >> + * QEMU PowerPC PowerNV machine model
> >> + *
> >> + * Native version of ICS/ICP
> >> + *
> >> + * Copyright (c) 2016, IBM Corporation.
> >> + *
> >> + * This library is free software; you can redistribute it and/or
> >> + * modify it under the terms of the GNU Lesser General Public
> >> + * License as published by the Free Software Foundation; either
> >> + * version 2 of the License, or (at your option) any later version.
> >> + *
> >> + * This library is distributed in the hope that it will be useful,
> >> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> >> + * Lesser General Public License for more details.
> >> + *
> >> + * You should have received a copy of the GNU Lesser General Public
> >> + * License along with this library; if not, see 
> >> .
> >> + */
> >> +
> >> +#include "qemu/osdep.h"
> >> +#include "qapi/error.h"
> >> +#include "qemu-common.h"
> >> +#include "cpu.h"
> >> +#include "hw/hw.h"
> >> +#include "qemu/log.h"
> >> +#include "qapi/error.h"
> >> +
> >> +#include "hw/ppc/fdt.h"
> >> +#include "hw/ppc/xics.h"
> >> +#include "hw/ppc/pnv.h"
> >> +
> >> +#include 
> >> +
> >> +static void xics_native_reset(void *opaque)
> >> +{
> >> +device_reset(DEVICE(opaque));
> >> +}
> >> +
> >> +static void xics_native_initfn(Object *obj)
> >> +{
> >> +qemu_register_reset(xics_native_reset, obj);
> >> +}
> > 
> > I think we need to investigate why the xics native is not showing up
> > on the SysBus.  As a "raw" MMIO device, it really should. 
> 
> Well, it has sysbus mmio region, but it is not created with qdev_create(...) 
> so it is not under sysbus and the reset does not get called. That is my
> understanding of the problem.
> 
> May be we shouldn't be using a sysbus mmio region ?  

Yeah, maybe not.  We don't really fit the sysbus model well.

I do kind of wonder if the xics object should be an mmio device at
all, or if just the individual ICPs should be.  But that might make
for more trouble.

> > If it was, device_reset should be called without these shenannigans.
> 
> yes.
> 
> 
> 

Re: [Qemu-devel] [PATCH v2 6/6] target-ppc: Add xvcmpnesp, xvcmpnedp instructions

[David Gibson]

On Wed, Oct 26, 2016 at 11:56:29AM +0530, Nikunj A Dadhania wrote:
> From: Swapnil Bokade 
> 
> xvcmpnedp[.]: VSX Vector Compare Not Equal Double-Precision
> xvcmpnesp[.]: VSX Vector Compare Not Equal Single-Precision
> 
> Signed-off-by: Swapnil Bokade 
> Signed-off-by: Nikunj A Dadhania 

Applied to ppc-for-2.8

> ---
>  target-ppc/fpu_helper.c | 19 +++
>  target-ppc/helper.h |  2 ++
>  target-ppc/translate/vsx-impl.inc.c |  2 ++
>  target-ppc/translate/vsx-ops.inc.c  |  2 ++
>  4 files changed, 17 insertions(+), 8 deletions(-)
> 
> diff --git a/target-ppc/fpu_helper.c b/target-ppc/fpu_helper.c
> index 4906372..8a389e1 100644
> --- a/target-ppc/fpu_helper.c
> +++ b/target-ppc/fpu_helper.c
> @@ -2497,8 +2497,9 @@ VSX_MAX_MIN(xvminsp, minnum, 4, float32, VsrW(i))
>   *   fld   - vsr_t field (VsrD(*) or VsrW(*))
>   *   cmp   - comparison operation
>   *   svxvc - set VXVC bit
> + *   exp   - expected result of comparison
>   */
> -#define VSX_CMP(op, nels, tp, fld, cmp, svxvc)\
> +#define VSX_CMP(op, nels, tp, fld, cmp, svxvc, exp)   \
>  void helper_##op(CPUPPCState *env, uint32_t opcode)   \
>  { \
>  ppc_vsr_t xt, xa, xb; \
> @@ -2523,7 +2524,7 @@ void helper_##op(CPUPPCState *env, uint32_t opcode) 
>   \
>  xt.fld = 0;   \
>  all_true = 0; \
>  } else {  \
> -if (tp##_##cmp(xb.fld, xa.fld, >fp_status) == 1) {   \
> +if (tp##_##cmp(xb.fld, xa.fld, >fp_status) == exp) { \
>  xt.fld = -1;  \
>  all_false = 0;\
>  } else {  \
> @@ -2540,12 +2541,14 @@ void helper_##op(CPUPPCState *env, uint32_t opcode)   
> \
>  float_check_status(env);  \
>   }
>  
> -VSX_CMP(xvcmpeqdp, 2, float64, VsrD(i), eq, 0)
> -VSX_CMP(xvcmpgedp, 2, float64, VsrD(i), le, 1)
> -VSX_CMP(xvcmpgtdp, 2, float64, VsrD(i), lt, 1)
> -VSX_CMP(xvcmpeqsp, 4, float32, VsrW(i), eq, 0)
> -VSX_CMP(xvcmpgesp, 4, float32, VsrW(i), le, 1)
> -VSX_CMP(xvcmpgtsp, 4, float32, VsrW(i), lt, 1)
> +VSX_CMP(xvcmpeqdp, 2, float64, VsrD(i), eq, 0, 1)
> +VSX_CMP(xvcmpgedp, 2, float64, VsrD(i), le, 1, 1)
> +VSX_CMP(xvcmpgtdp, 2, float64, VsrD(i), lt, 1, 1)
> +VSX_CMP(xvcmpnedp, 2, float64, VsrD(i), eq, 0, 0)
> +VSX_CMP(xvcmpeqsp, 4, float32, VsrW(i), eq, 0, 1)
> +VSX_CMP(xvcmpgesp, 4, float32, VsrW(i), le, 1, 1)
> +VSX_CMP(xvcmpgtsp, 4, float32, VsrW(i), lt, 1, 1)
> +VSX_CMP(xvcmpnesp, 4, float32, VsrW(i), eq, 0, 0)
>  
>  /* VSX_CVT_FP_TO_FP - VSX floating point/floating point conversion
>   *   op- instruction mnemonic
> diff --git a/target-ppc/helper.h b/target-ppc/helper.h
> index 7d42f99..201a8cf 100644
> --- a/target-ppc/helper.h
> +++ b/target-ppc/helper.h
> @@ -461,6 +461,7 @@ DEF_HELPER_2(xvmindp, void, env, i32)
>  DEF_HELPER_2(xvcmpeqdp, void, env, i32)
>  DEF_HELPER_2(xvcmpgedp, void, env, i32)
>  DEF_HELPER_2(xvcmpgtdp, void, env, i32)
> +DEF_HELPER_2(xvcmpnedp, void, env, i32)
>  DEF_HELPER_2(xvcvdpsp, void, env, i32)
>  DEF_HELPER_2(xvcvdpsxds, void, env, i32)
>  DEF_HELPER_2(xvcvdpsxws, void, env, i32)
> @@ -498,6 +499,7 @@ DEF_HELPER_2(xvminsp, void, env, i32)
>  DEF_HELPER_2(xvcmpeqsp, void, env, i32)
>  DEF_HELPER_2(xvcmpgesp, void, env, i32)
>  DEF_HELPER_2(xvcmpgtsp, void, env, i32)
> +DEF_HELPER_2(xvcmpnesp, void, env, i32)
>  DEF_HELPER_2(xvcvspdp, void, env, i32)
>  DEF_HELPER_2(xvcvspsxds, void, env, i32)
>  DEF_HELPER_2(xvcvspsxws, void, env, i32)
> diff --git a/target-ppc/translate/vsx-impl.inc.c 
> b/target-ppc/translate/vsx-impl.inc.c
> index bf167d0..5a27be4 100644
> --- a/target-ppc/translate/vsx-impl.inc.c
> +++ b/target-ppc/translate/vsx-impl.inc.c
> @@ -685,6 +685,7 @@ GEN_VSX_HELPER_2(xvmindp, 0x00, 0x1D, 0, PPC2_VSX)
>  GEN_VSX_HELPER_2(xvcmpeqdp, 0x0C, 0x0C, 0, PPC2_VSX)
>  GEN_VSX_HELPER_2(xvcmpgtdp, 0x0C, 0x0D, 0, PPC2_VSX)
>  GEN_VSX_HELPER_2(xvcmpgedp, 0x0C, 0x0E, 0, PPC2_VSX)
> +GEN_VSX_HELPER_2(xvcmpnedp, 0x0C, 0x0F, 0, PPC2_ISA300)
>  GEN_VSX_HELPER_2(xvcvdpsp, 0x12, 0x18, 0, PPC2_VSX)
>  GEN_VSX_HELPER_2(xvcvdpsxds, 0x10, 0x1D, 0, PPC2_VSX)
>  GEN_VSX_HELPER_2(xvcvdpsxws, 0x10, 0x0D, 0, PPC2_VSX)
> @@ -722,6 +723,7 @@ GEN_VSX_HELPER_2(xvminsp, 0x00, 0x19, 0, PPC2_VSX)
>  GEN_VSX_HELPER_2(xvcmpeqsp, 0x0C, 0x08, 0, PPC2_VSX)
>  GEN_VSX_HELPER_2(xvcmpgtsp, 0x0C, 0x09, 0, PPC2_VSX)
>  GEN_VSX_HELPER_2(xvcmpgesp, 0x0C, 0x0A, 0, 

Re: [Qemu-devel] [PATCH v5 13/17] ppc/xics: add a xics_get_cpu_index_by_pir helper

[David Gibson]

On Tue, Oct 25, 2016 at 12:58:11PM +0200, Cédric Le Goater wrote:
> On 10/25/2016 07:36 AM, David Gibson wrote:
> > On Sat, Oct 22, 2016 at 11:46:46AM +0200, Cédric Le Goater wrote:
> >> We will need this helper to translate the server number of the XIVE
> >> (which is a PIR) into an ICPState index number (which is a cpu index).
> >>
> >> Signed-off-by: Cédric Le Goater 
> > 
> > Looks correct as far as it goes, but I wonder if this would be more
> > generally useful as a machine level function that searches the cpu
> > objects by PIR, returning a pointer.  From that to the cpu_index is
> > then trivial.
> 
> Well I guess so. The XICSState argument reduces the scope in case of 
> multichip but as this routine is used to initialize the xive registers, 
> it does not need to be fast.

Ahh.. I was thinking of the top-level xics object as global, rather
than per-chip.

Except.. does having it per-chip work anyway?  The server numbers are
globally unique, aren't they?  What happens if you put a server number
from one chip as the target for an ICE on another chip?

The xics object is a bit weird, in that it doesn't represent a real
device in a sense, but is rather something to co-ordinate global
addressing between ICS and ICP units.  Well, I suppose in that sense
it represent the interrupt propagation fabric.

> So you rather have, something like:
> 
>   PowerPCCPU *ppc_get_vcpu_by_pir(int pir);
> 
> similar to  :
> 
>   PowerPCCPU *ppc_get_vcpu_by_dt_id(int cpu_dt_id);
> 
> 
> Thanks,
> 
> C. 
> 
> >> ---
> >>  hw/intc/xics_native.c | 19 +++
> >>  include/hw/ppc/xics.h |  1 +
> >>  2 files changed, 20 insertions(+)
> >>
> >> diff --git a/hw/intc/xics_native.c b/hw/intc/xics_native.c
> >> index bbdd786aeb50..6318862f53fc 100644
> >> --- a/hw/intc/xics_native.c
> >> +++ b/hw/intc/xics_native.c
> >> @@ -33,6 +33,25 @@
> >>  
> >>  #include 
> >>  
> >> +int xics_get_cpu_index_by_pir(XICSState *xics, int pir)
> >> +{
> >> +int i;
> >> +
> >> +for (i = 0; i < xics->nr_servers; i++) {
> >> +ICPState *icp = >ss[i];
> >> +if (icp->cs) {
> >> +PowerPCCPU *cpu = POWERPC_CPU(icp->cs);
> >> +CPUPPCState *env = >env;
> >> +
> >> +if (env->spr_cb[SPR_PIR].default_value == pir) {
> >> +return i;
> >> +}
> >> +}
> >> +}
> >> +
> >> +return -1;
> >> +}
> >> +
> >>  static void xics_native_reset(void *opaque)
> >>  {
> >>  device_reset(DEVICE(opaque));
> >> diff --git a/include/hw/ppc/xics.h b/include/hw/ppc/xics.h
> >> index 911cdd5e549f..beb232e616c5 100644
> >> --- a/include/hw/ppc/xics.h
> >> +++ b/include/hw/ppc/xics.h
> >> @@ -214,6 +214,7 @@ void xics_set_nr_servers(XICSState *xics, uint32_t 
> >> nr_servers,
> >>  
> >>  /* Internal XICS interfaces */
> >>  int xics_get_cpu_index_by_dt_id(int cpu_dt_id);
> >> +int xics_get_cpu_index_by_pir(XICSState *xics, int pir);
> >>  
> >>  void icp_set_cppr(ICPState *icp, uint8_t cppr);
> >>  void icp_set_mfrr(ICPState *icp, uint8_t mfrr);
> > 
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2 2/6] bitops: fix rol/ror when shift is zero

[David Gibson]

On Wed, Oct 26, 2016 at 08:20:10AM -0700, Richard Henderson wrote:
> On 10/25/2016 11:26 PM, Nikunj A Dadhania wrote:
> > All the variants for rol/ror have a bug in case where the shift == 0.
> > For example rol32, would generate:
> > 
> > return (word << 0) | (word >> 32);
> > 
> > Which though works, would be flagged as a runtime error on clang's
> > sanitizer.
> > 
> > Suggested-by: Richard Henderson 
> > Signed-off-by: Nikunj A Dadhania 
> > ---
> >  include/qemu/bitops.h | 16 
> >  1 file changed, 8 insertions(+), 8 deletions(-)
> 
> Reviewed-by: Richard Henderson 

This looks fine to me too, but I'm not sure if it should be going via
my tree or not.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2 4/6] target-ppc: add vrldnm and vrlwnm instructions

[David Gibson]

On Wed, Oct 26, 2016 at 11:56:27AM +0530, Nikunj A Dadhania wrote:
> From: Bharata B Rao 
> 
> vrldnm: Vector Rotate Left Doubleword then AND with Mask
> vrlwnm: Vector Rotate Left Word then AND with Mask
> 
> Signed-off-by: Bharata B Rao 
> Signed-off-by: Nikunj A Dadhania 

Reviewed-by: David Gibson 

With the caveat that I'd like to see the previous patch it's based on
share, rather than duplicate the mask generation with translate.c

> ---
>  disas/ppc.c |  2 ++
>  target-ppc/helper.h |  2 ++
>  target-ppc/int_helper.c | 14 ++
>  target-ppc/translate/vmx-impl.inc.c |  6 ++
>  target-ppc/translate/vmx-ops.inc.c  |  4 ++--
>  5 files changed, 22 insertions(+), 6 deletions(-)
> 
> diff --git a/disas/ppc.c b/disas/ppc.c
> index 32f0d8d..bd05623 100644
> --- a/disas/ppc.c
> +++ b/disas/ppc.c
> @@ -2287,7 +2287,9 @@ const struct powerpc_opcode powerpc_opcodes[] = {
>  { "vrlw",  VX(4,  132), VX_MASK, PPCVEC, { VD, VA, VB } },
>  { "vrsqrtefp", VX(4,  330), VX_MASK, PPCVEC, { VD, VB } },
>  { "vrldmi",VX(4,  197), VX_MASK,PPCVEC, { VD, VA, VB } },
> +{ "vrldnm",VX(4,  453), VX_MASK,PPCVEC, { VD, VA, VB } },
>  { "vrlwmi",VX(4,  133), VX_MASK,PPCVEC, { VD, VA, VB} },
> +{ "vrlwnm",VX(4,  389), VX_MASK,PPCVEC, { VD, VA, VB } },
>  { "vsel",  VXA(4,  42), VXA_MASK,PPCVEC, { VD, VA, VB, 
> VC } },
>  { "vsl",   VX(4,  452), VX_MASK, PPCVEC, { VD, VA, VB } },
>  { "vslb",  VX(4,  260), VX_MASK, PPCVEC, { VD, VA, VB } },
> diff --git a/target-ppc/helper.h b/target-ppc/helper.h
> index 9fb8f0d..d6ee26e 100644
> --- a/target-ppc/helper.h
> +++ b/target-ppc/helper.h
> @@ -327,6 +327,8 @@ DEF_HELPER_3(vrefp, void, env, avr, avr)
>  DEF_HELPER_3(vrsqrtefp, void, env, avr, avr)
>  DEF_HELPER_3(vrlwmi, void, avr, avr, avr)
>  DEF_HELPER_3(vrldmi, void, avr, avr, avr)
> +DEF_HELPER_3(vrldnm, void, avr, avr, avr)
> +DEF_HELPER_3(vrlwnm, void, avr, avr, avr)
>  DEF_HELPER_5(vmaddfp, void, env, avr, avr, avr, avr)
>  DEF_HELPER_5(vnmsubfp, void, env, avr, avr, avr, avr)
>  DEF_HELPER_3(vexptefp, void, env, avr, avr)
> diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
> index b54cd7c..0fd92ed 100644
> --- a/target-ppc/int_helper.c
> +++ b/target-ppc/int_helper.c
> @@ -1741,7 +1741,7 @@ static inline uint##size##_t 
> mask_u##size(uint##size##_t start, \
>  MASK(32, UINT32_MAX);
>  MASK(64, UINT64_MAX);
>  
> -#define VRLMI(name, size, element)\
> +#define VRLMI(name, size, element, insert)\
>  void helper_##name(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)  \
>  { \
>  int i;\
> @@ -1756,12 +1756,18 @@ void helper_##name(ppc_avr_t *r, ppc_avr_t *a, 
> ppc_avr_t *b)  \
>  begin = extract##size(src2, 16, 6);   \
>  rot_val = rol##size(src1, shift); \
>  mask = mask_u##size(begin, end);  \
> -r->element[i] = (rot_val & mask) | (src3 & ~mask);\
> +if (insert) { \
> +r->element[i] = (rot_val & mask) | (src3 & ~mask);\
> +} else {  \
> +r->element[i] = (rot_val & mask); \
> +} \
>  } \
>  }
>  
> -VRLMI(vrldmi, 64, u64);
> -VRLMI(vrlwmi, 32, u32);
> +VRLMI(vrldmi, 64, u64, 1);
> +VRLMI(vrlwmi, 32, u32, 1);
> +VRLMI(vrldnm, 64, u64, 0);
> +VRLMI(vrlwnm, 32, u32, 0);
>  
>  void helper_vsel(CPUPPCState *env, ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b,
>   ppc_avr_t *c)
> diff --git a/target-ppc/translate/vmx-impl.inc.c 
> b/target-ppc/translate/vmx-impl.inc.c
> index fdfbd6a..500c43f 100644
> --- a/target-ppc/translate/vmx-impl.inc.c
> +++ b/target-ppc/translate/vmx-impl.inc.c
> @@ -442,6 +442,9 @@ GEN_VXFORM(vmulesw, 4, 14);
>  GEN_VXFORM(vslb, 2, 4);
>  GEN_VXFORM(vslh, 2, 5);
>  GEN_VXFORM(vslw, 2, 6);
> +GEN_VXFORM(vrlwnm, 2, 6);
> +GEN_VXFORM_DUAL(vslw, PPC_ALTIVEC, PPC_NONE, \
> +vrlwnm, PPC_NONE, PPC2_ISA300)
>  GEN_VXFORM(vsld, 2, 23);
>  GEN_VXFORM(vsrb, 2, 8);
>  GEN_VXFORM(vsrh, 2, 9);
> @@ -496,6 +499,9 @@ GEN_VXFORM(vrldmi, 2, 3);
>  GEN_VXFORM_DUAL(vrld, PPC_NONE, PPC2_ALTIVEC_207, \
>  vrldmi, PPC_NONE, PPC2_ISA300)
>  GEN_VXFORM(vsl, 2, 7);
> +GEN_VXFORM(vrldnm, 2, 7);
> +GEN_VXFORM_DUAL(vsl, PPC_ALTIVEC, PPC_NONE, \
> +  

Re: [Qemu-devel] [PATCH 0/2] ppc: Allow "-prom-env" parameter for the pseries machine, too

[David Gibson]

On Wed, Oct 26, 2016 at 09:35:39AM +0200, Thomas Huth wrote:
> Here's a slightly updated version of the patch that enables the "-prom-env"
> parameter for the pseries machine. The code is now only executed if
> nb_prom_envs > 0. That means if the user did _not_ specify a "-prom-env"
> parameter, there is no change in behavior (i.e. SLOF will initialize the
> NVRAM instead). This fixes the problem with grub2 not working because it does
> not find the "/options/real-mode?" property in the device tree.
> 
> If you currently want to use the "-prom-env" parameter and grub2 together,
> you simply have to specify -prom-env "real-mode?=true" to get it working.
> This will be fixed by a later update to SLOF, so that you then do not have to
> specify this explicitely anymore.
> 
> The second patch adds a test case for the -prom-env parameter on the
> pseries machine.
> 
> The patches have to be applied on top of David's ppc-for-2.8 branch since
> they rely on the chrp_nvram rework patches that are queued there.

Applied to ppc-for-2.8, replacing earlier versions.

> 
> Thomas Huth (2):
>   spapr_nvram: Pre-initialize the NVRAM to support the -prom-env
> parameter
>   tests: Add pseries machine to the prom-env-test, too
> 
>  hw/nvram/spapr_nvram.c |  6 ++
>  tests/prom-env-test.c  | 23 ++-
>  2 files changed, 20 insertions(+), 9 deletions(-)
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] 1/4] target-ppc: Implement bcdcfn. instruction

[David Gibson]

On Wed, Oct 26, 2016 at 11:18:55AM -0200, Jose Ricardo Ziviani wrote:
> bcdcfn. converts from National numeric format to BCD. National format
> uses a byte to represent a digit where the most significant nibble is
> always 0x3 and the least sign. nibbles is the digit itself.
> 
> Signed-off-by: Jose Ricardo Ziviani 
> ---
>  target-ppc/helper.h |  1 +
>  target-ppc/int_helper.c | 54 ++
>  target-ppc/translate/vmx-impl.inc.c | 75 
> +
>  target-ppc/translate/vmx-ops.inc.c  |  4 +-
>  4 files changed, 132 insertions(+), 2 deletions(-)
> 
> diff --git a/target-ppc/helper.h b/target-ppc/helper.h
> index 04c6421..d30ec60 100644
> --- a/target-ppc/helper.h
> +++ b/target-ppc/helper.h
> @@ -369,6 +369,7 @@ DEF_HELPER_4(vpermxor, void, avr, avr, avr, avr)
>  
>  DEF_HELPER_4(bcdadd, i32, avr, avr, avr, i32)
>  DEF_HELPER_4(bcdsub, i32, avr, avr, avr, i32)
> +DEF_HELPER_3(bcdcfn, i32, avr, avr, i32)
>  
>  DEF_HELPER_2(xsadddp, void, env, i32)
>  DEF_HELPER_2(xssubdp, void, env, i32)
> diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
> index 5aee0a8..494c74e 100644
> --- a/target-ppc/int_helper.c
> +++ b/target-ppc/int_helper.c
> @@ -2417,6 +2417,8 @@ void helper_vsubecuq(ppc_avr_t *r, ppc_avr_t *a, 
> ppc_avr_t *b, ppc_avr_t *c)
>  #define BCD_NEG_PREF0xD
>  #define BCD_NEG_ALT 0xB
>  #define BCD_PLUS_ALT_2  0xE
> +#define NATIONAL_PLUS   0x2B
> +#define NATIONAL_NEG0x2D
>  
>  #if defined(HOST_WORDS_BIGENDIAN)
>  #define BCD_DIG_BYTE(n) (15 - (n/2))
> @@ -2483,6 +2485,15 @@ static void bcd_put_digit(ppc_avr_t *bcd, uint8_t 
> digit, int n)
>  }
>  }
>  
> +static uint8_t get_national_digit(ppc_avr_t *reg, int n)
> +{
> +#if defined(HOST_WORDS_BIGENDIAN)
> +return reg->u16[8 - n] & 0xFF;
> +#else
> +return reg->u16[n] & 0xFF;
> +#endif

You're discarding the high byte of each digit here, which means you
won't detect badly encoded values that have correct low bytes.

> +}
> +
>  static int bcd_cmp_mag(ppc_avr_t *a, ppc_avr_t *b)
>  {
>  int i;
> @@ -2613,6 +2624,49 @@ uint32_t helper_bcdsub(ppc_avr_t *r,  ppc_avr_t *a, 
> ppc_avr_t *b, uint32_t ps)
>  return helper_bcdadd(r, a, , ps);
>  }
>  
> +uint32_t helper_bcdcfn(ppc_avr_t *r, ppc_avr_t *b, uint32_t ps)
> +{
> +int i;
> +int is_zero = 0;
> +int cr = 0;
> +int national = 0;
> +ppc_avr_t ret = { .u64 = { 0, 0 } };
> +uint16_t sgnb = get_national_digit(b, 0);
> +int invalid = (sgnb != NATIONAL_PLUS && sgnb != NATIONAL_NEG);
> +
> +for (i = 1; i < 8; i++) {
> +national = get_national_digit(b, i);
> +
> +is_zero += (national == 0x30);
> +if (unlikely(national < 0x30 || national > 0x39)) {
> +invalid = 1;
> +}
> +
> +bcd_put_digit(, national & 0xf, i);
> +}
> +
> +if (sgnb == NATIONAL_PLUS ||
> +(b->u64[0] == 0 && b->u64[1] == 0)) {

The second part of this test doesn't seem to make much sense.  I think
you're trying to always put a positive sign on a zero result.  But
you're testing the national encoded input, not the BCD encoded output,
and zero will *not* be all zero bits in national encoding.

> +bcd_put_digit(, (ps == 0) ? BCD_PLUS_PREF_1 : BCD_PLUS_PREF_2, 
> 0);
> +} else {
> +bcd_put_digit(, BCD_NEG_PREF, 0);
> +}
> +
> +if (!is_zero) {

From the logic above, 'is_zero' is currently a count of how many 0
digits the value has, not whether the value as a whole is zero.  That
means you will get the wrong result here.

> +cr = (sgnb == NATIONAL_PLUS) ? 1 << CRF_GT : 1 << CRF_LT;
> +} else {
> +cr = 1 << CRF_EQ;
> +}
> +
> +if (unlikely(invalid)) {
> +cr = 1 << CRF_SO;
> +}
> +
> +*r = ret;
> +
> +return cr;
> +}
> +
>  void helper_vsbox(ppc_avr_t *r, ppc_avr_t *a)
>  {
>  int i;
> diff --git a/target-ppc/translate/vmx-impl.inc.c 
> b/target-ppc/translate/vmx-impl.inc.c
> index c8998f3..2abdcac 100644
> --- a/target-ppc/translate/vmx-impl.inc.c
> +++ b/target-ppc/translate/vmx-impl.inc.c
> @@ -871,8 +871,81 @@ static void gen_##op(DisasContext *ctx) \
>  tcg_temp_free_i32(ps);  \
>  }
>  
> +#define GEN_BCD2(op)\
> +static void gen_##op(DisasContext *ctx) \
> +{   \
> +TCGv_ptr rd, rb;\
> +TCGv_i32 ps;\
> +\
> +if (unlikely(!ctx->altivec_enabled)) {  \
> +gen_exception(ctx, POWERPC_EXCP_VPU);   \
> +return; \
> +}   \
> +\
> +rb = gen_avr_ptr(rB(ctx->opcode));  \
> +rd = 

Re: [Qemu-devel] [PATCH v2 17/18] target-ppc: Use the new deposit and extract ops

[David Gibson]

On Tue, Oct 18, 2016 at 08:10:30AM -0700, Richard Henderson wrote:
> Use the new primitives for RDWINM and RLDICL.
> 
> Signed-off-by: Richard Henderson 

Reviewed-by: David Gibson 

> ---
>  target-ppc/translate.c | 35 +++
>  1 file changed, 19 insertions(+), 16 deletions(-)
> 
> diff --git a/target-ppc/translate.c b/target-ppc/translate.c
> index bfc1301..7b12303 100644
> --- a/target-ppc/translate.c
> +++ b/target-ppc/translate.c
> @@ -1970,16 +1970,16 @@ static void gen_rlwinm(DisasContext *ctx)
>  {
>  TCGv t_ra = cpu_gpr[rA(ctx->opcode)];
>  TCGv t_rs = cpu_gpr[rS(ctx->opcode)];
> -uint32_t sh = SH(ctx->opcode);
> -uint32_t mb = MB(ctx->opcode);
> -uint32_t me = ME(ctx->opcode);
> -
> -if (mb == 0 && me == (31 - sh)) {
> -tcg_gen_shli_tl(t_ra, t_rs, sh);
> -tcg_gen_ext32u_tl(t_ra, t_ra);
> -} else if (sh != 0 && me == 31 && sh == (32 - mb)) {
> -tcg_gen_ext32u_tl(t_ra, t_rs);
> -tcg_gen_shri_tl(t_ra, t_ra, mb);
> +int sh = SH(ctx->opcode);
> +int mb = MB(ctx->opcode);
> +int me = ME(ctx->opcode);
> +int len = me - mb + 1;
> +int rsh = (32 - sh) & 31;
> +
> +if (sh != 0 && len > 0 && me == (31 - sh)) {
> +tcg_gen_deposit_z_tl(t_ra, t_rs, sh, len);
> +} else if (me == 31 && rsh + len <= 32) {
> +tcg_gen_extract_tl(t_ra, t_rs, rsh, len);
>  } else {
>  target_ulong mask;
>  #if defined(TARGET_PPC64)
> @@ -1987,8 +1987,9 @@ static void gen_rlwinm(DisasContext *ctx)
>  me += 32;
>  #endif
>  mask = MASK(mb, me);
> -
> -if (mask <= 0xu) {
> +if (sh == 0) {
> +tcg_gen_andi_tl(t_ra, t_rs, mask);
> +} else if (mask <= 0xu) {
>  TCGv_i32 t0 = tcg_temp_new_i32();
>  tcg_gen_trunc_tl_i32(t0, t_rs);
>  tcg_gen_rotli_i32(t0, t0, sh);
> @@ -2091,11 +2092,13 @@ static void gen_rldinm(DisasContext *ctx, int mb, int 
> me, int sh)
>  {
>  TCGv t_ra = cpu_gpr[rA(ctx->opcode)];
>  TCGv t_rs = cpu_gpr[rS(ctx->opcode)];
> +int len = me - mb + 1;
> +int rsh = (64 - sh) & 63;
>  
> -if (sh != 0 && mb == 0 && me == (63 - sh)) {
> -tcg_gen_shli_tl(t_ra, t_rs, sh);
> -} else if (sh != 0 && me == 63 && sh == (64 - mb)) {
> -tcg_gen_shri_tl(t_ra, t_rs, mb);
> +if (sh != 0 && len > 0 && me == (63 - sh)) {
> +tcg_gen_deposit_z_tl(t_ra, t_rs, sh, len);
> +} else if (me == 63 && rsh + len <= 64) {
> +tcg_gen_extract_tl(t_ra, t_rs, rsh, len);
>  } else {
>  tcg_gen_rotli_tl(t_ra, t_rs, sh);
>  tcg_gen_andi_tl(t_ra, t_ra, MASK(mb, me));

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] 2/4] target-ppc: Implement bcdctn. instruction

[David Gibson]

On Wed, Oct 26, 2016 at 11:18:56AM -0200, Jose Ricardo Ziviani wrote:
> bcdctn. converts from BCD to National numeric format. National format
> uses a byte to represent a digit where the most significant nibble is
> always 0x3 and the least sign. nibbles is the digit itself.
> 
> Signed-off-by: Jose Ricardo Ziviani 
> ---
>  target-ppc/helper.h |  1 +
>  target-ppc/int_helper.c | 46 
> +
>  target-ppc/translate/vmx-impl.inc.c | 24 ++-
>  3 files changed, 70 insertions(+), 1 deletion(-)
> 
> diff --git a/target-ppc/helper.h b/target-ppc/helper.h
> index d30ec60..92eaaf0 100644
> --- a/target-ppc/helper.h
> +++ b/target-ppc/helper.h
> @@ -370,6 +370,7 @@ DEF_HELPER_4(vpermxor, void, avr, avr, avr, avr)
>  DEF_HELPER_4(bcdadd, i32, avr, avr, avr, i32)
>  DEF_HELPER_4(bcdsub, i32, avr, avr, avr, i32)
>  DEF_HELPER_3(bcdcfn, i32, avr, avr, i32)
> +DEF_HELPER_2(bcdctn, i32, avr, avr)
>  
>  DEF_HELPER_2(xsadddp, void, env, i32)
>  DEF_HELPER_2(xssubdp, void, env, i32)
> diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
> index 494c74e..cffe82c 100644
> --- a/target-ppc/int_helper.c
> +++ b/target-ppc/int_helper.c
> @@ -2494,6 +2494,17 @@ static uint8_t get_national_digit(ppc_avr_t *reg, int 
> n)
>  #endif
>  }
>  
> +static void set_national_digit(ppc_avr_t *reg, uint8_t val, int n)
> +{
> +#if defined(HOST_WORDS_BIGENDIAN)
> +reg->u16[8 - n] &= 0;
> +reg->u16[8 - n] |= val;

The &= always sets the value to 0, so you might as well just use a
plain assignment in place of the &=, |=.

> +#else
> +reg->u16[n] &= 0;
> +reg->u16[n] |= val;
> +#endif
> +}
> +
>  static int bcd_cmp_mag(ppc_avr_t *a, ppc_avr_t *b)
>  {
>  int i;
> @@ -2667,6 +2678,41 @@ uint32_t helper_bcdcfn(ppc_avr_t *r, ppc_avr_t *b, 
> uint32_t ps)
>  return cr;
>  }
>  
> +uint32_t helper_bcdctn(ppc_avr_t *r, ppc_avr_t *b)
> +{
> +int i;
> +int cr = 0;
> +int invalid = 0;
> +int sgnb = bcd_get_sgn(b);
> +ppc_avr_t ret = { .u64 = { 0, 0 } };
> +
> +int eq_flag = (b->u64[HI_IDX] == 0) && ((b->u64[LO_IDX] >> 4) == 0);
> +int ox_flag = (b->u64[HI_IDX] != 0) || ((b->u64[LO_IDX] >> 8) != 0);

This looks wrong.  You're shifing the low half right 8 bits ==  2
nybbles == 1 digit + sign.  So this will set the overflow flag if your
input is a number of >1 digit.  I think you want >>32, so it only sets
overflow if the input exceeds 7 decimal digits + sign.

> +for (i = 1; i < 8; i++) {
> +set_national_digit(, 0x30 + bcd_get_digit(b, i, ), i);
> +}
> +set_national_digit(, (sgnb == -1) ? NATIONAL_NEG : NATIONAL_PLUS, 0);
> +
> +if (!eq_flag) {
> +cr = (sgnb == -1) ? 1 << CRF_LT : 1 << CRF_GT;
> +} else {
> +cr = 1 << CRF_EQ;
> +}
> +
> +if (ox_flag) {
> +cr |= 1 << CRF_SO;
> +}
> +
> +if (unlikely(invalid)) {
> +cr = 1 << CRF_SO;
> +}
> +
> +*r = ret;
> +
> +return cr;
> +}
> +
>  void helper_vsbox(ppc_avr_t *r, ppc_avr_t *a)
>  {
>  int i;
> diff --git a/target-ppc/translate/vmx-impl.inc.c 
> b/target-ppc/translate/vmx-impl.inc.c
> index 2abdcac..4364881 100644
> --- a/target-ppc/translate/vmx-impl.inc.c
> +++ b/target-ppc/translate/vmx-impl.inc.c
> @@ -894,9 +894,29 @@ static void gen_##op(DisasContext *ctx) \
>  tcg_temp_free_i32(ps);  \
>  }
>  
> +#define GEN_BCD3(op)\
> +static void gen_##op(DisasContext *ctx) \
> +{   \
> +TCGv_ptr rb, rd;\
> +\
> +if (unlikely(!ctx->altivec_enabled)) {  \
> +gen_exception(ctx, POWERPC_EXCP_VPU);   \
> +return; \
> +}   \
> +\
> +rb = gen_avr_ptr(rB(ctx->opcode));  \
> +rd = gen_avr_ptr(rD(ctx->opcode));  \
> +\
> +gen_helper_##op(cpu_crf[6], rd, rb);\
> +\
> +tcg_temp_free_ptr(rb);  \
> +tcg_temp_free_ptr(rd);  \
> +}
>  GEN_BCD(bcdadd)
>  GEN_BCD(bcdsub)
>  GEN_BCD2(bcdcfn)
> +GEN_BCD3(bcdctn)
>  
>  static void gen_xpnd04_1(DisasContext *ctx)
>  {
> @@ -908,7 +928,8 @@ static void gen_xpnd04_1(DisasContext *ctx)
>  case 4:
>  break; /* bcdctz. */
>  case 5:
> -break; /* bcdctn. */
> +gen_bcdctn(ctx);
> +break;
>  case 6:
>  break; /* bcdcfz. */
>  case 7:

Uh.. doesn't adding bcdctn to this make it identical to gen_xpnd04_2?

> @@ -1024,3 +1045,4 @@ GEN_VXFORM_DUAL(vsldoi, PPC_ALTIVEC, PPC_NONE,
>  #undef 

[Qemu-devel] [PATCH v2 2/3] exec.c: check memory backend file size with 'size' option

[Haozhong Zhang]

If the memory backend file is not large enough to hold the required 'size',
Qemu will report error and exit.

Signed-off-by: Haozhong Zhang 
---
 exec.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/exec.c b/exec.c
index a2b371a..264a25f 100644
--- a/exec.c
+++ b/exec.c
@@ -1316,6 +1316,13 @@ static void *file_ram_alloc(RAMBlock *block,
 goto error;
 }
 
+if (file_size > 0 && file_size < memory) {
+error_setg(errp, "backing store %s size %"PRId64
+   " does not match 'size' option %"PRIu64,
+   path, file_size, memory);
+goto error;
+}
+
 memory = ROUND_UP(memory, block->page_size);
 
 /*
-- 
2.10.1

[Qemu-devel] [PATCH v2 3/3] hostmem-file: make option 'size' optional

[Haozhong Zhang]

If 'size' option is not given, Qemu will use the file size of 'mem-path'
instead. If an empty file, a non-existing file or a directory is specified
by option 'mem-path', a non-zero option 'size' is still needed.

Signed-off-by: Haozhong Zhang 
---
 backends/hostmem-file.c | 28 
 exec.c  | 33 -
 2 files changed, 40 insertions(+), 21 deletions(-)

diff --git a/backends/hostmem-file.c b/backends/hostmem-file.c
index 42efb2f..6ee4352 100644
--- a/backends/hostmem-file.c
+++ b/backends/hostmem-file.c
@@ -39,17 +39,14 @@ static void
 file_backend_memory_alloc(HostMemoryBackend *backend, Error **errp)
 {
 HostMemoryBackendFile *fb = MEMORY_BACKEND_FILE(backend);
+Error *local_err = NULL;
 
-if (!backend->size) {
-error_setg(errp, "can't create backend with size 0");
-return;
-}
 if (!fb->mem_path) {
-error_setg(errp, "mem-path property not set");
-return;
+error_setg(_err, "mem-path property not set");
+goto out;
 }
 #ifndef CONFIG_LINUX
-error_setg(errp, "-mem-path not supported on this host");
+error_setg(_err, "-mem-path not supported on this host");
 #else
 if (!memory_region_size(>mr)) {
 gchar *path;
@@ -58,10 +55,25 @@ file_backend_memory_alloc(HostMemoryBackend *backend, Error 
**errp)
 memory_region_init_ram_from_file(>mr, OBJECT(backend),
  path,
  backend->size, fb->share,
- fb->mem_path, errp);
+ fb->mem_path, _err);
 g_free(path);
+
+if (local_err) {
+goto out;
+}
+
+if (!backend->size) {
+backend->size = memory_region_size(>mr);
+}
 }
 #endif
+
+if (!backend->size) {
+error_setg(_err, "can't create backend with size 0");
+}
+
+ out:
+error_propagate(errp, local_err);
 }
 
 static char *get_mem_path(Object *o, Error **errp)
diff --git a/exec.c b/exec.c
index 264a25f..89065bd 100644
--- a/exec.c
+++ b/exec.c
@@ -1234,7 +1234,7 @@ static int64_t get_file_size(int fd)
 }
 
 static void *file_ram_alloc(RAMBlock *block,
-ram_addr_t memory,
+ram_addr_t *memory,
 const char *path,
 Error **errp)
 {
@@ -1245,6 +1245,7 @@ static void *file_ram_alloc(RAMBlock *block,
 void *area = MAP_FAILED;
 int fd = -1;
 int64_t file_size;
+ram_addr_t mem_size = *memory;
 
 if (kvm_enabled() && !kvm_has_sync_mmu()) {
 error_setg(errp,
@@ -1309,21 +1310,27 @@ static void *file_ram_alloc(RAMBlock *block,
 
 file_size = get_file_size(fd);
 
-if (memory < block->page_size) {
+if (!mem_size && file_size > 0) {
+mem_size = file_size;
+memory_region_set_size(block->mr, mem_size);
+}
+
+if (mem_size < block->page_size) {
 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
"or larger than page size 0x%zx",
-   memory, block->page_size);
+   mem_size, block->page_size);
 goto error;
 }
 
-if (file_size > 0 && file_size < memory) {
+if (file_size > 0 && file_size < mem_size) {
 error_setg(errp, "backing store %s size %"PRId64
" does not match 'size' option %"PRIu64,
-   path, file_size, memory);
+   path, file_size, mem_size);
 goto error;
 }
 
-memory = ROUND_UP(memory, block->page_size);
+mem_size = ROUND_UP(mem_size, block->page_size);
+*memory = mem_size;
 
 /*
  * ftruncate is not supported by hugetlbfs in older
@@ -1339,11 +1346,11 @@ static void *file_ram_alloc(RAMBlock *block,
  * those labels. Therefore, extending the non-empty backend file
  * is disabled as well.
  */
-if (!file_size && ftruncate(fd, memory)) {
+if (!file_size && ftruncate(fd, mem_size)) {
 perror("ftruncate");
 }
 
-area = qemu_ram_mmap(fd, memory, block->mr->align,
+area = qemu_ram_mmap(fd, mem_size, block->mr->align,
  block->flags & RAM_SHARED);
 if (area == MAP_FAILED) {
 error_setg_errno(errp, errno,
@@ -1352,7 +1359,7 @@ static void *file_ram_alloc(RAMBlock *block,
 }
 
 if (mem_prealloc) {
-os_mem_prealloc(fd, area, memory, errp);
+os_mem_prealloc(fd, area, mem_size, errp);
 if (errp && *errp) {
 goto error;
 }
@@ -1363,7 +1370,7 @@ static void *file_ram_alloc(RAMBlock *block,
 
 error:
 if (area != MAP_FAILED) {
-qemu_ram_munmap(area, memory);
+qemu_ram_munmap(area, mem_size);
 }
 if (unlink_on_error) {
 unlink(path);
@@ -1690,15 +1697,15 @@ RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, 
MemoryRegion *mr,
 

Re: [Qemu-devel] [PATCH] 4/4] target-ppc: Implement bcdctz. instruction

[David Gibson]

On Wed, Oct 26, 2016 at 11:18:58AM -0200, Jose Ricardo Ziviani wrote:
> bcdctz. converts from BCD to Zoned numeric format. Zoned format uses
> a byte to represent a digit where the most significant nibble is 0x3
> or 0xf, depending on the preferred signal.
> 
> Signed-off-by: Jose Ricardo Ziviani 
> ---
>  target-ppc/helper.h |  1 +
>  target-ppc/int_helper.c | 54 
> +
>  target-ppc/translate/vmx-impl.inc.c |  7 +++--
>  3 files changed, 60 insertions(+), 2 deletions(-)
> 
> diff --git a/target-ppc/helper.h b/target-ppc/helper.h
> index f460635..3b928b8 100644
> --- a/target-ppc/helper.h
> +++ b/target-ppc/helper.h
> @@ -372,6 +372,7 @@ DEF_HELPER_4(bcdsub, i32, avr, avr, avr, i32)
>  DEF_HELPER_3(bcdcfn, i32, avr, avr, i32)
>  DEF_HELPER_2(bcdctn, i32, avr, avr)
>  DEF_HELPER_3(bcdcfz, i32, avr, avr, i32)
> +DEF_HELPER_3(bcdctz, i32, avr, avr, i32)
>  
>  DEF_HELPER_2(xsadddp, void, env, i32)
>  DEF_HELPER_2(xssubdp, void, env, i32)
> diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
> index 8cbbdfc..e0a84bb 100644
> --- a/target-ppc/int_helper.c
> +++ b/target-ppc/int_helper.c
> @@ -2768,6 +2768,60 @@ uint32_t helper_bcdcfz(ppc_avr_t *r, ppc_avr_t *b, 
> uint32_t ps)
>  *r = ret;
>  return cr;
>  }
> +
> +uint32_t helper_bcdctz(ppc_avr_t *r, ppc_avr_t *b, uint32_t ps)
> +{
> +int i;
> +int j;
> +int cr = 0;
> +int invalid = 0;
> +uint8_t digit = 0;
> +int sgnb = bcd_get_sgn(b);
> +int zone_lead = (ps) ? 0xF0 : 0x30;
> +ppc_avr_t ret = { .u64 = { 0, 0 } };
> +
> +int eq_flag = (b->u64[HI_IDX] == 0) && ((b->u64[LO_IDX] >> 4) == 0);
> +int ox_flag = (b->u64[HI_IDX] != 0);

This doesn't look right.  The zoned format can accomodate 16 digits.
The low word of the packed format can accomodate 15 digits + sign.  So
it should be possible to convert a packed for with a value in the low
nibble of the upper word.

> +for (i = 31, j = 16; i > 1; i -= 2, j--) {

Again not seeing any point for the reverse order.

> +digit = get_nibble(b, j);
> +ret.u8[BCD_DIG_BYTE(i)] = zone_lead + digit;
> +
> +if (unlikely(digit > 9)) {
> +invalid = 1;
> +}
> +}
> +
> +if (unlikely(!sgnb)) {
> +sgnb = (!get_nibble(b, 0)) ? 1 : -1;
> +}

Doesn't bcd_get_sgn() returning 0 indicate a badly encoded sign
point.  In which case you should set invalid, rather than making up a
sign according to this apparently arbitrary scheme.

> +
> +if (ps) {
> +bcd_put_digit(, (sgnb == 1) ? 0xC : 0xD, 1);
> +} else {
> +bcd_put_digit(, (sgnb == 1) ? 0x3 : 0x7, 1);
> +}
> +bcd_put_digit(, get_nibble(b, 1), 0);
> +
> +if (!eq_flag) {
> +cr = (sgnb == 1) ? 1 << CRF_GT : 1 << CRF_LT;
> +} else {
> +cr = 1 << CRF_EQ;
> +}
> +
> +if (ox_flag) {
> +cr |= 1 << CRF_SO;
> +}
> +
> +if (unlikely(invalid)) {
> +cr = 1 << CRF_SO;
> +}
> +
> +*r = ret;
> +
> +return cr;
> +}
> +
>  void helper_vsbox(ppc_avr_t *r, ppc_avr_t *a)
>  {
>  int i;
> diff --git a/target-ppc/translate/vmx-impl.inc.c 
> b/target-ppc/translate/vmx-impl.inc.c
> index 9192f8f..62c44f0 100644
> --- a/target-ppc/translate/vmx-impl.inc.c
> +++ b/target-ppc/translate/vmx-impl.inc.c
> @@ -918,6 +918,7 @@ GEN_BCD(bcdsub)
>  GEN_BCD2(bcdcfn)
>  GEN_BCD3(bcdctn)
>  GEN_BCD2(bcdcfz)
> +GEN_BCD2(bcdctz)
>  
>  static void gen_xpnd04_1(DisasContext *ctx)
>  {
> @@ -927,7 +928,8 @@ static void gen_xpnd04_1(DisasContext *ctx)
>  case 2:
>  break; /* bcdcfsq. */
>  case 4:
> -break; /* bcdctz. */
> +gen_bcdctz(ctx);
> +break;
>  case 5:
>  gen_bcdctn(ctx);
>  break;
> @@ -952,7 +954,8 @@ static void gen_xpnd04_2(DisasContext *ctx)
>  case 2:
>  break; /* bcdcfsq. */
>  case 4:
> -break; /* bcdctz. */
> +gen_bcdctz(ctx);
> +break;
>  case 6:
>  gen_bcdcfz(ctx);
>  break;

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] 3/4] target-ppc: Implement bcdcfz. instruction

[David Gibson]

On Wed, Oct 26, 2016 at 11:18:57AM -0200, Jose Ricardo Ziviani wrote:
> bcdcfz. converts from Zoned numeric format to BCD. Zoned format uses
> a byte to represent a digit where the most significant nibble is 0x3
> or 0xf, depending on the preferred signal.
> 
> Signed-off-by: Jose Ricardo Ziviani 
> ---
>  target-ppc/helper.h |  1 +
>  target-ppc/int_helper.c | 55 
> +
>  target-ppc/translate/vmx-impl.inc.c |  7 +++--
>  3 files changed, 61 insertions(+), 2 deletions(-)
> 
> diff --git a/target-ppc/helper.h b/target-ppc/helper.h
> index 92eaaf0..f460635 100644
> --- a/target-ppc/helper.h
> +++ b/target-ppc/helper.h
> @@ -371,6 +371,7 @@ DEF_HELPER_4(bcdadd, i32, avr, avr, avr, i32)
>  DEF_HELPER_4(bcdsub, i32, avr, avr, avr, i32)
>  DEF_HELPER_3(bcdcfn, i32, avr, avr, i32)
>  DEF_HELPER_2(bcdctn, i32, avr, avr)
> +DEF_HELPER_3(bcdcfz, i32, avr, avr, i32)
>  
>  DEF_HELPER_2(xsadddp, void, env, i32)
>  DEF_HELPER_2(xssubdp, void, env, i32)
> diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
> index cffe82c..8cbbdfc 100644
> --- a/target-ppc/int_helper.c
> +++ b/target-ppc/int_helper.c
> @@ -2459,6 +2459,17 @@ static int bcd_preferred_sgn(int sgn, int ps)
>  }
>  }
>  
> +static uint8_t get_nibble(ppc_avr_t *bcd, int n)
> +{
> +uint8_t result;
> +if (!(n & 1)) {
> +result = bcd->u8[BCD_DIG_BYTE(n)] & 0xF;
> +} else {
> +   result = bcd->u8[BCD_DIG_BYTE(n)] >> 4;
> +}
> +return result;
> +}

This can be merged with bcd_get_digit() without too much effort.

>  static uint8_t bcd_get_digit(ppc_avr_t *bcd, int n, int *invalid)
>  {
>  uint8_t result;
> @@ -2713,6 +2724,50 @@ uint32_t helper_bcdctn(ppc_avr_t *r, ppc_avr_t *b)
>  return cr;
>  }
>  
> +uint32_t helper_bcdcfz(ppc_avr_t *r, ppc_avr_t *b, uint32_t ps)
> +{
> +int i;
> +int j = 0;
> +int cr = 0;
> +int invalid = 0;
> +int eq_flag = 0;
> +int zone_digit = 0;
> +ppc_avr_t ret = { .u64 = { 0, 0 } };
> +int sgnb = get_nibble(b, 1);
> +
> +if (unlikely(((sgnb < 0xA) && ps) ||
> +((get_nibble(b, 0) > 0x9) && !ps))) {

The second half of this condition doesn't belong here.  It's a
requirement for both ps values, and would make more sense applied
along with the same test on the other digits.

> +invalid = 1;
> +}
> +
> +for (i = 31, j = 16; i > 1; i -= 2, j--) {

I don't see why you're doing this in reverse order.

> +zone_digit = get_nibble(b, i);
> +if (unlikely((ps && zone_digit != 0xF) ||
> +(!ps && zone_digit != 0x3))) {
> +invalid = 1;

In this and the other instructions it would make sense to break out of
the function as soon as you detect an invalid encoding.

> +}

You never check for invalid encoding in the low input nibble
(i.e. value > 0x9).

> +eq_flag += zone_digit;

What?? How on earth does adding up the zone digits help you.  For a
valid encoding the answer should always be either 0x2d (PS=0) or 0xe1
(PS=1).

> +bcd_put_digit(, get_nibble(b, i - 1), j);
> +}
> +bcd_put_digit(, get_nibble(b, 0), 1);
> +
> +if ((ps && (sgnb == 0xB || sgnb == 0xD)) ||
> +(!ps && (sgnb & 0x4))) {
> +bcd_put_digit(, BCD_NEG_PREF, 0);
> +cr = (!eq_flag) ? 1 << CRF_LT : 1 << CRF_EQ;
> +} else {
> +bcd_put_digit(, BCD_PLUS_PREF_1, 0);
> +cr = (!eq_flag) ? 1 << CRF_GT : 1 << CRF_EQ;
> +}
> +
> +if (unlikely(invalid)) {
> +cr = 1 << CRF_SO;
> +}
> +
> +*r = ret;
> +return cr;
> +}
>  void helper_vsbox(ppc_avr_t *r, ppc_avr_t *a)
>  {
>  int i;
> diff --git a/target-ppc/translate/vmx-impl.inc.c 
> b/target-ppc/translate/vmx-impl.inc.c
> index 4364881..9192f8f 100644
> --- a/target-ppc/translate/vmx-impl.inc.c
> +++ b/target-ppc/translate/vmx-impl.inc.c
> @@ -917,6 +917,7 @@ GEN_BCD(bcdadd)
>  GEN_BCD(bcdsub)
>  GEN_BCD2(bcdcfn)
>  GEN_BCD3(bcdctn)
> +GEN_BCD2(bcdcfz)
>  
>  static void gen_xpnd04_1(DisasContext *ctx)
>  {
> @@ -931,7 +932,8 @@ static void gen_xpnd04_1(DisasContext *ctx)
>  gen_bcdctn(ctx);
>  break;
>  case 6:
> -break; /* bcdcfz. */
> +gen_bcdcfz(ctx);
> +break;
>  case 7:
>  gen_bcdcfn(ctx);
>  break;
> @@ -952,7 +954,8 @@ static void gen_xpnd04_2(DisasContext *ctx)
>  case 4:
>  break; /* bcdctz. */
>  case 6:
> -break; /* bcdcfz. */
> +gen_bcdcfz(ctx);
> +break;
>  case 7:
>  gen_bcdcfn(ctx);
>  break;

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH v2 0/3] Improve truncation behavior of memory-backend-file

[Haozhong Zhang]

For a mmeory backend file, e.g.
-object memory-backend-file,mem-path=foo,size=SZ,...
the size of the backend file 'foo' is specified by the 'size'
option. If the specified size 'SZ' does not match the actual size of
file 'foo', QEMU will truncate the backend file 'foo'. In certain
usage scenarios (e.g. vNVDIMM), the truncation may corrupt the
existing data in the file.

Patch 1 in this series avoids such data corruption by disabling
truncating non-empty backend files. If a non-existing file, an empty
file or a directory is specified by 'mem-path' option, QEMU will
truncate the backend file to the size specified by 'size' option.

Patch 2 adds an additional check to avoid creating a memory backend
that can not be hold in the backend file. For a non-empty backend
file, if its size is smaller than 'size' option, QEMU will report
error.

Patch 3 makes the option 'size' optional. It's to avoid the misusing
of 'size' option. If the user is uncertain about the backend file
size, they can skip the 'size' option and let QEMU use the actual file
size.  If a non-existing file, an empty file or a directory is
specified by 'mem-path' option, the 'size' option is still needed.

Changes since v1:
 * Fix errors in v1 patches.
 * Split truncation skip and size check into separate patches.
 * Do not error out for backend file whose size is unknown.
 * Only error out when file size is smaller than 'size' option.
 * Change the error handling path of file_backend_memory_alloc().
 * Do not duplicate the setting of block->used_length/max_length in
   file_ram_alloc().


Haozhong Zhang (3):
  exec.c: do not truncate non-empty memory backend file
  exec.c: check memory backend file size with 'size' option
  hostmem-file: make option 'size' optional

 backends/hostmem-file.c | 28 ++---
 exec.c  | 56 +++--
 2 files changed, 65 insertions(+), 19 deletions(-)

-- 
2.10.1

[Qemu-devel] [PATCH v2 1/3] exec.c: do not truncate non-empty memory backend file

[Haozhong Zhang]

For '-object memory-backend-file,mem-path=foo,size=xyz', if the size of
file 'foo' does not match the given size 'xyz', the current QEMU will
truncate the file to the given size, which may corrupt the existing data
in that file. To avoid such data corruption, this patch disables
truncating non-empty backend files.

Signed-off-by: Haozhong Zhang 
---
 exec.c | 22 +-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/exec.c b/exec.c
index 587b489..a2b371a 100644
--- a/exec.c
+++ b/exec.c
@@ -1224,6 +1224,15 @@ void qemu_mutex_unlock_ramlist(void)
 }
 
 #ifdef __linux__
+static int64_t get_file_size(int fd)
+{
+int64_t size = lseek(fd, 0, SEEK_END);
+if (size < 0) {
+return -errno;
+}
+return size;
+}
+
 static void *file_ram_alloc(RAMBlock *block,
 ram_addr_t memory,
 const char *path,
@@ -1235,6 +1244,7 @@ static void *file_ram_alloc(RAMBlock *block,
 char *c;
 void *area = MAP_FAILED;
 int fd = -1;
+int64_t file_size;
 
 if (kvm_enabled() && !kvm_has_sync_mmu()) {
 error_setg(errp,
@@ -1297,6 +1307,8 @@ static void *file_ram_alloc(RAMBlock *block,
 }
 #endif
 
+file_size = get_file_size(fd);
+
 if (memory < block->page_size) {
 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
"or larger than page size 0x%zx",
@@ -1311,8 +1323,16 @@ static void *file_ram_alloc(RAMBlock *block,
  * hosts, so don't bother bailing out on errors.
  * If anything goes wrong with it under other filesystems,
  * mmap will fail.
+ *
+ * Do not truncate the non-empty backend file to avoid corrupting
+ * the existing data in the file. Disabling shrinking is not
+ * enough. For example, the current vNVDIMM implementation stores
+ * the guest NVDIMM labels at the end of the backend file. If the
+ * backend file is later extended, QEMU will not be able to find
+ * those labels. Therefore, extending the non-empty backend file
+ * is disabled as well.
  */
-if (ftruncate(fd, memory)) {
+if (!file_size && ftruncate(fd, memory)) {
 perror("ftruncate");
 }
 
-- 
2.10.1

Re: [Qemu-devel] [PATCH COLO-Frame (Base) v22 17/17] configure: Support enable/disable COLO feature

[Amit Shah]

On (Wed) 26 Oct 2016 [23:42:10], zhanghailiang wrote:
> configure --enable-colo/--disable-colo to switch COLO
> support on/off.
> 
> COLO feature doesn't depend on any other external librariesis,

typo: libraries


Amit

Re: [Qemu-devel] [PATCH COLO-Frame (Base) v22 14/17] COLO: Implement the process of failover for primary VM

[Amit Shah]

On (Wed) 26 Oct 2016 [23:42:07], zhanghailiang wrote:
> For primary side, if COLO gets failover request from users.
> To be exact, gets 'x_colo_lost_heartbeat' command.
> COLO thread will exit the loop while the failover BH does the
> cleanup work and resumes VM.
> 
> Signed-off-by: zhanghailiang 
> Signed-off-by: Li Zhijian 
> Reviewed-by: Dr. David Alan Gilbert 

Reviewed-by: Amit Shah 

Amit

Re: [Qemu-devel] [PATCH COLO-Frame (Base) v22 10/17] COLO: Add checkpoint-delay parameter for migrate-set-parameters

[Amit Shah]

On (Wed) 26 Oct 2016 [23:42:03], zhanghailiang wrote:
> Add checkpoint-delay parameter for migrate-set-parameters, so that
> we can control the checkpoint frequency when COLO is in periodic mode.
> 
> Cc: Luiz Capitulino 
> Cc: Eric Blake 
> Cc: Markus Armbruster 
> Signed-off-by: zhanghailiang 
> Signed-off-by: Li Zhijian 
> Reviewed-by: Dr. David Alan Gilbert 
> Reviewed-by: Eric Blake 

Reviewed-by: Amit Shah 

Amit

Re: [Qemu-devel] [PATCH COLO-Frame (Base) v22 03/17] migration: Enter into COLO mode after migration if COLO is enabled

[Amit Shah]

On (Wed) 26 Oct 2016 [23:41:56], zhanghailiang wrote:
> Add a new migration state: MIGRATION_STATUS_COLO. Migration source side
> enters this state after the first live migration successfully finished
> if COLO is enabled by command 'migrate_set_capability x-colo on'.
> 
> We reuse migration thread, so the process of checkpointing will be handled
> in migration thread.
> 
> Signed-off-by: zhanghailiang 
> Signed-off-by: Li Zhijian 
> Signed-off-by: Gonglei 
> Reviewed-by: Dr. David Alan Gilbert 

Reviewed-by: Amit Shah 

Amit

Re: [Qemu-devel] [PATCH COLO-Frame (Base) v21 03/17] migration: Enter into COLO mode after migration if COLO is enabled

[Amit Shah]

On (Wed) 26 Oct 2016 [21:49:10], Hailiang Zhang wrote:
> On 2016/10/26 12:50, Amit Shah wrote:
> >On (Tue) 18 Oct 2016 [20:09:59], zhanghailiang wrote:
> >>Add a new migration state: MIGRATION_STATUS_COLO. Migration source side
> >>enters this state after the first live migration successfully finished
> >>if COLO is enabled by command 'migrate_set_capability x-colo on'.
> >>
> >>We reuse migration thread, so the process of checkpointing will be handled
> >>in migration thread.
> >>
> >>Signed-off-by: zhanghailiang 
> >>Signed-off-by: Li Zhijian 
> >>Signed-off-by: Gonglei 
> >>Reviewed-by: Dr. David Alan Gilbert 
> >
> >(snip)
> >
> >>+static void colo_process_checkpoint(MigrationState *s)
> >>+{
> >>+qemu_mutex_lock_iothread();
> >>+vm_start();
> >>+qemu_mutex_unlock_iothread();
> >>+trace_colo_vm_state_change("stop", "run");
> >>+
> >>+/* TODO: COLO checkpoint savevm loop */
> >>+
> >>+migrate_set_state(>state, MIGRATION_STATUS_COLO,
> >>+  MIGRATION_STATUS_COMPLETED);
> >
> >Is this just a temporary thing that'll be removed in the next patches?
> 
> Yes, you are right, we will move this codes into failover process in the next
> patch, because after failover, we should finish the original migration, there
> are still some cleanup work need to be done.
> 
> >I guess so - because once you enter COLO state, you want to remain in
> >it, right?
> >
> 
> Yes.
> 
> >I think the commit message implies that.  So the commit msg and the
> >code are not in sync.
> >
> 
> Hmm, i'll remove it here in this patch, is it OK ?

Yes.

> 
> >(snip)
> >
> >>diff --git a/migration/migration.c b/migration/migration.c
> >>index f7dd9c6..462007d 100644
> >>--- a/migration/migration.c
> >>+++ b/migration/migration.c
> >>@@ -695,6 +695,10 @@ MigrationInfo *qmp_query_migrate(Error **errp)
> >>
> >>  get_xbzrle_cache_stats(info);
> >>  break;
> >>+case MIGRATION_STATUS_COLO:
> >>+info->has_status = true;
> >>+/* TODO: display COLO specific information (checkpoint info etc.) 
> >>*/
> >>+break;
> >
> >When do you plan to add this?  I guess it's important for debugging
> >and also to get the state of the system while colo is active.  What
> >info do you have planned to display here?
> >
> 
> IIRC, we have such patch which implemented this specific information in the 
> previous
> version long time ago. Yes, it is quit useful, for example, the average/max 
> time of
> pause while do checkpoint, the average/max number of dirty pages transferred 
> to SVM,
> the amount time of VM in COLO state, the total checkpoint times, the count of
> checkpointing because of inconsistency of network packages compare.

Yes, please get this in soon as well.


Amit

Re: [Qemu-devel] [PATCH COLO-Frame (Base) v21 05/17] COLO: Establish a new communicating path for COLO

[Amit Shah]

On (Wed) 26 Oct 2016 [22:05:22], Hailiang Zhang wrote:
> On 2016/10/26 13:06, Amit Shah wrote:
> >On (Tue) 18 Oct 2016 [20:10:01], zhanghailiang wrote:
> >>This new communication path will be used for returning messages
> >>from Secondary side to Primary side.
> >>
> >>Signed-off-by: zhanghailiang 
> >>Signed-off-by: Li Zhijian 
> >>Reviewed-by: Dr. David Alan Gilbert 
> >
> >Reviewed-by: Amit Shah 
> >
> >>@@ -63,8 +75,24 @@ void *colo_process_incoming_thread(void *opaque)
> >>  migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
> >>MIGRATION_STATUS_COLO);
> >>
> >>+mis->to_src_file = qemu_file_get_return_path(mis->from_src_file);
> >>+if (!mis->to_src_file) {
> >>+error_report("COLO incoming thread: Open QEMUFile to_src_file 
> >>failed");
> >>+goto out;
> >>+}
> >>+/*
> >>+ * Note: We set the fd to unblocked in migration incoming coroutine,
> >>+ * But here we are in the COLO incoming thread, so it is ok to set the
> >>+ * fd back to blocked.
> >>+ */
> >>+qemu_file_set_blocking(mis->from_src_file, true);
> >
> >Why does it need to be blocking?
> >
> 
> Because, the communication/action between Primary side and Secondary side 
> should be
> sequential. Just as postcopy does. :)

Yea - I mean please include that in the comment too so it's obvious
why it's done.


Amit

Re: [Qemu-devel] [PATCH COLO-Frame (Base) v21 17/17] configure: Support enable/disable COLO feature

[Amit Shah]

On (Wed) 26 Oct 2016 [08:42:27], Eric Blake wrote:
> On 10/26/2016 01:07 AM, Amit Shah wrote:
> > On (Tue) 18 Oct 2016 [20:10:13], zhanghailiang wrote:
> >> configure --enable-colo/--disable-colo to switch COLO
> >> support on/off.
> >> COLO feature is enabled by default.
> >>
> >> Signed-off-by: zhanghailiang 
> >> Signed-off-by: Li Zhijian 
> >> Signed-off-by: Gonglei 
> >> Reviewed-by: Dr. David Alan Gilbert 
> > 
> > Reviewed-by: Amit Shah 
> > 
> >> v19:
> >> - fix colo_supported() to return true
> >> v11:
> >> - Turn COLO on in default (Eric's suggestion)
> > 
> > Can you recap why the suggestion was made to switch it on by default?
> 
> If the feature doesn't depend on external libraries, then enabling
> compilation by default will avoid bitrot.

Yes, that's fair, thanks.

> But mentioning this rationale in the commit message never hurts :)

Yep!



Amit

Re: [Qemu-devel] [PATCH COLO-Frame (Base) v21 00/17] COarse-grain LOck-stepping(COLO) Virtual Machines for Non-stop Service (FT)

[Amit Shah]

On (Wed) 26 Oct 2016 [23:52:48], Hailiang Zhang wrote:
> Hi Amit,
> 
> On 2016/10/26 16:26, Amit Shah wrote:
> >On (Wed) 26 Oct 2016 [14:43:30], Hailiang Zhang wrote:
> >>Hi Amit,
> >>
> >>On 2016/10/26 14:09, Amit Shah wrote:
> >>>Hello,
> >>>
> >>>On (Tue) 18 Oct 2016 [20:09:56], zhanghailiang wrote:
> This is the 21th version of COLO frame series.
> 
> Rebase to the latest master.
> >>>
> >>>I've reviewed the patchset, have some minor comments, but overall it
> >>>looks good.  The changes are contained, and common code / existing
> >>>code paths are not affected much.  We can still target to merge this
> >>>for 2.8.
> >>>
> >>
> >>I really appreciate your help ;), I will fix all the issues later
> >>and send v22. Hope we can still catch the deadline of V2.8.
> >>
> >>>Do you have any tests on how much the VM slows down / downtime
> >>>incurred during checkpoints?
> >>>
> >>
> >>Yes, we tested that long time ago, it all depends.
> >>The downtime is determined by the time of transferring the dirty pages
> >>and the time of flushing ram from ram buffer.
> >>But we really have methods to reduce the downtime.
> >>
> >>One method is to reduce the amount of data (dirty pages mainly) while do 
> >>checkpoint
> >>by transferring dirty pages asynchronously while PVM and SVM are running 
> >>(no in
> >>the time of doing checkpoint). Besides we can re-use the capability of 
> >>migration, such
> >>as compressing, etc.
> >>Another method is to reduce the time of flushing ram by using userfaultfd 
> >>API
> >>to convert copying ram into marking bitmap. We can also flushing the ram 
> >>buffer
> >>by multiple threads which advised by Dave ...
> >
> >Yes, I understand that as with any migration numbers, this too depends
> >on what the guest is doing.  However, can you just pick some standard
> >workload - kernel compile or something like that - and post a few
> >observations?
> >
> 
> Li Zhijian has sent some test results which based on kernel colo proxy,
> After switch to userspace colo proxy, there maybe some degradations.
> But for the old scenario, some optimizations are not implemented.
> For the new userspace colo proxy scenario, we didn't test it overall,
> Because it is still WIP, we will start the work after this frame is merged.

OK.

> >>>Also, can you tell how did you arrive at the default checkpoint
> >>>interval?
> >>>
> >>
> >>Er, for this value, we referred to Remus in XEN platform. ;)
> >>But after we implement COLO with colo proxy, this interval value will be 
> >>changed
> >>to a bigger one (10s). And we will make it configuration too. Besides, we 
> >>will
> >>add another configurable value to control the min interval of checkpointing.
> >
> >OK - any typical value that is a good mix between COLO keeping the
> >network too busy / guest paused vs guest making progress?  Again this
> >is something that's workload-dependent, but I guess you have typical
> >numbers from a network-bound workload?
> >
> 
> Yes, you can refer to Zhijian's email for detail.
> I think it is necessary to add some test/performance results into COLO's wiki.
> We will do that later.

Yes, please.

Also, in your next iteration, please add the colo files to the
MAINTAINERS entry so you get CC'ed on future patches (and bugs :-)

Amit

Re: [Qemu-devel] [PATCH v5 4/9] record/replay: add network support

[Jason Wang]

On 2016年09月26日 16:08, Pavel Dovgalyuk wrote:

This patch adds support of recording and replaying network packets in
irount rr mode.

Record and replay for network interactions is performed with the network filter.
Each backend must have its own instance of the replay filter as follows:
  -netdev user,id=net1 -device rtl8139,netdev=net1
  -object filter-replay,id=replay,netdev=net1

Replay network filter is used to record and replay network packets. While
recording the virtual machine this filter puts all packets coming from
the outer world into the log. In replay mode packets from the log are
injected into the network device. All interactions with network backend
in replay mode are disabled.

v5 changes:
  - using iov_to_buf function instead of loop

Signed-off-by: Pavel Dovgalyuk
---


Reviewed-by: Jason Wang 

Re: [Qemu-devel] [PATCH v1] block/vxhs: Add Veritas HyperScale VxHS block device support

[Buddhi Madhav]

On 10/25/16, 9:41 PM, "Jeff Cody"  wrote:

>On Tue, Oct 25, 2016 at 03:02:07PM -0700, Ashish Mittal wrote:
>> This patch adds support for a new block device type called "vxhs".
>> Source code for the library that this code loads can be downloaded from:
>> https://github.com/MittalAshish/libqnio.git
>>
>
>I grabbed the latest of libqnio, compiled it (had to disable -Werror), and
>tried it out.  I was able to do a qemu-img info on a raw file, but it
>would
>just hang when trying a format such as qcow2.  I am assuming
>this is a limitation of test_server, and not libqnio.

On my build I did not get any build errors.

The qcow2 issue is to do with the limitation in the test server, which we
will fix in a seperate patch.

>
>This will make qemu-iotests more difficult however.
>
>I haven't looked at the latest qnio code yet (other than compiling the
>test-server to test), so the rest of this review is on the qemu driver.
>
>> Sample command line using JSON syntax:
>> ./qemu-system-x86_64 -name instance-0008 -S -vnc 0.0.0.0:0 -k en-us
>>-vga cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5
>>-msg timestamp=on
>>'json:{"driver":"vxhs","vdisk_id":"{c3e9095a-a5ee-4dce-afeb-2a59fb387410}
>>","server":[{"host":"172.172.17.4","port":""}]}'
>> 
>> Sample command line using URI syntax:
>> qemu-img convert -f raw -O raw -n
>>/var/lib/nova/instances/_base/0c5eacd5ebea5ed914b6a3e7b18f1ce734c386ad
>>vxhs://192.168.0.1:/%7Bc6718f6b-0401-441d-a8c3-1f0064d75ee0%7D
>> 
>> Signed-off-by: Ashish Mittal 
>> ---
>>  block/Makefile.objs |   2 +
>>  block/trace-events  |  22 ++
>>  block/vxhs.c| 736
>>
>>  configure   |  41 +++jj
>>  4 files changed, 801 insertions(+)
>>  create mode 100644 block/vxhs.c
>
>I think this version still does not address Daniel's concerns regarding a
>QAPI schema for vxhs.

We are working on QAPI schema changes and will submit them in separate
patch.

>
>We are also still needing qemu-iotests, and a test-server suitable to run
>the tests.
>
>> 
>> diff --git a/block/Makefile.objs b/block/Makefile.objs
>> index 67a036a..58313a2 100644
>> --- a/block/Makefile.objs
>> +++ b/block/Makefile.objs
>> @@ -18,6 +18,7 @@ block-obj-$(CONFIG_LIBNFS) += nfs.o
>>  block-obj-$(CONFIG_CURL) += curl.o
>>  block-obj-$(CONFIG_RBD) += rbd.o
>>  block-obj-$(CONFIG_GLUSTERFS) += gluster.o
>> +block-obj-$(CONFIG_VXHS) += vxhs.o
>>  block-obj-$(CONFIG_ARCHIPELAGO) += archipelago.o
>>  block-obj-$(CONFIG_LIBSSH2) += ssh.o
>>  block-obj-y += accounting.o dirty-bitmap.o
>> @@ -38,6 +39,7 @@ rbd.o-cflags   := $(RBD_CFLAGS)
>>  rbd.o-libs := $(RBD_LIBS)
>>  gluster.o-cflags   := $(GLUSTERFS_CFLAGS)
>>  gluster.o-libs := $(GLUSTERFS_LIBS)
>> +vxhs.o-libs:= $(VXHS_LIBS)
>>  ssh.o-cflags   := $(LIBSSH2_CFLAGS)
>>  ssh.o-libs := $(LIBSSH2_LIBS)
>>  archipelago.o-libs := $(ARCHIPELAGO_LIBS)
>> diff --git a/block/trace-events b/block/trace-events
>> index 05fa13c..aea97cb 100644
>> --- a/block/trace-events
>> +++ b/block/trace-events
>> @@ -114,3 +114,25 @@ qed_aio_write_data(void *s, void *acb, int ret,
>>uint64_t offset, size_t len) "s
>>  qed_aio_write_prefill(void *s, void *acb, uint64_t start, size_t len,
>>uint64_t offset) "s %p acb %p start %"PRIu64" len %zu offset %"PRIu64
>>  qed_aio_write_postfill(void *s, void *acb, uint64_t start, size_t len,
>>uint64_t offset) "s %p acb %p start %"PRIu64" len %zu offset %"PRIu64
>>  qed_aio_write_main(void *s, void *acb, int ret, uint64_t offset,
>>size_t len) "s %p acb %p ret %d offset %"PRIu64" len %zu"
>> +
>> +# block/vxhs.c
>> +vxhs_iio_callback(int error, int reason) "ctx is NULL: error %d,
>>reason %d"
>> +vxhs_setup_qnio(void *s) "Context to HyperScale IO manager = %p"
>> +vxhs_iio_callback_chnfail(int err, int error) "QNIO channel failed, no
>>i/o %d, %d"
>> +vxhs_iio_callback_unknwn(int opcode, int err) "unexpected opcode %d,
>>errno %d"
>> +vxhs_open_fail(int ret) "Could not open the device. Error = %d"
>> +vxhs_open_epipe(int ret) "Could not create a pipe for device. Bailing
>>out. Error=%d"
>> +vxhs_aio_rw_invalid(int req) "Invalid I/O request iodir %d"
>> +vxhs_aio_rw_ioerr(char *guid, int iodir, uint64_t size, uint64_t off,
>>void *acb, int ret, int err) "IO ERROR (vDisk %s) FOR : Read/Write = %d
>>size = %lu offset = %lu ACB = %p. Error = %d, errno = %d"
>> +vxhs_get_vdisk_stat_err(char *guid, int ret, int err) "vDisk (%s) stat
>>ioctl failed, ret = %d, errno = %d"
>> +vxhs_get_vdisk_stat(char *vdisk_guid, uint64_t vdisk_size) "vDisk %s
>>stat ioctl returned size %lu"
>> +vxhs_qnio_iio_open(const char *ip) "Failed to connect to storage agent
>>on host-ip %s"
>> +vxhs_qnio_iio_devopen(const char *fname) "Failed to open vdisk device:
>>%s"
>> +vxhs_complete_aio(void *acb, uint64_t ret) "aio failed acb %p ret %ld"
>> +vxhs_parse_uri_filename(const char *filename) "URI passed via
>>bdrv_parse_filename %s"

[Qemu-devel] "block: use aio_bh_schedule_oneshot" breaks ibm-vscsi

[Alexey Kardashevskiy]

Hi,

I just discovered that fffb6e12233002c26c0ee9ff92fa87927cd779f2 broke
ibm-vscsi, the guest booting stops (I waited for a minute) at:

[0.809286] ibmvscsi 7101: SRP_VERSION: 16.a
[0.809766] ibmvscsi 7101: Maximum ID: 64 Maximum LUN: 32 Maximum 
Channel: 3
[0.810059] scsi host0: IBM POWER Virtual SCSI Adapter 1.5.9
[0.810634] ibmvscsi 7101: partner initialization complete
[0.810999] ibmvscsi 7101: host srp version: 16.a, host partition qemu 
(0), OS 2, max io 2097152
[0.811507] ibmvscsi 7101: sent SRP login
[0.811705] ibmvscsi 7101: SRP_LOGIN succeeded
[0.824062] scsi 0:0:0:0: Direct-Access QEMU QEMU HARDDISK2.5+ 
PQ: 0 ANSI: 5
[1.018526] sd 0:0:0:0: Attached scsi generic sg0 type 0
[1.019352] sd 0:0:0:0: [sda] 67108864 512-byte logical blocks: (34.4 
GB/32.0 GiB)
[1.020274] sd 0:0:0:0: [sda] Write Protect is off
[1.020667] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, 
doesn't support DPO or FUA
[1.023390]  sda: sda1 sda2 sda3
[1.025819] sd 0:0:0:0: [sda] Attached SCSI disk


When I switch to virtio-vscsi, I get a bit further:

Begin: Loading essential drivers ... done.
Begin: Running /scripts/init-premount ... done.
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done.
Begin: Running /scripts/local-premount ... done.
Begin: Will now check root file system ... fsck from util-linux 2.27.1
[/sbin/fsck.ext4 (1) -- /dev/sda2] fsck.ext4 -a -C0 /dev/sda2
fsck.ext4: Read-only file system while trying to open /dev/sda2
Disk write-protected; use the -n option to do a read-only
check of the device.
fsck exited with status code 8
done.
Warning: File system check failed but did not detect errors

and then I get login prompt.


With reverted fffb6e12233002c26c0ee9ff92fa87927cd779f2, virtio-vscsi behaves
the same (so I assume fffb6e122 does not affect it) and ibm-vscsi behaves 
nicely:

Begin: Loading essential drivers ... done.
Begin: Running /scripts/init-premount ... done.
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done.
Begin: Running /scripts/local-premount ... done.
Begin: Will now check root file system ... fsck from util-linux 2.27.1
[/sbin/fsck.ext4 (1) -- /dev/sda2] fsck.ext4 -a -C0 /dev/sda2
/dev/sda2: clean, 66846/2011296 files, 574929/8034048 blocks
done.
[0.996954] EXT4-fs (sda2): mounted filesystem with ordered data mode. Opts: 
(null)
done.

and then I get login prompt.


fffb6e12233002c26c0ee9ff92fa87927cd779f2 is:
===
block: use aio_bh_schedule_oneshot

This simplifies bottom half handlers by removing calls to qemu_bh_delete and
thus removing the need to stash the bottom half pointer in the opaque
datum.
===

Any clues what is wrong? Thanks.


---
Alexey

Re: [Qemu-devel] [PATCH 1/4] e1000e: Use regular DEFINE_PROP_ macros for properties

[Jason Wang]

On 2016年10月27日 03:21, Eduardo Habkost wrote:

Instead of hacking custom PropertyInfo structs, use the regular
DEFINE_PROP_ macros for the e1000e properties.

This also fixes a bug in the disable_vnet_hdr property
definition, that was using qdev_prop_uint8 for a bool field.

Signed-off-by: Eduardo Habkost 
---
  hw/net/e1000e.c | 25 +++--
  1 file changed, 3 insertions(+), 22 deletions(-)

diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
index 4994e1c..df24e55 100644
--- a/hw/net/e1000e.c
+++ b/hw/net/e1000e.c
@@ -638,19 +638,11 @@ static const VMStateDescription e1000e_vmstate = {
  }
  };
  
-static PropertyInfo e1000e_prop_disable_vnet,

-e1000e_prop_subsys_ven,
-e1000e_prop_subsys;
-
  static Property e1000e_properties[] = {
  DEFINE_NIC_PROPERTIES(E1000EState, conf),
-DEFINE_PROP_DEFAULT("disable_vnet_hdr", E1000EState, disable_vnet, false,
-e1000e_prop_disable_vnet, bool),
-DEFINE_PROP_DEFAULT("subsys_ven", E1000EState, subsys_ven,
-PCI_VENDOR_ID_INTEL,
-e1000e_prop_subsys_ven, uint16_t),
-DEFINE_PROP_DEFAULT("subsys", E1000EState, subsys, 0,
-e1000e_prop_subsys, uint16_t),
+DEFINE_PROP_BOOL("disable_vnet_hdr", E1000EState, disable_vnet, false),
+DEFINE_PROP_UINT16("subsys_ven", E1000EState, subsys_ven, 
PCI_VENDOR_ID_INTEL),
+DEFINE_PROP_UINT16("subsys", E1000EState, subsys, 0),
  DEFINE_PROP_END_OF_LIST(),
  };
  
@@ -673,17 +665,6 @@ static void e1000e_class_init(ObjectClass *class, void *data)

  dc->vmsd = _vmstate;
  dc->props = e1000e_properties;
  
-e1000e_prop_disable_vnet = qdev_prop_uint8;

-e1000e_prop_disable_vnet.description = "Do not use virtio headers, "
-   "perform SW offloads emulation "
-   "instead";
-
-e1000e_prop_subsys_ven = qdev_prop_uint16;
-e1000e_prop_subsys_ven.description = "PCI device Subsystem Vendor ID";
-
-e1000e_prop_subsys = qdev_prop_uint16;
-e1000e_prop_subsys.description = "PCI device Subsystem ID";
-
  set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
  }
  


Is there a way to keep the description here? At least for "vnet" I believe.

Thanks

[Qemu-devel] [PATCH v3 3/6] spapr: add hotplug interrupt machine options

[Michael Roth]

This adds machine options of the form:

  -machine pseries,modern-hotplug-events=true
  -machine pseries,modern-hotplug-events=false

If false, QEMU will force the use of "legacy" style hotplug events,
which are surfaced through EPOW events instead of a dedicated
hot plug event source, and lack certain features necessary, mainly,
for memory unplug support.

If true, QEMU will enable support for "modern" dedicated hot plug
event source. Note that we will still default to "legacy" style unless
the guest advertises support for the "modern" hotplug events via
ibm,client-architecture-support hcall during early boot.

For pseries-2.7 and earlier we default to false, for newer machine
types we default to true.

Signed-off-by: Michael Roth 
---
 hw/ppc/spapr.c | 28 
 1 file changed, 28 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 9ddf2ff..fe91883 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2143,16 +2143,41 @@ static void spapr_set_kvm_type(Object *obj, const char 
*value, Error **errp)
 spapr->kvm_type = g_strdup(value);
 }
 
+static bool spapr_get_modern_hotplug_events(Object *obj, Error **errp)
+{
+sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
+
+return spapr->use_hotplug_event_source;
+}
+
+static void spapr_set_modern_hotplug_events(Object *obj, bool value,
+Error **errp)
+{
+sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
+
+spapr->use_hotplug_event_source = value;
+}
+
 static void spapr_machine_initfn(Object *obj)
 {
 sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
 
 spapr->htab_fd = -1;
+spapr->use_hotplug_event_source = true;
 object_property_add_str(obj, "kvm-type",
 spapr_get_kvm_type, spapr_set_kvm_type, NULL);
 object_property_set_description(obj, "kvm-type",
 "Specifies the KVM virtualization mode 
(HV, PR)",
 NULL);
+object_property_add_bool(obj, "modern-hotplug-events",
+spapr_get_modern_hotplug_events,
+spapr_set_modern_hotplug_events,
+NULL);
+object_property_set_description(obj, "modern-hotplug-events",
+"Use dedicated hotplug event mechanism in"
+" place of standard EPOW events when 
possible"
+" (required for memory hot-unplug 
support)",
+NULL);
 }
 
 static void spapr_machine_finalizefn(Object *obj)
@@ -2599,7 +2624,10 @@ static void phb_placement_2_7(sPAPRMachineState *spapr, 
uint32_t index,
 
 static void spapr_machine_2_7_instance_options(MachineState *machine)
 {
+sPAPRMachineState *spapr = SPAPR_MACHINE(machine);
+
 spapr_machine_2_8_instance_options(machine);
+spapr->use_hotplug_event_source = false;
 }
 
 static void spapr_machine_2_7_class_options(MachineClass *mc)
-- 
1.9.1

[Qemu-devel] [PATCH v3 6/6] spapr: Memory hot-unplug support

[Michael Roth]

From: Bharata B Rao 

Add support to hot remove pc-dimm memory devices.

Since we're introducing a machine-level unplug_request hook, we also
had handling for CPU unplug there as well to ensure CPU unplug
continues to work as it did before.

Signed-off-by: Bharata B Rao 
* add hooks to CAS/cmdline enablement of hotplug ACR support
* add hook for CPU unplug
Signed-off-by: Michael Roth 
Reviewed-by: David Gibson 
---
 hw/ppc/spapr.c | 119 -
 hw/ppc/spapr_drc.c |  17 
 2 files changed, 135 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 531dfeb..c8e2921 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2281,6 +2281,90 @@ out:
 error_propagate(errp, local_err);
 }
 
+typedef struct sPAPRDIMMState {
+uint32_t nr_lmbs;
+} sPAPRDIMMState;
+
+static void spapr_lmb_release(DeviceState *dev, void *opaque)
+{
+sPAPRDIMMState *ds = (sPAPRDIMMState *)opaque;
+HotplugHandler *hotplug_ctrl;
+
+if (--ds->nr_lmbs) {
+return;
+}
+
+g_free(ds);
+
+/*
+ * Now that all the LMBs have been removed by the guest, call the
+ * pc-dimm unplug handler to cleanup up the pc-dimm device.
+ */
+hotplug_ctrl = qdev_get_hotplug_handler(dev);
+hotplug_handler_unplug(hotplug_ctrl, dev, _abort);
+}
+
+static void spapr_del_lmbs(DeviceState *dev, uint64_t addr_start, uint64_t 
size,
+   Error **errp)
+{
+sPAPRDRConnector *drc;
+sPAPRDRConnectorClass *drck;
+uint32_t nr_lmbs = size / SPAPR_MEMORY_BLOCK_SIZE;
+int i;
+sPAPRDIMMState *ds = g_malloc0(sizeof(sPAPRDIMMState));
+uint64_t addr = addr_start;
+
+ds->nr_lmbs = nr_lmbs;
+for (i = 0; i < nr_lmbs; i++) {
+drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB,
+addr / SPAPR_MEMORY_BLOCK_SIZE);
+g_assert(drc);
+
+drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
+drck->detach(drc, dev, spapr_lmb_release, ds, errp);
+addr += SPAPR_MEMORY_BLOCK_SIZE;
+}
+
+drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB,
+   addr_start / SPAPR_MEMORY_BLOCK_SIZE);
+drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
+spapr_hotplug_req_remove_by_count_indexed(SPAPR_DR_CONNECTOR_TYPE_LMB,
+  nr_lmbs,
+  drck->get_index(drc));
+}
+
+static void spapr_memory_unplug(HotplugHandler *hotplug_dev, DeviceState *dev,
+Error **errp)
+{
+sPAPRMachineState *ms = SPAPR_MACHINE(hotplug_dev);
+PCDIMMDevice *dimm = PC_DIMM(dev);
+PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm);
+MemoryRegion *mr = ddc->get_memory_region(dimm);
+
+pc_dimm_memory_unplug(dev, >hotplug_memory, mr);
+object_unparent(OBJECT(dev));
+}
+
+static void spapr_memory_unplug_request(HotplugHandler *hotplug_dev,
+DeviceState *dev, Error **errp)
+{
+Error *local_err = NULL;
+PCDIMMDevice *dimm = PC_DIMM(dev);
+PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm);
+MemoryRegion *mr = ddc->get_memory_region(dimm);
+uint64_t size = memory_region_size(mr);
+uint64_t addr;
+
+addr = object_property_get_int(OBJECT(dimm), PC_DIMM_ADDR_PROP, 
_err);
+if (local_err) {
+goto out;
+}
+
+spapr_del_lmbs(dev, addr, size, _abort);
+out:
+error_propagate(errp, local_err);
+}
+
 void *spapr_populate_hotplug_cpu_dt(CPUState *cs, int *fdt_offset,
 sPAPRMachineState *spapr)
 {
@@ -2354,10 +2438,42 @@ static void spapr_machine_device_plug(HotplugHandler 
*hotplug_dev,
 static void spapr_machine_device_unplug(HotplugHandler *hotplug_dev,
   DeviceState *dev, Error **errp)
 {
+sPAPRMachineState *sms = SPAPR_MACHINE(qdev_get_machine());
 MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
 
 if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {
-error_setg(errp, "Memory hot unplug not supported by sPAPR");
+if (spapr_ovec_test(sms->ov5_cas, OV5_HP_EVT)) {
+spapr_memory_unplug(hotplug_dev, dev, errp);
+} else {
+error_setg(errp, "Memory hot unplug not supported for this guest");
+}
+} else if (object_dynamic_cast(OBJECT(dev), TYPE_SPAPR_CPU_CORE)) {
+if (!mc->query_hotpluggable_cpus) {
+error_setg(errp, "CPU hot unplug not supported on this machine");
+return;
+}
+spapr_core_unplug(hotplug_dev, dev, errp);
+}
+}
+
+static void spapr_machine_device_unplug_request(HotplugHandler *hotplug_dev,
+DeviceState *dev, Error **errp)
+{
+sPAPRMachineState *sms = 

[Qemu-devel] [PATCH v3 4/6] spapr: Add DRC count indexed hotplug identifier type

[Michael Roth]

From: Bharata B Rao 

Add support for DRC count indexed hotplug ID type which is primarily
needed for memory hot unplug. This type allows for specifying the
number of DRs that should be plugged/unplugged starting from a given
DRC index.

Signed-off-by: Bharata B Rao 
* updated rtas_event_log_v6_hp to reflect count/index field ordering
  used in PAPR hotplug ACR
Signed-off-by: Michael Roth 
Reviewed-by: David Gibson 
---
 hw/ppc/spapr_events.c  | 76 --
 include/hw/ppc/spapr.h |  4 +++
 2 files changed, 65 insertions(+), 15 deletions(-)

diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index 9b0bd41..f85a9c3 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -175,6 +175,16 @@ struct epow_log_full {
 struct rtas_event_log_v6_epow epow;
 } QEMU_PACKED;
 
+union drc_identifier {
+uint32_t index;
+uint32_t count;
+struct {
+uint32_t count;
+uint32_t index;
+} count_indexed;
+char name[1];
+} QEMU_PACKED;
+
 struct rtas_event_log_v6_hp {
 #define RTAS_LOG_V6_SECTION_ID_HOTPLUG  0x4850 /* HP */
 struct rtas_event_log_v6_section_header hdr;
@@ -191,12 +201,9 @@ struct rtas_event_log_v6_hp {
 #define RTAS_LOG_V6_HP_ID_DRC_NAME   1
 #define RTAS_LOG_V6_HP_ID_DRC_INDEX  2
 #define RTAS_LOG_V6_HP_ID_DRC_COUNT  3
+#define RTAS_LOG_V6_HP_ID_DRC_COUNT_INDEXED  4
 uint8_t reserved;
-union {
-uint32_t index;
-uint32_t count;
-char name[1];
-} drc;
+union drc_identifier drc_id;
 } QEMU_PACKED;
 
 struct hp_log_full {
@@ -488,7 +495,7 @@ static void spapr_hotplug_set_signalled(uint32_t drc_index)
 
 static void spapr_hotplug_req_event(uint8_t hp_id, uint8_t hp_action,
 sPAPRDRConnectorType drc_type,
-uint32_t drc)
+union drc_identifier *drc_id)
 {
 sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
 struct hp_log_full *new_hp;
@@ -533,7 +540,7 @@ static void spapr_hotplug_req_event(uint8_t hp_id, uint8_t 
hp_action,
 case SPAPR_DR_CONNECTOR_TYPE_PCI:
 hp->hotplug_type = RTAS_LOG_V6_HP_TYPE_PCI;
 if (hp->hotplug_action == RTAS_LOG_V6_HP_ACTION_ADD) {
-spapr_hotplug_set_signalled(drc);
+spapr_hotplug_set_signalled(drc_id->index);
 }
 break;
 case SPAPR_DR_CONNECTOR_TYPE_LMB:
@@ -551,9 +558,18 @@ static void spapr_hotplug_req_event(uint8_t hp_id, uint8_t 
hp_action,
 }
 
 if (hp_id == RTAS_LOG_V6_HP_ID_DRC_COUNT) {
-hp->drc.count = cpu_to_be32(drc);
+hp->drc_id.count = cpu_to_be32(drc_id->count);
 } else if (hp_id == RTAS_LOG_V6_HP_ID_DRC_INDEX) {
-hp->drc.index = cpu_to_be32(drc);
+hp->drc_id.index = cpu_to_be32(drc_id->index);
+} else if (hp_id == RTAS_LOG_V6_HP_ID_DRC_COUNT_INDEXED) {
+/* we should not be using count_indexed value unless the guest
+ * supports dedicated hotplug event source
+ */
+g_assert(spapr_ovec_test(spapr->ov5_cas, OV5_HP_EVT));
+hp->drc_id.count_indexed.count =
+cpu_to_be32(drc_id->count_indexed.count);
+hp->drc_id.count_indexed.index =
+cpu_to_be32(drc_id->count_indexed.index);
 }
 
 rtas_event_log_queue(RTAS_LOG_TYPE_HOTPLUG, new_hp, true);
@@ -567,34 +583,64 @@ void spapr_hotplug_req_add_by_index(sPAPRDRConnector *drc)
 {
 sPAPRDRConnectorClass *drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
 sPAPRDRConnectorType drc_type = drck->get_type(drc);
-uint32_t index = drck->get_index(drc);
+union drc_identifier drc_id;
 
+drc_id.index = drck->get_index(drc);
 spapr_hotplug_req_event(RTAS_LOG_V6_HP_ID_DRC_INDEX,
-RTAS_LOG_V6_HP_ACTION_ADD, drc_type, index);
+RTAS_LOG_V6_HP_ACTION_ADD, drc_type, _id);
 }
 
 void spapr_hotplug_req_remove_by_index(sPAPRDRConnector *drc)
 {
 sPAPRDRConnectorClass *drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
 sPAPRDRConnectorType drc_type = drck->get_type(drc);
-uint32_t index = drck->get_index(drc);
+union drc_identifier drc_id;
 
+drc_id.index = drck->get_index(drc);
 spapr_hotplug_req_event(RTAS_LOG_V6_HP_ID_DRC_INDEX,
-RTAS_LOG_V6_HP_ACTION_REMOVE, drc_type, index);
+RTAS_LOG_V6_HP_ACTION_REMOVE, drc_type, _id);
 }
 
 void spapr_hotplug_req_add_by_count(sPAPRDRConnectorType drc_type,
uint32_t count)
 {
+union drc_identifier drc_id;
+
+drc_id.count = count;
 spapr_hotplug_req_event(RTAS_LOG_V6_HP_ID_DRC_COUNT,
-RTAS_LOG_V6_HP_ACTION_ADD, drc_type, count);
+

[Qemu-devel] [PATCH v3 5/6] spapr: use count+index for memory hotplug

[Michael Roth]

Commit 0a417869:

spapr: Move memory hotplug to RTAS_LOG_V6_HP_ID_DRC_COUNT type

dropped per-DRC/per-LMB hotplugs event in favor of a bulk add via a
single LMB count value. This was to avoid overrunning the guest EPOW
event queue with hotplug events. This works fine, but relies on the
guest exhaustively scanning for pluggable LMBs to satisfy the
requested count by issuing rtas-get-sensor(DR_ENTITY_SENSE, ...) calls
until all the LMBs associated with the DIMM are identified.

With newer support for dedicated hotplug event source, this queue
exhaustion is no longer as much of an issue due to implementation
details on the guest side, but we still try to avoid excessive hotplug
events by now supporting both a count and a starting index to avoid
unecessary work. This patch makes use of that approach when the
capability is available.

Cc: bhar...@linux.vnet.ibm.com
Signed-off-by: Michael Roth 
Reviewed-by: David Gibson 
---
 hw/ppc/spapr.c | 22 ++
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index fe91883..531dfeb 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2202,14 +2202,16 @@ static void spapr_nmi(NMIState *n, int cpu_index, Error 
**errp)
 }
 }
 
-static void spapr_add_lmbs(DeviceState *dev, uint64_t addr, uint64_t size,
-   uint32_t node, Error **errp)
+static void spapr_add_lmbs(DeviceState *dev, uint64_t addr_start, uint64_t 
size,
+   uint32_t node, bool dedicated_hp_event_source,
+   Error **errp)
 {
 sPAPRDRConnector *drc;
 sPAPRDRConnectorClass *drck;
 uint32_t nr_lmbs = size/SPAPR_MEMORY_BLOCK_SIZE;
 int i, fdt_offset, fdt_size;
 void *fdt;
+uint64_t addr = addr_start;
 
 for (i = 0; i < nr_lmbs; i++) {
 drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB,
@@ -2228,7 +2230,17 @@ static void spapr_add_lmbs(DeviceState *dev, uint64_t 
addr, uint64_t size,
  * guest only in case of hotplugged memory
  */
 if (dev->hotplugged) {
-   spapr_hotplug_req_add_by_count(SPAPR_DR_CONNECTOR_TYPE_LMB, nr_lmbs);
+if (dedicated_hp_event_source) {
+drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB,
+addr_start / SPAPR_MEMORY_BLOCK_SIZE);
+drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
+spapr_hotplug_req_add_by_count_indexed(SPAPR_DR_CONNECTOR_TYPE_LMB,
+   nr_lmbs,
+   drck->get_index(drc));
+} else {
+spapr_hotplug_req_add_by_count(SPAPR_DR_CONNECTOR_TYPE_LMB,
+   nr_lmbs);
+}
 }
 }
 
@@ -2261,7 +2273,9 @@ static void spapr_memory_plug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 goto out;
 }
 
-spapr_add_lmbs(dev, addr, size, node, _abort);
+spapr_add_lmbs(dev, addr, size, node,
+   spapr_ovec_test(ms->ov5_cas, OV5_HP_EVT),
+   _abort);
 
 out:
 error_propagate(errp, local_err);
-- 
1.9.1

[Qemu-devel] [PATCH v3 1/6] spapr: update spapr hotplug documentation

[Michael Roth]

This updates the existing documentation to reflect recent updates to
the hotplug event structure, which are in draft form but slated
for inclusion in PAPR/LoPAPR.

Signed-off-by: Michael Roth 
Reviewed-by: David Gibson 
---
 docs/specs/ppc-spapr-hotplug.txt | 55 +---
 1 file changed, 46 insertions(+), 9 deletions(-)

diff --git a/docs/specs/ppc-spapr-hotplug.txt b/docs/specs/ppc-spapr-hotplug.txt
index 631b0ca..f57e2a0 100644
--- a/docs/specs/ppc-spapr-hotplug.txt
+++ b/docs/specs/ppc-spapr-hotplug.txt
@@ -233,12 +233,27 @@ tools by host-level management such as an HMC. This level 
of management is not
 applicable to PowerKVM, hence the reason for extending the notification
 framework to support hotplug events.
 
-Note that these events are not yet formally part of the PAPR+ specification,
-but support for this format has already been implemented in DR-related
-guest tools such as powerpc-utils/librtas, as well as kernel patches that have
-been submitted to handle in-kernel processing of memory/cpu-related hotplug
-events[1], and is planned for formal inclusion is PAPR+ specification. The
-hotplug-specific payload is QEMU implemented as follows (with all values
+The format for these EPOW-signalled events is described below under
+"hotplug/unplug event structure". Note that these events are not
+formally part of the PAPR+ specification, and have been superseded by a
+newer format, also described below under "hotplug/unplug event structure",
+and so are now deemed a "legacy" format. The formats are similar, but the
+"modern" format contains additional fields/flags, which are denoted for the
+purposes of this documentation with "#ifdef GUEST_SUPPORTS_MODERN" guards.
+
+QEMU should assume support only for "legacy" fields/flags unless the guest
+advertises support for the "modern" format via ibm,client-architecture-support
+hcall by setting byte 5, bit 6 of it's ibm,architecture-vec-5 option vector
+structure (as described by LoPAPR v11, B.6.2.3). As with "legacy" format 
events,
+"modern" format events are surfaced to the guest via check-exception RTAS 
calls,
+but use a dedicated event source to signal the guest. This event source is
+advertised to the guest by the addition of a "hot-plug-events" node under
+"/event-sources" node of the guest's device tree using the standard format
+described in LoPAPR v11, B.6.12.1.
+
+== hotplug/unplug event structure ==
+
+The hotplug-specific payload in QEMU is implemented as follows (with all values
 encoded in big-endian format):
 
 struct rtas_event_log_v6_hp {
@@ -263,14 +278,23 @@ struct rtas_event_log_v6_hp {
 #define RTAS_LOG_V6_HP_ACTION_ADD   1
 #define RTAS_LOG_V6_HP_ACTION_REMOVE2
 uint8_t hotplug_action; /* action (add/remove) */
-#define RTAS_LOG_V6_HP_ID_DRC_NAME  1
-#define RTAS_LOG_V6_HP_ID_DRC_INDEX 2
-#define RTAS_LOG_V6_HP_ID_DRC_COUNT 3
+#define RTAS_LOG_V6_HP_ID_DRC_NAME  1
+#define RTAS_LOG_V6_HP_ID_DRC_INDEX 2
+#define RTAS_LOG_V6_HP_ID_DRC_COUNT 3
+#ifdef GUEST_SUPPORTS_MODERN
+#define RTAS_LOG_V6_HP_ID_DRC_COUNT_INDEXED 4
+#endif
 uint8_t hotplug_identifier; /* type of the resource identifier,
  * which serves as the discriminator
  * for the 'drc' union field below
  */
+#ifdef GUEST_SUPPORTS_MODERN
+uint8_t capabilities;   /* capability flags, currently unused
+ * by QEMU
+ */
+#else
 uint8_t reserved;
+#endif
 union {
 uint32_t index; /* DRC index of resource to take action
  * on
@@ -278,6 +302,19 @@ struct rtas_event_log_v6_hp {
 uint32_t count; /* number of DR resources to take
  * action on (guest chooses which)
  */
+#ifdef GUEST_SUPPORTS_MODERN
+struct {
+uint32_t count; /* number of DR resources to take
+ * action on
+ */
+uint32_t index; /* DRC index of first resource to take
+ * action on. guest will take action
+ * on DRC index  through
+ * DRC index  in
+ * sequential order
+ */
+} count_indexed;
+#endif
 char name[1];   /* string representing the name of the
  * DRC to take action on
  */
-- 
1.9.1

[Qemu-devel] [PATCH v3 0/6] spapr: dedicated hotplug events and memory unplug support

[Michael Roth]

This series is based on David's ppc-for-2.8 branch, and is also available from:

  https://github.com/mdroth/qemu/commits/spapr-hotplug-event-update

Changes since v2:
  * Rebased on latest ppc-for-2.8
  * Fix silly screw up with Reviewed-by attributions

Changes since v1:
  * Rebased on latest ppc-for-2.8
  * Dropped patches relating to option vector manipulation (now merged)
  * Moved patch introducing modern-hotplug-events option to come after
that actual implementation of modern-hotplug-events support. (David)
  * Removed uneeded source name string from sPAPREventSource in favor of
manual lookup of the name when creating DT. (David)
  * Don't split function return signatures across lines (David)
  * Add comment to clarify hotplug events being enabled regardless
of CAS-negotiation.
  * Avoid unecessary initialization of hotplug_ctrl in
spapr_lmb_release. (David)

Changes since RFC:
  * Rebased on latest ppc-for-2.8 (with DT refactoring)
  * Submitting as v1 now that PAPR Hotplug ACR is committed
  * address Patchew warnings
  * add comments to clarify spapr->ov5/ov5_cas usage. (David)
  * revise comment to clarify intent when setting spapr->ov5
OV5_HP_EVT bit. (Bharata)
  * drop internal usage of spapr_ovec_from_bitmap() in favor of
directly assigning bitmap to sPAPROptionVector instances. (David)
  * standardize meaning of 'vector_len' variable through spapr_ovec_*
functions to be the byte-wise length of option vectors entries,
and not including the preceeding length byte itself. (David)
  * fix spapr_ovec_populate_dt() to parse up to OV_MAXBITS bits
rather than OV_MAXBITS - 1. (David)
  * fix spapr_ovec_populate_dt() encode the minimum of 1 option
vector byte instead of the max of OV_MAXBYTES in cases where
no option bits are set. (David)
  * add some comments to spapr_ovec_populate_dt() to clarify what
is being encoded into length byte of ibm,architecture-vec-5
  * switch 'legacy-hotplug-events' option to
'modern-hotplug-events' (David)
  * modify rtas_event_log_to_source() to check for OV5_HP_EVT
option rather than relying on whether the hotplug source is
specifically enabled. Assert the latter in cases where
OV5_HP_EVT is set. (Bharata)
  * drop global EventSource list in favor of an sPAPREventSource
list field within sPAPRMachineState (David)
  * add CPU unplug hook in mc->unplug_request (Bharata)

Patches 1-4 add support for an updated event format for hotplug events,
which includes a new way to specify a range of DRCs/LMBs to hotplug/unplug
using a starting position and count, which is necessary for memory unplug.

Patches 5-6 add support for memory unplug using the new event format.

In addition to kernel 4.8 or later, there are a number of patches required
to enable support on the guest kernel side. I've including the minimum set
of patches in my branch here:

   https://github.com/mdroth/linux/commits/spapr-hotplug-event-update

   *powerpc/pseries: advertise Hot Plug Event support to firmware
   powerpc/pseries: Implement indexed-count hotplug memory remove
   powerpc/pseries: Implement indexed-count hotplug memory add

Note that there is currently an issue that arises when attempting to
offline an LMB that was onlined using a guest kernel's auto-onlining
mechanism, which can prevent full completion of memory unplug requests.
This is being investigated, but for the purposes of testing this can
be worked around currently by disabling auto-onlining in guests via:

  "echo offline >/sys/devices/system/memory/auto_online_blocks"

and instead onlining the blocks manually or via udev.

 docs/specs/ppc-spapr-hotplug.txt |  55 +-
 hw/ppc/spapr.c   | 178 
+++
 hw/ppc/spapr_drc.c   |  17 
 hw/ppc/spapr_events.c| 278 
+-
 include/hw/ppc/spapr.h   |  10 -
 include/hw/ppc/spapr_ovec.h  |   1 +
 6 files changed, 469 insertions(+), 70 deletions(-)

[Qemu-devel] [PATCH v3 2/6] spapr_events: add support for dedicated hotplug event source

[Michael Roth]

Hotplug events were previously delivered using an EPOW interrupt
and were queued by linux guests into a circular buffer. For traditional
EPOW events like shutdown/resets, this isn't an issue, but for hotplug
events there are cases where this buffer can be exhausted, resulting
in the loss of hotplug events, resets, etc.

Newer-style hotplug event are delivered using a dedicated event source.
We enable this in supported guests by adding standard an additional
event source in the guest device-tree via /event-sources, and, if
the guest advertises support for the newer-style hotplug events,
using the corresponding interrupt to signal the available of
hotplug/unplug events.

Signed-off-by: Michael Roth 
---
 hw/ppc/spapr.c  |   9 +-
 hw/ppc/spapr_events.c   | 202 
 include/hw/ppc/spapr.h  |   6 +-
 include/hw/ppc/spapr_ovec.h |   1 +
 4 files changed, 177 insertions(+), 41 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 0b3820b..9ddf2ff 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -973,7 +973,7 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr,
 }
 
 /* /event-sources */
-spapr_dt_events(fdt, spapr->check_exception_irq);
+spapr_dt_events(spapr, fdt);
 
 /* /rtas */
 spapr_dt_rtas(spapr, fdt);
@@ -1789,6 +1789,11 @@ static void ppc_spapr_init(MachineState *machine)
 
 spapr_ovec_set(spapr->ov5, OV5_FORM1_AFFINITY);
 
+/* advertise support for dedicated HP event source to guests */
+if (spapr->use_hotplug_event_source) {
+spapr_ovec_set(spapr->ov5, OV5_HP_EVT);
+}
+
 /* init CPUs */
 if (machine->cpu_model == NULL) {
 machine->cpu_model = kvm_enabled() ? "host" : smc->tcg_default_cpu;
@@ -1912,7 +1917,7 @@ static void ppc_spapr_init(MachineState *machine)
 }
 g_free(filename);
 
-/* Set up EPOW events infrastructure */
+/* Set up RTAS event infrastructure */
 spapr_events_init(spapr);
 
 /* Set up the RTC RTAS interfaces */
diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index 89aa5a7..9b0bd41 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -40,6 +40,7 @@
 #include "hw/ppc/spapr_drc.h"
 #include "qemu/help_option.h"
 #include "qemu/bcd.h"
+#include "hw/ppc/spapr_ovec.h"
 #include 
 
 struct rtas_error_log {
@@ -206,27 +207,132 @@ struct hp_log_full {
 struct rtas_event_log_v6_hp hp;
 } QEMU_PACKED;
 
-#define EVENT_MASK_INTERNAL_ERRORS   0x8000
-#define EVENT_MASK_EPOW  0x4000
-#define EVENT_MASK_HOTPLUG   0x1000
-#define EVENT_MASK_IO0x0800
+typedef enum EventClass {
+EVENT_CLASS_INTERNAL_ERRORS = 0,
+EVENT_CLASS_EPOW= 1,
+EVENT_CLASS_RESERVED= 2,
+EVENT_CLASS_HOT_PLUG= 3,
+EVENT_CLASS_IO  = 4,
+EVENT_CLASS_MAX
+} EventClassIndex;
+#define EVENT_CLASS_MASK(index) (1 << (31 - index))
+
+static const char * const event_names[EVENT_CLASS_MAX] = {
+[EVENT_CLASS_INTERNAL_ERRORS]   = "internal-errors",
+[EVENT_CLASS_EPOW]  = "epow-events",
+[EVENT_CLASS_HOT_PLUG]  = "hot-plug-events",
+[EVENT_CLASS_IO]= "ibm,io-events",
+};
+
+struct sPAPREventSource {
+int irq;
+uint32_t mask;
+bool enabled;
+};
+
+static sPAPREventSource *spapr_event_sources_new(void)
+{
+return g_new0(sPAPREventSource, EVENT_CLASS_MAX);
+}
+
+static void spapr_event_sources_register(sPAPREventSource *event_sources,
+EventClassIndex index, int irq)
+{
+/* we only support 1 irq per event class at the moment */
+g_assert(event_sources);
+g_assert(!event_sources[index].enabled);
+event_sources[index].irq = irq;
+event_sources[index].mask = EVENT_CLASS_MASK(index);
+event_sources[index].enabled = true;
+}
+
+static const sPAPREventSource *
+spapr_event_sources_get_source(sPAPREventSource *event_sources,
+   EventClassIndex index)
+{
+g_assert(index < EVENT_CLASS_MAX);
+g_assert(event_sources);
+
+return _sources[index];
+}
 
-void spapr_dt_events(void *fdt, uint32_t check_exception_irq)
+void spapr_dt_events(sPAPRMachineState *spapr, void *fdt)
 {
-int event_sources, epow_events;
-uint32_t irq_ranges[] = {cpu_to_be32(check_exception_irq), cpu_to_be32(1)};
-uint32_t interrupts[] = {cpu_to_be32(check_exception_irq), 0};
+uint32_t irq_ranges[EVENT_CLASS_MAX * 2];
+int i, count = 0, event_sources;
+sPAPREventSource *events = spapr->event_sources;
+
+g_assert(events);
 
 _FDT(event_sources = fdt_add_subnode(fdt, 0, "event-sources"));
 
-_FDT(fdt_setprop(fdt, event_sources, "interrupt-controller", NULL, 0));
-_FDT(fdt_setprop_cell(fdt, event_sources, "#interrupt-cells", 2));
-_FDT(fdt_setprop(fdt, event_sources, 

Re: [Qemu-devel] [PATCH v2 05/17] target-m68k: add dbcc

[Richard Henderson]

On 10/26/2016 05:42 PM, Laurent Vivier wrote:

Signed-off-by: Laurent Vivier 
---
 target-m68k/translate.c | 25 +
 1 file changed, 25 insertions(+)



Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v2 04/17] target-m68k: add addressing modes to scc

[Richard Henderson]

On 10/26/2016 05:42 PM, Laurent Vivier wrote:

Signed-off-by: Laurent Vivier 
---
 target-m68k/translate.c | 40 
 1 file changed, 20 insertions(+), 20 deletions(-)


Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v2 03/17] target-m68k: add exg ops

[Richard Henderson]

On 10/26/2016 05:42 PM, Laurent Vivier wrote:

Suggested-by: Richard Henderson 
Signed-off-by: Laurent Vivier 
---
 target-m68k/translate.c | 30 ++
 1 file changed, 30 insertions(+)


Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v2 00/20] dataplane: remove RFifoLock

[Fam Zheng]

On Wed, 10/19 08:55, Fam Zheng wrote:
> Reviewed-by: Fam Zheng 

FWIW in merging it:

Acked-by: Fam Zheng 

Re: [Qemu-devel] [PATCH v1] block/vxhs: Add Veritas HyperScale VxHS block device support

[Jeff Cody]

On Wed, Oct 26, 2016 at 09:33:30PM +, Buddhi Madhav wrote:
> 
> 
> On 10/25/16, 9:41 PM, "Jeff Cody"  wrote:
> 
> >On Tue, Oct 25, 2016 at 03:02:07PM -0700, Ashish Mittal wrote:
> >> This patch adds support for a new block device type called "vxhs".
> >> Source code for the library that this code loads can be downloaded from:
> >> https://github.com/MittalAshish/libqnio.git
> >>
> >
> >I grabbed the latest of libqnio, compiled it (had to disable -Werror), and
> >tried it out.  I was able to do a qemu-img info on a raw file, but it
> >would
> >just hang when trying a format such as qcow2.  I am assuming
> >this is a limitation of test_server, and not libqnio.
> 
> On my build I did not get any build errors.
> 

Likely a difference in gcc versions; I am compiling with gcc 6.2.1.  Here
are the warnings I get (this is just for your benefit, not really part of
this driver review):

lib/qnio/cJSON.c: In function ‘cJSON_strcasecmp’:
lib/qnio/cJSON.c:41:5: warning: this ‘if’ clause does not guard... 
[-Wmisleading-indentation]
 if (!s1) return (s1==s2)?0:1;if (!s2) return 1;
 ^~
lib/qnio/cJSON.c:41:34: note: ...this statement, but the latter is misleadingly 
indented as if it is guarded by the ‘if’
 if (!s1) return (s1==s2)?0:1;if (!s2) return 1;
  ^~
lib/qnio/cJSON.c: In function ‘print_object’:
lib/qnio/cJSON.c:440:9: warning: this ‘if’ clause does not guard... 
[-Wmisleading-indentation]
 if (fmt) *ptr++='\n';*ptr=0;
 ^~
lib/qnio/cJSON.c:440:30: note: ...this statement, but the latter is 
misleadingly indented as if it is guarded by the ‘if’
 if (fmt) *ptr++='\n';*ptr=0;
  ^
lib/qnio/cJSON.c: In function ‘cJSON_DetachItemFromArray’:
lib/qnio/cJSON.c:467:5: warning: this ‘if’ clause does not guard... 
[-Wmisleading-indentation]
 if (c->prev) c->prev->next=c->next;if (c->next) c->next->prev=c->prev;if 
(c==array->child) array->child=c->next;c->prev=c->next=0;return c;}
 ^~
lib/qnio/cJSON.c:467:40: note: ...this statement, but the latter is 
misleadingly indented as if it is guarded by the ‘if’
 if (c->prev) c->prev->next=c->next;if (c->next) c->next->prev=c->prev;if 
(c==array->child) array->child=c->next;c->prev=c->next=0;return c;}



> The qcow2 issue is to do with the limitation in the test server, which we
> will fix in a seperate patch.
> 
> >
> >This will make qemu-iotests more difficult however.
> >
> >I haven't looked at the latest qnio code yet (other than compiling the
> >test-server to test), so the rest of this review is on the qemu driver.
> >
> >> Sample command line using JSON syntax:
> >> ./qemu-system-x86_64 -name instance-0008 -S -vnc 0.0.0.0:0 -k en-us
> >>-vga cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5
> >>-msg timestamp=on
> >>'json:{"driver":"vxhs","vdisk_id":"{c3e9095a-a5ee-4dce-afeb-2a59fb387410}
> >>","server":[{"host":"172.172.17.4","port":""}]}'
> >> 
> >> Sample command line using URI syntax:
> >> qemu-img convert -f raw -O raw -n
> >>/var/lib/nova/instances/_base/0c5eacd5ebea5ed914b6a3e7b18f1ce734c386ad
> >>vxhs://192.168.0.1:/%7Bc6718f6b-0401-441d-a8c3-1f0064d75ee0%7D
> >> 
> >> Signed-off-by: Ashish Mittal 
> >> ---
> >>  block/Makefile.objs |   2 +
> >>  block/trace-events  |  22 ++
> >>  block/vxhs.c| 736
> >>
> >>  configure   |  41 +++jj
> >>  4 files changed, 801 insertions(+)
> >>  create mode 100644 block/vxhs.c
> >
> >I think this version still does not address Daniel's concerns regarding a
> >QAPI schema for vxhs.
> 
> We are working on QAPI schema changes and will submit them in separate
> patch.
> 

When you submit them, since there is a dependency with the patches, it
should be submitted as a patch series along with this patch.  Same with the
qemu-iotests, once those are ready.

> >
> >We are also still needing qemu-iotests, and a test-server suitable to run
> >the tests.
> >
> >> 
> >> diff --git a/block/Makefile.objs b/block/Makefile.objs
> >> index 67a036a..58313a2 100644
> >> --- a/block/Makefile.objs
> >> +++ b/block/Makefile.objs
> >> @@ -18,6 +18,7 @@ block-obj-$(CONFIG_LIBNFS) += nfs.o
> >>  block-obj-$(CONFIG_CURL) += curl.o
> >>  block-obj-$(CONFIG_RBD) += rbd.o
> >>  block-obj-$(CONFIG_GLUSTERFS) += gluster.o
> >> +block-obj-$(CONFIG_VXHS) += vxhs.o
> >>  block-obj-$(CONFIG_ARCHIPELAGO) += archipelago.o
> >>  block-obj-$(CONFIG_LIBSSH2) += ssh.o
> >>  block-obj-y += accounting.o dirty-bitmap.o
> >> @@ -38,6 +39,7 @@ rbd.o-cflags   := $(RBD_CFLAGS)
> >>  rbd.o-libs := $(RBD_LIBS)
> >>  gluster.o-cflags   := $(GLUSTERFS_CFLAGS)
> >>  gluster.o-libs := $(GLUSTERFS_LIBS)
> >> +vxhs.o-libs:= $(VXHS_LIBS)
> >>  ssh.o-cflags   := $(LIBSSH2_CFLAGS)
> >>  ssh.o-libs := $(LIBSSH2_LIBS)
> >>  archipelago.o-libs := $(ARCHIPELAGO_LIBS)
> >> diff --git a/block/trace-events 

[Qemu-devel] [PATCH] linux-user: manage two new IFLA host message types

[Laurent Vivier]

Add QEMU_IFLA_GSO_MAX_SEGS and QEMU_IFLA_GSO_MAX_SIZE
in host_to_target_data_link_rtattr().

These two messages are sent by the host kernel when
we use "sudo".

Found with qemu-m68k and Debian etch-m68k (sudo 1.6.8p12-4) and
host kernel 4.7.6-200.fc24.x86_64

Signed-off-by: Laurent Vivier 
---
 linux-user/syscall.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index db697c0..521bdb5 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2320,6 +2320,8 @@ static abi_long host_to_target_data_link_rtattr(struct 
rtattr *rtattr)
 case QEMU_IFLA_GROUP:
 case QEMU_IFLA_MASTER:
 case QEMU_IFLA_NUM_VF:
+case QEMU_IFLA_GSO_MAX_SEGS:
+case QEMU_IFLA_GSO_MAX_SIZE:
 u32 = RTA_DATA(rtattr);
 *u32 = tswap32(*u32);
 break;
-- 
2.7.4

Re: [Qemu-devel] [RESEND PATCH v3 kernel 0/7] Extend virtio-balloon for fast (de)inflating & fast live migration

[Li, Liang Z]

> On 10/26/2016 03:06 AM, Li, Liang Z wrote:
> > I am working on Dave's new bitmap schema, I have finished the part of
> > getting the 'hybrid scheme bitmap' and found the complexity was more
> > than I expected. The main issue is more memory is required to save the
> > 'hybrid scheme bitmap' beside that used to save the raw page bitmap,
> > for the worst case, the memory required is 3 times than that in the
> > previous implementation.
> 
> Really?  Could you please describe the scenario where this occurs?
> > I am wondering if I should continue, as an alternative solution, how
> > about using PFNs array when inflating/deflating only a few pages?
> > Things will be much more simple.
> 
> Yes, using pfn lists is more efficient than using bitmaps for sparse bitmaps.
> Yes, there will be cases where it is preferable to just use pfn lists vs. any 
> kind
> of bitmap.
> 
> But, what does it matter?  At least with your current scheme where we go
> out and collect get_unused_pages(), we do the allocation up front.  The
> space efficiency doesn't matter at all for small sizes since we do the 
> constant-
> size allocation *anyway*.
> 
> I'm also pretty sure you can pack the pfn and page order into a single 64-bit
> word and have no bitmap for a given record.  That would make it pack just as
> well as the old pfns alone.  Right?

Yes, thanks for reminding, I am using 128 bit now, I will change it to 64 bit.
Let me finish the v4 first.

Thanks!
Liang

 

[Qemu-devel] [PATCH v2 15/17] target-m68k: add/sub manage word and byte operands

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target-m68k/translate.c | 73 +++--
 1 file changed, 40 insertions(+), 33 deletions(-)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index f7e6920..0448569 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -1253,35 +1253,37 @@ DISAS_INSN(addsub)
 TCGv tmp;
 TCGv addr;
 int add;
+int opsize;
 
 add = (insn & 0x4000) != 0;
-reg = DREG(insn, 9);
+opsize = insn_opsize(insn);
+reg = gen_extend(DREG(insn, 9), opsize, 1);
 dest = tcg_temp_new();
 if (insn & 0x100) {
-SRC_EA(env, tmp, OS_LONG, 0, );
+SRC_EA(env, tmp, opsize, 1, );
 src = reg;
 } else {
 tmp = reg;
-SRC_EA(env, src, OS_LONG, 0, NULL);
+SRC_EA(env, src, opsize, 1, NULL);
 }
 if (add) {
 tcg_gen_add_i32(dest, tmp, src);
 tcg_gen_setcond_i32(TCG_COND_LTU, QREG_CC_X, dest, src);
-set_cc_op(s, CC_OP_ADDL);
+set_cc_op(s, CC_OP_ADDB + opsize);
 } else {
 tcg_gen_setcond_i32(TCG_COND_LTU, QREG_CC_X, tmp, src);
 tcg_gen_sub_i32(dest, tmp, src);
-set_cc_op(s, CC_OP_SUBL);
+set_cc_op(s, CC_OP_SUBB + opsize);
 }
-gen_update_cc_add(dest, src, OS_LONG);
+gen_update_cc_add(dest, src, opsize);
 if (insn & 0x100) {
-DEST_EA(env, insn, OS_LONG, dest, );
+DEST_EA(env, insn, opsize, dest, );
 } else {
-tcg_gen_mov_i32(reg, dest);
+gen_partset_reg(opsize, DREG(insn, 9), dest);
 }
+tcg_temp_free(dest);
 }
 
-
 /* Reverse the order of the bits in REG.  */
 DISAS_INSN(bitrev)
 {
@@ -1889,40 +1891,48 @@ DISAS_INSN(jump)
 
 DISAS_INSN(addsubq)
 {
-TCGv src1;
-TCGv src2;
+TCGv src;
 TCGv dest;
-int val;
+TCGv val;
+int imm;
 TCGv addr;
+int opsize;
 
-SRC_EA(env, src1, OS_LONG, 0, );
-val = (insn >> 9) & 7;
-if (val == 0)
-val = 8;
+if ((insn & 070) == 010) {
+/* Operation on address register is always long.  */
+opsize = OS_LONG;
+} else {
+opsize = insn_opsize(insn);
+}
+SRC_EA(env, src, opsize, 1, );
+imm = (insn >> 9) & 7;
+if (imm == 0) {
+imm = 8;
+}
+val = tcg_const_i32(imm);
 dest = tcg_temp_new();
-tcg_gen_mov_i32(dest, src1);
+tcg_gen_mov_i32(dest, src);
 if ((insn & 0x38) == 0x08) {
 /* Don't update condition codes if the destination is an
address register.  */
 if (insn & 0x0100) {
-tcg_gen_subi_i32(dest, dest, val);
+tcg_gen_sub_i32(dest, dest, val);
 } else {
-tcg_gen_addi_i32(dest, dest, val);
+tcg_gen_add_i32(dest, dest, val);
 }
 } else {
-src2 = tcg_const_i32(val);
 if (insn & 0x0100) {
-tcg_gen_setcond_i32(TCG_COND_LTU, QREG_CC_X, dest, src2);
-tcg_gen_sub_i32(dest, dest, src2);
-set_cc_op(s, CC_OP_SUBL);
+tcg_gen_setcond_i32(TCG_COND_LTU, QREG_CC_X, dest, val);
+tcg_gen_sub_i32(dest, dest, val);
+set_cc_op(s, CC_OP_SUBB + opsize);
 } else {
-tcg_gen_add_i32(dest, dest, src2);
-tcg_gen_setcond_i32(TCG_COND_LTU, QREG_CC_X, dest, src2);
-set_cc_op(s, CC_OP_ADDL);
+tcg_gen_add_i32(dest, dest, val);
+tcg_gen_setcond_i32(TCG_COND_LTU, QREG_CC_X, dest, val);
+set_cc_op(s, CC_OP_ADDB + opsize);
 }
-gen_update_cc_add(dest, src2, OS_LONG);
+gen_update_cc_add(dest, val, opsize);
 }
-DEST_EA(env, insn, OS_LONG, dest, );
+DEST_EA(env, insn, opsize, dest, );
 }
 
 DISAS_INSN(tpf)
@@ -3336,15 +3346,12 @@ void register_m68k_insns (CPUM68KState *env)
 BASE(rts,   4e75, );
 INSN(movec, 4e7b, , CF_ISA_A);
 BASE(jump,  4e80, ffc0);
-INSN(jump,  4ec0, ffc0, CF_ISA_A);
-INSN(addsubq,   5180, f1c0, CF_ISA_A);
-INSN(jump,  4ec0, ffc0, M68000);
+BASE(jump,  4ec0, ffc0);
 INSN(addsubq,   5000, f080, M68000);
-INSN(addsubq,   5080, f0c0, M68000);
+BASE(addsubq,   5080, f0c0);
 INSN(scc,   50c0, f0f8, CF_ISA_A); /* Scc.B Dx   */
 INSN(scc,   50c0, f0c0, M68000);   /* Scc.B  */
 INSN(dbcc,  50c8, f0f8, M68000);
-INSN(addsubq,   5080, f1c0, CF_ISA_A);
 INSN(tpf,   51f8, fff8, CF_ISA_A);
 
 /* Branch instructions.  */
-- 
2.7.4

[Qemu-devel] [PATCH v2 14/17] target-m68k: add addressing modes to neg

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target-m68k/translate.c | 20 
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index aa09bd4..f7e6920 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -1631,16 +1631,20 @@ DISAS_INSN(move_from_ccr)
 
 DISAS_INSN(neg)
 {
-TCGv reg;
 TCGv src1;
+TCGv dest;
+TCGv addr;
+int opsize;
 
-reg = DREG(insn, 0);
-src1 = tcg_temp_new();
-tcg_gen_mov_i32(src1, reg);
-tcg_gen_neg_i32(reg, src1);
-gen_update_cc_add(reg, src1, OS_LONG);
-tcg_gen_setcondi_i32(TCG_COND_NE, QREG_CC_X, src1, 0);
-set_cc_op(s, CC_OP_SUBL);
+opsize = insn_opsize(insn);
+SRC_EA(env, src1, opsize, 1, );
+dest = tcg_temp_new();
+tcg_gen_neg_i32(dest, src1);
+set_cc_op(s, CC_OP_SUBB + opsize);
+gen_update_cc_add(dest, src1, opsize);
+tcg_gen_setcondi_i32(TCG_COND_NE, QREG_CC_X, dest, 0);
+DEST_EA(env, insn, opsize, dest, );
+tcg_temp_free(dest);
 }
 
 static void gen_set_sr_im(DisasContext *s, uint16_t val, int ccr_only)
-- 
2.7.4

[Qemu-devel] [PATCH v2 17/17] target-m68k: immediate ops manage word and byte operands

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target-m68k/translate.c | 57 ++---
 1 file changed, 35 insertions(+), 22 deletions(-)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index 57ac2e5..ee0ffe3 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -1461,52 +1461,65 @@ DISAS_INSN(bitop_im)
 DISAS_INSN(arith_im)
 {
 int op;
-uint32_t im;
+TCGv im;
 TCGv src1;
 TCGv dest;
 TCGv addr;
+int opsize;
 
 op = (insn >> 9) & 7;
-SRC_EA(env, src1, OS_LONG, 0, (op == 6) ? NULL : );
-im = read_im32(env, s);
+opsize = insn_opsize(insn);
+switch (opsize) {
+case OS_BYTE:
+im = tcg_const_i32((int8_t)read_im8(env, s));
+break;
+case OS_WORD:
+im = tcg_const_i32((int16_t)read_im16(env, s));
+break;
+case OS_LONG:
+im = tcg_const_i32(read_im32(env, s));
+break;
+default:
+   abort();
+}
+SRC_EA(env, src1, opsize, 1, (op == 6) ? NULL : );
 dest = tcg_temp_new();
 switch (op) {
 case 0: /* ori */
-tcg_gen_ori_i32(dest, src1, im);
-gen_logic_cc(s, dest, OS_LONG);
+tcg_gen_or_i32(dest, src1, im);
+gen_logic_cc(s, dest, opsize);
 break;
 case 1: /* andi */
-tcg_gen_andi_i32(dest, src1, im);
-gen_logic_cc(s, dest, OS_LONG);
+tcg_gen_and_i32(dest, src1, im);
+gen_logic_cc(s, dest, opsize);
 break;
 case 2: /* subi */
-tcg_gen_mov_i32(dest, src1);
-tcg_gen_setcondi_i32(TCG_COND_LTU, QREG_CC_X, dest, im);
-tcg_gen_subi_i32(dest, dest, im);
-gen_update_cc_add(dest, tcg_const_i32(im), OS_LONG);
-set_cc_op(s, CC_OP_SUBL);
+tcg_gen_setcond_i32(TCG_COND_LTU, QREG_CC_X, src1, im);
+tcg_gen_sub_i32(dest, src1, im);
+gen_update_cc_add(dest, im, opsize);
+set_cc_op(s, CC_OP_SUBB + opsize);
 break;
 case 3: /* addi */
-tcg_gen_mov_i32(dest, src1);
-tcg_gen_addi_i32(dest, dest, im);
-gen_update_cc_add(dest, tcg_const_i32(im), OS_LONG);
-tcg_gen_setcondi_i32(TCG_COND_LTU, QREG_CC_X, dest, im);
-set_cc_op(s, CC_OP_ADDL);
+tcg_gen_add_i32(dest, src1, im);
+gen_update_cc_add(dest, im, opsize);
+tcg_gen_setcond_i32(TCG_COND_LTU, QREG_CC_X, dest, im);
+set_cc_op(s, CC_OP_ADDB + opsize);
 break;
 case 5: /* eori */
-tcg_gen_xori_i32(dest, src1, im);
-gen_logic_cc(s, dest, OS_LONG);
+tcg_gen_xor_i32(dest, src1, im);
+gen_logic_cc(s, dest, opsize);
 break;
 case 6: /* cmpi */
-gen_update_cc_add(src1, tcg_const_i32(im), OS_LONG);
-set_cc_op(s, CC_OP_CMPL);
+gen_update_cc_cmp(s, src1, im, opsize);
 break;
 default:
 abort();
 }
+tcg_temp_free(im);
 if (op != 6) {
-DEST_EA(env, insn, OS_LONG, dest, );
+DEST_EA(env, insn, opsize, dest, );
 }
+tcg_temp_free(dest);
 }
 
 DISAS_INSN(byterev)
-- 
2.7.4

[Qemu-devel] [PATCH v2 16/17] target-m68k: cmp manages word and bytes operands

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target-m68k/translate.c | 17 +++--
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index 0448569..57ac2e5 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -582,6 +582,13 @@ static void gen_logic_cc(DisasContext *s, TCGv val, int 
opsize)
 set_cc_op(s, CC_OP_LOGIC);
 }
 
+static void gen_update_cc_cmp(DisasContext *s, TCGv dest, TCGv src, int opsize)
+{
+tcg_gen_mov_i32(QREG_CC_N, dest);
+tcg_gen_mov_i32(QREG_CC_V, src);
+set_cc_op(s, CC_OP_CMPB + opsize);
+}
+
 static void gen_update_cc_add(TCGv dest, TCGv src, int opsize)
 {
 gen_ext(QREG_CC_N, dest, opsize, 1);
@@ -2132,10 +2139,9 @@ DISAS_INSN(cmp)
 int opsize;
 
 opsize = insn_opsize(insn);
-SRC_EA(env, src, opsize, -1, NULL);
-reg = DREG(insn, 9);
-gen_update_cc_add(reg, src, OS_LONG);
-set_cc_op(s, CC_OP_CMPL);
+SRC_EA(env, src, opsize, 1, NULL);
+reg = gen_extend(DREG(insn, 9), opsize, 1);
+gen_update_cc_cmp(s, reg, src, opsize);
 }
 
 DISAS_INSN(cmpa)
@@ -2151,8 +2157,7 @@ DISAS_INSN(cmpa)
 }
 SRC_EA(env, src, opsize, 1, NULL);
 reg = AREG(insn, 9);
-gen_update_cc_add(reg, src, OS_LONG);
-set_cc_op(s, CC_OP_CMPL);
+gen_update_cc_cmp(s, reg, src, opsize);
 }
 
 DISAS_INSN(eor)
-- 
2.7.4

[Qemu-devel] [PATCH v2 10/17] target-m68k: and can manage word and byte operands

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target-m68k/translate.c | 16 ++--
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index a6aaf5e..3f7db83 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -2179,19 +2179,23 @@ DISAS_INSN(and)
 TCGv reg;
 TCGv dest;
 TCGv addr;
+int opsize;
 
-reg = DREG(insn, 9);
 dest = tcg_temp_new();
+
+opsize = insn_opsize(insn);
+reg = DREG(insn, 9);
 if (insn & 0x100) {
-SRC_EA(env, src, OS_LONG, 0, );
+SRC_EA(env, src, opsize, 0, );
 tcg_gen_and_i32(dest, src, reg);
-DEST_EA(env, insn, OS_LONG, dest, );
+DEST_EA(env, insn, opsize, dest, );
 } else {
-SRC_EA(env, src, OS_LONG, 0, NULL);
+SRC_EA(env, src, opsize, 0, NULL);
 tcg_gen_and_i32(dest, src, reg);
-tcg_gen_mov_i32(reg, dest);
+gen_partset_reg(opsize, reg, dest);
 }
-gen_logic_cc(s, dest, OS_LONG);
+tcg_temp_free(dest);
+gen_logic_cc(s, dest, opsize);
 }
 
 DISAS_INSN(adda)
-- 
2.7.4

[Qemu-devel] [PATCH v2 08/17] target-m68k: eor can manage word and byte operands

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target-m68k/translate.c | 13 +++--
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index 031f7eb..9734d05 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -2131,16 +2131,17 @@ DISAS_INSN(cmpa)
 DISAS_INSN(eor)
 {
 TCGv src;
-TCGv reg;
 TCGv dest;
 TCGv addr;
+int opsize;
 
-SRC_EA(env, src, OS_LONG, 0, );
-reg = DREG(insn, 9);
+opsize = insn_opsize(insn);
+
+SRC_EA(env, src, opsize, 0, );
 dest = tcg_temp_new();
-tcg_gen_xor_i32(dest, src, reg);
-gen_logic_cc(s, dest, OS_LONG);
-DEST_EA(env, insn, OS_LONG, dest, );
+tcg_gen_xor_i32(dest, src, DREG(insn, 9));
+gen_logic_cc(s, dest, opsize);
+DEST_EA(env, insn, opsize, dest, );
 }
 
 static void do_exg(TCGv reg1, TCGv reg2)
-- 
2.7.4

[Qemu-devel] [PATCH v2 01/17] target-m68k: add bkpt instruction

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
---
 target-m68k/translate.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index 6c6173a..a128b67 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -1639,6 +1639,11 @@ DISAS_INSN(swap)
 gen_logic_cc(s, reg, OS_LONG);
 }
 
+DISAS_INSN(bkpt)
+{
+gen_exception(s, s->pc - 2, EXCP_DEBUG);
+}
+
 DISAS_INSN(pea)
 {
 TCGv tmp;
@@ -3056,6 +3061,7 @@ void register_m68k_insns (CPUM68KState *env)
 INSN(move_to_sr, 46c0, ffc0, CF_ISA_A);
 BASE(pea,   4840, ffc0);
 BASE(swap,  4840, fff8);
+INSN(bkpt,  4848, fff8, BKPT);
 BASE(movem, 48c0, fbc0);
 BASE(ext,   4880, fff8);
 BASE(ext,   48c0, fff8);
-- 
2.7.4

[Qemu-devel] [PATCH v2 04/17] target-m68k: add addressing modes to scc

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
---
 target-m68k/translate.c | 40 
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index b407623..e595673 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -1008,25 +1008,6 @@ static void gen_jmpcc(DisasContext *s, int cond, 
TCGLabel *l1)
   free_cond();
 }
 
-DISAS_INSN(scc)
-{
-DisasCompare c;
-int cond;
-TCGv reg, tmp;
-
-cond = (insn >> 8) & 0xf;
-gen_cc_cond(, s, cond);
-
-tmp = tcg_temp_new();
-tcg_gen_setcond_i32(c.tcond, tmp, c.v1, c.v2);
-free_cond();
-
-reg = DREG(insn, 0);
-tcg_gen_neg_i32(tmp, tmp);
-tcg_gen_deposit_i32(reg, reg, tmp, 0, 8);
-tcg_temp_free(tmp);
-}
-
 /* Force a TB lookup after an instruction that changes the CPU state.  */
 static void gen_lookup_tb(DisasContext *s)
 {
@@ -1106,6 +1087,24 @@ static void gen_jmp_tb(DisasContext *s, int n, uint32_t 
dest)
 s->is_jmp = DISAS_TB_JUMP;
 }
 
+DISAS_INSN(scc)
+{
+DisasCompare c;
+int cond;
+TCGv tmp;
+
+cond = (insn >> 8) & 0xf;
+gen_cc_cond(, s, cond);
+
+tmp = tcg_temp_new();
+tcg_gen_setcond_i32(c.tcond, tmp, c.v1, c.v2);
+free_cond();
+
+tcg_gen_neg_i32(tmp, tmp);
+DEST_EA(env, insn, OS_BYTE, tmp, NULL);
+tcg_temp_free(tmp);
+}
+
 DISAS_INSN(undef_mac)
 {
 gen_exception(s, s->pc - 2, EXCP_LINEA);
@@ -3136,7 +3135,8 @@ void register_m68k_insns (CPUM68KState *env)
 INSN(jump,  4ec0, ffc0, M68000);
 INSN(addsubq,   5000, f080, M68000);
 INSN(addsubq,   5080, f0c0, M68000);
-INSN(scc,   50c0, f0f8, CF_ISA_A);
+INSN(scc,   50c0, f0f8, CF_ISA_A); /* Scc.B Dx   */
+INSN(scc,   50c0, f0c0, M68000);   /* Scc.B  */
 INSN(addsubq,   5080, f1c0, CF_ISA_A);
 INSN(tpf,   51f8, fff8, CF_ISA_A);
 
-- 
2.7.4

[Qemu-devel] [PATCH v2 03/17] target-m68k: add exg ops

[Laurent Vivier]

Suggested-by: Richard Henderson 
Signed-off-by: Laurent Vivier 
---
 target-m68k/translate.c | 30 ++
 1 file changed, 30 insertions(+)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index 0d3111d..b407623 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -2021,6 +2021,33 @@ DISAS_INSN(eor)
 DEST_EA(env, insn, OS_LONG, dest, );
 }
 
+static void do_exg(TCGv reg1, TCGv reg2)
+{
+TCGv temp = tcg_temp_new();
+tcg_gen_mov_i32(temp, reg1);
+tcg_gen_mov_i32(reg1, reg2);
+tcg_gen_mov_i32(reg2, temp);
+tcg_temp_free(temp);
+}
+
+DISAS_INSN(exg_aa)
+{
+/* exchange Dx and Dy */
+do_exg(DREG(insn, 9), DREG(insn, 0));
+}
+
+DISAS_INSN(exg_dd)
+{
+/* exchange Ax and Ay */
+do_exg(AREG(insn, 9), AREG(insn, 0));
+}
+
+DISAS_INSN(exg_da)
+{
+/* exchange Dx and Ay */
+do_exg(DREG(insn, 9), AREG(insn, 0));
+}
+
 DISAS_INSN(and)
 {
 TCGv src;
@@ -3154,6 +3181,9 @@ void register_m68k_insns (CPUM68KState *env)
 INSN(cmpa,  b0c0, f0c0, M68000);
 INSN(eor,   b180, f1c0, CF_ISA_A);
 BASE(and,   c000, f000);
+INSN(exg_dd,c140, f1f8, M68000);
+INSN(exg_aa,c148, f1f8, M68000);
+INSN(exg_da,c188, f1f8, M68000);
 BASE(mulw,  c0c0, f0c0);
 BASE(addsub,d000, f000);
 INSN(addx,  d180, f1f8, CF_ISA_A);
-- 
2.7.4

[Qemu-devel] [PATCH v2 13/17] target-m68k: introduce byte and word cc_ops

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target-m68k/cpu.h   |   6 +--
 target-m68k/helper.c|  25 ++---
 target-m68k/translate.c | 131 +++-
 3 files changed, 93 insertions(+), 69 deletions(-)

diff --git a/target-m68k/cpu.h b/target-m68k/cpu.h
index 48c5b81..6dfb54e 100644
--- a/target-m68k/cpu.h
+++ b/target-m68k/cpu.h
@@ -179,11 +179,11 @@ typedef enum {
 CC_OP_FLAGS,
 
 /* X in cc_x, C = X, N in cc_n, Z in cc_n, V via cc_n/cc_v.  */
-CC_OP_ADD,
-CC_OP_SUB,
+CC_OP_ADDB, CC_OP_ADDW, CC_OP_ADDL,
+CC_OP_SUBB, CC_OP_SUBW, CC_OP_SUBL,
 
 /* X in cc_x, {N,Z,C,V} via cc_n/cc_v.  */
-CC_OP_CMP,
+CC_OP_CMPB, CC_OP_CMPW, CC_OP_CMPL,
 
 /* X in cc_x, C = 0, V = 0, N in cc_n, Z in cc_n.  */
 CC_OP_LOGIC,
diff --git a/target-m68k/helper.c b/target-m68k/helper.c
index e838638..7aed9ff 100644
--- a/target-m68k/helper.c
+++ b/target-m68k/helper.c
@@ -584,32 +584,41 @@ void HELPER(mac_set_flags)(CPUM68KState *env, uint32_t 
acc)
 }
 }
 
+#define EXTSIGN(val, index) ( \
+(index == 0) ? (int8_t)(val) : ((index == 1) ? (int16_t)(val) : (val)) \
+)
 
 #define COMPUTE_CCR(op, x, n, z, v, c) {   \
 switch (op) {  \
 case CC_OP_FLAGS:  \
 /* Everything in place.  */\
 break; \
-case CC_OP_ADD:\
+case CC_OP_ADDB:   \
+case CC_OP_ADDW:   \
+case CC_OP_ADDL:   \
 res = n;   \
 src2 = v;  \
-src1 = res - src2; \
+src1 = EXTSIGN(res - src2, op - CC_OP_ADDB);   \
 c = x; \
 z = n; \
 v = (res ^ src1) & ~(src1 ^ src2); \
 break; \
-case CC_OP_SUB:\
+case CC_OP_SUBB:   \
+case CC_OP_SUBW:   \
+case CC_OP_SUBL:   \
 res = n;   \
 src2 = v;  \
-src1 = res + src2; \
+src1 = EXTSIGN(res + src2, op - CC_OP_SUBB);   \
 c = x; \
 z = n; \
 v = (res ^ src1) & (src1 ^ src2);  \
 break; \
-case CC_OP_CMP:\
+case CC_OP_CMPB:   \
+case CC_OP_CMPW:   \
+case CC_OP_CMPL:   \
 src1 = n;  \
 src2 = v;  \
-res = src1 - src2; \
+res = EXTSIGN(src1 - src2, op - CC_OP_CMPB);   \
 n = res;   \
 z = res;   \
 c = src1 < src2;   \
@@ -630,16 +639,16 @@ uint32_t cpu_m68k_get_ccr(CPUM68KState *env)
 uint32_t res, src1, src2;
 
 x = env->cc_x;
-c = env->cc_c;
 n = env->cc_n;
 z = env->cc_z;
 v = env->cc_v;
+c = env->cc_c;
 
 COMPUTE_CCR(env->cc_op, x, n, z, v, c);
 
 n = n >> 31;
-v = v >> 31;
 z = (z == 0);
+v = v >> 31;
 
 return x * CCF_X + n * CCF_N + z * CCF_Z + v * CCF_V + c * CCF_C;
 }
diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index cf9b228..aa09bd4 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -178,9 +178,9 @@ typedef void (*disas_proc)(CPUM68KState *env, DisasContext 
*s, 

[Qemu-devel] [PATCH v2 06/17] target-m68k: Inline addx, subx, negx

[Laurent Vivier]

From: Richard Henderson 

Signed-off-by: Richard Henderson 

And add opcodes for 680x0

Signed-off-by: Laurent Vivier 
---
 target-m68k/helper.c|  40 --
 target-m68k/helper.h|   2 -
 target-m68k/translate.c | 196 +++-
 3 files changed, 178 insertions(+), 60 deletions(-)

diff --git a/target-m68k/helper.c b/target-m68k/helper.c
index 094a7e5..e838638 100644
--- a/target-m68k/helper.c
+++ b/target-m68k/helper.c
@@ -277,46 +277,6 @@ uint32_t HELPER(sats)(uint32_t val, uint32_t v)
 return val;
 }
 
-uint32_t HELPER(subx_cc)(CPUM68KState *env, uint32_t op1, uint32_t op2)
-{
-uint32_t res, new_x;
-
-if (env->cc_x) {
-new_x = (op1 <= op2);
-res = op1 - (op2 + 1);
-} else {
-new_x = (op1 < op2);
-res = op1 - op2;
-}
-env->cc_x = new_x;
-env->cc_c = new_x;
-env->cc_n = res;
-env->cc_z |= res; /* !Z is sticky */
-env->cc_v = (res ^ op1) & (op1 ^ op2);
-
-return res;
-}
-
-uint32_t HELPER(addx_cc)(CPUM68KState *env, uint32_t op1, uint32_t op2)
-{
-uint32_t res, new_x;
-
-if (env->cc_x) {
-res = op1 + op2 + 1;
-new_x = (res <= op2);
-} else {
-res = op1 + op2;
-new_x = (res < op2);
-}
-env->cc_x = new_x;
-env->cc_c = new_x;
-env->cc_n = res;
-env->cc_z |= res; /* !Z is sticky.  */
-env->cc_v = (res ^ op1) & ~(op1 ^ op2);
-
-return res;
-}
-
 void HELPER(set_sr)(CPUM68KState *env, uint32_t val)
 {
 env->sr = val & 0xffe0;
diff --git a/target-m68k/helper.h b/target-m68k/helper.h
index c868148..2697e32 100644
--- a/target-m68k/helper.h
+++ b/target-m68k/helper.h
@@ -3,8 +3,6 @@ DEF_HELPER_1(ff1, i32, i32)
 DEF_HELPER_FLAGS_2(sats, TCG_CALL_NO_RWG_SE, i32, i32, i32)
 DEF_HELPER_2(divu, void, env, i32)
 DEF_HELPER_2(divs, void, env, i32)
-DEF_HELPER_3(addx_cc, i32, env, i32, i32)
-DEF_HELPER_3(subx_cc, i32, env, i32, i32)
 DEF_HELPER_3(shl_cc, i32, env, i32, i32)
 DEF_HELPER_3(shr_cc, i32, env, i32, i32)
 DEF_HELPER_3(sar_cc, i32, env, i32, i32)
diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index 1836a22..fd6631d 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -1536,11 +1536,44 @@ DISAS_INSN(move)
 
 DISAS_INSN(negx)
 {
-TCGv reg;
+TCGv z;
+TCGv src;
+TCGv addr;
+int opsize;
 
-gen_flush_flags(s);
-reg = DREG(insn, 0);
-gen_helper_subx_cc(reg, cpu_env, tcg_const_i32(0), reg);
+opsize = insn_opsize(insn);
+SRC_EA(env, src, opsize, 1, );
+
+gen_flush_flags(s); /* compute old Z */
+
+/* Perform substract with borrow.
+ * (X, N) =  -(src + X);
+ */
+
+z = tcg_const_i32(0);
+tcg_gen_add2_i32(QREG_CC_N, QREG_CC_X, src, z, QREG_CC_X, z);
+tcg_gen_sub2_i32(QREG_CC_N, QREG_CC_X, z, z, QREG_CC_N, QREG_CC_X);
+tcg_temp_free(z);
+gen_ext(QREG_CC_N, QREG_CC_N, opsize, 1);
+
+tcg_gen_andi_i32(QREG_CC_X, QREG_CC_X, 1);
+
+/* Compute signed-overflow for negation.  The normal formula for
+ * subtraction is (res ^ src) & (src ^ dest), but with dest==0
+ * this simplies to res & src.
+ */
+
+tcg_gen_and_i32(QREG_CC_V, QREG_CC_N, src);
+
+/* Copy the rest of the results into place.  */
+tcg_gen_or_i32(QREG_CC_Z, QREG_CC_Z, QREG_CC_N); /* !Z is sticky */
+tcg_gen_mov_i32(QREG_CC_C, QREG_CC_X);
+
+set_cc_op(s, CC_OP_FLAGS);
+
+/* result is in QREG_CC_N */
+
+DEST_EA(env, insn, opsize, QREG_CC_N, );
 }
 
 DISAS_INSN(lea)
@@ -1975,15 +2008,75 @@ DISAS_INSN(suba)
 tcg_gen_sub_i32(reg, reg, src);
 }
 
-DISAS_INSN(subx)
+static inline void gen_subx(DisasContext *s, TCGv src, TCGv dest, int opsize)
 {
-TCGv reg;
+TCGv tmp;
+
+gen_flush_flags(s); /* compute old Z */
+
+/* Perform substract with borrow.
+ * (X, N) = dest - (src + X);
+ */
+
+tmp = tcg_const_i32(0);
+tcg_gen_add2_i32(QREG_CC_N, QREG_CC_X, src, tmp, QREG_CC_X, tmp);
+tcg_gen_sub2_i32(QREG_CC_N, QREG_CC_X, dest, tmp, QREG_CC_N, QREG_CC_X);
+gen_ext(QREG_CC_N, QREG_CC_N, opsize, 1);
+tcg_gen_andi_i32(QREG_CC_X, QREG_CC_X, 1);
+
+/* Compute signed-overflow for substract.  */
+
+tcg_gen_xor_i32(QREG_CC_V, QREG_CC_N, dest);
+tcg_gen_xor_i32(tmp, dest, src);
+tcg_gen_and_i32(QREG_CC_V, QREG_CC_V, tmp);
+tcg_temp_free(tmp);
+
+/* Copy the rest of the results into place.  */
+tcg_gen_or_i32(QREG_CC_Z, QREG_CC_Z, QREG_CC_N); /* !Z is sticky */
+tcg_gen_mov_i32(QREG_CC_C, QREG_CC_X);
+
+set_cc_op(s, CC_OP_FLAGS);
+
+/* result is in QREG_CC_N */
+}
+
+DISAS_INSN(subx_reg)
+{
+TCGv dest;
 TCGv src;
+int opsize;
 
-gen_flush_flags(s);
-reg = DREG(insn, 9);
-src = DREG(insn, 0);
-gen_helper_subx_cc(reg, cpu_env, reg, src);
+opsize = insn_opsize(insn);
+
+src = gen_extend(DREG(insn, 0), opsize, 1);
+dest = gen_extend(DREG(insn, 9), opsize, 1);
+
+

[Qemu-devel] [PATCH v2 12/17] target-m68k: some bit ops cleanup

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target-m68k/translate.c | 34 +++---
 1 file changed, 15 insertions(+), 19 deletions(-)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index b82ebf3..cf9b228 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -1290,39 +1290,36 @@ DISAS_INSN(bitop_reg)
 else
 opsize = OS_LONG;
 op = (insn >> 6) & 3;
-
-gen_flush_flags(s);
-
 SRC_EA(env, src1, opsize, 0, op ? : NULL);
-src2 = DREG(insn, 9);
-dest = tcg_temp_new();
 
-tmp = tcg_temp_new();
+gen_flush_flags(s);
+src2 = tcg_temp_new();
 if (opsize == OS_BYTE)
-tcg_gen_andi_i32(tmp, src2, 7);
+tcg_gen_andi_i32(src2, DREG(insn, 9), 7);
 else
-tcg_gen_andi_i32(tmp, src2, 31);
+tcg_gen_andi_i32(src2, DREG(insn, 9), 31);
 
-src2 = tcg_const_i32(1);
-tcg_gen_shl_i32(src2, src2, tmp);
-tcg_temp_free(tmp);
+tmp = tcg_const_i32(1);
+tcg_gen_shl_i32(tmp, tmp, src2);
+tcg_temp_free(src2);
 
-tcg_gen_and_i32(QREG_CC_Z, src1, src2);
+tcg_gen_and_i32(QREG_CC_Z, src1, tmp);
 
+dest = tcg_temp_new();
 switch (op) {
 case 1: /* bchg */
-tcg_gen_xor_i32(dest, src1, src2);
+tcg_gen_xor_i32(dest, src1, tmp);
 break;
 case 2: /* bclr */
-tcg_gen_andc_i32(dest, src1, src2);
+tcg_gen_andc_i32(dest, src1, tmp);
 break;
 case 3: /* bset */
-tcg_gen_or_i32(dest, src1, src2);
+tcg_gen_or_i32(dest, src1, tmp);
 break;
 default: /* btst */
 break;
 }
-tcg_temp_free(src2);
+tcg_temp_free(tmp);
 if (op) {
 DEST_EA(env, insn, opsize, dest, );
 }
@@ -1406,17 +1403,16 @@ DISAS_INSN(bitop_im)
 return;
 }
 
-gen_flush_flags(s);
-
 SRC_EA(env, src1, opsize, 0, op ? : NULL);
 
+gen_flush_flags(s);
 if (opsize == OS_BYTE)
 bitnum &= 7;
 else
 bitnum &= 31;
 mask = 1 << bitnum;
 
-tcg_gen_andi_i32(QREG_CC_Z, src1, mask);
+   tcg_gen_andi_i32(QREG_CC_Z, src1, mask);
 
 if (op) {
 tmp = tcg_temp_new();
-- 
2.7.4

[Qemu-devel] [PATCH v2 11/17] target-m68k: suba/adda can manage word operand

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target-m68k/translate.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index 3f7db83..b82ebf3 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -2011,7 +2011,7 @@ DISAS_INSN(suba)
 TCGv src;
 TCGv reg;
 
-SRC_EA(env, src, OS_LONG, 0, NULL);
+SRC_EA(env, src, (insn & 0x100) ? OS_LONG : OS_WORD, 1, NULL);
 reg = AREG(insn, 9);
 tcg_gen_sub_i32(reg, reg, src);
 }
@@ -2203,7 +2203,7 @@ DISAS_INSN(adda)
 TCGv src;
 TCGv reg;
 
-SRC_EA(env, src, OS_LONG, 0, NULL);
+SRC_EA(env, src, (insn & 0x100) ? OS_LONG : OS_WORD, 1, NULL);
 reg = AREG(insn, 9);
 tcg_gen_add_i32(reg, reg, src);
 }
@@ -3351,6 +3351,7 @@ void register_m68k_insns (CPUM68KState *env)
 INSN(subx_reg,  9100, f138, M68000);
 INSN(subx_mem,  9108, f138, M68000);
 INSN(suba,  91c0, f1c0, CF_ISA_A);
+INSN(suba,  90c0, f0c0, M68000);
 
 BASE(undef_mac, a000, f000);
 INSN(mac,   a000, f100, CF_EMAC);
-- 
2.7.4

[Qemu-devel] [PATCH v2 02/17] target-m68k: add linkl

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target-m68k/translate.c | 26 +-
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index a128b67..0d3111d 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -1733,21 +1733,36 @@ DISAS_INSN(mull)
 gen_logic_cc(s, dest, OS_LONG);
 }
 
-DISAS_INSN(link)
+static void gen_link(DisasContext *s, uint16_t insn, int32_t offset)
 {
-int16_t offset;
 TCGv reg;
 TCGv tmp;
 
-offset = cpu_ldsw_code(env, s->pc);
-s->pc += 2;
 reg = AREG(insn, 0);
 tmp = tcg_temp_new();
 tcg_gen_subi_i32(tmp, QREG_SP, 4);
 gen_store(s, OS_LONG, tmp, reg);
-if ((insn & 7) != 7)
+if ((insn & 7) != 7) {
 tcg_gen_mov_i32(reg, tmp);
+}
 tcg_gen_addi_i32(QREG_SP, tmp, offset);
+tcg_temp_free(tmp);
+}
+
+DISAS_INSN(link)
+{
+int16_t offset;
+
+offset = read_im16(env, s);
+gen_link(s, insn, offset);
+}
+
+DISAS_INSN(linkl)
+{
+int32_t offset;
+
+offset = read_im32(env, s);
+gen_link(s, insn, offset);
 }
 
 DISAS_INSN(unlk)
@@ -3059,6 +3074,7 @@ void register_m68k_insns (CPUM68KState *env)
 INSN(not,   4600, ff00, M68000);
 INSN(undef, 46c0, ffc0, M68000);
 INSN(move_to_sr, 46c0, ffc0, CF_ISA_A);
+INSN(linkl, 4808, fff8, M68000);
 BASE(pea,   4840, ffc0);
 BASE(swap,  4840, fff8);
 INSN(bkpt,  4848, fff8, BKPT);
-- 
2.7.4

[Qemu-devel] [PATCH v2 09/17] target-m68k: or can manage word and byte operands

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target-m68k/translate.c | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index 9734d05..a6aaf5e 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -1989,19 +1989,21 @@ DISAS_INSN(or)
 TCGv dest;
 TCGv src;
 TCGv addr;
+int opsize;
 
-reg = DREG(insn, 9);
+opsize = insn_opsize(insn);
+reg = gen_extend(DREG(insn, 9), opsize, 0);
 dest = tcg_temp_new();
 if (insn & 0x100) {
-SRC_EA(env, src, OS_LONG, 0, );
+SRC_EA(env, src, opsize, 0, );
 tcg_gen_or_i32(dest, src, reg);
-DEST_EA(env, insn, OS_LONG, dest, );
+DEST_EA(env, insn, opsize, dest, );
 } else {
-SRC_EA(env, src, OS_LONG, 0, NULL);
+SRC_EA(env, src, opsize, 0, NULL);
 tcg_gen_or_i32(dest, src, reg);
-tcg_gen_mov_i32(reg, dest);
+gen_partset_reg(opsize, DREG(insn, 9), dest);
 }
-gen_logic_cc(s, dest, OS_LONG);
+gen_logic_cc(s, dest, opsize);
 }
 
 DISAS_INSN(suba)
-- 
2.7.4

[Qemu-devel] [PATCH v2 05/17] target-m68k: add dbcc

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
---
 target-m68k/translate.c | 25 +
 1 file changed, 25 insertions(+)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index e595673..1836a22 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -1105,6 +1105,30 @@ DISAS_INSN(scc)
 tcg_temp_free(tmp);
 }
 
+DISAS_INSN(dbcc)
+{
+TCGLabel *l1;
+TCGv reg;
+TCGv tmp;
+int16_t offset;
+uint32_t base;
+
+reg = DREG(insn, 0);
+base = s->pc;
+offset = (int16_t)read_im16(env, s);
+l1 = gen_new_label();
+gen_jmpcc(s, (insn >> 8) & 0xf, l1);
+
+tmp = tcg_temp_new();
+tcg_gen_ext16s_i32(tmp, reg);
+tcg_gen_addi_i32(tmp, tmp, -1);
+gen_partset_reg(OS_WORD, reg, tmp);
+tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, -1, l1);
+gen_jmp_tb(s, 1, base + offset);
+gen_set_label(l1);
+gen_jmp_tb(s, 0, s->pc);
+}
+
 DISAS_INSN(undef_mac)
 {
 gen_exception(s, s->pc - 2, EXCP_LINEA);
@@ -3137,6 +3161,7 @@ void register_m68k_insns (CPUM68KState *env)
 INSN(addsubq,   5080, f0c0, M68000);
 INSN(scc,   50c0, f0f8, CF_ISA_A); /* Scc.B Dx   */
 INSN(scc,   50c0, f0c0, M68000);   /* Scc.B  */
+INSN(dbcc,  50c8, f0f8, M68000);
 INSN(addsubq,   5080, f1c0, CF_ISA_A);
 INSN(tpf,   51f8, fff8, CF_ISA_A);
 
-- 
2.7.4

[Qemu-devel] [PATCH v2 07/17] target-m68k: add addressing modes to not

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target-m68k/translate.c | 14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index fd6631d..031f7eb 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -1673,11 +1673,17 @@ DISAS_INSN(move_to_ccr)
 
 DISAS_INSN(not)
 {
-TCGv reg;
+TCGv src1;
+TCGv dest;
+TCGv addr;
+int opsize;
 
-reg = DREG(insn, 0);
-tcg_gen_not_i32(reg, reg);
-gen_logic_cc(s, reg, OS_LONG);
+opsize = insn_opsize(insn);
+SRC_EA(env, src1, opsize, 1, );
+dest = tcg_temp_new();
+tcg_gen_not_i32(dest, src1);
+DEST_EA(env, insn, opsize, dest, );
+gen_logic_cc(s, dest, opsize);
 }
 
 DISAS_INSN(swap)
-- 
2.7.4

[Qemu-devel] [PATCH v2 00/17] 680x0 instruction set, part 1

[Laurent Vivier]

This series is another subset of the series I sent in May:
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg00501.html

It must be applied on top of series:
"target-m68k: prepare to introduce 680x0 instruction set"

This subset contains:
- all the patches reviewed by Richard that needed no modification
- some patches where the fix was easy
- I've merged patches inlining addx/subx/negx and introducing their
  opcodes for 680x0.

This subset introduces:
- new instructions: bkpt, linkl, exg, dbCC
- new operand size (byte and word) for some instructions:
  or, eor, and, add, sub, cmp, and instruciont with immediate data
- add addressing modes to: not, neg, adda, suba
- remove helpers for: addx, subx, negx

I've checked it doesn't break coldfire support:
http://wiki.qemu.org/download/coldfire-test-0.1.tar.bz2
but it can't boot a 680x0 processor kernel.

v2:
- split exg in exg_aa, exg_dd, exg_da
- split dbcc/scc patch
- add missing Richard's S-o-b in patch "Inline addx, subx, negx"
- Add Richard's R-b in patch "introduce byte and word cc_ops"

Laurent Vivier (16):
  target-m68k: add bkpt instruction
  target-m68k: add linkl
  target-m68k: add exg ops
  target-m68k: add addressing modes to scc
  target-m68k: add dbcc
  target-m68k: add addressing modes to not
  target-m68k: eor can manage word and byte operands
  target-m68k: or can manage word and byte operands
  target-m68k: and can manage word and byte operands
  target-m68k: suba/adda can manage word operand
  target-m68k: some bit ops cleanup
  target-m68k: introduce byte and word cc_ops
  target-m68k: add addressing modes to neg
  target-m68k: add/sub manage word and byte operands
  target-m68k: cmp manages word and bytes operands
  target-m68k: immediate ops manage word and byte operands

Richard Henderson (1):
  target-m68k: Inline addx, subx, negx

 target-m68k/cpu.h   |   6 +-
 target-m68k/helper.c|  65 ++---
 target-m68k/helper.h|   2 -
 target-m68k/translate.c | 679 ++--
 4 files changed, 505 insertions(+), 247 deletions(-)

-- 
2.7.4

Re: [Qemu-devel] [RESEND PATCH v3 kernel 0/7] Extend virtio-balloon for fast (de)inflating & fast live migration

[Li, Liang Z]

> Cc: linux-ker...@vger.kernel.org; virtualizat...@lists.linux-foundation.org;
> linux...@kvack.org; virtio-...@lists.oasis-open.org; k...@vger.kernel.org;
> qemu-devel@nongnu.org; quint...@redhat.com; dgilb...@redhat.com;
> pbonz...@redhat.com; cornelia.h...@de.ibm.com; amit.s...@redhat.com
> Subject: Re: [RESEND PATCH v3 kernel 0/7] Extend virtio-balloon for fast
> (de)inflating & fast live migration
> 
> On 10/26/2016 03:13 AM, Li, Liang Z wrote:
> > 3 times memory required is not accurate, please ignore this. sorry ...
> > The complexity is the point.
> 
> What is making it so complex?  Can you describe the problems?

I plan to complete it first and send out the patch set,  then discuss if it 
worth.  I need some time.

Thanks!
Liang

Re: [Qemu-devel] [PATCH v3] char: cadence: check baud rate generator and divider values

[Peter Maydell]

On 26 October 2016 at 22:22, P J P  wrote:
> From: Prasad J Pandit 
>
> The Cadence UART device emulator calculates speed by dividing the
> baud rate by a 'baud rate generator' & 'baud rate divider' value.
> The device specification defines these register values to be
> non-zero and within certain limits. Add checks for these limits
> to avoid errors like divide by zero.
>
> Reported-by: Huawei PSIRT 
> Signed-off-by: Prasad J Pandit 
> ---
>  hw/char/cadence_uart.c | 17 +
>  1 file changed, 17 insertions(+)
>
> Update: mask R_BRGR and R_BDIV register values with 0x and 0xff resp.
>   -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg06206.html
>   -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg06215.html
>
> diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
> index e3bc52f..5341d81 100644
> --- a/hw/char/cadence_uart.c
> +++ b/hw/char/cadence_uart.c
> @@ -1,5 +1,10 @@
>  /*
>   * Device model for Cadence UART
> + *   -> 
> http://www.xilinx.com/support/documentation/user_guides/ug585-Zynq-7000-TRM.pdf
> + *
> + * Reference: Xilinx Zynq 7000 reference manual
> + *   - Chapter 19 UART Controller
> + *   - Appendix B for Register details
>   *
>   * Copyright (c) 2010 Xilinx Inc.
>   * Copyright (c) 2012 Peter A.G. Crosthwaite 
> (peter.crosthwa...@petalogix.com)
> @@ -410,6 +415,18 @@ static void uart_write(void *opaque, hwaddr offset,
>  break;
>  }
>  break;
> +case R_BRGR: /* Baud rate generator */
> +s->r[offset] = 0x028B; /* default reset value */
> +if (value >= 0x01) {
> +s->r[offset] = value & 0x;
> +}
> +break;
> +case R_BDIV:/* Baud rate divider */
> +s->r[offset] = 0x0F;
> +if (value >= 0x04) {
> +s->r[offset] = value & 0xFF;
> +}
> +break;
>  default:
>  s->r[offset] = value;
>  }

You're relying on the register values never being
invalid to avoid the divide by zero, which means
you need to check them post-migration too.

thanks
-- PMM

[Qemu-devel] [Bug 1623276] Re: qemu 2.7 / iPXE crash

[Laszlo Ersek (Red Hat)]

Some more reports on ipxe-devel:

http://lists.ipxe.org/pipermail/ipxe-devel/2016-October/005203.html
http://lists.ipxe.org/pipermail/ipxe-devel/2016-October/005210.html

Radim just posted the KVM feature patches:

[PATCH 0/2] KVM: x86: emulate fxsave and fxrstor
https://www.spinics.net/lists/kernel/msg2370327.html

I thought suppressing the regression within iPXE proper could be helpful
in the interim:

[ipxe-devel] [PATCH 0/2] mask lack of KVM's FXSAVE/FXRSTOR emulation in the 
QEMU build
http://lists.ipxe.org/pipermail/ipxe-devel/2016-October/005221.html

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1623276

Title:
  qemu 2.7 / iPXE crash

Status in QEMU:
  New

Bug description:
  I am running Arch linux

  vanilla 4.7.2 kernel
  qemu 2.7
  libvirt 2.2.0
  virt-manager 1.4.0

  
  Since the upgrade from qemu 2.6.1 to 2.7 a few days ago. I'm no longer
  able to PXE boot at all. Everything else appears to function normally.
  Non PXE booting and everything else is perfect. Obviously have
  restarted everying etc. Have tried the various network drivers also.

  This occurs on domains created with 2.6.1 or with 2.7

  When I choose PXE boot, the machine moves to a paused state (crashed)
  immediately after the 'starting PXE rom execution...' message appears.

  Reverting to qemu 2.6.1 package corrects the issue.

  The qemu.log snippet follows below.

  I'm not sure how to troubleshoot this problem to determine if it's a
  packaging error by the distribution or a problem with qemu/kvm/kernel?

  Any help would be much appreciated - Thanks,
  Greg

  --- qemu.log:

  
  2016-09-12 16:36:33.867+: starting up libvirt version: 2.2.0, qemu
  version: 2.7.0, hostname: seneca
  LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
  QEMU_AUDIO_DRV=spice /usr/sbin/qemu-system-x86_64 -name guest=c,debug-
  threads=on -S -object
  secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-6-
  c/master-key.aes -machine pc-i440fx-2.7,accel=kvm,usb=off,vmport=off
  -cpu Nehalem -m 2048 -realtime mlock=off -smp
  1,sockets=1,cores=1,threads=1 -uuid 348009be-26d5-4dc7-b515-
  e8b45f5117ac -no-user-config -nodefaults -chardev
  socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-6-
  c/monitor.sock,server,nowait -mon
  chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew
  -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -global
  PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot
  menu=on,strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x6.0x7
  -device ich9-usb-
  uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x6
  -device ich9-usb-
  uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x6.0x1 -device ich9-
  usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x6.0x2 -device
  virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive
  file=/var/lib/libvirt/images/c.qcow2,format=qcow2,if=none,id=drive-
  virtio-disk0 -device virtio-blk-
  pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-
  disk0,bootindex=1 -netdev tap,fd=28,id=hostnet0 -device
  rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:a0:95:7c,bus=pci.0,addr=0x
  3 -chardev pty,id=charserial0 -device isa-
  serial,chardev=charserial0,id=serial0 -chardev
  socket,id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/domain
  -6-c/org.qemu.guest_agent.0,server,nowait -device
  virtserialport,bus=virtio-
  serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_age
  nt.0 -chardev spicevmc,id=charchannel1,name=vdagent -device
  virtserialport,bus=virtio-
  serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0
  -device usb-tablet,id=input0,bus=usb.0,port=1 -spice
  port=5901,addr=127.0.0.1,disable-ticketing,image-
  compression=off,seamless-migration=on -device qxl-
  vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vga
  mem_mb=16,max_outputs=1,bus=pci.0,addr=0x2 -device intel-
  hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-
  codec0,bus=sound0.0,cad=0 -chardev spicevmc,id=charredir0,name=usbredir
  -device usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=2
  -chardev spicevmc,id=charredir1,name=usbredir -device usb-
  redir,chardev=charredir1,id=redir1,bus=usb.0,port=3 -device virtio-
  balloon-pci,id=balloon0,bus=pci.0,addr=0x8 -msg timestamp=on
  char device redirected to /dev/pts/0 (label charserial0)
  main_channel_link: add main channel client
  red_dispatcher_set_cursor_peer: 
  inputs_connect: inputs channel client create
  KVM internal error. Suberror: 1
  emulation failure
  EAX=801a8d00 EBX=00a0 ECX=2e20 EDX=0009d5e8
  ESI=7ffa3c00 EDI=7fef4000 EBP= ESP=7b92
  EIP=06ab EFL=0087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
  ES =   00c09300
  CS =9c4c 0009c4c0  00809b00
  SS =   00809300
  DS =9cd0 

Re: [Qemu-devel] [PATCH 12/16] target-m68k: introduce byte and word cc_ops

[Richard Henderson]

On 10/26/2016 09:36 AM, Laurent Vivier wrote:

Signed-off-by: Laurent Vivier 
---
 target-m68k/cpu.h   |   6 +--
 target-m68k/helper.c|  25 ++---
 target-m68k/translate.c | 131 +++-
 3 files changed, 93 insertions(+), 69 deletions(-)


Reviewed-by: Richard Henderson 


r~

[Qemu-devel] [PATCH] 9pfs: xattrcreate requires non-opened fids

[Greg Kurz]

The xattrcreate operation only makes sense on a freshly cloned fid
actually, since any open state would be leaked because of the fid_type
change. This is indeed what the linux kernel client does:

fid = clone_fid(fid);
[...]
retval = p9_client_xattrcreate(fid, name, value_len, flags);

This patch also reverts commit ff55e94d23ae since we are sure that a fid
with type P9_FID_NONE doesn't have a previously allocated xattr.

Signed-off-by: Greg Kurz 
---
 hw/9pfs/9p.c |7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 27af0072599a..547f3b558079 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3272,6 +3272,11 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque)
 err = -EINVAL;
 goto out_nofid;
 }
+if (file_fidp->fid_type != P9_FID_NONE) {
+err = -EINVAL;
+goto out_put_fid;
+}
+
 /* Make the file fid point to xattr */
 xattr_fidp = file_fidp;
 xattr_fidp->fid_type = P9_FID_XATTR;
@@ -3281,9 +3286,9 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque)
 xattr_fidp->fs.xattr.flags = flags;
 v9fs_string_init(_fidp->fs.xattr.name);
 v9fs_string_copy(_fidp->fs.xattr.name, );
-g_free(xattr_fidp->fs.xattr.value);
 xattr_fidp->fs.xattr.value = g_malloc0(size);
 err = offset;
+out_put_fid:
 put_fid(pdu, file_fidp);
 out_nofid:
 pdu_complete(pdu, err);

[Qemu-devel] [PATCH v2] block/vxhs: Add Veritas HyperScale VxHS block device support

[Ashish Mittal]

This patch adds support for a new block device type called "vxhs".
Source code for the library that this code loads can be downloaded from:
https://github.com/MittalAshish/libqnio.git

Sample command line using JSON syntax:
./qemu-system-x86_64 -name instance-0008 -S -vnc 0.0.0.0:0 -k en-us -vga 
cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 -msg 
timestamp=on 
'json:{"driver":"vxhs","vdisk_id":"{c3e9095a-a5ee-4dce-afeb-2a59fb387410}","server":[{"host":"172.172.17.4","port":""}]}'

Sample command line using URI syntax:
qemu-img convert -f raw -O raw -n 
/var/lib/nova/instances/_base/0c5eacd5ebea5ed914b6a3e7b18f1ce734c386ad 
vxhs://192.168.0.1:/%7Bc6718f6b-0401-441d-a8c3-1f0064d75ee0%7D

Signed-off-by: Ashish Mittal 
---
v2 changelog:
(1) Changes done in response to v1 comments.

 block/Makefile.objs |   2 +
 block/trace-events  |  22 ++
 block/vxhs.c| 682 
 configure   |  41 
 4 files changed, 747 insertions(+)
 create mode 100644 block/vxhs.c

diff --git a/block/Makefile.objs b/block/Makefile.objs
index 67a036a..58313a2 100644
--- a/block/Makefile.objs
+++ b/block/Makefile.objs
@@ -18,6 +18,7 @@ block-obj-$(CONFIG_LIBNFS) += nfs.o
 block-obj-$(CONFIG_CURL) += curl.o
 block-obj-$(CONFIG_RBD) += rbd.o
 block-obj-$(CONFIG_GLUSTERFS) += gluster.o
+block-obj-$(CONFIG_VXHS) += vxhs.o
 block-obj-$(CONFIG_ARCHIPELAGO) += archipelago.o
 block-obj-$(CONFIG_LIBSSH2) += ssh.o
 block-obj-y += accounting.o dirty-bitmap.o
@@ -38,6 +39,7 @@ rbd.o-cflags   := $(RBD_CFLAGS)
 rbd.o-libs := $(RBD_LIBS)
 gluster.o-cflags   := $(GLUSTERFS_CFLAGS)
 gluster.o-libs := $(GLUSTERFS_LIBS)
+vxhs.o-libs:= $(VXHS_LIBS)
 ssh.o-cflags   := $(LIBSSH2_CFLAGS)
 ssh.o-libs := $(LIBSSH2_LIBS)
 archipelago.o-libs := $(ARCHIPELAGO_LIBS)
diff --git a/block/trace-events b/block/trace-events
index 05fa13c..aea97cb 100644
--- a/block/trace-events
+++ b/block/trace-events
@@ -114,3 +114,25 @@ qed_aio_write_data(void *s, void *acb, int ret, uint64_t 
offset, size_t len) "s
 qed_aio_write_prefill(void *s, void *acb, uint64_t start, size_t len, uint64_t 
offset) "s %p acb %p start %"PRIu64" len %zu offset %"PRIu64
 qed_aio_write_postfill(void *s, void *acb, uint64_t start, size_t len, 
uint64_t offset) "s %p acb %p start %"PRIu64" len %zu offset %"PRIu64
 qed_aio_write_main(void *s, void *acb, int ret, uint64_t offset, size_t len) 
"s %p acb %p ret %d offset %"PRIu64" len %zu"
+
+# block/vxhs.c
+vxhs_iio_callback(int error, int reason) "ctx is NULL: error %d, reason %d"
+vxhs_setup_qnio(void *s) "Context to HyperScale IO manager = %p"
+vxhs_iio_callback_chnfail(int err, int error) "QNIO channel failed, no i/o %d, 
%d"
+vxhs_iio_callback_unknwn(int opcode, int err) "unexpected opcode %d, errno %d"
+vxhs_open_fail(int ret) "Could not open the device. Error = %d"
+vxhs_open_epipe(int ret) "Could not create a pipe for device. Bailing out. 
Error=%d"
+vxhs_aio_rw_invalid(int req) "Invalid I/O request iodir %d"
+vxhs_aio_rw_ioerr(char *guid, int iodir, uint64_t size, uint64_t off, void 
*acb, int ret, int err) "IO ERROR (vDisk %s) FOR : Read/Write = %d size = %lu 
offset = %lu ACB = %p. Error = %d, errno = %d"
+vxhs_get_vdisk_stat_err(char *guid, int ret, int err) "vDisk (%s) stat ioctl 
failed, ret = %d, errno = %d"
+vxhs_get_vdisk_stat(char *vdisk_guid, uint64_t vdisk_size) "vDisk %s stat 
ioctl returned size %lu"
+vxhs_qnio_iio_open(const char *ip) "Failed to connect to storage agent on 
host-ip %s"
+vxhs_qnio_iio_devopen(const char *fname) "Failed to open vdisk device: %s"
+vxhs_complete_aio(void *acb, uint64_t ret) "aio failed acb %p ret %ld"
+vxhs_parse_uri_filename(const char *filename) "URI passed via 
bdrv_parse_filename %s"
+vxhs_qemu_init_vdisk(const char *vdisk_id) "vdisk_id from json %s"
+vxhs_qemu_init_numservers(int num_servers) "Number of servers passed = %d"
+vxhs_parse_uri_hostinfo(int num, char *host, int port) "Host %d: IP %s, Port 
%d"
+vxhs_qemu_init(char *of_vsa_addr, int port) "Adding host %s:%d to 
BDRVVXHSState"
+vxhs_qemu_init_filename(const char *filename) "Filename passed as %s"
+vxhs_close(char *vdisk_guid) "Closing vdisk %s"
diff --git a/block/vxhs.c b/block/vxhs.c
new file mode 100644
index 000..0facb33
--- /dev/null
+++ b/block/vxhs.c
@@ -0,0 +1,682 @@
+/*
+ * QEMU Block driver for Veritas HyperScale (VxHS)
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "block/block_int.h"
+#include 
+#include "qapi/qmp/qerror.h"
+#include "qapi/qmp/qdict.h"
+#include "qapi/qmp/qstring.h"
+#include "trace.h"
+#include "qemu/uri.h"
+#include "qapi/error.h"
+#include "qemu/error-report.h"
+
+#define VDISK_FD_READ   0
+#define VDISK_FD_WRITE  1
+
+#define VXHS_OPT_FILENAME   "filename"
+#define VXHS_OPT_VDISK_ID

Re: [Qemu-devel] [PATCH v7 RFC] block/vxhs: Initial commit to add Veritas HyperScale VxHS block device support

[Ketan Nilangekar]

Including the rest of the folks from the original thread.


Ketan.





On 10/26/16, 9:33 AM, "Paolo Bonzini"  wrote:

>
>
>On 26/10/2016 00:39, Ketan Nilangekar wrote:
>> 
>> 
>>> On Oct 26, 2016, at 12:00 AM, Paolo Bonzini  wrote:
>>>
>>>
>>>
 On 25/10/2016 23:53, Ketan Nilangekar wrote:
 We need to confirm the perf numbers but it really depends on the way we do 
 failover outside qemu.

 We are looking at a vip based failover implementation which may need
 some handling code in qnio but that overhead should be minimal (atleast
 no more than the current impl in qemu driver)
>>>
>>> Then it's not outside QEMU's address space, it's only outside
>>> block/vxhs.c... I don't understand.
>>>
>>> Paolo
>>>
>> 
>> Yes and that is something that we are considering and not finalized on a 
>> design. But even if some of the failover code is in the qnio library, is 
>> that a problem? 
>> As per my understanding the original suggestions were around getting the 
>> failover code out of the block driver and into the network library.
>> If an optimal design for this means that some of the failover handling needs 
>> to be done in qnio, is that not acceptable?
>> The way we see it, driver/qnio will talk to the storage service using a 
>> single IP but may have some retry code for retransmitting failed IOs in a 
>> failover scenario.
>
>Sure, that's fine.  It's just that it seemed different from the previous
>explanation.
>
>Paolo
>
 IMO, the real benefit of qemu + qnio perf comes from:
 1. the epoll based io multiplexer
 2. 8 epoll threads
 3. Zero buffer copies in userland code
 4. Minimal locking

 We are also looking at replacing the existing qnio socket code with
 memory readv/writev calls available with the latest kernel for even
 better performance.
>>>

 Ketan

> On Oct 25, 2016, at 1:01 PM, Paolo Bonzini  wrote:
>
>
>
>> On 25/10/2016 07:07, Ketan Nilangekar wrote:
>> We are able to derive significant performance from the qemu block
>> driver as compared to nbd/iscsi/nfs. We have prototyped nfs and nbd
>> based io tap in the past and the performance of qemu block driver is
>> significantly better. Hence we would like to go with the vxhs driver
>> for now.
>
> Is this still true with failover implemented outside QEMU (which
> requires I/O to be proxied, if I'm not mistaken)?  What does the benefit
> come from if so, is it the threaded backend and performing multiple
> connections to the same server?
>
> Paolo
>
>> Ketan
>>
>>
>>> On Oct 24, 2016, at 4:24 PM, Paolo Bonzini 
>>> wrote:
>>>
>>>
>>>
 On 20/10/2016 03:31, Ketan Nilangekar wrote: This way the
 failover logic will be completely out of qemu address space. We
 are considering use of some of our proprietary 
 clustering/monitoring services to implement service failover.
>>>
>>> Are you implementing a different protocol just for the sake of
>>> QEMU, in other words, and forwarding from that protocol to your
>>> proprietary code?
>>>
>>> If that is what you are doing, you don't need at all a vxhs driver
>>> in QEMU.  Just implement NBD or iSCSI on your side, QEMU already
>>> has drivers for that.
>>>
>>> Paolo

[Qemu-devel] [PATCH v2 6/6] spapr: Memory hot-unplug support

[Michael Roth]

From: Bharata B Rao 

Add support to hot remove pc-dimm memory devices.

Since we're introducing a machine-level unplug_request hook, we also
had handling for CPU unplug there as well to ensure CPU unplug
continues to work as it did before.

Signed-off-by: Bharata B Rao 
* add hooks to CAS/cmdline enablement of hotplug ACR support
* add hook for CPU unplug
Signed-off-by: Michael Roth 
Reviewed-by: Michael Roth 
---
 hw/ppc/spapr.c | 119 -
 hw/ppc/spapr_drc.c |  17 
 2 files changed, 135 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 531dfeb..c8e2921 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2281,6 +2281,90 @@ out:
 error_propagate(errp, local_err);
 }
 
+typedef struct sPAPRDIMMState {
+uint32_t nr_lmbs;
+} sPAPRDIMMState;
+
+static void spapr_lmb_release(DeviceState *dev, void *opaque)
+{
+sPAPRDIMMState *ds = (sPAPRDIMMState *)opaque;
+HotplugHandler *hotplug_ctrl;
+
+if (--ds->nr_lmbs) {
+return;
+}
+
+g_free(ds);
+
+/*
+ * Now that all the LMBs have been removed by the guest, call the
+ * pc-dimm unplug handler to cleanup up the pc-dimm device.
+ */
+hotplug_ctrl = qdev_get_hotplug_handler(dev);
+hotplug_handler_unplug(hotplug_ctrl, dev, _abort);
+}
+
+static void spapr_del_lmbs(DeviceState *dev, uint64_t addr_start, uint64_t 
size,
+   Error **errp)
+{
+sPAPRDRConnector *drc;
+sPAPRDRConnectorClass *drck;
+uint32_t nr_lmbs = size / SPAPR_MEMORY_BLOCK_SIZE;
+int i;
+sPAPRDIMMState *ds = g_malloc0(sizeof(sPAPRDIMMState));
+uint64_t addr = addr_start;
+
+ds->nr_lmbs = nr_lmbs;
+for (i = 0; i < nr_lmbs; i++) {
+drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB,
+addr / SPAPR_MEMORY_BLOCK_SIZE);
+g_assert(drc);
+
+drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
+drck->detach(drc, dev, spapr_lmb_release, ds, errp);
+addr += SPAPR_MEMORY_BLOCK_SIZE;
+}
+
+drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB,
+   addr_start / SPAPR_MEMORY_BLOCK_SIZE);
+drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
+spapr_hotplug_req_remove_by_count_indexed(SPAPR_DR_CONNECTOR_TYPE_LMB,
+  nr_lmbs,
+  drck->get_index(drc));
+}
+
+static void spapr_memory_unplug(HotplugHandler *hotplug_dev, DeviceState *dev,
+Error **errp)
+{
+sPAPRMachineState *ms = SPAPR_MACHINE(hotplug_dev);
+PCDIMMDevice *dimm = PC_DIMM(dev);
+PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm);
+MemoryRegion *mr = ddc->get_memory_region(dimm);
+
+pc_dimm_memory_unplug(dev, >hotplug_memory, mr);
+object_unparent(OBJECT(dev));
+}
+
+static void spapr_memory_unplug_request(HotplugHandler *hotplug_dev,
+DeviceState *dev, Error **errp)
+{
+Error *local_err = NULL;
+PCDIMMDevice *dimm = PC_DIMM(dev);
+PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm);
+MemoryRegion *mr = ddc->get_memory_region(dimm);
+uint64_t size = memory_region_size(mr);
+uint64_t addr;
+
+addr = object_property_get_int(OBJECT(dimm), PC_DIMM_ADDR_PROP, 
_err);
+if (local_err) {
+goto out;
+}
+
+spapr_del_lmbs(dev, addr, size, _abort);
+out:
+error_propagate(errp, local_err);
+}
+
 void *spapr_populate_hotplug_cpu_dt(CPUState *cs, int *fdt_offset,
 sPAPRMachineState *spapr)
 {
@@ -2354,10 +2438,42 @@ static void spapr_machine_device_plug(HotplugHandler 
*hotplug_dev,
 static void spapr_machine_device_unplug(HotplugHandler *hotplug_dev,
   DeviceState *dev, Error **errp)
 {
+sPAPRMachineState *sms = SPAPR_MACHINE(qdev_get_machine());
 MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
 
 if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {
-error_setg(errp, "Memory hot unplug not supported by sPAPR");
+if (spapr_ovec_test(sms->ov5_cas, OV5_HP_EVT)) {
+spapr_memory_unplug(hotplug_dev, dev, errp);
+} else {
+error_setg(errp, "Memory hot unplug not supported for this guest");
+}
+} else if (object_dynamic_cast(OBJECT(dev), TYPE_SPAPR_CPU_CORE)) {
+if (!mc->query_hotpluggable_cpus) {
+error_setg(errp, "CPU hot unplug not supported on this machine");
+return;
+}
+spapr_core_unplug(hotplug_dev, dev, errp);
+}
+}
+
+static void spapr_machine_device_unplug_request(HotplugHandler *hotplug_dev,
+DeviceState *dev, Error **errp)
+{
+sPAPRMachineState *sms = SPAPR_MACHINE(qdev_get_machine());

[Qemu-devel] [PATCH v2 4/6] spapr: Add DRC count indexed hotplug identifier type

[Michael Roth]

From: Bharata B Rao 

Add support for DRC count indexed hotplug ID type which is primarily
needed for memory hot unplug. This type allows for specifying the
number of DRs that should be plugged/unplugged starting from a given
DRC index.

Signed-off-by: Bharata B Rao 
* updated rtas_event_log_v6_hp to reflect count/index field ordering
  used in PAPR hotplug ACR
Signed-off-by: Michael Roth 
Reviewed-by: Michael Roth 
---
 hw/ppc/spapr_events.c  | 76 --
 include/hw/ppc/spapr.h |  4 +++
 2 files changed, 65 insertions(+), 15 deletions(-)

diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index 9b0bd41..f85a9c3 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -175,6 +175,16 @@ struct epow_log_full {
 struct rtas_event_log_v6_epow epow;
 } QEMU_PACKED;
 
+union drc_identifier {
+uint32_t index;
+uint32_t count;
+struct {
+uint32_t count;
+uint32_t index;
+} count_indexed;
+char name[1];
+} QEMU_PACKED;
+
 struct rtas_event_log_v6_hp {
 #define RTAS_LOG_V6_SECTION_ID_HOTPLUG  0x4850 /* HP */
 struct rtas_event_log_v6_section_header hdr;
@@ -191,12 +201,9 @@ struct rtas_event_log_v6_hp {
 #define RTAS_LOG_V6_HP_ID_DRC_NAME   1
 #define RTAS_LOG_V6_HP_ID_DRC_INDEX  2
 #define RTAS_LOG_V6_HP_ID_DRC_COUNT  3
+#define RTAS_LOG_V6_HP_ID_DRC_COUNT_INDEXED  4
 uint8_t reserved;
-union {
-uint32_t index;
-uint32_t count;
-char name[1];
-} drc;
+union drc_identifier drc_id;
 } QEMU_PACKED;
 
 struct hp_log_full {
@@ -488,7 +495,7 @@ static void spapr_hotplug_set_signalled(uint32_t drc_index)
 
 static void spapr_hotplug_req_event(uint8_t hp_id, uint8_t hp_action,
 sPAPRDRConnectorType drc_type,
-uint32_t drc)
+union drc_identifier *drc_id)
 {
 sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
 struct hp_log_full *new_hp;
@@ -533,7 +540,7 @@ static void spapr_hotplug_req_event(uint8_t hp_id, uint8_t 
hp_action,
 case SPAPR_DR_CONNECTOR_TYPE_PCI:
 hp->hotplug_type = RTAS_LOG_V6_HP_TYPE_PCI;
 if (hp->hotplug_action == RTAS_LOG_V6_HP_ACTION_ADD) {
-spapr_hotplug_set_signalled(drc);
+spapr_hotplug_set_signalled(drc_id->index);
 }
 break;
 case SPAPR_DR_CONNECTOR_TYPE_LMB:
@@ -551,9 +558,18 @@ static void spapr_hotplug_req_event(uint8_t hp_id, uint8_t 
hp_action,
 }
 
 if (hp_id == RTAS_LOG_V6_HP_ID_DRC_COUNT) {
-hp->drc.count = cpu_to_be32(drc);
+hp->drc_id.count = cpu_to_be32(drc_id->count);
 } else if (hp_id == RTAS_LOG_V6_HP_ID_DRC_INDEX) {
-hp->drc.index = cpu_to_be32(drc);
+hp->drc_id.index = cpu_to_be32(drc_id->index);
+} else if (hp_id == RTAS_LOG_V6_HP_ID_DRC_COUNT_INDEXED) {
+/* we should not be using count_indexed value unless the guest
+ * supports dedicated hotplug event source
+ */
+g_assert(spapr_ovec_test(spapr->ov5_cas, OV5_HP_EVT));
+hp->drc_id.count_indexed.count =
+cpu_to_be32(drc_id->count_indexed.count);
+hp->drc_id.count_indexed.index =
+cpu_to_be32(drc_id->count_indexed.index);
 }
 
 rtas_event_log_queue(RTAS_LOG_TYPE_HOTPLUG, new_hp, true);
@@ -567,34 +583,64 @@ void spapr_hotplug_req_add_by_index(sPAPRDRConnector *drc)
 {
 sPAPRDRConnectorClass *drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
 sPAPRDRConnectorType drc_type = drck->get_type(drc);
-uint32_t index = drck->get_index(drc);
+union drc_identifier drc_id;
 
+drc_id.index = drck->get_index(drc);
 spapr_hotplug_req_event(RTAS_LOG_V6_HP_ID_DRC_INDEX,
-RTAS_LOG_V6_HP_ACTION_ADD, drc_type, index);
+RTAS_LOG_V6_HP_ACTION_ADD, drc_type, _id);
 }
 
 void spapr_hotplug_req_remove_by_index(sPAPRDRConnector *drc)
 {
 sPAPRDRConnectorClass *drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
 sPAPRDRConnectorType drc_type = drck->get_type(drc);
-uint32_t index = drck->get_index(drc);
+union drc_identifier drc_id;
 
+drc_id.index = drck->get_index(drc);
 spapr_hotplug_req_event(RTAS_LOG_V6_HP_ID_DRC_INDEX,
-RTAS_LOG_V6_HP_ACTION_REMOVE, drc_type, index);
+RTAS_LOG_V6_HP_ACTION_REMOVE, drc_type, _id);
 }
 
 void spapr_hotplug_req_add_by_count(sPAPRDRConnectorType drc_type,
uint32_t count)
 {
+union drc_identifier drc_id;
+
+drc_id.count = count;
 spapr_hotplug_req_event(RTAS_LOG_V6_HP_ID_DRC_COUNT,
-RTAS_LOG_V6_HP_ACTION_ADD, drc_type, count);
+

Re: [Qemu-devel] [PATCH 04/16] target-m68k: add scc/dbcc

[Richard Henderson]

On 10/26/2016 09:35 AM, Laurent Vivier wrote:

Signed-off-by: Laurent Vivier 
---
 target-m68k/translate.c | 65 ++---
 1 file changed, 45 insertions(+), 20 deletions(-)

diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index a07b6f5..05efd29 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -1008,25 +1008,6 @@ static void gen_jmpcc(DisasContext *s, int cond, 
TCGLabel *l1)
   free_cond();
 }

-DISAS_INSN(scc)
-{
-DisasCompare c;
-int cond;
-TCGv reg, tmp;
-
-cond = (insn >> 8) & 0xf;
-gen_cc_cond(, s, cond);
-
-tmp = tcg_temp_new();
-tcg_gen_setcond_i32(c.tcond, tmp, c.v1, c.v2);
-free_cond();
-
-reg = DREG(insn, 0);
-tcg_gen_neg_i32(tmp, tmp);
-tcg_gen_deposit_i32(reg, reg, tmp, 0, 8);
-tcg_temp_free(tmp);
-}
-
 /* Force a TB lookup after an instruction that changes the CPU state.  */
 static void gen_lookup_tb(DisasContext *s)
 {
@@ -1106,6 +1087,48 @@ static void gen_jmp_tb(DisasContext *s, int n, uint32_t 
dest)
 s->is_jmp = DISAS_TB_JUMP;
 }

+DISAS_INSN(scc)
+{
+DisasCompare c;
+int cond;
+TCGv tmp;
+
+cond = (insn >> 8) & 0xf;
+gen_cc_cond(, s, cond);
+
+tmp = tcg_temp_new();
+tcg_gen_setcond_i32(c.tcond, tmp, c.v1, c.v2);
+free_cond();
+
+tcg_gen_neg_i32(tmp, tmp);
+DEST_EA(env, insn, OS_BYTE, tmp, NULL);
+tcg_temp_free(tmp);
+}


This change to scc, to add support for EA, should be in a separate patch from 
adding dbcc.  Otherwise it looks good.



r~



+
+DISAS_INSN(dbcc)
+{
+TCGLabel *l1;
+TCGv reg;
+TCGv tmp;
+int16_t offset;
+uint32_t base;
+
+reg = DREG(insn, 0);
+base = s->pc;
+offset = (int16_t)read_im16(env, s);
+l1 = gen_new_label();
+gen_jmpcc(s, (insn >> 8) & 0xf, l1);
+
+tmp = tcg_temp_new();
+tcg_gen_ext16s_i32(tmp, reg);
+tcg_gen_addi_i32(tmp, tmp, -1);
+gen_partset_reg(OS_WORD, reg, tmp);
+tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, -1, l1);
+gen_jmp_tb(s, 1, base + offset);
+gen_set_label(l1);
+gen_jmp_tb(s, 0, s->pc);
+}
+
 DISAS_INSN(undef_mac)
 {
 gen_exception(s, s->pc - 2, EXCP_LINEA);
@@ -3144,7 +3167,9 @@ void register_m68k_insns (CPUM68KState *env)
 INSN(jump,  4ec0, ffc0, M68000);
 INSN(addsubq,   5000, f080, M68000);
 INSN(addsubq,   5080, f0c0, M68000);
-INSN(scc,   50c0, f0f8, CF_ISA_A);
+INSN(scc,   50c0, f0f8, CF_ISA_A); /* Scc.B Dx   */
+INSN(scc,   50c0, f0c0, M68000);   /* Scc.B  */
+INSN(dbcc,  50c8, f0f8, M68000);
 INSN(addsubq,   5080, f1c0, CF_ISA_A);
 INSN(tpf,   51f8, fff8, CF_ISA_A);

[Qemu-devel] [PATCH v2 1/6] spapr: update spapr hotplug documentation

[Michael Roth]

This updates the existing documentation to reflect recent updates to
the hotplug event structure, which are in draft form but slated
for inclusion in PAPR/LoPAPR.

Signed-off-by: Michael Roth 
Reviewed-by: David Gibson 
---
 docs/specs/ppc-spapr-hotplug.txt | 55 +---
 1 file changed, 46 insertions(+), 9 deletions(-)

diff --git a/docs/specs/ppc-spapr-hotplug.txt b/docs/specs/ppc-spapr-hotplug.txt
index 631b0ca..f57e2a0 100644
--- a/docs/specs/ppc-spapr-hotplug.txt
+++ b/docs/specs/ppc-spapr-hotplug.txt
@@ -233,12 +233,27 @@ tools by host-level management such as an HMC. This level 
of management is not
 applicable to PowerKVM, hence the reason for extending the notification
 framework to support hotplug events.
 
-Note that these events are not yet formally part of the PAPR+ specification,
-but support for this format has already been implemented in DR-related
-guest tools such as powerpc-utils/librtas, as well as kernel patches that have
-been submitted to handle in-kernel processing of memory/cpu-related hotplug
-events[1], and is planned for formal inclusion is PAPR+ specification. The
-hotplug-specific payload is QEMU implemented as follows (with all values
+The format for these EPOW-signalled events is described below under
+"hotplug/unplug event structure". Note that these events are not
+formally part of the PAPR+ specification, and have been superseded by a
+newer format, also described below under "hotplug/unplug event structure",
+and so are now deemed a "legacy" format. The formats are similar, but the
+"modern" format contains additional fields/flags, which are denoted for the
+purposes of this documentation with "#ifdef GUEST_SUPPORTS_MODERN" guards.
+
+QEMU should assume support only for "legacy" fields/flags unless the guest
+advertises support for the "modern" format via ibm,client-architecture-support
+hcall by setting byte 5, bit 6 of it's ibm,architecture-vec-5 option vector
+structure (as described by LoPAPR v11, B.6.2.3). As with "legacy" format 
events,
+"modern" format events are surfaced to the guest via check-exception RTAS 
calls,
+but use a dedicated event source to signal the guest. This event source is
+advertised to the guest by the addition of a "hot-plug-events" node under
+"/event-sources" node of the guest's device tree using the standard format
+described in LoPAPR v11, B.6.12.1.
+
+== hotplug/unplug event structure ==
+
+The hotplug-specific payload in QEMU is implemented as follows (with all values
 encoded in big-endian format):
 
 struct rtas_event_log_v6_hp {
@@ -263,14 +278,23 @@ struct rtas_event_log_v6_hp {
 #define RTAS_LOG_V6_HP_ACTION_ADD   1
 #define RTAS_LOG_V6_HP_ACTION_REMOVE2
 uint8_t hotplug_action; /* action (add/remove) */
-#define RTAS_LOG_V6_HP_ID_DRC_NAME  1
-#define RTAS_LOG_V6_HP_ID_DRC_INDEX 2
-#define RTAS_LOG_V6_HP_ID_DRC_COUNT 3
+#define RTAS_LOG_V6_HP_ID_DRC_NAME  1
+#define RTAS_LOG_V6_HP_ID_DRC_INDEX 2
+#define RTAS_LOG_V6_HP_ID_DRC_COUNT 3
+#ifdef GUEST_SUPPORTS_MODERN
+#define RTAS_LOG_V6_HP_ID_DRC_COUNT_INDEXED 4
+#endif
 uint8_t hotplug_identifier; /* type of the resource identifier,
  * which serves as the discriminator
  * for the 'drc' union field below
  */
+#ifdef GUEST_SUPPORTS_MODERN
+uint8_t capabilities;   /* capability flags, currently unused
+ * by QEMU
+ */
+#else
 uint8_t reserved;
+#endif
 union {
 uint32_t index; /* DRC index of resource to take action
  * on
@@ -278,6 +302,19 @@ struct rtas_event_log_v6_hp {
 uint32_t count; /* number of DR resources to take
  * action on (guest chooses which)
  */
+#ifdef GUEST_SUPPORTS_MODERN
+struct {
+uint32_t count; /* number of DR resources to take
+ * action on
+ */
+uint32_t index; /* DRC index of first resource to take
+ * action on. guest will take action
+ * on DRC index  through
+ * DRC index  in
+ * sequential order
+ */
+} count_indexed;
+#endif
 char name[1];   /* string representing the name of the
  * DRC to take action on
  */
-- 
1.9.1

[Qemu-devel] [PATCH v2 0/6] spapr: dedicated hotplug events and memory unplug support

[Michael Roth]

This series is based on David's ppc-for-2.8 branch, and is also available from:

  https://github.com/mdroth/qemu/commits/spapr-hotplug-event-update

Changes since v1:
  * Rebased on latest ppc-for-2.8
  * Dropped patches relating to option vector manipulation (now merged)
  * Moved patch introducing modern-hotplug-events option to come after
that actual implementation of modern-hotplug-events support. (David)
  * Removed uneeded source name string from sPAPREventSource in favor of
manual lookup of the name when creating DT. (David)
  * Don't split function return signatures across lines (David)
  * Add comment to clarify hotplug events being enabled regardless
of CAS-negotiation.
  * Avoid unecessary initialization of hotplug_ctrl in
spapr_lmb_release. (David)

Changes since RFC:
  * Rebased on latest ppc-for-2.8 (with DT refactoring)
  * Submitting as v1 now that PAPR Hotplug ACR is committed
  * address Patchew warnings
  * add comments to clarify spapr->ov5/ov5_cas usage. (David)
  * revise comment to clarify intent when setting spapr->ov5
OV5_HP_EVT bit. (Bharata)
  * drop internal usage of spapr_ovec_from_bitmap() in favor of
directly assigning bitmap to sPAPROptionVector instances. (David)
  * standardize meaning of 'vector_len' variable through spapr_ovec_*
functions to be the byte-wise length of option vectors entries,
and not including the preceeding length byte itself. (David)
  * fix spapr_ovec_populate_dt() to parse up to OV_MAXBITS bits
rather than OV_MAXBITS - 1. (David)
  * fix spapr_ovec_populate_dt() encode the minimum of 1 option
vector byte instead of the max of OV_MAXBYTES in cases where
no option bits are set. (David)
  * add some comments to spapr_ovec_populate_dt() to clarify what
is being encoded into length byte of ibm,architecture-vec-5
  * switch 'legacy-hotplug-events' option to
'modern-hotplug-events' (David)
  * modify rtas_event_log_to_source() to check for OV5_HP_EVT
option rather than relying on whether the hotplug source is
specifically enabled. Assert the latter in cases where
OV5_HP_EVT is set. (Bharata)
  * drop global EventSource list in favor of an sPAPREventSource
list field within sPAPRMachineState (David)
  * add CPU unplug hook in mc->unplug_request (Bharata)


Patches 1-4 add support for an updated event format for hotplug events,
which includes a new way to specify a range of DRCs/LMBs to hotplug/unplug
using a starting position and count, which is necessary for memory unplug.

Patches 5-6 add support for memory unplug using the new event format.

In addition to kernel 4.8 or later, there are a number of patches required
to enable support on the guest kernel side. I've including the minimum set
of patches in my branch here:

   https://github.com/mdroth/linux/commits/spapr-hotplug-event-update

   *powerpc/pseries: advertise Hot Plug Event support to firmware
   powerpc/pseries: Implement indexed-count hotplug memory remove
   powerpc/pseries: Implement indexed-count hotplug memory add

Note that there is currently an issue that arises when attempting to
offline an LMB that was onlined using a guest kernel's auto-onlining
mechanism, which can prevent full completion of memory unplug requests.
This is being investigated, but for the purposes of testing this can
be worked around currently by disabling auto-onlining in guests via:

  "echo offline >/sys/devices/system/memory/auto_online_blocks"

and instead onlining the blocks manually or via udev.

 docs/specs/ppc-spapr-hotplug.txt |  55 +++--
 hw/ppc/spapr.c   | 178 
+-
 hw/ppc/spapr_drc.c   |  17 +++
 hw/ppc/spapr_events.c| 278 
+++---
 include/hw/ppc/spapr.h   |  10 --
 include/hw/ppc/spapr_ovec.h  |   1 +
 6 files changed, 469 insertions(+), 70 deletions(-)

Re: [Qemu-devel] [PATCH 03/16] target-m68k: add exg ops

[Richard Henderson]

On 10/26/2016 09:35 AM, Laurent Vivier wrote:

+INSN(undef, c140, f1f8, CF_ISA_A);
+INSN(exg,   c140, f1f8, M68000);
+INSN(undef, c148, f1f8, CF_ISA_A);
+INSN(exg,   c148, f1f8, M68000);
+INSN(undef, c188, f1f8, CF_ISA_A);
+INSN(exg,   c188, f1f8, M68000);


Given that we started with

+BASE(undef, , );

why do we need to re-add these undef's?

Otherwise, why not use these, and a helper, to avoid having to re-decode.

static void do_exg(TCGv reg1, TCGv reg2)
{
TCGv temp = tcg_temp_new();
tcg_gen_mov_i32(temp, reg1);
tcg_gen_mov_i32(reg1, reg2);
tcg_gen_mov_i32(reg2, temp);
tcg_temp_free(temp);
}

DISAS_INSN(exg_dd)
{
do_exg(DREG(insn, 9), DREG(insn, 0));
}

DISAS_INSN(exg_aa)
{
do_exg(AREG(insn, 9), AREG(insn, 0));
}

DISAS_INSN(exg_da)
{
do_exg(DREG(insn, 9), AREG(insn, 0));
}


r~

[Qemu-devel] [PATCH v2 5/6] spapr: use count+index for memory hotplug

[Michael Roth]

Commit 0a417869:

spapr: Move memory hotplug to RTAS_LOG_V6_HP_ID_DRC_COUNT type

dropped per-DRC/per-LMB hotplugs event in favor of a bulk add via a
single LMB count value. This was to avoid overrunning the guest EPOW
event queue with hotplug events. This works fine, but relies on the
guest exhaustively scanning for pluggable LMBs to satisfy the
requested count by issuing rtas-get-sensor(DR_ENTITY_SENSE, ...) calls
until all the LMBs associated with the DIMM are identified.

With newer support for dedicated hotplug event source, this queue
exhaustion is no longer as much of an issue due to implementation
details on the guest side, but we still try to avoid excessive hotplug
events by now supporting both a count and a starting index to avoid
unecessary work. This patch makes use of that approach when the
capability is available.

Cc: bhar...@linux.vnet.ibm.com
Signed-off-by: Michael Roth 
Reviewed-by: Michael Roth 
---
 hw/ppc/spapr.c | 22 ++
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index fe91883..531dfeb 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2202,14 +2202,16 @@ static void spapr_nmi(NMIState *n, int cpu_index, Error 
**errp)
 }
 }
 
-static void spapr_add_lmbs(DeviceState *dev, uint64_t addr, uint64_t size,
-   uint32_t node, Error **errp)
+static void spapr_add_lmbs(DeviceState *dev, uint64_t addr_start, uint64_t 
size,
+   uint32_t node, bool dedicated_hp_event_source,
+   Error **errp)
 {
 sPAPRDRConnector *drc;
 sPAPRDRConnectorClass *drck;
 uint32_t nr_lmbs = size/SPAPR_MEMORY_BLOCK_SIZE;
 int i, fdt_offset, fdt_size;
 void *fdt;
+uint64_t addr = addr_start;
 
 for (i = 0; i < nr_lmbs; i++) {
 drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB,
@@ -2228,7 +2230,17 @@ static void spapr_add_lmbs(DeviceState *dev, uint64_t 
addr, uint64_t size,
  * guest only in case of hotplugged memory
  */
 if (dev->hotplugged) {
-   spapr_hotplug_req_add_by_count(SPAPR_DR_CONNECTOR_TYPE_LMB, nr_lmbs);
+if (dedicated_hp_event_source) {
+drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB,
+addr_start / SPAPR_MEMORY_BLOCK_SIZE);
+drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
+spapr_hotplug_req_add_by_count_indexed(SPAPR_DR_CONNECTOR_TYPE_LMB,
+   nr_lmbs,
+   drck->get_index(drc));
+} else {
+spapr_hotplug_req_add_by_count(SPAPR_DR_CONNECTOR_TYPE_LMB,
+   nr_lmbs);
+}
 }
 }
 
@@ -2261,7 +2273,9 @@ static void spapr_memory_plug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 goto out;
 }
 
-spapr_add_lmbs(dev, addr, size, node, _abort);
+spapr_add_lmbs(dev, addr, size, node,
+   spapr_ovec_test(ms->ov5_cas, OV5_HP_EVT),
+   _abort);
 
 out:
 error_propagate(errp, local_err);
-- 
1.9.1

Re: [Qemu-devel] [PATCH 07/10] spapr_events: add support for dedicated hotplug event source

[Michael Roth]

Quoting David Gibson (2016-10-25 19:42:18)
> On Mon, Oct 24, 2016 at 11:47:33PM -0500, Michael Roth wrote:
> > Hotplug events were previously delivered using an EPOW interrupt
> > and were queued by linux guests into a circular buffer. For traditional
> > EPOW events like shutdown/resets, this isn't an issue, but for hotplug
> > events there are cases where this buffer can be exhausted, resulting
> > in the loss of hotplug events, resets, etc.
> > 
> > Newer-style hotplug event are delivered using a dedicated event source.
> > We enable this in supported guests by adding standard an additional
> > event source in the guest device-tree via /event-sources, and, if
> > the guest advertises support for the newer-style hotplug events,
> > using the corresponding interrupt to signal the available of
> > hotplug/unplug events.
> > 
> > Signed-off-by: Michael Roth 
> > ---
> >  hw/ppc/spapr.c |   4 +-
> >  hw/ppc/spapr_events.c  | 202 
> > -
> >  include/hw/ppc/spapr.h |   5 +-
> >  3 files changed, 170 insertions(+), 41 deletions(-)
> > 
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index a3ea140..dc4224b 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -973,7 +973,7 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr,
> >  }
> >  
> >  /* /event-sources */
> > -spapr_dt_events(fdt, spapr->check_exception_irq);
> > +spapr_dt_events(spapr, fdt);
> >  
> >  /* /rtas */
> >  spapr_dt_rtas(spapr, fdt);
> > @@ -1917,7 +1917,7 @@ static void ppc_spapr_init(MachineState *machine)
> >  }
> >  g_free(filename);
> >  
> > -/* Set up EPOW events infrastructure */
> > +/* Set up RTAS event infrastructure */
> >  spapr_events_init(spapr);
> >  
> >  /* Set up the RTC RTAS interfaces */
> > diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
> > index 89aa5a7..b6b3511 100644
> > --- a/hw/ppc/spapr_events.c
> > +++ b/hw/ppc/spapr_events.c
> > @@ -40,6 +40,7 @@
> >  #include "hw/ppc/spapr_drc.h"
> >  #include "qemu/help_option.h"
> >  #include "qemu/bcd.h"
> > +#include "hw/ppc/spapr_ovec.h"
> >  #include 
> >  
> >  struct rtas_error_log {
> > @@ -206,27 +207,140 @@ struct hp_log_full {
> >  struct rtas_event_log_v6_hp hp;
> >  } QEMU_PACKED;
> >  
> > -#define EVENT_MASK_INTERNAL_ERRORS   0x8000
> > -#define EVENT_MASK_EPOW  0x4000
> > -#define EVENT_MASK_HOTPLUG   0x1000
> > -#define EVENT_MASK_IO0x0800
> > +typedef enum EventClass {
> > +EVENT_CLASS_INTERNAL_ERRORS = 0,
> > +EVENT_CLASS_EPOW= 1,
> > +EVENT_CLASS_RESERVED= 2,
> > +EVENT_CLASS_HOT_PLUG= 3,
> > +EVENT_CLASS_IO  = 4,
> > +EVENT_CLASS_MAX
> > +} EventClassIndex;
> > +#define EVENT_CLASS_MASK(index) (1 << (31 - index))
> > +
> > +static const char *event_names[EVENT_CLASS_MAX] = {
> > +[EVENT_CLASS_INTERNAL_ERRORS]   = "internal-errors",
> > +[EVENT_CLASS_EPOW]  = "epow-events",
> > +[EVENT_CLASS_HOT_PLUG]  = "hot-plug-events",
> > +[EVENT_CLASS_IO]= "ibm,io-events",
> > +};
> > +
> > +struct sPAPREventSource {
> > +const char *name;
> > +int irq;
> > +uint32_t mask;
> > +bool enabled;
> > +};
> > +
> > +static sPAPREventSource *spapr_event_sources_new(void)
> > +{
> > +sPAPREventSource *event_sources = g_new0(sPAPREventSource,
> > + EVENT_CLASS_MAX);
> > +int i;
> > +
> > +for (i = 0; i < EVENT_CLASS_MAX; i++) {
> > +event_sources[i].name = event_names[i];
> 
> You don't really need to have the pointer to the name in
> sPAPREventSource.  You only need it for building the DT, and you can
> look up event_names in parallel just as easily there.
> 
> > +}
> >  
> > -void spapr_dt_events(void *fdt, uint32_t check_exception_irq)
> > +return event_sources;
> > +}
> > +
> > +static void spapr_event_sources_register(sPAPREventSource *event_sources,
> > +EventClassIndex index, int irq)
> >  {
> > -int event_sources, epow_events;
> > -uint32_t irq_ranges[] = {cpu_to_be32(check_exception_irq), 
> > cpu_to_be32(1)};
> > -uint32_t interrupts[] = {cpu_to_be32(check_exception_irq), 0};
> > +/* we only support 1 irq per event class at the moment */
> > +g_assert(event_sources);
> > +g_assert(!event_sources[index].enabled);
> > +event_sources[index].irq = irq;
> > +event_sources[index].mask = EVENT_CLASS_MASK(index);
> > +event_sources[index].enabled = true;
> > +}
> > +
> > +static const sPAPREventSource
> > +*spapr_event_sources_get_source(sPAPREventSource *event_sources,
> > +EventClassIndex index)
> 
> function return type on previous line or same line as the function
> name is fine by 

[Qemu-devel] [PATCH v2 2/6] spapr_events: add support for dedicated hotplug event source

[Michael Roth]

Hotplug events were previously delivered using an EPOW interrupt
and were queued by linux guests into a circular buffer. For traditional
EPOW events like shutdown/resets, this isn't an issue, but for hotplug
events there are cases where this buffer can be exhausted, resulting
in the loss of hotplug events, resets, etc.

Newer-style hotplug event are delivered using a dedicated event source.
We enable this in supported guests by adding standard an additional
event source in the guest device-tree via /event-sources, and, if
the guest advertises support for the newer-style hotplug events,
using the corresponding interrupt to signal the available of
hotplug/unplug events.

Signed-off-by: Michael Roth 
---
 hw/ppc/spapr.c  |   9 +-
 hw/ppc/spapr_events.c   | 202 
 include/hw/ppc/spapr.h  |   6 +-
 include/hw/ppc/spapr_ovec.h |   1 +
 4 files changed, 177 insertions(+), 41 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 0b3820b..9ddf2ff 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -973,7 +973,7 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr,
 }
 
 /* /event-sources */
-spapr_dt_events(fdt, spapr->check_exception_irq);
+spapr_dt_events(spapr, fdt);
 
 /* /rtas */
 spapr_dt_rtas(spapr, fdt);
@@ -1789,6 +1789,11 @@ static void ppc_spapr_init(MachineState *machine)
 
 spapr_ovec_set(spapr->ov5, OV5_FORM1_AFFINITY);
 
+/* advertise support for dedicated HP event source to guests */
+if (spapr->use_hotplug_event_source) {
+spapr_ovec_set(spapr->ov5, OV5_HP_EVT);
+}
+
 /* init CPUs */
 if (machine->cpu_model == NULL) {
 machine->cpu_model = kvm_enabled() ? "host" : smc->tcg_default_cpu;
@@ -1912,7 +1917,7 @@ static void ppc_spapr_init(MachineState *machine)
 }
 g_free(filename);
 
-/* Set up EPOW events infrastructure */
+/* Set up RTAS event infrastructure */
 spapr_events_init(spapr);
 
 /* Set up the RTC RTAS interfaces */
diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index 89aa5a7..9b0bd41 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -40,6 +40,7 @@
 #include "hw/ppc/spapr_drc.h"
 #include "qemu/help_option.h"
 #include "qemu/bcd.h"
+#include "hw/ppc/spapr_ovec.h"
 #include 
 
 struct rtas_error_log {
@@ -206,27 +207,132 @@ struct hp_log_full {
 struct rtas_event_log_v6_hp hp;
 } QEMU_PACKED;
 
-#define EVENT_MASK_INTERNAL_ERRORS   0x8000
-#define EVENT_MASK_EPOW  0x4000
-#define EVENT_MASK_HOTPLUG   0x1000
-#define EVENT_MASK_IO0x0800
+typedef enum EventClass {
+EVENT_CLASS_INTERNAL_ERRORS = 0,
+EVENT_CLASS_EPOW= 1,
+EVENT_CLASS_RESERVED= 2,
+EVENT_CLASS_HOT_PLUG= 3,
+EVENT_CLASS_IO  = 4,
+EVENT_CLASS_MAX
+} EventClassIndex;
+#define EVENT_CLASS_MASK(index) (1 << (31 - index))
+
+static const char * const event_names[EVENT_CLASS_MAX] = {
+[EVENT_CLASS_INTERNAL_ERRORS]   = "internal-errors",
+[EVENT_CLASS_EPOW]  = "epow-events",
+[EVENT_CLASS_HOT_PLUG]  = "hot-plug-events",
+[EVENT_CLASS_IO]= "ibm,io-events",
+};
+
+struct sPAPREventSource {
+int irq;
+uint32_t mask;
+bool enabled;
+};
+
+static sPAPREventSource *spapr_event_sources_new(void)
+{
+return g_new0(sPAPREventSource, EVENT_CLASS_MAX);
+}
+
+static void spapr_event_sources_register(sPAPREventSource *event_sources,
+EventClassIndex index, int irq)
+{
+/* we only support 1 irq per event class at the moment */
+g_assert(event_sources);
+g_assert(!event_sources[index].enabled);
+event_sources[index].irq = irq;
+event_sources[index].mask = EVENT_CLASS_MASK(index);
+event_sources[index].enabled = true;
+}
+
+static const sPAPREventSource *
+spapr_event_sources_get_source(sPAPREventSource *event_sources,
+   EventClassIndex index)
+{
+g_assert(index < EVENT_CLASS_MAX);
+g_assert(event_sources);
+
+return _sources[index];
+}
 
-void spapr_dt_events(void *fdt, uint32_t check_exception_irq)
+void spapr_dt_events(sPAPRMachineState *spapr, void *fdt)
 {
-int event_sources, epow_events;
-uint32_t irq_ranges[] = {cpu_to_be32(check_exception_irq), cpu_to_be32(1)};
-uint32_t interrupts[] = {cpu_to_be32(check_exception_irq), 0};
+uint32_t irq_ranges[EVENT_CLASS_MAX * 2];
+int i, count = 0, event_sources;
+sPAPREventSource *events = spapr->event_sources;
+
+g_assert(events);
 
 _FDT(event_sources = fdt_add_subnode(fdt, 0, "event-sources"));
 
-_FDT(fdt_setprop(fdt, event_sources, "interrupt-controller", NULL, 0));
-_FDT(fdt_setprop_cell(fdt, event_sources, "#interrupt-cells", 2));
-_FDT(fdt_setprop(fdt, event_sources, 

[Qemu-devel] [PATCH v2 3/6] spapr: add hotplug interrupt machine options

[Michael Roth]

This adds machine options of the form:

  -machine pseries,modern-hotplug-events=true
  -machine pseries,modern-hotplug-events=false

If false, QEMU will force the use of "legacy" style hotplug events,
which are surfaced through EPOW events instead of a dedicated
hot plug event source, and lack certain features necessary, mainly,
for memory unplug support.

If true, QEMU will enable support for "modern" dedicated hot plug
event source. Note that we will still default to "legacy" style unless
the guest advertises support for the "modern" hotplug events via
ibm,client-architecture-support hcall during early boot.

For pseries-2.7 and earlier we default to false, for newer machine
types we default to true.

Signed-off-by: Michael Roth 
---
 hw/ppc/spapr.c | 28 
 1 file changed, 28 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 9ddf2ff..fe91883 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2143,16 +2143,41 @@ static void spapr_set_kvm_type(Object *obj, const char 
*value, Error **errp)
 spapr->kvm_type = g_strdup(value);
 }
 
+static bool spapr_get_modern_hotplug_events(Object *obj, Error **errp)
+{
+sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
+
+return spapr->use_hotplug_event_source;
+}
+
+static void spapr_set_modern_hotplug_events(Object *obj, bool value,
+Error **errp)
+{
+sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
+
+spapr->use_hotplug_event_source = value;
+}
+
 static void spapr_machine_initfn(Object *obj)
 {
 sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
 
 spapr->htab_fd = -1;
+spapr->use_hotplug_event_source = true;
 object_property_add_str(obj, "kvm-type",
 spapr_get_kvm_type, spapr_set_kvm_type, NULL);
 object_property_set_description(obj, "kvm-type",
 "Specifies the KVM virtualization mode 
(HV, PR)",
 NULL);
+object_property_add_bool(obj, "modern-hotplug-events",
+spapr_get_modern_hotplug_events,
+spapr_set_modern_hotplug_events,
+NULL);
+object_property_set_description(obj, "modern-hotplug-events",
+"Use dedicated hotplug event mechanism in"
+" place of standard EPOW events when 
possible"
+" (required for memory hot-unplug 
support)",
+NULL);
 }
 
 static void spapr_machine_finalizefn(Object *obj)
@@ -2599,7 +2624,10 @@ static void phb_placement_2_7(sPAPRMachineState *spapr, 
uint32_t index,
 
 static void spapr_machine_2_7_instance_options(MachineState *machine)
 {
+sPAPRMachineState *spapr = SPAPR_MACHINE(machine);
+
 spapr_machine_2_8_instance_options(machine);
+spapr->use_hotplug_event_source = false;
 }
 
 static void spapr_machine_2_7_class_options(MachineClass *mc)
-- 
1.9.1

Re: [Qemu-devel] [PATCH RFC] acpi: don't build acpi tables for xen hvm guests

[Stefano Stabellini]

On Wed, 26 Oct 2016, Stefano Stabellini wrote:
> On Wed, 26 Oct 2016, Wei Liu wrote:
> > On Wed, Oct 26, 2016 at 05:09:52PM +0200, Igor Mammedov wrote:
> > > On Tue, 25 Oct 2016 18:28:04 +0100
> > > Wei Liu  wrote:
> > > 
> > > > Xen's toolstack is in charge of building ACPI tables. Skip acpi table
> > > > building if running on Xen.
> > > > 
> > > > This issue is discovered due to direct kernel boot on Xen doesn't boot
> > > > anymore, because the new ACPI tables cause the guest to exceed its
> > > > memory allocation limit.
> > > > 
> > > > Reported-by: Sander Eikelenboom 
> > > > Signed-off-by: Wei Liu 
> > > Question is:
> > > Why does xen guest get ACPI tables from QEMU instead of using
> > > Xen provided ones.
> > > Maybe it's firmware issue i.e. firmware side shouldn't load
> > > ACPI tables from QEMU provided fwcfg file and load Xen provided instead.
> > > 
> > 
> > It hasn't come to the point that the guest is booted. QEMU exits when
> > trying to populate some pages for the guest, at which point the guest
> > has not yet been started.  In a sense, Xen guest doesn't get ACPI from
> > QEMU because it never gets to that point.
> > 
> > Direct kernel boot causes fw_cfg to be filled in. pcms->has_acpi_build
> > defaults to true and acpi_enabled is also true. These make all checks in
> > acpi_setup pass. QEMU proceeds to build and load ACPI tables (which are
> > never going to be used by Xen guests), causing the guest to exceeds its
> > limit.
> 
> What if libxl passes -no-acpi to QEMU?

Of course even if that works, I think we should still fix this properly
in QEMU


> > > > ---
> > > > Cc: Anthony PERARD 
> > > > Cc: Stefano Stabellini 
> > > > 
> > > > RFC because I'm not sure this is the best way to fix it.
> > > > ---
> > > >  hw/i386/acpi-build.c | 6 ++
> > > >  1 file changed, 6 insertions(+)
> > > > 
> > > > diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> > > > index a26a4bb..2cdff12 100644
> > > > --- a/hw/i386/acpi-build.c
> > > > +++ b/hw/i386/acpi-build.c
> > > > @@ -45,6 +45,7 @@
> > > >  #include "sysemu/tpm_backend.h"
> > > >  #include "hw/timer/mc146818rtc_regs.h"
> > > >  #include "sysemu/numa.h"
> > > > +#include "hw/xen/xen.h"
> > > >  
> > > >  /* Supported chipsets: */
> > > >  #include "hw/acpi/piix4.h"
> > > > @@ -2865,6 +2866,11 @@ void acpi_setup(void)
> > > >  return;
> > > >  }
> > > >  
> > > > +if (xen_enabled()) {
> > > > +ACPI_BUILD_DPRINTF("Xen enabled. Bailing out.\n");
> > > > +return;
> > > > +}
> > > > +
> > > >  build_state = g_malloc0(sizeof *build_state);
> > > >  
> > > >  acpi_set_pci_info();
> > > 
> > 
> 

Re: [Qemu-devel] [PATCH v3] char: cadence: check baud rate generator and divider values

[Alistair Francis]

On Wed, Oct 26, 2016 at 2:22 PM, P J P  wrote:
> From: Prasad J Pandit 
>
> The Cadence UART device emulator calculates speed by dividing the
> baud rate by a 'baud rate generator' & 'baud rate divider' value.
> The device specification defines these register values to be
> non-zero and within certain limits. Add checks for these limits
> to avoid errors like divide by zero.
>
> Reported-by: Huawei PSIRT 
> Signed-off-by: Prasad J Pandit 
> ---
>  hw/char/cadence_uart.c | 17 +
>  1 file changed, 17 insertions(+)
>
> Update: mask R_BRGR and R_BDIV register values with 0x and 0xff resp.
>   -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg06206.html
>   -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg06215.html
>
> diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
> index e3bc52f..5341d81 100644
> --- a/hw/char/cadence_uart.c
> +++ b/hw/char/cadence_uart.c
> @@ -1,5 +1,10 @@
>  /*
>   * Device model for Cadence UART
> + *   -> 
> http://www.xilinx.com/support/documentation/user_guides/ug585-Zynq-7000-TRM.pdf

Nit pick, I would put the URL under the title below.

> + *
> + * Reference: Xilinx Zynq 7000 reference manual
> + *   - Chapter 19 UART Controller
> + *   - Appendix B for Register details
>   *
>   * Copyright (c) 2010 Xilinx Inc.
>   * Copyright (c) 2012 Peter A.G. Crosthwaite 
> (peter.crosthwa...@petalogix.com)
> @@ -410,6 +415,18 @@ static void uart_write(void *opaque, hwaddr offset,
>  break;
>  }
>  break;
> +case R_BRGR: /* Baud rate generator */
> +s->r[offset] = 0x028B; /* default reset value */

Why do we still have the reset value here, I thought we were just
ignoring the invalid writes? You don't need to reset it.

Thanks,

Alistair

> +if (value >= 0x01) {
> +s->r[offset] = value & 0x;
> +}
> +break;
> +case R_BDIV:/* Baud rate divider */
> +s->r[offset] = 0x0F;
> +if (value >= 0x04) {
> +s->r[offset] = value & 0xFF;
> +}
> +break;
>  default:
>  s->r[offset] = value;
>  }
> --
> 2.7.4
>
>

[Qemu-devel] [Bug 1623276] Re: qemu 2.7 / iPXE crash

[Laszlo Ersek (Red Hat)]

BTW, this bug can be easily reproduced on hosts that do feature
unrestricted_guest, just reload the kvm_intel module with
unrestricted_guest=N.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1623276

Title:
  qemu 2.7 / iPXE crash

Status in QEMU:
  New

Bug description:
  I am running Arch linux

  vanilla 4.7.2 kernel
  qemu 2.7
  libvirt 2.2.0
  virt-manager 1.4.0

  
  Since the upgrade from qemu 2.6.1 to 2.7 a few days ago. I'm no longer
  able to PXE boot at all. Everything else appears to function normally.
  Non PXE booting and everything else is perfect. Obviously have
  restarted everying etc. Have tried the various network drivers also.

  This occurs on domains created with 2.6.1 or with 2.7

  When I choose PXE boot, the machine moves to a paused state (crashed)
  immediately after the 'starting PXE rom execution...' message appears.

  Reverting to qemu 2.6.1 package corrects the issue.

  The qemu.log snippet follows below.

  I'm not sure how to troubleshoot this problem to determine if it's a
  packaging error by the distribution or a problem with qemu/kvm/kernel?

  Any help would be much appreciated - Thanks,
  Greg

  --- qemu.log:

  
  2016-09-12 16:36:33.867+: starting up libvirt version: 2.2.0, qemu
  version: 2.7.0, hostname: seneca
  LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
  QEMU_AUDIO_DRV=spice /usr/sbin/qemu-system-x86_64 -name guest=c,debug-
  threads=on -S -object
  secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-6-
  c/master-key.aes -machine pc-i440fx-2.7,accel=kvm,usb=off,vmport=off
  -cpu Nehalem -m 2048 -realtime mlock=off -smp
  1,sockets=1,cores=1,threads=1 -uuid 348009be-26d5-4dc7-b515-
  e8b45f5117ac -no-user-config -nodefaults -chardev
  socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-6-
  c/monitor.sock,server,nowait -mon
  chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew
  -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -global
  PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot
  menu=on,strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x6.0x7
  -device ich9-usb-
  uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x6
  -device ich9-usb-
  uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x6.0x1 -device ich9-
  usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x6.0x2 -device
  virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive
  file=/var/lib/libvirt/images/c.qcow2,format=qcow2,if=none,id=drive-
  virtio-disk0 -device virtio-blk-
  pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-
  disk0,bootindex=1 -netdev tap,fd=28,id=hostnet0 -device
  rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:a0:95:7c,bus=pci.0,addr=0x
  3 -chardev pty,id=charserial0 -device isa-
  serial,chardev=charserial0,id=serial0 -chardev
  socket,id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/domain
  -6-c/org.qemu.guest_agent.0,server,nowait -device
  virtserialport,bus=virtio-
  serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_age
  nt.0 -chardev spicevmc,id=charchannel1,name=vdagent -device
  virtserialport,bus=virtio-
  serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0
  -device usb-tablet,id=input0,bus=usb.0,port=1 -spice
  port=5901,addr=127.0.0.1,disable-ticketing,image-
  compression=off,seamless-migration=on -device qxl-
  vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vga
  mem_mb=16,max_outputs=1,bus=pci.0,addr=0x2 -device intel-
  hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-
  codec0,bus=sound0.0,cad=0 -chardev spicevmc,id=charredir0,name=usbredir
  -device usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=2
  -chardev spicevmc,id=charredir1,name=usbredir -device usb-
  redir,chardev=charredir1,id=redir1,bus=usb.0,port=3 -device virtio-
  balloon-pci,id=balloon0,bus=pci.0,addr=0x8 -msg timestamp=on
  char device redirected to /dev/pts/0 (label charserial0)
  main_channel_link: add main channel client
  red_dispatcher_set_cursor_peer: 
  inputs_connect: inputs channel client create
  KVM internal error. Suberror: 1
  emulation failure
  EAX=801a8d00 EBX=00a0 ECX=2e20 EDX=0009d5e8
  ESI=7ffa3c00 EDI=7fef4000 EBP= ESP=7b92
  EIP=06ab EFL=0087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
  ES =   00c09300
  CS =9c4c 0009c4c0  00809b00
  SS =   00809300
  DS =9cd0 0009cd00  00c09300
  FS =   00c09300
  GS =   00c09300
  LDT=   8200
  TR =   8b00
  GDT=  
  IDT=  03ff
  CR0=0010 CR2= CR3= CR4=
  DR0= DR1= DR2=
  DR3= 
  DR6=0ff0 DR7=0400
  

[Qemu-devel] [PATCH v10 19/19] docs: Sample driver to demonstrate how to use Mediated device framework.

[Kirti Wankhede]

The Sample driver creates mdev device that simulates serial port over PCI
card.

Signed-off-by: Kirti Wankhede 
Signed-off-by: Neo Jia 
Change-Id: I857f8f12f8b275f2498dfe8c628a5cdc7193b1b2
---
 Documentation/vfio-mdev/Makefile |   13 +
 Documentation/vfio-mdev/mtty.c   | 1503 ++
 Documentation/vfio-mdev/vfio-mediated-device.txt |  103 +-
 3 files changed, 1618 insertions(+), 1 deletion(-)
 create mode 100644 Documentation/vfio-mdev/Makefile
 create mode 100644 Documentation/vfio-mdev/mtty.c

diff --git a/Documentation/vfio-mdev/Makefile b/Documentation/vfio-mdev/Makefile
new file mode 100644
index ..a932edbe38eb
--- /dev/null
+++ b/Documentation/vfio-mdev/Makefile
@@ -0,0 +1,13 @@
+#
+# Makefile for mtty.c file
+#
+KERNEL_DIR:=/lib/modules/$(shell uname -r)/build
+
+obj-m:=mtty.o
+
+modules clean modules_install:
+   $(MAKE) -C $(KERNEL_DIR) SUBDIRS=$(PWD) $@
+
+default: modules
+
+module: modules
diff --git a/Documentation/vfio-mdev/mtty.c b/Documentation/vfio-mdev/mtty.c
new file mode 100644
index ..6c71d12288d1
--- /dev/null
+++ b/Documentation/vfio-mdev/mtty.c
@@ -0,0 +1,1503 @@
+/*
+ * Mediated virtual PCI serial host device driver
+ *
+ * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved.
+ * Author: Neo Jia 
+ * Kirti Wankhede 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Sample driver that creates mdev device that simulates serial port over PCI
+ * card.
+ *
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+/*
+ * #defines
+ */
+
+#define VERSION_STRING  "0.1"
+#define DRIVER_AUTHOR   "NVIDIA Corporation"
+
+#define MTTY_CLASS_NAME "mtty"
+
+#define MTTY_NAME   "mtty"
+
+#define MTTY_STRING_LEN16
+
+#define MTTY_CONFIG_SPACE_SIZE  0xff
+#define MTTY_IO_BAR_SIZE0x8
+#define MTTY_MMIO_BAR_SIZE  0x10
+
+#define STORE_LE16(addr, val)   (*(u16 *)addr = val)
+#define STORE_LE32(addr, val)   (*(u32 *)addr = val)
+
+#define MAX_FIFO_SIZE   16
+
+#define CIRCULAR_BUF_INC_IDX(idx)(idx = (idx + 1) & (MAX_FIFO_SIZE - 1))
+
+#define MTTY_VFIO_PCI_OFFSET_SHIFT   40
+
+#define MTTY_VFIO_PCI_OFFSET_TO_INDEX(off)   (off >> 
MTTY_VFIO_PCI_OFFSET_SHIFT)
+#define MTTY_VFIO_PCI_INDEX_TO_OFFSET(index) \
+   ((u64)(index) << MTTY_VFIO_PCI_OFFSET_SHIFT)
+#define MTTY_VFIO_PCI_OFFSET_MASK\
+   (((u64)(1) << MTTY_VFIO_PCI_OFFSET_SHIFT) - 1)
+#define MAX_MTTYS  24
+
+/*
+ * Global Structures
+ */
+
+struct mtty_dev {
+   dev_t   vd_devt;
+   struct class*vd_class;
+   struct cdev vd_cdev;
+   struct idr  vd_idr;
+   struct device   dev;
+} mtty_dev;
+
+struct mdev_region_info {
+   u64 start;
+   u64 phys_start;
+   u32 size;
+   u64 vfio_offset;
+};
+
+#if defined(DEBUG_REGS)
+const char *wr_reg[] = {
+   "TX",
+   "IER",
+   "FCR",
+   "LCR",
+   "MCR",
+   "LSR",
+   "MSR",
+   "SCR"
+};
+
+const char *rd_reg[] = {
+   "RX",
+   "IER",
+   "IIR",
+   "LCR",
+   "MCR",
+   "LSR",
+   "MSR",
+   "SCR"
+};
+#endif
+
+/* loop back buffer */
+struct rxtx {
+   u8 fifo[MAX_FIFO_SIZE];
+   u8 head, tail;
+   u8 count;
+};
+
+struct serial_port {
+   u8 uart_reg[8]; /* 8 registers */
+   struct rxtx rxtx;   /* loop back buffer */
+   bool dlab;
+   bool overrun;
+   u16 divisor;
+   u8 fcr; /* FIFO control register */
+   u8 max_fifo_size;
+   u8 intr_trigger_level;  /* interrupt trigger level */
+};
+
+/* State of each mdev device */
+struct mdev_state {
+   int irq_fd;
+   struct eventfd_ctx *intx_evtfd;
+   struct eventfd_ctx *msi_evtfd;
+   int irq_index;
+   u8 *vconfig;
+   struct mutex ops_lock;
+   struct mdev_device *mdev;
+   struct mdev_region_info region_info[VFIO_PCI_NUM_REGIONS];
+   u32 bar_mask[VFIO_PCI_NUM_REGIONS];
+   struct list_head next;
+   struct serial_port s[2];
+   struct mutex rxtx_lock;
+   struct vfio_device_info dev_info;
+   int nr_ports;
+};
+
+struct mutex mdev_list_lock;
+struct list_head mdev_devices_list;
+
+static const struct file_operations vd_fops = {
+   .owner  = THIS_MODULE,
+};
+
+/* function prototypes */
+
+static int mtty_trigger_interrupt(uuid_le uuid);
+
+/* Helper functions */
+static struct mdev_state *find_mdev_state_by_uuid(uuid_le uuid)
+{
+   struct mdev_state *mds;
+
+   

[Qemu-devel] [PATCH v10 14/19] vfio_pci: Updated to use vfio_set_irqs_validate_and_prepare()

[Kirti Wankhede]

Updated vfio_pci.c file to use vfio_set_irqs_validate_and_prepare()

Signed-off-by: Kirti Wankhede 
Signed-off-by: Neo Jia 
Change-Id: I9f3daba89d8dba5cb5b01a8cff420412f30686c7
---
 drivers/vfio/pci/vfio_pci.c | 29 +
 1 file changed, 9 insertions(+), 20 deletions(-)

diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
index 16d8710ef9db..dcd7c2a99618 100644
--- a/drivers/vfio/pci/vfio_pci.c
+++ b/drivers/vfio/pci/vfio_pci.c
@@ -819,35 +819,24 @@ static long vfio_pci_ioctl(void *device_data,
} else if (cmd == VFIO_DEVICE_SET_IRQS) {
struct vfio_irq_set hdr;
u8 *data = NULL;
-   int ret = 0;
+   int max, ret = 0;
+   size_t data_size = 0;
 
minsz = offsetofend(struct vfio_irq_set, count);
 
if (copy_from_user(, (void __user *)arg, minsz))
return -EFAULT;
 
-   if (hdr.argsz < minsz || hdr.index >= VFIO_PCI_NUM_IRQS ||
-   hdr.flags & ~(VFIO_IRQ_SET_DATA_TYPE_MASK |
- VFIO_IRQ_SET_ACTION_TYPE_MASK))
-   return -EINVAL;
+   max = vfio_pci_get_irq_count(vdev, hdr.index);
 
-   if (!(hdr.flags & VFIO_IRQ_SET_DATA_NONE)) {
-   size_t size;
-   int max = vfio_pci_get_irq_count(vdev, hdr.index);
-
-   if (hdr.flags & VFIO_IRQ_SET_DATA_BOOL)
-   size = sizeof(uint8_t);
-   else if (hdr.flags & VFIO_IRQ_SET_DATA_EVENTFD)
-   size = sizeof(int32_t);
-   else
-   return -EINVAL;
-
-   if (hdr.argsz - minsz < hdr.count * size ||
-   hdr.start >= max || hdr.start + hdr.count > max)
-   return -EINVAL;
+   ret = vfio_set_irqs_validate_and_prepare(, max,
+VFIO_PCI_NUM_IRQS, _size);
+   if (ret)
+   return ret;
 
+   if (data_size) {
data = memdup_user((void __user *)(arg + minsz),
-  hdr.count * size);
+   data_size);
if (IS_ERR(data))
return PTR_ERR(data);
}
-- 
2.7.0

[Qemu-devel] [PATCH v10 18/19] docs: Sysfs ABI for mediated device framework

[Kirti Wankhede]

Added details of sysfs ABI for mediated device framework

Signed-off-by: Kirti Wankhede 
Signed-off-by: Neo Jia 
Change-Id: Icb0fd4ed58a2fa793fbcb1c3d5009a4403c1f3ac
---
 Documentation/ABI/testing/sysfs-bus-vfio-mdev | 111 ++
 1 file changed, 111 insertions(+)
 create mode 100644 Documentation/ABI/testing/sysfs-bus-vfio-mdev

diff --git a/Documentation/ABI/testing/sysfs-bus-vfio-mdev 
b/Documentation/ABI/testing/sysfs-bus-vfio-mdev
new file mode 100644
index ..452dbe39270e
--- /dev/null
+++ b/Documentation/ABI/testing/sysfs-bus-vfio-mdev
@@ -0,0 +1,111 @@
+What:   /sys/...//mdev_supported_types/
+Date:   October 2016
+Contact:Kirti Wankhede 
+Description:
+This directory contains list of directories of currently
+   supported mediated device types and their details for
+   . Supported type attributes are defined by the
+   vendor driver who registers with Mediated device framework.
+   Each supported type is a directory whose name is created
+   by adding the device driver string as a prefix to the
+   string provided by the vendor driver.
+
+What:   /sys/...//mdev_supported_types//
+Date:   October 2016
+Contact:Kirti Wankhede 
+Description:
+This directory gives details of supported type, like name,
+   description, available_instances, device_api etc.
+   'device_api' and 'available_instances' are mandatory
+   attributes to be provided by vendor driver. 'name',
+   'description' and other vendor driver specific attributes
+   are optional.
+
+What:   /sys/.../mdev_supported_types//create
+Date:   October 2016
+Contact:Kirti Wankhede 
+Description:
+   Writing UUID to this file will create mediated device of
+   type  for parent device . This is a
+   write-only file.
+   For example:
+   # echo "83b8f4f2-509f-382f-3c1e-e6bfe0fa1001" > \
+  /sys/devices/foo/mdev_supported_types/foo-1/create
+
+What:   /sys/.../mdev_supported_types//devices/
+Date:   October 2016
+Contact:Kirti Wankhede 
+Description:
+   This directory contains symbolic links pointing to mdev
+   devices sysfs entries which are created of this .
+
+What:   /sys/.../mdev_supported_types//available_instances
+Date:   October 2016
+Contact:Kirti Wankhede 
+Description:
+   Reading this attribute will show the number of mediated
+   devices of type  that can be created. This is a
+   readonly file.
+Users:
+   Userspace applications interested in creating mediated
+   device of that type. Userspace application should check
+   the number of available instances could be created before
+   creating mediated device of this type.
+
+What:   /sys/.../mdev_supported_types//device_api
+Date:   October 2016
+Contact:Kirti Wankhede 
+Description:
+   Reading this attribute will show VFIO device API supported
+   by this type. For example, "vfio-pci" for a PCI device,
+   "vfio-platform" for platform device.
+
+What:   /sys/.../mdev_supported_types//name
+Date:   October 2016
+Contact:Kirti Wankhede 
+Description:
+   Reading this attribute will show human readable name of the
+   mediated device that will get created of type .
+   This is optional attribute. For example: "Grid M60-0Q"
+Users:
+   Userspace applications interested in knowing the name of
+   a particular  that can help in understanding the
+   type of mediated device.
+
+What:   /sys/.../mdev_supported_types//description
+Date:   October 2016
+Contact:Kirti Wankhede 
+Description:
+   Reading this attribute will show description of the type of
+   mediated device that will get created of type .
+   This is optional attribute. For example:
+   "2 heads, 512M FB, 2560x1600 maximum resolution"
+Users:
+   Userspace applications interested in knowing the details of
+   a particular  that can help in understanding the
+   features provided by that type of mediated device.
+
+What:   /sys/...///
+Date:   October 2016
+Contact:Kirti Wankhede 
+Description:
+   This directory represents device directory of mediated
+   device. It contains all the