Re: [Qemu-devel] [RFC]virtio-blk: add disk-name device property

[Yang Zhang]

On 2017/1/12 10:22, Fam Zheng wrote:

On Thu, 01/12 09:22, Yang Zhang wrote:

On 2017/1/4 22:44, Stefan Hajnoczi wrote:

On Tue, Jan 03, 2017 at 10:53:06AM -0600, Eric Blake wrote:

On 12/29/2016 08:41 PM, Junkang Fu wrote:

>From 74e913fc41ea98d1dde692175f1e3fb6729342aa Mon Sep 17 00:00:00 2001
From: "junkang.fjk" 
Date: Wed, 24 Aug 2016 19:36:53 +0800
Subject: [PATCH] virtio-blk: add disk-name device property

Current virtio-blk disk name(ex. /dev/vdb) has nothing to do with the
target dev
name specified in libvirt xml file. For example, we may get disk name
/dev/vdb in
VM while target dev specified in libvirt xml is vdc.


It's not really libvirt's fault.  The libvirt XML names are for
convenience, but nothing on the host side requires the guest to pick the
same naming scheme as the host.

I guess your proposal is to enhance the virtio spec such that clients
that are new enough to honor the new addition to the virtio spec will
change their name-picking algorithm to use the name provided by the
host, rather than their current approach of picking whatever name they
feel like, and then enhance libvirt to pass the XML name on down to the
guest?  It might work, but as others have pointed out, it will require a
virtio spec change first.


This change is unnecessary.  The -device virtio-blk-pci,serial= property
already exists for this purpose.


how about the /dev/vdabc? I guess lots of people prefer to use it instead of
/dev/disk/by-id/xxx?


I disagree. Using /dev/sdX has exactly the same issue and that's why fstab and
boot loader etc almost always use UUID or disk label by default because they are
more stable.


I mean does it also change the /dev/sdX to the name specified in 
serial=sdX or it just show the name under /dev/disk/by-id/



--
Yang
Alibaba Cloud Computing

[Qemu-devel] [PATCH RFC v2 09/12] vfio/ccw: get irqs info and set the eventfd fd

[Dong Jia Shi]

From: Xiao Feng Ren 

vfio-ccw resorts to the eventfd mechanism to communicate with userspace.
We fetch the irqs info via the ioctl VFIO_DEVICE_GET_IRQ_INFO,
register a event notifier to get the eventfd fd which is sent
to kernel via the ioctl VFIO_DEVICE_SET_IRQS, then we can implement
read operation once kernel sends the signal.

Signed-off-by: Xiao Feng Ren 
---
 hw/vfio/ccw.c | 102 ++
 1 file changed, 102 insertions(+)

diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c
index 93394c2..c6bfce7 100644
--- a/hw/vfio/ccw.c
+++ b/hw/vfio/ccw.c
@@ -21,6 +21,7 @@
 #include "hw/vfio/vfio-common.h"
 #include "hw/s390x/s390-ccw.h"
 #include "hw/s390x/ccw-device.h"
+#include "qemu/error-report.h"
 #include "standard-headers/asm-s390/vfio_ccw.h"
 
 #define TYPE_VFIO_CCW "vfio-ccw"
@@ -30,6 +31,7 @@ typedef struct VFIOCCWDevice {
 uint64_t io_region_size;
 uint64_t io_region_offset;
 struct ccw_io_region *io_region;
+EventNotifier io_notifier;
 } VFIOCCWDevice;
 
 static void vfio_ccw_compute_needs_reset(VFIODevice *vdev)
@@ -54,6 +56,98 @@ static void vfio_ccw_reset(DeviceState *dev)
 ioctl(vcdev->vdev.fd, VFIO_DEVICE_RESET);
 }
 
+static void vfio_ccw_io_notifier_handler(void *opaque)
+{
+VFIOCCWDevice *vcdev = opaque;
+
+if (!event_notifier_test_and_clear(>io_notifier)) {
+return;
+}
+}
+
+static void vfio_ccw_register_io_notifier(VFIOCCWDevice *vcdev, Error **errp)
+{
+VFIODevice *vdev = >vdev;
+struct vfio_irq_info *irq_info;
+struct vfio_irq_set *irq_set;
+size_t argsz;
+int32_t *pfd;
+
+if (vdev->num_irqs != VFIO_CCW_NUM_IRQS) {
+error_setg(errp, "vfio: unexpected number of io irqs %u",
+   vdev->num_irqs);
+return;
+}
+
+argsz = sizeof(*irq_set);
+irq_info = g_malloc0(argsz);
+irq_info->index = VFIO_CCW_IO_IRQ_INDEX;
+irq_info->argsz = argsz;
+if (ioctl(vdev->fd, VFIO_DEVICE_GET_IRQ_INFO,
+  irq_info) < 0 || irq_info->count < 1) {
+error_setg(errp, "vfio: Error getting irq info");
+goto get_error;
+}
+
+if (event_notifier_init(>io_notifier, 0)) {
+error_setg(errp, "vfio: Unable to init event notifier for IO");
+goto get_error;
+}
+
+argsz = sizeof(*irq_set) + sizeof(*pfd);
+irq_set = g_malloc0(argsz);
+irq_set->argsz = argsz;
+irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD |
+ VFIO_IRQ_SET_ACTION_TRIGGER;
+irq_set->index = VFIO_CCW_IO_IRQ_INDEX;
+irq_set->start = 0;
+irq_set->count = 1;
+pfd = (int32_t *) _set->data;
+
+*pfd = event_notifier_get_fd(>io_notifier);
+qemu_set_fd_handler(*pfd, vfio_ccw_io_notifier_handler, NULL, vcdev);
+if (ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, irq_set)) {
+error_setg(errp, "vfio: Failed to set up io notification");
+qemu_set_fd_handler(*pfd, NULL, NULL, vcdev);
+event_notifier_cleanup(>io_notifier);
+goto set_error;
+}
+
+set_error:
+g_free(irq_set);
+
+get_error:
+g_free(irq_info);
+}
+
+static void vfio_ccw_unregister_io_notifier(VFIOCCWDevice *vcdev)
+{
+struct vfio_irq_set *irq_set;
+size_t argsz;
+int32_t *pfd;
+
+argsz = sizeof(*irq_set) + sizeof(*pfd);
+irq_set = g_malloc0(argsz);
+irq_set->argsz = argsz;
+irq_set->flags = VFIO_IRQ_SET_DATA_EVENTFD |
+ VFIO_IRQ_SET_ACTION_TRIGGER;
+irq_set->index = VFIO_CCW_IO_IRQ_INDEX;
+irq_set->start = 0;
+irq_set->count = 1;
+pfd = (int32_t *) _set->data;
+*pfd = -1;
+
+if (ioctl(vcdev->vdev.fd, VFIO_DEVICE_SET_IRQS, irq_set)) {
+error_report("vfio: Failed to de-assign device io fd");
+}
+
+qemu_set_fd_handler(event_notifier_get_fd(>io_notifier),
+NULL, NULL, vcdev);
+event_notifier_cleanup(>io_notifier);
+
+g_free(irq_set);
+}
+
 static void vfio_ccw_get_region(VFIOCCWDevice *vcdev, Error **errp)
 {
 VFIODevice *vdev = >vdev;
@@ -193,8 +287,15 @@ static void vfio_ccw_realize(DeviceState *dev, Error 
**errp)
 goto out_region_err;
 }
 
+vfio_ccw_register_io_notifier(vcdev, errp);
+if (*errp) {
+goto out_notifier_err;
+}
+
 return;
 
+out_notifier_err:
+vfio_ccw_put_region(vcdev);
 out_region_err:
 vfio_put_device(vcdev);
 out_device_err:
@@ -217,6 +318,7 @@ static void vfio_ccw_unrealize(DeviceState *dev, Error 
**errp)
 cdc->unrealize(cdev, errp);
 }
 
+vfio_ccw_unregister_io_notifier(vcdev);
 vfio_ccw_put_region(vcdev);
 vfio_put_device(vcdev);
 vfio_put_group(group);
-- 
2.8.4

[Qemu-devel] [PATCH RFC v2 12/12] vfio/ccw: update sense data if a unit check is pending

[Dong Jia Shi]

Concurrent-sense data is currently not delivered. This patch stores
the concurrent-sense data to the subchannel if a unit check is pending
and the concurrent-sense bit is enabled. Then a TSCH can retreive the
right IRB data back to the guest.

Signed-off-by: Dong Jia Shi 
---
 hw/vfio/ccw.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c
index 34c719a..cc745b0 100644
--- a/hw/vfio/ccw.c
+++ b/hw/vfio/ccw.c
@@ -94,6 +94,7 @@ static void vfio_ccw_io_notifier_handler(void *opaque)
 CcwDevice *ccw_dev = CCW_DEVICE(cdev);
 SubchDev *sch = ccw_dev->sch;
 SCSW *s = >curr_status.scsw;
+PMCW *p = >curr_status.pmcw;
 IRB irb;
 
 if (!event_notifier_test_and_clear(>io_notifier)) {
@@ -133,6 +134,12 @@ static void vfio_ccw_io_notifier_handler(void *opaque)
 /* Update control block via irb. */
 copy_scsw_to_guest(s, );
 
+/* If a uint check is pending, copy sense data. */
+if ((s->dstat & SCSW_DSTAT_UNIT_CHECK) &&
+(p->chars & PMCW_CHARS_MASK_CSENSE)) {
+memcpy(sch->sense_data, irb.ecw, sizeof(irb.ecw));
+}
+
 read_err:
 css_inject_io_interrupt(sch);
 }
-- 
2.8.4

[Qemu-devel] [PATCH RFC v2 08/12] vfio/ccw: get io region info

[Dong Jia Shi]

vfio-ccw provides an MMIO region for I/O operations. We fetch its
information via ioctls here, then we can use it performing I/O
instructions and retrieving I/O results later on.

Signed-off-by: Xiao Feng Ren 
---
 hw/vfio/ccw.c | 52 
 1 file changed, 52 insertions(+)

diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c
index 881010b..93394c2 100644
--- a/hw/vfio/ccw.c
+++ b/hw/vfio/ccw.c
@@ -21,11 +21,15 @@
 #include "hw/vfio/vfio-common.h"
 #include "hw/s390x/s390-ccw.h"
 #include "hw/s390x/ccw-device.h"
+#include "standard-headers/asm-s390/vfio_ccw.h"
 
 #define TYPE_VFIO_CCW "vfio-ccw"
 typedef struct VFIOCCWDevice {
 S390CCWDevice cdev;
 VFIODevice vdev;
+uint64_t io_region_size;
+uint64_t io_region_offset;
+struct ccw_io_region *io_region;
 } VFIOCCWDevice;
 
 static void vfio_ccw_compute_needs_reset(VFIODevice *vdev)
@@ -50,6 +54,46 @@ static void vfio_ccw_reset(DeviceState *dev)
 ioctl(vcdev->vdev.fd, VFIO_DEVICE_RESET);
 }
 
+static void vfio_ccw_get_region(VFIOCCWDevice *vcdev, Error **errp)
+{
+VFIODevice *vdev = >vdev;
+struct vfio_region_info *info;
+int ret;
+
+/* Sanity check device */
+if (!(vdev->flags & VFIO_DEVICE_FLAGS_CCW)) {
+error_setg(errp, "vfio: Um, this isn't a vfio-ccw device");
+return;
+}
+
+if (vdev->num_regions != VFIO_CCW_NUM_REGIONS) {
+error_setg(errp, "vfio: Unexpected number of the I/O region %u",
+   vdev->num_regions);
+return;
+}
+
+ret = vfio_get_region_info(vdev, VFIO_CCW_CONFIG_REGION_INDEX, );
+if (ret) {
+error_setg(errp, "vfio: Error getting config info: %d", ret);
+return;
+}
+
+vcdev->io_region_size = info->size;
+if (sizeof(*vcdev->io_region) != vcdev->io_region_size) {
+error_setg(errp, "vfio: Unexpected size of the I/O region");
+return;
+}
+vcdev->io_region_offset = info->offset;
+vcdev->io_region = g_malloc0(info->size);
+
+g_free(info);
+}
+
+static void vfio_ccw_put_region(VFIOCCWDevice *vcdev)
+{
+g_free(vcdev->io_region);
+}
+
 static void vfio_put_device(VFIOCCWDevice *vcdev)
 {
 g_free(vcdev->vdev.name);
@@ -144,8 +188,15 @@ static void vfio_ccw_realize(DeviceState *dev, Error 
**errp)
 goto out_device_err;
 }
 
+vfio_ccw_get_region(vcdev, errp);
+if (*errp) {
+goto out_region_err;
+}
+
 return;
 
+out_region_err:
+vfio_put_device(vcdev);
 out_device_err:
 vfio_ccw_put_group(group, path);
 out_group_err:
@@ -166,6 +217,7 @@ static void vfio_ccw_unrealize(DeviceState *dev, Error 
**errp)
 cdc->unrealize(cdev, errp);
 }
 
+vfio_ccw_put_region(vcdev);
 vfio_put_device(vcdev);
 vfio_put_group(group);
 }
-- 
2.8.4

[Qemu-devel] [PATCH RFC v2 06/12] s390x/css: device support for s390-ccw passthrough

[Dong Jia Shi]

From: Xiao Feng Ren 

In order to support subchannels pass-through, we introduce a s390
subchannel device called "s390-ccw" to hold the real subchannel info.
The s390-ccw devices inherit from the abstract CcwDevice which connect
to the existing virtual-css-bus.

Signed-off-by: Xiao Feng Ren 
---
 hw/s390x/Makefile.objs|   1 +
 hw/s390x/css-bridge.c |   3 ++
 hw/s390x/s390-ccw.c   | 120 ++
 hw/s390x/s390-ccw.h   |  37 +
 include/hw/s390x/css-bridge.h |   1 +
 5 files changed, 162 insertions(+)
 create mode 100644 hw/s390x/s390-ccw.c
 create mode 100644 hw/s390x/s390-ccw.h

diff --git a/hw/s390x/Makefile.objs b/hw/s390x/Makefile.objs
index 41ac4ec..72a3d37 100644
--- a/hw/s390x/Makefile.objs
+++ b/hw/s390x/Makefile.objs
@@ -13,3 +13,4 @@ obj-y += ccw-device.o
 obj-y += s390-pci-bus.o s390-pci-inst.o
 obj-y += s390-skeys.o
 obj-$(CONFIG_KVM) += s390-skeys-kvm.o
+obj-y += s390-ccw.o
diff --git a/hw/s390x/css-bridge.c b/hw/s390x/css-bridge.c
index 9a7f7ee..6523242 100644
--- a/hw/s390x/css-bridge.c
+++ b/hw/s390x/css-bridge.c
@@ -17,6 +17,7 @@
 #include "hw/s390x/css.h"
 #include "ccw-device.h"
 #include "hw/s390x/css-bridge.h"
+#include "target-s390x/cpu.h"
 
 /*
  * Invoke device-specific unplug handler, disable the subchannel
@@ -104,6 +105,8 @@ VirtualCssBus *virtual_css_bus_init(void)
 bus = qbus_create(TYPE_VIRTUAL_CSS_BUS, dev, "virtual-css");
 cbus = VIRTUAL_CSS_BUS(bus);
 
+cbus->map_vir_css = s390_get_map_css();
+
 /* Enable hotplugging */
 qbus_set_hotplug_handler(bus, dev, _abort);
 
diff --git a/hw/s390x/s390-ccw.c b/hw/s390x/s390-ccw.c
new file mode 100644
index 000..6881fc6
--- /dev/null
+++ b/hw/s390x/s390-ccw.c
@@ -0,0 +1,120 @@
+/*
+ * s390 CCW Assignment Support
+ *
+ * Copyright 2017 IBM Corp
+ * Author(s): Dong Jia Shi 
+ *Xiao Feng Ren 
+ *Pierre Morel 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2
+ * or (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "hw/sysbus.h"
+#include "libgen.h"
+#include "hw/s390x/css.h"
+#include "hw/s390x/css-bridge.h"
+#include "s390-ccw.h"
+
+static void s390_ccw_realize(S390CCWDevice *cdev, Error **errp)
+{
+CcwDevice *ccw_dev = CCW_DEVICE(cdev);
+DeviceState *parent = DEVICE(ccw_dev);
+BusState *qbus;
+VirtualCssBus *cbus;
+SubchDev *sch;
+CssDevId bus_id;
+int ret;
+
+if (!cdev->hostid.valid) {
+error_setg(errp, "Invalid hostid");
+return;
+}
+
+qbus = qdev_get_parent_bus(parent);
+cbus = VIRTUAL_CSS_BUS(qbus);
+if (ccw_dev->bus_id.valid) {
+bus_id = ccw_dev->bus_id;
+
+if (bus_id.cssid == VIRTUAL_CSSID) {
+error_setg(errp, "Bad guest id: VIRTUAL_CSSID %x forbidden",
+   bus_id.cssid);
+return;
+}
+
+if (!cbus->map_vir_css) {
+ret = css_create_css_image(bus_id.cssid, false);
+if (ret == -EINVAL) {
+error_setg(errp, "Invalid cssid: %x", bus_id.cssid);
+return;
+}
+}
+} else {
+bus_id = cdev->hostid;
+}
+
+if (cbus->map_vir_css) {
+bus_id.cssid = VIRTUAL_CSSID;
+}
+
+sch = css_create_sch(bus_id, errp);
+if (!sch) {
+return;
+}
+
+sch->driver_data = cdev;
+
+ret = css_sch_build_schib(sch, >hostid);
+if (ret) {
+error_setg(errp, "%s: Failed to build initial schib: %d",
+   __func__, ret);
+css_subch_assign(sch->cssid, sch->ssid, sch->schid, sch->devno, NULL);
+g_free(sch);
+return;
+}
+css_generate_sch_crws(sch->cssid, sch->ssid, sch->schid,
+  parent->hotplugged, 1);
+
+ccw_dev->sch = sch;
+return;
+}
+
+static void s390_ccw_unrealize(S390CCWDevice *cdev, Error **errp)
+{
+CcwDevice *ccw_dev = CCW_DEVICE(cdev);
+SubchDev *sch = ccw_dev->sch;
+
+if (sch) {
+css_subch_assign(sch->cssid, sch->ssid, sch->schid, sch->devno, NULL);
+g_free(sch);
+ccw_dev->sch = NULL;
+}
+}
+
+static void s390_ccw_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+S390CCWDeviceClass *cdc = S390_CCW_DEVICE_CLASS(klass);
+
+dc->bus_type = TYPE_VIRTUAL_CSS_BUS;
+cdc->realize = s390_ccw_realize;
+cdc->unrealize = s390_ccw_unrealize;
+}
+
+static const TypeInfo s390_ccw_info = {
+.name  = TYPE_S390_CCW,
+.parent= TYPE_CCW_DEVICE,
+.instance_size = sizeof(S390CCWDevice),
+.abstract  = true,
+.class_size= sizeof(S390CCWDeviceClass),
+.class_init= s390_ccw_class_init,
+};
+
+static 

[Qemu-devel] [PATCH RFC v2 11/12] s390x/css: ccws translation infrastructure

[Dong Jia Shi]

From: Xiao Feng Ren 

Implement a basic infrastructure of handling channel I/O instruction
interception for passed through subchannels:
1. Branch the code path of instruction interception handling by
   SubChannel type.
2. For a passed-through subchannel, issue the ORB to kernel to do ccw
   translation and perform an I/O operation.
3. Assign different condition code based on the I/O result, or
   trigger a program check.

Signed-off-by: Xiao Feng Ren 
---
 hw/s390x/css.c | 88 ++
 hw/s390x/s390-ccw.c| 12 +++
 hw/s390x/virtio-ccw.c  |  1 +
 include/hw/s390x/css.h |  4 +++
 target-s390x/ioinst.c  |  9 ++
 5 files changed, 108 insertions(+), 6 deletions(-)

diff --git a/hw/s390x/css.c b/hw/s390x/css.c
index c3a323e..0e3b0ae 100644
--- a/hw/s390x/css.c
+++ b/hw/s390x/css.c
@@ -500,7 +500,7 @@ static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr,
 return ret;
 }
 
-static void sch_handle_start_func(SubchDev *sch, ORB *orb)
+static void sch_handle_start_func_virtual(SubchDev *sch, ORB *orb)
 {
 
 PMCW *p = >curr_status.pmcw;
@@ -599,13 +599,57 @@ static void sch_handle_start_func(SubchDev *sch, ORB *orb)
 
 }
 
+static int sch_handle_start_func_passthrough(SubchDev *sch, ORB *orb)
+{
+
+PMCW *p = >curr_status.pmcw;
+SCSW *s = >curr_status.scsw;
+int ret;
+
+if (!(s->ctrl & SCSW_ACTL_SUSP)) {
+assert(orb != NULL);
+p->intparm = orb->intparm;
+}
+
+/*
+ * Only support prefetch enable mode.
+ * Only support 64bit addressing idal.
+ */
+if (!(orb->ctrl0 & ORB_CTRL0_MASK_PFCH) ||
+!(orb->ctrl0 & ORB_CTRL0_MASK_C64)) {
+return -EINVAL;
+}
+
+ret = s390_ccw_cmd_request(orb, s, sch->driver_data);
+switch (ret) {
+/* Currently we don't update control block and just return the cc code. */
+case 0:
+break;
+case -EBUSY:
+break;
+case -ENODEV:
+break;
+case -EACCES:
+/* Let's reflect an inaccessible host device by cc 3. */
+ret = -ENODEV;
+break;
+default:
+   /* All other return codes will trigger a program check,
+* or set cc to 1.
+*/
+   break;
+};
+
+return ret;
+}
+
 /*
  * On real machines, this would run asynchronously to the main vcpus.
  * We might want to make some parts of the ssch handling (interpreting
  * read/writes) asynchronous later on if we start supporting more than
  * our current very simple devices.
  */
-static void do_subchannel_work(SubchDev *sch, ORB *orb)
+int do_subchannel_work_virtual(SubchDev *sch, ORB *orb)
 {
 
 SCSW *s = >curr_status.scsw;
@@ -616,12 +660,45 @@ static void do_subchannel_work(SubchDev *sch, ORB *orb)
 sch_handle_halt_func(sch);
 } else if (s->ctrl & SCSW_FCTL_START_FUNC) {
 /* Triggered by both ssch and rsch. */
-sch_handle_start_func(sch, orb);
+sch_handle_start_func_virtual(sch, orb);
 } else {
 /* Cannot happen. */
-return;
+return 0;
 }
 css_inject_io_interrupt(sch);
+return 0;
+}
+
+int do_subchannel_work_passthrough(SubchDev *sch, ORB *orb)
+{
+int ret;
+SCSW *s = >curr_status.scsw;
+
+if (s->ctrl & SCSW_FCTL_CLEAR_FUNC) {
+/* TODO: Clear handling */
+sch_handle_clear_func(sch);
+ret = 0;
+} else if (s->ctrl & SCSW_FCTL_HALT_FUNC) {
+/* TODO: Halt handling */
+sch_handle_halt_func(sch);
+ret = 0;
+} else if (s->ctrl & SCSW_FCTL_START_FUNC) {
+ret = sch_handle_start_func_passthrough(sch, orb);
+} else {
+/* Cannot happen. */
+return -ENODEV;
+}
+
+return ret;
+}
+
+static int do_subchannel_work(SubchDev *sch, ORB *orb)
+{
+if (sch->do_subchannel_work) {
+return sch->do_subchannel_work(sch, orb);
+} else {
+return -EINVAL;
+}
 }
 
 static void copy_pmcw_to_guest(PMCW *dest, const PMCW *src)
@@ -940,8 +1017,7 @@ int css_do_ssch(SubchDev *sch, ORB *orb)
 s->ctrl |= (SCSW_FCTL_START_FUNC | SCSW_ACTL_START_PEND);
 s->flags &= ~SCSW_FLAGS_MASK_PNO;
 
-do_subchannel_work(sch, orb);
-ret = 0;
+ret = do_subchannel_work(sch, orb);
 
 out:
 return ret;
diff --git a/hw/s390x/s390-ccw.c b/hw/s390x/s390-ccw.c
index 6881fc6..58fb916 100644
--- a/hw/s390x/s390-ccw.c
+++ b/hw/s390x/s390-ccw.c
@@ -18,6 +18,17 @@
 #include "hw/s390x/css-bridge.h"
 #include "s390-ccw.h"
 
+int s390_ccw_cmd_request(ORB *orb, SCSW *scsw, void *data)
+{
+S390CCWDevice *cdev = data;
+
+if (cdev->handle_request) {
+return cdev->handle_request(orb, scsw, data);
+} else {
+return -ENOSYS;
+}
+}
+
 static void s390_ccw_realize(S390CCWDevice *cdev, Error **errp)
 {
 CcwDevice *ccw_dev = CCW_DEVICE(cdev);
@@ -65,6 +76,7 @@ static void s390_ccw_realize(S390CCWDevice *cdev, Error 
**errp)
 }
 
 sch->driver_data = cdev;

[Qemu-devel] [PATCH] doc/usb2: fix typo

[Cao jin]

Signed-off-by: Cao jin 
---
 docs/usb2.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/usb2.txt b/docs/usb2.txt
index c7a445afcd55..b9e75480737c 100644
--- a/docs/usb2.txt
+++ b/docs/usb2.txt
@@ -19,7 +19,7 @@ the controller so the USB 2.0 bus gets a individual name, for 
example
 '-device usb-ehci,id=ehci".  This will give you a USB 2.0 bus named
 "ehci.0".
 
-I strongly recomment to also use -device to attach usb devices because
+I strongly recommend to also use -device to attach usb devices because
 you can specify the bus they should be attached to this way.  Here is
 a complete example:
 
-- 
2.1.0

[Qemu-devel] [PATCH RFC v2 03/12] s390x/css: add s390-map-css machine option

[Dong Jia Shi]

From: Xiao Feng Ren 

We want to support real (i.e. not virtual) channel devices
even for guests that do not support MCSS-E (where guests may
see devices from any channel subsystem image at once). As all
virtio-ccw devices are in css 0xfe (and show up in the default
css 0 for guests not activating MCSS-E), we need an option to
map e.g. passed-through subchannels from their real css (0-3,
or 0 for hosts not activating MCSS-E) into the default css.
This will be exploited in a later patch.

Signed-off-by: Xiao Feng Ren 
---
 hw/s390x/s390-virtio-ccw.c | 23 +++
 include/hw/s390x/s390-virtio-ccw.h |  1 +
 qemu-options.hx|  6 +-
 target-s390x/cpu.h | 10 ++
 4 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index e340eab..4e8ffda 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -272,6 +272,21 @@ bool cpu_model_allowed(void)
 return true;
 }
 
+static inline bool machine_get_map_css(Object *obj, Error **errp)
+{
+S390CcwMachineState *ms = S390_CCW_MACHINE(obj);
+
+return ms->s390_map_css;
+}
+
+static inline void machine_set_map_css(Object *obj, bool value,
+   Error **errp)
+{
+S390CcwMachineState *ms = S390_CCW_MACHINE(obj);
+
+ms->s390_map_css = value;
+}
+
 static inline void s390_machine_initfn(Object *obj)
 {
 object_property_add_bool(obj, "aes-key-wrap",
@@ -289,6 +304,14 @@ static inline void s390_machine_initfn(Object *obj)
 "enable/disable DEA key wrapping using the CPACF wrapping key",
 NULL);
 object_property_set_bool(obj, true, "dea-key-wrap", NULL);
+
+object_property_add_bool(obj, "s390-map-css",
+ machine_get_map_css,
+ machine_set_map_css, NULL);
+object_property_set_description(obj, "s390-map-css",
+"enable/disable mapping passed-through subchannels into the "
+"virtual css", NULL);
+object_property_set_bool(obj, false, "s390-map-css", NULL);
 }
 
 static const TypeInfo ccw_machine_info = {
diff --git a/include/hw/s390x/s390-virtio-ccw.h 
b/include/hw/s390x/s390-virtio-ccw.h
index 6ecae00..bbc1d21 100644
--- a/include/hw/s390x/s390-virtio-ccw.h
+++ b/include/hw/s390x/s390-virtio-ccw.h
@@ -28,6 +28,7 @@ typedef struct S390CcwMachineState {
 /*< public >*/
 bool aes_key_wrap;
 bool dea_key_wrap;
+bool s390_map_css;
 } S390CcwMachineState;
 
 typedef struct S390CcwMachineClass {
diff --git a/qemu-options.hx b/qemu-options.hx
index c534a2f..293783c 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -43,7 +43,8 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
 "dea-key-wrap=on|off controls support for DEA key wrapping 
(default=on)\n"
 "suppress-vmdesc=on|off disables self-describing migration 
(default=off)\n"
 "nvdimm=on|off controls NVDIMM support (default=off)\n"
-"enforce-config-section=on|off enforce configuration 
section migration (default=off)\n",
+"enforce-config-section=on|off enforce configuration 
section migration (default=off)\n"
+"s390-map-css=on|off controls support for mapping into 
virtual css (default=off)\n",
 QEMU_ARCH_ALL)
 STEXI
 @item -machine [type=]@var{name}[,prop=@var{value}[,...]]
@@ -82,6 +83,9 @@ controls whether DEA wrapping keys will be created to allow
 execution of DEA cryptographic functions.  The default is on.
 @item nvdimm=on|off
 Enables or disables NVDIMM support. The default is off.
+@item s390-map-css=on|off
+Enables or disables mapping passed-through subchannels into the virtual css.
+The default is off.
 @end table
 ETEXI
 
diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index fd36a25..85d705d 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -1249,6 +1249,16 @@ static inline void s390_crypto_reset(void)
 }
 }
 
+static inline bool s390_get_map_css(void)
+{
+if (object_property_get_bool(OBJECT(qdev_get_machine()), "s390-map-css",
+ NULL)) {
+return true;
+}
+
+return false;
+}
+
 /* machine check interruption code */
 
 /* subclasses */
-- 
2.8.4

[Qemu-devel] [PATCH RFC v2 05/12] s390x/css: realize css_create_sch

[Dong Jia Shi]

The S390 virtual css support already has a mechanism to create a
virtual subchannel and provide it to the guest. However, to
pass-through subchannels to a guest, we need to introduce a new
mechanism to create the subchannel according to the real device
information. Thus we realize a new css_create_sch function to
allocate and initialize the subchannel according to the real
device information.

Signed-off-by: Dong Jia Shi 
Reviewed-by: Pierre Morel 
---
 hw/s390x/css.c | 39 +++
 include/hw/s390x/css.h | 15 +++
 2 files changed, 54 insertions(+)

diff --git a/hw/s390x/css.c b/hw/s390x/css.c
index 8703bc3..67fe468 100644
--- a/hw/s390x/css.c
+++ b/hw/s390x/css.c
@@ -1486,6 +1486,19 @@ bool css_devno_used(uint8_t cssid, uint8_t ssid, 
uint16_t devno)
   channel_subsys.css[cssid]->sch_set[ssid]->devnos_used);
 }
 
+bool css_schid_used(uint8_t cssid, uint8_t ssid, uint16_t schid)
+{
+if (!channel_subsys.css[cssid]) {
+return false;
+}
+if (!channel_subsys.css[cssid]->sch_set[ssid]) {
+return false;
+}
+
+return !!test_bit(schid,
+  channel_subsys.css[cssid]->sch_set[ssid]->schids_used);
+}
+
 void css_subch_assign(uint8_t cssid, uint8_t ssid, uint16_t schid,
   uint16_t devno, SubchDev *sch)
 {
@@ -1911,6 +1924,32 @@ SubchDev *css_create_virtual_sch(CssDevId bus_id, Error 
**errp)
 return sch;
 }
 
+SubchDev *css_create_sch(CssDevId bus_id, Error **errp)
+{
+uint32_t devno;
+SubchDev *sch;
+
+if (css_schid_used(bus_id.cssid, bus_id.ssid, bus_id.devid)) {
+error_setg(errp, "Subchannel %x.%x.%04x already exists",
+   bus_id.cssid, bus_id.ssid, bus_id.devid);
+return NULL;
+}
+
+devno = css_find_free_devno(bus_id.cssid, bus_id.ssid, bus_id.devid);
+if (devno > MAX_DEVNO) {
+error_setg(errp, "No free devno found");
+return NULL;
+}
+
+sch = g_malloc0(sizeof(*sch));
+sch->cssid = bus_id.cssid;
+sch->ssid = bus_id.ssid;
+sch->devno = devno;
+sch->schid = bus_id.devid;
+css_subch_assign(sch->cssid, sch->ssid, sch->schid, sch->devno, sch);
+return sch;
+}
+
 static int css_sch_get_chpids(SubchDev *sch, CssDevId *dev_id)
 {
 char *fid_path;
diff --git a/include/hw/s390x/css.h b/include/hw/s390x/css.h
index 648ea2f..c92f624 100644
--- a/include/hw/s390x/css.h
+++ b/include/hw/s390x/css.h
@@ -128,6 +128,7 @@ void subch_device_save(SubchDev *s, QEMUFile *f);
 int subch_device_load(SubchDev *s, QEMUFile *f);
 int css_create_css_image(uint8_t cssid, bool default_image);
 bool css_devno_used(uint8_t cssid, uint8_t ssid, uint16_t devno);
+bool css_schid_used(uint8_t cssid, uint8_t ssid, uint16_t schid);
 void css_subch_assign(uint8_t cssid, uint8_t ssid, uint16_t schid,
   uint16_t devno, SubchDev *sch);
 void css_sch_build_virtual_schib(SubchDev *sch, uint8_t chpid, uint8_t type);
@@ -189,4 +190,18 @@ bool css_present(uint8_t cssid);
  * is responsible for unregistering and freeing it.
  */
 SubchDev *css_create_virtual_sch(CssDevId bus_id, Error **errp);
+
+/**
+ * Create a subchannel for the given bus id.
+ *
+ * If @p bus_id is valid, verify that it is not already in use, and find
+ * a free devno for it.
+ * Allocate a subchannel structure, initialise it with the bus id,
+ * subchannel id and device number, register it with the CSS and return
+ * it. Otherwise return NULL.
+ *
+ * The caller becomes owner of the returned subchannel structure and
+ * is responsible for unregistering and freeing it.
+ */
+SubchDev *css_create_sch(CssDevId bus_id, Error **errp);
 #endif
-- 
2.8.4

[Qemu-devel] [PATCH RFC v2 10/12] s390x/css: introduce and realize ccw-request callback

[Dong Jia Shi]

From: Xiao Feng Ren 

Introduce a new callback on subchannel to handle ccw-request.
Realize the callback in vfio-ccw device. Besides, resort to
the event notifier handler to handling the ccw-request results.
1. Pread the I/O results via MMIO region.
2. Update the scsw info to guest.
3. Inject an I/O interrupt to notify guest the I/O result.

Signed-off-by: Xiao Feng Ren 
---
 hw/s390x/css.c |  4 +--
 hw/s390x/s390-ccw.h|  1 +
 hw/vfio/ccw.c  | 73 ++
 include/hw/s390x/css.h |  2 ++
 4 files changed, 78 insertions(+), 2 deletions(-)

diff --git a/hw/s390x/css.c b/hw/s390x/css.c
index 67fe468..c3a323e 100644
--- a/hw/s390x/css.c
+++ b/hw/s390x/css.c
@@ -238,7 +238,7 @@ uint16_t css_build_subchannel_id(SubchDev *sch)
 return css_do_build_subchannel_id(sch->cssid, sch->ssid);
 }
 
-static void css_inject_io_interrupt(SubchDev *sch)
+void css_inject_io_interrupt(SubchDev *sch)
 {
 uint8_t isc = (sch->curr_status.pmcw.flags & PMCW_FLAGS_MASK_ISC) >> 11;
 
@@ -644,7 +644,7 @@ static void copy_pmcw_to_guest(PMCW *dest, const PMCW *src)
 dest->chars = cpu_to_be32(src->chars);
 }
 
-static void copy_scsw_to_guest(SCSW *dest, const SCSW *src)
+void copy_scsw_to_guest(SCSW *dest, const SCSW *src)
 {
 dest->flags = cpu_to_be16(src->flags);
 dest->ctrl = cpu_to_be16(src->ctrl);
diff --git a/hw/s390x/s390-ccw.h b/hw/s390x/s390-ccw.h
index 1fa4a97..2d3a2b5 100644
--- a/hw/s390x/s390-ccw.h
+++ b/hw/s390x/s390-ccw.h
@@ -27,6 +27,7 @@ typedef struct S390CCWDevice {
 CcwDevice parent_obj;
 CssDevId hostid;
 char *mdevid;
+int (*handle_request) (ORB *, SCSW *, void *);
 } S390CCWDevice;
 
 typedef struct S390CCWDeviceClass {
diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c
index c6bfce7..34c719a 100644
--- a/hw/vfio/ccw.c
+++ b/hw/vfio/ccw.c
@@ -47,6 +47,36 @@ struct VFIODeviceOps vfio_ccw_ops = {
 .vfio_compute_needs_reset = vfio_ccw_compute_needs_reset,
 };
 
+static int vfio_ccw_handle_request(ORB *orb, SCSW *scsw, void *data)
+{
+S390CCWDevice *cdev = data;
+VFIOCCWDevice *vcdev = DO_UPCAST(VFIOCCWDevice, cdev, cdev);
+struct ccw_io_region *region = vcdev->io_region;
+int ret;
+
+QEMU_BUILD_BUG_ON(sizeof(region->orb_area) != sizeof(ORB));
+QEMU_BUILD_BUG_ON(sizeof(region->scsw_area) != sizeof(SCSW));
+QEMU_BUILD_BUG_ON(sizeof(region->irb_area) != sizeof(IRB));
+
+memset(region, 0, sizeof(*region));
+
+memcpy(region->orb_area, orb, sizeof(ORB));
+memcpy(region->scsw_area, scsw, sizeof(SCSW));
+
+again:
+ret = pwrite(vcdev->vdev.fd, region,
+ vcdev->io_region_size, vcdev->io_region_offset);
+if (ret != vcdev->io_region_size) {
+if (errno == EAGAIN) {
+goto again;
+}
+error_report("vfio-ccw: wirte I/O region failed with errno=%d",errno);
+return -errno;
+}
+
+return region->ret_code;
+}
+
 static void vfio_ccw_reset(DeviceState *dev)
 {
 CcwDevice *ccw_dev = DO_UPCAST(CcwDevice, parent_obj, dev);
@@ -59,10 +89,52 @@ static void vfio_ccw_reset(DeviceState *dev)
 static void vfio_ccw_io_notifier_handler(void *opaque)
 {
 VFIOCCWDevice *vcdev = opaque;
+struct ccw_io_region *region = vcdev->io_region;
+S390CCWDevice *cdev = S390_CCW_DEVICE(vcdev);
+CcwDevice *ccw_dev = CCW_DEVICE(cdev);
+SubchDev *sch = ccw_dev->sch;
+SCSW *s = >curr_status.scsw;
+IRB irb;
 
 if (!event_notifier_test_and_clear(>io_notifier)) {
 return;
 }
+
+if (pread(vcdev->vdev.fd, region,
+  vcdev->io_region_size, vcdev->io_region_offset) == -1) {
+switch (errno) {
+case ENODEV:
+/* Generate a deferred cc 3 condition. */
+s->flags |= SCSW_FLAGS_MASK_CC;
+s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
+s->ctrl |= (SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND);
+goto read_err;
+case EFAULT:
+/* memory problem, generate channel data check */
+s->ctrl &= ~SCSW_ACTL_START_PEND;
+s->cstat = SCSW_CSTAT_DATA_CHECK;
+s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
+s->ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
+SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
+goto read_err;
+default:
+/* error, generate channel program check */
+s->ctrl &= ~SCSW_ACTL_START_PEND;
+s->cstat = SCSW_CSTAT_PROG_CHECK;
+s->ctrl &= ~SCSW_CTRL_MASK_STCTL;
+s->ctrl |= SCSW_STCTL_PRIMARY | SCSW_STCTL_SECONDARY |
+SCSW_STCTL_ALERT | SCSW_STCTL_STATUS_PEND;
+goto read_err;
+}
+}
+
+memcpy(, region->irb_area, sizeof(IRB));
+
+/* Update control block via irb. */
+copy_scsw_to_guest(s, );
+
+read_err:
+css_inject_io_interrupt(sch);
 }
 
 static void vfio_ccw_register_io_notifier(VFIOCCWDevice 

[Qemu-devel] [PATCH RFC v2 00/12] basic channel IO passthrough infrastructure based on vfio

[Dong Jia Shi]

The patch series introduce a basic channel I/O passthrough
infrastructure based on vfio.
- Focus on supporting dasd-eckd(cu_type/dev_type = 0x3990/0x3390) as
  the target device. 
- Support new qemu parameters in the style of:
   "-machine s390-ccw-virtio(,s390-map-css=on|off) ... 
-device vfio-ccw,id=xx,hostid=xx(,guestid=xx),mdevid=xx".
  We want to support real (i.e. not virtual) channel devices even for
  guests that do not support MCSS-E (where guests may see devices from
  any channel subsystem image at once). As all virtio-ccw devices are in
  css 0xfe (and show up in the default css 0 for guests not activating
  MCSS-E), we need an option to map e.g. passed-through channel devices
  from their real css (0-3, or 0 for hosts not activating MCSS-E) into
  the default css, that is what the new machine option s390-map-css is
  added.

Build and install:
1. kernel configuration
  CONFIG_S390_CCW_IOMMU=m
  CONFIG_VFIO=m
  CONFIG_VFIO_MDEV=m
  CONFIG_VFIO_MDEV_DEVICE=m
  CONFIG_VFIO_CCW=m
2. modules required
  modprobe vfio.ko
  modprobe mdev.ko
  modprobe vfio_mdev.ko
  modprobe vfio_iommu_type1.ko
  modprobe vfio_ccw.ko
3. find a subchannel(0.0."%schid") of a DASD-ECKD device and bind it to
  vfio_ccw driver
  #find the dasd you can use with lsdasd on your host. e.g.:
  devno="7e52"
  schid="16ca"
  #unbind the ccw device from the subchannel
  echo 0.0."$devno" > /sys/bus/ccw/devices/0.0."$devno"/driver/unbind
  #unbind the subchannel from io_subchannel driver
  echo 0.0."$schid" > /sys/bus/css/devices/0.0."$schid"/driver/unbind
  #bind the subchannel with vfio_ccw driver
  echo 0.0."$schid" > /sys/bus/css/drivers/vfio_ccw/bind
4. create a mediated device
  #generate a uuid with uuidgen. e.g.:
  uuid="6dfd3ec5-e8b3-4e18-a6fe-57bc9eceb920"
  echo "$uuid" > \
  /sys/bus/css/devices/0.0."$schid"/mdev_supported_types/vfio_ccw-io/create
5. pass-through this device to a vm
  -M s390-ccw-virtio,s390-map-css=on \
  -device vfio-ccw,id=pass0, \
  hostid=0.0."$schid",guestid=0.0.1234, \
  mdevid="$uuid" \
  ... ...

Change log:

v1 -> v2:
1. Rebase the implementation to the mdev framework approach.
2. Use pread and pwrite on an I/O region to issue I/O requests and
   receive results.

Dong Jia Shi (4):
  update-linux-headers: add asm-s390/vfio_ccw.h
  s390x/css: realize css_create_sch
  vfio/ccw: get io region info
  vfio/ccw: update sense data if a unit check is pending

Xiao Feng Ren (8):
  vfio: linux-headers update for vfio-ccw
  s390x/css: add s390-map-css machine option
  s390x/css: realize css_sch_build_schib
  s390x/css: device support for s390-ccw passthrough
  vfio/ccw: vfio based subchannel passthrough driver
  vfio/ccw: get irqs info and set the eventfd fd
  s390x/css: introduce and realize ccw-request callback
  s390x/css: ccws translation infrastructure

 default-configs/s390x-softmmu.mak|   1 +
 hw/s390x/Makefile.objs   |   1 +
 hw/s390x/css-bridge.c|   3 +
 hw/s390x/css.c   | 283 -
 hw/s390x/s390-ccw.c  | 132 
 hw/s390x/s390-ccw.h  |  39 +++
 hw/s390x/s390-virtio-ccw.c   |  23 ++
 hw/s390x/virtio-ccw.c|   1 +
 hw/vfio/Makefile.objs|   1 +
 hw/vfio/ccw.c| 443 +++
 include/hw/s390x/css-bridge.h|   1 +
 include/hw/s390x/css.h   |  57 +++-
 include/hw/s390x/s390-virtio-ccw.h   |   1 +
 include/hw/vfio/vfio-common.h|   1 +
 include/standard-headers/asm-s390/vfio_ccw.h |  28 ++
 linux-headers/linux/vfio.h   |  17 +
 qemu-options.hx  |   6 +-
 scripts/update-linux-headers.sh  |   1 +
 target-s390x/cpu.h   |  10 +
 target-s390x/ioinst.c|   9 +
 20 files changed, 1029 insertions(+), 29 deletions(-)
 create mode 100644 hw/s390x/s390-ccw.c
 create mode 100644 hw/s390x/s390-ccw.h
 create mode 100644 hw/vfio/ccw.c
 create mode 100644 include/standard-headers/asm-s390/vfio_ccw.h

-- 
2.8.4

[Qemu-devel] [PATCH RFC v2 02/12] vfio: linux-headers update for vfio-ccw

[Dong Jia Shi]

From: Xiao Feng Ren 

This is a placeholder for a linux-headers update.

Signed-off-by: Xiao Feng Ren 
---
 include/standard-headers/asm-s390/vfio_ccw.h | 28 
 linux-headers/linux/vfio.h   | 17 +
 2 files changed, 45 insertions(+)
 create mode 100644 include/standard-headers/asm-s390/vfio_ccw.h

diff --git a/include/standard-headers/asm-s390/vfio_ccw.h 
b/include/standard-headers/asm-s390/vfio_ccw.h
new file mode 100644
index 000..cddc09b
--- /dev/null
+++ b/include/standard-headers/asm-s390/vfio_ccw.h
@@ -0,0 +1,28 @@
+/*
+ * Interfaces for vfio-ccw
+ *
+ * Copyright IBM Corp. 2017
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License (version 2 only)
+ * as published by the Free Software Foundation.
+ *
+ * Author(s): Dong Jia Shi 
+ */
+
+#ifndef _VFIO_CCW_H_
+#define _VFIO_CCW_H_
+
+#include "standard-headers/linux/types.h"
+
+struct ccw_io_region {
+#define ORB_AREA_SIZE 12
+   uint8_t  orb_area[ORB_AREA_SIZE];
+#define SCSW_AREA_SIZE 12
+   uint8_t  scsw_area[SCSW_AREA_SIZE];
+#define IRB_AREA_SIZE 96
+   uint8_t  irb_area[IRB_AREA_SIZE];
+   uint32_t ret_code;
+} QEMU_PACKED;
+
+#endif
diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h
index 759b850..b09d247 100644
--- a/linux-headers/linux/vfio.h
+++ b/linux-headers/linux/vfio.h
@@ -198,6 +198,7 @@ struct vfio_device_info {
 #define VFIO_DEVICE_FLAGS_PCI  (1 << 1)/* vfio-pci device */
 #define VFIO_DEVICE_FLAGS_PLATFORM (1 << 2)/* vfio-platform device */
 #define VFIO_DEVICE_FLAGS_AMBA  (1 << 3)   /* vfio-amba device */
+#define VFIO_DEVICE_FLAGS_CCW   (1 << 4)   /* vfio-ccw device */
__u32   num_regions;/* Max region index + 1 */
__u32   num_irqs;   /* Max IRQ index + 1 */
 };
@@ -436,6 +437,22 @@ enum {
VFIO_PCI_NUM_IRQS
 };
 
+/*
+ * The VFIO-CCW bus driver makes use of the following fixed region and
+ * IRQ index mapping.  Unimplemented regions return a size of zero.
+ * Unimplemented IRQ types return a count of zero.
+ */
+
+enum {
+VFIO_CCW_CONFIG_REGION_INDEX,
+VFIO_CCW_NUM_REGIONS
+};
+
+enum {
+VFIO_CCW_IO_IRQ_INDEX,
+VFIO_CCW_NUM_IRQS
+};
+
 /**
  * VFIO_DEVICE_GET_PCI_HOT_RESET_INFO - _IORW(VFIO_TYPE, VFIO_BASE + 12,
  *   struct vfio_pci_hot_reset_info)
-- 
2.8.4

[Qemu-devel] [PATCH RFC v2 04/12] s390x/css: realize css_sch_build_schib

[Dong Jia Shi]

From: Xiao Feng Ren 

The S390 virtual css support already has a mechanism to build virtual
Sub-Channel Information Block and provide virtual subchannels to the
guest. However, to pass-through subchannels to a guest, we need to
introduce a new mechanism to build its schib according to the real
device information. Thus we realize a new css_sch_build_schib function
to extract the path_masks, chpids, chpid type from sysfs. To reuse
the existing code, we refactor css_add_virtual_chpid to css_add_chpid.

Signed-off-by: Xiao Feng Ren 
Reviewed-by: Pierre Morel 
---
 hw/s390x/css.c | 152 -
 include/hw/s390x/css.h |  36 ++--
 2 files changed, 168 insertions(+), 20 deletions(-)

diff --git a/hw/s390x/css.c b/hw/s390x/css.c
index 0f2580d..8703bc3 100644
--- a/hw/s390x/css.c
+++ b/hw/s390x/css.c
@@ -13,6 +13,7 @@
 #include "qapi/error.h"
 #include "qapi/visitor.h"
 #include "hw/qdev.h"
+#include "qemu/error-report.h"
 #include "qemu/bitops.h"
 #include "exec/address-spaces.h"
 #include "cpu.h"
@@ -1278,7 +1279,8 @@ bool css_schid_final(int m, uint8_t cssid, uint8_t ssid, 
uint16_t schid)
  (MAX_SCHID + 1) / sizeof(unsigned long));
 }
 
-static int css_add_virtual_chpid(uint8_t cssid, uint8_t chpid, uint8_t type)
+static int css_add_chpid(uint8_t cssid, uint8_t chpid, uint8_t type,
+ bool is_virt)
 {
 CssImage *css;
 
@@ -1292,7 +1294,7 @@ static int css_add_virtual_chpid(uint8_t cssid, uint8_t 
chpid, uint8_t type)
 }
 css->chpids[chpid].in_use = 1;
 css->chpids[chpid].type = type;
-css->chpids[chpid].is_virtual = 1;
+css->chpids[chpid].is_virtual = is_virt;
 
 css_generate_chp_crws(cssid, chpid);
 
@@ -1316,7 +1318,7 @@ void css_sch_build_virtual_schib(SubchDev *sch, uint8_t 
chpid, uint8_t type)
 p->pam = 0x80;
 p->chpid[0] = chpid;
 if (!css->chpids[chpid].in_use) {
-css_add_virtual_chpid(sch->cssid, chpid, type);
+css_add_chpid(sch->cssid, chpid, type, true);
 }
 
 memset(s, 0, sizeof(SCSW));
@@ -1908,3 +1910,147 @@ SubchDev *css_create_virtual_sch(CssDevId bus_id, Error 
**errp)
 css_subch_assign(sch->cssid, sch->ssid, schid, sch->devno, sch);
 return sch;
 }
+
+static int css_sch_get_chpids(SubchDev *sch, CssDevId *dev_id)
+{
+char *fid_path;
+FILE *fd;
+uint32_t chpid[8];
+int i;
+PMCW *p = >curr_status.pmcw;
+
+fid_path = g_strdup_printf("/sys/bus/css/devices/%x.%x.%04x/chpids",
+   dev_id->cssid, dev_id->ssid, dev_id->devid);
+fd = fopen(fid_path, "r");
+if (fd == NULL) {
+error_report("%s: open %s failed", __func__, fid_path);
+g_free(fid_path);
+return -EINVAL;
+}
+
+if (fscanf(fd, "%x %x %x %x %x %x %x %x",
+[0], [1], [2], [3],
+[4], [5], [6], [7]) != 8) {
+fclose(fd);
+g_free(fid_path);
+return -EINVAL;
+}
+
+for (i = 0; i < ARRAY_SIZE(p->chpid); i++) {
+p->chpid[i] = chpid[i];
+}
+
+fclose(fd);
+g_free(fid_path);
+
+return 0;
+}
+
+static int css_sch_get_path_masks(SubchDev *sch, CssDevId *dev_id)
+{
+char *fid_path;
+FILE *fd;
+uint32_t pim, pam, pom;
+PMCW *p = >curr_status.pmcw;
+
+fid_path = g_strdup_printf("/sys/bus/css/devices/%x.%x.%04x/pimpampom",
+   dev_id->cssid, dev_id->ssid, dev_id->devid);
+fd = fopen(fid_path, "r");
+if (fd == NULL) {
+error_report("%s: open %s failed", __func__, fid_path);
+g_free(fid_path);
+return -EINVAL;
+}
+
+if (fscanf(fd, "%x %x %x", , , ) != 3) {
+fclose(fd);
+g_free(fid_path);
+return -EINVAL;
+}
+
+p->pim = pim;
+p->pam = pam;
+p->pom = pom;
+fclose(fd);
+g_free(fid_path);
+
+return 0;
+}
+
+static int css_sch_get_chpid_type(uint8_t chpid, uint32_t *type, CssDevId 
*dev_id)
+{
+char *fid_path;
+FILE *fd;
+
+fid_path = g_strdup_printf("/sys/devices/css%x/chp0.%02x/type",
+   dev_id->cssid, chpid);
+fd = fopen(fid_path, "r");
+if (fd == NULL) {
+error_report("%s: open %s failed", __func__, fid_path);
+g_free(fid_path);
+return -EINVAL;
+}
+
+if (fscanf(fd, "%x", type) != 1) {
+fclose(fd);
+g_free(fid_path);
+return -EINVAL;
+}
+
+fclose(fd);
+g_free(fid_path);
+
+return 0;
+}
+
+/*
+ * We currently retrieve the real device information from sysfs to build the
+ * guest subchannel information block without considering the migration 
feature.
+ * If migrate, it won't be sure to use the real device information directly,
+ * this point will be handled in the future.
+ */
+int css_sch_build_schib(SubchDev *sch, CssDevId *dev_id)
+{
+CssImage *css = 

[Qemu-devel] [PATCH RFC v2 07/12] vfio/ccw: vfio based subchannel passthrough driver

[Dong Jia Shi]

From: Xiao Feng Ren 

We use the IOMMU_TYPE1 of VFIO to realize the subchannels
passthrough, implement a vfio based subchannels passthrough
driver called "vfio-ccw".

Support qemu parameters in the style of:
"-device vfio-ccw,id=xx,hostid=xx(,guestid=xx),mdevid=xx"

Signed-off-by: Xiao Feng Ren 
---
 default-configs/s390x-softmmu.mak |   1 +
 hw/s390x/s390-ccw.h   |   1 +
 hw/vfio/Makefile.objs |   1 +
 hw/vfio/ccw.c | 209 ++
 include/hw/vfio/vfio-common.h |   1 +
 5 files changed, 213 insertions(+)
 create mode 100644 hw/vfio/ccw.c

diff --git a/default-configs/s390x-softmmu.mak 
b/default-configs/s390x-softmmu.mak
index 36e15de..5576b0a 100644
--- a/default-configs/s390x-softmmu.mak
+++ b/default-configs/s390x-softmmu.mak
@@ -4,4 +4,5 @@ CONFIG_VIRTIO=y
 CONFIG_SCLPCONSOLE=y
 CONFIG_S390_FLIC=y
 CONFIG_S390_FLIC_KVM=$(CONFIG_KVM)
+CONFIG_VFIO_CCW=$(CONFIG_LINUX)
 CONFIG_WDT_DIAG288=y
diff --git a/hw/s390x/s390-ccw.h b/hw/s390x/s390-ccw.h
index 9ced8cb..1fa4a97 100644
--- a/hw/s390x/s390-ccw.h
+++ b/hw/s390x/s390-ccw.h
@@ -26,6 +26,7 @@
 typedef struct S390CCWDevice {
 CcwDevice parent_obj;
 CssDevId hostid;
+char *mdevid;
 } S390CCWDevice;
 
 typedef struct S390CCWDeviceClass {
diff --git a/hw/vfio/Makefile.objs b/hw/vfio/Makefile.objs
index c25e32b..4c3a462 100644
--- a/hw/vfio/Makefile.objs
+++ b/hw/vfio/Makefile.objs
@@ -1,6 +1,7 @@
 ifeq ($(CONFIG_LINUX), y)
 obj-$(CONFIG_SOFTMMU) += common.o
 obj-$(CONFIG_PCI) += pci.o pci-quirks.o
+obj-$(CONFIG_VFIO_CCW) += ccw.o
 obj-$(CONFIG_SOFTMMU) += platform.o
 obj-$(CONFIG_SOFTMMU) += calxeda-xgmac.o
 obj-$(CONFIG_SOFTMMU) += amd-xgbe.o
diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c
new file mode 100644
index 000..881010b
--- /dev/null
+++ b/hw/vfio/ccw.c
@@ -0,0 +1,209 @@
+/*
+ * vfio based subchannel assignment support
+ *
+ * Copyright 2017 IBM Corp.
+ * Author(s): Dong Jia Shi 
+ *Xiao Feng Ren 
+ *Pierre Morel 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or(at
+ * your option) any version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#include 
+#include 
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "hw/sysbus.h"
+#include "hw/vfio/vfio.h"
+#include "hw/vfio/vfio-common.h"
+#include "hw/s390x/s390-ccw.h"
+#include "hw/s390x/ccw-device.h"
+
+#define TYPE_VFIO_CCW "vfio-ccw"
+typedef struct VFIOCCWDevice {
+S390CCWDevice cdev;
+VFIODevice vdev;
+} VFIOCCWDevice;
+
+static void vfio_ccw_compute_needs_reset(VFIODevice *vdev)
+{
+vdev->needs_reset = false;
+}
+
+/*
+ * We don't need vfio_hot_reset_multi and vfio_eoi operationis for
+ * vfio_ccw device now.
+ */
+struct VFIODeviceOps vfio_ccw_ops = {
+.vfio_compute_needs_reset = vfio_ccw_compute_needs_reset,
+};
+
+static void vfio_ccw_reset(DeviceState *dev)
+{
+CcwDevice *ccw_dev = DO_UPCAST(CcwDevice, parent_obj, dev);
+S390CCWDevice *cdev = DO_UPCAST(S390CCWDevice, parent_obj, ccw_dev);
+VFIOCCWDevice *vcdev = DO_UPCAST(VFIOCCWDevice, cdev, cdev);
+
+ioctl(vcdev->vdev.fd, VFIO_DEVICE_RESET);
+}
+
+static void vfio_put_device(VFIOCCWDevice *vcdev)
+{
+g_free(vcdev->vdev.name);
+vfio_put_base_device(>vdev);
+}
+
+static VFIOGroup *vfio_ccw_get_group(S390CCWDevice *cdev, char **path,
+ Error **errp)
+{
+struct stat st;
+int groupid;
+GError *gerror = NULL;
+
+/* Check that host subchannel exists. */
+path[0] = g_strdup_printf("/sys/bus/css/devices/%x.%x.%04x",
+  cdev->hostid.cssid,
+  cdev->hostid.ssid,
+  cdev->hostid.devid);
+if (stat(path[0], ) < 0) {
+error_setg(errp, "vfio: no such host subchannel %s", path[0]);
+return NULL;
+}
+
+/* Check that mediated device exists. */
+path[1] = g_strdup_printf("%s/%s", path[0], cdev->mdevid);
+if (stat(path[0], ) < 0) {
+error_setg(errp, "vfio: no such mediated device %s", path[1]);
+return NULL;
+}
+
+/* Get the iommu_group patch as the interim variable. */
+path[2] = g_strconcat(path[1], "/iommu_group", NULL);
+
+/* Get the link file path of the device iommu_group. */
+path[3] = g_file_read_link(path[2], );
+if (!path[3]) {
+error_setg(errp, "vfio: error no iommu_group for subchannel");
+return NULL;
+}
+
+/* Get the device groupid. */
+if (sscanf(basename(path[3]), "%d", ) != 1) {
+error_setg(errp, "vfio: error reading %s:%m", path[3]);
+return NULL;
+}
+
+return vfio_get_group(groupid, _space_memory, errp);
+}
+
+static void vfio_ccw_put_group(VFIOGroup *group, char **path)
+{
+g_free(path);
+vfio_put_group(group);
+}
+
+static void 

[Qemu-devel] [PATCH RFC v2 15/15] vfio: ccw: introduce support for ccw0

[Dong Jia Shi]

Although Linux does not use format-0 channel command words (CCW0)
these are a non-optional part of the platform spec, and for the sake
of platform compliance, and possibly some non-Linux guests, we have
to support CCW0.

Making the kernel execute a format 0 channel program is too much hassle
because we would need to allocate and use memory which can be addressed
by 24 bit physical addresses (because of CCW0.cda). So we implement CCW0
support by translating the channel program into an equivalent CCW1
program instead.

Signed-off-by: Kai Yue Wang 
Signed-off-by: Dong Jia Shi 
---
 arch/s390/Kconfig  |  7 +
 drivers/s390/cio/vfio_ccw_cp.c | 58 --
 2 files changed, 63 insertions(+), 2 deletions(-)

diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index 32008b8..f25d077 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -680,6 +680,13 @@ config VFIO_CCW
  To compile this driver as a module, choose M here: the
  module will be called vfio_ccw.
 
+config VFIO_CCW_CCW0
+   def_bool n
+   prompt "Support for CCW0 translation"
+   depends on VFIO_CCW
+   help
+ Enable translation for CCW0 programs for VFIO-CCW subchannels.
+
 endmenu
 
 menu "Dump support"
diff --git a/drivers/s390/cio/vfio_ccw_cp.c b/drivers/s390/cio/vfio_ccw_cp.c
index b81aff3..ee2c332 100644
--- a/drivers/s390/cio/vfio_ccw_cp.c
+++ b/drivers/s390/cio/vfio_ccw_cp.c
@@ -19,6 +19,26 @@
 
 #include "vfio_ccw_cp.h"
 
+#ifdef CONFIG_VFIO_CCW_CCW0
+/**
+ * struct ccw0 - channel command word
+ * @cmd_code: command code
+ * @cda: data address
+ * @flags: flags, like IDA addressing, etc.
+ * @reserved: will be ignored
+ * @count: byte count
+ *
+ * The format-0 ccw structure.
+ */
+struct ccw0 {
+   __u8 cmd_code;
+   __u32 cda : 24;
+   __u8  flags;
+   __u8  reserved;
+   __u16 count;
+} __packed __aligned(8);
+#endif
+
 /*
  * Max length for ccw chain.
  * XXX: Limit to 256, need to check more?
@@ -247,12 +267,42 @@ static long copy_from_iova(struct device *mdev,
return l;
 }
 
+#ifdef CONFIG_VFIO_CCW_CCW0
+static long copy_ccw_from_iova(struct ccwprogram *cp,
+  struct ccw1 *to, u64 iova,
+  unsigned long len)
+{
+   struct ccw0 ccw0;
+   struct ccw1 *pccw1;
+   int ret;
+   int i;
+
+   ret = copy_from_iova(cp->mdev, to, iova, len * sizeof(struct ccw1));
+   if (ret)
+   return ret;
+
+   if (!cp->orb.cmd.fmt) {
+   pccw1 = to;
+   for (i = 0; i < len; i++) {
+   ccw0 = *(struct ccw0 *)pccw1;
+   pccw1->cmd_code = ccw0.cmd_code;
+   pccw1->flags = ccw0.flags;
+   pccw1->count = ccw0.count;
+   pccw1->cda = ccw0.cda;
+   pccw1++;
+   }
+   }
+
+   return ret;
+}
+#else
 static long copy_ccw_from_iova(struct ccwprogram *cp,
   struct ccw1 *to, u64 iova,
   unsigned long len)
 {
return copy_from_iova(cp->mdev, to, iova, len * sizeof(struct ccw1));
 }
+#endif
 
 /*
  * Helpers to operate ccwchain.
@@ -619,10 +669,14 @@ int cp_init(struct ccwprogram *cp, struct device *mdev, 
union orb *orb)
 * Only support prefetch enable mode now.
 * Only support 64bit addressing idal.
 * Only support 4k IDAW.
-* Only support ccw1.
 */
-   if (!orb->cmd.pfch || !orb->cmd.c64 || orb->cmd.i2k || !orb->cmd.fmt)
+   if (!orb->cmd.pfch || !orb->cmd.c64 || orb->cmd.i2k)
+   return -EOPNOTSUPP;
+
+#ifndef CONFIG_VFIO_CCW_CCW0
+   if (!orb->cmd.fmt)
return -EOPNOTSUPP;
+#endif
 
INIT_LIST_HEAD(>ccwchain_list);
memcpy(>orb, orb, sizeof(*orb));
-- 
2.8.4

[Qemu-devel] [PATCH RFC v2 14/15] docs: add documentation for vfio-ccw

[Dong Jia Shi]

Add file Documentation/s390/vfio-ccw.txt that includes details
of vfio-ccw.

Signed-off-by: Dong Jia Shi 
Acked-by: Pierre Morel 
---
 Documentation/s390/00-INDEX |   2 +
 Documentation/s390/vfio-ccw.txt | 303 
 2 files changed, 305 insertions(+)
 create mode 100644 Documentation/s390/vfio-ccw.txt

diff --git a/Documentation/s390/00-INDEX b/Documentation/s390/00-INDEX
index 9189535..317f037 100644
--- a/Documentation/s390/00-INDEX
+++ b/Documentation/s390/00-INDEX
@@ -22,5 +22,7 @@ qeth.txt
- HiperSockets Bridge Port Support.
 s390dbf.txt
- information on using the s390 debug feature.
+vfio-ccw.txt
+ information on the vfio-ccw I/O subchannel driver.
 zfcpdump.txt
- information on the s390 SCSI dump tool.
diff --git a/Documentation/s390/vfio-ccw.txt b/Documentation/s390/vfio-ccw.txt
new file mode 100644
index 000..ace169b
--- /dev/null
+++ b/Documentation/s390/vfio-ccw.txt
@@ -0,0 +1,303 @@
+vfio-ccw: the basic infrastructure
+==
+
+Introduction
+
+
+Here we describe the vfio support for I/O subchannel devices for
+Linux/s390. Motivation for vfio-ccw is to passthrough subchannels to a
+virtual machine, while vfio is the means.
+
+Different than other hardware architectures, s390 has defined a unified
+I/O access method, which is so called Channel I/O. It has its own access
+patterns:
+- Channel programs run asynchronously on a separate (co)processor.
+- The channel subsystem will access any memory designated by the caller
+  in the channel program directly, i.e. there is no iommu involved.
+Thus when we introduce vfio support for these devices, we realize it
+with a mediated device (mdev) implementation. The vfio mdev will be
+added to an iommu group, so as to make itself able to be managed by the
+vfio framework. And we add read/write callbacks for special vfio I/O
+regions to pass the channel programs from the mdev to its parent device
+(the real I/O subchannel device) to do further address translation and
+to perform I/O instructions.
+
+This document does not intend to explain the s390 I/O architecture in
+every detail. More information/reference could be found here:
+- A good start to know Channel I/O in general:
+  https://en.wikipedia.org/wiki/Channel_I/O
+- s390 architecture:
+  s390 Principles of Operation manual (IBM Form. No. SA22-7832)
+- The existing Qemu code which implements a simple emulated channel
+  subsystem could also be a good reference. It makes it easier to follow
+  the flow.
+  qemu/hw/s390x/css.c
+
+For vfio mediated device framework:
+- Documentation/vfio-mediated-device.txt
+
+Motivation of vfio-ccw
+--
+
+Currently, a guest virtualized via qemu/kvm on s390 only sees
+paravirtualized virtio devices via the "Virtio Over Channel I/O
+(virtio-ccw)" transport. This makes virtio devices discoverable via
+standard operating system algorithms for handling channel devices.
+
+However this is not enough. On s390 for the majority of devices, which
+use the standard Channel I/O based mechanism, we also need to provide
+the functionality of passing through them to a Qemu virtual machine.
+This includes devices that don't have a virtio counterpart (e.g. tape
+drives) or that have specific characteristics which guests want to
+exploit.
+
+For passing a device to a guest, we want to use the same interface as
+everybody else, namely vfio. Thus, we would like to introduce vfio
+support for channel devices. And we would like to name this new vfio
+device "vfio-ccw".
+
+Access patterns of CCW devices
+--
+
+s390 architecture has implemented a so called channel subsystem, that
+provides a unified view of the devices physically attached to the
+systems. Though the s390 hardware platform knows about a huge variety of
+different peripheral attachments like disk devices (aka. DASDs), tapes,
+communication controllers, etc. They can all be accessed by a well
+defined access method and they are presenting I/O completion a unified
+way: I/O interruptions.
+
+All I/O requires the use of channel command words (CCWs). A CCW is an
+instruction to a specialized I/O channel processor. A channel program is
+a sequence of CCWs which are executed by the I/O channel subsystem.  To
+issue a CCW program to the channel subsystem, it is required to build an
+operation request block (ORB), which can be used to point out the format
+of the CCW and other control information to the system. The operating
+system signals the I/O channel subsystem to begin executing the channel
+program with a SSCH (start sub-channel) instruction. The central
+processor is then free to proceed with non-I/O instructions until
+interrupted. The I/O completion result is received by the interrupt
+handler in the form of interrupt response block (IRB).
+
+Back to vfio-ccw, in short:
+- ORBs and CCW programs are built in 

[Qemu-devel] [PATCH RFC v2 07/15] vfio: ccw: introduce ccw_io_region

[Dong Jia Shi]

To provide user-space a set of interfaces to:
1. pass in a ccw program to perform an I/O operation.
2. read back I/O results of the completed I/O operations.
We introduce an MMIO region for the vfio-ccw device here.

This region is defined to content:
1. areas to store arguments that an ssch required.
2. areas to store the I/O results.

Using pwrite/pread to the device on this region, a user-space program
could write/read data to/from the vfio-ccw device.

Signed-off-by: Dong Jia Shi 
Reviewed-by: Pierre Morel 
---
 arch/s390/include/uapi/asm/Kbuild |  1 +
 arch/s390/include/uapi/asm/vfio_ccw.h | 28 +
 drivers/s390/cio/vfio_ccw_ops.c   | 47 +++
 drivers/s390/cio/vfio_ccw_private.h   |  4 +++
 4 files changed, 80 insertions(+)
 create mode 100644 arch/s390/include/uapi/asm/vfio_ccw.h

diff --git a/arch/s390/include/uapi/asm/Kbuild 
b/arch/s390/include/uapi/asm/Kbuild
index bf736e7..fdb9529 100644
--- a/arch/s390/include/uapi/asm/Kbuild
+++ b/arch/s390/include/uapi/asm/Kbuild
@@ -52,3 +52,4 @@ header-y += unistd.h
 header-y += virtio-ccw.h
 header-y += vtoc.h
 header-y += zcrypt.h
+header-y += vfio_ccw.h
diff --git a/arch/s390/include/uapi/asm/vfio_ccw.h 
b/arch/s390/include/uapi/asm/vfio_ccw.h
new file mode 100644
index 000..4ee74ae
--- /dev/null
+++ b/arch/s390/include/uapi/asm/vfio_ccw.h
@@ -0,0 +1,28 @@
+/*
+ * Interfaces for vfio-ccw
+ *
+ * Copyright IBM Corp. 2017
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License (version 2 only)
+ * as published by the Free Software Foundation.
+ *
+ * Author(s): Dong Jia Shi 
+ */
+
+#ifndef _VFIO_CCW_H_
+#define _VFIO_CCW_H_
+
+#include 
+
+struct ccw_io_region {
+#define ORB_AREA_SIZE 12
+   __u8orb_area[ORB_AREA_SIZE];
+#define SCSW_AREA_SIZE 12
+   __u8scsw_area[SCSW_AREA_SIZE];
+#define IRB_AREA_SIZE 96
+   __u8irb_area[IRB_AREA_SIZE];
+   __u32   ret_code;
+} __packed;
+
+#endif
diff --git a/drivers/s390/cio/vfio_ccw_ops.c b/drivers/s390/cio/vfio_ccw_ops.c
index 6031a10..d68a296 100644
--- a/drivers/s390/cio/vfio_ccw_ops.c
+++ b/drivers/s390/cio/vfio_ccw_ops.c
@@ -129,6 +129,51 @@ void vfio_ccw_mdev_release(struct mdev_device *mdev)
vfio_unregister_notifier(>dev, VFIO_IOMMU_NOTIFY, >nb);
 }
 
+static ssize_t vfio_ccw_mdev_read(struct mdev_device *mdev,
+ char __user *buf,
+ size_t count,
+ loff_t *ppos)
+{
+   struct vfio_ccw_private *private;
+   struct ccw_io_region *region;
+
+   if (*ppos + count > sizeof(*region))
+   return -EINVAL;
+
+   private = dev_get_drvdata(mdev->dev.parent);
+   if (!private)
+   return -ENODEV;
+
+   region = >io_region;
+   if (copy_to_user(buf, (void *)region + *ppos, count))
+   return -EFAULT;
+
+   return count;
+}
+
+static ssize_t vfio_ccw_mdev_write(struct mdev_device *mdev,
+  const char __user *buf,
+  size_t count,
+  loff_t *ppos)
+{
+   struct vfio_ccw_private *private;
+   struct ccw_io_region *region;
+
+   if (*ppos + count > sizeof(*region))
+   return -EINVAL;
+
+   private = dev_get_drvdata(mdev->dev.parent);
+   if (!private)
+   return -ENODEV;
+
+   region = >io_region;
+   if (copy_from_user((void *)region + *ppos, buf, count))
+   return -EFAULT;
+   region->ret_code = 0;
+
+   return count;
+}
+
 static const struct parent_ops vfio_ccw_mdev_ops = {
.owner  = THIS_MODULE,
.supported_type_groups  = mdev_type_groups,
@@ -136,6 +181,8 @@ static const struct parent_ops vfio_ccw_mdev_ops = {
.remove = vfio_ccw_mdev_remove,
.open   = vfio_ccw_mdev_open,
.release= vfio_ccw_mdev_release,
+   .read   = vfio_ccw_mdev_read,
+   .write  = vfio_ccw_mdev_write,
 };
 
 int vfio_ccw_mdev_reg(struct subchannel *sch)
diff --git a/drivers/s390/cio/vfio_ccw_private.h 
b/drivers/s390/cio/vfio_ccw_private.h
index 4cd6657..99265a9 100644
--- a/drivers/s390/cio/vfio_ccw_private.h
+++ b/drivers/s390/cio/vfio_ccw_private.h
@@ -14,6 +14,8 @@
 #ifndef _VFIO_CCW_PRIVATE_H_
 #define _VFIO_CCW_PRIVATE_H_
 
+#include 
+
 #include "css.h"
 
 /**
@@ -22,12 +24,14 @@
  * @completion: synchronization helper of the I/O completion
  * @mdev: pointor to the mediated device
  * @nb: notifier for vfio events
+ * @io_region: MMIO region to input/output I/O arguments/results
  */
 struct vfio_ccw_private {
struct subchannel   *sch;
struct completion   *completion;
struct mdev_device   

[Qemu-devel] [PATCH RFC v2 13/15] vfio: ccw: introduce a finite state machine

[Dong Jia Shi]

The current implementation doesn't check if the subchannel is in a
proper device state when handling an event. Let's introduce
a finite state machine to manage the state/event change.

Signed-off-by: Dong Jia Shi 
---
 drivers/s390/cio/Makefile   |   2 +-
 drivers/s390/cio/vfio_ccw_drv.c | 116 +++-
 drivers/s390/cio/vfio_ccw_fsm.c | 210 
 drivers/s390/cio/vfio_ccw_ops.c |  28 -
 drivers/s390/cio/vfio_ccw_private.h |  41 ++-
 5 files changed, 290 insertions(+), 107 deletions(-)
 create mode 100644 drivers/s390/cio/vfio_ccw_fsm.c

diff --git a/drivers/s390/cio/Makefile b/drivers/s390/cio/Makefile
index b0586b2..bdf4752 100644
--- a/drivers/s390/cio/Makefile
+++ b/drivers/s390/cio/Makefile
@@ -18,5 +18,5 @@ obj-$(CONFIG_CCWGROUP) += ccwgroup.o
 qdio-objs := qdio_main.o qdio_thinint.o qdio_debug.o qdio_setup.o
 obj-$(CONFIG_QDIO) += qdio.o
 
-vfio_ccw-objs += vfio_ccw_drv.o vfio_ccw_cp.o vfio_ccw_ops.o
+vfio_ccw-objs += vfio_ccw_drv.o vfio_ccw_cp.o vfio_ccw_ops.o vfio_ccw_fsm.o
 obj-$(CONFIG_VFIO_CCW) += vfio_ccw.o
diff --git a/drivers/s390/cio/vfio_ccw_drv.c b/drivers/s390/cio/vfio_ccw_drv.c
index 56af313..a966e5f 100644
--- a/drivers/s390/cio/vfio_ccw_drv.c
+++ b/drivers/s390/cio/vfio_ccw_drv.c
@@ -64,54 +64,12 @@ int vfio_ccw_sch_quiesce(struct subchannel *sch)
 
ret = cio_disable_subchannel(sch);
} while (ret == -EBUSY);
-
 out_unlock:
+   private->state = VFIO_CCW_STATE_NOT_OPER;
spin_unlock_irq(sch->lock);
return ret;
 }
 
-static int vfio_ccw_sch_io_helper(struct vfio_ccw_private *private)
-{
-   struct subchannel *sch;
-   union orb *orb;
-   int ccode;
-   __u8 lpm;
-
-   sch = private->sch;
-
-   orb = cp_get_orb(>cp, (u32)(addr_t)sch, sch->lpm);
-
-   /* Issue "Start Subchannel" */
-   ccode = ssch(sch->schid, orb);
-
-   switch (ccode) {
-   case 0:
-   /*
-* Initialize device status information
-*/
-   sch->schib.scsw.cmd.actl |= SCSW_ACTL_START_PEND;
-   return 0;
-   case 1: /* Status pending */
-   case 2: /* Busy */
-   return -EBUSY;
-   case 3: /* Device/path not operational */
-   {
-   lpm = orb->cmd.lpm;
-   if (lpm != 0)
-   sch->lpm &= ~lpm;
-   else
-   sch->lpm = 0;
-
-   if (cio_update_schib(sch))
-   return -ENODEV;
-
-   return sch->lpm ? -EACCES : -ENODEV;
-   }
-   default:
-   return ccode;
-   }
-}
-
 static void vfio_ccw_sch_io_todo(struct work_struct *work)
 {
struct vfio_ccw_private *private;
@@ -130,47 +88,9 @@ static void vfio_ccw_sch_io_todo(struct work_struct *work)
 
if (private->io_trigger)
eventfd_signal(private->io_trigger, 1);
-}
-
-/* Deal with the ccw command request from the userspace. */
-int vfio_ccw_sch_cmd_request(struct vfio_ccw_private *private)
-{
-   struct mdev_device *mdev = private->mdev;
-   union orb *orb;
-   union scsw *scsw = >scsw;
-   struct ccw_io_region *io_region = >io_region;
-   int ret;
-
-   memcpy(scsw, io_region->scsw_area, sizeof(*scsw));
-
-   if (scsw->cmd.fctl & SCSW_FCTL_START_FUNC) {
-   orb = (union orb *)io_region->orb_area;
-
-   ret = cp_init(>cp, >dev, orb);
-   if (ret)
-   return ret;
-
-   ret = cp_prefetch(>cp);
-   if (ret) {
-   cp_free(>cp);
-   return ret;
-   }
-
-   /* Start channel program and wait for I/O interrupt. */
-   ret = vfio_ccw_sch_io_helper(private);
-   if (!ret)
-   cp_free(>cp);
-   } else if (scsw->cmd.fctl & SCSW_FCTL_HALT_FUNC) {
-   /* XXX: Handle halt. */
-   ret = -EOPNOTSUPP;
-   } else if (scsw->cmd.fctl & SCSW_FCTL_CLEAR_FUNC) {
-   /* XXX: Handle clear. */
-   ret = -EOPNOTSUPP;
-   } else {
-   ret = -EOPNOTSUPP;
-   }
 
-   return ret;
+   if (private->mdev)
+   private->state = VFIO_CCW_STATE_IDLE;
 }
 
 /*
@@ -227,20 +147,9 @@ static struct attribute_group vfio_subchannel_attr_group = 
{
 static void vfio_ccw_sch_irq(struct subchannel *sch)
 {
struct vfio_ccw_private *private = dev_get_drvdata(>dev);
-   struct irb *irb;
 
inc_irq_stat(IRQIO_CIO);
-
-   if (!private)
-   return;
-
-   irb = this_cpu_ptr(_irb);
-   memcpy(>irb, irb, sizeof(*irb));
-
-   queue_work(vfio_ccw_work_q, >io_work);
-
-   if (private->completion)
-   complete(private->completion);
+   vfio_ccw_fsm_event(private, VFIO_CCW_EVENT_INTERRUPT);
 }
 
 static int 

[Qemu-devel] [PATCH RFC v2 01/12] update-linux-headers: add asm-s390/vfio_ccw.h

[Dong Jia Shi]

Add asm-s390/vfio_ccw.h as a new standard header.

Signed-off-by: Dong Jia Shi 
---
 scripts/update-linux-headers.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh
index 08c4c4a..67320be 100755
--- a/scripts/update-linux-headers.sh
+++ b/scripts/update-linux-headers.sh
@@ -91,6 +91,7 @@ for arch in $ARCHLIST; do
 if [ $arch = s390 ]; then
 cp_portable "$tmpdir/include/asm/kvm_virtio.h" 
"$output/include/standard-headers/asm-s390/"
 cp_portable "$tmpdir/include/asm/virtio-ccw.h" 
"$output/include/standard-headers/asm-s390/"
+cp_portable "$tmpdir/include/asm/vfio_ccw.h" 
"$output/include/standard-headers/asm-s390/"
 fi
 if [ $arch = x86 ]; then
 cp_portable "$tmpdir/include/asm/hyperv.h" 
"$output/include/standard-headers/asm-x86/"
-- 
2.8.4

[Qemu-devel] [PATCH RFC v2 12/15] vfio: ccw: return I/O results asynchronously

[Dong Jia Shi]

Introduce a singlethreaded workqueue to handle the I/O interrupts.
With the work added to this queue, we store the I/O results to the
io_region of the subchannel, then signal the userspace program to
handle the results.

Signed-off-by: Dong Jia Shi 
---
 drivers/s390/cio/vfio_ccw_drv.c | 58 ++---
 drivers/s390/cio/vfio_ccw_ops.c |  3 --
 drivers/s390/cio/vfio_ccw_private.h |  7 ++---
 3 files changed, 37 insertions(+), 31 deletions(-)

diff --git a/drivers/s390/cio/vfio_ccw_drv.c b/drivers/s390/cio/vfio_ccw_drv.c
index 595dcb4..56af313 100644
--- a/drivers/s390/cio/vfio_ccw_drv.c
+++ b/drivers/s390/cio/vfio_ccw_drv.c
@@ -24,6 +24,8 @@
 #include "css.h"
 #include "vfio_ccw_private.h"
 
+struct workqueue_struct *vfio_ccw_work_q;
+
 /*
  * Helpers
  */
@@ -56,6 +58,7 @@ int vfio_ccw_sch_quiesce(struct subchannel *sch)
 
spin_lock_irq(sch->lock);
private->completion = NULL;
+   flush_workqueue(vfio_ccw_work_q);
ret = cio_cancel_halt_clear(sch, );
};
 
@@ -67,18 +70,12 @@ int vfio_ccw_sch_quiesce(struct subchannel *sch)
return ret;
 }
 
-static int doing_io(struct vfio_ccw_private *private, u32 intparm)
-{
-   return (private->intparm == intparm);
-}
-
 static int vfio_ccw_sch_io_helper(struct vfio_ccw_private *private)
 {
struct subchannel *sch;
union orb *orb;
int ccode;
__u8 lpm;
-   u32 intparm;
 
sch = private->sch;
 
@@ -93,7 +90,7 @@ static int vfio_ccw_sch_io_helper(struct vfio_ccw_private 
*private)
 * Initialize device status information
 */
sch->schib.scsw.cmd.actl |= SCSW_ACTL_START_PEND;
-   break;
+   return 0;
case 1: /* Status pending */
case 2: /* Busy */
return -EBUSY;
@@ -113,15 +110,26 @@ static int vfio_ccw_sch_io_helper(struct vfio_ccw_private 
*private)
default:
return ccode;
}
+}
 
-   intparm = (u32)(addr_t)sch;
-   private->intparm = 0;
-   wait_event(private->wait_q, doing_io(private, intparm));
+static void vfio_ccw_sch_io_todo(struct work_struct *work)
+{
+   struct vfio_ccw_private *private;
+   struct subchannel *sch;
+   struct irb *irb;
 
-   if (scsw_is_solicited(>irb.scsw))
-   cp_update_scsw(>cp, >irb.scsw);
+   private = container_of(work, struct vfio_ccw_private, io_work);
+   irb = >irb;
+   sch = private->sch;
 
-   return 0;
+   if (scsw_is_solicited(>scsw)) {
+   cp_update_scsw(>cp, >scsw);
+   cp_free(>cp);
+   }
+   memcpy(private->io_region.irb_area, irb, sizeof(*irb));
+
+   if (private->io_trigger)
+   eventfd_signal(private->io_trigger, 1);
 }
 
 /* Deal with the ccw command request from the userspace. */
@@ -130,7 +138,6 @@ int vfio_ccw_sch_cmd_request(struct vfio_ccw_private 
*private)
struct mdev_device *mdev = private->mdev;
union orb *orb;
union scsw *scsw = >scsw;
-   struct irb *irb = >irb;
struct ccw_io_region *io_region = >io_region;
int ret;
 
@@ -151,12 +158,8 @@ int vfio_ccw_sch_cmd_request(struct vfio_ccw_private 
*private)
 
/* Start channel program and wait for I/O interrupt. */
ret = vfio_ccw_sch_io_helper(private);
-   if (!ret) {
-   /* Get irb info and copy it to irb_area. */
-   memcpy(io_region->irb_area, irb, sizeof(*irb));
-   }
-
-   cp_free(>cp);
+   if (!ret)
+   cp_free(>cp);
} else if (scsw->cmd.fctl & SCSW_FCTL_HALT_FUNC) {
/* XXX: Handle halt. */
ret = -EOPNOTSUPP;
@@ -233,8 +236,8 @@ static void vfio_ccw_sch_irq(struct subchannel *sch)
 
irb = this_cpu_ptr(_irb);
memcpy(>irb, irb, sizeof(*irb));
-   private->intparm = (u32)(addr_t)sch;
-   wake_up(>wait_q);
+
+   queue_work(vfio_ccw_work_q, >io_work);
 
if (private->completion)
complete(private->completion);
@@ -273,7 +276,7 @@ static int vfio_ccw_sch_probe(struct subchannel *sch)
if (ret)
goto out_rm_group;
 
-   init_waitqueue_head(>wait_q);
+   INIT_WORK(>io_work, vfio_ccw_sch_io_todo);
 
return 0;
 
@@ -370,10 +373,16 @@ static int __init vfio_ccw_sch_init(void)
 {
int ret;
 
+   vfio_ccw_work_q = create_singlethread_workqueue("vfio-ccw");
+   if (!vfio_ccw_work_q)
+   return -ENOMEM;
+
isc_register(VFIO_CCW_ISC);
ret = css_driver_register(_ccw_sch_driver);
-   if (ret)
+   if (ret) {
isc_unregister(VFIO_CCW_ISC);
+   destroy_workqueue(vfio_ccw_work_q);
+   }
 
return ret;
 }
@@ -382,6 +391,7 @@ 

[Qemu-devel] [PATCH RFC v2 11/15] vfio: ccw: introduce ioctls to get/set VFIO_CCW_IO_IRQ

[Dong Jia Shi]

Realize VFIO_DEVICE_GET_IRQ_INFO ioctl to retrieve
VFIO_CCW_IO_IRQ information.

Realize VFIO_DEVICE_SET_IRQS ioctl to set an eventfd fd for
VFIO_CCW_IO_IRQ. Once a write operation to the ccw_io_region
was performed, trigger a signal on this fd.

Signed-off-by: Dong Jia Shi 
Reviewed-by: Pierre Morel 
---
 drivers/s390/cio/vfio_ccw_ops.c | 125 +++-
 drivers/s390/cio/vfio_ccw_private.h |   4 ++
 include/uapi/linux/vfio.h   |  10 ++-
 3 files changed, 136 insertions(+), 3 deletions(-)

diff --git a/drivers/s390/cio/vfio_ccw_ops.c b/drivers/s390/cio/vfio_ccw_ops.c
index b702735..3c47eb6 100644
--- a/drivers/s390/cio/vfio_ccw_ops.c
+++ b/drivers/s390/cio/vfio_ccw_ops.c
@@ -203,6 +203,9 @@ static ssize_t vfio_ccw_mdev_write(struct mdev_device *mdev,
if (region->ret_code != 0)
return region->ret_code;
 
+   if (private->io_trigger)
+   eventfd_signal(private->io_trigger, 1);
+
return count;
 }
 
@@ -211,7 +214,7 @@ static int vfio_ccw_mdev_get_device_info(struct mdev_device 
*mdev,
 {
info->flags = VFIO_DEVICE_FLAGS_CCW | VFIO_DEVICE_FLAGS_RESET;
info->num_regions = VFIO_CCW_NUM_REGIONS;
-   info->num_irqs = 0;
+   info->num_irqs = VFIO_CCW_NUM_IRQS;
 
return 0;
 }
@@ -233,6 +236,84 @@ static int vfio_ccw_mdev_get_region_info(struct 
mdev_device *mdev,
}
 }
 
+int vfio_ccw_mdev_get_irq_info(struct mdev_device *mdev,
+  struct vfio_irq_info *info)
+{
+   if (info->index != VFIO_CCW_IO_IRQ_INDEX)
+   return -EINVAL;
+
+   info->count = VFIO_CCW_NUM_IRQS;
+   info->flags = VFIO_IRQ_INFO_EVENTFD | VFIO_IRQ_INFO_NORESIZE;
+
+   return 0;
+}
+
+static int vfio_ccw_mdev_set_irqs(struct mdev_device *mdev,
+ uint32_t flags,
+ void __user *data)
+{
+   struct vfio_ccw_private *private;
+   struct eventfd_ctx **ctx;
+
+   if (!(flags & VFIO_IRQ_SET_ACTION_TRIGGER))
+   return -EINVAL;
+
+   private = dev_get_drvdata(mdev->dev.parent);
+   if (!private)
+   return -ENODEV;
+
+   ctx = >io_trigger;
+
+   switch (flags & VFIO_IRQ_SET_DATA_TYPE_MASK) {
+   case VFIO_IRQ_SET_DATA_NONE:
+   {
+   if (*ctx)
+   eventfd_signal(*ctx, 1);
+   return 0;
+   }
+   case VFIO_IRQ_SET_DATA_BOOL:
+   {
+   uint8_t trigger;
+
+   if (get_user(trigger, (uint8_t __user *)data))
+   return -EFAULT;
+
+   if (trigger && *ctx)
+   eventfd_signal(*ctx, 1);
+   return 0;
+   }
+   case VFIO_IRQ_SET_DATA_EVENTFD:
+   {
+   int32_t fd;
+
+   if (get_user(fd, (int32_t __user *)data))
+   return -EFAULT;
+
+   if (fd == -1) {
+   if (*ctx)
+   eventfd_ctx_put(*ctx);
+   *ctx = NULL;
+   } else if (fd >= 0) {
+   struct eventfd_ctx *efdctx;
+
+   efdctx = eventfd_ctx_fdget(fd);
+   if (IS_ERR(efdctx))
+   return PTR_ERR(efdctx);
+
+   if (*ctx)
+   eventfd_ctx_put(*ctx);
+
+   *ctx = efdctx;
+   } else
+   return -EINVAL;
+
+   return 0;
+   }
+   default:
+   return -EINVAL;
+   }
+}
+
 static ssize_t vfio_ccw_mdev_ioctl(struct mdev_device *mdev,
   unsigned int cmd,
   unsigned long arg)
@@ -281,6 +362,48 @@ static ssize_t vfio_ccw_mdev_ioctl(struct mdev_device 
*mdev,
 
return copy_to_user((void __user *)arg, , minsz);
}
+   case VFIO_DEVICE_GET_IRQ_INFO:
+   {
+   struct vfio_irq_info info;
+
+   minsz = offsetofend(struct vfio_irq_info, count);
+
+   if (copy_from_user(, (void __user *)arg, minsz))
+   return -EFAULT;
+
+   if (info.argsz < minsz || info.index >= VFIO_CCW_NUM_IRQS)
+   return -EINVAL;
+
+   ret = vfio_ccw_mdev_get_irq_info(mdev, );
+   if (ret)
+   return ret;
+
+   if (info.count == -1)
+   return -EINVAL;
+
+   return copy_to_user((void __user *)arg, , minsz);
+   }
+   case VFIO_DEVICE_SET_IRQS:
+   {
+   struct vfio_irq_set hdr;
+   size_t data_size;
+   void __user *data;
+
+   minsz = offsetofend(struct vfio_irq_set, count);
+
+   if (copy_from_user(, (void __user *)arg, minsz))
+   return -EFAULT;

[Qemu-devel] [PATCH RFC v2 05/15] vfio: ccw: introduce ccwprogram interfaces

[Dong Jia Shi]

Introduce ccwchain structure and helper functions that can be used to
handle a ccw programs issued from a virtual machine.

The following limitations apply:
1. Supports only prefetch enabled mode.
2. Supports idal(c64) ccw chaining.
3. Supports 4k idaw.
4. Supports ccw1.
5. Supports direct ccw chaining by translating them to idal ccws.

CCW translation requires to leverage the vfio_(un)pin_pages interfaces
to pin/unpin sets of mem pages frequently. Currently we have a lack of
support to do this in an efficient way. So we introduce pfn_array data
structure and helper functions to handle pin/unpin operations here.

Signed-off-by: Dong Jia Shi 
---
 drivers/s390/cio/Makefile  |   2 +-
 drivers/s390/cio/vfio_ccw_cp.c | 815 +
 drivers/s390/cio/vfio_ccw_cp.h |  45 +++
 3 files changed, 861 insertions(+), 1 deletion(-)
 create mode 100644 drivers/s390/cio/vfio_ccw_cp.c
 create mode 100644 drivers/s390/cio/vfio_ccw_cp.h

diff --git a/drivers/s390/cio/Makefile b/drivers/s390/cio/Makefile
index 3d7390e..1bec279 100644
--- a/drivers/s390/cio/Makefile
+++ b/drivers/s390/cio/Makefile
@@ -18,5 +18,5 @@ obj-$(CONFIG_CCWGROUP) += ccwgroup.o
 qdio-objs := qdio_main.o qdio_thinint.o qdio_debug.o qdio_setup.o
 obj-$(CONFIG_QDIO) += qdio.o
 
-vfio_ccw-objs += vfio_ccw_drv.o
+vfio_ccw-objs += vfio_ccw_drv.o vfio_ccw_cp.o
 obj-$(CONFIG_VFIO_CCW) += vfio_ccw.o
diff --git a/drivers/s390/cio/vfio_ccw_cp.c b/drivers/s390/cio/vfio_ccw_cp.c
new file mode 100644
index 000..b81aff3
--- /dev/null
+++ b/drivers/s390/cio/vfio_ccw_cp.c
@@ -0,0 +1,815 @@
+/*
+ * ccwprogram interfaces
+ *
+ * Copyright IBM Corp. 2017
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License (version 2 only)
+ * as published by the Free Software Foundation.
+ *
+ * Author(s): Dong Jia Shi 
+ *Xiao Feng Ren 
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "vfio_ccw_cp.h"
+
+/*
+ * Max length for ccw chain.
+ * XXX: Limit to 256, need to check more?
+ */
+#define CCWCHAIN_LEN_MAX   256
+
+struct pfn_array {
+   unsigned long   pa_iova;
+   unsigned long   *pa_iova_pfn;
+   unsigned long   *pa_pfn;
+   int pa_nr;
+};
+
+struct pfn_array_table {
+   struct pfn_array*pat_pa;
+   int pat_nr;
+};
+
+struct ccwchain {
+   struct list_headnext;
+   struct ccw1 *ch_ccw;
+   /* Guest physical address of the current chain. */
+   u64 ch_iova;
+   /* Count of the valid ccws in chain. */
+   int ch_len;
+   /* Pinned PAGEs for the original data. */
+   struct pfn_array_table  *ch_pat;
+};
+
+/*
+ * pfn_array_pin() - pin user pages in memory
+ * @pa: pfn_array on which to perform the operation
+ * @mdev: the mediated device to perform pin/unpin operations
+ *
+ * Attempt to pin user pages in memory.
+ *
+ * Usage of pfn_array:
+ * @pa->pa_iova starting guest physical I/O address. Assigned by caller.
+ * @pa->pa_iova_pfn array that stores PFNs of the pages need to pin. Allocated
+ *  by caller.
+ * @pa->pa_pfn  array that receives PFNs of the pages pinned. Allocated by
+ *  caller.
+ * @pa->pa_nr   number of pages from @pa->pa_iova to pin. Assigned by
+ *  caller.
+ *  number of pages pinned. Assigned by callee.
+ *
+ * Returns:
+ *   Number of pages pinned on success.
+ *   If @pa->pa_nr is 0 or negative, returns 0.
+ *   If no pages were pinned, returns -errno.
+ */
+static int pfn_array_pin(struct pfn_array *pa, struct device *mdev)
+{
+   int i, ret;
+
+   if (pa->pa_nr <= 0) {
+   pa->pa_nr = 0;
+   return 0;
+   }
+
+   pa->pa_iova_pfn[0] = pa->pa_iova >> PAGE_SHIFT;
+   for (i = 1; i < pa->pa_nr; i++)
+   pa->pa_iova_pfn[i] = pa->pa_iova_pfn[i - 1] + 1;
+
+   ret = vfio_pin_pages(mdev, pa->pa_iova_pfn, pa->pa_nr,
+IOMMU_READ | IOMMU_WRITE, pa->pa_pfn);
+
+   if (ret > 0 && ret != pa->pa_nr) {
+   vfio_unpin_pages(mdev, pa->pa_iova_pfn, ret);
+   pa->pa_nr = 0;
+   return 0;
+   }
+
+   return ret;
+}
+
+/* Unpin the pages before releasing the memory. */
+static void pfn_array_unpin_free(struct pfn_array *pa, struct device *mdev)
+{
+   vfio_unpin_pages(mdev, pa->pa_iova_pfn, pa->pa_nr);
+   pa->pa_nr = 0;
+   kfree(pa->pa_iova_pfn);
+}
+
+/* Alloc memory for PFNs, then pin pages with them. */
+static int pfn_array_alloc_pin(struct pfn_array *pa, struct device *mdev,
+  u64 iova, unsigned int len)
+{
+   int ret = 0;
+
+   if (!len || pa->pa_nr)
+   return -EINVAL;
+
+ 

[Qemu-devel] [PATCH RFC v2 08/15] vfio: ccw: handle ccw command request

[Dong Jia Shi]

We implement the basic ccw command handling infrastructure
here:
1. Translate the ccw commands.
2. Issue the translated ccw commands to the device.
3. Once we get the execution result, update the guest SCSW
   with it.

Signed-off-by: Dong Jia Shi 
Acked-by: Pierre Morel 
---
 drivers/s390/cio/vfio_ccw_drv.c | 115 
 drivers/s390/cio/vfio_ccw_ops.c |  24 ++--
 drivers/s390/cio/vfio_ccw_private.h |  14 +
 3 files changed, 149 insertions(+), 4 deletions(-)

diff --git a/drivers/s390/cio/vfio_ccw_drv.c b/drivers/s390/cio/vfio_ccw_drv.c
index ef34b15..595dcb4 100644
--- a/drivers/s390/cio/vfio_ccw_drv.c
+++ b/drivers/s390/cio/vfio_ccw_drv.c
@@ -15,9 +15,13 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 
 #include 
 
+#include "ioasm.h"
+#include "css.h"
 #include "vfio_ccw_private.h"
 
 /*
@@ -63,6 +67,109 @@ int vfio_ccw_sch_quiesce(struct subchannel *sch)
return ret;
 }
 
+static int doing_io(struct vfio_ccw_private *private, u32 intparm)
+{
+   return (private->intparm == intparm);
+}
+
+static int vfio_ccw_sch_io_helper(struct vfio_ccw_private *private)
+{
+   struct subchannel *sch;
+   union orb *orb;
+   int ccode;
+   __u8 lpm;
+   u32 intparm;
+
+   sch = private->sch;
+
+   orb = cp_get_orb(>cp, (u32)(addr_t)sch, sch->lpm);
+
+   /* Issue "Start Subchannel" */
+   ccode = ssch(sch->schid, orb);
+
+   switch (ccode) {
+   case 0:
+   /*
+* Initialize device status information
+*/
+   sch->schib.scsw.cmd.actl |= SCSW_ACTL_START_PEND;
+   break;
+   case 1: /* Status pending */
+   case 2: /* Busy */
+   return -EBUSY;
+   case 3: /* Device/path not operational */
+   {
+   lpm = orb->cmd.lpm;
+   if (lpm != 0)
+   sch->lpm &= ~lpm;
+   else
+   sch->lpm = 0;
+
+   if (cio_update_schib(sch))
+   return -ENODEV;
+
+   return sch->lpm ? -EACCES : -ENODEV;
+   }
+   default:
+   return ccode;
+   }
+
+   intparm = (u32)(addr_t)sch;
+   private->intparm = 0;
+   wait_event(private->wait_q, doing_io(private, intparm));
+
+   if (scsw_is_solicited(>irb.scsw))
+   cp_update_scsw(>cp, >irb.scsw);
+
+   return 0;
+}
+
+/* Deal with the ccw command request from the userspace. */
+int vfio_ccw_sch_cmd_request(struct vfio_ccw_private *private)
+{
+   struct mdev_device *mdev = private->mdev;
+   union orb *orb;
+   union scsw *scsw = >scsw;
+   struct irb *irb = >irb;
+   struct ccw_io_region *io_region = >io_region;
+   int ret;
+
+   memcpy(scsw, io_region->scsw_area, sizeof(*scsw));
+
+   if (scsw->cmd.fctl & SCSW_FCTL_START_FUNC) {
+   orb = (union orb *)io_region->orb_area;
+
+   ret = cp_init(>cp, >dev, orb);
+   if (ret)
+   return ret;
+
+   ret = cp_prefetch(>cp);
+   if (ret) {
+   cp_free(>cp);
+   return ret;
+   }
+
+   /* Start channel program and wait for I/O interrupt. */
+   ret = vfio_ccw_sch_io_helper(private);
+   if (!ret) {
+   /* Get irb info and copy it to irb_area. */
+   memcpy(io_region->irb_area, irb, sizeof(*irb));
+   }
+
+   cp_free(>cp);
+   } else if (scsw->cmd.fctl & SCSW_FCTL_HALT_FUNC) {
+   /* XXX: Handle halt. */
+   ret = -EOPNOTSUPP;
+   } else if (scsw->cmd.fctl & SCSW_FCTL_CLEAR_FUNC) {
+   /* XXX: Handle clear. */
+   ret = -EOPNOTSUPP;
+   } else {
+   ret = -EOPNOTSUPP;
+   }
+
+   return ret;
+}
+
 /*
  * Sysfs interfaces
  */
@@ -117,12 +224,18 @@ static struct attribute_group vfio_subchannel_attr_group 
= {
 static void vfio_ccw_sch_irq(struct subchannel *sch)
 {
struct vfio_ccw_private *private = dev_get_drvdata(>dev);
+   struct irb *irb;
 
inc_irq_stat(IRQIO_CIO);
 
if (!private)
return;
 
+   irb = this_cpu_ptr(_irb);
+   memcpy(>irb, irb, sizeof(*irb));
+   private->intparm = (u32)(addr_t)sch;
+   wake_up(>wait_q);
+
if (private->completion)
complete(private->completion);
 }
@@ -160,6 +273,8 @@ static int vfio_ccw_sch_probe(struct subchannel *sch)
if (ret)
goto out_rm_group;
 
+   init_waitqueue_head(>wait_q);
+
return 0;
 
 out_rm_group:
diff --git a/drivers/s390/cio/vfio_ccw_ops.c b/drivers/s390/cio/vfio_ccw_ops.c
index d68a296..360ba47 100644
--- a/drivers/s390/cio/vfio_ccw_ops.c
+++ b/drivers/s390/cio/vfio_ccw_ops.c
@@ -30,12 +30,25 @@ 

[Qemu-devel] [PATCH RFC v2 09/15] vfio: ccw: realize VFIO_DEVICE_GET_REGION_INFO

[Dong Jia Shi]

Introduce device information about vfio-ccw: VFIO_DEVICE_FLAGS_CCW.
Realize VFIO_DEVICE_GET_REGION_INFO ioctl for vfio-ccw.

Signed-off-by: Dong Jia Shi 
Reviewed-by: Pierre Morel 
---
 drivers/s390/cio/vfio_ccw_ops.c | 81 +
 include/uapi/linux/vfio.h   | 11 ++
 2 files changed, 92 insertions(+)

diff --git a/drivers/s390/cio/vfio_ccw_ops.c b/drivers/s390/cio/vfio_ccw_ops.c
index 360ba47..5c60cda 100644
--- a/drivers/s390/cio/vfio_ccw_ops.c
+++ b/drivers/s390/cio/vfio_ccw_ops.c
@@ -190,6 +190,86 @@ static ssize_t vfio_ccw_mdev_write(struct mdev_device 
*mdev,
return count;
 }
 
+static int vfio_ccw_mdev_get_device_info(struct mdev_device *mdev,
+struct vfio_device_info *info)
+{
+   info->flags = VFIO_DEVICE_FLAGS_CCW;
+   info->num_regions = VFIO_CCW_NUM_REGIONS;
+   info->num_irqs = 0;
+
+   return 0;
+}
+
+static int vfio_ccw_mdev_get_region_info(struct mdev_device *mdev,
+struct vfio_region_info *info,
+u16 *cap_type_id,
+void **cap_type)
+{
+   switch (info->index) {
+   case VFIO_CCW_CONFIG_REGION_INDEX:
+   info->offset = 0;
+   info->size = sizeof(struct ccw_io_region);
+   info->flags = VFIO_REGION_INFO_FLAG_READ
+ | VFIO_REGION_INFO_FLAG_WRITE;
+   return 0;
+   default:
+   return -EINVAL;
+   }
+}
+
+static ssize_t vfio_ccw_mdev_ioctl(struct mdev_device *mdev,
+  unsigned int cmd,
+  unsigned long arg)
+{
+   int ret = 0;
+   unsigned long minsz;
+
+   switch (cmd) {
+   case VFIO_DEVICE_GET_INFO:
+   {
+   struct vfio_device_info info;
+
+   minsz = offsetofend(struct vfio_device_info, num_irqs);
+
+   if (copy_from_user(, (void __user *)arg, minsz))
+   return -EFAULT;
+
+   if (info.argsz < minsz)
+   return -EINVAL;
+
+   ret = vfio_ccw_mdev_get_device_info(mdev, );
+   if (ret)
+   return ret;
+
+   return copy_to_user((void __user *)arg, , minsz);
+   }
+   case VFIO_DEVICE_GET_REGION_INFO:
+   {
+   struct vfio_region_info info;
+   u16 cap_type_id = 0;
+   void *cap_type = NULL;
+
+   minsz = offsetofend(struct vfio_region_info, offset);
+
+   if (copy_from_user(, (void __user *)arg, minsz))
+   return -EFAULT;
+
+   if (info.argsz < minsz)
+   return -EINVAL;
+
+   ret = vfio_ccw_mdev_get_region_info(mdev, ,
+   _type_id,
+   _type);
+   if (ret)
+   return ret;
+
+   return copy_to_user((void __user *)arg, , minsz);
+   }
+   default:
+   return -ENOTTY;
+   }
+}
+
 static const struct parent_ops vfio_ccw_mdev_ops = {
.owner  = THIS_MODULE,
.supported_type_groups  = mdev_type_groups,
@@ -199,6 +279,7 @@ static const struct parent_ops vfio_ccw_mdev_ops = {
.release= vfio_ccw_mdev_release,
.read   = vfio_ccw_mdev_read,
.write  = vfio_ccw_mdev_write,
+   .ioctl  = vfio_ccw_mdev_ioctl,
 };
 
 int vfio_ccw_mdev_reg(struct subchannel *sch)
diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h
index 6183789..3fd70ff 100644
--- a/include/uapi/linux/vfio.h
+++ b/include/uapi/linux/vfio.h
@@ -198,6 +198,7 @@ struct vfio_device_info {
 #define VFIO_DEVICE_FLAGS_PCI  (1 << 1)/* vfio-pci device */
 #define VFIO_DEVICE_FLAGS_PLATFORM (1 << 2)/* vfio-platform device */
 #define VFIO_DEVICE_FLAGS_AMBA  (1 << 3)   /* vfio-amba device */
+#define VFIO_DEVICE_FLAGS_CCW  (1 << 4)/* vfio-ccw device */
__u32   num_regions;/* Max region index + 1 */
__u32   num_irqs;   /* Max IRQ index + 1 */
 };
@@ -447,6 +448,16 @@ enum {
VFIO_PCI_NUM_IRQS
 };
 
+/*
+ * The vfio-ccw bus driver makes use of the following fixed region.
+ * Unimplemented regions return a size of zero.
+ */
+
+enum {
+   VFIO_CCW_CONFIG_REGION_INDEX,
+   VFIO_CCW_NUM_REGIONS
+};
+
 /**
  * VFIO_DEVICE_GET_PCI_HOT_RESET_INFO - _IORW(VFIO_TYPE, VFIO_BASE + 12,
  *   struct vfio_pci_hot_reset_info)
-- 
2.8.4

[Qemu-devel] [PATCH RFC v2 06/15] vfio: ccw: register vfio_ccw to the mediated device framework

[Dong Jia Shi]

To make vfio support subchannel devices, we need to leverage the
mediated device framework to create a mediated device for the
subchannel device.

This registers the subchannel device to the mediated device
framework during probe to enable mediated device creation.

Signed-off-by: Dong Jia Shi 
Reviewed-by: Pierre Morel 
---
 arch/s390/Kconfig   |   2 +-
 drivers/s390/cio/Makefile   |   2 +-
 drivers/s390/cio/vfio_ccw_drv.c |  10 ++-
 drivers/s390/cio/vfio_ccw_ops.c | 149 
 drivers/s390/cio/vfio_ccw_private.h |   9 +++
 5 files changed, 169 insertions(+), 3 deletions(-)
 create mode 100644 drivers/s390/cio/vfio_ccw_ops.c

diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index b920df8..32008b8 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -673,7 +673,7 @@ config EADM_SCH
 config VFIO_CCW
def_tristate n
prompt "Support for VFIO-CCW subchannels"
-   depends on S390_CCW_IOMMU && VFIO
+   depends on S390_CCW_IOMMU && VFIO_MDEV
help
  This driver allows usage of VFIO-CCW subchannels.
 
diff --git a/drivers/s390/cio/Makefile b/drivers/s390/cio/Makefile
index 1bec279..b0586b2 100644
--- a/drivers/s390/cio/Makefile
+++ b/drivers/s390/cio/Makefile
@@ -18,5 +18,5 @@ obj-$(CONFIG_CCWGROUP) += ccwgroup.o
 qdio-objs := qdio_main.o qdio_thinint.o qdio_debug.o qdio_setup.o
 obj-$(CONFIG_QDIO) += qdio.o
 
-vfio_ccw-objs += vfio_ccw_drv.o vfio_ccw_cp.o
+vfio_ccw-objs += vfio_ccw_drv.o vfio_ccw_cp.o vfio_ccw_ops.o
 obj-$(CONFIG_VFIO_CCW) += vfio_ccw.o
diff --git a/drivers/s390/cio/vfio_ccw_drv.c b/drivers/s390/cio/vfio_ccw_drv.c
index 5759d2a..ef34b15 100644
--- a/drivers/s390/cio/vfio_ccw_drv.c
+++ b/drivers/s390/cio/vfio_ccw_drv.c
@@ -23,7 +23,7 @@
 /*
  * Helpers
  */
-static int vfio_ccw_sch_quiesce(struct subchannel *sch)
+int vfio_ccw_sch_quiesce(struct subchannel *sch)
 {
struct vfio_ccw_private *private = dev_get_drvdata(>dev);
DECLARE_COMPLETION_ONSTACK(completion);
@@ -156,8 +156,14 @@ static int vfio_ccw_sch_probe(struct subchannel *sch)
if (ret)
goto out_disable;
 
+   ret = vfio_ccw_mdev_reg(sch);
+   if (ret)
+   goto out_rm_group;
+
return 0;
 
+out_rm_group:
+   sysfs_remove_group(>dev.kobj, _subchannel_attr_group);
 out_disable:
cio_disable_subchannel(sch);
 out_free:
@@ -172,6 +178,8 @@ static int vfio_ccw_sch_remove(struct subchannel *sch)
 
vfio_ccw_sch_quiesce(sch);
 
+   vfio_ccw_mdev_unreg(sch);
+
sysfs_remove_group(>dev.kobj, _subchannel_attr_group);
 
dev_set_drvdata(>dev, NULL);
diff --git a/drivers/s390/cio/vfio_ccw_ops.c b/drivers/s390/cio/vfio_ccw_ops.c
new file mode 100644
index 000..6031a10
--- /dev/null
+++ b/drivers/s390/cio/vfio_ccw_ops.c
@@ -0,0 +1,149 @@
+/*
+ * Physical device callbacks for vfio_ccw
+ *
+ * Copyright IBM Corp. 2017
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License (version 2 only)
+ * as published by the Free Software Foundation.
+ *
+ * Author(s): Dong Jia Shi 
+ *Xiao Feng Ren 
+ */
+
+#include 
+#include 
+
+#include "vfio_ccw_private.h"
+
+#define MAX_INSTANCES  1
+static int available_instances = MAX_INSTANCES;
+
+static int vfio_ccw_mdev_notifier(struct notifier_block *nb,
+ unsigned long action,
+ void *data)
+{
+   struct vfio_ccw_private *private =
+   container_of(nb, struct vfio_ccw_private, nb);
+
+   if (!private)
+   return NOTIFY_STOP;
+
+   /*
+* TODO:
+* Vendor drivers MUST unpin pages in response to an
+* invalidation.
+*/
+   if (action == VFIO_IOMMU_NOTIFY_DMA_UNMAP)
+   return NOTIFY_BAD;
+
+   return NOTIFY_DONE;
+}
+
+static ssize_t name_show(struct kobject *kobj, struct device *dev, char *buf)
+{
+   return sprintf(buf, "I/O subchannel (Non-QDIO)\n");
+}
+MDEV_TYPE_ATTR_RO(name);
+
+static ssize_t device_api_show(struct kobject *kobj, struct device *dev,
+  char *buf)
+{
+   return sprintf(buf, "%s\n", VFIO_DEVICE_API_CCW_STRING);
+}
+MDEV_TYPE_ATTR_RO(device_api);
+
+static ssize_t available_instances_show(struct kobject *kobj,
+   struct device *dev, char *buf)
+{
+   return sprintf(buf, "%d\n", available_instances);
+}
+MDEV_TYPE_ATTR_RO(available_instances);
+
+static struct attribute *mdev_types_attrs[] = {
+   _type_attr_name.attr,
+   _type_attr_device_api.attr,
+   _type_attr_available_instances.attr,
+   NULL,
+};
+
+static struct attribute_group mdev_type_group = {
+   .name  = "io",
+   .attrs = mdev_types_attrs,
+};
+
+struct attribute_group 

[Qemu-devel] [PATCH RFC v2 10/15] vfio: ccw: realize VFIO_DEVICE_RESET ioctl

[Dong Jia Shi]

Introduce VFIO_DEVICE_RESET ioctl for vfio-ccw to make it possible
to hot-reset the device.

We try to achieve a reset by first disabling the subchannel and
then enabling it again: this should clear all state at the subchannel.

Signed-off-by: Dong Jia Shi 
---
 drivers/s390/cio/vfio_ccw_ops.c | 42 +
 1 file changed, 30 insertions(+), 12 deletions(-)

diff --git a/drivers/s390/cio/vfio_ccw_ops.c b/drivers/s390/cio/vfio_ccw_ops.c
index 5c60cda..b702735 100644
--- a/drivers/s390/cio/vfio_ccw_ops.c
+++ b/drivers/s390/cio/vfio_ccw_ops.c
@@ -19,6 +19,31 @@
 #define MAX_INSTANCES  1
 static int available_instances = MAX_INSTANCES;
 
+static int vfio_ccw_mdev_reset(struct mdev_device *mdev)
+{
+   struct vfio_ccw_private *private = dev_get_drvdata(mdev->dev.parent);
+   struct subchannel *sch;
+   int ret;
+
+   if (!private)
+   return -ENODEV;
+
+   sch = private->sch;
+   /*
+* TODO:
+* In the cureent stage, some things like "no I/O running" and "no
+* interrupt pending" are clear, but we are not sure what other state
+* we need to care about.
+* There are still a lot more instructions need to be handled. We
+* should come back here later.
+*/
+   ret = vfio_ccw_sch_quiesce(sch);
+   if (ret)
+   return ret;
+
+   return cio_enable_subchannel(sch, (u32)(unsigned long)sch);
+}
+
 static int vfio_ccw_mdev_notifier(struct notifier_block *nb,
  unsigned long action,
  void *data)
@@ -35,15 +60,11 @@ static int vfio_ccw_mdev_notifier(struct notifier_block *nb,
 */
if (action == VFIO_IOMMU_NOTIFY_DMA_UNMAP) {
struct vfio_iommu_type1_dma_unmap *unmap = data;
-   struct subchannel *sch = private->sch;
 
if (!cp_iova_pinned(>cp, unmap->iova))
return NOTIFY_OK;
 
-   if (vfio_ccw_sch_quiesce(sch))
-   return NOTIFY_BAD;
-
-   if (cio_enable_subchannel(sch, (u32)(unsigned long)sch))
+   if (vfio_ccw_mdev_reset(private->mdev))
return NOTIFY_BAD;
 
cp_free(>cp);
@@ -107,14 +128,9 @@ static int vfio_ccw_mdev_create(struct kobject *kobj, 
struct mdev_device *mdev)
 static int vfio_ccw_mdev_remove(struct mdev_device *mdev)
 {
struct vfio_ccw_private *private = dev_get_drvdata(mdev->parent->dev);
-   struct subchannel *sch;
int ret;
 
-   sch = private->sch;
-   ret = vfio_ccw_sch_quiesce(sch);
-   if (ret)
-   return ret;
-   ret = cio_enable_subchannel(sch, (u32)(unsigned long)sch);
+   ret = vfio_ccw_mdev_reset(mdev);
if (ret)
return ret;
 
@@ -193,7 +209,7 @@ static ssize_t vfio_ccw_mdev_write(struct mdev_device *mdev,
 static int vfio_ccw_mdev_get_device_info(struct mdev_device *mdev,
 struct vfio_device_info *info)
 {
-   info->flags = VFIO_DEVICE_FLAGS_CCW;
+   info->flags = VFIO_DEVICE_FLAGS_CCW | VFIO_DEVICE_FLAGS_RESET;
info->num_regions = VFIO_CCW_NUM_REGIONS;
info->num_irqs = 0;
 
@@ -265,6 +281,8 @@ static ssize_t vfio_ccw_mdev_ioctl(struct mdev_device *mdev,
 
return copy_to_user((void __user *)arg, , minsz);
}
+   case VFIO_DEVICE_RESET:
+   return vfio_ccw_mdev_reset(mdev);
default:
return -ENOTTY;
}
-- 
2.8.4

[Qemu-devel] [PATCH RFC v2 02/15] s390: cio: export more interfaces

[Dong Jia Shi]

Export the common I/O interfaces those are needed by an I/O
subchannel driver to actually talk to the subchannel.

Signed-off-by: Dong Jia Shi 
Reviewed-by: Pierre Morel 
---
 drivers/s390/cio/cio.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/drivers/s390/cio/cio.c b/drivers/s390/cio/cio.c
index 8f86072..f725461 100644
--- a/drivers/s390/cio/cio.c
+++ b/drivers/s390/cio/cio.c
@@ -170,12 +170,14 @@ cio_start_key (struct subchannel *sch,/* subchannel 
structure */
return ccode;
}
 }
+EXPORT_SYMBOL_GPL(cio_start_key);
 
 int
 cio_start (struct subchannel *sch, struct ccw1 *cpa, __u8 lpm)
 {
return cio_start_key(sch, cpa, lpm, PAGE_DEFAULT_KEY);
 }
+EXPORT_SYMBOL_GPL(cio_start);
 
 /*
  * resume suspended I/O operation
@@ -208,6 +210,7 @@ cio_resume (struct subchannel *sch)
return -ENODEV;
}
 }
+EXPORT_SYMBOL_GPL(cio_resume);
 
 /*
  * halt I/O operation
@@ -241,6 +244,7 @@ cio_halt(struct subchannel *sch)
return -ENODEV;
}
 }
+EXPORT_SYMBOL_GPL(cio_halt);
 
 /*
  * Clear I/O operation
@@ -271,6 +275,7 @@ cio_clear(struct subchannel *sch)
return -ENODEV;
}
 }
+EXPORT_SYMBOL_GPL(cio_clear);
 
 /*
  * Function: cio_cancel
@@ -308,6 +313,7 @@ cio_cancel (struct subchannel *sch)
return -ENODEV;
}
 }
+EXPORT_SYMBOL_GPL(cio_cancel);
 
 /**
  * cio_cancel_halt_clear - Cancel running I/O by performing cancel, halt
@@ -368,6 +374,7 @@ int cio_cancel_halt_clear(struct subchannel *sch, int 
*iretry)
/* Function was unsuccessful */
return -EIO;
 }
+EXPORT_SYMBOL_GPL(cio_cancel_halt_clear);
 
 static void cio_apply_config(struct subchannel *sch, struct schib *schib)
 {
@@ -441,6 +448,7 @@ int cio_commit_config(struct subchannel *sch)
}
return ret;
 }
+EXPORT_SYMBOL_GPL(cio_commit_config);
 
 /**
  * cio_update_schib - Perform stsch and update schib if subchannel is valid.
@@ -1046,6 +1054,7 @@ int cio_tm_start_key(struct subchannel *sch, struct tcw 
*tcw, u8 lpm, u8 key)
return cio_start_handle_notoper(sch, lpm);
}
 }
+EXPORT_SYMBOL_GPL(cio_tm_start_key);
 
 /**
  * cio_tm_intrg - perform interrogate function
@@ -1071,3 +1080,4 @@ int cio_tm_intrg(struct subchannel *sch)
return -ENODEV;
}
 }
+EXPORT_SYMBOL_GPL(cio_tm_intrg);
-- 
2.8.4

[Qemu-devel] [PATCH RFC v2 03/15] vfio: ccw: define device_api strings

[Dong Jia Shi]

Define vfio-ccw device API strings. CCW vendor driver using mediated
device framework should use this string for device_api attribute.

Signed-off-by: Dong Jia Shi 
Reviewed-by: Pierre Morel 
---
 include/uapi/linux/vfio.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h
index 519eff3..6183789 100644
--- a/include/uapi/linux/vfio.h
+++ b/include/uapi/linux/vfio.h
@@ -212,6 +212,7 @@ struct vfio_device_info {
 #define VFIO_DEVICE_API_PCI_STRING "vfio-pci"
 #define VFIO_DEVICE_API_PLATFORM_STRING"vfio-platform"
 #define VFIO_DEVICE_API_AMBA_STRING"vfio-amba"
+#define VFIO_DEVICE_API_CCW_STRING "vfio-ccw"
 
 /**
  * VFIO_DEVICE_GET_REGION_INFO - _IOWR(VFIO_TYPE, VFIO_BASE + 8,
-- 
2.8.4

[Qemu-devel] [PATCH RFC v2 04/15] vfio: ccw: basic implementation for vfio_ccw driver

[Dong Jia Shi]

To make vfio support subchannel devices, we need a css driver for
the vfio subchannels. This patch adds a basic vfio-ccw subchannel
driver for this purpose.

To enable VFIO for vfio-ccw, enable S390_CCW_IOMMU config option
and configure VFIO as required.

Signed-off-by: Dong Jia Shi 
Acked-by: Pierre Morel 
---
 arch/s390/Kconfig   |  10 ++
 arch/s390/include/asm/isc.h |   1 +
 drivers/iommu/Kconfig   |   8 ++
 drivers/s390/cio/Makefile   |   3 +
 drivers/s390/cio/vfio_ccw_drv.c | 266 
 drivers/s390/cio/vfio_ccw_private.h |  29 
 6 files changed, 317 insertions(+)
 create mode 100644 drivers/s390/cio/vfio_ccw_drv.c
 create mode 100644 drivers/s390/cio/vfio_ccw_private.h

diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index c6722112..b920df8 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -670,6 +670,16 @@ config EADM_SCH
  To compile this driver as a module, choose M here: the
  module will be called eadm_sch.
 
+config VFIO_CCW
+   def_tristate n
+   prompt "Support for VFIO-CCW subchannels"
+   depends on S390_CCW_IOMMU && VFIO
+   help
+ This driver allows usage of VFIO-CCW subchannels.
+
+ To compile this driver as a module, choose M here: the
+ module will be called vfio_ccw.
+
 endmenu
 
 menu "Dump support"
diff --git a/arch/s390/include/asm/isc.h b/arch/s390/include/asm/isc.h
index 68d7d68..8a0b721 100644
--- a/arch/s390/include/asm/isc.h
+++ b/arch/s390/include/asm/isc.h
@@ -16,6 +16,7 @@
 #define CONSOLE_ISC 1  /* console I/O subchannel */
 #define EADM_SCH_ISC 4 /* EADM subchannels */
 #define CHSC_SCH_ISC 7 /* CHSC subchannels */
+#define VFIO_CCW_ISC IO_SCH_ISC/* VFIO-CCW I/O subchannels */
 /* Adapter interrupts. */
 #define QDIO_AIRQ_ISC IO_SCH_ISC   /* I/O subchannel in qdio mode */
 #define PCI_ISC 2  /* PCI I/O subchannels */
diff --git a/drivers/iommu/Kconfig b/drivers/iommu/Kconfig
index 8ee54d7..a5626d4 100644
--- a/drivers/iommu/Kconfig
+++ b/drivers/iommu/Kconfig
@@ -327,6 +327,14 @@ config S390_IOMMU
help
  Support for the IOMMU API for s390 PCI devices.
 
+config S390_CCW_IOMMU
+   bool "S390 CCW IOMMU Support"
+   depends on S390 && CCW
+   select IOMMU_API
+   help
+ Enables bits of IOMMU API required by VFIO. The iommu_ops
+ is not implemented as it is not necessary for VFIO.
+
 config MTK_IOMMU
bool "MTK IOMMU Support"
depends on ARM || ARM64
diff --git a/drivers/s390/cio/Makefile b/drivers/s390/cio/Makefile
index 3ab9aed..3d7390e 100644
--- a/drivers/s390/cio/Makefile
+++ b/drivers/s390/cio/Makefile
@@ -17,3 +17,6 @@ obj-$(CONFIG_CCWGROUP) += ccwgroup.o
 
 qdio-objs := qdio_main.o qdio_thinint.o qdio_debug.o qdio_setup.o
 obj-$(CONFIG_QDIO) += qdio.o
+
+vfio_ccw-objs += vfio_ccw_drv.o
+obj-$(CONFIG_VFIO_CCW) += vfio_ccw.o
diff --git a/drivers/s390/cio/vfio_ccw_drv.c b/drivers/s390/cio/vfio_ccw_drv.c
new file mode 100644
index 000..5759d2a
--- /dev/null
+++ b/drivers/s390/cio/vfio_ccw_drv.c
@@ -0,0 +1,266 @@
+/*
+ * VFIO based Physical Subchannel device driver
+ *
+ * Copyright IBM Corp. 2017
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License (version 2 only)
+ * as published by the Free Software Foundation.
+ *
+ * Author(s): Dong Jia Shi 
+ *Xiao Feng Ren 
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+#include "vfio_ccw_private.h"
+
+/*
+ * Helpers
+ */
+static int vfio_ccw_sch_quiesce(struct subchannel *sch)
+{
+   struct vfio_ccw_private *private = dev_get_drvdata(>dev);
+   DECLARE_COMPLETION_ONSTACK(completion);
+   int iretry, ret = 0;
+
+   spin_lock_irq(sch->lock);
+   if (!sch->schib.pmcw.ena)
+   goto out_unlock;
+   ret = cio_disable_subchannel(sch);
+   if (ret != -EBUSY)
+   goto out_unlock;
+
+   do {
+   iretry = 255;
+
+   ret = cio_cancel_halt_clear(sch, );
+   while (ret == -EBUSY) {
+   /*
+* Flushing all I/O and wait the
+* cancel/halt/clear completion.
+*/
+   private->completion = 
+   spin_unlock_irq(sch->lock);
+
+   wait_for_completion();
+
+   spin_lock_irq(sch->lock);
+   private->completion = NULL;
+   ret = cio_cancel_halt_clear(sch, );
+   };
+
+   ret = cio_disable_subchannel(sch);
+   } while (ret == -EBUSY);
+
+out_unlock:
+   spin_unlock_irq(sch->lock);
+   return ret;
+}
+

[Qemu-devel] [PATCH RFC v2 00/15] basic vfio-ccw infrastructure

[Dong Jia Shi]

vfio-ccw: the basic infrastructure
==

Introduction


Here we describe the vfio support for I/O subchannel devices for
Linux/s390. Motivation for vfio-ccw is to passthrough subchannels to a
virtual machine, while vfio is the means.

Different than other hardware architectures, s390 has defined a unified
I/O access method, which is so called Channel I/O. It has its own access
patterns:
- Channel programs run asynchronously on a separate (co)processor.
- The channel subsystem will access any memory designated by the caller
  in the channel program directly, i.e. there is no iommu involved.
Thus when we introduce vfio support for these devices, we realize it
with a mediated device (mdev) implementation. The vfio mdev will be
added to an iommu group, so as to make itself able to be managed by the
vfio framework. And we add read/write callbacks for special vfio I/O
regions to pass the channel programs from the mdev to its parent device
(the real I/O subchannel device) to do further address translation and
to perform I/O instructions.

This document does not intend to explain the s390 I/O architecture in
every detail. More information/reference could be found here:
- A good start to know Channel I/O in general:
  https://en.wikipedia.org/wiki/Channel_I/O
- s390 architecture:
  s390 Principles of Operation manual (IBM Form. No. SA22-7832)
- The existing Qemu code which implements a simple emulated channel
  subsystem could also be a good reference. It makes it easier to follow
  the flow.
  qemu/hw/s390x/css.c

For vfio mediated device framework:
- Documentation/vfio-mediated-device.txt

Motivation of vfio-ccw
--

Currently, a guest virtualized via qemu/kvm on s390 only sees
paravirtualized virtio devices via the "Virtio Over Channel I/O
(virtio-ccw)" transport. This makes virtio devices discoverable via
standard operating system algorithms for handling channel devices.

However this is not enough. On s390 for the majority of devices, which
use the standard Channel I/O based mechanism, we also need to provide
the functionality of passing through them to a Qemu virtual machine.
This includes devices that don't have a virtio counterpart (e.g. tape
drives) or that have specific characteristics which guests want to
exploit.

For passing a device to a guest, we want to use the same interface as
everybody else, namely vfio. Thus, we would like to introduce vfio
support for channel devices. And we would like to name this new vfio
device "vfio-ccw".

Access patterns of CCW devices
--

s390 architecture has implemented a so called channel subsystem, that
provides a unified view of the devices physically attached to the
systems. Though the s390 hardware platform knows about a huge variety of
different peripheral attachments like disk devices (aka. DASDs), tapes,
communication controllers, etc. They can all be accessed by a well
defined access method and they are presenting I/O completion a unified
way: I/O interruptions.

All I/O requires the use of channel command words (CCWs). A CCW is an
instruction to a specialized I/O channel processor. A channel program is
a sequence of CCWs which are executed by the I/O channel subsystem.  To
issue a CCW program to the channel subsystem, it is required to build an
operation request block (ORB), which can be used to point out the format
of the CCW and other control information to the system. The operating
system signals the I/O channel subsystem to begin executing the channel
program with a SSCH (start sub-channel) instruction. The central
processor is then free to proceed with non-I/O instructions until
interrupted. The I/O completion result is received by the interrupt
handler in the form of interrupt response block (IRB).

Back to vfio-ccw, in short:
- ORBs and CCW programs are built in guest kernel (with guest physical
  addresses).
- ORBs and CCW programs are passed to the host kernel.
- Host kernel translates the guest physical addresses to real addresses
  and starts the I/O with issuing a privileged Channel I/O instruction
  (e.g SSCH).
- CCW programs run asynchronously on a separate processor.
- I/O completion will be signaled to the host with I/O interruptions.
  And it will be copied as IRB to user space to pass it back to the
  guest.

Physical vfio ccw device and its child mdev
---

As mentioned above, we realize vfio-ccw with a mdev implementation.

Channel I/O does not have IOMMU hardware support, so the physical
vfio-ccw device does not have an IOMMU level translation or isolation.

Sub-channel I/O instructions are all privileged instructions, When
handling the I/O instruction interception, vfio-ccw has the software
policing and translation how the CCW program is programmed before it
gets sent to hardware.

Within this implementation, we have two drivers for two types of
devices:
- The vfio_ccw driver for the physical subchannel device.
 

[Qemu-devel] [PATCH RFC v2 01/15] s390: cio: introduce cio_cancel_halt_clear

[Dong Jia Shi]

For future code reuse purpose, this decouples the cio code with
the ccw device specific parts from ccw_device_cancel_halt_clear,
and makes a new common I/O interface named cio_cancel_halt_clear.

Signed-off-by: Dong Jia Shi 
Reviewed-by: Pierre Morel 
---
 drivers/s390/cio/cio.c| 59 +++
 drivers/s390/cio/cio.h|  1 +
 drivers/s390/cio/device_fsm.c | 54 ++-
 3 files changed, 68 insertions(+), 46 deletions(-)

diff --git a/drivers/s390/cio/cio.c b/drivers/s390/cio/cio.c
index de6fccc..8f86072 100644
--- a/drivers/s390/cio/cio.c
+++ b/drivers/s390/cio/cio.c
@@ -309,6 +309,65 @@ cio_cancel (struct subchannel *sch)
}
 }
 
+/**
+ * cio_cancel_halt_clear - Cancel running I/O by performing cancel, halt
+ * and clear ordinally if subchannel is valid.
+ * @sch: subchannel on which to perform the cancel_halt_clear operation
+ * @iretry: the number of the times remained to retry the next operation
+ *
+ * This should be called repeatedly since halt/clear are asynchronous
+ * operations. We do one try with cio_cancel, two tries with cio_halt,
+ * 255 tries with cio_clear. The caller should initialize @iretry with
+ * the value 255 for its first call to this, and keep using the same
+ * @iretry in the subsequent calls until it gets a non -EBUSY return.
+ *
+ * Returns 0 if device now idle, -ENODEV for device not operational,
+ * -EBUSY if an interrupt is expected (either from halt/clear or from a
+ * status pending), and -EIO if out of retries.
+ */
+int cio_cancel_halt_clear(struct subchannel *sch, int *iretry)
+{
+   int ret;
+
+   if (cio_update_schib(sch))
+   return -ENODEV;
+   if (!sch->schib.pmcw.ena)
+   /* Not operational -> done. */
+   return 0;
+   /* Stage 1: cancel io. */
+   if (!(scsw_actl(>schib.scsw) & SCSW_ACTL_HALT_PEND) &&
+   !(scsw_actl(>schib.scsw) & SCSW_ACTL_CLEAR_PEND)) {
+   if (!scsw_is_tm(>schib.scsw)) {
+   ret = cio_cancel(sch);
+   if (ret != -EINVAL)
+   return ret;
+   }
+   /*
+* Cancel io unsuccessful or not applicable (transport mode).
+* Continue with asynchronous instructions.
+*/
+   *iretry = 3;/* 3 halt retries. */
+   }
+   /* Stage 2: halt io. */
+   if (!(scsw_actl(>schib.scsw) & SCSW_ACTL_CLEAR_PEND)) {
+   if (*iretry) {
+   *iretry -= 1;
+   ret = cio_halt(sch);
+   if (ret != -EBUSY)
+   return (ret == 0) ? -EBUSY : ret;
+   }
+   /* Halt io unsuccessful. */
+   *iretry = 255;  /* 255 clear retries. */
+   }
+   /* Stage 3: clear io. */
+   if (*iretry) {
+   *iretry -= 1;
+   ret = cio_clear(sch);
+   return (ret == 0) ? -EBUSY : ret;
+   }
+   /* Function was unsuccessful */
+   return -EIO;
+}
 
 static void cio_apply_config(struct subchannel *sch, struct schib *schib)
 {
diff --git a/drivers/s390/cio/cio.h b/drivers/s390/cio/cio.h
index f0e57ae..939596d 100644
--- a/drivers/s390/cio/cio.h
+++ b/drivers/s390/cio/cio.h
@@ -123,6 +123,7 @@ extern int cio_enable_subchannel(struct subchannel *, u32);
 extern int cio_disable_subchannel (struct subchannel *);
 extern int cio_cancel (struct subchannel *);
 extern int cio_clear (struct subchannel *);
+extern int cio_cancel_halt_clear(struct subchannel *, int *);
 extern int cio_resume (struct subchannel *);
 extern int cio_halt (struct subchannel *);
 extern int cio_start (struct subchannel *, struct ccw1 *, __u8);
diff --git a/drivers/s390/cio/device_fsm.c b/drivers/s390/cio/device_fsm.c
index 9afb5ce..12016e3 100644
--- a/drivers/s390/cio/device_fsm.c
+++ b/drivers/s390/cio/device_fsm.c
@@ -124,14 +124,6 @@ ccw_device_set_timeout(struct ccw_device *cdev, int 
expires)
add_timer(>private->timer);
 }
 
-/*
- * Cancel running i/o. This is called repeatedly since halt/clear are
- * asynchronous operations. We do one try with cio_cancel, two tries
- * with cio_halt, 255 tries with cio_clear. If everythings fails panic.
- * Returns 0 if device now idle, -ENODEV for device not operational and
- * -EBUSY if an interrupt is expected (either from halt/clear or from a
- * status pending).
- */
 int
 ccw_device_cancel_halt_clear(struct ccw_device *cdev)
 {
@@ -139,44 +131,14 @@ ccw_device_cancel_halt_clear(struct ccw_device *cdev)
int ret;
 
sch = to_subchannel(cdev->dev.parent);
-   if (cio_update_schib(sch))
-   return -ENODEV; 
-   if (!sch->schib.pmcw.ena)
-   /* Not operational -> done. */
-   return 0;
-   /* Stage 1: cancel io. */
-   if (!(scsw_actl(>schib.scsw) & 

Re: [Qemu-devel] [PATCH] Further tidy-up on block status

[Vladimir Sementsov-Ogievskiy]

11.01.2017 22:00, Alex Bligh wrote:

On 11 Jan 2017, at 15:31, Vladimir Sementsov-Ogievskiy 
 wrote:


If an error occurs, the server SHOULD set the appropriate error code in the 
error field of an error chunk. However, if the error does not involve invalid 
usage (such as a request beyond the bounds of the file), a server MAY reply 
with a single block status descriptor with length matching the requested 
length, and status of 0 rather than reporting the error.

- single block status descriptor for each context? Isn't it implementation 
defined? Or we finally decided to force 0 status to be safe default for all 
contexts? If it is so, it would be better to describe this separately. However, 
personally, I'd prefer to not define contexts internal semantics at all.

I think this is Wouter's wording, but I think 'a status appropriate to the 
context' would be better. Each context then needs to define what that is. 
Either that or 'the context's default status' and that should be in the 
definition of the context.



Yes this is better. But is it actually needed to force contexts have 
some safe default? If context wants it may define such default without 
this requirement.. So, should it be requirement at all?



--
Best regards,
Vladimir

[Qemu-devel] [PATCH V1 1/4] target-arm: Add support for PMU register PMSELR_EL0

[Wei Huang]

This patch adds support for AArch64 register PMSELR_EL0. The existing
PMSELR definition is revised accordingly.

Signed-off-by: Wei Huang 
---
 target/arm/cpu.h|  1 +
 target/arm/helper.c | 24 +++-
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index ab119e6..bd80658 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -307,6 +307,7 @@ typedef struct CPUARMState {
 uint32_t c9_pmovsr; /* perf monitor overflow status */
 uint32_t c9_pmxevtyper; /* perf monitor event type */
 uint32_t c9_pmuserenr; /* perf monitor user enable */
+uint32_t c9_pmselr; /* perf monitor counter selection register */
 uint32_t c9_pminten; /* perf monitor interrupt enables */
 union { /* Memory attribute redirection */
 struct {
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 8dcabbf..71adb0f 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -975,6 +975,15 @@ static uint64_t pmccntr_read(CPUARMState *env, const 
ARMCPRegInfo *ri)
 return total_ticks - env->cp15.c15_ccnt;
 }
 
+static void pmselr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+/* only cycle counter selection is supported */
+if (value == 0x1f) {
+env->cp15.c9_pmselr = value;
+}
+}
+
 static void pmccntr_write(CPUARMState *env, const ARMCPRegInfo *ri,
 uint64_t value)
 {
@@ -1194,12 +1203,17 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
 /* Unimplemented so WI. */
 { .name = "PMSWINC", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 4,
   .access = PL0_W, .accessfn = pmreg_access, .type = ARM_CP_NOP },
-/* Since we don't implement any events, writing to PMSELR is UNPREDICTABLE.
- * We choose to RAZ/WI.
- */
 { .name = "PMSELR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 5,
-  .access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0,
-  .accessfn = pmreg_access },
+  .access = PL0_RW, .type = ARM_CP_ALIAS,
+  .fieldoffset = offsetof(CPUARMState, cp15.c9_pmselr),
+  .accessfn = pmreg_access, .writefn = pmselr_write,
+  .raw_writefn = raw_write},
+{ .name = "PMSELR_EL0", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 5,
+  .access = PL0_RW, .accessfn = pmreg_access,
+  .type = ARM_CP_IO,
+  .fieldoffset = offsetof(CPUARMState, cp15.c9_pmselr),
+  .writefn = pmselr_write, .raw_writefn = raw_write, },
 #ifndef CONFIG_USER_ONLY
 { .name = "PMCCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 0,
   .access = PL0_RW, .resetvalue = 0, .type = ARM_CP_IO,
-- 
1.8.3.1

[Qemu-devel] [PATCH V1 0/4] Add vPMU vPMU support under TCG mode

[Wei Huang]

QEMU has implemented cycle count support for guest VM under TCG mode.
But this feature is not complete. In fact using perf inside a
64-bit Linux guest VM (under TCG) can cause the following kernel panic
because some PMU registers are not implemented.

[  329.445970] [] armv8pmu_enable_event+0x58/0x8c
[  329.446713] [] armpmu_start+0x4c/0x74

This patchset solves the problem by adding support for missing vPMU
registers. Basic perf test can work now under TCG by applying this
patchset.

[root@localhost ~]# perf stat ls
 Performance counter stats for 'ls':

226.740256  task-clock (msec) #0.312 CPUs utilized
76  context-switches  #0.335 K/sec
 0  cpu-migrations#0.000 K/sec
64  page-faults   #0.282 K/sec
   186,031,410  cycles#0.820 GHz  (36.40%)
 stalled-cycles-frontend
 stalled-cycles-backend
   instructions   (0.00%)
 branches
   branch-misses  (0.00%)

Thanks,
-Wei

Wei Huang (4):
  target-arm: Add support for PMU register PMSELR_EL0
  target-arm: Add support for AArch64 PMU register PMXEVTYPER_EL0
  target-arm: Add support for PMU register PMINTENSET_EL1
  target-arm: Hook up TCG vPMU with CPU pmu option

 target/arm/cpu.c|  2 +-
 target/arm/cpu.h|  1 +
 target/arm/helper.c | 41 +++--
 3 files changed, 37 insertions(+), 7 deletions(-)

-- 
1.8.3.1

[Qemu-devel] [PATCH V1 2/4] target-arm: Add support for AArch64 PMU register PMXEVTYPER_EL0

[Wei Huang]

In order to support Linux perf, which uses PMXEVTYPER register,
this patch adds access support for PMXEVTYPER_EL0.

Signed-off-by: Wei Huang 
---
 target/arm/helper.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 71adb0f..9044a33 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1233,10 +1233,17 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
   .fieldoffset = offsetof(CPUARMState, cp15.pmccfiltr_el0),
   .resetvalue = 0, },
 { .name = "PMXEVTYPER", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 
1,
-  .access = PL0_RW,
+  .access = PL0_RW, .type = ARM_CP_ALIAS,
   .fieldoffset = offsetof(CPUARMState, cp15.c9_pmxevtyper),
   .accessfn = pmreg_access, .writefn = pmxevtyper_write,
   .raw_writefn = raw_write },
+{ .name = "PMXEVTYPER_EL0", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 13, .opc2 = 1,
+  .access = PL0_RW, .accessfn = pmreg_access,
+  .type = ARM_CP_IO,
+  .fieldoffset = offsetof(CPUARMState, cp15.c9_pmxevtyper),
+  .writefn = pmxevtyper_write, .raw_writefn = raw_write,
+  .resetvalue = 0x0 },
 /* Unimplemented, RAZ/WI. */
 { .name = "PMXEVCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 2,
   .access = PL0_RW, .type = ARM_CP_CONST, .resetvalue = 0,
-- 
1.8.3.1

[Qemu-devel] [PATCH V1 4/4] target-arm: Hook up TCG vPMU with CPU pmu option

[Wei Huang]

Remove the checking of kvm_enabled(). With this, .pmu option can also
control vPMU under TCG mode.

Signed-off-by: Wei Huang 
---
 target/arm/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index f5cb30a..2f87a4b 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -692,7 +692,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 cpu->id_aa64pfr0 &= ~0xf000;
 }
 
-if (!cpu->has_pmu || !kvm_enabled()) {
+if (!cpu->has_pmu) {
 cpu->has_pmu = false;
 unset_feature(env, ARM_FEATURE_PMU);
 }
-- 
1.8.3.1

[Qemu-devel] [PATCH V1 3/4] target-arm: Add support for PMU register PMINTENSET_EL1

[Wei Huang]

This patch adds access support for PMINTENSET_EL1.

Signed-off-by: Wei Huang 
---
 target/arm/helper.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 9044a33..22c66e3 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1261,9 +1261,17 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
   .writefn = pmuserenr_write, .raw_writefn = raw_write },
 { .name = "PMINTENSET", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 
1,
   .access = PL1_RW, .accessfn = access_tpm,
+  .type = ARM_CP_ALIAS,
   .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
   .resetvalue = 0,
   .writefn = pmintenset_write, .raw_writefn = raw_write },
+{ .name = "PMINTENSET_EL1", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 1,
+  .access = PL1_RW, .accessfn = access_tpm,
+  .type = ARM_CP_IO,
+  .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
+  .writefn = pmintenset_write, .raw_writefn = raw_write,
+  .resetvalue = 0x0 },
 { .name = "PMINTENCLR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 
2,
   .access = PL1_RW, .accessfn = access_tpm, .type = ARM_CP_ALIAS,
   .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
-- 
1.8.3.1

Re: [Qemu-devel] vhost-user: fix crash when chardev-remove

[黄淮]

Hi 
I tested  on qemu-2.7.1 release version.


test case:
1. host run ovs-dpdk.  start  vhost-user mode vm
2. chardev-add 
socket,id=char-client-002-2,path=/usr/local/var/run/openvswitch/client-002-2,server=on

netdev_add vhost-user,id=client-002-2, 
,chardev=char-client-002-2,vhostforce=on

device_add 
virtio-net-pci,netdev=client-002-2,mac=00:22:79:29:d2:6c,id=netdev-client-002-2 
   ... wait 10 s
device_del  netdev-client-002-2
netdev_del  client-002-2
chardev-remove char-client-002-2
   
ovs-vsctl del-port  client-002-2
(gdb) bt
#0  0x7f80483265f7 in raise () from /lib64/libc.so.6
#1  0x7f8048327ce8 in abort () from /lib64/libc.so.6
#2  0x7f804831f566 in __assert_fail_base () from /lib64/libc.so.6
#3  0x7f804831f612 in __assert_fail () from /lib64/libc.so.6
#4  0x7f804b729bec in get_vhost_net (nc=) at 
/opt/cloud/contrib/qemu-2.7.1/hw/net/vhost_net.c:415
#5  0x7f804b726f31 in virtio_net_vhost_status (status=0 '\000', 
n=0x7f804db841c0) at /opt/cloud/contrib/qemu-2.7.1/hw/net/virtio-net.c:121
#6  virtio_net_set_status (vdev=, status=) at 
/opt/cloud/contrib/qemu-2.7.1/hw/net/virtio-net.c:224
#7  0x7f804b73ead6 in virtio_set_status (vdev=vdev@entry=0x7f804db841c0, 
val=val@entry=0 '\000') at /opt/cloud/contrib/qemu-2.7.1/hw/virtio/virtio.c:760
#8  0x7f804b8f869c in virtio_ioport_write (val=0, addr=18, 
opaque=0x7f804db7be80) at hw/virtio/virtio-pci.c:400
#9  virtio_pci_config_write (opaque=0x7f804db7be80, addr=18, val=0, 
size=) at hw/virtio/virtio-pci.c:525
#10 0x7f804b6fa0db in memory_region_write_accessor (mr=0x7f804db7c710, 
addr=18, value=, size=1, shift=, mask=, attrs=...)
at /opt/cloud/contrib/qemu-2.7.1/memory.c:525
#11 0x7f804b6f8079 in access_with_adjusted_size (addr=addr@entry=18, 
value=value@entry=0x7f7ffeffc958, size=size@entry=1, access_size_min=,
access_size_max=, access=access@entry=0x7f804b6fa060 
, mr=mr@entry=0x7f804db7c710, 
attrs=attrs@entry=...)
at /opt/cloud/contrib/qemu-2.7.1/memory.c:591
#12 0x7f804b6fc6f5 in memory_region_dispatch_write 
(mr=mr@entry=0x7f804db7c710, addr=addr@entry=18, data=0, size=size@entry=1, 
attrs=attrs@entry=...)
at /opt/cloud/contrib/qemu-2.7.1/memory.c:1327
#13 0x7f804b6b93bb in address_space_write_continue (mr=0x7f804db7c710, l=1, 
addr1=18, len=1, buf=0x7f804b4bc000 , 
attrs=..., addr=4114,
as=0x7f804bfaa3e0 ) at 
/opt/cloud/contrib/qemu-2.7.1/exec.c:2556
#14 address_space_write (as=, addr=, attrs=..., 
buf=, len=) at 
/opt/cloud/contrib/qemu-2.7.1/exec.c:2601
#15 0x7f804b6b9a3d in address_space_rw (as=, 
addr=addr@entry=4114, attrs=..., attrs@entry=..., buf=, 
len=len@entry=1, is_write=is_write@entry=true)
at /opt/cloud/contrib/qemu-2.7.1/exec.c:2703
#16 0x7f804b6f6fd5 in kvm_handle_io (count=1, size=1, direction=, data=, attrs=..., port=4114) at 
/opt/cloud/contrib/qemu-2.7.1/kvm-all.c:1791
#17 kvm_cpu_exec (cpu=cpu@entry=0x7f804d8d1de0) at 
/opt/cloud/contrib/qemu-2.7.1/kvm-all.c:1955
#18 0x7f804b6e4e76 in qemu_kvm_cpu_thread_fn (arg=0x7f804d8d1de0) at 
/opt/cloud/contrib/qemu-2.7.1/cpus.c:1078
#19 0x7f80486b9dc5 in start_thread () from /lib64/libpthread.so.0
#20 0x7f80483e728d in clone () from /lib64/libc.so.6


After fix this:
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index f2d49ad..4037cf4 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -412,7 +412,6 @@ VHostNetState *get_vhost_net(NetClientState *nc)
 break;
 case NET_CLIENT_DRIVER_VHOST_USER:
 vhost_net = vhost_user_get_vhost_net(nc);
-assert(vhost_net);


(gdb) bt
#0  qemu_chr_disconnect (chr=0x0) at qemu-char.c:4081
#1  0x7fdb4f538cf0 in net_vhost_user_watch (chan=, 
cond=, opaque=) at net/vhost-user.c:195
#2  0x7fdb4cd617aa in g_main_context_dispatch () from 
/lib64/libglib-2.0.so.0
#3  0x7fdb4f5798f0 in glib_pollfds_poll () at main-loop.c:213
#4  os_host_main_loop_wait (timeout=) at main-loop.c:258
#5  main_loop_wait (nonblocking=) at main-loop.c:506
#6  0x7fdb4f2dbfa7 in main_loop () at vl.c:1909
#7  main (argc=, argv=, envp=) at 
vl.c:4618




I think it`s because vhost-user client mode ,  2.7+ version new 
function(reconnect).   After qemu char-remove, the watch fd process didn`t 
stop. When ovs-dpdk remove port  and close watch fd,  qemu crashed.


Thanks
Huanghuai  



At 2017-01-11 23:02:26, "Marc-André Lureau"  wrote:

Hi



On Wed, Jan 11, 2017 at 3:32 PM 黄淮  wrote:

From: Huai Huang





Could you describe a bit more the crash and provide a backtrace?

 
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index f2d49ad..4037cf4 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -412,7 +412,6 @@ VHostNetState *get_vhost_net(NetClientState *nc)
 break;
 case NET_CLIENT_DRIVER_VHOST_USER:
 vhost_net = vhost_user_get_vhost_net(nc);
-assert(vhost_net);



This was recently added, in commit 

Re: [Qemu-devel] [PATCH v2 2/2] memory: hmp: dump flat view for 'info mtree'

[Peter Xu]

On Wed, Jan 11, 2017 at 06:13:11PM +0100, Paolo Bonzini wrote:
> 
> 
> On 21/12/2016 08:58, Peter Xu wrote:
> > Dumping flat view will be useful to debug the memory rendering logic,
> > also it'll be much easier with it to know what memory region is handling
> > what address range.
> > 
> > Signed-off-by: Peter Xu 
> 
> This is useful, but dumping both makes the output very long.  What about
> adding a -f option to "info mtree"?

Sure. :)

After I confirm how I should improve on the first patch, I'll cook
another version for the series with "-f".

Thanks,

-- peterx

Re: [Qemu-devel] [PATCH v2 1/2] memory: provide common macros for mtree_print_mr()

[Peter Xu]

On Wed, Jan 11, 2017 at 06:21:46PM +0100, Paolo Bonzini wrote:
> 
> 
> On 21/12/2016 08:58, Peter Xu wrote:
> > -   mr->romd_mode ? 'R' : '-',
> > -   !mr->readonly && !(mr->rom_device && mr->romd_mode) ? 
> > 'W'
> > -   : 
> > '-',
> > +   MR_CHAR_RD(mr),
> > +   MR_CHAR_WR(mr),
> 
> An alternative definition could be
> 
>   memory_access_is_direct(mr, false) ? 'R' : '-'
>   memory_access_is_direct(mr, true) ? 'W' : '-'
> 
> for MR_CHAR_RD and MR_CHAR_WR.  With this change, I think the small code
> duplication in the "? :" operator is tolerable and the code is clearer.

memory_access_is_direct() will check against whether mr is RAM, is
that what we want here? In that case we'll get most of the regions as
"--" as long as they are not RAM, while in fact IMHO we should want to
know the rw permission for all cases.

How about I add one more patch at the beginning to provide some more
memory_region_is_*() helpers (meanwhile refactor
memory_access_is_direct() a bit), like:

8<
diff --git a/include/exec/memory.h b/include/exec/memory.h
index bec9756..50974c8 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -1619,14 +1619,27 @@ MemTxResult address_space_read_full(AddressSpace *as, 
hwaddr addr,
 MemTxAttrs attrs, uint8_t *buf, int len);
 void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr);

+static inline bool memory_region_is_readable(MemoryRegion *mr)
+{
+return mr->rom_device ? mr->romd_mode : true;
+}
+
+static inline bool memory_region_is_writable(MemoryRegion *mr)
+{
+return !mr->rom_device && !mr->readonly;
+}
+
+static inline bool memory_region_is_direct(MemoryRegion *mr)
+{
+return memory_region_is_ram(mr) && !memory_region_is_ram_device(mr);
+}
+
 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
 {
 if (is_write) {
-return memory_region_is_ram(mr) &&
-   !mr->readonly && !memory_region_is_ram_device(mr);
+return memory_region_is_direct(mr) && memory_region_is_writable(mr);
 } else {
-return (memory_region_is_ram(mr) && !memory_region_is_ram_device(mr)) 
||
-   memory_region_is_romd(mr);
+return memory_region_is_direct(mr) && memory_region_is_readable(mr);
 }
 }
>8

Then, I can throw away MR_CHAR_* macros and use:

memory_access_is_readable(mr, false) ? 'R' : '-'
memory_access_is_writable(mr, true) ? 'W' : '-'

Do you like this approach?

-- peterx

Re: [Qemu-devel] [PATCH 00/11] POWER9 TCG enablements - part11

[David Gibson]

On Tue, Jan 10, 2017 at 02:20:32PM +0530, Nikunj A Dadhania wrote:
> This series contains 10 new instructions for POWER9 ISA3.0
> VSX Scalar Insert Exponent
> VSX Vector Insert Exponent
> VSX Vector Extract Exponent/Significand
> VSX Scalar Truncate & Convert Quad-Precision
> Couple of fixes
> 
> Bharata B Rao (2):
>   softfloat: Fix the default qNAN for target-ppc
>   target-ppc: Add xscvqps[d,w]z instructions
> 
> Nikunj A Dadhania (9):
>   target-ppc: xscvqpdp zero VSR
>   target-ppc: Add xsiexpdp instruction
>   target-ppc: Add xsiexpqp instruction
>   target-ppc: Add xviexpsp instruction
>   target-ppc: Add xviexpdp instruction
>   target-ppc: Add xvxexpsp instruction
>   target-ppc: Add xvxexpdp instruction
>   target-ppc: Add xvxsigsp instruction
>   target-ppc: Add xvxsigdp instruction
> 
>  fpu/softfloat-specialize.h  |   2 +-
>  target/ppc/fpu_helper.c |  62 -
>  target/ppc/helper.h |   3 +
>  target/ppc/translate/vsx-impl.inc.c | 172 
> 
>  target/ppc/translate/vsx-ops.inc.c  |  11 +++
>  5 files changed, 248 insertions(+), 2 deletions(-)

I've now applied the remainder of this series to ppc-for-2.9.


-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH qemu 2/2] spapr_pci: Advertise 16M IOMMU pages when available

[David Gibson]

On Mon, Jan 09, 2017 at 01:06:03PM +1100, Alexey Kardashevskiy wrote:
> On 03/01/17 10:41, David Gibson wrote:
> > On Thu, Dec 22, 2016 at 04:22:12PM +1100, Alexey Kardashevskiy wrote:
> >> On sPAPR, IOMMU page size varies and if QEMU is running with RAM
> >> backed with hugepages, we can advertise this to the guest so does
> >> this patch.
> >>
> >> Signed-off-by: Alexey Kardashevskiy 
> >> ---
> >>  hw/ppc/spapr_pci.c | 3 +++
> >>  1 file changed, 3 insertions(+)
> >>
> >> diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
> >> index fd6fc1d953..09244056fc 100644
> >> --- a/hw/ppc/spapr_pci.c
> >> +++ b/hw/ppc/spapr_pci.c
> >> @@ -1505,6 +1505,9 @@ static void spapr_phb_realize(DeviceState *dev, 
> >> Error **errp)
> >>  }
> >>  
> >>  /* DMA setup */
> >> +/* This allows huge pages for IOMMU when guest is backed with huge 
> >> pages */
> >> +sphb->page_size_mask |= qemu_getrampagesize();
> > 
> > This doesn't look right - you're unconditionally enabling the host ram
> > page size, regardless of anything else.  Instead the backing page size
> > should be used to filter out those sizes which are possible from the
> > list of those supported by the guest hardware.  This patch will give
> > particularly odd results if you ran it on x86 with hugepages for
> > example: it would advertise a 2M IOMMU page size, which could never
> > exist on native POWER.
> 
> Ok, I'll filter 16M out if passed to PHB and not supported by the host.
> 
> 
> > Except... come to think of it, why is the backing RAM page size
> > relevant at all? 
> 
> Because this is just an optimization/acceleration and I'd think the user
> wants to know if it is actually accelerated or not. If I always allow 16M
> pages, and QEMU is not backed with hugepages, then all H_PUT_TCE will go
> via slow path and consume as much memory for TCE as without hugepages, and
> it will only be visible to the user if TCE-tracepoints are enabled.

Hm, ok, fair enough.

> > Or rather.. I think VFIO should be able to cope with
> > any guest IOMMU page size which is larger than the host ram page size
> 
> It could, I just do not see much benefit in it. pseries guest can negotiate
> 4k, 64k, 16m pages and this seems to cover everything we want, why would we
> want to emulate IOMMU page size?

Just for testing or debugging, I suppose.

> 
> > (although if it's much larger it could get expensive in the host
> > tables).  This case would already be routine for ppc64 on x86, where
> > the guest IOMMU page size is 64kiB, but the host page size is 4 kiB.
> 
> 
> 
> 




-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 03/11] target-ppc: Add xsiexpdp instruction

[David Gibson]

On Thu, Jan 12, 2017 at 10:23:22AM +0530, Nikunj A Dadhania wrote:
> David Gibson  writes:
> 
> > [ Unknown signature status ]
> > On Tue, Jan 10, 2017 at 02:20:35PM +0530, Nikunj A Dadhania wrote:
> >> xsiexpdp: VSX Scalar Insert Exponent Double Precision
> >> 
> >> Signed-off-by: Nikunj A Dadhania 
> >> ---
> >>  target/ppc/translate/vsx-impl.inc.c | 20 
> >>  target/ppc/translate/vsx-ops.inc.c  |  1 +
> >>  2 files changed, 21 insertions(+)
> >> 
> >> diff --git a/target/ppc/translate/vsx-impl.inc.c 
> >> b/target/ppc/translate/vsx-impl.inc.c
> >> index 2d9fe50..2d09225 100644
> >> --- a/target/ppc/translate/vsx-impl.inc.c
> >> +++ b/target/ppc/translate/vsx-impl.inc.c
> >> @@ -1243,6 +1243,26 @@ static void gen_xsxexpqp(DisasContext *ctx)
> >>  tcg_gen_movi_i64(xtl, 0);
> >>  }
> >>  
> >> +static void gen_xsiexpdp(DisasContext *ctx)
> >> +{
> >> +TCGv_i64 xth = cpu_vsrh(xT(ctx->opcode));
> >> +TCGv ra = cpu_gpr[rA(ctx->opcode)];
> >> +TCGv rb = cpu_gpr[rB(ctx->opcode)];
> >> +TCGv_i64 t0;
> >> +
> >> +if (unlikely(!ctx->vsx_enabled)) {
> >> +gen_exception(ctx, POWERPC_EXCP_VSXU);
> >> +return;
> >> +}
> >> +t0 = tcg_temp_new_i64();
> >> +tcg_gen_andi_i64(xth, ra, 0x800F);
> >> +tcg_gen_andi_i64(t0, rb, 0x7FF);
> >> +tcg_gen_shli_i64(t0, t0, 52);
> >> +tcg_gen_or_i64(xth, xth, t0);
> >> +/* dword[1] is undefined */
> >
> > According to the ISA doc I have, dword[1] is set to 0 rather than
> > being undefined.
> 
> Referring to xsiexpdp on page 570:
> 
> "The contents of doubleword element 1 of VSR[XT] are
> undefined."
> 
> The revision that I have is dated November 30, 2015

Ah, sorry.  I think I just misread all those "U"s in the pseudo-code
as "0"s.  I'll blame the fact I'm using the little laptop screen,
since I've left my home office to escape the heat.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 03/11] target-ppc: Add xsiexpdp instruction

[Nikunj A Dadhania]

David Gibson  writes:

> [ Unknown signature status ]
> On Tue, Jan 10, 2017 at 02:20:35PM +0530, Nikunj A Dadhania wrote:
>> xsiexpdp: VSX Scalar Insert Exponent Double Precision
>> 
>> Signed-off-by: Nikunj A Dadhania 
>> ---
>>  target/ppc/translate/vsx-impl.inc.c | 20 
>>  target/ppc/translate/vsx-ops.inc.c  |  1 +
>>  2 files changed, 21 insertions(+)
>> 
>> diff --git a/target/ppc/translate/vsx-impl.inc.c 
>> b/target/ppc/translate/vsx-impl.inc.c
>> index 2d9fe50..2d09225 100644
>> --- a/target/ppc/translate/vsx-impl.inc.c
>> +++ b/target/ppc/translate/vsx-impl.inc.c
>> @@ -1243,6 +1243,26 @@ static void gen_xsxexpqp(DisasContext *ctx)
>>  tcg_gen_movi_i64(xtl, 0);
>>  }
>>  
>> +static void gen_xsiexpdp(DisasContext *ctx)
>> +{
>> +TCGv_i64 xth = cpu_vsrh(xT(ctx->opcode));
>> +TCGv ra = cpu_gpr[rA(ctx->opcode)];
>> +TCGv rb = cpu_gpr[rB(ctx->opcode)];
>> +TCGv_i64 t0;
>> +
>> +if (unlikely(!ctx->vsx_enabled)) {
>> +gen_exception(ctx, POWERPC_EXCP_VSXU);
>> +return;
>> +}
>> +t0 = tcg_temp_new_i64();
>> +tcg_gen_andi_i64(xth, ra, 0x800F);
>> +tcg_gen_andi_i64(t0, rb, 0x7FF);
>> +tcg_gen_shli_i64(t0, t0, 52);
>> +tcg_gen_or_i64(xth, xth, t0);
>> +/* dword[1] is undefined */
>
> According to the ISA doc I have, dword[1] is set to 0 rather than
> being undefined.

Referring to xsiexpdp on page 570:

"The contents of doubleword element 1 of VSR[XT] are
undefined."

The revision that I have is dated November 30, 2015

Regards,
Nikunj

Re: [Qemu-devel] [PATCH] linux-user: Use *at functions instead of caching interp_prefix contents

[no-reply]

Hi,

Your series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20170112040534.15179-1-...@twiddle.net
Subject: [Qemu-devel] [PATCH] linux-user: Use *at functions instead of caching 
interp_prefix contents

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] patchew/20170112040534.15179-1-...@twiddle.net -> 
patchew/20170112040534.15179-1-...@twiddle.net
Switched to a new branch 'test'
b5d6d07 linux-user: Use *at functions instead of caching interp_prefix contents

=== OUTPUT BEGIN ===
Checking PATCH 1/1: linux-user: Use *at functions instead of caching 
interp_prefix contents...
ERROR: do not use assignment in if condition
#135: FILE: linux-user/syscall.c:8085:
+if (!(fn = lock_user_string(arg2)))

ERROR: braces {} are necessary for all arms of this statement
#135: FILE: linux-user/syscall.c:8085:
+if (!(fn = lock_user_string(arg2)))
[...]

ERROR: do not use assignment in if condition
#160: FILE: linux-user/syscall.c:8113:
+if (!(fn = lock_user_string(arg1))) {

ERROR: do not use assignment in if condition
#183: FILE: linux-user/syscall.c:8133:
+if (!(fn = lock_user_string(arg2))) {

ERROR: do not use assignment in if condition
#315: FILE: linux-user/syscall.c:9513:
+if (!(fn = lock_user_string(arg1))) {

ERROR: do not use assignment in if condition
#338: FILE: linux-user/syscall.c:9533:
+if (!(fn = lock_user_string(arg1))) {

ERROR: do not use assignment in if condition
#364: FILE: linux-user/syscall.c:10621:
+if (!(fn = lock_user_string(arg1))) {

ERROR: do not use assignment in if condition
#389: FILE: linux-user/syscall.c:10643:
+if (!(fn = lock_user_string(arg1))) {

ERROR: do not use assignment in if condition
#415: FILE: linux-user/syscall.c:10677:
+if (!(fn = lock_user_string(arg2)))

ERROR: braces {} are necessary for all arms of this statement
#415: FILE: linux-user/syscall.c:10677:
+if (!(fn = lock_user_string(arg2)))
[...]

ERROR: do not use assignment in if condition
#439: FILE: linux-user/syscall.c:11673:
+if (!(fn = lock_user_string(arg2))) {

total: 11 errors, 0 warnings, 427 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [PULL 00/30] target-sparc sun4v support

[no-reply]

Hi,

Your series seems to have some coding style problems. See output below for
more information:

Type: series
Subject: [Qemu-devel] [PULL 00/30] target-sparc sun4v support
Message-id: 20170112025606.27332-1-...@twiddle.net

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] patchew/20170112025606.27332-1-...@twiddle.net -> 
patchew/20170112025606.27332-1-...@twiddle.net
Switched to a new branch 'test'
7d3cf9d target-sparc: fix up niagara machine
abfad1a target-sparc: move common cpu initialisation routines to sparc64.c
57333d8 target-sparc: implement sun4v RTC
f8e7d50 target-sparc: add ST_BLKINIT_ ASIs for UA2005+ CPUs
32937ab target-sparc: store the UA2005 entries in sun4u format
eca6f23 target-sparc: implement UA2005 ASI_MMU (0x21)
ef03814 target-sparc: add more registers to dump_mmu
98cdf38 target-sparc: implement auto-demapping for UA2005 CPUs
7c98335 target-sparc: allow 256M sized pages
a4e5910 target-sparc: simplify ultrasparc_tsb_pointer
7a5e769 target-sparc: implement UA2005 TSB Pointers
f71d452 target-sparc: use SparcV9MMU type for sparc64 I/D-MMUs
9fcaf5d target-sparc: replace the last tlb entry when no free entries left
d55eadf target-sparc: ignore writes to UA2005 CPU mondo queue register
76921c1 target-sparc: allow priveleged ASIs in hyperprivileged mode
2458c87 target-sparc: use direct address translation in hyperprivileged mode
bdbbc43 target-sparc: fix immediate UA2005 traps
cbf8ac9 target-sparc: implement UA2005 rdhpstate and wrhpstate instructions
0b34856 target-sparc: implement UA2005 GL register
e7061b6 target-sparc: implement UA2005 hypervisor traps
53f02e5 target-sparc: hypervisor mode takes over nucleus mode
7cda3fa target-sparc: implement UltraSPARC-T1 Strand status ASR
eb1f484 target-sparc: implement UA2005 scratchpad registers
64665df target-sparc: simplify replace_tlb_entry by using TTE_PGSIZE
ab350d2 target-sparc: on UA2005 don't deliver Interrupt_level_n IRQs in 
hypervisor mode
1e66c22 target-sparc: add UltraSPARC T1 TLB #defines
3c44177 target-sparc: add UA2005 TTE bit #defines
6fab442 target-sparc: use explicit mmu register pointers
c8d2b8a target-sparc: store cpu super- and hypervisor flags in TB
8db73e2 target-sparc: ignore MMU-faults if MMU is disabled in hypervisor mode

=== OUTPUT BEGIN ===
Checking PATCH 1/30: target-sparc: ignore MMU-faults if MMU is disabled in 
hypervisor mode...
Checking PATCH 2/30: target-sparc: store cpu super- and hypervisor flags in 
TB...
Checking PATCH 3/30: target-sparc: use explicit mmu register pointers...
Checking PATCH 4/30: target-sparc: add UA2005 TTE bit #defines...
Checking PATCH 5/30: target-sparc: add UltraSPARC T1 TLB #defines...
Checking PATCH 6/30: target-sparc: on UA2005 don't deliver Interrupt_level_n 
IRQs in hypervisor mode...
Checking PATCH 7/30: target-sparc: simplify replace_tlb_entry by using 
TTE_PGSIZE...
Checking PATCH 8/30: target-sparc: implement UA2005 scratchpad registers...
ERROR: code indent should never use tabs
#19: FILE: target/sparc/asi.h:214:
+#define ASI_HYP_SCRATCHPAD^I0x4f /* (4V) Hypervisor scratchpad^I*/$

total: 1 errors, 0 warnings, 50 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 9/30: target-sparc: implement UltraSPARC-T1 Strand status ASR...
Checking PATCH 10/30: target-sparc: hypervisor mode takes over nucleus mode...
Checking PATCH 11/30: target-sparc: implement UA2005 hypervisor traps...
Checking PATCH 12/30: target-sparc: implement UA2005 GL register...
Checking PATCH 13/30: target-sparc: implement UA2005 rdhpstate and wrhpstate 
instructions...
Checking PATCH 14/30: target-sparc: fix immediate UA2005 traps...
Checking PATCH 15/30: target-sparc: use direct address translation in 
hyperprivileged mode...
Checking PATCH 16/30: target-sparc: allow priveleged ASIs in hyperprivileged 
mode...
Checking PATCH 17/30: target-sparc: ignore writes to UA2005 CPU mondo queue 
register...
Checking PATCH 18/30: target-sparc: replace the last tlb entry when no free 
entries left...
Checking PATCH 19/30: target-sparc: use SparcV9MMU type for sparc64 I/D-MMUs...
Checking PATCH 20/30: target-sparc: implement UA2005 TSB Pointers...
Checking PATCH 21/30: target-sparc: simplify ultrasparc_tsb_pointer...
Checking PATCH 22/30: target-sparc: allow 256M sized pages...
Checking PATCH 23/30: target-sparc: 

Re: [Qemu-devel] [PULL 00/67] ppc-for-2.9 queue 20170112

[no-reply]

Hi,

Your series seems to have some coding style problems. See output below for
more information:

Message-id: 20170112020327.24882-1-da...@gibson.dropbear.id.au
Subject: [Qemu-devel] [PULL 00/67] ppc-for-2.9 queue 20170112
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] patchew/20170112020327.24882-1-da...@gibson.dropbear.id.au 
-> patchew/20170112020327.24882-1-da...@gibson.dropbear.id.au
Switched to a new branch 'test'
72585bd ppc: Fix a warning in bcdcfz code and improve BCD_DIG_BYTE macro
2db2c7b ppc: Prevent inifnite loop in decrementer auto-reload.
620e113 target-ppc: Add xscvqpdp instruction
092a884 target-ppc: Add xscvdpqp instruction
ff57624 target-ppc: Add xsaddqp instructions
27c5216 ppc: Add ppc_set_compat_all()
1481a0b pseries: Rewrite CAS PVR compatibility logic
e2a29af pxb: Restrict to x86
4b3013a target-ppc: Add xsxsigqp instructions
9fdc3d2 target-ppc: Add xsxsigdp instruction
f43d3fc target-ppc: Add xsxexpqp instruction
a239c30 target-ppc: Add xsxexpdp instruction
c29777c target-ppc: Use correct precision for FPRF setting
6ae9a4d target-ppc: Add xscvdphp, xscvhpdp
72d1eef target-ppc: Rename helper_compute_fprf to helper_compute_fprf_float64
748d789 target-ppc: Replace isden by float64_is_zero_or_denormal
82a197b target-ppc: Use float64 arg in helper_compute_fprf()
7156ebc prep: add IBM RS/6000 7020 (40p) machine emulation
afcb4bf prep: add IBM RS/6000 7020 (40p) memory controller
2fbd7b6 prep: add PReP System I/O
93cbe64 target-ppc: Add xxinsertw instruction
d70075c target-ppc: Add xxextractuw instruction
6290487 hw/ppc: QOM'ify spapr_vio.c
33ef5a9 hw/ppc: QOM'ify ppce500_spin.c
3fd3d44 hw/ppc: QOM'ify e500.c
239e417 hw/gpio: QOM'ify mpc8xxx.c
fbb187d qtest: add ivshmem-test for ppc64
15bb7c6 qtest: convert ivshmem-test to use libqos
40c9b58 libqos: fix spapr qpci_map()
b9b8246 qtest: add display-vga-test to ppc64
27bc180 qtest: add netfilter tests for ppc64
1ecf0e2 ppc: Validate compatibility modes when setting
2beabb6 ppc: Rewrite ppc_get_compat_smt_threads()
1f92c8b ppc: Rewrite ppc_set_compat()
7d7782d pseries: Add pseries-2.9 machine type
e905225 prep: do not use global variable to access nvram
f6ae8b9 hw/ppc/spapr: Fix boot path of usb-host storage devices
c2b60cf target-ppc: implement stxvll instructions
bd2f88a target-ppc: implement stxvl instruction
48a6ca2 target-ppc: implement lxvll instruction
3e7c1ff target-ppc: implement lxvl instruction
8c54325 target-ppc: Add xxperm and xxpermr instructions
70967fc target-ppc: implement xscpsgnqp instruction
89c0d8a target-ppc: implement xsnegqp instruction
fa5d29c target-ppc: Implement bcd_is_valid function
8c85203 target-ppc: implement xsabsqp/xsnabsqp instruction
823dce4 target-ppc: implement stop instruction
9d6502e target-ppc: move ppc_vsr_t to common header
ca7c6dc ppc/spapr: implement H_SIGNAL_SYS_RESET
d603b4e ppc: Rename cpu_version to compat_pvr
1873da5 ppc: Clean up and QOMify hypercall emulation
8183386 pseries: Make cpu_update during CAS unconditional
4cea010 pseries: Always use core objects for CPU construction
67a7a7d target-ppc: add vextu[bhw][lr]x instructions
d44501d target-ppc: Implement bcdsetsgn. instruction
fd0ab44 target-ppc: Implement bcdcpsgn. instruction
661615a target-ppc: Implement bcdctsq. instruction
f5eb3b3 target-ppc: Implement bcdcfsq. instruction
66ee361 target-ppc: implement lxv/lxvx and stxv/stxvx
c1a9d68 target-ppc: implement stxsd and stxssp
de3a632 target-ppc: implement lxsd and lxssp instructions
6aebf4c target-ppc: Add xscmpoqp and xscmpuqp instructions
53a4ac8 target-ppc: Add xscmpexp[dp, qp] instructions
b6e5abb target-ppc: Fix xscmpodp and xscmpudp instructions
fa4be48 target-ppc: rename CRF_* defines as CRF_*_BIT
8b01963 target-ppc: Consolidate instruction decode helpers
340c202 disas/ppc: Fix indefinite articles in comments

=== OUTPUT BEGIN ===
Checking PATCH 1/67: disas/ppc: Fix indefinite articles in comments...
Checking PATCH 2/67: target-ppc: Consolidate instruction decode helpers...
Checking PATCH 3/67: target-ppc: rename CRF_* defines as CRF_*_BIT...
Checking PATCH 4/67: target-ppc: Fix xscmpodp and xscmpudp instructions...
Checking PATCH 5/67: target-ppc: Add xscmpexp[dp, qp] instructions...
Checking PATCH 6/67: target-ppc: Add xscmpoqp and xscmpuqp instructions...
Checking PATCH 7/67: target-ppc: implement lxsd and lxssp instructions...
Checking PATCH 8/67: target-ppc: implement stxsd and 

[Qemu-devel] [kvm-unit-tests PATCH v6 3/3] run_tests: allow run tests in parallel

[Peter Xu]

run_task.sh is getting slow. This patch is trying to make it faster by
running the tests concurrently.

We provide a new parameter "-j" for the run_tests.sh, which can be used
to specify how many run queues we want for the tests. Default queue
length is 1, which is the old behavior.

Quick test on my laptop (4 cores, 2 threads each) shows 3x speed boost:

   |-+---|
   | command | time used |
   |-+---|
   | run_test.sh | 75s   |
   | run_test.sh -j8 | 27s   |
   |-+---|

Signed-off-by: Peter Xu 
---
 run_tests.sh| 12 ++--
 scripts/common.bash | 16 +++-
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/run_tests.sh b/run_tests.sh
index afd3d95..4d57ff9 100755
--- a/run_tests.sh
+++ b/run_tests.sh
@@ -13,10 +13,11 @@ function usage()
 {
 cat <

Re: [Qemu-devel] [PATCH v5 0/7] POWER9 TCG enablements - BCD functions - final part

[David Gibson]

On Tue, Jan 10, 2017 at 12:10:07AM -0200, Jose Ricardo Ziviani wrote:
> v5:
>  - removes 'unlikely' gcc branch pred. hints from not unlikely places
>  - adds comments in host-utils functions
>  - adds more test cases for shift functions
>  - handles "shift backwards" with signed shifts
>  - rebases branch
> 
> v4:
>  - improves functions to behave exactly like the target
> 
> v3:
>  - moves shift functions to host-utils.c and added config_int128 guard
>  - changes Makefile to always compile host-utils.c
>  - redesigns bcd[u]trunc to use bitwise operations
>  - removes "target-ppc: Implement bcd_is_valid function" (merged)
> 
> v2:
>  - bcd[s,sr,us] uses 1 byte for shifting instead of 4 bytes
>  - left/right functions in host-utils are out of CONFIG_INT128
>  - fixes overflowing issue in left shift and added a testcase
> 
> This serie contains 5 new instructions for POWER9 ISA3.0, left/right shifts 
> for 
> unsigned quadwords and a small improvement to check whether a bcd value is 
> valid or not.

Patches 1-5 applied to ppc-for-2.9, remainder left with a suggestion
for improvement.

> 
> bcds.: Decimal signed shift
> bcdus.: Decimal unsigned shift
> bcdsr.: Decimal shift and round
> bcdtrunc.: Decimal signed trucate
> bcdutrunc.: Decimal unsigned truncate
> 
> Jose Ricardo Ziviani (7):
>   host-utils: Move 128-bit guard macro to .c file
>   host-utils: Implement unsigned quadword left/right shift and unit
> tests
>   ppc: Implement bcds. instruction
>   ppc: Implement bcdus. instruction
>   ppc: Implement bcdsr. instruction
>   ppc: Implement bcdtrunc. instruction
>   ppc: Implement bcdutrunc. instruction
> 
>  include/qemu/host-utils.h   |  27 +
>  target/ppc/helper.h |   5 +
>  target/ppc/int_helper.c | 217 
> 
>  target/ppc/translate/vmx-impl.inc.c |  16 +++
>  target/ppc/translate/vmx-ops.inc.c  |  13 ++-
>  tests/Makefile.include  |   5 +-
>  tests/test-shift128.c   | 139 +++
>  util/Makefile.objs  |   2 +-
>  util/host-utils.c   |  66 +++
>  9 files changed, 483 insertions(+), 7 deletions(-)
>  create mode 100644 tests/test-shift128.c
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] Question about io mode & cache mode

[morgenlette madeBy]

Hello.

I sent mail for question about io mode and cache mode.

When I set VM to I/O mode = native and cache mode = none,

Vm cannot boot and vm is turn off automatically.

Why cannot VM boot?

[Qemu-devel] [kvm-unit-tests PATCH v6 2/3] run_tests: put logs into per-test file

[Peter Xu]

We were using test.log before to keep all the test logs. This patch
creates one log file per test case under logs/ directory with name
"TESTNAME.log". Meanwhile, we will keep the last time log into
logs.old/.

Renaming scripts/functions.bash into scripts/common.bash to store some
more global variables.

Signed-off-by: Peter Xu 
---
 .gitignore  |  3 ++-
 Makefile|  5 ++---
 run_tests.sh| 19 ---
 scripts/{functions.bash => common.bash} | 13 +++--
 scripts/mkstandalone.sh |  2 +-
 5 files changed, 28 insertions(+), 14 deletions(-)
 rename scripts/{functions.bash => common.bash} (75%)

diff --git a/.gitignore b/.gitignore
index 3155418..2213b9b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,7 +12,8 @@ cscope.*
 /lib/asm
 /config.mak
 /*-run
-/test.log
 /msr.out
 /tests
 /build-head
+/logs/
+/logs.old/
diff --git a/Makefile b/Makefile
index a32333b..844bacc 100644
--- a/Makefile
+++ b/Makefile
@@ -94,9 +94,8 @@ libfdt_clean:
$(LIBFDT_objdir)/.*.d
 
 distclean: clean libfdt_clean
-   $(RM) lib/asm config.mak $(TEST_DIR)-run test.log msr.out cscope.* \
- build-head
-   $(RM) -r tests
+   $(RM) lib/asm config.mak $(TEST_DIR)-run msr.out cscope.* build-head
+   $(RM) -r tests logs logs.old
 
 cscope: cscope_dirs = lib lib/libfdt lib/linux $(TEST_DIR) $(ARCH_LIBDIRS) 
lib/asm-generic
 cscope:
diff --git a/run_tests.sh b/run_tests.sh
index 2cfa365..afd3d95 100755
--- a/run_tests.sh
+++ b/run_tests.sh
@@ -7,7 +7,7 @@ if [ ! -f config.mak ]; then
 exit 1
 fi
 source config.mak
-source scripts/functions.bash
+source scripts/common.bash
 
 function usage()
 {
@@ -46,17 +46,22 @@ while getopts "g:hv" opt; do
 esac
 done
 
-RUNTIME_log_stderr () { cat >> test.log; }
+# RUNTIME_log_file will be configured later
+RUNTIME_log_stderr () { cat >> $RUNTIME_log_file; }
 RUNTIME_log_stdout () {
 if [ "$PRETTY_PRINT_STACKS" = "yes" ]; then
-./scripts/pretty_print_stacks.py $1 >> test.log
+./scripts/pretty_print_stacks.py $1 >> $RUNTIME_log_file
 else
-cat >> test.log
+cat >> $RUNTIME_log_file
 fi
 }
 
-
 config=$TEST_DIR/unittests.cfg
-rm -f test.log
-printf "BUILD_HEAD=$(cat build-head)\n\n" > test.log
+
+rm -rf $unittest_log_dir.old
+[ -d $unittest_log_dir ] && mv $unittest_log_dir $unittest_log_dir.old
+mkdir $unittest_log_dir || exit 2
+
+echo "BUILD_HEAD=$(cat build-head)" > $unittest_log_dir/SUMMARY
+
 for_each_unittest $config run
diff --git a/scripts/functions.bash b/scripts/common.bash
similarity index 75%
rename from scripts/functions.bash
rename to scripts/common.bash
index ee9143c..2dd7360 100644
--- a/scripts/functions.bash
+++ b/scripts/common.bash
@@ -1,3 +1,12 @@
+: ${unittest_log_dir:=logs}
+
+function run_task()
+{
+   local testname="$2"
+
+   RUNTIME_log_file="${unittest_log_dir}/${testname}.log"
+   "$@"
+}
 
 function for_each_unittest()
 {
@@ -17,7 +26,7 @@ function for_each_unittest()
 
while read -u $fd line; do
if [[ "$line" =~ ^\[(.*)\]$ ]]; then
-   "$cmd" "$testname" "$groups" "$smp" "$kernel" "$opts" 
"$arch" "$check" "$accel" "$timeout"
+   run_task "$cmd" "$testname" "$groups" "$smp" "$kernel" 
"$opts" "$arch" "$check" "$accel" "$timeout"
testname=${BASH_REMATCH[1]}
smp=1
kernel=""
@@ -45,6 +54,6 @@ function for_each_unittest()
timeout=${BASH_REMATCH[1]}
fi
done
-   "$cmd" "$testname" "$groups" "$smp" "$kernel" "$opts" "$arch" "$check" 
"$accel" "$timeout"
+   run_task "$cmd" "$testname" "$groups" "$smp" "$kernel" "$opts" "$arch" 
"$check" "$accel" "$timeout"
exec {fd}<&-
 }
diff --git a/scripts/mkstandalone.sh b/scripts/mkstandalone.sh
index d2bae19..3c1938e 100755
--- a/scripts/mkstandalone.sh
+++ b/scripts/mkstandalone.sh
@@ -5,7 +5,7 @@ if [ ! -f config.mak ]; then
exit 1
 fi
 source config.mak
-source scripts/functions.bash
+source scripts/common.bash
 
 escape ()
 {
-- 
2.7.4

Re: [Qemu-devel] [PATCH 03/11] target-ppc: Add xsiexpdp instruction

[David Gibson]

On Tue, Jan 10, 2017 at 02:20:35PM +0530, Nikunj A Dadhania wrote:
> xsiexpdp: VSX Scalar Insert Exponent Double Precision
> 
> Signed-off-by: Nikunj A Dadhania 
> ---
>  target/ppc/translate/vsx-impl.inc.c | 20 
>  target/ppc/translate/vsx-ops.inc.c  |  1 +
>  2 files changed, 21 insertions(+)
> 
> diff --git a/target/ppc/translate/vsx-impl.inc.c 
> b/target/ppc/translate/vsx-impl.inc.c
> index 2d9fe50..2d09225 100644
> --- a/target/ppc/translate/vsx-impl.inc.c
> +++ b/target/ppc/translate/vsx-impl.inc.c
> @@ -1243,6 +1243,26 @@ static void gen_xsxexpqp(DisasContext *ctx)
>  tcg_gen_movi_i64(xtl, 0);
>  }
>  
> +static void gen_xsiexpdp(DisasContext *ctx)
> +{
> +TCGv_i64 xth = cpu_vsrh(xT(ctx->opcode));
> +TCGv ra = cpu_gpr[rA(ctx->opcode)];
> +TCGv rb = cpu_gpr[rB(ctx->opcode)];
> +TCGv_i64 t0;
> +
> +if (unlikely(!ctx->vsx_enabled)) {
> +gen_exception(ctx, POWERPC_EXCP_VSXU);
> +return;
> +}
> +t0 = tcg_temp_new_i64();
> +tcg_gen_andi_i64(xth, ra, 0x800F);
> +tcg_gen_andi_i64(t0, rb, 0x7FF);
> +tcg_gen_shli_i64(t0, t0, 52);
> +tcg_gen_or_i64(xth, xth, t0);
> +/* dword[1] is undefined */

According to the ISA doc I have, dword[1] is set to 0 rather than
being undefined.

> +tcg_temp_free_i64(t0);
> +}
> +
>  static void gen_xsxsigdp(DisasContext *ctx)
>  {
>  TCGv rt = cpu_gpr[rD(ctx->opcode)];
> diff --git a/target/ppc/translate/vsx-ops.inc.c 
> b/target/ppc/translate/vsx-ops.inc.c
> index aeeaff2..5980ac6 100644
> --- a/target/ppc/translate/vsx-ops.inc.c
> +++ b/target/ppc/translate/vsx-ops.inc.c
> @@ -120,6 +120,7 @@ GEN_XX2FORM_EO(xsxexpdp, 0x16, 0x15, 0x00, PPC2_ISA300),
>  GEN_VSX_XFORM_300_EO(xsxexpqp, 0x04, 0x19, 0x02, 0x0001),
>  GEN_XX2FORM_EO(xsxsigdp, 0x16, 0x15, 0x01, PPC2_ISA300),
>  GEN_VSX_XFORM_300_EO(xsxsigqp, 0x04, 0x19, 0x12, 0x0001),
> +GEN_HANDLER_E(xsiexpdp, 0x3C, 0x16, 0x1C, 0, PPC_NONE, PPC2_ISA300),
>  #endif
>  
>  GEN_XX2FORM(xvabsdp, 0x12, 0x1D, PPC2_VSX),

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [kvm-unit-tests PATCH v6 1/3] run_tests: fix errno for param parsing

[Peter Xu]

Signed-off-by: Peter Xu 
---
 run_tests.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/run_tests.sh b/run_tests.sh
index 254129d..2cfa365 100755
--- a/run_tests.sh
+++ b/run_tests.sh
@@ -41,7 +41,7 @@ while getopts "g:hv" opt; do
 verbose="yes"
 ;;
 *)
-exit 1
+exit 2
 ;;
 esac
 done
-- 
2.7.4

[Qemu-devel] [PULL 29/30] target-sparc: move common cpu initialisation routines to sparc64.c

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Reviewed-by: Richard Henderson 
Message-Id: 
<660569980c8449b732c19338412af241f216a563.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 hw/sparc64/Makefile.objs   |   1 +
 hw/sparc64/sparc64.c   | 378 +
 hw/sparc64/sun4u.c | 348 +
 hw/timer/sun4v-rtc.c   |   2 +-
 include/hw/sparc/sparc64.h |   5 +
 5 files changed, 389 insertions(+), 345 deletions(-)
 create mode 100644 hw/sparc64/sparc64.c
 create mode 100644 include/hw/sparc/sparc64.h

diff --git a/hw/sparc64/Makefile.objs b/hw/sparc64/Makefile.objs
index a84cfe3..a96b1f8 100644
--- a/hw/sparc64/Makefile.objs
+++ b/hw/sparc64/Makefile.objs
@@ -1 +1,2 @@
+obj-y += sparc64.o
 obj-y += sun4u.o
diff --git a/hw/sparc64/sparc64.c b/hw/sparc64/sparc64.c
new file mode 100644
index 000..b3d219c
--- /dev/null
+++ b/hw/sparc64/sparc64.c
@@ -0,0 +1,378 @@
+/*
+ * QEMU Sun4u/Sun4v System Emulator common routines
+ *
+ * Copyright (c) 2005 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "hw/char/serial.h"
+#include "hw/sparc/sparc64.h"
+#include "qemu/timer.h"
+
+
+//#define DEBUG_IRQ
+//#define DEBUG_TIMER
+
+#ifdef DEBUG_IRQ
+#define CPUIRQ_DPRINTF(fmt, ...)\
+do { printf("CPUIRQ: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define CPUIRQ_DPRINTF(fmt, ...)
+#endif
+
+#ifdef DEBUG_TIMER
+#define TIMER_DPRINTF(fmt, ...)  \
+do { printf("TIMER: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define TIMER_DPRINTF(fmt, ...)
+#endif
+
+#define TICK_MAX 0x7fffULL
+
+void cpu_check_irqs(CPUSPARCState *env)
+{
+CPUState *cs;
+uint32_t pil = env->pil_in |
+  (env->softint & ~(SOFTINT_TIMER | SOFTINT_STIMER));
+
+/* TT_IVEC has a higher priority (16) than TT_EXTINT (31..17) */
+if (env->ivec_status & 0x20) {
+return;
+}
+cs = CPU(sparc_env_get_cpu(env));
+/* check if TM or SM in SOFTINT are set
+   setting these also causes interrupt 14 */
+if (env->softint & (SOFTINT_TIMER | SOFTINT_STIMER)) {
+pil |= 1 << 14;
+}
+
+/* The bit corresponding to psrpil is (1<< psrpil), the next bit
+   is (2 << psrpil). */
+if (pil < (2 << env->psrpil)) {
+if (cs->interrupt_request & CPU_INTERRUPT_HARD) {
+CPUIRQ_DPRINTF("Reset CPU IRQ (current interrupt %x)\n",
+   env->interrupt_index);
+env->interrupt_index = 0;
+cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+}
+return;
+}
+
+if (cpu_interrupts_enabled(env)) {
+
+unsigned int i;
+
+for (i = 15; i > env->psrpil; i--) {
+if (pil & (1 << i)) {
+int old_interrupt = env->interrupt_index;
+int new_interrupt = TT_EXTINT | i;
+
+if (unlikely(env->tl > 0 && cpu_tsptr(env)->tt > new_interrupt
+  && ((cpu_tsptr(env)->tt & 0x1f0) == TT_EXTINT))) {
+CPUIRQ_DPRINTF("Not setting CPU IRQ: TL=%d "
+   "current %x >= pending %x\n",
+   env->tl, cpu_tsptr(env)->tt, new_interrupt);
+} else if (old_interrupt != new_interrupt) {
+env->interrupt_index = new_interrupt;
+CPUIRQ_DPRINTF("Set CPU IRQ %d old=%x new=%x\n", i,
+   old_interrupt, new_interrupt);
+cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+}
+break;
+}
+}
+} else if (cs->interrupt_request & CPU_INTERRUPT_HARD) {
+

[Qemu-devel] [kvm-unit-tests PATCH v6 0/3] run_tests: support concurrent test execution

[Peter Xu]

v6:
- some tunes on how to rm/mv logs/logs.old [Drew]
- fix errno to 2 when param parse fail [Drew]
- add one more patch to fix *) case errno [Drew]
  (please either take/squash/... this one)
- comment fix again [Drew]

v5:
- add "/" at start/end of line where proper [Drew]
- remove useless newline in Makefile [Drew]
- don't check "mv" since it won't fail [Drew]
- avoid using '"s in (( )) [Drew]
- comment fix [Drew]

v4:
- add .gitignore for logs/ [Drew]
- instead of create globals.bash, renaming function.bash into
  common.bash, put globals inside [Drew]
- instead of removing logs/ directly when start run_tests, move it
  into logs.old so we at least have the last time result cached [Drew]
- s/ut_/unittest_/ through the whole series [Drew]
- remove unittest_log_summary var [Drew]
- remove radim's s-b in patch 2 since it does not suite [Drew]
- tiny fix on the usage lines [Drew]
- use bash arithmetic where proper [Drew]
- remove ut_in_parallel since not used [Drew]

v3:
- better handling for ctrl-c during run_tests.sh [Radim]

v2:
- patch 1: do per-test logging in all cases
- patch 2: throw away task.bash, instead, take Radim's suggestion to
  use jobs

run_tests.sh is getting slower. Maybe it's time to let it run faster.
An obvious issue is that, we were running the tests sequentially in
the past.

This series provides another new "-j" parameter. "-j 8" means we run
the tests on 8 task queues. That'll fasten the script a lot. A very
quick test of mine shows 3x speed boost with 8 task queues.

Please review, thanks.

Peter Xu (3):
  run_tests: fix errno for param parsing
  run_tests: put logs into per-test file
  run_tests: allow run tests in parallel

 .gitignore  |  3 ++-
 Makefile|  5 ++---
 run_tests.sh| 33 +++--
 scripts/{functions.bash => common.bash} | 27 +--
 scripts/mkstandalone.sh |  2 +-
 5 files changed, 53 insertions(+), 17 deletions(-)
 rename scripts/{functions.bash => common.bash} (63%)

-- 
2.7.4

[Qemu-devel] [PULL 30/30] target-sparc: fix up niagara machine

[Richard Henderson]

From: Artyom Tarasenko 

Remove the Niagara stub implementation from sun4u.c and add a machine,
compatible with Legion simulator from the OpenSPARC T1 project.

The machine uses the firmware supplied with the OpenSPARC T1 project,
http://download.oracle.com/technetwork/systems/opensparc/OpenSPARCT1_Arch.1.5.tar.bz2
in the directory S10image/, and is able to boot the supplied Solaris 10 image.

Note that for compatibility with the naming conventions for SPARC machines
the new machine name is lowercase niagara.

Signed-off-by: Artyom Tarasenko 
Reviewed-by: Richard Henderson 
Message-Id: 
<662c7a5b81926a9daba26c943b0c11e99068c867.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 MAINTAINERS |  13 +--
 default-configs/sparc64-softmmu.mak |   2 +
 hw/sparc64/Makefile.objs|   1 +
 hw/sparc64/niagara.c| 177 
 hw/sparc64/sun4u.c  |  31 ---
 qemu-doc.texi   |  14 ++-
 6 files changed, 199 insertions(+), 39 deletions(-)
 create mode 100644 hw/sparc64/niagara.c

diff --git a/MAINTAINERS b/MAINTAINERS
index 54588e5..b5ebfab 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -725,6 +725,13 @@ S: Maintained
 F: hw/sparc64/sun4u.c
 F: pc-bios/openbios-sparc64
 
+Sun4v
+M: Artyom Tarasenko 
+S: Maintained
+F: hw/sparc64/sun4v.c
+F: hw/timer/sun4v-rtc.c
+F: include/hw/timer/sun4v-rtc.h
+
 Leon3
 M: Fabien Chouteau 
 S: Maintained
@@ -1098,12 +1105,6 @@ F: hw/nvram/chrp_nvram.c
 F: include/hw/nvram/chrp_nvram.h
 F: tests/prom-env-test.c
 
-sun4v RTC
-M: Artyom Tarasenko 
-S: Maintained
-F: hw/timer/sun4v-rtc.c
-F: include/hw/timer/sun4v-rtc.h
-
 Subsystems
 --
 Audio
diff --git a/default-configs/sparc64-softmmu.mak 
b/default-configs/sparc64-softmmu.mak
index c0cdd64..c581e61 100644
--- a/default-configs/sparc64-softmmu.mak
+++ b/default-configs/sparc64-softmmu.mak
@@ -13,3 +13,5 @@ CONFIG_IDE_CMD646=y
 CONFIG_PCI_APB=y
 CONFIG_MC146818RTC=y
 CONFIG_ISA_TESTDEV=y
+CONFIG_EMPTY_SLOT=y
+CONFIG_SUN4V_RTC=y
diff --git a/hw/sparc64/Makefile.objs b/hw/sparc64/Makefile.objs
index a96b1f8..cf9de21 100644
--- a/hw/sparc64/Makefile.objs
+++ b/hw/sparc64/Makefile.objs
@@ -1,2 +1,3 @@
 obj-y += sparc64.o
 obj-y += sun4u.o
+obj-y += niagara.o
\ No newline at end of file
diff --git a/hw/sparc64/niagara.c b/hw/sparc64/niagara.c
new file mode 100644
index 000..b55d4bb
--- /dev/null
+++ b/hw/sparc64/niagara.c
@@ -0,0 +1,177 @@
+/*
+ * QEMU Sun4v/Niagara System Emulator
+ *
+ * Copyright (c) 2016 Artyom Tarasenko
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/boards.h"
+#include "hw/char/serial.h"
+#include "hw/empty_slot.h"
+#include "hw/loader.h"
+#include "hw/sparc/sparc64.h"
+#include "hw/timer/sun4v-rtc.h"
+#include "exec/address-spaces.h"
+#include "sysemu/block-backend.h"
+
+
+typedef struct NiagaraBoardState {
+MemoryRegion hv_ram;
+MemoryRegion partition_ram;
+MemoryRegion nvram;
+MemoryRegion md_rom;
+MemoryRegion hv_rom;
+MemoryRegion vdisk_ram;
+MemoryRegion prom;
+} NiagaraBoardState;
+
+#define NIAGARA_HV_RAM_BASE 0x10ULL
+#define NIAGARA_HV_RAM_SIZE 0x3f0ULL /* 63 MiB */
+
+#define NIAGARA_PARTITION_RAM_BASE 0x8000ULL
+
+#define NIAGARA_UART_BASE   0x1f1000ULL
+
+#define NIAGARA_NVRAM_BASE  0x1f1100ULL
+#define NIAGARA_NVRAM_SIZE  0x2000
+
+#define NIAGARA_MD_ROM_BASE 0x1f1200ULL
+#define NIAGARA_MD_ROM_SIZE 0x2000
+
+#define NIAGARA_HV_ROM_BASE 0x1f1208ULL
+#define NIAGARA_HV_ROM_SIZE 0x2000
+
+#define NIAGARA_IOBBASE 0x98ULL
+#define NIAGARA_IOBSIZE 0x01ULL
+
+#define NIAGARA_VDISK_BASE  

[Qemu-devel] [PULL 27/30] target-sparc: add ST_BLKINIT_ ASIs for UA2005+ CPUs

[Richard Henderson]

From: Artyom Tarasenko 

In OpenSPARC T1+ TWINX ASIs in store instructions are aliased
with Block Initializing Store ASIs.

"UltraSPARC T1 Supplement Draft D2.1, 14 May 2007" describes them
in the chapter "5.9 Block Initializing Store ASIs"

Integer stores of all sizes are allowed with these ASIs.

Signed-off-by: Artyom Tarasenko 
Message-Id: 

Signed-off-by: Richard Henderson 
---
 target/sparc/translate.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index 53c327d..e929169 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -2321,8 +2321,19 @@ static void gen_st_asi(DisasContext *dc, TCGv src, TCGv 
addr,
 case GET_ASI_EXCP:
 break;
 case GET_ASI_DTWINX: /* Reserved for stda.  */
+#ifndef TARGET_SPARC64
 gen_exception(dc, TT_ILL_INSN);
 break;
+#else
+if (!(dc->def->features & CPU_FEATURE_HYPV)) {
+/* Pre OpenSPARC CPUs don't have these */
+gen_exception(dc, TT_ILL_INSN);
+return;
+}
+/* in OpenSPARC T1+ CPUs TWINX ASIs in store instructions
+ * are ST_BLKINIT_ ASIs */
+/* fall through */
+#endif
 case GET_ASI_DIRECT:
 gen_address_mask(dc, addr);
 tcg_gen_qemu_st_tl(src, addr, da.mem_idx, da.memop);
-- 
2.9.3

Re: [Qemu-devel] [kvm-unit-tests PATCH v5 2/2] run_tests: allow run tests in parallel

[Peter Xu]

On Wed, Jan 11, 2017 at 02:09:34PM +0100, Andrew Jones wrote:
> On Wed, Jan 11, 2017 at 12:00:23PM +0100, Andrew Jones wrote:
> > On Wed, Jan 11, 2017 at 01:29:35PM +0800, Peter Xu wrote:
> > > run_task.sh is getting slow. This patch is trying to make it faster by
> > > running the tests concurrently.
> > > 
> > > We provide a new parameter "-j" for the run_tests.sh, which can be used
> > > to specify how many run queues we want for the tests. Default queue
> > > length is 1, which is the old behavior.
> > > 
> > > Quick test on my laptop (4 cores, 2 threads each) shows 3x speed boost:
> > > 
> > >|-+---|
> > >| command | time used |
> > >|-+---|
> > >| run_test.sh | 75s   |
> > >| run_test.sh -j8 | 27s   |
> > >|-+---|
> > > 
> > > Signed-off-by: Peter Xu 
> > > ---
> > >  run_tests.sh| 12 ++--
> > >  scripts/common.bash | 16 +++-
> > >  2 files changed, 25 insertions(+), 3 deletions(-)
> > > 
> > > diff --git a/run_tests.sh b/run_tests.sh
> > > index b6a1059..477d4fb 100755
> > > --- a/run_tests.sh
> > > +++ b/run_tests.sh
> > > @@ -13,10 +13,11 @@ function usage()
> > >  {
> > >  cat < > >  
> > > -Usage: $0 [-g group] [-h] [-v]
> > > +Usage: $0 [-g group] [-h] [-v] [-j num_run_queues]
> > >  
> > >  -g: Only execute tests in the given group
> > >  -h: Output this help text
> > > +-j: Execute tests in parallel
> > >  -v: Enables verbose mode
> > >  
> > >  Set the environment variable QEMU=/path/to/qemu-system-ARCH to
> > > @@ -28,7 +29,7 @@ EOF
> > >  RUNTIME_arch_run="./$TEST_DIR/run"
> > >  source scripts/runtime.bash
> > >  
> > > -while getopts "g:hv" opt; do
> > > +while getopts "g:hj:v" opt; do
> > >  case $opt in
> > >  g)
> > >  only_group=$OPTARG
> > > @@ -37,6 +38,13 @@ while getopts "g:hv" opt; do
> > >  usage
> > >  exit
> > >  ;;
> > > +j)
> > > +unittest_run_queues=$OPTARG
> > > +if (( $unittest_run_queues <= 0 )); then
> > > +echo "Invalid -j option: $unittest_run_queues"
> > > +exit 1
> > 
> > We should probably use 'exit 2' here, and below in the *) case.

Will fix this one first, with another one line patch for the below one
(we can either take that new one, or squash it into this patch).

> > 
> > > +fi
> > > +;;
> > >  v)
> > >  verbose="yes"
> > >  ;;
> > > diff --git a/scripts/common.bash b/scripts/common.bash
> > > index 2dd7360..ef103ee 100644
> > > --- a/scripts/common.bash
> > > +++ b/scripts/common.bash
> > > @@ -1,11 +1,19 @@
> > >  : ${unittest_log_dir:=logs}
> > > +: ${unittest_run_queues:=1}
> > >  
> > >  function run_task()
> > >  {
> > >   local testname="$2"
> > >  
> > > + while (( $(jobs | wc -l) == $unittest_run_queues )); do
> > > + # wait for any background test to finish
> > > + wait -n
> > > + done
> > > +
> > >   RUNTIME_log_file="${unittest_log_dir}/${testname}.log"
> > > - "$@"
> > > +
> > > + # start the testcase in the background
> > > + "$@" &
> > 
> > If you check the logs before and after applying this patch series you'll
> > see a bunch of "stty: 'standard input': Inappropriate ioctl for device"
> > are now present. These messages come from the stty calls in run_qemu,
> > which we need to avoid the loss of terminal echo when QEMU aborts. We
> > can get rid of these new "inappropriate ioctl" messages by changing the
> > above line to
> > 
> >  "$@" <$(tty) &
> 
> Actually I just came up with a better solution for this. Since we don't
> need input to our unit tests, i.e. we never attempt to read from the
> serial port within them, then we can just use /dev/null for stdin. That
> allows us to leave your code above alone, and also remove the stty stuff
> in run_qemu. I'll send a patch.

Thanks, then I'll keep it as it is.

> 
> drew
> 
> > 
> > 
> > >  }
> > >  
> > >  function for_each_unittest()
> > > @@ -22,6 +30,8 @@ function for_each_unittest()
> > >   local accel
> > >   local timeout
> > >  
> > > + trap "wait; exit 130" SIGINT
> > > +
> > >   exec {fd}<"$unittests"
> > >  
> > >   while read -u $fd line; do
> > > @@ -55,5 +65,9 @@ function for_each_unittest()
> > >   fi
> > >   done
> > >   run_task "$cmd" "$testname" "$groups" "$smp" "$kernel" "$opts" "$arch" 
> > > "$check" "$accel" "$timeout"
> > > +
> > > + # wait until all task finish
> > 
> > Still not quite right :-)  s/task/tasks/

Sorry! Fixing up.

-- peterx

Re: [Qemu-devel] [PATCH v5 2/7] host-utils: Implement unsigned quadword left/right shift and unit tests

[David Gibson]

On Tue, Jan 10, 2017 at 08:34:29AM -0600, Eric Blake wrote:
> On 01/09/2017 08:10 PM, Jose Ricardo Ziviani wrote:
> > Implements 128-bit left shift and right shift as well as their
> > testcases. By design, shift silently mods by 128, so the caller is
> > responsible to assert the shift range if necessary.
> > 
> > Left shift sets the overflow flag if any non-zero digit is shifted out.
> > 
> > Examples:
> >  ulshift(, , 250, );
> >  equivalent: n << 122
> > 
> >  urshift(, , -2);
> >  equivalent: n << 126
> > 
> > Signed-off-by: Jose Ricardo Ziviani 
> > ---
> 
> > +typedef struct {
> > +uint64_t low;
> > +uint64_t high;
> > +uint64_t rlow;
> > +uint64_t rhigh;
> > +int32_t shift;
> > +bool overflow;
> > +} test_data;
> > +
> > +static const test_data test_ltable[] = {
> > +{ 0x4C7ULL, 0x0ULL, 0x04C7ULL,
> > +  0xULL,   0, false },
> 
> I might have laid it out as:
> 
> { 0x04c7ULL, 0xULL,
>   0x04c7ULL, 0xULL,
>   0, false }
> 
> to make the pre- and post-shift values line up better.  It's not fatal
> to the patch, so it's up to the maintainer if they want a v6 to improve
> the alignment.

host-utils doesn't have a maintainer.  So, I'm intending to take it
through my tree with your R-b.

> > +{ 0xULL, 0xULL,
> > +  0x8000ULL, 0x9888ULL, 60, true },
> > +{ 0xULL, 0xULL,
> > +  0xULL, 0xULL, 64, true },
> 
> These two are the most legible.
> 
> > +};
> > +
> > +static const test_data test_rtable[] = {
> 
> > +++ b/util/host-utils.c
> > @@ -161,3 +161,67 @@ int divs128(int64_t *plow, int64_t *phigh, int64_t 
> > divisor)
> >  }
> >  #endif
> >  
> > +/**
> > + * urshift - 128-bit Unsigned Right Shift.
> > + * @plow: in/out - lower 64-bit integer.
> > + * @phigh: in/out - higher 64-bit integer.
> > + * @shift: in - bytes to shift, between 0 and 127.
> > + *
> > + * Result is zero-extended and stored in plow/phigh, which are
> > + * input/output variables. Shift values outside the range will
> > + * be mod to 128. In other words, the caller is responsible to
> > + * verify/assert both the shift range and plow/phigh pointers.
> > + */
> 
> Duplicating docs in the .h and .c doesn't hurt, but risks one getting
> out of date; we have other spots that put the docs in the .h (where
> callers will look up what's available) or the .c (where the
> implementation is there to check against the docs). I don't have any
> strong preference on how to do it, though, so I don't mind leaving it as is.
> 
> Reviewed-by: Eric Blake 
> 




-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PULL 25/30] target-sparc: implement UA2005 ASI_MMU (0x21)

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<6f546cf963e03ed253e16701ba6e30dcc5d00073.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/ldst_helper.c | 31 +++
 1 file changed, 31 insertions(+)

diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index 57b3b97..d34795a 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -1394,6 +1394,18 @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong 
addr,
 ret = env->scratch[i];
 break;
 }
+case ASI_MMU: /* UA2005 Context ID registers */
+switch ((addr >> 3) & 0x3) {
+case 1:
+ret = env->dmmu.mmu_primary_context;
+break;
+case 2:
+ret = env->dmmu.mmu_secondary_context;
+break;
+default:
+  cpu_unassigned_access(cs, addr, true, false, 1, size);
+}
+break;
 case ASI_DCACHE_DATA: /* D-cache data */
 case ASI_DCACHE_TAG:  /* D-cache tag access */
 case ASI_ESTATE_ERROR_EN: /* E-cache error enable */
@@ -1712,6 +1724,25 @@ void helper_st_asi(CPUSPARCState *env, target_ulong 
addr, target_ulong val,
 env->scratch[i] = val;
 return;
 }
+case ASI_MMU: /* UA2005 Context ID registers */
+{
+  switch ((addr >> 3) & 0x3) {
+  case 1:
+  env->dmmu.mmu_primary_context = val;
+  env->immu.mmu_primary_context = val;
+  tlb_flush_by_mmuidx(CPU(cpu), MMU_USER_IDX, MMU_KERNEL_IDX, -1);
+  break;
+  case 2:
+  env->dmmu.mmu_secondary_context = val;
+  env->immu.mmu_secondary_context = val;
+  tlb_flush_by_mmuidx(CPU(cpu), MMU_USER_SECONDARY_IDX,
+  MMU_KERNEL_SECONDARY_IDX, -1);
+  break;
+  default:
+  cpu_unassigned_access(cs, addr, true, false, 1, size);
+  }
+}
+return;
 case ASI_QUEUE: /* UA2005 CPU mondo queue */
 case ASI_DCACHE_DATA: /* D-cache data */
 case ASI_DCACHE_TAG: /* D-cache tag access */
-- 
2.9.3

Re: [Qemu-devel] [PATCH v5 6/7] ppc: Implement bcdtrunc. instruction

[David Gibson]

On Tue, Jan 10, 2017 at 12:10:13AM -0200, Jose Ricardo Ziviani wrote:
> bcdtrunc.: Decimal integer truncate. Given a BCD number in vrb and the
> number of bytes to truncate in vra, the return register will have vrb
> with such bits truncated.
> 
> Signed-off-by: Jose Ricardo Ziviani 
> ---
>  target/ppc/helper.h |  1 +
>  target/ppc/int_helper.c | 37 
> +
>  target/ppc/translate/vmx-impl.inc.c |  5 +
>  target/ppc/translate/vmx-ops.inc.c  |  4 ++--
>  4 files changed, 45 insertions(+), 2 deletions(-)
> 
> diff --git a/target/ppc/helper.h b/target/ppc/helper.h
> index d1db462..db17917 100644
> --- a/target/ppc/helper.h
> +++ b/target/ppc/helper.h
> @@ -401,6 +401,7 @@ DEF_HELPER_3(bcdsetsgn, i32, avr, avr, i32)
>  DEF_HELPER_4(bcds, i32, avr, avr, avr, i32)
>  DEF_HELPER_4(bcdus, i32, avr, avr, avr, i32)
>  DEF_HELPER_4(bcdsr, i32, avr, avr, avr, i32)
> +DEF_HELPER_4(bcdtrunc, i32, avr, avr, avr, i32)
>  
>  DEF_HELPER_2(xsadddp, void, env, i32)
>  DEF_HELPER_2(xsaddqp, void, env, i32)
> diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
> index b184063..06b14d5 100644
> --- a/target/ppc/int_helper.c
> +++ b/target/ppc/int_helper.c
> @@ -3223,6 +3223,43 @@ uint32_t helper_bcdsr(ppc_avr_t *r, ppc_avr_t *a, 
> ppc_avr_t *b, uint32_t ps)
>  return cr;
>  }
>  
> +uint32_t helper_bcdtrunc(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b, uint32_t 
> ps)
> +{
> +uint64_t mask;
> +uint32_t ox_flag = 0;
> +#if defined(HOST_WORDS_BIGENDIAN)
> +int i = a->s16[3] + 1;
> +#else
> +int i = a->s16[4] + 1;
> +#endif
> +ppc_avr_t ret = *b;
> +
> +if (bcd_is_valid(b) == false) {
> +return CRF_SO;
> +}
> +
> +if (i > 16 && i < 32) {
> +if (ret.u64[HI_IDX] >> (i * 4 - 64)) {
> +ox_flag = CRF_SO;
> +}

You can simplify this by just checking ret.u64[HI_IDX] & ~mask before
you apply the mast.

> +
> +mask = (uint64_t)-1 >> (128 - i * 4);
> +ret.u64[HI_IDX] &= mask;
> +} else if (i >= 0 && i <= 16) {
> +if (ret.u64[HI_IDX] || (i < 16 && ret.u64[LO_IDX] >> (i * 4))) {
> +ox_flag = CRF_SO;
> +}
> +
> +mask = (uint64_t)-1 >> (64 - i * 4);

Similarly here.

> +ret.u64[LO_IDX] &= mask;
> +ret.u64[HI_IDX] = 0;
> +}
> +bcd_put_digit(, bcd_preferred_sgn(bcd_get_sgn(b), ps), 0);
> +*r = ret;
> +
> +return bcd_cmp_zero() | ox_flag;
> +}
> +
>  void helper_vsbox(ppc_avr_t *r, ppc_avr_t *a)
>  {
>  int i;
> diff --git a/target/ppc/translate/vmx-impl.inc.c 
> b/target/ppc/translate/vmx-impl.inc.c
> index 451abb5..1683f42 100644
> --- a/target/ppc/translate/vmx-impl.inc.c
> +++ b/target/ppc/translate/vmx-impl.inc.c
> @@ -1019,6 +1019,7 @@ GEN_BCD(bcdcpsgn);
>  GEN_BCD(bcds);
>  GEN_BCD(bcdus);
>  GEN_BCD(bcdsr);
> +GEN_BCD(bcdtrunc);
>  
>  static void gen_xpnd04_1(DisasContext *ctx)
>  {
> @@ -1097,6 +1098,10 @@ GEN_VXFORM_DUAL(vsubudm, PPC2_ALTIVEC_207, PPC_NONE, \
>  bcds, PPC_NONE, PPC2_ISA300)
>  GEN_VXFORM_DUAL(vsubuwm, PPC_ALTIVEC, PPC_NONE, \
>  bcdus, PPC_NONE, PPC2_ISA300)
> +GEN_VXFORM_DUAL(vsubsbs, PPC_ALTIVEC, PPC_NONE, \
> +bcdtrunc, PPC_NONE, PPC2_ISA300)
> +GEN_VXFORM_DUAL(vsubuqm, PPC2_ALTIVEC_207, PPC_NONE, \
> +bcdtrunc, PPC_NONE, PPC2_ISA300)
>  
>  static void gen_vsbox(DisasContext *ctx)
>  {
> diff --git a/target/ppc/translate/vmx-ops.inc.c 
> b/target/ppc/translate/vmx-ops.inc.c
> index fa9c996..e6167a4 100644
> --- a/target/ppc/translate/vmx-ops.inc.c
> +++ b/target/ppc/translate/vmx-ops.inc.c
> @@ -143,14 +143,14 @@ GEN_VXFORM(vaddsws, 0, 14),
>  GEN_VXFORM_DUAL(vsububs, bcdadd, 0, 24, PPC_ALTIVEC, PPC_NONE),
>  GEN_VXFORM_DUAL(vsubuhs, bcdsub, 0, 25, PPC_ALTIVEC, PPC_NONE),
>  GEN_VXFORM(vsubuws, 0, 26),
> -GEN_VXFORM(vsubsbs, 0, 28),
> +GEN_VXFORM_DUAL(vsubsbs, bcdtrunc, 0, 28, PPC_NONE, PPC2_ISA300),
>  GEN_VXFORM(vsubshs, 0, 29),
>  GEN_VXFORM_DUAL(vsubsws, xpnd04_2, 0, 30, PPC_ALTIVEC, PPC_NONE),
>  GEN_VXFORM_207(vadduqm, 0, 4),
>  GEN_VXFORM_207(vaddcuq, 0, 5),
>  GEN_VXFORM_DUAL(vaddeuqm, vaddecuq, 30, 0xFF, PPC_NONE, PPC2_ALTIVEC_207),
> -GEN_VXFORM_207(vsubuqm, 0, 20),
>  GEN_VXFORM_207(vsubcuq, 0, 21),
> +GEN_VXFORM_DUAL(vsubuqm, bcdtrunc, 0, 20, PPC2_ALTIVEC_207, PPC2_ISA300),
>  GEN_VXFORM_DUAL(vsubeuqm, vsubecuq, 31, 0xFF, PPC_NONE, PPC2_ALTIVEC_207),
>  GEN_VXFORM(vrlb, 2, 0),
>  GEN_VXFORM(vrlh, 2, 1),

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 00/11] POWER9 TCG enablements - part11

[David Gibson]

On Tue, Jan 10, 2017 at 02:20:32PM +0530, Nikunj A Dadhania wrote:
> This series contains 10 new instructions for POWER9 ISA3.0
> VSX Scalar Insert Exponent
> VSX Vector Insert Exponent
> VSX Vector Extract Exponent/Significand
> VSX Scalar Truncate & Convert Quad-Precision
> Couple of fixes
> 
> Bharata B Rao (2):
>   softfloat: Fix the default qNAN for target-ppc
>   target-ppc: Add xscvqps[d,w]z instructions
> 
> Nikunj A Dadhania (9):
>   target-ppc: xscvqpdp zero VSR
>   target-ppc: Add xsiexpdp instruction
>   target-ppc: Add xsiexpqp instruction
>   target-ppc: Add xviexpsp instruction
>   target-ppc: Add xviexpdp instruction
>   target-ppc: Add xvxexpsp instruction
>   target-ppc: Add xvxexpdp instruction
>   target-ppc: Add xvxsigsp instruction
>   target-ppc: Add xvxsigdp instruction
> 
>  fpu/softfloat-specialize.h  |   2 +-
>  target/ppc/fpu_helper.c |  62 -
>  target/ppc/helper.h |   3 +
>  target/ppc/translate/vsx-impl.inc.c | 172 
> 
>  target/ppc/translate/vsx-ops.inc.c  |  11 +++
>  5 files changed, 248 insertions(+), 2 deletions(-)

Patches 1&2 merged to ppc-for-2.9.  The rest pending a query on 3/11.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [kvm-unit-tests PATCH v5 1/2] run_tests: put logs into per-test file

[Peter Xu]

On Wed, Jan 11, 2017 at 11:46:38AM +0100, Andrew Jones wrote:

[...]

> > So, how about this:
> > 
> > rm -rf $unittest_log_dir.old || err "Failed remove old logs"
> > if [[ -d $unittest_log_dir ]]; then
> 
> Only [ ... ] for tests like these

I thought [[ ... ]] would be superior to [ ... ] if we are not
considering the POSIX compatibility issue?

Hmm, after a quick grep, I see that kvm-unit-tests repo is using [[
... ]] only if doing any kind of pattern/regex matching, right? If so,
I'll just follow. ;-)

> 
> > mv $unittest_log_dir $unittest_log_dir.old ||
> > err "Failed backup logs"
> > fi
> > mkdir $unittest_log_dir || err "Failed to create log dir"
> > 
> > And define err() in common.bash:
> > 
> > function err()
> > {
> > echo "$@"
> > exit 1
> > }
> 
> The above is mostly just translating rm/mv/mkdir stderr messages to
> new messages. We can do it much more simply like
> 
>  rm -rf logs.old
>  [ -d logs ] && mv logs logs.old
>  mkdir logs || exit 2

Okay I'll use this. Thanks!

-- peterx

[Qemu-devel] [PULL 24/30] target-sparc: add more registers to dump_mmu

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Reviewed-by: Richard Henderson 
Message-Id: 
<288f09c6282bf46af7ad8343fe63f7438a9f44a2.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/mmu_helper.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
index fa70dc0..8b4664d 100644
--- a/target/sparc/mmu_helper.c
+++ b/target/sparc/mmu_helper.c
@@ -741,6 +741,8 @@ void dump_mmu(FILE *f, fprintf_function cpu_fprintf, 
CPUSPARCState *env)
PRId64 "\n",
env->dmmu.mmu_primary_context,
env->dmmu.mmu_secondary_context);
+(*cpu_fprintf)(f, "DMMU Tag Access: %" PRIx64 ", TSB Tag Target: %" PRIx64
+   "\n", env->dmmu.tag_access, env->dmmu.tsb_tag_target);
 if ((env->lsu & DMMU_E) == 0) {
 (*cpu_fprintf)(f, "DMMU disabled\n");
 } else {
-- 
2.9.3

[Qemu-devel] [PATCH] linux-user: Use *at functions instead of caching interp_prefix contents

[Richard Henderson]

If the interp_prefix is a complete chroot, it may have a *lot* of files.
Setting up the cache for this is quite expensive.  Instead, use the *at
versions of various syscalls to attempt the operation in the prefix.

Signed-off-by: Richard Henderson 
---
 linux-user/elfload.c |  12 ++-
 linux-user/main.c|   3 +-
 linux-user/qemu.h|   1 +
 linux-user/syscall.c | 236 ++-
 util/Makefile.objs   |   2 +-
 util/path.c  | 178 --
 6 files changed, 209 insertions(+), 223 deletions(-)
 delete mode 100644 util/path.c

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 547053c..8b947fd 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2026,7 +2026,17 @@ static void load_elf_interp(const char *filename, struct 
image_info *info,
 {
 int fd, retval;
 
-fd = open(path(filename), O_RDONLY);
+switch (filename[0]) {
+case '/':
+fd = openat(interp_dirfd, filename + 1, O_RDONLY);
+if (fd >= 0 || errno != ENOENT) {
+break;
+}
+/* fallthru */
+default:
+fd = open(filename, O_RDONLY);
+break;
+}
 if (fd < 0) {
 goto exit_perror;
 }
diff --git a/linux-user/main.c b/linux-user/main.c
index c1d5eb4..dba988b 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -81,6 +81,7 @@ unsigned long reserved_va;
 static void usage(int exitcode);
 
 static const char *interp_prefix = CONFIG_QEMU_INTERP_PREFIX;
+int interp_dirfd;
 const char *qemu_uname_release;
 
 /* XXX: on x86 MAP_GROWSDOWN only works if ESP <= address + 32, so
@@ -4013,7 +4014,7 @@ int main(int argc, char **argv, char **envp)
 memset(, 0, sizeof (bprm));
 
 /* Scan interp_prefix dir for replacement files. */
-init_paths(interp_prefix);
+interp_dirfd = open(interp_prefix, O_CLOEXEC | O_DIRECTORY | O_PATH);
 
 init_qemu_uname_release();
 
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index da73a01..f91e2d5 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -434,6 +434,7 @@ void mmap_fork_start(void);
 void mmap_fork_end(int child);
 
 /* main.c */
+extern int interp_dirfd;
 extern unsigned long guest_stack_size;
 
 /* user access */
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 7b77503..18d40bb 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7055,7 +7055,18 @@ static abi_long do_name_to_handle_at(abi_long dirfd, 
abi_long pathname,
 fh = g_malloc0(total_size);
 fh->handle_bytes = size;
 
-ret = get_errno(name_to_handle_at(dirfd, path(name), fh, , flags));
+switch (name[0]) {
+case '/':
+ret = name_to_handle_at(interp_dirfd, name + 1, fh, , flags);
+if (ret == 0 || errno != ENOENT) {
+break;
+}
+/* fallthru */
+default:
+ret = name_to_handle_at(dirfd, name, fh, , flags);
+break;
+}
+ret = get_errno(ret);
 unlock_user(name, pathname, 0);
 
 /* man name_to_handle_at(2):
@@ -7464,6 +7475,7 @@ static int do_openat(void *cpu_env, int dirfd, const char 
*pathname, int flags,
 #endif
 { NULL, NULL, NULL }
 };
+int ret;
 
 if (is_proc_myself(pathname, "exe")) {
 int execfd = qemu_getauxval(AT_EXECFD);
@@ -7503,7 +7515,18 @@ static int do_openat(void *cpu_env, int dirfd, const 
char *pathname, int flags,
 return fd;
 }
 
-return safe_openat(dirfd, path(pathname), flags, mode);
+switch (pathname[0]) {
+case '/':
+ret = safe_openat(interp_dirfd, pathname + 1, flags, mode);
+if (ret >= 0 || errno != ENOENT) {
+break;
+}
+/* fallthru */
+default:
+ret = safe_openat(dirfd, pathname, flags, mode);
+break;
+}
+return ret;
 }
 
 #define TIMER_MAGIC 0x0caf
@@ -7540,6 +7563,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 struct stat st;
 struct statfs stfs;
 void *p;
+char *fn;
 
 #if defined(DEBUG_ERESTARTSYS)
 /* Debug-only code for exercising the syscall-restart code paths
@@ -8058,10 +8082,21 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 } else {
 tvp = NULL;
 }
-if (!(p = lock_user_string(arg2)))
+if (!(fn = lock_user_string(arg2)))
 goto efault;
-ret = get_errno(futimesat(arg1, path(p), tvp));
-unlock_user(p, arg2, 0);
+switch (fn[0]) {
+case '/':
+ret = futimesat(interp_dirfd, fn + 1, tvp);
+if (ret == 0 || errno != ENOENT) {
+break;
+}
+/* fallthru */
+default:
+ret = futimesat(arg1, fn, tvp);
+break;
+}
+ret = get_errno(ret);
+unlock_user(fn, arg2, 0);
 }
 break;
 #endif
@@ -8075,18 +8110,42 @@ 

[Qemu-devel] [PULL 19/30] target-sparc: use SparcV9MMU type for sparc64 I/D-MMUs

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<146ff5800a7da7599439d69c4bd907a0b51747aa.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 linux-user/main.c  |  2 +-
 target/sparc/cpu.h | 48 +-
 target/sparc/ldst_helper.c |  8 
 target/sparc/machine.c |  4 ++--
 4 files changed, 25 insertions(+), 37 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index c1d5eb4..94a636f 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -1166,7 +1166,7 @@ void cpu_loop (CPUSPARCState *env)
 /* XXX: check env->error_code */
 info.si_code = TARGET_SEGV_MAPERR;
 if (trapnr == TT_DFAULT)
-info._sifields._sigfault._addr = env->dmmuregs[4];
+info._sifields._sigfault._addr = env->dmmu.mmuregs[4];
 else
 info._sifields._sigfault._addr = cpu_tsptr(env)->tpc;
 queue_signal(env, info.si_signo, QEMU_SI_FAULT, );
diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 6fc81e8..8ce7197 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -404,7 +404,22 @@ struct CPUTimer
 typedef struct CPUTimer CPUTimer;
 
 typedef struct CPUSPARCState CPUSPARCState;
-
+#if defined(TARGET_SPARC64)
+typedef union {
+   uint64_t mmuregs[16];
+   struct {
+uint64_t tsb_tag_target;
+uint64_t mmu_primary_context;
+uint64_t mmu_secondary_context;
+uint64_t sfsr;
+uint64_t sfar;
+uint64_t tsb;
+uint64_t tag_access;
+uint64_t virtual_watchpoint;
+uint64_t physical_watchpoint;
+   };
+} SparcV9MMU;
+#endif
 struct CPUSPARCState {
 target_ulong gregs[8]; /* general registers */
 target_ulong *regwptr; /* pointer to current register window */
@@ -454,35 +469,8 @@ struct CPUSPARCState {
 uint64_t lsu;
 #define DMMU_E 0x8
 #define IMMU_E 0x4
-//typedef struct SparcMMU
-union {
-uint64_t immuregs[16];
-struct {
-uint64_t tsb_tag_target;
-uint64_t unused_mmu_primary_context;   // use DMMU
-uint64_t unused_mmu_secondary_context; // use DMMU
-uint64_t sfsr;
-uint64_t sfar;
-uint64_t tsb;
-uint64_t tag_access;
-uint64_t virtual_watchpoint;
-uint64_t physical_watchpoint;
-} immu;
-};
-union {
-uint64_t dmmuregs[16];
-struct {
-uint64_t tsb_tag_target;
-uint64_t mmu_primary_context;
-uint64_t mmu_secondary_context;
-uint64_t sfsr;
-uint64_t sfar;
-uint64_t tsb;
-uint64_t tag_access;
-uint64_t virtual_watchpoint;
-uint64_t physical_watchpoint;
-} dmmu;
-};
+SparcV9MMU immu;
+SparcV9MMU dmmu;
 SparcTLBEntry itlb[64];
 SparcTLBEntry dtlb[64];
 uint32_t mmu_version;
diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index 8cc8bb1..8e01260 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -1481,7 +1481,7 @@ void helper_st_asi(CPUSPARCState *env, target_ulong addr, 
target_ulong val,
 int reg = (addr >> 3) & 0xf;
 uint64_t oldreg;
 
-oldreg = env->immuregs[reg];
+oldreg = env->immu.mmuregs[reg];
 switch (reg) {
 case 0: /* RO */
 return;
@@ -1512,7 +1512,7 @@ void helper_st_asi(CPUSPARCState *env, target_ulong addr, 
target_ulong val,
 break;
 }
 
-if (oldreg != env->immuregs[reg]) {
+if (oldreg != env->immu.mmuregs[reg]) {
 DPRINTF_MMU("immu change reg[%d]: 0x%016" PRIx64 " -> 0x%016"
 PRIx64 "\n", reg, oldreg, env->immuregs[reg]);
 }
@@ -1546,7 +1546,7 @@ void helper_st_asi(CPUSPARCState *env, target_ulong addr, 
target_ulong val,
 int reg = (addr >> 3) & 0xf;
 uint64_t oldreg;
 
-oldreg = env->dmmuregs[reg];
+oldreg = env->dmmu.mmuregs[reg];
 switch (reg) {
 case 0: /* RO */
 case 4:
@@ -1589,7 +1589,7 @@ void helper_st_asi(CPUSPARCState *env, target_ulong addr, 
target_ulong val,
 break;
 }
 
-if (oldreg != env->dmmuregs[reg]) {
+if (oldreg != env->dmmu.mmuregs[reg]) {
 DPRINTF_MMU("dmmu change reg[%d]: 0x%016" PRIx64 " -> 0x%016"
 PRIx64 "\n", reg, oldreg, env->dmmuregs[reg]);
 }
diff --git a/target/sparc/machine.c b/target/sparc/machine.c
index aea6397..39e262c 100644
--- a/target/sparc/machine.c
+++ b/target/sparc/machine.c
@@ -148,8 +148,8 @@ const VMStateDescription vmstate_sparc_cpu = {
 VMSTATE_UINT64_ARRAY(env.mmubpregs, SPARCCPU, 4),
 #else

[Qemu-devel] [PULL 28/30] target-sparc: implement sun4v RTC

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Message-Id: 

Signed-off-by: Richard Henderson 
---
 MAINTAINERS  |   6 +++
 hw/timer/Makefile.objs   |   2 +
 hw/timer/sun4v-rtc.c | 102 +++
 include/hw/timer/sun4v-rtc.h |   1 +
 4 files changed, 111 insertions(+)
 create mode 100644 hw/timer/sun4v-rtc.c
 create mode 100644 include/hw/timer/sun4v-rtc.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 1444b26..54588e5 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1098,6 +1098,12 @@ F: hw/nvram/chrp_nvram.c
 F: include/hw/nvram/chrp_nvram.h
 F: tests/prom-env-test.c
 
+sun4v RTC
+M: Artyom Tarasenko 
+S: Maintained
+F: hw/timer/sun4v-rtc.c
+F: include/hw/timer/sun4v-rtc.h
+
 Subsystems
 --
 Audio
diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
index 7ba8c23..c1e93a3 100644
--- a/hw/timer/Makefile.objs
+++ b/hw/timer/Makefile.objs
@@ -34,3 +34,5 @@ obj-$(CONFIG_ALLWINNER_A10_PIT) += allwinner-a10-pit.o
 
 common-obj-$(CONFIG_STM32F2XX_TIMER) += stm32f2xx_timer.o
 common-obj-$(CONFIG_ASPEED_SOC) += aspeed_timer.o
+
+common-obj-$(CONFIG_SUN4V_RTC) += sun4v-rtc.o
diff --git a/hw/timer/sun4v-rtc.c b/hw/timer/sun4v-rtc.c
new file mode 100644
index 000..82e9e14
--- /dev/null
+++ b/hw/timer/sun4v-rtc.c
@@ -0,0 +1,102 @@
+/*
+ * QEMU sun4v Real Time Clock device
+ *
+ * The sun4v_rtc device (sun4v tod clock)
+ *
+ * Copyright (c) 2016 Artyom Tarasenko
+ *
+ * This code is licensed under the GNU GPL v3 or (at your option) any later
+ * version.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "hw/timer/sun4v-rtc.h"
+
+//#define DEBUG_SUN4V_RTC
+
+#ifdef DEBUG_SUN4V_RTC
+#define DPRINTF(fmt, ...)   \
+do { printf("sun4v_rtc: " fmt , ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while (0)
+#endif
+
+#define TYPE_SUN4V_RTC "sun4v_rtc"
+#define SUN4V_RTC(obj) OBJECT_CHECK(Sun4vRtc, (obj), TYPE_SUN4V_RTC)
+
+typedef struct Sun4vRtc {
+SysBusDevice parent_obj;
+
+MemoryRegion iomem;
+} Sun4vRtc;
+
+static uint64_t sun4v_rtc_read(void *opaque, hwaddr addr,
+unsigned size)
+{
+uint64_t val = qemu_clock_get_ms(QEMU_CLOCK_REALTIME) / 1000;
+if (!(addr & 4ULL)) {
+/* accessing the high 32 bits */
+val >>= 32;
+}
+DPRINTF("read from " TARGET_FMT_plx " val %lx\n", addr, val);
+return val;
+}
+
+static void sun4v_rtc_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+DPRINTF("write 0x%x to " TARGET_FMT_plx "\n", (unsigned)val, addr);
+}
+
+static const MemoryRegionOps sun4v_rtc_ops = {
+.read = sun4v_rtc_read,
+.write = sun4v_rtc_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+void sun4v_rtc_init(hwaddr addr)
+{
+DeviceState *dev;
+SysBusDevice *s;
+
+dev = qdev_create(NULL, TYPE_SUN4V_RTC);
+s = SYS_BUS_DEVICE(dev);
+
+qdev_init_nofail(dev);
+
+sysbus_mmio_map(s, 0, addr);
+}
+
+static int sun4v_rtc_init1(SysBusDevice *dev)
+{
+Sun4vRtc *s = SUN4V_RTC(dev);
+
+memory_region_init_io(>iomem, OBJECT(s), _rtc_ops, s,
+  "sun4v-rtc", 0x08ULL);
+sysbus_init_mmio(dev, >iomem);
+return 0;
+}
+
+static void sun4v_rtc_class_init(ObjectClass *klass, void *data)
+{
+SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+k->init = sun4v_rtc_init1;
+}
+
+static const TypeInfo sun4v_rtc_info = {
+.name  = TYPE_SUN4V_RTC,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(Sun4vRtc),
+.class_init= sun4v_rtc_class_init,
+};
+
+static void sun4v_rtc_register_types(void)
+{
+type_register_static(_rtc_info);
+}
+
+type_init(sun4v_rtc_register_types)
diff --git a/include/hw/timer/sun4v-rtc.h b/include/hw/timer/sun4v-rtc.h
new file mode 100644
index 000..407278f
--- /dev/null
+++ b/include/hw/timer/sun4v-rtc.h
@@ -0,0 +1 @@
+void sun4v_rtc_init(hwaddr addr);
-- 
2.9.3

[Qemu-devel] [PULL 23/30] target-sparc: implement auto-demapping for UA2005 CPUs

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<2bf424bff7e4dee34fcbcada4fd490205f392823.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/ldst_helper.c | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index 0447d4e..57b3b97 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -210,6 +210,28 @@ static void replace_tlb_1bit_lru(SparcTLBEntry *tlb,
 {
 unsigned int i, replace_used;
 
+if (cpu_has_hypervisor(env1)) {
+uint64_t new_vaddr = tlb_tag & ~0x1fffULL;
+uint64_t new_size = 8192ULL << 3 * TTE_PGSIZE(tlb_tte);
+uint32_t new_ctx = tlb_tag & 0x1fffU;
+for (i = 0; i < 64; i++) {
+uint32_t ctx = tlb[i].tag & 0x1fffU;
+/* check if new mapping overlaps an existing one */
+if (new_ctx == ctx) {
+uint64_t vaddr = tlb[i].tag & ~0x1fffULL;
+uint64_t size = 8192ULL << 3 * TTE_PGSIZE(tlb[i].tte);
+if (new_vaddr == vaddr
+|| (new_vaddr < vaddr + size
+&& vaddr < new_vaddr + new_size)) {
+DPRINTF_MMU("auto demap entry [%d] %lx->%lx\n", i, vaddr,
+new_vaddr);
+replace_tlb_entry([i], tlb_tag, tlb_tte, env1);
+return;
+}
+}
+
+}
+}
 /* Try replacing invalid entry */
 for (i = 0; i < 64; i++) {
 if (!TTE_IS_VALID(tlb[i].tte)) {
-- 
2.9.3

[Qemu-devel] [PULL 17/30] target-sparc: ignore writes to UA2005 CPU mondo queue register

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Reviewed-by: Richard Henderson 
Message-Id: 
<70562e4ef094e2beb2c56380fdd0db7b15cc0294.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/ldst_helper.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index 301616b..d524aaa 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -1629,6 +1629,7 @@ void helper_st_asi(CPUSPARCState *env, target_ulong addr, 
target_ulong val,
 env->scratch[i] = val;
 return;
 }
+case ASI_QUEUE: /* UA2005 CPU mondo queue */
 case ASI_DCACHE_DATA: /* D-cache data */
 case ASI_DCACHE_TAG: /* D-cache tag access */
 case ASI_ESTATE_ERROR_EN: /* E-cache error enable */
-- 
2.9.3

[Qemu-devel] [PULL 14/30] target-sparc: fix immediate UA2005 traps

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<6139718b8d11c9c893d6deb02431c615ef422d65.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index 7e399a3..23d4673 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -3298,7 +3298,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned 
int insn)
 
 rs1 = GET_FIELD_SP(insn, 14, 18);
 if (IS_IMM) {
-rs2 = GET_FIELD_SP(insn, 0, 6);
+rs2 = GET_FIELD_SP(insn, 0, 7);
 if (rs1 == 0) {
 tcg_gen_movi_i32(trap, (rs2 & mask) + TT_TRAP);
 /* Signal that the trap value is fully constant.  */
-- 
2.9.3

[Qemu-devel] [PULL 21/30] target-sparc: simplify ultrasparc_tsb_pointer

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<0293a0b12e38e253a3590cebeee517ee16cf24d8.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/ldst_helper.c | 51 ++
 1 file changed, 15 insertions(+), 36 deletions(-)

diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index 4b8ca69..0447d4e 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -70,44 +70,35 @@
 #define QT1 (env->qt1)
 
 #if defined(TARGET_SPARC64) && !defined(CONFIG_USER_ONLY)
-static uint64_t ultrasparc_tsb_pointer(CPUSPARCState *env, uint64_t tsb,
-   uint64_t *tsb_ptr,
-   uint64_t tag_access_register,
-   int idx, uint64_t *cfg_ptr)
 /* Calculates TSB pointer value for fault page size
  * UltraSPARC IIi has fixed sizes (8k or 64k) for the page pointers
  * UA2005 holds the page size configuration in mmu_ctx registers */
+static uint64_t ultrasparc_tsb_pointer(CPUSPARCState *env,
+   const SparcV9MMU *mmu, const int idx)
 {
 uint64_t tsb_register;
 int page_size;
 if (cpu_has_hypervisor(env)) {
 int tsb_index = 0;
-int ctx = tag_access_register & 0x1fffULL;
-uint64_t ctx_register = cfg_ptr[ctx ? 1 : 0];
+int ctx = mmu->tag_access & 0x1fffULL;
+uint64_t ctx_register = mmu->sun4v_ctx_config[ctx ? 1 : 0];
 tsb_index = idx;
 tsb_index |= ctx ? 2 : 0;
 page_size = idx ? ctx_register >> 8 : ctx_register;
 page_size &= 7;
-tsb_register = tsb_ptr[tsb_index];
+tsb_register = mmu->sun4v_tsb_pointers[tsb_index];
 } else {
 page_size = idx;
-tsb_register = tsb;
+tsb_register = mmu->tsb;
 }
-uint64_t tsb_base = tsb_register & ~0x1fffULL;
 int tsb_split = (tsb_register & 0x1000ULL) ? 1 : 0;
 int tsb_size  = tsb_register & 0xf;
 
-/* discard lower 13 bits which hold tag access context */
-uint64_t tag_access_va = tag_access_register & ~0x1fffULL;
+uint64_t tsb_base_mask = (~0x1fffULL) << tsb_size;
 
-/* now reorder bits */
-uint64_t tsb_base_mask = ~0x1fffULL;
-uint64_t va = tag_access_va;
-
-/* move va bits to correct position */
-va >>= 3 * page_size + 9;
-
-tsb_base_mask <<= tsb_size;
+/* move va bits to correct position,
+ * the context bits will be masked out later */
+uint64_t va = mmu->tag_access >> (3 * page_size + 9);
 
 /* calculate tsb_base mask and adjust va if split is in use */
 if (tsb_split) {
@@ -119,7 +110,7 @@ static uint64_t ultrasparc_tsb_pointer(CPUSPARCState *env, 
uint64_t tsb,
 tsb_base_mask <<= 1;
 }
 
-return ((tsb_base & tsb_base_mask) | (va & ~tsb_base_mask)) & ~0xfULL;
+return ((tsb_register & tsb_base_mask) | (va & ~tsb_base_mask)) & ~0xfULL;
 }
 
 /* Calculates tag target register value by reordering bits
@@ -1266,20 +1257,14 @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong 
addr,
 {
 /* env->immuregs[5] holds I-MMU TSB register value
env->immuregs[6] holds I-MMU Tag Access register value */
-ret = ultrasparc_tsb_pointer(env, env->immu.tsb,
- env->immu.sun4v_tsb_pointers,
- env->immu.tag_access,
- 0, env->immu.sun4v_ctx_config);
+ret = ultrasparc_tsb_pointer(env, >immu, 0);
 break;
 }
 case ASI_IMMU_TSB_64KB_PTR: /* I-MMU 64k TSB pointer */
 {
 /* env->immuregs[5] holds I-MMU TSB register value
env->immuregs[6] holds I-MMU Tag Access register value */
-ret = ultrasparc_tsb_pointer(env, env->immu.tsb,
- env->immu.sun4v_tsb_pointers,
- env->immu.tag_access,
- 1, env->immu.sun4v_ctx_config);
+ret = ultrasparc_tsb_pointer(env, >immu, 1);
 break;
 }
 case ASI_ITLB_DATA_ACCESS: /* I-MMU data access */
@@ -1338,20 +1323,14 @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong 
addr,
 {
 /* env->dmmuregs[5] holds D-MMU TSB register value
env->dmmuregs[6] holds D-MMU Tag Access register value */
-ret = ultrasparc_tsb_pointer(env, env->dmmu.tsb,
- env->dmmu.sun4v_tsb_pointers,
- env->dmmu.tag_access,
- 0, env->dmmu.sun4v_ctx_config);
+ret = ultrasparc_tsb_pointer(env, >dmmu, 0);
 break;
 }
 case ASI_DMMU_TSB_64KB_PTR: /* D-MMU 64k TSB pointer */
 {

[Qemu-devel] [PULL 10/30] target-sparc: hypervisor mode takes over nucleus mode

[Richard Henderson]

From: Artyom Tarasenko 

Accordinf to UA2005, 9.3.3 "Address Space Identifiers",

"In hyperprivileged mode, all instruction fetches and loads and stores with 
implicit
ASIs use a physical address, regardless of the value of TL".

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<6c5b3d85dcfabe9935687ecb986e80ce71f89cab.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/cpu.h   | 4 ++--
 target/sparc/translate.c | 6 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 113ae33..4f709e1 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -716,10 +716,10 @@ static inline int cpu_mmu_index(CPUSPARCState *env, bool 
ifetch)
 ? (env->lsu & IMMU_E) == 0 || (env->pstate & PS_RED) != 0
 : (env->lsu & DMMU_E) == 0) {
 return MMU_PHYS_IDX;
-} else if (env->tl > 0) {
-return MMU_NUCLEUS_IDX;
 } else if (cpu_hypervisor_mode(env)) {
 return MMU_HYPV_IDX;
+} else if (env->tl > 0) {
+return MMU_NUCLEUS_IDX;
 } else if (cpu_supervisor_mode(env)) {
 return MMU_KERNEL_IDX;
 } else {
diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index b898898..82f9965 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -2142,7 +2142,11 @@ static DisasASI get_asi(DisasContext *dc, int insn, 
TCGMemOp memop)
 case ASI_TWINX_NL:
 case ASI_NUCLEUS_QUAD_LDD:
 case ASI_NUCLEUS_QUAD_LDD_L:
-mem_idx = MMU_NUCLEUS_IDX;
+if (hypervisor(dc)) {
+mem_idx = MMU_HYPV_IDX;
+} else {
+mem_idx = MMU_NUCLEUS_IDX;
+}
 break;
 case ASI_AIUP:  /* As if user primary */
 case ASI_AIUPL: /* As if user primary LE */
-- 
2.9.3

[Qemu-devel] [PULL 12/30] target-sparc: implement UA2005 GL register

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<5e6434c91c40b0acc4a8da12da2edc7a43b1dd7f.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/cpu.c  | 13 ++---
 target/sparc/cpu.h  |  2 ++
 target/sparc/helper.h   |  1 +
 target/sparc/int64_helper.c |  6 ++
 target/sparc/translate.c|  3 +--
 target/sparc/win_helper.c   | 40 ++--
 6 files changed, 58 insertions(+), 7 deletions(-)

diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index 4e07b92..8f228e8 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -58,9 +58,13 @@ static void sparc_cpu_reset(CPUState *s)
 env->psrps = 1;
 #endif
 #ifdef TARGET_SPARC64
-env->pstate = PS_PRIV|PS_RED|PS_PEF|PS_AG;
+env->pstate = PS_PRIV | PS_RED | PS_PEF;
+if (!cpu_has_hypervisor(env)) {
+env->pstate |= PS_AG;
+}
 env->hpstate = cpu_has_hypervisor(env) ? HS_PRIV : 0;
 env->tl = env->maxtl;
+env->gl = 2;
 cpu_tsptr(env)->tt = TT_POWER_ON_RESET;
 env->lsu = 0;
 #else
@@ -745,14 +749,17 @@ void sparc_cpu_dump_state(CPUState *cs, FILE *f, 
fprintf_function cpu_fprintf,
 cpu_print_cc(f, cpu_fprintf, cpu_get_ccr(env) << PSR_CARRY_SHIFT);
 cpu_fprintf(f, " xcc: ");
 cpu_print_cc(f, cpu_fprintf, cpu_get_ccr(env) << (PSR_CARRY_SHIFT - 4));
-cpu_fprintf(f, ") asi: %02x tl: %d pil: %x\n", env->asi, env->tl,
-env->psrpil);
+cpu_fprintf(f, ") asi: %02x tl: %d pil: %x gl: %d\n", env->asi, env->tl,
+env->psrpil, env->gl);
+cpu_fprintf(f, "tbr: " TARGET_FMT_lx " hpstate: " TARGET_FMT_lx " htba: "
+TARGET_FMT_lx "\n", env->tbr, env->hpstate, env->htba);
 cpu_fprintf(f, "cansave: %d canrestore: %d otherwin: %d wstate: %d "
 "cleanwin: %d cwp: %d\n",
 env->cansave, env->canrestore, env->otherwin, env->wstate,
 env->cleanwin, env->nwindows - 1 - env->cwp);
 cpu_fprintf(f, "fsr: " TARGET_FMT_lx " y: " TARGET_FMT_lx " fprs: "
 TARGET_FMT_lx "\n", env->fsr, env->y, env->fprs);
+
 #else
 cpu_fprintf(f, "psr: %08x (icc: ", cpu_get_psr(env));
 cpu_print_cc(f, cpu_fprintf, cpu_get_psr(env));
diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index f26fdcf..6c1607e 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -512,6 +512,7 @@ struct CPUSPARCState {
 uint64_t bgregs[8]; /* backup for normal global registers */
 uint64_t igregs[8]; /* interrupt general registers */
 uint64_t mgregs[8]; /* mmu general registers */
+uint64_t glregs[8 * MAXTL_MAX];
 uint64_t fprs;
 uint64_t tick_cmpr, stick_cmpr;
 CPUTimer *tick, *stick;
@@ -612,6 +613,7 @@ void cpu_put_ccr(CPUSPARCState *env1, target_ulong val);
 target_ulong cpu_get_cwp64(CPUSPARCState *env1);
 void cpu_put_cwp64(CPUSPARCState *env1, int cwp);
 void cpu_change_pstate(CPUSPARCState *env1, uint32_t new_pstate);
+void cpu_gl_switch_gregs(CPUSPARCState *env, uint32_t new_gl);
 #endif
 int cpu_cwp_inc(CPUSPARCState *env1, int cwp);
 int cpu_cwp_dec(CPUSPARCState *env1, int cwp);
diff --git a/target/sparc/helper.h b/target/sparc/helper.h
index 0cf1bfb..fe44e16 100644
--- a/target/sparc/helper.h
+++ b/target/sparc/helper.h
@@ -5,6 +5,7 @@ DEF_HELPER_1(rdpsr, tl, env)
 DEF_HELPER_1(power_down, void, env)
 #else
 DEF_HELPER_FLAGS_2(wrpil, TCG_CALL_NO_RWG, void, env, tl)
+DEF_HELPER_2(wrgl, void, env, tl)
 DEF_HELPER_2(wrpstate, void, env, tl)
 DEF_HELPER_1(done, void, env)
 DEF_HELPER_1(retry, void, env)
diff --git a/target/sparc/int64_helper.c b/target/sparc/int64_helper.c
index 8300eb4..605747c 100644
--- a/target/sparc/int64_helper.c
+++ b/target/sparc/int64_helper.c
@@ -146,6 +146,12 @@ void sparc_cpu_do_interrupt(CPUState *cs)
 }
 }
 
+if (env->def->features & CPU_FEATURE_GL) {
+tsptr->tstate |= (env->gl & 7ULL) << 40;
+cpu_gl_switch_gregs(env, env->gl + 1);
+env->gl++;
+}
+
 switch (intno) {
 case TT_IVEC:
 if (!cpu_has_hypervisor(env)) {
diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index 82f9965..68677d3 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -4558,8 +4558,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned 
int insn)
 break;
 case 16: // UA2005 gl
 CHECK_IU_FEATURE(dc, GL);
-tcg_gen_st32_tl(cpu_tmp0, cpu_env,
-offsetof(CPUSPARCState, gl));
+gen_helper_wrgl(cpu_env, cpu_tmp0);
 break;
 case 26: // UA2005 strand status
 CHECK_IU_FEATURE(dc, HYPV);
diff --git a/target/sparc/win_helper.c 

[Qemu-devel] [PULL 18/30] target-sparc: replace the last tlb entry when no free entries left

[Richard Henderson]

From: Artyom Tarasenko 

Implement the behavior described in the chapter 13.9.11 of
UltraSPARC T1™ Supplement to the UltraSPARC Architecture 2005:

"If a TLB Data-In replacement is attempted with all TLB
entries locked and valid, the last TLB entry (entry 63) is
replaced."

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<86cbe148bfaf96575128f3d8394a17c48ad92f28.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/ldst_helper.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index d524aaa..8cc8bb1 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -246,9 +246,11 @@ static void replace_tlb_1bit_lru(SparcTLBEntry *tlb,
 }
 
 #ifdef DEBUG_MMU
-DPRINTF_MMU("%s lru replacement failed: no entries available\n", strmmu);
+DPRINTF_MMU("%s lru replacement: no free entries available, "
+"replacing the last one\n", strmmu);
 #endif
-/* error state? */
+/* corner case: the last entry is replaced anyway */
+replace_tlb_entry([63], tlb_tag, tlb_tte, env1);
 }
 
 #endif
-- 
2.9.3

Re: [Qemu-devel] [PATCH] nvdimm acpi: fix g_array_free() with NULL pointer

[Xiao Guangrong]

On 01/11/2017 05:36 PM, Stefan Hajnoczi wrote:

Unlike g_free(), g_array_free() does not accept a NULL pointer argument.
The following error is logged when an nvdimm device is realized:

  GLib-CRITICAL **: g_array_free: assertion 'array' failed

Cc: Xiao Guangrong 
Signed-off-by: Stefan Hajnoczi 
---
 hw/acpi/nvdimm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/acpi/nvdimm.c b/hw/acpi/nvdimm.c
index 8e7d6ec..8f0a484 100644
--- a/hw/acpi/nvdimm.c
+++ b/hw/acpi/nvdimm.c
@@ -375,7 +375,9 @@ static void nvdimm_init_fit_buffer(NvdimmFitBuffer *fit_buf)

 static void nvdimm_build_fit_buffer(NvdimmFitBuffer *fit_buf)
 {
-g_array_free(fit_buf->fit, true);
+if (fit_buf->fit) {
+g_array_free(fit_buf->fit, true);
+}


Er, i do not know why it is NULL as we have init-ed it in 
nvdimm_init_fit_buffer:

static void nvdimm_init_fit_buffer(NvdimmFitBuffer *fit_buf)
{
fit_buf->fit = g_array_new(false, true /* clear */, 1);
}

And i can not reproduce it on my box, could you share your command line and the
based commit id?

Thanks!

[Qemu-devel] [PULL 06/30] target-sparc: on UA2005 don't deliver Interrupt_level_n IRQs in hypervisor mode

[Richard Henderson]

From: Artyom Tarasenko 

As described in Chapter 5.7.6 of the UltraSPARC Architecture 2005,
outstanding disrupting exceptions that are destined for privileged mode can only
cause a trap when the virtual processor is in nonprivileged or privileged mode 
and
PSTATE.ie = 1. At all other times, they are held pending.

Signed-off-by: Artyom Tarasenko 
Reviewed-by: Richard Henderson 
Message-Id: 

Signed-off-by: Richard Henderson 
---
 target/sparc/cpu.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index f2e923d..7233140 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -733,8 +733,9 @@ static inline int cpu_interrupts_enabled(CPUSPARCState 
*env1)
 if (env1->psret != 0)
 return 1;
 #else
-if (env1->pstate & PS_IE)
+if ((env1->pstate & PS_IE) && !cpu_hypervisor_mode(env1)) {
 return 1;
+}
 #endif
 
 return 0;
-- 
2.9.3

[Qemu-devel] [PULL 11/30] target-sparc: implement UA2005 hypervisor traps

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<7edada4d1c26562843de80c9eb2339ca591f883b.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/cpu.h  |  1 +
 target/sparc/int64_helper.c | 37 -
 target/sparc/win_helper.c   |  6 ++
 3 files changed, 39 insertions(+), 5 deletions(-)

diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 4f709e1..f26fdcf 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -79,6 +79,7 @@
 #define TT_FILL 0xc0
 #define TT_WOTHER   (1 << 5)
 #define TT_TRAP 0x100
+#define TT_HTRAP0x180
 #endif
 
 #define PSR_NEG_SHIFT 23
diff --git a/target/sparc/int64_helper.c b/target/sparc/int64_helper.c
index 29360fa..8300eb4 100644
--- a/target/sparc/int64_helper.c
+++ b/target/sparc/int64_helper.c
@@ -78,8 +78,10 @@ void sparc_cpu_do_interrupt(CPUState *cs)
 static int count;
 const char *name;
 
-if (intno < 0 || intno >= 0x180) {
+if (intno < 0 || intno >= 0x1ff) {
 name = "Unknown";
+} else if (intno >= 0x180) {
+name = "Hyperprivileged Trap Instruction";
 } else if (intno >= 0x100) {
 name = "Trap Instruction";
 } else if (intno >= 0xc0) {
@@ -135,16 +137,36 @@ void sparc_cpu_do_interrupt(CPUState *cs)
 tsptr->tnpc = env->npc;
 tsptr->tt = intno;
 
+if (cpu_has_hypervisor(env)) {
+env->htstate[env->tl] = env->hpstate;
+/* XXX OpenSPARC T1 - UltraSPARC T3 have MAXPTL=2
+   but this may change in the future */
+if (env->tl > 2) {
+env->hpstate |= HS_PRIV;
+}
+}
+
 switch (intno) {
 case TT_IVEC:
-cpu_change_pstate(env, PS_PEF | PS_PRIV | PS_IG);
+if (!cpu_has_hypervisor(env)) {
+cpu_change_pstate(env, PS_PEF | PS_PRIV | PS_IG);
+}
 break;
 case TT_TFAULT:
 case TT_DFAULT:
 case TT_TMISS ... TT_TMISS + 3:
 case TT_DMISS ... TT_DMISS + 3:
 case TT_DPROT ... TT_DPROT + 3:
-cpu_change_pstate(env, PS_PEF | PS_PRIV | PS_MG);
+if (cpu_has_hypervisor(env)) {
+env->hpstate |= HS_PRIV;
+env->pstate = PS_PEF | PS_PRIV;
+} else {
+cpu_change_pstate(env, PS_PEF | PS_PRIV | PS_MG);
+}
+break;
+case TT_INSN_REAL_TRANSLATION_MISS ... TT_DATA_REAL_TRANSLATION_MISS:
+case TT_HTRAP ... TT_HTRAP + 127:
+env->hpstate |= HS_PRIV;
 break;
 default:
 cpu_change_pstate(env, PS_PEF | PS_PRIV | PS_AG);
@@ -158,8 +180,13 @@ void sparc_cpu_do_interrupt(CPUState *cs)
 } else if ((intno & 0x1c0) == TT_FILL) {
 cpu_set_cwp(env, cpu_cwp_inc(env, env->cwp + 1));
 }
-env->pc = env->tbr  & ~0x7fffULL;
-env->pc |= ((env->tl > 1) ? 1 << 14 : 0) | (intno << 5);
+
+if (cpu_hypervisor_mode(env)) {
+env->pc = (env->htba & ~0x3fffULL) | (intno << 5);
+} else {
+env->pc = env->tbr  & ~0x7fffULL;
+env->pc |= ((env->tl > 1) ? 1 << 14 : 0) | (intno << 5);
+}
 env->npc = env->pc + 4;
 cs->exception_index = -1;
 }
diff --git a/target/sparc/win_helper.c b/target/sparc/win_helper.c
index 2d5b546..45ee4e6 100644
--- a/target/sparc/win_helper.c
+++ b/target/sparc/win_helper.c
@@ -366,6 +366,9 @@ void helper_done(CPUSPARCState *env)
 env->asi = (tsptr->tstate >> 24) & 0xff;
 cpu_change_pstate(env, (tsptr->tstate >> 8) & 0xf3f);
 cpu_put_cwp64(env, tsptr->tstate & 0xff);
+if (cpu_has_hypervisor(env)) {
+env->hpstate = env->htstate[env->tl];
+}
 env->tl--;
 
 trace_win_helper_done(env->tl);
@@ -387,6 +390,9 @@ void helper_retry(CPUSPARCState *env)
 env->asi = (tsptr->tstate >> 24) & 0xff;
 cpu_change_pstate(env, (tsptr->tstate >> 8) & 0xf3f);
 cpu_put_cwp64(env, tsptr->tstate & 0xff);
+if (cpu_has_hypervisor(env)) {
+env->hpstate = env->htstate[env->tl];
+}
 env->tl--;
 
 trace_win_helper_retry(env->tl);
-- 
2.9.3

[Qemu-devel] [PULL 16/30] target-sparc: allow priveleged ASIs in hyperprivileged mode

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<343d22b67790a08cd37bd66bfddeb1cad351ef43.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/ldst_helper.c | 30 --
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index 387732d..301616b 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -293,6 +293,20 @@ static inline target_ulong asi_address_mask(CPUSPARCState 
*env,
 }
 return addr;
 }
+
+static inline void do_check_asi(CPUSPARCState *env, int asi, uintptr_t ra)
+{
+/* ASIs >= 0x80 are user mode.
+ * ASIs >= 0x30 are hyper mode (or super if hyper is not available).
+ * ASIs <= 0x2f are super mode.
+ */
+if (asi < 0x80
+&& !cpu_hypervisor_mode(env)
+&& (!cpu_supervisor_mode(env)
+|| (asi >= 0x30 && cpu_has_hypervisor(env {
+cpu_raise_exception_ra(env, TT_PRIV_ACT, ra);
+}
+}
 #endif
 
 static void do_check_align(CPUSPARCState *env, target_ulong addr,
@@ -1118,13 +1132,7 @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong 
addr,
 
 asi &= 0xff;
 
-if ((asi < 0x80 && (env->pstate & PS_PRIV) == 0)
-|| (cpu_has_hypervisor(env)
-&& asi >= 0x30 && asi < 0x80
-&& !(env->hpstate & HS_PRIV))) {
-cpu_raise_exception_ra(env, TT_PRIV_ACT, GETPC());
-}
-
+do_check_asi(env, asi, GETPC());
 do_check_align(env, addr, size - 1, GETPC());
 addr = asi_address_mask(env, asi, addr);
 
@@ -1423,13 +1431,7 @@ void helper_st_asi(CPUSPARCState *env, target_ulong 
addr, target_ulong val,
 
 asi &= 0xff;
 
-if ((asi < 0x80 && (env->pstate & PS_PRIV) == 0)
-|| (cpu_has_hypervisor(env)
-&& asi >= 0x30 && asi < 0x80
-&& !(env->hpstate & HS_PRIV))) {
-cpu_raise_exception_ra(env, TT_PRIV_ACT, GETPC());
-}
-
+do_check_asi(env, asi, GETPC());
 do_check_align(env, addr, size - 1, GETPC());
 addr = asi_address_mask(env, asi, addr);
 
-- 
2.9.3

[Qemu-devel] [PULL 04/30] target-sparc: add UA2005 TTE bit #defines

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<036aeab15d1b655352ec81abdd8696d5d3579938.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/cpu.h | 17 +
 1 file changed, 17 insertions(+)

diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 687e158..b41f5c5 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -304,19 +304,36 @@ enum {
 #define TTE_W_OK_BIT(1ULL <<  1)
 #define TTE_GLOBAL_BIT  (1ULL <<  0)
 
+#define TTE_NFO_BIT_UA2005  (1ULL << 62)
+#define TTE_USED_BIT_UA2005 (1ULL << 47)
+#define TTE_LOCKED_BIT_UA2005 (1ULL <<  61)
+#define TTE_SIDEEFFECT_BIT_UA2005 (1ULL <<  11)
+#define TTE_PRIV_BIT_UA2005 (1ULL <<  8)
+#define TTE_W_OK_BIT_UA2005 (1ULL <<  6)
+
 #define TTE_IS_VALID(tte)   ((tte) & TTE_VALID_BIT)
 #define TTE_IS_NFO(tte) ((tte) & TTE_NFO_BIT)
 #define TTE_IS_USED(tte)((tte) & TTE_USED_BIT)
 #define TTE_IS_LOCKED(tte)  ((tte) & TTE_LOCKED_BIT)
 #define TTE_IS_SIDEEFFECT(tte) ((tte) & TTE_SIDEEFFECT_BIT)
+#define TTE_IS_SIDEEFFECT_UA2005(tte) ((tte) & TTE_SIDEEFFECT_BIT_UA2005)
 #define TTE_IS_PRIV(tte)((tte) & TTE_PRIV_BIT)
 #define TTE_IS_W_OK(tte)((tte) & TTE_W_OK_BIT)
+
+#define TTE_IS_NFO_UA2005(tte) ((tte) & TTE_NFO_BIT_UA2005)
+#define TTE_IS_USED_UA2005(tte)((tte) & TTE_USED_BIT_UA2005)
+#define TTE_IS_LOCKED_UA2005(tte)  ((tte) & TTE_LOCKED_BIT_UA2005)
+#define TTE_IS_SIDEEFFECT_UA2005(tte) ((tte) & TTE_SIDEEFFECT_BIT_UA2005)
+#define TTE_IS_PRIV_UA2005(tte)((tte) & TTE_PRIV_BIT_UA2005)
+#define TTE_IS_W_OK_UA2005(tte)((tte) & TTE_W_OK_BIT_UA2005)
+
 #define TTE_IS_GLOBAL(tte)  ((tte) & TTE_GLOBAL_BIT)
 
 #define TTE_SET_USED(tte)   ((tte) |= TTE_USED_BIT)
 #define TTE_SET_UNUSED(tte) ((tte) &= ~TTE_USED_BIT)
 
 #define TTE_PGSIZE(tte) (((tte) >> 61) & 3ULL)
+#define TTE_PGSIZE_UA2005(tte) ((tte) & 7ULL)
 #define TTE_PA(tte) ((tte) & 0x1ffe000ULL)
 
 #define SFSR_NF_BIT (1ULL << 24)   /* JPS1 NoFault */
-- 
2.9.3

Re: [Qemu-devel] [PATCH] qemu-io: Return non-zero exit code on failure

[Fam Zheng]

On Wed, 01/11 15:51, Eric Blake wrote:
> On 01/11/2017 12:24 PM, Nir Soffer wrote:
> > From: Nir Soffer 
> > 
> > The result of openfile was not checked, leading to failure deep in the
> > actual command with confusing error message, and exiting with exit code 0.
> > 
> > Here is one example - trying to read a pattern from an invalid chain:
> > 
> > $ qemu-io -c 'read -P 1 0 1024' top.qcow2; echo $?
> 
> As written, you have to guess some context about how top.qcow2 was
> created.  The example can be made a bit more reproducible with:
> 
> $ : > file
> $ qemu-io -f qcow2 -c ... file

Nir, thank you for the fix. Could you also add a regression test in
tests/qemu-iotests?

Reviewed-by: Fam Zheng 

> 
> > can't open device top.qcow2: Could not open backing file: Image is not 
> > in qcow2 format
> > no file open, try 'help open'
> > 0
> > 
> > With this patch, we fail earlier with exit code 1:
> > 
> > $ ./qemu-io -c 'read -P 1 0 1024' top.qcow2; echo $?
> > can't open device top.qcow2: Could not open backing file: Image is not
> > in qcow2 format
> > 1
> > 
> > Signed-off-by: Nir Soffer 
> > ---
> >  qemu-io.c | 8 ++--
> >  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> Whether or not the commit message is improved,
> Reviewed-by: Eric Blake 

[Qemu-devel] [PULL 09/30] target-sparc: implement UltraSPARC-T1 Strand status ASR

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Reviewed-by: Richard Henderson 
Message-Id: 

Signed-off-by: Richard Henderson 
---
 target/sparc/translate.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index 0b0cde1..b898898 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -3429,6 +3429,17 @@ static void disas_sparc_insn(DisasContext * dc, unsigned 
int insn)
 case 0x19: /* System tick compare */
 gen_store_gpr(dc, rd, cpu_stick_cmpr);
 break;
+case 0x1a: /* UltraSPARC-T1 Strand status */
+/* XXX HYPV check maybe not enough, UA2005 & UA2007 
describe
+ * this ASR as impl. dep
+ */
+CHECK_IU_FEATURE(dc, HYPV);
+{
+TCGv t = gen_dest_gpr(dc, rd);
+tcg_gen_movi_tl(t, 1UL);
+gen_store_gpr(dc, rd, t);
+}
+break;
 case 0x10: /* Performance Control */
 case 0x11: /* Performance Instrumentation Counter */
 case 0x12: /* Dispatch Control */
-- 
2.9.3

[Qemu-devel] [PULL 15/30] target-sparc: use direct address translation in hyperprivileged mode

[Richard Henderson]

From: Artyom Tarasenko 

Please note that QEMU doesn't impelement Real->Physical address
translation. The "Real Address" is always the "Physical Address".

Suggested-by: Richard Henderson 
Signed-off-by: Artyom Tarasenko 
Message-Id: 
<1965259f2b94c607929f7b70158a100bfd1c2f83.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/cpu.h   | 7 +++
 target/sparc/translate.c | 2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 6c1607e..6fc81e8 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -230,7 +230,7 @@ enum {
 #if !defined(TARGET_SPARC64)
 #define NB_MMU_MODES 3
 #else
-#define NB_MMU_MODES 7
+#define NB_MMU_MODES 6
 typedef struct trap_state {
 uint64_t tpc;
 uint64_t tnpc;
@@ -673,8 +673,7 @@ int cpu_sparc_signal_handler(int host_signum, void *pinfo, 
void *puc);
 #define MMU_KERNEL_IDX 2
 #define MMU_KERNEL_SECONDARY_IDX 3
 #define MMU_NUCLEUS_IDX 4
-#define MMU_HYPV_IDX   5
-#define MMU_PHYS_IDX   6
+#define MMU_PHYS_IDX   5
 #else
 #define MMU_USER_IDX   0
 #define MMU_KERNEL_IDX 1
@@ -720,7 +719,7 @@ static inline int cpu_mmu_index(CPUSPARCState *env, bool 
ifetch)
 : (env->lsu & DMMU_E) == 0) {
 return MMU_PHYS_IDX;
 } else if (cpu_hypervisor_mode(env)) {
-return MMU_HYPV_IDX;
+return MMU_PHYS_IDX;
 } else if (env->tl > 0) {
 return MMU_NUCLEUS_IDX;
 } else if (cpu_supervisor_mode(env)) {
diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index 23d4673..53c327d 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -2143,7 +2143,7 @@ static DisasASI get_asi(DisasContext *dc, int insn, 
TCGMemOp memop)
 case ASI_NUCLEUS_QUAD_LDD:
 case ASI_NUCLEUS_QUAD_LDD_L:
 if (hypervisor(dc)) {
-mem_idx = MMU_HYPV_IDX;
+mem_idx = MMU_PHYS_IDX;
 } else {
 mem_idx = MMU_NUCLEUS_IDX;
 }
-- 
2.9.3

[Qemu-devel] [PULL 03/30] target-sparc: use explicit mmu register pointers

[Richard Henderson]

From: Artyom Tarasenko 

Use explicit register pointers while accessing D/I-MMU registers.
Call cpu_unassigned_access on access to missing registers.

Signed-off-by: Artyom Tarasenko 
Reviewed-by: Richard Henderson 
Message-Id: 
<5ed7a0c7bb8c269e2bea4b196c08ca66702d5102.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/cpu.h |  4 +++
 target/sparc/ldst_helper.c | 66 +-
 2 files changed, 58 insertions(+), 12 deletions(-)

diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 68e39bc..687e158 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -443,6 +443,8 @@ struct CPUSPARCState {
 uint64_t sfar;
 uint64_t tsb;
 uint64_t tag_access;
+uint64_t virtual_watchpoint;
+uint64_t physical_watchpoint;
 } immu;
 };
 union {
@@ -455,6 +457,8 @@ struct CPUSPARCState {
 uint64_t sfar;
 uint64_t tsb;
 uint64_t tag_access;
+uint64_t virtual_watchpoint;
+uint64_t physical_watchpoint;
 } dmmu;
 };
 SparcTLBEntry itlb[64];
diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index fdca87f..043cbf8 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -1220,14 +1220,25 @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong 
addr,
 case ASI_IMMU: /* I-MMU regs */
 {
 int reg = (addr >> 3) & 0xf;
-
-if (reg == 0) {
-/* I-TSB Tag Target register */
+switch (reg) {
+case 0:
+/* 0x00 I-TSB Tag Target register */
 ret = ultrasparc_tag_target(env->immu.tag_access);
-} else {
-ret = env->immuregs[reg];
+break;
+case 3: /* SFSR */
+ret = env->immu.sfsr;
+break;
+case 5: /* TSB access */
+ret = env->immu.tsb;
+break;
+case 6:
+/* 0x30 I-TSB Tag Access register */
+ret = env->immu.tag_access;
+break;
+default:
+cpu_unassigned_access(cs, addr, false, false, 1, size);
+ret = 0;
 }
-
 break;
 }
 case ASI_IMMU_TSB_8KB_PTR: /* I-MMU 8k TSB pointer */
@@ -1263,12 +1274,38 @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong 
addr,
 case ASI_DMMU: /* D-MMU regs */
 {
 int reg = (addr >> 3) & 0xf;
-
-if (reg == 0) {
-/* D-TSB Tag Target register */
+switch (reg) {
+case 0:
+/* 0x00 D-TSB Tag Target register */
 ret = ultrasparc_tag_target(env->dmmu.tag_access);
-} else {
-ret = env->dmmuregs[reg];
+break;
+case 1: /* 0x08 Primary Context */
+ret = env->dmmu.mmu_primary_context;
+break;
+case 2: /* 0x10 Secondary Context */
+ret = env->dmmu.mmu_secondary_context;
+break;
+case 3: /* SFSR */
+ret = env->dmmu.sfsr;
+break;
+case 4: /* 0x20 SFAR */
+ret = env->dmmu.sfar;
+break;
+case 5: /* 0x28 TSB access */
+ret = env->dmmu.tsb;
+break;
+case 6: /* 0x30 D-TSB Tag Access register */
+ret = env->dmmu.tag_access;
+break;
+case 7:
+ret = env->dmmu.virtual_watchpoint;
+break;
+case 8:
+ret = env->dmmu.physical_watchpoint;
+break;
+default:
+cpu_unassigned_access(cs, addr, false, false, 1, size);
+ret = 0;
 }
 break;
 }
@@ -1456,6 +1493,7 @@ void helper_st_asi(CPUSPARCState *env, target_ulong addr, 
target_ulong val,
 case 8:
 return;
 default:
+cpu_unassigned_access(cs, addr, true, false, 1, size);
 break;
 }
 
@@ -1526,9 +1564,13 @@ void helper_st_asi(CPUSPARCState *env, target_ulong 
addr, target_ulong val,
 env->dmmu.tag_access = val;
 break;
 case 7: /* Virtual Watchpoint */
+env->dmmu.virtual_watchpoint = val;
+break;
 case 8: /* Physical Watchpoint */
+env->dmmu.physical_watchpoint = val;
+break;
 default:
-env->dmmuregs[reg] = val;
+cpu_unassigned_access(cs, addr, true, false, 1, size);
 break;
 }
 
-- 
2.9.3

[Qemu-devel] [PULL 26/30] target-sparc: store the UA2005 entries in sun4u format

[Richard Henderson]

From: Artyom Tarasenko 

According to chapter 13.3 of the
UltraSPARC T1 Supplement to the UltraSPARC Architecture 2005,
only the sun4u format is available for data-access loads.

Store UA2005 entries in the sun4u format to simplify processing.

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<7ba71816ff6ec9c5af75e9a7430a1d9128efa786.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/cpu.h |  3 +++
 target/sparc/ldst_helper.c | 52 +++---
 2 files changed, 47 insertions(+), 8 deletions(-)

diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 7b6565d..acea350 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -384,6 +384,9 @@ enum {
 #define CACHE_CTRL_FD (1 << 22)  /* Flush Data cache (Write only) */
 #define CACHE_CTRL_DS (1 << 23)  /* Data cache snoop enable */
 
+#define CONVERT_BIT(X, SRC, DST) \
+ (SRC > DST ? (X) / (SRC / DST) & (DST) : ((X) & SRC) * (DST / SRC))
+
 typedef struct SparcTLBEntry {
 uint64_t tag;
 uint64_t tte;
diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index d34795a..c8a819d 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -204,12 +204,34 @@ static void demap_tlb(SparcTLBEntry *tlb, target_ulong 
demap_addr,
 }
 }
 
+static uint64_t sun4v_tte_to_sun4u(CPUSPARCState *env, uint64_t tag,
+   uint64_t sun4v_tte)
+{
+uint64_t sun4u_tte;
+if (!(cpu_has_hypervisor(env) && (tag & TLB_UST1_IS_SUN4V_BIT))) {
+/* is already in the sun4u format */
+return sun4v_tte;
+}
+sun4u_tte = TTE_PA(sun4v_tte) | (sun4v_tte & TTE_VALID_BIT);
+sun4u_tte |= (sun4v_tte & 3ULL) << 61; /* TTE_PGSIZE */
+sun4u_tte |= CONVERT_BIT(sun4v_tte, TTE_NFO_BIT_UA2005, TTE_NFO_BIT);
+sun4u_tte |= CONVERT_BIT(sun4v_tte, TTE_USED_BIT_UA2005, TTE_USED_BIT);
+sun4u_tte |= CONVERT_BIT(sun4v_tte, TTE_W_OK_BIT_UA2005, TTE_W_OK_BIT);
+sun4u_tte |= CONVERT_BIT(sun4v_tte, TTE_SIDEEFFECT_BIT_UA2005,
+ TTE_SIDEEFFECT_BIT);
+sun4u_tte |= CONVERT_BIT(sun4v_tte, TTE_PRIV_BIT_UA2005, TTE_PRIV_BIT);
+sun4u_tte |= CONVERT_BIT(sun4v_tte, TTE_LOCKED_BIT_UA2005, TTE_LOCKED_BIT);
+return sun4u_tte;
+}
+
 static void replace_tlb_1bit_lru(SparcTLBEntry *tlb,
  uint64_t tlb_tag, uint64_t tlb_tte,
- const char *strmmu, CPUSPARCState *env1)
+ const char *strmmu, CPUSPARCState *env1,
+ uint64_t addr)
 {
 unsigned int i, replace_used;
 
+tlb_tte = sun4v_tte_to_sun4u(env1, addr, tlb_tte);
 if (cpu_has_hypervisor(env1)) {
 uint64_t new_vaddr = tlb_tag & ~0x1fffULL;
 uint64_t new_size = 8192ULL << 3 * TTE_PGSIZE(tlb_tte);
@@ -1615,7 +1637,11 @@ void helper_st_asi(CPUSPARCState *env, target_ulong 
addr, target_ulong val,
 return;
 }
 case ASI_ITLB_DATA_IN: /* I-MMU data in */
-replace_tlb_1bit_lru(env->itlb, env->immu.tag_access, val, "immu", 
env);
+/* ignore real translation entries */
+if (!(addr & TLB_UST1_IS_REAL_BIT)) {
+replace_tlb_1bit_lru(env->itlb, env->immu.tag_access,
+ val, "immu", env, addr);
+}
 return;
 case ASI_ITLB_DATA_ACCESS: /* I-MMU data access */
 {
@@ -1623,8 +1649,11 @@ void helper_st_asi(CPUSPARCState *env, target_ulong 
addr, target_ulong val,
 
 unsigned int i = (addr >> 3) & 0x3f;
 
-replace_tlb_entry(>itlb[i], env->immu.tag_access, val, env);
-
+/* ignore real translation entries */
+if (!(addr & TLB_UST1_IS_REAL_BIT)) {
+replace_tlb_entry(>itlb[i], env->immu.tag_access,
+  sun4v_tte_to_sun4u(env, addr, val), env);
+}
 #ifdef DEBUG_MMU
 DPRINTF_MMU("immu data access replaced entry [%i]\n", i);
 dump_mmu(stdout, fprintf, env);
@@ -1692,14 +1721,21 @@ void helper_st_asi(CPUSPARCState *env, target_ulong 
addr, target_ulong val,
 return;
 }
 case ASI_DTLB_DATA_IN: /* D-MMU data in */
-replace_tlb_1bit_lru(env->dtlb, env->dmmu.tag_access, val, "dmmu", 
env);
-return;
+  /* ignore real translation entries */
+  if (!(addr & TLB_UST1_IS_REAL_BIT)) {
+  replace_tlb_1bit_lru(env->dtlb, env->dmmu.tag_access,
+   val, "dmmu", env, addr);
+  }
+  return;
 case ASI_DTLB_DATA_ACCESS: /* D-MMU data access */
 {
 unsigned int i = (addr >> 3) & 0x3f;
 
-replace_tlb_entry(>dtlb[i], env->dmmu.tag_access, val, env);
-
+/* ignore real translation entries */
+if (!(addr & TLB_UST1_IS_REAL_BIT)) {
+replace_tlb_entry(>dtlb[i], 

[Qemu-devel] [PULL 13/30] target-sparc: implement UA2005 rdhpstate and wrhpstate instructions

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Reviewed-by: Richard Henderson 
Message-Id: 
<0fcf7eca7c2d3e6bef7846027857da3bd681645d.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/translate.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index 68677d3..7e399a3 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -3468,7 +3468,8 @@ static void disas_sparc_insn(DisasContext * dc, unsigned 
int insn)
 rs1 = GET_FIELD(insn, 13, 17);
 switch (rs1) {
 case 0: // hpstate
-// gen_op_rdhpstate();
+tcg_gen_ld_i64(cpu_dst, cpu_env,
+   offsetof(CPUSPARCState, hpstate));
 break;
 case 1: // htstate
 // gen_op_rdhtstate();
@@ -4592,7 +4593,9 @@ static void disas_sparc_insn(DisasContext * dc, unsigned 
int insn)
 tcg_gen_xor_tl(cpu_tmp0, cpu_src1, cpu_src2);
 switch (rd) {
 case 0: // hpstate
-// XXX gen_op_wrhpstate();
+tcg_gen_st_i64(cpu_tmp0, cpu_env,
+   offsetof(CPUSPARCState,
+hpstate));
 save_state(dc);
 gen_op_next_insn();
 tcg_gen_exit_tb(0);
-- 
2.9.3

[Qemu-devel] [PULL 64/67] target-ppc: Add xscvdpqp instruction

[David Gibson]

From: Bharata B Rao 

xscvdpqp: VSX Scalar Convert Double-Precision format to
  Quad-Precision format

Signed-off-by: Bharata B Rao 
Signed-off-by: Nikunj A Dadhania 
Signed-off-by: David Gibson 
---
 target/ppc/fpu_helper.c | 45 +
 target/ppc/helper.h |  1 +
 target/ppc/translate/vsx-impl.inc.c |  1 +
 target/ppc/translate/vsx-ops.inc.c  |  1 +
 4 files changed, 48 insertions(+)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index 6e7279c..16397ef 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -22,6 +22,15 @@
 #include "exec/exec-all.h"
 #include "internal.h"
 
+static inline float128 float128_snan_to_qnan(float128 x)
+{
+float128 r;
+
+r.high = x.high | 0x8000;
+r.low = x.low;
+return r;
+}
+
 #define float64_snan_to_qnan(x) ((x) | 0x0008ULL)
 #define float32_snan_to_qnan(x) ((x) | 0x0040)
 #define float16_snan_to_qnan(x) ((x) | 0x0200)
@@ -2702,6 +2711,42 @@ VSX_CVT_FP_TO_FP(xscvspdp, 1, float32, float64, VsrW(0), 
VsrD(0), 1)
 VSX_CVT_FP_TO_FP(xvcvdpsp, 2, float64, float32, VsrD(i), VsrW(2*i), 0)
 VSX_CVT_FP_TO_FP(xvcvspdp, 2, float32, float64, VsrW(2*i), VsrD(i), 0)
 
+/* VSX_CVT_FP_TO_FP_VECTOR - VSX floating point/floating point conversion
+ *   op- instruction mnemonic
+ *   nels  - number of elements (1, 2 or 4)
+ *   stp   - source type (float32 or float64)
+ *   ttp   - target type (float32 or float64)
+ *   sfld  - source vsr_t field
+ *   tfld  - target vsr_t field (f32 or f64)
+ *   sfprf - set FPRF
+ */
+#define VSX_CVT_FP_TO_FP_VECTOR(op, nels, stp, ttp, sfld, tfld, sfprf)\
+void helper_##op(CPUPPCState *env, uint32_t opcode)   \
+{   \
+ppc_vsr_t xt, xb;   \
+int i;  \
+\
+getVSR(rB(opcode) + 32, , env);  \
+getVSR(rD(opcode) + 32, , env);  \
+\
+for (i = 0; i < nels; i++) {\
+xt.tfld = stp##_to_##ttp(xb.sfld, >fp_status); \
+if (unlikely(stp##_is_signaling_nan(xb.sfld,\
+>fp_status))) {\
+float_invalid_op_excp(env, POWERPC_EXCP_FP_VXSNAN, 0);  \
+xt.tfld = ttp##_snan_to_qnan(xt.tfld);  \
+}   \
+if (sfprf) {\
+helper_compute_fprf_##ttp(env, xt.tfld);\
+}   \
+}   \
+\
+putVSR(rD(opcode) + 32, , env);  \
+float_check_status(env);\
+}
+
+VSX_CVT_FP_TO_FP_VECTOR(xscvdpqp, 1, float64, float128, VsrD(0), f128, 1)
+
 /* VSX_CVT_FP_TO_FP_HP - VSX floating point/floating point conversion
  *   involving one half precision value
  *   op- instruction mnemonic
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 889fe55..3b5d0ad 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -430,6 +430,7 @@ DEF_HELPER_2(xscmpuqp, void, env, i32)
 DEF_HELPER_2(xsmaxdp, void, env, i32)
 DEF_HELPER_2(xsmindp, void, env, i32)
 DEF_HELPER_2(xscvdphp, void, env, i32)
+DEF_HELPER_2(xscvdpqp, void, env, i32)
 DEF_HELPER_2(xscvdpsp, void, env, i32)
 DEF_HELPER_2(xscvdpspn, i64, env, i64)
 DEF_HELPER_2(xscvhpdp, void, env, i32)
diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index 113ccf3..01b5621 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -808,6 +808,7 @@ GEN_VSX_HELPER_2(xsmaxdp, 0x00, 0x14, 0, PPC2_VSX)
 GEN_VSX_HELPER_2(xsmindp, 0x00, 0x15, 0, PPC2_VSX)
 GEN_VSX_HELPER_2(xscvdphp, 0x16, 0x15, 0x11, PPC2_ISA300)
 GEN_VSX_HELPER_2(xscvdpsp, 0x12, 0x10, 0, PPC2_VSX)
+GEN_VSX_HELPER_2(xscvdpqp, 0x04, 0x1A, 0x16, PPC2_ISA300)
 GEN_VSX_HELPER_XT_XB_ENV(xscvdpspn, 0x16, 0x10, 0, PPC2_VSX207)
 GEN_VSX_HELPER_2(xscvhpdp, 0x16, 0x15, 0x10, PPC2_ISA300)
 GEN_VSX_HELPER_2(xscvspdp, 0x12, 0x14, 0, PPC2_VSX)
diff --git a/target/ppc/translate/vsx-ops.inc.c 
b/target/ppc/translate/vsx-ops.inc.c
index 882e11b..e75ecd1 100644
--- a/target/ppc/translate/vsx-ops.inc.c
+++ 

[Qemu-devel] [PULL 22/30] target-sparc: allow 256M sized pages

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<18b3a791b00745313e47347b5221ae7d534a7d36.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/mmu_helper.c | 18 +-
 1 file changed, 1 insertion(+), 17 deletions(-)

diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
index 044e88c..fa70dc0 100644
--- a/target/sparc/mmu_helper.c
+++ b/target/sparc/mmu_helper.c
@@ -456,23 +456,7 @@ static inline int ultrasparc_tag_match(SparcTLBEntry *tlb,
uint64_t address, uint64_t context,
hwaddr *physical)
 {
-uint64_t mask;
-
-switch (TTE_PGSIZE(tlb->tte)) {
-default:
-case 0x0: /* 8k */
-mask = 0xe000ULL;
-break;
-case 0x1: /* 64k */
-mask = 0xULL;
-break;
-case 0x2: /* 512k */
-mask = 0xfff8ULL;
-break;
-case 0x3: /* 4M */
-mask = 0xffc0ULL;
-break;
-}
+uint64_t mask = -(8192ULL << 3 * TTE_PGSIZE(tlb->tte));
 
 /* valid, context match, virtual address match? */
 if (TTE_IS_VALID(tlb->tte) &&
-- 
2.9.3

Re: [Qemu-devel] [PATCH v5 wave 1 0/4] fw-cfg: support writeable blobs and more files

[Gabriel L. Somlo]

On Wed, Jan 11, 2017 at 06:34:53PM +0100, Laszlo Ersek wrote:
> This is the first (fw_cfg) half of the v5 iteration of the series posted
> here:
> .
> 
> In this version, the fw_cfg patches have been separated into a
> standalone "wave", for helping review / maintenance, and also for
> enabling independent features on top of writeable blobs. More
> importantly, I've addressed Igor's v4 feedback. See the individual
> patches for the details.
> 
> Patch #3 is included verbatim from Eduardo's pending series (see the
> patch notes for the archive URL), as a dependency for patch #4. If
> Eduardo's series is merged first, patch #3 can be dropped (in fact
> git-rebase should do it automatically).
> 
> Please excuse the surprisingly long list of CC's, it's due to the fact
> that fw_cfg is quite widely used (see patch #4).
> 
> Cc: "Gabriel L. Somlo" 

Whole series:

Acked-by: Gabriel Somlo 

Data passed in via the "-fw_cfg" qemu command still shows up fine in
/sys/firmware/qemu-fw-cfg on the guest, so also:

Tested-by: Gabriel Somlo 

Thanks,
--Gabriel

> Cc: "Michael S. Tsirkin" 
> Cc: Alexander Graf 
> Cc: Anthony Perard 
> Cc: Artyom Tarasenko 
> Cc: David Gibson 
> Cc: Eduardo Habkost 
> Cc: Gerd Hoffmann 
> Cc: Igor Mammedov 
> Cc: Laszlo Ersek 
> Cc: Mark Cave-Ayland 
> Cc: Michael Walle 
> Cc: Paolo Bonzini 
> Cc: Peter Maydell 
> Cc: Shannon Zhao 
> Cc: Stefano Stabellini 
> Cc: qemu-...@nongnu.org
> 
> Thanks
> Laszlo
> 
> 
> Eduardo Habkost (1):
>   pc: Add 2.9 machine-types
> 
> Laszlo Ersek (2):
>   fw-cfg: turn FW_CFG_FILE_SLOTS into a device property
>   fw-cfg: bump "file_slots" to 0x20 for 2.9+ machine types
> 
> Michael S. Tsirkin (1):
>   fw-cfg: support writeable blobs
> 
>  docs/specs/fw_cfg.txt  |  36 ++
>  hw/lm32/lm32_hwsetup.h |   2 +-
>  include/hw/compat.h|  10 +++-
>  include/hw/i386/pc.h   |   2 +
>  include/hw/loader.h|   7 +--
>  include/hw/nvram/fw_cfg.h  |   3 +-
>  include/hw/nvram/fw_cfg_keys.h |   3 +-
>  hw/arm/virt-acpi-build.c   |   2 +-
>  hw/core/loader.c   |  18 ---
>  hw/i386/acpi-build.c   |   4 +-
>  hw/i386/pc_piix.c  |  15 --
>  hw/i386/pc_q35.c   |  13 -
>  hw/nvram/fw_cfg.c  | 110 
> +++--
>  13 files changed, 177 insertions(+), 48 deletions(-)
> 
> -- 
> 2.9.3
> 

[Qemu-devel] [PULL 05/30] target-sparc: add UltraSPARC T1 TLB #defines

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Message-Id: 

Signed-off-by: Richard Henderson 
---
 target/sparc/cpu.h | 4 
 1 file changed, 4 insertions(+)

diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index b41f5c5..f2e923d 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -336,6 +336,10 @@ enum {
 #define TTE_PGSIZE_UA2005(tte) ((tte) & 7ULL)
 #define TTE_PA(tte) ((tte) & 0x1ffe000ULL)
 
+/* UltraSPARC T1 specific */
+#define TLB_UST1_IS_REAL_BIT   (1ULL << 9)  /* Real translation entry */
+#define TLB_UST1_IS_SUN4V_BIT  (1ULL << 10) /* sun4u/sun4v TTE format switch */
+
 #define SFSR_NF_BIT (1ULL << 24)   /* JPS1 NoFault */
 #define SFSR_TM_BIT (1ULL << 15)   /* JPS1 TLB Miss */
 #define SFSR_FT_VA_IMMU_BIT (1ULL << 13)   /* USIIi VA out of range (IMMU) */
-- 
2.9.3

[Qemu-devel] [PULL 57/67] target-ppc: Add xsxexpqp instruction

[David Gibson]

From: Nikunj A Dadhania 

xsxexpqp: VSX Scalar Extract Exponent Quad Precision

Signed-off-by: Nikunj A Dadhania 
Signed-off-by: David Gibson 
---
 target/ppc/translate/vsx-impl.inc.c | 15 +++
 target/ppc/translate/vsx-ops.inc.c  |  1 +
 2 files changed, 16 insertions(+)

diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index 33ca177..228e2a5 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -1224,6 +1224,21 @@ static void gen_xsxexpdp(DisasContext *ctx)
 tcg_gen_shri_i64(rt, cpu_vsrh(xB(ctx->opcode)), 52);
 tcg_gen_andi_i64(rt, rt, 0x7FF);
 }
+
+static void gen_xsxexpqp(DisasContext *ctx)
+{
+TCGv_i64 xth = cpu_vsrh(rD(ctx->opcode) + 32);
+TCGv_i64 xtl = cpu_vsrl(rD(ctx->opcode) + 32);
+TCGv_i64 xbh = cpu_vsrh(rB(ctx->opcode) + 32);
+
+if (unlikely(!ctx->vsx_enabled)) {
+gen_exception(ctx, POWERPC_EXCP_VSXU);
+return;
+}
+tcg_gen_shri_i64(xth, xbh, 48);
+tcg_gen_andi_i64(xth, xth, 0x7FFF);
+tcg_gen_movi_i64(xtl, 0);
+}
 #endif
 
 #undef GEN_XX2FORM
diff --git a/target/ppc/translate/vsx-ops.inc.c 
b/target/ppc/translate/vsx-ops.inc.c
index 85d3b7d..87f1852 100644
--- a/target/ppc/translate/vsx-ops.inc.c
+++ b/target/ppc/translate/vsx-ops.inc.c
@@ -115,6 +115,7 @@ GEN_VSX_XFORM_300(xscpsgnqp, 0x04, 0x03, 0x0001),
 
 #ifdef TARGET_PPC64
 GEN_XX2FORM_EO(xsxexpdp, 0x16, 0x15, 0x00, PPC2_ISA300),
+GEN_VSX_XFORM_300_EO(xsxexpqp, 0x04, 0x19, 0x02, 0x0001),
 #endif
 
 GEN_XX2FORM(xvabsdp, 0x12, 0x1D, PPC2_VSX),
-- 
2.9.3

[Qemu-devel] [PULL 20/30] target-sparc: implement UA2005 TSB Pointers

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<83b315e3527bef56741c84e6d4f98de9bea2c560.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/cpu.h |   2 +
 target/sparc/ldst_helper.c | 124 +
 2 files changed, 104 insertions(+), 22 deletions(-)

diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 8ce7197..7b6565d 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -417,6 +417,8 @@ typedef union {
 uint64_t tag_access;
 uint64_t virtual_watchpoint;
 uint64_t physical_watchpoint;
+uint64_t sun4v_ctx_config[2];
+uint64_t sun4v_tsb_pointers[4];
};
 } SparcV9MMU;
 #endif
diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index 8e01260..4b8ca69 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -70,11 +70,29 @@
 #define QT1 (env->qt1)
 
 #if defined(TARGET_SPARC64) && !defined(CONFIG_USER_ONLY)
-/* Calculates TSB pointer value for fault page size 8k or 64k */
-static uint64_t ultrasparc_tsb_pointer(uint64_t tsb_register,
+static uint64_t ultrasparc_tsb_pointer(CPUSPARCState *env, uint64_t tsb,
+   uint64_t *tsb_ptr,
uint64_t tag_access_register,
-   int page_size)
+   int idx, uint64_t *cfg_ptr)
+/* Calculates TSB pointer value for fault page size
+ * UltraSPARC IIi has fixed sizes (8k or 64k) for the page pointers
+ * UA2005 holds the page size configuration in mmu_ctx registers */
 {
+uint64_t tsb_register;
+int page_size;
+if (cpu_has_hypervisor(env)) {
+int tsb_index = 0;
+int ctx = tag_access_register & 0x1fffULL;
+uint64_t ctx_register = cfg_ptr[ctx ? 1 : 0];
+tsb_index = idx;
+tsb_index |= ctx ? 2 : 0;
+page_size = idx ? ctx_register >> 8 : ctx_register;
+page_size &= 7;
+tsb_register = tsb_ptr[tsb_index];
+} else {
+page_size = idx;
+tsb_register = tsb;
+}
 uint64_t tsb_base = tsb_register & ~0x1fffULL;
 int tsb_split = (tsb_register & 0x1000ULL) ? 1 : 0;
 int tsb_size  = tsb_register & 0xf;
@@ -87,21 +105,15 @@ static uint64_t ultrasparc_tsb_pointer(uint64_t 
tsb_register,
 uint64_t va = tag_access_va;
 
 /* move va bits to correct position */
-if (page_size == 8*1024) {
-va >>= 9;
-} else if (page_size == 64*1024) {
-va >>= 12;
-}
+va >>= 3 * page_size + 9;
 
-if (tsb_size) {
-tsb_base_mask <<= tsb_size;
-}
+tsb_base_mask <<= tsb_size;
 
 /* calculate tsb_base mask and adjust va if split is in use */
 if (tsb_split) {
-if (page_size == 8*1024) {
+if (idx == 0) {
 va &= ~(1ULL << (13 + tsb_size));
-} else if (page_size == 64*1024) {
+} else {
 va |= (1ULL << (13 + tsb_size));
 }
 tsb_base_mask <<= 1;
@@ -1254,16 +1266,20 @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong 
addr,
 {
 /* env->immuregs[5] holds I-MMU TSB register value
env->immuregs[6] holds I-MMU Tag Access register value */
-ret = ultrasparc_tsb_pointer(env->immu.tsb, env->immu.tag_access,
- 8*1024);
+ret = ultrasparc_tsb_pointer(env, env->immu.tsb,
+ env->immu.sun4v_tsb_pointers,
+ env->immu.tag_access,
+ 0, env->immu.sun4v_ctx_config);
 break;
 }
 case ASI_IMMU_TSB_64KB_PTR: /* I-MMU 64k TSB pointer */
 {
 /* env->immuregs[5] holds I-MMU TSB register value
env->immuregs[6] holds I-MMU Tag Access register value */
-ret = ultrasparc_tsb_pointer(env->immu.tsb, env->immu.tag_access,
- 64*1024);
+ret = ultrasparc_tsb_pointer(env, env->immu.tsb,
+ env->immu.sun4v_tsb_pointers,
+ env->immu.tag_access,
+ 1, env->immu.sun4v_ctx_config);
 break;
 }
 case ASI_ITLB_DATA_ACCESS: /* I-MMU data access */
@@ -1322,16 +1338,20 @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong 
addr,
 {
 /* env->dmmuregs[5] holds D-MMU TSB register value
env->dmmuregs[6] holds D-MMU Tag Access register value */
-ret = ultrasparc_tsb_pointer(env->dmmu.tsb, env->dmmu.tag_access,
- 8*1024);
+ret = ultrasparc_tsb_pointer(env, env->dmmu.tsb,
+ env->dmmu.sun4v_tsb_pointers,
+ 

Re: [Qemu-devel] [RFC]virtio-blk: add disk-name device property

[Fam Zheng]

On Thu, 01/12 09:22, Yang Zhang wrote:
> On 2017/1/4 22:44, Stefan Hajnoczi wrote:
> > On Tue, Jan 03, 2017 at 10:53:06AM -0600, Eric Blake wrote:
> > > On 12/29/2016 08:41 PM, Junkang Fu wrote:
> > > > >From 74e913fc41ea98d1dde692175f1e3fb6729342aa Mon Sep 17 00:00:00 2001
> > > > From: "junkang.fjk" 
> > > > Date: Wed, 24 Aug 2016 19:36:53 +0800
> > > > Subject: [PATCH] virtio-blk: add disk-name device property
> > > > 
> > > > Current virtio-blk disk name(ex. /dev/vdb) has nothing to do with the
> > > > target dev
> > > > name specified in libvirt xml file. For example, we may get disk name
> > > > /dev/vdb in
> > > > VM while target dev specified in libvirt xml is vdc.
> > > 
> > > It's not really libvirt's fault.  The libvirt XML names are for
> > > convenience, but nothing on the host side requires the guest to pick the
> > > same naming scheme as the host.
> > > 
> > > I guess your proposal is to enhance the virtio spec such that clients
> > > that are new enough to honor the new addition to the virtio spec will
> > > change their name-picking algorithm to use the name provided by the
> > > host, rather than their current approach of picking whatever name they
> > > feel like, and then enhance libvirt to pass the XML name on down to the
> > > guest?  It might work, but as others have pointed out, it will require a
> > > virtio spec change first.
> > 
> > This change is unnecessary.  The -device virtio-blk-pci,serial= property
> > already exists for this purpose.
> 
> how about the /dev/vdabc? I guess lots of people prefer to use it instead of
> /dev/disk/by-id/xxx?

I disagree. Using /dev/sdX has exactly the same issue and that's why fstab and
boot loader etc almost always use UUID or disk label by default because they are
more stable.

Fam

[Qemu-devel] [PULL 01/30] target-sparc: ignore MMU-faults if MMU is disabled in hypervisor mode

[Richard Henderson]

From: Artyom Tarasenko 

while IMMU/DMMU is disabled
- ignore MMU-faults in hypervisorv mode or if CPU doesn't have hypervisor
- signal TT_INSN_REAL_TRANSLATION_MISS/TT_DATA_REAL_TRANSLATION_MISS otherwise

Signed-off-by: Artyom Tarasenko 
Message-Id: 

Signed-off-by: Richard Henderson 
---
 target/sparc/cpu.h |  2 ++
 target/sparc/ldst_helper.c | 15 +--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 5fb0ed1..e0b2806 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -68,6 +68,8 @@
 #define TT_DATA_ACCESS 0x32
 #define TT_UNALIGNED 0x34
 #define TT_PRIV_ACT 0x37
+#define TT_INSN_REAL_TRANSLATION_MISS 0x3e
+#define TT_DATA_REAL_TRANSLATION_MISS 0x3f
 #define TT_EXTINT   0x40
 #define TT_IVEC 0x60
 #define TT_TMISS0x64
diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index de7d53a..fdca87f 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -1664,14 +1664,25 @@ void sparc_cpu_unassigned_access(CPUState *cs, hwaddr 
addr,
 {
 SPARCCPU *cpu = SPARC_CPU(cs);
 CPUSPARCState *env = >env;
-int tt = is_exec ? TT_CODE_ACCESS : TT_DATA_ACCESS;
 
 #ifdef DEBUG_UNASSIGNED
 printf("Unassigned mem access to " TARGET_FMT_plx " from " TARGET_FMT_lx
"\n", addr, env->pc);
 #endif
 
-cpu_raise_exception_ra(env, tt, GETPC());
+if (is_exec) { /* XXX has_hypervisor */
+if (env->lsu & (IMMU_E)) {
+cpu_raise_exception_ra(env, TT_CODE_ACCESS, GETPC());
+} else if (cpu_has_hypervisor(env) && !(env->hpstate & HS_PRIV)) {
+cpu_raise_exception_ra(env, TT_INSN_REAL_TRANSLATION_MISS, 
GETPC());
+}
+} else {
+if (env->lsu & (DMMU_E)) {
+cpu_raise_exception_ra(env, TT_DATA_ACCESS, GETPC());
+} else if (cpu_has_hypervisor(env) && !(env->hpstate & HS_PRIV)) {
+cpu_raise_exception_ra(env, TT_DATA_REAL_TRANSLATION_MISS, 
GETPC());
+}
+}
 }
 #endif
 #endif
-- 
2.9.3

[Qemu-devel] [PULL 46/67] target-ppc: Add xxextractuw instruction

[David Gibson]

From: Nikunj A Dadhania 

xxextractuw: VSX Vector Extract Unsigned Word

Signed-off-by: Nikunj A Dadhania 
Signed-off-by: David Gibson 
---
 target/ppc/helper.h |  1 +
 target/ppc/int_helper.c | 26 ++
 target/ppc/translate/vsx-impl.inc.c | 30 ++
 target/ppc/translate/vsx-ops.inc.c  |  5 +
 4 files changed, 62 insertions(+)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 4707db4..8b30420 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -540,6 +540,7 @@ DEF_HELPER_2(xvrspip, void, env, i32)
 DEF_HELPER_2(xvrspiz, void, env, i32)
 DEF_HELPER_2(xxperm, void, env, i32)
 DEF_HELPER_2(xxpermr, void, env, i32)
+DEF_HELPER_4(xxextractuw, void, env, tl, tl, i32)
 
 DEF_HELPER_2(efscfsi, i32, env, i32)
 DEF_HELPER_2(efscfui, i32, env, i32)
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index 2bb628f..63ba0e3 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -2033,6 +2033,32 @@ VEXTRACT(uw, u32)
 VEXTRACT(d, u64)
 #undef VEXTRACT
 
+void helper_xxextractuw(CPUPPCState *env, target_ulong xtn,
+target_ulong xbn, uint32_t index)
+{
+ppc_vsr_t xt, xb;
+size_t es = sizeof(uint32_t);
+uint32_t ext_index;
+int i;
+
+getVSR(xbn, , env);
+memset(, 0, sizeof(xt));
+
+#if defined(HOST_WORDS_BIGENDIAN)
+ext_index = index;
+for (i = 0; i < es; i++, ext_index++) {
+xt.u8[8 - es + i] = xb.u8[ext_index % 16];
+}
+#else
+ext_index = 15 - index;
+for (i = es - 1; i >= 0; i--, ext_index--) {
+xt.u8[8 + i] = xb.u8[ext_index % 16];
+}
+#endif
+
+putVSR(xtn, , env);
+}
+
 #define VEXT_SIGNED(name, element, mask, cast, recast)  \
 void helper_##name(ppc_avr_t *r, ppc_avr_t *b)  \
 {   \
diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index 2a17c35..7977f24 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -1180,6 +1180,36 @@ static void gen_xxsldwi(DisasContext *ctx)
 tcg_temp_free_i64(xtl);
 }
 
+#define VSX_EXTRACT(name)   \
+static void gen_##name(DisasContext *ctx)   \
+{   \
+TCGv xt, xb;\
+TCGv_i32 t0 = tcg_temp_new_i32();   \
+uint8_t uimm = UIMM4(ctx->opcode);  \
+\
+if (unlikely(!ctx->vsx_enabled)) {  \
+gen_exception(ctx, POWERPC_EXCP_VSXU);  \
+return; \
+}   \
+xt = tcg_const_tl(xT(ctx->opcode)); \
+xb = tcg_const_tl(xB(ctx->opcode)); \
+/* uimm > 15 out of bound and for   \
+ * uimm > 12 handle as per hardware in helper   \
+ */ \
+if (uimm > 15) {\
+tcg_gen_movi_i64(cpu_vsrh(xT(ctx->opcode)), 0); \
+tcg_gen_movi_i64(cpu_vsrl(xT(ctx->opcode)), 0); \
+return; \
+}   \
+tcg_gen_movi_i32(t0, uimm); \
+gen_helper_##name(cpu_env, xt, xb, t0); \
+tcg_temp_free(xb);  \
+tcg_temp_free(xt);  \
+tcg_temp_free_i32(t0);  \
+}
+
+VSX_EXTRACT(xxextractuw)
+
 #undef GEN_XX2FORM
 #undef GEN_XX3FORM
 #undef GEN_XX2IFORM
diff --git a/target/ppc/translate/vsx-ops.inc.c 
b/target/ppc/translate/vsx-ops.inc.c
index 46b95e3..473d925 100644
--- a/target/ppc/translate/vsx-ops.inc.c
+++ b/target/ppc/translate/vsx-ops.inc.c
@@ -49,6 +49,10 @@ GEN_HANDLER2_E(name, #name, 0x3C, opc2 | 1, opc3, 0, 
PPC_NONE, fl2)
 GEN_HANDLER2_E(name, #name, 0x3C, opc2 | 0, opc3, 0, PPC_NONE, fl2), \
 GEN_HANDLER2_E(name, #name, 0x3C, opc2 | 1, opc3, 0, PPC_NONE, fl2)
 
+#define GEN_XX2FORM_EXT(name, opc2, opc3, fl2)  \
+GEN_HANDLER2_E(name, #name, 0x3C, opc2 | 0, opc3, 0x0010, PPC_NONE, fl2), \
+GEN_HANDLER2_E(name, #name, 0x3C, opc2 | 1, opc3, 0x0010, PPC_NONE, fl2)
+
 #define GEN_XX2FORM_EO(name, opc2, opc3, opc4, fl2)  \
 GEN_HANDLER2_E_2(name, #name, 0x3C, opc2 | 0, opc3, opc4, 0, PPC_NONE, fl2), \
 GEN_HANDLER2_E_2(name, #name, 0x3C, 

[Qemu-devel] [PULL 08/30] target-sparc: implement UA2005 scratchpad registers

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Message-Id: 
<3a6aaddd6f65e26b06e5616d9eeaddc7a62a2910.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/asi.h |  1 +
 target/sparc/cpu.h |  1 +
 target/sparc/ldst_helper.c | 24 
 3 files changed, 26 insertions(+)

diff --git a/target/sparc/asi.h b/target/sparc/asi.h
index c9a1849..d8d6284 100644
--- a/target/sparc/asi.h
+++ b/target/sparc/asi.h
@@ -211,6 +211,7 @@
 #define ASI_AFSR   0x4c /* Async fault status register */
 #define ASI_AFAR   0x4d /* Async fault address register*/
 #define ASI_EC_TAG_DATA0x4e /* E-cache tag/valid ram diag acc  
*/
+#define ASI_HYP_SCRATCHPAD 0x4f /* (4V) Hypervisor scratchpad  */
 #define ASI_IMMU   0x50 /* Insn-MMU main register space*/
 #define ASI_IMMU_TSB_8KB_PTR   0x51 /* Insn-MMU 8KB TSB pointer reg*/
 #define ASI_IMMU_TSB_64KB_PTR  0x52 /* Insn-MMU 64KB TSB pointer reg   */
diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 7233140..113ae33 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -520,6 +520,7 @@ struct CPUSPARCState {
 uint32_t gl; // UA2005
 /* UA 2005 hyperprivileged registers */
 uint64_t hpstate, htstate[MAXTL_MAX], hintp, htba, hver, hstick_cmpr, ssr;
+uint64_t scratch[8];
 CPUTimer *hstick; // UA 2005
 /* Interrupt vector registers */
 uint64_t ivec_status;
diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index 68eca86..387732d 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -1351,6 +1351,18 @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong 
addr,
 }
 break;
 }
+case ASI_SCRATCHPAD: /* UA2005 privileged scratchpad */
+if (unlikely((addr >= 0x20) && (addr < 0x30))) {
+/* Hyperprivileged access only */
+cpu_unassigned_access(cs, addr, false, false, 1, size);
+}
+/* fall through */
+case ASI_HYP_SCRATCHPAD: /* UA2005 hyperprivileged scratchpad */
+{
+unsigned int i = (addr >> 3) & 0x7;
+ret = env->scratch[i];
+break;
+}
 case ASI_DCACHE_DATA: /* D-cache data */
 case ASI_DCACHE_TAG:  /* D-cache tag access */
 case ASI_ESTATE_ERROR_EN: /* E-cache error enable */
@@ -1603,6 +1615,18 @@ void helper_st_asi(CPUSPARCState *env, target_ulong 
addr, target_ulong val,
 case ASI_INTR_RECEIVE: /* Interrupt data receive */
 env->ivec_status = val & 0x20;
 return;
+case ASI_SCRATCHPAD: /* UA2005 privileged scratchpad */
+if (unlikely((addr >= 0x20) && (addr < 0x30))) {
+/* Hyperprivileged access only */
+cpu_unassigned_access(cs, addr, true, false, 1, size);
+}
+/* fall through */
+case ASI_HYP_SCRATCHPAD: /* UA2005 hyperprivileged scratchpad */
+{
+unsigned int i = (addr >> 3) & 0x7;
+env->scratch[i] = val;
+return;
+}
 case ASI_DCACHE_DATA: /* D-cache data */
 case ASI_DCACHE_TAG: /* D-cache tag access */
 case ASI_ESTATE_ERROR_EN: /* E-cache error enable */
-- 
2.9.3

[Qemu-devel] [PULL 47/67] target-ppc: Add xxinsertw instruction

[David Gibson]

From: Nikunj A Dadhania 

xxinsertw: VSX Vector Insert Word

Signed-off-by: Nikunj A Dadhania 
Signed-off-by: David Gibson 
---
 target/ppc/helper.h |  1 +
 target/ppc/int_helper.c | 25 +
 target/ppc/translate/vsx-impl.inc.c |  5 +++--
 target/ppc/translate/vsx-ops.inc.c  |  1 +
 4 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 8b30420..6c5b194 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -541,6 +541,7 @@ DEF_HELPER_2(xvrspiz, void, env, i32)
 DEF_HELPER_2(xxperm, void, env, i32)
 DEF_HELPER_2(xxpermr, void, env, i32)
 DEF_HELPER_4(xxextractuw, void, env, tl, tl, i32)
+DEF_HELPER_4(xxinsertw, void, env, tl, tl, i32)
 
 DEF_HELPER_2(efscfsi, i32, env, i32)
 DEF_HELPER_2(efscfui, i32, env, i32)
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index 63ba0e3..24e5964 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -2059,6 +2059,31 @@ void helper_xxextractuw(CPUPPCState *env, target_ulong 
xtn,
 putVSR(xtn, , env);
 }
 
+void helper_xxinsertw(CPUPPCState *env, target_ulong xtn,
+  target_ulong xbn, uint32_t index)
+{
+ppc_vsr_t xt, xb;
+size_t es = sizeof(uint32_t);
+int ins_index, i = 0;
+
+getVSR(xbn, , env);
+getVSR(xtn, , env);
+
+#if defined(HOST_WORDS_BIGENDIAN)
+ins_index = index;
+for (i = 0; i < es && ins_index < 16; i++, ins_index++) {
+xt.u8[ins_index] = xb.u8[8 - es + i];
+}
+#else
+ins_index = 15 - index;
+for (i = es - 1; i >= 0 && ins_index >= 0; i--, ins_index--) {
+xt.u8[ins_index] = xb.u8[8 + i];
+}
+#endif
+
+putVSR(xtn, , env);
+}
+
 #define VEXT_SIGNED(name, element, mask, cast, recast)  \
 void helper_##name(ppc_avr_t *r, ppc_avr_t *b)  \
 {   \
diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index 7977f24..c9ba0f5 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -1180,7 +1180,7 @@ static void gen_xxsldwi(DisasContext *ctx)
 tcg_temp_free_i64(xtl);
 }
 
-#define VSX_EXTRACT(name)   \
+#define VSX_EXTRACT_INSERT(name)\
 static void gen_##name(DisasContext *ctx)   \
 {   \
 TCGv xt, xb;\
@@ -1208,7 +1208,8 @@ static void gen_##name(DisasContext *ctx) 
  \
 tcg_temp_free_i32(t0);  \
 }
 
-VSX_EXTRACT(xxextractuw)
+VSX_EXTRACT_INSERT(xxextractuw)
+VSX_EXTRACT_INSERT(xxinsertw)
 
 #undef GEN_XX2FORM
 #undef GEN_XX3FORM
diff --git a/target/ppc/translate/vsx-ops.inc.c 
b/target/ppc/translate/vsx-ops.inc.c
index 473d925..096d358 100644
--- a/target/ppc/translate/vsx-ops.inc.c
+++ b/target/ppc/translate/vsx-ops.inc.c
@@ -285,6 +285,7 @@ GEN_XX2FORM(xxspltw, 0x08, 0x0A, PPC2_VSX),
 GEN_XX1FORM(xxspltib, 0x08, 0x0B, PPC2_ISA300),
 GEN_XX3FORM_DM(xxsldwi, 0x08, 0x00),
 GEN_XX2FORM_EXT(xxextractuw, 0x0A, 0x0A, PPC2_ISA300),
+GEN_XX2FORM_EXT(xxinsertw, 0x0A, 0x0B, PPC2_ISA300),
 
 #define GEN_XXSEL_ROW(opc3) \
 GEN_HANDLER2_E(xxsel, "xxsel", 0x3C, 0x18, opc3, 0, PPC_NONE, PPC2_VSX), \
-- 
2.9.3

[Qemu-devel] [PULL 61/67] pseries: Rewrite CAS PVR compatibility logic

[David Gibson]

During boot, PAPR guests negotiate CPU model support with the
ibm,client-architecture-support mechanism.  The logic to implement this in
qemu is very convoluted.  This cleans it up to be cleaner, using the new
ppc_check_compat() call.

The new logic for choosing a compatibility mode is:
1. Usually, use the most recent compatibility mode that is
a) supported by the guest
b) supported by the CPU
and c) no later than the maximum allowed (if specified)
2. If no suitable compatibility mode was found, the guest *does*
   support this CPU explicitly, and no maximum compatibility mode is
   specified, then use "raw" mode for the current CPU
3. Otherwise, fail the boot.

This differs from the results of the old code: the old code preferred using
"raw" mode to a compatibility mode, whereas the new code prefers a
compatibility mode if available.  Using compatibility mode preferentially
means that we're more likely to be able to migrate the guest to a similar
but not identical host.

Signed-off-by: David Gibson 
---
 hw/ppc/spapr_hcall.c | 104 ---
 hw/ppc/trace-events  |   2 +-
 2 files changed, 34 insertions(+), 72 deletions(-)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index fd9f1d4..43a1fef 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -935,98 +935,60 @@ static void do_set_compat(CPUState *cs, run_on_cpu_data 
arg)
 ppc_set_compat(cpu, s->compat_pvr, >err);
 }
 
-#define get_compat_level(cpuver) ( \
-((cpuver) == CPU_POWERPC_LOGICAL_2_05) ? 2050 : \
-((cpuver) == CPU_POWERPC_LOGICAL_2_06) ? 2060 : \
-((cpuver) == CPU_POWERPC_LOGICAL_2_06_PLUS) ? 2061 : \
-((cpuver) == CPU_POWERPC_LOGICAL_2_07) ? 2070 : 0)
-
-static void cas_handle_compat_cpu(PowerPCCPUClass *pcc, uint32_t pvr,
-  unsigned max_lvl, unsigned *compat_lvl,
-  unsigned *compat_pvr)
-{
-unsigned lvl = get_compat_level(pvr);
-bool is205, is206, is207;
-
-if (!lvl) {
-return;
-}
-
-/* If it is a logical PVR, try to determine the highest level */
-is205 = (pcc->pcr_supported & PCR_COMPAT_2_05) &&
-(lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_05));
-is206 = (pcc->pcr_supported & PCR_COMPAT_2_06) &&
-((lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_06)) ||
- (lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_06_PLUS)));
-is207 = (pcc->pcr_supported & PCR_COMPAT_2_07) &&
-(lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_07));
-
-if (is205 || is206 || is207) {
-if (!max_lvl) {
-/* User did not set the level, choose the highest */
-if (*compat_lvl <= lvl) {
-*compat_lvl = lvl;
-*compat_pvr = pvr;
-}
-} else if (max_lvl >= lvl) {
-/* User chose the level, don't set higher than this */
-*compat_lvl = lvl;
-*compat_pvr = pvr;
-}
-}
-}
-
-static target_ulong h_client_architecture_support(PowerPCCPU *cpu_,
+static target_ulong h_client_architecture_support(PowerPCCPU *cpu,
   sPAPRMachineState *spapr,
   target_ulong opcode,
   target_ulong *args)
 {
 target_ulong list = ppc64_phys_to_real(args[0]);
 target_ulong ov_table;
-PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu_);
 CPUState *cs;
-bool cpu_match = false;
-unsigned old_compat_pvr = cpu_->compat_pvr;
-unsigned compat_lvl = 0, compat_pvr = 0;
-unsigned max_lvl = get_compat_level(cpu_->max_compat);
-int counter;
+bool explicit_match = false; /* Matched the CPU's real PVR */
+uint32_t max_compat = cpu->max_compat;
+uint32_t best_compat = 0;
+int i;
 sPAPROptionVector *ov5_guest, *ov5_cas_old, *ov5_updates;
 
-/* Parse PVR list */
-for (counter = 0; counter < 512; ++counter) {
+/*
+ * We scan the supplied table of PVRs looking for two things
+ *   1. Is our real CPU PVR in the list?
+ *   2. What's the "best" listed logical PVR
+ */
+for (i = 0; i < 512; ++i) {
 uint32_t pvr, pvr_mask;
 
 pvr_mask = ldl_be_phys(_space_memory, list);
-list += 4;
-pvr = ldl_be_phys(_space_memory, list);
-list += 4;
-
-trace_spapr_cas_pvr_try(pvr);
-if (!max_lvl &&
-((cpu_->env.spr[SPR_PVR] & pvr_mask) == (pvr & pvr_mask))) {
-cpu_match = true;
-compat_pvr = 0;
-} else if (pvr == cpu_->compat_pvr) {
-cpu_match = true;
-compat_pvr = cpu_->compat_pvr;
-} else if (!cpu_match) {
-cas_handle_compat_cpu(pcc, pvr, max_lvl, _lvl, _pvr);
-}
-/* Terminator record */
+pvr = 

[Qemu-devel] [PULL 07/30] target-sparc: simplify replace_tlb_entry by using TTE_PGSIZE

[Richard Henderson]

From: Artyom Tarasenko 

Signed-off-by: Artyom Tarasenko 
Reviewed-by: Richard Henderson 
Message-Id: 
<65e7ea6ea1cd0ebf291b1ed76d5cb1cccff2d49e.1484165352.git.atar4q...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target/sparc/ldst_helper.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index 043cbf8..68eca86 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -127,9 +127,8 @@ static void replace_tlb_entry(SparcTLBEntry *tlb,
 if (TTE_IS_VALID(tlb->tte)) {
 CPUState *cs = CPU(sparc_env_get_cpu(env1));
 
-mask = 0xe000ULL;
-mask <<= 3 * ((tlb->tte >> 61) & 3);
-size = ~mask + 1;
+size = 8192ULL << 3 * TTE_PGSIZE(tlb->tte);
+mask = 1ULL + ~size;
 
 va = tlb->tag & mask;
 
-- 
2.9.3

[Qemu-devel] [PULL 53/67] target-ppc: Rename helper_compute_fprf to helper_compute_fprf_float64

[David Gibson]

From: Bharata B Rao 

Since helper_compute_fprf() works on float64 argument, rename it
to helper_compute_fprf_float64(). Also use a macro to generate
helper_compute_fprf_float64() so that float128 version of the same
helper can be introduced easily later.

Signed-off-by: Bharata B Rao 
Signed-off-by: Nikunj A Dadhania 
Signed-off-by: David Gibson 
---
 target/ppc/fpu_helper.c| 121 +++--
 target/ppc/helper.h|   2 +-
 target/ppc/translate/fp-impl.inc.c |  20 +++---
 3 files changed, 73 insertions(+), 70 deletions(-)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index 5a7aa75..913d54e 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -57,54 +57,57 @@ static inline int ppc_float64_get_unbiased_exp(float64 f)
 return ((f >> 52) & 0x7FF) - 1023;
 }
 
-void helper_compute_fprf(CPUPPCState *env, float64 arg)
-{
-int isneg;
-int fprf;
-
-isneg = float64_is_neg(arg);
-if (unlikely(float64_is_any_nan(arg))) {
-if (float64_is_signaling_nan(arg, >fp_status)) {
-/* Signaling NaN: flags are undefined */
-fprf = 0x00;
-} else {
-/* Quiet NaN */
-fprf = 0x11;
-}
-} else if (unlikely(float64_is_infinity(arg))) {
-/* +/- infinity */
-if (isneg) {
-fprf = 0x09;
-} else {
-fprf = 0x05;
-}
-} else {
-if (float64_is_zero(arg)) {
-/* +/- zero */
-if (isneg) {
-fprf = 0x12;
-} else {
-fprf = 0x02;
-}
-} else {
-if (float64_is_zero_or_denormal(arg)) {
-/* Denormalized numbers */
-fprf = 0x10;
-} else {
-/* Normalized numbers */
-fprf = 0x00;
-}
-if (isneg) {
-fprf |= 0x08;
-} else {
-fprf |= 0x04;
-}
-}
-}
-/* We update FPSCR_FPRF */
-env->fpscr &= ~(0x1F << FPSCR_FPRF);
-env->fpscr |= fprf << FPSCR_FPRF;
-}
+#define COMPUTE_FPRF(tp)   \
+void helper_compute_fprf_##tp(CPUPPCState *env, tp arg)\
+{  \
+int isneg; \
+int fprf;  \
+   \
+isneg = tp##_is_neg(arg);  \
+if (unlikely(tp##_is_any_nan(arg))) {  \
+if (tp##_is_signaling_nan(arg, >fp_status)) { \
+/* Signaling NaN: flags are undefined */   \
+fprf = 0x00;   \
+} else {   \
+/* Quiet NaN */\
+fprf = 0x11;   \
+}  \
+} else if (unlikely(tp##_is_infinity(arg))) {  \
+/* +/- infinity */ \
+if (isneg) {   \
+fprf = 0x09;   \
+} else {   \
+fprf = 0x05;   \
+}  \
+} else {   \
+if (tp##_is_zero(arg)) {   \
+/* +/- zero */ \
+if (isneg) {   \
+fprf = 0x12;   \
+} else {   \
+fprf = 0x02;   \
+}  \
+} else {   \
+if (tp##_is_zero_or_denormal(arg)) {   \
+/* Denormalized numbers */ \
+fprf = 0x10;   \
+} else {   \
+/* Normalized numbers */   \
+fprf = 0x00;   \
+}  \
+if (isneg) {   \
+fprf |= 0x08;  \
+} else {   \
+fprf |= 0x04;

[Qemu-devel] [PULL 37/67] qtest: add netfilter tests for ppc64

[David Gibson]

From: Laurent Vivier 

Signed-off-by: Laurent Vivier 
Reviewed-by: Thomas Huth 
Reviewed-by: Greg Kurz 
Tested-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 tests/Makefile.include | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index f776404..08ddf59 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -284,6 +284,9 @@ gcov-files-ppc64-y += hw/usb/hcd-uhci.c
 check-qtest-ppc64-y += tests/usb-hcd-xhci-test$(EXESUF)
 gcov-files-ppc64-y += hw/usb/hcd-xhci.c
 check-qtest-ppc64-y += $(check-qtest-virtio-y)
+check-qtest-ppc64-y += tests/test-netfilter$(EXESUF)
+check-qtest-ppc64-y += tests/test-filter-mirror$(EXESUF)
+check-qtest-ppc64-y += tests/test-filter-redirector$(EXESUF)
 
 check-qtest-sh4-y = tests/endianness-test$(EXESUF)
 
-- 
2.9.3