[Qemu-devel] [PATCH v24 06/22] target/rx: CPU definition

[Yoshinori Sato]

v21 changes
Add cpu-param.h
Remove CPU_COMMON
rx_load_image move to rx-virt.

Signed-off-by: Yoshinori Sato 

Message-Id: <20190616142836.10614-4-ys...@users.sourceforge.jp>
Reviewed-by: Richard Henderson 
Message-Id: <20190607091116.49044-4-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
[PMD: Use newer QOM style, split cpu-qom.h, restrict access to
 extable array, use rx_cpu_tlb_fill() extracted from patch of
 Yoshinori Sato 'Convert to CPUClass::tlb_fill']
Signed-off-by: Philippe Mathieu-Daudé 

cpu.c: remove rx_load_image

Signed-off-by: Yoshinori Sato 
---
 target/rx/cpu-param.h   |  31 ++
 target/rx/cpu-qom.h |  42 
 target/rx/cpu.h | 181 +
 target/rx/cpu.c | 217 
 target/rx/gdbstub.c | 112 +
 target/rx/Makefile.objs |   1 -
 6 files changed, 583 insertions(+), 1 deletion(-)
 create mode 100644 target/rx/cpu-param.h
 create mode 100644 target/rx/cpu-qom.h
 create mode 100644 target/rx/cpu.h
 create mode 100644 target/rx/cpu.c
 create mode 100644 target/rx/gdbstub.c

diff --git a/target/rx/cpu-param.h b/target/rx/cpu-param.h
new file mode 100644
index 00..5da87fbebe
--- /dev/null
+++ b/target/rx/cpu-param.h
@@ -0,0 +1,31 @@
+/*
+ *  RX cpu parameters
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef RX_CPU_PARAM_H
+#define RX_CPU_PARAM_H
+
+#define TARGET_LONG_BITS 32
+#define TARGET_PAGE_BITS 12
+
+#define TARGET_PHYS_ADDR_SPACE_BITS 32
+#define TARGET_VIRT_ADDR_SPACE_BITS 32
+
+#define NB_MMU_MODES 1
+#define MMU_MODE0_SUFFIX _all
+
+#endif
diff --git a/target/rx/cpu-qom.h b/target/rx/cpu-qom.h
new file mode 100644
index 00..8328900f3f
--- /dev/null
+++ b/target/rx/cpu-qom.h
@@ -0,0 +1,42 @@
+#ifndef QEMU_RX_CPU_QOM_H
+#define QEMU_RX_CPU_QOM_H
+
+#include "hw/core/cpu.h"
+/*
+ * RX CPU
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ * SPDX-License-Identifier: LGPL-2.0+
+ */
+
+#define TYPE_RX_CPU "rx-cpu"
+
+#define TYPE_RX62N_CPU RX_CPU_TYPE_NAME("rx62n")
+
+#define RXCPU_CLASS(klass) \
+OBJECT_CLASS_CHECK(RXCPUClass, (klass), TYPE_RX_CPU)
+#define RXCPU(obj) \
+OBJECT_CHECK(RXCPU, (obj), TYPE_RX_CPU)
+#define RXCPU_GET_CLASS(obj) \
+OBJECT_GET_CLASS(RXCPUClass, (obj), TYPE_RX_CPU)
+
+/*
+ * RXCPUClass:
+ * @parent_realize: The parent class' realize handler.
+ * @parent_reset: The parent class' reset handler.
+ *
+ * A RX CPU model.
+ */
+typedef struct RXCPUClass {
+/*< private >*/
+CPUClass parent_class;
+/*< public >*/
+
+DeviceRealize parent_realize;
+void (*parent_reset)(CPUState *cpu);
+
+} RXCPUClass;
+
+#define CPUArchState struct CPURXState
+
+#endif
diff --git a/target/rx/cpu.h b/target/rx/cpu.h
new file mode 100644
index 00..2d1eb7665c
--- /dev/null
+++ b/target/rx/cpu.h
@@ -0,0 +1,181 @@
+/*
+ *  RX emulation definition
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef RX_CPU_H
+#define RX_CPU_H
+
+#include "qemu/bitops.h"
+#include "qemu-common.h"
+#include "hw/registerfields.h"
+#include "cpu-qom.h"
+
+#include "exec/cpu-defs.h"
+
+/* PSW define */
+REG32(PSW, 0)
+FIELD(PSW, C, 0, 1)
+FIELD(PSW, Z, 1, 1)
+FIELD(PSW, S, 2, 1)
+FIELD(PSW, O, 3, 1)
+FIELD(PSW, I, 16, 1)
+FIELD(PSW, U, 17, 1)
+FIELD(PSW, PM, 20, 1)
+FIELD(PSW, IPL, 24, 4)
+
+/* FPSW define */
+REG32(FPSW, 0)
+FIELD(FPSW, RM, 0, 2)
+FIELD(FPSW, CV, 2, 1)
+FIELD(FPSW, CO, 3, 1)
+FIELD(FPSW, CZ, 4, 1)
+FIELD(FPSW, CU, 5, 1)
+FIELD(FPSW, CX, 6, 1)
+FIELD(FPSW, CE, 7, 1)
+FIELD(FPSW, CAUSE, 2, 6)
+FIELD(FPSW, DN, 8, 1)
+FIELD(FPSW, EV, 10, 1)
+FIELD(FPSW, EO, 11, 1)
+FIELD(FPSW, EZ, 12, 1)
+FIELD(FPSW, EU, 13, 1)
+FIELD(FPSW, EX, 14, 1)
+FIELD(FPSW, ENABLE, 10, 5)
+FIELD(FPSW, FV, 26, 1)
+FIELD(FPSW, FO, 

[Qemu-devel] [PATCH v24 08/22] target/rx: Disassemble rx_index_addr into a string

[Yoshinori Sato]

From: Richard Henderson 

We were eliding all zero indexes.  It is only ld==0 that does
not have an index in the instruction.  This also allows us to
avoid breaking the final print into multiple pieces.

Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-19-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 154 +-
 1 file changed, 55 insertions(+), 99 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 8cada4825d..64342537ee 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -107,49 +107,42 @@ static const char psw[] = {
 'i', 'u', 0, 0, 0, 0, 0, 0,
 };
 
-static uint32_t rx_index_addr(int ld, int size, DisasContext *ctx)
+static void rx_index_addr(DisasContext *ctx, char out[8], int ld, int mi)
 {
-bfd_byte buf[2];
+uint32_t addr = ctx->addr;
+uint8_t buf[2];
+uint16_t dsp;
+
 switch (ld) {
 case 0:
-return 0;
+/* No index; return empty string.  */
+out[0] = '\0';
+return;
 case 1:
-ctx->dis->read_memory_func(ctx->addr, buf, 1, ctx->dis);
 ctx->addr += 1;
-return ((uint8_t)buf[0]) << size;
+ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
+dsp = buf[0];
+break;
 case 2:
-ctx->dis->read_memory_func(ctx->addr, buf, 2, ctx->dis);
 ctx->addr += 2;
-return lduw_le_p(buf) << size;
+ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
+dsp = lduw_le_p(buf);
+break;
+default:
+g_assert_not_reached();
 }
-g_assert_not_reached();
+
+sprintf(out, "%u", dsp << (mi < 3 ? mi : 4 - mi));
 }
 
 static void operand(DisasContext *ctx, int ld, int mi, int rs, int rd)
 {
-int dsp;
 static const char sizes[][4] = {".b", ".w", ".l", ".uw", ".ub"};
+char dsp[8];
+
 if (ld < 3) {
-switch (mi) {
-case 4:
-/* dsp[rs].ub */
-dsp = rx_index_addr(ld, RX_MEMORY_BYTE, ctx);
-break;
-case 3:
-/* dsp[rs].uw */
-dsp = rx_index_addr(ld, RX_MEMORY_WORD, ctx);
-break;
-default:
-/* dsp[rs].b */
-/* dsp[rs].w */
-/* dsp[rs].l */
-dsp = rx_index_addr(ld, mi, ctx);
-break;
-}
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]%s", rs, sizes[mi]);
+rx_index_addr(ctx, dsp, ld, mi);
+prt("%s[r%d]%s", dsp, rs, sizes[mi]);
 } else {
 prt("r%d", rs);
 }
@@ -235,7 +228,7 @@ static bool trans_MOV_ra(DisasContext *ctx, arg_MOV_ra *a)
 /* mov.[bwl] rs,rd */
 static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 {
-int dsp;
+char dspd[8], dsps[8];
 
 prt("mov.%c\t", size[a->sz]);
 if (a->lds == 3 && a->ldd == 3) {
@@ -244,29 +237,15 @@ static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 return true;
 }
 if (a->lds == 3) {
-prt("r%d, ", a->rd);
-dsp = rx_index_addr(a->ldd, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]", a->rs);
+rx_index_addr(ctx, dspd, a->ldd, a->sz);
+prt("r%d, %s[r%d]", a->rs, dspd, a->rd);
 } else if (a->ldd == 3) {
-dsp = rx_index_addr(a->lds, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d], r%d", a->rs, a->rd);
+rx_index_addr(ctx, dsps, a->lds, a->sz);
+prt("%s[r%d], r%d", dsps, a->rs, a->rd);
 } else {
-dsp = rx_index_addr(a->lds, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d], ", a->rs);
-dsp = rx_index_addr(a->ldd, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]", a->rd);
+rx_index_addr(ctx, dsps, a->lds, a->sz);
+rx_index_addr(ctx, dspd, a->ldd, a->sz);
+prt("%s[r%d], %s[r%d]", dsps, a->rs, dspd, a->rd);
 }
 return true;
 }
@@ -357,12 +336,10 @@ static bool trans_PUSH_r(DisasContext *ctx, arg_PUSH_r *a)
 /* push dsp[rs] */
 static bool trans_PUSH_m(DisasContext *ctx, arg_PUSH_m *a)
 {
-prt("push\t");
-int dsp = rx_index_addr(a->ld, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]", a->rs);
+char dsp[8];
+
+rx_index_addr(ctx, dsp, a->ld, a->sz);
+prt("push\t%s[r%d]", dsp, a->rs);
 return true;
 }
 
@@ -389,17 +366,13 @@ static bool trans_XCHG_rr(DisasContext *ctx, arg_XCHG_rr 
*a)
 /* xchg dsp[rs].,rd */
 static bool trans_XCHG_mr(DisasContext *ctx, arg_XCHG_mr *a)
 {
-int dsp;
 static const char msize[][4] = {
 "b", "w", "l", "ub", "uw",
 };
+char dsp[8];
 
-prt("xchg\t");
-dsp = rx_index_addr(a->ld, a->mi, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-

[Qemu-devel] [PATCH v24 03/22] hw/registerfields.h: Add 8bit and 16bit register macros

[Yoshinori Sato]

From: Philippe Mathieu-Daudé 

Some RX peripheral using 8bit and 16bit registers.
Added 8bit and 16bit APIs.

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-11-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Signed-off-by: Richard Henderson 
---
 include/hw/registerfields.h | 32 +++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/include/hw/registerfields.h b/include/hw/registerfields.h
index 2659a58737..a0bb0654d6 100644
--- a/include/hw/registerfields.h
+++ b/include/hw/registerfields.h
@@ -22,6 +22,14 @@
 enum { A_ ## reg = (addr) };  \
 enum { R_ ## reg = (addr) / 4 };
 
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };
+
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };
+
 /* Define SHIFT, LENGTH and MASK constants for a field within a register */
 
 /* This macro will define R_FOO_BAR_MASK, R_FOO_BAR_SHIFT and R_FOO_BAR_LENGTH
@@ -34,6 +42,12 @@
 MAKE_64BIT_MASK(shift, length)};
 
 /* Extract a field from a register */
+#define FIELD_EX8(storage, reg, field)\
+extract8((storage), R_ ## reg ## _ ## field ## _SHIFT,\
+  R_ ## reg ## _ ## field ## _LENGTH)
+#define FIELD_EX16(storage, reg, field)   \
+extract16((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH)
 #define FIELD_EX32(storage, reg, field)   \
 extract32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
   R_ ## reg ## _ ## field ## _LENGTH)
@@ -49,6 +63,22 @@
  * Assigning values larger then the target field will result in
  * compilation warnings.
  */
+#define FIELD_DP8(storage, reg, field, val) ({\
+struct {  \
+unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
+} v = { .v = val };   \
+uint8_t d;\
+d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
+d; })
+#define FIELD_DP16(storage, reg, field, val) ({   \
+struct {  \
+unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
+} v = { .v = val };   \
+uint16_t d;   \
+d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
+d; })
 #define FIELD_DP32(storage, reg, field, val) ({   \
 struct {  \
 unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
@@ -57,7 +87,7 @@
 d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
   R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
 d; })
-#define FIELD_DP64(storage, reg, field, val) ({   \
+#define FIELD_DP64(storage, reg, field, val) ({ \
 struct {  \
 unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
 } v = { .v = val };   \
-- 
2.20.1

[Qemu-devel] [PATCH v24 01/22] MAINTAINERS: Add RX

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-18-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 MAINTAINERS | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 50eaf005f4..bfc99986cc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -271,6 +271,13 @@ F: include/hw/riscv/
 F: linux-user/host/riscv32/
 F: linux-user/host/riscv64/
 
+RENESAS RX CPUs
+M: Yoshinori Sato 
+S: Maintained
+F: target/rx/
+F: hw/rx/
+F: include/hw/rx/
+
 S390 TCG CPUs
 M: Richard Henderson 
 M: David Hildenbrand 
@@ -1118,6 +1125,18 @@ F: pc-bios/canyonlands.dt[sb]
 F: pc-bios/u-boot-sam460ex-20100605.bin
 F: roms/u-boot-sam460ex
 
+RX Machines
+---
+rx-virt
+M: Yoshinori Sato 
+S: Maintained
+F: hw/rx/rxqemu.c
+F: hw/intc/rx_icu.c
+F: hw/timer/renesas_*.c
+F: hw/char/renesas_sci.c
+F: include/hw/timer/renesas_*.h
+F: include/hw/char/renesas_sci.h
+
 SH4 Machines
 
 R2D
-- 
2.20.1

[Qemu-devel] [PATCH v24 07/22] target/rx: RX disassembler

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-5-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/disas/dis-asm.h |5 +
 target/rx/disas.c   | 1480 +++
 2 files changed, 1485 insertions(+)
 create mode 100644 target/rx/disas.c

diff --git a/include/disas/dis-asm.h b/include/disas/dis-asm.h
index e9c7dd8eb4..a900bd0a27 100644
--- a/include/disas/dis-asm.h
+++ b/include/disas/dis-asm.h
@@ -226,6 +226,10 @@ enum bfd_architecture
 #define bfd_mach_nios2r22
   bfd_arch_lm32,   /* Lattice Mico32 */
 #define bfd_mach_lm32 1
+  bfd_arch_rx,   /* Renesas RX */
+#define bfd_mach_rx0x75
+#define bfd_mach_rx_v2 0x76
+#define bfd_mach_rx_v3 0x77
   bfd_arch_last
   };
 #define bfd_mach_s390_31 31
@@ -433,6 +437,7 @@ int print_insn_little_nios2 (bfd_vma, 
disassemble_info*);
 int print_insn_xtensa   (bfd_vma, disassemble_info*);
 int print_insn_riscv32  (bfd_vma, disassemble_info*);
 int print_insn_riscv64  (bfd_vma, disassemble_info*);
+int print_insn_rx(bfd_vma, disassemble_info *);
 
 #if 0
 /* Fetch the disassembler for a given BFD, if that support is available.  */
diff --git a/target/rx/disas.c b/target/rx/disas.c
new file mode 100644
index 00..8cada4825d
--- /dev/null
+++ b/target/rx/disas.c
@@ -0,0 +1,1480 @@
+/*
+ * Renesas RX Disassembler
+ *
+ * Copyright (c) 2019 Yoshinori Sato 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "disas/dis-asm.h"
+#include "qemu/bitops.h"
+#include "cpu.h"
+
+typedef struct DisasContext {
+disassemble_info *dis;
+uint32_t addr;
+uint32_t pc;
+} DisasContext;
+
+
+static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
+   int i, int n)
+{
+bfd_byte buf;
+while (++i <= n) {
+ctx->dis->read_memory_func(ctx->addr++, , 1, ctx->dis);
+insn |= buf << (32 - i * 8);
+}
+return insn;
+}
+
+static int32_t li(DisasContext *ctx, int sz)
+{
+int32_t addr;
+bfd_byte buf[4];
+addr = ctx->addr;
+
+switch (sz) {
+case 1:
+ctx->addr += 1;
+ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
+return (int8_t)buf[0];
+case 2:
+ctx->addr += 2;
+ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
+return ldsw_le_p(buf);
+case 3:
+ctx->addr += 3;
+ctx->dis->read_memory_func(addr, buf, 3, ctx->dis);
+return (int8_t)buf[2] << 16 | lduw_le_p(buf);
+case 0:
+ctx->addr += 4;
+ctx->dis->read_memory_func(addr, buf, 4, ctx->dis);
+return ldl_le_p(buf);
+default:
+g_assert_not_reached();
+}
+}
+
+static int bdsp_s(DisasContext *ctx, int d)
+{
+/*
+ * 0 -> 8
+ * 1 -> 9
+ * 2 -> 10
+ * 3 -> 3
+ * :
+ * 7 -> 7
+ */
+if (d < 3) {
+d += 8;
+}
+return d;
+}
+
+/* Include the auto-generated decoder.  */
+#include "decode.inc.c"
+
+#define prt(...) (ctx->dis->fprintf_func)((ctx->dis->stream), __VA_ARGS__)
+
+#define RX_MEMORY_BYTE 0
+#define RX_MEMORY_WORD 1
+#define RX_MEMORY_LONG 2
+
+#define RX_IM_BYTE 0
+#define RX_IM_WORD 1
+#define RX_IM_LONG 2
+#define RX_IM_UWORD 3
+
+static const char size[] = {'b', 'w', 'l'};
+static const char cond[][4] = {
+"eq", "ne", "c", "nc", "gtu", "leu", "pz", "n",
+"ge", "lt", "gt", "le", "o", "no", "ra", "f"
+};
+static const char psw[] = {
+'c', 'z', 's', 'o', 0, 0, 0, 0,
+'i', 'u', 0, 0, 0, 0, 0, 0,
+};
+
+static uint32_t rx_index_addr(int ld, int size, DisasContext *ctx)
+{
+bfd_byte buf[2];
+switch (ld) {
+case 0:
+return 0;
+case 1:
+ctx->dis->read_memory_func(ctx->addr, buf, 1, ctx->dis);
+ctx->addr += 1;
+return ((uint8_t)buf[0]) << size;
+case 2:
+ctx->dis->read_memory_func(ctx->addr, buf, 2, ctx->dis);
+ctx->addr += 2;
+return lduw_le_p(buf) << size;
+}
+g_assert_not_reached();
+}
+
+static void operand(DisasContext *ctx, int ld, int mi, int rs, int rd)
+{
+int dsp;
+static const char sizes[][4] = {".b", ".w", ".l", ".uw", ".ub"};
+if (ld < 3) {
+switch (mi) {
+case 4:
+/* dsp[rs].ub */
+dsp = rx_index_addr(ld, 

Re: [Qemu-devel] [PATCH v2 11/13] qcrypto-luks: refactoring: simplify the math used for keyslot locations

[Maxim Levitsky]

On Fri, 2019-09-06 at 14:17 +0100, Daniel P. Berrangé wrote:
> On Mon, Aug 26, 2019 at 04:51:01PM +0300, Maxim Levitsky wrote:
> > Signed-off-by: Maxim Levitsky 
> > ---
> >  crypto/block-luks.c | 64 +
> >  1 file changed, 41 insertions(+), 23 deletions(-)
> > 
> > diff --git a/crypto/block-luks.c b/crypto/block-luks.c
> > index d713125925..6a43d97ce5 100644
> > --- a/crypto/block-luks.c
> > +++ b/crypto/block-luks.c
> > @@ -409,6 +409,32 @@ qcrypto_block_luks_essiv_cipher(QCryptoCipherAlgorithm 
> > cipher,
> >  }
> >  }
> >  
> > +/*
> > + * Returns number of sectors needed to store the key material
> > + * given number of anti forensic stripes
> > + */
> > +static int
> > +qcrypto_block_luks_splitkeylen_sectors(const QCryptoBlockLUKS *luks,
> > +   unsigned int stripes)
> > +{
> > +/*
> > + * This calculation doesn't match that shown in the spec,
> > + * but instead follows the cryptsetup implementation.
> > + */
> > +
> > +size_t header_sectors = QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
> > +QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
> 
> The caller already calculated that so just pass it in

All right, no problem.

> 
> > +
> > +size_t splitkeylen = luks->header.master_key_len * stripes;
> > +
> > +/* First align the key material size to block size*/
> > +size_t splitkeylen_sectors =
> > +DIV_ROUND_UP(splitkeylen, QCRYPTO_BLOCK_LUKS_SECTOR_SIZE);
> > +
> > +/* Then also align the key material size to the size of the header */
> > +return ROUND_UP(splitkeylen_sectors, header_sectors);
> > +}
> > +
> >  /*
> >   * Stores the main LUKS header, taking care of endianess
> >   */
> > @@ -1151,7 +1177,8 @@ qcrypto_block_luks_create(QCryptoBlock *block,
> >  QCryptoBlockCreateOptionsLUKS luks_opts;
> >  Error *local_err = NULL;
> >  g_autofree uint8_t *masterkey = NULL;
> > -size_t splitkeylen = 0;
> > +size_t header_sectors;
> > +size_t split_key_sectors;
> >  size_t i;
> >  g_autofree char *password;
> >  const char *cipher_alg;
> > @@ -1370,37 +1397,28 @@ qcrypto_block_luks_create(QCryptoBlock *block,
> >  goto error;
> >  }
> >  
> > +/* start with the sector that follows the header*/
> > +header_sectors = QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
> > +QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
> > +
> > +split_key_sectors =
> > +qcrypto_block_luks_splitkeylen_sectors(luks,
> > +   QCRYPTO_BLOCK_LUKS_STRIPES);
> >  
> > -/* Although LUKS has multiple key slots, we're just going
> > - * to use the first key slot */
> > -splitkeylen = luks->header.master_key_len * QCRYPTO_BLOCK_LUKS_STRIPES;
> >  for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
> > -luks->header.key_slots[i].active = 
> > QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED;
> > -luks->header.key_slots[i].stripes = QCRYPTO_BLOCK_LUKS_STRIPES;
> > +QCryptoBlockLUKSKeySlot *slot = >header.key_slots[i];
> > +slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED;
> >  
> > -/* This calculation doesn't match that shown in the spec,
> > - * but instead follows the cryptsetup implementation.
> > - */
> > -luks->header.key_slots[i].key_offset_sector =
> > -(QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
> > - QCRYPTO_BLOCK_LUKS_SECTOR_SIZE) +
> > -(ROUND_UP(DIV_ROUND_UP(splitkeylen, 
> > QCRYPTO_BLOCK_LUKS_SECTOR_SIZE),
> > -  (QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
> > -   QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)) * i);
> > +slot->key_offset_sector = header_sectors + i * split_key_sectors;
> > +slot->stripes = QCRYPTO_BLOCK_LUKS_STRIPES;
> >  }
> >  
> > -
> >  /* The total size of the LUKS headers is the partition header + key
> >   * slot headers, rounded up to the nearest sector, combined with
> >   * the size of each master key material region, also rounded up
> >   * to the nearest sector */
> > -luks->header.payload_offset_sector =
> > -(QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
> > - QCRYPTO_BLOCK_LUKS_SECTOR_SIZE) +
> > -(ROUND_UP(DIV_ROUND_UP(splitkeylen, 
> > QCRYPTO_BLOCK_LUKS_SECTOR_SIZE),
> > -  (QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
> > -   QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)) *
> > - QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
> > +luks->header.payload_offset_sector = header_sectors +
> > +QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS * split_key_sectors;
> >  
> >  block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
> >  block->payload_offset = luks->header.payload_offset_sector *
> 
> Reviewed-by: Daniel P. Berrangé 
> 
> Regards,
> Daniel

Best regards,
Maxim Levitsky

Re: [Qemu-devel] [RFC v2 3/3] virt: Check KVM_CAP_ARM_IRQ_LINE_LAYOUT_2 for smp_cpus > 256

[Andrew Jones]

On Wed, Sep 11, 2019 at 05:51:25PM +0200, Eric Auger wrote:
> Host kernel within [4.18, 5.3] report an erroneous KVM_MAX_VCPUS=512
> for ARM. The actual capability to instantiate more than 256 vcpus
> was fixed in 5.4 with the upgrade of the KVM_IRQ_LINE ABI to support
> vcpu id encoded on 12 bits instead of 8 and a redistributor consuming
> a single KVM IO device instead of 2.
> 
> So let's check this capability when attempting to use more than 256
> vcpus.
> 
> Signed-off-by: Eric Auger 
> ---
>  hw/arm/virt.c|  4 
>  target/arm/kvm.c | 21 +
>  target/arm/kvm_arm.h | 15 +++
>  3 files changed, 40 insertions(+)
> 
> diff --git a/hw/arm/virt.c b/hw/arm/virt.c
> index 0d1629ccb3..465e3140f7 100644
> --- a/hw/arm/virt.c
> +++ b/hw/arm/virt.c
> @@ -1575,6 +1575,10 @@ static void machvirt_init(MachineState *machine)
>  virt_max_cpus = GIC_NCPU;
>  }
>  
> +if (kvm_arm_irq_line_layout_mismatch(MACHINE(vms), max_cpus)) {
> +exit(1);
> +}
> +
>  if (max_cpus > virt_max_cpus) {
>  error_report("Number of SMP CPUs requested (%d) exceeds max CPUs "
>   "supported by machine 'mach-virt' (%d)",
> diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> index 6cdfa2204f..b601e2f35a 100644
> --- a/target/arm/kvm.c
> +++ b/target/arm/kvm.c
> @@ -171,6 +171,27 @@ bool kvm_arm_pmu_supported(CPUState *cpu)
>  return kvm_check_extension(s, KVM_CAP_ARM_PMU_V3);
>  }
>  
> +bool kvm_arm_irq_line_layout_mismatch(MachineState *ms, int vcpus)
> +{
> +KVMState *s;
> +bool ret;
> +
> +if (!kvm_enabled()) {
> +return false;
> +}
> +
> +s = KVM_STATE(ms->accelerator);
> +
> +ret = vcpus > 256 &&
> +  !kvm_check_extension(s, KVM_CAP_ARM_IRQ_LINE_LAYOUT_2);
> +
> +if (ret) {
> +error_report("Using more than 256 vcpus requires a host kernel "
> + "with KVM_CAP_ARM_IRQ_LINE_LAYOUT_2");
> +}
> +return ret;
> +}
> +
>  int kvm_arm_get_max_vm_ipa_size(MachineState *ms)
>  {
>  KVMState *s = KVM_STATE(ms->accelerator);
> diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
> index b4e19457a0..d893d950d8 100644
> --- a/target/arm/kvm_arm.h
> +++ b/target/arm/kvm_arm.h
> @@ -233,6 +233,16 @@ bool kvm_arm_pmu_supported(CPUState *cs);
>   */
>  int kvm_arm_get_max_vm_ipa_size(MachineState *ms);
>  
> +/**
> + * kvm_arm_irq_line_layout_mismatch - Returns whether the number of vcpus
> + * exceeds the limit imposed by the legacy KVM_IRQ_LINE ARM layout
> + * (without the vcpu2_index field).
> + *
> + * @ms: Machine state handle
> + * @vcpus: number of vcpus
> + */
> +bool kvm_arm_irq_line_layout_mismatch(MachineState *ms, int vcpus);
> +
>  /**
>   * kvm_arm_sync_mpstate_to_kvm
>   * @cpu: ARMCPU
> @@ -281,6 +291,11 @@ static inline int 
> kvm_arm_get_max_vm_ipa_size(MachineState *ms)
>  return -ENOENT;
>  }
>  
> +static inline bool kvm_arm_irq_line_layout_mismatch(MachineState *ms, int 
> vcpus)
> +{
> +return false;
> +}
> +
>  static inline int kvm_arm_vgic_probe(void)
>  {
>  return 0;
> -- 
> 2.20.1
> 
>

Reviewed-by: Andrew Jones 

[Qemu-devel] [PATCH v24 14/22] hw/intc: RX62N interrupt controller (ICUa)

[Yoshinori Sato]

This implementation supported only ICUa.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-6-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 include/hw/intc/rx_icu.h |  56 ++
 hw/intc/rx_icu.c | 379 +++
 hw/intc/Kconfig  |   3 +
 hw/intc/Makefile.objs|   1 +
 4 files changed, 439 insertions(+)
 create mode 100644 include/hw/intc/rx_icu.h
 create mode 100644 hw/intc/rx_icu.c

diff --git a/include/hw/intc/rx_icu.h b/include/hw/intc/rx_icu.h
new file mode 100644
index 00..acfcf06aef
--- /dev/null
+++ b/include/hw/intc/rx_icu.h
@@ -0,0 +1,56 @@
+#ifndef RX_ICU_H
+#define RX_ICU_H
+
+#include "qemu-common.h"
+#include "hw/irq.h"
+
+enum TRG_MODE {
+TRG_LEVEL = 0,
+TRG_NEDGE = 1,  /* Falling */
+TRG_PEDGE = 2,  /* Raising */
+TRG_BEDGE = 3,  /* Both */
+};
+
+struct IRQSource {
+enum TRG_MODE sense;
+int level;
+};
+
+enum {
+/* Software interrupt request */
+SWI = 27,
+NR_IRQS = 256,
+};
+
+struct RXICUState {
+SysBusDevice parent_obj;
+
+MemoryRegion memory;
+struct IRQSource src[NR_IRQS];
+char *icutype;
+uint32_t nr_irqs;
+uint32_t *map;
+uint32_t nr_sense;
+uint32_t *init_sense;
+
+uint8_t ir[NR_IRQS];
+uint8_t dtcer[NR_IRQS];
+uint8_t ier[NR_IRQS / 8];
+uint8_t ipr[142];
+uint8_t dmasr[4];
+uint16_t fir;
+uint8_t nmisr;
+uint8_t nmier;
+uint8_t nmiclr;
+uint8_t nmicr;
+int req_irq;
+qemu_irq _irq;
+qemu_irq _fir;
+qemu_irq _swi;
+};
+typedef struct RXICUState RXICUState;
+
+#define TYPE_RXICU "rx-icu"
+#define RXICU(obj) OBJECT_CHECK(RXICUState, (obj), TYPE_RXICU)
+
+#endif /* RX_ICU_H */
diff --git a/hw/intc/rx_icu.c b/hw/intc/rx_icu.c
new file mode 100644
index 00..ac4dcbfe37
--- /dev/null
+++ b/hw/intc/rx_icu.c
@@ -0,0 +1,379 @@
+/*
+ * RX Interrupt Control Unit
+ *
+ * Warning: Only ICUa is supported.
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/irq.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/qdev-properties.h"
+#include "hw/intc/rx_icu.h"
+#include "migration/vmstate.h"
+#include "qemu/error-report.h"
+
+REG8(IR, 0)
+  FIELD(IR, IR,  0, 1)
+REG8(DTCER, 0x100)
+  FIELD(DTCER, DTCE,  0, 1)
+REG8(IER, 0x200)
+REG8(SWINTR, 0x2e0)
+  FIELD(SWINTR, SWINT, 0, 1)
+REG16(FIR, 0x2f0)
+  FIELD(FIR, FVCT, 0, 8)
+  FIELD(FIR, FIEN, 15, 1)
+REG8(IPR, 0x300)
+  FIELD(IPR, IPR, 0, 4)
+REG8(DMRSR, 0x400)
+REG8(IRQCR, 0x500)
+  FIELD(IRQCR, IRQMD, 2, 2)
+REG8(NMISR, 0x580)
+  FIELD(NMISR, NMIST, 0, 1)
+  FIELD(NMISR, LVDST, 1, 1)
+  FIELD(NMISR, OSTST, 2, 1)
+REG8(NMIER, 0x581)
+  FIELD(NMIER, NMIEN, 0, 1)
+  FIELD(NMIER, LVDEN, 1, 1)
+  FIELD(NMIER, OSTEN, 2, 1)
+REG8(NMICLR, 0x582)
+  FIELD(NMICLR, NMICLR, 0, 1)
+  FIELD(NMICLR, OSTCLR, 2, 1)
+REG8(NMICR, 0x583)
+  FIELD(NMICR, NMIMD, 3, 1)
+
+#define request(icu, n) (icu->ipr[icu->map[n]] << 8 | n)
+
+static void set_irq(RXICUState *icu, int n_IRQ, int req)
+{
+if ((icu->fir & R_FIR_FIEN_MASK) &&
+(icu->fir & R_FIR_FVCT_MASK) == n_IRQ) {
+qemu_set_irq(icu->_fir, req);
+} else {
+qemu_set_irq(icu->_irq, req);
+}
+}
+
+static void rxicu_request(RXICUState *icu, int n_IRQ)
+{
+int enable;
+
+enable = icu->ier[n_IRQ / 8] & (1 << (n_IRQ & 7));
+if (n_IRQ > 0 && enable != 0 && atomic_read(>req_irq) < 0) {
+atomic_set(>req_irq, n_IRQ);
+set_irq(icu, n_IRQ, request(icu, n_IRQ));
+}
+}
+
+static void rxicu_set_irq(void *opaque, int n_IRQ, int level)
+{
+RXICUState *icu = opaque;
+struct IRQSource *src;
+int issue;
+
+if (n_IRQ >= NR_IRQS) {
+error_report("%s: IRQ %d out of range", __func__, n_IRQ);
+return;
+}
+
+src = >src[n_IRQ];
+
+level = (level != 0);
+switch (src->sense) {
+case TRG_LEVEL:
+/* level-sensitive irq */

Re: [Qemu-devel] [PATCH v11 00/11] Build ACPI Heterogeneous Memory Attribute Table (HMAT)

[no-reply]

Patchew URL: https://patchew.org/QEMU/20190912053638.4858-1-tao3...@intel.com/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

libudev   no
default devices   yes

warning: Python 2 support is deprecated
warning: Python 3 will be required for building future versions of QEMU

NOTE: cross-compilers enabled:  'cc'
  GEN x86_64-softmmu/config-devices.mak.tmp
---
Looking for expected file 'tests/data/acpi/pc/SRAT.acpihmat'
Looking for expected file 'tests/data/acpi/pc/SRAT'
**
ERROR:/tmp/qemu-test/src/tests/bios-tables-test.c:327:load_expected_aml: 
assertion failed: (exp_sdt.aml_file)
ERROR - Bail out! 
ERROR:/tmp/qemu-test/src/tests/bios-tables-test.c:327:load_expected_aml: 
assertion failed: (exp_sdt.aml_file)
make: *** [check-qtest-x86_64] Error 1
make: *** Waiting for unfinished jobs
  TESTiotest-qcow2: 036


The full log is available at
http://patchew.org/logs/20190912053638.4858-1-tao3...@intel.com/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [Qemu-devel] [PATCH v24 00/22] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190912060701.4642-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v24 00/22] Add RX archtecture support
Message-id: 20190912060701.4642-1-ys...@users.sourceforge.jp
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 * [new tag] patchew/20190912060701.4642-1-ys...@users.sourceforge.jp 
-> patchew/20190912060701.4642-1-ys...@users.sourceforge.jp
Switched to a new branch 'test'
c7211ec qapi/machine.json: Add RX cpu.
0a60bc1 BootLinuxConsoleTest: Test the RX-Virt machine
21ccd2b Add rx-softmmu
53b5a3e hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
100e307 hw/rx: Honor -accel qtest
4737268 hw/rx: RX Target hardware definition
6d1d3f2 hw/char: RX62N serial communication interface (SCI)
96aa2bf hw/timer: RX62N internal timer modules
54ced3e hw/intc: RX62N interrupt controller (ICUa)
3200a28 target/rx: Dump bytes for each insn during disassembly
a254a82 target/rx: Collect all bytes during disassembly
5f7675e target/rx: Emit all disassembly in one prt()
04b3639 target/rx: Use prt_ldmi for XCHG_mr disassembly
b58c020 target/rx: Replace operand with prt_ldmi in disassembler
9217628 target/rx: Disassemble rx_index_addr into a string
e4f57d2 target/rx: RX disassembler
702f27d target/rx: CPU definition
8abda61 target/rx: TCG helper
ba2df21 target/rx: TCG translation
9201c38 hw/registerfields.h: Add 8bit and 16bit register macros
a1dbe53 qemu/bitops.h: Add extract8 and extract16
7b0a56f MAINTAINERS: Add RX

=== OUTPUT BEGIN ===
1/22 Checking commit 7b0a56f73866 (MAINTAINERS: Add RX)
2/22 Checking commit a1dbe53d2434 (qemu/bitops.h: Add extract8 and extract16)
3/22 Checking commit 9201c38b0287 (hw/registerfields.h: Add 8bit and 16bit 
register macros)
Use of uninitialized value in concatenation (.) or string at 
./scripts/checkpatch.pl line 2484.
ERROR: Macros with multiple statements should be enclosed in a do - while loop
#27: FILE: include/hw/registerfields.h:25:
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };

ERROR: Macros with multiple statements should be enclosed in a do - while loop
#31: FILE: include/hw/registerfields.h:29:
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };

total: 2 errors, 0 warnings, 56 lines checked

Patch 3/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

4/22 Checking commit ba2df2186230 (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 4/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/22 Checking commit 8abda6115755 (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#21: 
new file mode 100644

total: 0 errors, 1 warnings, 650 lines checked

Patch 5/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
6/22 Checking commit 702f27d78dde (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#39: 
new file mode 100644

total: 0 errors, 1 warnings, 588 lines checked

Patch 6/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/22 Checking commit e4f57d2f27c6 (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 7/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
8/22 Checking commit 9217628e8446 (target/rx: Disassemble rx_index_addr into a 
string)
9/22 Checking commit b58c020a513e (target/rx: Replace operand with prt_ldmi in 
disassembler)
10/22 Checking commit 04b36390113a (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
11/22 Checking commit 5f7675ee892f (target/rx: Emit all disassembly in one 
prt())
12/22 Checking commit a254a827a9c5 (target/rx: Collect all bytes during 
disassembly)
13/22 Checking commit 3200a284e4a4 (target/rx: Dump bytes for each 

Re: [Qemu-devel] [PATCH v2 09/13] qcrypto-block: extract check and parse header

[Maxim Levitsky]

On Fri, 2019-09-06 at 14:11 +0100, Daniel P. Berrangé wrote:
> On Mon, Aug 26, 2019 at 04:50:59PM +0300, Maxim Levitsky wrote:
> > This is just to make qcrypto_block_luks_open more
> > reasonable in size.
> > 
> > Signed-off-by: Maxim Levitsky 
> > ---
> >  crypto/block-luks.c | 254 +---
> >  1 file changed, 146 insertions(+), 108 deletions(-)
> > 
> > diff --git a/crypto/block-luks.c b/crypto/block-luks.c
> > index b4dc6fc899..cc9a52c9af 100644
> > --- a/crypto/block-luks.c
> > +++ b/crypto/block-luks.c
> > @@ -508,6 +508,148 @@ fail:
> >  return ret;
> >  }
> >  
> > +/*
> > + * Does basic sanity checks on the LUKS header
> > + */
> > +static int
> > +qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
> > +{
> > +int ret;
> > +
> > +if (memcmp(luks->header.magic, qcrypto_block_luks_magic,
> > +   QCRYPTO_BLOCK_LUKS_MAGIC_LEN) != 0) {
> > +error_setg(errp, "Volume is not in LUKS format");
> > +ret = -EINVAL;
> > +goto fail;
> > +}
> 
> Just 'return -1' here immediately - don't return an errno, as we're
> using Error objects for reporting.
> 
> > +
> > +if (luks->header.version != QCRYPTO_BLOCK_LUKS_VERSION) {
> > +error_setg(errp, "LUKS version %" PRIu32 " is not supported",
> > +   luks->header.version);
> > +ret = -ENOTSUP;
> > +goto fail;
> > +}
> > +
> > +return 0;
> > +fail:
> > +return ret;
> > +}
> > +
> > +/*
> > + * Parses the crypto parameters that are stored in the LUKS header
> > + */
> > +
> > +static int
> > +qcrypto_block_luks_parse_header(QCryptoBlockLUKS *luks, Error **errp)
> > +{
> > +g_autofree char *cipher_mode = g_strdup(luks->header.cipher_mode);
> > +char *ivgen_name, *ivhash_name;
> > +int ret = -1;
> > +Error *local_err = NULL;
> > +
> > +/*
> > + * The cipher_mode header contains a string that we have
> > + * to further parse, of the format
> > + *
> > + *-[:]
> > + *
> > + * eg  cbc-essiv:sha256, cbc-plain64
> > + */
> > +ivgen_name = strchr(cipher_mode, '-');
> > +if (!ivgen_name) {
> > +ret = -EINVAL;
> 
> Again, don't use errnos - just return -1 in this method.
> 
> > +error_setg(errp, "Unexpected cipher mode string format %s",
> > +   luks->header.cipher_mode);
> > +goto out;
> > +}
> > +*ivgen_name = '\0';
> > +ivgen_name++;
> > +
> > +ivhash_name = strchr(ivgen_name, ':');
> > +if (!ivhash_name) {
> > +luks->ivgen_hash_alg = 0;
> > +} else {
> > +*ivhash_name = '\0';
> > +ivhash_name++;
> > +
> > +luks->ivgen_hash_alg = 
> > qcrypto_block_luks_hash_name_lookup(ivhash_name,
> > +   
> > _err);
> > +if (local_err) {
> > +ret = -ENOTSUP;
> > +error_propagate(errp, local_err);
> > +goto out;
> > +}
> > +}
> > +
> > +luks->cipher_mode = qcrypto_block_luks_cipher_mode_lookup(cipher_mode,
> > +  _err);
> > +if (local_err) {
> > +ret = -ENOTSUP;
> > +error_propagate(errp, local_err);
> > +goto out;
> > +}
> > +
> > +luks->cipher_alg =
> > +qcrypto_block_luks_cipher_name_lookup(luks->header.cipher_name,
> > +  luks->cipher_mode,
> > +  
> > luks->header.master_key_len,
> > +  _err);
> > +if (local_err) {
> > +ret = -ENOTSUP;
> > +error_propagate(errp, local_err);
> > +goto out;
> > +}
> > +
> > +luks->hash_alg =
> > +qcrypto_block_luks_hash_name_lookup(luks->header.hash_spec,
> > +   _err);
> > +if (local_err) {
> > +ret = -ENOTSUP;
> > +error_propagate(errp, local_err);
> > +goto out;
> > +}
> > +
> > +luks->ivgen_alg = qcrypto_block_luks_ivgen_name_lookup(ivgen_name,
> > +   _err);
> > +if (local_err) {
> > +ret = -ENOTSUP;
> > +error_propagate(errp, local_err);
> > +goto out;
> > +}
> > +
> > +if (luks->ivgen_alg == QCRYPTO_IVGEN_ALG_ESSIV) {
> > +if (!ivhash_name) {
> > +ret = -EINVAL;
> > +error_setg(errp, "Missing IV generator hash specification");
> > +goto out;
> > +}
> > +luks->ivgen_cipher_alg =
> > +qcrypto_block_luks_essiv_cipher(luks->cipher_alg,
> > +luks->ivgen_hash_alg,
> > +_err);
> > +if (local_err) {
> > +ret = -ENOTSUP;
> > +error_propagate(errp, 

Re: [Qemu-devel] [Qemu-block] [PATCH] qcow2: Stop overwriting compressed clusters one by one

[Alberto Garcia]

On Thu 12 Sep 2019 01:33:05 AM CEST, John Snow  wrote:
>> This restriction comes from commit 095a9c58ce12afeeb90c2 from 2018.
>
> You accidentally typed a reasonably modern date. It's from *2008*!

Oh my, and I reviewed the message 3 times ... if this one gets committed
please correct the date.

Berto

Re: [Qemu-devel] [PATCH] migration: fix one typo in comment of function migration_total_bytes()

[Juan Quintela]

Wei Yang  wrote:
> Signed-off-by: Wei Yang 

Reviewed-by: Juan Quintela 

for(i = 0; i < 0; i++)
  printf("Beginning is with double n, not double g");

[Qemu-devel] [PATCH v24 13/22] target/rx: Dump bytes for each insn during disassembly

[Yoshinori Sato]

From: Richard Henderson 

There are so many different forms of each RX instruction
that it will be very useful to be able to look at the bytes
to see on which path a bug may lie.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-24-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 16 +++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 5a32a87534..d73b53db44 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -102,7 +102,21 @@ static int bdsp_s(DisasContext *ctx, int d)
 /* Include the auto-generated decoder.  */
 #include "decode.inc.c"
 
-#define prt(...) (ctx->dis->fprintf_func)((ctx->dis->stream), __VA_ARGS__)
+static void dump_bytes(DisasContext *ctx)
+{
+int i, len = ctx->len;
+
+for (i = 0; i < len; ++i) {
+ctx->dis->fprintf_func(ctx->dis->stream, "%02x ", ctx->bytes[i]);
+}
+ctx->dis->fprintf_func(ctx->dis->stream, "%*c", (8 - i) * 3, '\t');
+}
+
+#define prt(...) \
+do {\
+dump_bytes(ctx);\
+ctx->dis->fprintf_func(ctx->dis->stream, __VA_ARGS__);  \
+} while (0)
 
 #define RX_MEMORY_BYTE 0
 #define RX_MEMORY_WORD 1
-- 
2.20.1

[Qemu-devel] [PATCH v24 02/22] qemu/bitops.h: Add extract8 and extract16

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-10-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 include/qemu/bitops.h | 38 ++
 1 file changed, 38 insertions(+)

diff --git a/include/qemu/bitops.h b/include/qemu/bitops.h
index 3f0926cf40..764f9d1ea0 100644
--- a/include/qemu/bitops.h
+++ b/include/qemu/bitops.h
@@ -300,6 +300,44 @@ static inline uint32_t extract32(uint32_t value, int 
start, int length)
 return (value >> start) & (~0U >> (32 - length));
 }
 
+/**
+ * extract8:
+ * @value: the value to extract the bit field from
+ * @start: the lowest bit in the bit field (numbered from 0)
+ * @length: the length of the bit field
+ *
+ * Extract from the 8 bit input @value the bit field specified by the
+ * @start and @length parameters, and return it. The bit field must
+ * lie entirely within the 8 bit word. It is valid to request that
+ * all 8 bits are returned (ie @length 8 and @start 0).
+ *
+ * Returns: the value of the bit field extracted from the input value.
+ */
+static inline uint8_t extract8(uint8_t value, int start, int length)
+{
+assert(start >= 0 && length > 0 && length <= 8 - start);
+return extract32(value, start, length);
+}
+
+/**
+ * extract16:
+ * @value: the value to extract the bit field from
+ * @start: the lowest bit in the bit field (numbered from 0)
+ * @length: the length of the bit field
+ *
+ * Extract from the 16 bit input @value the bit field specified by the
+ * @start and @length parameters, and return it. The bit field must
+ * lie entirely within the 16 bit word. It is valid to request that
+ * all 16 bits are returned (ie @length 16 and @start 0).
+ *
+ * Returns: the value of the bit field extracted from the input value.
+ */
+static inline uint16_t extract16(uint16_t value, int start, int length)
+{
+assert(start >= 0 && length > 0 && length <= 16 - start);
+return extract32(value, start, length);
+}
+
 /**
  * extract64:
  * @value: the value to extract the bit field from
-- 
2.20.1

[Qemu-devel] [PATCH v24 18/22] hw/rx: Honor -accel qtest

[Yoshinori Sato]

From: Richard Henderson 

Issue an error if no kernel, no bios, and not qtest'ing.
Fixes make check-qtest-rx: test/qom-test.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-16-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
We could squash this with the previous patch
---
 hw/rx/rx62n.c | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/rx/rx62n.c b/hw/rx/rx62n.c
index ac47f2a397..a0986fd15e 100644
--- a/hw/rx/rx62n.c
+++ b/hw/rx/rx62n.c
@@ -21,12 +21,14 @@
 
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "qemu/error-report.h"
 #include "hw/hw.h"
 #include "hw/rx/rx62n.h"
 #include "hw/loader.h"
 #include "hw/sysbus.h"
 #include "hw/qdev-properties.h"
 #include "sysemu/sysemu.h"
+#include "sysemu/qtest.h"
 #include "cpu.h"
 
 /*
@@ -191,8 +193,14 @@ static void rx62n_realize(DeviceState *dev, Error **errp)
 memory_region_init_rom(>c_flash, NULL, "codeflash",
RX62N_CFLASH_SIZE, errp);
 memory_region_add_subregion(s->sysmem, RX62N_CFLASH_BASE, >c_flash);
+
 if (!s->kernel) {
-rom_add_file_fixed(bios_name, RX62N_CFLASH_BASE, 0);
+if (bios_name) {
+rom_add_file_fixed(bios_name, RX62N_CFLASH_BASE, 0);
+}  else if (!qtest_enabled()) {
+error_report("No bios or kernel specified");
+exit(1);
+}
 }
 
 /* Initialize CPU */
-- 
2.20.1

[Qemu-devel] [PATCH v24 20/22] Add rx-softmmu

[Yoshinori Sato]

Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-17-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
pick ed65c02993 target/rx: Add RX to SysEmuTarget
pick 01372568ae tests: Add rx to machine-none-test.c
[PMD: Squashed patches from Richard Henderson modifying
  qapi/common.json and tests/machine-none-test.c]
Signed-off-by: Philippe Mathieu-Daudé 
---
 configure  | 8 
 default-configs/rx-softmmu.mak | 3 +++
 include/exec/poison.h  | 1 +
 include/sysemu/arch_init.h | 1 +
 arch_init.c| 2 ++
 tests/machine-none-test.c  | 1 +
 hw/Kconfig | 1 +
 7 files changed, 17 insertions(+)
 create mode 100644 default-configs/rx-softmmu.mak

diff --git a/configure b/configure
index 95134c0180..30ffde1788 100755
--- a/configure
+++ b/configure
@@ -7607,6 +7607,11 @@ case "$target_name" in
 gdb_xml_files="riscv-64bit-cpu.xml riscv-64bit-fpu.xml riscv-64bit-csr.xml"
 target_compiler=$cross_cc_riscv64
   ;;
+  rx)
+TARGET_ARCH=rx
+bflt="yes"
+target_compiler=$cross_cc_rx
+  ;;
   sh4|sh4eb)
 TARGET_ARCH=sh4
 bflt="yes"
@@ -7830,6 +7835,9 @@ for i in $ARCH $TARGET_BASE_ARCH ; do
   riscv*)
 disas_config "RISCV"
   ;;
+  rx)
+disas_config "RX"
+  ;;
   s390*)
 disas_config "S390"
   ;;
diff --git a/default-configs/rx-softmmu.mak b/default-configs/rx-softmmu.mak
new file mode 100644
index 00..a3eecefb11
--- /dev/null
+++ b/default-configs/rx-softmmu.mak
@@ -0,0 +1,3 @@
+# Default configuration for rx-softmmu
+
+CONFIG_RX_VIRT=y
diff --git a/include/exec/poison.h b/include/exec/poison.h
index 955eb863ab..7b9ac361dc 100644
--- a/include/exec/poison.h
+++ b/include/exec/poison.h
@@ -26,6 +26,7 @@
 #pragma GCC poison TARGET_PPC
 #pragma GCC poison TARGET_PPC64
 #pragma GCC poison TARGET_ABI32
+#pragma GCC poison TARGET_RX
 #pragma GCC poison TARGET_S390X
 #pragma GCC poison TARGET_SH4
 #pragma GCC poison TARGET_SPARC
diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
index 62c6fe4cf1..6c011acc52 100644
--- a/include/sysemu/arch_init.h
+++ b/include/sysemu/arch_init.h
@@ -24,6 +24,7 @@ enum {
 QEMU_ARCH_NIOS2 = (1 << 17),
 QEMU_ARCH_HPPA = (1 << 18),
 QEMU_ARCH_RISCV = (1 << 19),
+QEMU_ARCH_RX = (1 << 20),
 };
 
 extern const uint32_t arch_type;
diff --git a/arch_init.c b/arch_init.c
index 0a1531124c..7a37fb2c34 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -73,6 +73,8 @@ int graphic_depth = 32;
 #define QEMU_ARCH QEMU_ARCH_PPC
 #elif defined(TARGET_RISCV)
 #define QEMU_ARCH QEMU_ARCH_RISCV
+#elif defined(TARGET_RX)
+#define QEMU_ARCH QEMU_ARCH_RX
 #elif defined(TARGET_S390X)
 #define QEMU_ARCH QEMU_ARCH_S390X
 #elif defined(TARGET_SH4)
diff --git a/tests/machine-none-test.c b/tests/machine-none-test.c
index 5953d31755..8bb54a6360 100644
--- a/tests/machine-none-test.c
+++ b/tests/machine-none-test.c
@@ -56,6 +56,7 @@ static struct arch2cpu cpus_map[] = {
 { "hppa", "hppa" },
 { "riscv64", "rv64gcsu-v1.10.0" },
 { "riscv32", "rv32gcsu-v1.9.1" },
+{ "rx", "rx62n" },
 };
 
 static const char *get_cpu_model_by_arch(const char *arch)
diff --git a/hw/Kconfig b/hw/Kconfig
index b45db3c813..77bbc59cc7 100644
--- a/hw/Kconfig
+++ b/hw/Kconfig
@@ -54,6 +54,7 @@ source nios2/Kconfig
 source openrisc/Kconfig
 source ppc/Kconfig
 source riscv/Kconfig
+source rx/Kconfig
 source s390x/Kconfig
 source sh4/Kconfig
 source sparc/Kconfig
-- 
2.20.1

[Qemu-devel] [PATCH v24 09/22] target/rx: Replace operand with prt_ldmi in disassembler

[Yoshinori Sato]

From: Richard Henderson 

This has consistency with prt_ri().  It loads all data before
beginning output.  It uses exactly one call to prt() to emit
the full instruction.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-20-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 77 +--
 1 file changed, 27 insertions(+), 50 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 64342537ee..515b365528 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -135,18 +135,18 @@ static void rx_index_addr(DisasContext *ctx, char out[8], 
int ld, int mi)
 sprintf(out, "%u", dsp << (mi < 3 ? mi : 4 - mi));
 }
 
-static void operand(DisasContext *ctx, int ld, int mi, int rs, int rd)
+static void prt_ldmi(DisasContext *ctx, const char *insn,
+ int ld, int mi, int rs, int rd)
 {
 static const char sizes[][4] = {".b", ".w", ".l", ".uw", ".ub"};
 char dsp[8];
 
 if (ld < 3) {
 rx_index_addr(ctx, dsp, ld, mi);
-prt("%s[r%d]%s", dsp, rs, sizes[mi]);
+prt("%s\t%s[r%d]%s, r%d", insn, dsp, rs, sizes[mi], rd);
 } else {
-prt("r%d", rs);
+prt("%s\tr%d, r%d", insn, rs, rd);
 }
-prt(", r%d", rd);
 }
 
 static void prt_ir(DisasContext *ctx, const char *insn, int imm, int rd)
@@ -416,8 +416,7 @@ static bool trans_AND_ir(DisasContext *ctx, arg_AND_ir *a)
 /* and rs,rd */
 static bool trans_AND_mr(DisasContext *ctx, arg_AND_mr *a)
 {
-prt("and\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "and", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -440,8 +439,7 @@ static bool trans_OR_ir(DisasContext *ctx, arg_OR_ir *a)
 /* or rs,rd */
 static bool trans_OR_mr(DisasContext *ctx, arg_OR_mr *a)
 {
-prt("or\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "or", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -463,8 +461,7 @@ static bool trans_XOR_ir(DisasContext *ctx, arg_XOR_ir *a)
 /* xor rs,rd */
 static bool trans_XOR_mr(DisasContext *ctx, arg_XOR_mr *a)
 {
-prt("xor\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "xor", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -479,8 +476,7 @@ static bool trans_TST_ir(DisasContext *ctx, arg_TST_ir *a)
 /* tst rs, rd */
 static bool trans_TST_mr(DisasContext *ctx, arg_TST_mr *a)
 {
-prt("tst\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "tst", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -548,8 +544,7 @@ static bool trans_ADD_irr(DisasContext *ctx, arg_ADD_irr *a)
 /* add dsp[rs], rd */
 static bool trans_ADD_mr(DisasContext *ctx, arg_ADD_mr *a)
 {
-prt("add\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "add", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -573,8 +568,7 @@ static bool trans_CMP_ir(DisasContext *ctx, arg_CMP_ir *a)
 /* cmp dsp[rs], rs2 */
 static bool trans_CMP_mr(DisasContext *ctx, arg_CMP_mr *a)
 {
-prt("cmp\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "cmp", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -589,8 +583,7 @@ static bool trans_SUB_ir(DisasContext *ctx, arg_SUB_ir *a)
 /* sub dsp[rs], rd */
 static bool trans_SUB_mr(DisasContext *ctx, arg_SUB_mr *a)
 {
-prt("sub\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "sub", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -611,8 +604,7 @@ static bool trans_SBB_rr(DisasContext *ctx, arg_SBB_rr *a)
 /* sbb dsp[rs], rd */
 static bool trans_SBB_mr(DisasContext *ctx, arg_SBB_mr *a)
 {
-prt("sbb\t");
-operand(ctx, a->ld, RX_IM_LONG, a->rs, a->rd);
+prt_ldmi(ctx, "sbb", a->ld, RX_IM_LONG, a->rs, a->rd);
 return true;
 }
 
@@ -640,8 +632,7 @@ static bool trans_MAX_ir(DisasContext *ctx, arg_MAX_ir *a)
 /* max dsp[rs], rd */
 static bool trans_MAX_mr(DisasContext *ctx, arg_MAX_mr *a)
 {
-prt("max\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "max", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -656,8 +647,7 @@ static bool trans_MIN_ir(DisasContext *ctx, arg_MIN_ir *a)
 /* min dsp[rs], rd */
 static bool trans_MIN_mr(DisasContext *ctx, arg_MIN_mr *a)
 {
-prt("max\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "min", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -673,8 +663,7 @@ static bool trans_MUL_ir(DisasContext *ctx, arg_MUL_ir *a)
 /* mul dsp[rs], rd */
 static bool trans_MUL_mr(DisasContext *ctx, arg_MUL_mr *a)
 {
-prt("mul\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "mul", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -696,8 +685,7 @@ static bool trans_EMUL_ir(DisasContext *ctx, arg_EMUL_ir *a)
 /* emul dsp[rs], rd */
 static bool trans_EMUL_mr(DisasContext 

[Qemu-devel] [PATCH v24 21/22] BootLinuxConsoleTest: Test the RX-Virt machine

[Yoshinori Sato]

From: Philippe Mathieu-Daudé 

Add two tests for the rx-virt machine, based on the recommended test
setup from Yoshinori Sato:
https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg03586.html

- U-Boot prompt
- Linux kernel with Sash shell

These are very quick tests:

  $ avocado run -t arch:rx tests/acceptance/boot_linux_console.py
  JOB ID : 84a6ef01c0b87975ecbfcb31a920afd735753ace
  JOB LOG: 
/home/phil/avocado/job-results/job-2019-05-24T05.02-84a6ef0/job.log
   (1/2) tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_rx_uboot: 
PASS (0.11 s)
   (2/2) tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_rx_linux: 
PASS (0.45 s)
  RESULTS: PASS 2 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | 
CANCEL 0

Tests can also be run with:

  $ avocado --show=console run -t arch:rx tests/acceptance/boot_linux_console.py
  console: U-Boot 2016.05-rc3-23705-ga1ef3c71cb-dirty (Feb 05 2019 - 21:56:06 
+0900)
  console: Linux version 4.19.0+ (yo-satoh@yo-satoh-debian) (gcc version 9.0.0 
20181105 (experimental) (GCC)) #137 Wed Feb 20 23:20:02 JST 2019
  console: Built 1 zonelists, mobility grouping on.  Total pages: 8128
  ...
  console: SuperH (H)SCI(F) driver initialized
  console: 88240.serial: ttySC0 at MMIO 0x88240 (irq = 215, base_baud = 0) is a 
sci
  console: console [ttySC0] enabled
  console: 88248.serial: ttySC1 at MMIO 0x88248 (irq = 219, base_baud = 0) is a 
sci

Signed-off-by: Philippe Mathieu-Daudé 
---
Based-on: 20190517045136.3509-1-richard.hender...@linaro.org
"RX architecture support"
Signed-off-by: Yoshinori Sato 
---
 tests/acceptance/boot_linux_console.py | 46 ++
 1 file changed, 46 insertions(+)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index 2504ef0150..8309687778 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -373,3 +373,49 @@ class BootLinuxConsole(Test):
 self.vm.launch()
 console_pattern = 'Kernel command line: %s' % kernel_command_line
 self.wait_for_console_pattern(console_pattern)
+
+def test_rx_uboot(self):
+"""
+:avocado: tags=arch:rx
+:avocado: tags=machine:rx-virt
+:avocado: tags=endian:little
+"""
+uboot_url = ('https://acc.dl.osdn.jp/users/23/23888/u-boot.bin.gz')
+uboot_hash = '9b78dbd43b40b2526848c0b1ce9de02c24f4dcdb'
+uboot_path = self.fetch_asset(uboot_url, asset_hash=uboot_hash)
+uboot_path = archive.uncompress(uboot_path, self.workdir)
+
+self.vm.set_machine('rx-virt')
+self.vm.set_console()
+self.vm.add_args('-bios', uboot_path,
+ '-no-reboot')
+self.vm.launch()
+uboot_version = 'U-Boot 2016.05-rc3-23705-ga1ef3c71cb-dirty'
+self.wait_for_console_pattern(uboot_version)
+gcc_version = 'rx-unknown-linux-gcc (GCC) 9.0.0 20181105 
(experimental)'
+# FIXME limit baudrate on chardev, else we type too fast
+#self.exec_command_and_wait_for_pattern('version', gcc_version)
+
+def test_rx_linux(self):
+"""
+:avocado: tags=arch:rx
+:avocado: tags=machine:rx-virt
+:avocado: tags=endian:little
+"""
+dtb_url = ('https://acc.dl.osdn.jp/users/23/23887/rx-qemu.dtb')
+dtb_hash = '7b4e4e2c71905da44e86ce47adee2210b026ac18'
+dtb_path = self.fetch_asset(dtb_url, asset_hash=dtb_hash)
+kernel_url = ('http://acc.dl.osdn.jp/users/23/23845/zImage')
+kernel_hash = '39a81067f8d72faad90866ddfefa19165d68fc99'
+kernel_path = self.fetch_asset(kernel_url, asset_hash=kernel_hash)
+
+self.vm.set_machine('rx-virt')
+self.vm.set_console()
+kernel_command_line = self.KERNEL_COMMON_COMMAND_LINE + 'earlycon'
+self.vm.add_args('-kernel', kernel_path,
+ '-dtb', dtb_path,
+ '-no-reboot')
+self.vm.launch()
+self.wait_for_console_pattern('Sash command shell (version 1.1.1)')
+self.exec_command_and_wait_for_pattern('printenv',
+   'TERM=linux')
-- 
2.20.1

Re: [Qemu-devel] [PATCH 6/7] spapr: Stop providing RTAS blob

[Greg Kurz]

On Thu, 12 Sep 2019 11:50:53 +1000
Alexey Kardashevskiy  wrote:

> 
> 
> On 11/09/2019 19:16, Greg Kurz wrote:
> > On Wed, 11 Sep 2019 14:04:51 +1000
> > David Gibson  wrote:
> > 
> >> From: Alexey Kardashevskiy 
> >>
> >> SLOF implements one itself so let's remove it from QEMU. It is one less
> >> image and simpler setup as the RTAS blob never stays in its initial place
> >> anyway as the guest OS always decides where to put it.
> >>
> >> Signed-off-by: Alexey Kardashevskiy 
> >> Signed-off-by: David Gibson 
> >> ---
> >>  MAINTAINERS |   2 --
> >>  Makefile|   2 +-
> >>  configure   |   6 +
> >>  hw/ppc/spapr.c  |  32 ++---
> >>  hw/ppc/spapr_rtas.c |  41 
> >>  include/hw/ppc/spapr.h  |   2 --
> >>  pc-bios/spapr-rtas.bin  | Bin 20 -> 0 bytes
> >>  pc-bios/spapr-rtas/Makefile |  27 -
> >>  pc-bios/spapr-rtas/spapr-rtas.S |  37 
> >>  9 files changed, 4 insertions(+), 145 deletions(-)
> >>  delete mode 100644 pc-bios/spapr-rtas.bin
> >>  delete mode 100644 pc-bios/spapr-rtas/Makefile
> >>  delete mode 100644 pc-bios/spapr-rtas/spapr-rtas.S
> >>
> > 
> > Nice diffstat :)
> > 
> > But pwclient fails to apply it :(
> > 
> > [greg@bahia qemu-spapr]$ pwclient git-am 1160642
> > Applying patch #1160642 using 'git am'
> > Description: [6/7] spapr: Stop providing RTAS blob
> > Applying: spapr: Stop providing RTAS blob
> > error: cannot apply binary patch to 'pc-bios/spapr-rtas.bin' without full 
> > index line
> 
> 
> Some git feature/bug with removing binaries:
> 
> https://stackoverflow.com/questions/17152171/git-cannot-apply-binary-patch-without-full-index-line
> 
> 
> David posted with this:
> ===
> diff --git a/pc-bios/spapr-rtas.bin b/pc-bios/spapr-rtas.bin
> deleted file mode 100644
> index fc24c8ed8b..00
> Binary files a/pc-bios/spapr-rtas.bin and /dev/null differ
> ===
> 
> And my patch has a bigger chunk:
> 
> git format-patch -1 --stdout 1a5efb9283c2
> (there is no additional flag needed to my git 2.17.1):
> 
> ===
> diff --git a/pc-bios/spapr-rtas.bin b/pc-bios/spapr-rtas.bin
> deleted file mode 100644
> index
> fc24c8ed8b92a3a441aed6e2bd013b2ccece9229..
> GIT binary patch
> literal 0
> HcmV?d1
> 
> literal 20
> bcmbi{{=neEz@X@PvCJTV0q
> ===
> 
> I do not know why are these different.
> 
> Thy this one:
> https://patchwork.ozlabs.org/patch/1132443/
> 

This one applies cleanly.

And so does:

https://github.com/dgibson/qemu/commit/c14ffa033ea0519d235f172723dd465ab6bf9777.patch

from David's cas branch... That's confusing.

Anyway, the non-binary changes look good.

Reviewed-by: Greg Kurz 

> 
> 
> > error: pc-bios/spapr-rtas.bin: patch does not apply
> > Patch failed at 0001 spapr: Stop providing RTAS blob
> > hint: Use 'git am --show-current-patch' to see the failed patch
> > When you have resolved this problem, run "git am --continue".
> > If you prefer to skip this patch, run "git am --skip" instead.
> > To restore the original branch and stop patching, run "git am --abort".
> > 'git am' failed with exit status 128
> > 
> > and
> > 
> > [greg@bahia qemu-spapr]$ git am --show-current-patch | patch -p1 --merge 
> > patching file MAINTAINERS
> > patching file Makefile
> > patching file configure
> > patching file hw/ppc/spapr.c
> > patching file hw/ppc/spapr_rtas.c
> > patching file include/hw/ppc/spapr.h
> > patching file pc-bios/spapr-rtas.bin
> > Not deleting file pc-bios/spapr-rtas.bin as content differs from patch
> > 
> > Not sure what's happening here...
> > 
> > patching file pc-bios/spapr-rtas/Makefile
> > patching file pc-bios/spapr-rtas/spapr-rtas.S
> > 
> >> diff --git a/MAINTAINERS b/MAINTAINERS
> >> index 50eaf005f4..9823f40213 100644
> >> --- a/MAINTAINERS
> >> +++ b/MAINTAINERS
> >> @@ -1077,8 +1077,6 @@ F: hw/*/spapr*
> >>  F: include/hw/*/spapr*
> >>  F: hw/*/xics*
> >>  F: include/hw/*/xics*
> >> -F: pc-bios/spapr-rtas/*
> >> -F: pc-bios/spapr-rtas.bin
> >>  F: pc-bios/slof.bin
> >>  F: docs/specs/ppc-spapr-hcalls.txt
> >>  F: docs/specs/ppc-spapr-hotplug.txt
> >> diff --git a/Makefile b/Makefile
> >> index ae17a83067..4637f95371 100644
> >> --- a/Makefile
> >> +++ b/Makefile
> >> @@ -764,7 +764,7 @@ qemu-nsis.bmp \
> >>  bamboo.dtb canyonlands.dtb petalogix-s3adsp1800.dtb petalogix-ml605.dtb \
> >>  multiboot.bin linuxboot.bin linuxboot_dma.bin kvmvapic.bin pvh.bin \
> >>  s390-ccw.img s390-netboot.img \
> >> -spapr-rtas.bin slof.bin skiboot.lid \
> >> +slof.bin skiboot.lid \
> >>  palcode-clipper \
> >>  u-boot.e500 u-boot-sam460-20100605.bin \
> >>  qemu_vga.ndrv \
> >> diff --git a/configure b/configure
> >> index 95134c0180..b79d38592b 100755
> >> --- a/configure
> >> +++ b/configure
> >> @@ -6211,9 +6211,6 @@ if { test "$cpu" = "i386" || test "$cpu" = "x86_64"; 
> >> } && \
> >>  fi
> >>  done
> >>  

[Qemu-devel] [Bug 1839060] Re: HDA device non functional in Windows 10 1903

[Idar Lund]

Tried sending you a message @ginf, but haven't heard back from you so I'm 
posting here instead;
What kind of debug trace do you want me to give you logs from?
$ /opt/qemu4/bin/qemu-system-x86_64 -d help
Log items (comma separated):
out_asm show generated host assembly code for each compiled TB
in_asm  show target assembly code for each compiled TB
op  show micro ops for each compiled TB
op_opt  show micro ops after optimization
op_ind  show micro ops before indirect lowering
int show interrupts/exceptions in short format
execshow trace before each executed TB (lots of logs)
cpu show CPU registers before entering a TB (lots of logs)
fpu include FPU registers in the 'cpu' logging
mmu log MMU-related activities
pcall   x86 only: show protected mode far calls/returns/exceptions
cpu_reset   show CPU state before CPU resets
unimp   log unimplemented functionality
guest_errorslog when the guest OS does something invalid (eg accessing a
non-existent register)
pagedump pages at beginning of user mode emulation
nochain do not chain compiled TBs so that "exec" and "cpu" show
complete traces
trace:PATTERN   enable trace events

Use "-d trace:help" to get a list of trace events.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1839060

Title:
  HDA device non functional in Windows 10 1903

Status in QEMU:
  New

Bug description:
  I made the update to 1903, and the HDA device stopped working.

  The driver says the device is working correctly, but it does not.
  When I try to open the Windows sound configuration, the dialog hangs and 
never shows it's content.

  Several people reported this back in May:

  https://windowsreport.com/windows-10-v1903-ich6-ich9-virtio/

  I can confirm I have exactly the same problem.

  Host is Arch Linux, current (5.2.5) kernel, QEMU 4.0.

  I enabled HDA debug output and compared an older, working Windows
  version to 1903, but could not see the difference. The driver seems to
  issue the same verbs.

  I am happy to provide additional information if needed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1839060/+subscriptions

[Qemu-devel] [PATCH v24 04/22] target/rx: TCG translation

[Yoshinori Sato]

This part only supported RXv1 instructions.
Instruction manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01us0032ej0120_rxsm.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-2-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/translate.c   | 2432 +++
 target/rx/Makefile.objs |   12 +
 target/rx/insns.decode  |  621 ++
 3 files changed, 3065 insertions(+)
 create mode 100644 target/rx/translate.c
 create mode 100644 target/rx/Makefile.objs
 create mode 100644 target/rx/insns.decode

diff --git a/target/rx/translate.c b/target/rx/translate.c
new file mode 100644
index 00..21a67db570
--- /dev/null
+++ b/target/rx/translate.c
@@ -0,0 +1,2432 @@
+/*
+ *  RX translation
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bswap.h"
+#include "qemu/qemu-print.h"
+#include "cpu.h"
+#include "exec/exec-all.h"
+#include "tcg-op.h"
+#include "exec/cpu_ldst.h"
+#include "exec/helper-proto.h"
+#include "exec/helper-gen.h"
+#include "exec/translator.h"
+#include "trace-tcg.h"
+#include "exec/log.h"
+
+typedef struct DisasContext {
+DisasContextBase base;
+CPURXState *env;
+uint32_t pc;
+} DisasContext;
+
+typedef struct DisasCompare {
+TCGv value;
+TCGv temp;
+TCGCond cond;
+} DisasCompare;
+
+const char rx_crname[][6] = {
+"psw", "pc", "usp", "fpsw", "", "", "", "",
+"bpsw", "bpc", "isp", "fintv", "intb", "", "", "",
+};
+
+/* Target-specific values for dc->base.is_jmp.  */
+#define DISAS_JUMPDISAS_TARGET_0
+#define DISAS_UPDATE  DISAS_TARGET_1
+#define DISAS_EXITDISAS_TARGET_2
+
+/* global register indexes */
+static TCGv cpu_regs[16];
+static TCGv cpu_psw_o, cpu_psw_s, cpu_psw_z, cpu_psw_c;
+static TCGv cpu_psw_i, cpu_psw_pm, cpu_psw_u, cpu_psw_ipl;
+static TCGv cpu_usp, cpu_fpsw, cpu_bpsw, cpu_bpc, cpu_isp;
+static TCGv cpu_fintv, cpu_intb, cpu_pc;
+static TCGv_i64 cpu_acc;
+
+#define cpu_sp cpu_regs[0]
+
+#include "exec/gen-icount.h"
+
+/* decoder helper */
+static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
+   int i, int n)
+{
+while (++i <= n) {
+uint8_t b = cpu_ldub_code(ctx->env, ctx->base.pc_next++);
+insn |= b << (32 - i * 8);
+}
+return insn;
+}
+
+static uint32_t li(DisasContext *ctx, int sz)
+{
+int32_t tmp, addr;
+CPURXState *env = ctx->env;
+addr = ctx->base.pc_next;
+
+tcg_debug_assert(sz < 4);
+switch (sz) {
+case 1:
+ctx->base.pc_next += 1;
+return cpu_ldsb_code(env, addr);
+case 2:
+ctx->base.pc_next += 2;
+return cpu_ldsw_code(env, addr);
+case 3:
+ctx->base.pc_next += 3;
+tmp = cpu_ldsb_code(env, addr + 2) << 16;
+tmp |= cpu_lduw_code(env, addr) & 0x;
+return tmp;
+case 0:
+ctx->base.pc_next += 4;
+return cpu_ldl_code(env, addr);
+}
+return 0;
+}
+
+static int bdsp_s(DisasContext *ctx, int d)
+{
+/*
+ * 0 -> 8
+ * 1 -> 9
+ * 2 -> 10
+ * 3 -> 3
+ * :
+ * 7 -> 7
+ */
+if (d < 3) {
+d += 8;
+}
+return d;
+}
+
+/* Include the auto-generated decoder. */
+#include "decode.inc.c"
+
+void rx_cpu_dump_state(CPUState *cs, FILE *f, int flags)
+{
+RXCPU *cpu = RXCPU(cs);
+CPURXState *env = >env;
+int i;
+uint32_t psw;
+
+psw = rx_cpu_pack_psw(env);
+qemu_fprintf(f, "pc=0x%08x psw=0x%08x\n",
+ env->pc, psw);
+for (i = 0; i < 16; i += 4) {
+qemu_fprintf(f, "r%d=0x%08x r%d=0x%08x r%d=0x%08x r%d=0x%08x\n",
+ i, env->regs[i], i + 1, env->regs[i + 1],
+ i + 2, env->regs[i + 2], i + 3, env->regs[i + 3]);
+}
+}
+
+static bool use_goto_tb(DisasContext *dc, target_ulong dest)
+{
+if (unlikely(dc->base.singlestep_enabled)) {
+return false;
+} else {
+return true;
+}
+}
+
+static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
+{
+if (use_goto_tb(dc, dest)) {
+tcg_gen_goto_tb(n);
+tcg_gen_movi_i32(cpu_pc, dest);
+tcg_gen_exit_tb(dc->base.tb, n);
+} else {
+tcg_gen_movi_i32(cpu_pc, dest);
+if 

[Qemu-devel] [PATCH v24 05/22] target/rx: TCG helper

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 

Message-Id: <20190616142836.10614-3-ys...@users.sourceforge.jp>
Reviewed-by: Richard Henderson 
Message-Id: <20190607091116.49044-3-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
[PMD: Removed tlb_fill, extracted from patch of Yoshinori Sato
 'Convert to CPUClass::tlb_fill']
Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Yoshinori Sato 
---
 target/rx/helper.h|  31 +++
 target/rx/helper.c| 149 +
 target/rx/op_helper.c | 470 ++
 3 files changed, 650 insertions(+)
 create mode 100644 target/rx/helper.h
 create mode 100644 target/rx/helper.c
 create mode 100644 target/rx/op_helper.c

diff --git a/target/rx/helper.h b/target/rx/helper.h
new file mode 100644
index 00..f0b7ebbbf7
--- /dev/null
+++ b/target/rx/helper.h
@@ -0,0 +1,31 @@
+DEF_HELPER_1(raise_illegal_instruction, noreturn, env)
+DEF_HELPER_1(raise_access_fault, noreturn, env)
+DEF_HELPER_1(raise_privilege_violation, noreturn, env)
+DEF_HELPER_1(wait, noreturn, env)
+DEF_HELPER_1(debug, noreturn, env)
+DEF_HELPER_2(rxint, noreturn, env, i32)
+DEF_HELPER_1(rxbrk, noreturn, env)
+DEF_HELPER_FLAGS_3(fadd, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fsub, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fmul, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fdiv, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fcmp, TCG_CALL_NO_WG, void, env, f32, f32)
+DEF_HELPER_FLAGS_2(ftoi, TCG_CALL_NO_WG, i32, env, f32)
+DEF_HELPER_FLAGS_2(round, TCG_CALL_NO_WG, i32, env, f32)
+DEF_HELPER_FLAGS_2(itof, TCG_CALL_NO_WG, f32, env, i32)
+DEF_HELPER_2(set_fpsw, void, env, i32)
+DEF_HELPER_FLAGS_2(racw, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(set_psw_rte, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(set_psw, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_1(pack_psw, i32, env)
+DEF_HELPER_FLAGS_3(div, TCG_CALL_NO_WG, i32, env, i32, i32)
+DEF_HELPER_FLAGS_3(divu, TCG_CALL_NO_WG, i32, env, i32, i32)
+DEF_HELPER_FLAGS_1(scmpu, TCG_CALL_NO_WG, void, env)
+DEF_HELPER_1(smovu, void, env)
+DEF_HELPER_1(smovf, void, env)
+DEF_HELPER_1(smovb, void, env)
+DEF_HELPER_2(sstr, void, env, i32)
+DEF_HELPER_FLAGS_2(swhile, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(suntil, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(rmpa, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_1(satr, void, env)
diff --git a/target/rx/helper.c b/target/rx/helper.c
new file mode 100644
index 00..a34a40af83
--- /dev/null
+++ b/target/rx/helper.c
@@ -0,0 +1,149 @@
+/*
+ *  RX emulation
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bitops.h"
+#include "cpu.h"
+#include "exec/log.h"
+#include "exec/cpu_ldst.h"
+#include "sysemu/sysemu.h"
+#include "hw/irq.h"
+
+void rx_cpu_unpack_psw(CPURXState *env, uint32_t psw, int rte)
+{
+if (env->psw_pm == 0) {
+env->psw_ipl = FIELD_EX32(psw, PSW, IPL);
+if (rte) {
+/* PSW.PM can write RTE and RTFI */
+env->psw_pm = FIELD_EX32(psw, PSW, PM);
+}
+env->psw_u = FIELD_EX32(psw, PSW, U);
+env->psw_i = FIELD_EX32(psw, PSW, I);
+}
+env->psw_o = FIELD_EX32(psw, PSW, O) << 31;
+env->psw_s = FIELD_EX32(psw, PSW, S) << 31;
+env->psw_z = 1 - FIELD_EX32(psw, PSW, Z);
+env->psw_c = FIELD_EX32(psw, PSW, C);
+}
+
+#define INT_FLAGS (CPU_INTERRUPT_HARD | CPU_INTERRUPT_FIR)
+void rx_cpu_do_interrupt(CPUState *cs)
+{
+RXCPU *cpu = RXCPU(cs);
+CPURXState *env = >env;
+int do_irq = cs->interrupt_request & INT_FLAGS;
+uint32_t save_psw;
+
+env->in_sleep = 0;
+
+if (env->psw_u) {
+env->usp = env->regs[0];
+} else {
+env->isp = env->regs[0];
+}
+save_psw = rx_cpu_pack_psw(env);
+env->psw_pm = env->psw_i = env->psw_u = 0;
+
+if (do_irq) {
+if (do_irq & CPU_INTERRUPT_FIR) {
+env->bpc = env->pc;
+env->bpsw = save_psw;
+env->pc = env->fintv;
+env->psw_ipl = 15;
+cs->interrupt_request &= ~CPU_INTERRUPT_FIR;
+qemu_set_irq(env->ack, env->ack_irq);
+qemu_log_mask(CPU_LOG_INT, "fast interrupt raised\n");
+} else if (do_irq & CPU_INTERRUPT_HARD) {
+env->isp -= 4;
+

[Qemu-devel] [PATCH v24 00/22] Add RX archtecture support

[Yoshinori Sato]

Hello.
This patch series is added Renesas RX target emulation.

Changes for v23.
Follow master changes.

Changes for v22.
Added some include.

Changes for v21.
rebase latest master.
Remove unneeded hmp_info_tlb.

Chanegs for v20.
Reorderd patches.
Squashed v19 changes.

Changes for v19.
Follow tcg changes.
Cleanup cpu.c.
simplify rx_cpu_class_by_name and rx_load_image move to rx-virt.

My git repository is bellow.
git://git.pf.osdn.net/gitroot/y/ys/ysato/qemu.git tags/rx-20190912

Testing binaries bellow.
u-boot
Download - https://osdn.net/users/ysato/pf/qemu/dl/u-boot.bin.gz

starting
$ gzip -d u-boot.bin.gz
$ qemu-system-rx -bios u-boot.bin

linux and pico-root (only sash)
Download - https://osdn.net/users/ysato/pf/qemu/dl/zImage (kernel)
   https://osdn.net/users/ysato/pf/qemu/dl/rx-qemu.dtb (DeviceTree)

starting
$ qemu-system-rx -kernel zImage -dtb rx-qemu.dtb -append "earlycon"

Philippe Mathieu-Daudé (3):
  hw/registerfields.h: Add 8bit and 16bit register macros
  hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
  BootLinuxConsoleTest: Test the RX-Virt machine

Richard Henderson (7):
  target/rx: Disassemble rx_index_addr into a string
  target/rx: Replace operand with prt_ldmi in disassembler
  target/rx: Use prt_ldmi for XCHG_mr disassembly
  target/rx: Emit all disassembly in one prt()
  target/rx: Collect all bytes during disassembly
  target/rx: Dump bytes for each insn during disassembly
  hw/rx: Honor -accel qtest

Yoshinori Sato (12):
  MAINTAINERS: Add RX
  qemu/bitops.h: Add extract8 and extract16
  target/rx: TCG translation
  target/rx: TCG helper
  target/rx: CPU definition
  target/rx: RX disassembler
  hw/intc: RX62N interrupt controller (ICUa)
  hw/timer: RX62N internal timer modules
  hw/char: RX62N serial communication interface (SCI)
  hw/rx: RX Target hardware definition
  Add rx-softmmu
  qapi/machine.json: Add RX cpu.

 configure  |8 +
 default-configs/rx-softmmu.mak |3 +
 qapi/machine.json  |2 +-
 include/disas/dis-asm.h|5 +
 include/exec/poison.h  |1 +
 include/hw/char/renesas_sci.h  |   45 +
 include/hw/intc/rx_icu.h   |   56 +
 include/hw/registerfields.h|   32 +-
 include/hw/rx/rx.h |7 +
 include/hw/rx/rx62n.h  |   91 +
 include/hw/timer/renesas_cmt.h |   38 +
 include/hw/timer/renesas_tmr.h |   53 +
 include/qemu/bitops.h  |   38 +
 include/sysemu/arch_init.h |1 +
 target/rx/cpu-param.h  |   31 +
 target/rx/cpu-qom.h|   42 +
 target/rx/cpu.h|  181 ++
 target/rx/helper.h |   31 +
 arch_init.c|2 +
 hw/char/renesas_sci.c  |  343 
 hw/intc/rx_icu.c   |  379 
 hw/rx/rx-virt.c|  135 ++
 hw/rx/rx62n.c  |  247 +++
 hw/timer/renesas_cmt.c |  278 +++
 hw/timer/renesas_tmr.c |  458 +
 target/rx/cpu.c|  217 +++
 target/rx/disas.c  | 1446 ++
 target/rx/gdbstub.c|  112 ++
 target/rx/helper.c |  149 ++
 target/rx/op_helper.c  |  470 +
 target/rx/translate.c  | 2432 
 tests/machine-none-test.c  |1 +
 MAINTAINERS|   19 +
 hw/Kconfig |1 +
 hw/char/Kconfig|3 +
 hw/char/Makefile.objs  |1 +
 hw/intc/Kconfig|3 +
 hw/intc/Makefile.objs  |1 +
 hw/rx/Kconfig  |   14 +
 hw/rx/Makefile.objs|2 +
 hw/timer/Kconfig   |6 +
 hw/timer/Makefile.objs |3 +
 target/rx/Makefile.objs|   11 +
 target/rx/insns.decode |  621 ++
 tests/acceptance/boot_linux_console.py |   46 +
 45 files changed, 8063 insertions(+), 2 deletions(-)
 create mode 100644 default-configs/rx-softmmu.mak
 create mode 100644 include/hw/char/renesas_sci.h
 create mode 100644 include/hw/intc/rx_icu.h
 create mode 100644 include/hw/rx/rx.h
 create mode 100644 include/hw/rx/rx62n.h
 create mode 100644 include/hw/timer/renesas_cmt.h
 create mode 100644 include/hw/timer/renesas_tmr.h
 create mode 100644 target/rx/cpu-param.h
 create mode 100644 target/rx/cpu-qom.h
 create mode 100644 target/rx/cpu.h
 create mode 100644 target/rx/helper.h
 create mode 100644 hw/char/renesas_sci.c
 create mode 100644 hw/intc/rx_icu.c
 create mode 100644 hw/rx/rx-virt.c
 create mode 100644 hw/rx/rx62n.c
 create mode 100644 hw/timer/renesas_cmt.c
 create mode 100644 hw/timer/renesas_tmr.c
 create mode 100644 target/rx/cpu.c
 c

[Qemu-devel] [PATCH v24 19/22] hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core

[Yoshinori Sato]

From: Philippe Mathieu-Daudé 

While the VIRT machine can use different microcontrollers,
the RX62N microcontroller is tied to the RX62N CPU core.

Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Yoshinori Sato 
---
 hw/rx/rx-virt.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/hw/rx/rx-virt.c b/hw/rx/rx-virt.c
index 4cfe2e3123..9676a5e7bf 100644
--- a/hw/rx/rx-virt.c
+++ b/hw/rx/rx-virt.c
@@ -17,6 +17,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/error-report.h"
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "cpu.h"
@@ -56,6 +57,7 @@ static void rx_load_image(RXCPU *cpu, const char *filename,
 
 static void rxvirt_init(MachineState *machine)
 {
+MachineClass *mc = MACHINE_GET_CLASS(machine);
 RX62NState *s = g_new(RX62NState, 1);
 MemoryRegion *sysmem = get_system_memory();
 MemoryRegion *sdram = g_new(MemoryRegion, 1);
@@ -64,6 +66,12 @@ static void rxvirt_init(MachineState *machine)
 void *dtb = NULL;
 int dtb_size;
 
+if (strcmp(machine->cpu_type, mc->default_cpu_type) != 0) {
+error_report("This board can only be used with CPU %s",
+ mc->default_cpu_type);
+exit(1);
+}
+
 /* Allocate memory space */
 memory_region_init_ram(sdram, NULL, "sdram", 16 * MiB,
_fatal);
-- 
2.20.1

[Qemu-devel] TCG plugins and the GPL (was: [PATCH v4 00/54] plugins for TCG)

[Markus Armbruster]

Alex Bennée  writes:

> Markus Armbruster  writes:
[...]
>> Please advise why TCG plugins don't undermine the GPL.  Any proposal to
>> add a plugin interface needs to do that.
>
> I'm not sure what we can say about this apart from "ask your lawyer".

I'm not asking for a legal argument, I'm asking for a pragmatic one.

> I'm certainly not proposing we add any sort of language about what
> should and shouldn't be allowed to use the plugin interface. I find it
> hard to see how anyone could argue code written to interface with the
> plugin API couldn't be considered a derived work.

What makes that so?  Is writing a plugin without linking with QEMU code
impractical?

> There are two use cases I have in mind:
>
> The first is FLOSS developers writing interesting tools that can take
> advantage of QEMU's control of the system to do experiments that are
> tricky with other setups (Valgrind is limited to same-arch, Dynamo/Pin
> are user-space only). I want these experiments to be easy to do without
> having to keep hacking and re-hacking QEMU's core code. I would hope
> QEMU developers would up-stream theirs into the QEMU source tree but I
> can imagine academics will have open source code that will only ever sit
> in their paper's repository.

GPL'ed code that's not for upstream is 100% legitimate.

> The other is users who currently maintain hacked up internal copies of
> QEMU as a test bed for whatever piece of silicon they are brewing behind
> closed doors. This code would never be distributed (hence never be a GPL
> issue)

Correct.  We can't force anybody to distribute, and that's only proper.

>and is generally kept private because it's IP sensitive
> (e.g: experimenting with different cache models). If we can provide an
> interface that allows them to keep their experiments private and
> separate from changes to the core code then maybe apart from making
> their lives a bit easier we will see some non-IP sensitive contributions
> come back to the upstream. I live in hope ;-)

I'm concerned about a third case: imlementing stuff as a plugin so you
can distribute it with a GPL-incompatible license.  Particularly
pernicious when that stuff could be useful upstream.

Are there any technical difficulties that could make distributing a
plugins in binary form impractical?

Re: [Qemu-devel] [RFC v2 2/3] intc/arm_gic: Support IRQ injection for more than 256 vpus

[Andrew Jones]

On Wed, Sep 11, 2019 at 05:51:24PM +0200, Eric Auger wrote:
> Host kernels that expose the KVM_CAP_ARM_IRQ_LINE_LAYOUT_2 capability
> allow injection of interrupts along with vcpu ids larger than 255.
> Let's encode the vpcu id on 12 bits according to the upgraded KVM_IRQ_LINE
> ABI when needed.
> 
> Given that we have two callsites that need to assemble
> the value for kvm_set_irq(), a new helper routine, kvm_arm_set_irq
> is introduced.
> 
> Without that patch qemu exits with "kvm_set_irq: Invalid argument"
> message.
> 
> Signed-off-by: Eric Auger 
> Reported-by: Zenghui Yu 
> ---
>  hw/intc/arm_gic_kvm.c |  7 ++-
>  target/arm/cpu.c  | 10 --
>  target/arm/kvm.c  | 16 
>  target/arm/kvm_arm.h  |  1 +
>  4 files changed, 23 insertions(+), 11 deletions(-)
> 
> diff --git a/hw/intc/arm_gic_kvm.c b/hw/intc/arm_gic_kvm.c
> index b56fda144f..9deb15e7e6 100644
> --- a/hw/intc/arm_gic_kvm.c
> +++ b/hw/intc/arm_gic_kvm.c
> @@ -55,7 +55,7 @@ void kvm_arm_gic_set_irq(uint32_t num_irq, int irq, int 
> level)
>   * has separate fields in the irq number for type,
>   * CPU number and interrupt number.
>   */
> -int kvm_irq, irqtype, cpu;
> +int irqtype, cpu;
>  
>  if (irq < (num_irq - GIC_INTERNAL)) {
>  /* External interrupt. The kernel numbers these like the GIC
> @@ -72,10 +72,7 @@ void kvm_arm_gic_set_irq(uint32_t num_irq, int irq, int 
> level)
>  cpu = irq / GIC_INTERNAL;
>  irq %= GIC_INTERNAL;
>  }
> -kvm_irq = (irqtype << KVM_ARM_IRQ_TYPE_SHIFT)
> -| (cpu << KVM_ARM_IRQ_VCPU_SHIFT) | irq;
> -
> -kvm_set_irq(kvm_state, kvm_irq, !!level);
> +kvm_arm_set_irq(cpu, irqtype, irq, !!level);
>  }
>  
>  static void kvm_arm_gicv2_set_irq(void *opaque, int irq, int level)
> diff --git a/target/arm/cpu.c b/target/arm/cpu.c
> index 2399c14471..13813fb213 100644
> --- a/target/arm/cpu.c
> +++ b/target/arm/cpu.c
> @@ -576,16 +576,16 @@ static void arm_cpu_kvm_set_irq(void *opaque, int irq, 
> int level)
>  ARMCPU *cpu = opaque;
>  CPUARMState *env = >env;
>  CPUState *cs = CPU(cpu);
> -int kvm_irq = KVM_ARM_IRQ_TYPE_CPU << KVM_ARM_IRQ_TYPE_SHIFT;
>  uint32_t linestate_bit;
> +int irq_id;
>  
>  switch (irq) {
>  case ARM_CPU_IRQ:
> -kvm_irq |= KVM_ARM_IRQ_CPU_IRQ;
> +irq_id = KVM_ARM_IRQ_CPU_IRQ;
>  linestate_bit = CPU_INTERRUPT_HARD;
>  break;
>  case ARM_CPU_FIQ:
> -kvm_irq |= KVM_ARM_IRQ_CPU_FIQ;
> +irq_id = KVM_ARM_IRQ_CPU_FIQ;
>  linestate_bit = CPU_INTERRUPT_FIQ;
>  break;
>  default:
> @@ -597,9 +597,7 @@ static void arm_cpu_kvm_set_irq(void *opaque, int irq, 
> int level)
>  } else {
>  env->irq_line_state &= ~linestate_bit;
>  }
> -
> -kvm_irq |= cs->cpu_index << KVM_ARM_IRQ_VCPU_SHIFT;
> -kvm_set_irq(kvm_state, kvm_irq, level ? 1 : 0);
> +kvm_arm_set_irq(cs->cpu_index, KVM_ARM_IRQ_TYPE_CPU, irq_id, !!level);
>  #endif
>  }
>  
> diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> index b2eaa50b8d..6cdfa2204f 100644
> --- a/target/arm/kvm.c
> +++ b/target/arm/kvm.c
> @@ -744,6 +744,22 @@ int kvm_arm_vgic_probe(void)
>  }
>  }
>  
> +int kvm_arm_set_irq(int cpu, int irqtype, int irq, int level)
> +{
> +int kvm_irq = 0;

No need to init to zero, and could just immediately init with the
line below instead.

> +
> +kvm_irq = (irqtype << KVM_ARM_IRQ_TYPE_SHIFT) | irq;
> +
> +if (cpu != 0) {

No need for this 'if'

> +int cpu_idx2 = cpu / 256;
> +int cpu_idx1 = cpu % 256;
> +
> +kvm_irq |= (cpu_idx1 << KVM_ARM_IRQ_VCPU_SHIFT) |
> +   ((cpu_idx2 & KVM_ARM_IRQ_VCPU2_MASK) << KVM_ARM_IRQ_VCPU2_SHIFT);

Masking should be unnecessary as the only way it'll do anything is if we
have vcpus >= 4096, which I imagine will never happen or will be guarded
against happening elsewhere. Silently masking doesn't look right anyway,
so I'd either add an assert(cpu_idx2 < 16) and drop the masking or just
drop the masking.

> +}
> +return kvm_set_irq(kvm_state, kvm_irq, !!level);
> +}
> +
>  int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route,
>   uint64_t address, uint32_t data, PCIDevice *dev)
>  {
> diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
> index b3106c8600..b4e19457a0 100644
> --- a/target/arm/kvm_arm.h
> +++ b/target/arm/kvm_arm.h
> @@ -253,6 +253,7 @@ int kvm_arm_vgic_probe(void);
>  
>  void kvm_arm_pmu_set_irq(CPUState *cs, int irq);
>  void kvm_arm_pmu_init(CPUState *cs);
> +int kvm_arm_set_irq(int cpu, int irqtype, int irq, int level);
>  
>  #else
>  
> -- 
> 2.20.1
> 
>

Thanks,
drew 

[Qemu-devel] [PATCH v24 16/22] hw/char: RX62N serial communication interface (SCI)

[Yoshinori Sato]

This module supported only non FIFO type.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-8-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 include/hw/char/renesas_sci.h |  45 +
 hw/char/renesas_sci.c | 343 ++
 hw/char/Kconfig   |   3 +
 hw/char/Makefile.objs |   1 +
 4 files changed, 392 insertions(+)
 create mode 100644 include/hw/char/renesas_sci.h
 create mode 100644 hw/char/renesas_sci.c

diff --git a/include/hw/char/renesas_sci.h b/include/hw/char/renesas_sci.h
new file mode 100644
index 00..50d1336944
--- /dev/null
+++ b/include/hw/char/renesas_sci.h
@@ -0,0 +1,45 @@
+/*
+ * Renesas Serial Communication Interface
+ *
+ * Copyright (c) 2018 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#include "chardev/char-fe.h"
+#include "qemu/timer.h"
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_SCI "renesas-sci"
+#define RSCI(obj) OBJECT_CHECK(RSCIState, (obj), TYPE_RENESAS_SCI)
+
+enum {
+ERI = 0,
+RXI = 1,
+TXI = 2,
+TEI = 3,
+SCI_NR_IRQ = 4,
+};
+
+typedef struct {
+SysBusDevice parent_obj;
+MemoryRegion memory;
+
+uint8_t smr;
+uint8_t brr;
+uint8_t scr;
+uint8_t tdr;
+uint8_t ssr;
+uint8_t rdr;
+uint8_t scmr;
+uint8_t semr;
+
+uint8_t read_ssr;
+int64_t trtime;
+int64_t rx_next;
+QEMUTimer *timer;
+CharBackend chr;
+uint64_t input_freq;
+qemu_irq irq[SCI_NR_IRQ];
+} RSCIState;
diff --git a/hw/char/renesas_sci.c b/hw/char/renesas_sci.c
new file mode 100644
index 00..df63c5292e
--- /dev/null
+++ b/hw/char/renesas_sci.c
@@ -0,0 +1,343 @@
+/*
+ * Renesas Serial Communication Interface
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/irq.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/qdev-properties.h"
+#include "hw/char/renesas_sci.h"
+#include "migration/vmstate.h"
+#include "qemu/error-report.h"
+
+/* SCI register map */
+REG8(SMR, 0)
+  FIELD(SMR, CKS,  0, 2)
+  FIELD(SMR, MP,   2, 1)
+  FIELD(SMR, STOP, 3, 1)
+  FIELD(SMR, PM,   4, 1)
+  FIELD(SMR, PE,   5, 1)
+  FIELD(SMR, CHR,  6, 1)
+  FIELD(SMR, CM,   7, 1)
+REG8(BRR, 1)
+REG8(SCR, 2)
+  FIELD(SCR, CKE, 0, 2)
+  FIELD(SCR, TEIE, 2, 1)
+  FIELD(SCR, MPIE, 3, 1)
+  FIELD(SCR, RE,   4, 1)
+  FIELD(SCR, TE,   5, 1)
+  FIELD(SCR, RIE,  6, 1)
+  FIELD(SCR, TIE,  7, 1)
+REG8(TDR, 3)
+REG8(SSR, 4)
+  FIELD(SSR, MPBT, 0, 1)
+  FIELD(SSR, MPB,  1, 1)
+  FIELD(SSR, TEND, 2, 1)
+  FIELD(SSR, ERR, 3, 3)
+FIELD(SSR, PER,  3, 1)
+FIELD(SSR, FER,  4, 1)
+FIELD(SSR, ORER, 5, 1)
+  FIELD(SSR, RDRF, 6, 1)
+  FIELD(SSR, TDRE, 7, 1)
+REG8(RDR, 5)
+REG8(SCMR, 6)
+  FIELD(SCMR, SMIF, 0, 1)
+  FIELD(SCMR, SINV, 2, 1)
+  FIELD(SCMR, SDIR, 3, 1)
+  FIELD(SCMR, BCP2, 7, 1)
+REG8(SEMR, 7)
+  FIELD(SEMR, ACS0, 0, 1)
+  FIELD(SEMR, ABCS, 4, 1)
+
+static int can_receive(void *opaque)
+{
+RSCIState *sci = RSCI(opaque);
+if (sci->rx_next > qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)) {
+return 0;
+} else {
+return FIELD_EX8(sci->scr, SCR, RE);
+}
+}
+
+static void receive(void *opaque, const uint8_t *buf, int size)
+{
+RSCIState *sci = RSCI(opaque);
+sci->rx_next = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + sci->trtime;
+if (FIELD_EX8(sci->ssr, SSR, RDRF) || size > 1) {
+sci->ssr = FIELD_DP8(sci->ssr, SSR, ORER, 1);
+if (FIELD_EX8(sci->scr, SCR, RIE)) {
+qemu_set_irq(sci->irq[ERI], 1);
+}
+} else {
+sci->rdr = buf[0];
+sci->ssr = FIELD_DP8(sci->ssr, SSR, RDRF, 1);
+if (FIELD_EX8(sci->scr, SCR, RIE)) {
+qemu_irq_pulse(sci->irq[RXI]);
+}
+}
+}
+
+static void send_byte(RSCIState *sci)
+{
+if (qemu_chr_fe_backend_connected(>chr)) {
+qemu_chr_fe_write_all(>chr, >tdr, 1);
+}
+timer_mod(sci->timer,
+  

Re: [Qemu-devel] [PATCH v4] target-arm: Make the counter tick relative to cntfrq

[Andrew Jeffery]

On Thu, 12 Sep 2019, at 15:52, Cédric Le Goater wrote:
> On 12/09/2019 05:25, Andrew Jeffery wrote:
> > Allow machines to configure CNTFRQ via a property if the ARM core
> > supports the generic timer. This is necessary on e.g. the ASPEED AST2600
> > SoC where the generic timer clock is run at 800MHz or above. The default
> > value for CNTFRQ remains at 62.50MHz (based on GTIMER_SCALE).
> > 
> > CNTFRQ is a read-as-written co-processor register; the property sets the
> > register's initial value which is used during realize() to configure the
> > QEMUTimers that back the generic timers. Beyond that the firmware can to
> > do whatever it sees fit with the CNTFRQ register though changes to the
> > value will not be reflected in the timers' rate.
> > 
> > I've tested this using an out-of-tree AST2600 SoC model (Cortex-A7) with
> > the SDK u-boot that sets CNTFRQ as appropriate, and by starting/running
> > machines with assorted ARM CPUs (palmetto-bmc with the ARM926EJ-S,
> > romulus-bmc with the ARM1176 and raspi2 with the Cortex-A53).
> > 
> > Signed-off-by: Andrew Jeffery 
> > ---
> > v4: Fix configuration for cores without a generic timer
> > 
> > v3: https://patchwork.ozlabs.org/patch/1160634/
> > Peter - I think this addresses most of your feedback. I still reach into
> > the QEMUTimer to fetch out scale when adjusting the nexttick
> > calculation, but we no longer need to update the scale member and force
> > a recalculation of the period.
> > 
> > v2: https://patchwork.ozlabs.org/patch/1144389/
> > ---
> >  roms/SLOF   |  2 +-
> >  roms/skiboot|  2 +-
> >  target/arm/cpu.c| 43 +++
> >  target/arm/cpu.h|  3 +++
> >  target/arm/helper.c | 30 ++
> >  5 files changed, 66 insertions(+), 14 deletions(-)
> > 
> > diff --git a/roms/SLOF b/roms/SLOF
> > index 7bfe584e3219..ea221600a116 16
> > --- a/roms/SLOF
> > +++ b/roms/SLOF
> > @@ -1 +1 @@
> > -Subproject commit 7bfe584e321946771692711ff83ad2b5850daca7
> > +Subproject commit ea221600a116883137ef90b2b7ab7d2472bc4f10
> > diff --git a/roms/skiboot b/roms/skiboot
> > index 261ca8e779e5..3a6fdede6ce1 16
> > --- a/roms/skiboot
> > +++ b/roms/skiboot
> > @@ -1 +1 @@
> > -Subproject commit 261ca8e779e5138869a45f174caa49be6a274501
> > +Subproject commit 3a6fdede6ce117facec0108afe716cf5d0472c3f
> 
> 
> The changes above seem not related.

How did they get in there? :eyeroll:

Thanks. v5 I guess.

Andrew

[Qemu-devel] [PATCH v24 15/22] hw/timer: RX62N internal timer modules

[Yoshinori Sato]

renesas_tmr: 8bit timer modules.
renesas_cmt: 16bit compare match timer modules.
This part use many renesas's CPU.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-7-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 include/hw/timer/renesas_cmt.h |  38 +++
 include/hw/timer/renesas_tmr.h |  53 
 hw/timer/renesas_cmt.c | 278 
 hw/timer/renesas_tmr.c | 458 +
 hw/timer/Kconfig   |   6 +
 hw/timer/Makefile.objs |   3 +
 6 files changed, 836 insertions(+)
 create mode 100644 include/hw/timer/renesas_cmt.h
 create mode 100644 include/hw/timer/renesas_tmr.h
 create mode 100644 hw/timer/renesas_cmt.c
 create mode 100644 hw/timer/renesas_tmr.c

diff --git a/include/hw/timer/renesas_cmt.h b/include/hw/timer/renesas_cmt.h
new file mode 100644
index 00..acd25c6e0b
--- /dev/null
+++ b/include/hw/timer/renesas_cmt.h
@@ -0,0 +1,38 @@
+/*
+ * Renesas Compare-match timer Object
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#ifndef HW_RENESAS_CMT_H
+#define HW_RENESAS_CMT_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_CMT "renesas-cmt"
+#define RCMT(obj) OBJECT_CHECK(RCMTState, (obj), TYPE_RENESAS_CMT)
+
+enum {
+CMT_CH = 2,
+CMT_NR_IRQ = 1 * CMT_CH,
+};
+
+typedef struct RCMTState {
+SysBusDevice parent_obj;
+
+uint64_t input_freq;
+MemoryRegion memory;
+
+uint16_t cmstr;
+uint16_t cmcr[CMT_CH];
+uint16_t cmcnt[CMT_CH];
+uint16_t cmcor[CMT_CH];
+int64_t tick[CMT_CH];
+qemu_irq cmi[CMT_CH];
+QEMUTimer *timer[CMT_CH];
+} RCMTState;
+
+#endif
diff --git a/include/hw/timer/renesas_tmr.h b/include/hw/timer/renesas_tmr.h
new file mode 100644
index 00..5787004c74
--- /dev/null
+++ b/include/hw/timer/renesas_tmr.h
@@ -0,0 +1,53 @@
+/*
+ * Renesas 8bit timer Object
+ *
+ * Copyright (c) 2018 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#ifndef HW_RENESAS_TMR_H
+#define HW_RENESAS_TMR_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_TMR "renesas-tmr"
+#define RTMR(obj) OBJECT_CHECK(RTMRState, (obj), TYPE_RENESAS_TMR)
+
+enum timer_event {
+cmia = 0,
+cmib = 1,
+ovi = 2,
+none = 3,
+TMR_NR_EVENTS = 4
+};
+
+enum {
+TMR_CH = 2,
+TMR_NR_IRQ = 3 * TMR_CH,
+};
+
+typedef struct RTMRState {
+SysBusDevice parent_obj;
+
+uint64_t input_freq;
+MemoryRegion memory;
+
+uint8_t tcnt[TMR_CH];
+uint8_t tcora[TMR_CH];
+uint8_t tcorb[TMR_CH];
+uint8_t tcr[TMR_CH];
+uint8_t tccr[TMR_CH];
+uint8_t tcor[TMR_CH];
+uint8_t tcsr[TMR_CH];
+int64_t tick;
+int64_t div_round[TMR_CH];
+enum timer_event next[TMR_CH];
+qemu_irq cmia[TMR_CH];
+qemu_irq cmib[TMR_CH];
+qemu_irq ovi[TMR_CH];
+QEMUTimer *timer[TMR_CH];
+} RTMRState;
+
+#endif
diff --git a/hw/timer/renesas_cmt.c b/hw/timer/renesas_cmt.c
new file mode 100644
index 00..5d57c447b8
--- /dev/null
+++ b/hw/timer/renesas_cmt.c
@@ -0,0 +1,278 @@
+/*
+ * Renesas 16bit Compare-match timer
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "qemu/timer.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/irq.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/qdev-properties.h"
+#include "hw/timer/renesas_cmt.h"
+#include "migration/vmstate.h"
+#include "qemu/error-report.h"
+
+/*
+ *  +0 CMSTR - common control
+ *  +2 CMCR  - ch0
+ *  +4 CMCNT - ch0
+ *  +6 CMCOR - ch0
+ *  +8 CMCR  - ch1
+ * +10 CMCNT - ch1
+ * +12 CMCOR - ch1
+ * If we think that the address of CH 0 has an offset of +2,
+ * we can treat it with the same address as CH 1, so define it like that.
+ */
+REG16(CMSTR, 0)
+  FIELD(CMSTR, STR0, 0, 1)
+  FIELD(CMSTR, STR1, 1, 1)
+  FIELD(CMSTR, STR,  0, 2)
+/* This addeess is channel offset */
+REG16(CMCR, 0)
+  FIELD(CMCR, CKS, 0, 2)
+  FIELD(CMCR, CMIE, 6, 

[Qemu-devel] [PATCH v24 17/22] hw/rx: RX Target hardware definition

[Yoshinori Sato]

rx62n - RX62N cpu.
rx-virt - RX QEMU virtual target.

v23 changes.
Add missing includes.

v21 changes.
rx_load_image move to rx-virt.c

Signed-off-by: Yoshinori Sato 

Message-Id: <20190616142836.10614-17-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-9-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
[PMD: Use TYPE_RX62N_CPU, use #define for RX62N_NR_TMR/CMT/SCI,
 renamed CPU -> MCU, device -> microcontroller]
Signed-off-by: Philippe Mathieu-Daudé 
---
v19: Fixed typo (Peter Maydell)
Signed-off-by: Yoshinori Sato 
---
 include/hw/rx/rx.h|   7 ++
 include/hw/rx/rx62n.h |  91 
 hw/rx/rx-virt.c   | 127 ++
 hw/rx/rx62n.c | 239 ++
 hw/rx/Kconfig |  14 +++
 hw/rx/Makefile.objs   |   2 +
 6 files changed, 480 insertions(+)
 create mode 100644 include/hw/rx/rx.h
 create mode 100644 include/hw/rx/rx62n.h
 create mode 100644 hw/rx/rx-virt.c
 create mode 100644 hw/rx/rx62n.c
 create mode 100644 hw/rx/Kconfig
 create mode 100644 hw/rx/Makefile.objs

diff --git a/include/hw/rx/rx.h b/include/hw/rx/rx.h
new file mode 100644
index 00..ff5924b81f
--- /dev/null
+++ b/include/hw/rx/rx.h
@@ -0,0 +1,7 @@
+#ifndef QEMU_RX_H
+#define QEMU_RX_H
+/* Definitions for RX board emulation.  */
+
+#include "target/rx/cpu-qom.h"
+
+#endif
diff --git a/include/hw/rx/rx62n.h b/include/hw/rx/rx62n.h
new file mode 100644
index 00..97ea8ddb8e
--- /dev/null
+++ b/include/hw/rx/rx62n.h
@@ -0,0 +1,91 @@
+/*
+ * RX62N MCU Object
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef HW_RX_RX62N_H
+#define HW_RX_RX62N_H
+
+#include "hw/sysbus.h"
+#include "hw/intc/rx_icu.h"
+#include "hw/timer/renesas_tmr.h"
+#include "hw/timer/renesas_cmt.h"
+#include "hw/char/renesas_sci.h"
+#include "target/rx/cpu.h"
+#include "qemu/units.h"
+
+#define TYPE_RX62N "rx62n"
+#define RX62N(obj) OBJECT_CHECK(RX62NState, (obj), TYPE_RX62N)
+
+#define RX62N_NR_TMR2
+#define RX62N_NR_CMT2
+#define RX62N_NR_SCI6
+
+typedef struct RX62NState {
+SysBusDevice parent_obj;
+
+RXCPU cpu;
+RXICUState icu;
+RTMRState tmr[RX62N_NR_TMR];
+RCMTState cmt[RX62N_NR_CMT];
+RSCIState sci[RX62N_NR_SCI];
+
+MemoryRegion *sysmem;
+bool kernel;
+
+MemoryRegion iram;
+MemoryRegion iomem1;
+MemoryRegion d_flash;
+MemoryRegion iomem2;
+MemoryRegion iomem3;
+MemoryRegion c_flash;
+qemu_irq irq[NR_IRQS];
+} RX62NState;
+
+/*
+ * RX62N Peripheral Address
+ * See users manual section 5
+ */
+#define RX62N_ICUBASE 0x00087000
+#define RX62N_TMRBASE 0x00088200
+#define RX62N_CMTBASE 0x00088000
+#define RX62N_SCIBASE 0x00088240
+
+/*
+ * RX62N Peripheral IRQ
+ * See users manual section 11
+ */
+#define RX62N_TMR_IRQBASE 174
+#define RX62N_CMT_IRQBASE 28
+#define RX62N_SCI_IRQBASE 214
+
+/*
+ * RX62N Internal Memory
+ * It is the value of R5F562N8.
+ * Please change the size for R5F562N7.
+ */
+#define RX62N_IRAM_BASE 0x
+#define RX62N_IRAM_SIZE (96 * KiB)
+#define RX62N_DFLASH_BASE 0x0010
+#define RX62N_DFLASH_SIZE (32 * KiB)
+#define RX62N_CFLASH_BASE 0xfff8
+#define RX62N_CFLASH_SIZE (512 * KiB)
+
+#define RX62N_PCLK (48 * 1000 * 1000)
+#endif
diff --git a/hw/rx/rx-virt.c b/hw/rx/rx-virt.c
new file mode 100644
index 00..4cfe2e3123
--- /dev/null
+++ b/hw/rx/rx-virt.c
@@ -0,0 +1,127 @@
+/*
+ * RX QEMU virtual platform
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "hw/hw.h"

Re: [Qemu-devel] [PATCH v4] target-arm: Make the counter tick relative to cntfrq

[Cédric Le Goater]

On 12/09/2019 05:25, Andrew Jeffery wrote:
> Allow machines to configure CNTFRQ via a property if the ARM core
> supports the generic timer. This is necessary on e.g. the ASPEED AST2600
> SoC where the generic timer clock is run at 800MHz or above. The default
> value for CNTFRQ remains at 62.50MHz (based on GTIMER_SCALE).
> 
> CNTFRQ is a read-as-written co-processor register; the property sets the
> register's initial value which is used during realize() to configure the
> QEMUTimers that back the generic timers. Beyond that the firmware can to
> do whatever it sees fit with the CNTFRQ register though changes to the
> value will not be reflected in the timers' rate.
> 
> I've tested this using an out-of-tree AST2600 SoC model (Cortex-A7) with
> the SDK u-boot that sets CNTFRQ as appropriate, and by starting/running
> machines with assorted ARM CPUs (palmetto-bmc with the ARM926EJ-S,
> romulus-bmc with the ARM1176 and raspi2 with the Cortex-A53).
> 
> Signed-off-by: Andrew Jeffery 
> ---
> v4: Fix configuration for cores without a generic timer
> 
> v3: https://patchwork.ozlabs.org/patch/1160634/
> Peter - I think this addresses most of your feedback. I still reach into
> the QEMUTimer to fetch out scale when adjusting the nexttick
> calculation, but we no longer need to update the scale member and force
> a recalculation of the period.
> 
> v2: https://patchwork.ozlabs.org/patch/1144389/
> ---
>  roms/SLOF   |  2 +-
>  roms/skiboot|  2 +-
>  target/arm/cpu.c| 43 +++
>  target/arm/cpu.h|  3 +++
>  target/arm/helper.c | 30 ++
>  5 files changed, 66 insertions(+), 14 deletions(-)
> 
> diff --git a/roms/SLOF b/roms/SLOF
> index 7bfe584e3219..ea221600a116 16
> --- a/roms/SLOF
> +++ b/roms/SLOF
> @@ -1 +1 @@
> -Subproject commit 7bfe584e321946771692711ff83ad2b5850daca7
> +Subproject commit ea221600a116883137ef90b2b7ab7d2472bc4f10
> diff --git a/roms/skiboot b/roms/skiboot
> index 261ca8e779e5..3a6fdede6ce1 16
> --- a/roms/skiboot
> +++ b/roms/skiboot
> @@ -1 +1 @@
> -Subproject commit 261ca8e779e5138869a45f174caa49be6a274501
> +Subproject commit 3a6fdede6ce117facec0108afe716cf5d0472c3f


The changes above seem not related.

C. 


> diff --git a/target/arm/cpu.c b/target/arm/cpu.c
> index 2399c144718d..8b63a27761bb 100644
> --- a/target/arm/cpu.c
> +++ b/target/arm/cpu.c
> @@ -40,6 +40,8 @@
>  #include "disas/capstone.h"
>  #include "fpu/softfloat.h"
>  
> +#include 
> +
>  static void arm_cpu_set_pc(CPUState *cs, vaddr value)
>  {
>  ARMCPU *cpu = ARM_CPU(cs);
> @@ -976,6 +978,10 @@ static void arm_cpu_initfn(Object *obj)
>  }
>  }
>  
> +static Property arm_cpu_gt_cntfrq_property =
> +DEFINE_PROP_UINT64("cntfrq", ARMCPU, gt_cntfrq,
> +   (1000 * 1000 * 1000) / GTIMER_SCALE);
> +
>  static Property arm_cpu_reset_cbar_property =
>  DEFINE_PROP_UINT64("reset-cbar", ARMCPU, reset_cbar, 0);
>  
> @@ -1172,6 +1178,11 @@ void arm_cpu_post_init(Object *obj)
>  
>  qdev_property_add_static(DEVICE(obj), _cpu_cfgend_property,
>   _abort);
> +
> +if (arm_feature(>env, ARM_FEATURE_GENERIC_TIMER)) {
> +qdev_property_add_static(DEVICE(cpu), _cpu_gt_cntfrq_property,
> + _abort);
> +}
>  }
>  
>  static void arm_cpu_finalizefn(Object *obj)
> @@ -1238,14 +1249,30 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
> **errp)
>  }
>  }
>  
> -cpu->gt_timer[GTIMER_PHYS] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE,
> -   arm_gt_ptimer_cb, cpu);
> -cpu->gt_timer[GTIMER_VIRT] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE,
> -   arm_gt_vtimer_cb, cpu);
> -cpu->gt_timer[GTIMER_HYP] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE,
> -  arm_gt_htimer_cb, cpu);
> -cpu->gt_timer[GTIMER_SEC] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE,
> -  arm_gt_stimer_cb, cpu);
> +
> +{
> +uint64_t scale;
> +
> +if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
> +if (!cpu->gt_cntfrq) {
> +error_setg(errp, "Invalid CNTFRQ: %"PRId64"Hz",
> +   cpu->gt_cntfrq);
> +return;
> +}
> +scale = MAX(1, NANOSECONDS_PER_SECOND / cpu->gt_cntfrq);
> +} else {
> +scale = GTIMER_SCALE;
> +}
> +
> +cpu->gt_timer[GTIMER_PHYS] = timer_new(QEMU_CLOCK_VIRTUAL, scale,
> +   arm_gt_ptimer_cb, cpu);
> +cpu->gt_timer[GTIMER_VIRT] = timer_new(QEMU_CLOCK_VIRTUAL, scale,
> +   arm_gt_vtimer_cb, cpu);
> +cpu->gt_timer[GTIMER_HYP] = timer_new(QEMU_CLOCK_VIRTUAL, scale,
> +   

Re: [Qemu-devel] [PULL 15/36] memory: fix race between TCG and accesses to dirty bitmap

[Pavel Dovgalyuk]

Ping.


Pavel Dovgalyuk

> -Original Message-
> From: dovgaluk [mailto:dovga...@ispras.ru]
> Sent: Monday, August 26, 2019 3:19 PM
> To: Paolo Bonzini; pavel.dovga...@ispras.ru
> Cc: qemu-devel@nongnu.org; Qemu-devel
> Subject: Re: [Qemu-devel] [PULL 15/36] memory: fix race between TCG and 
> accesses to dirty
> bitmap
> 
> This patch breaks the execution recording.
> While vCPU tries to lock replay mutex in main while loop,
> vga causes dirty memory sync and do_run_on_cpu call.
> This call waits for vCPU to process the work queue.
> 
> Pavel Dovgalyuk
> 
> Paolo Bonzini писал 2019-08-20 09:59:
> > There is a race between TCG and accesses to the dirty log:
> >
> >   vCPU thread  reader thread
> >   ---  ---
> >   TLB check -> slow path
> > notdirty_mem_write
> >   write to RAM
> >   set dirty flag
> >clear dirty flag
> >   TLB check -> fast path
> >read memory
> > write to RAM
> >
> > Fortunately, in order to fix it, no change is required to the
> > vCPU thread.  However, the reader thread must delay the read after
> > the vCPU thread has finished the write.  This can be approximated
> > conservatively by run_on_cpu, which waits for the end of the current
> > translation block.
> >
> > A similar technique is used by KVM, which has to do a synchronous TLB
> > flush after doing a test-and-clear of the dirty-page flags.
> >
> > Reported-by: Dr. David Alan Gilbert 
> > Signed-off-by: Paolo Bonzini 
> > ---
> >  exec.c| 31 +++
> >  include/exec/memory.h | 12 
> >  memory.c  | 10 +-
> >  migration/ram.c   |  1 +
> >  4 files changed, 53 insertions(+), 1 deletion(-)
> >
> > diff --git a/exec.c b/exec.c
> > index 3e78de3..ae68f72 100644
> > --- a/exec.c
> > +++ b/exec.c
> > @@ -198,6 +198,7 @@ typedef struct subpage_t {
> >
> >  static void io_mem_init(void);
> >  static void memory_map_init(void);
> > +static void tcg_log_global_after_sync(MemoryListener *listener);
> >  static void tcg_commit(MemoryListener *listener);
> >
> >  static MemoryRegion io_mem_watch;
> > @@ -906,6 +907,7 @@ void cpu_address_space_init(CPUState *cpu, int
> > asidx,
> >  newas->cpu = cpu;
> >  newas->as = as;
> >  if (tcg_enabled()) {
> > +newas->tcg_as_listener.log_global_after_sync =
> > tcg_log_global_after_sync;
> >  newas->tcg_as_listener.commit = tcg_commit;
> >  memory_listener_register(>tcg_as_listener, as);
> >  }
> > @@ -3143,6 +3145,35 @@ void
> > address_space_dispatch_free(AddressSpaceDispatch *d)
> >  g_free(d);
> >  }
> >
> > +static void do_nothing(CPUState *cpu, run_on_cpu_data d)
> > +{
> > +}
> > +
> > +static void tcg_log_global_after_sync(MemoryListener *listener)
> > +{while (1) {
>  qemu_mutex_unlock_iothread();
>  replay_mutex_lock();
>  qemu_mutex_lock_i
> > +CPUAddressSpace *cpuas;
> > +
> > +/* Wait for the CPU to end the current TB.  This avoids the
> > following
> > + * incorrect race:
> > + *
> > + *  vCPU migration
> > + *  --   -
> > + *  TLB check -> slow path
> > + *notdirty_mem_write
> > + *  write to RAM
> > + *  mark dirty
> > + *   clear dirty flag
> > + *  TLB check -> fast path
> > + *   read memory
> > + *write to RAM
> > + *
> > + * by pushing the migration thread's memory read after the vCPU
> > thread has
> > + * written the memory.
> > + */
> > +cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
> > +run_on_cpu(cpuas->cpu, do_nothing, RUN_ON_CPU_NULL);
> > +}
> > +
> >  static void tcg_commit(MemoryListener *listener)
> >  {
> >  CPUAddressSpace *cpuas;
> > diff --git a/include/exec/memory.h b/include/exec/memory.h
> > index bb0961d..b6bcf31 100644
> > --- a/include/exec/memory.h
> > +++ b/include/exec/memory.h
> > @@ -419,6 +419,7 @@ struct MemoryListener {
> >  void (*log_clear)(MemoryListener *listener, MemoryRegionSection
> > *section);
> >  void (*log_global_start)(MemoryListener *listener);
> >  void (*log_global_stop)(MemoryListener *listener);
> > +void (*log_global_after_sync)(MemoryListener *listener);
> >  void (*eventfd_add)(MemoryListener *listener, MemoryRegionSection
> > *section,
> >  bool match_data, uint64_t data, EventNotifier
> > *e);
> >  void (*eventfd_del)(MemoryListener *listener, MemoryRegionSection
> > *section,
> > @@ -1682,6 +1683,17 @@ MemoryRegionSection
> > memory_region_find(MemoryRegion *mr,
> >  void memory_global_dirty_log_sync(void);
> >
> >  /**
> > + * memory_global_dirty_log_sync: synchronize the 

[Qemu-devel] [PATCH v5] target-arm: Make the counter tick relative to cntfrq

[Andrew Jeffery]

Allow machines to configure CNTFRQ via a property if the ARM core
supports the generic timer. This is necessary on e.g. the ASPEED AST2600
SoC where the generic timer clock is run at 800MHz or above. The default
value for CNTFRQ remains at 62.50MHz (based on GTIMER_SCALE).

CNTFRQ is a read-as-written co-processor register; the property sets the
register's initial value which is used during realize() to configure the
QEMUTimers that back the generic timers. Beyond that the firmware can to
do whatever it sees fit with the CNTFRQ register though changes to the
value will not be reflected in the timers' rate.

I've tested this using an out-of-tree AST2600 SoC model (Cortex-A7) with
the SDK u-boot that sets CNTFRQ as appropriate, and by starting/running
machines with assorted ARM CPUs (palmetto-bmc with the ARM926EJ-S,
romulus-bmc with the ARM1176 and raspi2 with the Cortex-A53).

Signed-off-by: Andrew Jeffery 
---
v5: Remove unrelated submodule updates that snuck into v4

v4: https://patchwork.ozlabs.org/patch/1161340/
Fix configuration for cores without a generic timer

v3: https://patchwork.ozlabs.org/patch/1160634/
Peter - I think this addresses most of your feedback. I still reach into
the QEMUTimer to fetch out scale when adjusting the nexttick
calculation, but we no longer need to update the scale member and force
a recalculation of the period.

v2: https://patchwork.ozlabs.org/patch/1144389/
Signed-off-by: Andrew Jeffery 
---
 target/arm/cpu.c| 43 +++
 target/arm/cpu.h|  3 +++
 target/arm/helper.c | 30 ++
 3 files changed, 64 insertions(+), 12 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 2399c144718d..8b63a27761bb 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -40,6 +40,8 @@
 #include "disas/capstone.h"
 #include "fpu/softfloat.h"
 
+#include 
+
 static void arm_cpu_set_pc(CPUState *cs, vaddr value)
 {
 ARMCPU *cpu = ARM_CPU(cs);
@@ -976,6 +978,10 @@ static void arm_cpu_initfn(Object *obj)
 }
 }
 
+static Property arm_cpu_gt_cntfrq_property =
+DEFINE_PROP_UINT64("cntfrq", ARMCPU, gt_cntfrq,
+   (1000 * 1000 * 1000) / GTIMER_SCALE);
+
 static Property arm_cpu_reset_cbar_property =
 DEFINE_PROP_UINT64("reset-cbar", ARMCPU, reset_cbar, 0);
 
@@ -1172,6 +1178,11 @@ void arm_cpu_post_init(Object *obj)
 
 qdev_property_add_static(DEVICE(obj), _cpu_cfgend_property,
  _abort);
+
+if (arm_feature(>env, ARM_FEATURE_GENERIC_TIMER)) {
+qdev_property_add_static(DEVICE(cpu), _cpu_gt_cntfrq_property,
+ _abort);
+}
 }
 
 static void arm_cpu_finalizefn(Object *obj)
@@ -1238,14 +1249,30 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 }
 }
 
-cpu->gt_timer[GTIMER_PHYS] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE,
-   arm_gt_ptimer_cb, cpu);
-cpu->gt_timer[GTIMER_VIRT] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE,
-   arm_gt_vtimer_cb, cpu);
-cpu->gt_timer[GTIMER_HYP] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE,
-  arm_gt_htimer_cb, cpu);
-cpu->gt_timer[GTIMER_SEC] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE,
-  arm_gt_stimer_cb, cpu);
+
+{
+uint64_t scale;
+
+if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
+if (!cpu->gt_cntfrq) {
+error_setg(errp, "Invalid CNTFRQ: %"PRId64"Hz",
+   cpu->gt_cntfrq);
+return;
+}
+scale = MAX(1, NANOSECONDS_PER_SECOND / cpu->gt_cntfrq);
+} else {
+scale = GTIMER_SCALE;
+}
+
+cpu->gt_timer[GTIMER_PHYS] = timer_new(QEMU_CLOCK_VIRTUAL, scale,
+   arm_gt_ptimer_cb, cpu);
+cpu->gt_timer[GTIMER_VIRT] = timer_new(QEMU_CLOCK_VIRTUAL, scale,
+   arm_gt_vtimer_cb, cpu);
+cpu->gt_timer[GTIMER_HYP] = timer_new(QEMU_CLOCK_VIRTUAL, scale,
+  arm_gt_htimer_cb, cpu);
+cpu->gt_timer[GTIMER_SEC] = timer_new(QEMU_CLOCK_VIRTUAL, scale,
+  arm_gt_stimer_cb, cpu);
+}
 #endif
 
 cpu_exec_realizefn(cs, _err);
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 297ad5e47ad8..8bd576f834ba 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -915,6 +915,9 @@ struct ARMCPU {
 
 /* Used to set the maximum vector length the cpu will support.  */
 uint32_t sve_max_vq;
+
+/* Used to configure the generic timer input clock */
+uint64_t gt_cntfrq;
 };
 
 void arm_cpu_post_init(Object *obj);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 507026c9154b..09975704d47f 100644
--- 

[Qemu-devel] [PATCH v24 10/22] target/rx: Use prt_ldmi for XCHG_mr disassembly

[Yoshinori Sato]

From: Richard Henderson 

Note that the ld == 3 case handled by prt_ldmi is decoded as
XCHG_rr and cannot appear here.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-21-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 8 +---
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 515b365528..db10385fd0 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -366,13 +366,7 @@ static bool trans_XCHG_rr(DisasContext *ctx, arg_XCHG_rr 
*a)
 /* xchg dsp[rs].,rd */
 static bool trans_XCHG_mr(DisasContext *ctx, arg_XCHG_mr *a)
 {
-static const char msize[][4] = {
-"b", "w", "l", "ub", "uw",
-};
-char dsp[8];
-
-rx_index_addr(ctx, dsp, a->ld, a->mi);
-prt("xchg\t%s[r%d].%s, r%d", dsp, a->rs, msize[a->mi], a->rd);
+prt_ldmi(ctx, "xchg", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
-- 
2.20.1

[Qemu-devel] [PATCH v24 11/22] target/rx: Emit all disassembly in one prt()

[Yoshinori Sato]

From: Richard Henderson 

Many of the multi-part prints have been eliminated by previous
patches.  Eliminate the rest of them.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-22-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 75 ---
 1 file changed, 39 insertions(+), 36 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index db10385fd0..ebc1a44249 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -228,24 +228,21 @@ static bool trans_MOV_ra(DisasContext *ctx, arg_MOV_ra *a)
 /* mov.[bwl] rs,rd */
 static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 {
-char dspd[8], dsps[8];
+char dspd[8], dsps[8], szc = size[a->sz];
 
-prt("mov.%c\t", size[a->sz]);
 if (a->lds == 3 && a->ldd == 3) {
 /* mov.[bwl] rs,rd */
-prt("r%d, r%d", a->rs, a->rd);
-return true;
-}
-if (a->lds == 3) {
+prt("mov.%c\tr%d, r%d", szc, a->rs, a->rd);
+} else if (a->lds == 3) {
 rx_index_addr(ctx, dspd, a->ldd, a->sz);
-prt("r%d, %s[r%d]", a->rs, dspd, a->rd);
+prt("mov.%c\tr%d, %s[r%d]", szc, a->rs, dspd, a->rd);
 } else if (a->ldd == 3) {
 rx_index_addr(ctx, dsps, a->lds, a->sz);
-prt("%s[r%d], r%d", dsps, a->rs, a->rd);
+prt("mov.%c\t%s[r%d], r%d", szc, dsps, a->rs, a->rd);
 } else {
 rx_index_addr(ctx, dsps, a->lds, a->sz);
 rx_index_addr(ctx, dspd, a->ldd, a->sz);
-prt("%s[r%d], %s[r%d]", dsps, a->rs, dspd, a->rd);
+prt("mov.%c\t%s[r%d], %s[r%d]", szc, dsps, a->rs, dspd, a->rd);
 }
 return true;
 }
@@ -254,8 +251,11 @@ static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 /* mov.[bwl] rs,[-rd] */
 static bool trans_MOV_rp(DisasContext *ctx, arg_MOV_rp *a)
 {
-prt("mov.%c\tr%d, ", size[a->sz], a->rs);
-prt((a->ad == 0) ? "[r%d+]" : "[-r%d]", a->rd);
+if (a->ad) {
+prt("mov.%c\tr%d, [-r%d]", size[a->sz], a->rs, a->rd);
+} else {
+prt("mov.%c\tr%d, [r%d+]", size[a->sz], a->rs, a->rd);
+}
 return true;
 }
 
@@ -263,9 +263,11 @@ static bool trans_MOV_rp(DisasContext *ctx, arg_MOV_rp *a)
 /* mov.[bwl] [-rd],rs */
 static bool trans_MOV_pr(DisasContext *ctx, arg_MOV_pr *a)
 {
-prt("mov.%c\t", size[a->sz]);
-prt((a->ad == 0) ? "[r%d+]" : "[-r%d]", a->rd);
-prt(", r%d", a->rs);
+if (a->ad) {
+prt("mov.%c\t[-r%d], r%d", size[a->sz], a->rd, a->rs);
+} else {
+prt("mov.%c\t[r%d+], r%d", size[a->sz], a->rd, a->rs);
+}
 return true;
 }
 
@@ -299,9 +301,11 @@ static bool trans_MOVU_ar(DisasContext *ctx, arg_MOVU_ar 
*a)
 /* movu.[bw] [-rs],rd */
 static bool trans_MOVU_pr(DisasContext *ctx, arg_MOVU_pr *a)
 {
-prt("movu.%c\t", size[a->sz]);
-prt((a->ad == 0) ? "[r%d+]" : "[-r%d]", a->rd);
-prt(", r%d", a->rs);
+if (a->ad) {
+prt("movu.%c\t[-r%d], r%d", size[a->sz], a->rd, a->rs);
+} else {
+prt("movu.%c\t[r%d+], r%d", size[a->sz], a->rd, a->rs);
+}
 return true;
 }
 
@@ -478,11 +482,11 @@ static bool trans_TST_mr(DisasContext *ctx, arg_TST_mr *a)
 /* not rs, rd */
 static bool trans_NOT_rr(DisasContext *ctx, arg_NOT_rr *a)
 {
-prt("not\t");
 if (a->rs != a->rd) {
-prt("r%d, ", a->rs);
+prt("not\tr%d, r%d", a->rs, a->rd);
+} else {
+prt("not\tr%d", a->rs);
 }
-prt("r%d", a->rd);
 return true;
 }
 
@@ -490,11 +494,11 @@ static bool trans_NOT_rr(DisasContext *ctx, arg_NOT_rr *a)
 /* neg rs, rd */
 static bool trans_NEG_rr(DisasContext *ctx, arg_NEG_rr *a)
 {
-prt("neg\t");
 if (a->rs != a->rd) {
-prt("r%d, ", a->rs);
+prt("neg\tr%d, r%d", a->rs, a->rd);
+} else {
+prt("neg\tr%d", a->rs);
 }
-prt("r%d", a->rd);
 return true;
 }
 
@@ -606,11 +610,10 @@ static bool trans_SBB_mr(DisasContext *ctx, arg_SBB_mr *a)
 /* abs rs, rd */
 static bool trans_ABS_rr(DisasContext *ctx, arg_ABS_rr *a)
 {
-prt("abs\t");
-if (a->rs == a->rd) {
-prt("r%d", a->rd);
+if (a->rs != a->rd) {
+prt("abs\tr%d, r%d", a->rs, a->rd);
 } else {
-prt("r%d, r%d", a->rs, a->rd);
+prt("abs\tr%d", a->rs);
 }
 return true;
 }
@@ -733,11 +736,11 @@ static bool trans_DIVU_mr(DisasContext *ctx, arg_DIVU_mr 
*a)
 /* shll #imm:5, rs, rd */
 static bool trans_SHLL_irr(DisasContext *ctx, arg_SHLL_irr *a)
 {
-prt("shll\t#%d, ", a->imm);
 if (a->rs2 != a->rd) {
-prt("r%d, ", a->rs2);
+prt("shll\t#%d, r%d, r%d", a->imm, a->rs2, a->rd);
+} else {
+prt("shll\t#%d, r%d", a->imm, a->rd);
 }
-prt("r%d", a->rd);
 return true;
 }
 
@@ -752,11 +755,11 @@ static bool trans_SHLL_rr(DisasContext *ctx, arg_SHLL_rr 
*a)
 /* shar #imm:5, rs, rd */
 static bool trans_SHAR_irr(DisasContext *ctx, 

[Qemu-devel] [PATCH v24 12/22] target/rx: Collect all bytes during disassembly

[Yoshinori Sato]

From: Richard Henderson 

Collected, to be used in the next patch.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-23-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 62 ---
 1 file changed, 42 insertions(+), 20 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index ebc1a44249..5a32a87534 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -25,43 +25,59 @@ typedef struct DisasContext {
 disassemble_info *dis;
 uint32_t addr;
 uint32_t pc;
+uint8_t len;
+uint8_t bytes[8];
 } DisasContext;
 
 
 static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
-   int i, int n)
+  int i, int n)
 {
-bfd_byte buf;
+uint32_t addr = ctx->addr;
+
+g_assert(ctx->len == i);
+g_assert(n <= ARRAY_SIZE(ctx->bytes));
+
 while (++i <= n) {
-ctx->dis->read_memory_func(ctx->addr++, , 1, ctx->dis);
-insn |= buf << (32 - i * 8);
+ctx->dis->read_memory_func(addr++, >bytes[i - 1], 1, ctx->dis);
+insn |= ctx->bytes[i - 1] << (32 - i * 8);
 }
+ctx->addr = addr;
+ctx->len = n;
+
 return insn;
 }
 
 static int32_t li(DisasContext *ctx, int sz)
 {
-int32_t addr;
-bfd_byte buf[4];
-addr = ctx->addr;
+uint32_t addr = ctx->addr;
+uintptr_t len = ctx->len;
 
 switch (sz) {
 case 1:
+g_assert(len + 1 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 1;
-ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
-return (int8_t)buf[0];
+ctx->len += 1;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 1, ctx->dis);
+return (int8_t)ctx->bytes[len];
 case 2:
+g_assert(len + 2 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 2;
-ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
-return ldsw_le_p(buf);
+ctx->len += 2;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 2, ctx->dis);
+return ldsw_le_p(ctx->bytes + len);
 case 3:
+g_assert(len + 3 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 3;
-ctx->dis->read_memory_func(addr, buf, 3, ctx->dis);
-return (int8_t)buf[2] << 16 | lduw_le_p(buf);
+ctx->len += 3;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 3, ctx->dis);
+return (int8_t)ctx->bytes[len + 2] << 16 | lduw_le_p(ctx->bytes + len);
 case 0:
+g_assert(len + 4 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 4;
-ctx->dis->read_memory_func(addr, buf, 4, ctx->dis);
-return ldl_le_p(buf);
+ctx->len += 4;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 4, ctx->dis);
+return ldl_le_p(ctx->bytes + len);
 default:
 g_assert_not_reached();
 }
@@ -110,7 +126,7 @@ static const char psw[] = {
 static void rx_index_addr(DisasContext *ctx, char out[8], int ld, int mi)
 {
 uint32_t addr = ctx->addr;
-uint8_t buf[2];
+uintptr_t len = ctx->len;
 uint16_t dsp;
 
 switch (ld) {
@@ -119,14 +135,18 @@ static void rx_index_addr(DisasContext *ctx, char out[8], 
int ld, int mi)
 out[0] = '\0';
 return;
 case 1:
+g_assert(len + 1 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 1;
-ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
-dsp = buf[0];
+ctx->len += 1;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 1, ctx->dis);
+dsp = ctx->bytes[len];
 break;
 case 2:
+g_assert(len + 2 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 2;
-ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
-dsp = lduw_le_p(buf);
+ctx->len += 2;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 2, ctx->dis);
+dsp = lduw_le_p(ctx->bytes + len);
 break;
 default:
 g_assert_not_reached();
@@ -1392,8 +1412,10 @@ int print_insn_rx(bfd_vma addr, disassemble_info *dis)
 DisasContext ctx;
 uint32_t insn;
 int i;
+
 ctx.dis = dis;
 ctx.pc = ctx.addr = addr;
+ctx.len = 0;
 
 insn = decode_load();
 if (!decode(, insn)) {
-- 
2.20.1

[Qemu-devel] [PATCH v24 22/22] qapi/machine.json: Add RX cpu.

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
---
 qapi/machine.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qapi/machine.json b/qapi/machine.json
index ca26779f1a..70398c521f 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -28,7 +28,7 @@
   'data' : [ 'aarch64', 'alpha', 'arm', 'cris', 'hppa', 'i386', 'lm32',
  'm68k', 'microblaze', 'microblazeel', 'mips', 'mips64',
  'mips64el', 'mipsel', 'moxie', 'nios2', 'or1k', 'ppc',
- 'ppc64', 'riscv32', 'riscv64', 's390x', 'sh4',
+ 'ppc64', 'riscv32', 'riscv64', 'rx', 's390x', 'sh4',
  'sh4eb', 'sparc', 'sparc64', 'tricore', 'unicore32',
  'x86_64', 'xtensa', 'xtensaeb' ] }
 
-- 
2.20.1

Re: [Qemu-devel] [PATCH] nbd/server: attach client channel to the export's AioContext

[Sergio Lopez]

Eric Blake  writes:

> On 9/11/19 12:21 PM, Eric Blake wrote:
>> On 9/11/19 11:15 AM, Sergio Lopez wrote:
>>> On creation, the export's AioContext is set to the same one as the
>>> BlockBackend, while the AioContext in the client QIOChannel is left
>>> untouched.
>>>
>>> As a result, when using data-plane, nbd_client_receive_next_request()
>>> schedules coroutines in the IOThread AioContext, while the client's
>>> QIOChannel is serviced from the main_loop, potentially triggering the
>>> assertion at qio_channel_restart_[read|write].
>>>
>>> To fix this, as soon we have the export corresponding to the client,
>>> we call qio_channel_attach_aio_context() to attach the QIOChannel
>>> context to the export's AioContext. This matches with the logic in
>>> blk_aio_attached().
>>>
>>> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1748253
>>> Signed-off-by: Sergio Lopez 
>>> ---
>>>  nbd/server.c | 2 ++
>>>  1 file changed, 2 insertions(+)
>> 
>> I'd like a second opinion from Kevin, but the description makes sense to
>> me.  I'm happy to queue this through my NBD tree.
>> 
>> Reviewed-by: Eric Blake 
>
> I tried to test this patch, but even with it applied, I still got an
> aio-context crasher by attempting an nbd-server-start, nbd-server-add,
> nbd-server-stop (intentionally skipping the nbd-server-remove step) on a
> domain using iothreads, with a backtrace of:
>
> #0  0x7ff09d070e35 in raise () from target:/lib64/libc.so.6
> #1  0x7ff09d05b895 in abort () from target:/lib64/libc.so.6
> #2  0x55dd03b9ab86 in error_exit (err=1, msg=0x55dd03d59fb0
> <__func__.15769> "qemu_mutex_unlock_impl")
> at util/qemu-thread-posix.c:36
> #3  0x55dd03b9adcf in qemu_mutex_unlock_impl (mutex=0x55dd062d5090,
> file=0x55dd03d59041 "util/async.c",
> line=523) at util/qemu-thread-posix.c:96
> #4  0x55dd03b93433 in aio_context_release (ctx=0x55dd062d5030) at
> util/async.c:523
> #5  0x55dd03ac421b in bdrv_do_drained_begin (bs=0x55dd0673a2d0,
> recursive=false, parent=0x0,
> ignore_bds_parents=false, poll=true) at block/io.c:428
> #6  0x55dd03ac4299 in bdrv_drained_begin (bs=0x55dd0673a2d0) at
> block/io.c:434
> #7  0x55dd03aafb54 in blk_drain (blk=0x55dd06a3ec40) at
> block/block-backend.c:1605
> #8  0x55dd03aae054 in blk_remove_bs (blk=0x55dd06a3ec40) at
> block/block-backend.c:800
> #9  0x55dd03aad54a in blk_delete (blk=0x55dd06a3ec40) at
> block/block-backend.c:420
> #10 0x55dd03aad7d6 in blk_unref (blk=0x55dd06a3ec40) at
> block/block-backend.c:475
> #11 0x55dd03aecb68 in nbd_export_put (exp=0x55dd0726f920) at
> nbd/server.c:1666
> #12 0x55dd03aec8fe in nbd_export_close (exp=0x55dd0726f920) at
> nbd/server.c:1616
> #13 0x55dd03aecbf1 in nbd_export_close_all () at nbd/server.c:1689
> #14 0x55dd03748845 in qmp_nbd_server_stop (errp=0x7ffcdf3cb4e8) at
> blockdev-nbd.c:233
> ...
>
> Does that sound familiar to what you were seeing?  Does it mean we
> missed another spot where the context is set incorrectly?

It looks like it was trying to release the AioContext while it was still
held by some other thread. Is this stacktrace from the main thread or an
iothread? What was the other one doing?

> I'm happy to work with you on IRC for more real-time debugging of this
> (I'm woefully behind on understanding how aio contexts are supposed to
> work).

I must be missing some step, because I can't reproduce this one
here. I've tried both with an idle NDB server and one with a client
generating I/O. Is it reproducible 100% of them time?

Sergio.


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2] util/hbitmap: strict hbitmap_reset

[Vladimir Sementsov-Ogievskiy]

11.09.2019 20:59, John Snow wrote:
> 
> 
> On 9/11/19 11:13 AM, Vladimir Sementsov-Ogievskiy wrote:
>> 07.08.2019 19:27, John Snow wrote:
>>>
>>>
>>> On 8/6/19 12:19 PM, Vladimir Sementsov-Ogievskiy wrote:
 06.08.2019 19:09, Max Reitz wrote:
> On 06.08.19 17:26, Vladimir Sementsov-Ogievskiy wrote:
>> hbitmap_reset has an unobvious property: it rounds requested region up.
>> It may provoke bugs, like in recently fixed write-blocking mode of
>> mirror: user calls reset on unaligned region, not keeping in mind that
>> there are possible unrelated dirty bytes, covered by rounded-up region
>> and information of this unrelated "dirtiness" will be lost.
>>
>> Make hbitmap_reset strict: assert that arguments are aligned, allowing
>> only one exception when @start + @count == hb->orig_size. It's needed
>> to comfort users of hbitmap_next_dirty_area, which cares about
>> hb->orig_size.
>>
>> Signed-off-by: Vladimir Sementsov-Ogievskiy 
>> ---
>>
>> v2 based on Max's https://github.com/XanClic/qemu.git block
>> which will be merged soon to 4.1, and this patch goes to 4.2
>> Based-on: https://github.com/XanClic/qemu.git block
>>
>> v1 was "[PATCH] util/hbitmap: fix unaligned reset", and as I understand
>> we all agreed to just assert alignment instead of aligning down
>> automatically.
>>
>> include/qemu/hbitmap.h | 5 +
>> tests/test-hbitmap.c   | 2 +-
>> util/hbitmap.c | 4 
>> 3 files changed, 10 insertions(+), 1 deletion(-)
>>
>> diff --git a/include/qemu/hbitmap.h b/include/qemu/hbitmap.h
>> index 4afbe6292e..7865e819ca 100644
>> --- a/include/qemu/hbitmap.h
>> +++ b/include/qemu/hbitmap.h
>> @@ -132,6 +132,11 @@ void hbitmap_set(HBitmap *hb, uint64_t start, 
>> uint64_t count);
>>  * @count: Number of bits to reset.
>>  *
>>  * Reset a consecutive range of bits in an HBitmap.
>> + * @start and @count must be aligned to bitmap granularity. The only 
>> exception
>> + * is resetting the tail of the bitmap: @count may be equal to @start +
>> + * hb->orig_size,
>
> s/@start + hb->orig_size/hb->orig_size - @start/, I think.

 Ha, I wanted to say start + count equal to orig_size. Yours is OK too of 
 course.

>
>>in this case @count may be not aligned. @start + @count
>
> +are
>
> With those fixed:
>
> Reviewed-by: Max Reitz 

 Thanks!

>>>
>>> I'll add this to the pile for 4.2, after I fix the rebase conflicts that
>>> arose from 4.1-rc4.
>>>
>>
>> Hi!
>>
>> Didn't you forget, or should I resend?
>>
>>
> 
> I must have dropped the patch by accident during the rebasing. As an
> apology, I squashed in Max's suggestions from the list. Check that they
> look OK, please?
> 
> Thanks, applied to my bitmaps tree:
> 
> https://github.com/jnsnow/qemu/commits/bitmaps
> https://github.com/jnsnow/qemu.git
> 

Thanks! Still:

Quote from your branch:

 >   * Reset a consecutive range of bits in an HBitmap.
 > + * @start and @count must be aligned to bitmap granularity. The only 
 > exception
 > + * is resetting the tail of the bitmap: @count may be equal to 
 > hb->orig_size -
 > + * start, in this case @count may be not aligned. @start + @count are

s/start/@start/ (corresponds to Max's comment, too)

Also, I'm not sure about "are" suggested by Max. "are" is for plural, but here 
I meant
one object: sum of @start and @count.

So, you may use exactly "Sum of @start and @count is" or "(@start + @count) sum 
is" or
just "(@start + @count) is", whichever you like more.

 > + * allowed to be greater than hb->orig_size, but only if @start < 
 > hb->orig_size
 > + * and @start + @count = ALIGN_UP(hb->orig_size, granularity).
 >   */
 >  void hbitmap_reset(HBitmap *hb, uint64_t start, uint64_t count);


-- 
Best regards,
Vladimir

Re: [Qemu-devel] [PATCH v4 0/4] semihosting at translate time fixes

[Peter Maydell]

On Wed, 11 Sep 2019 at 14:14, Alex Bennée  wrote:
> It does seem a bit weird that userspace linux-user does do semihosting
> whereas EL0 in softmmu doesn't. Is that because we are effectively
> short-circuiting what a real ARM kernel would be doing for EL0?

It's because the "not for EL0" is a rather bogus attempt
at 'security' by not allowing userspace in a system emulator
to access the semihosting API, reserving it instead for
the guest OS (its EL1). This concept doesn't apply for
linux-user mode, where there is no guest EL1, and where in any
case the semihosting API doesn't allow the guest code to do
anything it couldn't do by directly making host OS syscalls.

I suspect this "not for EL0" thing is not something anybody
else's semihosting implementation does (though I haven't checked).

One idea I've vaguely thought about is an idea of a more
'safe' semihosting mode, where we only provide the calls
which we think are reasonable for a not-really-trusted
guest: so you could write to stdout but not read/write
arbitrary files on the filesystem, for instance.

thanks
-- PMM

[Qemu-devel] [PATCH 06/12] qcrypto-luks: use the parsed encryption settings in QCryptoBlockLUKS

[Maxim Levitsky]

Prior to that patch, the parsed encryption settings
were already stored into the QCryptoBlockLUKS but not
used anywhere but in qcrypto_block_luks_get_info

Using them simplifies the code

Signed-off-by: Maxim Levitsky 
Reviewed-by: Daniel P. Berrangé 
---
 crypto/block-luks.c | 169 +---
 1 file changed, 79 insertions(+), 90 deletions(-)

diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index b759cc8d19..f3bfc921b2 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -199,13 +199,25 @@ QEMU_BUILD_BUG_ON(sizeof(struct QCryptoBlockLUKSHeader) 
!= 592);
 struct QCryptoBlockLUKS {
 QCryptoBlockLUKSHeader header;
 
-/* Cache parsed versions of what's in header fields,
- * as we can't rely on QCryptoBlock.cipher being
- * non-NULL */
+/* Main encryption algorithm used for encryption*/
 QCryptoCipherAlgorithm cipher_alg;
+
+/* Mode of encryption for the selected encryption algorithm */
 QCryptoCipherMode cipher_mode;
+
+/* Initialization vector generation algorithm */
 QCryptoIVGenAlgorithm ivgen_alg;
+
+/* Hash algorithm used for IV generation*/
 QCryptoHashAlgorithm ivgen_hash_alg;
+
+/*
+ * Encryption algorithm used for IV generation.
+ * Usually the same as main encryption algorithm
+ */
+QCryptoCipherAlgorithm ivgen_cipher_alg;
+
+/* Hash algorithm used in pbkdf2 function */
 QCryptoHashAlgorithm hash_alg;
 };
 
@@ -412,12 +424,6 @@ static int
 qcrypto_block_luks_load_key(QCryptoBlock *block,
 size_t slot_idx,
 const char *password,
-QCryptoCipherAlgorithm cipheralg,
-QCryptoCipherMode ciphermode,
-QCryptoHashAlgorithm hash,
-QCryptoIVGenAlgorithm ivalg,
-QCryptoCipherAlgorithm ivcipheralg,
-QCryptoHashAlgorithm ivhash,
 uint8_t *masterkey,
 QCryptoBlockReadFunc readfunc,
 void *opaque,
@@ -449,7 +455,7 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
  * the key is correct and validate the results of
  * decryption later.
  */
-if (qcrypto_pbkdf2(hash,
+if (qcrypto_pbkdf2(luks->hash_alg,
(const uint8_t *)password, strlen(password),
slot->salt, QCRYPTO_BLOCK_LUKS_SALT_LEN,
slot->iterations,
@@ -477,19 +483,23 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
 
 /* Setup the cipher/ivgen that we'll use to try to decrypt
  * the split master key material */
-cipher = qcrypto_cipher_new(cipheralg, ciphermode,
-possiblekey, luks->header.master_key_len,
+cipher = qcrypto_cipher_new(luks->cipher_alg,
+luks->cipher_mode,
+possiblekey,
+luks->header.master_key_len,
 errp);
 if (!cipher) {
 return -1;
 }
 
-niv = qcrypto_cipher_get_iv_len(cipheralg,
-ciphermode);
-ivgen = qcrypto_ivgen_new(ivalg,
-  ivcipheralg,
-  ivhash,
-  possiblekey, luks->header.master_key_len,
+niv = qcrypto_cipher_get_iv_len(luks->cipher_alg,
+luks->cipher_mode);
+
+ivgen = qcrypto_ivgen_new(luks->ivgen_alg,
+  luks->ivgen_cipher_alg,
+  luks->ivgen_hash_alg,
+  possiblekey,
+  luks->header.master_key_len,
   errp);
 if (!ivgen) {
 return -1;
@@ -518,7 +528,7 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
  * Now we've decrypted the split master key, join
  * it back together to get the actual master key.
  */
-if (qcrypto_afsplit_decode(hash,
+if (qcrypto_afsplit_decode(luks->hash_alg,
luks->header.master_key_len,
slot->stripes,
splitkey,
@@ -536,7 +546,7 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
  * then comparing that to the hash stored in the key slot
  * header
  */
-if (qcrypto_pbkdf2(hash,
+if (qcrypto_pbkdf2(luks->hash_alg,
masterkey,
luks->header.master_key_len,
luks->header.master_key_salt,
@@ -570,12 +580,6 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
 static int
 qcrypto_block_luks_find_key(QCryptoBlock *block,
 const char *password,
-QCryptoCipherAlgorithm cipheralg,
-QCryptoCipherMode 

[Qemu-devel] [PATCH 05/12] qcrypto-luks: pass keyslot index rather that pointer to the keyslot

[Maxim Levitsky]

Another minor refactoring

Signed-off-by: Maxim Levitsky 
Reviewed-by: Daniel P. Berrangé 
---
 crypto/block-luks.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 9e59a791a6..b759cc8d19 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -410,7 +410,7 @@ qcrypto_block_luks_essiv_cipher(QCryptoCipherAlgorithm 
cipher,
  */
 static int
 qcrypto_block_luks_load_key(QCryptoBlock *block,
-QCryptoBlockLUKSKeySlot *slot,
+size_t slot_idx,
 const char *password,
 QCryptoCipherAlgorithm cipheralg,
 QCryptoCipherMode ciphermode,
@@ -424,6 +424,7 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
 Error **errp)
 {
 QCryptoBlockLUKS *luks = block->opaque;
+const QCryptoBlockLUKSKeySlot *slot = >header.key_slots[slot_idx];
 g_autofree uint8_t *splitkey = NULL;
 size_t splitkeylen;
 g_autofree uint8_t *possiblekey = NULL;
@@ -580,13 +581,12 @@ qcrypto_block_luks_find_key(QCryptoBlock *block,
 void *opaque,
 Error **errp)
 {
-QCryptoBlockLUKS *luks = block->opaque;
 size_t i;
 int rv;
 
 for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
 rv = qcrypto_block_luks_load_key(block,
- >header.key_slots[i],
+ i,
  password,
  cipheralg,
  ciphermode,
-- 
2.17.2

[Qemu-devel] [PATCH 03/12] qcrypto-luks: don't overwrite cipher_mode in header

[Maxim Levitsky]

This way we can store the header we loaded, which
will be used in key management code

Signed-off-by: Maxim Levitsky 
Reviewed-by: Daniel P. Berrangé 
---
 crypto/block-luks.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index f12fa2d270..25f8a9f1c4 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -645,6 +645,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
 QCryptoHashAlgorithm hash;
 QCryptoHashAlgorithm ivhash;
 g_autofree char *password = NULL;
+g_autofree char *cipher_mode = NULL;
 
 if (!(flags & QCRYPTO_BLOCK_OPEN_NO_IO)) {
 if (!options->u.luks.key_secret) {
@@ -701,6 +702,8 @@ qcrypto_block_luks_open(QCryptoBlock *block,
 goto fail;
 }
 
+cipher_mode = g_strdup(luks->header.cipher_mode);
+
 /*
  * The cipher_mode header contains a string that we have
  * to further parse, of the format
@@ -709,11 +712,11 @@ qcrypto_block_luks_open(QCryptoBlock *block,
  *
  * eg  cbc-essiv:sha256, cbc-plain64
  */
-ivgen_name = strchr(luks->header.cipher_mode, '-');
+ivgen_name = strchr(cipher_mode, '-');
 if (!ivgen_name) {
 ret = -EINVAL;
 error_setg(errp, "Unexpected cipher mode string format %s",
-   luks->header.cipher_mode);
+   cipher_mode);
 goto fail;
 }
 *ivgen_name = '\0';
@@ -735,7 +738,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
 }
 }
 
-ciphermode = 
qcrypto_block_luks_cipher_mode_lookup(luks->header.cipher_mode,
+ciphermode = qcrypto_block_luks_cipher_mode_lookup(cipher_mode,
_err);
 if (local_err) {
 ret = -ENOTSUP;
-- 
2.17.2

[Qemu-devel] [PATCH 11/12] qcrypto-luks: simplify the math used for keyslot locations

[Maxim Levitsky]

Signed-off-by: Maxim Levitsky 
Reviewed-by: Daniel P. Berrangé 
---
 crypto/block-luks.c | 63 -
 1 file changed, 40 insertions(+), 23 deletions(-)

diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index c6045da33e..0d155c6614 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -409,6 +409,30 @@ qcrypto_block_luks_essiv_cipher(QCryptoCipherAlgorithm 
cipher,
 }
 }
 
+/*
+ * Returns number of sectors needed to store the key material
+ * given number of anti forensic stripes
+ */
+static int
+qcrypto_block_luks_splitkeylen_sectors(const QCryptoBlockLUKS *luks,
+   unsigned int header_sectors,
+   unsigned int stripes)
+{
+/*
+ * This calculation doesn't match that shown in the spec,
+ * but instead follows the cryptsetup implementation.
+ */
+
+size_t splitkeylen = luks->header.master_key_len * stripes;
+
+/* First align the key material size to block size*/
+size_t splitkeylen_sectors =
+DIV_ROUND_UP(splitkeylen, QCRYPTO_BLOCK_LUKS_SECTOR_SIZE);
+
+/* Then also align the key material size to the size of the header */
+return ROUND_UP(splitkeylen_sectors, header_sectors);
+}
+
 /*
  * Stores the main LUKS header, taking care of endianess
  */
@@ -1124,7 +1148,8 @@ qcrypto_block_luks_create(QCryptoBlock *block,
 QCryptoBlockCreateOptionsLUKS luks_opts;
 Error *local_err = NULL;
 g_autofree uint8_t *masterkey = NULL;
-size_t splitkeylen = 0;
+size_t header_sectors;
+size_t split_key_sectors;
 size_t i;
 g_autofree char *password = NULL;
 const char *cipher_alg;
@@ -1343,37 +1368,29 @@ qcrypto_block_luks_create(QCryptoBlock *block,
 goto error;
 }
 
+/* start with the sector that follows the header*/
+header_sectors = QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
+QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
+
+split_key_sectors =
+qcrypto_block_luks_splitkeylen_sectors(luks,
+   header_sectors,
+   QCRYPTO_BLOCK_LUKS_STRIPES);
 
-/* Although LUKS has multiple key slots, we're just going
- * to use the first key slot */
-splitkeylen = luks->header.master_key_len * QCRYPTO_BLOCK_LUKS_STRIPES;
 for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
-luks->header.key_slots[i].active = 
QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED;
-luks->header.key_slots[i].stripes = QCRYPTO_BLOCK_LUKS_STRIPES;
+QCryptoBlockLUKSKeySlot *slot = >header.key_slots[i];
+slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED;
 
-/* This calculation doesn't match that shown in the spec,
- * but instead follows the cryptsetup implementation.
- */
-luks->header.key_slots[i].key_offset_sector =
-(QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
- QCRYPTO_BLOCK_LUKS_SECTOR_SIZE) +
-(ROUND_UP(DIV_ROUND_UP(splitkeylen, 
QCRYPTO_BLOCK_LUKS_SECTOR_SIZE),
-  (QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
-   QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)) * i);
+slot->key_offset_sector = header_sectors + i * split_key_sectors;
+slot->stripes = QCRYPTO_BLOCK_LUKS_STRIPES;
 }
 
-
 /* The total size of the LUKS headers is the partition header + key
  * slot headers, rounded up to the nearest sector, combined with
  * the size of each master key material region, also rounded up
  * to the nearest sector */
-luks->header.payload_offset_sector =
-(QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
- QCRYPTO_BLOCK_LUKS_SECTOR_SIZE) +
-(ROUND_UP(DIV_ROUND_UP(splitkeylen, QCRYPTO_BLOCK_LUKS_SECTOR_SIZE),
-  (QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
-   QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)) *
- QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
+luks->header.payload_offset_sector = header_sectors +
+QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS * split_key_sectors;
 
 block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
 block->payload_offset = luks->header.payload_offset_sector *
-- 
2.17.2

Re: [Qemu-devel] [PATCH v2 2/5] migration: Use automatic rcu_read unlock in ram.c

[Daniel P . Berrangé]

On Wed, Sep 11, 2019 at 08:06:19PM +0100, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> Use the automatic read unlocker in migration/ram.c;
> only for the cases where the unlock is at the end of the function.
> 
> Signed-off-by: Dr. David Alan Gilbert 
> ---
>  migration/ram.c | 25 +
>  1 file changed, 9 insertions(+), 16 deletions(-)

Reviewed-by: Daniel P. Berrangé 


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[Qemu-devel] [Bug 1843151] Re: Regression: QEMU 4.1.0 qxl and KMS resoluiton only 4x10

[James Harvey]

a) spice 0.14.2.  Also spice-gtk 0.37, and spice-protocol 0.14.0.

b) Swapping with "-device qxl-vga,max_outputs=1" does fix the problem.
Swapping with "-device qxl-vga" still has the bug.

c) Knowing b, would the bisect still help?  If needed, sure, I will.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1843151

Title:
  Regression: QEMU 4.1.0 qxl and KMS resoluiton only 4x10

Status in QEMU:
  New

Bug description:
  Host is Arch Linux.  linux 5.2.13, qemu 4.1.0.  virt-viewer 8.0.

  Guest is Arch Linux Sept 2019 ISO.  linux 5.2.11.

  Have replicated this both on a system using amdgpu and one using
  integrated ASPEED graphics.

  Downgrading from 4.1.0 to 4.0.0 works as usual, see:
  https://www.youtube.com/watch?v=NyMdcYwOCvY

  Going back to 4.1.0 reproduces, see:
  https://www.youtube.com/watch?v=H3nGG2Mk6i0

  4.1.0 displays fine until KMS kicks in.

  Using 4.1.0 with virtio-vga doesn't cause this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1843151/+subscriptions

[Qemu-devel] [PATCH v3 3/4] hw/ppc/pnv_homer: add PowerNV homer device model

[Balamuruhan S]

add PnvHomer device model to emulate homer memory access
for pstate table, occ-sensors, slw, occ static and dynamic
values for Power8 and Power9 chips.

Signed-off-by: Balamuruhan S 
---
 hw/ppc/Makefile.objs   |   1 +
 hw/ppc/pnv.c   |  30 +
 hw/ppc/pnv_homer.c | 272 +
 include/hw/ppc/pnv.h   |   3 +
 include/hw/ppc/pnv_homer.h |  53 +
 5 files changed, 359 insertions(+)
 create mode 100644 hw/ppc/pnv_homer.c
 create mode 100644 include/hw/ppc/pnv_homer.h

diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
index 2c4e1c8de0..580bb4f0dd 100644
--- a/hw/ppc/Makefile.objs
+++ b/hw/ppc/Makefile.objs
@@ -9,6 +9,7 @@ obj-$(CONFIG_PSERIES) += spapr_tpm_proxy.o
 obj-$(CONFIG_SPAPR_RNG) +=  spapr_rng.o
 # IBM PowerNV
 obj-$(CONFIG_POWERNV) += pnv.o pnv_xscom.o pnv_core.o pnv_lpc.o pnv_psi.o 
pnv_occ.o pnv_bmc.o
+obj-$(CONFIG_POWERNV) += pnv_homer.o
 ifeq ($(CONFIG_PCI)$(CONFIG_PSERIES)$(CONFIG_LINUX), yyy)
 obj-y += spapr_pci_vfio.o spapr_pci_nvlink2.o
 endif
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 80338ffe87..f249e72356 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -847,6 +847,11 @@ static void pnv_chip_power8_instance_init(Object *obj)
 TYPE_PNV8_OCC, _abort, NULL);
 object_property_add_const_link(OBJECT(>occ), "psi",
OBJECT(>psi), _abort);
+
+object_initialize_child(obj, "homer",  >homer, sizeof(chip8->homer),
+TYPE_PNV8_HOMER, _abort, NULL);
+object_property_add_const_link(OBJECT(>homer), "chip", obj,
+   _abort);
 }
 
 static void pnv_chip_icp_realize(Pnv8Chip *chip8, Error **errp)
@@ -942,6 +947,16 @@ static void pnv_chip_power8_realize(DeviceState *dev, 
Error **errp)
 /* OCC SRAM model */
 memory_region_add_subregion(get_system_memory(), PNV_OCC_COMMON_AREA(chip),
 >occ.sram_regs);
+
+/* HOMER */
+object_property_set_bool(OBJECT(>homer), true, "realized",
+ _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+memory_region_add_subregion(get_system_memory(), PNV_HOMER_BASE(chip),
+>homer.regs);
 }
 
 static void pnv_chip_power8e_class_init(ObjectClass *klass, void *data)
@@ -1024,6 +1039,11 @@ static void pnv_chip_power9_instance_init(Object *obj)
 TYPE_PNV9_OCC, _abort, NULL);
 object_property_add_const_link(OBJECT(>occ), "psi",
OBJECT(>psi), _abort);
+
+object_initialize_child(obj, "homer",  >homer, sizeof(chip9->homer),
+TYPE_PNV9_HOMER, _abort, NULL);
+object_property_add_const_link(OBJECT(>homer), "chip", obj,
+   _abort);
 }
 
 static void pnv_chip_quad_realize(Pnv9Chip *chip9, Error **errp)
@@ -1134,6 +1154,16 @@ static void pnv_chip_power9_realize(DeviceState *dev, 
Error **errp)
 /* OCC SRAM model */
 memory_region_add_subregion(get_system_memory(), 
PNV9_OCC_COMMON_AREA(chip),
 >occ.sram_regs);
+
+/* HOMER */
+object_property_set_bool(OBJECT(>homer), true, "realized",
+ _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+memory_region_add_subregion(get_system_memory(), PNV9_HOMER_BASE(chip),
+>homer.regs);
 }
 
 static void pnv_chip_power9_class_init(ObjectClass *klass, void *data)
diff --git a/hw/ppc/pnv_homer.c b/hw/ppc/pnv_homer.c
new file mode 100644
index 00..cc881a3b32
--- /dev/null
+++ b/hw/ppc/pnv_homer.c
@@ -0,0 +1,272 @@
+/*
+ * QEMU PowerPC PowerNV Emulation of a few HOMER related registers
+ *
+ * Copyright (c) 2019, IBM Corporation.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License, version 2, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "exec/hwaddr.h"
+#include "exec/memory.h"
+#include "sysemu/cpus.h"
+#include "hw/qdev-core.h"
+#include "hw/ppc/pnv.h"
+#include "hw/ppc/pnv_homer.h"
+
+
+static bool core_max_array(PnvHomer *homer, hwaddr addr)
+{
+int i;
+PnvHomerClass *hmrc = PNV_HOMER_GET_CLASS(homer);
+
+for (i = 0; i <= homer->chip->nr_cores; i++) {
+if (addr == (hmrc->core_max_base + i)) {
+return true;
+   }
+}

[Qemu-devel] [PATCH v3 2/4] hw/ppc/pnv_occ: add sram device model for occ common area

[Balamuruhan S]

emulate occ common area region with occ sram device model which
occ and skiboot uses it to communicate regarding sensors, slw
and HWMON in PowerNV emulated host.

Reviewed-by: Cédric Le Goater 
Signed-off-by: Balamuruhan S 
---
 hw/ppc/pnv.c |  8 +
 hw/ppc/pnv_occ.c | 78 
 include/hw/ppc/pnv_occ.h |  3 ++
 3 files changed, 89 insertions(+)

diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 3f08db7b9e..80338ffe87 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -938,6 +938,10 @@ static void pnv_chip_power8_realize(DeviceState *dev, 
Error **errp)
 return;
 }
 pnv_xscom_add_subregion(chip, PNV_XSCOM_OCC_BASE, >occ.xscom_regs);
+
+/* OCC SRAM model */
+memory_region_add_subregion(get_system_memory(), PNV_OCC_COMMON_AREA(chip),
+>occ.sram_regs);
 }
 
 static void pnv_chip_power8e_class_init(ObjectClass *klass, void *data)
@@ -1126,6 +1130,10 @@ static void pnv_chip_power9_realize(DeviceState *dev, 
Error **errp)
 return;
 }
 pnv_xscom_add_subregion(chip, PNV9_XSCOM_OCC_BASE, >occ.xscom_regs);
+
+/* OCC SRAM model */
+memory_region_add_subregion(get_system_memory(), 
PNV9_OCC_COMMON_AREA(chip),
+>occ.sram_regs);
 }
 
 static void pnv_chip_power9_class_init(ObjectClass *klass, void *data)
diff --git a/hw/ppc/pnv_occ.c b/hw/ppc/pnv_occ.c
index 8bead2c930..785653bb67 100644
--- a/hw/ppc/pnv_occ.c
+++ b/hw/ppc/pnv_occ.c
@@ -30,6 +30,24 @@
 #define OCB_OCI_OCCMISC_AND 0x4021
 #define OCB_OCI_OCCMISC_OR  0x4022
 
+/* OCC sensors */
+#define OCC_SENSOR_DATA_BLOCK_OFFSET  0x58
+#define OCC_SENSOR_DATA_VALID 0x580001
+#define OCC_SENSOR_DATA_VERSION   0x580002
+#define OCC_SENSOR_DATA_READING_VERSION   0x580004
+#define OCC_SENSOR_DATA_NR_SENSORS0x580008
+#define OCC_SENSOR_DATA_NAMES_OFFSET  0x580010
+#define OCC_SENSOR_DATA_READING_PING_OFFSET   0x580014
+#define OCC_SENSOR_DATA_READING_PONG_OFFSET   0x58000c
+#define OCC_SENSOR_DATA_NAME_LENGTH   0x58000d
+#define OCC_SENSOR_NAME_STRUCTURE_TYPE0x580023
+#define OCC_SENSOR_LOC_CORE   0x580022
+#define OCC_SENSOR_LOC_GPU0x580020
+#define OCC_SENSOR_TYPE_POWER 0x580003
+#define OCC_SENSOR_NAME   0x580005
+#define HWMON_SENSORS_MASK0x58001e
+#define SLW_IMAGE_BASE0x0
+
 static void pnv_occ_set_misc(PnvOCC *occ, uint64_t val)
 {
 bool irq_state;
@@ -82,6 +100,48 @@ static void pnv_occ_power8_xscom_write(void *opaque, hwaddr 
addr,
 }
 }
 
+static uint64_t pnv_occ_common_area_read(void *opaque, hwaddr addr,
+ unsigned width)
+{
+switch (addr) {
+/*
+ * occ-sensor sanity check that asserts the sensor
+ * header block
+ */
+case OCC_SENSOR_DATA_BLOCK_OFFSET:
+case OCC_SENSOR_DATA_VALID:
+case OCC_SENSOR_DATA_VERSION:
+case OCC_SENSOR_DATA_READING_VERSION:
+case OCC_SENSOR_DATA_NR_SENSORS:
+case OCC_SENSOR_DATA_NAMES_OFFSET:
+case OCC_SENSOR_DATA_READING_PING_OFFSET:
+case OCC_SENSOR_DATA_READING_PONG_OFFSET:
+case OCC_SENSOR_NAME_STRUCTURE_TYPE:
+return 1;
+case OCC_SENSOR_DATA_NAME_LENGTH:
+return 0x30;
+case OCC_SENSOR_LOC_CORE:
+return 0x0040;
+case OCC_SENSOR_TYPE_POWER:
+return 0x0080;
+case OCC_SENSOR_NAME:
+return 0x1000;
+case HWMON_SENSORS_MASK:
+case OCC_SENSOR_LOC_GPU:
+return 0x8e00;
+case SLW_IMAGE_BASE:
+return 0x1000;
+}
+return 0;
+}
+
+static void pnv_occ_common_area_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned width)
+{
+/* callback function defined to occ common area write */
+return;
+}
+
 static const MemoryRegionOps pnv_occ_power8_xscom_ops = {
 .read = pnv_occ_power8_xscom_read,
 .write = pnv_occ_power8_xscom_write,
@@ -92,12 +152,24 @@ static const MemoryRegionOps pnv_occ_power8_xscom_ops = {
 .endianness = DEVICE_BIG_ENDIAN,
 };
 
+const MemoryRegionOps pnv_occ_sram_ops = {
+.read = pnv_occ_common_area_read,
+.write = pnv_occ_common_area_write,
+.valid.min_access_size = 1,
+.valid.max_access_size = 8,
+.impl.min_access_size = 1,
+.impl.max_access_size = 8,
+.endianness = DEVICE_BIG_ENDIAN,
+};
+
 static void pnv_occ_power8_class_init(ObjectClass *klass, void *data)
 {
 PnvOCCClass *poc = PNV_OCC_CLASS(klass);
 
 poc->xscom_size = PNV_XSCOM_OCC_SIZE;
+poc->sram_size = PNV_OCC_COMMON_AREA_SIZE;
 poc->xscom_ops = _occ_power8_xscom_ops;
+poc->sram_ops = _occ_sram_ops;
 poc->psi_irq = PSIHB_IRQ_OCC;
 }
 
@@ -168,7 +240,9 @@ static void pnv_occ_power9_class_init(ObjectClass *klass, 
void *data)
 PnvOCCClass *poc = PNV_OCC_CLASS(klass);
 
 

Re: [Qemu-devel] [PATCH 05/10] block/crypto: implement the encryption key management

[Maxim Levitsky]

On Fri, 2019-09-06 at 15:04 +0100, Daniel P. Berrangé wrote:
> On Fri, Aug 30, 2019 at 11:56:03PM +0300, Maxim Levitsky wrote:
> > This implements the encryption key management
> > using the generic code in qcrypto layer
> > (currently only for qemu-img amend)
> > 
> > This code adds another 'write_func' because the initialization
> > write_func works directly on the underlying file,
> > because during the creation, there is no open instance
> > of the luks driver, but during regular use, we have it,
> > and should use it instead.
> > 
> > Signed-off-by: Maxim Levitsky 
> > ---
> >  block/crypto.c | 106 +++--
> >  1 file changed, 103 insertions(+), 3 deletions(-)
> > 
> > diff --git a/block/crypto.c b/block/crypto.c
> > index a6a3e1f1d8..dbd95a99ba 100644
> > --- a/block/crypto.c
> > +++ b/block/crypto.c
> > @@ -36,6 +36,7 @@ typedef struct BlockCrypto BlockCrypto;
> >  
> >  struct BlockCrypto {
> >  QCryptoBlock *block;
> > +bool updating_keys;
> >  };
> >  
> >  
> > @@ -70,6 +71,24 @@ static ssize_t block_crypto_read_func(QCryptoBlock 
> > *block,
> >  return ret;
> >  }
> >  
> > +static ssize_t block_crypto_write_func(QCryptoBlock *block,
> > +  size_t offset,
> > +  const uint8_t *buf,
> > +  size_t buflen,
> > +  void *opaque,
> > +  Error **errp)
> 
> Indent off-by-1 - align with param on the first line
I hope you won't hate me after all these indent bugs.
I'll learn to notice, I promise :-)

> 
> > +{
> > +BlockDriverState *bs = opaque;
> > +ssize_t ret;
> > +
> > +ret = bdrv_pwrite(bs->file, offset, buf, buflen);
> > +if (ret < 0) {
> > +error_setg_errno(errp, -ret, "Could not write encryption header");
> > +return ret;
> > +}
> > +return ret;
> > +}
> > +
> >  
> >  struct BlockCryptoCreateData {
> >  BlockBackend *blk;
> > @@ -647,6 +666,88 @@ block_crypto_get_specific_info_luks(BlockDriverState 
> > *bs, Error **errp)
> >  return spec_info;
> >  }
> >  
> > +
> > +static int
> > +block_crypto_amend_options(BlockDriverState *bs,
> > +   QemuOpts *opts,
> > +   BlockDriverAmendStatusCB *status_cb,
> > +   void *cb_opaque,
> > +   bool force,
> > +   Error **errp)
> > +{
> > +BlockCrypto *crypto = bs->opaque;
> > +QDict *cryptoopts = NULL;
> > +QCryptoBlockCreateOptions *amend_options = NULL;
> > +int ret;
> > +
> > +assert(crypto);
> > +assert(crypto->block);
> > +
> > +crypto->updating_keys = true;
> > +
> > +ret = bdrv_child_refresh_perms(bs, bs->file, errp);
> > +if (ret) {
> 
> I can;'t remember - does this need to be "ret < 0" or
> does refresh_perms return positive errnos ?
I don't really know but looking at the source the 
bdrv_child_refresh_perms calls the bdrv_child_try_set_perm
which seems to forward only negative error codes,
so I'll do this here as well.
Also an iotest for this is a must, now I remember. 


Best regards,
Maxim Levitsky

Re: [Qemu-devel] [PATCH] migration: Fix postcopy bw for recovery

[Dr. David Alan Gilbert]

* Peter Xu (pet...@redhat.com) wrote:
> We've got max-postcopy-bandwidth parameter but it's not applied
> correctly after a postcopy recovery so the recovered migration stream
> will still eat the whole net bandwidth.  Fix that up.
> 
> Reported-by: Xiaohui Li 
> Signed-off-by: Peter Xu 

Queued

> ---
>  migration/migration.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/migration/migration.c b/migration/migration.c
> index 8b9f2fe30a..b307813aa3 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -3327,7 +3327,8 @@ void migrate_fd_connect(MigrationState *s, Error 
> *error_in)
>  
>  if (resume) {
>  /* This is a resumed migration */
> -rate_limit = INT64_MAX;
> +rate_limit = s->parameters.max_postcopy_bandwidth /
> +XFER_LIMIT_RATIO;
>  } else {
>  /* This is a fresh new migration */
>  rate_limit = s->parameters.max_bandwidth / XFER_LIMIT_RATIO;
> -- 
> 2.21.0
> 
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] TCG plugins and the GPL (was: [PATCH v4 00/54] plugins for TCG)

[Peter Maydell]

On Thu, 12 Sep 2019 at 11:17, Daniel P. Berrangé  wrote:
> I think forcing recompile for each release is reasonable protection
> to make it less atttractive to create license violating closed source
> plugins.

I'm just not sure that a plugin that, for instance, does
"whenever the guest makes a memory access print the address
and data", is in any reasonable sense a derived work of QEMU
that it makes sense to extend the GPL to. We're providing
a convenient introspection interface here, similar to but
different from the way gdbstub lets you introspect guest
binary behaviour, not an arbitrary mechanism for extending
QEMU itself.

thanks
-- PMM

[Qemu-devel] [Bug 1843151] Re: Regression: QEMU 4.1.0 qxl and KMS resoluiton only 4x10

[James Harvey]

Bisection is not going well at all with this code base!

Before your last reply, I started, and the first between 4.0.0 and 4.1.0
is aae6500972 which fails compilation:

==

...
  CC  stubs/pci-host-piix.o
  CC  stubs/ram-block.o
  CC  stubs/ramfb.o
  CC  stubs/fw_cfg.o
  CC  stubs/semihost.o
  CC  qemu-keymap.o
  CC  util/filemonitor-stub.o

Warning, treated as error:
/build/qemu-bisect/src/qemu/docs/interop/bitmaps.rst:202:Could not lex 
literal_block as "json". Highlighting skipped.
  CC  ui/input-keymap.o
  CC  contrib/elf2dmp/main.o
  CC  contrib/elf2dmp/addrspace.o
  CC  contrib/elf2dmp/download.o
  CC  contrib/elf2dmp/pdb.o
  CC  contrib/elf2dmp/qemu_elf.o
  CC  contrib/ivshmem-client/ivshmem-client.o
  CC  contrib/ivshmem-client/main.o
  CC  contrib/ivshmem-server/ivshmem-server.o

==

I tried just marking it as good and hoping it was a more recent
regression, instead of even doing a skip, but efa85a4d1a fails with the
same error.  I double checked that 4.0.0 and 4.1.0 still get past that
spot for me, and they do.

I tried your suggestion, be812c0, but that compiled with this error:

==

  CC  crypto/cipher.o
  CC  crypto/tlscreds.o
  CC  crypto/tlscredsanon.o
/build/qemu-bisect/src/qemu/block/gluster.c: In function 
‘qemu_gluster_co_pwrite_zeroes’:
/build/qemu-bisect/src/qemu/block/gluster.c:994:52: warning: passing argument 4 
of ‘glfs_zerofill_async’ from incompatible pointer type [-Wincompatible-pointer
-types]
  994 | ret = glfs_zerofill_async(s->fd, offset, size, 
gluster_finish_aiocb, );
  |^~~~
  ||
  |void (*)(struct 
glfs_fd *, ssize_t,  void *) {aka void (*)(struct glfs_fd *, long int,  void *)}
In file included from /build/qemu-bisect/src/qemu/block/gluster.c:12:
/usr/include/glusterfs/api/glfs.h:993:73: note: expected ‘glfs_io_cbk’ {aka 
‘void (*)(struct glfs_fd *, long int,  struct glfs_stat *, struct glfs_stat *, 
void
 *)’} but argument is of type ‘void (*)(struct glfs_fd *, ssize_t,  void *)’ 
{aka ‘void (*)(struct glfs_fd *, long int,  void *)’}
  993 | glfs_zerofill_async(glfs_fd_t *fd, off_t length, off_t len, glfs_io_cbk 
fn,
  | 
^~
/build/qemu-bisect/src/qemu/block/gluster.c: In function 
‘qemu_gluster_do_truncate’:
/build/qemu-bisect/src/qemu/block/gluster.c:1035:13: error: too few arguments 
to function ‘glfs_ftruncate’
 1035 | if (glfs_ftruncate(fd, offset)) {
  | ^~
In file included from /build/qemu-bisect/src/qemu/block/gluster.c:12:
/usr/include/glusterfs/api/glfs.h:768:1: note: declared here
  768 | glfs_ftruncate(glfs_fd_t *fd, off_t length, struct glfs_stat *prestat,
  | ^~
/build/qemu-bisect/src/qemu/block/gluster.c:1046:13: error: too few arguments 
to function ‘glfs_ftruncate’
 1046 | if (glfs_ftruncate(fd, offset)) {
  | ^~

==

So, I looked at configure and saw a "--disable-glusterfs" option, and
tried it.  It still failed with:

==

  GEN it.mo
  GEN bg.mo
  GEN fr_FR.mo
  GEN zh_CN.mo
  GEN de_DE.mo
  GEN hu.mo
  GEN tr.mo
for obj in hu.mo tr.mo it.mo bg.mo fr_FR.mo zh_CN.mo de_DE.mo; do \
base=$(basename $obj .mo); \
install -d 
/build/qemu-bisect/pkg/qemu-bisect/usr/share/locale/$base/LC_MESSAGES; \
install -m644 $obj 
/build/qemu-bisect/pkg/qemu-bisect/usr/share/locale/$base/LC_MESSAGES/qemu.mo; \
done
make[1]: Leaving directory '/build/qemu-bisect/src/build-full/po'
install -d -m 0755 "/build/qemu-bisect/pkg/qemu-bisect/usr/share/qemu/keymaps"
set -e; for x in da en-gb  et  fr fr-ch  is  lt  no  pt-br  sv ar  
de en-us  fi  fr-be  hr it  lv  nl pl  ru th de-ch  es 
fo  fr-ca  hu ja  mk  pt  sl tr bepocz; do \
install -c -m 0644 /build/qemu-bisect/src/qemu/pc-bios/keymaps/$x 
"/build/qemu-bisect/pkg/qemu-bisect/usr/share/qemu/keymaps"; \
done
install -c -m 0644 /build/qemu-bisect/src/build-full/trace-events-all 
"/build/qemu-bisect/pkg/qemu-bisect/usr/share/qemu/trace-events-all"
for d in aarch64-softmmu alpha-softmmu arm-softmmu cris-softmmu hppa-softmmu 
i386-softmmu lm32-softmmu m68k-softmmu microblazeel-softmmu microblaze-softmmu 
mips64el-softmmu mips64-softmmu mipsel-softmmu mips-softmmu moxie-softmmu 
nios2-softmmu or1k-softmmu ppc64-softmmu ppc-softmmu riscv32-softmmu 
riscv64-softmmu s390x-softmmu sh4eb-softmmu sh4-softmmu sparc64-softmmu 
sparc-softmmu tricore-softmmu unicore32-softmmu x86_64-softmmu xtensaeb-softmmu 
xtensa-softmmu aarch64_be-linux-user aarch64-linux-user alpha-linux-user 
armeb-linux-user arm-linux-user cris-linux-user hppa-linux-user i386-linux-user 
m68k-linux-user 

Re: [Qemu-devel] [PATCH] nbd/server: attach client channel to the export's AioContext

[Sergio Lopez]

Kevin Wolf  writes:

> Am 11.09.2019 um 23:33 hat Eric Blake geschrieben:
>> On 9/11/19 12:21 PM, Eric Blake wrote:
>> > On 9/11/19 11:15 AM, Sergio Lopez wrote:
>> >> On creation, the export's AioContext is set to the same one as the
>> >> BlockBackend, while the AioContext in the client QIOChannel is left
>> >> untouched.
>> >>
>> >> As a result, when using data-plane, nbd_client_receive_next_request()
>> >> schedules coroutines in the IOThread AioContext, while the client's
>> >> QIOChannel is serviced from the main_loop, potentially triggering the
>> >> assertion at qio_channel_restart_[read|write].
>> >>
>> >> To fix this, as soon we have the export corresponding to the client,
>> >> we call qio_channel_attach_aio_context() to attach the QIOChannel
>> >> context to the export's AioContext. This matches with the logic in
>> >> blk_aio_attached().
>> >>
>> >> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1748253
>> >> Signed-off-by: Sergio Lopez 
>> >> ---
>> >>  nbd/server.c | 2 ++
>> >>  1 file changed, 2 insertions(+)
>> > 
>> > I'd like a second opinion from Kevin, but the description makes sense to
>> > me.  I'm happy to queue this through my NBD tree.
>> > 
>> > Reviewed-by: Eric Blake 
>> 
>> I tried to test this patch, but even with it applied, I still got an
>> aio-context crasher by attempting an nbd-server-start, nbd-server-add,
>> nbd-server-stop (intentionally skipping the nbd-server-remove step) on a
>> domain using iothreads, with a backtrace of:
>> 
>> #0  0x7ff09d070e35 in raise () from target:/lib64/libc.so.6
>> #1  0x7ff09d05b895 in abort () from target:/lib64/libc.so.6
>> #2  0x55dd03b9ab86 in error_exit (err=1, msg=0x55dd03d59fb0
>> <__func__.15769> "qemu_mutex_unlock_impl")
>> at util/qemu-thread-posix.c:36
>> #3  0x55dd03b9adcf in qemu_mutex_unlock_impl (mutex=0x55dd062d5090,
>> file=0x55dd03d59041 "util/async.c",
>> line=523) at util/qemu-thread-posix.c:96
>> #4  0x55dd03b93433 in aio_context_release (ctx=0x55dd062d5030) at
>> util/async.c:523
>> #5  0x55dd03ac421b in bdrv_do_drained_begin (bs=0x55dd0673a2d0,
>> recursive=false, parent=0x0,
>> ignore_bds_parents=false, poll=true) at block/io.c:428
>> #6  0x55dd03ac4299 in bdrv_drained_begin (bs=0x55dd0673a2d0) at
>> block/io.c:434
>> #7  0x55dd03aafb54 in blk_drain (blk=0x55dd06a3ec40) at
>> block/block-backend.c:1605
>> #8  0x55dd03aae054 in blk_remove_bs (blk=0x55dd06a3ec40) at
>> block/block-backend.c:800
>> #9  0x55dd03aad54a in blk_delete (blk=0x55dd06a3ec40) at
>> block/block-backend.c:420
>> #10 0x55dd03aad7d6 in blk_unref (blk=0x55dd06a3ec40) at
>> block/block-backend.c:475
>> #11 0x55dd03aecb68 in nbd_export_put (exp=0x55dd0726f920) at
>> nbd/server.c:1666
>> #12 0x55dd03aec8fe in nbd_export_close (exp=0x55dd0726f920) at
>> nbd/server.c:1616
>> #13 0x55dd03aecbf1 in nbd_export_close_all () at nbd/server.c:1689
>> #14 0x55dd03748845 in qmp_nbd_server_stop (errp=0x7ffcdf3cb4e8) at
>> blockdev-nbd.c:233
>> ...
>> 
>> Does that sound familiar to what you were seeing?  Does it mean we
>> missed another spot where the context is set incorrectly?
>
> I think nbd_export_close_all() or one of the NBD functions called by it
> needs to take the AioContext lock of the associated BlockBackend.
>
> The crash is because AIO_POLL_WHILE() wants to temporarily drop the lock
> that we're not even holding.

Yes, I think locking the context during the "if (exp->blk) {" block at
nbd/server.c:1646 should do the trick.

On the other hand, I wonder if there is any situation in which calling
to blk_unref() without locking the context could be safe. If there isn't
any, perhaps we should assert that the lock is held if blk->ctx != NULL
to catch this kind of bugs earlier?

Sergio.


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v6 22/42] block: Fix bdrv_get_allocated_file_size's fallback

[Kevin Wolf]

Am 11.09.2019 um 13:00 hat Max Reitz geschrieben:
> On 11.09.19 12:31, Kevin Wolf wrote:
> > Am 11.09.2019 um 12:00 hat Max Reitz geschrieben:
> >> So all in all I think it’s best to make the callback mandatory and add
> >> two global helper functions.  That’s simple enough and should prevent
> >> us from making mistakes by forgetting to adjust something in the
> >> future.
> > 
> > Yes, that should work.
> > 
> > We should probably still figure out what the relationship between the
> > child access functions and child roles is, even if we don't need it for
> > this solution. But it feels like an important part of the design.
> 
> Hm.  It feels like something that should be done before this series,
> actually.
> 
> So I think we should add at least a child role per child access function
> so that they match?  And then maybe in bdrv_attach_child() assert that a
> BDS never has more than one primary or filtered child (a filtered child
> acts as a primary child, too), or more than one COW child.  (And that
> these are always in bs->file or bs->backing so the child access
> functions do work.)

Makes sense to me.

Kevin


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-arm] [PATCH 02/13] target/arm/arm-semi: Always set some kind of errno for failed calls

[Alex Bennée]

Peter Maydell  writes:

> On Thu, 12 Sep 2019 at 11:42, Alex Bennée  wrote:
>>
>>
>> Peter Maydell  writes:
>>
>> > If we fail a semihosting call we should always set the
>> > semihosting errno to something; we were failing to do
>> > this for some of the "check inputs for sanity" cases.
>> >
>> > Signed-off-by: Peter Maydell 
>>
>> Reviewed-by: Alex Bennée 
>>
>> although:
>>
>> > ---
>> >  target/arm/arm-semi.c | 45 ++-
>> >  1 file changed, 27 insertions(+), 18 deletions(-)
>> >
>> > diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
>> > index 03e60105c05..51b55816faf 100644
>> > --- a/target/arm/arm-semi.c
>> > +++ b/target/arm/arm-semi.c
>> > @@ -232,11 +232,13 @@ static target_ulong arm_gdb_syscall(ARMCPU *cpu, 
>> > gdb_syscall_complete_cb cb,
>> >  #define GET_ARG(n) do { \
>> >  if (is_a64(env)) {  \
>> >  if (get_user_u64(arg ## n, args + (n) * 8)) {   \
>> > -return -1;  \
>> > +errno = EFAULT; \
>> > +return set_swi_errno(ts, -1);   \
>>
>> This looks a little queasy given ts is NULL for the softmmu version. I
>> wonder (depending on your approach to -smp for 1/13) if we should just
>> pass the ARMCPU down to the helper?
>
> NULL is fine because the softmmu version of set_swi_errno() doesn't
> do anything with it anyway, right?

Yes it's fine - it just looks a little odd when you are reading it.
Given TaskState is derived from CPUState which you always have you could
just pass cs to set_swi_errno and hide the final implementation detail
there depending on if you are softmmu or linux-user.

But it's purely a subjective style thing, not a bug hence the r-b ;-)

--
Alex Bennée

Re: [Qemu-devel] [PATCH 06/13] target/arm/arm-semi: Factor out implementation of SYS_WRITE

[Alex Bennée]

Peter Maydell  writes:

> Factor out the implementation of SYS_WRITE via the
> new function tables.
>
> The #ifdef around the declaration/initialization of the
> local 'env' variable is unfortunate but necessary, because
> the softmmu-semi.h version of lock_user implicitly uses 'env',
> but the user-only version doesn't need it.

heh - one reason I rewrote a local lock_user_string for semihost.c
although of course it only has to worry about the softmmu case as you
don't have re-direct-able char devices in linux-user.

> Without the ifdefs
> we'd get a warning about the unused variable for the user-only
> compilation.
>
> Signed-off-by: Peter Maydell 

Reviewed-by: Alex Bennée 

> ---
>  target/arm/arm-semi.c | 53 ---
>  1 file changed, 35 insertions(+), 18 deletions(-)
>
> diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
> index f3e0bf77cd3..0dec4c04e2f 100644
> --- a/target/arm/arm-semi.c
> +++ b/target/arm/arm-semi.c
> @@ -345,27 +345,61 @@ static target_ulong arm_gdb_syscall(ARMCPU *cpu, 
> gdb_syscall_complete_cb cb,
>   * setting the guest errno if appropriate.
>   */
>  typedef uint32_t sys_closefn(TaskState *ts, ARMCPU *cpu, GuestFD *gf);
> +typedef uint32_t sys_writefn(TaskState *ts, ARMCPU *cpu, GuestFD *gf,
> + target_ulong buf, uint32_t len);
>
>  static uint32_t host_closefn(TaskState *ts, ARMCPU *cpu, GuestFD *gf)
>  {
>  return set_swi_errno(ts, close(gf->hostfd));
>  }
>
> +static uint32_t host_writefn(TaskState *ts, ARMCPU *cpu, GuestFD *gf,
> + target_ulong buf, uint32_t len)
> +{
> +uint32_t ret;
> +#ifndef CONFIG_USER_ONLY
> +CPUARMState *env = >env;
> +#endif
> +char *s = lock_user(VERIFY_READ, buf, len, 1);
> +if (!s) {
> +/* Return bytes not written on error */
> +return len;
> +}
> +ret = set_swi_errno(ts, write(gf->hostfd, s, len));
> +unlock_user(s, buf, 0);
> +if (ret == (uint32_t)-1) {
> +ret = 0;
> +}
> +/* Return bytes not written */
> +return len - ret;
> +}
> +
>  static uint32_t gdb_closefn(TaskState *ts, ARMCPU *cpu, GuestFD *gf)
>  {
>  return arm_gdb_syscall(cpu, arm_semi_cb, "close,%x", gf->hostfd);
>  }
>
> +static uint32_t gdb_writefn(TaskState *ts, ARMCPU *cpu, GuestFD *gf,
> +target_ulong buf, uint32_t len)
> +{
> +arm_semi_syscall_len = len;
> +return arm_gdb_syscall(cpu, arm_semi_cb, "write,%x,%x,%x",
> +   gf->hostfd, buf, len);
> +}
> +
>  typedef struct GuestFDFunctions {
>  sys_closefn *closefn;
> +sys_writefn *writefn;
>  } GuestFDFunctions;
>
>  static const GuestFDFunctions guestfd_fns[] = {
>  [GuestFDHost] = {
>  .closefn = host_closefn,
> +.writefn = host_writefn,
>  },
>  [GuestFDGDB] = {
>  .closefn = gdb_closefn,
> +.writefn = gdb_writefn,
>  },
>  };
>
> @@ -504,24 +538,7 @@ target_ulong do_arm_semihosting(CPUARMState *env)
>  return set_swi_errno(ts, -1);
>  }
>
> -if (use_gdb_syscalls()) {
> -arm_semi_syscall_len = len;
> -return arm_gdb_syscall(cpu, arm_semi_cb, "write,%x,%x,%x",
> -   gf->hostfd, arg1, len);
> -} else {
> -s = lock_user(VERIFY_READ, arg1, len, 1);
> -if (!s) {
> -/* Return bytes not written on error */
> -return len;
> -}
> -ret = set_swi_errno(ts, write(gf->hostfd, s, len));
> -unlock_user(s, arg1, 0);
> -if (ret == (uint32_t)-1) {
> -ret = 0;
> -}
> -/* Return bytes not written */
> -return len - ret;
> -}
> +return guestfd_fns[gf->type].writefn(ts, cpu, gf, arg1, len);
>  case TARGET_SYS_READ:
>  GET_ARG(0);
>  GET_ARG(1);


--
Alex Bennée

Re: [Qemu-devel] [Qemu-arm] [PATCH 07/13] target/arm/arm-semi: Factor out implementation of SYS_READ

[Alex Bennée]

Peter Maydell  writes:

> Factor out the implementation of SYS_READ via the
> new function tables.

"As for SYS_WRITE we need env for lock_user in system emulation."?

>
> Signed-off-by: Peter Maydell 

Either way:

Reviewed-by: Alex Bennée 

> ---
>  target/arm/arm-semi.c | 57 ---
>  1 file changed, 37 insertions(+), 20 deletions(-)
>
> diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
> index 0dec4c04e2f..48a10dd3c3a 100644
> --- a/target/arm/arm-semi.c
> +++ b/target/arm/arm-semi.c
> @@ -347,6 +347,8 @@ static target_ulong arm_gdb_syscall(ARMCPU *cpu, 
> gdb_syscall_complete_cb cb,
>  typedef uint32_t sys_closefn(TaskState *ts, ARMCPU *cpu, GuestFD *gf);
>  typedef uint32_t sys_writefn(TaskState *ts, ARMCPU *cpu, GuestFD *gf,
>   target_ulong buf, uint32_t len);
> +typedef uint32_t sys_readfn(TaskState *ts, ARMCPU *cpu, GuestFD *gf,
> +target_ulong buf, uint32_t len);
>
>  static uint32_t host_closefn(TaskState *ts, ARMCPU *cpu, GuestFD *gf)
>  {
> @@ -374,6 +376,29 @@ static uint32_t host_writefn(TaskState *ts, ARMCPU *cpu, 
> GuestFD *gf,
>  return len - ret;
>  }
>
> +static uint32_t host_readfn(TaskState *ts, ARMCPU *cpu, GuestFD *gf,
> +target_ulong buf, uint32_t len)
> +{
> +uint32_t ret;
> +#ifndef CONFIG_USER_ONLY
> +CPUARMState *env = >env;
> +#endif
> +char *s = lock_user(VERIFY_WRITE, buf, len, 0);
> +if (!s) {
> +/* return bytes not read */
> +return len;
> +}
> +do {
> +ret = set_swi_errno(ts, read(gf->hostfd, s, len));
> +} while (ret == -1 && errno == EINTR);
> +unlock_user(s, buf, len);
> +if (ret == (uint32_t)-1) {
> +ret = 0;
> +}
> +/* Return bytes not read */
> +return len - ret;
> +}
> +
>  static uint32_t gdb_closefn(TaskState *ts, ARMCPU *cpu, GuestFD *gf)
>  {
>  return arm_gdb_syscall(cpu, arm_semi_cb, "close,%x", gf->hostfd);
> @@ -387,19 +412,30 @@ static uint32_t gdb_writefn(TaskState *ts, ARMCPU *cpu, 
> GuestFD *gf,
> gf->hostfd, buf, len);
>  }
>
> +static uint32_t gdb_readfn(TaskState *ts, ARMCPU *cpu, GuestFD *gf,
> +   target_ulong buf, uint32_t len)
> +{
> +arm_semi_syscall_len = len;
> +return arm_gdb_syscall(cpu, arm_semi_cb, "read,%x,%x,%x",
> +   gf->hostfd, buf, len);
> +}
> +
>  typedef struct GuestFDFunctions {
>  sys_closefn *closefn;
>  sys_writefn *writefn;
> +sys_readfn *readfn;
>  } GuestFDFunctions;
>
>  static const GuestFDFunctions guestfd_fns[] = {
>  [GuestFDHost] = {
>  .closefn = host_closefn,
>  .writefn = host_writefn,
> +.readfn = host_readfn,
>  },
>  [GuestFDGDB] = {
>  .closefn = gdb_closefn,
>  .writefn = gdb_writefn,
> +.readfn = gdb_readfn,
>  },
>  };
>
> @@ -551,26 +587,7 @@ target_ulong do_arm_semihosting(CPUARMState *env)
>  return set_swi_errno(ts, -1);
>  }
>
> -if (use_gdb_syscalls()) {
> -arm_semi_syscall_len = len;
> -return arm_gdb_syscall(cpu, arm_semi_cb, "read,%x,%x,%x",
> -   gf->hostfd, arg1, len);
> -} else {
> -s = lock_user(VERIFY_WRITE, arg1, len, 0);
> -if (!s) {
> -/* return bytes not read */
> -return len;
> -}
> -do {
> -ret = set_swi_errno(ts, read(gf->hostfd, s, len));
> -} while (ret == -1 && errno == EINTR);
> -unlock_user(s, arg1, len);
> -if (ret == (uint32_t)-1) {
> -ret = 0;
> -}
> -/* Return bytes not read */
> -return len - ret;
> -}
> +return guestfd_fns[gf->type].readfn(ts, cpu, gf, arg1, len);
>  case TARGET_SYS_READC:
>  qemu_log_mask(LOG_UNIMP, "%s: SYS_READC not implemented", __func__);
>  return 0;


--
Alex Bennée

Re: [Qemu-devel] QEMU as ISS (Instruction Set Simulator)

[Alex Bennée]

Libo Zhou  writes:

> Alex Bennée  writes:
>
>
>> The gdbstub should allow you do full introspection and adding
>> additional registers is fairly easy, see mips_cpu_gdb_read_register function
>> in  target/mips/gdbstub.c.
>
>
>
> Hi Alex and Aleksandar,
>
>
> Now I can connect gdb to qemu successfully. And I can use this command
> to show all the register contents in a gdb session.

You will need to update gdb-xml/$ARCH.xml and the appropriate
arch_read/write register functions in gdbstub.

Alternatively look at commits:

  commit 200bf5b7ffea635079cc05fdfb363372b9544ce7
  Author: Abdallah Bouassida 
  commit 9c513e786d85cc58b8ba56a482566f759e0835b6
  Author: Abdallah Bouassida 
  commit 1f16378718fa87d63f70d0797f4546a88d8e3dd7
  Author: Abdallah Bouassida 

Where Abdallah added a dynamic xml generation to expose all the ARM
system registers to gdbstub. The details may be different for the MIPS
backend but from the gdbstub point of view its the same. Provide a
system description in xml and the arch specific helpers to get and set
the values.

>
>
> (gdb) layout regs
>
>
> However, I will need to add some more registers to the CPU. Does adding new 
> registers in gdbstub.c also show the new registers in the TUI?
> I doubt it because when I modified the regnames[] in translate.c, the 
> registers' names didn't change in gdb.
>
>
>
> Cheers,
> Libo
>
>
>
>> Alex Bennée


--
Alex Bennée

Re: [Qemu-devel] [Qemu-arm] [PATCH 04/13] target/arm/arm-semi: clean up TaskState* usage in non-user-only code

[Alex Bennée]

Peter Maydell  writes:

> The semihosting code has to build for both user-only and softmmu;
> for user-only it needs access to the TaskState struct that holds
> per-thread information. For softmmu we don't need it.
>
> Currently the softmmu set_swi_errno() takes a CPUARMState *,
> which it doesn't use, and the 'ts' variable in do_arm_semihosting()
> is set to either be a TaskState* or a CPUARMState* depending on
> whether CONFIG_USER_ONLY is set, so that the callsite always
> passes 'ts'. Since we don't actually need the CPUARMState *,
> we can instead make set_swi_errno() always take a TaskState*,
> by providing a local-to-this-file dummy typedef for the softmmu
> case and setting ts to NULL for softmmu.
>
> This will make it easier to have other functions which pass
> through the TaskState*, because now they can have the same
> prototype regardless of whether they're CONFIG_USER_ONLY or not.
>
> Signed-off-by: Peter Maydell 
> ---
>  target/arm/arm-semi.c | 48 ---
>  1 file changed, 27 insertions(+), 21 deletions(-)
>
> diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
> index 05491bf5248..ce3ba554bef 100644
> --- a/target/arm/arm-semi.c
> +++ b/target/arm/arm-semi.c
> @@ -36,6 +36,13 @@
>  #else
>  #include "exec/gdbstub.h"
>  #include "qemu/cutils.h"
> +
> +/*
> + * Dummy typedef so that we can have functions that take
> + * a TaskState* even if we're building for softmmu; in that
> + * case the argument will always be NULL.
> + */
> +typedef void TaskState;
>  #endif
>
>  #define TARGET_SYS_OPEN0x01
> @@ -213,27 +220,24 @@ static GuestFD *get_guestfd(int guestfd)
>  return gf;
>  }
>
> -#ifdef CONFIG_USER_ONLY
> -static inline uint32_t set_swi_errno(TaskState *ts, uint32_t code)
> -{
> -if (code == (uint32_t)-1)
> -ts->swi_errno = errno;
> -return code;
> -}
> -#else
> +#ifndef CONFIG_USER_ONLY
>  static target_ulong syscall_err;
>
> -static inline uint32_t set_swi_errno(CPUARMState *env, uint32_t code)
> -{
> -if (code == (uint32_t)-1) {
> -syscall_err = errno;
> -}
> -return code;
> -}
> -
>  #include "exec/softmmu-semi.h"
>  #endif
>
> +static inline uint32_t set_swi_errno(TaskState *ts, uint32_t code)
> +{
> +if (code == (uint32_t)-1) {
> +#ifdef CONFIG_USER_ONLY
> +ts->swi_errno = errno;
> +#else
> +syscall_err = errno;
> +#endif
> +}
> +return code;
> +}
> +
>  static target_ulong arm_semi_syscall_len;
>
>  static void arm_semi_cb(CPUState *cs, target_ulong ret, target_ulong err)
> @@ -374,13 +378,15 @@ target_ulong do_arm_semihosting(CPUARMState *env)
>  int nr;
>  uint32_t ret;
>  uint32_t len;
> -#ifdef CONFIG_USER_ONLY
> -TaskState *ts = cs->opaque;
> -#else
> -CPUARMState *ts = env;
> -#endif
> +TaskState *ts;
>  GuestFD *gf;
>
> +#ifdef CONFIG_USER_ONLY
> +ts = cs->opaque;
> +#else
> +ts = NULL;
> +#endif

Why not pass cs to set_swi_errno and deal with all the differences in
the helper?

> +
>  if (is_a64(env)) {
>  /* Note that the syscall number is in W0, not X0 */
>  nr = env->xregs[0] & 0xU;


--
Alex Bennée

Re: [Qemu-devel] [PATCH 09/13] target/arm/arm-semi: Factor out implementation of SYS_SEEK

[Alex Bennée]

Peter Maydell  writes:

> Factor out the implementation of SYS_SEEK via the new function
> tables.
>
> Signed-off-by: Peter Maydell 

Reviewed-by: Alex Bennée 

> ---
>  target/arm/arm-semi.c | 32 +++-
>  1 file changed, 23 insertions(+), 9 deletions(-)
>
> diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
> index 64ed39fc075..c548ce849e7 100644
> --- a/target/arm/arm-semi.c
> +++ b/target/arm/arm-semi.c
> @@ -350,6 +350,8 @@ typedef uint32_t sys_writefn(TaskState *ts, ARMCPU *cpu, 
> GuestFD *gf,
>  typedef uint32_t sys_readfn(TaskState *ts, ARMCPU *cpu, GuestFD *gf,
>  target_ulong buf, uint32_t len);
>  typedef uint32_t sys_isattyfn(TaskState *ts, ARMCPU *cpu, GuestFD *gf);
> +typedef uint32_t sys_seekfn(TaskState *ts, ARMCPU *cpu, GuestFD *gf,
> +target_ulong offset);
>
>  static uint32_t host_closefn(TaskState *ts, ARMCPU *cpu, GuestFD *gf)
>  {
> @@ -405,6 +407,16 @@ static uint32_t host_isattyfn(TaskState *ts, ARMCPU 
> *cpu, GuestFD *gf)
>  return isatty(gf->hostfd);
>  }
>
> +static uint32_t host_seekfn(TaskState *ts, ARMCPU *cpu, GuestFD *gf,
> +target_ulong offset)
> +{
> +uint32_t ret = set_swi_errno(ts, lseek(gf->hostfd, offset, SEEK_SET));
> +if (ret == (uint32_t)-1) {
> +return -1;
> +}
> +return 0;
> +}
> +
>  static uint32_t gdb_closefn(TaskState *ts, ARMCPU *cpu, GuestFD *gf)
>  {
>  return arm_gdb_syscall(cpu, arm_semi_cb, "close,%x", gf->hostfd);
> @@ -431,11 +443,19 @@ static uint32_t gdb_isattyfn(TaskState *ts, ARMCPU 
> *cpu, GuestFD *gf)
>  return arm_gdb_syscall(cpu, arm_semi_cb, "isatty,%x", gf->hostfd);
>  }
>
> +static uint32_t gdb_seekfn(TaskState *ts, ARMCPU *cpu, GuestFD *gf,
> +   target_ulong offset)
> +{
> +return arm_gdb_syscall(cpu, arm_semi_cb, "lseek,%x,%x,0",
> +   gf->hostfd, offset);
> +}
> +
>  typedef struct GuestFDFunctions {
>  sys_closefn *closefn;
>  sys_writefn *writefn;
>  sys_readfn *readfn;
>  sys_isattyfn *isattyfn;
> +sys_seekfn *seekfn;
>  } GuestFDFunctions;
>
>  static const GuestFDFunctions guestfd_fns[] = {
> @@ -444,12 +464,14 @@ static const GuestFDFunctions guestfd_fns[] = {
>  .writefn = host_writefn,
>  .readfn = host_readfn,
>  .isattyfn = host_isattyfn,
> +.seekfn = host_seekfn,
>  },
>  [GuestFDGDB] = {
>  .closefn = gdb_closefn,
>  .writefn = gdb_writefn,
>  .readfn = gdb_readfn,
>  .isattyfn = gdb_isattyfn,
> +.seekfn = gdb_seekfn,
>  },
>  };
>
> @@ -625,15 +647,7 @@ target_ulong do_arm_semihosting(CPUARMState *env)
>  return set_swi_errno(ts, -1);
>  }
>
> -if (use_gdb_syscalls()) {
> -return arm_gdb_syscall(cpu, arm_semi_cb, "lseek,%x,%x,0",
> -   gf->hostfd, arg1);
> -} else {
> -ret = set_swi_errno(ts, lseek(gf->hostfd, arg1, SEEK_SET));
> -if (ret == (uint32_t)-1)
> -  return -1;
> -return 0;
> -}
> +return guestfd_fns[gf->type].seekfn(ts, cpu, gf, arg1);
>  case TARGET_SYS_FLEN:
>  GET_ARG(0);


--
Alex Bennée

Re: [Qemu-devel] [PATCH v2 13/13] qcrypto-luks: implement more rigorous header checking

[Maxim Levitsky]

On Fri, 2019-09-06 at 14:34 +0100, Daniel P. Berrangé wrote:
> On Mon, Aug 26, 2019 at 04:51:03PM +0300, Maxim Levitsky wrote:
> > Check that keyslots don't overlap with the data,
> > and check that keyslots don't overlap with each other.
> > (this is done using naive O(n^2) nested loops,
> > but since there are just 8 keyslots, this doesn't really matter.
> > 
> > Signed-off-by: Maxim Levitsky 
> > ---
> >  crypto/block-luks.c | 46 +++--
> >  1 file changed, 44 insertions(+), 2 deletions(-)
> > 
> > diff --git a/crypto/block-luks.c b/crypto/block-luks.c
> > index db0fb764b4..fdf4c41f8a 100644
> > --- a/crypto/block-luks.c
> > +++ b/crypto/block-luks.c
> > @@ -541,12 +541,12 @@ fail:
> >  static int
> >  qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
> >  {
> > -int ret;
> > +int ret = -EINVAL;
> 
> As before, no need to use errnos, just return -1 immediately.
> 
> > +size_t i, j;
> >  
> >  if (memcmp(luks->header.magic, qcrypto_block_luks_magic,
> > QCRYPTO_BLOCK_LUKS_MAGIC_LEN) != 0) {
> >  error_setg(errp, "Volume is not in LUKS format");
> > -ret = -EINVAL;
> >  goto fail;
> >  }
> >  
> > @@ -557,6 +557,48 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS 
> > *luks, Error **errp)
> >  goto fail;
> >  }
> >  
> > +/* Check all keyslots for corruption  */
> > +for (i = 0 ; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS ; i++) {
> > +
> > +const QCryptoBlockLUKSKeySlot *slot1 = >header.key_slots[i];
> > +unsigned int start1 = slot1->key_offset_sector;
> > +unsigned int len1 =
> > +qcrypto_block_luks_splitkeylen_sectors(luks, slot1->stripes);
> > +
> > +if (slot1->stripes == 0) {
> > +error_setg(errp, "Keyslot %zu is corrupted (stripes == 0)", i);
> > +goto fail;
> > +}
> 
> How about checking stripes != QCRYPTO_BLOCK_LUKS_STRIPES because
> AFAIR, you're required to use 4k stripes in luks v1.
I see that spec does allow for user defined number of stripes.

> 
> Also how about  checkingiters >= MIN_SLOT_KEY_ITERS
Also this is only a suggested minimum

> 
> > +
> > +if (slot1->active != QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED &&
> > +slot1->active != QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED) {
> 
> Align the two lines with (
Done
> 
> > +error_setg(errp,
> > +   "Keyslot %zu state (active/disable) is corrupted", 
> > i);
> > +goto fail;
> > +}
> > +
> > +if (start1 + len1 > luks->header.payload_offset_sector) {
> > +error_setg(errp,
> > +   "Keyslot %zu is overlapping with the encrypted 
> > payload",
> > +   i);
> > +goto fail;
> > +}
> > +
> > +for (j = i + 1 ; j < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS ; j++) {
> > +const QCryptoBlockLUKSKeySlot *slot2 = 
> > >header.key_slots[j];
> > +unsigned int start2 = slot2->key_offset_sector;
> > +unsigned int len2 =
> > +qcrypto_block_luks_splitkeylen_sectors(luks, 
> > slot2->stripes);
> > +
> > +if (start1 + len1 > start2 && start2 + len2 > start1) {
> > +error_setg(errp,
> > +   "Keyslots %zu and %zu are overlapping in the 
> > header",
> > +   i, j);
> > +goto fail;
> > +}
> > +}
> > +
> > +}
> >  return 0;
> >  fail:
> >  return ret;
> > -- 
> > 2.17.2
> > 
> 
> Regards,
> Daniel

Best regards,
Maxim Levitsky

Re: [Qemu-devel] TCG plugins and the GPL (was: [PATCH v4 00/54] plugins for TCG)

[Alex Bennée]

Markus Armbruster  writes:

> Alex Bennée  writes:
>
>> Markus Armbruster  writes:
> [...]
>>> Please advise why TCG plugins don't undermine the GPL.  Any proposal to
>>> add a plugin interface needs to do that.
>>
>> I'm not sure what we can say about this apart from "ask your lawyer".
>
> I'm not asking for a legal argument, I'm asking for a pragmatic one.
>
>> I'm certainly not proposing we add any sort of language about what
>> should and shouldn't be allowed to use the plugin interface. I find it
>> hard to see how anyone could argue code written to interface with the
>> plugin API couldn't be considered a derived work.
>
> What makes that so?  Is writing a plugin without linking with QEMU code
> impractical?

The way a plugin works is by linking. The plugin itself would be useless
unless combined with the QEMU code to do its thing. It is a more
intimate binding than an IPC interface using some sort of protocol. The
argument goes that pretty much any kernel module is derived code - but
again it has never really been litigated in the courts which would be
the people to set the precedent.

>
>> There are two use cases I have in mind:
>>
>> The first is FLOSS developers writing interesting tools that can take
>> advantage of QEMU's control of the system to do experiments that are
>> tricky with other setups (Valgrind is limited to same-arch, Dynamo/Pin
>> are user-space only). I want these experiments to be easy to do without
>> having to keep hacking and re-hacking QEMU's core code. I would hope
>> QEMU developers would up-stream theirs into the QEMU source tree but I
>> can imagine academics will have open source code that will only ever sit
>> in their paper's repository.
>
> GPL'ed code that's not for upstream is 100% legitimate.
>
>> The other is users who currently maintain hacked up internal copies of
>> QEMU as a test bed for whatever piece of silicon they are brewing behind
>> closed doors. This code would never be distributed (hence never be a GPL
>> issue)
>
> Correct.  We can't force anybody to distribute, and that's only proper.
>
>>and is generally kept private because it's IP sensitive
>> (e.g: experimenting with different cache models). If we can provide an
>> interface that allows them to keep their experiments private and
>> separate from changes to the core code then maybe apart from making
>> their lives a bit easier we will see some non-IP sensitive contributions
>> come back to the upstream. I live in hope ;-)
>
> I'm concerned about a third case: imlementing stuff as a plugin so you
> can distribute it with a GPL-incompatible license.  Particularly
> pernicious when that stuff could be useful upstream.

If someone were to do that it would depend on a copyright holder (i.e.
one of us) being willing to challenge that licensing. AIUI GCC used
additional language in the runtime exception clause:

  https://www.gnu.org/licenses/gcc-exception-3.1.html

which only allows use of the runtime exception if the code has gone
through GPL compatible code:

  A Compilation Process is "Eligible" if it is done using GCC, alone or
  with other GPL-compatible software, or if it is done without using any
  work based on GCC. For example, using non-GPL-compatible Software to
  optimize any GCC intermediate representations would not qualify as an
  Eligible Compilation Process.

> Are there any technical difficulties that could make distributing a
> plugins in binary form impractical?

Well the first thing will be we are not intending to offer a guaranteed
ABI. While we don't want to be changing it at a whim there shouldn't be
an expectation that the plugin interface will maintain backwards
compatibility (unlike the command line interface ;-). There should be an
expectation that plugins will likely need to be rebuilt against the
current source tree from time to time.

We could implement a more technical measure analogous to the kernels
module signing that would require the plugin to be rebuilt with
reference to the current QEMU source tree although that will be a pain
even for internally distributed blobs. I'm loathed to implement such a
system from v1 though given the problem of publicly distributed binary
blobs is currently only a theoretical problem.

--
Alex Bennée

Re: [Qemu-devel] [RFC v2 3/3] virt: Check KVM_CAP_ARM_IRQ_LINE_LAYOUT_2 for smp_cpus > 256

[Peter Maydell]

On Thu, 12 Sep 2019 at 09:57, Auger Eric  wrote:
>
> Hi Peter,
> On 9/12/19 10:42 AM, Peter Maydell wrote:

> > Is there really no place to put this check in common code?

> Not sure what you mean by common code here? Do you mean in a common code
> for ARM machines (I don't think we have any atm) or directly in
> kvm_init(). I did not want to pollute this latter with this ARM specific
> fix.

I'd just rather we didn't have to have the same "if ..." check
in every arm board that supports KVM.

If kvm_init() happens at a point where we have enough info to
make the check, then you can put the check in kvm_arch_init(),
which is the architecture-specific hook that kvm_init() calls.

thanks
-- PMM

[Qemu-devel] [PATCH 02/12] qcrypto-luks: rename some fields in QCryptoBlockLUKSHeader

[Maxim Levitsky]

* key_bytes -> master_key_len
* payload_offset = payload_offset_sector (to emphasise that this isn't byte 
offset)
* key_offset -> key_offset_sector - same as above for luks slots

Signed-off-by: Maxim Levitsky 
Reviewed-by: Daniel P. Berrangé 
---
 crypto/block-luks.c | 91 +++--
 1 file changed, 47 insertions(+), 44 deletions(-)

diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 743949adbf..f12fa2d270 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -143,7 +143,7 @@ struct QCryptoBlockLUKSKeySlot {
 /* salt for PBKDF2 */
 uint8_t salt[QCRYPTO_BLOCK_LUKS_SALT_LEN];
 /* start sector of key material */
-uint32_t key_offset;
+uint32_t key_offset_sector;
 /* number of anti-forensic stripes */
 uint32_t stripes;
 };
@@ -172,10 +172,10 @@ struct QCryptoBlockLUKSHeader {
 char hash_spec[QCRYPTO_BLOCK_LUKS_HASH_SPEC_LEN];
 
 /* start offset of the volume data (in 512 byte sectors) */
-uint32_t payload_offset;
+uint32_t payload_offset_sector;
 
 /* Number of key bytes */
-uint32_t key_bytes;
+uint32_t master_key_len;
 
 /* master key checksum after PBKDF2 */
 uint8_t master_key_digest[QCRYPTO_BLOCK_LUKS_DIGEST_LEN];
@@ -466,7 +466,7 @@ qcrypto_block_luks_load_key(QCryptoBlock *block,
  * then encrypted.
  */
 rv = readfunc(block,
-  slot->key_offset * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE,
+  slot->key_offset_sector * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE,
   splitkey, splitkeylen,
   opaque,
   errp);
@@ -584,8 +584,8 @@ qcrypto_block_luks_find_key(QCryptoBlock *block,
 size_t i;
 int rv;
 
-*masterkey = g_new0(uint8_t, luks->header.key_bytes);
-*masterkeylen = luks->header.key_bytes;
+*masterkey = g_new0(uint8_t, luks->header.master_key_len);
+*masterkeylen = luks->header.master_key_len;
 
 for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
 rv = qcrypto_block_luks_load_key(block,
@@ -677,14 +677,14 @@ qcrypto_block_luks_open(QCryptoBlock *block,
 /* The header is always stored in big-endian format, so
  * convert everything to native */
 be16_to_cpus(>header.version);
-be32_to_cpus(>header.payload_offset);
-be32_to_cpus(>header.key_bytes);
+be32_to_cpus(>header.payload_offset_sector);
+be32_to_cpus(>header.master_key_len);
 be32_to_cpus(>header.master_key_iterations);
 
 for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
 be32_to_cpus(>header.key_slots[i].active);
 be32_to_cpus(>header.key_slots[i].iterations);
-be32_to_cpus(>header.key_slots[i].key_offset);
+be32_to_cpus(>header.key_slots[i].key_offset_sector);
 be32_to_cpus(>header.key_slots[i].stripes);
 }
 
@@ -743,10 +743,11 @@ qcrypto_block_luks_open(QCryptoBlock *block,
 goto fail;
 }
 
-cipheralg = qcrypto_block_luks_cipher_name_lookup(luks->header.cipher_name,
-  ciphermode,
-  luks->header.key_bytes,
-  _err);
+cipheralg =
+qcrypto_block_luks_cipher_name_lookup(luks->header.cipher_name,
+  ciphermode,
+  luks->header.master_key_len,
+  _err);
 if (local_err) {
 ret = -ENOTSUP;
 error_propagate(errp, local_err);
@@ -838,7 +839,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
 }
 
 block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
-block->payload_offset = luks->header.payload_offset *
+block->payload_offset = luks->header.payload_offset_sector *
 block->sector_size;
 
 luks->cipher_alg = cipheralg;
@@ -993,9 +994,11 @@ qcrypto_block_luks_create(QCryptoBlock *block,
 strcpy(luks->header.cipher_mode, cipher_mode_spec);
 strcpy(luks->header.hash_spec, hash_alg);
 
-luks->header.key_bytes = qcrypto_cipher_get_key_len(luks_opts.cipher_alg);
+luks->header.master_key_len =
+qcrypto_cipher_get_key_len(luks_opts.cipher_alg);
+
 if (luks_opts.cipher_mode == QCRYPTO_CIPHER_MODE_XTS) {
-luks->header.key_bytes *= 2;
+luks->header.master_key_len *= 2;
 }
 
 /* Generate the salt used for hashing the master key
@@ -1008,9 +1011,9 @@ qcrypto_block_luks_create(QCryptoBlock *block,
 }
 
 /* Generate random master key */
-masterkey = g_new0(uint8_t, luks->header.key_bytes);
+masterkey = g_new0(uint8_t, luks->header.master_key_len);
 if (qcrypto_random_bytes(masterkey,
- luks->header.key_bytes, errp) < 0) {
+ luks->header.master_key_len, errp) < 0) {
 goto error;
 }
 
@@ -1018,7 +1021,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
 /* 

[Qemu-devel] [PATCH 09/12] qcrypto-luks: extract check and parse header

[Maxim Levitsky]

This is just to make qcrypto_block_luks_open more
reasonable in size.

Signed-off-by: Maxim Levitsky 
---
 crypto/block-luks.c | 235 
 1 file changed, 127 insertions(+), 108 deletions(-)

diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index c3f3488222..24c1da3739 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -500,6 +500,129 @@ qcrypto_block_luks_load_header(QCryptoBlock *block,
 return 0;
 }
 
+/*
+ * Does basic sanity checks on the LUKS header
+ */
+static int
+qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
+{
+if (memcmp(luks->header.magic, qcrypto_block_luks_magic,
+   QCRYPTO_BLOCK_LUKS_MAGIC_LEN) != 0) {
+error_setg(errp, "Volume is not in LUKS format");
+return -1;
+}
+
+if (luks->header.version != QCRYPTO_BLOCK_LUKS_VERSION) {
+error_setg(errp, "LUKS version %" PRIu32 " is not supported",
+   luks->header.version);
+return -1;
+}
+return 0;
+}
+
+/*
+ * Parses the crypto parameters that are stored in the LUKS header
+ */
+
+static int
+qcrypto_block_luks_parse_header(QCryptoBlockLUKS *luks, Error **errp)
+{
+g_autofree char *cipher_mode = g_strdup(luks->header.cipher_mode);
+char *ivgen_name, *ivhash_name;
+Error *local_err = NULL;
+
+/*
+ * The cipher_mode header contains a string that we have
+ * to further parse, of the format
+ *
+ *-[:]
+ *
+ * eg  cbc-essiv:sha256, cbc-plain64
+ */
+ivgen_name = strchr(cipher_mode, '-');
+if (!ivgen_name) {
+error_setg(errp, "Unexpected cipher mode string format %s",
+   luks->header.cipher_mode);
+return -1;
+}
+*ivgen_name = '\0';
+ivgen_name++;
+
+ivhash_name = strchr(ivgen_name, ':');
+if (!ivhash_name) {
+luks->ivgen_hash_alg = 0;
+} else {
+*ivhash_name = '\0';
+ivhash_name++;
+
+luks->ivgen_hash_alg = qcrypto_block_luks_hash_name_lookup(ivhash_name,
+   _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return -1;
+}
+}
+
+luks->cipher_mode = qcrypto_block_luks_cipher_mode_lookup(cipher_mode,
+  _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return -1;
+}
+
+luks->cipher_alg =
+qcrypto_block_luks_cipher_name_lookup(luks->header.cipher_name,
+  luks->cipher_mode,
+  luks->header.master_key_len,
+  _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return -1;
+}
+
+luks->hash_alg =
+qcrypto_block_luks_hash_name_lookup(luks->header.hash_spec,
+_err);
+if (local_err) {
+error_propagate(errp, local_err);
+return -1;
+}
+
+luks->ivgen_alg = qcrypto_block_luks_ivgen_name_lookup(ivgen_name,
+   _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return -1;
+}
+
+if (luks->ivgen_alg == QCRYPTO_IVGEN_ALG_ESSIV) {
+if (!ivhash_name) {
+error_setg(errp, "Missing IV generator hash specification");
+return -1;
+}
+luks->ivgen_cipher_alg =
+qcrypto_block_luks_essiv_cipher(luks->cipher_alg,
+luks->ivgen_hash_alg,
+_err);
+if (local_err) {
+error_propagate(errp, local_err);
+return -1;
+}
+} else {
+
+/*
+ * Note we parsed the ivhash_name earlier in the cipher_mode
+ * spec string even with plain/plain64 ivgens, but we
+ * will ignore it, since it is irrelevant for these ivgens.
+ * This is for compat with dm-crypt which will silently
+ * ignore hash names with these ivgens rather than report
+ * an error about the invalid usage
+ */
+luks->ivgen_cipher_alg = luks->cipher_alg;
+}
+return 0;
+}
+
 /*
  * Given a key slot, and user password, this will attempt to unlock
  * the master encryption key from the key slot.
@@ -712,12 +835,9 @@ qcrypto_block_luks_open(QCryptoBlock *block,
 Error **errp)
 {
 QCryptoBlockLUKS *luks = NULL;
-Error *local_err = NULL;
 int ret = 0;
 g_autofree uint8_t *masterkey = NULL;
-char *ivgen_name, *ivhash_name;
 g_autofree char *password = NULL;
-g_autofree char *cipher_mode = NULL;
 
 if (!(flags & QCRYPTO_BLOCK_OPEN_NO_IO)) {
 if (!options->u.luks.key_secret) {
@@ -741,117 +861,16 @@ 

[Qemu-devel] [PATCH 10/12] qcrypto-luks: extract store key function

[Maxim Levitsky]

This function will be used later to store
new keys to the luks metadata

Signed-off-by: Maxim Levitsky 
---
 crypto/block-luks.c | 304 ++--
 1 file changed, 181 insertions(+), 123 deletions(-)

diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 24c1da3739..c6045da33e 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -623,6 +623,176 @@ qcrypto_block_luks_parse_header(QCryptoBlockLUKS *luks, 
Error **errp)
 return 0;
 }
 
+/*
+ * Given a key slot,  user password, and the master key,
+ * will store the encrypted master key there, and update the
+ * in-memory header. User must then write the in-memory header
+ *
+ * Returns:
+ *0 if the keyslot was written successfully
+ *  with the provided password
+ *   -1 if a fatal error occurred while storing the key
+ */
+static int
+qcrypto_block_luks_store_key(QCryptoBlock *block,
+ unsigned int slot_idx,
+ const char *password,
+ uint8_t *masterkey,
+ uint64_t iter_time,
+ QCryptoBlockWriteFunc writefunc,
+ void *opaque,
+ Error **errp)
+{
+QCryptoBlockLUKS *luks = block->opaque;
+QCryptoBlockLUKSKeySlot *slot = >header.key_slots[slot_idx];
+g_autofree uint8_t *splitkey = NULL;
+size_t splitkeylen;
+g_autofree uint8_t *slotkey = NULL;
+g_autoptr(QCryptoCipher) cipher = NULL;
+g_autoptr(QCryptoIVGen) ivgen = NULL;
+Error *local_err = NULL;
+uint64_t iters;
+int ret = -1;
+
+if (qcrypto_random_bytes(slot->salt,
+ QCRYPTO_BLOCK_LUKS_SALT_LEN,
+ errp) < 0) {
+goto cleanup;
+}
+
+splitkeylen = luks->header.master_key_len * slot->stripes;
+
+/*
+ * Determine how many iterations are required to
+ * hash the user password while consuming 1 second of compute
+ * time
+ */
+iters = qcrypto_pbkdf2_count_iters(luks->hash_alg,
+   (uint8_t *)password, strlen(password),
+   slot->salt,
+   QCRYPTO_BLOCK_LUKS_SALT_LEN,
+   luks->header.master_key_len,
+   _err);
+if (local_err) {
+error_propagate(errp, local_err);
+goto cleanup;
+}
+
+if (iters > (ULLONG_MAX / iter_time)) {
+error_setg_errno(errp, ERANGE,
+ "PBKDF iterations %llu too large to scale",
+ (unsigned long long)iters);
+goto cleanup;
+}
+
+/* iter_time was in millis, but count_iters reported for secs */
+iters = iters * iter_time / 1000;
+
+if (iters > UINT32_MAX) {
+error_setg_errno(errp, ERANGE,
+ "PBKDF iterations %llu larger than %u",
+ (unsigned long long)iters, UINT32_MAX);
+goto cleanup;
+}
+
+slot->iterations =
+MAX(iters, QCRYPTO_BLOCK_LUKS_MIN_SLOT_KEY_ITERS);
+
+
+/*
+ * Generate a key that we'll use to encrypt the master
+ * key, from the user's password
+ */
+slotkey = g_new0(uint8_t, luks->header.master_key_len);
+if (qcrypto_pbkdf2(luks->hash_alg,
+   (uint8_t *)password, strlen(password),
+   slot->salt,
+   QCRYPTO_BLOCK_LUKS_SALT_LEN,
+   slot->iterations,
+   slotkey, luks->header.master_key_len,
+   errp) < 0) {
+goto cleanup;
+}
+
+
+/*
+ * Setup the encryption objects needed to encrypt the
+ * master key material
+ */
+cipher = qcrypto_cipher_new(luks->cipher_alg,
+luks->cipher_mode,
+slotkey, luks->header.master_key_len,
+errp);
+if (!cipher) {
+goto cleanup;
+}
+
+ivgen = qcrypto_ivgen_new(luks->ivgen_alg,
+  luks->ivgen_cipher_alg,
+  luks->ivgen_hash_alg,
+  slotkey, luks->header.master_key_len,
+  errp);
+if (!ivgen) {
+goto cleanup;
+}
+
+/*
+ * Before storing the master key, we need to vastly
+ * increase its size, as protection against forensic
+ * disk data recovery
+ */
+splitkey = g_new0(uint8_t, splitkeylen);
+
+if (qcrypto_afsplit_encode(luks->hash_alg,
+   luks->header.master_key_len,
+   slot->stripes,
+   masterkey,
+   splitkey,
+   errp) < 0) {
+goto cleanup;
+}
+
+/*
+ * Now we encrypt the split master key with the key 

[Qemu-devel] [PATCH 12/12] qcrypto-luks: more rigorous header checking

[Maxim Levitsky]

Check that keyslots don't overlap with the data,
and check that keyslots don't overlap with each other.
(this is done using naive O(n^2) nested loops,
but since there are just 8 keyslots, this doesn't really matter.

Signed-off-by: Maxim Levitsky 
---
 crypto/block-luks.c | 52 +
 1 file changed, 52 insertions(+)

diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 0d155c6614..6c53bdc428 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -530,6 +530,11 @@ qcrypto_block_luks_load_header(QCryptoBlock *block,
 static int
 qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
 {
+size_t i, j;
+
+unsigned int header_sectors = QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
+QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
+
 if (memcmp(luks->header.magic, qcrypto_block_luks_magic,
QCRYPTO_BLOCK_LUKS_MAGIC_LEN) != 0) {
 error_setg(errp, "Volume is not in LUKS format");
@@ -541,6 +546,53 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS 
*luks, Error **errp)
luks->header.version);
 return -1;
 }
+
+/* Check all keyslots for corruption  */
+for (i = 0 ; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS ; i++) {
+
+const QCryptoBlockLUKSKeySlot *slot1 = >header.key_slots[i];
+unsigned int start1 = slot1->key_offset_sector;
+unsigned int len1 =
+qcrypto_block_luks_splitkeylen_sectors(luks,
+   header_sectors,
+   slot1->stripes);
+
+if (slot1->stripes == 0) {
+error_setg(errp, "Keyslot %zu is corrupted (stripes == 0)", i);
+return -1;
+}
+
+if (slot1->active != QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED &&
+slot1->active != QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED) {
+error_setg(errp,
+   "Keyslot %zu state (active/disable) is corrupted", i);
+return -1;
+}
+
+if (start1 + len1 > luks->header.payload_offset_sector) {
+error_setg(errp,
+   "Keyslot %zu is overlapping with the encrypted payload",
+   i);
+return -1;
+}
+
+for (j = i + 1 ; j < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS ; j++) {
+const QCryptoBlockLUKSKeySlot *slot2 = >header.key_slots[j];
+unsigned int start2 = slot2->key_offset_sector;
+unsigned int len2 =
+qcrypto_block_luks_splitkeylen_sectors(luks,
+   header_sectors,
+   slot2->stripes);
+
+if (start1 + len1 > start2 && start2 + len2 > start1) {
+error_setg(errp,
+   "Keyslots %zu and %zu are overlapping in the 
header",
+   i, j);
+return -1;
+}
+}
+
+}
 return 0;
 }
 
-- 
2.17.2

[Qemu-devel] [PATCH v3 1/4] hw/ppc/pnv_xscom: retrieve homer/occ base address from PBA BARs

[Balamuruhan S]

During PowerNV boot skiboot populates the device tree by
retrieving base address of homer/occ common area from
PBA BARs and prd ipoll mask by accessing xscom read/write
accesses.

Reviewed-by: Cédric Le Goater 
Signed-off-by: Balamuruhan S 
---
 hw/ppc/pnv_xscom.c   | 34 ++
 include/hw/ppc/pnv.h | 18 ++
 2 files changed, 48 insertions(+), 4 deletions(-)

diff --git a/hw/ppc/pnv_xscom.c b/hw/ppc/pnv_xscom.c
index 67aab98fef..f01d788a65 100644
--- a/hw/ppc/pnv_xscom.c
+++ b/hw/ppc/pnv_xscom.c
@@ -36,6 +36,16 @@
 #define PRD_P9_IPOLL_REG_MASK   0x000F0033
 #define PRD_P9_IPOLL_REG_STATUS 0x000F0034
 
+/* PBA BARs */
+#define P8_PBA_BAR0 0x2013f00
+#define P8_PBA_BAR2 0x2013f02
+#define P8_PBA_BARMASK0 0x2013f04
+#define P8_PBA_BARMASK2 0x2013f06
+#define P9_PBA_BAR0 0x5012b00
+#define P9_PBA_BAR2 0x5012b02
+#define P9_PBA_BARMASK0 0x5012b04
+#define P9_PBA_BARMASK2 0x5012b06
+
 static void xscom_complete(CPUState *cs, uint64_t hmer_bits)
 {
 /*
@@ -74,6 +84,26 @@ static uint64_t xscom_read_default(PnvChip *chip, uint32_t 
pcba)
 case 0x18002:   /* ECID2 */
 return 0;
 
+case P9_PBA_BAR0:
+return PNV9_HOMER_BASE(chip);
+case P8_PBA_BAR0:
+return PNV_HOMER_BASE(chip);
+
+case P9_PBA_BARMASK0: /* P9 homer region size */
+return PNV9_HOMER_SIZE;
+case P8_PBA_BARMASK0: /* P8 homer region size */
+return PNV_HOMER_SIZE;
+
+case P9_PBA_BAR2: /* P9 occ common area */
+return PNV9_OCC_COMMON_AREA(chip);
+case P8_PBA_BAR2: /* P8 occ common area */
+return PNV_OCC_COMMON_AREA(chip);
+
+case P9_PBA_BARMASK2: /* P9 occ common area size */
+return PNV9_OCC_COMMON_AREA_SIZE;
+case P8_PBA_BARMASK2: /* P8 occ common area size */
+return PNV_OCC_COMMON_AREA_SIZE;
+
 case 0x1010c00: /* PIBAM FIR */
 case 0x1010c03: /* PIBAM FIR MASK */
 
@@ -93,13 +123,9 @@ static uint64_t xscom_read_default(PnvChip *chip, uint32_t 
pcba)
 case 0x2020009: /* ADU stuff, error register */
 case 0x202000f: /* ADU stuff, receive status register*/
 return 0;
-case 0x2013f00: /* PBA stuff */
 case 0x2013f01: /* PBA stuff */
-case 0x2013f02: /* PBA stuff */
 case 0x2013f03: /* PBA stuff */
-case 0x2013f04: /* PBA stuff */
 case 0x2013f05: /* PBA stuff */
-case 0x2013f06: /* PBA stuff */
 case 0x2013f07: /* PBA stuff */
 return 0;
 case 0x2013028: /* CAPP stuff */
diff --git a/include/hw/ppc/pnv.h b/include/hw/ppc/pnv.h
index fb123edc4e..63a4b7b6a7 100644
--- a/include/hw/ppc/pnv.h
+++ b/include/hw/ppc/pnv.h
@@ -198,6 +198,16 @@ void pnv_bmc_powerdown(IPMIBmc *bmc);
 #define PNV_XSCOM_BASE(chip)\
 (0x0003fc00ull + ((uint64_t)(chip)->chip_id) * PNV_XSCOM_SIZE)
 
+#define PNV_OCC_COMMON_AREA_SIZE0x0070ull
+#define PNV_OCC_COMMON_AREA(chip)   \
+(0x7fff80ull + ((uint64_t)PNV_CHIP_INDEX(chip) * \
+ PNV_OCC_COMMON_AREA_SIZE))
+
+#define PNV_HOMER_SIZE  0x0030ull
+#define PNV_HOMER_BASE(chip)\
+(0x7ffd80ull + ((uint64_t)PNV_CHIP_INDEX(chip)) * PNV_HOMER_SIZE)
+
+
 /*
  * XSCOM 0x20109CA defines the ICP BAR:
  *
@@ -256,4 +266,12 @@ void pnv_bmc_powerdown(IPMIBmc *bmc);
 #define PNV9_XSCOM_SIZE  0x0004ull
 #define PNV9_XSCOM_BASE(chip)PNV9_CHIP_BASE(chip, 0x00603fcull)
 
+#define PNV9_OCC_COMMON_AREA_SIZE0x0070ull
+#define PNV9_OCC_COMMON_AREA(chip)  \
+(0x203fff80ull + ((uint64_t)PNV_CHIP_INDEX(chip) * \
+   PNV9_OCC_COMMON_AREA_SIZE))
+
+#define PNV9_HOMER_SIZE  0x0030ull
+#define PNV9_HOMER_BASE(chip)   \
+(0x203ffd80ull + ((uint64_t)PNV_CHIP_INDEX(chip)) * PNV9_HOMER_SIZE)
 #endif /* PPC_PNV_H */
-- 
2.14.5

Re: [Qemu-devel] TCG plugins and the GPL (was: [PATCH v4 00/54] plugins for TCG)

[Peter Maydell]

On Thu, 12 Sep 2019 at 10:03, Alex Bennée  wrote:
>
> Well the first thing will be we are not intending to offer a guaranteed
> ABI. While we don't want to be changing it at a whim there shouldn't be
> an expectation that the plugin interface will maintain backwards
> compatibility (unlike the command line interface ;-). There should be an
> expectation that plugins will likely need to be rebuilt against the
> current source tree from time to time.

Wait, what? From my perspective the whole point of the plugin
interface is that it should be stable, in that at least there's
a good chance that a plugin you built will work against multiple
versions of QEMU, and if it doesn't then it should fail with
a reasonable error message telling you to update. I'm not
sure we should be landing the plugins infrastructure if we
don't have that much stability.

thanks
-- PMM

[Qemu-devel] [PATCH v3 0/4] add Homer/OCC common area emulation for PowerNV

[Balamuruhan S]

Hi All,

This is follow-up patch that implements HOMER and OCC SRAM device
models to emulate homer memory and occ common area access for pstate
table, occ sensors, runtime data and slw.

Currently skiboot disables the homer/occ code path with `QUIRK_NO_PBA`,
this quirk have to be removed in skiboot for it to use HOMER and OCC
SRAM device models along with a bug fix,

https://github.com/balamuruhans/skiboot/commit/a655514d2a730e0372a2faee277d1cf01f71a524
https://github.com/balamuruhans/skiboot/commit/fd3d93d92ec66a7494346d6d24ced7b48264c9a0

This version fixes a review comment from Cedric in previous version,

changes in v3:
* pass on PnvHomer *homer directly to core_max_array() function
  from the caller.

v2 patchset:
https://lists.gnu.org/archive/html/qemu-devel/2019-09/msg02231.html

changes in v2:
* change to PnvHomer/PnvHomerClass instead of PnvHOMER/PnvHOMERClass
  for better code readabililty.
* fabric link to chip to use `nr_cores` from PnvChip struct for
  core_max_array() as we need to consider active cores in chip and not
  whole machine.
* declare variable well ahead instead in for() loop syntax to make
  all compilers happy.
* change to shorter variable name to `hmrc` instead of `homer_class`.
* remove `homer_` prefix for regs as it is not useful.
* have separate commit for checkpatch.pl coding style warnings.

v1 patchset:
https://lists.gnu.org/archive/html/qemu-devel/2019-09/msg01610.html

changes in v1:
* breaks it to have separate patch series for Homer and OCC
  emulation.
* reuse PnvOCC device model to implement SRAM device.
* implement PnvHomer as separate device model.
* have core max base address as part of PnvHOMERClass.
* reuse PNV_CHIP_INDEX() instead of introducing new `chip_num`.
* define all the memory ops access address as macros.
* few coding style warnings given by checkpatch.pl.

rfc patchset:
https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg00979.html

I request for review, comments and suggestions for the changes.

Balamuruhan S (4):
  hw/ppc/pnv_xscom: retrieve homer/occ base address from PBA BARs
  hw/ppc/pnv_occ: add sram device model for occ common area
  hw/ppc/pnv_homer: add PowerNV homer device model
  hw/ppc/pnv: fix checkpatch.pl coding style warnings

 hw/ppc/Makefile.objs   |   1 +
 hw/ppc/pnv.c   |  87 ---
 hw/ppc/pnv_homer.c | 272 +
 hw/ppc/pnv_occ.c   |  78 +
 hw/ppc/pnv_xscom.c |  34 +-
 include/hw/ppc/pnv.h   |  21 
 include/hw/ppc/pnv_homer.h |  53 +
 include/hw/ppc/pnv_occ.h   |   3 +
 8 files changed, 528 insertions(+), 21 deletions(-)
 create mode 100644 hw/ppc/pnv_homer.c
 create mode 100644 include/hw/ppc/pnv_homer.h

-- 
2.14.5

Re: [Qemu-devel] [PATCH v2 3/5] migration: Use automatic rcu_read unlock in rdma.c

[Daniel P . Berrangé]

On Wed, Sep 11, 2019 at 08:06:20PM +0100, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> Use the automatic read unlocker in migration/rdma.c.
> 
> Signed-off-by: Dr. David Alan Gilbert 
> ---
>  migration/rdma.c | 57 ++--
>  1 file changed, 11 insertions(+), 46 deletions(-)

Reviewed-by: Daniel P. Berrangé 


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[Qemu-devel] [Bug 1843151] Re: Regression: QEMU 4.1.0 qxl and KMS resoluiton only 4x10

[Dr. David Alan Gilbert]

OK that's interesting - I've got another bug I've been following that's
also fixed by (b).

A bisect would still be interesting; but one place to start might be to try 
before and after commit 
be812c0

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1843151

Title:
  Regression: QEMU 4.1.0 qxl and KMS resoluiton only 4x10

Status in QEMU:
  New

Bug description:
  Host is Arch Linux.  linux 5.2.13, qemu 4.1.0.  virt-viewer 8.0.

  Guest is Arch Linux Sept 2019 ISO.  linux 5.2.11.

  Have replicated this both on a system using amdgpu and one using
  integrated ASPEED graphics.

  Downgrading from 4.1.0 to 4.0.0 works as usual, see:
  https://www.youtube.com/watch?v=NyMdcYwOCvY

  Going back to 4.1.0 reproduces, see:
  https://www.youtube.com/watch?v=H3nGG2Mk6i0

  4.1.0 displays fine until KMS kicks in.

  Using 4.1.0 with virtio-vga doesn't cause this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1843151/+subscriptions

Re: [Qemu-devel] [PATCH] nbd/server: attach client channel to the export's AioContext

[Sergio Lopez]

Kevin Wolf  writes:

> Am 11.09.2019 um 18:15 hat Sergio Lopez geschrieben:
>> On creation, the export's AioContext is set to the same one as the
>> BlockBackend, while the AioContext in the client QIOChannel is left
>> untouched.
>> 
>> As a result, when using data-plane, nbd_client_receive_next_request()
>> schedules coroutines in the IOThread AioContext, while the client's
>> QIOChannel is serviced from the main_loop, potentially triggering the
>> assertion at qio_channel_restart_[read|write].
>> 
>> To fix this, as soon we have the export corresponding to the client,
>> we call qio_channel_attach_aio_context() to attach the QIOChannel
>> context to the export's AioContext. This matches with the logic in
>> blk_aio_attached().
>> 
>> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1748253
>> Signed-off-by: Sergio Lopez 
>
> Oh, looks like I only fixed switching the AioContext after the fact, but
> not starting the NBD server for a node that is already in a different
> AioContext... :-/
>
>> diff --git a/nbd/server.c b/nbd/server.c
>> index 10faedcfc5..51322e2343 100644
>> --- a/nbd/server.c
>> +++ b/nbd/server.c
>> @@ -471,6 +471,7 @@ static int nbd_negotiate_handle_export_name(NBDClient 
>> *client,
>>  QTAILQ_INSERT_TAIL(>exp->clients, client, next);
>>  nbd_export_get(client->exp);
>>  nbd_check_meta_export(client);
>> +qio_channel_attach_aio_context(client->ioc, client->exp->ctx);
>>  
>>  return 0;
>>  }
>> @@ -673,6 +674,7 @@ static int nbd_negotiate_handle_info(NBDClient *client, 
>> uint16_t myflags,
>>  QTAILQ_INSERT_TAIL(>exp->clients, client, next);
>>  nbd_export_get(client->exp);
>>  nbd_check_meta_export(client);
>> +qio_channel_attach_aio_context(client->ioc, exp->ctx);
>>  rc = 1;
>>  }
>>  return rc;
>
> I think I would rather do this once at the end of nbd_negotiate()
> instead of duplicating it across the different way to open an export.
> During the negotiation phase, we don't start requests yet, so doing
> everything from the main thread should be fine.

OK.

> Actually, not doing everything from the main thread sounds nasty because
> I think the next QIOChannel callback could then already be executed in
> the iothread while this one hasn't completed yet. Or do we have any
> locking in place for the negotiation?

This is the first time I look at NBD code, but IIUC all the negotiation
is done with synchronous nbd_[read|write]() calls, so even if the
coroutine yields due to EWOULDBLOCK, nothing else should be making
progress.

Sergio.


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] hw/net/vmxnet3: Fix leftover unregister_savevm

[Dr. David Alan Gilbert]

* Dr. David Alan Gilbert (git) (dgilb...@redhat.com) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> Commit 78dd48df3 reworked vmxnet3's live migration but left a straggling
> unregister_savevm call.  Remove it, although it doesn't seem to have
> any bad effect.
> 
> Signed-off-by: Dr. David Alan Gilbert 

Queued

> ---
>  hw/net/vmxnet3.c | 3 ---
>  1 file changed, 3 deletions(-)
> 
> diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
> index b07adeed9c..39ff6624c5 100644
> --- a/hw/net/vmxnet3.c
> +++ b/hw/net/vmxnet3.c
> @@ -2242,13 +2242,10 @@ static void vmxnet3_instance_init(Object *obj)
>  
>  static void vmxnet3_pci_uninit(PCIDevice *pci_dev)
>  {
> -DeviceState *dev = DEVICE(pci_dev);
>  VMXNET3State *s = VMXNET3(pci_dev);
>  
>  VMW_CBPRN("Starting uninit...");
>  
> -unregister_savevm(dev, "vmxnet3-msix", s);
> -
>  vmxnet3_net_uninit(s);
>  
>  vmxnet3_cleanup_msix(s);
> -- 
> 2.21.0
> 
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH V2 0/2] migration/qemu-file: cleanup and refine qemu-file

[Dr. David Alan Gilbert]

* Wei Yang (richard.weiy...@gmail.com) wrote:
> Two cleanup:
> 
> Patch #1 make code consistent on calling add_to_iovec
> Patch #2 refine the code to handle the case when buf already flushed

Queued

> v2:
>   * wrap common steps into add_buf_to_iovec()
> 
> Wei Yang (2):
>   migration/qemu-file: remove check on writev_buffer in
> qemu_put_compression_data
>   migration/qemu-file: fix potential buf waste for extra buf_index
> adjustment
> 
>  migration/qemu-file.c | 45 ++---
>  1 file changed, 26 insertions(+), 19 deletions(-)
> 
> -- 
> 2.15.1
> 
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH] nbd/server: attach client channel to the export's AioContext

[Kevin Wolf]

Am 12.09.2019 um 12:13 hat Sergio Lopez geschrieben:
> 
> Kevin Wolf  writes:
> 
> > Am 11.09.2019 um 18:15 hat Sergio Lopez geschrieben:
> >> On creation, the export's AioContext is set to the same one as the
> >> BlockBackend, while the AioContext in the client QIOChannel is left
> >> untouched.
> >> 
> >> As a result, when using data-plane, nbd_client_receive_next_request()
> >> schedules coroutines in the IOThread AioContext, while the client's
> >> QIOChannel is serviced from the main_loop, potentially triggering the
> >> assertion at qio_channel_restart_[read|write].
> >> 
> >> To fix this, as soon we have the export corresponding to the client,
> >> we call qio_channel_attach_aio_context() to attach the QIOChannel
> >> context to the export's AioContext. This matches with the logic in
> >> blk_aio_attached().
> >> 
> >> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1748253
> >> Signed-off-by: Sergio Lopez 
> >
> > Oh, looks like I only fixed switching the AioContext after the fact, but
> > not starting the NBD server for a node that is already in a different
> > AioContext... :-/
> >
> >> diff --git a/nbd/server.c b/nbd/server.c
> >> index 10faedcfc5..51322e2343 100644
> >> --- a/nbd/server.c
> >> +++ b/nbd/server.c
> >> @@ -471,6 +471,7 @@ static int nbd_negotiate_handle_export_name(NBDClient 
> >> *client,
> >>  QTAILQ_INSERT_TAIL(>exp->clients, client, next);
> >>  nbd_export_get(client->exp);
> >>  nbd_check_meta_export(client);
> >> +qio_channel_attach_aio_context(client->ioc, client->exp->ctx);
> >>  
> >>  return 0;
> >>  }
> >> @@ -673,6 +674,7 @@ static int nbd_negotiate_handle_info(NBDClient 
> >> *client, uint16_t myflags,
> >>  QTAILQ_INSERT_TAIL(>exp->clients, client, next);
> >>  nbd_export_get(client->exp);
> >>  nbd_check_meta_export(client);
> >> +qio_channel_attach_aio_context(client->ioc, exp->ctx);
> >>  rc = 1;
> >>  }
> >>  return rc;
> >
> > I think I would rather do this once at the end of nbd_negotiate()
> > instead of duplicating it across the different way to open an export.
> > During the negotiation phase, we don't start requests yet, so doing
> > everything from the main thread should be fine.
> 
> OK.
> 
> > Actually, not doing everything from the main thread sounds nasty because
> > I think the next QIOChannel callback could then already be executed in
> > the iothread while this one hasn't completed yet. Or do we have any
> > locking in place for the negotiation?
> 
> This is the first time I look at NBD code, but IIUC all the negotiation
> is done with synchronous nbd_[read|write]() calls, so even if the
> coroutine yields due to EWOULDBLOCK, nothing else should be making
> progress.

Ah, yes, you're right. We don't even have fd handlers installed if we
aren't currently waiting for the coroutine to be re-entered. So as
everything is tied to the one coroutine, this should not be a problem.

Let's avoid the duplication anyway.

Kevin


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v24 00/22] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190912060701.4642-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v24 00/22] Add RX archtecture support
Message-id: 20190912060701.4642-1-ys...@users.sourceforge.jp
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
854b969 qapi/machine.json: Add RX cpu.
40265e4 BootLinuxConsoleTest: Test the RX-Virt machine
a426c56 Add rx-softmmu
bf7b8b6 hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
e33fc18 hw/rx: Honor -accel qtest
c1f8515 hw/rx: RX Target hardware definition
ff330e1 hw/char: RX62N serial communication interface (SCI)
d9b6ec7 hw/timer: RX62N internal timer modules
61b5881 hw/intc: RX62N interrupt controller (ICUa)
449d7d2 target/rx: Dump bytes for each insn during disassembly
2324075 target/rx: Collect all bytes during disassembly
9d9e64f target/rx: Emit all disassembly in one prt()
bd10603 target/rx: Use prt_ldmi for XCHG_mr disassembly
621d97e target/rx: Replace operand with prt_ldmi in disassembler
faf812b target/rx: Disassemble rx_index_addr into a string
8836e1a target/rx: RX disassembler
9484d60 target/rx: CPU definition
280801b target/rx: TCG helper
e60db75 target/rx: TCG translation
2c8d76b hw/registerfields.h: Add 8bit and 16bit register macros
18cb0d7 qemu/bitops.h: Add extract8 and extract16
4441ef6 MAINTAINERS: Add RX

=== OUTPUT BEGIN ===
1/22 Checking commit 4441ef69b003 (MAINTAINERS: Add RX)
2/22 Checking commit 18cb0d7779c4 (qemu/bitops.h: Add extract8 and extract16)
3/22 Checking commit 2c8d76b1623d (hw/registerfields.h: Add 8bit and 16bit 
register macros)
Use of uninitialized value in concatenation (.) or string at 
./scripts/checkpatch.pl line 2484.
ERROR: Macros with multiple statements should be enclosed in a do - while loop
#27: FILE: include/hw/registerfields.h:25:
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };

ERROR: Macros with multiple statements should be enclosed in a do - while loop
#31: FILE: include/hw/registerfields.h:29:
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };

total: 2 errors, 0 warnings, 56 lines checked

Patch 3/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

4/22 Checking commit e60db75852e0 (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 4/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/22 Checking commit 280801b8d545 (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#21: 
new file mode 100644

total: 0 errors, 1 warnings, 650 lines checked

Patch 5/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
6/22 Checking commit 9484d60bcbeb (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#39: 
new file mode 100644

total: 0 errors, 1 warnings, 588 lines checked

Patch 6/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/22 Checking commit 8836e1a85647 (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 7/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
8/22 Checking commit faf812b3f51b (target/rx: Disassemble rx_index_addr into a 
string)
9/22 Checking commit 621d97ea9533 (target/rx: Replace operand with prt_ldmi in 
disassembler)
10/22 Checking commit bd1060338c1b (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
11/22 Checking commit 9d9e64f6c956 (target/rx: Emit all disassembly in one 
prt())
12/22 Checking commit 23240751bf85 (target/rx: Collect all bytes during 
disassembly)
13/22 Checking commit 449d7d244352 (target/rx: Dump bytes for each insn during 
disassembly)
14/22 Checking commit 61b5881909fe (hw/intc: RX62N interrupt controller (ICUa))
WARNING: added, moved or 

Re: [Qemu-devel] [Qemu-arm] [PATCH 01/13] target/arm/arm-semi: Capture errno in softmmu version of set_swi_errno()

[Alex Bennée]

Peter Maydell  writes:

> The set_swi_errno() function is called to capture the errno
> from a host system call, so that we can return -1 from the
> semihosting function and later allow the guest to get a more
> specific error code with the SYS_ERRNO function. It comes in
> two versions, one for user-only and one for softmmu. We forgot
> to capture the errno in the softmmu version; fix the error.
>
> (Semihosting calls directed to gdb are unaffected because
> they go through a different code path that captures the
> error return from the gdbstub call in arm_semi_cb() or
> arm_semi_flen_cb().)
>
> Signed-off-by: Peter Maydell 
> ---
> NB that a later commit will put in some cleanup of TaskState
> that will let us reduce the duplication between the two
> implementations of this function.
> ---
>  target/arm/arm-semi.c | 9 +
>  1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
> index 90423a35deb..03e60105c05 100644
> --- a/target/arm/arm-semi.c
> +++ b/target/arm/arm-semi.c
> @@ -114,8 +114,13 @@ static inline uint32_t set_swi_errno(TaskState *ts, 
> uint32_t code)
>  return code;
>  }
>  #else
> +static target_ulong syscall_err;
> +

I appreciate that this is just moving things around but this will be
broken for -smp > 1 if two vCPUs make a syscall at the same time. For
linux-user this information is kept in ts->swi_errno which is
per-thread. Either we need a __thread version or find somewhere in
CPUARMState to store it.

>  static inline uint32_t set_swi_errno(CPUARMState *env, uint32_t code)
>  {
> +if (code == (uint32_t)-1) {
> +syscall_err = errno;
> +}
>  return code;
>  }
>
> @@ -124,10 +129,6 @@ static inline uint32_t set_swi_errno(CPUARMState *env, 
> uint32_t code)
>
>  static target_ulong arm_semi_syscall_len;
>
> -#if !defined(CONFIG_USER_ONLY)
> -static target_ulong syscall_err;
> -#endif
> -
>  static void arm_semi_cb(CPUState *cs, target_ulong ret, target_ulong err)
>  {
>  ARMCPU *cpu = ARM_CPU(cs);


--
Alex Bennée

Re: [Qemu-devel] [Qemu-arm] [PATCH 08/13] target/arm/arm-semi: Factor out implementation of SYS_ISTTY

[Alex Bennée]

Peter Maydell  writes:

> Factor out the implementation of SYS_ISTTY via the new function
> tables.
>
> Signed-off-by: Peter Maydell 

Reviewed-by: Alex Bennée 

> ---
>  target/arm/arm-semi.c | 20 +++-
>  1 file changed, 15 insertions(+), 5 deletions(-)
>
> diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
> index 48a10dd3c3a..64ed39fc075 100644
> --- a/target/arm/arm-semi.c
> +++ b/target/arm/arm-semi.c
> @@ -349,6 +349,7 @@ typedef uint32_t sys_writefn(TaskState *ts, ARMCPU *cpu, 
> GuestFD *gf,
>   target_ulong buf, uint32_t len);
>  typedef uint32_t sys_readfn(TaskState *ts, ARMCPU *cpu, GuestFD *gf,
>  target_ulong buf, uint32_t len);
> +typedef uint32_t sys_isattyfn(TaskState *ts, ARMCPU *cpu, GuestFD *gf);
>
>  static uint32_t host_closefn(TaskState *ts, ARMCPU *cpu, GuestFD *gf)
>  {
> @@ -399,6 +400,11 @@ static uint32_t host_readfn(TaskState *ts, ARMCPU *cpu, 
> GuestFD *gf,
>  return len - ret;
>  }
>
> +static uint32_t host_isattyfn(TaskState *ts, ARMCPU *cpu, GuestFD *gf)
> +{
> +return isatty(gf->hostfd);
> +}
> +
>  static uint32_t gdb_closefn(TaskState *ts, ARMCPU *cpu, GuestFD *gf)
>  {
>  return arm_gdb_syscall(cpu, arm_semi_cb, "close,%x", gf->hostfd);
> @@ -420,10 +426,16 @@ static uint32_t gdb_readfn(TaskState *ts, ARMCPU *cpu, 
> GuestFD *gf,
> gf->hostfd, buf, len);
>  }
>
> +static uint32_t gdb_isattyfn(TaskState *ts, ARMCPU *cpu, GuestFD *gf)
> +{
> +return arm_gdb_syscall(cpu, arm_semi_cb, "isatty,%x", gf->hostfd);
> +}
> +
>  typedef struct GuestFDFunctions {
>  sys_closefn *closefn;
>  sys_writefn *writefn;
>  sys_readfn *readfn;
> +sys_isattyfn *isattyfn;
>  } GuestFDFunctions;
>
>  static const GuestFDFunctions guestfd_fns[] = {
> @@ -431,11 +443,13 @@ static const GuestFDFunctions guestfd_fns[] = {
>  .closefn = host_closefn,
>  .writefn = host_writefn,
>  .readfn = host_readfn,
> +.isattyfn = host_isattyfn,
>  },
>  [GuestFDGDB] = {
>  .closefn = gdb_closefn,
>  .writefn = gdb_writefn,
>  .readfn = gdb_readfn,
> +.isattyfn = gdb_isattyfn,
>  },
>  };
>
> @@ -600,11 +614,7 @@ target_ulong do_arm_semihosting(CPUARMState *env)
>  return set_swi_errno(ts, -1);
>  }
>
> -if (use_gdb_syscalls()) {
> -return arm_gdb_syscall(cpu, arm_semi_cb, "isatty,%x", 
> gf->hostfd);
> -} else {
> -return isatty(gf->hostfd);
> -}
> +return guestfd_fns[gf->type].isattyfn(ts, cpu, gf);
>  case TARGET_SYS_SEEK:
>  GET_ARG(0);
>  GET_ARG(1);


--
Alex Bennée

Re: [Qemu-devel] [Bug 1842787] Re: Writes permanently hang with very heavy I/O on virtio-scsi - worse on virtio-blk

[Stefan Hajnoczi]

On Thu, Sep 05, 2019 at 03:42:03AM -, James Harvey wrote:
> ** Description changed:
> 
>   Up to date Arch Linux on host and guest.  linux 5.2.11.  QEMU 4.1.0.
>   Full command line at bottom.
>   
>   Host gives QEMU two thin LVM volumes.  The first is the root filesystem,
>   and the second is for heavy I/O, on a Samsung 970 Evo 1TB.
>   
>   When maxing out the I/O on the second virtual block device using virtio-
>   blk, I often get a "lockup" in about an hour or two.  From the advise of
>   iggy in IRC, I switched over to virtio-scsi.  It ran perfectly for a few
>   days, but then "locked up" in the same way.
>   
>   By "lockup", I mean writes to the second virtual block device
>   permanently hang.  I can read files from it, but even "touch foo" never
>   times out, cannot be "kill -9"'ed, and is stuck in uninterruptible
>   sleep.
>   
>   When this happens, writes to the first virtual block device with the
>   root filesystem are fine, so the O/S itself remains responsive.
>   
>   The second virtual block device uses BTRFS.  But, I have also tried XFS
>   and reproduced the issue.
>   
>   In guest, when this starts, it starts logging "task X blocked for more
>   than Y seconds".  Below is an example of one of these.  At this point,
>   anything that is or does in the future write to this block device gets
>   stuck in uninterruptible sleep.
>   
>   -
>   
>   INFO: task kcompactd:232 blocked for more than 860 seconds.
>     Not tained 5.2.11-1 #1
>   "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this messae.
>   kcompactd0  D0   232  2 0x80004000
>   Call Trace:
>    ? __schedule+0x27f/0x6d0
>    schedule+0x3d/0xc0
>    io_schedule+0x12/0x40
>    __lock_page+0x14a/0x250
>    ? add_to_page_cache_lru+0xe0/0xe0
>    migrate_pages+0x803/0xb70
>    ? isolate_migratepages_block+0x9f0/0x9f0
>    ? __reset_isolation_suitable+0x110/0x110
>    compact_zone+0x6a2/0xd30
>    kcompactd_do_work+0x134/0x260
>    ? kvm_clock_read+0x14/0x30
>    ? kvm_sched_clock_read+0x5/0x10
>    kcompactd+0xd3/0x220
>    ? wait_woken+0x80/0x80
>    kthread+0xfd/0x130
>    ? kcompactd_do_work+0x260/0x260
>    ? kthread_park+0x80/0x80
>    ret_from_fork+0x35/0x40
>   
>   -
>   
>   In guest, there are no other dmesg/journalctl entries other than
>   "task...blocked".
>   
>   On host, there are no dmesg/journalctl entries whatsoever.  Everything
>   else in host continues to work fine, including other QEMU VM's on the
>   same underlying SSD (but obviously different lvm volumes.)
>   
>   I understand there might not be enough to go on here, and I also
>   understand it's possible this isn't a QEMU bug.  Happy to run given
>   commands or patches to help diagnose what's going on here.
>   
>   I'm now running a custom compiled QEMU 4.1.0, with debug symbols, so I
>   can get a meaningful backtrace from the host point of view.
>   
>   I've only recently tried this level of I/O, so can't say if this is a
>   new issue.
>   
> + When writes are hanging, on host, I can connect to the monitor.  Running
> + "info block" shows nothing unusual.
> + 
>   -
>   
>   /usr/bin/qemu-system-x86_64
>      -name arch,process=qemu:arch
>      -no-user-config
>      -nodefaults
>      -nographic
>      -uuid 0528162b-2371-41d5-b8da-233fe61b6458
>      -pidfile /tmp/0528162b-2371-41d5-b8da-233fe61b6458.pid
>      -machine q35,accel=kvm,vmport=off,dump-guest-core=off
>      -cpu SandyBridge-IBRS
>      -smp cpus=24,cores=12,threads=1,sockets=2
>      -m 24G
>      -drive 
> if=pflash,format=raw,readonly,file=/usr/share/ovmf/x64/OVMF_CODE.fd
>      -drive 
> if=pflash,format=raw,readonly,file=/var/qemu/0528162b-2371-41d5-b8da-233fe61b6458.fd
>      -monitor telnet:localhost:8000,server,nowait,nodelay
>      -spice 
> unix,addr=/tmp/0528162b-2371-41d5-b8da-233fe61b6458.sock,disable-ticketing
>      -device ioh3420,id=pcie.1,bus=pcie.0,slot=0
>      -device virtio-vga,bus=pcie.1,addr=0
>      -usbdevice tablet
>      -netdev bridge,id=network0,br=br0
>      -device 
> virtio-net-pci,netdev=network0,mac=02:37:de:79:19:09,bus=pcie.0,addr=3
>      -device virtio-scsi-pci,id=scsi1
>      -drive 
> driver=raw,node-name=hd0,file=/dev/lvm/arch_root,if=none,discard=unmap
>      -device scsi-hd,drive=hd0,bootindex=1
>      -drive 
> driver=raw,node-name=hd1,file=/dev/lvm/arch_nvme,if=none,discard=unmap
>      -device scsi-hd,drive=hd1,bootindex=2

Please post backtrace of all QEMU threads when I/O is hung.  You can use
"gdb -p $(pidog qemu-system-x86_64)" to connect GDB and "thread apply
all bt" to produce a backtrace of all threads.

Stefan


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-arm] [PATCH 04/13] target/arm/arm-semi: clean up TaskState* usage in non-user-only code

[Peter Maydell]

On Thu, 12 Sep 2019 at 12:44, Alex Bennée  wrote:
> Why not pass cs to set_swi_errno and deal with all the differences in
> the helper?

Mmm, that might be better. I think I was going for
not changing the existing use of TaskState in the
code paths that use it.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 12/13] target/arm/arm-semi: Implement SH_EXT_STDOUT_STDERR extension

[Alex Bennée]

Peter Maydell  writes:

> SH_EXT_STDOUT_STDERR is a v2.0 semihosting extension: the guest
> can open ":tt" with a file mode requesting append access in
> order to open stderr, in addition to the existing "open for
> read for stdin or write for stdout". Implement this and
> report it via the :semihosting-features data.
>
> Signed-off-by: Peter Maydell 
> ---
>  target/arm/arm-semi.c | 22 --
>  1 file changed, 20 insertions(+), 2 deletions(-)
>
> diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
> index 531084b7799..0df8d4d69d6 100644
> --- a/target/arm/arm-semi.c
> +++ b/target/arm/arm-semi.c
> @@ -476,12 +476,16 @@ static uint32_t gdb_flenfn(TaskState *ts, ARMCPU *cpu, 
> GuestFD *gf)
>  #define SHFB_MAGIC_2 0x46
>  #define SHFB_MAGIC_3 0x42
>
> +/* Feature bits reportable in feature byte 0 */
> +#define SH_EXT_EXIT_EXTENDED (1 << 0)

If you swap 12/13 this could be kept with the related feature. I don't
think one implies the other right?

> +#define SH_EXT_STDOUT_STDERR (1 << 1)
> +
>  static const uint8_t featurefile_data[] = {
>  SHFB_MAGIC_0,
>  SHFB_MAGIC_1,
>  SHFB_MAGIC_2,
>  SHFB_MAGIC_3,
> -0, /* Feature byte 0 */
> +SH_EXT_STDOUT_STDERR, /* Feature byte 0 */
>  };
>
>  static void init_featurefile_guestfd(int guestfd)
> @@ -674,7 +678,21 @@ target_ulong do_arm_semihosting(CPUARMState *env)
>  }
>
>  if (strcmp(s, ":tt") == 0) {
> -int result_fileno = arg1 < 4 ? STDIN_FILENO : STDOUT_FILENO;
> +int result_fileno;
> +
> +/*
> + * We implement SH_EXT_STDOUT_STDERR, so:
> + *  open for read == stdin
> + *  open for write == stdout
> + *  open for append == stderr
> + */

I love the way the spec documents field2 as an ISO C fopen() mode and
then an extension literally subverts the meaning to be something else.
Where the designers worried about adding a SYS_OPEN_TTY function to the
interface?

Anyway it meets the spec however weird it might be:

Reviewed-by: Alex Bennée 

> +if (arg1 < 4) {
> +result_fileno = STDIN_FILENO;
> +} else if (arg1 < 8) {
> +result_fileno = STDOUT_FILENO;
> +} else {
> +result_fileno = STDERR_FILENO;
> +}
>  associate_guestfd(guestfd, result_fileno);
>  unlock_user(s, arg0, 0);
>  return guestfd;


--
Alex Bennée

Re: [Qemu-devel] Subject: Re: [PATCH] hw/block/nvme

[Stefan Hajnoczi]

On Tue, Sep 10, 2019 at 11:23:50PM +0300, Toe Dev wrote:
> Hey,
> While reviewing I noticed maybe we need to update the spec revision.
> In: nvme_class_init(...)
> 
> current code  pc->revision=2
> change to: pc->revision=3
> However not really important I think.. Just for consistency.
> When I done reviewing, should it be patched too, How?

The NVMe specification declares the PCI Revision ID field implementation
specific.  It doesn't seem to be a reflection of the NVMe specification
supported by the device.

If there is a PCI Vendor 0x8086 Device 0x5845 in the real world with
revision = 3 that we now emulate correctly, then it could be updated.

However, for live migration compatibility QEMU must keep old
guest-visible behavior too.  It's not as simple as changing the revision
value to 3, because then existing VMs migrating from an old QEMU to a
new QEMU would suddenly see the hardware change beneath them.

QEMU has the "machine types" mechanism to deal with this.  QEMU 4.2 and
later machine types (e.g. "pc-q35-4.2") would use revision = 3 while
older machine types would use revision = 2.  This maintains live
migration compatibility.

In summary, there is probably no strong reason to change this (although
I'm not an NVMe expert so maybe I've missed something).


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v24 00/22] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190912060701.4642-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v24 00/22] Add RX archtecture support
Message-id: 20190912060701.4642-1-ys...@users.sourceforge.jp
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]  patchew/20190911155125.11932-1-eric.au...@redhat.com -> 
patchew/20190911155125.11932-1-eric.au...@redhat.com
 - [tag update]  patchew/20190912060701.4642-1-ys...@users.sourceforge.jp 
-> patchew/20190912060701.4642-1-ys...@users.sourceforge.jp
Switched to a new branch 'test'
8840cbe qapi/machine.json: Add RX cpu.
4771d28 BootLinuxConsoleTest: Test the RX-Virt machine
0ec329e Add rx-softmmu
bbc35e0 hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
1101341 hw/rx: Honor -accel qtest
a74f685 hw/rx: RX Target hardware definition
d8a6c3f hw/char: RX62N serial communication interface (SCI)
19db804 hw/timer: RX62N internal timer modules
d62c0fc hw/intc: RX62N interrupt controller (ICUa)
fb0a977 target/rx: Dump bytes for each insn during disassembly
5f7434e target/rx: Collect all bytes during disassembly
85a2cc5 target/rx: Emit all disassembly in one prt()
522142f target/rx: Use prt_ldmi for XCHG_mr disassembly
1def58b target/rx: Replace operand with prt_ldmi in disassembler
c655e3d target/rx: Disassemble rx_index_addr into a string
96bdcb6 target/rx: RX disassembler
64e57e5 target/rx: CPU definition
de36389 target/rx: TCG helper
0663825 target/rx: TCG translation
36d9ad4 hw/registerfields.h: Add 8bit and 16bit register macros
f1d9a7f qemu/bitops.h: Add extract8 and extract16
a4c45e2 MAINTAINERS: Add RX

=== OUTPUT BEGIN ===
1/22 Checking commit a4c45e218ea4 (MAINTAINERS: Add RX)
2/22 Checking commit f1d9a7fda4d6 (qemu/bitops.h: Add extract8 and extract16)
3/22 Checking commit 36d9ad4d18a6 (hw/registerfields.h: Add 8bit and 16bit 
register macros)
Use of uninitialized value in concatenation (.) or string at 
./scripts/checkpatch.pl line 2484.
ERROR: Macros with multiple statements should be enclosed in a do - while loop
#27: FILE: include/hw/registerfields.h:25:
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };

ERROR: Macros with multiple statements should be enclosed in a do - while loop
#31: FILE: include/hw/registerfields.h:29:
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };

total: 2 errors, 0 warnings, 56 lines checked

Patch 3/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

4/22 Checking commit 066382540c53 (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 4/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/22 Checking commit de3638959b10 (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#21: 
new file mode 100644

total: 0 errors, 1 warnings, 650 lines checked

Patch 5/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
6/22 Checking commit 64e57e51cdfe (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#39: 
new file mode 100644

total: 0 errors, 1 warnings, 588 lines checked

Patch 6/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/22 Checking commit 96bdcb65077f (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 7/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
8/22 Checking commit c655e3d74d62 (target/rx: Disassemble rx_index_addr into a 
string)
9/22 Checking commit 1def58b9354e (target/rx: Replace operand with prt_ldmi in 
disassembler)
10/22 Checking commit 522142f319b1 (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
11/22 Checking commit 85a2cc54ba82 (target/rx: Emit 

Re: [Qemu-devel] [RFC v2 1/2] docs: vhost-user: add in-band kick/call messages

[Dr. David Alan Gilbert]

* Johannes Berg (johan...@sipsolutions.net) wrote:
> On Wed, 2019-09-11 at 20:15 +0100, Dr. David Alan Gilbert wrote:
> 
> > > Extend the protocol slightly, so that a message can be used for kick
> > > and call instead, if VHOST_USER_PROTOCOL_F_IN_BAND_NOTIFICATIONS is
> > > negotiated. This in itself doesn't guarantee synchronisation, but both
> > > sides can also negotiate VHOST_USER_PROTOCOL_F_REPLY_ACK and thus get
> > > a reply to this message by setting the need_reply flag, and ensure
> > > synchronisation this way.
> > 
> > I'm confused; if you've already got REPLY_ACK, why do we need anything
> > else?  We already require the reply on set_mem_table as part of
> > postcopy.
> 
> Hmm? How's this related to set_mem_table?
> 
> For simulation purposes, I need the kick and call (and error perhaps
> though it's not really used by anyone now it seems) to be synchronous
> messages instead of asynchronous event FD pushes.
> 
> But I think enough words have been expended on explaining it already, if
> I may kindly ask you to read the discussions with Stefan and Michael
> here:
> 
> https://lore.kernel.org/qemu-devel/20190902121233.13382-1-johan...@sipsolutions.net/

Ah OK.

You're actually using the same trick of using
REPLY_ACK/need_reply  to make it synchronous that set_mem_table does;
that makes sense - but then new calls are getting it to actually process
some data/commands on the ring itself?

Dave

> Thanks,
> johannes
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH v2 1/5] rcu: Add automatically released rcu_read_lock variant

[Daniel P . Berrangé]

On Wed, Sep 11, 2019 at 08:06:18PM +0100, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> RCU_READ_LOCK_AUTO takes the rcu_read_lock and then uses glib's
> g_auto infrastructure (and thus whatever the compiler's hooks are) to
> release it on all exits of the block.
> 
> Signed-off-by: Dr. David Alan Gilbert 
> ---
>  include/qemu/rcu.h | 18 ++
>  1 file changed, 18 insertions(+)

Reviewed-by: Daniel P. Berrangé 


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[Qemu-devel] [PATCH v3 4/4] hw/ppc/pnv: fix checkpatch.pl coding style warnings

[Balamuruhan S]

There were few trailing comments after `/*` instead in
new line and line more than 80 character, these fixes are
trivial and doesn't change any logic in code.

Reviewed-by: Cédric Le Goater 
Signed-off-by: Balamuruhan S 
---
 hw/ppc/pnv.c | 49 -
 1 file changed, 32 insertions(+), 17 deletions(-)

diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index f249e72356..77a86c6a23 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -187,7 +187,8 @@ static void pnv_dt_core(PnvChip *chip, PnvCore *pc, void 
*fdt)
 
 _FDT((fdt_setprop_cell(fdt, offset, "timebase-frequency", tbfreq)));
 _FDT((fdt_setprop_cell(fdt, offset, "clock-frequency", cpufreq)));
-_FDT((fdt_setprop_cell(fdt, offset, "ibm,slb-size", 
cpu->hash64_opts->slb_size)));
+_FDT((fdt_setprop_cell(fdt, offset, "ibm,slb-size",
+   cpu->hash64_opts->slb_size)));
 _FDT((fdt_setprop_string(fdt, offset, "status", "okay")));
 _FDT((fdt_setprop(fdt, offset, "64-bit", NULL, 0)));
 
@@ -200,19 +201,23 @@ static void pnv_dt_core(PnvChip *chip, PnvCore *pc, void 
*fdt)
segs, sizeof(segs;
 }
 
-/* Advertise VMX/VSX (vector extensions) if available
+/*
+ * Advertise VMX/VSX (vector extensions) if available
  *   0 / no property == no vector extensions
  *   1   == VMX / Altivec available
- *   2   == VSX available */
+ *   2   == VSX available
+ */
 if (env->insns_flags & PPC_ALTIVEC) {
 uint32_t vmx = (env->insns_flags2 & PPC2_VSX) ? 2 : 1;
 
 _FDT((fdt_setprop_cell(fdt, offset, "ibm,vmx", vmx)));
 }
 
-/* Advertise DFP (Decimal Floating Point) if available
+/*
+ * Advertise DFP (Decimal Floating Point) if available
  *   0 / no property == no DFP
- *   1   == DFP available */
+ *   1   == DFP available
+ */
 if (env->insns_flags2 & PPC2_DFP) {
 _FDT((fdt_setprop_cell(fdt, offset, "ibm,dfp", 1)));
 }
@@ -424,7 +429,8 @@ static int pnv_dt_isa_device(DeviceState *dev, void *opaque)
 return 0;
 }
 
-/* The default LPC bus of a multichip system is on chip 0. It's
+/*
+ * The default LPC bus of a multichip system is on chip 0. It's
  * recognized by the firmware (skiboot) using a "primary" property.
  */
 static void pnv_dt_isa(PnvMachineState *pnv, void *fdt)
@@ -442,8 +448,10 @@ static void pnv_dt_isa(PnvMachineState *pnv, void *fdt)
 assert(phandle > 0);
 _FDT((fdt_setprop_cell(fdt, isa_offset, "phandle", phandle)));
 
-/* ISA devices are not necessarily parented to the ISA bus so we
- * can not use object_child_foreach() */
+/*
+ * ISA devices are not necessarily parented to the ISA bus so we
+ * can not use object_child_foreach()
+ */
 qbus_walk_children(BUS(pnv->isa_bus), pnv_dt_isa_device, NULL, NULL, NULL,
);
 }
@@ -545,7 +553,8 @@ static void pnv_reset(MachineState *machine)
 
 qemu_devices_reset();
 
-/* OpenPOWER systems have a BMC, which can be defined on the
+/*
+ * OpenPOWER systems have a BMC, which can be defined on the
  * command line with:
  *
  *   -device ipmi-bmc-sim,id=bmc0
@@ -705,7 +714,8 @@ static void pnv_init(MachineState *machine)
 
 pnv->chips[i] = PNV_CHIP(chip);
 
-/* TODO: put all the memory in one node on chip 0 until we find a
+/*
+ * TODO: put all the memory in one node on chip 0 until we find a
  * way to specify different ranges for each chip
  */
 if (i == 0) {
@@ -732,8 +742,10 @@ static void pnv_init(MachineState *machine)
 /* Create an RTC ISA device too */
 mc146818_rtc_init(pnv->isa_bus, 2000, NULL);
 
-/* OpenPOWER systems use a IPMI SEL Event message to notify the
- * host to powerdown */
+/*
+ * OpenPOWER systems use a IPMI SEL Event message to notify the
+ * host to powerdown
+ */
 pnv->powerdown_notifier.notify = pnv_powerdown_notify;
 qemu_register_powerdown_notifier(>powerdown_notifier);
 }
@@ -803,7 +815,8 @@ static void pnv_chip_power9_intc_create(PnvChip *chip, 
PowerPCCPU *cpu,
 pnv_cpu->intc = obj;
 }
 
-/* Allowed core identifiers on a POWER8 Processor Chip :
+/*
+ * Allowed core identifiers on a POWER8 Processor Chip :
  *
  * 
  *  EX1  - Venice only
@@ -928,8 +941,10 @@ static void pnv_chip_power8_realize(DeviceState *dev, 
Error **errp)
 (uint64_t) PNV_XSCOM_BASE(chip),
 PNV_XSCOM_LPC_BASE);
 
-/* Interrupt Management Area. This is the memory region holding
- * all the Interrupt Control Presenter (ICP) registers */
+/*
+ * Interrupt Management Area. This is the memory region holding
+ * all the Interrupt Control Presenter (ICP) registers
+ */
 pnv_chip_icp_realize(chip8, _err);
 if (local_err) {
 error_propagate(errp, 

Re: [Qemu-devel] [PATCH v2 4/5] rcu: Use automatic rc_read unlock in core memory/exec code

[Daniel P . Berrangé]

On Wed, Sep 11, 2019 at 08:06:21PM +0100, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> Only in the cases where nothing else interesting happens
> after the unlock.
> 
> Signed-off-by: Dr. David Alan Gilbert 
> ---
>  exec.c  | 46 +
>  include/exec/ram_addr.h |  8 ++-
>  memory.c| 15 +-
>  3 files changed, 21 insertions(+), 48 deletions(-)

Reviewed-by: Daniel P. Berrangé 


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH v3 3/4] hw/ppc/pnv_homer: add PowerNV homer device model

[Cédric Le Goater]

On 12/09/2019 11:30, Balamuruhan S wrote:
> add PnvHomer device model to emulate homer memory access
> for pstate table, occ-sensors, slw, occ static and dynamic
> values for Power8 and Power9 chips.
> 
> Signed-off-by: Balamuruhan S 



Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  hw/ppc/Makefile.objs   |   1 +
>  hw/ppc/pnv.c   |  30 +
>  hw/ppc/pnv_homer.c | 272 
> +
>  include/hw/ppc/pnv.h   |   3 +
>  include/hw/ppc/pnv_homer.h |  53 +
>  5 files changed, 359 insertions(+)
>  create mode 100644 hw/ppc/pnv_homer.c
>  create mode 100644 include/hw/ppc/pnv_homer.h
> 
> diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
> index 2c4e1c8de0..580bb4f0dd 100644
> --- a/hw/ppc/Makefile.objs
> +++ b/hw/ppc/Makefile.objs
> @@ -9,6 +9,7 @@ obj-$(CONFIG_PSERIES) += spapr_tpm_proxy.o
>  obj-$(CONFIG_SPAPR_RNG) +=  spapr_rng.o
>  # IBM PowerNV
>  obj-$(CONFIG_POWERNV) += pnv.o pnv_xscom.o pnv_core.o pnv_lpc.o pnv_psi.o 
> pnv_occ.o pnv_bmc.o
> +obj-$(CONFIG_POWERNV) += pnv_homer.o
>  ifeq ($(CONFIG_PCI)$(CONFIG_PSERIES)$(CONFIG_LINUX), yyy)
>  obj-y += spapr_pci_vfio.o spapr_pci_nvlink2.o
>  endif
> diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
> index 80338ffe87..f249e72356 100644
> --- a/hw/ppc/pnv.c
> +++ b/hw/ppc/pnv.c
> @@ -847,6 +847,11 @@ static void pnv_chip_power8_instance_init(Object *obj)
>  TYPE_PNV8_OCC, _abort, NULL);
>  object_property_add_const_link(OBJECT(>occ), "psi",
> OBJECT(>psi), _abort);
> +
> +object_initialize_child(obj, "homer",  >homer, 
> sizeof(chip8->homer),
> +TYPE_PNV8_HOMER, _abort, NULL);
> +object_property_add_const_link(OBJECT(>homer), "chip", obj,
> +   _abort);
>  }
>  
>  static void pnv_chip_icp_realize(Pnv8Chip *chip8, Error **errp)
> @@ -942,6 +947,16 @@ static void pnv_chip_power8_realize(DeviceState *dev, 
> Error **errp)
>  /* OCC SRAM model */
>  memory_region_add_subregion(get_system_memory(), 
> PNV_OCC_COMMON_AREA(chip),
>  >occ.sram_regs);
> +
> +/* HOMER */
> +object_property_set_bool(OBJECT(>homer), true, "realized",
> + _err);
> +if (local_err) {
> +error_propagate(errp, local_err);
> +return;
> +}
> +memory_region_add_subregion(get_system_memory(), PNV_HOMER_BASE(chip),
> +>homer.regs);
>  }
>  
>  static void pnv_chip_power8e_class_init(ObjectClass *klass, void *data)
> @@ -1024,6 +1039,11 @@ static void pnv_chip_power9_instance_init(Object *obj)
>  TYPE_PNV9_OCC, _abort, NULL);
>  object_property_add_const_link(OBJECT(>occ), "psi",
> OBJECT(>psi), _abort);
> +
> +object_initialize_child(obj, "homer",  >homer, 
> sizeof(chip9->homer),
> +TYPE_PNV9_HOMER, _abort, NULL);
> +object_property_add_const_link(OBJECT(>homer), "chip", obj,
> +   _abort);
>  }
>  
>  static void pnv_chip_quad_realize(Pnv9Chip *chip9, Error **errp)
> @@ -1134,6 +1154,16 @@ static void pnv_chip_power9_realize(DeviceState *dev, 
> Error **errp)
>  /* OCC SRAM model */
>  memory_region_add_subregion(get_system_memory(), 
> PNV9_OCC_COMMON_AREA(chip),
>  >occ.sram_regs);
> +
> +/* HOMER */
> +object_property_set_bool(OBJECT(>homer), true, "realized",
> + _err);
> +if (local_err) {
> +error_propagate(errp, local_err);
> +return;
> +}
> +memory_region_add_subregion(get_system_memory(), PNV9_HOMER_BASE(chip),
> +>homer.regs);
>  }
>  
>  static void pnv_chip_power9_class_init(ObjectClass *klass, void *data)
> diff --git a/hw/ppc/pnv_homer.c b/hw/ppc/pnv_homer.c
> new file mode 100644
> index 00..cc881a3b32
> --- /dev/null
> +++ b/hw/ppc/pnv_homer.c
> @@ -0,0 +1,272 @@
> +/*
> + * QEMU PowerPC PowerNV Emulation of a few HOMER related registers
> + *
> + * Copyright (c) 2019, IBM Corporation.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License, version 2, as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, see .
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qapi/error.h"
> +#include "exec/hwaddr.h"
> +#include "exec/memory.h"
> +#include "sysemu/cpus.h"
> +#include 

Re: [Qemu-devel] [PATCH v3 0/4] add Homer/OCC common area emulation for PowerNV

[Balamuruhan S]

On Thu, Sep 12, 2019 at 11:54:00AM +0200, Cédric Le Goater wrote:
> On 12/09/2019 11:30, Balamuruhan S wrote:
> > Hi All,
> > 
> > This is follow-up patch that implements HOMER and OCC SRAM device
> > models to emulate homer memory and occ common area access for pstate
> > table, occ sensors, runtime data and slw.
> 
> So, now, we can write directly to the OCC SRAM memory region from the

I think you are referring to the other part of RFC where we can feed/
write data dynamically to the memory region with Qemu monitor interface
that you have suggested to adopt instead of python API interface. I
am working with Hariharan to enable it and I would need some time for
it.

> QEMU monitor. How will skiboot pick up the changes ?  

with current changes, we do create device tree with the base address of
Homer and OCC region and skiboot picks up, initializes it during PowerNV
emulated host boots up and tries to start dereferring the pstate table,
occ sensor data, runtime data etc., with offsets for which we have defined
in Qemu and Qemu returns some default value so that skiboot doesn't
invalidate/error it. Additionally once we get this patchset merged we should
get the skiboot patches in for enabling the code path of homer/occ if
skiboot detects Qemu. For reference we can see below boot log of Qemu
emulated PowerNV host,

[0.029304612,5] OPAL 165b3829-root-dirty-d7b62c6 starting...
[0.030088822,7] initial console log level: memory 7, driver 5
[0.030147011,6] CPU: P9 generation processor (max 4 threads/core)
[0.030178089,7] CPU: Boot CPU PIR is 0x PVR is 0x004e1200
[0.030367773,7] OPAL table: 0x30106930 .. 0x30106ea0, branch table: 
0x30002000
[0.030639657,7] Assigning physical memory map table for nimbus
[0.030954762,7] FDT: Parsing fdt @0x100
[0.034344285,5] CHIP: Detected Qemu simulator
[0.034586944,6] CHIP: Initialised chip 0 from xscom@603fc
[0.035083506,6] P9 DD2.00 detected
[0.035109773,5] CHIP: Chip ID  type: P9N DD2.00
[0.035126551,7] XSCOM: Base address: 0x603fc
[0.035161363,7] XSTOP: ibm,sw-checkstop-fir prop not found
[0.035274093,6] MFSI 0:0: Initialized
[0.035291808,6] MFSI 0:2: Initialized
[0.035308832,6] MFSI 0:1: Initialized
[0.036009709,6] LPC: LPC[000]: Initialized
[0.036024631,7] LPC: access via MMIO @0x60300
[0.036075678,7] LPC: Default bus on chip 0x0
[0.036201881,7] CPU: New max PIR set to 0x3
[0.036901816,7] MEM: parsing reserved memory from reserved-names/-ranges 
properties
[0.037012392,7] HOMER: Init chip 0
[0.037060772,7]   PBA BAR0 : 0x203ffd80
[0.037076462,7]   PBA MASK0: 0x0030
[0.037121097,7]   HOMER Image at 0x203ffd80 size 4MB
[0.037192576,4] HOMER image is not reserved! Reserving
[0.037269907,7]   PBA BAR2 : 0x203fff80
[0.037280977,7]   PBA MASK2: 0x0070
[0.037301135,7]   OCC Common Area at 0x203fff80 size 8MB
[0.037351959,4] OCC common area is not reserved! Reserving
:::
:::
[0.109004331,5] OCC: All Chip Rdy after 0 ms
:::
:::
[0.297195] cpuidle: using governor menu
:::
:::
[0.337736] cpuidle-powernv: Default stop: psscr = 
0x0330,mask=0x003003ff
[0.338393] cpuidle-powernv: Deepest stop: psscr = 
0x00300331,mask=0x003003ff
[0.339000] cpuidle-powernv: Requested Level (RL) value of first deep stop = 
0xf
:::
:::
[1.617017] powernv-cpufreq: cpufreq pstate min 0x2 nominal 0x1 max 0x0
[1.617523] powernv-cpufreq: Workload Optimized Frequency is enabled in the 
platform
[1.620734] freq_table: Duplicate freq-table entries: 3000
[1.622298] powernv-cpufreq: Failed to register the cpufreq driver (-19)
[1.623088] powernv-cpufreq: Platform driver disabled. System does not 
support PState control
:::
:::

-- Bala
> 
> 
> C.
> 
> > 
> > Currently skiboot disables the homer/occ code path with `QUIRK_NO_PBA`,
> > this quirk have to be removed in skiboot for it to use HOMER and OCC
> > SRAM device models along with a bug fix,
> > 
> > https://github.com/balamuruhans/skiboot/commit/a655514d2a730e0372a2faee277d1cf01f71a524
> > https://github.com/balamuruhans/skiboot/commit/fd3d93d92ec66a7494346d6d24ced7b48264c9a0
> > 
> > This version fixes a review comment from Cedric in previous version,
> > 
> > changes in v3:
> > * pass on PnvHomer *homer directly to core_max_array() function
> >   from the caller.
> > 
> > v2 patchset:
> > https://lists.gnu.org/archive/html/qemu-devel/2019-09/msg02231.html
> > 
> > changes in v2:
> > * change to PnvHomer/PnvHomerClass instead of PnvHOMER/PnvHOMERClass
> >   for better code readabililty.
> > * fabric link to chip to use `nr_cores` from PnvChip struct for
> >   core_max_array() as we need to consider active cores in chip and not
> >   whole machine.
> > * declare variable well ahead instead in for() loop syntax to make
> >   all compilers happy.
> >

Re: [Qemu-devel] TCG plugins and the GPL (was: [PATCH v4 00/54] plugins for TCG)

[Alex Bennée]

Peter Maydell  writes:

> On Thu, 12 Sep 2019 at 11:07, Alex Bennée  wrote:
>> Peter Maydell  writes:
>> > Wait, what? From my perspective the whole point of the plugin
>> > interface is that it should be stable, in that at least there's
>> > a good chance that a plugin you built will work against multiple
>> > versions of QEMU, and if it doesn't then it should fail with
>> > a reasonable error message telling you to update. I'm not
>> > sure we should be landing the plugins infrastructure if we
>> > don't have that much stability.
>>
>> There is a big fat blurry line between "set in stone" and "not requiring
>> you to re-engineer the plugin every QEMU release". I'm saying we should
>> reserve the right to extend and change the plugin API as required but
>> the expectation would be the plugins will continue to work the same way
>> but maybe with tweaks to the API hooks to support additional features.
>>
>> It's also a pretty young interface so I would expect some evolution once
>> it is released into the field.
>
> Sure. But I think we should document that we at least intend to
> have some approximation to a compatability/deprecation policy
> here, and some mechanisms for versioning so you get a helpful
> error rather than weird misbehaviour if your plugin is too old.
>
>> One problem with the anti-license circumvention measures being suggested
>> is it will mean having to recompile plugins for any given release.
>
> Why should we do this? I think this is making life hard for our
> users for no good reason. We *do* have this check for modules,
> because a module is just a random .so that can do anything in
> QEMU. I thought we had the TCG-plugin interface much more locked
> down than that?

It is, there are only a few set calls the plugin can make into QEMU,
mostly to register callbacks to events. Currently it can examine the
state of the system (again through the API) but can't change it's
behaviour (although a register access interface has been requested
although I'd initially intended to make it read only).

>
> thanks
> -- PMM


--
Alex Bennée

Re: [Qemu-devel] QEMU as ISS (Instruction Set Simulator)

[Libo Zhou]

Alex Bennée  writes:


> The gdbstub should allow you do full introspection and adding
> additional registers is fairly easy, see mips_cpu_gdb_read_register function
> in  target/mips/gdbstub.c.



Hi Alex and Aleksandar,


Now I can connect gdb to qemu successfully. And I can use this command to show 
all the register contents in a gdb session.


(gdb) layout regs


However, I will need to add some more registers to the CPU. Does adding new 
registers in gdbstub.c also show the new registers in the TUI?
I doubt it because when I modified the regnames[] in translate.c, the 
registers' names didn't change in gdb.



Cheers,
Libo



> Alex Bennée

Re: [Qemu-devel] [PATCH v24 00/22] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190912060701.4642-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v24 00/22] Add RX archtecture support
Message-id: 20190912060701.4642-1-ys...@users.sourceforge.jp
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 - [tag update]  patchew/20190912060701.4642-1-ys...@users.sourceforge.jp 
-> patchew/20190912060701.4642-1-ys...@users.sourceforge.jp
Switched to a new branch 'test'
b344509 qapi/machine.json: Add RX cpu.
dbc4316 BootLinuxConsoleTest: Test the RX-Virt machine
a73dba4 Add rx-softmmu
9e326f2 hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
0e20757 hw/rx: Honor -accel qtest
b8ef978 hw/rx: RX Target hardware definition
a6e9525 hw/char: RX62N serial communication interface (SCI)
523f6ae hw/timer: RX62N internal timer modules
dd7c03a hw/intc: RX62N interrupt controller (ICUa)
034ef9c target/rx: Dump bytes for each insn during disassembly
4a9f231 target/rx: Collect all bytes during disassembly
52ea55b target/rx: Emit all disassembly in one prt()
c6a6fa3 target/rx: Use prt_ldmi for XCHG_mr disassembly
9d2d4c2 target/rx: Replace operand with prt_ldmi in disassembler
9409eea target/rx: Disassemble rx_index_addr into a string
24a6ce3 target/rx: RX disassembler
4324951 target/rx: CPU definition
e013cf2 target/rx: TCG helper
2f5906e target/rx: TCG translation
bd2b801 hw/registerfields.h: Add 8bit and 16bit register macros
ffecfbc qemu/bitops.h: Add extract8 and extract16
08c4e97 MAINTAINERS: Add RX

=== OUTPUT BEGIN ===
1/22 Checking commit 08c4e975d29f (MAINTAINERS: Add RX)
2/22 Checking commit ffecfbc89a8c (qemu/bitops.h: Add extract8 and extract16)
3/22 Checking commit bd2b8012f2e5 (hw/registerfields.h: Add 8bit and 16bit 
register macros)
Use of uninitialized value in concatenation (.) or string at 
./scripts/checkpatch.pl line 2484.
ERROR: Macros with multiple statements should be enclosed in a do - while loop
#27: FILE: include/hw/registerfields.h:25:
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };

ERROR: Macros with multiple statements should be enclosed in a do - while loop
#31: FILE: include/hw/registerfields.h:29:
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };

total: 2 errors, 0 warnings, 56 lines checked

Patch 3/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

4/22 Checking commit 2f5906ec35fa (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 4/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/22 Checking commit e013cf2e29f7 (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#21: 
new file mode 100644

total: 0 errors, 1 warnings, 650 lines checked

Patch 5/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
6/22 Checking commit 432495109747 (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#39: 
new file mode 100644

total: 0 errors, 1 warnings, 588 lines checked

Patch 6/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/22 Checking commit 24a6ce386bc6 (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 7/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
8/22 Checking commit 9409eeafa61d (target/rx: Disassemble rx_index_addr into a 
string)
9/22 Checking commit 9d2d4c2a3f48 (target/rx: Replace operand with prt_ldmi in 
disassembler)
10/22 Checking commit c6a6fa3f837f (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
11/22 Checking commit 52ea55be5ba4 (target/rx: Emit all disassembly in one 
prt())
12/22 Checking commit 4a9f231d6170 (target/rx: Collect all bytes during 
disassembly)
13/22 Checking commit 034ef9cc868c (target/rx: Dump bytes for each 

Re: [Qemu-devel] [PATCH] libvhost-user: implement VHOST_USER_PROTOCOL_F_REPLY_ACK

[Stefan Hajnoczi]

On Tue, Sep 03, 2019 at 10:25:05PM +0300, Johannes Berg wrote:
> From: Johannes Berg 
> 
> This is really simple, since we know whether a response is
> already requested or not, so we can just send a (successful)
> response when there isn't one already.
> 
> Given that, it's not all _that_ useful but the master can at
> least be sure the message was processed, and we can exercise
> more code paths using the example code.
> 
> Signed-off-by: Johannes Berg 
> ---
>  contrib/libvhost-user/libvhost-user.c | 12 ++--
>  1 file changed, 10 insertions(+), 2 deletions(-)

Reviewed-by: Stefan Hajnoczi 


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-arm] [PATCH 13/13] target/arm/arm-semi: Implement SH_EXT_EXIT_EXTENDED extension

[Alex Bennée]

Peter Maydell  writes:

> SH_EXT_EXIT_EXTENDED is a v2.0 semihosting extension: it
> indicates that the implementation supports the SYS_EXIT_EXTENDED
> function. This function allows both A64 and A32/T32 guests to
> exit with a specified exit status, unlike the older SYS_EXIT
> function which only allowed this for A64 guests. Implement
> this extension.
>
> Signed-off-by: Peter Maydell 

Aside from the ordering nit mentioned in the previous commit:

Reviewed-by: Alex Bennée 

> ---
>  target/arm/arm-semi.c | 16 +++-
>  1 file changed, 11 insertions(+), 5 deletions(-)
>
> diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
> index 0df8d4d69d6..3900bd4e1e6 100644
> --- a/target/arm/arm-semi.c
> +++ b/target/arm/arm-semi.c
> @@ -66,6 +66,7 @@ typedef void TaskState;
>  #define TARGET_SYS_HEAPINFO0x16
>  #define TARGET_SYS_EXIT0x18
>  #define TARGET_SYS_SYNCCACHE   0x19
> +#define TARGET_SYS_EXIT_EXTENDED 0x20
>
>  /* ADP_Stopped_ApplicationExit is used for exit(0),
>   * anything else is implemented as exit(1) */
> @@ -485,7 +486,7 @@ static const uint8_t featurefile_data[] = {
>  SHFB_MAGIC_1,
>  SHFB_MAGIC_2,
>  SHFB_MAGIC_3,
> -SH_EXT_STDOUT_STDERR, /* Feature byte 0 */
> +SH_EXT_EXIT_EXTENDED | SH_EXT_STDOUT_STDERR, /* Feature byte 0 */
>  };
>
>  static void init_featurefile_guestfd(int guestfd)
> @@ -1026,11 +1027,14 @@ target_ulong do_arm_semihosting(CPUARMState *env)
>  return 0;
>  }
>  case TARGET_SYS_EXIT:
> -if (is_a64(env)) {
> +case TARGET_SYS_EXIT_EXTENDED:
> +if (nr == TARGET_SYS_EXIT_EXTENDED || is_a64(env)) {
>  /*
> - * The A64 version of this call takes a parameter block,
> + * The A64 version of SYS_EXIT takes a parameter block,
>   * so the application-exit type can return a subcode which
>   * is the exit status code from the application.
> + * SYS_EXIT_EXTENDED is an a new-in-v2.0 optional function
> + * which allows A32/T32 guests to also provide a status code.
>   */
>  GET_ARG(0);
>  GET_ARG(1);
> @@ -1042,8 +1046,10 @@ target_ulong do_arm_semihosting(CPUARMState *env)
>  }
>  } else {
>  /*
> - * ARM specifies only Stopped_ApplicationExit as normal
> - * exit, everything else is considered an error
> + * The A32/T32 version of SYS_EXIT specifies only
> + * Stopped_ApplicationExit as normal exit, but does not
> + * allow the guest to specify the exit status code.
> + * Everything else is considered an error.
>   */
>  ret = (args == ADP_Stopped_ApplicationExit) ? 0 : 1;
>  }


--
Alex Bennée

Re: [Qemu-devel] [RFC v2 3/3] virt: Check KVM_CAP_ARM_IRQ_LINE_LAYOUT_2 for smp_cpus > 256

[Peter Maydell]

On Wed, 11 Sep 2019 at 16:51, Eric Auger  wrote:
>
> Host kernel within [4.18, 5.3] report an erroneous KVM_MAX_VCPUS=512
> for ARM. The actual capability to instantiate more than 256 vcpus
> was fixed in 5.4 with the upgrade of the KVM_IRQ_LINE ABI to support
> vcpu id encoded on 12 bits instead of 8 and a redistributor consuming
> a single KVM IO device instead of 2.
>
> So let's check this capability when attempting to use more than 256
> vcpus.
>
> Signed-off-by: Eric Auger 
> ---
>  hw/arm/virt.c|  4 
>  target/arm/kvm.c | 21 +
>  target/arm/kvm_arm.h | 15 +++
>  3 files changed, 40 insertions(+)
>
> diff --git a/hw/arm/virt.c b/hw/arm/virt.c
> index 0d1629ccb3..465e3140f7 100644
> --- a/hw/arm/virt.c
> +++ b/hw/arm/virt.c
> @@ -1575,6 +1575,10 @@ static void machvirt_init(MachineState *machine)
>  virt_max_cpus = GIC_NCPU;
>  }
>
> +if (kvm_arm_irq_line_layout_mismatch(MACHINE(vms), max_cpus)) {
> +exit(1);
> +}
> +

Is there really no place to put this check in common code?

thanks
-- PMM

[Qemu-devel] [PATCH 08/12] qcrypto-luks: extract store and load header

[Maxim Levitsky]

Signed-off-by: Maxim Levitsky 
---
 crypto/block-luks.c | 158 ++--
 1 file changed, 94 insertions(+), 64 deletions(-)

diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index ba63e9b442..c3f3488222 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -409,6 +409,97 @@ qcrypto_block_luks_essiv_cipher(QCryptoCipherAlgorithm 
cipher,
 }
 }
 
+/*
+ * Stores the main LUKS header, taking care of endianess
+ */
+static int
+qcrypto_block_luks_store_header(QCryptoBlock *block,
+QCryptoBlockWriteFunc writefunc,
+void *opaque,
+Error **errp)
+{
+const QCryptoBlockLUKS *luks = block->opaque;
+Error *local_err = NULL;
+size_t i;
+g_autofree QCryptoBlockLUKSHeader *hdr_copy = NULL;
+
+/* Create a copy of the header */
+hdr_copy = g_new0(QCryptoBlockLUKSHeader, 1);
+memcpy(hdr_copy, >header, sizeof(QCryptoBlockLUKSHeader));
+
+/*
+ * Everything on disk uses Big Endian (tm), so flip header fields
+ * before writing them
+ */
+cpu_to_be16s(_copy->version);
+cpu_to_be32s(_copy->payload_offset_sector);
+cpu_to_be32s(_copy->master_key_len);
+cpu_to_be32s(_copy->master_key_iterations);
+
+for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+cpu_to_be32s(_copy->key_slots[i].active);
+cpu_to_be32s(_copy->key_slots[i].iterations);
+cpu_to_be32s(_copy->key_slots[i].key_offset_sector);
+cpu_to_be32s(_copy->key_slots[i].stripes);
+}
+
+/* Write out the partition header and key slot headers */
+writefunc(block, 0, (const uint8_t *)hdr_copy, sizeof(*hdr_copy),
+  opaque, _err);
+
+if (local_err) {
+error_propagate(errp, local_err);
+return -1;
+}
+return 0;
+}
+
+/*
+ * Loads the main LUKS header,and byteswaps it to native endianess
+ * And run basic sanity checks on it
+ */
+static int
+qcrypto_block_luks_load_header(QCryptoBlock *block,
+QCryptoBlockReadFunc readfunc,
+void *opaque,
+Error **errp)
+{
+ssize_t rv;
+size_t i;
+QCryptoBlockLUKS *luks = block->opaque;
+
+/*
+ * Read the entire LUKS header, minus the key material from
+ * the underlying device
+ */
+rv = readfunc(block, 0,
+  (uint8_t *)>header,
+  sizeof(luks->header),
+  opaque,
+  errp);
+if (rv < 0) {
+return rv;
+}
+
+/*
+ * The header is always stored in big-endian format, so
+ * convert everything to native
+ */
+be16_to_cpus(>header.version);
+be32_to_cpus(>header.payload_offset_sector);
+be32_to_cpus(>header.master_key_len);
+be32_to_cpus(>header.master_key_iterations);
+
+for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+be32_to_cpus(>header.key_slots[i].active);
+be32_to_cpus(>header.key_slots[i].iterations);
+be32_to_cpus(>header.key_slots[i].key_offset_sector);
+be32_to_cpus(>header.key_slots[i].stripes);
+}
+
+return 0;
+}
+
 /*
  * Given a key slot, and user password, this will attempt to unlock
  * the master encryption key from the key slot.
@@ -623,8 +714,6 @@ qcrypto_block_luks_open(QCryptoBlock *block,
 QCryptoBlockLUKS *luks = NULL;
 Error *local_err = NULL;
 int ret = 0;
-size_t i;
-ssize_t rv;
 g_autofree uint8_t *masterkey = NULL;
 char *ivgen_name, *ivhash_name;
 g_autofree char *password = NULL;
@@ -646,31 +735,11 @@ qcrypto_block_luks_open(QCryptoBlock *block,
 luks = g_new0(QCryptoBlockLUKS, 1);
 block->opaque = luks;
 
-/* Read the entire LUKS header, minus the key material from
- * the underlying device */
-rv = readfunc(block, 0,
-  (uint8_t *)>header,
-  sizeof(luks->header),
-  opaque,
-  errp);
-if (rv < 0) {
-ret = rv;
+ret = qcrypto_block_luks_load_header(block, readfunc, opaque, errp);
+if (ret < 0) {
 goto fail;
 }
 
-/* The header is always stored in big-endian format, so
- * convert everything to native */
-be16_to_cpus(>header.version);
-be32_to_cpus(>header.payload_offset_sector);
-be32_to_cpus(>header.master_key_len);
-be32_to_cpus(>header.master_key_iterations);
-
-for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
-be32_to_cpus(>header.key_slots[i].active);
-be32_to_cpus(>header.key_slots[i].iterations);
-be32_to_cpus(>header.key_slots[i].key_offset_sector);
-be32_to_cpus(>header.key_slots[i].stripes);
-}
 
 if (memcmp(luks->header.magic, qcrypto_block_luks_magic,
QCRYPTO_BLOCK_LUKS_MAGIC_LEN) != 0) {
@@ -1235,46 +1304,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
 goto error;
 }
 
-

Re: [Qemu-devel] [PATCH v4 14/54] plugin: add core code

[Daniel P . Berrangé]

On Wed, Jul 31, 2019 at 05:06:39PM +0100, Alex Bennée wrote:
> From: "Emilio G. Cota" 
> 
> Signed-off-by: Emilio G. Cota 
> [AJB: moved directory and merged various fixes]
> Signed-off-by: Alex Bennée 


> +static int plugin_load(struct qemu_plugin_desc *desc)
> +{
> +qemu_plugin_install_func_t install;
> +struct qemu_plugin_ctx *ctx;
> +char *err;
> +int rc;
> +
> +ctx = qemu_memalign(qemu_dcache_linesize, sizeof(*ctx));
> +memset(ctx, 0, sizeof(*ctx));
> +ctx->desc = desc;
> +
> +ctx->handle = dlopen(desc->path, RTLD_NOW);
> +if (ctx->handle == NULL) {
> +error_report("%s: %s", __func__, dlerror());
> +goto err_dlopen;
> +}
> +
> +/* clear any previous dlerror, call dlsym, then check dlerror */
> +dlerror();
> +install = dlsym(ctx->handle, "qemu_plugin_install");

If you use 'GModule' instead of dlopen, then we get portability to
many more platforms, including ablity to load DLLs on Windows:

  https://developer.gnome.org/glib/stable/glib-Dynamic-Loading-of-Modules.html



Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[Qemu-devel] [PATCH 01/12] block-crypto: misc refactoring

[Maxim Levitsky]

* rename the write_func to create_write_func,
  and init_func to create_init_func
  this is  preparation for other write_func that will
  be used to update the encryption keys.

No functional changes

Signed-off-by: Maxim Levitsky 
Reviewed-by: Daniel P. Berrangé 
---
 block/crypto.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/block/crypto.c b/block/crypto.c
index 7eb698774e..6e822c6e50 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -78,7 +78,7 @@ struct BlockCryptoCreateData {
 };
 
 
-static ssize_t block_crypto_write_func(QCryptoBlock *block,
+static ssize_t block_crypto_create_write_func(QCryptoBlock *block,
size_t offset,
const uint8_t *buf,
size_t buflen,
@@ -96,8 +96,7 @@ static ssize_t block_crypto_write_func(QCryptoBlock *block,
 return ret;
 }
 
-
-static ssize_t block_crypto_init_func(QCryptoBlock *block,
+static ssize_t block_crypto_create_init_func(QCryptoBlock *block,
   size_t headerlen,
   void *opaque,
   Error **errp)
@@ -109,7 +108,8 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block,
 return -EFBIG;
 }
 
-/* User provided size should reflect amount of space made
+/*
+ * User provided size should reflect amount of space made
  * available to the guest, so we must take account of that
  * which will be used by the crypto header
  */
@@ -279,8 +279,8 @@ static int block_crypto_co_create_generic(BlockDriverState 
*bs,
 };
 
 crypto = qcrypto_block_create(opts, NULL,
-  block_crypto_init_func,
-  block_crypto_write_func,
+  block_crypto_create_init_func,
+  block_crypto_create_write_func,
   ,
   errp);
 
-- 
2.17.2