Re: [Qemu-devel] [RFC PATCH V7 16/19] translate-all: introduces tb_flush_safe.
On 10/08/2015 17:27, fred.kon...@greensocs.com wrote:
+
+void tb_flush_safe(CPUState *cpu)
+{
+#if 0 /* !MTTCG */
+tb_flush(cpu);
+#else
+async_run_safe_work_on_cpu(cpu, tb_flush_work, cpu);
+#endif /* MTTCG */
+}
+
I think this can use first_cpu unconditionally; tb_flush only uses its
argument for an error message.
In fact, I think that by definition async_run_safe_work_on_cpu can use
any CPU for its work; it locks out everyone else, so it does not matter
which thread you're on. So async_run_safe_work_on_cpu could drop the
@cpu argument (becoming async_run_safe_cpu_work) and use first_cpu
unconditionally.
Paolo
[Qemu-devel] [PATCH 3/3] firmware: fw_cfg: create directory hierarchy for fw_cfg file names
From: Gabriel Somlo so...@cmu.edu
Each fw_cfg entry of type file has an associated 56-char,
nul-terminated ASCII string which represents its name. While
the fw_cfg device doesn't itself impose any specific naming
convention, QEMU developers have traditionally used path name
semantics (i.e. etc/acpi/rsdp) to descriptively name the
various fw_cfg blobs passed into the guest.
This patch attempts, on a best effort basis, to create a
directory hierarchy representing the content of fw_cfg file
names, under /sys/firmware/fw_cfg/by_name.
Upon successful creation of all directories representing the
dirname portion of a fw_cfg file, a symlink will be created
to represent the basename, pointing at the appropriate
/sys/firmware/fw_cfg/by_select entry. If a file name is not
suitable for this procedure (e.g., if its basename or dirname
components collide with an already existing dirname component
or basename, respectively) the corresponding fw_cfg blob is
skipped and will remain available in sysfs only by its selector
key value.
Signed-off-by: Gabriel Somlo so...@cmu.edu
---
Documentation/ABI/testing/sysfs-firmware-fw_cfg | 42 ++
drivers/firmware/fw_cfg.c | 104
2 files changed, 146 insertions(+)
diff --git a/Documentation/ABI/testing/sysfs-firmware-fw_cfg
b/Documentation/ABI/testing/sysfs-firmware-fw_cfg
index 3a7e7f2..1024776 100644
--- a/Documentation/ABI/testing/sysfs-firmware-fw_cfg
+++ b/Documentation/ABI/testing/sysfs-firmware-fw_cfg
@@ -167,3 +167,45 @@ Description:
entry via the control register, and reading a number
of bytes equal to the blob size from the data
register.
+
+ --- Listing fw_cfg blobs by file name ---
+
+ While the fw_cfg device does not impose any specific naming
+ convention on the blobs registered in the file directory,
+ QEMU developers have traditionally used path name semantics
+ to give each blob a descriptive name. For example:
+
+ bootorder
+ genroms/kvmvapic.bin
+ etc/e820
+ etc/boot-fail-wait
+ etc/system-states
+ etc/table-loader
+ etc/acpi/rsdp
+ etc/acpi/tables
+ etc/smbios/smbios-tables
+ etc/smbios/smbios-anchor
+ ...
+
+ In addition to the listing by unique selector key described
+ above, the fw_cfg sysfs driver also attempts to build a tree
+ of directories matching the path name components of fw_cfg
+ blob names, ending in symlinks to the by_select entry for each
+ basename, as illustrated below (assume current directory is
+ /sys/firmware):
+
+ fw_cfg/by_name/bootorder - ../by_select/38
+ fw_cfg/by_name/etc/e820 - ../../by_select/35
+ fw_cfg/by_name/etc/acpi/rsdp - ../../../by_select/41
+ ...
+
+ Construction of the directory tree and symlinks is done on a
+ best-effort basis, as there is no guarantee that components
+ of fw_cfg blob names are always well behaved. I.e., there is
+ the possibility that a symlink (basename) will conflict with
+ a dirname component of another fw_cfg blob, in which case the
+ creation of the offending /sys/firmware/fw_cfg/by_name entry
+ will be skipped.
+
+ The authoritative list of entries will continue to be found
+ under the /sys/firmware/fw_cfg/by_select directory.
diff --git a/drivers/firmware/fw_cfg.c b/drivers/firmware/fw_cfg.c
index be17411..94233a5 100644
--- a/drivers/firmware/fw_cfg.c
+++ b/drivers/firmware/fw_cfg.c
@@ -327,9 +327,104 @@ static struct bin_attribute fw_cfg_sysfs_attr_raw = {
.read = fw_cfg_sysfs_read_raw,
};
+/*
+ * Create a kset subdirectory matching each '/' delimited dirname token
+ * in 'name', starting with sysfs kset/folder 'dir'; At the end, create
+ * a symlink directed at the given 'target'.
+ * NOTE: We do this on a best-effort basis, since 'name' is not guaranteed
+ * to be a well-behaved path name. Whenever a symlink vs. kset directory
+ * name collision occurs, the kernel will issue big scary warnings while
+ * refusing to add the offending link or directory. We follow up with our
+ * own, slightly less scary error messages explaining the situation :)
+ */
+static int __init fw_cfg_build_symlink(struct kset *dir,
+ struct kobject *target,
+ const char *name)
+{
+ int ret;
+ struct kset *subdir;
+ struct kobject *ko;
+ char *name_copy, *p, *tok;
+
+ if
Re: [Qemu-devel] virtio 1 issues
On Mon, 10 Aug 2015 14:22:07 +0800 Jason Wang jasow...@redhat.com wrote: On 08/07/2015 06:49 PM, Cornelia Huck wrote: On Fri, 07 Aug 2015 13:07:35 +0800 Jason Wang jasow...@redhat.com wrote: 2. ring resizing is broken - it actually has a comment: /* TODO: need a way to put num back on reset. */ guest that runs out of memory might down-size the ring. Afterwards, ring size won't come back up after reset - not nice. Then we need a new field to keep track the original queue size and migrate this. virtio-ccw neatly sidesteps it by not implementing ring size changes at all :) But it isn't really all good, see /* TODO: Add interface to handle vring.num changing */ We either need to implement this or fence off changing the ring size, I guess. Yes. Given that the modern layout is disabled by default, I don't think these are release blockers. Yes and looks like we need a new subsection and transport specific callbacks to fix above? Agreed, it's not urgent as virtio-1 is not yet the default (and not even enabled for ccw). I'm not sure we need transport-specific callbacks. Shouldn't the core be able to track initial and actual size (and migrate in an optional subsection), as long as the transports use defined interfaces to interact with it? For size, I agree it should be tracked by core. But we need also track transport specific data like dfselect/gfselect for pci. Yup. I'll leave pci data to the pci folks :) I have a patch for handling the size; I'll post it after I've tested it a bit.
[Qemu-devel] [RFC PATCH V7 18/19] mttcg: signal the associated cpu anyway.
From: KONRAD Frederic fred.kon...@greensocs.com We might have a race here. If current_cpu is about to be set then cpu_exit won't be called and we don't exit TCG. This was probably an issue with old implementation as well. Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com --- cpus.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cpus.c b/cpus.c index 2c5ca72..f61530c 100644 --- a/cpus.c +++ b/cpus.c @@ -674,8 +674,7 @@ static void cpu_signal(int sig) cpu_exit(current_cpu); } -/* FIXME: We might want to check if the cpu is running? */ -tcg_thread_cpu-exit_request = true; +cpu_exit(tcg_thread_cpu); } #ifdef CONFIG_LINUX -- 1.9.0
Re: [Qemu-devel] [PATCH v13 18/19] i.MX: Add qtest support for I2C device emulator.
Le 07/08/2015 15:05, Peter Maydell a écrit :
On 16 July 2015 at 22:21, Jean-Christophe Dubois j...@tribudubois.net wrote:
This is using a ds1338 RTC chip on the I2C bus. This RTC chip is
not present on the real 3DS PDK board.
Signed-off-by: Jean-Christophe Dubois j...@tribudubois.net
'make check' doesn't pass with this patch, because it tries to start
an imx25_3ds machine, which doesn't exist.
Thanks, I will fix it.
+#define bcd2bin(x)(((x) 0x0f) + ((x) 4) * 10)
Why not just make this an inline function?
+static void send_and_receive(void)
+{
+uint8_t cmd[1];
+uint8_t resp[7];
+time_t now = time(NULL);
+struct tm *tm_ptr = gmtime(now);
+
+/* reset the index in the RTC memory */
+cmd[0] = 0;
+i2c_send(i2c, addr, cmd, 1);
+
+/* retrieve the date */
+i2c_recv(i2c, addr, resp, 7);
+
+/* check retreived time againt local time */
retrieved
-- PMM
Re: [Qemu-devel] [PATCH v13 13/19] i.MX: KZM now uses the standalone i.MX31 SOC support
On 10 August 2015 at 17:15, Jean-Christophe DUBOIS j...@tribudubois.net wrote: Le 07/08/2015 15:45, Peter Maydell a écrit : On 16 July 2015 at 22:21, Jean-Christophe Dubois j...@tribudubois.net wrote: memory_region_allocate_system_memory() needs to be called once and only once by a board init. You're going to end up calling it twice here. Actually, I may be calling it up 3 time because there is also an internal (16KB) memory range that is allocated during the SOC init (fsl-imx31.c file). Small blocks of stuff like 16KB are not the main lump of RAM, so should not be initialized with memory_region_allocate_system_memory(). Use memory_region_init_ram() followed by vmstate_register_ram_global() for that sort of small RAM region. Now as my memory (the 3 memory banks) is (partially) discontiguous how am I suppose to init all of it in one call? Your main RAM will be all contiguous, the only reason it would be discontiguous is if you were trying to model 128MB + 128MB, which you can't specify anyway with a single 'this much memory' ram_size argument. And if memory_region_allocate_system_memory() should really be called only once, why is it not enforced in this function? After all, memory_region_allocate_system_memory() only calls memory_region_init_ram() and vmstate_register_ram_global() in one step ... It does a lot more complicated things than that, potentially. I agree that it ought to assert the once-and-only-once property; in fact I suggested on IRC last week that that would be a good plan, since it's an easy mistake to make. thanks -- PMM
[Qemu-devel] [RFC PATCH V7 13/19] add a callback when tb_invalidate is called.
From: KONRAD Frederic fred.kon...@greensocs.com
Instead of doing the jump cache invalidation directly in tb_invalidate delay it
after the exit so we don't have an other CPU trying to execute the code being
invalidated.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
---
translate-all.c | 61 +++--
1 file changed, 59 insertions(+), 2 deletions(-)
diff --git a/translate-all.c b/translate-all.c
index 954c67a..fc5162a 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -62,6 +62,7 @@
#include translate-all.h
#include qemu/bitmap.h
#include qemu/timer.h
+#include sysemu/cpus.h
//#define DEBUG_TB_INVALIDATE
//#define DEBUG_FLUSH
@@ -967,14 +968,58 @@ static inline void tb_reset_jump(TranslationBlock *tb,
int n)
tb_set_jmp_target(tb, n, (uintptr_t)(tb-tc_ptr + tb-tb_next_offset[n]));
}
+struct CPUDiscardTBParams {
+CPUState *cpu;
+TranslationBlock *tb;
+};
+
+static void cpu_discard_tb_from_jmp_cache(void *opaque)
+{
+unsigned int h;
+struct CPUDiscardTBParams *params = opaque;
+
+h = tb_jmp_cache_hash_func(params-tb-pc);
+if (params-cpu-tb_jmp_cache[h] == params-tb) {
+params-cpu-tb_jmp_cache[h] = NULL;
+}
+
+g_free(opaque);
+}
+
+static void tb_invalidate_jmp_remove(void *opaque)
+{
+TranslationBlock *tb = opaque;
+TranslationBlock *tb1, *tb2;
+unsigned int n1;
+
+/* suppress this TB from the two jump lists */
+tb_jmp_remove(tb, 0);
+tb_jmp_remove(tb, 1);
+
+/* suppress any remaining jumps to this TB */
+tb1 = tb-jmp_first;
+for (;;) {
+n1 = (uintptr_t)tb1 3;
+if (n1 == 2) {
+break;
+}
+tb1 = (TranslationBlock *)((uintptr_t)tb1 ~3);
+tb2 = tb1-jmp_next[n1];
+tb_reset_jump(tb1, n1);
+tb1-jmp_next[n1] = NULL;
+tb1 = tb2;
+}
+tb-jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
+}
+
/* invalidate one TB */
void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
{
CPUState *cpu;
PageDesc *p;
-unsigned int h, n1;
+unsigned int h;
tb_page_addr_t phys_pc;
-TranslationBlock *tb1, *tb2;
+struct CPUDiscardTBParams *params;
tb_lock();
@@ -997,6 +1042,9 @@ void tb_phys_invalidate(TranslationBlock *tb,
tb_page_addr_t page_addr)
tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
+#if 0 /*MTTCG*/
+TranslationBlock *tb1, *tb2;
+unsigned int n1;
/* remove the TB from the hash list */
h = tb_jmp_cache_hash_func(tb-pc);
CPU_FOREACH(cpu) {
@@ -1023,6 +1071,15 @@ void tb_phys_invalidate(TranslationBlock *tb,
tb_page_addr_t page_addr)
tb1 = tb2;
}
tb-jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
+#else
+CPU_FOREACH(cpu) {
+params = g_malloc(sizeof(struct CPUDiscardTBParams));
+params-cpu = cpu;
+params-tb = tb;
+async_run_on_cpu(cpu, cpu_discard_tb_from_jmp_cache, params);
+}
+async_run_safe_work_on_cpu(first_cpu, tb_invalidate_jmp_remove, tb);
+#endif /* MTTCG */
tcg_ctx.tb_ctx.tb_phys_invalidate_count++;
tb_unlock();
--
1.9.0
Re: [Qemu-devel] [RFC PATCH V7 14/19] cpu: introduce tlb_flush*_all.
On 10 August 2015 at 16:54, Paolo Bonzini pbonz...@redhat.com wrote: On 10/08/2015 17:27, fred.kon...@greensocs.com wrote: From: KONRAD Frederic fred.kon...@greensocs.com Some architectures allow to flush the tlb of other VCPUs. This is not a problem when we have only one thread for all VCPUs but it definitely needs to be an asynchronous work when we are in true multithreaded work. TODO: Some test case, I fear some bad results in case a VCPUs execute a barrier or something like that. Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com --- cputlb.c| 76 + include/exec/exec-all.h | 2 ++ 2 files changed, 78 insertions(+) I still believe this should be a target-specific change. This would also make it easier to do the remote TLB flush synchronously, as is the case on ARM (if I understand correctly). ARM TLB flushes have to complete by the next barrier instruction (or equivalent thing); so they're asynchronous but with a guest-controlled synchronization point. Also, compare the series I posted recently for adding missing TLB operations: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg00945.html which adds support for flush-specific-mmuidx operations, which would increase the number of primitives you're trying to support here. That might argue for making this target-specific. thanks -- PMM
[Qemu-devel] [PATCH 0/3] SysFS driver for QEMU firmware config device (fw_cfg)
From: Gabriel Somlo so...@cmu.edu This patch set makes QEMU fw_cfg blobs available for viewing (read-only) via SysFS. Several different architectures supported by QEMU are set up with a firmware configuration (fw_cfg) device, used to pass configuration blobs into the guest by the host running QEMU. Historically, these config blobs were mostly of interest to the guest BIOS, but since QEMU v2.4 it is possible to insert arbitrary blobs via the command line, which makes them potentially interesting to userspace (e.g. for passing early boot environment variables, etc.). In addition to cc-ing the people and lists indicated by get-maintainer.pl, I've added a few extra lists suggested by Matt Fleming on the qemu-devel list, as well as the qemu-devel list itself. Also cc-ing kernelnewbies, as this is my very first kenel contribution, so please go easy on me for whatever silly n00b mistakes I might have still missed, in spite of trying hard to do all my homework properly... :) The series consists of three patches: 1/3 - probes for the qemu fw_cfg device in locations known to work on the supported architectures, in decreasing order of likelihood. While it *may* be possible to detect the presence of fw_cfg via acpi or dtb (on x86 and arm, respectively), there's no way I know of attempting that on sun4 and ppc/mac, so I've stuck with simply probing (the fw_cfg_modes[] structure and fw_cfg_io_probe() function) in fw_cfg.c. I could use some advice on how else that could be done more elegantly, if needed. Upon successfully detecting a present fw_cfg device, we set up /sys/firmware/fw_cfg/by_select entries for each blob available on the fw_cfg device. 2/3 - export kset_find_obj() (in lib/kobject.c) for use with modules, which will come in handy in patch #3, below. 3/3 - add a user friendly way of listing fw_cfg blobs by name rather than by unique selector key. Since fw_cfg blob names are traditionally set up to look like path names, it would be nice to mirror that fact when displaying them under /sys/firmware/fw_cfg in a by_name subdirectory. I'm using ksets to reflect subdirectories matching dirname tokens separated by '/' within each fw_cfg blob filename, and symlinks into the by_select subdirectory for each basename. Since the fw_cfg device doesn't enforce that blob names have well-behaved and non-conflicting names, it is possible (though unlikely) that there will be blobs named: etc/foo/bar and etc/foo where foo will try to be both a subdirectory AND a symlink under /sys/firmware/fw_cfg/by_name/etc/. In such an event, the latter fw_cfg blob will simply be skipped from having an entry created under the user-friendly by_name subdirectory, remaining listed only as an entry under the by_select subdirectory. I have tested this on x86_64 and armv7hl+lpae kernels. Builds and installs OK as both a module and linked directly into the kernel. TIA for the feedback and advice, --Gabriel Gabriel Somlo (3): firmware: introduce sysfs driver for QEMU's fw_cfg device kobject: export kset_find_obj() to be used from modules firmware: fw_cfg: create directory hierarchy for fw_cfg file names Documentation/ABI/testing/sysfs-firmware-fw_cfg | 211 + drivers/firmware/Kconfig| 10 + drivers/firmware/Makefile | 1 + drivers/firmware/fw_cfg.c | 542 lib/kobject.c | 1 + 5 files changed, 765 insertions(+) create mode 100644 Documentation/ABI/testing/sysfs-firmware-fw_cfg create mode 100644 drivers/firmware/fw_cfg.c -- 2.4.3
Re: [Qemu-devel] [RFC PATCH V7 07/19] protect TBContext with tb_lock.
On 10/08/2015 18:36, Paolo Bonzini wrote: diff --git a/target-arm/translate.c b/target-arm/translate.c index 69ac18c..960c75e 100644 --- a/target-arm/translate.c +++ b/target-arm/translate.c @@ -11166,6 +11166,8 @@ static inline void gen_intermediate_code_internal(ARMCPU *cpu, dc-tb = tb; +tb_lock(); This locks twice, I think? Both cpu_restore_state_from_tb and tb_gen_code (which calls cpu_gen_code) take the lock. How does it work? ... ah, the lock is recursive! I think this can be avoided. Let's look at it next week. Paolo
[Qemu-devel] [RFC PATCH V7 15/19] arm: use tlb_flush*_all
From: KONRAD Frederic fred.kon...@greensocs.com
This just use the new mechanism to ensure that each VCPU thread flush its own
VCPU.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
---
target-arm/helper.c | 45 +++--
1 file changed, 7 insertions(+), 38 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 34b465c..9acd7e5 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -411,41 +411,25 @@ static void tlbimvaa_write(CPUARMState *env, const
ARMCPRegInfo *ri,
static void tlbiall_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
-CPUState *other_cs;
-
-CPU_FOREACH(other_cs) {
-tlb_flush(other_cs, 1);
-}
+tlb_flush_all(1);
}
static void tlbiasid_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
-CPUState *other_cs;
-
-CPU_FOREACH(other_cs) {
-tlb_flush(other_cs, value == 0);
-}
+tlb_flush_all(value == 0);
}
static void tlbimva_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
-CPUState *other_cs;
-
-CPU_FOREACH(other_cs) {
-tlb_flush_page(other_cs, value TARGET_PAGE_MASK);
-}
+tlb_flush_page_all(value TARGET_PAGE_MASK);
}
static void tlbimvaa_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
-CPUState *other_cs;
-
-CPU_FOREACH(other_cs) {
-tlb_flush_page(other_cs, value TARGET_PAGE_MASK);
-}
+tlb_flush_page_all(value TARGET_PAGE_MASK);
}
static const ARMCPRegInfo cp_reginfo[] = {
@@ -2281,34 +2265,19 @@ static void tlbi_aa64_asid_write(CPUARMState *env,
const ARMCPRegInfo *ri,
static void tlbi_aa64_va_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
-CPUState *other_cs;
-uint64_t pageaddr = sextract64(value 12, 0, 56);
-
-CPU_FOREACH(other_cs) {
-tlb_flush_page(other_cs, pageaddr);
-}
+tlb_flush_page_all(sextract64(value 12, 0, 56));
}
static void tlbi_aa64_vaa_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
-CPUState *other_cs;
-uint64_t pageaddr = sextract64(value 12, 0, 56);
-
-CPU_FOREACH(other_cs) {
-tlb_flush_page(other_cs, pageaddr);
-}
+tlb_flush_page_all(sextract64(value 12, 0, 56));
}
static void tlbi_aa64_asid_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
-CPUState *other_cs;
-int asid = extract64(value, 48, 16);
-
-CPU_FOREACH(other_cs) {
-tlb_flush(other_cs, asid == 0);
-}
+tlb_flush_all(extract64(value, 48, 16) == 0);
}
static CPAccessResult aa64_zva_access(CPUARMState *env, const ARMCPRegInfo *ri)
--
1.9.0
[Qemu-devel] [RFC PATCH V7 11/19] tcg: switch on multithread.
From: KONRAD Frederic fred.kon...@greensocs.com
This switches on multithread.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
Changes V5 - V6:
* make qemu_cpu_kick calling qemu_cpu_kick_thread in case of TCG.
---
cpus.c | 93 --
1 file changed, 33 insertions(+), 60 deletions(-)
diff --git a/cpus.c b/cpus.c
index 2de9eae..2c5ca72 100644
--- a/cpus.c
+++ b/cpus.c
@@ -65,7 +65,6 @@
#endif /* CONFIG_LINUX */
-static CPUState *next_cpu;
int64_t max_delay;
int64_t max_advance;
@@ -822,8 +821,6 @@ static unsigned iothread_requesting_mutex;
static QemuThread io_thread;
-static QemuThread *tcg_cpu_thread;
-
/* cpu creation */
static QemuCond qemu_cpu_cond;
/* system init */
@@ -1047,10 +1044,13 @@ static void qemu_wait_io_event_common(CPUState *cpu)
static void qemu_tcg_wait_io_event(CPUState *cpu)
{
-while (all_cpu_threads_idle()) {
- /* Start accounting real time to the virtual clock if the CPUs
- are idle. */
-qemu_clock_warp(QEMU_CLOCK_VIRTUAL);
+while (cpu_thread_is_idle(cpu)) {
+/* Start accounting real time to the virtual clock if the CPUs
+ * are idle.
+ */
+if ((all_cpu_threads_idle()) (cpu-cpu_index == 0)) {
+qemu_clock_warp(QEMU_CLOCK_VIRTUAL);
+}
qemu_cond_wait(cpu-halt_cond, qemu_global_mutex);
}
@@ -1058,9 +1058,7 @@ static void qemu_tcg_wait_io_event(CPUState *cpu)
qemu_cond_wait(qemu_io_proceeded_cond, qemu_global_mutex);
}
-CPU_FOREACH(cpu) {
-qemu_wait_io_event_common(cpu);
-}
+qemu_wait_io_event_common(cpu);
}
static void qemu_kvm_wait_io_event(CPUState *cpu)
@@ -1152,7 +1150,7 @@ static void *qemu_dummy_cpu_thread_fn(void *arg)
#endif
}
-static void tcg_exec_all(void);
+static void tcg_exec_all(CPUState *cpu);
static void *qemu_tcg_cpu_thread_fn(void *arg)
{
@@ -1163,37 +1161,26 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
qemu_tcg_init_cpu_signals();
qemu_thread_get_self(cpu-thread);
-CPU_FOREACH(cpu) {
-cpu-thread_id = qemu_get_thread_id();
-cpu-created = true;
-cpu-can_do_io = 1;
-}
-qemu_cond_signal(qemu_cpu_cond);
-
-/* wait for initial kick-off after machine start */
-while (first_cpu-stopped) {
-qemu_cond_wait(first_cpu-halt_cond, qemu_global_mutex);
-
-/* process any pending work */
-CPU_FOREACH(cpu) {
-qemu_wait_io_event_common(cpu);
-}
-}
+cpu-thread_id = qemu_get_thread_id();
+cpu-created = true;
+cpu-can_do_io = 1;
-/* process any pending work */
-exit_request = 1;
+qemu_cond_signal(qemu_cpu_cond);
while (1) {
-tcg_exec_all();
+if (!cpu-stopped) {
+tcg_exec_all(cpu);
-if (use_icount) {
-int64_t deadline = qemu_clock_deadline_ns_all(QEMU_CLOCK_VIRTUAL);
+if (use_icount) {
+int64_t deadline =
+qemu_clock_deadline_ns_all(QEMU_CLOCK_VIRTUAL);
-if (deadline == 0) {
-qemu_clock_notify(QEMU_CLOCK_VIRTUAL);
+if (deadline == 0) {
+qemu_clock_notify(QEMU_CLOCK_VIRTUAL);
+}
}
}
-qemu_tcg_wait_io_event(QTAILQ_FIRST(cpus));
+qemu_tcg_wait_io_event(cpu);
}
return NULL;
@@ -1202,7 +1189,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
void qemu_cpu_kick(CPUState *cpu)
{
qemu_cond_broadcast(cpu-halt_cond);
-if (!tcg_enabled() !cpu-thread_kicked) {
+if (!cpu-thread_kicked) {
qemu_cpu_kick_thread(cpu);
cpu-thread_kicked = true;
}
@@ -1320,23 +1307,15 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
cpu-halt_cond = g_malloc0(sizeof(QemuCond));
qemu_cond_init(cpu-halt_cond);
-
-/* share a single thread for all cpus with TCG */
-if (!tcg_cpu_thread) {
-cpu-thread = g_malloc0(sizeof(QemuThread));
-snprintf(thread_name, VCPU_THREAD_NAME_SIZE, CPU %d/TCG,
- cpu-cpu_index);
-qemu_thread_create(cpu-thread, thread_name, qemu_tcg_cpu_thread_fn,
- cpu, QEMU_THREAD_JOINABLE);
+cpu-thread = g_malloc0(sizeof(QemuThread));
+snprintf(thread_name, VCPU_THREAD_NAME_SIZE, CPU %d/TCG, cpu-cpu_index);
+qemu_thread_create(cpu-thread, thread_name, qemu_tcg_cpu_thread_fn, cpu,
+ QEMU_THREAD_JOINABLE);
#ifdef _WIN32
-cpu-hThread = qemu_thread_get_handle(cpu-thread);
+cpu-hThread = qemu_thread_get_handle(cpu-thread);
#endif
-while (!cpu-created) {
-qemu_cond_wait(qemu_cpu_cond, qemu_global_mutex);
-}
-tcg_cpu_thread = cpu-thread;
-} else {
-cpu-thread = tcg_cpu_thread;
+while (!cpu-created) {
+qemu_cond_wait(qemu_cpu_cond, qemu_global_mutex);
}
}
@@ -1479,20 +1458,14 @@ static
[Qemu-devel] [RFC PATCH V7 06/19] add support for spin lock on POSIX systems exclusively
From: Guillaume Delbergue guillaume.delber...@greensocs.com
WARNING: spin lock is currently not implemented on WIN32
Signed-off-by: Guillaume Delbergue guillaume.delber...@greensocs.com
---
include/qemu/thread-posix.h | 4
include/qemu/thread-win32.h | 4
include/qemu/thread.h | 7 +++
util/qemu-thread-posix.c| 45 +
util/qemu-thread-win32.c| 30 ++
5 files changed, 90 insertions(+)
diff --git a/include/qemu/thread-posix.h b/include/qemu/thread-posix.h
index eb5c7a1..8ce8f01 100644
--- a/include/qemu/thread-posix.h
+++ b/include/qemu/thread-posix.h
@@ -7,6 +7,10 @@ struct QemuMutex {
pthread_mutex_t lock;
};
+struct QemuSpin {
+pthread_spinlock_t lock;
+};
+
struct QemuCond {
pthread_cond_t cond;
};
diff --git a/include/qemu/thread-win32.h b/include/qemu/thread-win32.h
index 3d58081..310c8bd 100644
--- a/include/qemu/thread-win32.h
+++ b/include/qemu/thread-win32.h
@@ -7,6 +7,10 @@ struct QemuMutex {
LONG owner;
};
+struct QemuSpin {
+PKSPIN_LOCK lock;
+};
+
struct QemuCond {
LONG waiters, target;
HANDLE sema;
diff --git a/include/qemu/thread.h b/include/qemu/thread.h
index 5114ec8..f5d1259 100644
--- a/include/qemu/thread.h
+++ b/include/qemu/thread.h
@@ -5,6 +5,7 @@
#include stdbool.h
typedef struct QemuMutex QemuMutex;
+typedef struct QemuSpin QemuSpin;
typedef struct QemuCond QemuCond;
typedef struct QemuSemaphore QemuSemaphore;
typedef struct QemuEvent QemuEvent;
@@ -25,6 +26,12 @@ void qemu_mutex_lock(QemuMutex *mutex);
int qemu_mutex_trylock(QemuMutex *mutex);
void qemu_mutex_unlock(QemuMutex *mutex);
+void qemu_spin_init(QemuSpin *spin);
+void qemu_spin_destroy(QemuSpin *spin);
+void qemu_spin_lock(QemuSpin *spin);
+int qemu_spin_trylock(QemuSpin *spin);
+void qemu_spin_unlock(QemuSpin *spin);
+
void qemu_cond_init(QemuCond *cond);
void qemu_cond_destroy(QemuCond *cond);
diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c
index ba67cec..224bacc 100644
--- a/util/qemu-thread-posix.c
+++ b/util/qemu-thread-posix.c
@@ -89,6 +89,51 @@ void qemu_mutex_unlock(QemuMutex *mutex)
error_exit(err, __func__);
}
+void qemu_spin_init(QemuSpin *spin)
+{
+int err;
+
+err = pthread_spin_init(spin-lock, 0);
+if (err) {
+error_exit(err, __func__);
+}
+}
+
+void qemu_spin_destroy(QemuSpin *spin)
+{
+int err;
+
+err = pthread_spin_destroy(spin-lock);
+if (err) {
+error_exit(err, __func__);
+}
+}
+
+void qemu_spin_lock(QemuSpin *spin)
+{
+int err;
+
+err = pthread_spin_lock(spin-lock);
+if (err) {
+error_exit(err, __func__);
+}
+}
+
+int qemu_spin_trylock(QemuSpin *spin)
+{
+return pthread_spin_trylock(spin-lock);
+}
+
+void qemu_spin_unlock(QemuSpin *spin)
+{
+int err;
+
+err = pthread_spin_unlock(spin-lock);
+if (err) {
+error_exit(err, __func__);
+}
+}
+
void qemu_cond_init(QemuCond *cond)
{
int err;
diff --git a/util/qemu-thread-win32.c b/util/qemu-thread-win32.c
index 406b52f..6fbe6a8 100644
--- a/util/qemu-thread-win32.c
+++ b/util/qemu-thread-win32.c
@@ -80,6 +80,36 @@ void qemu_mutex_unlock(QemuMutex *mutex)
LeaveCriticalSection(mutex-lock);
}
+void qemu_spin_init(QemuSpin *spin)
+{
+printf(spinlock not implemented);
+abort();
+}
+
+void qemu_spin_destroy(QemuSpin *spin)
+{
+printf(spinlock not implemented);
+abort();
+}
+
+void qemu_spin_lock(QemuSpin *spin)
+{
+printf(spinlock not implemented);
+abort();
+}
+
+int qemu_spin_trylock(QemuSpin *spin)
+{
+printf(spinlock not implemented);
+abort();
+}
+
+void qemu_spin_unlock(QemuSpin *spin)
+{
+printf(spinlock not implemented);
+abort();
+}
+
void qemu_cond_init(QemuCond *cond)
{
memset(cond, 0, sizeof(*cond));
--
1.9.0
[Qemu-devel] [RFC PATCH V7 03/19] cpus: introduce async_run_safe_work_on_cpu.
From: KONRAD Frederic fred.kon...@greensocs.com
We already had async_run_on_cpu but we need all VCPUs outside their execution
loop to execute some tb_flush/invalidate task:
async_run_on_cpu_safe schedule a work on a VCPU but the work start when no more
VCPUs are executing code.
When a safe work is pending cpu_has_work returns true, so cpu_exec returns and
the VCPUs can't enters execution loop. cpu_thread_is_idle returns false so at
the moment where all VCPUs are stop || stopped the safe work queue can be
flushed.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
Changes V3 - V4:
* Use tcg_cpu_try_block_execution.
* Use a counter to know how many safe work are pending.
Changes V2 - V3:
* Unlock the mutex while executing the callback.
Changes V1 - V2:
* Move qemu_cpu_kick_thread to avoid prototype declaration.
* Use the work_mutex lock to protect the queued_safe_work_* structures.
---
cpu-exec.c| 5 ++
cpus.c| 149 +++---
include/qom/cpu.h | 24 -
3 files changed, 137 insertions(+), 41 deletions(-)
diff --git a/cpu-exec.c b/cpu-exec.c
index e1a..97805cc 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -363,6 +363,11 @@ int cpu_exec(CPUState *cpu)
/* This must be volatile so it is not trashed by longjmp() */
volatile bool have_tb_lock = false;
+if (async_safe_work_pending()) {
+cpu-exit_request = 1;
+return 0;
+}
+
if (cpu-halted) {
if (!cpu_has_work(cpu)) {
return EXCP_HALTED;
diff --git a/cpus.c b/cpus.c
index eabd4b1..2250296 100644
--- a/cpus.c
+++ b/cpus.c
@@ -69,6 +69,8 @@ static CPUState *next_cpu;
int64_t max_delay;
int64_t max_advance;
+int safe_work_pending; /* Number of safe work pending for all VCPUs. */
+
bool cpu_is_stopped(CPUState *cpu)
{
return cpu-stopped || !runstate_is_running();
@@ -76,7 +78,7 @@ bool cpu_is_stopped(CPUState *cpu)
static bool cpu_thread_is_idle(CPUState *cpu)
{
-if (cpu-stop || cpu-queued_work_first) {
+if (cpu-stop || cpu-queued_work_first || cpu-queued_safe_work_first) {
return false;
}
if (cpu_is_stopped(cpu)) {
@@ -833,6 +835,45 @@ void qemu_init_cpu_loop(void)
qemu_thread_get_self(io_thread);
}
+static void qemu_cpu_kick_thread(CPUState *cpu)
+{
+#ifndef _WIN32
+int err;
+
+err = pthread_kill(cpu-thread-thread, SIG_IPI);
+if (err) {
+fprintf(stderr, qemu:%s: %s, __func__, strerror(err));
+exit(1);
+}
+#else /* _WIN32 */
+if (!qemu_cpu_is_self(cpu)) {
+CONTEXT tcgContext;
+
+if (SuspendThread(cpu-hThread) == (DWORD)-1) {
+fprintf(stderr, qemu:%s: GetLastError:%lu\n, __func__,
+GetLastError());
+exit(1);
+}
+
+/* On multi-core systems, we are not sure that the thread is actually
+ * suspended until we can get the context.
+ */
+tcgContext.ContextFlags = CONTEXT_CONTROL;
+while (GetThreadContext(cpu-hThread, tcgContext) != 0) {
+continue;
+}
+
+cpu_signal(0);
+
+if (ResumeThread(cpu-hThread) == (DWORD)-1) {
+fprintf(stderr, qemu:%s: GetLastError:%lu\n, __func__,
+GetLastError());
+exit(1);
+}
+}
+#endif
+}
+
void run_on_cpu(CPUState *cpu, void (*func)(void *data), void *data)
{
struct qemu_work_item wi;
@@ -894,6 +935,70 @@ void async_run_on_cpu(CPUState *cpu, void (*func)(void
*data), void *data)
qemu_cpu_kick(cpu);
}
+void async_run_safe_work_on_cpu(CPUState *cpu, void (*func)(void *data),
+void *data)
+{
+struct qemu_work_item *wi;
+
+wi = g_malloc0(sizeof(struct qemu_work_item));
+wi-func = func;
+wi-data = data;
+wi-free = true;
+
+atomic_inc(safe_work_pending);
+qemu_mutex_lock(cpu-work_mutex);
+if (cpu-queued_safe_work_first == NULL) {
+cpu-queued_safe_work_first = wi;
+} else {
+cpu-queued_safe_work_last-next = wi;
+}
+cpu-queued_safe_work_last = wi;
+wi-next = NULL;
+wi-done = false;
+qemu_mutex_unlock(cpu-work_mutex);
+
+CPU_FOREACH(cpu) {
+qemu_cpu_kick_thread(cpu);
+}
+}
+
+static void flush_queued_safe_work(CPUState *cpu)
+{
+struct qemu_work_item *wi;
+CPUState *other_cpu;
+
+if (cpu-queued_safe_work_first == NULL) {
+return;
+}
+
+CPU_FOREACH(other_cpu) {
+if (!tcg_cpu_try_block_execution(other_cpu)) {
+return;
+}
+}
+
+qemu_mutex_lock(cpu-work_mutex);
+while ((wi = cpu-queued_safe_work_first)) {
+cpu-queued_safe_work_first = wi-next;
+qemu_mutex_unlock(cpu-work_mutex);
+wi-func(wi-data);
+qemu_mutex_lock(cpu-work_mutex);
+wi-done = true;
+if (wi-free) {
+g_free(wi);
+}
+atomic_dec(safe_work_pending);
+}
+cpu-queued_safe_work_last
[Qemu-devel] [RFC PATCH V7 10/19] cpu: remove exit_request global.
From: KONRAD Frederic fred.kon...@greensocs.com
This removes exit_request global and adds a variable in CPUState for this.
Only the flag for the first cpu is used for the moment as we are still with one
TCG thread.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
---
cpu-exec.c | 15 ---
cpus.c | 17 ++---
2 files changed, 14 insertions(+), 18 deletions(-)
diff --git a/cpu-exec.c b/cpu-exec.c
index a012e9d..21a7b96 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -363,8 +363,6 @@ static void cpu_handle_debug_exception(CPUState *cpu)
/* main execution loop */
-volatile sig_atomic_t exit_request;
-
int cpu_exec(CPUState *cpu)
{
CPUClass *cc = CPU_GET_CLASS(cpu);
@@ -402,20 +400,8 @@ int cpu_exec(CPUState *cpu)
}
current_cpu = cpu;
-/* As long as current_cpu is null, up to the assignment just above,
- * requests by other threads to exit the execution loop are expected to
- * be issued using the exit_request global. We must make sure that our
- * evaluation of the global value is performed past the current_cpu
- * value transition point, which requires a memory barrier as well as
- * an instruction scheduling constraint on modern architectures. */
-smp_mb();
-
rcu_read_lock();
-if (unlikely(exit_request)) {
-cpu-exit_request = 1;
-}
-
cc-cpu_exec_enter(cpu);
/* Calculate difference between guest clock and host clock.
@@ -504,7 +490,6 @@ int cpu_exec(CPUState *cpu)
}
}
if (unlikely(cpu-exit_request)) {
-cpu-exit_request = 0;
cpu-exception_index = EXCP_INTERRUPT;
cpu_loop_exit(cpu);
}
diff --git a/cpus.c b/cpus.c
index 154a081..2de9eae 100644
--- a/cpus.c
+++ b/cpus.c
@@ -139,6 +139,8 @@ typedef struct TimersState {
} TimersState;
static TimersState timers_state;
+/* CPU associated to this thread. */
+static __thread CPUState *tcg_thread_cpu;
int64_t cpu_get_icount_raw(void)
{
@@ -663,12 +665,18 @@ static void cpu_handle_guest_debug(CPUState *cpu)
cpu-stopped = true;
}
+/**
+ * cpu_signal
+ * Signal handler when using TCG.
+ */
static void cpu_signal(int sig)
{
if (current_cpu) {
cpu_exit(current_cpu);
}
-exit_request = 1;
+
+/* FIXME: We might want to check if the cpu is running? */
+tcg_thread_cpu-exit_request = true;
}
#ifdef CONFIG_LINUX
@@ -1151,6 +1159,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
CPUState *cpu = arg;
qemu_mutex_lock_iothread();
+tcg_thread_cpu = cpu;
qemu_tcg_init_cpu_signals();
qemu_thread_get_self(cpu-thread);
@@ -1480,7 +1489,8 @@ static void tcg_exec_all(void)
if (next_cpu == NULL) {
next_cpu = first_cpu;
}
-for (; next_cpu != NULL !exit_request; next_cpu = CPU_NEXT(next_cpu)) {
+for (; next_cpu != NULL !first_cpu-exit_request;
+ next_cpu = CPU_NEXT(next_cpu)) {
CPUState *cpu = next_cpu;
qemu_clock_enable(QEMU_CLOCK_VIRTUAL,
@@ -1496,7 +1506,8 @@ static void tcg_exec_all(void)
break;
}
}
-exit_request = 0;
+
+first_cpu-exit_request = 0;
}
void list_cpus(FILE *f, fprintf_function cpu_fprintf, const char *optarg)
--
1.9.0
Re: [Qemu-devel] [RFC PATCH V7 01/19] cpus: protect queued_work_* with work_mutex.
On 10/08/2015 17:26, fred.kon...@greensocs.com wrote:
+qemu_mutex_lock(cpu-work_mutex);
while ((wi = cpu-queued_work_first)) {
cpu-queued_work_first = wi-next;
+qemu_mutex_unlock(cpu-work_mutex);
wi-func(wi-data);
+qemu_mutex_lock(cpu-work_mutex);
wi-done = true;
This should be atomic_mb_set
if (wi-free) {
g_free(wi);
}
}
cpu-queued_work_last = NULL;
... and I'm a bit afraid of leaving the state of the list inconsistent,
so I'd move this after the cpu-queued_work_first assignment. Otherwise
the patch looks good, I'm queuing it for 2.5.
Paolo
+qemu_mutex_unlock(cpu-work_mutex);
+
Re: [Qemu-devel] [RFC PATCH V7 01/19] cpus: protect queued_work_* with work_mutex.
On 10/08/2015 17:59, Paolo Bonzini wrote:
On 10/08/2015 17:26, fred.kon...@greensocs.com wrote:
+qemu_mutex_lock(cpu-work_mutex);
while ((wi = cpu-queued_work_first)) {
cpu-queued_work_first = wi-next;
+qemu_mutex_unlock(cpu-work_mutex);
wi-func(wi-data);
+qemu_mutex_lock(cpu-work_mutex);
wi-done = true;
This should be atomic_mb_set
Isn't that protected by the mutex? Or maybe it's used somewhere else?
if (wi-free) {
g_free(wi);
}
}
cpu-queued_work_last = NULL;
... and I'm a bit afraid of leaving the state of the list inconsistent,
so I'd move this after the cpu-queued_work_first assignment. Otherwise
the patch looks good, I'm queuing it for 2.5.
Paolo
+qemu_mutex_unlock(cpu-work_mutex);
+
Re: [Qemu-devel] [PATCH v13 00/19] i.MX: Add i.MX25 support through the PDK evaluation board
Le 07/08/2015 16:13, Peter Maydell a écrit : On 16 July 2015 at 22:21, Jean-Christophe Dubois j...@tribudubois.net wrote: This series of patches add the support for the i.MX25 processor through the Freescale PDK evaluation board. For now a limited set of devices is supported. * GPT timers (from i.MX31) * EPIT timers (from i.MX31) * Serial ports (from i.MX31) * Ethernet FEC port * I2C controller In the process the KZM platform was split into an i.MX31 SOC and a plateform part. Also, I2C devices was added to the i.MX31 SOC. This was tested by: * booting a minimal linux system on the i.MX25 PDK platform * booting the Xvisor hypervisor on the i.MX25 PDK platform * booting a minimal linux system on the KZM platform Jean-Christophe Dubois (19): i.MX: Split UART emulator in a header file and a source file i.MX: Move serial initialization to init/realize of DeviceClass. i.MX:Fix Coding style for UART emulator. i.MX: Split AVIC emulator in a header file and a source file i.MX: Fix Coding style for AVIC emulator. i.MX: Split CCM emulator in a header file and a source file i.MX: Fix Coding style for CCM emulator i.MX: Split EPIT emulator in a header file and a source file i.MX: Fix Coding style for EPIT emulator i.MX: Split GPT emulator in a header file and a source file i.MX: Fix Coding style for GPT emulator I have some review comments on the later patches, but I've taken this first set of code cleanup patches into my target-arm-post-2.4 tree, which should reduce the size of your patchset and make it a bit easier to deal with. (https://git.linaro.org/people/peter.maydell/qemu-arm.git target-arm-post-2.4 -- caution, branch rebases. Will go into master once it reopens post-release.) Ok, I will submit my next patches based on your target-arm-post-2.4 branch. thanks -- PMM
Re: [Qemu-devel] [RFC PATCH V7 13/19] add a callback when tb_invalidate is called.
On 10/08/2015 17:27, fred.kon...@greensocs.com wrote:
From: KONRAD Frederic fred.kon...@greensocs.com
Instead of doing the jump cache invalidation directly in tb_invalidate delay
it
after the exit so we don't have an other CPU trying to execute the code being
invalidated.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
---
translate-all.c | 61
+++--
1 file changed, 59 insertions(+), 2 deletions(-)
If you take the easy way and avoid the optimizations in patch 7, this is
not necessary: tb_find_fast and tb_add_jump are only called from within
tb_lock, so all of tb_jmp_cache/jmp_first/jmp_next are protected by tb_lock.
Let's get everything in and then optimize; the order should be:
- Alvise's LL/SC implementation
- conversion of atomics to LL/SC for all front-ends
- the main MTTCG series, reusing the locking already in-place for
user-mode emulation (with some audit...)
- any further push-downs of tb_lock
Paolo
diff --git a/translate-all.c b/translate-all.c
index 954c67a..fc5162a 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -62,6 +62,7 @@
#include translate-all.h
#include qemu/bitmap.h
#include qemu/timer.h
+#include sysemu/cpus.h
//#define DEBUG_TB_INVALIDATE
//#define DEBUG_FLUSH
@@ -967,14 +968,58 @@ static inline void tb_reset_jump(TranslationBlock *tb,
int n)
tb_set_jmp_target(tb, n, (uintptr_t)(tb-tc_ptr +
tb-tb_next_offset[n]));
}
+struct CPUDiscardTBParams {
+CPUState *cpu;
+TranslationBlock *tb;
+};
+
+static void cpu_discard_tb_from_jmp_cache(void *opaque)
+{
+unsigned int h;
+struct CPUDiscardTBParams *params = opaque;
+
+h = tb_jmp_cache_hash_func(params-tb-pc);
+if (params-cpu-tb_jmp_cache[h] == params-tb) {
+params-cpu-tb_jmp_cache[h] = NULL;
+}
+
+g_free(opaque);
+}
+
+static void tb_invalidate_jmp_remove(void *opaque)
+{
+TranslationBlock *tb = opaque;
+TranslationBlock *tb1, *tb2;
+unsigned int n1;
+
+/* suppress this TB from the two jump lists */
+tb_jmp_remove(tb, 0);
+tb_jmp_remove(tb, 1);
+
+/* suppress any remaining jumps to this TB */
+tb1 = tb-jmp_first;
+for (;;) {
+n1 = (uintptr_t)tb1 3;
+if (n1 == 2) {
+break;
+}
+tb1 = (TranslationBlock *)((uintptr_t)tb1 ~3);
+tb2 = tb1-jmp_next[n1];
+tb_reset_jump(tb1, n1);
+tb1-jmp_next[n1] = NULL;
+tb1 = tb2;
+}
+tb-jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
+}
+
/* invalidate one TB */
void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
{
CPUState *cpu;
PageDesc *p;
-unsigned int h, n1;
+unsigned int h;
tb_page_addr_t phys_pc;
-TranslationBlock *tb1, *tb2;
+struct CPUDiscardTBParams *params;
tb_lock();
@@ -997,6 +1042,9 @@ void tb_phys_invalidate(TranslationBlock *tb,
tb_page_addr_t page_addr)
tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
+#if 0 /*MTTCG*/
+TranslationBlock *tb1, *tb2;
+unsigned int n1;
/* remove the TB from the hash list */
h = tb_jmp_cache_hash_func(tb-pc);
CPU_FOREACH(cpu) {
@@ -1023,6 +1071,15 @@ void tb_phys_invalidate(TranslationBlock *tb,
tb_page_addr_t page_addr)
tb1 = tb2;
}
tb-jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
+#else
+CPU_FOREACH(cpu) {
+params = g_malloc(sizeof(struct CPUDiscardTBParams));
+params-cpu = cpu;
+params-tb = tb;
+async_run_on_cpu(cpu, cpu_discard_tb_from_jmp_cache, params);
+}
+async_run_safe_work_on_cpu(first_cpu, tb_invalidate_jmp_remove, tb);
+#endif /* MTTCG */
tcg_ctx.tb_ctx.tb_phys_invalidate_count++;
tb_unlock();
[Qemu-devel] [RFC PATCH V7 19/19] target-arm/psci.c: wake up sleeping CPUs (MTTCG)
From: Alex Bennée alex.ben...@linaro.org Testing with Alexander's bare metal syncronisation tests fails in MTTCG leaving one CPU spinning forever waiting for the second CPU to wake up. We simply need to poke the halt_cond once we have processed the PSCI power on call. Tested-by: Alex Bennée alex.ben...@linaro.org CC: Alexander Spyridakis a.spyrida...@virtualopensystems.com --- target-arm/psci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target-arm/psci.c b/target-arm/psci.c index 20e4cb6..83e309c 100644 --- a/target-arm/psci.c +++ b/target-arm/psci.c @@ -211,6 +211,8 @@ void arm_handle_psci_call(ARMCPU *cpu) } target_cpu_class-set_pc(target_cpu_state, entry); +qemu_cond_signal(target_cpu_state-halt_cond); + ret = 0; break; case QEMU_PSCI_0_1_FN_CPU_OFF: -- 1.9.0
[Qemu-devel] [RFC PATCH V7 14/19] cpu: introduce tlb_flush*_all.
From: KONRAD Frederic fred.kon...@greensocs.com
Some architectures allow to flush the tlb of other VCPUs. This is not a problem
when we have only one thread for all VCPUs but it definitely needs to be an
asynchronous work when we are in true multithreaded work.
TODO: Some test case, I fear some bad results in case a VCPUs execute a barrier
or something like that.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
---
cputlb.c| 76 +
include/exec/exec-all.h | 2 ++
2 files changed, 78 insertions(+)
diff --git a/cputlb.c b/cputlb.c
index 79fff1c..e5853fd 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -72,6 +72,45 @@ void tlb_flush(CPUState *cpu, int flush_global)
tlb_flush_count++;
}
+struct TLBFlushParams {
+CPUState *cpu;
+int flush_global;
+};
+
+static void tlb_flush_async_work(void *opaque)
+{
+struct TLBFlushParams *params = opaque;
+
+tlb_flush(params-cpu, params-flush_global);
+g_free(params);
+}
+
+void tlb_flush_all(int flush_global)
+{
+CPUState *cpu;
+struct TLBFlushParams *params;
+
+#if 0 /* MTTCG */
+CPU_FOREACH(cpu) {
+tlb_flush(cpu, flush_global);
+}
+#else
+CPU_FOREACH(cpu) {
+if (qemu_cpu_is_self(cpu)) {
+/* async_run_on_cpu handle this case but this just avoid a malloc
+ * here.
+ */
+tlb_flush(cpu, flush_global);
+} else {
+params = g_malloc(sizeof(struct TLBFlushParams));
+params-cpu = cpu;
+params-flush_global = flush_global;
+async_run_on_cpu(cpu, tlb_flush_async_work, params);
+}
+}
+#endif /* MTTCG */
+}
+
static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
{
if (addr == (tlb_entry-addr_read
@@ -124,6 +163,43 @@ void tlb_flush_page(CPUState *cpu, target_ulong addr)
tb_flush_jmp_cache(cpu, addr);
}
+struct TLBFlushPageParams {
+CPUState *cpu;
+target_ulong addr;
+};
+
+static void tlb_flush_page_async_work(void *opaque)
+{
+struct TLBFlushPageParams *params = opaque;
+
+tlb_flush_page(params-cpu, params-addr);
+g_free(params);
+}
+
+void tlb_flush_page_all(target_ulong addr)
+{
+CPUState *cpu;
+struct TLBFlushPageParams *params;
+
+CPU_FOREACH(cpu) {
+#if 0 /* !MTTCG */
+tlb_flush_page(cpu, addr);
+#else
+if (qemu_cpu_is_self(cpu)) {
+/* async_run_on_cpu handle this case but this just avoid a malloc
+ * here.
+ */
+tlb_flush_page(cpu, addr);
+} else {
+params = g_malloc(sizeof(struct TLBFlushPageParams));
+params-cpu = cpu;
+params-addr = addr;
+async_run_on_cpu(cpu, tlb_flush_page_async_work, params);
+}
+#endif /* MTTCG */
+}
+}
+
/* update the TLBs so that writes to code in the virtual page 'addr'
can be detected */
void tlb_protect_code(ram_addr_t ram_addr)
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 9f1c1cb..e9512df 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -97,7 +97,9 @@ bool qemu_in_vcpu_thread(void);
void cpu_reload_memory_map(CPUState *cpu);
void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as);
/* cputlb.c */
+void tlb_flush_page_all(target_ulong addr);
void tlb_flush_page(CPUState *cpu, target_ulong addr);
+void tlb_flush_all(int flush_global);
void tlb_flush(CPUState *cpu, int flush_global);
void tlb_set_page(CPUState *cpu, target_ulong vaddr,
hwaddr paddr, int prot,
--
1.9.0
[Qemu-devel] [RFC PATCH V7 16/19] translate-all: introduces tb_flush_safe.
From: KONRAD Frederic fred.kon...@greensocs.com
tb_flush is not thread safe we definitely need to exit VCPUs to do that.
This introduces tb_flush_safe which just creates an async safe work which will
do a tb_flush later.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
---
include/exec/exec-all.h | 1 +
translate-all.c | 15 +++
2 files changed, 16 insertions(+)
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index e9512df..246df68 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -200,6 +200,7 @@ struct TBContext {
void tb_free(TranslationBlock *tb);
void tb_flush(CPUState *cpu);
+void tb_flush_safe(CPUState *cpu);
void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr);
#if defined(USE_DIRECT_JUMP)
diff --git a/translate-all.c b/translate-all.c
index fc5162a..7094bf0 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -818,6 +818,21 @@ static void page_flush_tb(void)
}
}
+static void tb_flush_work(void *opaque)
+{
+CPUState *cpu = opaque;
+tb_flush(cpu);
+}
+
+void tb_flush_safe(CPUState *cpu)
+{
+#if 0 /* !MTTCG */
+tb_flush(cpu);
+#else
+async_run_safe_work_on_cpu(cpu, tb_flush_work, cpu);
+#endif /* MTTCG */
+}
+
/* flush all the translation blocks */
/* XXX: tb_flush is currently not thread safe */
void tb_flush(CPUState *cpu)
--
1.9.0
Re: [Qemu-devel] [RFC PATCH V7 18/19] mttcg: signal the associated cpu anyway.
On 10/08/2015 17:27, fred.kon...@greensocs.com wrote: diff --git a/cpus.c b/cpus.c index 2c5ca72..f61530c 100644 --- a/cpus.c +++ b/cpus.c @@ -674,8 +674,7 @@ static void cpu_signal(int sig) cpu_exit(current_cpu); } -/* FIXME: We might want to check if the cpu is running? */ -tcg_thread_cpu-exit_request = true; +cpu_exit(tcg_thread_cpu); If you do this, you can remove the first if too, because current_cpu is always either tcg_thread_cpu or NULL. I think it's okay to do that and squash this patch into patch 11 as well. Paolo
Re: [Qemu-devel] [RFC PATCH V7 04/19] replace spinlock by QemuMutex.
On 10/08/2015 17:27, fred.kon...@greensocs.com wrote:
From: KONRAD Frederic fred.kon...@greensocs.com
spinlock is only used in two cases:
* cpu-exec.c: to protect TranslationBlock
* mem_helper.c: for lock helper in target-i386 (which seems broken).
It's a pthread_mutex_t in user-mode so better using QemuMutex directly in this
case.
It allows as well to reuse tb_lock mutex of TBContext in case of multithread
TCG.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
---
cpu-exec.c | 15 +++
include/exec/exec-all.h | 4 ++--
linux-user/main.c| 6 +++---
target-i386/mem_helper.c | 16 +---
tcg/i386/tcg-target.c| 8
5 files changed, 37 insertions(+), 12 deletions(-)
diff --git a/cpu-exec.c b/cpu-exec.c
index 97805cc..f3358a9 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -361,7 +361,9 @@ int cpu_exec(CPUState *cpu)
SyncClocks sc;
/* This must be volatile so it is not trashed by longjmp() */
+#if defined(CONFIG_USER_ONLY)
volatile bool have_tb_lock = false;
+#endif
if (async_safe_work_pending()) {
cpu-exit_request = 1;
@@ -488,8 +490,10 @@ int cpu_exec(CPUState *cpu)
cpu-exception_index = EXCP_INTERRUPT;
cpu_loop_exit(cpu);
}
-spin_lock(tcg_ctx.tb_ctx.tb_lock);
+#if defined(CONFIG_USER_ONLY)
+qemu_mutex_lock(tcg_ctx.tb_ctx.tb_lock);
have_tb_lock = true;
+#endif
tb = tb_find_fast(cpu);
/* Note: we do it here to avoid a gcc bug on Mac OS X when
doing it in tb_find_slow */
@@ -511,9 +515,10 @@ int cpu_exec(CPUState *cpu)
tb_add_jump((TranslationBlock *)(next_tb
~TB_EXIT_MASK),
next_tb TB_EXIT_MASK, tb);
}
+#if defined(CONFIG_USER_ONLY)
have_tb_lock = false;
-spin_unlock(tcg_ctx.tb_ctx.tb_lock);
-
+qemu_mutex_unlock(tcg_ctx.tb_ctx.tb_lock);
+#endif
/* cpu_interrupt might be called while translating the
TB, but before it is linked into a potentially
infinite loop and becomes env-current_tb. Avoid
@@ -580,10 +585,12 @@ int cpu_exec(CPUState *cpu)
x86_cpu = X86_CPU(cpu);
env = x86_cpu-env;
#endif
+#if defined(CONFIG_USER_ONLY)
if (have_tb_lock) {
-spin_unlock(tcg_ctx.tb_ctx.tb_lock);
+qemu_mutex_unlock(tcg_ctx.tb_ctx.tb_lock);
have_tb_lock = false;
}
+#endif
}
} /* for(;;) */
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index a6fce04..55a6ff2 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -176,7 +176,7 @@ struct TranslationBlock {
struct TranslationBlock *jmp_first;
};
-#include exec/spinlock.h
+#include qemu/thread.h
typedef struct TBContext TBContext;
@@ -186,7 +186,7 @@ struct TBContext {
TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
int nb_tbs;
/* any access to the tbs or the page table must use this lock */
-spinlock_t tb_lock;
+QemuMutex tb_lock;
/* statistics */
int tb_flush_count;
diff --git a/linux-user/main.c b/linux-user/main.c
index 05914b1..20e7199 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -107,7 +107,7 @@ static int pending_cpus;
/* Make sure everything is in a consistent state for calling fork(). */
void fork_start(void)
{
-pthread_mutex_lock(tcg_ctx.tb_ctx.tb_lock);
+qemu_mutex_lock(tcg_ctx.tb_ctx.tb_lock);
pthread_mutex_lock(exclusive_lock);
mmap_fork_start();
}
@@ -129,11 +129,11 @@ void fork_end(int child)
pthread_mutex_init(cpu_list_mutex, NULL);
pthread_cond_init(exclusive_cond, NULL);
pthread_cond_init(exclusive_resume, NULL);
-pthread_mutex_init(tcg_ctx.tb_ctx.tb_lock, NULL);
+qemu_mutex_init(tcg_ctx.tb_ctx.tb_lock);
gdbserver_fork(thread_cpu);
} else {
pthread_mutex_unlock(exclusive_lock);
-pthread_mutex_unlock(tcg_ctx.tb_ctx.tb_lock);
+qemu_mutex_unlock(tcg_ctx.tb_ctx.tb_lock);
}
}
diff --git a/target-i386/mem_helper.c b/target-i386/mem_helper.c
index 1aec8a5..7106cc3 100644
--- a/target-i386/mem_helper.c
+++ b/target-i386/mem_helper.c
@@ -23,17 +23,27 @@
/* broken thread support */
-static spinlock_t global_cpu_lock = SPIN_LOCK_UNLOCKED;
+#if defined(CONFIG_USER_ONLY)
+QemuMutex global_cpu_lock;
void helper_lock(void)
{
-spin_lock(global_cpu_lock);
+qemu_mutex_lock(global_cpu_lock);
}
void helper_unlock(void)
{
-spin_unlock(global_cpu_lock);
+qemu_mutex_unlock(global_cpu_lock);
}
+#else
+void helper_lock(void)
+{
+}
+
+void
Re: [Qemu-devel] [RFC PATCH V7 08/19] tcg: remove tcg_halt_cond global variable.
On 10/08/2015 17:27, fred.kon...@greensocs.com wrote:
From: KONRAD Frederic fred.kon...@greensocs.com
This removes tcg_halt_cond global variable.
We need one QemuCond per virtual cpu for multithread TCG.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
---
cpus.c | 18 +++---
1 file changed, 7 insertions(+), 11 deletions(-)
diff --git a/cpus.c b/cpus.c
index 2250296..2550be2 100644
--- a/cpus.c
+++ b/cpus.c
@@ -815,7 +815,6 @@ static unsigned iothread_requesting_mutex;
static QemuThread io_thread;
static QemuThread *tcg_cpu_thread;
-static QemuCond *tcg_halt_cond;
/* cpu creation */
static QemuCond qemu_cpu_cond;
@@ -1038,15 +1037,13 @@ static void qemu_wait_io_event_common(CPUState *cpu)
cpu-thread_kicked = false;
}
-static void qemu_tcg_wait_io_event(void)
+static void qemu_tcg_wait_io_event(CPUState *cpu)
{
-CPUState *cpu;
-
while (all_cpu_threads_idle()) {
/* Start accounting real time to the virtual clock if the CPUs
are idle. */
qemu_clock_warp(QEMU_CLOCK_VIRTUAL);
-qemu_cond_wait(tcg_halt_cond, qemu_global_mutex);
+qemu_cond_wait(cpu-halt_cond, qemu_global_mutex);
}
while (iothread_requesting_mutex) {
@@ -1166,7 +1163,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
/* wait for initial kick-off after machine start */
while (first_cpu-stopped) {
-qemu_cond_wait(tcg_halt_cond, qemu_global_mutex);
+qemu_cond_wait(first_cpu-halt_cond, qemu_global_mutex);
/* process any pending work */
CPU_FOREACH(cpu) {
@@ -1187,7 +1184,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
qemu_clock_notify(QEMU_CLOCK_VIRTUAL);
}
}
-qemu_tcg_wait_io_event();
+qemu_tcg_wait_io_event(QTAILQ_FIRST(cpus));
}
return NULL;
@@ -1328,12 +1325,12 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
tcg_cpu_address_space_init(cpu, cpu-as);
+cpu-halt_cond = g_malloc0(sizeof(QemuCond));
+qemu_cond_init(cpu-halt_cond);
+
/* share a single thread for all cpus with TCG */
if (!tcg_cpu_thread) {
cpu-thread = g_malloc0(sizeof(QemuThread));
-cpu-halt_cond = g_malloc0(sizeof(QemuCond));
-qemu_cond_init(cpu-halt_cond);
-tcg_halt_cond = cpu-halt_cond;
snprintf(thread_name, VCPU_THREAD_NAME_SIZE, CPU %d/TCG,
cpu-cpu_index);
qemu_thread_create(cpu-thread, thread_name, qemu_tcg_cpu_thread_fn,
@@ -1347,7 +1344,6 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
tcg_cpu_thread = cpu-thread;
} else {
cpu-thread = tcg_cpu_thread;
-cpu-halt_cond = tcg_halt_cond;
}
}
This should be squashed in tcg: switch on multithread.
Paolo
Re: [Qemu-devel] [RFC PATCH V7 06/19] add support for spin lock on POSIX systems exclusively
On 10/08/2015 17:27, fred.kon...@greensocs.com wrote:
From: Guillaume Delbergue guillaume.delber...@greensocs.com
WARNING: spin lock is currently not implemented on WIN32
Signed-off-by: Guillaume Delbergue guillaume.delber...@greensocs.com
Should go before patch 12 (and IIUC Alvise's work should go in first
anyway).
Paolo
---
include/qemu/thread-posix.h | 4
include/qemu/thread-win32.h | 4
include/qemu/thread.h | 7 +++
util/qemu-thread-posix.c| 45
+
util/qemu-thread-win32.c| 30 ++
5 files changed, 90 insertions(+)
diff --git a/include/qemu/thread-posix.h b/include/qemu/thread-posix.h
index eb5c7a1..8ce8f01 100644
--- a/include/qemu/thread-posix.h
+++ b/include/qemu/thread-posix.h
@@ -7,6 +7,10 @@ struct QemuMutex {
pthread_mutex_t lock;
};
+struct QemuSpin {
+pthread_spinlock_t lock;
+};
+
struct QemuCond {
pthread_cond_t cond;
};
diff --git a/include/qemu/thread-win32.h b/include/qemu/thread-win32.h
index 3d58081..310c8bd 100644
--- a/include/qemu/thread-win32.h
+++ b/include/qemu/thread-win32.h
@@ -7,6 +7,10 @@ struct QemuMutex {
LONG owner;
};
+struct QemuSpin {
+PKSPIN_LOCK lock;
+};
+
struct QemuCond {
LONG waiters, target;
HANDLE sema;
diff --git a/include/qemu/thread.h b/include/qemu/thread.h
index 5114ec8..f5d1259 100644
--- a/include/qemu/thread.h
+++ b/include/qemu/thread.h
@@ -5,6 +5,7 @@
#include stdbool.h
typedef struct QemuMutex QemuMutex;
+typedef struct QemuSpin QemuSpin;
typedef struct QemuCond QemuCond;
typedef struct QemuSemaphore QemuSemaphore;
typedef struct QemuEvent QemuEvent;
@@ -25,6 +26,12 @@ void qemu_mutex_lock(QemuMutex *mutex);
int qemu_mutex_trylock(QemuMutex *mutex);
void qemu_mutex_unlock(QemuMutex *mutex);
+void qemu_spin_init(QemuSpin *spin);
+void qemu_spin_destroy(QemuSpin *spin);
+void qemu_spin_lock(QemuSpin *spin);
+int qemu_spin_trylock(QemuSpin *spin);
+void qemu_spin_unlock(QemuSpin *spin);
+
void qemu_cond_init(QemuCond *cond);
void qemu_cond_destroy(QemuCond *cond);
diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c
index ba67cec..224bacc 100644
--- a/util/qemu-thread-posix.c
+++ b/util/qemu-thread-posix.c
@@ -89,6 +89,51 @@ void qemu_mutex_unlock(QemuMutex *mutex)
error_exit(err, __func__);
}
+void qemu_spin_init(QemuSpin *spin)
+{
+int err;
+
+err = pthread_spin_init(spin-lock, 0);
+if (err) {
+error_exit(err, __func__);
+}
+}
+
+void qemu_spin_destroy(QemuSpin *spin)
+{
+int err;
+
+err = pthread_spin_destroy(spin-lock);
+if (err) {
+error_exit(err, __func__);
+}
+}
+
+void qemu_spin_lock(QemuSpin *spin)
+{
+int err;
+
+err = pthread_spin_lock(spin-lock);
+if (err) {
+error_exit(err, __func__);
+}
+}
+
+int qemu_spin_trylock(QemuSpin *spin)
+{
+return pthread_spin_trylock(spin-lock);
+}
+
+void qemu_spin_unlock(QemuSpin *spin)
+{
+int err;
+
+err = pthread_spin_unlock(spin-lock);
+if (err) {
+error_exit(err, __func__);
+}
+}
+
void qemu_cond_init(QemuCond *cond)
{
int err;
diff --git a/util/qemu-thread-win32.c b/util/qemu-thread-win32.c
index 406b52f..6fbe6a8 100644
--- a/util/qemu-thread-win32.c
+++ b/util/qemu-thread-win32.c
@@ -80,6 +80,36 @@ void qemu_mutex_unlock(QemuMutex *mutex)
LeaveCriticalSection(mutex-lock);
}
+void qemu_spin_init(QemuSpin *spin)
+{
+printf(spinlock not implemented);
+abort();
+}
+
+void qemu_spin_destroy(QemuSpin *spin)
+{
+printf(spinlock not implemented);
+abort();
+}
+
+void qemu_spin_lock(QemuSpin *spin)
+{
+printf(spinlock not implemented);
+abort();
+}
+
+int qemu_spin_trylock(QemuSpin *spin)
+{
+printf(spinlock not implemented);
+abort();
+}
+
+void qemu_spin_unlock(QemuSpin *spin)
+{
+printf(spinlock not implemented);
+abort();
+}
+
void qemu_cond_init(QemuCond *cond)
{
memset(cond, 0, sizeof(*cond));
Re: [Qemu-devel] [PATCH v8 3/5] Introduce irqchip type specification for KVM
On 10 August 2015 at 13:06, Pavel Fedin p.fe...@samsung.com wrote: This patch introduces kernel_irqchip_type member in Machine class, which is passed to kvm_arch_irqchip_create. Machine models which can use vGIC now use it in order to supply correct GIC type for KVM capability verification. The variable is defined as int in order to be architecture-agnostic for potential future uses by other architectures. Signed-off-by: Pavel Fedin p.fe...@samsung.com I still think this is the wrong approach -- see my remarks in the previous round of patch review. thanks -- PMM
[Qemu-devel] OVMF BoF @ KVM Forum 2015
Hi. Let's do an OVMF BoF at this year's KVM Forum too. Paolo will present Securing secure boot: system management mode in KVM and Tiano Core on Thursday, August 20, in the 5:00pm - 5:30pm time slot. Right after that, the BoF section starts at 5:30pm: http://events.linuxfoundation.org/events/kvm-forum/program/schedule We should convene and discuss stuff. I don't have an agenda, so people should bring their ideas and questions (famous last words). As food for thought, I tried to collect the feature-looking patches from the git history that have been committed since last year's KVM Forum, and to match them against patch sets on the mailing list: git log --reverse --oneline --since=2014-10-14 -- \ OvmfPkg/ \ ArmVirtPkg/ \ ArmPlatformPkg/ArmVirtualizationPkg/ I attempted to sort them into categories. You can see the list below. The ordering is totally random, it's just what I ended up with. Corrections / additions welcome. Personally, one (missing) feature I'd like to see discussed is SataControllerDxe in OVMF. SMM will require Q35, and the only IDE that Q35 speaks is SATA / AHCI. (And you can't disable that controller on Q35.) Anyway, here goes. Features completed -- (... unless marked [pending]) - Xen guest: - PV block driver: [PATCH v4 00/19] Introducing Xen PV block driver to OVMF - Xen for ARM: [PATCH v5 00/29] Xen/ARM guest support - PCI / hw related: - PCI on ARM; detect VGA and USB keyboard: [PATCH v3 00/28] ArmVirtualizationPkg/ArmVirtualizationQemu: enable PCI [PATCH 0/4] ArmVirtualizationPkg: PlatformIntelBdsLib: dynamic console setup - support for Q35: [PATCH v6 0/9] OVMF: Add support for Qemu Q35 machine type [PATCH 1/1] OvmfPkg: QemuBootOrderLib: parse OFW device path nodes of PCI bridges - USB3 (ARM and x86): [PATCH v2 2/4] ArmVirtualizationPkg/ArmVirtualizationQemu: include XHCI driver [PATCH v2 4/4] OvmfPkg: include XHCI driver - support TCO watchdog emulation features: [PATCH v5 2/2] OvmfPkg/PlatformPei: Initialise RCBA (B0:D31:F0 0xf0) register - virtio-vga: [PATCH] Add virtio-vga support - support extra PCI root buses for NUMA-locality with assigned devices: [PATCH v3 00/23] OvmfPkg: support extra PCI root buses - QEMU config integration: - fw_cfg, boot order, and -kernel booting on ARM: [PATCH v4 00/13] ArmVirtualizationQemu: support fw_cfg, bootorder, '-kernel' [PATCH 0/3] ArmVirtPkg: drop support for the ARM BDS - support for -boot menu=on[,splash-time=N]: [PATCH v2 0/3] OVMF, ArmVirt: consume QEMU's -boot menu=on[,splash-time=N] - ACPI tables for ARM: [PATCH v2 0/3] ACPI over fw_cfg for ARM/AARCH64 qemu guests - SMBIOS features: Type 0 default, and SMBIOS 3.0 support on ARM and x86: [PATCH] OvmfPkg/SMBIOS: Provide default Type 0 (BIOS Information) structure [PATCH v2 0/6] ArmVirtPkg/ArmVirtQemu: support SMBIOS [PATCH 0/9] OvmfPkg, ArmVirtPkg: SMBIOS 3.0, round 2 - ARM specific: - fun with the caches: [PATCH v4 0/5] ArmVirtualizationPkg: explicit cache maintenance - secure boot: [PATCH v3 0/3] ArmVirtualizationQemu: enable support for UEFI Secure Boot - performance optimization: [PATCH v2 0/6] ArmPkg/ArmVirtPkg: GIC revision detection - better handling for the typical Linux terminal (generic driver code, hooked up to ArmVirt): [PATCH V4 0/5] Add TtyTerm terminal type - SMM for OVMF (in progress): [PATCH 00/11] Bits and pieces [PATCH 00/58] OvmfPkg: support SMM for better security (single VCPU, IA32) [pending] - Build system: - moving to NASM: [PATCH 0/7] Convert OVMF assembly to NASM [PATCH v2 0/6] OvmfPkg/XenBusDxe: Convert *.asm to NASM. - accept UTF-8 in .uni files: [PATCH v4 00/10] Support UTF-8 in .uni string files - LLVM/clang support for AARCH64 (in progress): [PATCH v4 00/13] BaseTools: unify all GCC linker scripts [PATCH v4 0/7] small model and clang support for AARCH64 [pending] - UEFI compliance: - support for OsIndications: [PATCH v2 0/9] OvmfPkg: PlatformBdsLib cleanups and improvements - signal ReadyToBoot: [PATCH 1/8] OvmfPkg/PlatformBdsLib: Signal ReadyToBoot before booting QEMU kernel - signal EndOfDxe: [PATCH v2] ArmVirtPkg: signal EndOxDxe event in PlatformBsdInit [PATCH v2 0/6] OvmfPkg: save S3 state at EndOfDxe - fix Serial IO Protocol issues flagged by SCT [PATCH V4 0/5] Some improvements on serial terminal - other - big OVMF guests: [PATCH v2 0/4] OvmfPkg: enable = 64 GB guests - IPv6 (conditionally enabled): [PATCH v2] OvmfPkg: enable the IPv6 support - many fixes for toolchain warnings and C language misuse Thanks Laszlo
[Qemu-devel] [PATCH 1/3] firmware: introduce sysfs driver for QEMU's fw_cfg device
From: Gabriel Somlo so...@cmu.edu Make fw_cfg entries of type file available via sysfs. Entries are listed under /sys/firmware/fw_cfg/by_select, in folders named after each entry's selector key. Filename, selector value, and size read-only attributes are included for each entry. Also, a raw attribute allows retrieval of the full binary content of each entry. This patch also provides a documentation file outlining the guest-side hardware interface exposed by the QEMU fw_cfg device. Signed-off-by: Gabriel Somlo so...@cmu.edu --- Documentation/ABI/testing/sysfs-firmware-fw_cfg | 169 + drivers/firmware/Kconfig| 10 + drivers/firmware/Makefile | 1 + drivers/firmware/fw_cfg.c | 438 4 files changed, 618 insertions(+) create mode 100644 Documentation/ABI/testing/sysfs-firmware-fw_cfg create mode 100644 drivers/firmware/fw_cfg.c diff --git a/Documentation/ABI/testing/sysfs-firmware-fw_cfg b/Documentation/ABI/testing/sysfs-firmware-fw_cfg new file mode 100644 index 000..3a7e7f2 --- /dev/null +++ b/Documentation/ABI/testing/sysfs-firmware-fw_cfg @@ -0,0 +1,169 @@ +What: /sys/firmware/fw_cfg/ +Date: August 2015 +Contact: Gabriel Somlo so...@cmu.edu +Description: + Several different architectures supported by QEMU (x86, arm, + sun4*, ppc/mac) are provisioned with a firmware configuration + (fw_cfg) device, used by the host to provide configuration data + to the starting guest. While most of this data is meant for use + by the guest BIOS, starting with QEMU v2.4, guest VMs may be + started with arbitrary fw_cfg entries supplied directly on the + command line, which therefore may be of interest to userspace. + + === Guest-side Hardware Interface === + + The fw_cfg device is available to guest VMs as a pair (control + and data) of registers, accessible as either a IO ports or as + MMIO addresses, depending on the architecture. + + --- Control Register --- + + Width: 16-bit + Access: Write-Only + Endianness: LE (if IOport) or BE (if MMIO) + + A write to the control register selects the index for one of + the firmware configuration items (or blobs) available on the + fw_cfg device, which can subsequently be read from the data + register. + + Each time the control register is written, an data offset + internal to the fw_cfg device will be set to zero. This data + offset impacts which portion of the selected fw_cfg blob is + accessed by reading the data register, as explained below. + + --- Data Register --- + + Width: 8-bit (if IOport), or 8/16/32/64-bit (if MMIO) + Access: Read-Only + Endianness: string preserving + + The data register allows access to an array of bytes which + represent the fw_cfg blob last selected by a write to the + control register. + + Immediately following a write to the control register, the data + offset will be set to zero. Each successful read access to the + data register will increment the data offset by the appropriate + access width. + + Each fw_cfg blob has a maximum associated data length. Once the + data offset exceeds this maximum length, any subsequent reads + via the data register will return 0x00. + + An N-byte wide read of the data register will return the next + available N bytes of the selected fw_cfg blob, as a substring, + in increasing address order, similar to memcpy(), zero-padded + if necessary should the maximum data length of the selected + item be reached, as described above. + + --- Per-arch Register Details --- + + - + archaccess base ctrlctrldatadata + modeaddress offset endian offset width + max. + - + x86 IOport0x510 0 LE 18 + x86_64 IOport0x510 0 LE 18 + arm MMIO 0x902 8 BE 0 64 + sun4u IOport0x510 0 LE 18 + sun4m MMIO0xd0510 0 BE 28 + ppc/mac MMIO 0xf510 0 BE 28 +
Re: [Qemu-devel] [RFC PATCH V7 07/19] protect TBContext with tb_lock.
On 10/08/2015 17:27, fred.kon...@greensocs.com wrote:
diff --git a/cpu-exec.c b/cpu-exec.c
index f3358a9..a012e9d 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -131,6 +131,8 @@ static void init_delay_params(SyncClocks *sc, const
CPUState *cpu)
void cpu_loop_exit(CPUState *cpu)
{
cpu-current_tb = NULL;
+/* Release those mutex before long jump so other thread can work. */
+tb_lock_reset();
siglongjmp(cpu-jmp_env, 1);
}
@@ -143,6 +145,8 @@ void cpu_resume_from_signal(CPUState *cpu, void *puc)
/* XXX: restore cpu registers saved in host registers */
cpu-exception_index = -1;
+/* Release those mutex before long jump so other thread can work. */
+tb_lock_reset();
siglongjmp(cpu-jmp_env, 1);
}
I think you should start easy and reuse the existing tb_lock code in
cpu-exec.c:
diff --git a/cpu-exec.c b/cpu-exec.c
index 9305f03..2909ec2 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -307,7 +307,6 @@ static TranslationBlock *tb_find_slow(CPUState *cpu,
target_ulong pc,
tb = tb_find_physical(cpu, pc, cs_base, flags);
if (!tb) {
-tb_lock();
/*
* Retry to get the TB in case a CPU just translate it to avoid having
* duplicated TB in the pool.
@@ -316,7 +315,6 @@ static TranslationBlock *tb_find_slow(CPUState *cpu,
target_ulong pc,
if (!tb) {
tb = tb_gen_code(cpu, pc, cs_base, flags, 0);
}
-tb_unlock();
}
/* we add the TB in the virtual pc hash table */
cpu-tb_jmp_cache[tb_jmp_cache_hash_func(pc)] = tb;
@@ -372,11 +372,6 @@ int cpu_exec(CPUState *cpu)
uintptr_t next_tb;
SyncClocks sc;
-/* This must be volatile so it is not trashed by longjmp() */
-#if defined(CONFIG_USER_ONLY)
-volatile bool have_tb_lock = false;
-#endif
-
if (cpu-halted) {
if (!cpu_has_work(cpu)) {
return EXCP_HALTED;
@@ -480,10 +475,7 @@ int cpu_exec(CPUState *cpu)
cpu-exception_index = EXCP_INTERRUPT;
cpu_loop_exit(cpu);
}
-#if defined(CONFIG_USER_ONLY)
-qemu_mutex_lock(tcg_ctx.tb_ctx.tb_lock);
-have_tb_lock = true;
-#endif
+tb_lock();
tb = tb_find_fast(cpu);
/* Note: we do it here to avoid a gcc bug on Mac OS X when
doing it in tb_find_slow */
@@ -505,10 +497,7 @@ int cpu_exec(CPUState *cpu)
tb_add_jump((TranslationBlock *)(next_tb ~TB_EXIT_MASK),
next_tb TB_EXIT_MASK, tb);
}
-#if defined(CONFIG_USER_ONLY)
-have_tb_lock = false;
-qemu_mutex_unlock(tcg_ctx.tb_ctx.tb_lock);
-#endif
+tb_unlock();
/* cpu_interrupt might be called while translating the
TB, but before it is linked into a potentially
infinite loop and becomes env-current_tb. Avoid
@@ -575,12 +564,7 @@ int cpu_exec(CPUState *cpu)
x86_cpu = X86_CPU(cpu);
env = x86_cpu-env;
#endif
-#if defined(CONFIG_USER_ONLY)
-if (have_tb_lock) {
-qemu_mutex_unlock(tcg_ctx.tb_ctx.tb_lock);
-have_tb_lock = false;
-}
-#endif
+tb_lock_reset();
}
} /* for(;;) */
Optimizations should then come on top.
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 69ac18c..960c75e 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -11166,6 +11166,8 @@ static inline void
gen_intermediate_code_internal(ARMCPU *cpu,
dc-tb = tb;
+tb_lock();
This locks twice, I think? Both cpu_restore_state_from_tb and
tb_gen_code (which calls cpu_gen_code) take the lock. How does it work?
+
dc-is_jmp = DISAS_NEXT;
dc-pc = pc_start;
dc-singlestep_enabled = cs-singlestep_enabled;
@@ -11506,6 +11508,7 @@ done_generating:
tb-size = dc-pc - pc_start;
tb-icount = num_insns;
}
+tb_unlock();
}
+/* tb_lock must be help for tcg_malloc_internal. */
Held, not help.
Paolo
[Qemu-devel] [PATCH 2/3] kobject: export kset_find_obj() to be used from modules
From: Gabriel Somlo so...@cmu.edu Signed-off-by: Gabriel Somlo so...@cmu.edu --- lib/kobject.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/kobject.c b/lib/kobject.c index 3e3a5c3..f9754a0 100644 --- a/lib/kobject.c +++ b/lib/kobject.c @@ -1058,3 +1058,4 @@ EXPORT_SYMBOL(kobject_del); EXPORT_SYMBOL(kset_register); EXPORT_SYMBOL(kset_unregister); +EXPORT_SYMBOL(kset_find_obj); -- 2.4.3
[Qemu-devel] [RFC PATCH V7 09/19] Drop global lock during TCG code execution
From: KONRAD Frederic fred.kon...@greensocs.com
This finally allows TCG to benefit from the iothread introduction: Drop
the global mutex while running pure TCG CPU code. Reacquire the lock
when entering MMIO or PIO emulation, or when leaving the TCG loop.
We have to revert a few optimization for the current TCG threading
model, namely kicking the TCG thread in qemu_mutex_lock_iothread and not
kicking it in qemu_cpu_kick. We also need to disable RAM block
reordering until we have a more efficient locking mechanism at hand.
I'm pretty sure some cases are still broken, definitely SMP (we no
longer perform round-robin scheduling by chance). Still, a Linux x86
UP guest and my Musicpal ARM model boot fine here. These numbers
demonstrate where we gain something:
20338 jan 20 0 331m 75m 6904 R 99 0.9 0:50.95 qemu-system-arm
20337 jan 20 0 331m 75m 6904 S 20 0.9 0:26.50 qemu-system-arm
The guest CPU was fully loaded, but the iothread could still run mostly
independent on a second core. Without the patch we don't get beyond
32206 jan 20 0 330m 73m 7036 R 82 0.9 1:06.00 qemu-system-arm
32204 jan 20 0 330m 73m 7036 S 21 0.9 0:17.03 qemu-system-arm
We don't benefit significantly, though, when the guest is not fully
loading a host CPU.
Note that this patch depends on
http://thread.gmane.org/gmane.comp.emulators.qemu/118657
Changes from Fred Konrad:
* Rebase on the current HEAD.
* Fixes a deadlock in qemu_devices_reset().
* Remove the mutex in address_space_*
---
cpus.c| 20 +++-
cputlb.c | 5 +
target-i386/misc_helper.c | 27 ---
translate-all.c | 2 ++
vl.c | 6 ++
5 files changed, 40 insertions(+), 20 deletions(-)
diff --git a/cpus.c b/cpus.c
index 2550be2..154a081 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1232,23 +1232,7 @@ bool qemu_mutex_iothread_locked(void)
void qemu_mutex_lock_iothread(void)
{
-atomic_inc(iothread_requesting_mutex);
-/* In the simple case there is no need to bump the VCPU thread out of
- * TCG code execution.
- */
-if (!tcg_enabled() || qemu_in_vcpu_thread() ||
-!first_cpu || !first_cpu-thread) {
-qemu_mutex_lock(qemu_global_mutex);
-atomic_dec(iothread_requesting_mutex);
-} else {
-if (qemu_mutex_trylock(qemu_global_mutex)) {
-qemu_cpu_kick_thread(first_cpu);
-qemu_mutex_lock(qemu_global_mutex);
-}
-atomic_dec(iothread_requesting_mutex);
-qemu_cond_broadcast(qemu_io_proceeded_cond);
-}
-iothread_locked = true;
+qemu_mutex_lock(qemu_global_mutex);
}
void qemu_mutex_unlock_iothread(void)
@@ -1469,7 +1453,9 @@ static int tcg_cpu_exec(CPUState *cpu)
cpu-icount_decr.u16.low = decr;
cpu-icount_extra = count;
}
+qemu_mutex_unlock_iothread();
ret = cpu_exec(cpu);
+qemu_mutex_lock_iothread();
#ifdef CONFIG_PROFILER
tcg_time += profile_getclock() - ti;
#endif
diff --git a/cputlb.c b/cputlb.c
index a506086..79fff1c 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -30,6 +30,9 @@
#include exec/ram_addr.h
#include tcg/tcg.h
+void qemu_mutex_lock_iothread(void);
+void qemu_mutex_unlock_iothread(void);
+
//#define DEBUG_TLB
//#define DEBUG_TLB_CHECK
@@ -125,8 +128,10 @@ void tlb_flush_page(CPUState *cpu, target_ulong addr)
can be detected */
void tlb_protect_code(ram_addr_t ram_addr)
{
+qemu_mutex_lock_iothread();
cpu_physical_memory_test_and_clear_dirty(ram_addr, TARGET_PAGE_SIZE,
DIRTY_MEMORY_CODE);
+qemu_mutex_unlock_iothread();
}
/* update the TLB so that writes in physical page 'phys_addr' are no longer
diff --git a/target-i386/misc_helper.c b/target-i386/misc_helper.c
index 52c5d65..55f63bf 100644
--- a/target-i386/misc_helper.c
+++ b/target-i386/misc_helper.c
@@ -27,8 +27,10 @@ void helper_outb(CPUX86State *env, uint32_t port, uint32_t
data)
#ifdef CONFIG_USER_ONLY
fprintf(stderr, outb: port=0x%04x, data=%02x\n, port, data);
#else
+qemu_mutex_lock_iothread();
address_space_stb(address_space_io, port, data,
cpu_get_mem_attrs(env), NULL);
+qemu_mutex_unlock_iothread();
#endif
}
@@ -38,8 +40,13 @@ target_ulong helper_inb(CPUX86State *env, uint32_t port)
fprintf(stderr, inb: port=0x%04x\n, port);
return 0;
#else
-return address_space_ldub(address_space_io, port,
+target_ulong ret;
+
+qemu_mutex_lock_iothread();
+ret = address_space_ldub(address_space_io, port,
cpu_get_mem_attrs(env), NULL);
+qemu_mutex_unlock_iothread();
+return ret;
#endif
}
@@ -48,8 +55,10 @@ void helper_outw(CPUX86State *env, uint32_t port, uint32_t
data)
#ifdef CONFIG_USER_ONLY
fprintf(stderr, outw: port=0x%04x, data=%04x\n, port, data);
#else
+qemu_mutex_lock_iothread();
Re: [Qemu-devel] [PATCH v13 13/19] i.MX: KZM now uses the standalone i.MX31 SOC support
Le 07/08/2015 15:45, Peter Maydell a écrit :
On 16 July 2015 at 22:21, Jean-Christophe Dubois j...@tribudubois.net wrote:
Tested by booting a minimal Linux system on the emulated platform
Signed-off-by: Jean-Christophe Dubois j...@tribudubois.net
---
This said:
- * 0x8000-0x87ff RAM EMULATED
- * 0x8800-0x8fff RAM Aliasing EMULATED
but your patch changes it:
+ * 0x-0x7fff See i.MX31 SOC for support
+ * 0x8000-0x8fff RAM EMULATED
+ * 0x9000-0x9fff RAM EMULATED
The i.MX31 has 2 SDRAM controllers:
*
0x8000-0x8fff:First SDRAM controller. There is memory aliasing if we
have less than 256 MB of memory in this slot.
*
0x9000-0x9fff:Second SDRAM controller. There is memory aliasing if
we have less than 256 MB of memory in this slot.
+/* initialize our memory */
+for (i=0, ram_size = machine-ram_size; (i2) ram_size; i++) {
+unsigned int size;
+char ram_name[20];
+static const struct {
+hwaddr addr;
+unsigned int size;
+} ram[2] = {
+{ FSL_IMX31_SDRAM0_ADDR, FSL_IMX31_SDRAM0_SIZE },
+{ FSL_IMX31_SDRAM1_ADDR, FSL_IMX31_SDRAM1_SIZE },
+};
+
+ if (ram_size ram[i].size) {
+size = ram[i].size;
+ } else {
+size = ram_size;
+ }
+
+sprintf(ram_name, kzm.ram%d, i);
+
+ram_size -= size;
+
+memory_region_allocate_system_memory(s-ram[i], NULL, ram_name, size);
memory_region_allocate_system_memory() needs to be called once and
only once by a board init. You're going to end up calling it twice here.
Actually, I may be calling it up 3 time because there is also an
internal (16KB) memory range that is allocated during the SOC init
(fsl-imx31.c file).
Now as my memory (the 3 memory banks) is (partially) discontiguous how
am I suppose to init all of it in one call?
And if memory_region_allocate_system_memory() should really be called
only once, why is it not enforced in this function? After all,
memory_region_allocate_system_memory() only calls
memory_region_init_ram() and vmstate_register_ram_global() in one step ...
+memory_region_add_subregion(get_system_memory(), ram[i].addr,
+s-ram[i]);
+if (size ram[i].size) {
+memory_region_init_alias(s-ram_alias, NULL, ram.alias,
+ s-ram[i], 0, ram[i].size - size);
+memory_region_add_subregion(get_system_memory(),
+ram[i].addr + size, s-ram_alias);
+}
+}
What is this code trying to do with that alias? It looks very odd.
(Are we trying to model under-decoded address bits?)
Yes in case the RAM size does not take all of the SDRAM controller
window size (this is more or less what was done in the previous kzm code
but for only one SDRAM controller).
Actually I am trying to allow a KZM board with a memory that can vary
from 0MB to 512MB (instead of 0MB to 256 MB as before). This might be
more than what the real board allow (I am not sure) but why not if the
user needs more memory?
My instinct is to say that rather than modelling two separate lumps
of RAM we should just have one region -- they're contiguous, after
all.
If the requested RAM is smaller than the SDRAM controller window, the
function is only called once. It is called twice here if the requested
RAM exceed the SDRAM first controller window.
And I still have this 16 KB internal memory to allocate/initialize.
thanks
-- PMM
Re: [Qemu-devel] [RFC PATCH V7 09/19] Drop global lock during TCG code execution
On 10/08/2015 17:27, fred.kon...@greensocs.com wrote:
void qemu_mutex_lock_iothread(void)
{
-atomic_inc(iothread_requesting_mutex);
-/* In the simple case there is no need to bump the VCPU thread out of
- * TCG code execution.
- */
-if (!tcg_enabled() || qemu_in_vcpu_thread() ||
-!first_cpu || !first_cpu-thread) {
-qemu_mutex_lock(qemu_global_mutex);
-atomic_dec(iothread_requesting_mutex);
-} else {
-if (qemu_mutex_trylock(qemu_global_mutex)) {
-qemu_cpu_kick_thread(first_cpu);
-qemu_mutex_lock(qemu_global_mutex);
-}
-atomic_dec(iothread_requesting_mutex);
-qemu_cond_broadcast(qemu_io_proceeded_cond);
-}
-iothread_locked = true;
iothread_locked = true must be kept. Otherwise... yay! :)
@@ -125,8 +128,10 @@ void tlb_flush_page(CPUState *cpu, target_ulong addr)
can be detected */
void tlb_protect_code(ram_addr_t ram_addr)
{
+qemu_mutex_lock_iothread();
cpu_physical_memory_test_and_clear_dirty(ram_addr, TARGET_PAGE_SIZE,
DIRTY_MEMORY_CODE);
+qemu_mutex_unlock_iothread();
}
Not needed anymore.
diff --git a/target-i386/misc_helper.c b/target-i386/misc_helper.c
index 52c5d65..55f63bf 100644
--- a/target-i386/misc_helper.c
+++ b/target-i386/misc_helper.c
None of this is needed anymore either! :)
+/*
+ * Some device's reset needs to grab the global_mutex. So just release it
+ * here.
+ */
+qemu_mutex_unlock_iothread();
/* reset all devices */
QTAILQ_FOREACH_SAFE(re, reset_handlers, entry, nre) {
re-func(re-opaque);
}
+qemu_mutex_lock_iothread();
Should never have been true? (And, I think, it was pointed out in a
previous version too).
Paolo
Re: [Qemu-devel] [RFC PATCH V7 00/19] Multithread TCG.
fred.kon...@greensocs.com writes: From: KONRAD Frederic fred.kon...@greensocs.com This is the 7th round of the MTTCG patch series. It can be cloned from: g...@git.greensocs.com:fkonrad/mttcg.git branch multi_tcg_v7. I'm not seeing this yet, did you remember to push? This patch-set try to address the different issues in the global picture of MTTCG, presented on the wiki. == Needed patch for our work == Some preliminaries are needed for our work: * current_cpu doesn't make sense in mttcg so a tcg_executing flag is added to the CPUState. * We need to run some work safely when all VCPUs are outside their execution loop. This is done with the async_run_safe_work_on_cpu function introduced in this series. * QemuSpin lock is introduced (on posix only yet) to allow a faster handling of atomic instruction. == Code generation and cache == As Qemu stands, there is no protection at all against two threads attempting to generate code at the same time or modifying a TranslationBlock. The protect TBContext with tb_lock patch address the issue of code generation and makes all the tb_* function thread safe (except tb_flush). This raised the question of one or multiple caches. We choosed to use one unified cache because it's easier as a first step and since the structure of QEMU effectively has a ‘local’ cache per CPU in the form of the jump cache, we don't see the benefit of having two pools of tbs. == Dirty tracking == Protecting the IOs: To allows all VCPUs threads to run at the same time we need to drop the global_mutex as soon as possible. The io access need to take the mutex. This is likely to change when http://thread.gmane.org/gmane.comp.emulators.qemu/345258 will be upstreamed. Invalidation of TranslationBlocks: We can have all VCPUs running during an invalidation. Each VCPU is able to clean it's jump cache itself as it is in CPUState so that can be handled by a simple call to async_run_on_cpu. However tb_invalidate also writes to the TranslationBlock which is shared as we have only one pool. Hence this part of invalidate requires all VCPUs to exit before it can be done. Hence the async_run_safe_work_on_cpu is introduced to handle this case. == Atomic instruction == For now only ARM on x64 is supported by using an cmpxchg instruction. Specifically the limitation of this approach is that it is harder to support 64bit ARM on a host architecture that is multi-core, but only supports 32 bit cmpxchg (we believe this could be the case for some PPC cores). For now this case is not correctly handled. The existing atomic patch will attempt to execute the 64 bit cmpxchg functionality in a non thread safe fashion. Our intention is to provide a new multi-thread ARM atomic patch for 64bit ARM on effective 32bit hosts. This atomic instruction part has been tested with Alexander's atomic stress repo available here: https://lists.gnu.org/archive/html/qemu-devel/2015-06/msg05585.html The execution is a little slower than upstream probably because of the different VCPU fight for the mutex. Swaping arm_exclusive_lock from mutex to spin_lock reduce considerably the difference. == Testing == A simple double dhrystone test in SMP 2 with vexpress-a15 in a linux guest show a good performance progression: it takes basically 18s upstream to complete vs 10s with MTTCG. Testing image is available here: https://cloud.greensocs.com/index.php/s/CfHSLzDH5pmTkW3 Then simply: ./configure --target-list=arm-softmmu make -j8 ./arm-softmmu/qemu-system-arm -M vexpress-a15 -smp 2 -kernel zImage -initrd rootfs.ext2 -dtb vexpress-v2p-ca15-tc1.dtb --nographic --append console=ttyAMA0 login: root The dhrystone command is the last one in the history. dhrystone 1000 dhrystone 1000 The atomic spinlock benchmark from Alexander shows that atomic basically work. Just follow the instruction here: https://lists.gnu.org/archive/html/qemu-devel/2015-06/msg05585.html == Known issues == * GDB stub: GDB stub is not tested right now it will probably requires some changes to work. * deadlock on exit: When exiting QEMU Ctrl-C some VCPU's thread are not able to exit and continue execution. http://git.greensocs.com/fkonrad/mttcg/issues/1 * memory_region_rom_device_set_romd from pflash01 just crashes the TCG code. Strangely this happen only with -smp 4 and 2 in the DTB. http://git.greensocs.com/fkonrad/mttcg/issues/2 Changes V6 - V7: * global_lock: * Don't protect softmmu read/write helper as it's now done in adress_space_rw. * tcg_exec_flag: * Make the flag atomically test and set through an API. * introduce async_safe_work: * move qemu_cpu_kick_thread to avoid prototype declaration. * use the work_mutex. * async_work: * protect it with a mutex (work_mutex) against concurent access. * tb_lock: * protect tcg_malloc_internal as well. *
Re: [Qemu-devel] [PATCH v8 1/5] Implement GIC-500 base class
On 10 August 2015 at 13:06, Pavel Fedin p.fe...@samsung.com wrote:
From: Shlomo Pongratz shlomo.pongr...@huawei.com
This class is to be used by both software and KVM implementations of GICv3
Currently it is mostly a placeholder, but in future it is supposed to hold
qemu's representation of GICv3 state, which is necessary for migration.
Signed-off-by: Shlomo Pongratz shlomo.pongr...@huawei.com
Signed-off-by: Pavel Fedin p.fe...@samsung.com
+memory_region_init_io(s-iomem_dist, OBJECT(s), ops, s,
+ gicv3_dist, 0x1);
+memory_region_init_io(s-iomem_redist, OBJECT(s), ops ? ops[1] : NULL,
s,
+ gicv3_redist, 0x80);
Why is the redistributor region so huge? The spec says a
redistributor has four 64KB frames in its memory map:
* RD_base
* SGI_base
* VLPI_base
* Reserved
which is a lot smaller than this memory region...
+
+/* Maximum number of possible interrupts, determined by the GIC architecture
*/
+#define GICV3_MAXIRQ 1020
The comment could use updating, because part of the point of GICv3
is to not have that limit...
+#define GICV3_NCPU 64
What is imposing this NCPU limit?
+
+typedef struct GICv3State {
+/* private */
+SysBusDevice parent_obj;
+/* public */
+
+qemu_irq parent_irq[GICV3_NCPU];
+qemu_irq parent_fiq[GICV3_NCPU];
We should be allocating memory for the right number of irqs
and fiqs based on the number of actual CPUs, because we don't
really want a compile-time arbitrary limit on NCPUs.
thanks
-- PMM
Re: [Qemu-devel] [PATCH 2/3] kobject: export kset_find_obj() to be used from modules
On Mon, Aug 10, 2015 at 12:31:19PM -0400, Gabriel L. Somlo wrote: From: Gabriel Somlo so...@cmu.edu Signed-off-by: Gabriel Somlo so...@cmu.edu --- lib/kobject.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/kobject.c b/lib/kobject.c index 3e3a5c3..f9754a0 100644 --- a/lib/kobject.c +++ b/lib/kobject.c @@ -1058,3 +1058,4 @@ EXPORT_SYMBOL(kobject_del); EXPORT_SYMBOL(kset_register); EXPORT_SYMBOL(kset_unregister); +EXPORT_SYMBOL(kset_find_obj); checkpatch doesn't like this for obvious reasons :)
Re: [Qemu-devel] [PATCH v13 13/19] i.MX: KZM now uses the standalone i.MX31 SOC support
Le 10/08/2015 18:23, Peter Maydell a écrit : On 10 August 2015 at 17:15, Jean-Christophe DUBOIS j...@tribudubois.net wrote: Le 07/08/2015 15:45, Peter Maydell a écrit : On 16 July 2015 at 22:21, Jean-Christophe Dubois j...@tribudubois.net wrote: memory_region_allocate_system_memory() needs to be called once and only once by a board init. You're going to end up calling it twice here. Actually, I may be calling it up 3 time because there is also an internal (16KB) memory range that is allocated during the SOC init (fsl-imx31.c file). Small blocks of stuff like 16KB are not the main lump of RAM, so should not be initialized with memory_region_allocate_system_memory(). Use memory_region_init_ram() followed by vmstate_register_ram_global() for that sort of small RAM region. OK, I'll do it but it seems to me that in our case memory_region_allocate_system_memory() basically do: * memory_region_init_ram() * vmstate_register_ram_global() Now as my memory (the 3 memory banks) is (partially) discontiguous how am I suppose to init all of it in one call? Your main RAM will be all contiguous, the only reason it would be discontiguous is if you were trying to model 128MB + 128MB, which you can't specify anyway with a single 'this much memory' ram_size argument. Yes, It will make things a little more complex for the alias memory (if any). I'll work something up. And if memory_region_allocate_system_memory() should really be called only once, why is it not enforced in this function? After all, memory_region_allocate_system_memory() only calls memory_region_init_ram() and vmstate_register_ram_global() in one step ... It does a lot more complicated things than that, potentially. For NUMA platforms, it seems. But in our simple case it seems that it doesn't do a lot more. But OK, I'll change things. I agree that it ought to assert the once-and-only-once property; in fact I suggested on IRC last week that that would be a good plan, since it's an easy mistake to make. thanks -- PMM
Re: [Qemu-devel] [PATCH v8 5/5] Add gicversion option to virt machine
On 10 August 2015 at 13:06, Pavel Fedin p.fe...@samsung.com wrote:
Set kernel_irqchip_type according to value of the option and pass it
around where necessary. Instantiate devices and fdt nodes according
to the choice.
max_cpus for virt machine increased to 64. GICv2 compatibility check
happens inside arm_gic_common_realize().
/* Number of external interrupt lines to configure the GIC with */
#define NUM_IRQS 256
@@ -108,6 +109,9 @@ static const MemMapEntry a15memmap[] = {
[VIRT_GIC_DIST] = { 0x0800, 0x0001 },
[VIRT_GIC_CPU] ={ 0x0801, 0x0001 },
[VIRT_GIC_V2M] ={ 0x0802, 0x1000 },
+[VIRT_ITS_CONTROL] ={ 0x0802, 0x0001 },
+[VIRT_ITS_TRANSLATION] ={ 0x0803, 0x0001 },
We don't implement ITS yet, so are these placeholders for that?
(That's OK, but if they don't do anything yet it's worth
commenting to that effect.)
Any particular reason for having two separate VIRT_ITS_*
entries? The spec mandates that the two 64K pages of ITS
have to be consecutive, so it would make life easier for
boards if they were just a single memory region.
+[VIRT_GIC_REDIST] = { 0x0804, 0x0080 },
Is this layout borrowed from any particular real world board,
by the way?
VirtMachineState *vms = VIRT_MACHINE(obj);
@@ -947,6 +1035,11 @@ static void virt_instance_init(Object *obj)
/* Default GIC type is v2 */
vms-parent.kernel_irqchip_type = QEMU_GIC_TYPE_V2;
+object_property_add(obj, gicversion, int, virt_get_gic_version,
+virt_set_gic_version, NULL, NULL, NULL);
+object_property_set_description(obj, gicversion,
+Set GIC version.
+Valid values are 2 and 3, NULL);
}
gic-version would be more in line with other property naming
styles I think.
static void virt_class_init(ObjectClass *oc, void *data)
@@ -956,7 +1049,8 @@ static void virt_class_init(ObjectClass *oc, void *data)
mc-name = TYPE_VIRT_MACHINE;
mc-desc = ARM Virtual Machine,
mc-init = machvirt_init;
-mc-max_cpus = 8;
+/* With gic3 full implementation (with bitops) rase the lmit to 128 */
+mc-max_cpus = 64;
Comment disagrees with code, and in any case where does the CPU
maximum limit come from?
thanks
-- PMM
Re: [Qemu-devel] [PATCH v8 4/5] Initial implementation of vGICv3
On 10 August 2015 at 13:06, Pavel Fedin p.fe...@samsung.com wrote: Get/put routines are missing, live migration is not possible. This commit message is too terse. Otherwise Reviewed-by: Peter Maydell peter.mayd...@linaro.org thanks -- PMM
Re: [Qemu-devel] [RFC PATCH V7 19/19] target-arm/psci.c: wake up sleeping CPUs (MTTCG)
Paolo Bonzini pbonz...@redhat.com writes: On 10/08/2015 17:27, fred.kon...@greensocs.com wrote: From: Alex Bennée alex.ben...@linaro.org Testing with Alexander's bare metal syncronisation tests fails in MTTCG leaving one CPU spinning forever waiting for the second CPU to wake up. We simply need to poke the halt_cond once we have processed the PSCI power on call. Tested-by: Alex Bennée alex.ben...@linaro.org CC: Alexander Spyridakis a.spyrida...@virtualopensystems.com --- target-arm/psci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target-arm/psci.c b/target-arm/psci.c index 20e4cb6..83e309c 100644 --- a/target-arm/psci.c +++ b/target-arm/psci.c @@ -211,6 +211,8 @@ void arm_handle_psci_call(ARMCPU *cpu) } target_cpu_class-set_pc(target_cpu_state, entry); +qemu_cond_signal(target_cpu_state-halt_cond); + qemu_cpu_kick, not qemu_cond_signal. I did a v2 in my branch and didn't realise Fred had picked it up into his tree. I hadn't sent it up list because it didn't seem to be worth it for non-MTTCG builds. I can send it if you want? Fred, Use the attached on your next rebase. From bb8aabadc0880a21bfe5821af172c047474841d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= alex.ben...@linaro.org Date: Tue, 7 Jul 2015 08:28:05 +0100 Subject: [PATCH] target-arm/psci.c: wake up sleeping CPUs (MTTCG) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Testing with Alexander's bare metal syncronisation tests fails in MTTCG leaving one CPU spinning forever waiting for the second CPU to wake up. We simply need to poke the halt_cond once we have processed the PSCI power on call. Tested-by: Alex Bennée alex.ben...@linaro.org CC: Alexander Spyridakis a.spyrida...@virtualopensystems.com --- v2 - use qemu_cpu_kick() --- target-arm/psci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target-arm/psci.c b/target-arm/psci.c index 20e4cb6..4643743 100644 --- a/target-arm/psci.c +++ b/target-arm/psci.c @@ -211,6 +211,8 @@ void arm_handle_psci_call(ARMCPU *cpu) } target_cpu_class-set_pc(target_cpu_state, entry); +qemu_cpu_kick(target_cpu_state); + ret = 0; break; case QEMU_PSCI_0_1_FN_CPU_OFF: -- 2.5.0 Paolo ret = 0; break; case QEMU_PSCI_0_1_FN_CPU_OFF: -- Alex Bennée
Re: [Qemu-devel] [PATCH v8 2/5] Extract some reusable vGIC code
On 10 August 2015 at 13:06, Pavel Fedin p.fe...@samsung.com wrote:
These functions are useful also for vGICv3 implementation. Make them
accessible
from within other modules.
Actually kvm_dist_get() and kvm_dist_put() could also be made reusable, but
they would require two extra parameters (s-dev_fd and s-num_cpu) as well as
lots of typecasts of 's' to DeviceState * and back to GICState *. This makes
the code very ugly so i decided to stop at this point. I tried also an
approach with making a base class for all possible GICs, but it would contain
only three variables (dev_fd, cpu_num and irq_num), and accessing them through
the rest of the code would be again tedious (either ugly casts or qemu-style
separate object pointer). So i disliked it too.
Signed-off-by: Pavel Fedin p.fe...@samsung.com
---
hw/intc/arm_gic_kvm.c | 84
---
hw/intc/vgic_common.h | 43 ++
2 files changed, 82 insertions(+), 45 deletions(-)
create mode 100644 hw/intc/vgic_common.h
diff --git a/hw/intc/arm_gic_kvm.c b/hw/intc/arm_gic_kvm.c
index e5d0f67..6ce539b 100644
--- a/hw/intc/arm_gic_kvm.c
+++ b/hw/intc/arm_gic_kvm.c
@@ -23,6 +23,7 @@
#include sysemu/kvm.h
#include kvm_arm.h
#include gic_internal.h
+#include vgic_common.h
//#define DEBUG_GIC_KVM
@@ -52,7 +53,7 @@ typedef struct KVMARMGICClass {
void (*parent_reset)(DeviceState *dev);
} KVMARMGICClass;
-static void kvm_arm_gic_set_irq(void *opaque, int irq, int level)
+void kvm_arm_gic_set_irq(uint32_t num_irq, int irq, int level)
The need to add num_irq to this prototype reveals the ugliness
of it as an interface. It would be much nicer to convert the
GIC to using named GPIO arrays for its incoming interrupt
lines, so that you can handle the different cases of SPIs
and PPIs naturally rather than exposing the awkward mapping
from multiple different sets of interrupts into a single
integer space.
I don't insist on that being done for the GICv3 work, but it
does rather affect the shape of these functions you're trying
to factor out, so it's worth considering.
{
/* Meaning of the 'irq' parameter:
* [0..N-1] : external interrupts
@@ -63,10 +64,9 @@ static void kvm_arm_gic_set_irq(void *opaque, int irq, int
level)
* has separate fields in the irq number for type,
* CPU number and interrupt number.
*/
-GICState *s = (GICState *)opaque;
int kvm_irq, irqtype, cpu;
-if (irq (s-num_irq - GIC_INTERNAL)) {
+if (irq (num_irq - GIC_INTERNAL)) {
/* External interrupt. The kernel numbers these like the GIC
* hardware, with external interrupt IDs starting after the
* internal ones.
@@ -77,7 +77,7 @@ static void kvm_arm_gic_set_irq(void *opaque, int irq, int
level)
} else {
/* Internal interrupt: decode into (cpu, interrupt id) */
irqtype = KVM_ARM_IRQ_TYPE_PPI;
-irq -= (s-num_irq - GIC_INTERNAL);
+irq -= (num_irq - GIC_INTERNAL);
cpu = irq / GIC_INTERNAL;
irq %= GIC_INTERNAL;
}
@@ -87,12 +87,19 @@ static void kvm_arm_gic_set_irq(void *opaque, int irq,
int level)
kvm_set_irq(kvm_state, kvm_irq, !!level);
}
+static void kvm_arm_gicv2_set_irq(void *opaque, int irq, int level)
+{
+GICState *s = (GICState *)opaque;
+
+kvm_arm_gic_set_irq(s-num_irq, irq, level);
+}
+
static bool kvm_arm_gic_can_save_restore(GICState *s)
{
return s-dev_fd = 0;
}
-static bool kvm_gic_supports_attr(GICState *s, int group, int attrnum)
+bool kvm_gic_supports_attr(int dev_fd, int group, int attrnum)
If you want to make this public it would be better to call
it kvm_device_supports_attr() and put it in kvm-all.c, because
it's not really GIC specific.
{
struct kvm_device_attr attr = {
.group = group,
@@ -100,14 +107,14 @@ static bool kvm_gic_supports_attr(GICState *s, int
group, int attrnum)
.flags = 0,
};
-if (s-dev_fd == -1) {
+if (dev_fd == -1) {
return false;
}
-return kvm_device_ioctl(s-dev_fd, KVM_HAS_DEVICE_ATTR, attr) == 0;
+return kvm_device_ioctl(dev_fd, KVM_HAS_DEVICE_ATTR, attr) == 0;
}
-static void kvm_gic_access(GICState *s, int group, int offset,
+void kvm_gic_access(int dev_fd, int group, int offset,
int cpu, uint32_t *val, bool write)
{
struct kvm_device_attr attr;
@@ -130,7 +137,7 @@ static void kvm_gic_access(GICState *s, int group, int
offset,
type = KVM_GET_DEVICE_ATTR;
}
-err = kvm_device_ioctl(s-dev_fd, type, attr);
+err = kvm_device_ioctl(dev_fd, type, attr);
if (err 0) {
fprintf(stderr, KVM_{SET/GET}_DEVICE_ATTR failed: %s\n,
strerror(-err));
@@ -138,20 +145,6 @@ static void kvm_gic_access(GICState *s, int group, int
offset,
}
}
-static void kvm_gicd_access(GICState *s,
Re: [Qemu-devel] [PATCH v4 07/11] qemu-log: new option -dfilter to limit output
Christopher Covington c...@codeaurora.org writes:
Hi Alex,
On 08/03/2015 05:14 AM, Alex Bennée wrote:
When debugging big programs or system emulation sometimes you want both
the verbosity of cpu,exec et all but don't want to generate lots of logs
for unneeded stuff. This patch adds a new option -dfilter which allows
you to specify interesting address ranges in the form:
-dfilter 0x8000-0x9000,0xffc8+0x200,...
Then logging code can use the new qemu_log_in_addr_range() function to
decide if it will output logging information for the given range.
Signed-off-by: Alex Bennée alex.ben...@linaro.org
My usual flow is to filter based on mode (CurrentEL on AArch64) and PID
(CONTEXTIDR on AArch64). Do you foresee any problems with adding such
filters?
I have indeed added such filters on for my own debugging efforts.
However the problem is they are very target focused and I don't want to
pollute the generic code with target specific hacks. I suspect we need
two things:
- a way to add target specific options to the UI
- a target agnostic hook which allows additional refinement of the filter
Thanks,
Christopher Covington
v2
- More clean-ups to the documentation
v3
- re-base
- use GArray instead of GList to avoid cache bouncing
- checkpatch fixes
---
include/qemu/log.h | 2 ++
qemu-log.c | 57
++
qemu-options.hx| 16 +++
vl.c | 3 +++
4 files changed, 78 insertions(+)
diff --git a/include/qemu/log.h b/include/qemu/log.h
index b80f8f5..ade1f76 100644
--- a/include/qemu/log.h
+++ b/include/qemu/log.h
@@ -182,6 +182,8 @@ static inline void qemu_set_log(int log_flags)
}
void qemu_set_log_filename(const char *filename);
+void qemu_set_dfilter_ranges(const char *ranges);
+bool qemu_log_in_addr_range(uint64_t addr);
int qemu_str_to_log_mask(const char *str);
/* Print a usage message listing all the valid logging categories
diff --git a/qemu-log.c b/qemu-log.c
index 77ed7bc..b3ebd3c 100644
--- a/qemu-log.c
+++ b/qemu-log.c
@@ -19,11 +19,13 @@
#include qemu-common.h
#include qemu/log.h
+#include qemu/range.h
static char *logfilename;
FILE *qemu_logfile;
int qemu_loglevel;
static int log_append = 0;
+static GArray *debug_regions;
void qemu_log(const char *fmt, ...)
{
@@ -92,6 +94,61 @@ void qemu_set_log_filename(const char *filename)
qemu_set_log(qemu_loglevel);
}
+/* Returns true if addr is in our debug filter or no filter defined
+ */
+bool qemu_log_in_addr_range(uint64_t addr)
+{
+if (debug_regions) {
+int i = 0;
+for (i = 0; i debug_regions-len; i++) {
+struct Range *range = g_array_index(debug_regions, Range, i);
+if (addr = range-begin addr = range-end) {
+return true;
+}
+}
+return false;
+} else {
+return true;
+}
+}
+
+
+void qemu_set_dfilter_ranges(const char *filter_spec)
+{
+gchar **ranges = g_strsplit(filter_spec, ,, 0);
+if (ranges) {
+gchar **next = ranges;
+gchar *r = *next++;
+debug_regions = g_array_sized_new(FALSE, FALSE,
+ sizeof(Range),
g_strv_length(ranges));
+while (r) {
+gchar *delim = g_strrstr(r, -);
+if (!delim) {
+delim = g_strrstr(r, +);
+}
+if (delim) {
+struct Range range;
+range.begin = strtoul(r, NULL, 0);
+switch (*delim) {
+case '+':
+range.end = range.begin + strtoul(delim+1, NULL, 0);
+break;
+case '-':
+range.end = strtoul(delim+1, NULL, 0);
+break;
+default:
+g_assert_not_reached();
+}
+g_array_append_val(debug_regions, range);
+} else {
+g_error(Bad range specifier in: %s, r);
+}
+r = *next++;
+}
+g_strfreev(ranges);
+}
+}
+
const QEMULogItem qemu_log_items[] = {
{ CPU_LOG_TB_OUT_ASM, out_asm,
show generated host assembly code for each compiled TB },
diff --git a/qemu-options.hx b/qemu-options.hx
index ae53346..90f0df9 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2987,6 +2987,22 @@ STEXI
Output log in @var{logfile} instead of to stderr
ETEXI
+DEF(dfilter, HAS_ARG, QEMU_OPTION_DFILTER, \
+-dfilter range,.. filter debug output to range of addresses (useful
for -d cpu,exec,etc..)\n,
+QEMU_ARCH_ALL)
+STEXI
+@item -dfilter @var{range1}[,...]
+@findex -dfilter
+Filter debug output to that relevant to a range of target addresses. The
filter
+spec can be either @var{start}-@var{end} or @var{start}+@var{size} where
Re: [Qemu-devel] [PATCH 1/3] firmware: introduce sysfs driver for QEMU's fw_cfg device
On Mon, Aug 10, 2015 at 12:31:18PM -0400, Gabriel L. Somlo wrote: From: Gabriel Somlo so...@cmu.edu Make fw_cfg entries of type file available via sysfs. Entries are listed under /sys/firmware/fw_cfg/by_select, in folders named after each entry's selector key. Filename, selector value, and size read-only attributes are included for each entry. Also, a raw attribute allows retrieval of the full binary content of each entry. This patch also provides a documentation file outlining the guest-side hardware interface exposed by the QEMU fw_cfg device. Signed-off-by: Gabriel Somlo so...@cmu.edu --- Documentation/ABI/testing/sysfs-firmware-fw_cfg | 169 + drivers/firmware/Kconfig| 10 + drivers/firmware/Makefile | 1 + drivers/firmware/fw_cfg.c | 438 4 files changed, 618 insertions(+) create mode 100644 Documentation/ABI/testing/sysfs-firmware-fw_cfg create mode 100644 drivers/firmware/fw_cfg.c diff --git a/Documentation/ABI/testing/sysfs-firmware-fw_cfg b/Documentation/ABI/testing/sysfs-firmware-fw_cfg new file mode 100644 index 000..3a7e7f2 --- /dev/null +++ b/Documentation/ABI/testing/sysfs-firmware-fw_cfg @@ -0,0 +1,169 @@ +What:/sys/firmware/fw_cfg/ /sys/firmware/qemu_fw/ ? fw_cfg is very vague and not descriptive at all. +Date:August 2015 +Contact: Gabriel Somlo so...@cmu.edu +Description: + Several different architectures supported by QEMU (x86, arm, + sun4*, ppc/mac) are provisioned with a firmware configuration + (fw_cfg) device, used by the host to provide configuration data + to the starting guest. While most of this data is meant for use + by the guest BIOS, starting with QEMU v2.4, guest VMs may be + started with arbitrary fw_cfg entries supplied directly on the + command line, which therefore may be of interest to userspace. + + === Guest-side Hardware Interface === + + The fw_cfg device is available to guest VMs as a pair (control + and data) of registers, accessible as either a IO ports or as + MMIO addresses, depending on the architecture. + + --- Control Register --- + + Width: 16-bit + Access: Write-Only + Endianness: LE (if IOport) or BE (if MMIO) + + A write to the control register selects the index for one of + the firmware configuration items (or blobs) available on the + fw_cfg device, which can subsequently be read from the data + register. + + Each time the control register is written, an data offset + internal to the fw_cfg device will be set to zero. This data + offset impacts which portion of the selected fw_cfg blob is + accessed by reading the data register, as explained below. + + --- Data Register --- + + Width: 8-bit (if IOport), or 8/16/32/64-bit (if MMIO) + Access: Read-Only + Endianness: string preserving + + The data register allows access to an array of bytes which + represent the fw_cfg blob last selected by a write to the + control register. + + Immediately following a write to the control register, the data + offset will be set to zero. Each successful read access to the + data register will increment the data offset by the appropriate + access width. + + Each fw_cfg blob has a maximum associated data length. Once the + data offset exceeds this maximum length, any subsequent reads + via the data register will return 0x00. + + An N-byte wide read of the data register will return the next + available N bytes of the selected fw_cfg blob, as a substring, + in increasing address order, similar to memcpy(), zero-padded + if necessary should the maximum data length of the selected + item be reached, as described above. + + --- Per-arch Register Details --- + + - + archaccess base ctrlctrldatadata + modeaddress offset endian offset width + max. + - + x86 IOport0x510 0 LE 18 + x86_64 IOport0x510 0 LE 18 + arm MMIO 0x902 8 BE 0 64 + sun4u IOport0x510 0 LE 18 +
Re: [Qemu-devel] [RFC PATCH V7 07/19] protect TBContext with tb_lock.
Paolo Bonzini pbonz...@redhat.com writes: On 10/08/2015 18:36, Paolo Bonzini wrote: diff --git a/target-arm/translate.c b/target-arm/translate.c index 69ac18c..960c75e 100644 --- a/target-arm/translate.c +++ b/target-arm/translate.c @@ -11166,6 +11166,8 @@ static inline void gen_intermediate_code_internal(ARMCPU *cpu, dc-tb = tb; +tb_lock(); This locks twice, I think? Both cpu_restore_state_from_tb and tb_gen_code (which calls cpu_gen_code) take the lock. How does it work? ... ah, the lock is recursive! I think this can be avoided. Let's look at it next week. I take it your around on the Tuesday (Fred and I arrive Monday evening). Shall we pick a time or hunt for each other in the hacking room? Paolo -- Alex Bennée
Re: [Qemu-devel] [PATCH 3/3] firmware: fw_cfg: create directory hierarchy for fw_cfg file names
On Mon, Aug 10, 2015 at 12:31:20PM -0400, Gabriel L. Somlo wrote: From: Gabriel Somlo so...@cmu.edu Each fw_cfg entry of type file has an associated 56-char, nul-terminated ASCII string which represents its name. While the fw_cfg device doesn't itself impose any specific naming convention, QEMU developers have traditionally used path name semantics (i.e. etc/acpi/rsdp) to descriptively name the various fw_cfg blobs passed into the guest. This patch attempts, on a best effort basis, to create a directory hierarchy representing the content of fw_cfg file names, under /sys/firmware/fw_cfg/by_name. Upon successful creation of all directories representing the dirname portion of a fw_cfg file, a symlink will be created to represent the basename, pointing at the appropriate /sys/firmware/fw_cfg/by_select entry. If a file name is not suitable for this procedure (e.g., if its basename or dirname components collide with an already existing dirname component or basename, respectively) the corresponding fw_cfg blob is skipped and will remain available in sysfs only by its selector key value. Shouldn't all of this be done in userspace with the symlinks and all? It seems like you are trying to duplicate the /dev/block/by-name and such. Policy decisions like symlinks and naming should be done there, in userspace, and not directly in sysfs if at all possible. Again, why can't this be a bunch of character device nodes? It seems like you want to access them that way (read/write, ioctl, etc.) thanks, greg k-h
Re: [Qemu-devel] [PATCH 2/3] kobject: export kset_find_obj() to be used from modules
On Mon, Aug 10, 2015 at 02:43:10PM -0400, Gabriel L. Somlo wrote: On Mon, Aug 10, 2015 at 11:33:04AM -0700, Greg KH wrote: On Mon, Aug 10, 2015 at 12:31:19PM -0400, Gabriel L. Somlo wrote: From: Gabriel Somlo so...@cmu.edu Signed-off-by: Gabriel Somlo so...@cmu.edu --- lib/kobject.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/kobject.c b/lib/kobject.c index 3e3a5c3..f9754a0 100644 --- a/lib/kobject.c +++ b/lib/kobject.c @@ -1058,3 +1058,4 @@ EXPORT_SYMBOL(kobject_del); EXPORT_SYMBOL(kset_register); EXPORT_SYMBOL(kset_unregister); +EXPORT_SYMBOL(kset_find_obj); checkpatch doesn't like this for obvious reasons :) When I run checkpatch on this one, it comes back fine. Could you please elaborate ? [staging]$ scripts/checkpatch.pl 0002-kobject-export-kset_find_obj-to-be-used-from-modules.patch total: 0 errors, 0 warnings, 4 lines checked 0002-kobject-export-kset_find_obj-to-be-used-from-modules.patch has no obvious style problems and is ready for submission. EXPORT_SYMBOL() should be below the function definition itself, not at the bottom of the file. Odd that checkpatch doesn't catch this when done in this manner, it will if you run it on the whole file after your patch is applied (along with the existing problems.) But this is a minor issue, see my other review first... greg k-h
Re: [Qemu-devel] [PATCH v2] error: only prepend timestamp on stderr
Op 8/10/2015 om 3:15 PM schreef Stefan Hajnoczi:
The -msg timestamp=on option prepends a timestamp to error messages.
This is useful on stderr where it allows users to identify when an error
was raised.
Timestamps do not make sense on the monitor since error_report() is
called in response to a synchronous monitor command and the user already
knows when the command was issued. Additionally, the rest of the
monitor conversation lacks timestamps so the error timestamp cannot be
correlated with other activity.
Only prepend timestamps on stderr. This fixes libvirt's 'drive_del'
processing, which did not expect a timestamp. Other QEMU monitor
clients are probably equally confused by timestamps on monitor error
messages.
Cc: Markus Armbruster arm...@redhat.com
Cc: Seiji Aguchi seiji.agu...@hds.com
Cc: Frank Schreuder fschreu...@transip.nl
Cc: Daniel P. Berrange berra...@redhat.com
Signed-off-by: Stefan Hajnoczi stefa...@redhat.com
---
util/qemu-error.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/qemu-error.c b/util/qemu-error.c
index 77ea6c6..c1574bb 100644
--- a/util/qemu-error.c
+++ b/util/qemu-error.c
@@ -210,7 +210,7 @@ void error_vreport(const char *fmt, va_list ap)
GTimeVal tv;
gchar *timestr;
-if (enable_timestamp_msg) {
+if (enable_timestamp_msg !cur_mon) {
g_get_current_time(tv);
timestr = g_time_val_to_iso8601(tv);
error_printf(%s , timestr);
Tested-by: Frank Schreuder fschreu...@transip.nl
Regards,
Frank
Re: [Qemu-devel] [PATCH v4 07/11] qemu-log: new option -dfilter to limit output
Hi Alex,
On 08/03/2015 05:14 AM, Alex Bennée wrote:
When debugging big programs or system emulation sometimes you want both
the verbosity of cpu,exec et all but don't want to generate lots of logs
for unneeded stuff. This patch adds a new option -dfilter which allows
you to specify interesting address ranges in the form:
-dfilter 0x8000-0x9000,0xffc8+0x200,...
Then logging code can use the new qemu_log_in_addr_range() function to
decide if it will output logging information for the given range.
Signed-off-by: Alex Bennée alex.ben...@linaro.org
My usual flow is to filter based on mode (CurrentEL on AArch64) and PID
(CONTEXTIDR on AArch64). Do you foresee any problems with adding such filters?
Thanks,
Christopher Covington
v2
- More clean-ups to the documentation
v3
- re-base
- use GArray instead of GList to avoid cache bouncing
- checkpatch fixes
---
include/qemu/log.h | 2 ++
qemu-log.c | 57
++
qemu-options.hx| 16 +++
vl.c | 3 +++
4 files changed, 78 insertions(+)
diff --git a/include/qemu/log.h b/include/qemu/log.h
index b80f8f5..ade1f76 100644
--- a/include/qemu/log.h
+++ b/include/qemu/log.h
@@ -182,6 +182,8 @@ static inline void qemu_set_log(int log_flags)
}
void qemu_set_log_filename(const char *filename);
+void qemu_set_dfilter_ranges(const char *ranges);
+bool qemu_log_in_addr_range(uint64_t addr);
int qemu_str_to_log_mask(const char *str);
/* Print a usage message listing all the valid logging categories
diff --git a/qemu-log.c b/qemu-log.c
index 77ed7bc..b3ebd3c 100644
--- a/qemu-log.c
+++ b/qemu-log.c
@@ -19,11 +19,13 @@
#include qemu-common.h
#include qemu/log.h
+#include qemu/range.h
static char *logfilename;
FILE *qemu_logfile;
int qemu_loglevel;
static int log_append = 0;
+static GArray *debug_regions;
void qemu_log(const char *fmt, ...)
{
@@ -92,6 +94,61 @@ void qemu_set_log_filename(const char *filename)
qemu_set_log(qemu_loglevel);
}
+/* Returns true if addr is in our debug filter or no filter defined
+ */
+bool qemu_log_in_addr_range(uint64_t addr)
+{
+if (debug_regions) {
+int i = 0;
+for (i = 0; i debug_regions-len; i++) {
+struct Range *range = g_array_index(debug_regions, Range, i);
+if (addr = range-begin addr = range-end) {
+return true;
+}
+}
+return false;
+} else {
+return true;
+}
+}
+
+
+void qemu_set_dfilter_ranges(const char *filter_spec)
+{
+gchar **ranges = g_strsplit(filter_spec, ,, 0);
+if (ranges) {
+gchar **next = ranges;
+gchar *r = *next++;
+debug_regions = g_array_sized_new(FALSE, FALSE,
+ sizeof(Range),
g_strv_length(ranges));
+while (r) {
+gchar *delim = g_strrstr(r, -);
+if (!delim) {
+delim = g_strrstr(r, +);
+}
+if (delim) {
+struct Range range;
+range.begin = strtoul(r, NULL, 0);
+switch (*delim) {
+case '+':
+range.end = range.begin + strtoul(delim+1, NULL, 0);
+break;
+case '-':
+range.end = strtoul(delim+1, NULL, 0);
+break;
+default:
+g_assert_not_reached();
+}
+g_array_append_val(debug_regions, range);
+} else {
+g_error(Bad range specifier in: %s, r);
+}
+r = *next++;
+}
+g_strfreev(ranges);
+}
+}
+
const QEMULogItem qemu_log_items[] = {
{ CPU_LOG_TB_OUT_ASM, out_asm,
show generated host assembly code for each compiled TB },
diff --git a/qemu-options.hx b/qemu-options.hx
index ae53346..90f0df9 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2987,6 +2987,22 @@ STEXI
Output log in @var{logfile} instead of to stderr
ETEXI
+DEF(dfilter, HAS_ARG, QEMU_OPTION_DFILTER, \
+-dfilter range,.. filter debug output to range of addresses (useful
for -d cpu,exec,etc..)\n,
+QEMU_ARCH_ALL)
+STEXI
+@item -dfilter @var{range1}[,...]
+@findex -dfilter
+Filter debug output to that relevant to a range of target addresses. The
filter
+spec can be either @var{start}-@var{end} or @var{start}+@var{size} where
@var{start}
+@var{end} and @var{size} are the addresses and sizes required. For example:
+@example
+-dfilter 0x8000-0x9000,0xffc8+0x200
+@end example
+Will dump output for any code in the 0x1000 sized block starting at 0x8000
and
+the 0x200 sized block starting at 0xffc8.
+ETEXI
+
DEF(L, HAS_ARG, QEMU_OPTION_L, \
-L path set the directory for the BIOS,
Re: [Qemu-devel] [RFC PATCH V7 13/19] add a callback when tb_invalidate is called.
Paolo Bonzini pbonz...@redhat.com writes:
On 10/08/2015 17:27, fred.kon...@greensocs.com wrote:
From: KONRAD Frederic fred.kon...@greensocs.com
Instead of doing the jump cache invalidation directly in tb_invalidate delay
it
after the exit so we don't have an other CPU trying to execute the code being
invalidated.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
---
translate-all.c | 61
+++--
1 file changed, 59 insertions(+), 2 deletions(-)
If you take the easy way and avoid the optimizations in patch 7, this is
not necessary: tb_find_fast and tb_add_jump are only called from within
tb_lock, so all of tb_jmp_cache/jmp_first/jmp_next are protected by tb_lock.
Let's get everything in and then optimize; the order should be:
- Alvise's LL/SC implementation
- conversion of atomics to LL/SC for all front-ends
- the main MTTCG series, reusing the locking already in-place for
user-mode emulation (with some audit...)
- including dropping the cmpxchg fix and including Alvise's MTTCG aware patches
that build on top of LL/SC work.
- any further push-downs of tb_lock
Paolo
diff --git a/translate-all.c b/translate-all.c
index 954c67a..fc5162a 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -62,6 +62,7 @@
#include translate-all.h
#include qemu/bitmap.h
#include qemu/timer.h
+#include sysemu/cpus.h
//#define DEBUG_TB_INVALIDATE
//#define DEBUG_FLUSH
@@ -967,14 +968,58 @@ static inline void tb_reset_jump(TranslationBlock *tb,
int n)
tb_set_jmp_target(tb, n, (uintptr_t)(tb-tc_ptr +
tb-tb_next_offset[n]));
}
+struct CPUDiscardTBParams {
+CPUState *cpu;
+TranslationBlock *tb;
+};
+
+static void cpu_discard_tb_from_jmp_cache(void *opaque)
+{
+unsigned int h;
+struct CPUDiscardTBParams *params = opaque;
+
+h = tb_jmp_cache_hash_func(params-tb-pc);
+if (params-cpu-tb_jmp_cache[h] == params-tb) {
+params-cpu-tb_jmp_cache[h] = NULL;
+}
+
+g_free(opaque);
+}
+
+static void tb_invalidate_jmp_remove(void *opaque)
+{
+TranslationBlock *tb = opaque;
+TranslationBlock *tb1, *tb2;
+unsigned int n1;
+
+/* suppress this TB from the two jump lists */
+tb_jmp_remove(tb, 0);
+tb_jmp_remove(tb, 1);
+
+/* suppress any remaining jumps to this TB */
+tb1 = tb-jmp_first;
+for (;;) {
+n1 = (uintptr_t)tb1 3;
+if (n1 == 2) {
+break;
+}
+tb1 = (TranslationBlock *)((uintptr_t)tb1 ~3);
+tb2 = tb1-jmp_next[n1];
+tb_reset_jump(tb1, n1);
+tb1-jmp_next[n1] = NULL;
+tb1 = tb2;
+}
+tb-jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
+}
+
/* invalidate one TB */
void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
{
CPUState *cpu;
PageDesc *p;
-unsigned int h, n1;
+unsigned int h;
tb_page_addr_t phys_pc;
-TranslationBlock *tb1, *tb2;
+struct CPUDiscardTBParams *params;
tb_lock();
@@ -997,6 +1042,9 @@ void tb_phys_invalidate(TranslationBlock *tb,
tb_page_addr_t page_addr)
tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
+#if 0 /*MTTCG*/
+TranslationBlock *tb1, *tb2;
+unsigned int n1;
/* remove the TB from the hash list */
h = tb_jmp_cache_hash_func(tb-pc);
CPU_FOREACH(cpu) {
@@ -1023,6 +1071,15 @@ void tb_phys_invalidate(TranslationBlock *tb,
tb_page_addr_t page_addr)
tb1 = tb2;
}
tb-jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
+#else
+CPU_FOREACH(cpu) {
+params = g_malloc(sizeof(struct CPUDiscardTBParams));
+params-cpu = cpu;
+params-tb = tb;
+async_run_on_cpu(cpu, cpu_discard_tb_from_jmp_cache, params);
+}
+async_run_safe_work_on_cpu(first_cpu, tb_invalidate_jmp_remove, tb);
+#endif /* MTTCG */
tcg_ctx.tb_ctx.tb_phys_invalidate_count++;
tb_unlock();
--
Alex Bennée
Re: [Qemu-devel] [PATCH 2/3] kobject: export kset_find_obj() to be used from modules
On Mon, Aug 10, 2015 at 11:33:04AM -0700, Greg KH wrote: On Mon, Aug 10, 2015 at 12:31:19PM -0400, Gabriel L. Somlo wrote: From: Gabriel Somlo so...@cmu.edu Signed-off-by: Gabriel Somlo so...@cmu.edu --- lib/kobject.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/kobject.c b/lib/kobject.c index 3e3a5c3..f9754a0 100644 --- a/lib/kobject.c +++ b/lib/kobject.c @@ -1058,3 +1058,4 @@ EXPORT_SYMBOL(kobject_del); EXPORT_SYMBOL(kset_register); EXPORT_SYMBOL(kset_unregister); +EXPORT_SYMBOL(kset_find_obj); checkpatch doesn't like this for obvious reasons :) When I run checkpatch on this one, it comes back fine. Could you please elaborate ? [staging]$ scripts/checkpatch.pl 0002-kobject-export-kset_find_obj-to-be-used-from-modules.patch total: 0 errors, 0 warnings, 4 lines checked 0002-kobject-export-kset_find_obj-to-be-used-from-modules.patch has no obvious style problems and is ready for submission. Thanks much, --Gabriel
Re: [Qemu-devel] [Patch] s390x/kvm: make setting of in-kernel irq routes more efficient
On 10/08/2015 16:02, Jens Freimann wrote: When we add new adapter routes we call kvm_irqchip_add_route() for every virtqueue and in the same step also do the KVM_SET_GSI_ROUTING ioctl. This is unnecessary costly as the interface allows us to set multiple routes in one go. Let's first add all routes to the table stored in the global kvm_state and then do the ioctl to commit the routes to the in-kernel irqchip. This saves us several ioctls to the kernel where for each call a list is reallocated and populated. Acked-by: Paolo Bonzini pbonz...@redhat.com but we should do the same for kvm_irqchip_add_msi_route as well. I'll prepare a patch. Paolo Signed-off-by: Jens Freimann jf...@linux.vnet.ibm.com Reviewed-by: David Hildenbrand d...@linux.vnet.ibm.com --- hw/intc/s390_flic_kvm.c | 2 ++ kvm-all.c | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/intc/s390_flic_kvm.c b/hw/intc/s390_flic_kvm.c index b471e7a..48714f9 100644 --- a/hw/intc/s390_flic_kvm.c +++ b/hw/intc/s390_flic_kvm.c @@ -228,6 +228,8 @@ static int kvm_s390_add_adapter_routes(S390FLICState *fs, routes-gsi[i] = ret; routes-adapter.ind_offset++; } +kvm_irqchip_commit_routes(kvm_state); + /* Restore passed-in structure to original state. */ routes-adapter.ind_offset = ind_offset; return 0; diff --git a/kvm-all.c b/kvm-all.c index 06e06f2..c6f5128 100644 --- a/kvm-all.c +++ b/kvm-all.c @@ -1293,7 +1293,6 @@ int kvm_irqchip_add_adapter_route(KVMState *s, AdapterInfo *adapter) kroute.u.adapter.adapter_id = adapter-adapter_id; kvm_add_routing_entry(s, kroute); -kvm_irqchip_commit_routes(s); return virq; } -- 2.3.8
Re: [Qemu-devel] dmidecode repository (Was: [ARM SMBIOS V1 PATCH 0/6] SMBIOS Support for ARM)
On 08/10/15 14:26, Jean Delvare wrote: Hi Laszlo, On Mon, 10 Aug 2015 13:58:31 +0200, Laszlo Ersek wrote: On 08/10/15 09:43, Jean Delvare wrote: OK, I think I came up with something that looks reasonably good: http://git.savannah.gnu.org/cgit/dmidecode.git Can anyone please check it out and verify that it looks sane and can be worked with? I cloned it and built it with make. (That's all the testing I did. :)) Thanks for testing and reporting. Ideas: - please consider tagging commits that correspond to releases The conversion already did exactly that as far as I can see: dmidecode$ git tag dmidecode-1-8 dmidecode-2-0 dmidecode-2-1 dmidecode-2-10 dmidecode-2-11 dmidecode-2-12 dmidecode-2-2 dmidecode-2-3 dmidecode-2-4 dmidecode-2-5 dmidecode-2-6 dmidecode-2-7 dmidecode-2-8 dmidecode-2-9 And the tags appear in the web frontend too so my attempt to push them there must have worked. Interesting. I didn't specify --no-tags (and it also wasn't in effect in my global ~/.gitconfig). git tag doesn't print anything in my clone. - probably useful to tag the git commit somehow that marks the switch from CVS to git (eg. last_patch_from_cvs). The conversion guide suggested tagging the cvs repository and I intend to do so. But tagging the git repository seems like adding noise to me, I can't see why anybody should care about the migration point. I have no experience here, it was just an idea. Tagging the CVS repo is probably a good idea (could work as a stop sign). Tagging the git repo would be nice because one could easily list patches from before, and in, the git era. Maybe it's not useful for end users (and you could just make a note about the git hash somewhere else). - after building, git status lists the *.o files and the built binaries as untracked files. For the former, please add a .gitignore file. For the latter, please list them individually in .gitignore too, or else build things in a separate directory, and ignore everything inside that directory. I had noticed too and that was on my to-do list. Now this is done, thanks for the reminder. Please pull again and git status should be quiet now. Looks good, thanks! If it's OK then I'll tag the CVS repository as deprecated. If you can ascertain that the latest tree in git (at last_patch_from_cvs) matches the latest tree in CVS (with a recursive diff excluding the SCM meta-dirs), there's no reason to delay switching I already did that comparison and the result is positive. to git. If you realize later that something's wrong, you can format the new patches from git and reapply them to CVS. (But I don't expect anything to go wrong.) I am more worried about the history being incorrect, due to incorrect or missing options during the conversion. That being said, the history of dmidecode is very simple (which is why I did not bother switching to git so far) so hopefully the basic settings were good enough. Thank you for migrating to git! Laszlo
[Qemu-devel] [RFC PATCH V7 07/19] protect TBContext with tb_lock.
From: KONRAD Frederic fred.kon...@greensocs.com
This protects TBContext with tb_lock to make tb_* thread safe.
We can still have issue with tb_flush in case of multithread TCG:
An other CPU can be executing code during a flush.
This can be fixed later by making all other TCG thread exiting before calling
tb_flush().
tb_find_slow is separated into tb_find_slow and tb_find_physical as the whole
tb_find_slow doesn't require to lock the tb.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
Changes:
V6 - V7:
* Drop a tb_lock in already locked restore_state_to_opc.
V5 - V6:
* Drop a tb_lock arround tb_find_fast in cpu-exec.c.
---
cpu-exec.c | 58 +---
include/exec/exec-all.h | 1 +
target-arm/translate.c | 3 ++
tcg/tcg.h | 14 -
translate-all.c | 137 +---
5 files changed, 162 insertions(+), 51 deletions(-)
diff --git a/cpu-exec.c b/cpu-exec.c
index f3358a9..a012e9d 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -131,6 +131,8 @@ static void init_delay_params(SyncClocks *sc, const
CPUState *cpu)
void cpu_loop_exit(CPUState *cpu)
{
cpu-current_tb = NULL;
+/* Release those mutex before long jump so other thread can work. */
+tb_lock_reset();
siglongjmp(cpu-jmp_env, 1);
}
@@ -143,6 +145,8 @@ void cpu_resume_from_signal(CPUState *cpu, void *puc)
/* XXX: restore cpu registers saved in host registers */
cpu-exception_index = -1;
+/* Release those mutex before long jump so other thread can work. */
+tb_lock_reset();
siglongjmp(cpu-jmp_env, 1);
}
@@ -253,10 +257,8 @@ static void cpu_exec_nocache(CPUState *cpu, int max_cycles,
tb_free(tb);
}
-static TranslationBlock *tb_find_slow(CPUState *cpu,
- target_ulong pc,
- target_ulong cs_base,
- uint64_t flags)
+static TranslationBlock *tb_find_physical(CPUState *cpu, target_ulong pc,
+ target_ulong cs_base, uint64_t flags)
{
CPUArchState *env = (CPUArchState *)cpu-env_ptr;
TranslationBlock *tb, **ptb1;
@@ -273,8 +275,9 @@ static TranslationBlock *tb_find_slow(CPUState *cpu,
ptb1 = tcg_ctx.tb_ctx.tb_phys_hash[h];
for(;;) {
tb = *ptb1;
-if (!tb)
-goto not_found;
+if (!tb) {
+return tb;
+}
if (tb-pc == pc
tb-page_addr[0] == phys_page1
tb-cs_base == cs_base
@@ -282,28 +285,42 @@ static TranslationBlock *tb_find_slow(CPUState *cpu,
/* check next page if needed */
if (tb-page_addr[1] != -1) {
tb_page_addr_t phys_page2;
-
virt_page2 = (pc TARGET_PAGE_MASK) +
TARGET_PAGE_SIZE;
phys_page2 = get_page_addr_code(env, virt_page2);
-if (tb-page_addr[1] == phys_page2)
-goto found;
+if (tb-page_addr[1] == phys_page2) {
+return tb;
+}
} else {
-goto found;
+return tb;
}
}
ptb1 = tb-phys_hash_next;
}
- not_found:
- /* if no translated code available, then translate it now */
-tb = tb_gen_code(cpu, pc, cs_base, flags, 0);
-
- found:
-/* Move the last found TB to the head of the list */
-if (likely(*ptb1)) {
-*ptb1 = tb-phys_hash_next;
-tb-phys_hash_next = tcg_ctx.tb_ctx.tb_phys_hash[h];
-tcg_ctx.tb_ctx.tb_phys_hash[h] = tb;
+return tb;
+}
+
+static TranslationBlock *tb_find_slow(CPUState *cpu, target_ulong pc,
+ target_ulong cs_base, uint64_t flags)
+{
+/*
+ * First try to get the tb if we don't find it we need to lock and compile
+ * it.
+ */
+TranslationBlock *tb;
+
+tb = tb_find_physical(cpu, pc, cs_base, flags);
+if (!tb) {
+tb_lock();
+/*
+ * Retry to get the TB in case a CPU just translate it to avoid having
+ * duplicated TB in the pool.
+ */
+tb = tb_find_physical(cpu, pc, cs_base, flags);
+if (!tb) {
+tb = tb_gen_code(cpu, pc, cs_base, flags, 0);
+}
+tb_unlock();
}
/* we add the TB in the virtual pc hash table */
cpu-tb_jmp_cache[tb_jmp_cache_hash_func(pc)] = tb;
@@ -326,6 +343,7 @@ static inline TranslationBlock *tb_find_fast(CPUState *cpu)
tb-flags != flags)) {
tb = tb_find_slow(cpu, pc, cs_base, flags);
}
+
return tb;
}
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 55a6ff2..9f1c1cb 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -74,6 +74,7 @@ typedef struct TranslationBlock TranslationBlock;
void gen_intermediate_code(CPUArchState *env, struct TranslationBlock *tb);
void
Re: [Qemu-devel] [RFC PATCH V7 10/19] cpu: remove exit_request global.
On 10/08/2015 17:27, fred.kon...@greensocs.com wrote:
{
if (current_cpu) {
cpu_exit(current_cpu);
}
-exit_request = 1;
+
+/* FIXME: We might want to check if the cpu is running? */
+tcg_thread_cpu-exit_request = true;
}
#ifdef CONFIG_LINUX
@@ -1151,6 +1159,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
CPUState *cpu = arg;
qemu_mutex_lock_iothread();
+tcg_thread_cpu = cpu;
qemu_tcg_init_cpu_signals();
qemu_thread_get_self(cpu-thread);
This only makes sense for MTTCG, so it should be squashed in patch 11, I
think.
Paolo
Re: [Qemu-devel] [RFC PATCH V7 01/19] cpus: protect queued_work_* with work_mutex.
On 10/08/2015 18:04, Frederic Konrad wrote:
On 10/08/2015 17:59, Paolo Bonzini wrote:
On 10/08/2015 17:26, fred.kon...@greensocs.com wrote:
+qemu_mutex_lock(cpu-work_mutex);
while ((wi = cpu-queued_work_first)) {
cpu-queued_work_first = wi-next;
+qemu_mutex_unlock(cpu-work_mutex);
wi-func(wi-data);
+qemu_mutex_lock(cpu-work_mutex);
wi-done = true;
This should be atomic_mb_set
Isn't that protected by the mutex?
This use is not protected by the mutex:
@@ -853,6 +855,7 @@ void run_on_cpu(CPUState *cpu, void (*func)(void *data),
void *data)
cpu-queued_work_last = wi;
wi.next = NULL;
wi.done = false;
+qemu_mutex_unlock(cpu-work_mutex);
qemu_cpu_kick(cpu);
while (!wi.done) {
Paolo
Or maybe it's used somewhere else?
if (wi-free) {
g_free(wi);
}
}
cpu-queued_work_last = NULL;
... and I'm a bit afraid of leaving the state of the list inconsistent,
so I'd move this after the cpu-queued_work_first assignment. Otherwise
the patch looks good, I'm queuing it for 2.5.
Paolo
+qemu_mutex_unlock(cpu-work_mutex);
+
Re: [Qemu-devel] [PATCH 1/3] firmware: introduce sysfs driver for QEMU's fw_cfg device
On Mon, Aug 10, 2015 at 11:30:54AM -0700, Greg KH wrote: On Mon, Aug 10, 2015 at 12:31:18PM -0400, Gabriel L. Somlo wrote: From: Gabriel Somlo so...@cmu.edu Make fw_cfg entries of type file available via sysfs. Entries are listed under /sys/firmware/fw_cfg/by_select, in folders named after each entry's selector key. Filename, selector value, and size read-only attributes are included for each entry. Also, a raw attribute allows retrieval of the full binary content of each entry. This patch also provides a documentation file outlining the guest-side hardware interface exposed by the QEMU fw_cfg device. Signed-off-by: Gabriel Somlo so...@cmu.edu --- Documentation/ABI/testing/sysfs-firmware-fw_cfg | 169 + drivers/firmware/Kconfig| 10 + drivers/firmware/Makefile | 1 + drivers/firmware/fw_cfg.c | 438 4 files changed, 618 insertions(+) create mode 100644 Documentation/ABI/testing/sysfs-firmware-fw_cfg create mode 100644 drivers/firmware/fw_cfg.c diff --git a/Documentation/ABI/testing/sysfs-firmware-fw_cfg b/Documentation/ABI/testing/sysfs-firmware-fw_cfg new file mode 100644 index 000..3a7e7f2 --- /dev/null +++ b/Documentation/ABI/testing/sysfs-firmware-fw_cfg @@ -0,0 +1,169 @@ +What: /sys/firmware/fw_cfg/ /sys/firmware/qemu_fw/ ? fw_cfg is very vague and not descriptive at all. How about /sys/firmware/qemu_fw_cfg/, then ? In the QEMU universe, fw_cfg is familiar. OTOH qemu_fw would not immediately ring a bell... +Date: August 2015 +Contact: Gabriel Somlo so...@cmu.edu +Description: + Several different architectures supported by QEMU (x86, arm, + sun4*, ppc/mac) are provisioned with a firmware configuration + (fw_cfg) device, used by the host to provide configuration data + to the starting guest. While most of this data is meant for use + by the guest BIOS, starting with QEMU v2.4, guest VMs may be + started with arbitrary fw_cfg entries supplied directly on the + command line, which therefore may be of interest to userspace. + + === Guest-side Hardware Interface === + + The fw_cfg device is available to guest VMs as a pair (control + and data) of registers, accessible as either a IO ports or as + MMIO addresses, depending on the architecture. + + --- Control Register --- + + Width: 16-bit + Access: Write-Only + Endianness: LE (if IOport) or BE (if MMIO) + + A write to the control register selects the index for one of + the firmware configuration items (or blobs) available on the + fw_cfg device, which can subsequently be read from the data + register. + + Each time the control register is written, an data offset + internal to the fw_cfg device will be set to zero. This data + offset impacts which portion of the selected fw_cfg blob is + accessed by reading the data register, as explained below. + + --- Data Register --- + + Width: 8-bit (if IOport), or 8/16/32/64-bit (if MMIO) + Access: Read-Only + Endianness: string preserving + + The data register allows access to an array of bytes which + represent the fw_cfg blob last selected by a write to the + control register. + + Immediately following a write to the control register, the data + offset will be set to zero. Each successful read access to the + data register will increment the data offset by the appropriate + access width. + + Each fw_cfg blob has a maximum associated data length. Once the + data offset exceeds this maximum length, any subsequent reads + via the data register will return 0x00. + + An N-byte wide read of the data register will return the next + available N bytes of the selected fw_cfg blob, as a substring, + in increasing address order, similar to memcpy(), zero-padded + if necessary should the maximum data length of the selected + item be reached, as described above. + + --- Per-arch Register Details --- + + - + archaccess base ctrlctrldatadata + modeaddress offset endian offset width + max. + - + x86 IOport0x510 0 LE 18 + x86_64 IOport
Re: [Qemu-devel] QEMU 2.4 for Windows - current status
Am 10.08.2015 um 16:00 schrieb Paolo Bonzini: On 10/08/2015 13:39, Stefan Weil wrote: Could somebody add some notes to the 'Known issues' section of the changelog summarising the problems, please (whether it affects all Windows build environments or only some, whether this is a regression or not, etc): http://wiki.qemu.org/ChangeLog/2.4#Known_issues thanks -- PMM Done. I also added the BIOS regression Isn't it harmless anyway? Paolo I assume it is harmless for most users who don't use much BIOS functionality. Nevertheless there are several outl function calls with wrong argument order. Those calls won't work as expected. I don't know how important this is. My QEMU tree includes trace messages for unaligned i/o, so users of my precompiled QEMU for Windows will see a message during system boot. Regards Stefan signature.asc Description: OpenPGP digital signature
[Qemu-devel] [RFC PATCH V7 00/19] Multithread TCG.
From: KONRAD Frederic fred.kon...@greensocs.com This is the 7th round of the MTTCG patch series. It can be cloned from: g...@git.greensocs.com:fkonrad/mttcg.git branch multi_tcg_v7. This patch-set try to address the different issues in the global picture of MTTCG, presented on the wiki. == Needed patch for our work == Some preliminaries are needed for our work: * current_cpu doesn't make sense in mttcg so a tcg_executing flag is added to the CPUState. * We need to run some work safely when all VCPUs are outside their execution loop. This is done with the async_run_safe_work_on_cpu function introduced in this series. * QemuSpin lock is introduced (on posix only yet) to allow a faster handling of atomic instruction. == Code generation and cache == As Qemu stands, there is no protection at all against two threads attempting to generate code at the same time or modifying a TranslationBlock. The protect TBContext with tb_lock patch address the issue of code generation and makes all the tb_* function thread safe (except tb_flush). This raised the question of one or multiple caches. We choosed to use one unified cache because it's easier as a first step and since the structure of QEMU effectively has a ‘local’ cache per CPU in the form of the jump cache, we don't see the benefit of having two pools of tbs. == Dirty tracking == Protecting the IOs: To allows all VCPUs threads to run at the same time we need to drop the global_mutex as soon as possible. The io access need to take the mutex. This is likely to change when http://thread.gmane.org/gmane.comp.emulators.qemu/345258 will be upstreamed. Invalidation of TranslationBlocks: We can have all VCPUs running during an invalidation. Each VCPU is able to clean it's jump cache itself as it is in CPUState so that can be handled by a simple call to async_run_on_cpu. However tb_invalidate also writes to the TranslationBlock which is shared as we have only one pool. Hence this part of invalidate requires all VCPUs to exit before it can be done. Hence the async_run_safe_work_on_cpu is introduced to handle this case. == Atomic instruction == For now only ARM on x64 is supported by using an cmpxchg instruction. Specifically the limitation of this approach is that it is harder to support 64bit ARM on a host architecture that is multi-core, but only supports 32 bit cmpxchg (we believe this could be the case for some PPC cores). For now this case is not correctly handled. The existing atomic patch will attempt to execute the 64 bit cmpxchg functionality in a non thread safe fashion. Our intention is to provide a new multi-thread ARM atomic patch for 64bit ARM on effective 32bit hosts. This atomic instruction part has been tested with Alexander's atomic stress repo available here: https://lists.gnu.org/archive/html/qemu-devel/2015-06/msg05585.html The execution is a little slower than upstream probably because of the different VCPU fight for the mutex. Swaping arm_exclusive_lock from mutex to spin_lock reduce considerably the difference. == Testing == A simple double dhrystone test in SMP 2 with vexpress-a15 in a linux guest show a good performance progression: it takes basically 18s upstream to complete vs 10s with MTTCG. Testing image is available here: https://cloud.greensocs.com/index.php/s/CfHSLzDH5pmTkW3 Then simply: ./configure --target-list=arm-softmmu make -j8 ./arm-softmmu/qemu-system-arm -M vexpress-a15 -smp 2 -kernel zImage -initrd rootfs.ext2 -dtb vexpress-v2p-ca15-tc1.dtb --nographic --append console=ttyAMA0 login: root The dhrystone command is the last one in the history. dhrystone 1000 dhrystone 1000 The atomic spinlock benchmark from Alexander shows that atomic basically work. Just follow the instruction here: https://lists.gnu.org/archive/html/qemu-devel/2015-06/msg05585.html == Known issues == * GDB stub: GDB stub is not tested right now it will probably requires some changes to work. * deadlock on exit: When exiting QEMU Ctrl-C some VCPU's thread are not able to exit and continue execution. http://git.greensocs.com/fkonrad/mttcg/issues/1 * memory_region_rom_device_set_romd from pflash01 just crashes the TCG code. Strangely this happen only with -smp 4 and 2 in the DTB. http://git.greensocs.com/fkonrad/mttcg/issues/2 Changes V6 - V7: * global_lock: * Don't protect softmmu read/write helper as it's now done in adress_space_rw. * tcg_exec_flag: * Make the flag atomically test and set through an API. * introduce async_safe_work: * move qemu_cpu_kick_thread to avoid prototype declaration. * use the work_mutex. * async_work: * protect it with a mutex (work_mutex) against concurent access. * tb_lock: * protect tcg_malloc_internal as well. * signal the VCPU even of current_cpu is NULL. * added PSCI patch. * rebased on v2.4.0-rc0 (6169b60285fe1ff730d840a49527e721bfb30899). Changes V5 - V6: * Introduce async_safe_work to do the tb_flush and some
[Qemu-devel] [RFC PATCH V7 05/19] remove unused spinlock.
From: KONRAD Frederic fred.kon...@greensocs.com
This just removes spinlock as it is not used anymore.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
Changes V6 - V7:
* Drop the checkpatch part.
---
include/exec/spinlock.h | 49 -
1 file changed, 49 deletions(-)
delete mode 100644 include/exec/spinlock.h
diff --git a/include/exec/spinlock.h b/include/exec/spinlock.h
deleted file mode 100644
index a72edda..000
--- a/include/exec/spinlock.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 2003 Fabrice Bellard
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see http://www.gnu.org/licenses/
- */
-
-/* configure guarantees us that we have pthreads on any host except
- * mingw32, which doesn't support any of the user-only targets.
- * So we can simply assume we have pthread mutexes here.
- */
-#if defined(CONFIG_USER_ONLY)
-
-#include pthread.h
-#define spin_lock pthread_mutex_lock
-#define spin_unlock pthread_mutex_unlock
-#define spinlock_t pthread_mutex_t
-#define SPIN_LOCK_UNLOCKED PTHREAD_MUTEX_INITIALIZER
-
-#else
-
-/* Empty implementations, on the theory that system mode emulation
- * is single-threaded. This means that these functions should only
- * be used from code run in the TCG cpu thread, and cannot protect
- * data structures which might also be accessed from the IO thread
- * or from signal handlers.
- */
-typedef int spinlock_t;
-#define SPIN_LOCK_UNLOCKED 0
-
-static inline void spin_lock(spinlock_t *lock)
-{
-}
-
-static inline void spin_unlock(spinlock_t *lock)
-{
-}
-
-#endif
--
1.9.0
[Qemu-devel] [RFC PATCH V7 01/19] cpus: protect queued_work_* with work_mutex.
From: KONRAD Frederic fred.kon...@greensocs.com
This protects queued_work_* used by async_run_on_cpu, run_on_cpu and
flush_queued_work with a new lock (work_mutex) to prevent multiple (concurrent)
access.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
Reviewed-by: Alex Bennée alex.ben...@linaro.org
Changes V1 - V2:
* Unlock the mutex while running the callback.
---
cpus.c| 11 +++
include/qom/cpu.h | 3 +++
qom/cpu.c | 1 +
3 files changed, 15 insertions(+)
diff --git a/cpus.c b/cpus.c
index b00a423..eabd4b1 100644
--- a/cpus.c
+++ b/cpus.c
@@ -845,6 +845,8 @@ void run_on_cpu(CPUState *cpu, void (*func)(void *data),
void *data)
wi.func = func;
wi.data = data;
wi.free = false;
+
+qemu_mutex_lock(cpu-work_mutex);
if (cpu-queued_work_first == NULL) {
cpu-queued_work_first = wi;
} else {
@@ -853,6 +855,7 @@ void run_on_cpu(CPUState *cpu, void (*func)(void *data),
void *data)
cpu-queued_work_last = wi;
wi.next = NULL;
wi.done = false;
+qemu_mutex_unlock(cpu-work_mutex);
qemu_cpu_kick(cpu);
while (!wi.done) {
@@ -876,6 +879,8 @@ void async_run_on_cpu(CPUState *cpu, void (*func)(void
*data), void *data)
wi-func = func;
wi-data = data;
wi-free = true;
+
+qemu_mutex_lock(cpu-work_mutex);
if (cpu-queued_work_first == NULL) {
cpu-queued_work_first = wi;
} else {
@@ -884,6 +889,7 @@ void async_run_on_cpu(CPUState *cpu, void (*func)(void
*data), void *data)
cpu-queued_work_last = wi;
wi-next = NULL;
wi-done = false;
+qemu_mutex_unlock(cpu-work_mutex);
qemu_cpu_kick(cpu);
}
@@ -896,15 +902,20 @@ static void flush_queued_work(CPUState *cpu)
return;
}
+qemu_mutex_lock(cpu-work_mutex);
while ((wi = cpu-queued_work_first)) {
cpu-queued_work_first = wi-next;
+qemu_mutex_unlock(cpu-work_mutex);
wi-func(wi-data);
+qemu_mutex_lock(cpu-work_mutex);
wi-done = true;
if (wi-free) {
g_free(wi);
}
}
cpu-queued_work_last = NULL;
+qemu_mutex_unlock(cpu-work_mutex);
+
qemu_cond_broadcast(qemu_work_cond);
}
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 20aabc9..efa9624 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -242,6 +242,8 @@ struct kvm_run;
* @mem_io_pc: Host Program Counter at which the memory was accessed.
* @mem_io_vaddr: Target virtual address at which the memory was accessed.
* @kvm_fd: vCPU file descriptor for KVM.
+ * @work_mutex: Lock to prevent multiple access to queued_work_*.
+ * @queued_work_first: First asynchronous work pending.
*
* State of one CPU core or thread.
*/
@@ -262,6 +264,7 @@ struct CPUState {
uint32_t host_tid;
bool running;
struct QemuCond *halt_cond;
+QemuMutex work_mutex;
struct qemu_work_item *queued_work_first, *queued_work_last;
bool thread_kicked;
bool created;
diff --git a/qom/cpu.c b/qom/cpu.c
index eb9cfec..4e12598 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -316,6 +316,7 @@ static void cpu_common_initfn(Object *obj)
cpu-gdb_num_regs = cpu-gdb_num_g_regs = cc-gdb_num_core_regs;
QTAILQ_INIT(cpu-breakpoints);
QTAILQ_INIT(cpu-watchpoints);
+qemu_mutex_init(cpu-work_mutex);
}
static void cpu_common_finalize(Object *obj)
--
1.9.0
[Qemu-devel] [RFC PATCH V7 02/19] cpus: add tcg_exec_flag.
From: KONRAD Frederic fred.kon...@greensocs.com
This flag indicates the state of the VCPU thread:
* 0 if the VCPU is allowed to execute code.
* 1 if the VCPU is currently executing code.
* -1 if the VCPU is not allowed to execute code.
This allows to atomically check and run safe work or check and continue the TCG
execution.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
Changes V2 - V3:
* introduce a third state which allow or not the execution.
* atomically check and set the flag when starting or blocking the code
execution.
Changes V1 - V2:
* do both tcg_executing = 0 or 1 in cpu_exec().
---
cpu-exec.c| 5 +
include/qom/cpu.h | 32
qom/cpu.c | 19 +++
3 files changed, 56 insertions(+)
diff --git a/cpu-exec.c b/cpu-exec.c
index 75694f3..e1a 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -371,6 +371,10 @@ int cpu_exec(CPUState *cpu)
cpu-halted = 0;
}
+if (!tcg_cpu_try_start_execution(cpu)) {
+cpu-exit_request = 1;
+return 0;
+}
current_cpu = cpu;
/* As long as current_cpu is null, up to the assignment just above,
@@ -583,5 +587,6 @@ int cpu_exec(CPUState *cpu)
/* fail safe : never use current_cpu outside cpu_exec() */
current_cpu = NULL;
+tcg_cpu_allow_execution(cpu);
return ret;
}
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index efa9624..de7487e 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -226,6 +226,7 @@ struct kvm_run;
* @stopped: Indicates the CPU has been artificially stopped.
* @tcg_exit_req: Set to force TCG to stop executing linked TBs for this
* CPU and return to its top level loop.
+ * @tcg_exec_flag: See tcg_cpu_flag_* function.
* @singlestep_enabled: Flags for single-stepping.
* @icount_extra: Instructions until next timer event.
* @icount_decr: Number of cycles left, with interrupt flag in high bit.
@@ -322,6 +323,8 @@ struct CPUState {
(absolute value) offset as small as possible. This reduces code
size, especially for hosts without large memory offsets. */
volatile sig_atomic_t tcg_exit_req;
+
+int tcg_exec_flag;
};
QTAILQ_HEAD(CPUTailQ, CPUState);
@@ -337,6 +340,35 @@ extern struct CPUTailQ cpus;
DECLARE_TLS(CPUState *, current_cpu);
#define current_cpu tls_var(current_cpu)
+
+/**
+ * tcg_cpu_try_block_execution
+ * @cpu: The CPU to block the execution
+ *
+ * Try to set the tcg_exec_flag to -1 saying the CPU can't execute code if the
+ * CPU is not executing code.
+ * Returns true if the cpu execution is blocked, false otherwise.
+ */
+bool tcg_cpu_try_block_execution(CPUState *cpu);
+
+/**
+ * tcg_cpu_allow_execution
+ * @cpu: The CPU to allow the execution.
+ *
+ * Just reset the state of tcg_exec_flag, and allow the execution of some code.
+ */
+void tcg_cpu_allow_execution(CPUState *cpu);
+
+/**
+ * tcg_cpu_try_start_execution
+ * @cpu: The CPU to start the execution.
+ *
+ * Just set the tcg_exec_flag to 1 saying the CPU is executing code if the CPU
+ * is allowed to run some code.
+ * Returns true if the cpu can execute, false otherwise.
+ */
+bool tcg_cpu_try_start_execution(CPUState *cpu);
+
/**
* cpu_paging_enabled:
* @cpu: The CPU whose state is to be inspected.
diff --git a/qom/cpu.c b/qom/cpu.c
index 4e12598..e32f90c 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -26,6 +26,23 @@
#include qemu/error-report.h
#include sysemu/sysemu.h
+bool tcg_cpu_try_block_execution(CPUState *cpu)
+{
+return (atomic_cmpxchg(cpu-tcg_exec_flag, 0, -1)
+ || (cpu-tcg_exec_flag == -1));
+}
+
+void tcg_cpu_allow_execution(CPUState *cpu)
+{
+cpu-tcg_exec_flag = 0;
+}
+
+bool tcg_cpu_try_start_execution(CPUState *cpu)
+{
+return (atomic_cmpxchg(cpu-tcg_exec_flag, 0, 1)
+ || (cpu-tcg_exec_flag == 1));
+}
+
bool cpu_exists(int64_t id)
{
CPUState *cpu;
@@ -249,6 +266,8 @@ static void cpu_common_reset(CPUState *cpu)
cpu-icount_decr.u32 = 0;
cpu-can_do_io = 0;
cpu-exception_index = -1;
+
+tcg_cpu_allow_execution(cpu);
memset(cpu-tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof(void *));
}
--
1.9.0
[Qemu-devel] [RFC PATCH V7 12/19] Use atomic cmpxchg to atomically check the exclusive value in a STREX
From: KONRAD Frederic fred.kon...@greensocs.com
This mechanism replaces the existing load/store exclusive mechanism which seems
to be broken for multithread.
It follows the intention of the existing mechanism and stores the target address
and data values during a load operation and checks that they remain unchanged
before a store.
In common with the older approach, this provides weaker semantics than required
in that it could be that a different processor writes the same value as a
non-exclusive write, however in practise this seems to be irrelevant.
The old implementation didn’t correctly store it’s values as globals, but rather
kept a local copy per CPU.
This new mechanism stores the values globally and also uses the atomic cmpxchg
macros to ensure atomicity - it is therefore very efficient and threadsafe.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
Changes:
V5 - V6:
* Use spinlock instead of mutex.
* Fix the length for address map.
* Fix the return address for tlb_fill.
V4 - V5:
* Remove atomic_check and atomic_release which were unused.
---
target-arm/cpu.c | 21
target-arm/cpu.h | 6 +++
target-arm/helper.c| 13 +
target-arm/helper.h| 4 ++
target-arm/op_helper.c | 128 -
target-arm/translate.c | 98 +++--
6 files changed, 188 insertions(+), 82 deletions(-)
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 8b4323d..ba0d2a7 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -30,6 +30,26 @@
#include sysemu/kvm.h
#include kvm_arm.h
+/* Protect cpu_exclusive_* variable .*/
+__thread bool cpu_have_exclusive_lock;
+QemuSpin cpu_exclusive_lock;
+
+inline void arm_exclusive_lock(void)
+{
+if (!cpu_have_exclusive_lock) {
+qemu_spin_lock(cpu_exclusive_lock);
+cpu_have_exclusive_lock = true;
+}
+}
+
+inline void arm_exclusive_unlock(void)
+{
+if (cpu_have_exclusive_lock) {
+cpu_have_exclusive_lock = false;
+qemu_spin_unlock(cpu_exclusive_lock);
+}
+}
+
static void arm_cpu_set_pc(CPUState *cs, vaddr value)
{
ARMCPU *cpu = ARM_CPU(cs);
@@ -469,6 +489,7 @@ static void arm_cpu_initfn(Object *obj)
cpu-psci_version = 2; /* TCG implements PSCI 0.2 */
if (!inited) {
inited = true;
+qemu_spin_init(cpu_exclusive_lock);
arm_translate_init();
}
}
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 7e89152..f8d04fa 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -515,6 +515,9 @@ static inline bool is_a64(CPUARMState *env)
int cpu_arm_signal_handler(int host_signum, void *pinfo,
void *puc);
+bool arm_get_phys_addr(CPUARMState *env, target_ulong address, int access_type,
+ hwaddr *phys_ptr, int *prot, target_ulong *page_size);
+
/**
* pmccntr_sync
* @env: CPUARMState
@@ -1933,4 +1936,7 @@ enum {
QEMU_PSCI_CONDUIT_HVC = 2,
};
+void arm_exclusive_lock(void);
+void arm_exclusive_unlock(void);
+
#endif
diff --git a/target-arm/helper.c b/target-arm/helper.c
index b87afe7..34b465c 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -24,6 +24,15 @@ static inline bool get_phys_addr(CPUARMState *env,
target_ulong address,
#define PMCRE 0x1
#endif
+bool arm_get_phys_addr(CPUARMState *env, target_ulong address, int access_type,
+ hwaddr *phys_ptr, int *prot, target_ulong *page_size)
+{
+MemTxAttrs attrs = {};
+uint32_t fsr;
+return get_phys_addr(env, address, access_type, cpu_mmu_index(env),
+ phys_ptr, attrs, prot, page_size, fsr);
+}
+
static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
{
int nregs;
@@ -4824,6 +4833,10 @@ void arm_cpu_do_interrupt(CPUState *cs)
arm_log_exception(cs-exception_index);
+arm_exclusive_lock();
+env-exclusive_addr = -1;
+arm_exclusive_unlock();
+
if (arm_is_psci_call(cpu, cs-exception_index)) {
arm_handle_psci_call(cpu);
qemu_log_mask(CPU_LOG_INT, ...handled as PSCI call\n);
diff --git a/target-arm/helper.h b/target-arm/helper.h
index 827b33d..c77bf04 100644
--- a/target-arm/helper.h
+++ b/target-arm/helper.h
@@ -530,6 +530,10 @@ DEF_HELPER_2(dc_zva, void, env, i64)
DEF_HELPER_FLAGS_2(neon_pmull_64_lo, TCG_CALL_NO_RWG_SE, i64, i64, i64)
DEF_HELPER_FLAGS_2(neon_pmull_64_hi, TCG_CALL_NO_RWG_SE, i64, i64, i64)
+DEF_HELPER_4(atomic_cmpxchg64, i32, env, i32, i64, i32)
+DEF_HELPER_1(atomic_clear, void, env)
+DEF_HELPER_3(atomic_claim, void, env, i32, i64)
+
#ifdef TARGET_AARCH64
#include helper-a64.h
#endif
diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
index 663c05d..ba8c5f5 100644
--- a/target-arm/op_helper.c
+++ b/target-arm/op_helper.c
@@ -30,12 +30,139 @@ static void raise_exception(CPUARMState *env, uint32_t
excp,
CPUState *cs = CPU(arm_env_get_cpu(env));
[Qemu-devel] [RFC PATCH V7 08/19] tcg: remove tcg_halt_cond global variable.
From: KONRAD Frederic fred.kon...@greensocs.com
This removes tcg_halt_cond global variable.
We need one QemuCond per virtual cpu for multithread TCG.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
---
cpus.c | 18 +++---
1 file changed, 7 insertions(+), 11 deletions(-)
diff --git a/cpus.c b/cpus.c
index 2250296..2550be2 100644
--- a/cpus.c
+++ b/cpus.c
@@ -815,7 +815,6 @@ static unsigned iothread_requesting_mutex;
static QemuThread io_thread;
static QemuThread *tcg_cpu_thread;
-static QemuCond *tcg_halt_cond;
/* cpu creation */
static QemuCond qemu_cpu_cond;
@@ -1038,15 +1037,13 @@ static void qemu_wait_io_event_common(CPUState *cpu)
cpu-thread_kicked = false;
}
-static void qemu_tcg_wait_io_event(void)
+static void qemu_tcg_wait_io_event(CPUState *cpu)
{
-CPUState *cpu;
-
while (all_cpu_threads_idle()) {
/* Start accounting real time to the virtual clock if the CPUs
are idle. */
qemu_clock_warp(QEMU_CLOCK_VIRTUAL);
-qemu_cond_wait(tcg_halt_cond, qemu_global_mutex);
+qemu_cond_wait(cpu-halt_cond, qemu_global_mutex);
}
while (iothread_requesting_mutex) {
@@ -1166,7 +1163,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
/* wait for initial kick-off after machine start */
while (first_cpu-stopped) {
-qemu_cond_wait(tcg_halt_cond, qemu_global_mutex);
+qemu_cond_wait(first_cpu-halt_cond, qemu_global_mutex);
/* process any pending work */
CPU_FOREACH(cpu) {
@@ -1187,7 +1184,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
qemu_clock_notify(QEMU_CLOCK_VIRTUAL);
}
}
-qemu_tcg_wait_io_event();
+qemu_tcg_wait_io_event(QTAILQ_FIRST(cpus));
}
return NULL;
@@ -1328,12 +1325,12 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
tcg_cpu_address_space_init(cpu, cpu-as);
+cpu-halt_cond = g_malloc0(sizeof(QemuCond));
+qemu_cond_init(cpu-halt_cond);
+
/* share a single thread for all cpus with TCG */
if (!tcg_cpu_thread) {
cpu-thread = g_malloc0(sizeof(QemuThread));
-cpu-halt_cond = g_malloc0(sizeof(QemuCond));
-qemu_cond_init(cpu-halt_cond);
-tcg_halt_cond = cpu-halt_cond;
snprintf(thread_name, VCPU_THREAD_NAME_SIZE, CPU %d/TCG,
cpu-cpu_index);
qemu_thread_create(cpu-thread, thread_name, qemu_tcg_cpu_thread_fn,
@@ -1347,7 +1344,6 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
tcg_cpu_thread = cpu-thread;
} else {
cpu-thread = tcg_cpu_thread;
-cpu-halt_cond = tcg_halt_cond;
}
}
--
1.9.0
[Qemu-devel] [RFC PATCH V7 04/19] replace spinlock by QemuMutex.
From: KONRAD Frederic fred.kon...@greensocs.com
spinlock is only used in two cases:
* cpu-exec.c: to protect TranslationBlock
* mem_helper.c: for lock helper in target-i386 (which seems broken).
It's a pthread_mutex_t in user-mode so better using QemuMutex directly in this
case.
It allows as well to reuse tb_lock mutex of TBContext in case of multithread
TCG.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
---
cpu-exec.c | 15 +++
include/exec/exec-all.h | 4 ++--
linux-user/main.c| 6 +++---
target-i386/mem_helper.c | 16 +---
tcg/i386/tcg-target.c| 8
5 files changed, 37 insertions(+), 12 deletions(-)
diff --git a/cpu-exec.c b/cpu-exec.c
index 97805cc..f3358a9 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -361,7 +361,9 @@ int cpu_exec(CPUState *cpu)
SyncClocks sc;
/* This must be volatile so it is not trashed by longjmp() */
+#if defined(CONFIG_USER_ONLY)
volatile bool have_tb_lock = false;
+#endif
if (async_safe_work_pending()) {
cpu-exit_request = 1;
@@ -488,8 +490,10 @@ int cpu_exec(CPUState *cpu)
cpu-exception_index = EXCP_INTERRUPT;
cpu_loop_exit(cpu);
}
-spin_lock(tcg_ctx.tb_ctx.tb_lock);
+#if defined(CONFIG_USER_ONLY)
+qemu_mutex_lock(tcg_ctx.tb_ctx.tb_lock);
have_tb_lock = true;
+#endif
tb = tb_find_fast(cpu);
/* Note: we do it here to avoid a gcc bug on Mac OS X when
doing it in tb_find_slow */
@@ -511,9 +515,10 @@ int cpu_exec(CPUState *cpu)
tb_add_jump((TranslationBlock *)(next_tb ~TB_EXIT_MASK),
next_tb TB_EXIT_MASK, tb);
}
+#if defined(CONFIG_USER_ONLY)
have_tb_lock = false;
-spin_unlock(tcg_ctx.tb_ctx.tb_lock);
-
+qemu_mutex_unlock(tcg_ctx.tb_ctx.tb_lock);
+#endif
/* cpu_interrupt might be called while translating the
TB, but before it is linked into a potentially
infinite loop and becomes env-current_tb. Avoid
@@ -580,10 +585,12 @@ int cpu_exec(CPUState *cpu)
x86_cpu = X86_CPU(cpu);
env = x86_cpu-env;
#endif
+#if defined(CONFIG_USER_ONLY)
if (have_tb_lock) {
-spin_unlock(tcg_ctx.tb_ctx.tb_lock);
+qemu_mutex_unlock(tcg_ctx.tb_ctx.tb_lock);
have_tb_lock = false;
}
+#endif
}
} /* for(;;) */
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index a6fce04..55a6ff2 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -176,7 +176,7 @@ struct TranslationBlock {
struct TranslationBlock *jmp_first;
};
-#include exec/spinlock.h
+#include qemu/thread.h
typedef struct TBContext TBContext;
@@ -186,7 +186,7 @@ struct TBContext {
TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
int nb_tbs;
/* any access to the tbs or the page table must use this lock */
-spinlock_t tb_lock;
+QemuMutex tb_lock;
/* statistics */
int tb_flush_count;
diff --git a/linux-user/main.c b/linux-user/main.c
index 05914b1..20e7199 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -107,7 +107,7 @@ static int pending_cpus;
/* Make sure everything is in a consistent state for calling fork(). */
void fork_start(void)
{
-pthread_mutex_lock(tcg_ctx.tb_ctx.tb_lock);
+qemu_mutex_lock(tcg_ctx.tb_ctx.tb_lock);
pthread_mutex_lock(exclusive_lock);
mmap_fork_start();
}
@@ -129,11 +129,11 @@ void fork_end(int child)
pthread_mutex_init(cpu_list_mutex, NULL);
pthread_cond_init(exclusive_cond, NULL);
pthread_cond_init(exclusive_resume, NULL);
-pthread_mutex_init(tcg_ctx.tb_ctx.tb_lock, NULL);
+qemu_mutex_init(tcg_ctx.tb_ctx.tb_lock);
gdbserver_fork(thread_cpu);
} else {
pthread_mutex_unlock(exclusive_lock);
-pthread_mutex_unlock(tcg_ctx.tb_ctx.tb_lock);
+qemu_mutex_unlock(tcg_ctx.tb_ctx.tb_lock);
}
}
diff --git a/target-i386/mem_helper.c b/target-i386/mem_helper.c
index 1aec8a5..7106cc3 100644
--- a/target-i386/mem_helper.c
+++ b/target-i386/mem_helper.c
@@ -23,17 +23,27 @@
/* broken thread support */
-static spinlock_t global_cpu_lock = SPIN_LOCK_UNLOCKED;
+#if defined(CONFIG_USER_ONLY)
+QemuMutex global_cpu_lock;
void helper_lock(void)
{
-spin_lock(global_cpu_lock);
+qemu_mutex_lock(global_cpu_lock);
}
void helper_unlock(void)
{
-spin_unlock(global_cpu_lock);
+qemu_mutex_unlock(global_cpu_lock);
}
+#else
+void helper_lock(void)
+{
+}
+
+void helper_unlock(void)
+{
+}
+#endif
void helper_cmpxchg8b(CPUX86State *env, target_ulong a0)
{
diff --git a/tcg/i386/tcg-target.c b/tcg/i386/tcg-target.c
index ff4d9cf..0d7c99c 100644
--- a/tcg/i386/tcg-target.c
[Qemu-devel] [RFC PATCH V7 17/19] translate-all: (wip) use tb_flush_safe when we can't alloc more tb.
From: KONRAD Frederic fred.kon...@greensocs.com
This changes just the tb_flush called from tb_alloc.
TODO:
* changes the other tb_flush.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
---
translate-all.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/translate-all.c b/translate-all.c
index 7094bf0..cabce75 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -1148,7 +1148,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
tb = tb_alloc(pc);
if (!tb) {
/* flush must be done */
-tb_flush(cpu);
+tb_flush_safe(cpu);
/* cannot fail at this point */
tb = tb_alloc(pc);
/* Don't forget to invalidate previous TB info. */
--
1.9.0
Re: [Qemu-devel] [RFC PATCH V7 14/19] cpu: introduce tlb_flush*_all.
On 10/08/2015 17:27, fred.kon...@greensocs.com wrote:
From: KONRAD Frederic fred.kon...@greensocs.com
Some architectures allow to flush the tlb of other VCPUs. This is not a
problem
when we have only one thread for all VCPUs but it definitely needs to be an
asynchronous work when we are in true multithreaded work.
TODO: Some test case, I fear some bad results in case a VCPUs execute a
barrier
or something like that.
Signed-off-by: KONRAD Frederic fred.kon...@greensocs.com
---
cputlb.c| 76
+
include/exec/exec-all.h | 2 ++
2 files changed, 78 insertions(+)
I still believe this should be a target-specific change. This would
also make it easier to do the remote TLB flush synchronously, as is the
case on ARM (if I understand correctly).
Paolo
diff --git a/cputlb.c b/cputlb.c
index 79fff1c..e5853fd 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -72,6 +72,45 @@ void tlb_flush(CPUState *cpu, int flush_global)
tlb_flush_count++;
}
+struct TLBFlushParams {
+CPUState *cpu;
+int flush_global;
+};
+
+static void tlb_flush_async_work(void *opaque)
+{
+struct TLBFlushParams *params = opaque;
+
+tlb_flush(params-cpu, params-flush_global);
+g_free(params);
+}
+
+void tlb_flush_all(int flush_global)
+{
+CPUState *cpu;
+struct TLBFlushParams *params;
+
+#if 0 /* MTTCG */
+CPU_FOREACH(cpu) {
+tlb_flush(cpu, flush_global);
+}
+#else
+CPU_FOREACH(cpu) {
+if (qemu_cpu_is_self(cpu)) {
+/* async_run_on_cpu handle this case but this just avoid a malloc
+ * here.
+ */
+tlb_flush(cpu, flush_global);
+} else {
+params = g_malloc(sizeof(struct TLBFlushParams));
+params-cpu = cpu;
+params-flush_global = flush_global;
+async_run_on_cpu(cpu, tlb_flush_async_work, params);
+}
+}
+#endif /* MTTCG */
+}
+
static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
{
if (addr == (tlb_entry-addr_read
@@ -124,6 +163,43 @@ void tlb_flush_page(CPUState *cpu, target_ulong addr)
tb_flush_jmp_cache(cpu, addr);
}
+struct TLBFlushPageParams {
+CPUState *cpu;
+target_ulong addr;
+};
+
+static void tlb_flush_page_async_work(void *opaque)
+{
+struct TLBFlushPageParams *params = opaque;
+
+tlb_flush_page(params-cpu, params-addr);
+g_free(params);
+}
+
+void tlb_flush_page_all(target_ulong addr)
+{
+CPUState *cpu;
+struct TLBFlushPageParams *params;
+
+CPU_FOREACH(cpu) {
+#if 0 /* !MTTCG */
+tlb_flush_page(cpu, addr);
+#else
+if (qemu_cpu_is_self(cpu)) {
+/* async_run_on_cpu handle this case but this just avoid a malloc
+ * here.
+ */
+tlb_flush_page(cpu, addr);
+} else {
+params = g_malloc(sizeof(struct TLBFlushPageParams));
+params-cpu = cpu;
+params-addr = addr;
+async_run_on_cpu(cpu, tlb_flush_page_async_work, params);
+}
+#endif /* MTTCG */
+}
+}
+
/* update the TLBs so that writes to code in the virtual page 'addr'
can be detected */
void tlb_protect_code(ram_addr_t ram_addr)
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 9f1c1cb..e9512df 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -97,7 +97,9 @@ bool qemu_in_vcpu_thread(void);
void cpu_reload_memory_map(CPUState *cpu);
void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as);
/* cputlb.c */
+void tlb_flush_page_all(target_ulong addr);
void tlb_flush_page(CPUState *cpu, target_ulong addr);
+void tlb_flush_all(int flush_global);
void tlb_flush(CPUState *cpu, int flush_global);
void tlb_set_page(CPUState *cpu, target_ulong vaddr,
hwaddr paddr, int prot,
Re: [Qemu-devel] [RFC PATCH V7 19/19] target-arm/psci.c: wake up sleeping CPUs (MTTCG)
On 10/08/2015 17:27, fred.kon...@greensocs.com wrote: From: Alex Bennée alex.ben...@linaro.org Testing with Alexander's bare metal syncronisation tests fails in MTTCG leaving one CPU spinning forever waiting for the second CPU to wake up. We simply need to poke the halt_cond once we have processed the PSCI power on call. Tested-by: Alex Bennée alex.ben...@linaro.org CC: Alexander Spyridakis a.spyrida...@virtualopensystems.com --- target-arm/psci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target-arm/psci.c b/target-arm/psci.c index 20e4cb6..83e309c 100644 --- a/target-arm/psci.c +++ b/target-arm/psci.c @@ -211,6 +211,8 @@ void arm_handle_psci_call(ARMCPU *cpu) } target_cpu_class-set_pc(target_cpu_state, entry); +qemu_cond_signal(target_cpu_state-halt_cond); + qemu_cpu_kick, not qemu_cond_signal. Paolo ret = 0; break; case QEMU_PSCI_0_1_FN_CPU_OFF:
Re: [Qemu-devel] [PATCH 2/3] kobject: export kset_find_obj() to be used from modules
On Mon, Aug 10, 2015 at 11:54:00AM -0700, Greg KH wrote: On Mon, Aug 10, 2015 at 02:43:10PM -0400, Gabriel L. Somlo wrote: On Mon, Aug 10, 2015 at 11:33:04AM -0700, Greg KH wrote: On Mon, Aug 10, 2015 at 12:31:19PM -0400, Gabriel L. Somlo wrote: From: Gabriel Somlo so...@cmu.edu Signed-off-by: Gabriel Somlo so...@cmu.edu --- lib/kobject.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/kobject.c b/lib/kobject.c index 3e3a5c3..f9754a0 100644 --- a/lib/kobject.c +++ b/lib/kobject.c @@ -1058,3 +1058,4 @@ EXPORT_SYMBOL(kobject_del); EXPORT_SYMBOL(kset_register); EXPORT_SYMBOL(kset_unregister); +EXPORT_SYMBOL(kset_find_obj); checkpatch doesn't like this for obvious reasons :) When I run checkpatch on this one, it comes back fine. Could you please elaborate ? [staging]$ scripts/checkpatch.pl 0002-kobject-export-kset_find_obj-to-be-used-from-modules.patch total: 0 errors, 0 warnings, 4 lines checked 0002-kobject-export-kset_find_obj-to-be-used-from-modules.patch has no obvious style problems and is ready for submission. EXPORT_SYMBOL() should be below the function definition itself, not at the bottom of the file. Odd that checkpatch doesn't catch this when done in this manner, it will if you run it on the whole file after your patch is applied (along with the existing problems.) Got it, fix lined up for v2 But this is a minor issue, see my other review first... Yeah, but it was the low hanging fruit, so I replied to it first ;) Thanks much, --Gabriel
[Qemu-devel] [PATCH v14 5/8] i.MX: Add SOC support for i.MX25
For now we support the following devices:
* CPU: ARM926
* Interrupt Controller: AVIC
* CCM
* UART x 5
* EPIT x 2
* GPT x 4
* FEC
* I2C x 3
Signed-off-by: Jean-Christophe Dubois j...@tribudubois.net
---
Changes since v1:
* not present on v1
Changes since v2:
* not present on v2
Changes since v3:
* not present on v3
Changes since v4:
* not present on v4
Changes since v5:
* not present on v5
Changes since v6:
* not present on v6
Changes since v7:
* Added a SOC specific file for i.MX25
Changes since v8:
* use defines instead of hardcoded values for IRQ and ADDR
* reworked the memory allocation for SOC memory
Changes since v9:
* no change
Changes since v10:
* added deescription of supported devices
* rework of UART init to use chardev property
* use memory_region_allocate_system_memory()
* Fix coding style.
Changes since v11:
* no change
Changes since v12:
* no change
Changes since v13:
* Don't use memory_region_allocate_system_memory() to init internl iram
* improve error handling
default-configs/arm-softmmu.mak | 1 +
hw/arm/Makefile.objs| 1 +
hw/arm/fsl-imx25.c | 273
include/hw/arm/fsl-imx25.h | 234 ++
4 files changed, 509 insertions(+)
create mode 100644 hw/arm/fsl-imx25.c
create mode 100644 include/hw/arm/fsl-imx25.h
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 5fa84c6..bf7572b 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -100,6 +100,7 @@ CONFIG_ALLWINNER_A10_PIC=y
CONFIG_ALLWINNER_A10=y
CONFIG_FSL_IMX31=y
+CONFIG_FSL_IMX25=y
CONFIG_IMX_I2C=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 2fbe344..b83aaca 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -13,4 +13,5 @@ obj-y += omap1.o omap2.o strongarm.o
obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
+obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o
obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
diff --git a/hw/arm/fsl-imx25.c b/hw/arm/fsl-imx25.c
new file mode 100644
index 000..6d157c9
--- /dev/null
+++ b/hw/arm/fsl-imx25.c
@@ -0,0 +1,273 @@
+/*
+ * Copyright (c) 2013 Jean-Christophe Dubois j...@tribudubois.net
+ *
+ * i.MX25 SOC emulation.
+ *
+ * Based on hw/arm/xlnx-zynqmp.c
+ *
+ * Copyright (C) 2015 Xilinx Inc
+ * Written by Peter Crosthwaite peter.crosthwa...@xilinx.com
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see http://www.gnu.org/licenses/.
+ */
+
+#include hw/arm/fsl-imx25.h
+#include sysemu/sysemu.h
+#include exec/address-spaces.h
+#include hw/boards.h
+#include sysemu/char.h
+
+static void fsl_imx25_init(Object *obj)
+{
+FslIMX25State *s = FSL_IMX25(obj);
+int i;
+
+object_initialize(s-cpu, sizeof(s-cpu), arm926- TYPE_ARM_CPU);
+
+object_initialize(s-avic, sizeof(s-avic), TYPE_IMX_AVIC);
+qdev_set_parent_bus(DEVICE(s-avic), sysbus_get_default());
+
+object_initialize(s-ccm, sizeof(s-ccm), TYPE_IMX_CCM);
+qdev_set_parent_bus(DEVICE(s-ccm), sysbus_get_default());
+
+for (i = 0; i FSL_IMX25_NUM_UARTS; i++) {
+object_initialize(s-uart[i], sizeof(s-uart[i]), TYPE_IMX_SERIAL);
+qdev_set_parent_bus(DEVICE(s-uart[i]), sysbus_get_default());
+}
+
+for (i = 0; i FSL_IMX25_NUM_GPTS; i++) {
+object_initialize(s-gpt[i], sizeof(s-gpt[i]), TYPE_IMX_GPT);
+qdev_set_parent_bus(DEVICE(s-gpt[i]), sysbus_get_default());
+}
+
+for (i = 0; i FSL_IMX25_NUM_EPITS; i++) {
+object_initialize(s-epit[i], sizeof(s-epit[i]), TYPE_IMX_EPIT);
+qdev_set_parent_bus(DEVICE(s-epit[i]), sysbus_get_default());
+}
+
+object_initialize(s-fec, sizeof(s-fec), TYPE_IMX_FEC);
+qdev_set_parent_bus(DEVICE(s-fec), sysbus_get_default());
+
+for (i = 0; i FSL_IMX25_NUM_I2CS; i++) {
+object_initialize(s-i2c[i], sizeof(s-i2c[i]), TYPE_IMX_I2C);
+qdev_set_parent_bus(DEVICE(s-i2c[i]), sysbus_get_default());
+}
+}
+
+static void fsl_imx25_realize(DeviceState *dev, Error **errp)
+{
+FslIMX25State *s = FSL_IMX25(dev);
+uint8_t i;
+Error *err = NULL;
+
+
[Qemu-devel] [PATCH v14 1/8] i.MX: Add SOC support for i.MX31
For now we support the following devices:
* CPU: ARM1136
* Interrupt Controller: AVIC
* CCM
* UART x 2
* EPIT x 2
* GPT
Signed-off-by: Jean-Christophe Dubois j...@tribudubois.net
Reviewed-by: Peter Crosthwaite peter.crosthwa...@xilinx.com
---
Changes since v1:
* not present on v1
Changes since v2:
* not present on v2
Changes since v3:
* not present on v3
Changes since v4:
* not present on v4
Changes since v5:
* not present on v5
Changes since v6:
* not present on v6
Changes since v7:
* not present on v7
Changes since v8:
* use defines instead of hardcoded values for IRQ and ADDR
* Add i.MX31 SOC support
Changes since v9:
* no change.
Changes since v10:
* added description of supported devices
* rework of UART init to use chardev property
* use memory_region_allocate_system_memory()
* Fix coding style.
Changes since v11:
* no change.
Changes since v12:
* no change.
Changes since v13:
* Don't use memory_region_allocate_system_memory() to init internal iram
* improve error handling
default-configs/arm-softmmu.mak | 2 +
hw/arm/Makefile.objs| 3 +-
hw/arm/fsl-imx31.c | 216
include/hw/arm/fsl-imx31.h | 98 ++
4 files changed, 318 insertions(+), 1 deletion(-)
create mode 100644 hw/arm/fsl-imx31.c
create mode 100644 include/hw/arm/fsl-imx31.h
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 74f1db3..3f86e7e 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -98,6 +98,8 @@ CONFIG_ALLWINNER_A10_PIT=y
CONFIG_ALLWINNER_A10_PIC=y
CONFIG_ALLWINNER_A10=y
+CONFIG_FSL_IMX31=y
+
CONFIG_XIO3130=y
CONFIG_IOH3420=y
CONFIG_I82801B11=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index cf346c1..2fbe344 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -1,6 +1,6 @@
obj-y += boot.o collie.o exynos4_boards.o gumstix.o highbank.o
obj-$(CONFIG_DIGIC) += digic_boards.o
-obj-y += integratorcp.o kzm.o mainstone.o musicpal.o nseries.o
+obj-y += integratorcp.o mainstone.o musicpal.o nseries.o
obj-y += omap_sx1.o palm.o realview.o spitz.o stellaris.o
obj-y += tosa.o versatilepb.o vexpress.o virt.o xilinx_zynq.o z2.o
obj-$(CONFIG_ACPI) += virt-acpi-build.o
@@ -13,3 +13,4 @@ obj-y += omap1.o omap2.o strongarm.o
obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
+obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
new file mode 100644
index 000..7f27a8e
--- /dev/null
+++ b/hw/arm/fsl-imx31.c
@@ -0,0 +1,216 @@
+/*
+ * Copyright (c) 2013 Jean-Christophe Dubois j...@tribudubois.net
+ *
+ * i.MX31 SOC emulation.
+ *
+ * Based on hw/arm/fsl-imx31.c
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see http://www.gnu.org/licenses/.
+ */
+
+#include hw/arm/fsl-imx31.h
+#include sysemu/sysemu.h
+#include exec/address-spaces.h
+#include hw/boards.h
+#include sysemu/char.h
+
+static void fsl_imx31_init(Object *obj)
+{
+FslIMX31State *s = FSL_IMX31(obj);
+int i;
+
+object_initialize(s-cpu, sizeof(s-cpu), arm1136- TYPE_ARM_CPU);
+
+object_initialize(s-avic, sizeof(s-avic), TYPE_IMX_AVIC);
+qdev_set_parent_bus(DEVICE(s-avic), sysbus_get_default());
+
+object_initialize(s-ccm, sizeof(s-ccm), TYPE_IMX_CCM);
+qdev_set_parent_bus(DEVICE(s-ccm), sysbus_get_default());
+
+for (i = 0; i FSL_IMX31_NUM_UARTS; i++) {
+object_initialize(s-uart[i], sizeof(s-uart[i]), TYPE_IMX_SERIAL);
+qdev_set_parent_bus(DEVICE(s-uart[i]), sysbus_get_default());
+}
+
+object_initialize(s-gpt, sizeof(s-gpt), TYPE_IMX_GPT);
+qdev_set_parent_bus(DEVICE(s-gpt), sysbus_get_default());
+
+for (i = 0; i FSL_IMX31_NUM_EPITS; i++) {
+object_initialize(s-epit[i], sizeof(s-epit[i]), TYPE_IMX_EPIT);
+qdev_set_parent_bus(DEVICE(s-epit[i]), sysbus_get_default());
+}
+}
+
+static void fsl_imx31_realize(DeviceState *dev, Error **errp)
+{
+FslIMX31State *s = FSL_IMX31(dev);
+uint16_t i;
+Error *err = NULL;
+
+object_property_set_bool(OBJECT(s-cpu), true, realized, err);
+if (err) {
+error_propagate(errp, err);
+
[Qemu-devel] [PATCH v14 2/8] i.MX: KZM now uses the standalone i.MX31 SOC support
Tested by booting a minimal Linux system on the emulated platform Signed-off-by: Jean-Christophe Dubois j...@tribudubois.net --- Changes since v1: * not present on v1 Changes since v2: * not present on v2 Changes since v3: * not present on v3 Changes since v4: * not present on v4 Changes since v5: * not present on v5 Changes since v6: * not present on v6 Changes since v7: * update KZM target to use new emulators Changes since v8: * update KZM to user i.MX31 SOC * rework SDRAM memory initialisation Changes since v9: * remove all Qdev construction helper fucntions. Changes since v10: * use memory_region_allocate_system_memory() * rework of memory initialization loop. * remove all Qdev construction helper in device files. Changes since v10: * no change. Changes since v11: * no change. Changes since v12: * no change. Changes since v13: * Use memory_region_allocate_system_memory() only once for the 2 SDRAM controlers. * rework memory alias init. hw/arm/kzm.c | 209 ++- hw/char/imx_serial.c | 35 - hw/timer/imx_epit.c | 11 --- hw/timer/imx_gpt.c | 11 --- include/hw/arm/imx.h | 26 --- 5 files changed, 106 insertions(+), 186 deletions(-) delete mode 100644 include/hw/arm/imx.h diff --git a/hw/arm/kzm.c b/hw/arm/kzm.c index d7af230..9441f96 100644 --- a/hw/arm/kzm.c +++ b/hw/arm/kzm.c @@ -13,131 +13,134 @@ * i.MX31 SoC */ -#include hw/sysbus.h +#include hw/arm/fsl-imx31.h +#include hw/boards.h +#include qemu/error-report.h #include exec/address-spaces.h -#include hw/hw.h -#include hw/arm/arm.h -#include hw/devices.h #include net/net.h -#include sysemu/sysemu.h -#include hw/boards.h +#include hw/devices.h #include hw/char/serial.h -#include hw/intc/imx_avic.h -#include hw/arm/imx.h - -/* Memory map for Kzm Emulation Baseboard: - * 0x-0x3fff 16k secure ROM IGNORED - * 0x4000-0x00407fff Reserved IGNORED - * 0x00404000-0x00407fff ROM IGNORED - * 0x00408000-0x0fff Reserved IGNORED - * 0x1000-0x1fffbfff RAM aliasing IGNORED - * 0x1fffc000-0x1fff RAM EMULATED - * 0x2000-0x2fff Reserved IGNORED - * 0x3000-0x7fff I.MX31 Internal Register Space - * 0x43f0 IO_AREA0 - * 0x43f9 UART1 EMULATED - * 0x43f94000 UART2 EMULATED - * 0x6800 AVIC EMULATED - * 0x53f8 CCM EMULATED - * 0x53f94000 PIT 1 EMULATED - * 0x53f98000 PIT 2 EMULATED - * 0x53f9 GPT EMULATED - * 0x8000-0x87ff RAM EMULATED - * 0x8800-0x8fff RAM Aliasing EMULATED - * 0xa000-0xafff NAND Flash IGNORED - * 0xb000-0xb3ff Unavailable IGNORED - * 0xb400-0xb4000fff 8-bit free space IGNORED - * 0xb4001000-0xb400100f Board controlIGNORED - * 0xb4001003 DIP switch - * 0xb4001010-0xb400101f 7-segment LEDIGNORED - * 0xb4001020-0xb400102f LED IGNORED - * 0xb4001030-0xb400103f LED IGNORED - * 0xb4001040-0xb400104f FPGA, UART EMULATED - * 0xb4001050-0xb400105f FPGA, UART EMULATED - * 0xb4001060-0xb40f FPGA IGNORED - * 0xb600-0xb61f LAN controller EMULATED - * 0xb620-0xb62f FPGA NAND Controller IGNORED - * 0xb630-0xb7ff Free IGNORED - * 0xb800-0xb8004fff Memory control registers IGNORED - * 0xc000-0xc3ff PCMCIA/CFIGNORED - * 0xc400-0x Reserved IGNORED - */ - -#define KZM_RAMADDRESS (0x8000) -#define KZM_FPGA (0xb4001040) +#include sysemu/qtest.h + +/* Memory map for Kzm Emulation Baseboard: + * 0x-0x7fff See i.MX31 SOC for support + * 0x8000-0x8fff RAM EMULATED + * 0x9000-0x9fff RAM EMULATED + * 0xa000-0xafff FlashIGNORED + * 0xb000-0xb3ff Unavailable IGNORED + * 0xb400-0xb4000fff 8-bit free space IGNORED + * 0xb4001000-0xb400100f Board controlIGNORED + * 0xb4001003 DIP switch + * 0xb4001010-0xb400101f 7-segment LEDIGNORED + * 0xb4001020-0xb400102f LED IGNORED + * 0xb4001030-0xb400103f LED IGNORED + * 0xb4001040-0xb400104f FPGA, UART EMULATED + * 0xb4001050-0xb400105f FPGA, UART EMULATED + * 0xb4001060-0xb40f FPGA IGNORED + * 0xb600-0xb61f LAN controller EMULATED + * 0xb620-0xb62f FPGA NAND Controller
[Qemu-devel] [PATCH v14 0/8] i.MX: Add i.MX25 support through the PDK evaluation board
This series of patches is generated against Peter Maydell GIT tree: https://git.linaro.org/people/peter.maydell/qemu-arm.git branch target-arm-post-2.4 This series of patches add the support for the i.MX25 processor through the Freescale PDK evaluation board. For now a limited set of devices is supported. * GPT timers (from i.MX31) * EPIT timers (from i.MX31) * Serial ports (from i.MX31) * Ethernet FEC port * I2C controller In the process the KZM platform was split into an i.MX31 SOC and a plateform part. Also, I2C devices was added to the i.MX31 SOC. This was tested by: * booting a minimal linux system on the i.MX25 PDK platform * booting the Xvisor hypervisor on the i.MX25 PDK platform * booting a minimal linux system on the KZM platform Jean-Christophe Dubois (8): i.MX: Add SOC support for i.MX31 i.MX: KZM now uses the standalone i.MX31 SOC support i.MX: Add I2C controller emulator i.MX: Add FEC Ethernet Emulator i.MX: Add SOC support for i.MX25 i.MX: Add the i.MX25 PDK plateform i.MX: Add qtest support for I2C device emulator. i.MX: Add i2C devices to i.MX31 SOC default-configs/arm-softmmu.mak | 6 + hw/arm/Makefile.objs| 4 +- hw/arm/fsl-imx25.c | 273 hw/arm/fsl-imx31.c | 246 ++ hw/arm/imx25_pdk.c | 165 ++ hw/arm/kzm.c| 209 ++-- hw/char/imx_serial.c| 35 -- hw/i2c/Makefile.objs| 1 + hw/i2c/imx_i2c.c| 339 +++ hw/net/Makefile.objs| 1 + hw/net/imx_fec.c| 709 hw/timer/imx_epit.c | 11 - hw/timer/imx_gpt.c | 11 - include/hw/arm/fsl-imx25.h | 234 + include/hw/arm/fsl-imx31.h | 110 +++ include/hw/arm/imx.h| 26 -- include/hw/i2c/imx_i2c.h| 85 + include/hw/net/imx_fec.h| 113 +++ tests/Makefile | 3 + tests/ds1338-test.c | 78 + tests/libqos/i2c-imx.c | 209 tests/libqos/i2c.h | 3 + 22 files changed, 2684 insertions(+), 187 deletions(-) create mode 100644 hw/arm/fsl-imx25.c create mode 100644 hw/arm/fsl-imx31.c create mode 100644 hw/arm/imx25_pdk.c create mode 100644 hw/i2c/imx_i2c.c create mode 100644 hw/net/imx_fec.c create mode 100644 include/hw/arm/fsl-imx25.h create mode 100644 include/hw/arm/fsl-imx31.h delete mode 100644 include/hw/arm/imx.h create mode 100644 include/hw/i2c/imx_i2c.h create mode 100644 include/hw/net/imx_fec.h create mode 100644 tests/ds1338-test.c create mode 100644 tests/libqos/i2c-imx.c -- 2.1.4
[Qemu-devel] [PATCH v14 3/8] i.MX: Add I2C controller emulator
The slave mode is not implemented.
Signed-off-by: Jean-Christophe Dubois j...@tribudubois.net
Reviewed-by: Peter Crosthwaite crosthwaite.pe...@gmail.com
---
Changes since v1:
* none
Changes since v2:
* use QOM cast
* reworked debug printf
* use CamelCase for state type
* warn with qemu_log_mask(LOG_GUEST_ERROR) or qemu_log_mask(LOG_UNIMP)
* move to dma_memory_read/write API
* rework interrupt handling
* use qemu_flush_queued_packets() in rx_enable()
Changes since v3:
* use realise for device initialization
* More QOM cast
* reworked debug printf some more
* standardise GPL header
* use CamelCase for buffer descriptor type
Changes since v4:
* none
Changes since v5:
* replace hw_error() with qemu_log_mask(LOG_GUEST_ERROR, ...)
* remove reformating of imx.h header file.
* remove unnecessary spaces.
Changes since v6:
* port to new memory API
Change since v7:
* refactor emulator to be used by SOC
Changes since v8:
* no change
Changes since v9:
* no change
Changes since v10:
* no change.
Changes since v11:
* no change.
Changes since v12:
* no change.
Changes since v13:
* no change.
default-configs/arm-softmmu.mak | 2 +
hw/i2c/Makefile.objs| 1 +
hw/i2c/imx_i2c.c| 339
include/hw/i2c/imx_i2c.h| 85 ++
4 files changed, 427 insertions(+)
create mode 100644 hw/i2c/imx_i2c.c
create mode 100644 include/hw/i2c/imx_i2c.h
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 3f86e7e..47390db 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -100,6 +100,8 @@ CONFIG_ALLWINNER_A10=y
CONFIG_FSL_IMX31=y
+CONFIG_IMX_I2C=y
+
CONFIG_XIO3130=y
CONFIG_IOH3420=y
CONFIG_I82801B11=y
diff --git a/hw/i2c/Makefile.objs b/hw/i2c/Makefile.objs
index 0f13060..aeb8f38 100644
--- a/hw/i2c/Makefile.objs
+++ b/hw/i2c/Makefile.objs
@@ -4,4 +4,5 @@ common-obj-$(CONFIG_ACPI_X86) += smbus_ich9.o
common-obj-$(CONFIG_APM) += pm_smbus.o
common-obj-$(CONFIG_BITBANG_I2C) += bitbang_i2c.o
common-obj-$(CONFIG_EXYNOS4) += exynos4210_i2c.o
+common-obj-$(CONFIG_IMX_I2C) += imx_i2c.o
obj-$(CONFIG_OMAP) += omap_i2c.o
diff --git a/hw/i2c/imx_i2c.c b/hw/i2c/imx_i2c.c
new file mode 100644
index 000..468712b
--- /dev/null
+++ b/hw/i2c/imx_i2c.c
@@ -0,0 +1,339 @@
+/*
+ * i.MX I2C Bus Serial Interface Emulation
+ *
+ * Copyright (C) 2013 Jean-Christophe Dubois. j...@tribudubois.net
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see http://www.gnu.org/licenses/.
+ *
+ */
+
+#include hw/i2c/imx_i2c.h
+#include hw/i2c/i2c.h
+
+#ifndef IMX_I2C_DEBUG
+#define IMX_I2C_DEBUG 0
+#endif
+
+#if IMX_I2C_DEBUG
+#define DPRINT(fmt, args...) \
+do { fprintf(stderr, %s: fmt, __func__, ## args); } while (0)
+
+static const char *imx_i2c_get_regname(unsigned offset)
+{
+switch (offset) {
+case IADR_ADDR:
+return IADR;
+case IFDR_ADDR:
+return IFDR;
+case I2CR_ADDR:
+return I2CR;
+case I2SR_ADDR:
+return I2SR;
+case I2DR_ADDR:
+return I2DR;
+default:
+return [?];
+}
+}
+#else
+#define DPRINT(fmt, args...) do { } while (0)
+#endif
+
+static inline bool imx_i2c_is_enabled(IMXI2CState *s)
+{
+return s-i2cr I2CR_IEN;
+}
+
+static inline bool imx_i2c_interrupt_is_enabled(IMXI2CState *s)
+{
+return s-i2cr I2CR_IIEN;
+}
+
+static inline bool imx_i2c_is_master(IMXI2CState *s)
+{
+return s-i2cr I2CR_MSTA;
+}
+
+static inline bool imx_i2c_direction_is_tx(IMXI2CState *s)
+{
+return s-i2cr I2CR_MTX;
+}
+
+static void imx_i2c_reset(DeviceState *dev)
+{
+IMXI2CState *s = IMX_I2C(dev);
+
+if (s-address != ADDR_RESET) {
+i2c_end_transfer(s-bus);
+}
+
+s-address= ADDR_RESET;
+s-iadr = IADR_RESET;
+s-ifdr = IFDR_RESET;
+s-i2cr = I2CR_RESET;
+s-i2sr = I2SR_RESET;
+s-i2dr_read = I2DR_RESET;
+s-i2dr_write = I2DR_RESET;
+}
+
+static inline void imx_i2c_raise_interrupt(IMXI2CState *s)
+{
+/*
+ * raise an interrupt if the device is enabled and it is configured
+ * to generate some interrupts.
+ */
+if (imx_i2c_is_enabled(s) imx_i2c_interrupt_is_enabled(s)) {
+s-i2sr |= I2SR_IIF;
+
[Qemu-devel] [PATCH v14 8/8] i.MX: Add i2C devices to i.MX31 SOC
Signed-off-by: Jean-Christophe Dubois j...@tribudubois.net
---
Changes since v1:
* not present on v1
Changes since v2:
* not present on v2
Changes since v3:
* not present on v3
Changes since v4:
* not present on v4
Changes since v5:
* not present on v5
Changes since v6:
* not present on v6
Changes since v7:
* not present on v7
Changes since v8:
* not present on v8
Changes since v9:
* Added 3 I2C devices to i.MX31 SOC
Changes since v10:
* no change.
Changes since v11:
* no change.
Changes since v12:
* no change.
Changes since v13:
* Spelling fix in comments
* Space cleanup
* Patch title fix.
hw/arm/fsl-imx31.c | 30 ++
include/hw/arm/fsl-imx31.h | 12
2 files changed, 42 insertions(+)
diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
index 7f27a8e..0b1896a 100644
--- a/hw/arm/fsl-imx31.c
+++ b/hw/arm/fsl-imx31.c
@@ -50,6 +50,11 @@ static void fsl_imx31_init(Object *obj)
object_initialize(s-epit[i], sizeof(s-epit[i]), TYPE_IMX_EPIT);
qdev_set_parent_bus(DEVICE(s-epit[i]), sysbus_get_default());
}
+
+for (i = 0; i FSL_IMX31_NUM_I2CS; i++) {
+object_initialize(s-i2c[i], sizeof(s-i2c[i]), TYPE_IMX_I2C);
+qdev_set_parent_bus(DEVICE(s-i2c[i]), sysbus_get_default());
+}
}
static void fsl_imx31_realize(DeviceState *dev, Error **errp)
@@ -154,6 +159,31 @@ static void fsl_imx31_realize(DeviceState *dev, Error
**errp)
epit_table[i].irq));
}
+/* Initialize all I2C */
+for (i = 0; i FSL_IMX31_NUM_I2CS; i++) {
+static const struct {
+hwaddr addr;
+unsigned int irq;
+} i2c_table[FSL_IMX31_NUM_I2CS] = {
+{ FSL_IMX31_I2C1_ADDR, FSL_IMX31_I2C1_IRQ },
+{ FSL_IMX31_I2C2_ADDR, FSL_IMX31_I2C2_IRQ },
+{ FSL_IMX31_I2C3_ADDR, FSL_IMX31_I2C3_IRQ }
+};
+
+/* Initialize the I2C */
+object_property_set_bool(OBJECT(s-i2c[i]), true, realized, err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+/* Map I2C memory */
+sysbus_mmio_map(SYS_BUS_DEVICE(s-i2c[i]), 0, i2c_table[i].addr);
+/* Connect I2C IRQ to PIC */
+sysbus_connect_irq(SYS_BUS_DEVICE(s-i2c[i]), 0,
+ qdev_get_gpio_in(DEVICE(s-avic),
+i2c_table[i].irq));
+}
+
/* On a real system, the first 16k is a `secure boot rom' */
memory_region_init_rom_device(s-secure_rom, NULL, NULL, NULL,
imx31.secure_rom,
diff --git a/include/hw/arm/fsl-imx31.h b/include/hw/arm/fsl-imx31.h
index d8a7e86..32744a1 100644
--- a/include/hw/arm/fsl-imx31.h
+++ b/include/hw/arm/fsl-imx31.h
@@ -23,6 +23,7 @@
#include hw/char/imx_serial.h
#include hw/timer/imx_gpt.h
#include hw/timer/imx_epit.h
+#include hw/i2c/imx_i2c.h
#include exec/memory.h
#define TYPE_FSL_IMX31 fsl,imx31
@@ -30,6 +31,7 @@
#define FSL_IMX31_NUM_UARTS 2
#define FSL_IMX31_NUM_EPITS 2
+#define FSL_IMX31_NUM_I2CS 3
typedef struct FslIMX31State{
/* private */
@@ -42,6 +44,7 @@ typedef struct FslIMX31State{
IMXSerialState uart[FSL_IMX31_NUM_UARTS];
IMXGPTStategpt;
IMXEPITState epit[FSL_IMX31_NUM_EPITS];
+IMXI2CStatei2c[FSL_IMX31_NUM_I2CS];
MemoryRegion secure_rom;
MemoryRegion rom;
MemoryRegion iram;
@@ -56,10 +59,16 @@ typedef struct FslIMX31State{
#define FSL_IMX31_IRAM_ALIAS_SIZE 0xFFC
#define FSL_IMX31_IRAM_ADDR0x1FFFC000
#define FSL_IMX31_IRAM_SIZE0x4000
+#define FSL_IMX31_I2C1_ADDR0x43F8
+#define FSL_IMX31_I2C1_SIZE0x4000
+#define FSL_IMX31_I2C3_ADDR0x43F84000
+#define FSL_IMX31_I2C3_SIZE0x4000
#define FSL_IMX31_UART1_ADDR 0x43F9
#define FSL_IMX31_UART1_SIZE 0x4000
#define FSL_IMX31_UART2_ADDR 0x43F94000
#define FSL_IMX31_UART2_SIZE 0x4000
+#define FSL_IMX31_I2C2_ADDR0x43F98000
+#define FSL_IMX31_I2C2_SIZE0x4000
#define FSL_IMX31_CCM_ADDR 0x53F8
#define FSL_IMX31_CCM_SIZE 0x4000
#define FSL_IMX31_GPT_ADDR 0x53F9
@@ -94,5 +103,8 @@ typedef struct FslIMX31State{
#define FSL_IMX31_GPT_IRQ 29
#define FSL_IMX31_UART2_IRQ32
#define FSL_IMX31_UART1_IRQ45
+#define FSL_IMX31_I2C1_IRQ 10
+#define FSL_IMX31_I2C2_IRQ 4
+#define FSL_IMX31_I2C3_IRQ 3
#endif /* FSL_IMX31_H */
--
2.1.4
[Qemu-devel] [PATCH v14 6/8] i.MX: Add the i.MX25 PDK plateform
Tested by booting a minimal Linux system on the emulated platform
Tested by booting the Xvisor hyprvisor on the emulated platform
Signed-off-by: Jean-Christophe Dubois j...@tribudubois.net
---
Changes since v1:
* Added a ds1338 I2C device for qtest purpose.
Changes since v2:
* none
Changes since v3:
* Rework GPL header
* use I2C constructor helper.
Changes since v4:
* use sysbus_create_simple() instead of I2C constructor helper
Changes since v5:
* Add ds1338 only for qtest mode.
* small comment fixes.
Changes since v6:
* Allow for more than 4 serial if suppoted by Qemu.
Changes since v7:
* Move the SOC part into its own file.
Changes since v8:
* rework SDRAM memory initialisation
Changes since v9:
* no change
Changes since v10:
* rename board from 3DS to PDK
* use memory_region_allocate_system_memory()
* rework of memory initialization loop.
Changes since v11:
* no change
Changes since v12:
* no change
Changes since v12:
* Call memory_region_allocate_system_memory() only once for the 2 SDRAM
controlers
* rework memory alias init.
hw/arm/Makefile.objs | 2 +-
hw/arm/imx25_pdk.c | 165 +++
2 files changed, 166 insertions(+), 1 deletion(-)
create mode 100644 hw/arm/imx25_pdk.c
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index b83aaca..2195b60 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -13,5 +13,5 @@ obj-y += omap1.o omap2.o strongarm.o
obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
-obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o
+obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
diff --git a/hw/arm/imx25_pdk.c b/hw/arm/imx25_pdk.c
new file mode 100644
index 000..f5c8f6b
--- /dev/null
+++ b/hw/arm/imx25_pdk.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright (c) 2013 Jean-Christophe Dubois j...@tribudubois.net
+ *
+ * PDK Board System emulation.
+ *
+ * Based on hw/arm/kzm.c
+ *
+ * Copyright (c) 2008 OKL and 2011 NICTA
+ * Written by Hans at OK-Labs
+ * Updated by Peter Chubb.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see http://www.gnu.org/licenses/.
+ */
+
+#include hw/arm/fsl-imx25.h
+#include hw/boards.h
+#include qemu/error-report.h
+#include exec/address-spaces.h
+#include sysemu/qtest.h
+#include hw/i2c/i2c.h
+
+/* Memory map for PDK Emulation Baseboard:
+ * 0x-0x7fff See i.MX25 SOC fr support
+ * 0x8000-0x87ff RAM + Alias EMULATED
+ * 0x9000-0x9fff RAM + Alias EMULATED
+ * 0xa000-0xa7ff FlashIGNORED
+ * 0xa800-0xafff FlashIGNORED
+ * 0xb000-0xb1ff SRAM IGNORED
+ * 0xb200-0xb3ff SRAM IGNORED
+ * 0xb400-0xb5ff CS4 IGNORED
+ * 0xb600-0xb8000fff Reserved IGNORED
+ * 0xb8001000-0xb8001fff SDRAM CTRL reg IGNORED
+ * 0xb8002000-0xb8002fff WEIM CTRL regIGNORED
+ * 0xb8003000-0xb8003fff M3IF CTRL regIGNORED
+ * 0xb8004000-0xb8004fff EMI CTRL reg IGNORED
+ * 0xb8005000-0xbaff Reserved IGNORED
+ * 0xbb00-0xbb000fff NAND flash area buf IGNORED
+ * 0xbb001000-0xbb0011ff NAND flash reserved IGNORED
+ * 0xbb001200-0xbb001dff Reserved IGNORED
+ * 0xbb001e00-0xbb001fff NAN flash CTRL reg IGNORED
+ * 0xbb012000-0xbfff Reserved IGNORED
+ * 0xc000-0x Reserved IGNORED
+ */
+
+typedef struct IMX25Pdk {
+FslIMX25State soc;
+MemoryRegion ram;
+MemoryRegion ram_alias;
+} IMX25Pdk;
+
+#define IMX25_PDK_ADDRESS (FSL_IMX25_SDRAM0_ADDR)
+
+static struct arm_boot_info imx25_pdk_binfo;
+
+static void imx25_pdk_init(MachineState *machine)
+{
+IMX25Pdk *s = g_new0(IMX25Pdk, 1);
+Error *err = NULL;
+unsigned int ram_size;
+unsigned int alias_offset;
+int i;
+
+object_initialize(s-soc, sizeof(s-soc), TYPE_FSL_IMX25);
+object_property_add_child(OBJECT(machine), soc, OBJECT(s-soc),
+ error_abort);
+
+object_property_set_bool(OBJECT(s-soc), true, realized, err);
+if (err != NULL) {
+error_report(%s, error_get_pretty(err));
+exit(1);
+}
+
+
[Qemu-devel] [PATCH v14 4/8] i.MX: Add FEC Ethernet Emulator
This is based on mcf_fec.c FEC implementation for Coldfire
* A generic PHY was added (borrowwed from LAN9118)
* The buffer management is also modified as buffers are
slightly different between Coldfire and i.MX
Signed-off-by: Jean-Christophe Dubois j...@tribudubois.net
Reviewed-by: Peter Crosthwaite crosthwaite.pe...@gmail.com
---
Changes since v1:
* none
Changes since v2:
* use QOM cast
* reworked debug printf
* use CamelCase for state type
* warn with qemu_log_mask(LOG_GUEST_ERROR) or qemu_log_mask(LOG_UNIMP)
* move to dma_memory_read/write API
* rework interrupt handling
* use qemu_flush_queued_packets() in rx_enable()
Changes since v3:
* use realise for device initialization
* More QOM cast
* reworked debug printf some more
* standardise GPL header
* use CamelCase for buffer descriptor type
Changes since v4:
* none
Changes since v5:
* replace hw_error() with qemu_log_mask(LOG_GUEST_ERROR, ...)
* remove reformating of imx.h header file.
* remove unnecessary spaces.
Changes since v6:
* port to new memory API
Changes since v7:
* refactor to be used by SOC
Changes since v8:
* no change
Changes since v9:
* no change
Changes since v10:
* no change
Changes since v11:
* no change
Changes since v12:
* no change
Changes since v13:
* no change
default-configs/arm-softmmu.mak | 1 +
hw/net/Makefile.objs| 1 +
hw/net/imx_fec.c| 709
include/hw/net/imx_fec.h| 113 +++
4 files changed, 824 insertions(+)
create mode 100644 hw/net/imx_fec.c
create mode 100644 include/hw/net/imx_fec.h
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 47390db..5fa84c6 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -28,6 +28,7 @@ CONFIG_SSI_M25P80=y
CONFIG_LAN9118=y
CONFIG_SMC91C111=y
CONFIG_ALLWINNER_EMAC=y
+CONFIG_IMX_FEC=y
CONFIG_DS1338=y
CONFIG_PFLASH_CFI01=y
CONFIG_PFLASH_CFI02=y
diff --git a/hw/net/Makefile.objs b/hw/net/Makefile.objs
index 9880173..64d0449 100644
--- a/hw/net/Makefile.objs
+++ b/hw/net/Makefile.objs
@@ -19,6 +19,7 @@ common-obj-$(CONFIG_XGMAC) += xgmac.o
common-obj-$(CONFIG_MIPSNET) += mipsnet.o
common-obj-$(CONFIG_XILINX_AXI) += xilinx_axienet.o
common-obj-$(CONFIG_ALLWINNER_EMAC) += allwinner_emac.o
+common-obj-$(CONFIG_IMX_FEC) += imx_fec.o
common-obj-$(CONFIG_CADENCE) += cadence_gem.o
common-obj-$(CONFIG_STELLARIS_ENET) += stellaris_enet.o
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
new file mode 100644
index 000..725f3fa
--- /dev/null
+++ b/hw/net/imx_fec.c
@@ -0,0 +1,709 @@
+/*
+ * i.MX Fast Ethernet Controller emulation.
+ *
+ * Copyright (c) 2013 Jean-Christophe Dubois. j...@tribudubois.net
+ *
+ * Based on Coldfire Fast Ethernet Controller emulation.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see http://www.gnu.org/licenses/.
+ */
+
+#include hw/net/imx_fec.h
+#include sysemu/dma.h
+
+/* For crc32 */
+#include zlib.h
+
+#ifndef IMX_FEC_DEBUG
+#define IMX_FEC_DEBUG 0
+#endif
+
+#ifndef IMX_PHY_DEBUG
+#define IMX_PHY_DEBUG 0
+#endif
+
+#if IMX_FEC_DEBUG
+#define FEC_PRINTF(fmt, ...) \
+do { fprintf(stderr, %s[%s]: fmt , TYPE_IMX_FEC, __func__, \
+ ## __VA_ARGS__); \
+} while (0)
+#else
+#define FEC_PRINTF(fmt, ...) do {} while (0)
+#endif
+
+#if IMX_PHY_DEBUG
+#define PHY_PRINTF(fmt, ...) \
+do { fprintf(stderr, %s.phy[%s]: fmt , TYPE_IMX_FEC, __func__, \
+ ## __VA_ARGS__); \
+} while (0)
+#else
+#define PHY_PRINTF(fmt, ...) do {} while (0)
+#endif
+
+static const VMStateDescription vmstate_imx_fec = {
+.name = TYPE_IMX_FEC,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32(irq_state, IMXFECState),
+VMSTATE_UINT32(eir, IMXFECState),
+VMSTATE_UINT32(eimr, IMXFECState),
+VMSTATE_UINT32(rx_enabled, IMXFECState),
+VMSTATE_UINT32(rx_descriptor, IMXFECState),
+VMSTATE_UINT32(tx_descriptor, IMXFECState),
+VMSTATE_UINT32(ecr, IMXFECState),
+VMSTATE_UINT32(mmfr, IMXFECState),
+VMSTATE_UINT32(mscr, IMXFECState),
+VMSTATE_UINT32(mibc, IMXFECState),
+VMSTATE_UINT32(rcr,
[Qemu-devel] [PATCH v14 7/8] i.MX: Add qtest support for I2C device emulator.
This is using a ds1338 RTC chip on the I2C bus. This RTC chip is
not present on the real 3DS PDK board.
Signed-off-by: Jean-Christophe Dubois j...@tribudubois.net
---
Changes since v1:
* not present on v1
Changes since v2:
* use a common header file for I2C regs definition
Changes since v3:
* rework GPL headers.
Changes since v4:
* none
Changes since v5:
* none
Changes since v6:
* none
Changes since v7:
* adapt to new i.MX I2C header file.
Changes since v8:
* no change
Changes since v9:
* no change
Changes since v10:
* no change
Changes since v11:
* no change
Changes since v12:
* no change
Changes since v13:
* Fix imx25_3ds to imx25_pdk for make check target
* move bcd2bin() as inline function
* Spelling fix.
tests/Makefile | 3 +
tests/ds1338-test.c| 78 ++
tests/libqos/i2c-imx.c | 209 +
tests/libqos/i2c.h | 3 +
4 files changed, 293 insertions(+)
create mode 100644 tests/ds1338-test.c
create mode 100644 tests/libqos/i2c-imx.c
diff --git a/tests/Makefile b/tests/Makefile
index 7494582..7be50fc 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -201,6 +201,7 @@ check-qtest-sparc64-y = tests/endianness-test$(EXESUF)
gcov-files-sparc-y += hw/timer/m48t59.c
gcov-files-sparc64-y += hw/timer/m48t59.c
check-qtest-arm-y = tests/tmp105-test$(EXESUF)
+check-qtest-arm-y = tests/ds1338-test$(EXESUF)
gcov-files-arm-y += hw/misc/tmp105.c
check-qtest-arm-y += tests/virtio-blk-test$(EXESUF)
gcov-files-arm-y += arm-softmmu/hw/block/virtio-blk.c
@@ -354,6 +355,7 @@ libqos-pc-obj-y = $(libqos-obj-y) tests/libqos/pci-pc.o
libqos-pc-obj-y += tests/libqos/malloc-pc.o tests/libqos/libqos-pc.o
libqos-pc-obj-y += tests/libqos/ahci.o
libqos-omap-obj-y = $(libqos-obj-y) tests/libqos/i2c-omap.o
+libqos-imx-obj-y = $(libqos-obj-y) tests/libqos/i2c-imx.o
libqos-usb-obj-y = $(libqos-pc-obj-y) tests/libqos/usb.o
libqos-virtio-obj-y = $(libqos-pc-obj-y) tests/libqos/virtio.o
tests/libqos/virtio-pci.o tests/libqos/virtio-mmio.o
tests/libqos/malloc-generic.o
@@ -368,6 +370,7 @@ tests/hd-geo-test$(EXESUF): tests/hd-geo-test.o
tests/boot-order-test$(EXESUF): tests/boot-order-test.o $(libqos-obj-y)
tests/bios-tables-test$(EXESUF): tests/bios-tables-test.o $(libqos-obj-y)
tests/tmp105-test$(EXESUF): tests/tmp105-test.o $(libqos-omap-obj-y)
+tests/ds1338-test$(EXESUF): tests/ds1338-test.o $(libqos-imx-obj-y)
tests/i440fx-test$(EXESUF): tests/i440fx-test.o $(libqos-pc-obj-y)
tests/q35-test$(EXESUF): tests/q35-test.o $(libqos-pc-obj-y)
tests/fw_cfg-test$(EXESUF): tests/fw_cfg-test.o $(libqos-pc-obj-y)
diff --git a/tests/ds1338-test.c b/tests/ds1338-test.c
new file mode 100644
index 000..a7fb415
--- /dev/null
+++ b/tests/ds1338-test.c
@@ -0,0 +1,78 @@
+/*
+ * QTest testcase for the DS1338 RTC
+ *
+ * Copyright (c) 2013 Jean-Christophe Dubois
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see http://www.gnu.org/licenses/.
+ */
+
+#include libqtest.h
+#include libqos/i2c.h
+
+#include glib.h
+
+#define IMX25_I2C_0_BASE 0x43F8
+
+#define DS1338_ADDR 0x68
+
+static I2CAdapter *i2c;
+static uint8_t addr;
+
+static inline uint8_t bcd2bin(uint8_t x)
+{
+return ((x) 0x0f) + ((x) 4) * 10;
+}
+
+static void send_and_receive(void)
+{
+uint8_t cmd[1];
+uint8_t resp[7];
+time_t now = time(NULL);
+struct tm *tm_ptr = gmtime(now);
+
+/* reset the index in the RTC memory */
+cmd[0] = 0;
+i2c_send(i2c, addr, cmd, 1);
+
+/* retrieve the date */
+i2c_recv(i2c, addr, resp, 7);
+
+/* check retrieved time againt local time */
+g_assert_cmpuint(bcd2bin(resp[4]), == , tm_ptr-tm_mday);
+g_assert_cmpuint(bcd2bin(resp[5]), == , 1 + tm_ptr-tm_mon);
+g_assert_cmpuint(2000 + bcd2bin(resp[6]), == , 1900 + tm_ptr-tm_year);
+}
+
+int main(int argc, char **argv)
+{
+QTestState *s = NULL;
+int ret;
+
+g_test_init(argc, argv, NULL);
+
+s = qtest_start(-display none -machine imx25_pdk);
+i2c = imx_i2c_create(IMX25_I2C_0_BASE);
+addr = DS1338_ADDR;
+
+qtest_add_func(/ds1338/tx-rx, send_and_receive);
+
+ret = g_test_run();
+
+if (s) {
+qtest_quit(s);
+}
+g_free(i2c);
+
+return ret;
+}
diff --git a/tests/libqos/i2c-imx.c b/tests/libqos/i2c-imx.c
new file mode 100644
index 000..b5cef66
---
[Qemu-devel] [PATCH v4 1/3] linux-headers: Add eeh.h
The header file was introduced by following Linux upstream commits: commit ed3e81f (powerpc/eeh: Move PE state constants around) commit ec33d36 (powerpc/eeh: Introduce eeh_pe_inject_err()) Signed-off-by: Gavin Shan gws...@linux.vnet.ibm.com --- linux-headers/asm-powerpc/eeh.h | 56 + 1 file changed, 56 insertions(+) create mode 100644 linux-headers/asm-powerpc/eeh.h diff --git a/linux-headers/asm-powerpc/eeh.h b/linux-headers/asm-powerpc/eeh.h new file mode 100644 index 000..291b7d1 --- /dev/null +++ b/linux-headers/asm-powerpc/eeh.h @@ -0,0 +1,56 @@ +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 2, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + * Copyright IBM Corp. 2015 + * + * Authors: Gavin Shan gws...@linux.vnet.ibm.com + */ + +#ifndef _ASM_POWERPC_EEH_H +#define _ASM_POWERPC_EEH_H + +/* PE states */ +#define EEH_PE_STATE_NORMAL0 /* Normal state */ +#define EEH_PE_STATE_RESET 1 /* PE reset asserted*/ +#define EEH_PE_STATE_STOPPED_IO_DMA2 /* Frozen PE*/ +#define EEH_PE_STATE_STOPPED_DMA 4 /* Stopped DMA only */ +#define EEH_PE_STATE_UNAVAIL 5 /* Unavailable */ + +/* EEH error types and functions */ +#define EEH_ERR_TYPE_320 /* 32-bits error */ +#define EEH_ERR_TYPE_641 /* 64-bits error */ +#define EEH_ERR_FUNC_MIN 0 +#define EEH_ERR_FUNC_LD_MEM_ADDR 0 /* Memory load */ +#define EEH_ERR_FUNC_LD_MEM_DATA 1 +#define EEH_ERR_FUNC_LD_IO_ADDR2 /* IO load */ +#define EEH_ERR_FUNC_LD_IO_DATA3 +#define EEH_ERR_FUNC_LD_CFG_ADDR 4 /* Config load */ +#define EEH_ERR_FUNC_LD_CFG_DATA 5 +#define EEH_ERR_FUNC_ST_MEM_ADDR 6 /* Memory store */ +#define EEH_ERR_FUNC_ST_MEM_DATA 7 +#define EEH_ERR_FUNC_ST_IO_ADDR8 /* IO store */ +#define EEH_ERR_FUNC_ST_IO_DATA9 +#define EEH_ERR_FUNC_ST_CFG_ADDR 10 /* Config store */ +#define EEH_ERR_FUNC_ST_CFG_DATA 11 +#define EEH_ERR_FUNC_DMA_RD_ADDR 12 /* DMA read */ +#define EEH_ERR_FUNC_DMA_RD_DATA 13 +#define EEH_ERR_FUNC_DMA_RD_MASTER 14 +#define EEH_ERR_FUNC_DMA_RD_TARGET 15 +#define EEH_ERR_FUNC_DMA_WR_ADDR 16 /* DMA write*/ +#define EEH_ERR_FUNC_DMA_WR_DATA 17 +#define EEH_ERR_FUNC_DMA_WR_MASTER 18 +#define EEH_ERR_FUNC_DMA_WR_TARGET 19 +#define EEH_ERR_FUNC_MAX 19 + +#endif /* _ASM_POWERPC_EEH_H */ -- 2.1.0
Re: [Qemu-devel] [RFC PATCH V7 00/19] Multithread TCG.
On 10/08/2015 20:34, Alex Bennée wrote: fred.kon...@greensocs.com writes: From: KONRAD Frederic fred.kon...@greensocs.com This is the 7th round of the MTTCG patch series. It can be cloned from: g...@git.greensocs.com:fkonrad/mttcg.git branch multi_tcg_v7. I'm not seeing this yet, did you remember to push? oops sorry done! This patch-set try to address the different issues in the global picture of MTTCG, presented on the wiki. == Needed patch for our work == Some preliminaries are needed for our work: * current_cpu doesn't make sense in mttcg so a tcg_executing flag is added to the CPUState. * We need to run some work safely when all VCPUs are outside their execution loop. This is done with the async_run_safe_work_on_cpu function introduced in this series. * QemuSpin lock is introduced (on posix only yet) to allow a faster handling of atomic instruction. == Code generation and cache == As Qemu stands, there is no protection at all against two threads attempting to generate code at the same time or modifying a TranslationBlock. The protect TBContext with tb_lock patch address the issue of code generation and makes all the tb_* function thread safe (except tb_flush). This raised the question of one or multiple caches. We choosed to use one unified cache because it's easier as a first step and since the structure of QEMU effectively has a ‘local’ cache per CPU in the form of the jump cache, we don't see the benefit of having two pools of tbs. == Dirty tracking == Protecting the IOs: To allows all VCPUs threads to run at the same time we need to drop the global_mutex as soon as possible. The io access need to take the mutex. This is likely to change when http://thread.gmane.org/gmane.comp.emulators.qemu/345258 will be upstreamed. Invalidation of TranslationBlocks: We can have all VCPUs running during an invalidation. Each VCPU is able to clean it's jump cache itself as it is in CPUState so that can be handled by a simple call to async_run_on_cpu. However tb_invalidate also writes to the TranslationBlock which is shared as we have only one pool. Hence this part of invalidate requires all VCPUs to exit before it can be done. Hence the async_run_safe_work_on_cpu is introduced to handle this case. == Atomic instruction == For now only ARM on x64 is supported by using an cmpxchg instruction. Specifically the limitation of this approach is that it is harder to support 64bit ARM on a host architecture that is multi-core, but only supports 32 bit cmpxchg (we believe this could be the case for some PPC cores). For now this case is not correctly handled. The existing atomic patch will attempt to execute the 64 bit cmpxchg functionality in a non thread safe fashion. Our intention is to provide a new multi-thread ARM atomic patch for 64bit ARM on effective 32bit hosts. This atomic instruction part has been tested with Alexander's atomic stress repo available here: https://lists.gnu.org/archive/html/qemu-devel/2015-06/msg05585.html The execution is a little slower than upstream probably because of the different VCPU fight for the mutex. Swaping arm_exclusive_lock from mutex to spin_lock reduce considerably the difference. == Testing == A simple double dhrystone test in SMP 2 with vexpress-a15 in a linux guest show a good performance progression: it takes basically 18s upstream to complete vs 10s with MTTCG. Testing image is available here: https://cloud.greensocs.com/index.php/s/CfHSLzDH5pmTkW3 Then simply: ./configure --target-list=arm-softmmu make -j8 ./arm-softmmu/qemu-system-arm -M vexpress-a15 -smp 2 -kernel zImage -initrd rootfs.ext2 -dtb vexpress-v2p-ca15-tc1.dtb --nographic --append console=ttyAMA0 login: root The dhrystone command is the last one in the history. dhrystone 1000 dhrystone 1000 The atomic spinlock benchmark from Alexander shows that atomic basically work. Just follow the instruction here: https://lists.gnu.org/archive/html/qemu-devel/2015-06/msg05585.html == Known issues == * GDB stub: GDB stub is not tested right now it will probably requires some changes to work. * deadlock on exit: When exiting QEMU Ctrl-C some VCPU's thread are not able to exit and continue execution. http://git.greensocs.com/fkonrad/mttcg/issues/1 * memory_region_rom_device_set_romd from pflash01 just crashes the TCG code. Strangely this happen only with -smp 4 and 2 in the DTB. http://git.greensocs.com/fkonrad/mttcg/issues/2 Changes V6 - V7: * global_lock: * Don't protect softmmu read/write helper as it's now done in adress_space_rw. * tcg_exec_flag: * Make the flag atomically test and set through an API. * introduce async_safe_work: * move qemu_cpu_kick_thread to avoid prototype declaration. * use the work_mutex. * async_work: * protect it with a mutex (work_mutex) against concurent access. * tb_lock: * protect tcg_malloc_internal as well. * signal the VCPU even of current_cpu is
[Qemu-devel] [PATCH v4 3/3] sPAPR: Support RTAS call ibm,errinjct
The patch supports RTAS call ibm,errinjct to allow injecting
EEH errors to VFIO PCI devices. The implementation is similiar
to EEH support for VFIO PCI devices: The RTAS request is captured
by QEMU and routed to sPAPRPHBClass::eeh_inject_error() where the
request is translated to VFIO container IOCTL command to be handled
by the host.
Signed-off-by: Gavin Shan gws...@linux.vnet.ibm.com
---
hw/ppc/spapr_pci.c | 36 +
hw/ppc/spapr_pci_vfio.c | 56 +
hw/ppc/spapr_rtas.c | 77 +
include/hw/pci-host/spapr.h | 2 ++
include/hw/ppc/spapr.h | 9 +-
5 files changed, 179 insertions(+), 1 deletion(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index cfd3b7b..050c3ea 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -682,6 +682,42 @@ param_error_exit:
rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
}
+int spapr_rtas_errinjct_ioa(sPAPRMachineState *spapr,
+target_ulong param_buf,
+bool is_64bits)
+{
+sPAPRPHBState *sphb;
+sPAPRPHBClass *spc;
+uint64_t buid, addr, mask;
+uint32_t func;
+
+if (is_64bits) {
+addr = ((uint64_t)rtas_ld(param_buf, 0) 32) | rtas_ld(param_buf, 1);
+mask = ((uint64_t)rtas_ld(param_buf, 2) 32) | rtas_ld(param_buf, 3);
+buid = ((uint64_t)rtas_ld(param_buf, 5) 32) | rtas_ld(param_buf, 6);
+func = rtas_ld(param_buf, 7);
+} else {
+addr = rtas_ld(param_buf, 0);
+mask = rtas_ld(param_buf, 1);
+buid = ((uint64_t)rtas_ld(param_buf, 3) 32) | rtas_ld(param_buf, 4);
+func = rtas_ld(param_buf, 5);
+}
+
+/* Find PHB */
+sphb = spapr_pci_find_phb(spapr, buid);
+if (!sphb) {
+return RTAS_OUT_PARAM_ERROR;
+}
+
+spc = SPAPR_PCI_HOST_BRIDGE_GET_CLASS(sphb);
+if (!spc-eeh_inject_error) {
+return RTAS_OUT_PARAM_ERROR;
+}
+
+/* Handle the request */
+return spc-eeh_inject_error(sphb, func, addr, mask, is_64bits);
+}
+
static int pci_spapr_swizzle(int slot, int pin)
{
return (slot + pin) % PCI_NUM_PINS;
diff --git a/hw/ppc/spapr_pci_vfio.c b/hw/ppc/spapr_pci_vfio.c
index cca45ed..a3674ee 100644
--- a/hw/ppc/spapr_pci_vfio.c
+++ b/hw/ppc/spapr_pci_vfio.c
@@ -17,6 +17,8 @@
* along with this program; if not, see http://www.gnu.org/licenses/.
*/
+#include asm/eeh.h
+
#include hw/ppc/spapr.h
#include hw/pci-host/spapr.h
#include hw/pci/msix.h
@@ -250,6 +252,59 @@ static int spapr_phb_vfio_eeh_configure(sPAPRPHBState
*sphb)
return RTAS_OUT_SUCCESS;
}
+static int spapr_phb_vfio_eeh_inject_error(sPAPRPHBState *sphb,
+ uint32_t func, uint64_t addr,
+ uint64_t mask, bool is_64bits)
+{
+sPAPRPHBVFIOState *svphb = SPAPR_PCI_VFIO_HOST_BRIDGE(sphb);
+struct vfio_eeh_pe_op op = {
+.op = VFIO_EEH_PE_INJECT_ERR,
+.argsz = sizeof(op)
+};
+int ret = RTAS_OUT_SUCCESS;
+
+op.err.type = is_64bits ? EEH_ERR_TYPE_64 : EEH_ERR_TYPE_32;
+op.err.addr = addr;
+op.err.mask = mask;
+
+switch (func) {
+case EEH_ERR_FUNC_LD_MEM_ADDR:
+case EEH_ERR_FUNC_LD_MEM_DATA:
+case EEH_ERR_FUNC_LD_IO_ADDR:
+case EEH_ERR_FUNC_LD_IO_DATA:
+case EEH_ERR_FUNC_LD_CFG_ADDR:
+case EEH_ERR_FUNC_LD_CFG_DATA:
+case EEH_ERR_FUNC_ST_MEM_ADDR:
+case EEH_ERR_FUNC_ST_MEM_DATA:
+case EEH_ERR_FUNC_ST_IO_ADDR:
+case EEH_ERR_FUNC_ST_IO_DATA:
+case EEH_ERR_FUNC_ST_CFG_ADDR:
+case EEH_ERR_FUNC_ST_CFG_DATA:
+case EEH_ERR_FUNC_DMA_RD_ADDR:
+case EEH_ERR_FUNC_DMA_RD_DATA:
+case EEH_ERR_FUNC_DMA_RD_MASTER:
+case EEH_ERR_FUNC_DMA_RD_TARGET:
+case EEH_ERR_FUNC_DMA_WR_ADDR:
+case EEH_ERR_FUNC_DMA_WR_DATA:
+case EEH_ERR_FUNC_DMA_WR_MASTER:
+op.err.func = func;
+break;
+default:
+ret = RTAS_OUT_PARAM_ERROR;
+goto out;
+}
+
+if (vfio_container_ioctl(svphb-phb.iommu_as, svphb-iommugroupid,
+ VFIO_EEH_PE_OP, op) 0) {
+ret = RTAS_OUT_HW_ERROR;
+goto out;
+}
+
+ret = RTAS_OUT_SUCCESS;
+out:
+return ret;
+}
+
static void spapr_phb_vfio_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
@@ -262,6 +317,7 @@ static void spapr_phb_vfio_class_init(ObjectClass *klass,
void *data)
spc-eeh_get_state = spapr_phb_vfio_eeh_get_state;
spc-eeh_reset = spapr_phb_vfio_eeh_reset;
spc-eeh_configure = spapr_phb_vfio_eeh_configure;
+spc-eeh_inject_error = spapr_phb_vfio_eeh_inject_error;
}
static const TypeInfo spapr_phb_vfio_info = {
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 8405056..5645f43 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -632,6 +632,54 @@ out:
rtas_st(rets, 1, ret);
}
+static void rtas_ibm_errinjct(PowerPCCPU
[Qemu-devel] [PATCH v4 0/3] sPAPR: Support EEH Error Injection
The patchset depends on below Linux upstream commits:
commit ed3e81f (powerpc/eeh: Move PE state constants around)
commit ec33d36 (powerpc/eeh: Introduce eeh_pe_inject_err())
According to PAPR specification 2.7, there're 3 RTAS calls relevent to error
injection: ibm,open-errinjct, ibm,close-errinjct, ibm,errinjct. The
userland utility errinjct running on guest utilizes those 3 RTAS calls like
this way: Call ibm,open-errinjct that returns open-token, which is passed to
ibm,errinjct together with error specific arguments to do error injection.
Finally, to return the open-token by calling ibm,close-errinject.
ibm,errinjct can be used to inject various errors, not limited to EEH errors.
However, this patchset is going to support injecting EEH errors only for VFIO
PCI devices.
=
Changelog
=
v3 - v4:
* To record currently opened token, not next one as suggested by Alexey.
v2 - v3:
* Replace random token number with incremental counter. Another boolean
variable to track if it's opened. Both of them are added to migration
stream.
* The return value from sPAPRPHBClass::eeh_inject_error() can be passed
to user directly. No need to do conversion.
* Corrected error code to RTAS_OUT_CLOSE_ERROR in rtas_ibm_errinjct().
* Don't expose error injection tokens for unsupported types.
v1 - v2:
* Rebased to git://github.com/dgibson/qemu.git (branch: spapr-next)
* Remove specific PCI error types in hw/ppc/spapr.h. Use those macros
asm-powerpc/eeh.h instead.
Gavin Shan (3):
linux-headers: Add eeh.h
sPAPR: Support RTAS call ibm, {open, close}-errinjct
sPAPR: Support RTAS call ibm,errinjct
hw/ppc/spapr.c | 5 ++
hw/ppc/spapr_pci.c | 36 ++
hw/ppc/spapr_pci_vfio.c | 56
hw/ppc/spapr_rtas.c | 143
include/hw/pci-host/spapr.h | 2 +
include/hw/ppc/spapr.h | 17 -
linux-headers/asm-powerpc/eeh.h | 56
7 files changed, 314 insertions(+), 1 deletion(-)
create mode 100644 linux-headers/asm-powerpc/eeh.h
--
2.1.0
Re: [Qemu-devel] [PATCH v3 2/3] sPAPR: Support RTAS call ibm, {open, close}-errinjct
On Fri, Aug 07, 2015 at 01:33:32PM +1000, Gavin Shan wrote:
The patch supports RTAS calls ibm,{open,close}-errinjct to
manupliate the token, which is passed to RTAS call ibm,errinjct
to indicate the valid context for error injection. Each VM is
permitted to have only one token at once and we simply have one
random number for that.
Signed-off-by: Gavin Shan gws...@linux.vnet.ibm.com
---
hw/ppc/spapr.c | 5
hw/ppc/spapr_rtas.c| 66
++
include/hw/ppc/spapr.h | 10 +++-
3 files changed, 80 insertions(+), 1 deletion(-)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index dfd808f..1ebd0b2 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1225,6 +1225,11 @@ static const VMStateDescription vmstate_spapr = {
VMSTATE_UINT64_TEST(rtc_offset, sPAPRMachineState, version_before_3),
VMSTATE_PPC_TIMEBASE_V(tb, sPAPRMachineState, 2),
+
+/* Error injection token */
+VMSTATE_BOOL(is_errinjct_opened, sPAPRMachineState),
+VMSTATE_UINT32(errinjct_next_token, sPAPRMachineState),
Because you're adding fields to the vmstate you'll need to define a
new version number and make these fields only considered in the new
version.
Technically you only need to transfer whether the token is open, and
*if* it is open the current token value. Not sure if it's worth
restricting to that though.
--
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
pgplfbvllxsVb.pgp
Description: PGP signature
[Qemu-devel] [PATCH v4 2/3] sPAPR: Support RTAS call ibm, {open, close}-errinjct
The patch supports RTAS calls ibm,{open,close}-errinjct to
manupliate the token, which is passed to RTAS call ibm,errinjct
to indicate the valid context for error injection. Each VM is
permitted to have only one token at once and we simply have one
random number for that.
Signed-off-by: Gavin Shan gws...@linux.vnet.ibm.com
---
hw/ppc/spapr.c | 5
hw/ppc/spapr_rtas.c| 66 ++
include/hw/ppc/spapr.h | 10 +++-
3 files changed, 80 insertions(+), 1 deletion(-)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index dfd808f..c74184c 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1225,6 +1225,11 @@ static const VMStateDescription vmstate_spapr = {
VMSTATE_UINT64_TEST(rtc_offset, sPAPRMachineState, version_before_3),
VMSTATE_PPC_TIMEBASE_V(tb, sPAPRMachineState, 2),
+
+/* Error injection token */
+VMSTATE_BOOL(is_errinjct_opened, sPAPRMachineState),
+VMSTATE_UINT32(errinjct_token, sPAPRMachineState),
+
VMSTATE_END_OF_LIST()
},
};
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index e99e25f..8405056 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -604,6 +604,68 @@ out:
rtas_st(rets, 0, rc);
}
+static void rtas_ibm_open_errinjct(PowerPCCPU *cpu,
+ sPAPRMachineState *spapr,
+ uint32_t token, uint32_t nargs,
+ target_ulong args, uint32_t nret,
+ target_ulong rets)
+{
+int32_t ret;
+
+/* Sanity check on number of arguments */
+if ((nargs != 0) || (nret != 2)) {
+ret = RTAS_OUT_PARAM_ERROR;
+goto out;
+}
+
+/* Check if we already had token */
+if (spapr-is_errinjct_opened) {
+ret = RTAS_OUT_TOKEN_OPENED;
+goto out;
+}
+
+/* Grab the token */
+spapr-is_errinjct_opened = true;
+rtas_st(rets, 0, ++spapr-errinjct_token);
+ret = RTAS_OUT_SUCCESS;
+out:
+rtas_st(rets, 1, ret);
+}
+
+static void rtas_ibm_close_errinjct(PowerPCCPU *cpu,
+sPAPRMachineState *spapr,
+uint32_t token, uint32_t nargs,
+target_ulong args, uint32_t nret,
+target_ulong rets)
+{
+uint32_t open_token;
+int32_t ret;
+
+/* Sanity check on number of arguments */
+if ((nargs != 1) || (nret != 1)) {
+ret = RTAS_OUT_PARAM_ERROR;
+goto out;
+}
+
+/* Check if we had opened token */
+if (!spapr-is_errinjct_opened) {
+ret = RTAS_OUT_CLOSE_ERROR;
+goto out;
+}
+
+/* Match with the passed token */
+open_token = rtas_ld(args, 0);
+if (spapr-errinjct_token != open_token) {
+ret = RTAS_OUT_CLOSE_ERROR;
+goto out;
+}
+
+spapr-is_errinjct_opened = false;
+ret = RTAS_OUT_SUCCESS;
+out:
+rtas_st(rets, 0, ret);
+}
+
static struct rtas_call {
const char *name;
spapr_rtas_fn fn;
@@ -754,6 +816,10 @@ static void core_rtas_register_types(void)
rtas_get_sensor_state);
spapr_rtas_register(RTAS_IBM_CONFIGURE_CONNECTOR,
ibm,configure-connector,
rtas_ibm_configure_connector);
+spapr_rtas_register(RTAS_IBM_OPEN_ERRINJCT, ibm,open-errinjct,
+rtas_ibm_open_errinjct);
+spapr_rtas_register(RTAS_IBM_CLOSE_ERRINJCT, ibm,close-errinjct,
+rtas_ibm_close_errinjct);
}
type_init(core_rtas_register_types)
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index b6cb0d0..2430d48 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -73,6 +73,10 @@ struct sPAPRMachineState {
int htab_fd;
bool htab_fd_stale;
+/* Error injection token */
+bool is_errinjct_opened;
+uint32_t errinjct_token;
+
/* RTAS state */
QTAILQ_HEAD(, sPAPRConfigureConnectorState) ccs_list;
@@ -412,6 +416,8 @@ int spapr_allocate_irq_block(int num, bool lsi, bool msi);
#define RTAS_OUT_BUSY -2
#define RTAS_OUT_PARAM_ERROR-3
#define RTAS_OUT_NOT_SUPPORTED -3
+#define RTAS_OUT_TOKEN_OPENED -4
+#define RTAS_OUT_CLOSE_ERROR-4
#define RTAS_OUT_NOT_AUTHORIZED -9002
/* RTAS tokens */
@@ -455,8 +461,10 @@ int spapr_allocate_irq_block(int num, bool lsi, bool msi);
#define RTAS_IBM_SET_SLOT_RESET (RTAS_TOKEN_BASE + 0x23)
#define RTAS_IBM_CONFIGURE_PE (RTAS_TOKEN_BASE + 0x24)
#define RTAS_IBM_SLOT_ERROR_DETAIL (RTAS_TOKEN_BASE + 0x25)
+#define RTAS_IBM_OPEN_ERRINJCT (RTAS_TOKEN_BASE + 0x26)
+#define RTAS_IBM_CLOSE_ERRINJCT (RTAS_TOKEN_BASE + 0x27)
-#define RTAS_TOKEN_MAX (RTAS_TOKEN_BASE + 0x26)
+#define RTAS_TOKEN_MAX (RTAS_TOKEN_BASE + 0x28)
/* RTAS
Re: [Qemu-devel] [PATCH 1/3] firmware: introduce sysfs driver for QEMU's fw_cfg device
On Mon, Aug 10, 2015 at 03:02:22PM -0400, Gabriel L. Somlo wrote: Mainly, qemu's fw_cfg is a read-only device, so one wouldn't ever care to try writing anything to it. /sys/firmware/... feels like a fit because fw_cfg contains binary blobs originally meant to be used by the bios (it's how SeaBIOS and OVMF pull smbios and acpi tables out of the host and set them up in guest memory before booting the guest kernel, as one of the many examples). The most similar example (and the existing driver I used as an example during implementation) is dmi-sysfs.c, which also exposes all the metadata for each smbios table as numeric (or string) read-only attributes, and has a raw attribute which allows dumping each table in its entirety. Same thing here -- I want to expose the name, size, and select key for each blob, but also allow access to the payload, i.e. the blob itself. That's great, and you can have these blobs be an attribute for a struct device. Just using a raw kobject as you are is hard, as you have seen, and messy. Making it a real device makes this all much easier and simpler. Now if you want to keep things in /sys/firmware/ that's another issue, and would have to stay as a kobject. so maybe it does need to remain, need to think about that... thanks, greg k-h
Re: [Qemu-devel] [PATCH v4 05/11] qemu-log: Improve the exec TB execution logging
Hi Peter, Alex, On 08/03/2015 05:14 AM, Alex Bennée wrote: From: Peter Maydell peter.mayd...@linaro.org Improve the TB execution logging so that it is easier to identify what is happening from trace logs: * move the Trace logging of executed TBs into cpu_tb_exec() so that it is emitted if and only if we actually execute a TB, and for consistency for the CPU state logging * log when we link two TBs together via tb_add_jump() * log when cpu_tb_exec() returns early from a chain of TBs The new style logging looks like this: Trace 0x7fb7cc822ca0 [ffcdce00] Linking TBs 0x7fb7cc822ca0 [ffcdce00] index 0 - 0x7fb7cc823110 [ffcdce10] Trace 0x7fb7cc823110 [ffcdce10] Trace 0x7fb7cc823420 [ffc000302688] Trace 0x7fb7cc8234a0 [ffc000302698] Trace 0x7fb7cc823520 [ffc0003026a4] Trace 0x7fb7cc823560 [ffcdce44] Linking TBs 0x7fb7cc823560 [ffcdce44] index 1 - 0x7fb7cc8235d0 [ffcdce70] Trace 0x7fb7cc8235d0 [ffcdce70] Abandoned execution of TB chain before 0x7fb7cc8235d0 [ffcdce70] Trace 0x7fb7cc8235d0 [ffcdce70] Trace 0x7fb7cc822fd0 [ffcdd52c] Do you think there's some way to log the loop count when a circular chain is executed? System Emulation started at Mon Aug 10 15:30:49 2015 Invocation:aarch64-softmmu/qemu-system-aarch64 -M virt -cpu cortex-a57 -m 2G -kernel psci-exit -d exec,int,in_asm -nodefaults -nographic -monitor none -icount shift=0 IN: 0x8000: d2800140 mov x0, #0xa 0x8004: f1000400 subs x0, x0, #0x1 (1) 0x8008: 54e1 b.ne #-0x4 (addr 0x8004) Trace 0x7f38787cb000 [8000] IN: 0x8004: f1000400 subs x0, x0, #0x1 (1) 0x8008: 54e1 b.ne #-0x4 (addr 0x8004) Linking TBs 0x7f38787cb000 [8000] index 1 - 0x7f38787cb0d0 [8004] Trace 0x7f38787cb0d0 [8004] Linking TBs 0x7f38787cb0d0 [8004] index 1 - 0x7f38787cb0d0 [8004] Trace 0x7f38787cb0d0 [8004] IN: 0x800c: d2800100 mov x0, #0x8 0x8010: f2b08000 movk x0, #0x8400, lsl #16 0x8014: d402 hvc #0x0 Linking TBs 0x7f38787cb0d0 [8004] index 0 - 0x7f38787cb1c0 [800c] Trace 0x7f38787cb1c0 [800c] Taking exception 11 [Hypervisor Call] ...from EL1 ...with ESR 0x5a00 Thanks, Christopher Covington -- Qualcomm Innovation Center, Inc. The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project
Re: [Qemu-devel] [PATCH v3 2/3] sPAPR: Support RTAS call ibm, {open, close}-errinjct
On 08/11/2015 10:57 AM, Gavin Shan wrote:
On Mon, Aug 10, 2015 at 10:24:56PM +1000, David Gibson wrote:
On Fri, Aug 07, 2015 at 01:33:32PM +1000, Gavin Shan wrote:
The patch supports RTAS calls ibm,{open,close}-errinjct to
manupliate the token, which is passed to RTAS call ibm,errinjct
to indicate the valid context for error injection. Each VM is
permitted to have only one token at once and we simply have one
random number for that.
Signed-off-by: Gavin Shan gws...@linux.vnet.ibm.com
---
hw/ppc/spapr.c | 5
hw/ppc/spapr_rtas.c| 66 ++
include/hw/ppc/spapr.h | 10 +++-
3 files changed, 80 insertions(+), 1 deletion(-)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index dfd808f..1ebd0b2 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1225,6 +1225,11 @@ static const VMStateDescription vmstate_spapr = {
VMSTATE_UINT64_TEST(rtc_offset, sPAPRMachineState, version_before_3),
VMSTATE_PPC_TIMEBASE_V(tb, sPAPRMachineState, 2),
+
+/* Error injection token */
+VMSTATE_BOOL(is_errinjct_opened, sPAPRMachineState),
+VMSTATE_UINT32(errinjct_next_token, sPAPRMachineState),
Because you're adding fields to the vmstate you'll need to define a
new version number and make these fields only considered in the new
version.
Agree, do we have an example for me to refer to?
Technically it is enough to send a token which is not opened when it is
zero. The chunk below demonstrates versions use.
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index e046265..e568d41 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1213,17 +1213,21 @@ static bool version_before_3(void *opaque, int
version_id)
static const VMStateDescription vmstate_spapr = {
.name = spapr,
-.version_id = 3,
+.version_id = 4,
.minimum_version_id = 1,
.post_load = spapr_post_load,
.fields = (VMStateField[]) {
/* used to be @next_irq */
VMSTATE_UNUSED_BUFFER(version_before_3, 0, 4),
+
/* RTC offset */
VMSTATE_UINT64_TEST(rtc_offset, sPAPRMachineState, version_before_3),
VMSTATE_PPC_TIMEBASE_V(tb, sPAPRMachineState, 2),
+
+/* Error injection token */
+VMSTATE_UINT32_V(errinjct_next_token, sPAPRMachineState, 4),
VMSTATE_END_OF_LIST()
},
};
Technically you only need to transfer whether the token is open, and
*if* it is open the current token value. Not sure if it's worth
restricting to that though.
It would be fine to transfer the token even it's closed, I think.
--
Alexey
Re: [Qemu-devel] [PATCH v3 2/3] sPAPR: Support RTAS call ibm, {open, close}-errinjct
On Mon, Aug 10, 2015 at 10:24:56PM +1000, David Gibson wrote:
On Fri, Aug 07, 2015 at 01:33:32PM +1000, Gavin Shan wrote:
The patch supports RTAS calls ibm,{open,close}-errinjct to
manupliate the token, which is passed to RTAS call ibm,errinjct
to indicate the valid context for error injection. Each VM is
permitted to have only one token at once and we simply have one
random number for that.
Signed-off-by: Gavin Shan gws...@linux.vnet.ibm.com
---
hw/ppc/spapr.c | 5
hw/ppc/spapr_rtas.c| 66
++
include/hw/ppc/spapr.h | 10 +++-
3 files changed, 80 insertions(+), 1 deletion(-)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index dfd808f..1ebd0b2 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1225,6 +1225,11 @@ static const VMStateDescription vmstate_spapr = {
VMSTATE_UINT64_TEST(rtc_offset, sPAPRMachineState,
version_before_3),
VMSTATE_PPC_TIMEBASE_V(tb, sPAPRMachineState, 2),
+
+/* Error injection token */
+VMSTATE_BOOL(is_errinjct_opened, sPAPRMachineState),
+VMSTATE_UINT32(errinjct_next_token, sPAPRMachineState),
Because you're adding fields to the vmstate you'll need to define a
new version number and make these fields only considered in the new
version.
Agree, do we have an example for me to refer to?
Technically you only need to transfer whether the token is open, and
*if* it is open the current token value. Not sure if it's worth
restricting to that though.
It would be fine to transfer the token even it's closed, I think.
Thanks,
Gavin
[Qemu-devel] [PATCH 0/4] target-sparc: Update to use VMStateDescription
This patchset updates target-sparc to use VMStateDescription rather than hand-written save/load functions. (This and CRIS are the last two targets still using the old approach.) It's based on some patches from back in 2012 by Juan which I've updated, rebased and made some tweaks to. This is a migration compatibility break; we don't care about cross-version migration on SPARC guests, and not having to maintain the old wire format allows a cleaner vmstate description in several ways. NB that the 'split cpu_put_psr' patch seems to me to be a bugfix in and of itself, since currently we might try to call cpu_check_irqs() and deliver interrupts while we're halfway through updating a PSR value... Juan Quintela (2): vmstate: introduce CPU_DoubleU arrays target-sparc: Convert to VMStateDescription Peter Maydell (2): target-sparc: Split cpu_put_psr into side-effect and no-side-effect parts target-sparc: Don't flush TLB in cpu_load function hw/sparc64/sun4u.c | 20 --- include/migration/vmstate.h | 7 + migration/vmstate.c | 23 +++ target-sparc/cpu-qom.h | 4 + target-sparc/cpu.c | 1 + target-sparc/cpu.h | 7 +- target-sparc/machine.c | 360 target-sparc/win_helper.c | 19 ++- 8 files changed, 210 insertions(+), 231 deletions(-) -- 1.9.1
[Qemu-devel] [PATCH 1/4] vmstate: introduce CPU_DoubleU arrays
From: Juan Quintela quint...@redhat.com
Add vmstate support for migrating arrays of CPU_DoubleU via
VMSTATE_CPUDOUBLE_ARRAY.
Signed-off-by: Juan Quintela quint...@redhat.com
[PMM: rebased, since files have all moved since 2012;
added VMSTATE_CPUDOUBLE_ARRAY_V for consistency with FLOAT64]
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
include/migration/vmstate.h | 7 +++
migration/vmstate.c | 23 +++
2 files changed, 30 insertions(+)
diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 2e5a97d..a234d44 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -154,6 +154,7 @@ extern const VMStateInfo vmstate_info_uint32;
extern const VMStateInfo vmstate_info_uint64;
extern const VMStateInfo vmstate_info_float64;
+extern const VMStateInfo vmstate_info_cpudouble;
extern const VMStateInfo vmstate_info_timer;
extern const VMStateInfo vmstate_info_buffer;
@@ -769,6 +770,12 @@ extern const VMStateInfo vmstate_info_bitmap;
#define VMSTATE_FLOAT64_ARRAY(_f, _s, _n) \
VMSTATE_FLOAT64_ARRAY_V(_f, _s, _n, 0)
+#define VMSTATE_CPUDOUBLE_ARRAY_V(_f, _s, _n, _v) \
+VMSTATE_ARRAY(_f, _s, _n, _v, vmstate_info_cpudouble, CPU_DoubleU)
+
+#define VMSTATE_CPUDOUBLE_ARRAY(_f, _s, _n) \
+VMSTATE_CPUDOUBLE_ARRAY_V(_f, _s, _n, 0)
+
#define VMSTATE_BUFFER_V(_f, _s, _v) \
VMSTATE_STATIC_BUFFER(_f, _s, _v, NULL, 0, sizeof(typeof_field(_s, _f)))
diff --git a/migration/vmstate.c b/migration/vmstate.c
index e8ccf22..f70fe59 100644
--- a/migration/vmstate.c
+++ b/migration/vmstate.c
@@ -794,6 +794,29 @@ const VMStateInfo vmstate_info_float64 = {
.put = put_float64,
};
+/* CPU_DoubleU type */
+
+static int get_cpudouble(QEMUFile *f, void *pv, size_t size)
+{
+CPU_DoubleU *v = pv;
+qemu_get_be32s(f, v-l.upper);
+qemu_get_be32s(f, v-l.lower);
+return 0;
+}
+
+static void put_cpudouble(QEMUFile *f, void *pv, size_t size)
+{
+CPU_DoubleU *v = pv;
+qemu_put_be32s(f, v-l.upper);
+qemu_put_be32s(f, v-l.lower);
+}
+
+const VMStateInfo vmstate_info_cpudouble = {
+.name = CPU_Double_U,
+.get = get_cpudouble,
+.put = put_cpudouble,
+};
+
/* uint8_t buffers */
static int get_buffer(QEMUFile *f, void *pv, size_t size)
--
1.9.1
[Qemu-devel] [PATCH 4/4] target-sparc: Convert to VMStateDescription
From: Juan Quintela quint...@redhat.com
Convert the SPARC CPU from cpu_load/save functions to VMStateDescription.
Note that this is a migration compatibility break (which is OK as
we don't try to support cross-version migration on SPARC).
Signed-off-by: Juan Quintela quint...@redhat.com
[PMM:
* Rebase and update to apply to master
* Register via dc-vmsd
* VMSTATE_STRUCT_POINTER now takes type, not pointer-to-type
* QEMUTimer* are migrated via VMSTATE_TIMER_PTR
* Squash in another patch from Juan that arrayifies the state
descriptions for immuregs, dmmuregs, itlb and dtlb, since we're
going to break VM state compatibility anyway
* Put CPUTimer vmstate struct inside TARGET_SPARC64 ifdef
* Save the whole of env.regbase rather than having a complicated
scheme for only saving the part we're using
* Convert handling of PSR to use a vmstate_psr, like Alpha and ARM
]
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
hw/sparc64/sun4u.c | 20 ---
target-sparc/cpu-qom.h | 4 +
target-sparc/cpu.c | 1 +
target-sparc/cpu.h | 6 -
target-sparc/machine.c | 359 ++---
5 files changed, 167 insertions(+), 223 deletions(-)
diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index 30cfa0e..93dca10 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -358,26 +358,6 @@ typedef struct ResetData {
uint64_t prom_addr;
} ResetData;
-void cpu_put_timer(QEMUFile *f, CPUTimer *s)
-{
-qemu_put_be32s(f, s-frequency);
-qemu_put_be32s(f, s-disabled);
-qemu_put_be64s(f, s-disabled_mask);
-qemu_put_sbe64s(f, s-clock_offset);
-
-timer_put(f, s-qtimer);
-}
-
-void cpu_get_timer(QEMUFile *f, CPUTimer *s)
-{
-qemu_get_be32s(f, s-frequency);
-qemu_get_be32s(f, s-disabled);
-qemu_get_be64s(f, s-disabled_mask);
-qemu_get_sbe64s(f, s-clock_offset);
-
-timer_get(f, s-qtimer);
-}
-
static CPUTimer *cpu_timer_create(const char *name, SPARCCPU *cpu,
QEMUBHFunc *cb, uint32_t frequency,
uint64_t disabled_mask)
diff --git a/target-sparc/cpu-qom.h b/target-sparc/cpu-qom.h
index 477c4d5..5096b10 100644
--- a/target-sparc/cpu-qom.h
+++ b/target-sparc/cpu-qom.h
@@ -75,6 +75,10 @@ static inline SPARCCPU *sparc_env_get_cpu(CPUSPARCState *env)
#define ENV_OFFSET offsetof(SPARCCPU, env)
+#ifndef CONFIG_USER_ONLY
+extern const struct VMStateDescription vmstate_sparc_cpu;
+#endif
+
void sparc_cpu_do_interrupt(CPUState *cpu);
void sparc_cpu_dump_state(CPUState *cpu, FILE *f,
fprintf_function cpu_fprintf, int flags);
diff --git a/target-sparc/cpu.c b/target-sparc/cpu.c
index 9528e3a..aea0a99 100644
--- a/target-sparc/cpu.c
+++ b/target-sparc/cpu.c
@@ -847,6 +847,7 @@ static void sparc_cpu_class_init(ObjectClass *oc, void
*data)
cc-do_unassigned_access = sparc_cpu_unassigned_access;
cc-do_unaligned_access = sparc_cpu_do_unaligned_access;
cc-get_phys_page_debug = sparc_cpu_get_phys_page_debug;
+dc-vmsd = vmstate_sparc_cpu;
#endif
#if defined(TARGET_SPARC64) !defined(TARGET_ABI32)
diff --git a/target-sparc/cpu.h b/target-sparc/cpu.h
index 9a4a010..bf4164e 100644
--- a/target-sparc/cpu.h
+++ b/target-sparc/cpu.h
@@ -377,10 +377,6 @@ struct CPUTimer
typedef struct CPUTimer CPUTimer;
-struct QEMUFile;
-void cpu_put_timer(struct QEMUFile *f, CPUTimer *s);
-void cpu_get_timer(struct QEMUFile *f, CPUTimer *s);
-
typedef struct CPUSPARCState CPUSPARCState;
struct CPUSPARCState {
@@ -603,8 +599,6 @@ int cpu_sparc_signal_handler(int host_signum, void *pinfo,
void *puc);
#define cpu_signal_handler cpu_sparc_signal_handler
#define cpu_list sparc_cpu_list
-#define CPU_SAVE_VERSION 7
-
/* MMU modes definitions */
#if defined (TARGET_SPARC64)
#define MMU_USER_IDX 0
diff --git a/target-sparc/machine.c b/target-sparc/machine.c
index 7d03759..0354b1e 100644
--- a/target-sparc/machine.c
+++ b/target-sparc/machine.c
@@ -4,214 +4,179 @@
#include cpu.h
-void cpu_save(QEMUFile *f, void *opaque)
-{
-CPUSPARCState *env = opaque;
-int i;
-uint32_t tmp;
-
-// if env-cwp == env-nwindows - 1, this will set the ins of the last
-// window as the outs of the first window
-cpu_set_cwp(env, env-cwp);
+#ifdef TARGET_SPARC64
+static const VMStateDescription vmstate_cpu_timer = {
+.name = cpu_timer,
+.version_id = 1,
+.minimum_version_id = 1,
+.minimum_version_id_old = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32(frequency, CPUTimer),
+VMSTATE_UINT32(disabled, CPUTimer),
+VMSTATE_UINT64(disabled_mask, CPUTimer),
+VMSTATE_INT64(clock_offset, CPUTimer),
+VMSTATE_TIMER_PTR(qtimer, CPUTimer),
+VMSTATE_END_OF_LIST()
+}
+};
-for(i = 0; i 8; i++)
-qemu_put_betls(f, env-gregs[i]);
-qemu_put_be32s(f, env-nwindows);
-for(i = 0; i env-nwindows * 16; i++)
-qemu_put_betls(f, env-regbase[i]);
[Qemu-devel] [PATCH 3/4] target-sparc: Don't flush TLB in cpu_load function
There's no need to flush the TLB in the SPARC cpu_load function: we're guaranteed to be loading state into a fresh clean configuration. Signed-off-by: Peter Maydell peter.mayd...@linaro.org --- target-sparc/machine.c | 1 - 1 file changed, 1 deletion(-) diff --git a/target-sparc/machine.c b/target-sparc/machine.c index 3f3de4c..7d03759 100644 --- a/target-sparc/machine.c +++ b/target-sparc/machine.c @@ -213,6 +213,5 @@ int cpu_load(QEMUFile *f, void *opaque, int version_id) qemu_get_be64s(f, env-ssr); cpu_get_timer(f, env-hstick); #endif -tlb_flush(CPU(cpu), 1); return 0; } -- 1.9.1
[Qemu-devel] [PATCH 2/4] target-sparc: Split cpu_put_psr into side-effect and no-side-effect parts
For inbound migration we really want to be able to set the PSR without
having any side effects, but cpu_put_psr() calls cpu_check_irqs() which
might try to deliver CPU interrupts. Split cpu_put_psr() into the
no-side-effect and side-effect parts.
This includes reordering the cpu_check_irqs() to the end of cpu_put_psr(),
because that function may actually end up calling cpu_interrupt(), which
does not seem like a good thing to happen in the middle of updating the PSR.
Suggested-by: Blue Swirl blauwir...@gmail.com
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
target-sparc/cpu.h| 1 +
target-sparc/win_helper.c | 19 ---
2 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/target-sparc/cpu.h b/target-sparc/cpu.h
index 0522b65..9a4a010 100644
--- a/target-sparc/cpu.h
+++ b/target-sparc/cpu.h
@@ -542,6 +542,7 @@ int cpu_sparc_exec(CPUState *cpu);
/* win_helper.c */
target_ulong cpu_get_psr(CPUSPARCState *env1);
void cpu_put_psr(CPUSPARCState *env1, target_ulong val);
+void cpu_put_psr_raw(CPUSPARCState *env1, target_ulong val);
#ifdef TARGET_SPARC64
target_ulong cpu_get_ccr(CPUSPARCState *env1);
void cpu_put_ccr(CPUSPARCState *env1, target_ulong val);
diff --git a/target-sparc/win_helper.c b/target-sparc/win_helper.c
index f01ae08..5b6d7b5 100644
--- a/target-sparc/win_helper.c
+++ b/target-sparc/win_helper.c
@@ -64,23 +64,28 @@ target_ulong cpu_get_psr(CPUSPARCState *env)
#endif
}
-void cpu_put_psr(CPUSPARCState *env, target_ulong val)
+void cpu_put_psr_raw(CPUSPARCState *env, target_ulong val)
{
env-psr = val PSR_ICC;
#if !defined(TARGET_SPARC64)
env-psref = (val PSR_EF) ? 1 : 0;
env-psrpil = (val PSR_PIL) 8;
-#endif
-#if ((!defined(TARGET_SPARC64)) !defined(CONFIG_USER_ONLY))
-cpu_check_irqs(env);
-#endif
-#if !defined(TARGET_SPARC64)
env-psrs = (val PSR_S) ? 1 : 0;
env-psrps = (val PSR_PS) ? 1 : 0;
env-psret = (val PSR_ET) ? 1 : 0;
-cpu_set_cwp(env, val PSR_CWP);
#endif
env-cc_op = CC_OP_FLAGS;
+#if !defined(TARGET_SPARC64)
+cpu_set_cwp(env, val PSR_CWP);
+#endif
+}
+
+void cpu_put_psr(CPUSPARCState *env, target_ulong val)
+{
+cpu_put_psr_raw(env, val);
+#if ((!defined(TARGET_SPARC64)) !defined(CONFIG_USER_ONLY))
+cpu_check_irqs(env);
+#endif
}
int cpu_cwp_inc(CPUSPARCState *env, int cwp)
--
1.9.1
Re: [Qemu-devel] [PATCH for-2.5 3/6] Add new block driver interface to add/delete a BDS's child
On Fri 31 Jul 2015 11:19:12 AM CEST, Wen Congyang wrote:
+static const char *bdrv_get_id_or_node_name(BlockDriverState *bs)
+{
+if (bs-blk) {
+return blk_name(bs-blk);
+}
+
+return bs-node_name ? bs-node_name : ;
+}
You don't need to add this function, you can use
bdrv_get_device_or_node_name() instead.
Berto
Re: [Qemu-devel] [PATCH v6 03/10] netfilter: add netfilter_{add|del} commands
On 08/07/2015 10:46 AM, Yang Hongyang wrote:
add netfilter_{add|del} commands
This is mostly the same with netdev_{add|del} commands.
When we delete the netdev, we also delete the netfilter object
attached to it, because if the netdev is removed, the filters
which attached to it is useless.
Signed-off-by: Yang Hongyang yan...@cn.fujitsu.com
CC: Luiz Capitulino lcapitul...@redhat.com
CC: Markus Armbruster arm...@redhat.com
CC: Eric Blake ebl...@redhat.com
---
v6: add multiqueue support (qemu_del_net_filter)
v5: squash net: delete netfilter object when delete netdev
---
hmp-commands.hx | 30 +++
hmp.c| 29 +++
hmp.h| 4 ++
include/net/filter.h | 3 ++
monitor.c| 33 +
net/filter.c | 101
++-
net/net.c| 10 +
qapi-schema.json | 47
qmp-commands.hx | 57 +
9 files changed, 313 insertions(+), 1 deletion(-)
diff --git a/hmp-commands.hx b/hmp-commands.hx
index d3b7932..902e2d1 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1253,6 +1253,36 @@ Remove host network device.
ETEXI
{
+.name = netfilter_add,
+.args_type = netfilter:O,
+.params =
[type],id=str,netdev=str[,chain=in|out|all,prop=value][,...],
+.help = add netfilter,
+.mhandler.cmd = hmp_netfilter_add,
+.command_completion = netfilter_add_completion,
+},
+
+STEXI
+@item netfilter_add
+@findex netfilter_add
+Add netfilter.
+ETEXI
+
+{
+.name = netfilter_del,
+.args_type = id:s,
+.params = id,
+.help = remove netfilter,
+.mhandler.cmd = hmp_netfilter_del,
+.command_completion = netfilter_del_completion,
+},
+
+STEXI
+@item netfilter_del
+@findex netfilter_del
+Remove netfilter.
+ETEXI
+
+{
.name = object_add,
.args_type = object:O,
.params = [qom-type=]type,id=str[,prop=value][,...],
diff --git a/hmp.c b/hmp.c
index dcc66f1..09e3cda 100644
--- a/hmp.c
+++ b/hmp.c
@@ -15,6 +15,7 @@
#include hmp.h
#include net/net.h
+#include net/filter.h
#include net/eth.h
#include sysemu/char.h
#include sysemu/block-backend.h
@@ -1599,6 +1600,34 @@ void hmp_netdev_del(Monitor *mon, const QDict *qdict)
hmp_handle_error(mon, err);
}
+void hmp_netfilter_add(Monitor *mon, const QDict *qdict)
+{
+Error *err = NULL;
+QemuOpts *opts;
+
+opts = qemu_opts_from_qdict(qemu_find_opts(netfilter), qdict, err);
+if (err) {
+goto out;
+}
+
+netfilter_add(opts, err);
+if (err) {
+qemu_opts_del(opts);
+}
+
+out:
+hmp_handle_error(mon, err);
+}
+
+void hmp_netfilter_del(Monitor *mon, const QDict *qdict)
+{
+const char *id = qdict_get_str(qdict, id);
+Error *err = NULL;
+
+qmp_netfilter_del(id, err);
+hmp_handle_error(mon, err);
+}
+
void hmp_object_add(Monitor *mon, const QDict *qdict)
{
Error *err = NULL;
diff --git a/hmp.h b/hmp.h
index 0cf4f2a..a21dbbb 100644
--- a/hmp.h
+++ b/hmp.h
@@ -85,6 +85,8 @@ void hmp_device_del(Monitor *mon, const QDict *qdict);
void hmp_dump_guest_memory(Monitor *mon, const QDict *qdict);
void hmp_netdev_add(Monitor *mon, const QDict *qdict);
void hmp_netdev_del(Monitor *mon, const QDict *qdict);
+void hmp_netfilter_add(Monitor *mon, const QDict *qdict);
+void hmp_netfilter_del(Monitor *mon, const QDict *qdict);
void hmp_getfd(Monitor *mon, const QDict *qdict);
void hmp_closefd(Monitor *mon, const QDict *qdict);
void hmp_sendkey(Monitor *mon, const QDict *qdict);
@@ -112,6 +114,8 @@ void chardev_add_completion(ReadLineState *rs, int
nb_args, const char *str);
void set_link_completion(ReadLineState *rs, int nb_args, const char *str);
void netdev_add_completion(ReadLineState *rs, int nb_args, const char *str);
void netdev_del_completion(ReadLineState *rs, int nb_args, const char *str);
+void netfilter_add_completion(ReadLineState *rs, int nb_args, const char
*str);
+void netfilter_del_completion(ReadLineState *rs, int nb_args, const char
*str);
void ringbuf_write_completion(ReadLineState *rs, int nb_args, const char
*str);
void watchdog_action_completion(ReadLineState *rs, int nb_args,
const char *str);
diff --git a/include/net/filter.h b/include/net/filter.h
index 7a858d8..f15d83d 100644
--- a/include/net/filter.h
+++ b/include/net/filter.h
@@ -53,5 +53,8 @@ NetFilterState *qemu_new_net_filter(NetFilterInfo *info,
NetClientState *netdev,
const char *name,
int chain);
+void qemu_del_net_filter(NetFilterState *nf);
+void netfilter_add(QemuOpts
Re: [Qemu-devel] [PATCH v6 08/10] netfilter: add a netbuffer filter
On 08/07/2015 10:46 AM, Yang Hongyang wrote:
This filter is to buffer/release packets, this feature can be used
when using MicroCheckpointing, or other Remus like VM FT solutions, you
can also use it to simulate the network delay.
It has an interval option, if supplied, this filter will release
packets by interval.
Usage:
-netdev tap,id=bn0
-netfilter buffer,id=f0,netdev=bn0,chain=in,interval=1000
NOTE:
the scale of interval is microsecond.
Signed-off-by: Yang Hongyang yan...@cn.fujitsu.com
---
v6: move the interval check earlier and some comment adjust
v5: remove dummy sent_cb
change interval type from int64 to uint32
check interval!=0 when initialise
rename FILTERBUFFERState to FilterBufferState
v4: remove bh
pass the packet to next filter instead of receiver
v3: check packet's sender and sender-peer when flush it
---
net/Makefile.objs | 1 +
net/filter-buffer.c | 126
net/filter.c| 2 +
net/filters.h | 17 +++
qapi-schema.json| 18 +++-
5 files changed, 163 insertions(+), 1 deletion(-)
create mode 100644 net/filter-buffer.c
create mode 100644 net/filters.h
diff --git a/net/Makefile.objs b/net/Makefile.objs
index 914aec0..5fa2f97 100644
--- a/net/Makefile.objs
+++ b/net/Makefile.objs
@@ -14,3 +14,4 @@ common-obj-$(CONFIG_SLIRP) += slirp.o
common-obj-$(CONFIG_VDE) += vde.o
common-obj-$(CONFIG_NETMAP) += netmap.o
common-obj-y += filter.o
+common-obj-y += filter-buffer.o
diff --git a/net/filter-buffer.c b/net/filter-buffer.c
new file mode 100644
index 000..f26276c
--- /dev/null
+++ b/net/filter-buffer.c
@@ -0,0 +1,126 @@
+/*
+ * Copyright (c) 2015 FUJITSU LIMITED
+ * Author: Yang Hongyang yan...@cn.fujitsu.com
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later. See the COPYING file in the top-level directory.
+ */
+
+#include net/filter.h
+#include net/queue.h
+#include filters.h
+#include qemu-common.h
+#include qemu/timer.h
+#include qemu/iov.h
+#include qapi/qmp/qerror.h
+
+typedef struct FilterBufferState {
+NetFilterState nf;
+NetQueue *incoming_queue;
+uint32_t interval;
+QEMUTimer release_timer;
+} FilterBufferState;
+
+static void filter_buffer_flush(NetFilterState *nf)
+{
+FilterBufferState *s = DO_UPCAST(FilterBufferState, nf, nf);
+NetQueue *queue = s-incoming_queue;
+NetPacket *packet;
+
+while (queue !QTAILQ_EMPTY(queue-packets)) {
Looks like no need to check queue here. And then you can switch to use
QTAILQ_FOREACH_SAFE() to save one line of QTAILF_FIRST().
+packet = QTAILQ_FIRST(queue-packets);
+QTAILQ_REMOVE(queue-packets, packet, entry);
+queue-nq_count--;
+
+if (packet-sender packet-sender-peer) {
+qemu_netfilter_pass_to_next(nf, packet);
+}
+
+/*
+ * now that we have passed the packet to next filter (or there's
+ * no receiver). If it's queued by receiver's incoming_queue, there
+ * will be a copy of the packet-data, so simply free this packet
+ * now.
+ */
+g_free(packet);
In the future, we may consider to avoid the extra copy. This could be
done on top of this series.
Re: [Qemu-devel] [PATCH v3 2/2] make: load only required dependency files.
On Sun, Aug 09, 2015 at 12:54:37PM +0100, Peter Maydell wrote: On 9 August 2015 at 12:39, Michael S. Tsirkin m...@redhat.com wrote: On Sun, Aug 09, 2015 at 12:39:59PM +0300, Victor Kaplansky wrote: -$(eval -include $(addsuffix *.d, $(sort $(dir $($v) +$(eval -include $(patsubst %.o,%.d,$(patsubst %.mo,%.d,$($v $(eval $v := $(filter-out %/,$($v endef Please add space after each comma. (I thought we discussed this in v1 review?) We don't seem to be completely consistent in our makefile style, but I would say that the majority of it is written in the same style used in the GNU Make docs, with no spaces after commas. Looking into qemu sources I see that most patsubst patterns are written without spaces after first comma. About the same situation is in linux kernel sources. So, as for now, the style recommendation probably would be not to use spaces, but spaces after comma are acceptable. If we want to change this style recommendation, we can create another cosmetic patch addressing the change in style. -- Victor
Re: [Qemu-devel] [PATCH for-2.5 5/6] qmp: add monitor command to add/remove a child
On Mon 10 Aug 2015 03:00:32 AM CEST, Wen Congyang we...@cn.fujitsu.com wrote: +# @child-add +# +# Add a new child to quorum. This is useful to fix a broken quorum child. But the idea is that this can be eventually used by other drivers, isn't it? Yes, but is is only used for quorum now. I don't find any other driver needs this feature. Maybe it's clearer if the documentation describes the general case and then adds something like Currently only the Quorum driver implements this feature. Then again I don't have a very strong opinion, if I'm the only one who thinks like this you can leave it as it is now. Berto
Re: [Qemu-devel] [PATCH v6 00/10] For QEMU 2.5: Add a netfilter object and netbuffer filter
On 08/07/2015 10:46 AM, Yang Hongyang wrote:
Add multiqueue support in v6.
This patch add a new object netfilter, capture all network packets.
Also implement a netbuffer based on this object.
the buffer netfilter could be used by VM FT solutions like
MicroCheckpointing, to buffer/release packets. Or to simulate
packet delay.
You can also get the series from:
https://github.com/macrosheep/qemu/tree/netfilter-v6
Usage:
-netdev tap,id=bn0
-netfilter buffer,id=f0,netdev=bn0,chain=in,interval=1000
-device e1000,netdev=bn0
dynamically add/remove netfilters:
netfilter_add buffer,id=f0,netdev=bn0,chain=in,interval=1000
netfilter_del f0
NOTE:
interval's scale is microsecond.
chain is optional, and is one of in|out|all, default is all.
in means this filter will receive packets sent to the @netdev
out means this filter will receive packets sent from the @netdev
all means this filter will receive packets both sent to/from
the @netdev
TODO:
- dump
v6:
- add multiqueue support, please see individual patch for detail
v5:
- add a sent_cb param to filter receive_iov api
- squash the 4th patch into patch 3
- remove dummy sent_cb (buffer filter)
- addressed Jason's other comments, see individual patches for detail
v4:
- get rid of struct Filter
- squash the 4th patch into patch 2
- fix qemu_netfilter_pass_to_next_iov
- get rid of bh (buffer filter)
- release the packet to next filter instead of to receiver (buffer filter)
v3:
- add an api to pass the packet to next filter
- remove netfilters when delete netdev
- add qtest testcases for netfilter
- addressed comments from Jason
v2:
- add a chain option to netfilter object
- move the hook place earlier, before net_queue_send
- drop the unused api in buffer filter
- squash buffer filter patches into one
- remove receive() api from netfilter, only receive_iov() is enough
- addressed comments from JasonThomas
v1:
initial patch.
Yang Hongyang (10):
net: add a new object netfilter
init/cleanup of netfilter object
netfilter: add netfilter_{add|del} commands
netfilter: hook packets before net queue send
move out net queue structs define
netfilter: add an API to pass the packet to next filter
net/queue: export qemu_net_queue_append_iov
netfilter: add a netbuffer filter
filter/buffer: update command description and help
tests: add test cases for netfilter object
hmp-commands.hx | 30 +
hmp.c | 29 +
hmp.h | 4 +
include/net/filter.h| 63 ++
include/net/net.h | 1 +
include/net/queue.h | 26 +
include/qemu/typedefs.h | 1 +
include/sysemu/sysemu.h | 1 +
monitor.c | 33 ++
net/Makefile.objs | 2 +
net/filter-buffer.c | 126
net/filter.c| 302
net/filters.h | 17 +++
net/net.c | 77
net/queue.c | 31 +
qapi-schema.json| 100
qemu-options.hx | 4 +
qmp-commands.hx | 57 +
tests/.gitignore| 1 +
tests/Makefile | 2 +
tests/test-netfilter.c | 194 +++
vl.c| 13 +++
22 files changed, 1089 insertions(+), 25 deletions(-)
create mode 100644 include/net/filter.h
create mode 100644 net/filter-buffer.c
create mode 100644 net/filter.c
create mode 100644 net/filters.h
create mode 100644 tests/test-netfilter.c
Thanks for the patches. Overall looks good to me, just have some minor
comments, see individual patches for details.
I think we need something like info filter to display filters
information, or just add them in info network
Re: [Qemu-devel] [PATCH for-2.5 3/6] Add new block driver interface to add/delete a BDS's child
On 08/10/2015 04:19 PM, Alberto Garcia wrote:
On Fri 31 Jul 2015 11:19:12 AM CEST, Wen Congyang wrote:
+static const char *bdrv_get_id_or_node_name(BlockDriverState *bs)
+{
+if (bs-blk) {
+return blk_name(bs-blk);
+}
+
+return bs-node_name ? bs-node_name : ;
+}
You don't need to add this function, you can use
bdrv_get_device_or_node_name() instead.
Yes, I will update it in the next version.
Thanks
Wen Congyang
Berto
.
